TUCoPS :: Unix :: General :: exploi~1.txt

What are exploits, anyway?
 

    ############################################################################
    ############################## LEGIONS OF THE UNDERGROUND ##################
*********************************__ *********************_____ **** ____************
********************************/  /*********========***|___  /****/ ___/***********
*******************************/  /*********/ ___   /******/ /****/ /***************
******************************/  /*********/ /  /  /******/ /****/ /****************
*****************************/  /*********/ /__/  /******/ /****/ /*****************
****************************/  <______** /       /******/ <____> /******************
***************************<__________| /_______/ *****(________/********************
 
                         (http://www.hackersclub.com/lou/)     

--- Exploits ---

 Alot of people ask me about exploits, what they are, what they do, and how
they use them. Well, I'm writing this document to explain this for hopefully
my last time. It's just starting to bother me that I have to explain this
everytime I'm on irc, so i thought there should be a text explaining them.
Well, here it is.

                - miah

--- What is a ' Exploit ' ? ---

 Well to explain this simply, a Exploit is a program that 'exploits' a bug
in a specific software. All exploits are different, they do different things
exploit different bugs, thats why exploits are allways program specific.
 Exploits are made to get root on different operating systems. They achive
this by exploiting a bug in software when the software is running as root.
In UNIX type OS's, software may have to run as root ( or UID 0 ) in order to
perform a specific task that cannot be performed as another user. So basically
the exploit crashes the software while running as root to give you the beautiful
root prompt.

 Well, now that I've answered questions one and two, I'm going to move on to
question 3.

--- How do I use a exploit? ---

 Since exploits are coded in C 99% of the time, you need a shell on the box
you are going to use the exploit on, OR, you need to be running the same OS as
the box you are attempting to hack. So basically, you need to put the source
code, or the binary in your shell accounts dir, ( you want to use a hacked, or
a shell not yours for this :) ) to put it on your shell, you can ftp to your
account and upload it that way, or you can use rz if you are using a dialup shell.
either way, i shouldnt have to explain those to things to much, its pretty easy.

 Once you have the exploit on the box you just need to compile it. Usually you
would compile the exploit like so;

blah:~/$gcc exploit.c

 that should compile your exploit. However, be aware that some exploit coders
are sneaky pests, and like to pick on people who dont know C, so they will
sometimes insert bugs into the exploit, thus uninabiling it to be compiled. So
it does help to know C, when playing with C :)

 After the compiling is done, you should beable to just run the exploit and its
work will be done when you see the root prompt. however, not all exploits are
the same, and might require different commandlines to get them to work.
                 
--- Where can I get some exploits? ---

Well 2 of the best places i have found for exploits are

http://get.your.exploits.com

and

http://www.rootshell.com

they are both great resources of exploits and other information.

--- Conclusion ---

 Well, that pretty much explains everything ya need to know about exploits.
If you think I should include any other information just email me at the
address provided below.

miah@hackersclub.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH