Guest User

Bestcasuals.com Vuln + Audit. _St0rm

a guest
Oct 12th, 2011
255
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Error links:
  2.  
  3. http://bestcasuals.com/image_resize.php?image=productData
  4. ----------------------------------------------------------
  5.  
  6. GIF87a2¡›‚ÿÿÿÿ,2†”©Ë­£œ´Ú+Þ¼Gí…â7–h¦ª¶¤ l@×ñFËT~ã4 árÂZ b;m–p‰4*£P(O8qî¦R¥´JüVrÏ¢÷x=§9ä-Õz®¾±’vÔV§Íôúñi²6È4ØÓBˆØ¡¸¸ÑèxY1I9ayù¢ÉÈyâÙ ú(ºQ;
  7. Warning: Division by zero in c:\domains\bestcasuals.com\wwwroot\image_resize.php on line 277
  8.  
  9. Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in c:\domains\bestcasuals.com\wwwroot\image_resize.php on line 337
  10.  
  11. Warning: imagecopyresampled(): supplied argument is not a valid Image resource in c:\domains\bestcasuals.com\wwwroot\image_resize.php on line 338
  12. GIF87a2¡›‚ÿÿÿÿ,2…”©Ë­£œ´Ú+Þ¼Gí…â7–h¦ª¶¤ l@×1G³}w9ÅÛA¢M8‹ÀߤX;FxAª’ù èŒÓè5Êåz•§ú WX‹¹ §±ëË{¬þ²¥`Œ6V7²•Ò'ØÓ2xx¢˜’ȸáøx)YAY9q‰ù²É¡Ùù¹ŠY;
  13. Warning: imagedestroy(): supplied argument is not a valid Image resource in c:\domains\bestcasuals.com\wwwroot\image_resize.php on line 255
  14. PHP Warning: Division by zero in c:\domains\bestcasuals.com\wwwroot\image_resize.php on line 277 PHP Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in c:\domains\bestcasuals.com\wwwroot\image_resize.php on line 337 PHP Warning: imagecopyresampled(): supplied argument is not a valid Image resource in c:\domains\bestcasuals.com\wwwroot\image_resize.php on line 338 PHP Warning: imagedestroy(): supplied argument is not a valid Image resource in c:\domains\bestcasuals.com\wwwroot\image_resize.php on line 255
  15.  
  16.  
  17.  
  18.  
  19. http://bestcasuals.com:80/staticpage.php?pageid=12
  20. --------------------------------------------------
  21.  
  22. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 3
  23.  
  24.  
  25. Those are the only scripting errors I could find.
  26. --------------------------------------------------------------------------------------------------------------------
  27.  
  28. Database name: bestcasuals
  29.  
  30. Server info:
  31.  
  32. Web Server: Microsoft-IIS/6.0
  33. Powered-by: PHP/5.1.2
  34. Powered-by: ASP.NET
  35. DB Server: MySQL >=4.1
  36. Current DB: bestcasuals
  37.  
  38.  
  39. Couldn't gather any tables from it.
  40. --------------------------------------------------------------------------------------------------------------------
  41. Virus information on the .zip link.
  42.  
  43. URL analysis tool Result
  44.  
  45. Avira Clean site
  46. BitDefender Malware site
  47. Dr.Web Clean site
  48. G-Data Clean site
  49. Malc0de Database Clean site
  50. MalwareDomainList Clean site
  51. Opera Clean site
  52. ParetoLogic Malware site
  53. Phishtank Clean site
  54. TrendMicro Malware site
  55. Websense ThreatSeeker Unrated site
  56. Wepawet Unrated site
  57.  
  58. bestcasuals.com ns1.24livehost.com => 69.93.85.106
  59. ns2.24livehost.com => 69.93.85.107
  60.  
  61. ISP: (AS21844) THEPLANET
  62. IP: 70.86.21.146
  63. Virus: Trojan
  64.  
  65. --------------------------------------------------------------------------------------------------------------------
  66.  
  67. C:\Users\St0rm>tracert bestcasuals.com
  68.  
  69. Tracing route to bestcasuals.com [70.86.21.146]
  70. over a maximum of 30 hops:
  71.  
  72. 1 179 ms 179 ms 178 ms :)
  73. 2 184 ms 181 ms 183 ms :)
  74. 3 256 ms 193 ms 179 ms :)
  75. 4 217 ms 216 ms 180 ms v995.core1.sjc1.he.net [64.71.150.21]
  76. 5 187 ms 179 ms 178 ms 10gigabitethernet2-1.core1.sjc2.he.net [72.52.92.118]
  77. 6 182 ms 182 ms 191 ms mpr1.sjc7.us [206.223.116.86]
  78. 7 186 ms 180 ms 181 ms xe-4-1-0.er1.sjc2.us.above.net [64.125.27.90]
  79. 8 182 ms 181 ms 193 ms xe-4-0-0.cr1.sjc2.us.above.net [64.125.28.54]
  80. 9 193 ms 191 ms 198 ms 64.125.26.25.available.above.net [64.125.26.25]
  81. 10 258 ms 249 ms 232 ms xe-3-2-0.cr1.iah1.us.above.net [64.125.26.121]
  82. 11 228 ms 225 ms 229 ms xe-2-1-0.cr1.dfw2.us.above.net [64.125.30.58]
  83. 12 230 ms 226 ms 229 ms xe-0-1-0.er1.dfw2.us.above.net [64.125.27.74]
  84. 13 228 ms 236 ms 238 ms 64.125.199.94.t366.above.net [64.125.199.94]
  85. 14 243 ms 236 ms 230 ms te7-1.dsr01.dllstx3.networklayer.com [70.87.253.2]
  86. 15 * * * Request timed out.
  87. 16 230 ms 233 ms 233 ms po1.car03.dllstx5.networklayer.com [70.87.254.18]
  88. 17 232 ms 228 ms 230 ms 92.15.5646.static.theplanet.com [70.86.21.146]
  89.  
  90. Trace complete.
  91.  
  92. Open ports for: 70.86.21.146
  93.  
  94. Not shown: 996 filtered ports
  95.  
  96.  
  97. PORT STATE SERVICE
  98.  
  99. 80/tcp open http
  100.  
  101. 110/tcp open pop3
  102.  
  103. 443/tcp open https
  104.  
  105. 587/tcp open submission
  106.  
  107. Total Domains: 2.
  108.  
  109. Http://mail.bestcasuals.com
  110. Http://bestcasuals.com
  111. -----------------------------------------------------------------------------------------------------------------------
  112.  
  113.  
  114.  
  115. Opinion:
  116.  
  117. I think that the website could be legit, yet rooted by someone and is hosting a virus in the admins corner.
  118.  
  119. To gain full control of the site. So my other option is to email the webmaster if he knows he has a virus.
  120.  
  121. and then try and warn people. The only bad thing I could find was one virus being hosted by him.
  122. There wasn't really anything to go by after that.
  123.  
  124. I Ddos'd it and it was going up and down for a little while. I may try again later.
  125.  
  126. The MySQL injection worked, but only found the database, not the tables.
  127.  
  128. if you have backtrack, I suggest giving it a go. To see where the files are stored, and get the admin login.
  129.  
  130. For some reason mine is messing up at the moment. =/
  131.  
  132. I'm sorry I couldn't really do very much on this one.
  133.  
  134. _St0rm
  135.  
  136.  
  137. -----------------------------------------------------------------------------------------------------------------------
  138.  
RAW Paste Data