Updates

Sunday, 14 May 2017

Hacking a Web Server : Rooting A Linux Server


This is the third article in server hacking series. I hope you guys enjoyed last two articles. If you are new to this series I suggest you read last two articles too. Link to the Series In the last article, we were able to upload a PHP shell on the server. In this article, we will try to root the server.

I hope you know about root user on Linux server. For those who don't know what root is, Root is a super user on Linux server which has all the permission to all files and functions in the server.


Things we need

  • A Linux Hacking Distro.
  • A vulnerable server.


Identifying the kernel version

  • This is the first step of rooting the server.
  • In this step, we try to find out the kernel version and year.
  • To do that you have to visit your PHP web shell and look at uname. 
  • In my example, uname shows Kernal version 3.13.0-32 and year is 2014.
  • In you are using tools like Weevely, you have to type uname -a to get the kernel version and year.


Finding Exploit for kernel

  • After finding the kernel version, we need to find exploit for this kernel. 
  • We will use Exploit-DB to find the kernel exploit.
  • Just open Exploit-db.com and click on search and enter the version number.
  • Now open any exploit available for that kernel.
  • Download the exploit code. 


Rooting the server

  • After downloading the exploit, upload the exploit to the server using upload function in PHP web shell.
  • Now we have to use Netcat to create a connection between our computer and the server PHP shell.
  • Open terminal and type the following commands and leave the terminal open. 
nc -n -l -v -p 31337

  •  In this step, we are going to connect our PHP web shell to the Netcat using back connect option in our PHP web shell.
  • After successful connection, we will get a command shell on the server or we can say terminal interface on the server.
  • Now we have to change the directory where the kernel exploit is uploaded.
  • After that, we type the following commands to compile the exploit. Here exp.c is exploit file and exp is output file.
gcc exp.c -o exp

  •  After compiling the exploit, now we have to run it.Type the following commands to run the exploit.
./exp



  • After running the exploit, you can check the root status using "id" command.


Video Tutorial

I have created a video for this tutoiral. 


Notes

  • It's only for educational purpose.

No comments:

Post a Comment

Share your problems but don't spam here