Server Exploit (local exploit)

This time I will write about the exploit servers, the exploit I do over the web is there in, and the web has vulner. I did the following steps:
 
First, I did a scan of the web to find out what applications are used, and I get the web using wordpress and xampp server applications, since both use the latest version so I do not get vurner.

Second, I find that there are vulner used in gadgets, and I found a gadget for the vulner ping an ip, after my tests I found that I can run a variety of commant therein.


Third, I wrote commant that serves to download a backdoor that I had prepared. and my backdoor successful entry into the web.

Fourth, after a backdoor embedded it is time to find where the location of the embedded backdoor, it's not hard to do because we can use the vulner commant execution had to look for it. after found it, I open the backdoor.
until here we have installed a backdoor on the web, and it is time to install a backdoor on the system.

Fifth, I find out the kernel used by the system and then find suitable local exploits in exploit-db, and I found it.

Sixth, I run the local exploit that I have gained so that I gain root access,,,,,,
as we have seen, root access can do anything, including open ports so that we can back to a system through the backdoor without the web. 

Comments

Post a Comment

Popular posts from this blog

Authorization Testing

Image
1. Testing for Path Traversal First, we test if it is possible to find a way to execute a path traversal attack and access reserved information About input vector: 2. Testing for bypassing authorization schema This kind of test focuses on verifying how the authorization schema has been implemented for each role/privilege to get access to reserved functions/resources. 3. Testing for Privilege Escalation During this phase, the tester should verify that it is not possible for a user to modify his or her privileges/roles inside the application in ways that could allow privilege escalation attacks.
Read more

Bypass HTML Field Restrictions

This time I learn about Bypass HTML Field Restrictions. I bypass the html form . In order to pass this lesson , I must submit the form with each field containing the value of unallowed . I have to submit an invalid value for all six fields in one delivery form provided . that is : select field which has two choices , radio button which has two choices , input field which retricted to 5 character, and disableinput field with a form that can not be filled . And this some way that I have tried to bypass it : First I submibt that form as usual and I did not find any change Then I tried to intercept request by webscarab, I change values that not provided there. but I not find any changes too. I studied again after it there are only 5 fields in the request when the procedure mentioned there are 6 fields . then I add a new field that is itself disableinput field , the parameter I get from the source web page . but I not find
Read more

Grabbing Proxy With Selenium and Python

Image
Selenium is automated browser that can be controlled by script. Selenium support for many programming language like Java, csharp, python, ruby, php, perl, and javascript. This simple script for grabbing proxy list from freeproxylist.net website created with python. 1. Install python selenium        # apt-get install python-pip        # pip install selenium 2. Download browser driver     Chrome : https://sites.google.com/a/chromium.org/chromedriver/downloads Edge : https://developer.microsoft.com/en-us/microsoft-edge/tools/webdriver/ Firefox : https://github.com/mozilla/geckodriver/releases Safari : https://webkit.org/blog/6900/webdriver-support-in-safari-10/ Chose favorite browser you want. 3.  Run this script import os from selenium import webdriver from bs4 import BeautifulSoup from selenium.webdriver.common.keys import Keys chromedriver = "./chromedriver" # replace with your browser driver os.environ["webdriver.chrome.driver"] = chromed
Read more