Easy way to get root privileges, part 1.

Some hours ago i was asking for some help at the IRC channel of a really large hosting company. The IRC channel is not an official support channel for this company, but some admins and company staff are kind enough to be there in order to help people, etc.
And well, the following took place. Keep in mind that i have replaced both real nicknames and also any occurence of the company name for the sake of privacy.
Enjoy :)

[RandomKid] By the way, the cookies **Hosting Company** use are no good :(
[RandomKid] anther time why, I think they can be poisioned.
[RandomKid] Will try safari now.
[HostingCompanyGuy] why not just bookmark your control panel?
[HostingCompanyGuy] RamdonKid: weren't you the same person that thought you could get root access to a server just because of an "insecure" upload form?
[RandomKid] hmmm good idea
[DiegoMax] ...
* RandomKid doesn't think, me knows.
[HostingCompanyGuy] lol
[HostingCompanyGuy] still waiting for you to show me how
[DiegoMax] kids....

[RandomKid] HostingCompanyGuy, if you don't think this is possible, run a search on google of how image can be exploited to deface serveres. Its an old trick, and there are actually ready made scripts for kidz that still do it.
[DiegoMax] RandomKid, you really have no idea about what you are talking about, sorry man.
[HostingCompanyGuy] RandomKid: you're confusing "servers" with "websites"
[RandomKid] Not at all.
[HostingCompanyGuy] so please show me this old trick in action, then
[RandomKid] You can upload a one file php file that acts like a server.
[HostingCompanyGuy] then how do you execute it?
[RandomKid] It all depends fcouse of what access you set/have on the server.
* HostingCompanyGuy sighs
[DiegoMax] and you are assuming then that the admins on a large hosting company are assholes ?
[HostingCompanyGuy] your example was that you could gain root access to rlparker's server because of the script he was running
[RandomKid] They simply need to call http://victimesite/images/fakeimage.php.gif
[RandomKid] it will run the php file which is a server script.
[RandomKid] n rlparkers site I would do something else ;)
[HostingCompanyGuy] that's not true, RandomKid
[RandomKid] Whats not true?
[DiegoMax] but even if you get to run the php script, how you get root access ?
[HostingCompanyGuy] you can't execute a script that way
[RandomKid] If you giv me 30 min, I would providely living examples.
[RandomKid] Yes you can.
[HostingCompanyGuy] i'll give you an example right now
[HostingCompanyGuy] of it *not* working
[RandomKid] It works fine :)
[HostingCompanyGuy] http://nevr.net/test.php.gif
[HostingCompanyGuy] give that a shot
[HostingCompanyGuy] let me know how it executes for you
[HostingCompanyGuy] oh wait, IT DOESN'T
[brandoe] lol
[DiegoMax] lol
[HostingCompanyGuy] good try though, you elite hacker, you.
[RandomKid] http://yes.as/dh.gif
[RandomKid] only wors on IE...
[HostingCompanyGuy] lol
[HostingCompanyGuy] dude.. that's HTML
[HostingCompanyGuy] not actual code that you can execute
[RandomKid] DO we have a bet here?
[RandomKid] :)
* DiegoMax is saving this discussion for the laguhs book
[HostingCompanyGuy] good luck rooting a server with HTML
[RandomKid] If I am going to spend 30-60 min on showing you how an image can be exploited with a php script.
[HostingCompanyGuy] your browser has *nothing* to do with how code executes on the server
[HostingCompanyGuy] your browser just *renders* information
[RandomKid] That was a joke.
[brandoe] RandomKid, HostingCompanyGuy has yummy cookies for you
[HostingCompanyGuy] no it wasn't
[RandomKid] and its client side.
[HostingCompanyGuy] you just got owned.
[rawrly] your browser just *renders* information
[DiegoMax] client side, interesting
[DiegoMax] so you getting root to your own machine then ?
[RandomKid] IE brwoser side
[DiegoMax] i see, you're hacking yourself
[RandomKid] in olddays you could even run a cframe via IE...
[RandomKid] That was fun :)
[HostingCompanyGuy] oh my god
[HostingCompanyGuy] just stop
[HostingCompanyGuy] you're done.
[RandomKid] ?
[RandomKid] Didnt do nothing.
[HostingCompanyGuy] yeah. that's my entire point.
[RandomKid] And wil ot do anything unless explicitly requested...
[RandomKid] And paid :)
[HostingCompanyGuy] i'll keep that in mind when i need someone to hack a server in the future
[HostingCompanyGuy] since you've already demonstrated your elite skillz
[RandomKid] A php in cmbination with image can be used to take over servers.
[HostingCompanyGuy] okay :)
[RandomKid] I didnt demonstarte anything.
[HostingCompanyGuy] i know :)
[RandomKid] god :)
[HostingCompanyGuy]
[RandomKid] good
[RandomKid] If you want CV, I can provide you a nice one.
[RandomKid] But I am not a hacker
[HostingCompanyGuy] obviously
[DiegoMax] thats obvious.
[RandomKid] nor a cracker.


No comments yet, leave yours!.