API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 30th, 2011
26,524
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.20 KB | None | 0 0
raw download clone embed print report
  1. PBS.org hacked and it was not done by SQL. Here are notes:
  2.  
  3. - PBS.org was not owned by SQL, although to make things faster/easier for us we used Havij to dump db/tables in a nice html format. So what we used havij? You lamers could have havij/pangolin/sqlmap/nmap/metasploit/and all exploits in the world compiled on one box and you still can't own shit. umadbro?
  4.  
  5. - PBS.org was owned via a 0day we discovered in mt4 aka MoveableType 4.
  6.  
  7. - Once on the boxES, we uploaded php shell.
  8.  
  9. - Once we got access to php shell, we rooted the ancient pbs.org boxes AKA 2.4.21 kernels and 2.6.18 fro 2008.
  10.  
  11. Linux httpd27 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:28:55 EDT 2005 i686
  12.  
  13. - We rooted the boxes. We did not destroy the boxes or content. No rm's. We did not take over the homepage of pbs.org although we could have. You know what you call that? class.
  14.  
  15. We owned network internally thanks to password-reuse by ssh users a la:
  16.  
  17. $ cat /etc/passwd
  18. [ parsed out garbage users ]
  19. netmgr:x:98:99:Netmgr:/home/netmgr:
  20. tomcatmail:x:1008:98::/home/tomcatmail:/bin/bash
  21. interch:x:1009:1009:Interchange User:/home/interch:/bin/bash
  22. teachermail:x:1003:100:TeacherSource Mailing Lists:/home/teachermail:/bin/bash
  23. #cramer:x:508:500:Mike Cramer:/export/home/cramer:/bin/bash
  24. gebhardt:x:1010:500::/home/gebhardt:/bin/bash
  25. markle:x:506:10:Backup Administrator:/home/markle:/bin/bash
  26. zopeuser:x:4000:4000::/shark/apps/pbs/zope/home:/bin/bash
  27. loker:x:4002:4002::/home/loker:/bin/bash
  28. engelson:x:1015:500:Drew Engelson:/home/engelson:/bin/bash
  29. responder:x:4004:4004::/home/responder:/bin/bash
  30. statred:x:4005:4005::/home/statred:/bin/bash
  31. mysql:x:4006:4006::/home/mysql:/bin/false
  32. krang:x:4007:4007::/home/krang:/bin/bash
  33. smmsp:x:4008:4008::/var/spool/mqueue:/sbin/nologin
  34. jdroberts:x:1016:500:Jeremy D. Roberts:/home/jdroberts:/bin/bash
  35. nci:x:4009:4009::/home/nci:/bin/bash
  36. nbstrite:x:4014:500:Nowell Strite:/home/nbstrite:/bin/bash
  37. srrider:x:4015:500:Shawn Rider:/home/srrider:/bin/bash
  38. rpm:x:37:37:Readded by Alex Loker 4-27-07:/var/lib/rpm:/sbin/nologin
  39. chnordholm:x:4018:500:Cameron Nordholm:/home/chnordholm:/bin/bash
  40. rrshrotriya:x:4020:4020::/home/rrshrotriya:/bin/bash
  41. cfelline:x:4021:500:Cosimo Felline:/home/cfelline:/bin/bash
  42. paweston:x:4022:4022::/home/paweston:/bin/bash
  43. sol:x:4025:4025::/home/sol:/bin/bash
  44. kjdykes:x:4026:500:Ken Dykes:/home/kjdykes:/bin/bash
  45. newshour:x:4033:4033::/home/newshour:/bin/bash
  46. msgarcia:x:4037:500:Mary Hope Garcia:/home/msgarcia:/bin/bash
  47. balvarez:x:4040:4040:Betty Alvarez:/home/balvarez:/bin/bash
  48. dhaggerty:x:4042:4042:Dan Haggerty PBS Vote 2008 Video Producer:/home/dhaggerty:/bin/bash
  49. thossain:x:4045:4045:Tareque Hossain:/home/thossain:/bin/bash
  50. meschoch:x:4047:4047:Matt Schoch:/home/meschoch:/bin/bash
  51. rscox:x:4048:500:Ron Cox:/home/rscox:/bin/bash
  52. twcrenshaw:x:4049:500:CAT - Thomas Crenshaw:/home/twcrenshaw:/bin/bash
  53. arbaroch:x:4052:4052:PBSi - Amy Baroch:/home/arbaroch:/bin/bash
  54. sdeng:x:4053:4053:CAT - Sam Deng:/home/sdeng:/bin/bash
  55. rmolguin:x:4153:4153:CAT - Renzo Olguin:/home/rmolguin:/bin/bash
  56. PEMST:x:4154:4154:ShopPBS Sales Site Login:/home/shoppbs:/bin/false
  57. dwvanhorn:x:4155:4155::/home/dwvanhorn:/bin/bash
  58. tnetayavichitr:x:4156:4055:Tanya Netayavichitr - Updates Press Releases:/home/tnetayavichitr:/bin/bash
  59. pjsteele:x:4159:3000:Intern - Patrick Steele:/home/pjsteele:/bin/bash
  60. jlhuls:x:4160:3002:Jen Huls - GA Designer:/home/jlhuls:/bin/bash
  61. git:x:100:100:git version control:/home/git:/bin/bash
  62. ionelmc:x:4161:4161::/home/ionelmc:/bin/false
  63. mpjones:x:4162:3002::/home/mpjones:/bin/bash
  64. teacherline:x:4163:4163::/home/teacherline:/bin/bash
  65. kmarkle:x:4164:4164::/home/kmarkle:/bin/bash
  66. rtford:x:4165:4165::/home/rtford:/bin/bash
  67. emroman:x:4166:4166::/home/emroman:/bin/bash
  68. pigs:x:4167:4167:PIGS deployer:/shark/producers01/pigs/:/bin/bash
  69. nkocak:x:4168:4168::/home/nkocak:/bin/bash
  70. hagerman:x:4169:4169::/home/hagerman:/bin/bash
  71. magraham:x:4170:4170:Matthew Graham - PBS Parents:/home/magraham:/bin/bash
  72. jyu:x:4171:4171::/home/jyu:/bin/bash
  73. ekim:x:4172:4172:Eugene Kim (PBS Parents consultant):/home/ekim:/bin/bash
  74. lcraciun:x:4173:4173::/home/lcraciun:/bin/bash
  75. mstuparu:x:4174:4174::/home/mstuparu:/bin/bash
  76.  
  77. Fuck Frontline. Free Bradley Manning.
  78.  
  79. And to everyone else:
  80.  
  81. UMADBRO:D
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!