Scacco Matto a Backtrack-Linux.org

Il team di inj3ct0r ha reso pubblico oggi i log di un loro attacco avvenuto con successo il 1 Dicembre 2010 verso il colosso di sicurezza informatica BackTrack, nel file messo a disposizione è possibile visualizzare le informazioni della macchina, gli utenti attivi, un elenco dei file e i parametri di configurazione della loro piattaforma di Blog e Forum (WordPress e vBulletin) comprensivi di password e nomi utenti per il collegamento al servizio MySQL.

Il team inj3ct0r evidenzia inoltre che nel medesimo server sono ospitati altri domini e sarebbe possibile estrapolare dati sensibili anche da essi, importante nota in quanto sulla stessa macchina viene ospitato Exploit-DB portale che raccoglie gli Exploit  fino ad oggi scoperti.

Potete leggere il contenuto integrare dei log sul sito di PasteBin oppure dopo il salto:

Attack on backtrack-linux.org From 1337 Team (inj3ct0r.com)

Since we already tapped into exploit-db and their server lies  in  the
same subnet  with  backtrack,  we  decided  to  check  out  their  mad
security. Backtrack is run by muts, the same guy who also  administers
exploit-db, so no wonder why it was super easy to get a shell…

$ uname -a
Linux backtrack-linux.org 2.6.32.26-175.fc12.x86_64 #1 SMP Wed Dec 1 21:39:34 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux

$ id
uid=48(apache) gid=494(apache) groups=494(apache) context=unconfined_u:system_r:httpd_t:s0

$ alias ls=”ls -la”

$ ls
total 110
dr-xr-xr-x.  25 root root  4096 Dec  7 08:42 .
dr-xr-xr-x.  25 root root  4096 Dec  7 08:42 ..
-rw-r–r–.   1 root root     0 Dec  7 08:42 .autofsck
drwx——.   2 root root  4096 Dec 10 03:40 backup
dr-xr-xr-x.   2 root root  4096 Nov 29 19:59 bin
dr-xr-xr-x.   5 root root  1024 Dec  7 08:41 boot
drwxr-xr-x.  17 root root  3580 Dec  7 08:43 dev
drwxr-xr-x.  66 root root  4096 Dec  7 08:42 etc
drwxr-xr-x.   3 root root  4096 Aug 14 20:50 home
dr-xr-xr-x.   9 root root  4096 Aug 11 04:01 lib
dr-xr-xr-x.   9 root root 12288 Nov 29 20:00 lib64
drwx——.   2 root root 16384 Aug 11 02:01 lost+found
drwxr-xr-x.   2 root root  4096 Aug 11 04:42 maint
drwxr-xr-x.   2 root root  4096 Aug 25  2009 media
drwxr-xr-x.   2 root root  4096 Aug 25  2009 mnt
drwxr-xr-x.   2 root root  4096 Aug 25  2009 opt
dr-xr-xr-x. 160 root root     0 Dec  7 08:42 proc
drwxr-xr-x.   5 root root  4096 Dec  3 17:16 recovery
dr-xr-x—.   4 root root  4096 Dec 10 08:50 root
dr-xr-xr-x.   2 root root 12288 Nov 29 19:59 sbin
drwxr-xr-x.   7 root root     0 Dec  7 08:42 selinux
drwxr-xr-x.   2 root root  4096 Aug 25  2009 srv
drwxr-xr-x.  13 root root     0 Dec  7 08:42 sys
drwxrwxrwt.   4 root root  4096 Dec 10 14:08 tmp
drwxr-xr-x.  14 root root  4096 Aug 11 02:03 usr
drwxr-xr-x.  20 root root  4096 Aug 14 20:45 var

$ cat /etc/issue
Fedora release 12 (Constantine)
Kernel \r on an \m (\l)

$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:499:virtual console memory owner:/dev:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
mailnull:x:47:497::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:496::/var/spool/mqueue:/sbin/nologin
sshd:x:74:495:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
apache:x:48:494:Apache:/var/www:/sbin/nologin
mysql:x:27:493:MySQL Server:/var/lib/mysql:/bin/bash
ossec:x:500:500::/var/ossec:/sbin/nologin
ossecm:x:501:500::/var/ossec:/sbin/nologin
ossecr:x:502:500::/var/ossec:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin

$ cd
/var/www/html/

$ ls
total 90224
drwxr-xr-x. 13 apache apache     4096 Dec  9 12:21 .
drwxr-xr-x.  6 root   root       4096 Aug 18 10:30 ..
-rw-r–r–.  1 apache apache     4183 Dec  5 16:50 .htaccess
-rw-r–r–.  1 apache apache     1156 Aug 11 03:17 HT
-rw-r–r–.  1 apache apache     2233 Aug 11 03:17 HT-ORIG
-rw-r–r–.  1 apache apache  1526525 Nov 11 14:01 IMG_0585.JPG
drwxr-xr-x.  2 apache apache     4096 Aug 11 03:16 ads
-rw-r–r–.  1 apache apache   125832 Nov 19 12:18 bootsplash.jpg
-rw-r–r–.  1 apache apache   754444 Aug 11 03:16 bt-nsa.png
-rw-r–r–.  1 apache apache   757498 Aug 11 03:16 bt-nsa2.png
-rw-r–r–.  1 apache apache    81597 Aug 11 03:16 bt4-final-vm.zip.torrent
-rw-r–r–.  1 apache apache    60094 Aug 11 03:16 bt4-final.iso.torrent
-rw-r–r–.  1 apache apache       44 Aug 11 03:16 bt4r1.txt
-rw-r–r–.  1 root   root     686248 Nov 23 10:47 bt4r2.png
-rw-r–r–.  1 apache apache   160728 Aug 11 03:16 btfail.png
-rw-r–r–.  1 apache apache      476 Aug 11 03:16 collapsible_ad.html
-rwxr-xr-x.  1 apache apache 13397784 Aug 11 03:16 d.bin
-rw-r–r–.  1 apache apache      121 Aug 11 03:16 d.lic
-rw-r–r–.  1 apache apache 12844822 Aug 11 03:16 d32.bin
drwxr-xr-x.  2 apache apache     4096 Aug 11 03:16 documents
-rw-r–r–.  1 apache apache     3342 Aug 11 03:16 down.php
-rw-r–r–.  1 apache apache     4158 Aug 11 03:16 download-orig.php
-rw-r–r–.  1 apache apache     4945 Nov 22 11:38 download.php
-rw-r–r–.  1 apache apache    15125 Aug 11 03:16 error.php
-rw-r–r–.  1 apache apache   137383 Aug 11 03:16 example-2.jpg
-rw-r–r–.  1 apache apache     1150 Aug 11 03:16 favicon.ico
drwxr-xr-x. 21 apache apache     4096 Nov 22 18:56 forums
-rw-r–r–.  1 apache apache    87176 Aug 11 03:17 google.png
-rw-r–r–.  1 apache apache       53 Aug 11 03:17 googled6c4817aa45e0032.html
-rw-r–r–.  1 apache apache       23 Aug 11 03:17 googlehostedservice.html
-rw-r–r–.  1 apache apache  1978856 Sep 17 08:06 hola.jpg
-rw-r–r–.  1 apache apache  2264271 Sep 17 08:12 hola1.jpg
-rw-r–r–.  1 apache apache  2197361 Sep 17 08:15 hola2.jpg
-rw-r–r–.  1 apache apache   315306 Aug 11 03:17 hola22.png
-rw-r–r–.  1 apache apache   169202 Aug 11 03:17 hola23.png
drwxr-xr-x.  8 apache apache     4096 Nov 21 16:38 images
-rw-r–r–.  1 apache apache        3 Aug 11 03:17 index.html
-rw-r–r–.  1 apache apache      397 Dec  9 12:20 index.php
-rw-r–r–.  1 apache apache   321196 Nov 19 15:06 kanji.png
-rw-r–r–.  1 apache apache   147841 Sep  4 12:37 knock-0.5.tar.gz
-rw-r–r–.  1 apache apache    15410 Dec  9 12:20 license.txt
-rw-r–r–.  1 apache apache 48404480 Nov 14 15:53 mediawiki-1.16.0.tar
-rw-r–r–.  1 apache apache    13946 Aug 11 03:17 nv-xorg.conf
-rw-r–r–.  1 apache apache  1382400 Oct 26 10:38 oiopub-direct.tar
-rw-r–r–.  1 apache apache  1508471 Aug 11 03:17 p2270016.jpg
-rw-r–r–.  1 apache apache  1636957 Aug 11 03:17 p2280018.jpg
drwxr-xr-x.  2 apache apache     4096 Nov 22 11:46 patches
-rw-r–r–.  1 apache apache      582 Nov 22 11:21 r2.php
-rw-r–r–.  1 apache apache     9120 Dec  9 12:20 readme.html
-rw-r–r–.  1 apache apache      712 Nov 10 22:27 s.php
-rw-r–r–.  1 apache apache       63 Aug 11 03:17 show.dud.php
-rw-r–r–.  1 apache apache      801 Aug 11 03:17 show.original.php
-rw-r–r–.  1 apache apache       31 Aug 11 03:17 show.php
-rw-r–r–.  1 apache apache      601 Nov 10 22:28 show.stats.working.php
-rw-r–r–.  1 apache apache    38971 Dec  7 23:23 sitemap.xml
-rw-r–r–.  1 apache apache     2485 Dec  7 23:23 sitemap.xml.gz
drwxr-xr-x.  3 apache apache     4096 Aug 11 03:17 slider
-rw-r–r–.  1 apache apache   714372 Aug 11 03:17 spot-the-release.png
-rw-r–r–.  1 apache apache     1536 Aug 11 03:17 stats.php
-rw-r–r–.  1 apache apache       33 Dec 10 03:34 stats.txt
-rw-r–r–.  1 apache apache    23660 Aug 11 03:17 style.css
-rw-r–r–.  1 apache apache        5 Aug 11 03:17 test.php
drwxr-xr-x.  2 apache apache     4096 Nov 22 09:22 torrents
drwxr-xr-x. 15 apache apache     4096 Nov 27 16:52 wiki
-rw-r–r–.  1 apache apache     4391 Dec  9 12:20 wp-activate.php
drwxr-xr-x.  8 apache apache     4096 Dec  5 08:12 wp-admin
-rw-r–r–.  1 apache apache    40284 Dec  9 12:20 wp-app.php
-rw-r–r–.  1 apache apache      220 Dec  9 12:20 wp-atom.php
-rw-r–r–.  1 apache apache      274 Dec  9 12:20 wp-blog-header.php
-rw-r–r–.  1 apache apache     3926 Dec  9 12:20 wp-comments-post.php
-rw-r–r–.  1 apache apache      238 Dec  9 12:20 wp-commentsrss2.php
-rw-r–r–.  1 apache apache     3173 Dec  9 12:20 wp-config-sample.php
-rw-r–r–.  1 apache apache     2696 Nov 22 19:32 wp-config.php
drwxr-xr-x.  9 apache apache     4096 Dec  9 12:21 wp-content
-rw-r–r–.  1 apache apache     1255 Dec  9 12:20 wp-cron.php
-rw-r–r–.  1 apache apache      240 Dec  9 12:20 wp-feed.php
drwxr-xr-x.  8 apache apache     4096 Aug 13 20:06 wp-includes
-rw-r–r–.  1 apache apache     2002 Dec  9 12:20 wp-links-opml.php
-rw-r–r–.  1 apache apache     2441 Dec  9 12:20 wp-load.php
-rw-r–r–.  1 apache apache    26059 Dec  9 12:20 wp-login.php
-rw-r–r–.  1 apache apache     7774 Dec  9 12:20 wp-mail.php
-rw-r–r–.  1 apache apache      487 Dec  9 12:20 wp-pass.php
-rw-r–r–.  1 apache apache      218 Dec  9 12:20 wp-rdf.php
-rw-r–r–.  1 apache apache      316 Dec  9 12:20 wp-register.php
-rw-r–r–.  1 apache apache      218 Dec  9 12:20 wp-rss.php
-rw-r–r–.  1 apache apache      220 Dec  9 12:20 wp-rss2.php
-rw-r–r–.  1 apache apache     9177 Dec  9 12:20 wp-settings.php
-rw-r–r–.  1 apache apache    18695 Dec  9 12:20 wp-signup.php
-rw-r–r–.  1 apache apache     3702 Dec  9 12:20 wp-trackback.php
-rw-r–r–.  1 root   root      99665 Nov 24 00:52 wtfff.png
-rw-r–r–.  1 apache apache       85 Nov 20 13:43 x.gif
-rw-r–r–.  1 apache apache    95481 Dec  9 12:20 xmlrpc.php

$ cat wp-config.php
<?php
/** Enable W3 Total Cache **/
define(‘WP_CACHE’, true); // Added by W3 Total Cache

/**
* The base configurations of the WordPress.
*
* This file has the following configurations: MySQL settings, Table Prefix,
* Secret Keys, WordPress Language, and ABSPATH. You can find more information by
* visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
* wp-config.php} Codex page. You can get the MySQL settings from your web host.
*
* This file is used by the wp-config.php creation script during the
* installation. You don’t have to use the web site, you can just copy this file
* to “wp-config.php” and fill in the values.
*
* @package WordPress
*/

// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define(‘DB_NAME’, ‘blog’);

/** MySQL database username */
define(‘DB_USER’, ‘root’);

/** MySQL database password */
define(‘DB_PASSWORD’, ‘234hi2u3d98as7d23kuh’);

/** MySQL hostname */
define(‘DB_HOST’, ‘localhost’);

/** Database Charset to use in creating database tables. */
define(‘DB_CHARSET’, ‘utf8’);

/** The Database Collate type. Don’t change this if in doubt. */
define(‘DB_COLLATE’, ”);

/**#@+
* Authentication Unique Keys.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
/**#@-*/

/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each a unique
* prefix. Only numbers, letters, and underscores please!
*/
$table_prefix  = ‘wp_’;

/**
* WordPress Localized Language, defaults to English.
*
* Change this to localize WordPress.  A corresponding MO file for the chosen
* language must be installed to wp-content/languages. For example, install
* de.mo to wp-content/languages and set WPLANG to ‘de’ to enable German
* language support.
*/
define (‘WPLANG’, ”);

/* That’s all, stop editing! Happy blogging. */

/** WordPress absolute path to the WordPress directory. */
if ( !defined(‘ABSPATH’) )
define(‘ABSPATH’, dirname(__FILE__) . ‘/’);

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . ‘wp-settings.php’);

$ cat show.php
<?php
include ‘stats.txt’;
?>
$ cat stats.txt
BackTrack 4 – 4916323 downloads

cat download.php
<?php

// DO NOT CHANGE THIS FILE WITHOUT TALKING TO MUTS FIRST> EVEN IF YOU THINK YOU KNOW WHAT YOU ARE DOING!!!

function getRealIpAddr()
{
if (!empty($_SERVER[‘HTTP_CLIENT_IP’]))   //check ip from share internet
{
$ip=$_SERVER[‘HTTP_CLIENT_IP’];
}
elseif (!empty($_SERVER[‘HTTP_X_FORWARDED_FOR’]))   //to check ip is pass from proxy
{
$ip=$_SERVER[‘HTTP_X_FORWARDED_FOR’];
}
else
{
$ip=$_SERVER[‘REMOTE_ADDR’];
}
return $ip;
}

$ip=getRealIpAddr();

$username=”root”;
$password=”234hi2u3d98as7d23kuh”;
$database=”counter”;

function choose($iso)
{

$num = Rand (1,5);
switch ($num)
{
case 1:
$link=”ftp://ftp.uio.no/pub/security/backtrack/$iso”;
break;

case 2:
$link=”http://ftp.uio.no/pub/security/backtrack/$iso”;
break;

case 3:
$link=”http://ftp.halifax.rwth-aachen.de/backtrack/$iso”;
break;

case 4:
$link=”http://ftp.halifax.rwth-aachen.de/backtrack/$iso”;
break;

case 5:
$link=”http://ftp.halifax.rwth-aachen.de/backtrack/$iso”;
break;

//  case 6:
//  $link=”http://moon.backtrack-linux.org/downloads/$iso”;
//  break;

}

return $link;

}

$version=$_GET[“fname”];

if (! (($version==”bt4f”) or ($version==”bt4fvm”) or ($version==”bt4r1″) or ($version==”bt4r1vm”) or ($version==”bt3″) or ($version==”bt4pf”) or ($version==”bt4b”) or ($version==”bt4bvm”) or ($version==”bt4r2″) or ($version==”bt4r2vm”)))

{
echo “This page cannot be accessed directly.”;
exit;
}

if ($version==”bt4r2″)
{

$iso=”bt4-r2.iso”;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

if ($version==”bt4r2vm”)
{

$iso=”bt4-r2-vm.tar.bz2″;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

if ($version==”bt4f”)
{

$iso=”bt4-final.iso”;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

elseif ($version==”bt4fvm”)
{
$iso=”bt4-final-vm.zip”;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

elseif ($version==”bt4r1″)
{
$iso=”bt4-r1.iso”;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

elseif ($version==”bt4r1vm”)
{
$iso=”bt4-r1-vm.tar.bz2″;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

elseif ($version==”bt4pf”)
{
$iso=”bt4-pre-final.iso”;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

elseif ($version==”bt4b”)
{
$iso=”bt4-beta.iso”;
$link=choose($iso);
mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();
header( “Location: $link “);
exit;
}

elseif ($version==”bt4bvm”)
{
$iso=”bt4-beta-vm-6.5.1.rar”;
$link=choose($iso);
mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();
header( “Location: $link “);
exit;
}

elseif ($version==”bt3″)
{
$iso=”bt3-final.iso”;
$link=choose($iso);
mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();
header( “Location: $link “);
exit;
}

else
{
exit;
}

?>

$ cat s.php
<?php

$username=”root”;
$password=”234hi2u3d98as7d23kuh”;
$database=”counter”;

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “select count(DISTINCT ip) as numrows from downloadz where version=\”bt4f\””;
$query2 = “select count(DISTINCT ip) as numrows from downloadz where version=\”bt4fvm\””;
$result=mysql_query($query);
$result2=mysql_query($query2);
$row2 = mysql_fetch_array($result2, MYSQL_ASSOC);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$numrows1 = $row[‘numrows’];
$numrows2 = $row2[‘numrows’];
mysql_close();

$total= round(($numrows1 + $numrows2) * 1.4);

echo “BackTrack 4 Final – $total unique downloads”;

?>

$ cd wiki

$ ls

total 700
drwxr-xr-x. 15 apache apache   4096 Nov 27 16:52 .
drwxr-xr-x. 13 apache apache   4096 Dec  9 12:21 ..
-rw-r–r–.  1 apache apache     23 Nov 14 16:01 .htpasswd
-rw-r–r–.  1 apache apache  17997 Apr  5  2006 COPYING
-rw-r–r–.  1 apache apache   2073 Jul 27 07:29 CREDITS
-rw-r–r–.  1 apache apache     76 Jul 27  2009 FAQ
-rw-r–r–.  1 apache apache 392287 Mar 12  2010 HISTORY
-rw-r–r–.  1 apache apache     96 Nov 14 16:01 HT
-rw-r–r–.  1 apache apache   4138 Apr 18  2008 INSTALL
-rw-r–r–.  1 apache apache   5469 Nov 28 16:45 LocalSettings.php
-rw-r–r–.  1 apache apache   3649 Nov 11  2008 README
-rw-r–r–.  1 apache apache  58431 Jul 28 03:11 RELEASE-NOTES
-rw-r–r–.  1 apache apache    648 May  7  2009 StartProfiler.sample
-rw-r–r–.  1 apache apache  13307 Mar 25  2010 UPGRADE
drwxr-xr-x.  2 root   root     4096 Nov 27 16:53 adsense
-rw-r–r–.  1 apache apache   4707 Feb 15  2010 api.php
-rw-r–r–.  1 apache apache     25 Feb  3  2008 api.php5
drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 bin
-rw-r–r–.  1 apache apache   8436 Nov 21 14:24 bt-wiki.png
drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 cache
drwxr-xr-x.  2 apache apache   4096 Nov 14 15:58 config
drwxr-xr-x.  4 apache apache   4096 Jul 28 03:16 docs
drwxr-xr-x.  4 apache apache   4096 Nov 28 16:44 extensions
drwxr-xr-x. 12 apache apache   4096 Nov 23 12:36 images
-rw-r–r–.  1 apache apache   4031 Oct 14  2009 img_auth.php
-rw-r–r–.  1 apache apache     31 Feb  3  2008 img_auth.php5
drwxr-xr-x. 16 apache apache   4096 Jul 28 03:16 includes
-rw-r–r–.  1 apache apache   4329 Jan  1  2010 index.php
-rw-r–r–.  1 apache apache     28 Feb  3  2008 index.php5
drwxr-xr-x.  4 apache apache   4096 Jul 28 03:16 languages
drwxr-xr-x. 13 apache apache  12288 Nov 22 12:55 maintenance
drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 math
-rw-r–r–.  1 apache apache   3054 Mar 21  2009 opensearch_desc.php
-rw-r–r–.  1 apache apache     39 Mar  3  2008 opensearch_desc.php5
-rw-r–r–.  1 apache apache    174 Feb  3  2010 php5.php5
-rw-r–r–.  1 apache apache   8821 Jul 27 03:40 profileinfo.php
-rw-r–r–.  1 apache apache    383 Mar 21  2009 redirect.php
-rw-r–r–.  1 apache apache     31 Feb  3  2008 redirect.php5
-rw-r–r–.  1 apache apache     89 Feb  3  2010 redirect.phtml
drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 serialized
-rwxrwxrwx.  1 root   root     6816 Nov 23 18:29 sitemap.xml
drwxr-xr-x.  9 apache apache   4096 Nov 28 14:12 skins
-rw-r–r–.  1 apache apache   4905 Mar  8  2010 thumb.php
-rw-r–r–.  1 apache apache     29 Feb  3  2008 thumb.php5
-rw-r–r–.  1 apache apache   1347 Nov  5  2008 trackback.php
-rw-r–r–.  1 apache apache     32 Mar 16  2009 trackback.php5
-rw-r–r–.  1 apache apache     86 Feb  3  2010 wiki.phtml

$ cat .htpasswd
edbadmin:YE8mle4nG1Z.c

cd ..
cat forums/includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 4.0.0 Patch Level 1
|| # —————————————————————- # ||
|| # All PHP code in this file is ©2000-2010 vBulletin Solutions Inc. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # —————- VBULLETIN IS NOT FREE SOFTWARE —————- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/

/*——————————————————-*\
| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
+———————————————————+
| If you get any errors while attempting to connect to    |
| MySQL, you will need to email your webhost because we   |
| cannot tell you the correct values for the variables    |
| in this file.                                           |
\*——————————————————-*/

// ****** DATABASE TYPE ******
// This is the type of the database server on which your vBulletin database will be located.
// Valid options are mysql and mysqli, for slave support add _slave.  Try to use mysqli if you are using PHP 5 and MySQL 4.1+
// for slave options just append _slave to your preferred database type.
$config[‘Database’][‘dbtype’] = ‘mysql’;

// ****** DATABASE NAME ******
// This is the name of the database where your vBulletin will be located.
// This must be created by your webhost.
$config[‘Database’][‘dbname’] = ‘forums’;

// ****** TABLE PREFIX ******
// Prefix that your vBulletin tables have in the database.
$config[‘Database’][‘tableprefix’] = ”;

// ****** TECHNICAL EMAIL ADDRESS ******
// If any database errors occur, they will be emailed to the address specified here.
// Leave this blank to not send any emails when there is a database error.
$config[‘Database’][‘technicalemail’] = ‘[email protected]’;

// ****** FORCE EMPTY SQL MODE ******
// New versions of MySQL (4.1+) have introduced some behaviors that are
// incompatible with vBulletin. Setting this value to “true” disables those
// behaviors. You only need to modify this value if vBulletin recommends it.
$config[‘Database’][‘force_sql_mode’] = false;

// ****** MASTER DATABASE SERVER NAME AND PORT ******
// This is the hostname or IP address and port of the database server.
// If you are unsure of what to put here, leave the default values.
$config[‘MasterServer’][‘servername’] = ‘localhost’;
$config[‘MasterServer’][‘port’] = 3306;

// ****** MASTER DATABASE USERNAME & PASSWORD ******
// This is the username and password you use to access MySQL.
// These must be obtained through your webhost.
$config[‘MasterServer’][‘username’] = ‘root’;
$config[‘MasterServer’][‘password’] = ‘234hi2u3d98as7d23kuh’;

// ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
// This option allows you to turn persistent connections to MySQL on or off.
// The difference in performance is negligible for all but the largest boards.
// If you are unsure what this should be, leave it off. (0 = off; 1 = on)
$config[‘MasterServer’][‘usepconnect’] = 0;

// ****** SLAVE DATABASE CONFIGURATION ******
// If you have multiple database backends, this is the information for your slave
// server. If you are not 100% sure you need to fill in this information,
// do not change any of the values here.
$config[‘SlaveServer’][‘servername’] = ”;
$config[‘SlaveServer’][‘port’] = 3306;
$config[‘SlaveServer’][‘username’] = ”;
$config[‘SlaveServer’][‘password’] = ”;
$config[‘SlaveServer’][‘usepconnect’] = 0;

// ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
// This setting allows you to change the name of the folders that the admin and
// moderator control panels reside in. You may wish to do this for security purposes.
// Please note that if you change the name of the directory here, you will still need
// to manually change the name of the directory on the server.
$config[‘Misc’][‘admincpdir’] = ‘admincphaha’;
$config[‘Misc’][‘modcpdir’] = ‘modcphaha’;

// Prefix that all vBulletin cookies will have
// Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
$config[‘Misc’][‘cookieprefix’] = ‘bb’;

// ******** FULL PATH TO FORUMS DIRECTORY ******
// On a few systems it may be necessary to input the full path to your forums directory
// for vBulletin to function normally. You can ignore this setting unless vBulletin
// tells you to fill this in. Do not include a trailing slash!
// Example Unix:
//   $config[‘Misc’][‘forumpath’] = ‘/home/users/public_html/forums’;
// Example Win32:
//   $config[‘Misc’][‘forumpath’] = ‘c:\program files\apache group\apache\htdocs\vb3’;
$config[‘Misc’][‘forumpath’] = ”;

// ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
// The users specified here will be allowed to view the admin log in the control panel.
// Users must be specified by *ID number* here. To obtain a user’s ID number,
// view their profile via the control panel. If this is a new installation, leave
// the first user created will have a user ID of 1. Seperate each userid with a comma.
$config[‘SpecialUsers’][‘canviewadminlog’] = ‘1’;

// ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
// The users specified here will be allowed to remove (“prune”) entries from the admin
// log. See the above entry for more information on the format.
$config[‘SpecialUsers’][‘canpruneadminlog’] = ‘1’;

// ****** USERS WITH QUERY RUNNING PERMISSIONS ******
// The users specified here will be allowed to run queries from the control panel.
// See the above entries for more information on the format.
// Please note that the ability to run queries is quite powerful. You may wish
// to remove all user IDs from this list for security reasons.
$config[‘SpecialUsers’][‘canrunqueries’] = ”;

// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config[‘SpecialUsers’][‘undeletableusers’] = ”;

// ****** SUPER ADMINISTRATORS ******
// The users specified below will have permission to access the administrator permissions
// page, which controls the permissions of other administrators
$config[‘SpecialUsers’][‘superadministrators’] = ‘1,2’;

// ****** DATASTORE CACHE CONFIGURATION *****
// Here you can configure different methods for caching datastore items.
// vB_Datastore_Filecache  – to use includes/datastore/datastore_cache.php
// vB_Datastore_APC – to use APC
// vB_Datastore_XCache – to use XCache
// vB_Datastore_Memcached – to use a Memcache server, more configuration below
// $config[‘Datastore’][‘class’] = ‘vB_Datastore_Filecache’;

// ******** DATASTORE PREFIX ******
// If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
// than one set of forums installed on your host, you *may* need to use a prefix
// so that they do not try to use the same variable within the cache.
// This works in a similar manner to the database table prefix.
// $config[‘Datastore’][‘prefix’] = ”;

// It is also necessary to specify the hostname or IP address and the port the server is listening on
/*
$config[‘Datastore’][‘class’] = ‘vB_Datastore_Memcached’;
$i = 0;
// First Server
$i++;
$config[‘Misc’][‘memcacheserver’][$i]   = ‘127.0.0.1’;
$config[‘Misc’][‘memcacheport’][$i]      = 11211;
$config[‘Misc’][‘memcachepersistent’][$i] = true;
$config[‘Misc’][‘memcacheweight’][$i]   = 1;
$config[‘Misc’][‘memcachetimeout’][$i]   = 1;
$config[‘Misc’][‘memcacheretry_interval’][$i] = 15;
*/

// ****** The following options are only needed in special cases ******

// ****** MySQLI OPTIONS *****
// When using MySQL 4.1+, MySQLi should be used to connect to the database.
// If you need to set the default connection charset because your database
// is using a charset other than latin1, you can set the charset here.
// If you don’t set the charset to be the same as your database, you
// may receive collation errors.  Ignore this setting unless you
// are sure you need to use it.
// $config[‘Mysqli’][‘charset’] = ‘utf8’;

// Optionally, PHP can be instructed to set connection parameters by reading from the
// file named in ‘ini_file’. Please use a full path to the file.
// Example:
// $config[‘Mysqli’][‘ini_file’] = ‘c:\program files\MySQL\MySQL Server 4.1\my.ini’;
$config[‘Mysqli’][‘ini_file’] = ”;

// Image Processing Options
// Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
$config[‘Misc’][‘maxwidth’] = 2592;
$config[‘Misc’][‘maxheight’] = 1944;

/*======================================================================*\
|| ####################################################################
|| # Downloaded: 22:25, Sat Jan 9th 2010
|| # CVS: $RCSfile$ – $Revision: 32878 $
|| ####################################################################
\*======================================================================*/

happY 1337day 😉

Un ringraziamento a Raffaele di BackBox per la segnalazione.

  • Pingback: shares trading()

  • First of all I want to say awesome blog! I had a quick question in which I’d like to ask if you don’t mind.
    I was curious to know how you center yourself and clear your thoughts
    before writing. I’ve had a tough time clearing my mind in getting my ideas out. I truly do enjoy writing but it just seems like the first 10 to 15 minutes are lost just trying to figure out how to begin. Any ideas or tips? Many thanks!