Requirements


The following are the materials you’ll need before starting:
1. A PHP Shell (Preferably WSO or Ani-Shell which can be downloaded from Sourceforge or Google)
2. Netcat
3. A port forwarded router (To be able to back-connect to your shell hosted on your target)
4. An exploited target (or a server)
5. An exploit (Public or Private)

Steps


First step


You need to be able to gain remote control of your server/target. To get started, make sure you have a PHP shell uploaded on the your target’s server. A screenshot of a shelled target can look something like below:
Cn5xx.png
Obtain the IP address of your target as you would need it to perform back-connection. Once you have the IP address noted down, navigate your way to the “Network” section of the shell.

Second step


While on your shell in the “Network” center, we’ll be using the “Bind Shell” method to establish a connection between our computer and your target.
A screenshot below is an example of how it looks like:
stEw2.png
Enter your opened port number in the input port box.

Third step


Now let’s move on to o

ur computer and start setting up our connection.
Download Netcat and navigate to the extracted folder using Command Prompt.
A demonstration of how it looks like below:
dDART.png
Enter the command in this format:

Code:


Fourth step


Go back to your shell and click the connect button located beside the port input box.
Once that’s done, execute the command in your command prompt to establish a connection..
If successful, you should be able to execute Unix commands.
Some of the unix commands are below:
1. ls (lists files in current directory)
2. uname -a (displays the kernel version of the server)
3. whoami (displays the current user)
4. wget (remotely downloads file specified by a URL)
You can find more by going on here: http://fosswire.com

Fifth step


Now, we’ll be using our command prompt to download the exploit remotely using “wget”.
Your command should look something like this:

Code:


Sixth step


After download the exploit zip file, use the following command to extract it.

Code:


Once that’s done, we’ll be giving full permissions to the file by chmodding to 777

Code:


Last step


If everything done above is succesful, you should be able to run the exploit like so:

Code:


If successful, you should be able to be root.
To check, just enter “whoami” or “id”

Video Example

That’s just the basics of how to root. Sooner or later, I’ll be able to teach you guys how to perform more actions when owning a box and that includes compiling, bypassing and enumerating.
Also, will be showing you a tutorial on how to root via bruteforcing the root user credentials.

Anyways, hope you learned from this tutorial.
I’m ZeroFreak, also known as ZentrixPlus from http://zentrixplus.net
Thanks for viewing this article and have a nice day.

What Do You Think on This ? Say Here