Untitled

The Hacking of ProjectPokemon
#############################

We were the ones who hacked Project Pokemon. What we did was for nothing more than entertainment.

"I blame Team Skull. They knew we could arm an army of young trainers with hacked Pokemon, so they launched a preemptive strike." <- We have nothing to do with "Team Skull" and neither do we care for Pokemon.

Message history with the individual who initially exploited the site, several months ago:
#########################################################################################

Savior: You should give em a write up. Why the fuck not.
Savior: You can give them my name
Savior: Savior
Savior: idc
Savior: Just tell them the truth.
Savior: How it was hacked..
Savior: Every site I hack
Savior: I document.
Savior: phpinfo
Me: Show me.
Savior: SQL db info
Savior: Screenshot shit
Me: Show me and I'll consider making a post on GBATemp about it
Savior: Quote this
Savior: "This was not a targetted attack"
Savior: "Simply dorked by google"
Savior: This was done with the forumrunner exploit
Savior: We got the admin hash:salt from SQLi within forumrunner.
Savior: once cracked
Savior: You can log into the admin control panel and add new plugin
Savior: ajax
Savior: Which would give you RCE on ajax.php
Savior: That would allow you to futherly shell the server and posssibly even root.
Savior: Also
Savior: Since it was time based blind
Savior: SQL injection
Savior: We just sql shelled
Savior:    `SELECT username, password, salt FROM pporg_forums WHERE usergroupid = 6;`
Savior:    `SELECT username, password, salt FROM pporg_forums WHERE displaygroupid = 6;`
Savior: Since it's vB.
Savior: usergroupid of admins is 6
Savior: Meaning only the admin entries have to be dumped.
Savior: Since it's Time Based Blind you don't want to have to dump much using the SQLi.

After gaining initial access, we installed a backdoor and was able to execute commands remotely and attempted to gain elevated access, which is why ProjectPokemon.org suffered from a kernel panic several days prior to writing this. This is when the site first went offline. After the reboot, we replaced the forum link to one that redirects to a docking photo, which was quite amusing to our sick minds.

Once that was fixed, we still had command execution and realized that we were restrained by new file permissions, so we took our final laugh and ran `rm -Rf /*`, which deleted anything we had permission to and ultimately broke projectpokemon.

Let this be a lesson to those running a website: Quit being a lazy fuck and patch your system. The exploits we used were out for several months yet no one bothered to do anything about it, leaving them vulnerable to attack.

Part of the SQL database, proving that we are not bullshitting:
###############################################################

SCV:scv@projectpokemon.org::fe74a220a561ed279743d6453276f008:mbzR^?~5gAm0}|x=Fs<C}b\TJ-x\*v
fenzo666:fenzo666@gmail.com:74.14.6.89:207effe41f45f3cd9ccd6f0245cf70b2:>xeo~
Sabresite:Sabresite@projectpokemon.org:69.230.87.86:cc14a4c1b4a40cd098af4232186edc27:<IZ?VM@G*)Fs/h9M\P+L(2'IpmE2[j
coolbho3000:coolbho3000@gmail.com:68.40.197.26:c33b0dfa174d5dee980f17d712ad863d:u4af!?"zJ!KV./#BYV4|qYq2_MRhx0
Poryhack:poryhack@poryhack.com:97.86.228.167:3db5fb8a970d1ba27da57535e71bde1b:lXfgP=?!p'e1WY/\*N7W!aA00:t5.x
Soldjermon:MarioBrothers708@msn.com:98.202.155.76:174c89fe7e32d3c752499917ff68265c:Cdlaljm2-\vC%_Zqp7x@N3r?e$W8TS
Greencat:greencat@projectpokemon.org:63.110.16.2:9916a38fd14c73d2073e5efb06b551f5:?WHvpbn#u90SkzQ681(gM\OFb2B@nW
Protokoll:adamwn@gmail.com:66.31.63.205:7c0694b10eccc253990f5cb09d1960ca:\OVB*

I had wanted to take this personally to GBATemp and explain it better, but I am far too impatient to be waiting for an account verification by the Administrator. The owners of ProjectPokemon deserve the truth, so there it is.

By the way, I found some Anime in pokesplash's account, named "Panty and Stockings with Garterbelt". LOL.