Team Injector Hack Into Exploit-db Website !


================================
Data Extracted From Exploit-db's Server !
================================

$ uname -a
Linux www 2.6.32-25-server #45-Ubuntu SMP Sat Oct 16 20:06:58 UTC 2010 x86_64 GNU/Linux


$ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)


$ pwd
/var/www


$ ls -la
total 24180
drwxr-xr-x 18 www-data www-data 4096 Nov 26 10:16 .
drwxr-xr-x 19 root root 4096 Sep 24 09:26 ..
-rw-r--r-- 1 www-data www-data 1005 Nov 12 19:03 .htaccess
-rw-r--r-- 1 www-data www-data 764 Nov 5 17:32 .htaccess.save
-rw-r--r-- 1 www-data www-data 2820676 Nov 15 14:26 1920x1200_edb-wallpaper.png
drwxr-xr-x 4 www-data www-data 4096 Nov 11 07:43 92384723987239847239847234982734
-rw-r--r-- 1 www-data www-data 46149 Nov 11 17:04 apc123456.php
-rw-r--r-- 1 www-data www-data 10723590 Nov 28 06:52 archive.tar.bz2
-rw-r--r-- 1 www-data www-data 18851 Jul 9 14:42 disclosure.html
-rw-r--r-- 1 www-data www-data 11662 Nov 11 11:42 dorkorinos.txt
drwxr-xr-x 2 www-data www-data 4096 Jul 9 14:42 edbpartners
-rw-r--r-- 1 www-data www-data 1406 Jul 9 14:53 favicon.ico
-rw-r--r-- 1 www-data www-data 1921 Jul 9 14:42 feature.txt
-rw-r--r-- 1 www-data www-data 1923 Jul 11 16:01 feature1.txt
drwxr-xr-x 21 www-data www-data 4096 Nov 22 20:06 forums
drwxr-xr-x 2 www-data www-data 4096 Sep 23 06:41 funny404
-rw-r--r-- 1 www-data www-data 1119 Nov 22 07:45 gd_rss.php
-rw-r--r-- 1 www-data www-data 65 Aug 26 04:53 goaway.php
-rw-r--r-- 1 www-data www-data 53 Jul 9 14:42 googled6c4817aa45e0032.html
-rw-r--r-- 1 www-data www-data 5 Nov 11 07:24 hola.txt
-rw-r--r-- 1 www-data www-data 3154634 Nov 11 07:25 hola.xml
drwxr-xr-x 15 www-data www-data 4096 Nov 22 15:50 images
-rw-r--r-- 1 www-data www-data 397 Aug 26 04:53 index.php
drwxr-xr-x 2 www-data www-data 4096 Nov 4 12:20 leetdownloads
-rw-r--r-- 1 www-data www-data 311 Nov 12 18:40 maintenance.php
drwxr-xr-x 2 root root 4096 Nov 26 10:18 movies
-rw-r--r-- 1 www-data www-data 106 Aug 26 04:53 news.php
drwxr-xr-x 2 www-data www-data 4096 Nov 11 17:20 nginx-default
-rw-r--r-- 1 www-data www-data 220 Oct 30 17:00 pagerank.html
-rw-r--r-- 1 www-data www-data 761 Sep 6 06:12 rating.txt
-rw-r--r-- 1 www-data www-data 9122 Aug 18 05:32 readme.html
-rw-r--r-- 1 www-data www-data 47 Jul 9 14:53 robots_ssl.txt
-rw-r--r-- 1 www-data www-data 4007150 Dec 1 07:47 ror.xml
-rw-r--r-- 1 www-data www-data 2102 Sep 1 05:40 rss.php
drwxr-xr-x 2 www-data www-data 4096 Jul 9 14:42 scripts
-rw-r--r-- 1 www-data www-data 1056 Sep 3 18:05 search-mobile.php
-rw-r--r-- 1 www-data www-data 108 Aug 26 04:53 search.php
-rw-r--r-- 1 www-data www-data 3337393 Dec 1 07:47 sitemap.xml
-rw-r--r-- 1 www-data www-data 3462 Aug 19 11:37 sitemap.xsl
-rw-r--r-- 1 www-data www-data 30533 Nov 30 17:52 sitemap_blog.xml
-rw-r--r-- 1 www-data www-data 4229 Nov 30 17:52 sitemap_blog.xml.gz
drwxr-xr-x 3 www-data www-data 4096 Jul 9 14:42 slider
drwxr-xr-x 2 www-data www-data 20480 Dec 4 09:18 sploits
-rw-r--r-- 1 www-data www-data 9621 Nov 3 19:52 style.css
drwxr-xr-x 2 www-data www-data 4096 Sep 23 06:40 testme
-rw-r--r-- 1 www-data www-data 5699 Nov 4 07:22 tpl_search.php
-rw-r--r-- 1 www-data www-data 16 Nov 28 06:52 update-982374.txt
-rw-r--r-- 1 www-data www-data 50 Aug 26 04:53 updated.php
drwxr-xr-x 3 www-data www-data 4096 Aug 3 09:35 videos
-rw-r--r-- 1 www-data www-data 4391 Aug 26 04:53 wp-activate.php
drwxr-xr-x 8 www-data www-data 4096 Nov 11 17:59 wp-admin
-rw-r--r-- 1 www-data www-data 40284 Aug 26 04:53 wp-app.php
-rw-r--r-- 1 www-data www-data 220 Aug 26 04:53 wp-atom.php
-rw-r--r-- 1 www-data www-data 274 Aug 26 04:53 wp-blog-header.php
-rw-r--r-- 1 www-data www-data 3926 Aug 26 04:53 wp-comments-post.php
-rw-r--r-- 1 www-data www-data 238 Aug 26 04:53 wp-commentsrss2.php
-rw-r--r-- 1 www-data www-data 3173 Aug 26 04:53 wp-config-sample.php
-rw-r--r-- 1 www-data www-data 2832 Nov 11 17:59 wp-config.php
drwxr-xr-x 8 www-data www-data 4096 Dec 3 22:49 wp-content
-rw-r--r-- 1 www-data www-data 1255 Aug 26 04:53 wp-cron.php
-rw-r--r-- 1 www-data www-data 240 Aug 26 04:53 wp-feed.php
drwxr-xr-x 7 www-data www-data 4096 Sep 8 13:52 wp-includes
-rw-r--r-- 1 www-data www-data 2002 Aug 26 04:53 wp-links-opml.php
-rw-r--r-- 1 www-data www-data 2441 Aug 26 04:53 wp-load.php
-rw-r--r-- 1 www-data www-data 26160 Sep 3 21:48 wp-login.php
-rw-r--r-- 1 www-data www-data 7774 Aug 26 04:53 wp-mail.php
-rw-r--r-- 1 www-data www-data 487 Aug 26 04:53 wp-pass.php
-rw-r--r-- 1 www-data www-data 218 Aug 26 04:53 wp-rdf.php
-rw-r--r-- 1 www-data www-data 316 Aug 26 04:53 wp-register.php
-rw-r--r-- 1 www-data www-data 218 Aug 26 04:53 wp-rss.php
-rw-r--r-- 1 www-data www-data 220 Aug 26 04:53 wp-rss2.php
-rw-r--r-- 1 www-data www-data 9177 Sep 8 13:01 wp-settings.php
-rw-r--r-- 1 www-data www-data 18695 Aug 26 04:53 wp-signup.php
-rw-r--r-- 1 www-data www-data 3702 Aug 26 04:53 wp-trackback.php
-rw-r--r-- 1 www-data www-data 93955 Aug 26 04:53 xmlrpc-orig.php
-rw-r--r-- 1 www-data www-data 94184 Aug 26 04:53 xmlrpc.php




$ cat wp-config.php
<?php
/**
* The base configurations of the WordPress.
*
* This file has the following configurations: MySQL settings, Table Prefix,
* Secret Keys, WordPress Language, and ABSPATH. You can find more information by
* visiting {@link https://codex.wordpress.org/Editing_wp-config.php Editing
* wp-config.php} Codex page. You can get the MySQL settings from your web host.
*
* This file is used by the wp-config.php creation script during the
* installation. You don't have to use the web site, you can just copy this file
* to "wp-config.php" and fill in the values.
*
* @package WordPress
*/


// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
//define('DB_NAME', 'explot2');
define('WP_CACHE', true); //Added by WP-Cache Manager
define('DB_NAME', 'edb_new');


/** MySQL database username */
define('DB_USER', 'edbuser');


/** MySQL database password */
//define('DB_PASSWORD', 'admin123');
define('DB_PASSWORD', '2834729347928372342');
//define('DB_PASSWORD', 'f00b204e98009d22b68e54a');


/** MySQL hostname */
define('DB_HOST', 'localhost');
define('WP_MEMORY_LIMIT', '1024M');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');


/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
define('FORCE_SSL_LOGIN', true);


/**#@+
* Authentication Unique Keys.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-k
* You can change these at any point in time to invalidate all existing cookies. This will force all users
in again.
*
* @since 2.6.0
*/
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
/**#@-*/


/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each a unique
* prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';


/**
* WordPress Localized Language, defaults to English.
*
* Change this to localize WordPress. A corresponding MO file for the chosen
* language must be installed to wp-content/languages. For example, install
* de.mo to wp-content/languages and set WPLANG to 'de' to enable German
* language support.
*/
define ('WPLANG', '');


/* That's all, stop editing! Happy blogging. */


/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');


/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');


define('WP_DEBUG',true);
define('WP_MEMORY_LIMIT', '128M');


$ cd forums


$ ls -la
total 2344
drwxr-xr-x 21 www-data www-data 4096 Nov 22 20:06 .
drwxr-xr-x 18 www-data www-data 4096 Nov 26 10:16 ..
-rw-r--r-- 1 www-data www-data 1008 Nov 6 12:03 .htaccess
-rw-rw-r-- 1 www-data www-data 17862 Nov 22 20:01 LICENSE
drwxr-xr-x 3 www-data www-data 4096 Nov 22 20:04 admincp
drwxr-xr-x 3 www-data www-data 4096 Nov 22 20:04 admincp-23987239874298273987234
-rwxr-xr-x 1 www-data www-data 40193 Nov 22 20:01 ajax.php
-rwxr-xr-x 1 www-data www-data 75603 Nov 22 20:01 album.php
-rwxr-xr-x 1 www-data www-data 19119 Nov 22 20:01 announcement.php
drwxr-xr-x 2 www-data www-data 4096 Nov 6 11:22 archive
-rwxr-xr-x 1 www-data www-data 9040 Nov 22 20:01 asset.php
-rwxr-xr-x 1 www-data www-data 21161 Nov 22 20:01 assetmanage.php
-rwxr-xr-x 1 www-data www-data 15788 Nov 22 20:01 attachment.php
-rwxr-xr-x 1 www-data www-data 6935 Nov 22 20:01 attachment_inlinemod.php
-rwxr-xr-x 1 www-data www-data 3616 Nov 22 20:01 blog_attachment.php
-rwxr-xr-x 1 www-data www-data 96121 Nov 22 20:01 calendar.php
-rwxr-xr-x 1 www-data www-data 43 Nov 22 20:01 clear.gif
drwxr-xr-x 9 www-data www-data 4096 Nov 6 11:22 clientscript
-rwxr-xr-x 1 www-data www-data 15786 Nov 22 20:01 converse.php
drwxr-xr-x 7 www-data www-data 4096 Nov 6 11:22 cpstyles
-rwxr-xr-x 1 www-data www-data 3309 Nov 22 20:01 cron.php
-rwxr-xr-x 1 www-data www-data 6145 Nov 22 20:01 css.php
drwxr-xr-x 3 www-data www-data 4096 Nov 6 11:22 customavatars
drwxr-xr-x 3 www-data www-data 4096 Nov 6 11:22 customgroupicons
drwxr-xr-x 2 www-data www-data 4096 Nov 6 11:22 customprofilepics
-rwxr-xr-x 1 www-data www-data 1823 Nov 22 20:01 editor.php
-rwxr-xr-x 1 www-data www-data 47010 Nov 22 20:01 editpost.php
-rwxr-xr-x 1 www-data www-data 1427 Nov 22 20:01 entry.php
-rwxr-xr-x 1 www-data www-data 30084 Nov 22 20:01 external.php
-rwxr-xr-x 1 www-data www-data 9966 Nov 22 20:01 faq.php
-rwxr-xr-x 1 www-data www-data 10134 Nov 22 20:01 favicon.ico
-rwxr-xr-x 1 www-data www-data 23332 Nov 22 20:01 forum.php
-rwxr-xr-x 1 www-data www-data 42452 Nov 22 20:01 forumdisplay.php
-rwxr-xr-x 1 www-data www-data 2066 Nov 22 20:01 global.php
-rwxr-xr-x 1 www-data www-data 155838 Nov 22 20:01 group.php
-rwxr-xr-x 1 www-data www-data 26150 Nov 22 20:01 group_inlinemod.php
-rwxr-xr-x 1 www-data www-data 11883 Nov 22 20:01 groupsubscription.php
-rwxr-xr-x 1 www-data www-data 9039 Nov 22 20:01 image.php
drwxr-xr-x 24 www-data www-data 4096 Nov 6 13:16 images
drwxr-xr-x 8 www-data www-data 12288 Nov 6 14:29 includes
-rwxr-xr-x 1 www-data www-data 2396 Nov 22 20:01 index.php
-rwxr-xr-x 1 www-data www-data 47021 Nov 22 20:01 infraction.php
-rwxr-xr-x 1 www-data www-data 187803 Nov 22 20:01 inlinemod.php
-rwxr-xr-x 1 www-data www-data 11440 Nov 22 20:01 joinrequests.php
-rwxr-xr-x 1 www-data www-data 1757 Nov 22 20:01 list.php
-rwxr-xr-x 1 www-data www-data 10947 Nov 22 20:01 login.php
-rwxr-xr-x 1 www-data www-data 30244 Nov 22 20:01 member.php
-rwxr-xr-x 1 www-data www-data 16392 Nov 22 20:01 member_inlinemod.php
-rwxr-xr-x 1 www-data www-data 40345 Nov 22 20:01 memberlist.php
-rwxr-xr-x 1 www-data www-data 22264 Nov 22 20:01 misc.php
drwxr-xr-x 2 www-data www-data 4096 Nov 22 20:01 modcp
drwxr-xr-x 2 www-data www-data 4096 Nov 6 11:55 modcp-23987239874298273987234
-rwxr-xr-x 1 www-data www-data 76827 Nov 22 20:01 moderation.php
-rwxr-xr-x 1 www-data www-data 6779 Nov 22 20:01 moderator.php
-rwxr-xr-x 1 www-data www-data 17552 Nov 22 20:01 newattachment.php
-rwxr-xr-x 1 www-data www-data 41079 Nov 22 20:01 newreply.php
-rwxr-xr-x 1 www-data www-data 20185 Nov 22 20:01 newthread.php
-rwxr-xr-x 1 www-data www-data 21802 Nov 22 20:01 online.php
drwxr-xr-x 5 www-data www-data 4096 Nov 6 11:22 packages
-rwxr-xr-x 1 www-data www-data 8096 Nov 22 20:01 payment_gateway.php
-rwxr-xr-x 1 www-data www-data 13360 Nov 22 20:01 payments.php
-rwxr-xr-x 1 www-data www-data 4156 Nov 22 20:01 picture.php
-rwxr-xr-x 1 www-data www-data 16665 Nov 22 20:01 picture_inlinemod.php
-rwxr-xr-x 1 www-data www-data 26169 Nov 22 20:01 picturecomment.php
-rwxr-xr-x 1 www-data www-data 29338 Nov 22 20:01 poll.php
-rwxr-xr-x 1 www-data www-data 10414 Nov 22 20:01 posthistory.php
-rwxr-xr-x 1 www-data www-data 76585 Nov 22 20:01 postings.php
-rwxr-xr-x 1 www-data www-data 7087 Nov 22 20:01 printthread.php
-rwxr-xr-x 1 www-data www-data 79435 Nov 22 20:01 private.php
-rwxr-xr-x 1 www-data www-data 163695 Nov 22 20:01 profile.php
-rwxr-xr-x 1 www-data www-data 56363 Nov 22 20:01 register.php
-rwxr-xr-x 1 www-data www-data 7294 Nov 22 20:01 report.php
-rwxr-xr-x 1 www-data www-data 14765 Nov 22 20:01 reputation.php
-rwxr-xr-x 1 www-data www-data 35793 Nov 22 20:01 search.php
-rwxr-xr-x 1 www-data www-data 22710 Nov 22 20:01 sendmessage.php
-rwxr-xr-x 1 www-data www-data 12485 Nov 22 20:01 showgroups.php
-rwxr-xr-x 1 www-data www-data 12738 Nov 22 20:01 showpost.php
-rwxr-xr-x 1 www-data www-data 80115 Nov 22 20:01 showthread.php
drwxr-xr-x 2 www-data www-data 4096 Nov 6 11:22 signaturepics
drwxr-xr-x 2 www-data www-data 4096 Nov 6 11:22 store_sitemap
-rwxr-xr-x 1 www-data www-data 38862 Nov 22 20:01 subscription.php
-rwxr-xr-x 1 www-data www-data 5399 Nov 22 20:01 tags.php
-rwxr-xr-x 1 www-data www-data 8800 Nov 22 20:01 threadrate.php
-rwxr-xr-x 1 www-data www-data 11146 Nov 22 20:01 threadtag.php
-rwxr-xr-x 1 www-data www-data 61 Nov 22 20:01 uploadprogress.gif
-rwxr-xr-x 1 www-data www-data 39717 Nov 22 20:01 usercp.php
-rwxr-xr-x 1 www-data www-data 21034 Nov 22 20:01 usernote.php
drwxr-xr-x 13 www-data www-data 4096 Nov 6 11:22 vb
drwxr-xr-x 8 www-data www-data 4096 Nov 6 12:23 vboptimise
-rw-r--r-- 1 www-data www-data 2324 Nov 6 12:23 vboptimise.php
drwxr-xr-x 4 www-data www-data 4096 Nov 6 11:55 vbseo
-rw-r--r-- 1 www-data www-data 45286 Nov 6 11:55 vbseo.php
drwxr-xr-x 4 www-data www-data 4096 Nov 6 14:29 vbseo_sitemap
-rw-r--r-- 1 www-data www-data 4335 Nov 6 11:55 vbseocp.php
-rwxr-xr-x 1 www-data www-data 27879 Nov 22 20:01 visitormessage.php
-rwxr-xr-x 1 www-data www-data 1761 Nov 22 20:01 widget.php
-rwxr-xr-x 1 www-data www-data 3952 Nov 22 20:01 xmlsitemap.php


$ cat includes/config.php
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 4.0.8
|| # ---------------------------------------------------------------- # ||
|| # All PHP code in this file is i??2000-2010 vBulletin Solutions Inc. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # https://www.vbulletin.com | https://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/


/*-------------------------------------------------------*\
| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |
+---------------------------------------------------------+
| If you get any errors while attempting to connect to |
| MySQL, you will need to email your webhost because we |
| cannot tell you the correct values for the variables |
| in this file. |
\*-------------------------------------------------------*/


// ****** DATABASE TYPE ******
// This is the type of the database server on which your vBulletin database will be located.
// Valid options are mysql and mysqli, for slave support add _slave. Try to use mysqli if you are using PHP
5 and MySQL 4.1+
// for slave options just append _slave to your preferred database type.
$config['Database']['dbtype'] = 'mysql';


// ****** DATABASE NAME ******
// This is the name of the database where your vBulletin will be located.
// This must be created by your webhost.
$config['Database']['dbname'] = 'edbforum';


// ****** TABLE PREFIX ******
// Prefix that your vBulletin tables have in the database.
$config['Database']['tableprefix'] = '';


// ****** TECHNICAL EMAIL ADDRESS ******
// If any database errors occur, they will be emailed to the address specified here.
// Leave this blank to not send any emails when there is a database error.
$config['Database']['technicalemail'] = 'dbmaster@example.com';


// ****** FORCE EMPTY SQL MODE ******
// New versions of MySQL (4.1+) have introduced some behaviors that are
// incompatible with vBulletin. Setting this value to "true" disables those
// behaviors. You only need to modify this value if vBulletin recommends it.
$config['Database']['force_sql_mode'] = false;






// ****** MASTER DATABASE SERVER NAME AND PORT ******
// This is the hostname or IP address and port of the database server.
// If you are unsure of what to put here, leave the default values.
//
// Note: If you are using IIS 7+ and MySQL is on the same machine, you
// need to use 127.0.0.1 instead of localhost
$config['MasterServer']['servername'] = 'localhost';
$config['MasterServer']['port'] = 3306;


// ****** MASTER DATABASE USERNAME & PASSWORD ******
// This is the username and password you use to access MySQL.
// These must be obtained through your webhost.
$config['MasterServer']['username'] = 'forums';
$config['MasterServer']['password'] = '2834725234523472342';


// ****** MASTER DATABASE PERSISTENT CONNECTIONS ******
// This option allows you to turn persistent connections to MySQL on or off.
// The difference in performance is negligible for all but the largest boards.
// If you are unsure what this should be, leave it off. (0 = off; 1 = on)
$config['MasterServer']['usepconnect'] = 0;






// ****** SLAVE DATABASE CONFIGURATION ******
// If you have multiple database backends, this is the information for your slave
// server. If you are not 100% sure you need to fill in this information,
// do not change any of the values here.
$config['SlaveServer']['servername'] = '';
$config['SlaveServer']['port'] = 3306;
$config['SlaveServer']['username'] = '';
$config['SlaveServer']['password'] = '';
$config['SlaveServer']['usepconnect'] = 0;






// ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
// This setting allows you to change the name of the folders that the admin and
// moderator control panels reside in. You may wish to do this for security purposes.
// Please note that if you change the name of the directory here, you will still need
// to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'admincp-23987239874298273987234';
$config['Misc']['modcpdir'] = 'modcp-23987239874298273987234';


// Prefix that all vBulletin cookies will have
// Keep this short and only use numbers and letters, i.e. 1-9 and a-Z
$config['Misc']['cookieprefix'] = 'bb';


// ******** FULL PATH TO FORUMS DIRECTORY ******
// On a few systems it may be necessary to input the full path to your forums directory
// for vBulletin to function normally. You can ignore this setting unless vBulletin
// tells you to fill this in. Do not include a trailing slash!
// Example Unix:
// $config['Misc']['forumpath'] = '/home/users/public_html/forums';
// Example Win32:
// $config['Misc']['forumpath'] = 'c:\program files\apache group\apache\htdocs\vb3';
$config['Misc']['forumpath'] = '';






// ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
// The users specified here will be allowed to view the admin log in the control panel.
// Users must be specified by *ID number* here. To obtain a user's ID number,
// view their profile via the control panel. If this is a new installation, leave
// the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1';


// ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
// The users specified here will be allowed to remove ("prune") entries from the admin
// log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1';


// ****** USERS WITH QUERY RUNNING PERMISSIONS ******
// The users specified here will be allowed to run queries from the control panel.
// See the above entries for more information on the format.
// Please note that the ability to run queries is quite powerful. You may wish
// to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '';


// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '';


// ****** SUPER ADMINISTRATORS ******
// The users specified below will have permission to access the administrator permissions
// page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1';


// ****** DATASTORE CACHE CONFIGURATION *****
// Here you can configure different methods for caching datastore items.
// vB_Datastore_Filecache - to use includes/datastore/datastore_cache.php
// vB_Datastore_APC - to use APC
// vB_Datastore_XCache - to use XCache
// vB_Datastore_Memcached - to use a Memcache server, more configuration below
// $config['Datastore']['class'] = 'vB_Datastore_Filecache';


// ******** DATASTORE PREFIX ******
// If you are using a PHP Caching system (APC, XCache, eAccelerator) with more
// than one set of forums installed on your host, you *may* need to use a prefix
// so that they do not try to use the same variable within the cache.
// This works in a similar manner to the database table prefix.
// $config['Datastore']['prefix'] = '';


// It is also necessary to specify the hostname or IP address and the port the server is listening on
/*
$config['Datastore']['class'] = 'vB_Datastore_Memcached';
$i = 0;
// First Server
$i++;
$config['Misc']['memcacheserver'][$i] = '127.0.0.1';
$config['Misc']['memcacheport'][$i] = 11211;
$config['Misc']['memcachepersistent'][$i] = true;
$config['Misc']['memcacheweight'][$i] = 1;
$config['Misc']['memcachetimeout'][$i] = 1;
$config['Misc']['memcacheretry_interval'][$i] = 15;
*/


// ****** The following options are only needed in special cases ******


// ****** MySQLI OPTIONS *****
// When using MySQL 4.1+, MySQLi should be used to connect to the database.
// If you need to set the default connection charset because your database
// is using a charset other than latin1, you can set the charset here.
// If you don't set the charset to be the same as your database, you
// may receive collation errors. Ignore this setting unless you
// are sure you need to use it.
// $config['Mysqli']['charset'] = 'utf8';


// Optionally, PHP can be instructed to set connection parameters by reading from the
// file named in 'ini_file'. Please use a full path to the file.
// Example:
// $config['Mysqli']['ini_file'] = 'c:\program files\MySQL\MySQL Server 4.1\my.ini';
$config['Mysqli']['ini_file'] = '';


// Image Processing Options
// Images that exceed either dimension below will not be resized by vBulletin. If you need to resize larger image
s, alter these settings.
$config['Misc']['maxwidth'] = 2592;
$config['Misc']['maxheight'] = 1944;


/*======================================================================*\
|| ####################################################################
|| # Downloaded: 10:22, Sat Nov 6th 2010
|| # CVS: $RCSfile$ - $Revision: 39199 $
|| ####################################################################
\*======================================================================*/


$ cd /


$ ls -la
total 112
drwxr-xr-x 26 root root 4096 Nov 30 06:53 .
drwxr-xr-x 26 root root 4096 Nov 30 06:53 ..
drw------- 2 root root 4096 Dec 4 03:45 backup
drw------- 2 root root 4096 Sep 1 07:38 backup-fix
drwxr-xr-x 2 root root 4096 Oct 11 09:00 bin
drwxr-xr-x 3 root root 4096 Nov 30 06:53 boot
drwxr-xr-x 3 root root 4096 Nov 11 16:56 build
drwxr-xr-x 2 root root 4096 Jul 9 05:29 cdrom
drwxr-xr-x 14 root root 3800 Nov 30 06:53 dev
drwxr-xr-x 91 root root 4096 Dec 2 06:34 etc
drwxr-xr-x 3 root root 4096 Aug 3 11:48 home
lrwxrwxrwx 1 root root 32 Nov 30 06:53 initrd.img -> boot/initrd.img-2.6.32-26-server
lrwxrwxrwx 1 root root 32 Oct 4 16:30 initrd.img.old -> boot/initrd.img-2.6.32-25-server
drwxr-xr-x 13 root root 12288 Nov 18 06:54 lib
lrwxrwxrwx 1 root root 4 Jul 9 05:28 lib64 -> /lib
drwx------ 2 root root 16384 Jul 9 05:28 lost+found
drwxr-xr-x 2 root root 4096 Jul 9 15:17 maint
drwxr-xr-x 3 root root 4096 Jul 9 05:28 media
drwxr-xr-x 4 root root 4096 Jul 9 20:03 mnt
drwxr-xr-x 3 root root 4096 Oct 7 16:53 opt
dr-xr-xr-x 227 root root 0 Nov 11 10:45 proc
drwx------ 9 root root 4096 Nov 25 09:08 root
drwxr-xr-x 2 root root 4096 Oct 29 19:00 sbin
drwxr-xr-x 2 root root 4096 Dec 5 2009 selinux
drwxr-xr-x 2 root root 4096 Jul 9 05:28 srv
drwxr-xr-x 13 root root 0 Nov 11 10:45 sys
drwxrwxrwt 3 root root 4096 Dec 4 14:59 tmp
drwxr-xr-x 10 root root 4096 Jul 9 05:28 usr
drwxr-xr-x 19 root root 4096 Sep 24 09:26 var
lrwxrwxrwx 1 root root 29 Nov 30 06:53 vmlinuz -> boot/vmlinuz-2.6.32-26-server
lrwxrwxrwx 1 root root 29 Oct 4 16:30 vmlinuz.old -> boot/vmlinuz-2.6.32-25-server


$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
landscape:x:103:108::/var/lib/landscape:/bin/false
mysql:x:104:112:MySQL Server,,,:/var/lib/mysql:/bin/false
smmta:x:105:114:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:115:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
emgent:x:1003:1002:,,,:/home/emgent:/bin/bash
ossec:x:1004:1003::/var/ossec:/bin/false
ossecm:x:1005:1003::/var/ossec:/bin/false
ossecr:x:1006:1003::/var/ossec:/bin/false


$ cat /etc/issue
Ubuntu 10.04.1 LTS \n \l




$ cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details


# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes


# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768


# Logging
SyslogFacility AUTH
LogLevel INFO


# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes


RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys


# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes


# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no


# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no


# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes


# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes


# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes


X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no


#MaxStartups 10:30:60
#Banner /etc/issue.net


# Allow client to pass locale environment variables
AcceptEnv LANG LC_*


Subsystem sftp /usr/lib/openssh/sftp-server


# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes


$ cd /home


$ ls -la
total 12
drwxr-xr-x 3 root root 4096 Aug 3 11:48 .
drwxr-xr-x 26 root root 4096 Nov 30 06:53 ..
drwxr-xr-x 7 emgent emgent 4096 Aug 7 07:45 emgent


$ cd emgent


$ ls -la
total 48
drwxr-xr-x 7 emgent emgent 4096 Aug 7 07:45 .
drwxr-xr-x 3 root root 4096 Aug 3 11:48 ..
-rw------- 1 emgent emgent 259 Oct 18 11:39 .bash_history
-rw-r--r-- 1 emgent emgent 220 Aug 3 11:48 .bash_logout
-rw-r--r-- 1 emgent emgent 3103 Aug 3 11:48 .bashrc
drwx------ 2 emgent emgent 4096 Aug 3 11:49 .cache
drwx------ 2 emgent emgent 4096 Aug 3 11:49 .irssi
-rw------- 1 emgent emgent 9 Aug 3 11:50 .nano_history
-rw-r--r-- 1 emgent emgent 675 Aug 3 11:48 .profile
drwxr-xr-x 2 emgent emgent 4096 Aug 3 11:49 .ssh
drwxr-xr-x 3 emgent emgent 4096 Aug 7 07:45 .subversion
drwxr-xr-x 4 emgent emgent 4096 Aug 7 07:46 exploitdb






$ cd .ssh


$ ls
authorized_keys
cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAntXlep19oECqVocmK6UIhsxI5yGQSPUVYWOZXWO7Q0wP9vF5FfHmE4yCmKt+MleWcPWkkbI6IXBt9TNtw7m6usPx2IEbpEVr8sl7pT8hiW8tKNew74gEEgE53AGLhWr/+vViL+5K4SKCt591oABDtWA6KIEOuyx9/jqLLwBTQP0UyrqIJpR9VhQ2GQ6tN6Y+LV4tvpqy8ehevsIqdj+HvdsvVU2sREJsSH5xAncaRJQ1sfQepyeAwi7yZ1fBT4U4/LlukkBLIqjXk2D6jPZG870R4KCEI280rBJ9DX4fPX9qvYUwOm/OtWwxC7kivuCnNM1v2wBRUVCBmSUimqWnpQ== emgent@enJoy


$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 23680 1244 ? Ss Nov11 0:07 /sbin/init
root 2 0.0 0.0 0 0 ? S Nov11 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S Nov11 0:01 [migration/0]
root 4 0.0 0.0 0 0 ? S Nov11 0:12 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/0]
root 6 0.0 0.0 0 0 ? S Nov11 0:02 [migration/1]
root 7 0.0 0.0 0 0 ? S Nov11 0:04 [ksoftirqd/1]
root 8 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/1]
root 9 0.0 0.0 0 0 ? S Nov11 0:02 [migration/2]
root 10 0.0 0.0 0 0 ? S Nov11 0:02 [ksoftirqd/2]
root 11 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/2]
root 12 0.0 0.0 0 0 ? S Nov11 0:01 [migration/3]
root 13 0.0 0.0 0 0 ? S Nov11 0:05 [ksoftirqd/3]
root 14 0.0 0.0 0 0 ? S Nov11 0:00 [watchdog/3]
root 15 0.0 0.0 0 0 ? S Nov11 0:32 [events/0]
root 16 0.0 0.0 0 0 ? S Nov11 13:44 [events/1]
root 17 0.0 0.0 0 0 ? S Nov11 0:17 [events/2]
root 18 0.0 0.0 0 0 ? S Nov11 0:18 [events/3]
root 19 0.0 0.0 0 0 ? S Nov11 0:00 [cpuset]
root 20 0.0 0.0 0 0 ? S Nov11 0:00 [khelper]
root 21 0.0 0.0 0 0 ? S Nov11 0:00 [netns]
root 22 0.0 0.0 0 0 ? S Nov11 0:00 [async/mgr]
root 23 0.0 0.0 0 0 ? S Nov11 0:00 [pm]
root 25 0.0 0.0 0 0 ? S Nov11 0:02 [sync_supers]
root 26 0.0 0.0 0 0 ? S Nov11 0:04 [bdi-default]
root 27 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/0]
root 28 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/1]
root 29 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/2]
root 30 0.0 0.0 0 0 ? S Nov11 0:00 [kintegrityd/3]
root 31 0.0 0.0 0 0 ? S Nov11 11:09 [kblockd/0]
root 32 0.0 0.0 0 0 ? S Nov11 2:17 [kblockd/1]
root 33 0.0 0.0 0 0 ? S Nov11 1:33 [kblockd/2]
root 34 0.0 0.0 0 0 ? S Nov11 1:14 [kblockd/3]
root 35 0.0 0.0 0 0 ? S Nov11 0:00 [kacpid]
root 36 0.0 0.0 0 0 ? S Nov11 0:00 [kacpi_notify]
root 37 0.0 0.0 0 0 ? S Nov11 0:00 [kacpi_hotplug]
root 38 0.0 0.0 0 0 ? S Nov11 0:00 [ata/0]
root 39 0.0 0.0 0 0 ? S Nov11 0:00 [ata/1]
root 40 0.0 0.0 0 0 ? S Nov11 0:00 [ata/2]
root 41 0.0 0.0 0 0 ? S Nov11 0:00 [ata/3]
root 42 0.0 0.0 0 0 ? S Nov11 0:00 [ata_aux]
root 43 0.0 0.0 0 0 ? S Nov11 0:00 [ksuspend_usbd]
root 44 0.0 0.0 0 0 ? S Nov11 0:00 [khubd]
root 45 0.0 0.0 0 0 ? S Nov11 0:00 [kseriod]
root 46 0.0 0.0 0 0 ? S Nov11 0:00 [kmmcd]
root 51 0.0 0.0 0 0 ? S Nov11 0:00 [khungtaskd]
root 52 0.0 0.0 0 0 ? S Nov11 0:30 [kswapd0]
root 53 0.0 0.0 0 0 ? SN Nov11 0:00 [ksmd]
root 54 0.0 0.0 0 0 ? S Nov11 0:00 [aio/0]
root 55 0.0 0.0 0 0 ? S Nov11 0:00 [aio/1]
root 56 0.0 0.0 0 0 ? S Nov11 0:00 [aio/2]
root 57 0.0 0.0 0 0 ? S Nov11 0:00 [aio/3]
root 58 0.0 0.0 0 0 ? S Nov11 0:00 [ecryptfs-kthrea]
root 59 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/0]
root 60 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/1]
root 61 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/2]
root 62 0.0 0.0 0 0 ? S Nov11 0:00 [crypto/3]
root 65 0.0 0.0 0 0 ? S Nov11 0:00 [pciehpd]
root 66 0.0 0.0 0 0 ? S Nov11 0:00 [scsi_eh_0]
root 67 0.0 0.0 0 0 ? S Nov11 0:00 [scsi_eh_1]
root 69 0.0 0.0 0 0 ? S Nov11 0:00 [kstriped]
root 70 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/0]
root 71 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/1]
root 72 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/2]
root 73 0.0 0.0 0 0 ? S Nov11 0:00 [kmpathd/3]
root 74 0.0 0.0 0 0 ? S Nov11 0:00 [kmpath_handlerd]
root 75 0.0 0.0 0 0 ? S Nov11 0:00 [ksnapd]
root 76 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/0]
root 77 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/1]
root 78 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/2]
root 79 0.0 0.0 0 0 ? S Nov11 0:00 [kondemand/3]
root 80 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/0]
root 81 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/1]
root 82 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/2]
root 83 0.0 0.0 0 0 ? S Nov11 0:00 [kconservative/3]
root 191 0.0 0.0 0 0 ? S Nov11 1:03 [mpt_poll_0]
root 192 0.0 0.0 0 0 ? S Nov11 0:00 [mpt/0]
root 268 0.0 0.0 0 0 ? S Nov11 0:00 [scsi_eh_2]
root 285 0.3 0.0 0 0 ? S Nov11 125:09 [jbd2/sda1-8]
root 286 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit]
root 287 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit]
root 288 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit]
root 289 0.0 0.0 0 0 ? S Nov11 0:00 [ext4-dio-unwrit]
root 322 0.3 0.0 0 0 ? S Nov11 115:40 [flush-8:0]
root 347 0.0 0.0 16904 640 ? S Nov11 0:00 upstart-udev-bridge --daemon
root 363 0.0 0.0 16920 416 ? S<s Nov11 0:00 udevd --daemon
root 582 0.0 0.0 0 0 ? S Nov11 0:00 [kpsmoused]
syslog 714 0.0 0.0 191492 1148 ? Sl Nov11 3:22 rsyslogd -c4
root 732 0.0 0.0 49260 528 ? Ss Nov11 0:01 /usr/sbin/sshd
root 773 0.0 0.0 6080 284 tty4 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty4
root 777 0.0 0.0 6080 284 tty5 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty5
root 787 0.0 0.0 6080 284 tty2 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty2
root 788 0.0 0.0 6080 284 tty3 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty3
root 792 0.0 0.0 6080 284 tty6 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty6
root 806 0.0 0.0 21076 428 ? Ss Nov11 0:07 cron
daemon 807 0.0 0.0 18884 348 ? Ss Nov11 0:00 atd
root 817 0.0 0.0 11284 428 ? Ss Nov11 1:53 /usr/sbin/irqbalance
root 950 0.0 0.0 84384 848 ? Ss Nov11 1:24 sendmail: MTA: accepting connections
root 1318 0.0 0.0 53108 4076 ? Sl Nov11 7:28 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock
root 1354 0.0 0.0 97040 408 ? Ss Nov11 0:07 /usr/bin/svnserve -d -r /var/svn/
root 1357 0.0 0.0 6080 284 tty1 Ss+ Nov11 0:00 /sbin/getty -8 38400 tty1
root 3467 0.0 0.0 0 0 ? S Nov30 0:00 [xfs_mru_cache]
root 3468 0.0 0.0 0 0 ? S Nov30 0:00 [xfslogd/0]
root 3469 0.0 0.0 0 0 ? S Nov30 0:00 [xfslogd/1]
root 3470 0.0 0.0 0 0 ? S Nov30 0:00 [xfslogd/2]
root 3471 0.0 0.0 0 0 ? S Nov30 0:00 [xfslogd/3]
root 3472 0.0 0.0 0 0 ? S Nov30 0:00 [xfsdatad/0]
root 3473 0.0 0.0 0 0 ? S Nov30 0:00 [xfsdatad/1]
root 3474 0.0 0.0 0 0 ? S Nov30 0:00 [xfsdatad/2]
root 3475 0.0 0.0 0 0 ? S Nov30 0:00 [xfsdatad/3]
root 3476 0.0 0.0 0 0 ? S Nov30 0:00 [xfsconvertd/0]
root 3477 0.0 0.0 0 0 ? S Nov30 0:00 [xfsconvertd/1]
root 3478 0.0 0.0 0 0 ? S Nov30 0:00 [xfsconvertd/2]
root 3479 0.0 0.0 0 0 ? S Nov30 0:00 [xfsconvertd/3]
root 3489 0.0 0.0 16980 372 ? S< Nov30 0:00 udevd --daemon
root 3490 0.0 0.0 16980 376 ? S< Nov30 0:00 udevd --daemon
root 3491 0.0 0.0 0 0 ? S Nov30 0:00 [jfsIO]
root 3492 0.0 0.0 0 0 ? S Nov30 0:00 [jfsCommit]
root 3493 0.0 0.0 0 0 ? S Nov30 0:00 [jfsCommit]
root 3494 0.0 0.0 0 0 ? S Nov30 0:00 [jfsCommit]
root 3495 0.0 0.0 0 0 ? S Nov30 0:00 [jfsCommit]
root 3496 0.0 0.0 0 0 ? S Nov30 0:00 [jfsSync]
root 4114 0.0 0.0 107552 1928 ? S Nov23 0:00 /usr/bin/svnserve -d -r /var/svn/
root 7702 0.0 0.0 107420 1960 ? S 13:31 0:00 /usr/bin/svnserve -d -r /var/svn/
root 8080 0.1 0.1 346236 11548 ? Ss Nov26 18:14 /usr/sbin/apache2 -k start
root 9853 0.0 0.0 9756 384 ? Ss Nov11 1:04 tail -f /var/log/apache2/jesys.log
www-data 10874 0.0 0.6 354384 38764 ? S 14:15 0:00 /usr/sbin/apache2 -k start
www-data 10909 0.0 0.0 25632 2876 ? S 14:15 0:00 dhcpcd
www-data 10910 0.0 0.0 4096 656 ? S 14:15 0:00 /bin/sh
www-data 13491 0.1 0.6 356496 39580 ? S 14:54 0:01 /usr/sbin/apache2 -k start
root 13493 0.1 0.1 116628 11268 ? S 14:54 0:00 /usr/bin/svnserve -d -r /var/svn/
www-data 13510 0.0 0.0 4040 524 ? S 14:55 0:00 cat www.tar.gz
root 13561 0.0 0.0 107420 1940 ? S Nov30 0:00 /usr/bin/svnserve -d -r /var/svn/
www-data 13681 0.1 0.5 354240 32356 ? S 14:57 0:00 /usr/sbin/apache2 -k start
www-data 13884 0.1 0.5 354792 33064 ? S 14:59 0:00 /usr/sbin/apache2 -k start
www-data 13889 0.2 0.5 353632 31568 ? S 14:59 0:01 /usr/sbin/apache2 -k start
www-data 13960 0.0 0.6 354384 38812 ? S 15:01 0:00 /usr/sbin/apache2 -k start
www-data 13976 0.2 0.5 355192 32200 ? S 15:01 0:00 /usr/sbin/apache2 -k start
www-data 14022 0.0 0.0 25632 2876 ? S 15:02 0:00 dhcpcd
www-data 14023 0.0 0.0 4096 628 ? S 15:02 0:00 /bin/sh
www-data 14026 0.2 0.5 353888 33228 ? S 15:02 0:00 /usr/sbin/apache2 -k start
www-data 14027 0.1 0.5 356512 32860 ? S 15:02 0:00 /usr/sbin/apache2 -k start
www-data 14062 0.2 0.5 353548 32144 ? S 15:03 0:00 /usr/sbin/apache2 -k start
www-data 14063 0.1 0.5 353644 30840 ? S 15:03 0:00 /usr/sbin/apache2 -k start
www-data 14152 0.2 0.5 353376 31236 ? S 15:04 0:00 /usr/sbin/apache2 -k start
www-data 14154 0.3 0.5 352856 31284 ? S 15:04 0:00 /usr/sbin/apache2 -k start
www-data 14159 0.1 0.5 353888 30852 ? S 15:04 0:00 /usr/sbin/apache2 -k start
www-data 14160 0.2 0.5 355332 31280 ? S 15:04 0:00 /usr/sbin/apache2 -k start
www-data 14163 0.1 0.5 354204 31520 ? S 15:04 0:00 /usr/sbin/apache2 -k start
www-data 14183 0.1 0.4 353804 30404 ? S 15:05 0:00 /usr/sbin/apache2 -k start
www-data 14185 0.2 0.4 352724 30460 ? S 15:05 0:00 /usr/sbin/apache2 -k start
www-data 14188 0.2 0.5 353544 32600 ? S 15:05 0:00 /usr/sbin/apache2 -k start
www-data 14194 0.1 0.4 353880 30564 ? S 15:05 0:00 /usr/sbin/apache2 -k start
www-data 14201 0.1 0.5 353500 31264 ? S 15:05 0:00 /usr/sbin/apache2 -k start
www-data 14204 0.2 0.5 354516 32044 ? S 15:05 0:00 /usr/sbin/apache2 -k start
www-data 14205 0.1 0.4 353360 29148 ? S 15:05 0:00 /usr/sbin/apache2 -k start
ossecm 14276 0.0 0.0 16844 644 ? S Dec02 0:01 /var/ossec/bin/ossec-maild
root 14286 0.0 0.0 12496 576 ? S Dec02 0:03 /var/ossec/bin/ossec-execd
ossec 14291 0.0 0.0 14924 3052 ? S Dec02 0:43 /var/ossec/bin/ossec-analysisd
root 14295 0.0 0.0 4236 584 ? S Dec02 0:22 /var/ossec/bin/ossec-logcollector
www-data 14315 0.0 0.4 352972 29480 ? S 15:05 0:00 /usr/sbin/apache2 -k start
www-data 14316 0.2 0.5 353360 31168 ? S 15:05 0:00 /usr/sbin/apache2 -k start
www-data 14317 0.1 0.5 354404 30832 ? S 15:05 0:00 /usr/sbin/apache2 -k start
www-data 14345 0.2 0.4 352592 30052 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14346 0.1 0.4 354008 30416 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14348 0.1 0.4 352356 29156 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14350 0.0 0.1 347492 10892 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14351 0.1 0.4 353272 30452 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14352 0.3 0.5 354176 31516 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14355 0.3 0.4 352328 29492 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14356 0.2 0.5 354200 31508 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14357 0.0 0.4 352584 28180 ? S 15:07 0:00 /usr/sbin/apache2 -k start
root 14361 0.0 0.0 4996 1664 ? S Dec02 0:34 /var/ossec/bin/ossec-syscheckd
ossec 14365 0.0 0.0 12764 844 ? S Dec02 0:00 /var/ossec/bin/ossec-monitord
www-data 14366 0.2 0.4 352348 29836 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14367 0.1 0.4 353492 30468 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14369 0.1 0.4 353424 30616 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14370 0.1 0.5 356216 31440 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14371 0.2 0.5 353996 31636 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14372 0.1 0.4 352356 28228 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14377 0.0 0.1 347236 10808 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14378 0.2 0.4 352612 29308 ? S 15:07 0:00 /usr/sbin/apache2 -k start
root 14386 0.0 0.0 0 0 ? Z 15:07 0:00 [host-deny.sh] <defunct>
root 14387 0.0 0.0 0 0 ? Z 15:07 0:00 [firewall-drop.s] <defunct>
www-data 14407 0.4 0.5 354384 32672 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14408 0.1 0.4 352604 29276 ? S 15:07 0:00 /usr/sbin/apache2 -k start
www-data 14412 0.3 0.5 354716 32420 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14413 0.4 0.4 352592 29272 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14414 0.2 0.4 352600 28200 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14415 0.3 0.4 352724 29088 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14416 0.2 0.4 353776 29452 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14417 0.2 0.4 353136 28616 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14418 0.3 0.4 353520 29500 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14419 0.7 0.0 0 0 ? Z 15:08 0:00 [apache2] <defunct>
www-data 14420 0.5 0.5 353976 31084 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14421 0.3 0.4 353252 29180 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14422 0.0 0.1 346724 8076 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14423 0.6 0.5 354352 31720 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14424 0.4 0.4 353808 29848 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14425 0.3 0.4 352584 28252 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14426 0.1 0.1 346748 10564 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14427 0.6 0.4 352976 28944 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14428 0.0 0.1 346724 8204 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14429 0.0 0.1 346724 8196 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14430 0.7 0.4 352976 29032 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14431 0.9 0.4 353668 30120 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14432 0.9 0.4 353368 29668 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14433 0.8 0.4 352976 28836 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14435 1.3 0.4 352716 29364 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14436 1.8 0.4 353736 30320 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14437 0.1 0.1 346236 7760 ? S 15:08 0:00 /usr/sbin/apache2 -k start
www-data 14438 0.0 0.0 14976 1116 ? R 15:08 0:00 ps aux
root 19786 0.0 0.0 107420 1884 ? S Nov16 0:00 /usr/bin/svnserve -d -r /var/svn/
root 19983 0.0 0.0 107420 1940 ? S Nov29 0:00 /usr/bin/svnserve -d -r /var/svn/
root 19989 0.0 0.0 107420 1884 ? S Nov16 0:00 /usr/bin/svnserve -d -r /var/svn/
root 20015 0.0 0.0 107420 1884 ? S Nov16 0:00 /usr/bin/svnserve -d -r /var/svn/
root 20286 0.0 0.0 107420 1888 ? S Nov18 0:00 /usr/bin/svnserve -d -r /var/svn/
mysql 22394 10.4 24.9 2441860 1529604 ? Ssl Nov12 3357:17 /usr/sbin/mysqld


$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 48G 17G 29G 37% /
none 3.0G 172K 3.0G 1% /dev
none 3.0G 0 3.0G 0% /dev/shm
none 3.0G 56K 3.0G 1% /var/run
none 3.0G 0 3.0G 0% /var/lock
none 3.0G 0 3.0G 0% /lib/init/rw
none 48G 17G 29G 37% /var/lib/ureadahead/debugfs


Wordpress:
admin:$P$B./Y8qG9A2YuqIz4uBAjFRo.9Yv0Fb1::muts@offsec.com
dookie2000ca:$P$B7YVdu0JG/JOf2YAS8WsmQqHnZHf.b/:dookie2000ca:dookie@exploit-db.com
innrwrld:$P$BaJi4YkAt5o/paWUfDMdOOWuqHx/is/:innrwrld:innrwrld@exploit-db.com
ivan:$P$B/YVWEkaYIq3s2QLSmVB/wvXWYqoM80::centaur.mail@gmail.com
sinn3r:$P$BYzu/ozErhWi8hB8IPFdr6Tv2R9rat/:3r:sinn3r@exploit-db.com
loneferret:$P$Bgsl0.nlu4De51qkI8MDoeHDS6iLcM1:loneferret:loneferret@exploit-db.com
ronin:$P$BFw9OFuWa1s/t5DUJwKO6A0Otfkewo0::ronin@exploit-db.com
dijital1:$P$BirOcybWYDo/Z/wrJ5zBq2zaGElV.f/:dijital1:rlh@ciphermonk.net
emgent:$P$BYiha9WKXDzXQm8A8RXboRc7zZuus0.::emgent@backtrack-linux.org
j0fer:$P$Bgtsc7w.Vb6mCkJfJi7JkSO5zJUEBY.::j0fer@exploit-db.com
ReL1K:$P$B6DyRPNYrBuC.WRv5GrDnFg3wAQPo91::kennedyd013@gmail.com
Xpl0it:$P$BGBdVhFBaUM8s9ooGcmB01t.zoK.0V0::mr.xpl0it@gmail.com
fdiskyou:$P$BlgwWd3EmVg4SsfIxzOjqUQfGKfLZD0:fdiskyou:rui@exploit-db.com
rawjaw:$P$Bovffv59pNKpCOOvKlbGqFOmAh.HKb0::rawjaw@exploit-db.com
djokica:$P$BNeyg6NPYJWO9fzjfZs1okvMiM0vq51::centaur@pavko.info
xxDigiPxx:$P$B2eEGgTNsZnM4DFpIr4kNrKXv.ivyg/:xxdigipxx:xxtwistedpairxx@comcast.net
muts:$P$Bn.MAuG.OlZ1NtTxq0WWAUwhVEfusC.::muts@offensive-security.com
Ryujin:$P$BZ75UnhRqkJZj82bWfXbeD6dVxzXTG0::ryujin@offsec.com
didn0t:$P$BkGM.gSmmmuDlkJUKjCzy1LfUn9AnS.::paul@pizza.org
zelik:$P$BYjCAaqW0tcdNV3MZviRZoN./.HMKn0::tal.zeltzer@gmail.com
bitform:$P$BLk7y3.7JTn12lRYj25A/JXJ1W0SIA1::mattgraeber@gmail.com
bolexxx:$P$B1liji1bDZoOOwnVwV3Aa59Mqux0FC1::bolexxx@offsec.com
h00die:$P$Behl/g/GHQo5zxciUMgjPPzu7ZI8nO/::ragecyr@exploit-db.com
MaXe:$P$B6PKmgTlcm5L5kpysXfksmEmRfMy6U.::MaXe@intern0t.net
marked_doe:$P$By1rR96ByDsyil/yQa79qBE/A7nbOA1:marked_doe:marc@doudiet.net
code0wnz:$P$Bw1OuJHHzMtUBd8oSjmFoQYKtzjaC..:code0wnz:code0wnz@gmail.com
Dr_IDE:$P$BR.ReeHZDabreI8G0D5NARv8oY6SOP/::dr_ide@hushmail.com
Sud0:$P$BqovGmeqOSCzsHFso9q4goSZ4hkWbK1: :Sud0.x90@gmail.com
TecR0c:$P$BXoaJm6vL1VKJWz.K3m1M.XXVoXU9K/::tecr0c@corelan.be
kripthor:$P$BpUEGtZ3PvzfYotKDvvRA1AU9U4.iq1:kripthor:umbelino@crazydog.pt
ryp:$P$BwQ3FGe9q7spL3vkhxTyYMBkL4UGOQ.::adam@rypmarketing.com
fdisk:$P$Blv3X9wG6b/Yo3SDi22/nIJ34t2jGi/::ruifilipe.reis@gmail.com
root-boy:$P$BWq8dOxSe/HKG/kE3cXpGyAOgR6F.n1:root-boy:root-boy@exploit-db.com


Inj3ct0r said, "is not the end! expected to continue".
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.