API tools faq
paste
Advertisement
Dazholmes

bluehost hacked by Daz Holmes - Dark Knight

Dazholmes
Jul 6th, 2015
431
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 8.76 KB | None | 0 0
raw download clone embed print report
  1. bluehost.com Hacked by Dark Knight for full dump visit http://darkknight.6te.net
  2.  
  3. Server IP : 66.147.244.90 |
  4. Linux box790.bluehost.com 3.12.35.1418868052 #1 SMP Wed Dec 17 20:04:02 CST 2014 x86_64
  5. Apache | PHP 5.2.17
  6. cd      account
  7. name server ips
  8. /etc/>cat nameserverips
  9. 54.252.175.135=dns1.ilisys.com.au
  10. 117.104.160.110=dns2.ilisys.com.au
  11. 117.104.164.110=dns3.ilisys.com.au
  12. 117.104.160.109=ns0.magic-moments.com.au
  13. 74.220.195.31=ns1.bluehost.com
  14. 117.104.164.110=ns1.magic-moments.com.au
  15. 69.89.16.4=ns2.bluehost.com
  16.  
  17. /sbin/>cat /etc/sysconfig/network-scripts/ifcfg-eth0
  18.  DEVICE=eth0
  19. BOOTPROTO=none
  20. ONBOOT=yes
  21. TYPE=Ethernet
  22. IPADDR=50.87.248.78
  23. NETMASK=255.255.255.0
  24. GATEWAY=50.87.248.1
  25. /etc/>cat hosts
  26. 67.20.126.74            ntp.bluehost.com rdate.cpanel.net
  27. 74.220.195.50           www.bluehost.com main
  28. 67.20.126.88            rsync.cpanel.net httpupdate.cpanel.net layer1.cpanel.net layer2.cpanel.net updates.cpanel.net ftp.cpanel.net cpan.cpanel.net oldrdate.cpanel.net downloads.zend.com www.configserver.com www.cpanelthemes.com cpanelthemes.com files.status365.com files.betaservant.com netenberg.com www.cpanelskindepot.com
  29. 127.0.0.1               localhost
  30. 66.147.244.90           box790.bluehost.com box790
  31.  
  32. /etc/backup/>cat mdadm.conf.2015-07-06.07.53
  33. DEVICES /dev/sda1 /dev/sda2 /dev/sda3 /dev/sdb1 /dev/sdb2 /dev/sdb3 /dev/sdc1 /dev/sdc2 /dev/sdd1 /dev/sdd2 /dev/disk/local/* /dev/mapper/* /dev/dm-*
  34. HOMEHOST <ignore>
  35. MAILADDR admins@bluehost.com
  36. ARRAY /dev/md0 metadata=1.0 UUID=9adfe1e9:a41fba8e:eda6b91e:5dbc03c0 name=bhrescue.pxe.bluehost.com:0
  37. ARRAY /dev/md1 metadata=1.0 UUID=79bdcace:5bf8f365:3e3a7d49:3d8867eb name=bhrescue.pxe.bluehost.com:1
  38. #ARRAY /dev/md2 UUID=df7058f9:5b879305:e8f11f45:e7d095e3
  39. #ARRAY /dev/md/0  metadata=1.0 UUID=daab2d9c:78bb53a9:dd141c0e:4815f818 name=bhrescue.pxe.bluehost.com:0
  40. #ARRAY /dev/md/1  metadata=1.0 UUID=d93c5952:0fc13d9c:2e548c06:d4b5e3c0 name=bhrescue.pxe.bluehost.com:1
  41.  
  42. Some Information
  43.  
  44. etc/ssh/>cat ssh_host_dsa_key.pub
  45. ssh-dss AAAAB3NzaC1kc3MAAACBAP7ej+1ODBD045nu1Ck44QWsyU4lM9mkaS1CXDIpM9cgO3v/+3t/NQdw63l0tbpi1MTC/I995zKMWm+VBdfpHWJ0PcEMohyFdptHV08Z8r6u9PxqRilzwIG9e39tD4cmxB75DcESgTQ7rjLT3Z8OH/0/vy+XG04E8m4RNED8nEURAAAAFQCp4eQHnl3cau1UgrUvDWl4/Sn4iwAAAIAFX/XPbFUxlL9J+reIqXmGwQGPCEwuW1peW27Ldt21hkSCyn0SQWQ00dQ3hh5z+JTwTi4hALY2hal34bHxe3/Nk5ejpdBzW9TwRfnAcwI7dQkBn+qXJnjM53/fsMBPi/3e2mTmWiIpHbbdANM1gvVbspD1yb2q7rtBK6EmOUbfEgAAAIEApZuKLKI4rVPiV1amD/HJJkRzhUKKzww/FhzSqJIu9HoYobV60ZGR1966PlqTMfKWBzmTCwYxyl3420Jl6uBFeAe3CbbQiRY0YUDpOW11OC/cscA5uXMD3b/+JgttiUWiaWKHuQh3wnTNMZGMPJ2q3jeiTALXSUEL7uS8fYTvSdY=
  46.  
  47. cat ssh_host_key.pub
  48. 2048 65537 23626023828597082487093789329899381468929683155488117996746182178630660772754230710339399151176277727232632737217679488101679992537880678080117623260757396865912067511891070160860976777823826639401887997427188172513858545479652970368352289778026016887902353435258029972174367359005034691974520991643476807782281334959931104917793408364617941314963113793342117224088961615761210833023338399822354790499485209158056051294582448100402802615361353410330866534842613608077453971991199877447316574028796592270458262407786197219882667279082984089789363176439368291922545815330448755771616562965832678090693058491737502430299
  49.  
  50. cat ssh_host_rsa_key.pub
  51. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQvaEoiOPfB+QRUV14Z/7RJEKIUNgiaR8B+lXiE6fhl2x+Gkc3LwmdJPnBCGvBSW6c53tdDMgujkA9tWzha/wSfCuav4WIrwPJRfrGZLjlG3Na/rWvzEfplqEqReFJpiBPxC0on1rSYYdMENPHs6I94m9gnAvQCBnxGX75hVJwpxb/G/JN8kACR0OoFpMrThIwfTxuraSh7QyQkFErc797qdZtkiHfrNjRnKhoIt1t6KuuNlTNRcMxXeUiAGsBaf/Wh8dTmCyCBg0NZ8KhU+LGQTY1NrBJo18uzcBxEjTeZiDgHzzzmWkk4jQ23Fy6AJF4ozADtWQ5yH4f89U6l70d
  52.  
  53. bin:        root
  54. daemon:     root
  55. adm:        root
  56. lp:     root
  57. sync:       root
  58. shutdown:   root
  59. halt:       root
  60. mail:       root
  61. news:       root
  62. uucp:       root
  63. operator:   root
  64. games:      root
  65. gopher:     root
  66. ftp:        root
  67. nobody:     root
  68. radiusd:    root
  69. nut:        root
  70. dbus:       root
  71. vcsa:       root
  72. canna:      root
  73. wnn:        root
  74. rpm:        root
  75. nscd:       root
  76. pcap:       root
  77. apache:     root
  78. webalizer:  root
  79. dovecot:    root
  80. fax:        root
  81. quagga:     root
  82. radvd:      root
  83. pvm:        root
  84. amanda:     root
  85. privoxy:    root
  86. ident:      root
  87. named:      root
  88. xfs:        root
  89. gdm:        root
  90. mailnull:   root
  91. postgres:   root
  92. sshd:       root
  93. smmsp:      root
  94. postfix:    root
  95. netdump:    root
  96. ldap:       root
  97. squid:      root
  98. ntp:        root
  99. mysql:      root
  100. desktop:    root
  101. rpcuser:    root
  102. rpc:        root
  103. nfsnobody:  root
  104.  
  105. ingres:     root
  106. system:     root
  107. toor:       root
  108. manager:    root
  109. dumper:     root
  110. abuse:      root
  111.  
  112.  
  113. newsadm:    news
  114. newsadmin:  news
  115. usenet:     news
  116. ftpadm:     ftp
  117. ftpadmin:   ftp
  118. ftp-adm:    ftp
  119. ftp-admin:  ftp
  120. www:        webmaster
  121. webmaster:  root
  122. noc:        root
  123. security:   root
  124. hostmaster: root
  125. info:       postmaster
  126. marketing:  postmaster
  127. sales:      postmaster
  128. support:    postmaster
  129.  
  130. /etc/>cat passwd
  131. root:x:0:0::/ramdisk/root:/ramdisk/bin/bash
  132. adm:x:3:4:adm:/var/adm:/sbin/nologin
  133. lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  134. sync:x:5:0:sync:/sbin:/bin/sync
  135. shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  136. halt:x:7:0:halt:/sbin:/sbin/halt
  137. mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
  138. uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
  139. operator:x:11:0:operator:/root:/sbin/nologin
  140. games:x:12:100:games:/usr/games:/sbin/nologin
  141. gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
  142. ftp:x:14:12:FTP User:/var/ftp:/sbin/nologin
  143. nobody:x:99:12:Nobody:/:/sbin/nologin
  144. vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
  145. bin:x:1:1:bin:/bin:/sbin/nologin
  146. daemon:x:2:2:daemon:/sbin:/sbin/nologin
  147. sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
  148. mailnull:x:47:47:Exim:/var/spool/mqueue:/bin/false
  149. rick:x:508:508::/ramdisk/home/rick:/ramdisk/bin/bash
  150. kdshamu:x:403:403::/admin/kdshamu:/bin/bash
  151. cody:x:405:405::/ramdisk/home/cody:/ramdisk/bin/bash
  152. csjewell:x:464:464::/ramdisk/home/csjewell:/ramdisk/bin/bash
  153. eweight:x:447:447::/ramdisk/home/eweight:/ramdisk/bin/bash
  154. jamie:x:461:461::/ramdisk/home/jamie:/ramdisk/bin/bash
  155. jcummings:x:482:482::/ramdisk/home/jcummings:/ramdisk/bin/bash
  156. jearl:x:394:394::/ramdisk/home/jearl:/ramdisk/bin/bash
  157. jjcall:x:477:477::/ramdisk/home/jjcall:/ramdisk/bin/bash
  158. paul:x:485:485::/ramdisk/home/paul:/ramdisk/bin/bash
  159. pbagley:x:474:474::/ramdisk/home/pbagley:/ramdisk/bin/bash
  160. rbrown:x:468:468::/ramdisk/home/rbrown:/ramdisk/bin/bash
  161. rchaudhry:x:418:418::/ramdisk/home/rchaudhry:/ramdisk/bin/bash
  162. robert:x:471:471::/ramdisk/home/robert:/ramdisk/bin/bash
  163. ryan:x:479:479::/ramdisk/home/ryan:/ramdisk/bin/bash
  164. sbhat:x:399:399::/ramdisk/home/sbhat:/ramdisk/bin/bash
  165. shashi:x:460:460::/ramdisk/home/shashi:/ramdisk/bin/bash
  166. sheppler:x:396:396::/ramdisk/home/sheppler:/ramdisk/bin/bash
  167. skumar:x:432:432::/ramdisk/home/skumar:/ramdisk/bin/bash
  168. stephen:x:475:475::/ramdisk/home/stephen:/ramdisk/bin/bash
  169. vjanardhan:x:431:431::/ramdisk/home/vjanardhan:/ramdisk/bin/bash
  170. named:x:25:25:Named:/var/named:/sbin/nologin
  171. cpanel:x:503:503::/var/cpanel/userhomes/cpanel:/bin/noshell
  172. cpanelhorde:x:504:504::/var/cpanel/userhomes/cpanelhorde:/bin/noshell
  173. cpanelphpmyadmin:x:505:505::/var/cpanel/userhomes/cpanelphpmyadmin:/bin/noshell
  174. cpanelphppgadmin:x:506:506::/var/cpanel/userhomes/cpanelphppgadmin:/bin/noshell
  175. cpanelroundcube:x:507:507::/var/cpanel/userhomes/cpanelroundcube:/bin/noshell
  176. mailman:x:510:510::/usr/local/cpanel/3rdparty/mailman:/bin/noshell
  177. cpaneleximfilter:x:511:511::/var/cpanel/userhomes/cpaneleximfilter:/bin/noshell
  178. tcpdump:x:72:72::/:/sbin/nologin
  179. tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
  180. xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
  181. postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
  182. mysql:x:393:393:MySQL server:/var/lib/mysql:/bin/bash
  183. dbus:x:81:81:System message bus:/:/sbin/nologin
  184. avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
  185. saslauth:x:392:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
  186. haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
  187. _lldpd:x:324:324:LLDP daemon:/var/run/lldpd:/bin/false
  188. ntp:x:38:38::/etc/ntp:/sbin/nologin
  189. nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
  190. puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin
  191. rrdcached:x:323:323:rrdcached:/var/rrdtool/rrdcached:/sbin/nologin
  192. migration:x:66:66::/tmp/VhAuQ62wtw:/bin/bash
  193. rgubler:x:476:476::/ramdisk/home/rgubler:/ramdisk/bin/bash
  194. prajwalm:x:391:391::/ramdisk/home/prajwalm:/ramdisk/bin/bash
  195. mbonnell:x:441:441::/ramdisk/home/mbonnell:/ramdisk/bin/bash
  196. cpanellogin:x:32001:512::/var/cpanel/userhomes/cpanellogin:/bin/noshell
  197. cpanellogaholic:x:32002:513::/var/cpanel/userhomes/cpanellogaholic:/bin/noshell
  198. pastors5:x:3022:3024::/home3/pastors5:/bin/false
  199. theurbe2:x:2865:2867::/home2/theurbe2:/bin/false
  200. englewo7:x:2630:2632::/home5/englewo7:/bin/bash
  201. extendha:x:1370:1369::/home5/extendha:/bin/noshell
  202. pegandre:x:2021:2020::/home1/pegandre:/bin/noshell
  203. reedwate:x:2370:2372::/home5/reedwate:/bin/noshell
  204. justinr9:x:2216:2218::/home2/justinr9:/bin/noshell
  205. txonecal:x:1605:1604::/home4/txonecal:/bin/false
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!