Announcement

Collapse
No announcement yet.

Rooting With your eyes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rooting With your eyes

    The highest access you can gain on any *nix based operating system is
    root. On this account you can do many things that you cant with any
    other account! In this tutorial i will explain how to gain access to
    this account by just using your eyes.

    The biggest weakness in any system is the stupid bugger that is running
    it. They are prone to write things down that they should not, use the
    same password for everything and configure things wrong.
    So keeping that in mind lets look around the server.

    You are looking for things such as mysql connection scripts. These are named things like config.php , configure.php , db.php and db_connect.php. Look at these and they will usualy have the connection details to that users mysql account!

    If this is a hosting company you are not really that interested
    in the many users that only have minimal permissions over there own
    sites you are interested in the webhosts site.

    So execure the comand “cat /etc/passwd” (without the quotes) and then look for an entry with normally the first eight letters of the hosting company’s domain. then with your shell navigate to there directory. Then go to there site and
    have a look around. There will most probably be an automatic account
    creation script or controlpanel login script on there main site.

    You will need to make note of the directory that the script is in and then
    go back to your shell. Now navigate to the directory and look for files
    that may contain details to the hosting database. If the server owner is
    as stupid as they come this will be the connection details for root
    mysql which means you have control over all databases on the server if
    not you can just connect to the the accounts database.

    If the server owner is stupid the passwords will be stored in plain text. This means
    that you have access to all accounts on the server! Now on with the
    rooting, we need to find the admin’s password if it is stored in the
    database with the accounts in that is us done just login through the
    control panel and you got root cp on the server.

    There are different approaches if the host is not setup like this! Most
    hosts have support forums these days and all main
    stream forums software saves the database password in plain text so we
    can be sure we will be able to connect to that. If they are using phpbb
    which many are hashes are unsalted which means you can use any regular
    md5 cracker to gain the plain text of the hash.

    Now download putty if you are on windows or if you are in linux use ssh -l root and try the password that he uses on the forums. If you can’t crack it or it is not he same next we have to look arround again. Most hosts like to backup
    there stuff so that if things go wrong they can restore what they have.
    Well to do this scripts need passwords so look for mysql and ftp backup
    scripts and test the passwords they contain.

    If all this fails you have one last ace in your hand. Social enjiering! This can be done many ways and I am not going to explain it now but all im going to say is that in your travels arrount his server you should have gained alot of
    information about him so try out different things such as emailing other
    members of the team from a fake mailer saying that he is going away and
    and needs the password to his account on the control panel sent to his
    private email address and so on.

    I would tell you about local root exploitation but then that would not be using
    your eyes would it!

    If all this fails go look for another server!
    Don't Forget To Say Thanks
    Don't Let The Post DIE ... REPLY !!

  • #2
    Re: Rooting With your eyes

    nice share........

    Comment


    • #3
      Re: Rooting With your eyes

      Thanks for this superb post!!!

      Comment

      Working...
      X