Hacking Via Hosting Provider. possible?

[ilgar2023]

 

Hello. I am newbie in hacking,pentesting,security.I want to know can some company's (CompanyA) server/servers can be hacked through vulnarable/hacked server/servers of another company(CompanyB) if both these companies hosted on the same hosting provider ? CompanyA and CompanyB are not related to each other. If this possible teoretically then how it can be done ? I would like to know fundamentals of this type of hacking.Thanks.

[digininja]

If two sites are hosted on the same server then getting access to the server through one site potentially gives you access to every site on the server.

[DramaKing]

22 minutes ago, digininja said:

If two sites are hosted on the same server then getting access to the server through one site potentially gives you access to every site on the server.

No it doesn't. If it did, then websites would get hacked all the time through malicious sites. Still, side-channel exploits using a VPS on a server vulnerable to Spectre/Meltdown could give you access to protected memory and thus able to inspect the processes running on the server. 

[digininja]

You are talking about sites on different hosts, I'm talking the same host. If you have two sites, both on different virtual machines, then cross site access becomes a lot harder.

I've done it plenty of times for sites on the same host, get RCE or LFI through site one and use it to compromise a second site.

On different virtual machines you need to look for things like trust relationships between the hosts. I've seen multiple machines all mounting the same file share which contains all the sites the company hosts.