 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
mysql to gain root previleges |
 |
 Posted: Wed Jul 23, 2008 11:28 pm |
 |
|
| badrh0 |
| Active user |
 |
|
| Joined: Jul 06, 2008 |
| Posts: 32 |
|
|
|
 |
|
 |
|
hello,
I've uploaded a shell on a server but unfortunately I have read-only on the most important pages 
But I heard that I can gain root access by putting the shell through SQL, and I have an access on phpmyadmin as root, so I'm sure that I can do something, but I don't know what and how !!! if anyone can help me 
thx |
|
|
|
|
|
Re: mysql to gain root previleges |
|
| Posted: Thu Jul 24, 2008 4:52 am |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| badrh0 wrote: | hello,
I've uploaded a shell on a server but unfortunately I have read-only on the most important pages
But I heard that I can gain root access by putting the shell through SQL, and I have an access on phpmyadmin as root, so I'm sure that I can do something, but I don't know what and how !!! if anyone can help me
thx |
Somebody lie to you.If you upload shell via SQL that give's you mysql mysql perm's not root. |
|
|
|
|
| Posted: Thu Jul 24, 2008 11:00 am |
|
|
| badrh0 |
| Active user |
|
|
| Joined: Jul 06, 2008 |
| Posts: 32 |
|
|
|
|
|
|
|
Hi,
So what can I do so ??? is there any solution for elevating my privileges ? |
|
|
|
|
| Posted: Thu Jul 24, 2008 12:15 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| You need local root exploit. Can you post here target system details, including kernel version? |
|
|
|
|
| Posted: Thu Jul 24, 2008 1:29 pm |
|
|
| badrh0 |
| Active user |
|
|
| Joined: Jul 06, 2008 |
| Posts: 32 |
|
|
|
|
|
|
|
Hi,
Here are the system details ....
| Code: |
Kernel version: Linux ************* 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686 i686 i386 GNU/Linux
Software: Apache/2.0.52 (Red Hat). PHP/4.3.9
Safe-mode: OFF (no secure)
MySQL 4.1.7
Open ports:
tcp 0 0 *:mysql *:* LISTEN -
tcp 0 0 *:76 *:* LISTEN -
tcp 0 0 *:sunrpc *:* LISTEN -
tcp 0 0 localhost:ipp *:* LISTEN -
tcp 0 0 localhost:smtp *:* LISTEN -
tcp 0 0 *:http *:* LISTEN -
tcp 0 0 *:ssh *:* LISTEN -
tcp 0 0 *:https *:* LISTEN -
Server API Apache 2.0 Handler
|
something else ? |
|
|
|
|
| Posted: Thu Jul 24, 2008 3:20 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Jul 24, 2008 5:42 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
Думаеш он сечет что ет такое?Я честно сомневаюсь.Послать он сервак в дауне ему удастся.  |
|
|
|
|
| Posted: Thu Jul 24, 2008 10:14 pm |
|
|
| badrh0 |
| Active user |
|
|
| Joined: Jul 06, 2008 |
| Posts: 32 |
|
|
|
|
|
|
|
Yes it's really very old !!!!! but unfortunately there is no gcc !!! and all exploits that I found are in C !!! So what can I do on this old version ?
| koko wrote: | | Думаеш он сечет что ет такое?Я честно сомневаюсь.Послать он сервак в дауне ему удастся. Laughing |
It's like 外交部:劝美国个别议员停用人权问题干扰奥运 答问 for me !!! |
|
|
|
|
| Posted: Thu Jul 24, 2008 10:27 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| You can set up test box with similar linux distribution and then compile and test exploits on test machine. And then just upload precompiled files to target server and try them there. |
|
|
|
|
| Posted: Fri Jul 25, 2008 3:48 pm |
|
|
| badrh0 |
| Active user |
|
|
| Joined: Jul 06, 2008 |
| Posts: 32 |
|
|
|
|
|
|
|
| waraxe wrote: | | You can set up test box with similar linux distribution and then compile and test exploits on test machine. And then just upload precompiled files to target server and try them there. |
Hi;
Am I obliged to compile them on the same version ? 'cause I tried to compile a hello.c on my machine (2.6.26) but the compiled file wont execute on the target server !!!!
Why you said "precompiled" ??!! |
|
|
|
|
| Posted: Fri Jul 25, 2008 7:40 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Of course this is no trivial task. If webserver admin was paranoid enough to delete c compiler, then it's obvious that rooting will be harder to accomplish.
You need knowledge and experience in linux/c above average.
That "Hello world" test program - did you got error messages? |
|
|
|
|
|
|
|
|
| Posted: Fri Jul 25, 2008 8:29 pm |
|
|
| badrh0 |
| Active user |
|
|
| Joined: Jul 06, 2008 |
| Posts: 32 |
|
|
|
|
|
|
|
| waraxe wrote: | Of course this is no trivial task. If webserver admin was paranoid enough to delete c compiler, then it's obvious that rooting will be harder to accomplish.
You need knowledge and experience in linux/c above average.
|
After some other tries I remarked that all these commands doesn't display anything !!!!
| Code: |
locate gcc ===> gives nothing
locate perl ===> gives nothing
|
but also 
| Code: |
locate php ===> gives nothing !!!!!!!!!
|
Which is surely wrong !!!!!
So what is the problem with my shell ?!!!!! other commands like
worked, so it is not a shell issue !!!
| waraxe wrote: | | That "Hello world" test program - did you got error messages? |
displayed nothing !!!!! |
|
|
|
|
| Posted: Fri Jul 25, 2008 8:40 pm |
|
|
| badrh0 |
| Active user |
|
|
| Joined: Jul 06, 2008 |
| Posts: 32 |
|
|
|
|
|
|
|
I looked at /usr/bin and gcc is present !!!
So why my commands didn't work ? why gcc didn't work ??? |
|
|
|
|
| Posted: Fri Jul 25, 2008 9:28 pm |
|
|
| lenny |
| Valuable expert |
|
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
| I doubt you have permissions... If the target is on a shared server then you are unlikely to be able to breach the server security unless you can find a pre-compiled exploit or compile it yourself on an identical (or as close to identical as you can) platform. |
|
|
|
|
| Posted: Fri Jul 25, 2008 9:56 pm |
|
|
| badrh0 |
| Active user |
|
|
| Joined: Jul 06, 2008 |
| Posts: 32 |
|
|
|
|
|
|
|
| lenny wrote: | | I doubt you have permissions... If the target is on a shared server then you are unlikely to be able to breach the server security unless you can find a pre-compiled exploit or compile it yourself on an identical (or as close to identical as you can) platform. |
Hi,
The server contains only two sites of the same organization.
Something strange happens each time I want to chmod my hello.pl/hello.c scripts, the dir in which they are included becomes unreadable for me !!! |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 75
Members: 0
Total: 75
