Author Topic: Rooting a box  (Read 4084 times)

0 Members and 1 Guest are viewing this topic.

Offline youpi

  • Serf
  • *
  • Posts: 20
  • Cookies: -6
    • View Profile
Rooting a box
« on: December 30, 2013, 11:10:03 pm »
Hi everyone.


First of all, even though I am a new member on here, I would like to point out that I'm not a noob.


I know a lot about using linux, scanning systems with nmap, finding exploits, use SSH, set up and use VPNs, deal with disk encryption and all sort of shit.
I also used metasploit and meterpreter in the past on the Windows XP VM they give.

To the point, my "fetish" always has been to somehow compromise a linux box and get shell (root) access to it.


I would like to know if some people here are able to root say a few boxes a week, and if so, how do they go to find them.
Do you start from an SQLi ? And upload a shell ? I've been trying to find vulnerables websites with --os-shell and --sql-shell using sqlmap for 2 hours now with no luck.
Are there automated tools to find ?


By the way, if there's any hacking team / IRC Channel that would be kind enough to take me into, it would be great.
I have access to cheap host servers and big knowledge in Linux and C.


Thanks

Offline Phage

  • VIP
  • Overlord
  • *
  • Posts: 1280
  • Cookies: 120
    • View Profile
Re: Rooting a box
« Reply #1 on: December 30, 2013, 11:18:47 pm »
Everything you describe is what we call basic skills. And if you had "big knowledge" in Linux and C it wouldn't be a problem for you to achieve what you are talking about. Chill out, don't try to impress people with skills you don't have. It's really easy to spot that you have no way near the knowledge you claim to have.
"Ruby devs do, in fact, get all the girls. No girl wants a python, but EVERY girl wants rubies" - connection

"It always takes longer than you expect, even when you take into account Hofstadter’s Law."

Offline bluechill

  • Cybermancer
  • Royal Highness
  • ****
  • Posts: 682
  • Cookies: 344
  • I am the existence in these walls
    • View Profile
Re: Rooting a box
« Reply #2 on: December 30, 2013, 11:23:17 pm »
*laughs manically*

Sure you do.  Sure you do.

inb4 the flaming
I have dreamed a dream, but now that dream has gone from me.  In its place now exists my own reality, a reality which I have created for myself by myself.

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: Rooting a box
« Reply #3 on: December 30, 2013, 11:27:59 pm »
I'll just wait a few posts and see where this goes.
*lucid's finger hovers over the lock button
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline bluechill

  • Cybermancer
  • Royal Highness
  • ****
  • Posts: 682
  • Cookies: 344
  • I am the existence in these walls
    • View Profile
Re: Rooting a box
« Reply #4 on: December 30, 2013, 11:28:46 pm »
I'll just wait a few posts and see where this goes.
*lucid's finger hovers over the lock button

Don't lock this.  I sanction it.
I have dreamed a dream, but now that dream has gone from me.  In its place now exists my own reality, a reality which I have created for myself by myself.

Offline youpi

  • Serf
  • *
  • Posts: 20
  • Cookies: -6
    • View Profile
Re: Rooting a box
« Reply #5 on: December 30, 2013, 11:32:22 pm »
Sorry guys if I seemed to say like I'm the boss of the forums that nowhere near what I meant.


I was just pointing out my skills, because few years ago when I had'nt those skills and tried to get help on some blackhat forums people told me to learn C and unix.
In fact I just graduated in France as sys admin (which, I know, is way below the level of a pen tester). That's why I pointed those skills out.


I don't know how you can tell wether or not I have the said skills just by reading or writing my post.


So just forget the part where I tell about my skills and let's get on the other part: how to find vulnerable targets to achieve my goal ?
« Last Edit: December 30, 2013, 11:33:06 pm by youpi »

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: Rooting a box
« Reply #6 on: December 30, 2013, 11:32:37 pm »
Don't lock this.  I sanction it.
Lol fine. But if it gets too painful then you should do it  :P
« Last Edit: December 30, 2013, 11:33:08 pm by lucid »
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline Phage

  • VIP
  • Overlord
  • *
  • Posts: 1280
  • Cookies: 120
    • View Profile
Re: Rooting a box
« Reply #7 on: December 30, 2013, 11:33:53 pm »
Sorry guys if I seemed to say like I'm the boss of the forums that nowhere near what I meant.


I was just pointing out my skills, because few years ago when I had'nt those skills and tried to get help on some blackhat forums people told me to learn C and unix.
In fact I just graduated in France as sys admin (which, I know, is way below the level of a pen tester). That's why I pointed those skills out.


I don't know how you can tell wether or not I have the said skills just by reading or writing my post.


So just forget the part where I tell about my skills and let's get on the other part: how to find vulnerable targets to achieve my goal ?


1. WE DO NOT SPOONFEED PEOPLE!
2. That's easy when you seen enough of posts like this.
3. Prove me wrong then, show us what you got?
"Ruby devs do, in fact, get all the girls. No girl wants a python, but EVERY girl wants rubies" - connection

"It always takes longer than you expect, even when you take into account Hofstadter’s Law."

Offline youpi

  • Serf
  • *
  • Posts: 20
  • Cookies: -6
    • View Profile
Re: Rooting a box
« Reply #8 on: December 30, 2013, 11:36:12 pm »
I don't want to prove anything really please stop being rude/angry/raging/whatever.


I also don't want anyone to spoonfeed me like you say rather team work.
I came on this forum to get knowledge from others but also share mine. I thought that's how a forum works.

Z3R0

  • Guest
Re: Rooting a box
« Reply #9 on: December 30, 2013, 11:43:40 pm »
Here ye, here ye....

Look guy. Getting an unprivileged shell alone is an extremely rare thing to accomplish these days, let alone getting root. I'm sorry, but I do not think you have even the skills to do simple privilege escalation on your XP vm, or metasploitable WITHOUT using metasploit to do the dirty work for you.

Here are some things to consider: local privilege escalation exploits will in most cases not work (variety of reasons), and their effectiveness relies on how much information you enumerate from the system, and the inherent luck of the stars aligning in the solar system. If you really want to get the upper-hand of rooting boxes, look into things like exploiting cron jobs, changing environment variables, or even better yet...misconfigured services, or readable configuration files with passwords in plaintext.


Another thing, and this isn't just for the OP this goes for everyone...your effectiveness at owning any box is directly related to how much information you gather from it first. Automated "tools" can only help you to a certain degree, and the key to being effective at everything is being able to take the information you get from the tools, and use your brain to figure the rest out.
« Last Edit: December 30, 2013, 11:44:27 pm by m0rph »

Offline Darkvision

  • EZ's Fluffer
  • VIP
  • Royal Highness
  • *
  • Posts: 755
  • Cookies: 149
  • Its not a bug, It's a Chilopodas.
    • View Profile
Re: Rooting a box
« Reply #10 on: December 30, 2013, 11:50:21 pm »
First of all i will start this flame by stating:I'm smart enough to know i dont know linux well enough to do this to ANY newer linux system(hey i do know a few older methods, that i know for a fact were patched years ago...) so this is how i would root a linux system:
LEARN FUCKING LINUX SYSTEMS.


Oh my god. Thats fucking genius you say! How did i come by such a great idea you ask? Its how ALL of us learned to do this shit. We learned the base systems so we understood what the fuck was going on. People here dont just grab nmap and run it to pwn systems, we get nmap and run it because it automates a task that we know/understand and it makes it a little bit faster than doing it by hand, or coding our own. unless ofc it doesnt have a feature we want, then hey we code our own. I knew of nmap for 5 fucking years before i first downloaded it. yes 5 years. why you say would you not download a tool for 5 years? scared of it? no you fucking moron, i wanted to understand WHAT it was doing and WHY it was doing it before i ever so much as loaded it on a computer. In other words, when i loaded it i didnt need a god damn tutorial telling me what the modifiers on this or that command did, or WHY i would want to use them. i got it.


You do not seem to understand hacking, windows, or linux. Knowing how to load a program, or connect to a vpn is not exactly "high level" knowledge. its um whats the word for it? basic. yeah thats what im looking for, its basic level shit that a 5 year old can do. Now if you are actually interested, and i mean REALLY interested, you are going to have to go browse the site, especially the ebook section and learn a LOT of shit. I'm sorry but no one here is going to cuddle or coddle you. We got where we are in the same damn way, we sat down and learned it our damn selves. Now if you have a SPECIFIC question on something you dont understand but are trying to learn you will find this community a treasure trove and very forth coming. But we can not, and will not teach you "to compromise a linux box", we have (to continue the trend) "big knowledge" because we actually learned this shit on our own from books, from tinkering, and from head pounding our keyboards when something wouldnt go our way. You have done none of this, therefore you deserve none of our "big knowledge"


Its not often i can summarize something this long, in a sentence so short. Even less often that i can do it in one word, or even better, both.


Summary:RTFM.


p.s. uninstall every "tool" you have, you dont get them. DL them again when you do.
The internet: where men are men, women are men, and children are FBI agents.

Ahh, EvilZone.  Where networking certification meets avian fecal matter & all is explained, for better or worse.

<Phage> I used an entrence I never use

Offline youpi

  • Serf
  • *
  • Posts: 20
  • Cookies: -6
    • View Profile
Re: Rooting a box
« Reply #11 on: December 31, 2013, 12:02:22 am »
Here ye, here ye....

Look guy. Getting an unprivileged shell alone is an extremely rare thing to accomplish these days, let alone getting root. I'm sorry, but I do not think you have even the skills to do simple privilege escalation on your XP vm, or metasploitable WITHOUT using metasploit to do the dirty work for you.

Here are some things to consider: local privilege escalation exploits will in most cases not work (variety of reasons), and their effectiveness relies on how much information you enumerate from the system, and the inherent luck of the stars aligning in the solar system. If you really want to get the upper-hand of rooting boxes, look into things like exploiting cron jobs, changing environment variables, or even better yet...misconfigured services, or readable configuration files with passwords in plaintext.


Another thing, and this isn't just for the OP this goes for everyone...your effectiveness at owning any box is directly related to how much information you gather from it first. Automated "tools" can only help you to a certain degree, and the key to being effective at everything is being able to take the information you get from the tools, and use your brain to figure the rest out.


Thanks for taking the time to answer me.




As for the Darkvision, I just won't answer what you wrote.
I totally agree with you guys that most people just use exploits / metasploit / nmap and don't have any knowledge. That's not my case. I always try and want to understand what I'm doing, at the very least. And code it myself if I'm able to.


I really don't know why you guys took my head off after my first post. I know get the idea of what the forum is like and I must say I appreciate what you guys are telling in the previous posts.
You just seem to judge me a little fast.

Offline Phage

  • VIP
  • Overlord
  • *
  • Posts: 1280
  • Cookies: 120
    • View Profile
Re: Rooting a box
« Reply #12 on: December 31, 2013, 12:08:09 am »
BECAUSE YOU DON'T HAVE THE SKILLS YOU CLAIM TO HAVE!


You ask us to spoonfeed you, that's something we under no circumstances does! DarkVisions post pretty much explained why are acting as we do. We don't like skids. We don't like people who don't want to learn shit, just brag about what they can get tools to do for them. This is not a place you come to, to learn things you can brag about to your friends. We don't care about you not having any skills, we have all been there, but you do ******* not want to spoonfeed you.


Is it really so hard to get? To help you a little bit instead of just flaming. Read m0rph's post really carefully, at least twice. He gave you everything you need to help yourself along. There are quite a lot of keywords you can Google.
"Ruby devs do, in fact, get all the girls. No girl wants a python, but EVERY girl wants rubies" - connection

"It always takes longer than you expect, even when you take into account Hofstadter’s Law."

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: Rooting a box
« Reply #13 on: December 31, 2013, 12:41:00 am »
Alright alright. I think OP gets the point.

@OP - This is a rough place, I would take it with a grain of salt. My first posts when I joined this forum went somewhat similarly. In all honestly you really can learn a lot from this place so don't get scared off because we flamed you a bit. If I were you I'd lay low for awhile and look around the forum to get an idea of the mentality, as well as how we view hacking here. It's not really what you think it is.

tl;dr - Evilzone isn't for the faint of heart, but the knowledge is worth the rough environment.
« Last Edit: December 31, 2013, 12:43:22 am by lucid »
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Rooting a box
« Reply #14 on: December 31, 2013, 07:21:47 am »
tl;dr - Evilzone isn't for the faint of heart, but the knowledge is worth the rough environment.
Because that is what a hacker's life all about - frustration and salvation. All because we love doing it.
I hope OP got the idea, if not... I'm sorry for you. Oh and +1 to darkvision :D