Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28

Thread: remote root Share/Save - My123World.Com!

  1. #11
    and Hackuin aap to mere lia god ke barabar ho ,reborn ne aap ke bare me bahot kuch bataya he

  2. #12
    Garage Addict 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    338
    Blog Entries
    3
    pince_indishell, you can reach us most of the time at (irc.freenode.net/6667 #g4h) or PM us

  3. #13
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Quote Originally Posted by prince_indishell View Post
    and Hackuin aap to mere lia god ke barabar ho ,reborn ne aap ke bare me bahot kuch bataya he
    dude, English please. It's not a "desi" forum.
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  4. #14
    I disagree. So it would actually depend on how you (the theoretical hacker) got that shell in the first place. For example, if the web site was vulnerable to SQL injection and through that you gained a shell then that shell would be running with the privileges of the running web service. So if the service has root privileges then so would you. You would never be connected to the system as the user account as this is an application created account not a system account.

    Again if you have file upload access then it will run with the privileges of the web service which may be root. For example if you upload a backdoor WAR file it will run with the privileges of the service and may indeed give you root access to the system. Many hacks are performed this way so no idea why 41.w4r10r said no.

  5. #15
    Garage Addict 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    338
    Blog Entries
    3
    @pete+the_ram, Most of the time service such as apache do not run under root, and if it is running as root then you dont even need to use any local root exploit as you already have root privileges and my answer was specific to prince_indishell question.

    as he already mentioned in his question:

    Quote Originally Posted by prince_indishell View Post
    suppose i am a hacker , i have hacked into a website and got a back connect on netcat
    but i will be that user who is the user of the site

    so to become root , i need some locale exploit and have to run it

    ...

    but what my thought was , instead of finding local exploit and compile it and run it
    so here, if he compile vulnerable binary and run it on server then in this case the vulnerable binary will run with the same privileges with website user so he will not be able to gain root access with this.

    hope your doubt got clear.

    if still have questions shoot them up
    Last edited by 41.w4r10r; 01-30-2013 at 10:56 AM.

  6. #16
    Well I hope I can clear up your doubt First Apache often runs as a privileged service. I know this as I have tested for over 8 years and find this often. I also stated that if you compromised a service with root then you would have root so made no mention of local exploits being required. However, this is besides the point. The initial question states "suppose i am a hacker , i have hacked into a website and got a back connect on netcat but i will be that user who is the user of the site "

    So lets focus on the actual scenario. If you compromise a web application and get a shell then you will be running with a service account, for example a DB user or the web service etc. You would NEVER be running as the user of the site.

    So the real problem here is potentially a badly worded question lol but if taken literally my reply is correct.

  7. #17
    Garage Addict 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    338
    Blog Entries
    3
    i think you never experienced chrooted server in your 8 years career in info sec(and if it is really the case then i guess you never got core targets)... also for your clear understanding i am not considering site user as Administrator account of the web site :P also the topic creator clearly mentioned that "suppose i am a hacker , i have hacked into a website and got a back connect on netcat" which clearly means he got web shell and i know what is the difference between Web Site User and Service User.. so dont think that every other guy than you is fool...
    or may be i am not understanding what you wanna say..

    do you want to say that getting a web shell on any server makes you root user of the server?
    Last edited by 41.w4r10r; 01-30-2013 at 11:05 PM.

  8. #18
    I think you are trying to put words in my mouth. Just because I said I have found many which ARE running as root does not mean I have not found others which are not or which are chrooted. That is called conjecture. I have found many which are - a simple statement which does not need to be attacked. I had two customers in last 6 months who were compromised from leaving admin pages open with default creds and attackers uploading backdoor shells. They both ran with high level privileges.

    My point is the intial question is phrased incorrectly as he mixes the user of a connect back shell and having a web user account. I trust you know the difference but it seems he does not and hence was trying to point this out.

    I do think you are not understanding and should drop the attitude as I am trying to help.

  9. #19
    Garage Member
    Join Date
    Sep 2010
    Location
    Chennai
    Posts
    83
    Blog Entries
    1
    Quote Originally Posted by pete_the_ram View Post
    Well I hope I can clear up your doubt First Apache often runs as a privileged service. I know this as I have tested for over 8 years and find this often. I also stated that if you compromised a service with root then you would have root so made no mention of local exploits being required. However, this is besides the point. The initial question states "suppose i am a hacker , i have hacked into a website and got a back connect on netcat but i will be that user who is the user of the site "

    So lets focus on the actual scenario. If you compromise a web application and get a shell then you will be running with a service account, for example a DB user or the web service etc. You would NEVER be running as the user of the site.

    So the real problem here is potentially a badly worded question lol but if taken literally my reply is correct.
    I wonder why apache should run as a privileged process? Yeah if it runs as a web server it needs to bind to port 80 which is below 1024 therefore is privileged, after that it no longer needs to hold the root privilege which is why it forks all the incoming connections as processes with regular privileges.
    Last edited by sebas_phoenix; 01-31-2013 at 12:46 AM.

  10. #20
    @pete , 1) i'm a dam noob and also not professional , so don't know technical word

    i used netcat backconnect word cause i wanted to say that i have atleast some permission on server

    now , i just got a small dipper idea again ,

    i know y some services are remotely vul , that is cause of programming error , or mostly due to some one file only

    so what do we do ? we check which services are running , then find which which service was remotely vul and change that particular file which made it vulnerable ?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •