Exploits How To Exploits
Exploits
Alot of people ask me about exploits, what they are, what they do, and how they
use them. Well, I'm writing this document to explain this for hopefully my last
time. It's just starting to bother me that I have to explain this everytime I'm
on IRC, so i thought there should be a text explaining them. Well, here it is.
What is an ' Exploit '
Well to explain this simply, an Exploit is a program that 'exploits' a bug in a
specific software. All exploits are different, they do different things and
exploit different bugs, thats why exploits are always program specific. Exploits
are made to get root on different operating systems. They achieve this by
exploiting a bug in software when the software is running as root. In UNIX type
OS's, software may have to run as root (or UID 0) in order to perform a specific
task that cannot be performed as another user. So basically the exploit crashes
the software while running as root to give you the beautiful root prompt.
Well, now that I've answered questions one and two, I'm going to move on to
question 3.
How do I use an exploit?
Since exploits are coded in C 99% of the time, you need a shell on the box you
are going to use the exploit on, OR, you need to be running the same OS as the
box you are attempting to hack. So basically, you need to put the source code,
or the binary in your shell accounts dir. (you want to use a hacked, or a shell
not yours for this) To put it on your shell, you can FTP to your account and
upload it that way, or you can use rz if you are using a dialup shell. Either
way, i shouldnt have to explain those to things to much, its pretty easy.
Once you have the exploit on the box you just need to compile it. Usually you
would compile the exploit like so:
blah:~/$gcc exploit.c
That should compile your exploit. However, be aware that some exploit coders are
sneaky pests, and like to pick on people who dont know C, so they will sometimes
insert bugs into the exploit, thus disabiling its ability to be compiled. So it
does help to know C when playing with C.
After the compiling is done, you should be able to just run the exploit and its
work will be done when you see the root prompt. However, not all exploits are
the same, and might require different command lines to get them to work.
Where can I get some exploits?
Well 2 of the best places i have found for exploits are:
http://get.your.exploits.com
and
http://www.rootshell.com
they are both great resources of exploits and other information.
Conclusion
Well, that pretty much explains everything ya need to know about exploits. If
you think I should include any other information just email me at the address
provided below.
miah@hackersclub.com
... texts ...
(
geocities.com/eljehad1)