The Hacker News Logo
Subscribe to Newsletter

Team Injector (1337db) Hack Into Exploit-db Website !

Team Injector Hack Into Exploit-db Website !


================================
Data Extracted From Exploit-db's Server !
================================

$ uname -a
Linux www 2.6.32-25-server #45-Ubuntu SMP Sat Oct 16 20:06:58 UTC 2010 x86_64 GNU/Linux


$ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)


$ pwd
/var/www


$ ls -la
total 24180
drwxr-xr-x 18 www-data www-data     4096 Nov 26 10:16 .
drwxr-xr-x 19 root     root         4096 Sep 24 09:26 ..
-rw-r--r--  1 www-data www-data     1005 Nov 12 19:03 .htaccess
-rw-r--r--  1 www-data www-data      764 Nov  5 17:32 .htaccess.save
-rw-r--r--  1 www-data www-data  2820676 Nov 15 14:26 1920x1200_edb-wallpaper.png
drwxr-xr-x  4 www-data www-data     4096 Nov 11 07:43 92384723987239847239847234982734
-rw-r--r--  1 www-data www-data    46149 Nov 11 17:04 apc123456.php
-rw-r--r--  1 www-data www-data 10723590 Nov 28 06:52 archive.tar.bz2
-rw-r--r--  1 www-data www-data    18851 Jul  9 14:42 disclosure.html
-rw-r--r--  1 www-data www-data    11662 Nov 11 11:42 dorkorinos.txt
drwxr-xr-x  2 www-data www-data     4096 Jul  9 14:42 edbpartners
-rw-r--r--  1 www-data www-data     1406 Jul  9 14:53 favicon.ico
-rw-r--r--  1 www-data www-data     1921 Jul  9 14:42 feature.txt
-rw-r--r--  1 www-data www-data     1923 Jul 11 16:01 feature1.txt
drwxr-xr-x 21 www-data www-data     4096 Nov 22 20:06 forums
drwxr-xr-x  2 www-data www-data     4096 Sep 23 06:41 funny404
-rw-r--r--  1 www-data www-data     1119 Nov 22 07:45 gd_rss.php
-rw-r--r--  1 www-data www-data       65 Aug 26 04:53 goaway.php
-rw-r--r--  1 www-data www-data       53 Jul  9 14:42 googled6c4817aa45e0032.html
-rw-r--r--  1 www-data www-data        5 Nov 11 07:24 hola.txt
-rw-r--r--  1 www-data www-data  3154634 Nov 11 07:25 hola.xml
drwxr-xr-x 15 www-data www-data     4096 Nov 22 15:50 images
-rw-r--r--  1 www-data www-data      397 Aug 26 04:53 index.php
drwxr-xr-x  2 www-data www-data     4096 Nov  4 12:20 leetdownloads
-rw-r--r--  1 www-data www-data      311 Nov 12 18:40 maintenance.php
drwxr-xr-x  2 root     root         4096 Nov 26 10:18 movies
-rw-r--r--  1 www-data www-data      106 Aug 26 04:53 news.php
drwxr-xr-x  2 www-data www-data     4096 Nov 11 17:20 nginx-default
-rw-r--r--  1 www-data www-data      220 Oct 30 17:00 pagerank.html
-rw-r--r--  1 www-data www-data      761 Sep  6 06:12 rating.txt
-rw-r--r--  1 www-data www-data     9122 Aug 18 05:32 readme.html
-rw-r--r--  1 www-data www-data       47 Jul  9 14:53 robots_ssl.txt
-rw-r--r--  1 www-data www-data  4007150 Dec  1 07:47 ror.xml
-rw-r--r--  1 www-data www-data     2102 Sep  1 05:40 rss.php
drwxr-xr-x  2 www-data www-data     4096 Jul  9 14:42 scripts
-rw-r--r--  1 www-data www-data     1056 Sep  3 18:05 search-mobile.php
-rw-r--r--  1 www-data www-data      108 Aug 26 04:53 search.php
-rw-r--r--  1 www-data www-data  3337393 Dec  1 07:47 sitemap.xml
-rw-r--r--  1 www-data www-data     3462 Aug 19 11:37 sitemap.xsl
-rw-r--r--  1 www-data www-data    30533 Nov 30 17:52 sitemap_blog.xml
-rw-r--r--  1 www-data www-data     4229 Nov 30 17:52 sitemap_blog.xml.gz
drwxr-xr-x  3 www-data www-data     4096 Jul  9 14:42 slider
drwxr-xr-x  2 www-data www-data    20480 Dec  4 09:18 sploits
-rw-r--r--  1 www-data www-data     9621 Nov  3 19:52 style.css
drwxr-xr-x  2 www-data www-data     4096 Sep 23 06:40 testme
-rw-r--r--  1 www-data www-data     5699 Nov  4 07:22 tpl_search.php
-rw-r--r--  1 www-data www-data       16 Nov 28 06:52 update-982374.txt
-rw-r--r--  1 www-data www-data       50 Aug 26 04:53 updated.php
drwxr-xr-x  3 www-data www-data     4096 Aug  3 09:35 videos
-rw-r--r--  1 www-data www-data     4391 Aug 26 04:53 wp-activate.php
drwxr-xr-x  8 www-data www-data     4096 Nov 11 17:59 wp-admin
-rw-r--r--  1 www-data www-data    40284 Aug 26 04:53 wp-app.php
-rw-r--r--  1 www-data www-data      220 Aug 26 04:53 wp-atom.php
-rw-r--r--  1 www-data www-data      274 Aug 26 04:53 wp-blog-header.php
-rw-r--r--  1 www-data www-data     3926 Aug 26 04:53 wp-comments-post.php
-rw-r--r--  1 www-data www-data      238 Aug 26 04:53 wp-commentsrss2.php
-rw-r--r--  1 www-data www-data     3173 Aug 26 04:53 wp-config-sample.php
-rw-r--r--  1 www-data www-data     2832 Nov 11 17:59 wp-config.php
drwxr-xr-x  8 www-data www-data     4096 Dec  3 22:49 wp-content
-rw-r--r--  1 www-data www-data     1255 Aug 26 04:53 wp-cron.php
-rw-r--r--  1 www-data www-data      240 Aug 26 04:53 wp-feed.php
drwxr-xr-x  7 www-data www-data     4096 Sep  8 13:52 wp-includes
-rw-r--r--  1 www-data www-data     2002 Aug 26 04:53 wp-links-opml.php
-rw-r--r--  1 www-data www-data     2441 Aug 26 04:53 wp-load.php
-rw-r--r--  1 www-data www-data    26160 Sep  3 21:48 wp-login.php
-rw-r--r--  1 www-data www-data     7774 Aug 26 04:53 wp-mail.php
-rw-r--r--  1 www-data www-data      487 Aug 26 04:53 wp-pass.php
-rw-r--r--  1 www-data www-data      218 Aug 26 04:53 wp-rdf.php
-rw-r--r--  1 www-data www-data      316 Aug 26 04:53 wp-register.php
-rw-r--r--  1 www-data www-data      218 Aug 26 04:53 wp-rss.php
-rw-r--r--  1 www-data www-data      220 Aug 26 04:53 wp-rss2.php
-rw-r--r--  1 www-data www-data     9177 Sep  8 13:01 wp-settings.php
-rw-r--r--  1 www-data www-data    18695 Aug 26 04:53 wp-signup.php
-rw-r--r--  1 www-data www-data     3702 Aug 26 04:53 wp-trackback.php
-rw-r--r--  1 www-data www-data    93955 Aug 26 04:53 xmlrpc-orig.php
-rw-r--r--  1 www-data www-data    94184 Aug 26 04:53 xmlrpc.php




$ cat wp-config.php
<?php
/**
 * The base configurations of the WordPress.
 *
 * This file has the following configurations: MySQL settings, Table Prefix,
 * Secret Keys, WordPress Language, and ABSPATH. You can find more information by
 * visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
 * wp-config.php} Codex page. You can get the MySQL settings from your web host.
 *
 * This file is used by the wp-config.php creation script during the
 * installation. You don't have to use the web site, you can just copy this file
 * to "wp-config.php" and fill in the values.
 *
 * @package WordPress
 */


// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
//define('DB_NAME', 'explot2');
define('WP_CACHE', true); //Added by WP-Cache Manager
define('DB_NAME', 'edb_new');


/** MySQL database username */
define('DB_USER', 'edbuser');


/** MySQL database password */
//define('DB_PASSWORD', 'admin123');
define('DB_PASSWORD', '2834729347928372342');
//define('DB_PASSWORD', 'f00b204e98009d22b68e54a');


/** MySQL hostname */
define('DB_HOST', 'localhost');
define('WP_MEMORY_LIMIT', '1024M');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');


/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
define('FORCE_SSL_LOGIN', true);


/**#@+
 * Authentication Unique Keys.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-k
 * You can change these at any point in time to invalidate all existing cookies. This will force all users 
 in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
/**#@-*/


/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each a unique
 * prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp_';


/**
 * WordPress Localized Language, defaults to English.
 *
 * Change this to localize WordPress.  A corresponding MO file for the chosen
 * language must be installed to wp-content/languages. For example, install
 * de.mo to wp-content/languages and set WPLANG to 'de' to enable German
 * language support.
 */
define ('WPLANG', '');


/* That's all, stop editing! Happy blogging. */


/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
        define('ABSPATH', dirname(__FILE__) . '/');


/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');


define('WP_DEBUG',true);
define('WP_MEMORY_LIMIT', '128M');


$ cd forums


$ ls -la
total 2344
drwxr-xr-x 21 www-data www-data   4096 Nov 22 20:06 .
drwxr-xr-x 18 www-data www-data   4096 Nov 26 10:16 ..
-rw-r--r--  1 www-data www-data   1008 Nov  6 12:03 .htaccess
-rw-rw-r--  1 www-data www-data  17862 Nov 22 20:01 LICENSE
drwxr-xr-x  3 www-data www-data   4096 Nov 22 20:04 admincp
drwxr-xr-x  3 www-data www-data   4096 Nov 22 20:04 admincp-23987239874298273987234
-rwxr-xr-x  1 www-data www-data  40193 Nov 22 20:01 ajax.php
-rwxr-xr-x  1 www-data www-data  75603 Nov 22 20:01 album.php
-rwxr-xr-x  1 www-data www-data  19119 Nov 22 20:01 announcement.php
drwxr-xr-x  2 www-data www-data   4096 Nov  6 11:22 archive
-rwxr-xr-x  1 www-data www-data   9040 Nov 22 20:01 asset.php
-rwxr-xr-x  1 www-data www-data  21161 Nov 22 20:01 assetmanage.php
-rwxr-xr-x  1 www-data www-data  15788 Nov 22 20:01 attachment.php
-rwxr-xr-x  1 www-data www-data   6935 Nov 22 20:01 attachment_inlinemod.php
-rwxr-xr-x  1 www-data www-data   3616 Nov 22 20:01 blog_attachment.php
-rwxr-xr-x  1 www-data www-data  96121 Nov 22 20:01 calendar.php
-rwxr-xr-x  1 www-data www-data     43 Nov 22 20:01 clear.gif
drwxr-xr-x  9 www-data www-data   4096 Nov  6 11:22 clientscript
-rwxr-xr-x  1 www-data www-data  15786 Nov 22 20:01 converse.php
drwxr-xr-x  7 www-data www-data   4096 Nov  6 11:22 cpstyles
-rwxr-xr-x  1 www-data www-data   3309 Nov 22 20:01 cron.php
-rwxr-xr-x  1 www-data www-data   6145 Nov 22 20:01 css.php
drwxr-xr-x  3 www-data www-data   4096 Nov  6 11:22 customavatars
drwxr-xr-x  3 www-data www-data   4096 Nov  6 11:22 customgroupicons
drwxr-xr-x  2 www-data www-data   4096 Nov  6 11:22 customprofilepics
-rwxr-xr-x  1 www-data www-data   1823 Nov 22 20:01 editor.php
-rwxr-xr-x  1 www-data www-data  47010 Nov 22 20:01 editpost.php
-rwxr-xr-x  1 www-data www-data   1427 Nov 22 20:01 entry.php
-rwxr-xr-x  1 www-data www-data  30084 Nov 22 20:01 external.php
-rwxr-xr-x  1 www-data www-data   9966 Nov 22 20:01 faq.php
-rwxr-xr-x  1 www-data www-data  10134 Nov 22 20:01 favicon.ico
-rwxr-xr-x  1 www-data www-data  23332 Nov 22 20:01 forum.php
-rwxr-xr-x  1 www-data www-data  42452 Nov 22 20:01 forumdisplay.php
-rwxr-xr-x  1 www-data www-data   2066 Nov 22 20:01 global.php
-rwxr-xr-x  1 www-data www-data 155838 Nov 22 20:01 group.php
-rwxr-xr-x  1 www-data www-data  26150 Nov 22 20:01 group_inlinemod.php
-rwxr-xr-x  1 www-data www-data  11883 Nov 22 20:01 groupsubscription.php
-rwxr-xr-x  1 www-data www-data   9039 Nov 22 20:01 image.php
drwxr-xr-x 24 www-data www-data   4096 Nov  6 13:16 images
drwxr-xr-x  8 www-data www-data  12288 Nov  6 14:29 includes
-rwxr-xr-x  1 www-data www-data   2396 Nov 22 20:01 index.php
-rwxr-xr-x  1 www-data www-data  47021 Nov 22 20:01 infraction.php
-rwxr-xr-x  1 www-data www-data 187803 Nov 22 20:01 inlinemod.php
-rwxr-xr-x  1 www-data www-data  11440 Nov 22 20:01 joinrequests.php
-rwxr-xr-x  1 www-data www-data   1757 Nov 22 20:01 list.php
-rwxr-xr-x  1 www-data www-data  10947 Nov 22 20:01 login.php
-rwxr-xr-x  1 www-data www-data  30244 Nov 22 20:01 member.php
-rwxr-xr-x  1 www-data www-data  16392 Nov 22 20:01 member_inlinemod.php
-rwxr-xr-x  1 www-data www-data  40345 Nov 22 20:01 memberlist.php
-rwxr-xr-x  1 www-data www-data  22264 Nov 22 20:01 misc.php
drwxr-xr-x  2 www-data www-data   4096 Nov 22 20:01 modcp
drwxr-xr-x  2 www-data www-data   4096 Nov  6 11:55 modcp-23987239874298273987234
-rwxr-xr-x  1 www-data www-data  76827 Nov 22 20:01 moderation.php
-rwxr-xr-x  1 www-data www-data   6779 Nov 22 20:01 moderator.php
-rwxr-xr-x  1 www-data www-data  17552 Nov 22 20:01 newattachment.php
-rwxr-xr-x  1 www-data www-data  41079 Nov 22 20:01 newreply.php
-rwxr-xr-x  1 www-data www-data  20185 Nov 22 20:01 newthread.php
-rwxr-xr-x  1 www-data www-data  21802 Nov 22 20:01 online.php
drwxr-xr-x  5 www-data www-data   4096 Nov  6 11:22 packages
-rwxr-xr-x  1 www-data www-data   8096 Nov 22 20:01 payment_gateway.php
-rwxr-xr-x  1 www-data www-data  13360 Nov 22 20:01 payments.php
-rwxr-xr-x  1 www-data www-data   4156 Nov 22 20:01 picture.php
-rwxr-xr-x  1 www-data www-data  16665 Nov 22 20:01 picture_inlinemod.php
-rwxr-xr-x  1 www-data www-data  26169 Nov 22 20:01 picturecomment.php
-rwxr-xr-x  1 www-data www-data  29338 Nov 22 20:01 poll.php
-rwxr-xr-x  1 www-data www-data  10414 Nov 22 20:01 posthistory.php
-rwxr-xr-x  1 www-data www-data  76585 Nov 22 20:01 postings.php
-rwxr-xr-x  1 www-data www-data   7087 Nov 22 20:01 printthread.php
-rwxr-xr-x  1 www-data www-data  79435 Nov 22 20:01 private.php
-rwxr-xr-x  1 www-data www-data 163695 Nov 22 20:01 profile.php
-rwxr-xr-x  1 www-data www-data  56363 Nov 22 20:01 register.php
-rwxr-xr-x  1 www-data www-data   7294 Nov 22 20:01 report.php
-rwxr-xr-x  1 www-data www-data  14765 Nov 22 20:01 reputation.php
-rwxr-xr-x  1 www-data www-data  35793 Nov 22 20:01 search.php
-rwxr-xr-x  1 www-data www-data  22710 Nov 22 20:01 sendmessage.php
-rwxr-xr-x  1 www-data www-data  12485 Nov 22 20:01 showgroups.php
-rwxr-xr-x  1 www-data www-data  12738 Nov 22 20:01 showpost.php
-rwxr-xr-x  1 www-data www-data  80115 Nov 22 20:01 showthread.php
drwxr-xr-x  2 www-data www-data   4096 Nov  6 11:22 signaturepics
drwxr-xr-x  2 www-data www-data   4096 Nov  6 11:22 store_sitemap
-rwxr-xr-x  1 www-data www-data  38862 Nov 22 20:01 subscription.php
-rwxr-xr-x  1 www-data www-data   5399 Nov 22 20:01 tags.php
-rwxr-xr-x  1 www-data www-data   8800 Nov 22 20:01 threadrate.php
-rwxr-xr-x  1 www-data www-data  11146 Nov 22 20:01 threadtag.php
-rwxr-xr-x  1 www-data www-data     61 Nov 22 20:01 uploadprogress.gif
-rwxr-xr-x  1 www-data www-data  39717 Nov 22 20:01 usercp.php
-rwxr-xr-x  1 www-data www-data  21034 Nov 22 20:01 usernote.php
drwxr-xr-x 13 www-data www-data   4096 Nov  6 11:22 vb
drwxr-xr-x  8 www-data www-data   4096 Nov  6 12:23 vboptimise
-rw-r--r--  1 www-data www-data   2324 Nov  6 12:23 vboptimise.php
drwxr-xr-x  4 www-data www-data   4096 Nov  6 11:55 vbseo
-rw-r--r--  1 www-data www-data  45286 Nov  6 11:55 vbseo.php
drwxr-xr-x  4 www-data www-data   4096 Nov  6 14:29 vbseo_sitemap
-rw-r--r--  1 www-data www-data   4335 Nov  6 11:55 vbseocp.php
-rwxr-xr-x  1 www-data www-data  27879 Nov 22 20:01 visitormessage.php
-rwxr-xr-x  1 www-data www-data   1761 Nov 22 20:01 widget.php
-rwxr-xr-x  1 www-data www-data   3952 Nov 22 20:01 xmlsitemap.php


$ cat includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 4.0.8
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is i??2000-2010 vBulletin Solutions Inc. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/


/*-------------------------------------------------------*\
| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
+---------------------------------------------------------+
| If you get any errors while attempting to connect to    |
| MySQL, you will need to email your webhost because we   |
| cannot tell you the correct values for the variables    |
| in this file.                                           |
\*-------------------------------------------------------*/


        //      ****** DATABASE TYPE ******
        //      This is the type of the database server on which your vBulletin database will be located.
        //      Valid options are mysql and mysqli, for slave support add _slave.  Try to use mysqli if you are using PHP
 5 and MySQL 4.1+
        // for slave options just append _slave to your preferred database type.
$config['Database']['dbtype'] = 'mysql';


        //      ****** DATABASE NAME ******
        //      This is the name of the database where your vBulletin will be located.
        //      This must be created by your webhost.
$config['Database']['dbname'] = 'edbforum';


        //      ****** TABLE PREFIX ******
        //      Prefix that your vBulletin tables have in the database.
$config['Database']['tableprefix'] = '';


        //      ****** TECHNICAL EMAIL ADDRESS ******
        //      If any database errors occur, they will be emailed to the address specified here.
        //      Leave this blank to not send any emails when there is a database error.
$config['Database']['technicalemail'] = 'dbmaster@example.com';


        //      ****** FORCE EMPTY SQL MODE ******
        // New versions of MySQL (4.1+) have introduced some behaviors that are
        // incompatible with vBulletin. Setting this value to "true" disables those
        // behaviors. You only need to modify this value if vBulletin recommends it.
$config['Database']['force_sql_mode'] = false;






        //      ****** MASTER DATABASE SERVER NAME AND PORT ******
        //      This is the hostname or IP address and port of the database server.
        //      If you are unsure of what to put here, leave the default values.
        //
        //      Note: If you are using IIS 7+ and MySQL is on the same machine, you
        //      need to use 127.0.0.1 instead of localhost
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;


        //      ****** MASTER DATABASE USERNAME & PASSWORD ******
        //      This is the username and password you use to access MySQL.
        //      These must be obtained through your webhost.
$config['MasterServer']['username'] = 'forums';
$config['MasterServer']['password'] = '2834725234523472342';


        //      ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
        //      This option allows you to turn persistent connections to MySQL on or off.
        //      The difference in performance is negligible for all but the largest boards.
        //      If you are unsure what this should be, leave it off. (0 = off; 1 = on)
$config['MasterServer']['usepconnect'] = 0;






        //      ****** SLAVE DATABASE CONFIGURATION ******
        //      If you have multiple database backends, this is the information for your slave
        //      server. If you are not 100% sure you need to fill in this information,
        //      do not change any of the values here.
$config['SlaveServer']['servername'] = '';
$config['SlaveServer']['port'] = 3306;
$config['SlaveServer']['username'] = '';
$config['SlaveServer']['password'] = '';
$config['SlaveServer']['usepconnect'] = 0;






        //      ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
        //      This setting allows you to change the name of the folders that the admin and
        //      moderator control panels reside in. You may wish to do this for security purposes.
        //      Please note that if you change the name of the directory here, you will still need
        //      to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'admincp-23987239874298273987234';
$config['Misc']['modcpdir'] = 'modcp-23987239874298273987234';


        //      Prefix that all vBulletin cookies will have
        //      Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
$config['Misc']['cookieprefix'] = 'bb';


        //      ******** FULL PATH TO FORUMS DIRECTORY ******
        //      On a few systems it may be necessary to input the full path to your forums directory
        //      for vBulletin to function normally. You can ignore this setting unless vBulletin
        //      tells you to fill this in. Do not include a trailing slash!
        //      Example Unix:
        //        $config['Misc']['forumpath'] = '/home/users/public_html/forums';
        //      Example Win32:
        //        $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
$config['Misc']['forumpath'] = '';






        //      ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
        //      The users specified here will be allowed to view the admin log in the control panel.
        //      Users must be specified by *ID number* here. To obtain a user's ID number,
        //      view their profile via the control panel. If this is a new installation, leave
        //      the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1';


        //      ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
        //      The users specified here will be allowed to remove ("prune") entries from the admin
        //      log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1';


        //      ****** USERS WITH QUERY RUNNING PERMISSIONS ******
        //      The users specified here will be allowed to run queries from the control panel.
        //      See the above entries for more information on the format.
        //      Please note that the ability to run queries is quite powerful. You may wish
        //      to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '';


        //      ****** UNDELETABLE / UNALTERABLE USERS ******
        //      The users specified here will not be deletable or alterable from the control panel by any users.
        //      To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '';


        //      ****** SUPER ADMINISTRATORS ******
        //      The users specified below will have permission to access the administrator permissions
        //      page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1';


        // ****** DATASTORE CACHE CONFIGURATION *****
        // Here you can configure different methods for caching datastore items.
        // vB_Datastore_Filecache  - to use includes/datastore/datastore_cache.php
        // vB_Datastore_APC - to use APC
        // vB_Datastore_XCache - to use XCache
        // vB_Datastore_Memcached - to use a Memcache server, more configuration below
// $config['Datastore']['class'] = 'vB_Datastore_Filecache';


        // ******** DATASTORE PREFIX ******
        // If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
        // than one set of forums installed on your host, you *may* need to use a prefix
        // so that they do not try to use the same variable within the cache.
        // This works in a similar manner to the database table prefix.
// $config['Datastore']['prefix'] = '';


        // It is also necessary to specify the hostname or IP address and the port the server is listening on
/*
$config['Datastore']['class'] = 'vB_Datastore_Memcached';
$i = 0;
// First Server
$i++;
$config['Misc']['memcacheserver'][$i]           = '127.0.0.1';
$config['Misc']['memcacheport'][$i]                     = 11211;
$config['Misc']['memcachepersistent'][$i]       = true;
$config['Misc']['memcacheweight'][$i]           = 1;
$config['Misc']['memcachetimeout'][$i]          = 1;
$config['Misc']['memcacheretry_interval'][$i] = 15;
*/


// ****** The following options are only needed in special cases ******


        //      ****** MySQLI OPTIONS *****
        // When using MySQL 4.1+, MySQLi should be used to connect to the database.
        // If you need to set the default connection charset because your database
        // is using a charset other than latin1, you can set the charset here.
        // If you don't set the charset to be the same as your database, you
        // may receive collation errors.  Ignore this setting unless you
        // are sure you need to use it.
// $config['Mysqli']['charset'] = 'utf8';


        //      Optionally, PHP can be instructed to set connection parameters by reading from the
        //      file named in 'ini_file'. Please use a full path to the file.
        //      Example:
        //      $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
$config['Mysqli']['ini_file'] = '';


// Image Processing Options
        // Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger image
s, alter these settings.
$config['Misc']['maxwidth'] = 2592;
$config['Misc']['maxheight'] = 1944;


/*======================================================================*\
|| ####################################################################
|| # Downloaded: 10:22, Sat Nov 6th 2010
|| # CVS: $RCSfile$ - $Revision: 39199 $
|| ####################################################################
\*======================================================================*/


$ cd /


$ ls -la
total 112
drwxr-xr-x  26 root root  4096 Nov 30 06:53 .
drwxr-xr-x  26 root root  4096 Nov 30 06:53 ..
drw-------   2 root root  4096 Dec  4 03:45 backup
drw-------   2 root root  4096 Sep  1 07:38 backup-fix
drwxr-xr-x   2 root root  4096 Oct 11 09:00 bin
drwxr-xr-x   3 root root  4096 Nov 30 06:53 boot
drwxr-xr-x   3 root root  4096 Nov 11 16:56 build
drwxr-xr-x   2 root root  4096 Jul  9 05:29 cdrom
drwxr-xr-x  14 root root  3800 Nov 30 06:53 dev
drwxr-xr-x  91 root root  4096 Dec  2 06:34 etc
drwxr-xr-x   3 root root  4096 Aug  3 11:48 home
lrwxrwxrwx   1 root root    32 Nov 30 06:53 initrd.img -> boot/initrd.img-2.6.32-26-server
lrwxrwxrwx   1 root root    32 Oct  4 16:30 initrd.img.old -> boot/initrd.img-2.6.32-25-server
drwxr-xr-x  13 root root 12288 Nov 18 06:54 lib
lrwxrwxrwx   1 root root     4 Jul  9 05:28 lib64 -> /lib
drwx------   2 root root 16384 Jul  9 05:28 lost+found
drwxr-xr-x   2 root root  4096 Jul  9 15:17 maint
drwxr-xr-x   3 root root  4096 Jul  9 05:28 media
drwxr-xr-x   4 root root  4096 Jul  9 20:03 mnt
drwxr-xr-x   3 root root  4096 Oct  7 16:53 opt
dr-xr-xr-x 227 root root     0 Nov 11 10:45 proc
drwx------   9 root root  4096 Nov 25 09:08 root
drwxr-xr-x   2 root root  4096 Oct 29 19:00 sbin
drwxr-xr-x   2 root root  4096 Dec  5  2009 selinux
drwxr-xr-x   2 root root  4096 Jul  9 05:28 srv
drwxr-xr-x  13 root root     0 Nov 11 10:45 sys
drwxrwxrwt   3 root root  4096 Dec  4 14:59 tmp
drwxr-xr-x  10 root root  4096 Jul  9 05:28 usr
drwxr-xr-x  19 root root  4096 Sep 24 09:26 var
lrwxrwxrwx   1 root root    29 Nov 30 06:53 vmlinuz -> boot/vmlinuz-2.6.32-26-server
lrwxrwxrwx   1 root root    29 Oct  4 16:30 vmlinuz.old -> boot/vmlinuz-2.6.32-25-server


$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
landscape:x:103:108::/var/lib/landscape:/bin/false
mysql:x:104:112:MySQL Server,,,:/var/lib/mysql:/bin/false
smmta:x:105:114:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:115:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
emgent:x:1003:1002:,,,:/home/emgent:/bin/bash
ossec:x:1004:1003::/var/ossec:/bin/false
ossecm:x:1005:1003::/var/ossec:/bin/false
ossecr:x:1006:1003::/var/ossec:/bin/false


$ cat /etc/issue
Ubuntu 10.04.1 LTS \n \l




$ cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details


# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes


# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768


# Logging
SyslogFacility AUTH
LogLevel INFO


# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes


RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys


# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes


# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no


# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no


# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes


# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes


# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes


X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no


#MaxStartups 10:30:60
#Banner /etc/issue.net


# Allow client to pass locale environment variables
AcceptEnv LANG LC_*


Subsystem sftp /usr/lib/openssh/sftp-server


# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes


$ cd /home


$ ls -la
total 12
drwxr-xr-x  3 root   root   4096 Aug  3 11:48 .
drwxr-xr-x 26 root   root   4096 Nov 30 06:53 ..
drwxr-xr-x  7 emgent emgent 4096 Aug  7 07:45 emgent


$ cd emgent


$ ls -la
total 48
drwxr-xr-x 7 emgent emgent 4096 Aug  7 07:45 .
drwxr-xr-x 3 root   root   4096 Aug  3 11:48 ..
-rw------- 1 emgent emgent  259 Oct 18 11:39 .bash_history
-rw-r--r-- 1 emgent emgent  220 Aug  3 11:48 .bash_logout
-rw-r--r-- 1 emgent emgent 3103 Aug  3 11:48 .bashrc
drwx------ 2 emgent emgent 4096 Aug  3 11:49 .cache
drwx------ 2 emgent emgent 4096 Aug  3 11:49 .irssi
-rw------- 1 emgent emgent    9 Aug  3 11:50 .nano_history
-rw-r--r-- 1 emgent emgent  675 Aug  3 11:48 .profile
drwxr-xr-x 2 emgent emgent 4096 Aug  3 11:49 .ssh
drwxr-xr-x 3 emgent emgent 4096 Aug  7 07:45 .subversion
drwxr-xr-x 4 emgent emgent 4096 Aug  7 07:46 exploitdb






$ cd .ssh


$ ls
authorized_keys
cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAntXlep19oECqVocmK6UIhsxI5yGQSPUVYWOZXWO7Q0wP9vF5FfHmE4yCmKt+MleWcPWkkbI6IXBt9TNtw7m6usPx2IEbpEVr8sl7pT8hiW8tKNew74gEEgE53AGLhWr/+vViL+5K4SKCt591oABDtWA6KIEOuyx9/jqLLwBTQP0UyrqIJpR9VhQ2GQ6tN6Y+LV4tvpqy8ehevsIqdj+HvdsvVU2sREJsSH5xAncaRJQ1sfQepyeAwi7yZ1fBT4U4/LlukkBLIqjXk2D6jPZG870R4KCEI280rBJ9DX4fPX9qvYUwOm/OtWwxC7kivuCnNM1v2wBRUVCBmSUimqWnpQ== emgent@enJoy


$ ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  23680  1244 ?        Ss   Nov11   0:07 /sbin/init
root         2  0.0  0.0      0     0 ?        S    Nov11   0:00 [kthreadd]
root         3  0.0  0.0      0     0 ?        S    Nov11   0:01 [migration/0]
root         4  0.0  0.0      0     0 ?        S    Nov11   0:12 [ksoftirqd/0]
root         5  0.0  0.0      0     0 ?        S    Nov11   0:00 [watchdog/0]
root         6  0.0  0.0      0     0 ?        S    Nov11   0:02 [migration/1]
root         7  0.0  0.0      0     0 ?        S    Nov11   0:04 [ksoftirqd/1]
root         8  0.0  0.0      0     0 ?        S    Nov11   0:00 [watchdog/1]
root         9  0.0  0.0      0     0 ?        S    Nov11   0:02 [migration/2]
root        10  0.0  0.0      0     0 ?        S    Nov11   0:02 [ksoftirqd/2]
root        11  0.0  0.0      0     0 ?        S    Nov11   0:00 [watchdog/2]
root        12  0.0  0.0      0     0 ?        S    Nov11   0:01 [migration/3]
root        13  0.0  0.0      0     0 ?        S    Nov11   0:05 [ksoftirqd/3]
root        14  0.0  0.0      0     0 ?        S    Nov11   0:00 [watchdog/3]
root        15  0.0  0.0      0     0 ?        S    Nov11   0:32 [events/0]
root        16  0.0  0.0      0     0 ?        S    Nov11  13:44 [events/1]
root        17  0.0  0.0      0     0 ?        S    Nov11   0:17 [events/2]
root        18  0.0  0.0      0     0 ?        S    Nov11   0:18 [events/3]
root        19  0.0  0.0      0     0 ?        S    Nov11   0:00 [cpuset]
root        20  0.0  0.0      0     0 ?        S    Nov11   0:00 [khelper]
root        21  0.0  0.0      0     0 ?        S    Nov11   0:00 [netns]
root        22  0.0  0.0      0     0 ?        S    Nov11   0:00 [async/mgr]
root        23  0.0  0.0      0     0 ?        S    Nov11   0:00 [pm]
root        25  0.0  0.0      0     0 ?        S    Nov11   0:02 [sync_supers]
root        26  0.0  0.0      0     0 ?        S    Nov11   0:04 [bdi-default]
root        27  0.0  0.0      0     0 ?        S    Nov11   0:00 [kintegrityd/0]
root        28  0.0  0.0      0     0 ?        S    Nov11   0:00 [kintegrityd/1]
root        29  0.0  0.0      0     0 ?        S    Nov11   0:00 [kintegrityd/2]
root        30  0.0  0.0      0     0 ?        S    Nov11   0:00 [kintegrityd/3]
root        31  0.0  0.0      0     0 ?        S    Nov11  11:09 [kblockd/0]
root        32  0.0  0.0      0     0 ?        S    Nov11   2:17 [kblockd/1]
root        33  0.0  0.0      0     0 ?        S    Nov11   1:33 [kblockd/2]
root        34  0.0  0.0      0     0 ?        S    Nov11   1:14 [kblockd/3]
root        35  0.0  0.0      0     0 ?        S    Nov11   0:00 [kacpid]
root        36  0.0  0.0      0     0 ?        S    Nov11   0:00 [kacpi_notify]
root        37  0.0  0.0      0     0 ?        S    Nov11   0:00 [kacpi_hotplug]
root        38  0.0  0.0      0     0 ?        S    Nov11   0:00 [ata/0]
root        39  0.0  0.0      0     0 ?        S    Nov11   0:00 [ata/1]
root        40  0.0  0.0      0     0 ?        S    Nov11   0:00 [ata/2]
root        41  0.0  0.0      0     0 ?        S    Nov11   0:00 [ata/3]
root        42  0.0  0.0      0     0 ?        S    Nov11   0:00 [ata_aux]
root        43  0.0  0.0      0     0 ?        S    Nov11   0:00 [ksuspend_usbd]
root        44  0.0  0.0      0     0 ?        S    Nov11   0:00 [khubd]
root        45  0.0  0.0      0     0 ?        S    Nov11   0:00 [kseriod]
root        46  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmmcd]
root        51  0.0  0.0      0     0 ?        S    Nov11   0:00 [khungtaskd]
root        52  0.0  0.0      0     0 ?        S    Nov11   0:30 [kswapd0]
root        53  0.0  0.0      0     0 ?        SN   Nov11   0:00 [ksmd]
root        54  0.0  0.0      0     0 ?        S    Nov11   0:00 [aio/0]
root        55  0.0  0.0      0     0 ?        S    Nov11   0:00 [aio/1]
root        56  0.0  0.0      0     0 ?        S    Nov11   0:00 [aio/2]
root        57  0.0  0.0      0     0 ?        S    Nov11   0:00 [aio/3]
root        58  0.0  0.0      0     0 ?        S    Nov11   0:00 [ecryptfs-kthrea]
root        59  0.0  0.0      0     0 ?        S    Nov11   0:00 [crypto/0]
root        60  0.0  0.0      0     0 ?        S    Nov11   0:00 [crypto/1]
root        61  0.0  0.0      0     0 ?        S    Nov11   0:00 [crypto/2]
root        62  0.0  0.0      0     0 ?        S    Nov11   0:00 [crypto/3]
root        65  0.0  0.0      0     0 ?        S    Nov11   0:00 [pciehpd]
root        66  0.0  0.0      0     0 ?        S    Nov11   0:00 [scsi_eh_0]
root        67  0.0  0.0      0     0 ?        S    Nov11   0:00 [scsi_eh_1]
root        69  0.0  0.0      0     0 ?        S    Nov11   0:00 [kstriped]
root        70  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmpathd/0]
root        71  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmpathd/1]
root        72  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmpathd/2]
root        73  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmpathd/3]
root        74  0.0  0.0      0     0 ?        S    Nov11   0:00 [kmpath_handlerd]
root        75  0.0  0.0      0     0 ?        S    Nov11   0:00 [ksnapd]
root        76  0.0  0.0      0     0 ?        S    Nov11   0:00 [kondemand/0]
root        77  0.0  0.0      0     0 ?        S    Nov11   0:00 [kondemand/1]
root        78  0.0  0.0      0     0 ?        S    Nov11   0:00 [kondemand/2]
root        79  0.0  0.0      0     0 ?        S    Nov11   0:00 [kondemand/3]
root        80  0.0  0.0      0     0 ?        S    Nov11   0:00 [kconservative/0]
root        81  0.0  0.0      0     0 ?        S    Nov11   0:00 [kconservative/1]
root        82  0.0  0.0      0     0 ?        S    Nov11   0:00 [kconservative/2]
root        83  0.0  0.0      0     0 ?        S    Nov11   0:00 [kconservative/3]
root       191  0.0  0.0      0     0 ?        S    Nov11   1:03 [mpt_poll_0]
root       192  0.0  0.0      0     0 ?        S    Nov11   0:00 [mpt/0]
root       268  0.0  0.0      0     0 ?        S    Nov11   0:00 [scsi_eh_2]
root       285  0.3  0.0      0     0 ?        S    Nov11 125:09 [jbd2/sda1-8]
root       286  0.0  0.0      0     0 ?        S    Nov11   0:00 [ext4-dio-unwrit]
root       287  0.0  0.0      0     0 ?        S    Nov11   0:00 [ext4-dio-unwrit]
root       288  0.0  0.0      0     0 ?        S    Nov11   0:00 [ext4-dio-unwrit]
root       289  0.0  0.0      0     0 ?        S    Nov11   0:00 [ext4-dio-unwrit]
root       322  0.3  0.0      0     0 ?        S    Nov11 115:40 [flush-8:0]
root       347  0.0  0.0  16904   640 ?        S    Nov11   0:00 upstart-udev-bridge --daemon
root       363  0.0  0.0  16920   416 ?        S<s  Nov11   0:00 udevd --daemon
root       582  0.0  0.0      0     0 ?        S    Nov11   0:00 [kpsmoused]
syslog     714  0.0  0.0 191492  1148 ?        Sl   Nov11   3:22 rsyslogd -c4
root       732  0.0  0.0  49260   528 ?        Ss   Nov11   0:01 /usr/sbin/sshd
root       773  0.0  0.0   6080   284 tty4     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty4
root       777  0.0  0.0   6080   284 tty5     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty5
root       787  0.0  0.0   6080   284 tty2     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty2
root       788  0.0  0.0   6080   284 tty3     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty3
root       792  0.0  0.0   6080   284 tty6     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty6
root       806  0.0  0.0  21076   428 ?        Ss   Nov11   0:07 cron
daemon     807  0.0  0.0  18884   348 ?        Ss   Nov11   0:00 atd
root       817  0.0  0.0  11284   428 ?        Ss   Nov11   1:53 /usr/sbin/irqbalance
root       950  0.0  0.0  84384   848 ?        Ss   Nov11   1:24 sendmail: MTA: accepting connections
root      1318  0.0  0.0  53108  4076 ?        Sl   Nov11   7:28 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock
root      1354  0.0  0.0  97040   408 ?        Ss   Nov11   0:07 /usr/bin/svnserve -d -r /var/svn/
root      1357  0.0  0.0   6080   284 tty1     Ss+  Nov11   0:00 /sbin/getty -8 38400 tty1
root      3467  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfs_mru_cache]
root      3468  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfslogd/0]
root      3469  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfslogd/1]
root      3470  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfslogd/2]
root      3471  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfslogd/3]
root      3472  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsdatad/0]
root      3473  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsdatad/1]
root      3474  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsdatad/2]
root      3475  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsdatad/3]
root      3476  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsconvertd/0]
root      3477  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsconvertd/1]
root      3478  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsconvertd/2]
root      3479  0.0  0.0      0     0 ?        S    Nov30   0:00 [xfsconvertd/3]
root      3489  0.0  0.0  16980   372 ?        S<   Nov30   0:00 udevd --daemon
root      3490  0.0  0.0  16980   376 ?        S<   Nov30   0:00 udevd --daemon
root      3491  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsIO]
root      3492  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsCommit]
root      3493  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsCommit]
root      3494  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsCommit]
root      3495  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsCommit]
root      3496  0.0  0.0      0     0 ?        S    Nov30   0:00 [jfsSync]
root      4114  0.0  0.0 107552  1928 ?        S    Nov23   0:00 /usr/bin/svnserve -d -r /var/svn/
root      7702  0.0  0.0 107420  1960 ?        S    13:31   0:00 /usr/bin/svnserve -d -r /var/svn/
root      8080  0.1  0.1 346236 11548 ?        Ss   Nov26  18:14 /usr/sbin/apache2 -k start
root      9853  0.0  0.0   9756   384 ?        Ss   Nov11   1:04 tail -f /var/log/apache2/jesys.log
www-data 10874  0.0  0.6 354384 38764 ?        S    14:15   0:00 /usr/sbin/apache2 -k start
www-data 10909  0.0  0.0  25632  2876 ?        S    14:15   0:00 dhcpcd
www-data 10910  0.0  0.0   4096   656 ?        S    14:15   0:00 /bin/sh
www-data 13491  0.1  0.6 356496 39580 ?        S    14:54   0:01 /usr/sbin/apache2 -k start
root     13493  0.1  0.1 116628 11268 ?        S    14:54   0:00 /usr/bin/svnserve -d -r /var/svn/
www-data 13510  0.0  0.0   4040   524 ?        S    14:55   0:00 cat www.tar.gz
root     13561  0.0  0.0 107420  1940 ?        S    Nov30   0:00 /usr/bin/svnserve -d -r /var/svn/
www-data 13681  0.1  0.5 354240 32356 ?        S    14:57   0:00 /usr/sbin/apache2 -k start
www-data 13884  0.1  0.5 354792 33064 ?        S    14:59   0:00 /usr/sbin/apache2 -k start
www-data 13889  0.2  0.5 353632 31568 ?        S    14:59   0:01 /usr/sbin/apache2 -k start
www-data 13960  0.0  0.6 354384 38812 ?        S    15:01   0:00 /usr/sbin/apache2 -k start
www-data 13976  0.2  0.5 355192 32200 ?        S    15:01   0:00 /usr/sbin/apache2 -k start
www-data 14022  0.0  0.0  25632  2876 ?        S    15:02   0:00 dhcpcd
www-data 14023  0.0  0.0   4096   628 ?        S    15:02   0:00 /bin/sh
www-data 14026  0.2  0.5 353888 33228 ?        S    15:02   0:00 /usr/sbin/apache2 -k start
www-data 14027  0.1  0.5 356512 32860 ?        S    15:02   0:00 /usr/sbin/apache2 -k start
www-data 14062  0.2  0.5 353548 32144 ?        S    15:03   0:00 /usr/sbin/apache2 -k start
www-data 14063  0.1  0.5 353644 30840 ?        S    15:03   0:00 /usr/sbin/apache2 -k start
www-data 14152  0.2  0.5 353376 31236 ?        S    15:04   0:00 /usr/sbin/apache2 -k start
www-data 14154  0.3  0.5 352856 31284 ?        S    15:04   0:00 /usr/sbin/apache2 -k start
www-data 14159  0.1  0.5 353888 30852 ?        S    15:04   0:00 /usr/sbin/apache2 -k start
www-data 14160  0.2  0.5 355332 31280 ?        S    15:04   0:00 /usr/sbin/apache2 -k start
www-data 14163  0.1  0.5 354204 31520 ?        S    15:04   0:00 /usr/sbin/apache2 -k start
www-data 14183  0.1  0.4 353804 30404 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
www-data 14185  0.2  0.4 352724 30460 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
www-data 14188  0.2  0.5 353544 32600 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
www-data 14194  0.1  0.4 353880 30564 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
www-data 14201  0.1  0.5 353500 31264 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
www-data 14204  0.2  0.5 354516 32044 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
www-data 14205  0.1  0.4 353360 29148 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
ossecm   14276  0.0  0.0  16844   644 ?        S    Dec02   0:01 /var/ossec/bin/ossec-maild
root     14286  0.0  0.0  12496   576 ?        S    Dec02   0:03 /var/ossec/bin/ossec-execd
ossec    14291  0.0  0.0  14924  3052 ?        S    Dec02   0:43 /var/ossec/bin/ossec-analysisd
root     14295  0.0  0.0   4236   584 ?        S    Dec02   0:22 /var/ossec/bin/ossec-logcollector
www-data 14315  0.0  0.4 352972 29480 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
www-data 14316  0.2  0.5 353360 31168 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
www-data 14317  0.1  0.5 354404 30832 ?        S    15:05   0:00 /usr/sbin/apache2 -k start
www-data 14345  0.2  0.4 352592 30052 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14346  0.1  0.4 354008 30416 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14348  0.1  0.4 352356 29156 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14350  0.0  0.1 347492 10892 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14351  0.1  0.4 353272 30452 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14352  0.3  0.5 354176 31516 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14355  0.3  0.4 352328 29492 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14356  0.2  0.5 354200 31508 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14357  0.0  0.4 352584 28180 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
root     14361  0.0  0.0   4996  1664 ?        S    Dec02   0:34 /var/ossec/bin/ossec-syscheckd
ossec    14365  0.0  0.0  12764   844 ?        S    Dec02   0:00 /var/ossec/bin/ossec-monitord
www-data 14366  0.2  0.4 352348 29836 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14367  0.1  0.4 353492 30468 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14369  0.1  0.4 353424 30616 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14370  0.1  0.5 356216 31440 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14371  0.2  0.5 353996 31636 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14372  0.1  0.4 352356 28228 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14377  0.0  0.1 347236 10808 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14378  0.2  0.4 352612 29308 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
root     14386  0.0  0.0      0     0 ?        Z    15:07   0:00 [host-deny.sh] <defunct>
root     14387  0.0  0.0      0     0 ?        Z    15:07   0:00 [firewall-drop.s] <defunct>
www-data 14407  0.4  0.5 354384 32672 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14408  0.1  0.4 352604 29276 ?        S    15:07   0:00 /usr/sbin/apache2 -k start
www-data 14412  0.3  0.5 354716 32420 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14413  0.4  0.4 352592 29272 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14414  0.2  0.4 352600 28200 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14415  0.3  0.4 352724 29088 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14416  0.2  0.4 353776 29452 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14417  0.2  0.4 353136 28616 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14418  0.3  0.4 353520 29500 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14419  0.7  0.0      0     0 ?        Z    15:08   0:00 [apache2] <defunct>
www-data 14420  0.5  0.5 353976 31084 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14421  0.3  0.4 353252 29180 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14422  0.0  0.1 346724  8076 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14423  0.6  0.5 354352 31720 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14424  0.4  0.4 353808 29848 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14425  0.3  0.4 352584 28252 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14426  0.1  0.1 346748 10564 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14427  0.6  0.4 352976 28944 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14428  0.0  0.1 346724  8204 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14429  0.0  0.1 346724  8196 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14430  0.7  0.4 352976 29032 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14431  0.9  0.4 353668 30120 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14432  0.9  0.4 353368 29668 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14433  0.8  0.4 352976 28836 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14435  1.3  0.4 352716 29364 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14436  1.8  0.4 353736 30320 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14437  0.1  0.1 346236  7760 ?        S    15:08   0:00 /usr/sbin/apache2 -k start
www-data 14438  0.0  0.0  14976  1116 ?        R    15:08   0:00 ps aux
root     19786  0.0  0.0 107420  1884 ?        S    Nov16   0:00 /usr/bin/svnserve -d -r /var/svn/
root     19983  0.0  0.0 107420  1940 ?        S    Nov29   0:00 /usr/bin/svnserve -d -r /var/svn/
root     19989  0.0  0.0 107420  1884 ?        S    Nov16   0:00 /usr/bin/svnserve -d -r /var/svn/
root     20015  0.0  0.0 107420  1884 ?        S    Nov16   0:00 /usr/bin/svnserve -d -r /var/svn/
root     20286  0.0  0.0 107420  1888 ?        S    Nov18   0:00 /usr/bin/svnserve -d -r /var/svn/
mysql    22394 10.4 24.9 2441860 1529604 ?     Ssl  Nov12 3357:17 /usr/sbin/mysqld


$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1              48G   17G   29G  37% /
none                  3.0G  172K  3.0G   1% /dev
none                  3.0G     0  3.0G   0% /dev/shm
none                  3.0G   56K  3.0G   1% /var/run
none                  3.0G     0  3.0G   0% /var/lock
none                  3.0G     0  3.0G   0% /lib/init/rw
none                   48G   17G   29G  37% /var/lib/ureadahead/debugfs


Wordpress:
admin:$P$B./Y8qG9A2YuqIz4uBAjFRo.9Yv0Fb1::muts@offsec.com
dookie2000ca:$P$B7YVdu0JG/JOf2YAS8WsmQqHnZHf.b/:dookie2000ca:dookie@exploit-db.com
innrwrld:$P$BaJi4YkAt5o/paWUfDMdOOWuqHx/is/:innrwrld:innrwrld@exploit-db.com
ivan:$P$B/YVWEkaYIq3s2QLSmVB/wvXWYqoM80::centaur.mail@gmail.com
sinn3r:$P$BYzu/ozErhWi8hB8IPFdr6Tv2R9rat/:3r:sinn3r@exploit-db.com
loneferret:$P$Bgsl0.nlu4De51qkI8MDoeHDS6iLcM1:loneferret:loneferret@exploit-db.com
ronin:$P$BFw9OFuWa1s/t5DUJwKO6A0Otfkewo0::ronin@exploit-db.com
dijital1:$P$BirOcybWYDo/Z/wrJ5zBq2zaGElV.f/:dijital1:rlh@ciphermonk.net
emgent:$P$BYiha9WKXDzXQm8A8RXboRc7zZuus0.::emgent@backtrack-linux.org
j0fer:$P$Bgtsc7w.Vb6mCkJfJi7JkSO5zJUEBY.::j0fer@exploit-db.com
ReL1K:$P$B6DyRPNYrBuC.WRv5GrDnFg3wAQPo91::kennedyd013@gmail.com
Xpl0it:$P$BGBdVhFBaUM8s9ooGcmB01t.zoK.0V0::mr.xpl0it@gmail.com
fdiskyou:$P$BlgwWd3EmVg4SsfIxzOjqUQfGKfLZD0:fdiskyou:rui@exploit-db.com
rawjaw:$P$Bovffv59pNKpCOOvKlbGqFOmAh.HKb0::rawjaw@exploit-db.com
djokica:$P$BNeyg6NPYJWO9fzjfZs1okvMiM0vq51::centaur@pavko.info
xxDigiPxx:$P$B2eEGgTNsZnM4DFpIr4kNrKXv.ivyg/:xxdigipxx:xxtwistedpairxx@comcast.net
muts:$P$Bn.MAuG.OlZ1NtTxq0WWAUwhVEfusC.::muts@offensive-security.com
Ryujin:$P$BZ75UnhRqkJZj82bWfXbeD6dVxzXTG0::ryujin@offsec.com
didn0t:$P$BkGM.gSmmmuDlkJUKjCzy1LfUn9AnS.::paul@pizza.org
zelik:$P$BYjCAaqW0tcdNV3MZviRZoN./.HMKn0::tal.zeltzer@gmail.com
bitform:$P$BLk7y3.7JTn12lRYj25A/JXJ1W0SIA1::mattgraeber@gmail.com
bolexxx:$P$B1liji1bDZoOOwnVwV3Aa59Mqux0FC1::bolexxx@offsec.com
h00die:$P$Behl/g/GHQo5zxciUMgjPPzu7ZI8nO/::ragecyr@exploit-db.com
MaXe:$P$B6PKmgTlcm5L5kpysXfksmEmRfMy6U.::MaXe@intern0t.net
marked_doe:$P$By1rR96ByDsyil/yQa79qBE/A7nbOA1:marked_doe:marc@doudiet.net
code0wnz:$P$Bw1OuJHHzMtUBd8oSjmFoQYKtzjaC..:code0wnz:code0wnz@gmail.com
Dr_IDE:$P$BR.ReeHZDabreI8G0D5NARv8oY6SOP/::dr_ide@hushmail.com
Sud0:$P$BqovGmeqOSCzsHFso9q4goSZ4hkWbK1: :Sud0.x90@gmail.com
TecR0c:$P$BXoaJm6vL1VKJWz.K3m1M.XXVoXU9K/::tecr0c@corelan.be
kripthor:$P$BpUEGtZ3PvzfYotKDvvRA1AU9U4.iq1:kripthor:umbelino@crazydog.pt
ryp:$P$BwQ3FGe9q7spL3vkhxTyYMBkL4UGOQ.::adam@rypmarketing.com
fdisk:$P$Blv3X9wG6b/Yo3SDi22/nIJ34t2jGi/::ruifilipe.reis@gmail.com
root-boy:$P$BWq8dOxSe/HKG/kE3cXpGyAOgR6F.n1:root-boy:root-boy@exploit-db.com


Inj3ct0r said, "is not the end! expected to continue".
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.