[kertiman06]

Hi people,

May be the question sounds wierd, but i'd like to know what a hacker might want to do/get once he took over a server (after he got read/write file system accessed, and data base owned) im not talking about defacing or useless stuff like that. but hows a takken over marchine could be usefull for grey hat hackers ?
i thought may be:
-spam email sender
-malware hosting


what else ?

[chmod]

There's a lot that can be done with a compromised system for one it's an an anchor point into into the network meaning it can be used to locate and attack other systems, bypassing the router's firewall as it comes from inside the network and therefore trusted. There's also the ability to upload or download files view and modify configuration files you could also add it to a botnet or whatever else you want a rooted machine becomes your machine in a a sense.

[kertiman06]

Thanks chmod for the answer,

How to get root on a server from the current php privilege ? do you have some reading about this ?
because i guess that doing everything you said require the root privilege isnt it, so lets say the guy got his uploadform and file-explorer php up on a machine, what are the few next step to get privilege escalation ?

[chmod]

Thanks chmod for the answer,

How to get root on a server from the current php privilege ? do you have some reading about this ?
because i guess that doing everything you said require the root privilege isnt it, so lets say the guy got his uploadform and file-explorer php up on a machine, what are the few next step to get privilege escalation ?

This is a very broad question, yes you would need root privileges but getting this would depend on how the server is set up, what services are running (and exploitable) and the the security set up. As for reading there is plenty of choice right on this very forum try the the hacking tutorial and the website exploits categories.

[UnKnowN112]

Thanks chmod for the answer,

How to get root on a server from the current php privilege ? do you have some reading about this ?
because i guess that doing everything you said require the root privilege isnt it, so lets say the guy got his uploadform and file-explorer php up on a machine, what are the few next step to get privilege escalation ?

This is a very broad question, yes you would need root privileges but getting this would depend on how the server is set up, what services are running (and exploitable) and the the security set up. As for reading there is plenty of choice right on this very forum try the the hacking tutorial and the website exploits categories.

i agree with chmod, its a vast area to cover.. but if you possibly need privilege escalation try MetaSploit should help you all the way through if you have a vulnerable program running on your victim's pc

[kertiman06]

there is no website exploit category, the section hacking tut is a whole melting pot of threads

[chmod]

Website exploitation is here there are a tonne of threads there but that's the point I was making in my previous post, there is no one technique or step to gaining access to anything.

[kertiman06]

however i found bunch of tuts that all describe the same thing:
I gotta run netcat to listen on a port
i gotta upload a php-reverse-shell.php and launch it with correct IP/port, to connect to my listener netcat in order to get a console
then, using the kernel version i gotta find a public exploit type privilege escalation, hoping that it works
and i gotta upload that exploit, tip few commands, run it and hopefully i'll be root
i gonna try this on my VM

[kertiman06]

without gcc there is no way to root throught that method right ?
i looked up for installing gcc without privilege, and for any tips about getting root without gcc but i got poor result
any suggestion ?

[RaccoonCity_mybb_import13707]

They can spread their virus on the website. If you would imagine Google getting hacked, instead of defacing the website he can just spread his virus and change download links out to his own virus, etc. I hope you understand!