Is there anny solution for this problem - Web Application Security

Hardcore-Gabber

I have uploaded a shell on a vbulletin forum ..

My problemi is that i cannot modifie anny of the files on the forum .. once i have modified a file on the forum and when i want to save the modified file i am gettin this error Can't write to file!

Also in the shell i am able to connect to the database but i cannot modifie anny data in the database i cane read it only ...

I am uid=99(nobody) gid=99(nobody) groups=99(nobody) on the server..

also i have tried to upload a new shell on the server but cannot...

I have succesfully uploaded a shell on a folder but cannot use it it says file not founde i have tried to chnge CHMOD but cannot..

The shell is GNY Shell ..

Is there anny program that cane connect to a databse if i know username database name password and port ?

Thanks ...

And sorry Semtex_primed for that signature i dont know why was suspicios the signature i am using that signature in all forums but now i have removed ...

Sh3llc0d3

You need a local root exploit as by the sounds of it your current usergroup permissions allow you to do nothing much, you would find one with the kernel version running on the server and a few google searches. Find out the kernel, GNY shell will definitely tell you it, I use r57 shell tho so wouldn't know where. Then search for the exploit to gain root/admin priviledges. Upload the exploit through GNY and then check your UID, it should now be "0" root.

What version of vbulletin is it just outta curiosity and how did you get access originally, sql? Sorry i'm nosey :P

Hardcore-Gabber

Is the Latest vbulletin i think ...

sorry i cannot tell you the forum name because is a verry big forum and i want to keep private the shell ..

I got acces by a vbseo exploit ...

The kernel version is 2.6.18-194.17.1.el5

and thanks for the quick reply .. you have answered to all my questions vrry fast .. i will tahnk you with someting .... just pm me if i cane help you with someting if i cane i will ....

Sh3llc0d3

No problem, I'm here to help where I can :)

chroniccommand

You don't have access. It seems as though the only person who has access would be root or the regular user. You would need a local root exploit as Semtex said. Once you root it you can do anything with it. I'd suggest modifying/wiping the logs after.

Hardcore-Gabber

Thanks ..

Founde some Local Root Exploit for this kernel version now i will try to root the server .. Thanks Semtex for the link ..

Sh3llc0d3

No problem, let us know if you need any further help.

Hardcore-Gabber

A bit of help with this exploit would be great ...

Please someone cane compile it for me .. because i am getting some errors when i execute it ,, i think i dont compile good ..

Thanks

chroniccommand

said:

A bit of help with this exploit would be great ...

Please someone cane compile it for me .. because i am getting some errors when i execute it ,, i think i dont compile good ..

Thanks

Which exploit did you use?
Give us more info or we can't help you!

Sh3llc0d3

Yeah if you post the exploit etc we can help :)

Hardcore-Gabber

This the exploit .

http://www.1337day.com/exploits/15065

chroniccommand

said:

This the exploit .

http://www.1337day.com/exploits/15065

Are you getting any errors when compiling? Provide more info. What are you using to compile?

Sh3llc0d3

Upload the file as "file.c"or whatever you want to call it onto the server, then use "gcc -o file file.c" then execute it "./file". This will give you root. You may have issues if the exploit is made in/for linux and you try compiling in windows.

Xin

Whats the kernel version it may be its the wrong exploit

Sh3llc0d3 · Sh3llc0d3 March 2011 Posts: 1,910 2.6.18-194.17.1.el5

2.6.18-194.17.1.el5

Hardcore-Gabber

This is the error that i am getting when i compile the exploit .. i a compiling in Linux on the shell that i have on the site ..

And This is the exploit that i am using

 creactiefhoevelaken&#46;nl/2&#46;6&#46;18&#46;194&#46;c

2.6.18.194.c:1: error: expected identifier or '(' before '==' token
2.6.18.194.c:2:8: error: too many decimal points in number
2.6.18.194.c:5:3: error: invalid preprocessing directive #Author
2.6.18.194.c:6:3: error: invalid preprocessing directive #Email
2.6.18.194.c:7:3: error: invalid preprocessing directive #Group
2.6.18.194.c:8:3: error: invalid preprocessing directive #Web
2.6.18.194.c:9:3: error: invalid preprocessing directive #Greetz
In file included from /usr/include/poll.h:1,
from 2.6.18.194.c:32:
/usr/include/sys/poll.h:58: error: expected declaration specifiers or '...' before 'nfds_t'
2.6.18.194.c:72:2: error: #error "r34d th3 c0d3 m0r0n!!# () #"
2.6.18.194.c:1808:3: error: "1337db.com" after # is not a positive integer
2.6.18.194.c:1808:38: warning: no newline at end of file

Sh3llc0d3

Why is it this bellend has written everything in leet speak. Grrr. It looks like you need someone to go through the source code, my C is not up to scratch that much to be going through a kernel exploit.

sangf

2.6.18.194.c:1: error: expected identifier or '(' before '==' token
2.6.18.194.c:2:8: error: too many decimal points in number
2.6.18.194.c:5:3: error: invalid preprocessing directive #Author
2.6.18.194.c:6:3: error: invalid preprocessing directive #Email
2.6.18.194.c:7:3: error: invalid preprocessing directive #Group
2.6.18.194.c:8:3: error: invalid preprocessing directive #Web
2.6.18.194.c:9:3: error: invalid preprocessing directive #Greetz

you should be copying from the first /* text before that is just that - text not source.

In file included from /usr/include/poll.h:1,
from 2.6.18.194.c:32:
/usr/include/sys/poll.h:58: error: expected declaration specifiers or '...' before 'nfds_t'

not sure, it's coming from one of the include files on the system you compiled on, don't know about it but maybe it'll fix itself if you fix the prior errors.

2.6.18.194.c:72:2: error: #error "r34d th3 c0d3 m0r0n!!# () #"

#define __i386__ // put this directly after the include statements (although i assume this was supposed to be added by gcc, maybe you are compiling with incorrect settings or under unsupported circumstances, are you compiling on intel x86 32bit?)

2.6.18.194.c:1808:3: error: "1337db.com" after # is not a positive integer

once again you included text which is not part of the source, it's the bottom line:
# 1337day.com [2010-12-05] <- remove me

Sh3llc0d3

All I'm gonna say in reply to that is... Damn! lol

chroniccommand

Mandi, many people will do that on purpose with exploits to make sure the user knows what they're doing. You need to learn how to compile using GCC and look through the source code for any errors.

Xin

Just compiled on a server i had and it ran / compiled perfectly, didn't root it though as it was a different version. Make sure you do what it says in the errors, add a line at the bottom, cut out the junk at top

Howdy, Stranger!

Top Posters

Who's Online (0)