Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: remote root Share/Save - My123World.Com!

  1. #1

    Lightbulb remote root

    first i tell you that i am not a pro hacker nor have knowledge of networking , so please forgive me if this question is silly

    i just know some basic hacking and have done CEH only

    so yesterday one of my friend who is a web developer gave me his web app to see if it's hackable or not

    and while testing suddenly an idea came to my mind

    suppose i am a hacker , i have hacked into a website and got a back connect on netcat
    but i will be that user who is the user of the site

    so to become root , i need some locale exploit and have to run it

    ...

    but what my thought was , instead of finding local exploit and compile it and run it

    we may upload an application on that site , which is made by us and can be exploited , then we just exploit that service / application / file remotely and by some shell codes i get root on server

    so is it possible guys ? i don't know much about exploit writing so don't know if it works or not

    also , installing service also needs root , so we may not install vulnerable service in linux , but what about windows server ? can we use this method to gain administrator ?

    i'm not a black hat , it's just a thought , it's like a discussion so please not reply like we do not support black hat

  2. #2
    Garage Addict 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    338
    Blog Entries
    3
    Hi Prince,

    see the basic says that to get root access or to reach to system privileges you need to exploit service which is running as root privileges so any other process executed by that process become root privileged process...

    lets say when you execute local privilege exploit, what that exploit do is it exploits vulnerability in some modules, application, service which is run under root privilege and you get shell with the same privilege.

    so lets say if you upload any self created vulnerable application run that application on target machine and then exploit it.. in this scenario as you are having normal user privilege so vulnerable application which you created --> run --> exploited will have the same privilege of yours so again you will get the same privilege and not root privileges.


    so i am afraid your idea will not work in this scenario...

  3. #3
    Network Security Administrator Hackuin's Avatar
    Join Date
    Apr 2011
    Location
    10011001 10011001
    Posts
    104
    This remind me, the ironic situations.
    Name:  how.jpg
Views: 5688
Size:  24.3 KB
    "Free software" is a matter of liberty, not price. To understand the concept, you should think of "free" as in "free speech," not as in "free beer."
    "Microsoft is not the answer. Microsoft is the question. NO (or Linux) is the answer."
    "Ubuntu - Linux For Human Beings."

    Currently reading books:
    Integrating Forensic Investigation Methodology into eDiscovery -- by Colin Chisholm.
    Digital Forensics with Open Source Toolss -- by Cory Altheide && Harlan Carvey.

  4. #4
    i know this concept but still i have doubt that some how this is possible .

    and also , what about windows servers ?

  5. #5
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Quote Originally Posted by prince_indishell View Post
    i know this concept but still i have doubt that some how this is possible .

    and also , what about windows servers ?
    That's a nice one Hackuin

    prince_indishell, 41.w4r10r has given perfect explanation to your question/doubt. And the concept is applicable to all o/s, be it linux or windows.
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  6. #6
    good answer !! can any1 help me in finding local exploits for linux and how to execute them ??

  7. #7
    i know this all , but still i can not forgot that all users , all services are running on same computer ,

    so there must be some way to hack with my method , not 100 % same method , but some thing same like my method

    cause i know , before some years , i asked people that we hack into one site and then we can hack other site on same server without root , and all said it's not possible without root , and today we all know about symlinking and hacking another site from some different site ...

  8. #8
    Garage Addict 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    338
    Blog Entries
    3
    prince_indishell, we can understand what you want to say... yes may be it will possible in future, may be some new technique will come, may be not... but as of now there is no such known method available...

  9. #9
    i know there is no technique now , that's y ask here , you guys are pro here , you are the only one who can find this way

    i know hackuin bro , hats of to him , my posts are low so can not pm him , will pm him ,

  10. #10
    41.w4r10r , can you be my friend ? muje bhi kuch sikhne ko milega

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •