Police.gov.bd hacked by AnonPassion

1. _ _ _ ___ _ _ ____ _ ____ ____ ___ ___ _ _
2. / \ | \ | | / _ \ | \ | | | _ \ / \ / ___| / ___| |_ _| / _ \ | \ | |
3. / _ \ | \| | | | | | | \| | | |_) | / _ \ \___ \ \___ \ | | | | | | | \| |
4. / ___ \ | |\ | | |_| | | |\ | | __/ / ___ \ ___) | ___) | | | | |_| | | |\ |
5. /_/ \_\ |_| \_| \___/ |_| \_| |_| /_/ \_\ |____/ |____/ |___| \___/ |_|\__Fix the security!
6. #Lulz #NoSecurity #SecurityDown #Anonymous. #AnonPassion | DATABASE LEAK BY ANONPASSION ₂₀₁₅ ﹣|CREEDLOKZ|adduser_anon|LUCA|
7. #################################################################################################################################
8. We are tired of seeing important pages that police do not have their security aware. The police should have their security in place rather than right many others! Yet they choose to do so shameful and embarrassing for them, we got direct access to their five##### databases in under 20 minutes. It is extremely embarrassing and the respect we do not, and we accept it either.################
9. #################################################################################################################################
10. Target: http://www.police.gov.bd/ #
11. Vulnerabel link: www.police.gov.bd/content.php?id=275 #
12. ###########################################################
13. IP: 123.49.38.132 #
14. ( http://gyazo.com/7e520bec5081e3cc0d662647069a3b9f ) #
15. - AnonPassions personal booter tool did take it down like #
16. nothing, 2 minutes and it was down. #
17. ###########################################################
18. Web Server Server(s): Apache/2.2.3 (CentOS) #
19. Its powered by: PHP/5.1.6 #
20. Database Server: MySQL >=5 #
21. CR web user: phpol@172.16.254.12 #
22. SQLI Version(s): 5.1.69 / No more. (ATM) #
23. The Currents Database: phq #
24. SYS / System user: phpol@172.16.254.12 #
25. Their hostname: Webdata #
26. And ofc the installation dir: /usr/ #
27. ###########################################################
28. |Database USER & PASSWORDS| #
29. ###########################################################
30. root::localhost #
31. root::webdata #
32. root::127.0.0.1 #
33. ::localhost #
34. ::webdata #
35. phpol:*50126B7EDF5673B3A17B4F93A79A8BFF649CF0BC:% #
36. bdpolice:*B627A7C080D267CEE44746F3B3CBA20899440B84:% #
37. bdpol:*A33A64F00495642FDCB8C89E56BBB82332CD31CD:% #
38. ###########################################################
39. | DATABASES | #
40. ###########################################################
41. information_schema #
42. bdpol #
43. mysql #
44. phq #
45. test #
46. ###########################################################
47. | TABLES IN DATABASE PHQ | #
48. ###########################################################
49. cbd_careerrecruitment #
50. cbd_catagory #
51. cbd_content #
52. cbd_ig_msg #
53. cbd_menu #
54. cbd_menutype #
55. cbd_news #
56. cbd_ordinance #
57. cbd_police_achivement #
58. cbd_police_service #
59. cbd_press #
60. cbd_procurement #
61. cbd_recruitment #
62. cbd_recruitment_desc #
63. cbd_recruitment_result #
64. cbd_rejoinder #
65. cbd_tab #
66. cbd_topnews #
67. cbd_un #
68. cdb_unitdetials #
69. cdb_unitdetials1 #
70. cdm_former_igp_photo #
71. cdm_legalinstruments #
72. cdm_photo_gallery #
73. cdm_photo_gallery_libaration #
74. cdm_photo_miscellaneous #
75. cdm_photo_unmission #
76. cdm_publications #
77. cdm_subunit_one #
78. cdm_subunit_one1 #
79. cdm_subunit_two #
80. cdm_subunit_two1 #
81. cdm_unadvertisement #
82. cdm_unisub #
83. cdm_unit_detials #
84. cdm_unitroot #
85. cdm_unitroot1 #
86. users #
87. ###########################################################
88. 2 USERS FOUND IN PHQ ( ADMINS ) #
89. ###########################################################
90. Username: admin #
91. Pass: e9d4f70364e9d667dba7567cdd4530b43378e47bea6122a42 #
92. - Not cracket do it youself. #
93. ###########################################################
94. Username: admin1 #
95. Pass: f276f87b9505ebad783905129982668330de63b1cf222fb7f #
96. Crack it 4 the Lulz! #
97. ###########################################################
98. | MYSQL | HOST | USERS | PASSWORDS | #
99. ###########################################################
100. Found 5 domains hosted on the same web server as #
101. www.police.gov.bd (123.49.38.132). #
102. ###########################################################
103. 123.49.38.132 #
104. ad.echo-online.de #
105. keskustelukanava.agronet.fi #
106. upge.wn.com #
107. www.police.gov.bd #
108. ###########################################################
109. | Port scanned | #
110. Open: 22 | 80 #
111. ###########################################################
112. | Quick Revers DNS lookup | #
113. ###########################################################
114. Host found: host132.btcl.net.bd #
115. ###########################################################
116. | Blacklist Checked | #
117. #################################################################################################################################
118. OK 0spam.fusionzero.com OK access.redhawk.org
119. OK all.rbl.jp OK all.s5h.net
120. OK all.spamrats.com OK aspews.ext.sorbs.net
121. OK b.barracudacentral.org OK backscatter.spameatingmonkey.net
122. OK bb.barracudacentral.org OK bl.blocklist.de
123. OK bl.drmx.org OK bl.emailbasura.org
124. OK bl.konstant.no OK bl.mailspike.net
125. OK bl.mav.com.br OK bl.nosolicitado.org
126. OK bl.nszones.com OK bl.scientificspam.net
127. OK bl.score.senderscore.com OK bl.spamcannibal.org
128. OK bl.spamcop.net OK bl.spameatingmonkey.net
129. OK bl.spamstinks.com OK bl.suomispam.net
130. OK blacklist.woody.ch OK block.dnsbl.sorbs.net
131. OK bsb.empty.us OK bsb.spamlookup.net
132. OK cbl.abuseat.org OK cbl.anti-spam.org.cn
133. OK cblless.anti-spam.org.cn OK cblplus.anti-spam.org.cn
134. OK cdl.anti-spam.org.cn OK cidr.bl.mcafee.com
135. OK combined.rbl.msrbl.net OK db.wpbl.info
136. OK dnsbl-1.uceprotect.net OK dnsbl-2.uceprotect.net
137. OK dnsbl-3.uceprotect.net OK dnsbl.anticaptcha.net
138. OK dnsbl.aspnet.hu OK dnsbl.burnt-tech.com
139. N/A(?) dnsbl.cobion.com OK dnsbl.dronebl.org
140. OK projecthoneypot.org OK dnsbl.inps.de
141. OK dnsbl.justspam.org OK dnsbl.kempt.net
142. OK dnsbl.net.ua OK dnsbl.rv-soft.info
143. OK dnsbl.rymsho.ru OK dnsbl.sorbs.net
144. OK dnsbl.spam-champuru.livedoor.com OK dnsbl.tornevall.org
145. OK dnsbl.webequipped.com OK dnsbl.zapbl.net
146. OK dnsrbl.swinog.ch OK dul.dnsbl.sorbs.net
147. OK dul.pacifier.net N/A(?) dul.ru
148. OK dyn.nszones.com OK dyna.spamrats.com
149. OK escalations.dnsbl.sorbs.net OK exitnodes.tor.dnsbl.sectoor.de
150. OK fnrbl.fast.net OK forbidden.icm.edu.pl
151. OK hostkarma.junkemailfilter.com OK http.dnsbl.sorbs.net
152. OK images.rbl.msrbl.net OK intercept.datapacket.net
153. OK ipbl.zeustracker.abuse.ch OK ips.backscatterer.org
154. OK ix.dnsbl.manitu.net OK korea.services.net
155. OK l1.bbfh.ext.sorbs.net OK l2.apews.org
156. OK l2.bbfh.ext.sorbs.net OK l3.bbfh.ext.sorbs.net
157. OK l4.bbfh.ext.sorbs.net OK list.bbfh.org
158. OK list.blogspambl.com OK list.quorum.to
159. OK lookup.dnsbl.iip.lu OK mail-abuse.blacklist.jippg.org
160. OK misc.dnsbl.sorbs.net OK multi.surbl.org
161. OK netbl.spameatingmonkey.net OK netblockbl.spamgrouper.com
162. OK netscan.rbl.blockedservers.com OK new.spam.dnsbl.sorbs.net
163. OK noptr.spamrats.com OK old.spam.dnsbl.sorbs.net
164. OK pbl.spamhaus.org OK phishing.rbl.msrbl.net
165. OK pofon.foobar.hu OK problems.dnsbl.sorbs.net
166. OK proxies.dnsbl.sorbs.net OK psbl.surriel.com
167. OK rbl.abuse.ro OK rbl.blockedservers.com
168. OK rbl.dns-servicios.com OK rbl.efnet.org
169. OK rbl.efnetrbl.org OK rbl.interserver.net
170. OK rbl.iprange.net OK rbl.megarbl.net
171. OK rbl.polarcomm.net Listed(?) rbl.rbldns.ru
172. OK rbl.talkactive.net OK rbl2.triumf.ca
173. OK recent.spam.dnsbl.sorbs.net OK relays.bl.kundenserver.de
174. OK relays.dnsbl.sorbs.net OK rep.mailspike.net
175. OK safe.dnsbl.sorbs.net OK sbl.nszones.com
176. OK sbl.spamhaus.org OK singlebl.spamgrouper.com
177. OK short.rbl.jp OK smtp.dnsbl.sorbs.net
178. OK socks.dnsbl.sorbs.net OK spam.dnsbl.anonmails.de
179. OK spam.dnsbl.sorbs.net OK spam.pedantic.org
180. OK spam.rbl.blockedservers.com OK spam.rbl.msrbl.net
181. OK spam.spamrats.com OK spamguard.leadmon.net
182. OK spamlist.or.kr OK spamrbl.imp.ch
183. OK spamsources.fabel.dk OK srn.surgate.net
184. OK st.technovision.dk OK tor.dnsbl.sectoor.de
185. OK torexit.dan.me.uk OK truncate.gbudb.net
186. OK ubl.unsubscore.com OK virbl.dnsbl.bit.nl
187. OK virus.rbl.jp OK virus.rbl.msrbl.net
188. OK vote.drbl.caravan.ru OK vote.drbl.gremlin.ru
189. OK web.dnsbl.sorbs.net OK web.rbl.msrbl.net
190. OK work.drbl.caravan.ru OK work.drbl.gremlin.ru
191. OK wormrbl.imp.ch OK xbl.spamhaus.org
192. OK z.mailspike.net OK zen.spamhaus.org
193. OK zombie.dnsbl.sorbs.net
194. #################################################################################################################################
195. | HTTP Response Headers |
196.  
197. Name: Value
198. Status HTTP/1.1 200 OK
199. Date Wed, 27 May 2015 06:47:04 GMT
200. Server Apache/2.2.3 (CentOS)
201. X-Powered-By PHP/5.1.6
202. Connection close
203. Content-Type text/html;
204. Charset=UTF-8
205. #################################################################################################################################
206. ─────▄████▀█▄
207. ───▄█████████████████▄
208. ─▄█████.▼.▼.▼.▼.▼.▼▼▼▼
209. ▄███████▄.▲.▲▲▲▲▲▲▲▲ AnonPassion is here..
210. ████████████████████▀▀
211. #################################################################################################################################