HOW_TO_HACK_FH2.txt - Posted: March Fri 3rd 12:13 PM (Never Expires) - Format: text
  1. here is how we did it:
  2.  
  3. 1. create a new site or login to an old one
  4. 2. login and set sftp password
  5. 3. login via sftp and create a symlink to /
  6. 4. disable DirectoryIndex in .htaccess
  7. 5. enable mod_autoindex in .htaccess
  8. 6. disable php engine in .htaccess
  9. 7. add text/plain type for .php files in .htaccess
  10. 8. have fun browsing files
  11. 9. find /home/fhosting
  12. 10. look at the content of the index.php file in /home/fhosting/www/
  13. 11. find configuration in /home/fhosting/www/_lbs/config.php
  14. 12. copy paste database connection details to phpmyadmin login
  15. 13. find active users with shell access in /etc/passwd
  16. 14. look through the scripts and figure out how password resets work
  17. 15. manually trigger a sftp password reset for the user 'user'
  18. 16. connect via ssh
  19. 17. run 'sudo -i'
  20. 18. edit ssh config in /etc/ssh/sshd_config to allow root login
  21. 19. run 'passwd' to set root password
  22. 20. reconnect via ssh as root
  23. 21. enjoy

Enter new version of [ HOW_TO_HACK_FH2.txt ] :

Paste Options:

Recent Pastes:

240 days ago

10819

262 days ago

HOW_TO_HACK_FH2.txt

277 days ago

md5

278 days ago

a78a0

285 days ago

4d8a6

315 days ago

3b92e

1286 days ago

intro