Penetrating
So now you might be wondering: Once the hacker finds the right exploit, how does he go about running it against the target and penetrating the server? This will all be explained in this chapter.
As you search Milw0rm or any of the other couple exploit database websites provided in this chapter, you will notice that the exploits are created in many different types of programming languages. Below I will list a few of the most common programming languages used, and how a hacker would compile and run them against a server.
PHP-
PHP exploits are very common. PHP exploit code usually starts with <?php and ends in ?> . Let’s say the hacker wanted to do some temporary damage to a server running FTP Server 0.9.20. If he was to search milw0rm he would come up with the following DOS exploit:
PHP
http://milw0rm.com/exploits/2901 and run it against the server. Below are the steps the hacker would take.
1. First the hacker would need to install PHP onto his computer. WAMP is a free web server that comes with PHP. If you are using a Mac then you must install MAMP . Next, paste the PHP exploit into notepad or any word processor and save it as “exploit.php”.
You will have to know a little PHP to edit the target address. On line 13 of this exploit you will see:
$address = gethostbyname(‘192.168.1.3’); here you will have to edit in the IP address of the target. Every exploit is different. Some you have to know what to edit and some have runtime instructions. Save this edited file into the PHP directory on your server that contains the PHP executable file. In WAMP the directory would be C:\wamp\bin\php\php5.2.5 , of course the last directory version number changes with newer versions.
2. Next open up the command prompt or terminal if you are using a Mac, and go to the PHP directory by using the CD (change directory) command followed by the directory location.
3. Now it’s time to run the exploit. To run it simple type in “php exploit.php” and hit enter. You should get a couple errors.
4. When skilled hackers create exploits, they sometimes insert mistakes or extra code so that script kiddies with no programming knowledge wouldn’t be able to use them. The above is a simple example. If you go to line 18 of this exploit , will see the line
$junk.=”../../../sun-tzu/../../../sun-tzu/../../../sun-tzu”;
This line was inserted to throw off the script kiddies and by simply removing it, the error will disappear. Just another reason why it’s helpful to learn how to program.
Also every now and then you will receive other errors such as the one the second picture shows above. These errors have to do with the server configurations. Now as a hacker, you have to learn a lot on your own. By going around asking simple questions like this all the time will make you look bad and the most common response you will receive: www.google.com . Google is your friend, so take advantage of it! So starting now, begin to use Google, and if you are still stuck, then you can ask help on community forums.
5. Once the errors are fixed and the program is running, a DoS attack will be launched the target website up until you exit the command screen. If the target server can’t handle much, you may be able to see the affect of your exploit by going to the site and clicking around. If it is working, the site will begin to lag and it’ll take a long time to load pages. Eventually the server may go down completely.
So now you might be wondering: Once the hacker finds the right exploit, how does he go about running it against the target and penetrating the server? This will all be explained in this chapter.
As you search Milw0rm or any of the other couple exploit database websites provided in this chapter, you will notice that the exploits are created in many different types of programming languages. Below I will list a few of the most common programming languages used, and how a hacker would compile and run them against a server.
PHP-
PHP exploits are very common. PHP exploit code usually starts with <?php and ends in ?> . Let’s say the hacker wanted to do some temporary damage to a server running FTP Server 0.9.20. If he was to search milw0rm he would come up with the following DOS exploit:
PHP
http://milw0rm.com/exploits/2901 and run it against the server. Below are the steps the hacker would take.
1. First the hacker would need to install PHP onto his computer. WAMP is a free web server that comes with PHP. If you are using a Mac then you must install MAMP . Next, paste the PHP exploit into notepad or any word processor and save it as “exploit.php”.
You will have to know a little PHP to edit the target address. On line 13 of this exploit you will see:
$address = gethostbyname(‘192.168.1.3’); here you will have to edit in the IP address of the target. Every exploit is different. Some you have to know what to edit and some have runtime instructions. Save this edited file into the PHP directory on your server that contains the PHP executable file. In WAMP the directory would be C:\wamp\bin\php\php5.2.5 , of course the last directory version number changes with newer versions.
2. Next open up the command prompt or terminal if you are using a Mac, and go to the PHP directory by using the CD (change directory) command followed by the directory location.
3. Now it’s time to run the exploit. To run it simple type in “php exploit.php” and hit enter. You should get a couple errors.
4. When skilled hackers create exploits, they sometimes insert mistakes or extra code so that script kiddies with no programming knowledge wouldn’t be able to use them. The above is a simple example. If you go to line 18 of this exploit , will see the line
$junk.=”../../../sun-tzu/../../../sun-tzu/../../../sun-tzu”;
This line was inserted to throw off the script kiddies and by simply removing it, the error will disappear. Just another reason why it’s helpful to learn how to program.
Also every now and then you will receive other errors such as the one the second picture shows above. These errors have to do with the server configurations. Now as a hacker, you have to learn a lot on your own. By going around asking simple questions like this all the time will make you look bad and the most common response you will receive: www.google.com . Google is your friend, so take advantage of it! So starting now, begin to use Google, and if you are still stuck, then you can ask help on community forums.
5. Once the errors are fixed and the program is running, a DoS attack will be launched the target website up until you exit the command screen. If the target server can’t handle much, you may be able to see the affect of your exploit by going to the site and clicking around. If it is working, the site will begin to lag and it’ll take a long time to load pages. Eventually the server may go down completely.
No comments:
Post a Comment