In this post, I'll try to show how to gain a root access through a web application. There are a lot of method to do that, this is one of them. The web application that will be used is DVWA(Damn Vulnerable Web Application). You can download it here.
- Start up your MySQL and Apache on backtrack.
type : #service apache2 start
type : #service mysql start
- Open DVWA on your browser
type : localhost dvwa
Login as usual, with the username: admin and password: password.
- and it's contents in dvwa
The vulnerability that I'll use to gain root access from this website is through its "command execution" Because a vulnerability in a web, this is the most dangerous feature to have. Hackers can get a shell without having to place a backdoor inside the server.
- Set the security level to medium. Because in my training advocated for this
- Lets try to do a normal command
- I'll use a local exploit on the system to gain the root access. Before searching the exploit, lets see what version of kernel the system running.
- Finally I look at exploit-db.com with keywords 2.6.39,
- and I found an exploit with the C language can be downloaded here
- after that, let's compile the c file it with the command: #gcc Mempodipper.c -o linux
- lets try to upload the exploit
- the file was not uploaded
- Lets try to add image extention into the exploit. I'll make it into linux.jpeg
- and upload again
- Good. Now, lets connect to the server using netcat to execute that exploit.
- Lets see if the exploit is correctly uploaded.
- Now, execute netcat on the dvwa on listening mode.
- Look on the bottom/status bar. The browser will wait for a connection. In backtrack's terminal type this. "nc 127.0.0.1 4321"
- lets to try execute
type : # ./linux.jpeg
- it's running, if you want to get root
type : su
#No limit to try harder
0 komentar:
Posting Komentar