############################################################################ ############################## LEGIONS OF THE UNDERGROUND ################## *********************************__ *********************_____ **** ____************ ********************************/ /*********========***|___ /****/ ___/*********** *******************************/ /*********/ ___ /******/ /****/ /*************** ******************************/ /*********/ / / /******/ /****/ /**************** *****************************/ /*********/ /__/ /******/ /****/ /***************** ****************************/ <______** / /******/ <____> /****************** ***************************<__________| /_______/ *****(________/******************** (http://www.hackersclub.com/lou/) --- Exploits --- Alot of people ask me about exploits, what they are, what they do, and how they use them. Well, I'm writing this document to explain this for hopefully my last time. It's just starting to bother me that I have to explain this everytime I'm on irc, so i thought there should be a text explaining them. Well, here it is. - miah --- What is a ' Exploit ' ? --- Well to explain this simply, a Exploit is a program that 'exploits' a bug in a specific software. All exploits are different, they do different things exploit different bugs, thats why exploits are allways program specific. Exploits are made to get root on different operating systems. They achive this by exploiting a bug in software when the software is running as root. In UNIX type OS's, software may have to run as root ( or UID 0 ) in order to perform a specific task that cannot be performed as another user. So basically the exploit crashes the software while running as root to give you the beautiful root prompt. Well, now that I've answered questions one and two, I'm going to move on to question 3. --- How do I use a exploit? --- Since exploits are coded in C 99% of the time, you need a shell on the box you are going to use the exploit on, OR, you need to be running the same OS as the box you are attempting to hack. So basically, you need to put the source code, or the binary in your shell accounts dir, ( you want to use a hacked, or a shell not yours for this :) ) to put it on your shell, you can ftp to your account and upload it that way, or you can use rz if you are using a dialup shell. either way, i shouldnt have to explain those to things to much, its pretty easy. Once you have the exploit on the box you just need to compile it. Usually you would compile the exploit like so; blah:~/$gcc exploit.c that should compile your exploit. However, be aware that some exploit coders are sneaky pests, and like to pick on people who dont know C, so they will sometimes insert bugs into the exploit, thus uninabiling it to be compiled. So it does help to know C, when playing with C :) After the compiling is done, you should beable to just run the exploit and its work will be done when you see the root prompt. however, not all exploits are the same, and might require different commandlines to get them to work. --- Where can I get some exploits? --- Well 2 of the best places i have found for exploits are http://get.your.exploits.com and http://www.rootshell.com they are both great resources of exploits and other information. --- Conclusion --- Well, that pretty much explains everything ya need to know about exploits. If you think I should include any other information just email me at the address provided below. miah@hackersclub.com