API tools faq
paste
Guest User

Untitled

a guest
Mar 14th, 2018
526
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.89 KB | None | 0 0
raw download clone embed print report
  1. *OLD* pass_from: 189.123.52.86 user: root pass: se44@vitor1a45 (bd7b3456.virtua.com.br)
  2. pass_from: 189.114.56.2 user: root pass: Se44@^7Gbh_9%v1tori@ (talkinteractive2.static.gvt.net.br)
  3. pass_from: 186.220.204.80 user: thiago.borges pass: thbo7093 (badccc50.virtua.com.br)
  4. pass_from: 187.49.239.10 user: leonardo.koslowski pass: l3on@rdo (host10.iea.org.br)
  5. pass_from: 186.220.204.80 user: isaias.coelho pass: 1s@1a5 (badccc50.virtua.com.br)
  6. pass_from: 189.114.56.2 user: marco.malaquias pass: m@l@qu1@s (talkinteractive2.static.gvt.net.br)
  7.  
  8. $db_url = 'mysql://serra45_homolog:45camp@dbloc4web@localhost/serra45_homologacao';
  9.  
  10.  
  11. SSH 187.45.234.172 / serra45.com.br / Locaweb
  12. Skynet, OK.
  13.  
  14. Users:
  15. root:x:0:0:root:/root:/bin/bash
  16. thiago.virtua:x:0:0:Thiago Borges,,,:/home/thiago.borges:/bin/bash
  17. isaias.gvt:x:1001:1001:Isaias Coelho,,,:/var/www:/bin/bash
  18. gustavo.gomes:x:1002:1002:Gustavo Gomes,,,:/var/www:/bin/bash
  19. marco.malaquias:x:1003:1003:Marco.malaquias,,,:/var/www:/bin/bash
  20. nayara.perone:x:1004:1004:Nayara Perone,,,:/var/www:/bin/bash
  21. estevao.lucas:x:1000:1006:estevao,,,:/home/estevao.lucas:/bin/bash
  22. mmalaquias:x:1005:1007:,,,:/home/mmalaquias:/bin/bash
  23. leonardo.koslowski:x:1006:1008:leonardo koslowski,,,:/home/leonardo.koslowski:/bin/bash
  24. adisson.oliveira:x:1008:1011:Adisson,,,:/home/adisson.oliveira:/bin/bash
  25. Shadow:
  26. root:$1$GVUP9Bhu$C94ic4EFATm4aXQuPNl8p.:14907:0:99999:7:::
  27. thiago.borges:$1$3IuSJYc/$Tb.ACdEYgBoPZ7NzJwK15/:14883:0:99999:7:::
  28. isaias.coelho:$1$Ki8r4Fxu$CyKHUw62PpZTXjXux6xIo1:14875:0:99999:7:::
  29. gustavo.gomes:$1$2O7x1/0y$p23UAXlmigx9CpdxcJBBe.:14875:0:99999:7:::
  30. marco.malaquias:$1$2MUEeo77$eJmvIxqLXzxfVOitjXhJn.:14875:0:99999:7:::
  31. nayara.perone:$1$8ircKySk$0WKV5JaN906QU9VbVPdw21:14875:0:99999:7:::
  32. estevao.lucas:$1$3FzgSgC3$K/9zLIsgyIJyYDzkFz8Hp1:14884:0:99999:7:::
  33. mmalaquias:$1$0NMpzPSY$BKDvvklcLvaZ0fG4ZCpYq0:14894:0:99999:7:::
  34. leonardo.koslowski:$1$pj3IQjzN$ydoNAIpv7.mnAw58xBaYn.:14894:0:99999:7:::
  35. ftpserra45:$1$KGSpZ3Oy$ER9MKLNCGmEMSeSgPD6c9.:14902:0:99999:7:::
  36. adisson.oliveira:$1$qqhHWVa4$6t0K1eLufloPmOUZnCLEa/:14908:0:99999:7:::
  37. ---------------------------------------------------------------------------------------
  38. SSH2_OUT: 174.122.220.4 user: root pass: OAvmdufnmds (4.dc.7aae.static.theplanet.com) andre.luiz jeferson marco.malaquias
  39.  
  40. STRACE OK,
  41.  
  42. ---------------------------------------------------------------------------------------
  43. SSH2_OUT: 187.45.202.150 user: root pass: OAvmdufnmds (vostok.talk2.com.br)
  44. OK.
  45. Users:
  46. adisson:x:1057:1058:Adisson Olvieira,,,:/home/adisson:/bin/bash = n055055h0wna
  47. Shadow:
  48. root:$1$A4nz3CWG$FUtCkk94gZiwYteSxf6Hl.:14856:0:99999:7:::
  49. ntp:*:14830:0:99999:7:::
  50. ---------------------------------------------------------------------------------------
  51.  
  52. vostok:/usr/include/libnet# ssh root@192.168.201.3
  53. /etc/ssh/ssh_config line 50: Unsupported option "GSSAPIAuthentication"
  54. /etc/ssh/ssh_config line 51: Unsupported option "GSSAPIDelegateCredentials"
  55. root@192.168.201.3's password:
  56.  
  57. **** Connected to ****
  58.  
  59. ### # ### ## ### ## ### ### ###### ######
  60. ## # ## # ## ## ## # ## # # ## #
  61. #### ### #### ### # #### ##
  62. ### #### ## ##### ## ##
  63. # ## ## ## ## ## ## ## ## ##
  64. #### #### ## #### ### ## ###### #### 1.0
  65. **** Linux columbia.iea.org.br 2.6.26-2-xen-686 i686 ****
  66.  
  67. root@columbia:~#
  68.  
  69.  
  70. s -la /etc/cron.hourly/
  71. tail -f /var/log/syslog
  72. df -h
  73. tail -f /var/log/syslog
  74. tail -f apache2/serra45.com.br-error_log
  75. tail -n 100 apache2/serra45.com.br-error_log
  76. ls -la /tmp/ex*
  77. ls -la /tmp/ex*
  78. ls -la /tmp/ex*
  79. ls -la /tmp/ex*
  80. ls -la /tmp/ex*
  81. ls -la /tmp/ex*
  82. ls -la /tmp/ex*
  83. grep exploit syslog
  84. grep exploit syslog | more
  85. grep exploit syslog | more
  86. ls -la syslog
  87. ls -la syslog*
  88. find / -name 'exploit'
  89. find /var/www -type f name 'expoit' -exec grep -qi '/j' '{}' \; -print
  90. find / -name 'exploit'
  91. tail -f apache2/serra45.com.br-error_log
  92. tail -f apache2/serra45.com.br-access_log
  93. tail -f syslog
  94. find /var/www -type f -iname '*.php' -exec grep -qi 'C99Shell' '{}' \; -print
  95. find /var/www -type f -iname '*.php' -exec grep -qi 'SA_ROOT' '{}' \; -print
  96. cat /proc/meminfo
  97. find /var/www -type f -iname '*.php' -exec grep -qi 'passthru' '{}' \; -prin
  98. find /var/www -type f -iname '*.php' -exec grep -qi 'passthru' '{}' \; -print
  99. find /var/www -type f -iname '*.php' -exec grep -qi 'Saldiri.Org' '{}' \; -print
  100. find /var/www -type f -iname '*.php' -exec grep -qi 'exec(' '{}' \; -print
  101. find /var/www -type f -iname '*.php' -exec grep -qi 'Daemonise' '{}' \; -print
  102. exit
  103. cd /var/www/serra45/
  104. ls -lah
  105. chmod -R 775 imagens.serra45.com.br/
  106. ls -lah
  107. id leonardo.koslowski
  108. chown -r root:desenvolvedores imagens.serra45.com.br/
  109. chown -R root:desenvolvedores imagens.serra45.com.br/
  110. ls -lah
  111. vim /etc/apache2/sites-available/serra45.org.br
  112. /etc/init.d/apache2 reload
  113. exit
  114. ls -la /home/mmalaquias/backup/mysql/
  115. htop
  116. crontab -l
  117. htop
  118. exit
  119. ls
  120. vim /boot/grub/menu.lst
  121. shutdown -r now
  122. ls -lh
  123. iptables -L
  124. mysql -pse44@vitor1a45
  125. htop
  126. ps ax
  127. ping host10.iea.org.br
  128. netstat -n
  129. free -m
  130. free -m
  131. htop
  132. cd ../..
  133. ./backup.sh
  134. tar -czvf ../logs_serra45.tgz .
  135. ps aux |grep apache
  136. htop
  137. cd /
  138. find -name exploit
  139. htop
  140. netstat -n
  141. netstat -n | wc -l
  142. exit
  143. htop
  144. htop
  145. exit
  146. free -m
  147. htop
  148. exit
  149. htop
  150. cd /var/www/serra45/serra45.com.br/sites/default
  151. cd files
  152. ls
  153. ls -la VERDEeAMARELOmixFULL*
  154. htop
  155. htop
  156. exit
  157. ps aux | grep apache | wc -l
  158. pico /etc/apache2/sites-enabled/serra45.org.br
  159. exit
  160. pico /etc/apache2/sites-enabled/serra45.org.br
  161. /etc/init.d/apache2 reload
  162. pico /etc/apache2/sites-enabled/serra45.org.br
  163. /etc/init.d/apache2 reload
  164. pico /etc/apache2/sites-enabled/serra45.org.br
  165. /etc/init.d/apache2 reload
  166. pico /etc/apache2/sites-enabled/000-default
  167. /etc/init.d/apache2 reload
  168. pico /etc/apache2/sites-enabled/000-default
  169. ls -la /var/www
  170. ls -la /var/www/serra45/
  171. exit
  172. vim /etc/apache2/apache2.conf
  173. htop
  174. htop
  175. exit
  176. pico /var/www/serra45/serra45.com.br/index.php
  177. htop
  178. htop
  179. cd /var/www/serra45/serra45.com.br/
  180. ls
  181. mv index.php index_drupal.php
  182. mv index_tampao.html index.php
  183. htop
  184. exit
  185. root@XXXCNN8740:~#
  186.  
  187. oot@XXXCNN8740:/var/www# ls
  188. index.html serra45 webalizer
  189. root@XXXCNN8740:/var/www# cd serra45
  190. root@XXXCNN8740:/var/www/serra45# ls
  191. backup_base_site.sql imagens.serra45.com.br serra45.com.br tampao tampao.old
  192. conteudo.serra45.com.br material.serra45.com.br serra45.org.br tampao_drupal votodemocratico
  193. root@XXXCNN8740:/var/www/serra45# cd serra45.com.br
  194. root@XXXCNN8740:/var/www/serra45/serra45.com.br# ls
  195. AdSHome_.jpg combataamentira comparacao-mobiliza favicon.ico index.html INSTALL.pgsql.txt lista-boletins.html offline2.html sitefora teste.txt
  196. arquivos comparacao2510 comparacao-onevideo frame.html index__.php install.php MAINTAINERS.txt offline.html sites themes
  197. avatar_app.tgz comparacao2710 COPYRIGHT.txt includes index_.php INSTALL.txt manifesto profiles splash_files transmissao
  198. border-radius.htc comparacao2810 cron.php index_blank.php index.php js misc proposta splashmob update.php
  199. CHANGELOG.txt comparacao3010 css index_drupal.php Indicadores languages modules robots.txt splash.php UPGRADE.txt
  200. clearcache.php comparacao-fora favicon45.ico _index.html INSTALL.mysql.txt LICENSE.txt offline scripts tampao.html xmlrpc.php
  201. root@XXXCNN8740:/var/www/serra45/serra45.com.br# whereis chattr
  202. chattr: /usr/bin/chattr /usr/share/man/man1/chattr.1.gz
  203. root@XXXCNN8740:/var/www/serra45/serra45.com.br# w
  204. 19:10:49 up 3 days, 19:06, 1 user, load average: 0.01, 0.02, 0.00
  205. USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
  206. root@XXXCNN8740:/var/www/serra45/serra45.com.br# cd /var/log
  207. root@XXXCNN8740:/var/log# ls
  208. acpid aptitude.2.gz btmp debug.1.gz dpkg.log kern.log.3.gz mail.info.5.gz mail.warn messages.6.gz mysql.log.7.gz syslog.4.gz
  209. acpid.1.gz auth.log btmp.1 debug.2.gz dpkg.log.1 lastlog mail.info.6.gz mail.warn.0 mysql news syslog.5.gz
  210. acpid.2.gz auth.log.0 daemon.log debug.3.gz dpkg.log.2.gz lpr.log mail.log mail.warn.1.gz mysql.err proftpd syslog.6.gz
  211. acpid.3.gz auth.log.1.gz daemon.log.0 dist-upgrade faillog mail.err mail.log.0 messages mysql.log pycentral.log udev
  212. acpid.4.gz auth.log.2.gz daemon.log.1.gz dmesg fsck mail.info mail.log.1.gz messages.0 mysql.log.1.gz samba user.log
  213. apache2 auth.log.3.gz daemon.log.2.gz dmesg.0 iptraf mail.info.0 mail.log.2.gz messages.1.gz mysql.log.2.gz syslog vmware-tools-guestd
  214. apparmor auth.log.4.gz daemon.log.3.gz dmesg.1.gz kern.log mail.info.1.gz mail.log.3.gz messages.2.gz mysql.log.3.gz syslog.0 wtmp
  215. apt auth.log.5.gz daemon.log.4.gz dmesg.2.gz kern.log.0 mail.info.2.gz mail.log.4.gz messages.3.gz mysql.log.4.gz syslog.1.gz wtmp.1
  216. aptitude auth.log.6.gz debug dmesg.3.gz kern.log.1.gz mail.info.3.gz mail.log.5.gz messages.4.gz mysql.log.5.gz syslog.2.gz xferlog
  217. aptitude.1.gz boot debug.0 dmesg.4.gz kern.log.2.gz mail.info.4.gz mail.log.6.gz messages.5.gz mysql.log.6.gz syslog.3.gz
  218.  
  219.  
  220. root@XXXCNN8740:/var/log# uname -a;w;/sbin/ifconfig -a | grep inet
  221. Linux XXXCNN8740 2.6.24-28-server #1 SMP Thu Sep 16 15:43:17 UTC 2010 i686 GNU/Linux
  222. 19:18:41 up 3 days, 19:13, 1 user, load average: 0.05, 0.04, 0.01
  223. USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
  224. inet addr:187.45.234.172 Bcast:187.45.234.255 Mask:255.255.255.0
  225. inet6 addr: fe80::250:56ff:fe97:7d8b/64 Scope:Link
  226. inet addr:127.0.0.1 Mask:255.0.0.0
  227. inet6 addr: ::1/128 Scope:Host
  228. root@XXXCNN8740:/var/log#
  229.  
  230.  
  231.  
  232. 187.45.234.172
  233.  
  234.  
  235. s86-@hackware:~$ ssh krishna.pennacchioni@187.45.234.172
  236. The authenticity of host '187.45.234.172 (187.45.234.172)' can't be established.
  237. RSA key fingerprint is 7d:fa:58:f7:fa:72:58:e3:6e:b5:d1:88:c0:82:33:78.
  238. Are you sure you want to continue connecting (yes/no)? yes
  239. Warning: Permanently added '187.45.234.172' (RSA) to the list of known hosts.
  240. krishna.pennacchioni@187.45.234.172's password:
  241. Connection closed by 187.45.234.172 conection not permited!
  242.  
  243.  
  244.  
  245. ssh -dsa 1|eB4BXj1y+jNuUTsdti5bBfmAsAk=|ReEGfhV6u0S0AaXq8lpE0dLynXU= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv3Hf+3nHJVfZ08tJ3TQ9dCkAllmpqkw8Ishgdrjk3dLs2AEcVWotMfEPKISfDhy7FupdyQLfIfF/t5dc7ck8pXzt5TbpEHAd6NfVcP0D/+OxgbgIZmuC+Q1cyzKZc+ObAti7+ODAKN51meIH6nYw+4iiuLB29EJtuUmLiQbWbHDY7Igp4zPdgolvKV5Rpwvi2IrBrJF7QPihkTBD/fHgTmyC+ZcGnBVYwsuETTgFXrcn6AbW26vlDgD+HifubATrYD9BQIQN42nHMwRxPfEt9hxe4nSirfhGv1L+NPwDtGd47PMoMc9pjx5rQbVLp+32EAek4rxZ6KqkdP67mcxzjw==
  246. |1|icLj3MlE8bZvEOPxzsiIrQSKPZo=|OPVSsPGJbe1CeF2VAhzy34O68eY= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2Od7AwdUJJ1HEGKXrqNV1pvab/fH96iL2ADCnWQrzRg2UCuAPMXBOsKu/DvXR+ktAeacVRTNy6hBrAtsX5Cq5IkgfzI5F2K47wyvz/b3x8QMY8qGMXNU99pjC7TYoYLUTPICf+DgMUT9DsFg8GBV1mXv9huTCCRFXdtk8mKgIUjPWT42LiGp6PehJbC9HbFtISd4fAdKpL+KvMFGI9MKcGWkB/YcCol9zlyQWdeesY9x9SgHA/FBjTOWXT3QFNjNkXofBc6OoJ6PGaKNtEv0KzVSzuECmWrlwo3TlFBtL4pPLX4x78YocTqF3ZrcCSCmz2a/6EXK8cJF9LjA7Fuvsw==" >xs86-@hackware".pub"
  247. (01:10:28) xs86- Abit.: xs86-@hackware:~$ ssh krishna.pennacchioni@187.45.234.172
  248. krishna.pennacchioni@187.45.234.172's password:
  249.  
  250.  
  251.  
  252. root@XXXCNN8740:/var/log# uname -a;w;/sbin/ifconfig -a | grep inet
  253. Linux XXXCNN8740 2.6.24-28-server #1 SMP Thu Sep 16 15:43:17 UTC 2010 i686 GNU/Linux
  254. 19:18:41 up 3 days, 19:13, 1 user, load average: 0.05, 0.04, 0.01
  255. USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
  256. inet addr:187.45.234.172 Bcast:187.45.234.255 Mask:255.255.255.0
  257. inet6 addr: fe80::250:56ff:fe97:7d8b/64 Scope:Link
  258. inet addr:127.0.0.1 Mask:255.0.0.0
  259. inet6 addr: ::1/128 Scope:Host
  260. root@XXXCNN8740:/var/log#
  261.  
  262.  
  263.  
  264.  
  265. usando strace na rede local dos caras wh1t3h4ck3r oƔ <<<<<
  266.  
  267.  
  268.  
  269. ps aux | grep sshd | grep -v grep
  270.  
  271. root@XXXCNN8740:/etc/ssh# ps aux | grep sshd | grep -v grep
  272. root 3814 0.0 0.0 3096 656 ? Ss Oct21 0:00 /usr/sbin/sshd
  273. root 23725 0.0 0.0 6036 2092 ? Ss 18:58 0:00 sshd: root@pts/0
  274.  
  275.  
  276.  
  277. ssh localhost
  278. Password: *************
  279. Last login: Tue Oct 25 10:36:35 2011 from from 10.10.4.3
  280. colombia@Zion:~$
  281.  
  282. colombia:~# cat local.txt | grep read | more
  283. 6036 write(4, \0\0\0\1\0\0\0\******* , 19 <unfinished >
  284. 6035 < read resumed> 8\0\0\0\1\0\0\0\********** , 19) = 19
  285. 6012 write(7, \0\0\0\********** , 15 <unfinished >
  286. 6037 < read resumed> \6\0\0\0\********** , 15) = 15
  287.  
  288.  
  289. A MULEKEEEE! sry
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!