Results 1 to 7 of 7

Thread: Remote root from ftp

  1. #1
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    14

    Default Remote root from ftp

    Hi
    I am doing a pen-test on one of my machines. I pretended I managed to get an unprivileged users password (e.g. from an sql injection attack) and im wondering now if its possible to get a remote root shell from this.

    I thought maybe I could upload netcat and change my .bashrc to start a shell when I next log in, but this wouldn't be much use as its an unprivileged user

    Any ideas?

  2. #2
    Just burned his ISO bluster's Avatar
    Join Date
    Dec 2007
    Posts
    22

    Default

    I'm not a hacker or cracker or what they call it, but..Reading your post subject and
    post i understand that you have server instaled in your "victim" machine (you are talking about sql inj and ftp stuff). You can analize your server applications or files, get apps versions,analize source code, see if there are some bugs for buffer or stack overflow or another vulnerabilities. Check if your "user" is privileged to inserts modules, if so then you can write some setgid and setuid hooking modules. If it is server(i understand it is), try to use php sockets to get yourself remote dynamic shell. There is a lot of stuff you can do. Bashrc will not help you with anything Can you handle it? And if its not your serv just leave it alone, my advice

  3. #3
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    14

    Default

    Thanks for the reply,
    I can manage to get app versions etc, and since I know the directory structure I would be able to get source code as well. Unfortunately though, my programming skills are limited to visual basic (lol) so analyzing code and writing modules is an unknown area for me.

    You talk about using php sockets to create a shell. How would I go about doing that? I don't mind doing some research because that helps me learn but I wouldn't know where to start.

  4. #4
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default shell

    if you have a shell on the system you can try local privilege escalations ( mostly old lib's or kernels )

    what you are looking for is old versions of software installed as root on the system that are vuln ..

    check to uid's http://rmccurdy.com/scripts/find_setuid.txt

    php shells you can download by the millions... c99shell r57 ..

  5. #5
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    14

    Default

    Thanks for the help guys I think this has pointed me in the right direction.

  6. #6
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    6

    Default

    Here are some shells i've found. Php and ASP shells are included.

    Total shells: ~50

    Link: h-ttp://rapidshare.com/files/124333843/SHELLS-Superpack-PW_-1234.7z.html

    Delete the "-" to get a functional link.

  7. #7
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    14

    Default

    Cheers dude

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •