Trending

Hacking a Web Server : Rooting A Linux Server


Hacking a Web Server : Rooting A Linux Server

This is the second article in server hacking series. I hope you guys enjoyed last articles. If you are new to this series I suggest you read last  articles. In this article, we will try to root the server.

I hope you know about root user on Linux server. For those who don't know what root is, Root is a super user on Linux server which has all the permission to all files and functions in the server.


THINGS WE NEED

  • A Linux Hacking Distro.
  • A vulnerable server.


    IDENTIFYING THE KERNEL VERSION

    • This is the first step of rooting the server.
    • In this step, we try to find out the kernel version and year.
    • To do that you have to visit your PHP web shell and look at uname. 

    • In my example, uname shows Kernal version 3.13.0-32 and year is 2014.
    • In you are using tools like Weevely, you have to type uname -a to get the kernel version and year.


    FINDING EXPLOIT FOR KERNEL

    • After finding the kernel version, we need to find exploit for this kernel. 
    • We will use Exploit-DB to find the kernel exploit.
    • Just open Exploit-db.com and click on search and enter the version number.
    • Now open any exploit available for that kernel.
    • Download the exploit code. 


    ROOTING THE SERVER

    • After downloading the exploit, upload the exploit to the server using upload function in PHP web shell.
    • Now we have to use Netcat to create a connection between our computer and the server PHP shell.
    • Open terminal and type the following commands and leave the terminal open. 
     nc -n -l -v -p 31337


    •  In this step, we are going to connect our PHP web shell to the Netcat using back connect option in our PHP web shell.
    • After successful connection, we will get a command shell on the server or we can say terminal interface on the server.
    • Now we have to change the directory where the kernel exploit is uploaded.
    • After that, we type the following commands to compile the exploit. Here exp.c is exploit file and exp is output file.
     gcc exp.c -o exp

    •  After compiling the exploit, now we have to run it.Type the following commands to run the exploit.
     ./exp


    • After running the exploit, you can check the root status using "id" command.

    Thank you for visiting Our Website. If you Getting any Problem or have a Question to ask related to this Article then Comment below i will respond to you With in 24 to 48 Hours . We Feel Happy to Help you.

    We Hope That You Liked this Article and  Please Share This Article  with your Friends and Family Members Using The Social Networking Icon Below. And Subscribe Your Website’s News Letter For Getting regular Updates Into Your Email Inbox About Latest Hacking Articles.