[+] - TheWikiBoatBR PwneD

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

[+] - TheWikiBoatBR PwneD

Mensagem por FailSecurityBR em Sab 1 Set - 1:00

A alguns dias percebi eu que o site www.thewikiboatbrazil.com.br não estava mais no ar, então resolvi pesquisar e encontrei isso ↓
Spoiler:

*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=


_ _ _ _ _ _ _
| | | | (_) | (_) | | |
| |_| |__ _____ ___| | ___| |__ ___ __ _| |_
| __| '_ \ / _ \ \ /\ / / | |/ / | '_ \ / _ \ / _` | __|
| |_| | | | __/\ V V /| | <| | |_) | (_) | (_| | |_
\__|_| |_|\___| \_/\_/ |_|_|\_\_|_.__/ \___/ \__,_|\__|

www.twitter.com/0x3a0x3a

TheWikiBoat [www.thewikiboatbrazil.com.br]

*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

Since you guys were penetrating a lot of UK Websites....

I decided to penetrate your website....

*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

> thewikiboatbrazil.com.br
Server: NS2-VIP.VPLS.NET
Address: 209.11.240.36

Non-authoritative answer:
Name: server40.000webhost.com
Address: 31.170.160.104
Aliases: thewikiboatbrazil.com.br

>

HTTP/1.1 200 OK
Connection: close
Content-Length: 1537
Content-Type: text/html
Date: Mon, 27 Aug 2012 07:36:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.17

Path : /www/www.thewikiboatbrazil.com.br/index.php

*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

$ cat index.php

<html>
<head>
<title>#TheWikiBoatBrazil</title>
<link rel="stylesheet" href="stylesheet.css" type="text/css" />
<script type="text/javascript"></script><link rel='stylesheet' type='text/css' href='/B1D671CF-E532-4481-99AA-19F420D90332/netdefender/hui/ndhui.css' /></head>
<body bgcolor="#000000"><script type='text/javascript' language='javascript' src='/B1D671CF-E532-4481-99AA-19F420D90332/netdefender/hui/ndhui.js?0=0&amp;0=0&amp;0=0'></script>
<style type="text/css">
a:link {text-decoration: none}
a:visited {text-decoration: none}
a:hover {text-decoration: underline;
color: #FF0000;
}
a:active {text-decoration: none}
</style>
<center>
<img src="hack-the-planet.jpg" /><br></br>
<nav id="menu">
<ul>
<li><a href="index.php">Home</a></li>
<li><a href="release.html">Releases</a></li>
<li><a href="membros.html">Membros</a></li>
<li><a href="email.html">Contatos</a></li>
</ul>
</nav>
<br></br>
<font color="white">#TheWikiBoatBrazil, WEBSITE em desenvolvimento</font></center>
<object width="0" height="0"><param name="movie" value="http://youtube.googleapis.com/v/7YoDt-MxhHg&rel=1&autoplay=1"></param><param name="wmode" value="transparent"></param><embed src="http://youtube.googleapis.com/v/7YoDt-MxhHg&rel=1&autoplay=1" type="application/x-shockwave-flash" wmode="transparent" width="0" height="0"></embed></object>
</body>
</html>
<!-- Hosting24 Analytics Code -->
<script type="text/javascript" src="http://stats.hosting24.com/count.php"></script>
<!-- End Of Analytics Code -->

*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

We all know there are a lot of 0day exploits for PHP 5.2.17

X-Powered-By: PHP/5.2.17

PHP 5.2.x Remote Code Execution Vulnerability

If PHP bails out in startup stage before setting PG(modules_activated)
to 1, the filter_globals struct is not cleaned up on shutdown stage.
The subsequence request will use uncleaned value in filter_globals
struct. With special crafted request, this problem can lead to
information disclosure and remote code execution.

Only apache modules SAPI are found to vulnerable to this problem.
While other SAPIs are safe because a PHP process exits when PHP bails
out before setting PG(modules_activated) to 1.

I have exploited the website using that 0day and executed a php bufferoverflow code

//get addresses and links
for($x=(int)0; $x<=$limit; $x++){
$input = get_link_contents($link_list[0]);
array_shift($link_list);
$link_list = ($x%100==0 || $x==5)?filter_urls($link_list,$blacklist):$link_list;

//add the links to the link list and remove duplicates
if(count($link_list) <= 1000) {
preg_match_all($link_reg, $input, $new_links);
$link_list = array_merge($link_list, $new_links);
$link_list = array_unique(array_flatten($link_list));
}

//check the addresses against the blacklist before adding to a a file in JSON
$res = preg_match_all($regex, $input, $matches);
if ($res) {
foreach(array_unique($matches[0]) as $address) {
if(!strpos_arr($address,$blacklist)){
$enum++;
json_file($results_file,$link_list[0],$enum,$x);
write_addresses_to_file($address, $address_file);
}
}
}

unset($input, $res, $efile);
}

*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

Tango Down www.thewikiboatbrazil.com.br

And NO i didn't DDOS !

This show that its fucking easy to pwn a hackers website ...

*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=


_ _ _ _ _ _ _
| | | | (_) | (_) | | |
| |_| |__ _____ ___| | ___| |__ ___ __ _| |_
| __| '_ \ / _ \ \ /\ / / | |/ / | '_ \ / _ \ / _` | __|
| |_| | | | __/\ V V /| | <| | |_) | (_) | (_| | |_
\__|_| |_|\___| \_/\_/ |_|_|\_\_|_.__/ \___/ \__,_|\__|

www.twitter.com/0x3a0x3a

*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
o Zine foi feito por @0x00x00 e pode ser melhor visualisado no pastebin ↓

Click


~~> FailSecurity Brasil <~~

Members of :
Spirit Hacker | Cr4ck3r_SI:~# /fuck | Talib Girl



>> E-Zines <<
>>
Index Oficial <<
avatar
FailSecurityBR

Membro

Mensagens : 49
Pontos de Participação : 134
Reputação : 39
Localização : /bin/bash
Data de inscrição : 09/08/2012
Respeito as regras :

Voltar ao Topo Ir em baixo

Re: [+] - TheWikiBoatBR PwneD

Mensagem por D4RKCR1PT3R em Sex 7 Set - 17:25

Na verdade a host cortou o site por ser hacking,scam etc... inclusive quem entrou, amou meu auto-infect -z





#Nullr00t Security Research Lab's
avatar
D4RKCR1PT3R

Membro

Nada
Mensagens : 89
Pontos de Participação : 214
Reputação : 69
Data de inscrição : 04/04/2012
Respeito as regras :

Voltar ao Topo Ir em baixo

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum