API tools faq
paste
Guest User

FBI 0wned! 0day found by Lotus 1337

a guest
Jun 30th, 2015
370
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 2.75 KB | None | 0 0
raw download clone embed print report
  1. FBI LEAKED!! Hi guys this is L0TU5 1337 from IndoHackerTeam and we have found a 0day in fbi.gov which allowed to us to get access to their whole server. This was extremely difficult as they had many filters on and their CMS is closed-source so the exploit was both web-app and server based. We have shelled their server and hid and crypted our shells in many hidden directories which they will almost never find, we also made backups like saving senior agent's login's and adding more root accounts so if the files are found we can still have access.
  2. ==============================================
  3.            [!] SAMPLE LEAK [!]  
  4. ==============================================
  5. lisa.narendra@fbi.gov - ncuwn27874gtvdj
  6. akiraa79.williams@fbi.gov - Jdbopah2699jbdkii
  7. patrick1123us@fbi.gov - p@ssw0rds966684Agent
  8.  Rogers.birdchan@fbi.gov - 7Kgwkdfrs&1auikb7
  9. lisa.shirazi222@fbi.gov - m00re.lisa987
  10. thomas.jeanbee@fbi.gov - thomas.gancsoo00ario
  11. eddie.mahon@fbi.gov - jh2i888921bhuid
  12. deborah.coldwaterfish@fbi.gov - Iuk269g78a57athsd2
  13. pccebu.mcrae@fbi.gov - J8UY2hja9sh0rv
  14. jobsinworld@fbi.gov - Hnguaih^&*jsdk977
  15. Raul.roldan@fbi.gov - Bufg8^%^2jlor
  16. Tini.dswlmbt@fbi.gov - Hst99g&&92nj
  17. ==============================================
  18.  
  19. Small code of the 0day which was used. This will also be publicized as we don't think people will actually know how to use it, but we're grey hats.
  20. ===============================================
  21. 0xb5d9d87c is located 0 bytes to the right of 163964-byte region
  22. [0xb5d75800,0xb5d9d87c)
  23. allocated by thread T0 here:
  24.     #0 0xb72c3ae4 in operator new(unsigned int)
  25. (/usr/lib/i386-linux-gnu/libasan.so.1+0x51ae4)
  26.     #1 0x8340cce in xercesc_3_1::MemoryManagerImpl::allocate(unsigned int)
  27. xercesc/internal/MemoryManagerImpl.cpp:40
  28.     #2 0x8094cb2 in xercesc_3_1::XMemory::operator new(unsigned int,
  29. xercesc_3_1::MemoryManager*) xercesc/util/XMemory.cpp:68
  30. ==================================================
  31. All the data is here, there is users, emails, phones, addresses, names, badge numbers, documents, credit cards, etc etc. The data is compressed so the file would be faster. And the full 0day is there too, feel free to inspect it.
  32. ==================================================
  33. Download: OVER 100,000 users, pass, credit cards, and 0day: http://adf.ly/1HLBCb
  34. ==================================================
  35. Tutorial: In truth, the 0day took us a very long time to find and was very hard, considering their CMS is closed source we first went server sided and combined it with a web app based source code.
  36. ===================================================
  37. REQUIREMENTS:
  38. PHP (cURL needed)
  39. C
  40. Windows/Mac/Linux
  41. ===================================================
  42. L0TU5 1337 - OuT
  43. Greetz: PakCyberCrew - Dr.TU[N]A - Hmei7 - Gantengers Crew- d3b~x
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!