DevProTalk - Pogledajte određenu poruku

AnonymousCoward · 27. 09. 2009.

Citat:

Originalno napisao 1r0nM4n

/etc/shadow od pre nekih 2-3 god sa njihovog servera:

Kôd:

root:$1$dKeR9I6X$UiuDJCde4mgQCb4E3XuEL1:12402:0:99999:7:::
bin:*:12290:0:99999:7:::
daemon:*:12290:0:99999:7:::
adm:*:12290:0:99999:7:::
lp:*:12290:0:99999:7:::
sync:*:12290:0:99999:7:::
shutdown:*:12290:0:99999:7:::
halt:*:12290:0:99999:7:::
mail:*:12290:0:99999:7:::
news:*:12290:0:99999:7:::
uucp:*:12290:0:99999:7:::
operator:*:12290:0:99999:7:::
games:*:12290:0:99999:7:::
gopher:*:12290:0:99999:7:::
ftp:*:12290:0:99999:7:::
nobody:*:12290:0:99999:7:::
rpm:!!:12290:0:99999:7:::
vcsa:!!:12290:0:99999:7:::
nscd:!!:12290:0:99999:7:::
sshd:!!:12290:0:99999:7:::
rpc:!!:12290:0:99999:7:::
rpcuser:!!:12290:0:99999:7:::
nfsnobody:!!:12290:0:99999:7:::
mailnull:!!:12290:0:99999:7:::
smmsp:!!:12290:0:99999:7:::
pcap:!!:12290:0:99999:7:::
apache:!!:12290:0:99999:7:::
squid:!!:12290:0:99999:7:::
webalizer:!!:12290:0:99999:7:::
xfs:!!:12290:0:99999:7:::
named:!!:12290:0:99999:7:::
ntp:!!:12290:0:99999:7:::
gdm:!!:12290:0:99999:7:::
amanda:!!:12290:0:99999:7:::
canna:!!:12290:0:99999:7:::
wnn:!!:12290:0:99999:7:::
fax:!!:12290:0:99999:7:::
netdump:!!:12290:0:99999:7:::
nut:!!:12290:0:99999:7:::
ldap:!!:12290:0:99999:7:::
mysql:!!:27:27:99999:7:::
ident:!!:12290:0:99999:7:::
postfix:!!:12290:0:99999:7:::
mailman:!!:12290:0:99999:7:::
privoxy:!!:12290:0:99999:7:::
pvm:!!:12290:0:99999:7:::
desktop:!!:12290:0:99999:7:::
radvd:!!:12290:0:99999:7:::
admin:$1$siu/ZdSr$vhBUdNhh4xdmpH.pKKWYJ0:12293:0:99999:7:::
restak:$1$YWSPUHfg$o/LUQCZIyf2moo3h0HxXZ0:12461:0:99999:7:::
vcalic:$1$Lb54FDzn$IdcXoTF4OX7D3rZKG2Ba60:12304:0:99999:7:::
b92:$1$JAPWdt7q$mrAt7k4af1AnsNKNdpXgs0:13076:0:99999:7:::
broadcast:$1$mbIALmqR$w9g938uQFctt3sJMpyB3o.:12328:0:99999:7:::
dl:$1$PmdjYPTW$4pJrfc/qCbZRtOadlkySK/:12356:0:99999:7:::
ctebah:$1$c4gFAd3U$bZvBNACmGGGx1WlNVU65W0:12362:0:99999:7:::
game:$1$apMfCMbc$PpDFURzcaYUZmJnUtwhE10:12368:0:99999:7:::
meteos:$1$4d8x2heW$FCfbz70hIMPGbftLj4TVM.:12398:0:99999:7:::
ssltest:$1$QXNXOvjy$pkDCvB8o6rQS8C/Zty5VM0:12419:0:99999:7:::
banka:$1$IU2OWllj$1zK2OaeYOD2oDhpQ.3oPk.:13032:0:99999:7:::
backup:!!:12739:0:99999:7:::
afp:$1$87h2z5IW$QaoqOeeyTtiwwLPv5BZkn.:12843:0:99999:7:::

Što se tiče SQL Injection-a (ne znam da li je cvele možda mislio na ovo?):

Kôd:

http://www6.b92.net/tv/program/img.php?ID=blah

Isto provaljeno pre 2-3 god..

Sve u svemu, sigurnost im je veoma očajna.

B92 je prepun sql injekcija...
Do skora je bio jedan i na b92 shopu ... mnogo tudjih podataka dostupno...ako se dobro setjam bilo je chak i brojeva lichnih karti.

1r0nM4n, evo za kolekciju i /etc/passwd

Kôd:

root:x:0:0:root:/root:/bin/zsh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/bin/bash
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
resin:x:95:95:Resin:/opt/resin:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/html/usage:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
canna:x:39:39:Canna Service User:/var/lib/canna:/sbin/nologin
wnn:x:49:49:Wnn System Account:/home/wnn:/sbin/nologin
fax:x:78:78:mgetty fax spool user:/var/spool/fax:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
nut:x:57:57:Network UPS Tools:/var/lib/ups:/bin/false
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
ident:x:98:98:pident user:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
mailman:x:41:41:GNU Mailing List Manager:/var/mailman:/sbin/nologin
privoxy:x:73:73::/etc/privoxy:/sbin/nologin
pvm:x:24:24::/usr/share/pvm3:/sbin/nologin
desktop:x:80:80:desktop:/var/lib/menu/kde:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
admin:x:500:500::/home/admin:/bin/bash
restak:x:501:501::/home/restak:/sbin/nologin
vcalic:x:502:502::/home/vcalic:/bin/zsh
b92:x:503:503::/usr/local/WWW:/sbin/nologin
broadcast:x:504:504::/usr/local/WWW/Broadcast:/sbin/nologin
dl:x:505:505::/usr/local/WWW/dl.opennet.org:/sbin/nologin
ctebah:x:506:506::/home/ctebah:/sbin/nologin
game:x:507:507::/usr/local/WWW/game.b92.net:/sbin/nologin
meteos:x:508:508::/home/meteos:/sbin/nologin
ssltest:x:509:509::/home/ssltest:/sbin/nologin
banka:x:510:510::/home/banka:/sbin/nologin
backup:x:511:511::/home/backup:/bin/bash
afp:x:512:513::/www/f1.b92.net:/sbin/nologin
dl2:x:499:499::/www/nfs/dl2:/sbin/nologin


ivan:x:513:516::/home/ivan:/bin/bash
kucasnova:x:515:518::/chroot/www/www.b92.net/tv/kucasnova:/sbin/nologin

Ostavio bi' linkove do sql injekcija koje ja posedujem kad' vetj mejlove upozorenja ignorishu ili ih ne chitaju ili ih ni ne dobiju (shto je malo verovatno), ali nisam siguran da je to po pravilima foruma.

Inache ne kapiram shto su shipci difejs b92...hmmm...