Scacco Matto a Backtrack-Linux.org

Il team di inj3ct0r ha reso pubblico oggi i log di un loro attacco avvenuto con successo il 1 Dicembre 2010 verso il colosso di sicurezza informatica BackTrack, nel file messo a disposizione è possibile visualizzare le informazioni della macchina, gli utenti attivi, un elenco dei file e i parametri di configurazione della loro piattaforma di Blog e Forum (WordPress e vBulletin) comprensivi di password e nomi utenti per il collegamento al servizio MySQL.

Il team inj3ct0r evidenzia inoltre che nel medesimo server sono ospitati altri domini e sarebbe possibile estrapolare dati sensibili anche da essi, importante nota in quanto sulla stessa macchina viene ospitato Exploit-DB portale che raccoglie gli Exploit  fino ad oggi scoperti.

Potete leggere il contenuto integrare dei log sul sito di PasteBin oppure dopo il salto:

Attack on backtrack-linux.org From 1337 Team (inj3ct0r.com)

Since we already tapped into exploit-db and their server lies  in  the
same subnet  with  backtrack,  we  decided  to  check  out  their  mad
security. Backtrack is run by muts, the same guy who also  administers
exploit-db, so no wonder why it was super easy to get a shell…

$ uname -a
Linux backtrack-linux.org 2.6.32.26-175.fc12.x86_64 #1 SMP Wed Dec 1 21:39:34 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux

$ id
uid=48(apache) gid=494(apache) groups=494(apache) context=unconfined_u:system_r:httpd_t:s0

$ alias ls=”ls -la”

$ ls
total 110
dr-xr-xr-x.  25 root root  4096 Dec  7 08:42 .
dr-xr-xr-x.  25 root root  4096 Dec  7 08:42 ..
-rw-r–r–.   1 root root     0 Dec  7 08:42 .autofsck
drwx——.   2 root root  4096 Dec 10 03:40 backup
dr-xr-xr-x.   2 root root  4096 Nov 29 19:59 bin
dr-xr-xr-x.   5 root root  1024 Dec  7 08:41 boot
drwxr-xr-x.  17 root root  3580 Dec  7 08:43 dev
drwxr-xr-x.  66 root root  4096 Dec  7 08:42 etc
drwxr-xr-x.   3 root root  4096 Aug 14 20:50 home
dr-xr-xr-x.   9 root root  4096 Aug 11 04:01 lib
dr-xr-xr-x.   9 root root 12288 Nov 29 20:00 lib64
drwx——.   2 root root 16384 Aug 11 02:01 lost+found
drwxr-xr-x.   2 root root  4096 Aug 11 04:42 maint
drwxr-xr-x.   2 root root  4096 Aug 25  2009 media
drwxr-xr-x.   2 root root  4096 Aug 25  2009 mnt
drwxr-xr-x.   2 root root  4096 Aug 25  2009 opt
dr-xr-xr-x. 160 root root     0 Dec  7 08:42 proc
drwxr-xr-x.   5 root root  4096 Dec  3 17:16 recovery
dr-xr-x—.   4 root root  4096 Dec 10 08:50 root
dr-xr-xr-x.   2 root root 12288 Nov 29 19:59 sbin
drwxr-xr-x.   7 root root     0 Dec  7 08:42 selinux
drwxr-xr-x.   2 root root  4096 Aug 25  2009 srv
drwxr-xr-x.  13 root root     0 Dec  7 08:42 sys
drwxrwxrwt.   4 root root  4096 Dec 10 14:08 tmp
drwxr-xr-x.  14 root root  4096 Aug 11 02:03 usr
drwxr-xr-x.  20 root root  4096 Aug 14 20:45 var

$ cat /etc/issue
Fedora release 12 (Constantine)
Kernel \r on an \m (\l)

$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:499:virtual console memory owner:/dev:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
mailnull:x:47:497::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:496::/var/spool/mqueue:/sbin/nologin
sshd:x:74:495:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
apache:x:48:494:Apache:/var/www:/sbin/nologin
mysql:x:27:493:MySQL Server:/var/lib/mysql:/bin/bash
ossec:x:500:500::/var/ossec:/sbin/nologin
ossecm:x:501:500::/var/ossec:/sbin/nologin
ossecr:x:502:500::/var/ossec:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin

$ cd
/var/www/html/

$ ls
total 90224
drwxr-xr-x. 13 apache apache     4096 Dec  9 12:21 .
drwxr-xr-x.  6 root   root       4096 Aug 18 10:30 ..
-rw-r–r–.  1 apache apache     4183 Dec  5 16:50 .htaccess
-rw-r–r–.  1 apache apache     1156 Aug 11 03:17 HT
-rw-r–r–.  1 apache apache     2233 Aug 11 03:17 HT-ORIG
-rw-r–r–.  1 apache apache  1526525 Nov 11 14:01 IMG_0585.JPG
drwxr-xr-x.  2 apache apache     4096 Aug 11 03:16 ads
-rw-r–r–.  1 apache apache   125832 Nov 19 12:18 bootsplash.jpg
-rw-r–r–.  1 apache apache   754444 Aug 11 03:16 bt-nsa.png
-rw-r–r–.  1 apache apache   757498 Aug 11 03:16 bt-nsa2.png
-rw-r–r–.  1 apache apache    81597 Aug 11 03:16 bt4-final-vm.zip.torrent
-rw-r–r–.  1 apache apache    60094 Aug 11 03:16 bt4-final.iso.torrent
-rw-r–r–.  1 apache apache       44 Aug 11 03:16 bt4r1.txt
-rw-r–r–.  1 root   root     686248 Nov 23 10:47 bt4r2.png
-rw-r–r–.  1 apache apache   160728 Aug 11 03:16 btfail.png
-rw-r–r–.  1 apache apache      476 Aug 11 03:16 collapsible_ad.html
-rwxr-xr-x.  1 apache apache 13397784 Aug 11 03:16 d.bin
-rw-r–r–.  1 apache apache      121 Aug 11 03:16 d.lic
-rw-r–r–.  1 apache apache 12844822 Aug 11 03:16 d32.bin
drwxr-xr-x.  2 apache apache     4096 Aug 11 03:16 documents
-rw-r–r–.  1 apache apache     3342 Aug 11 03:16 down.php
-rw-r–r–.  1 apache apache     4158 Aug 11 03:16 download-orig.php
-rw-r–r–.  1 apache apache     4945 Nov 22 11:38 download.php
-rw-r–r–.  1 apache apache    15125 Aug 11 03:16 error.php
-rw-r–r–.  1 apache apache   137383 Aug 11 03:16 example-2.jpg
-rw-r–r–.  1 apache apache     1150 Aug 11 03:16 favicon.ico
drwxr-xr-x. 21 apache apache     4096 Nov 22 18:56 forums
-rw-r–r–.  1 apache apache    87176 Aug 11 03:17 google.png
-rw-r–r–.  1 apache apache       53 Aug 11 03:17 googled6c4817aa45e0032.html
-rw-r–r–.  1 apache apache       23 Aug 11 03:17 googlehostedservice.html
-rw-r–r–.  1 apache apache  1978856 Sep 17 08:06 hola.jpg
-rw-r–r–.  1 apache apache  2264271 Sep 17 08:12 hola1.jpg
-rw-r–r–.  1 apache apache  2197361 Sep 17 08:15 hola2.jpg
-rw-r–r–.  1 apache apache   315306 Aug 11 03:17 hola22.png
-rw-r–r–.  1 apache apache   169202 Aug 11 03:17 hola23.png
drwxr-xr-x.  8 apache apache     4096 Nov 21 16:38 images
-rw-r–r–.  1 apache apache        3 Aug 11 03:17 index.html
-rw-r–r–.  1 apache apache      397 Dec  9 12:20 index.php
-rw-r–r–.  1 apache apache   321196 Nov 19 15:06 kanji.png
-rw-r–r–.  1 apache apache   147841 Sep  4 12:37 knock-0.5.tar.gz
-rw-r–r–.  1 apache apache    15410 Dec  9 12:20 license.txt
-rw-r–r–.  1 apache apache 48404480 Nov 14 15:53 mediawiki-1.16.0.tar
-rw-r–r–.  1 apache apache    13946 Aug 11 03:17 nv-xorg.conf
-rw-r–r–.  1 apache apache  1382400 Oct 26 10:38 oiopub-direct.tar
-rw-r–r–.  1 apache apache  1508471 Aug 11 03:17 p2270016.jpg
-rw-r–r–.  1 apache apache  1636957 Aug 11 03:17 p2280018.jpg
drwxr-xr-x.  2 apache apache     4096 Nov 22 11:46 patches
-rw-r–r–.  1 apache apache      582 Nov 22 11:21 r2.php
-rw-r–r–.  1 apache apache     9120 Dec  9 12:20 readme.html
-rw-r–r–.  1 apache apache      712 Nov 10 22:27 s.php
-rw-r–r–.  1 apache apache       63 Aug 11 03:17 show.dud.php
-rw-r–r–.  1 apache apache      801 Aug 11 03:17 show.original.php
-rw-r–r–.  1 apache apache       31 Aug 11 03:17 show.php
-rw-r–r–.  1 apache apache      601 Nov 10 22:28 show.stats.working.php
-rw-r–r–.  1 apache apache    38971 Dec  7 23:23 sitemap.xml
-rw-r–r–.  1 apache apache     2485 Dec  7 23:23 sitemap.xml.gz
drwxr-xr-x.  3 apache apache     4096 Aug 11 03:17 slider
-rw-r–r–.  1 apache apache   714372 Aug 11 03:17 spot-the-release.png
-rw-r–r–.  1 apache apache     1536 Aug 11 03:17 stats.php
-rw-r–r–.  1 apache apache       33 Dec 10 03:34 stats.txt
-rw-r–r–.  1 apache apache    23660 Aug 11 03:17 style.css
-rw-r–r–.  1 apache apache        5 Aug 11 03:17 test.php
drwxr-xr-x.  2 apache apache     4096 Nov 22 09:22 torrents
drwxr-xr-x. 15 apache apache     4096 Nov 27 16:52 wiki
-rw-r–r–.  1 apache apache     4391 Dec  9 12:20 wp-activate.php
drwxr-xr-x.  8 apache apache     4096 Dec  5 08:12 wp-admin
-rw-r–r–.  1 apache apache    40284 Dec  9 12:20 wp-app.php
-rw-r–r–.  1 apache apache      220 Dec  9 12:20 wp-atom.php
-rw-r–r–.  1 apache apache      274 Dec  9 12:20 wp-blog-header.php
-rw-r–r–.  1 apache apache     3926 Dec  9 12:20 wp-comments-post.php
-rw-r–r–.  1 apache apache      238 Dec  9 12:20 wp-commentsrss2.php
-rw-r–r–.  1 apache apache     3173 Dec  9 12:20 wp-config-sample.php
-rw-r–r–.  1 apache apache     2696 Nov 22 19:32 wp-config.php
drwxr-xr-x.  9 apache apache     4096 Dec  9 12:21 wp-content
-rw-r–r–.  1 apache apache     1255 Dec  9 12:20 wp-cron.php
-rw-r–r–.  1 apache apache      240 Dec  9 12:20 wp-feed.php
drwxr-xr-x.  8 apache apache     4096 Aug 13 20:06 wp-includes
-rw-r–r–.  1 apache apache     2002 Dec  9 12:20 wp-links-opml.php
-rw-r–r–.  1 apache apache     2441 Dec  9 12:20 wp-load.php
-rw-r–r–.  1 apache apache    26059 Dec  9 12:20 wp-login.php
-rw-r–r–.  1 apache apache     7774 Dec  9 12:20 wp-mail.php
-rw-r–r–.  1 apache apache      487 Dec  9 12:20 wp-pass.php
-rw-r–r–.  1 apache apache      218 Dec  9 12:20 wp-rdf.php
-rw-r–r–.  1 apache apache      316 Dec  9 12:20 wp-register.php
-rw-r–r–.  1 apache apache      218 Dec  9 12:20 wp-rss.php
-rw-r–r–.  1 apache apache      220 Dec  9 12:20 wp-rss2.php
-rw-r–r–.  1 apache apache     9177 Dec  9 12:20 wp-settings.php
-rw-r–r–.  1 apache apache    18695 Dec  9 12:20 wp-signup.php
-rw-r–r–.  1 apache apache     3702 Dec  9 12:20 wp-trackback.php
-rw-r–r–.  1 root   root      99665 Nov 24 00:52 wtfff.png
-rw-r–r–.  1 apache apache       85 Nov 20 13:43 x.gif
-rw-r–r–.  1 apache apache    95481 Dec  9 12:20 xmlrpc.php

$ cat wp-config.php
<?php
/** Enable W3 Total Cache **/
define(‘WP_CACHE’, true); // Added by W3 Total Cache

/**
* The base configurations of the WordPress.
*
* This file has the following configurations: MySQL settings, Table Prefix,
* Secret Keys, WordPress Language, and ABSPATH. You can find more information by
* visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
* wp-config.php} Codex page. You can get the MySQL settings from your web host.
*
* This file is used by the wp-config.php creation script during the
* installation. You don’t have to use the web site, you can just copy this file
* to “wp-config.php” and fill in the values.
*
* @package WordPress
*/

// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define(‘DB_NAME’, ‘blog’);

/** MySQL database username */
define(‘DB_USER’, ‘root’);

/** MySQL database password */
define(‘DB_PASSWORD’, ‘234hi2u3d98as7d23kuh’);

/** MySQL hostname */
define(‘DB_HOST’, ‘localhost’);

/** Database Charset to use in creating database tables. */
define(‘DB_CHARSET’, ‘utf8’);

/** The Database Collate type. Don’t change this if in doubt. */
define(‘DB_COLLATE’, ”);

/**#@+
* Authentication Unique Keys.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
/**#@-*/

/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each a unique
* prefix. Only numbers, letters, and underscores please!
*/
$table_prefix  = ‘wp_’;

/**
* WordPress Localized Language, defaults to English.
*
* Change this to localize WordPress.  A corresponding MO file for the chosen
* language must be installed to wp-content/languages. For example, install
* de.mo to wp-content/languages and set WPLANG to ‘de’ to enable German
* language support.
*/
define (‘WPLANG’, ”);

/* That’s all, stop editing! Happy blogging. */

/** WordPress absolute path to the WordPress directory. */
if ( !defined(‘ABSPATH’) )
define(‘ABSPATH’, dirname(__FILE__) . ‘/’);

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . ‘wp-settings.php’);

$ cat show.php
<?php
include ‘stats.txt’;
?>
$ cat stats.txt
BackTrack 4 – 4916323 downloads

cat download.php
<?php

// DO NOT CHANGE THIS FILE WITHOUT TALKING TO MUTS FIRST> EVEN IF YOU THINK YOU KNOW WHAT YOU ARE DOING!!!

function getRealIpAddr()
{
if (!empty($_SERVER[‘HTTP_CLIENT_IP’]))   //check ip from share internet
{
$ip=$_SERVER[‘HTTP_CLIENT_IP’];
}
elseif (!empty($_SERVER[‘HTTP_X_FORWARDED_FOR’]))   //to check ip is pass from proxy
{
$ip=$_SERVER[‘HTTP_X_FORWARDED_FOR’];
}
else
{
$ip=$_SERVER[‘REMOTE_ADDR’];
}
return $ip;
}

$ip=getRealIpAddr();

$username=”root”;
$password=”234hi2u3d98as7d23kuh”;
$database=”counter”;

function choose($iso)
{

$num = Rand (1,5);
switch ($num)
{
case 1:
$link=”ftp://ftp.uio.no/pub/security/backtrack/$iso”;
break;

case 2:
$link=”http://ftp.uio.no/pub/security/backtrack/$iso”;
break;

case 3:
$link=”http://ftp.halifax.rwth-aachen.de/backtrack/$iso”;
break;

case 4:
$link=”http://ftp.halifax.rwth-aachen.de/backtrack/$iso”;
break;

case 5:
$link=”http://ftp.halifax.rwth-aachen.de/backtrack/$iso”;
break;

//  case 6:
//  $link=”http://moon.backtrack-linux.org/downloads/$iso”;
//  break;

}

return $link;

}

$version=$_GET[“fname”];

if (! (($version==”bt4f”) or ($version==”bt4fvm”) or ($version==”bt4r1″) or ($version==”bt4r1vm”) or ($version==”bt3″) or ($version==”bt4pf”) or ($version==”bt4b”) or ($version==”bt4bvm”) or ($version==”bt4r2″) or ($version==”bt4r2vm”)))

{
echo “This page cannot be accessed directly.”;
exit;
}

if ($version==”bt4r2″)
{

$iso=”bt4-r2.iso”;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

if ($version==”bt4r2vm”)
{

$iso=”bt4-r2-vm.tar.bz2″;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

if ($version==”bt4f”)
{

$iso=”bt4-final.iso”;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

elseif ($version==”bt4fvm”)
{
$iso=”bt4-final-vm.zip”;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

elseif ($version==”bt4r1″)
{
$iso=”bt4-r1.iso”;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

elseif ($version==”bt4r1vm”)
{
$iso=”bt4-r1-vm.tar.bz2″;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

elseif ($version==”bt4pf”)
{
$iso=”bt4-pre-final.iso”;
$link=choose($iso);

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();

header( “Location: $link “);
exit;
}

elseif ($version==”bt4b”)
{
$iso=”bt4-beta.iso”;
$link=choose($iso);
mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();
header( “Location: $link “);
exit;
}

elseif ($version==”bt4bvm”)
{
$iso=”bt4-beta-vm-6.5.1.rar”;
$link=choose($iso);
mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();
header( “Location: $link “);
exit;
}

elseif ($version==”bt3″)
{
$iso=”bt3-final.iso”;
$link=choose($iso);
mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO downloadss VALUES (”,\”$ip\”,\”$version\”)”;
mysql_query($query);
mysql_close();
header( “Location: $link “);
exit;
}

else
{
exit;
}

?>

$ cat s.php
<?php

$username=”root”;
$password=”234hi2u3d98as7d23kuh”;
$database=”counter”;

mysql_connect(“localhost”,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “select count(DISTINCT ip) as numrows from downloadz where version=\”bt4f\””;
$query2 = “select count(DISTINCT ip) as numrows from downloadz where version=\”bt4fvm\””;
$result=mysql_query($query);
$result2=mysql_query($query2);
$row2 = mysql_fetch_array($result2, MYSQL_ASSOC);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$numrows1 = $row[‘numrows’];
$numrows2 = $row2[‘numrows’];
mysql_close();

$total= round(($numrows1 + $numrows2) * 1.4);

echo “BackTrack 4 Final – $total unique downloads”;

?>

$ cd wiki

$ ls

total 700
drwxr-xr-x. 15 apache apache   4096 Nov 27 16:52 .
drwxr-xr-x. 13 apache apache   4096 Dec  9 12:21 ..
-rw-r–r–.  1 apache apache     23 Nov 14 16:01 .htpasswd
-rw-r–r–.  1 apache apache  17997 Apr  5  2006 COPYING
-rw-r–r–.  1 apache apache   2073 Jul 27 07:29 CREDITS
-rw-r–r–.  1 apache apache     76 Jul 27  2009 FAQ
-rw-r–r–.  1 apache apache 392287 Mar 12  2010 HISTORY
-rw-r–r–.  1 apache apache     96 Nov 14 16:01 HT
-rw-r–r–.  1 apache apache   4138 Apr 18  2008 INSTALL
-rw-r–r–.  1 apache apache   5469 Nov 28 16:45 LocalSettings.php
-rw-r–r–.  1 apache apache   3649 Nov 11  2008 README
-rw-r–r–.  1 apache apache  58431 Jul 28 03:11 RELEASE-NOTES
-rw-r–r–.  1 apache apache    648 May  7  2009 StartProfiler.sample
-rw-r–r–.  1 apache apache  13307 Mar 25  2010 UPGRADE
drwxr-xr-x.  2 root   root     4096 Nov 27 16:53 adsense
-rw-r–r–.  1 apache apache   4707 Feb 15  2010 api.php
-rw-r–r–.  1 apache apache     25 Feb  3  2008 api.php5
drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 bin
-rw-r–r–.  1 apache apache   8436 Nov 21 14:24 bt-wiki.png
drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 cache
drwxr-xr-x.  2 apache apache   4096 Nov 14 15:58 config
drwxr-xr-x.  4 apache apache   4096 Jul 28 03:16 docs
drwxr-xr-x.  4 apache apache   4096 Nov 28 16:44 extensions
drwxr-xr-x. 12 apache apache   4096 Nov 23 12:36 images
-rw-r–r–.  1 apache apache   4031 Oct 14  2009 img_auth.php
-rw-r–r–.  1 apache apache     31 Feb  3  2008 img_auth.php5
drwxr-xr-x. 16 apache apache   4096 Jul 28 03:16 includes
-rw-r–r–.  1 apache apache   4329 Jan  1  2010 index.php
-rw-r–r–.  1 apache apache     28 Feb  3  2008 index.php5
drwxr-xr-x.  4 apache apache   4096 Jul 28 03:16 languages
drwxr-xr-x. 13 apache apache  12288 Nov 22 12:55 maintenance
drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 math
-rw-r–r–.  1 apache apache   3054 Mar 21  2009 opensearch_desc.php
-rw-r–r–.  1 apache apache     39 Mar  3  2008 opensearch_desc.php5
-rw-r–r–.  1 apache apache    174 Feb  3  2010 php5.php5
-rw-r–r–.  1 apache apache   8821 Jul 27 03:40 profileinfo.php
-rw-r–r–.  1 apache apache    383 Mar 21  2009 redirect.php
-rw-r–r–.  1 apache apache     31 Feb  3  2008 redirect.php5
-rw-r–r–.  1 apache apache     89 Feb  3  2010 redirect.phtml
drwxr-xr-x.  2 apache apache   4096 Jul 28 03:16 serialized
-rwxrwxrwx.  1 root   root     6816 Nov 23 18:29 sitemap.xml
drwxr-xr-x.  9 apache apache   4096 Nov 28 14:12 skins
-rw-r–r–.  1 apache apache   4905 Mar  8  2010 thumb.php
-rw-r–r–.  1 apache apache     29 Feb  3  2008 thumb.php5
-rw-r–r–.  1 apache apache   1347 Nov  5  2008 trackback.php
-rw-r–r–.  1 apache apache     32 Mar 16  2009 trackback.php5
-rw-r–r–.  1 apache apache     86 Feb  3  2010 wiki.phtml

$ cat .htpasswd
edbadmin:YE8mle4nG1Z.c

cd ..
cat forums/includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 4.0.0 Patch Level 1
|| # —————————————————————- # ||
|| # All PHP code in this file is ©2000-2010 vBulletin Solutions Inc. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # —————- VBULLETIN IS NOT FREE SOFTWARE —————- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/

/*——————————————————-*\
| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
+———————————————————+
| If you get any errors while attempting to connect to    |
| MySQL, you will need to email your webhost because we   |
| cannot tell you the correct values for the variables    |
| in this file.                                           |
\*——————————————————-*/

// ****** DATABASE TYPE ******
// This is the type of the database server on which your vBulletin database will be located.
// Valid options are mysql and mysqli, for slave support add _slave.  Try to use mysqli if you are using PHP 5 and MySQL 4.1+
// for slave options just append _slave to your preferred database type.
$config[‘Database’][‘dbtype’] = ‘mysql’;

// ****** DATABASE NAME ******
// This is the name of the database where your vBulletin will be located.
// This must be created by your webhost.
$config[‘Database’][‘dbname’] = ‘forums’;

// ****** TABLE PREFIX ******
// Prefix that your vBulletin tables have in the database.
$config[‘Database’][‘tableprefix’] = ”;

// ****** TECHNICAL EMAIL ADDRESS ******
// If any database errors occur, they will be emailed to the address specified here.
// Leave this blank to not send any emails when there is a database error.
$config[‘Database’][‘technicalemail’] = ‘[email protected]’;

// ****** FORCE EMPTY SQL MODE ******
// New versions of MySQL (4.1+) have introduced some behaviors that are
// incompatible with vBulletin. Setting this value to “true” disables those
// behaviors. You only need to modify this value if vBulletin recommends it.
$config[‘Database’][‘force_sql_mode’] = false;

// ****** MASTER DATABASE SERVER NAME AND PORT ******
// This is the hostname or IP address and port of the database server.
// If you are unsure of what to put here, leave the default values.
$config[‘MasterServer’][‘servername’] = ‘localhost’;
$config[‘MasterServer’][‘port’] = 3306;

// ****** MASTER DATABASE USERNAME & PASSWORD ******
// This is the username and password you use to access MySQL.
// These must be obtained through your webhost.
$config[‘MasterServer’][‘username’] = ‘root’;
$config[‘MasterServer’][‘password’] = ‘234hi2u3d98as7d23kuh’;

// ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
// This option allows you to turn persistent connections to MySQL on or off.
// The difference in performance is negligible for all but the largest boards.
// If you are unsure what this should be, leave it off. (0 = off; 1 = on)
$config[‘MasterServer’][‘usepconnect’] = 0;

// ****** SLAVE DATABASE CONFIGURATION ******
// If you have multiple database backends, this is the information for your slave
// server. If you are not 100% sure you need to fill in this information,
// do not change any of the values here.
$config[‘SlaveServer’][‘servername’] = ”;
$config[‘SlaveServer’][‘port’] = 3306;
$config[‘SlaveServer’][‘username’] = ”;
$config[‘SlaveServer’][‘password’] = ”;
$config[‘SlaveServer’][‘usepconnect’] = 0;

// ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
// This setting allows you to change the name of the folders that the admin and
// moderator control panels reside in. You may wish to do this for security purposes.
// Please note that if you change the name of the directory here, you will still need
// to manually change the name of the directory on the server.
$config[‘Misc’][‘admincpdir’] = ‘admincphaha’;
$config[‘Misc’][‘modcpdir’] = ‘modcphaha’;

// Prefix that all vBulletin cookies will have
// Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
$config[‘Misc’][‘cookieprefix’] = ‘bb’;

// ******** FULL PATH TO FORUMS DIRECTORY ******
// On a few systems it may be necessary to input the full path to your forums directory
// for vBulletin to function normally. You can ignore this setting unless vBulletin
// tells you to fill this in. Do not include a trailing slash!
// Example Unix:
//   $config[‘Misc’][‘forumpath’] = ‘/home/users/public_html/forums’;
// Example Win32:
//   $config[‘Misc’][‘forumpath’] = ‘c:\program files\apache group\apache\htdocs\vb3’;
$config[‘Misc’][‘forumpath’] = ”;

// ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
// The users specified here will be allowed to view the admin log in the control panel.
// Users must be specified by *ID number* here. To obtain a user’s ID number,
// view their profile via the control panel. If this is a new installation, leave
// the first user created will have a user ID of 1. Seperate each userid with a comma.
$config[‘SpecialUsers’][‘canviewadminlog’] = ‘1’;

// ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
// The users specified here will be allowed to remove (“prune”) entries from the admin
// log. See the above entry for more information on the format.
$config[‘SpecialUsers’][‘canpruneadminlog’] = ‘1’;

// ****** USERS WITH QUERY RUNNING PERMISSIONS ******
// The users specified here will be allowed to run queries from the control panel.
// See the above entries for more information on the format.
// Please note that the ability to run queries is quite powerful. You may wish
// to remove all user IDs from this list for security reasons.
$config[‘SpecialUsers’][‘canrunqueries’] = ”;

// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config[‘SpecialUsers’][‘undeletableusers’] = ”;

// ****** SUPER ADMINISTRATORS ******
// The users specified below will have permission to access the administrator permissions
// page, which controls the permissions of other administrators
$config[‘SpecialUsers’][‘superadministrators’] = ‘1,2’;

// ****** DATASTORE CACHE CONFIGURATION *****
// Here you can configure different methods for caching datastore items.
// vB_Datastore_Filecache  – to use includes/datastore/datastore_cache.php
// vB_Datastore_APC – to use APC
// vB_Datastore_XCache – to use XCache
// vB_Datastore_Memcached – to use a Memcache server, more configuration below
// $config[‘Datastore’][‘class’] = ‘vB_Datastore_Filecache’;

// ******** DATASTORE PREFIX ******
// If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
// than one set of forums installed on your host, you *may* need to use a prefix
// so that they do not try to use the same variable within the cache.
// This works in a similar manner to the database table prefix.
// $config[‘Datastore’][‘prefix’] = ”;

// It is also necessary to specify the hostname or IP address and the port the server is listening on
/*
$config[‘Datastore’][‘class’] = ‘vB_Datastore_Memcached’;
$i = 0;
// First Server
$i++;
$config[‘Misc’][‘memcacheserver’][$i]   = ‘127.0.0.1’;
$config[‘Misc’][‘memcacheport’][$i]      = 11211;
$config[‘Misc’][‘memcachepersistent’][$i] = true;
$config[‘Misc’][‘memcacheweight’][$i]   = 1;
$config[‘Misc’][‘memcachetimeout’][$i]   = 1;
$config[‘Misc’][‘memcacheretry_interval’][$i] = 15;
*/

// ****** The following options are only needed in special cases ******

// ****** MySQLI OPTIONS *****
// When using MySQL 4.1+, MySQLi should be used to connect to the database.
// If you need to set the default connection charset because your database
// is using a charset other than latin1, you can set the charset here.
// If you don’t set the charset to be the same as your database, you
// may receive collation errors.  Ignore this setting unless you
// are sure you need to use it.
// $config[‘Mysqli’][‘charset’] = ‘utf8’;

// Optionally, PHP can be instructed to set connection parameters by reading from the
// file named in ‘ini_file’. Please use a full path to the file.
// Example:
// $config[‘Mysqli’][‘ini_file’] = ‘c:\program files\MySQL\MySQL Server 4.1\my.ini’;
$config[‘Mysqli’][‘ini_file’] = ”;

// Image Processing Options
// Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger images, alter these settings.
$config[‘Misc’][‘maxwidth’] = 2592;
$config[‘Misc’][‘maxheight’] = 1944;

/*======================================================================*\
|| ####################################################################
|| # Downloaded: 22:25, Sat Jan 9th 2010
|| # CVS: $RCSfile$ – $Revision: 32878 $
|| ####################################################################
\*======================================================================*/

happY 1337day 😉

Un ringraziamento a Raffaele di BackBox per la segnalazione.